Joining eGlue means stepping into a world of opportunities.
Based in Turin, one of Italy’s leading tech hubs, you’ll be part of a dynamic and collaborative environment. With events and networking opportunities, you’ll be surrounded by like-minded people who are passionate about technology and innovation, ready to make a difference.
At eGlue, we believe that work-life balance is essential for achieving the best results. Here’s what we offer:
At eGlue, we seek ambitious individuals ready to take on challenges and grow with us. Our selection process is designed to identify your skills, creativity and problem-solving capabilities.
Submit your resume through our application portal (no cover letter required).
Meet with our team for an initial discussion about your background and aspirations.
Dive into a conversation to showcase your expertise.
Take part in a flexible, remote challenge to further demonstrate your skills.
What are you waiting for? Send us your application to get in touch with our HR team right away!
As IoT devices become increasingly integrated into critical systems such as automotive networks, industrial systems, smart home environments, and cloud-connected infrastructures, ensuring their security is crucial. This thesis explores robust security measures for Linux-based embedded systems, focusing on a multi-layered approach to secure both the software and hardware components of these devices. With growing concerns over vulnerabilities in IoT devices, this research aims to address security risks through a systematic examination of both software and hardware defenses.
The primary aim of this thesis is to investigate, develop, and implement advanced security mechanisms for Linux-based embedded systems in IoT devices, with a focus on a multi-layered defense strategy that combines both hardware and software components. The goal is to ensure the protection of system boot and execution processes, access control mechanisms, data integrity, and secure file storage.
Additionally, the research will focus on integrated solutions to ensure secure authentication, authorization and safeguard the transmission and reception of messages, telemetry data, and files from embedded devices to Cloud IoT platforms.
The security measures will be developed and validated through Proof of Concepts (PoCs) and test suites to evaluate their effectiveness.
The thesis provides an in-depth analysis of these essential security techniques for embedded systems.
System Boot and Execution: techniques such as Secure Boot and Trusted Execution Environments (TEEs) are explored. Secure Boot ensures only trusted, signed software runs during startup, preventing malicious code execution. TEEs isolate sensitive operations from the main OS, ensuring secure communication and cryptographic operations.
Hardware Security with Secure Element or Cryptographic Hardware Module: Secure Elements and Cryptographic Hardware Module manage cryptographic keys and secure cryptographic operations. They strengthen tasks like firmware updates, encrypted communications, and identity management, ensuring higher levels of security.
Mandatory Access Control (MAC): frameworks like AppArmor and SELinux limit system resource access. AppArmor’s profile-based controls provide a straightforward approach for embedded systems, whereas SELinux enforces stringent and fine-grained security policies.
Filesystem-Level Security: filesystems such as Btrfs and ZFS enhance data integrity and resilience. Btrfs provides copy-on-write architecture and snapshots for data recovery, while ZFS offers native encryption and correction of silent data corruption.
Data Integrity and Encryption: techniques like dm-verity ensure filesystem data integrity, while disk encryption mechanisms like dm-crypt protect sensitive data. The integration of Cryptographic Hardware Accelerators and protecting encryption keys access using TEEs and Secure Elements further enhances data protection.
Authentication and authorization on Cloud IoT Platforms: development of secure authentication techniques using digital certificates, integrating Secure Element or Cryptographic Hardware Accelerator for managing keys and performing signing or verification operations.
Secure Communication to Cloud IoT Platforms: by leveraging Cryptographic Hardware Module to accelerate encryption and decryption processes and implementing robust protocols such as TLS, data transmitted between embedded devices and Cloud IoT platforms is fully protected. Additionally, Secure Elements ensure secure key management, safeguarding cryptographic keys and enhancing the overall security of the communication process.
Hardware: the proposed thesis project will focus on the analysis and implementation of security mechanisms, leveraging the capabilities of NXP i.MX8 and i.MX9-based embedded systems. i.MX8 and i.MX9 processor families provide features such as High Assurance Boot (HAB), OTP fuses, Cryptographic Acceleration and Assurance Module (CAAM), EdgeLock and ARM TrustZone to improve hardware-level security.
Software: the student will use Linux distributions optimized for embedded systems, such as Debian or Yocto. Proof of Concepts (PoCs) and test suites will be implemented using high-level programming languages, including Python, JavaScript, C++, and Rust as well as shell scripting. SDKs from the hardware manufacturer and Cloud providers will be required to ensure compatibility and seamless integration with the underlying hardware and Cloud services.
Cloud IoT Platforms: the project will integrate authentication and authorization mechanisms with Cloud IoT platforms like AWS IoT Core, Azure IoT Hub, or Google Cloud IoT to enhance device security. Additionally, it will ensure secure communication, protecting and verifying data and telemetry sent from embedded devices.
Research Phase: study existing security techniques for Linux-based embedded systems and secure integration with Cloud IoT Platforms.
System Design: apply and integrate security measures into NXP i.MX8 and i.MX9-based embedded systems and Cloud IoT platforms like AWS IoT Core, Azure IoT Hub, or Google Cloud IoT, ensuring authentication, secure communication, and data integrity.
Development and Integration: develop Proof of Concepts (PoCs) to demonstrate the effectiveness of the implemented security mechanisms, validate system functionality, and test the integration of hardware and software components, including secure boot, cryptographic operations, access control, and secure communication with Cloud IoT platforms.
Testing and Validation: evaluate and verify the effectiveness of the security mechanisms through comprehensive test suites, ensuring proper functionality, robustness, and compliance with security requirements across all system components.
Documentation: document all phases of the research, design, development, and testing. Detailed descriptions of security mechanisms, results of PoCs and test suites, and final conclusions on multi-layered security in IoT embedded systems.
At the end of the thesis, the student will successfully implement and validate advanced security mechanisms for Linux-based embedded systems using NXP i.MX8 and i.MX9 cloud-connected IoT devices.
The student will have developed Proof of Concepts (PoCs) and test suites, using high-level programming languages, to evaluate the effectiveness of the security mechanisms, focusing on secure boot, cryptographic operations, access control, and data integrity.
Furthermore, the student will have successfully integrated these solutions with Cloud IoT platforms, like AWS IoT Core, Azure IoT Hub, or Google Cloud IoT showcasing secure authentication, authorization, and encrypted communication between embedded devices and Cloud services, leveraging software and hardware capabilities to maximize security.
The growing demand for intelligent automation in industrial settings requires Computer Vision solutions capable of performing inference directly on the edge side, ensuring responsiveness and reducing dependence on the cloud. This thesis aims to develop a prototype for industrial applications, using NXP iMX8 and iMX9 embedded platforms. The goal is to take full advantage of hardware accelerations (CPU, GPU, and NPU) and implement a Proof of Concept (PoC) capable of detecting anomalies using standard deep learning models, trained for a specific use case, and executing defined actions in response to events classified as anomalous.
The primary objective of this thesis is to design and implement a machine vision application for real-time anomaly detection on embedded systems. This involves leveraging pre-trained models tailored to specific use cases and optimizing inference performance using hardware accelerators such as the GC7000Lite GPU, VPU, and eIQ ML NPU on iMX8, as well as the Ethos-U NPU on iMX9.
Additionally, the project aims to benchmark the performance of computing units (CPU, GPU, and NPU) in terms of latency, throughput, and energy consumption to identify the optimal configuration for industrial applications. The thesis also includes the integration of automatic response mechanisms, such as notifications or alerts, to create a responsive system applicable in real-world industrial settings.
The thesis provides a detailed exploration of Computer Vision applications on embedded platforms:
Model Selection and Customization: Utilizing standard pre-trained Computer Vision models, fine-tuned for specific datasets and use cases to enhance anomaly detection accuracy.
Hardware Acceleration: Optimizing inference on embedded platforms by leveraging dedicated hardware resources like GPUs, VPUs, and NPUs for improved efficiency and speed.
Benchmarking and Energy Analysis: Conducting thorough performance evaluations of computing units to balance responsiveness and sustainability.
Automated Responses: Defining and implementing actions triggered by anomaly detection, including sending notifications or activating predefined alerts, to ensure practical applicability in industrial environments.
Hardware: NXP iMX8 and iMX9 embedded platforms equipped with hardware accelerators such as GC7000Lite GPU, VPU, and NPUs (eIQ ML NPU for iMX8, Ethos-U NPU for iMX9).
Software: Tools and SDKs like NXP eIQ Machine Learning Software for configuration and optimization of machine vision applications.
Models: Standard deep learning models trained and fine-tuned on targeted datasets for real-time anomaly detection.
Model Training and Customization: Selecting and training a standard Computer Vision model to align with specific industrial use cases.
System Implementation: Deploying and optimizing applications on NXP embedded systems using appropriate SDKs and maximizing the utility of hardware accelerators.
Benchmarking: Collecting performance metrics, including latency, throughput, and energy consumption, to evaluate and optimize system efficiency.
Response Integration: Configuring automated response mechanisms triggered by anomaly detection for real-world industrial scenarios.
The thesis aims to demonstrate the feasibility of using NXP iMX8 and iMX9 platforms for real-time, hardware-accelerated inference in industrial settings. The anticipated outcomes include a comprehensive performance analysis of computing units and the successful deployment of an operational PoC capable of detecting anomalies and triggering predefined responses effectively and efficiently.
IoT-Enabled Embedded Systems are highly susceptible to cybersecurity threats and operational anomalies, including software bugs, hardware malfunctions, and system overloads. Traditional safety and security methods often fall short in these environments, necessitating the use of advanced Anomaly Detection Systems (ADS). By leveraging Machine Learning (ML), ADS can identify deviations from normal behavior, enabling real-time detection of cyber threats and system failures. This approach combines edge computing for immediate anomaly detection with Cloud-based analytics for deeper insights and adaptive improvements.
ADS could potentially extend beyond cybersecurity, offering anomaly detection across various domains, such as:
The primary aim of this thesis is to design, and implement an AI-based ADS for Linux-based Embedded Systems.
Specifically, the thesis seeks to:
This includes cybersecurity teams simulating potential attacks and industrial monitoring experts providing operational failure cases, ensuring robust verification of the proposed ADS.
Proposed Architecture
The system architecture consists of intelligent agents deployed on edge Linux-based devices that continuously monitor system and network activity.
These agents are connected to Cloud services via IoT communications, enabling real-time anomaly detection and predictive analytics.
Edge Agents and Detection Techniques
Edge Agents collect and analyze critical system metrics, including but not limited to the following:
Agents could also run pre-trained ADS models, ensuring fast, on-device anomaly detection and response.
Cloud Services for Data and Models
The Cloud infrastructure provides:
Hardware: the students will work with embedded Linux systems based on NXP i.MX8 and i.MX9 processors, which are commonly employed as automotive telematics units or as industrial monitoring boards.
Through these devices, he will gain hands-on experience with real-world embedded platforms, exploring their computational capabilities, communication interfaces, and constraints typical of edge computing in safety-critical and industrial contexts.
Software: the student will use Linux distributions optimized for embedded systems, such as Debian or Yocto, to configure, deploy, and manage applications at the edge.
He will develop Edge Agents using high-level programming languages such as Python and C++, enabling them to address practical trade-offs between performance, portability, and maintainability.
To support machine learning tasks, he will make use of ML libraries and frameworks such as scikit-learn, Optuna, and PyTorch, which will provide exposure to both model training and hyperparameter optimization workflows.
For code prototyping, documentation, and collaborative sharing of results, he will also rely on Jupyter Notebooks as a flexible development environment.
Cloud ML platforms: the student will design, deploy, and test Cloud-based machine learning pipelines using platforms such as Amazon SageMaker and the eGlue proprietary platform.
This will allow him to gain practical experience in scalable model training, deployment, and lifecycle management, as well as in integrating edge-to-cloud workflows.
Research Phase: a comprehensive literature review will be conducted on anomaly detection techniques for embedded systems.
This phase will also include analyzing state-of-the-art ML models for multivariate time-series anomaly detection and identifying suitable algorithms for resource-constrained environments.
System Design: the system architecture will be defined, specifying the roles of Edge Agents, Cloud services, and communication protocols.
Metrics to be collected from Linux-based embedded devices will be selected, and the ML workflow for data collection, preprocessing, model training, and deployment will be outlined.
Development: Edge Agents will be implemented in Python or C++ to capture system metrics and support on-device inference.
ML pipelines will leverage Jupyter Notebooks for fast prototyping, scikit-learn and PyTorch for modeling, Optuna for hyperparameter tuning, and Amazon SageMaker or the eGlue proprietary platform to orchestrate and scale ML workflows.
Both shallow and deep learning ADS models will be prototyped and benchmarked.
Testing and Validation: models will be evaluated using simulated cyber-attacks or real-world industrial datasets.
Benchmarking will compare performance across metrics such as detection accuracy, false positive rates, and computational efficiency on embedded devices.
Validation will be performed in collaboration with domain experts.
Documentation: the entire process, including design decisions, experimental setups, results, and performance evaluations, will be documented in detail.
At the end of the thesis, the student will successfully design and validate an AI-based Anomaly Detection System (ADS) for Linux-based embedded platforms, demonstrating its ability to detect cybersecurity threats and operational anomalies in real time by analyzing system metrics captured as multivariate time series data.
The student will have developed a complete edge-to-cloud architecture, including Edge Agents capable of collecting critical system metrics (e.g., network traffic, process logs, resource usage, file system activity) and running on-device inference, as well as scalable Cloud pipelines for data preprocessing, feature engineering, model training, and deployment of ADS models.
Furthermore, the student will have successfully benchmarked and compared multiple state-of-the-art multivariate time series anomaly detection approaches, providing quantitative insights into their accuracy, false positive rates, computational efficiency, and suitability for embedded and IoT environments.
