Joining eGlue means stepping into a world of opportunities.
Based in Turin, one of Italy’s leading tech hubs, you’ll be part of a dynamic and collaborative environment. With events and networking opportunities, you’ll be surrounded by like-minded people who are passionate about technology and innovation, ready to make a difference.
At eGlue, we believe that work-life balance is essential for achieving the best results. Here’s what we offer:
At eGlue, we seek ambitious individuals ready to take on challenges and grow with us. Our selection process is designed to identify your skills, creativity and problem-solving capabilities.
Submit your resume through our application portal (no cover letter required).
Meet with our team for an initial discussion about your background and aspirations.
Dive into a conversation to showcase your expertise.
Take part in a flexible, remote challenge to further demonstrate your skills.
What are you waiting for? Send us your application to get in touch with our HR team right away!
As IoT devices become increasingly integrated into critical systems such as automotive networks, industrial systems, smart home environments, and cloud-connected infrastructures, ensuring their security is crucial. This thesis explores robust security measures for Linux-based embedded systems, focusing on a multi-layered approach to secure both the software and hardware components of these devices. With growing concerns over vulnerabilities in IoT devices, this research aims to address security risks through a systematic examination of both software and hardware defenses.
The primary aim of this thesis is to investigate, develop, and implement advanced security mechanisms for Linux-based embedded systems in IoT devices, with a focus on a multi-layered defense strategy that combines both hardware and software components. The goal is to ensure the protection of system boot and execution processes, access control mechanisms, data integrity, and secure file storage.
Additionally, the research will focus on integrated solutions to ensure secure authentication, authorization and safeguard the transmission and reception of messages, telemetry data, and files from embedded devices to Cloud IoT platforms.
The security measures will be developed and validated through Proof of Concepts (PoCs) and test suites to evaluate their effectiveness.
The thesis provides an in-depth analysis of these essential security techniques for embedded systems.
System Boot and Execution: techniques such as Secure Boot and Trusted Execution Environments (TEEs) are explored. Secure Boot ensures only trusted, signed software runs during startup, preventing malicious code execution. TEEs isolate sensitive operations from the main OS, ensuring secure communication and cryptographic operations.
Hardware Security with Secure Element or Cryptographic Hardware Module: Secure Elements and Cryptographic Hardware Module manage cryptographic keys and secure cryptographic operations. They strengthen tasks like firmware updates, encrypted communications, and identity management, ensuring higher levels of security.
Mandatory Access Control (MAC): frameworks like AppArmor and SELinux limit system resource access. AppArmor’s profile-based controls provide a straightforward approach for embedded systems, whereas SELinux enforces stringent and fine-grained security policies.
Filesystem-Level Security: filesystems such as Btrfs and ZFS enhance data integrity and resilience. Btrfs provides copy-on-write architecture and snapshots for data recovery, while ZFS offers native encryption and correction of silent data corruption.
Data Integrity and Encryption: techniques like dm-verity ensure filesystem data integrity, while disk encryption mechanisms like dm-crypt protect sensitive data. The integration of Cryptographic Hardware Accelerators and protecting encryption keys access using TEEs and Secure Elements further enhances data protection.
Authentication and authorization on Cloud IoT Platforms: development of secure authentication techniques using digital certificates, integrating Secure Element or Cryptographic Hardware Accelerator for managing keys and performing signing or verification operations.
Secure Communication to Cloud IoT Platforms: by leveraging Cryptographic Hardware Module to accelerate encryption and decryption processes and implementing robust protocols such as TLS, data transmitted between embedded devices and Cloud IoT platforms is fully protected. Additionally, Secure Elements ensure secure key management, safeguarding cryptographic keys and enhancing the overall security of the communication process.
Hardware: the proposed thesis project will focus on the analysis and implementation of security mechanisms, leveraging the capabilities of NXP i.MX8 and i.MX9-based embedded systems. i.MX8 and i.MX9 processor families provide features such as High Assurance Boot (HAB), OTP fuses, Cryptographic Acceleration and Assurance Module (CAAM), EdgeLock and ARM TrustZone to improve hardware-level security.
Software: the student will use Linux distributions optimized for embedded systems, such as Debian or Yocto. Proof of Concepts (PoCs) and test suites will be implemented using high-level programming languages, including Python, JavaScript, C++, and Rust as well as shell scripting. SDKs from the hardware manufacturer and Cloud providers will be required to ensure compatibility and seamless integration with the underlying hardware and Cloud services.
Cloud IoT Platforms: the project will integrate authentication and authorization mechanisms with Cloud IoT platforms like AWS IoT Core, Azure IoT Hub, or Google Cloud IoT to enhance device security. Additionally, it will ensure secure communication, protecting and verifying data and telemetry sent from embedded devices.
Research Phase: study existing security techniques for Linux-based embedded systems and secure integration with Cloud IoT Platforms.
System Design: apply and integrate security measures into NXP i.MX8 and i.MX9-based embedded systems and Cloud IoT platforms like AWS IoT Core, Azure IoT Hub, or Google Cloud IoT, ensuring authentication, secure communication, and data integrity.
Development and Integration: develop Proof of Concepts (PoCs) to demonstrate the effectiveness of the implemented security mechanisms, validate system functionality, and test the integration of hardware and software components, including secure boot, cryptographic operations, access control, and secure communication with Cloud IoT platforms.
Testing and Validation: evaluate and verify the effectiveness of the security mechanisms through comprehensive test suites, ensuring proper functionality, robustness, and compliance with security requirements across all system components.
Documentation: document all phases of the research, design, development, and testing. Detailed descriptions of security mechanisms, results of PoCs and test suites, and final conclusions on multi-layered security in IoT embedded systems.
At the end of the thesis, the student will successfully implement and validate advanced security mechanisms for Linux-based embedded systems using NXP i.MX8 and i.MX9 cloud-connected IoT devices.
The student will have developed Proof of Concepts (PoCs) and test suites, using high-level programming languages, to evaluate the effectiveness of the security mechanisms, focusing on secure boot, cryptographic operations, access control, and data integrity.
Furthermore, the student will have successfully integrated these solutions with Cloud IoT platforms, like AWS IoT Core, Azure IoT Hub, or Google Cloud IoT showcasing secure authentication, authorization, and encrypted communication between embedded devices and Cloud services, leveraging software and hardware capabilities to maximize security.
The growing demand for intelligent automation in industrial settings requires Computer Vision solutions capable of performing inference directly on the edge side, ensuring responsiveness and reducing dependence on the cloud. This thesis aims to develop a prototype for industrial applications, using NXP iMX8 and iMX9 embedded platforms. The goal is to take full advantage of hardware accelerations (CPU, GPU, and NPU) and implement a Proof of Concept (PoC) capable of detecting anomalies using standard deep learning models, trained for a specific use case, and executing defined actions in response to events classified as anomalous.
The primary objective of this thesis is to design and implement a machine vision application for real-time anomaly detection on embedded systems. This involves leveraging pre-trained models tailored to specific use cases and optimizing inference performance using hardware accelerators such as the GC7000Lite GPU, VPU, and eIQ ML NPU on iMX8, as well as the Ethos-U NPU on iMX9.
Additionally, the project aims to benchmark the performance of computing units (CPU, GPU, and NPU) in terms of latency, throughput, and energy consumption to identify the optimal configuration for industrial applications. The thesis also includes the integration of automatic response mechanisms, such as notifications or alerts, to create a responsive system applicable in real-world industrial settings.
The thesis provides a detailed exploration of Computer Vision applications on embedded platforms:
Model Selection and Customization: Utilizing standard pre-trained Computer Vision models, fine-tuned for specific datasets and use cases to enhance anomaly detection accuracy.
Hardware Acceleration: Optimizing inference on embedded platforms by leveraging dedicated hardware resources like GPUs, VPUs, and NPUs for improved efficiency and speed.
Benchmarking and Energy Analysis: Conducting thorough performance evaluations of computing units to balance responsiveness and sustainability.
Automated Responses: Defining and implementing actions triggered by anomaly detection, including sending notifications or activating predefined alerts, to ensure practical applicability in industrial environments.
Hardware: NXP iMX8 and iMX9 embedded platforms equipped with hardware accelerators such as GC7000Lite GPU, VPU, and NPUs (eIQ ML NPU for iMX8, Ethos-U NPU for iMX9).
Software: Tools and SDKs like NXP eIQ Machine Learning Software for configuration and optimization of machine vision applications.
Models: Standard deep learning models trained and fine-tuned on targeted datasets for real-time anomaly detection.
Model Training and Customization: Selecting and training a standard Computer Vision model to align with specific industrial use cases.
System Implementation: Deploying and optimizing applications on NXP embedded systems using appropriate SDKs and maximizing the utility of hardware accelerators.
Benchmarking: Collecting performance metrics, including latency, throughput, and energy consumption, to evaluate and optimize system efficiency.
Response Integration: Configuring automated response mechanisms triggered by anomaly detection for real-world industrial scenarios.
The thesis aims to demonstrate the feasibility of using NXP iMX8 and iMX9 platforms for real-time, hardware-accelerated inference in industrial settings. The anticipated outcomes include a comprehensive performance analysis of computing units and the successful deployment of an operational PoC capable of detecting anomalies and triggering predefined responses effectively and efficiently.
