End-To-End Supply Chain Protection for Satellites

SANCTUARY, in collaboration with Airbus Defence & Space and Testonica Lab Ltd., has successfully secured a highly competitive European Space Agency (ESA) tender to develop an innovative “End-to-End Supply Chain Protection Architecture” for spacecraft. The main objective of the proposed solution is to guarantee the integrity, authenticity, and transparency of software artefacts throughout the entire spacecraft supply chain, from their creation at the supplier up to their deployment and update on a spacecraft.

In contemporary space missions, software-based systems are becoming increasingly critical, simultaneously driving higher complexity and vulnerability within associated supply chains. Particularly, the planned use of (re-)programmable and (re-)configurable software and firmware components in spacecraft, as well as the involvement of numerous subcontractors and third-party suppliers, necessitate heightened transparency, integrity, and security throughout every stage of development. Recognizing these challenges, a consortium led by Airbus Defence & Space, together with SANCTUARY and Testonica Lab Ltd., has been commissioned in collaboration with the European Space Agency (ESA) to develop an innovative solution designed to comprehensively protect the end-to-end software supply chain for spacecraft. The primary objective of this proposed solution is to safeguard all phases of software and firmware creation, integration, validation, and deployment against potential manipulations.

Central to this initiative is a dedicated demonstration platform, envisioned as a so-called “breadboard,” which will incorporate all necessary security-relevant processes and protective measures covering both ground-based software development and subsequent spacecraft integration. The platform will specifically align with the stringent security requirements characteristic of the space industry, enabling automated and thoroughly documented traceability throughout the entire software supply chain—from the initial source code, automated build processes, and integration of external components, through to secure installation onto spacecraft On-Board Computers (OBCs) or Field Programmable Gate Arrays (FPGAs).
Depiction of the stages of the software supply chain for a satellite.
A crucial feature of the proposed security solution is its capability to provide detailed, verifiable assurance that all components within the software supply chain remain authentic and unaltered. The demonstrator explicitly aims to prevent malicious code insertion that could compromise mission integrity, hardware functionality, or human safety. To achieve these objectives, the consortium plans to leverage advanced cryptographic technologies, including public-key cryptography and future-proof post-quantum cryptography. Furthermore, Trusted Execution Environments (TEEs), for example, based on Arm TrustZone technology and its associated TEE Management Framework (TMF), will be integrated to securely control critical operations such as software updates and state logging.

Additionally, the project approach includes the systematic containerization of all critical development and integration processes. Digitally signed containers will ensure isolation, integrity, and authenticity of the software tools and components employed. Particular emphasis will be placed on comprehensive validation procedures for integrating third-party components—such as open-source software—including automated and manual testing alongside dynamic and static code analyses, before these components are accepted as trustworthy within the supply chain.

Through a consistent and recursive application of this approach across all layers of the software supply chain, the proposed solution will enable detailed and comprehensive traceability of all software components down to their lowest-level subcomponents. As a result, a robust Software Bill of Materials (SBOM) will transparently document the provenance, composition, and security status of all utilized software packages. Consequently, spacecraft operators will benefit from significantly enhanced capabilities to proactively detect potential vulnerabilities, effectively mitigate threats, and sustainably strengthen the long-term stability and security of future space missions.
  • Dr. Emmanuel Stapf
Contact us to learn more about how we can support your embedded projects!

Any Questions?

Email
Contact us to learn more about how we can support your embedded projects!
Email

Meet us at: