TAPPS · Project

Secure App Store Platform for Safety-Critical Connected Devices

digitalTestedTRL 5

Think about how your smartphone lets you install apps from a store — now imagine doing the same thing for industrial machines, medical devices, or car electronics. The problem is that these devices control real-world things where a security breach could be dangerous, so you can't just open them up to any software. TAPPS built a secure "sandbox" inside these devices where third-party apps can run without risking the safety-critical operations, plus a full app store and developer toolkit to go with it. They tested this in both healthcare and automotive settings with real industrial use cases.

By the numbers

EUR 3,885,484

EU funding for platform development

consortium partners across 5 countries

SMEs involved in development

73%

industry partner ratio in consortium

prototype demo iterations completed

validation domains (health and automotive)

The business problem

What needed solving

Companies building connected devices — from cars to medical equipment to factory controllers — face a tough dilemma: they want to let third-party software run on their hardware to create value-added services and new revenue streams, but opening up safety-critical devices creates serious security risks. Current app platforms (like smartphone operating systems) lack the real-time guarantees and security isolation needed for devices where software failures can cause physical harm. There is no established "app store" model for safety-critical cyber-physical systems.

The solution

What was built

The project built a Trusted Execution Environment (TEE) platform that runs securely alongside existing device software using hypervisor virtualization, an app store concept for distributing trusted CPS applications, and a model-based development toolchain with verification tools. Two prototype demo iterations were completed and validated in health and automotive use cases.

Audience

Who needs this

Automotive Tier-1 suppliers adding over-the-air software updates to vehicle electronicsMedical device manufacturers wanting to extend equipment functionality post-deploymentIndustrial controller makers building extensible edge computing platformsIoT platform companies needing secure multi-tenant execution on embedded devicesSmart building system integrators managing diverse connected equipment

Business applications

Who can put this to work

Automotive Electronics

enterprise

Target: Automotive Tier-1 suppliers and OEMs building connected vehicle systems

If you are an automotive electronics company dealing with the challenge of adding software features to vehicles after production — this project developed a Trusted Execution Environment that lets third-party apps run safely alongside safety-critical vehicle systems. The platform was validated in automotive use cases with 2 prototype demo iterations. With 6 SMEs among 11 consortium partners, the solution was designed with real industry constraints in mind.

Medical Devices

mid-size

Target: Medical device manufacturers adding connected features to clinical equipment

If you are a medical device company struggling to add new software capabilities to your equipment without re-certifying the entire system — this project built a secure app platform where new functions can be added on demand without compromising the trusted core. The health domain was one of two primary validation areas, tested through 2 prototype iterations. The 73% industry ratio in the consortium ensured practical healthcare requirements were addressed.

Industrial IoT

any

Target: Industrial automation companies building smart factory controllers and edge devices

If you are an industrial automation provider wanting to let customers extend your controllers with custom applications — this project created a hypervisor-based platform that isolates trusted real-time operations from third-party apps. The app store concept lets you monetize your hardware platform through a software ecosystem. The solution includes model-based development tools and verification to ensure apps meet safety standards.

Frequently asked

Quick answers

What would it cost to adopt this platform for our devices?

The project received EUR 3,885,484 in EU funding across 11 partners over 3 years. Licensing or integration costs would depend on negotiations with the consortium, particularly coordinator FORTISS GMBH. Based on available project data, no commercial pricing model has been published.

Can this scale to mass-produced devices?

The platform was designed for real-time cyber-physical systems with hardware-level security mechanisms and hypervisor virtualization. Two prototype demo iterations were completed, but the project documentation describes validation with 'industrial, realistic use cases' rather than full mass production. Scaling would likely require further engineering for specific hardware platforms.

What is the IP situation — can we license this technology?

With 8 industry partners and 6 SMEs in the consortium, IP is likely distributed among multiple organizations. FORTISS GMBH as coordinator would be the starting point for licensing discussions. Based on available project data, specific IP terms are not publicly documented.

Does this work with our existing embedded systems?

The Trusted Execution Environment runs separately from existing execution environments inside System Control Units, using a hypervisor for virtualization. This means it's designed to be added alongside your current software stack rather than replacing it. Integration complexity will depend on your specific hardware and processor architecture.

How mature is this technology — is it ready to deploy?

The project delivered 2 prototype demo iterations and validated the solution in health and automotive domains. The technology reached working prototype stage with realistic use cases but was described as being 'matured and validated' to 'pave the way for future exploitation,' suggesting further development is needed before commercial deployment.

What security certifications does the platform have?

The platform includes hardware-, processor-, and network-centric security mechanisms plus verification tools for trusted application development. Based on available project data, specific security certifications are not mentioned. The project ended in 2017, so certification status would need to be confirmed with the consortium.

Consortium

Who built it

The TAPPS consortium of 11 partners across 5 countries (Austria, Germany, Greece, France, Italy) is heavily industry-driven with 8 industry partners and only 1 university, giving it a 73% industry ratio — well above typical EU research projects. With 6 SMEs in the mix, the project had strong small-company involvement, which often signals technology closer to market needs than pure academia. The coordinator, FORTISS GMBH, is a German research institute specializing in software-intensive systems. The geographic spread across core European automotive and manufacturing markets (Germany, France, Italy) aligns well with the target application domains. For a business buyer, this consortium composition suggests the technology was developed with real commercial constraints rather than purely academic goals.

FORTISS GMBHCoordinator · DE
VIRTUAL OPEN SYSTEMSparticipant · FR
ACTILITY SASparticipant · FR
FONDAZIONE CENTRO SAN RAFFAELEparticipant · IT
OSPEDALE SAN RAFFAELE SRLthirdparty · IT
TTTECH COMPUTERTECHNIK AGparticipant · AT
STMICROELECTRONICS GRENOBLE 2 SASparticipant · FR
ELLINIKO MESOGEIAKO PANEPISTIMIOparticipant · EL
CRIT CENTRO DI RICERCA E INNOVAZIONE TECNOLOGICA SRLthirdparty · IT

How to reach the team

FORTISS GMBH (Germany) — research institute for software-intensive systems, coordinated the 11-partner consortium

Order a report on this consortium See FORTISS GMBH profile →

Next steps

Talk to the team behind this work.

Want to explore licensing the TAPPS trusted execution platform for your connected devices? SciTransfer can connect you directly with the development team and help assess fit for your specific use case.

Order a report on this topic More in Digital & ICT