SCIOPTA Protektor

The SCIOPTA Protektor is a specialized hypervisor to separate safe from non-safe applications on a multicore processor.

Technical background

SCIOPTA Protektor is a specific native bare-metal Hypervisor where SCIOPTA runs in the “Secure World” and controls and manages a guest which runs in the “Normal World”.

These expressions come from the ARM(TM) TrustZone which provides a perfect separation between SCIOPTA and the guest.

An example could be a system consisting of a safety certified SCIOPTA and an unsafe LINUX System.


SCIOPTA Protektor ensures a separation between the secure/safe SCIOPTA system and the guest system as if the systems would be fully independent. The control of the overall system remains entirely with SCIOPTA. Any failure in the guest system has no influence on the stability of the SCIOPTA system in the secure world. A crashed guest system could be restarted by the secure SCIOPTA system.

Guest Systems

The guest systems running in the normal world could be anything from another SCIOPTA system, an embedded LINUX, AutoSAR or a bare-metal systems.

Host Systems

The host system running in the secure world and starts/controls the OS/application in the sandbox.


SCIOPTA is a message based system and features the CONNECTOR product for easy communication between SCIOPTA systems and also other operating systems having a CONNECTOR driver. This CONNECTOR can be used for communication in a SCIOPTA Protektor controlled hypervisor. Sending messages between the secure SCIOPTA system and the unsecure systems is safe and easy.

High Speed and Small Size

As all SCIOPTA systems, the Protektor is very fast as it is written in a highly optimized assembler. Interrupt latency in the guest system and in the secure SCIOPTA systems is not influenced by the Protektor. The size of the SCIOPTA kernel including the Protektor is less than 32 KB.


Protektor leverages ARM TrustZone(TM). It runs on single or multi-core systems.


The overall control is up to the user application running on top the secure world SCIOPTA. This starts from the number of cores over memory or peripheral usage to time limitations. This allows to tailor a Protektor system to the real-time or perfomance needs of current application.

Safety Certified

SCIOPTA Protektor is certified by TÜV to IEC 61508 (SIL3), EN 50128 (SIL3/4) and ISO26262 (ASIL-D). It is possible to run safety functions in the secure SCIOPTA world and in parallel non-safety application, such as communication stacks or graphical user interface in any operating system running in the non-secure world.