In recent years, Internet of Things devices(IoT) and Cyber-Physicals Systems(CPS) are ubiquitous and used in many situations (e.g. avionic, vehicles, household devices, smartphones). End-user privacy and security was one of the main concerns of devices designers. Moreover, these systems are becoming more complex and opened to enable industrial to provide different services at the same time on the same device. However, the industrial worries about their data integrity and confidentiality into the devices. Each service provider is in an economic confrontation with others and End-User and service data are a significant resource. In this paper we propose an IoT device architecture based on a small separation kernel and a communication control mechanism to provide a trustworthy environment for each service provider.