Secure Hardware-Software Architectures for Robust Computing Systems

18 January 2016, Prague, Czech Republic

About the workshop

The First International Workshop on Hardware Enhancements for Secure Embedded Systems, will be held as a meeting with the HiPEAC’16 conference in Prague, Czech Republic, focuses on software support for embedded architectures, hardware - software synergies for secure systems, hardware security mechanisms, and special security considerations in embedded systems security.


  • Chair: Vassilis Prevelakis

Workshop Programme

Time Title
10:00 - 10:15 Opening Remarks Vassilis Prevelakis, TU Braunschweig
10:15 - 11:00 ARM mbed OS: The End of the Flat Operating System (OS) Security Model Hannes Tschofenig, ARM Ltd

Abstract:  Internet of Things devices are often very different terms of hardware and security support. Many of those IoT devices are either using ARM A-class or M-class CPUs. A- and M-class CPUs differ in their architecture, performance, and their hardware security functionality. A-class CPUs run popular operating systems, such as embedded Linux and Android. M-class CPUs lack support for a memory management unit and are targeting more constrained systems with often less than 100 Kb flash. Consequently, the security functionality of products based on those two classes of devices is very different. There is a lot of re-use possibility for A-class CPUs, including many of the modern operating system protection mechanisms, In addition, sophisticated hardware features, such as ARM Trustzone offering physical separation between the normal and the secure world operating systems, can be used. Many lower-end Internet of Things (IoT) products, including those running M-class CPUs, use very few operating system (OS) security techniques, if they run an OS at all, and often do not make use of hardware security support. Even though off-the-shelf processors offer hardware security features those are often not utilised by developers. While the exact reasons for these design decisions remain unclear the growing list of IoT security failures, calls for improved protection capabilities. ARM recently released a new IoT operating system for M-class devices, called mbed OS ARM. It is available for download from and provides developers an easy and convenient way to utilise the memory protection unit (MPU) support. The MPU is a hardware feature found in M-class devices sold by many chip manufacturers and it offers memory isolation. Using the MPU it is possible to reduce, for example, the impact of buffer overflow attack to one part of the system. Today, many IoT devices offer a flat memory memory model without any isolation features where a buffer overflow has severe impacts to the security of the entire system. With mbed OS we hope to put an end to the flat memory mory of M-class IoT devices. In his presentation Hannes Tschofenig will explain the security features of the mbed OS that allow developers to incorporate additional security features into their IoT products. The use of the MPU is one of the building blocks that ARM aims to offer to developers for improving the security of IoT devices.

Bio:  Hannes Tschofenig is employed by ARM Limited, a company known for their widely used low-power microprocessors found in tablets, mobile phones, and embedded devices. Prior employers include the European Data Protection Supervisor, Nokia Siemens Networks, and Siemens. His work life focused on developing global standards to make the Internet work better. He has been active in one of the leading Internet standards developing organizations, the IETF, for the past 15 years and contributed to more than 60 RFCs on security, and privacy. Hannes co-chaired various IETF groups, including the "Web Authorization Protocol" (OAuth) group and the "Authentication and Authorization for Constrained Environments (ACE)" group. OAuth is a protocol to enable secure and privacy-friendly data sharing on the Web/Internet. ACE develops an authentication and authorization protocol for Internet of Things. From 2010 to 2014 Hannes was a member of the Internet Architecture Board (IAB), a committee of the IETF. Currently, he is also the vice-chair of the FIDO Privacy & Public Policy working group. FIDO aims to improve authentication on the web by getting rid of passwords.

11:00 - 11:45 Secure partial dynamic reconfiguration of reconfigurable devices Ricardo Chaves, INESC

Abstract:  Reconfigurable systems are becoming a key component in dedicated and embedded computing systems, providing a high adaptability to the computation requirements. However, the existing solutions for secure partial dynamic reconfiguration on SRAM based FPGAs impact the reconfiguration process and the available resources. This talk presents an overview on partial dynamic reconfiguration and the security issues related with it. This discussion will take into account the native features of the devices, the existing state of the art, and a novel approach allowing to securely store the configuration bitstreams on external non secure memories.

Bio:  Ricardo Chaves is an assistant professor at the Computer Science Department at the University of Lisbon/IST and a researcher at the Signal Processing Group (SiPS) of INESC-ID. In 2007 he received his Ph.D. degree in electrical and computer engineering from TUDelft and from the University of Lisbon. His research interests include cryptographic hardware, reconfigurable hardware architectures, and embedded and user oriented systems. He is a member of the Management Committee of EU COST Actions TRUDEVICE and CRYPTARCUS and a member of the EMC2 and Rethink European projects.

11:45 - 12:30 Secure Hardware-Software Architectures for Robust Computing Systems Sotiris Ioannidis, FORTH

Abstract: Developing new security paradigms, architectures, and software, for more secure and trustworthy ICT systems and services has clear social, scientific, and market motivation. This motivation is becoming stronger due to the changing threat landscape; over the past decade we are witnessing an ever-increasing amount of cyberattacks on the Internet. We believe that to advance the field of cybersecurity, we must act proactively and in synergy, instead of being reactive to cyberattacks. We present SHARCS, a framework for designing, building and demonstrating secure-by-design applications and services, that achieve end-to-end security for their users. SHARCS achieves this by systematically analyzing and extending, as necessary, the hardware and software layers in a computing system. This holistic approach is necessary, as no system can truly be secure unless every layer is secured, starting from the lowest one. We measure the effectiveness of the SHARCS framework by using it on a diverse set of security-critical, real-world applications. The applications have been chosen from three different domains, medical, cloud and automotive, to demonstrate the platform independence capabilities of SHARCS. SHARCS provides a powerful foundation for designing and developing trustworthy, secure-by-design applications and services for the Future Internet.

Bio:  Dr. Sotiris Ioannidis received a BSc degree in Mathematics and an MSc degree in Computer Science from the University of Crete in 1994 and 1996 respectively. In 1998 he received an MSc degree in Computer Science from the University of Rochester and in 2005 he received his PhD from the University of Pennsylva- nia. Ioannidis held a Research Scholar position at the Stevens Institute of Technology until 2007 and since then he is a Principal Researcher at the Institute of Computer Science of the Foundation for Research and Technology - Hellas. His research interests are in the area of systems and network security, security policy, privacy and high-speed networks. Ioannidis has authored more than 90 publications in international confer- ences and journals, as well as book chapters, and has both chaired and served in numerous program committees in prestigious conferences. Ioannidis is a Marie-Curie Fellow and has participated in numerous international and European projects. He has coordinated the European projects PASS and EU-INCOOP, and is currently the coordinator of GANDALF, a Greek Excellence grant, and SHARCS a H2020 European project.

12:30 - 14:00 Lunch Break
14:00 - 14:45 Build it for Fault Tolerance, Get Security for Free Osman Sabri Ünsal, Barcelona Supercomputing Center

Abstract:  In this talk, I will argue that designing with fault-tolerance in mind one (most often) gets security for free. Through fault-tolerance system design case studies, I will discuss how it could be possible to enhance security. Examples will include how symptom-based fault detection can help intrusion detection, how invariant-checking for fault tolerance can help anomaly detection; and how checkpoint-restart could be re-purposed for security. I will also discuss cases where the relationship between fault-tolerance and security is not so straightforward or beneficial.

Bio: Dr. Osman Sabri Ünsal is co-leader of the Architectural Support for Programming Models group at the Barcelona Supercomputing Center. He holds BS, MS, and PhD degrees in electrical and computer engineering from Istanbul Technical University, Brown University, and University of Massachusetts, Amherst, respectively. His main research interests are in computer architecture, reliability, transactional memory, real-time systems and VLSI. He has more than 180 publications in peer-reviewed journals, conferences and workshops and 10 patents. He is currently involved as a co-PI in the Rethink-BIG, AXLE, ParaDIME, ICT-Energy, and Mont Blanc FP7 projects. Dr. Ünsal is a Hipeac member and a partner in the Median FP7 cost action on reliability. He was the coordinator of the VELOX FP7 project on Transactional Memory. In the past, Dr. Ünsal has worked at Intel, the BSC-Microsoft Research Centre and the Intel-BSC Exascale Lab.

14:45 - 15:30 Bricks and Tools for Side Channel Resistant Hardware Francesco Regazzoni, ALaRI – USI

Abstract: Physical attacks exploit the physical weaknesses of cryptographic devices to reveal the secret information stored on them. Countermeasures against these attacks are often considered only in the later stages of the full design flow, and applied manually by designers with strong security expertise. This approach, however, negatively affects the robustness, the cost, and the production time of secure devices. In view of this increasingly relevant problem, it is crucial to address the design challenges associated with the proliferation of physical attacks, developing a methodology to automate the design and the verification of secure embedded systems. This talk focuses on one type of physical attacks, the differential power analysis (DPA), and presents the design and the implementation of the infrastructure needed to enable the automatic application and verification of DPA countermeasures.

Bio: Dr. Francesco Regazzoni is a postdoctoral researcher at the the ALaRI Institute of University of Lugano (Lugano, Switzerland). He received his Master of Science degree from Politecnico di Milano and his PhD degree at the ALaRI Institute of University of Lugano. He has been assistant researcher at the University Catholique de Louvain and at Technical University of Delft, and visiting researcher at several institutions, including NEC Labs America, Ruhr University of Bochum, EPFL, and NTU. His research interests are mainly focused on embedded systems security, covering in particular side channel attacks, cryptographic hardware, and electronic design automation for security.

15:30 - 17:00 Panel Session
  Is security for embedded systems possible, or even desirable? Hannes Tschofenig, ARM Ltd
Ricardo Chaves, INESC
Osman Sabri Unsal, Barcelona Supercomputing Center
Francesco Regazzoni, ALaRI – USI
Vassilis Prevelakis, TU Braunschweig