By adopting a radically new approach, the HYDRANOS project aims to realise sustainable security for computer systems. For this purpose, security-critical components in the hardware, specifically in the system-on-chip (SoC), are modelled and designed as reconfigurable units, while the other components remain static as usual. This allows the security-relevant units to be adapted and patched directly in the hardware, in particular to counter future attacks.
For more than three decades, IT security researchers have made tremendous efforts to protect computer systems against software-based attacks, especially so-called runtime attacks. It was often assumed that the underlying hardware (such as processors) was secure against software-only attacks. However, today's computer systems face an unprecedented security threat.
Recent attacks use software to exploit hardware vulnerabilities to steal sensitive information, bypass protection mechanisms or even compromise the entire computer system. These so-called cross-layer vulnerabilities or attacks also include well-known attacks such as Spectre and Meltdown.
They affect a wide range of computing platforms from low-end devices to server systems of different architectures and vendors, such as Intel, AMD and ARM. The attacks represent a fundamental paradigm shift and refute traditional threat models that have focused mainly on software-only vulnerabilities. Hardware is at the heart of all computer systems, particularly in many critical application domains from automotive to the Internet of Things or critical infrastructure. Insecure hardware poses a severe threat to our society.
Existing solutions such as software patching or specific hardware changes are ad hoc, expensive or only effective against certain attacks. The fact that patching hardware after fabrication is very limited or impossible is a particular challenge.
Making security-relevant hardware components configurable
In the HYDRANOS project, security-critical components and mechanisms in the System-on-Chip (SoC) that can result in cross-layer vulnerabilities and information leaks are systematically investigated and modelled. Dedicated configurabilities for the identified important security-relevant hardware components are designed. These components allow the computing platform to adapt to changing threat models. A proof-of-concept implementation will then be published as the first European open computing platform with adaptive security architecture.
This will address a number of challenges: (i) How are security-relevant elements modelled and mapped to configurable units? (ii) How is the interaction of configurable and static components efficiently realised? (iii) How can the configuration strategies be safely modified and efficiently validated? (iv) What optimisation strategies should be used to balance the trade-off between security, performance, energy consumption and size of the dedicated configurable hardware elements and primitives?
About Ahmad-Reza Sadeghi
is a full Professor of Computer Science at TU Darmstadt and Head of the System Security Lab. Since 2012, through the establishment of a long-term partnership with Intel he has been leading several collaborative research centres on various topics such as Secure Computing in Mobile and Embedded Systems, Autonomous and Resilient Systems and Private AI. He is also co-initiator and co-organiser of the world's largest hardware security competition HACK@Event. Professor Sadeghi has received several awards for his influential research in the field of information and computer security, and hardware-based security in particular: The prestigious Karl Heinz Beckurts Award in Germany (2008), ACM SIGSAC Award (2018) and Intel Academic Leadership Award (2021). He received his doctorate in computer science with a focus on cryptography from Saarland University. Before his academic career, he worked for several years in research and development in the telecommunications industry, including at Ericsson. Ahmad-Reza Sadeghi
About the ERC Advanced Grant
are awarded by the European Research Council to researchers from all disciplines. The target group for these grants are researchers with an outstanding scientific track record in their field. In the current round, 253 grants were awarded and 1735 applications were submitted. In addition to Professor Sadeghi, Professor Iryna Gurevych, also from TU Darmstadt, was awarded an ERC Advanced Grant. ERC Advanced Grants