Modernste Cybersecurity
Wir sind ein innovationsorientiertes Unternehmen mit umfassender Erfahrung im Bereich der Cybersecurity. Wir sind in der Forschungsgemeinschaft verwurzelt und gut vernetzt. Unser Ziel ist es, Sicherheitstechnologien der nächsten Generation aus der Forschung in branchenführende Produkte zu überführen.
In unseren früheren Positionen an der Technischen Universität Darmstadt und in der Automobilindustrie haben wir unsere innovative Forschung auf hochrangigen internationalen Sicherheitskonferenzen veröffentlicht und unsere Ideen in groß angelegten Industrieprojekten zur Anwendung gebracht.
Die Erfahrung, die wir als akademische und industrielle Forscher gesammelt haben, versetzt uns in die einzigartige Lage, Lösungen zu entwickeln, die die Anforderungen der Industrie an Praktikabilität und Effizienz mit den neuesten und besten Sicherheitsvorschlägen der Forschungsgemeinschaft vereinen.
Technologien & Expertise
Das SANCTUARY-Team verfügt über eine einzigartige Kombination von Fachwissen, um Dich bei all Deinen Cybersecurity-Projekten zu unterstützen.
Sicherheitsarchitekturen
Unsere hochmodernen Sicherheitsarchitekturen kombinieren Kompartimentierung und Asset-Schutz mit modernen Sicherheitsfunktionen wie Secure Boot, Attestierung, virtuellen TPMs/HSMs und vielem mehr.
Software Security
Schütze Deine individuellen Anwendungen auf der Grundlage unserer großen Erfahrung mit Software-Angriffen und -Abwehrmechanismen. Unsere fortschrittlichen Lösungen zur sicheren Protokollierung und Zustandsüberwachung gewährleisten dabei Kontrolle über den gesamten Sicherheitslebenszyklus.
Trusted Computing
Von TPMs über Secure Elements bis hin zu Trusted Execution Environments (TEEs) schützen wir Deine Software auf der Grundlage Deiner Sicherheitsanforderungen. Wir haben jahrelange Erfahrung - mit weitverbreiteten TEEs (SGX, SEV, TrustZone) bis hin zu neuen TEEs (Intel TDX, Arm CCA) oder RISC-V TEEs.
Software Testing
Die Vermeidung von Fehlern in veröffentlichter Software kann eine Herausforderung sein. Bei von uns entwickelten Softwarekomponenten verwenden wir bereits eine Kombination aus statischer Analyse, Unit-Tests und Fuzzing, die in unsere CI-Pipeline integriert ist. Wir haben Erfahrung mit dem Fuzzing aller Software-Schichten, von der Anwendung bis zur Firmware.
Komplexe Software-Systeme
Unsere Produkte und unser Hintergrund machen uns zu Experten für alles, was mit Kerneln und darunter zu tun hat. Wir entwickeln und modifizieren regelmäßig Linux-Kernel, Android, Echtzeitbetriebssysteme (RTOS), Hypervisors und sogar Firmware und Bootloader.
Eingebettete Plattformen
Während unsere Produktentwicklung auf Arm Cortex-A Plattformen begann, erweitern wir kontinuierlich unsere Technologien und Erfahrung auf anderen Plattformen, insbesondere RISC-V und Arm Cortex-M/R, aber auch auf anderen Mikrocontrollern.
Projektmanagement
Als ein vom Bundesministerium für Bildung und Forschung gefördertes Startup mit jahrelanger Erfahrung in DFG-, EU- und anderen Forschungsprojekten wissen wir, wie man Forschungsprojekte plant, leitet und durchführt. Wir haben auch einen starken Hintergrund in industriellen Projekten mit großen und kleinen Unternehmen.
Ausgewählte Publikationen
With the advent of new mission concepts, such as multi-tenant spacecraft, interconnected spacecraft networks, or AI-supported autonomy, onboard spacecraft software needs to provide a growing number of functionalities. However, as onboard software grows more complex, the probability of software bugs rises as well, becoming an increasingly important factor in spacecraft safety, reliability, and cybersecurity considerations.
In this paper, we introduce a novel software architecture for onboard software that builds on a strong hardware-assisted isolation mechanism. Our architecture leverages hardware extensions from Arm processors already deployed today (e.g., in CubeSats) that are becoming common in the space sector. By separating software components into hardware-assisted compartments, we ensure that they cannot affect each other, even when one component crashes. Further, our architecture allows to detect faulty software components and restart them into a safe configuration, reducing dependency on the spacecraft’s safe mode. Especially for missions in which different parties jointly utilize (parts of) a spacecraft, such as hosted payloads or multi-tenant spacecraft, our architecture provides strong safety and cybersecurity guarantees due to the strong separation between components. Due to these properties operating spacecraft becomes inherently more reliable while simplifying onboard software development, as the inherent safety and cybersecurity guarantees reduce the need to extensively test individual software components or auditing of external software. We evaluated our novel software architecture thoroughly on a hardware development board. The research project was done in collaboration with the European Space Agency (ESA).
Die komplette Publikation findest Du hier.
Embedded systems are at the core of many security-sensitive and safety-critical applications, including automotive, industrial control systems, and critical infrastructures. Existing protection mechanisms against (software-based) malware are either too complex, expensive, or do not meet real-time requirements.
In the TyTAN paper from 2015, we very early proposed a security architecture for embedded systems that provides security functionalities which are today summarized under the term “trusted computing”. In particular, TyTAN offers (1) hardware-assisted strong isolation of dynamically configurable tasks and (2) real-time guarantees. We implemented TyTAN on the Intel Siskiyou Peak embedded platform and demonstrated its efficiency and effectiveness through extensive evaluation. The research project was done in collaboration with the Intel corporation.
Die komplette Publikation findest Du hier.
Fuzzing is an automated software testing technique broadly adopted by the industry. A popular variant is mutation-based fuzzing, which discovers a large number of bugs in practice. While the research community has studied mutation-based fuzzing for years now, the algorithms’ interactions within the fuzzer are highly complex and can, together with the randomness in every instance of a fuzzer, lead to unpredictable effects. Most efforts to improve this fragile interaction focused on optimizing seed scheduling. However, real-world results like Google’s FuzzBench highlight that these approaches do not consistently show improvements in practice. Another approach to improve the fuzzing process algorithmically is optimizing mutation scheduling. Unfortunately, existing mutation scheduling approaches also failed to convince because of missing real-world improvements or too many user-controlled parameters whose configuration requires expert knowledge about the target program. This leaves the challenging problem of cleverly processing test cases and achieving a measurable improvement unsolved.
We present DARWIN, a novel mutation scheduler and the first to show fuzzing improvements in a realistic scenario without the need to introduce additional user-configurable parameters, opening this approach to the broad fuzzing community. DARWIN uses an Evolution Strategy to systematically optimize and adapt the probability distribution of the mutation operators during fuzzing. We implemented a prototype based on the popular general-purpose fuzzer AFL. DARWIN significantly outperforms the state-of-the-art mutation scheduler and the AFL baseline in our own coverage experiment, in FuzzBench, and by finding 15 out of 21 bugs the fastest in the MAGMA benchmark. Finally, DARWIN found 20 unique bugs (including one novel bug), 66% more than AFL, in widely-used real-world applications.
Die komplette Publikation findest Du hier.
From industry automation to smart home, embedded devices are already ubiquitous, and the number of applications continues to grow rapidly. However, the plethora of embedded devices used in these systems leads to considerable hardware and maintenance costs. To reduce these costs, it is necessary to consolidate applications and functionalities that are currently implemented on individual embedded devices. Especially in mixed-criticality systems, consolidating applications on a single device is highly challenging and requires strong isolation to ensure the security and safety of each application. Existing isolation solutions, such as partitioning designs for Arm-based microcontrollers, do not meet these requirements. In this paper, we present SafeTEE, a novel approach to enable security- and safety-critical applications on a single embedded device. We leverage hardware mechanisms of commercially available Arm-based microcontrollers to strongly isolate applications on individual cores. This makes SafeTEE the first solution to provide strong isolation for multiple applications in terms of security as well as safety. We thoroughly evaluate our prototype of SafeTEE for the most recent Arm microcontrollers using a standard microcontroller benchmark suite.
Die komplette Publikation findest Du hier.
Security architectures providing Trusted Execution Environments (TEEs) have been an appealing research subject for a wide range of computer systems, from low-end embedded devices to powerful cloud servers. The goal of these architectures is to protect sensitive services in isolated execution contexts, called enclaves. Unfortunately, existing TEE solutions suffer from significant design shortcomings. First, they follow a one-size-fits-all approach offering only a single enclave type, however, different services need flexible enclaves that can adjust to their demands. Second, they cannot efficiently support emerging applications (e.g., Machine Learning as a Service), which require secure channels to peripherals (e.g., accelerators), or the computational power of multiple cores. Third, their protection against cache side-channel attacks is either an afterthought or impractical, i.e., no fine-grained mapping between cache resources and individual enclaves is provided.
In this work, we propose CURE, the first security architecture, which tackles these design challenges by providing different types of enclaves: (i) sub-space enclaves provide vertical isolation at all execution privilege levels, (ii) user-space enclaves provide isolated execution to unprivileged applications, and (iii) self-contained enclaves allow isolated execution environments that span multiple privilege levels. Moreover, CURE enables the exclusive assignment of system resources, e.g., peripherals, CPU cores, or cache resources to single enclaves. CURE requires minimal hardware changes while significantly improving the state of the art of hardware-assisted security architectures. We implemented CURE on a RISC-V-based SoC and thoroughly evaluated our prototype in terms of hardware and performance overhead. CURE imposes a geometric mean performance overhead of 15.33% on standard benchmarks.
Die komplette Publikation findest Du hier.
Eine vollständige Liste der Forschungsveröffentlichungen finden Sie auf unserem Google Scholar Profil.