Beyond systems. Sanctuary

At SANCTUARY, we develop next-generation security architectures to secure distributed embedded systems. Our Sanctuary Embedded solution enables the secure aggregation of services on shared platforms to achieve complex functional objectives while reducing costs. Sanctuary guarantees strong isolation between services in embedded computing platforms, from satellites to smart factories.

Sanctuary Embedded combines Security Services and a Consolidation Layer to provide a comprehensive solution for manifold use cases.

The Sanctuary Embedded Benefits


Cost saving

Cost saving

Manage complexity! In today‘s complex products, the use of different subsystems, from microcontrollers to powerful embedded systems, increases hardware costs and leads to chaotic safety and security conditions. Sanctuary Embbeded‘s consolidation approach reduces this complexity and decreases hardware, development, and maintenance costs.




Sanctuary Embedded provides a unified security platform for all embedded systems. The Sanctuary Security Services provide strong security features for the entire system on a single platform and in a distributed environment.




Designed by an innovation-driven team, well-connected in the research community, the mission of SANCTUARY is to bring next-generation technologies from research into industry-leading products.


You want to get things moving?

Then join our team! We are always looking for passionate people that excel.

News: Stay informed

spaceops2023 logo

Hardware-Based Isolation for Advanced Safety and Security in Spacecraft

Our team presented a paper on the research prototype of our Zero-Trust Platform for spacecraft, which secures mission-critical flight-control software in space, at the SpaceOps 2023 conference in Dubai. We also attended a spacecraft digitalization conference in Germany, connecting with industry leaders and staying up-to-date on the latest advancements.

- data-src=">
embedded world 2023 banner

Visit Us at embedded world 2023!

Exciting news! We’re thrilled to announce that we’ll showcase our latest technological innovations and solutions at the [email protected] world booth (3A-325e) at embedded world 2023, which will take place from March 14th to 16th in Nuremberg, Germany.

- data-src=">
Hands resting on a laptop, coding.

Hypervisor-assisted Debugging

Debugging options are often quite restricted when porting low-level software to an embedded device. Serial output and printing do not work, so what’s next? In this blog post, we go through typical problems and hypervisor-assisted debugging as a potential alternative.

- data-src=">
escar Workshop 2022

Workshop at escar Europe 2022

On 15.11.2022, we held a workshop on Trusted Computing at the escar Europe conference. In particular, the workshop focused on the requirements of Trusted Computing in automotive scenarios.

- data-src=">
Banner EU Cyber Resilience Act

On the Upcoming EU Cyber Resilience Act

In this blog post, we introduce the recently published draft of the EU Cyber Resilience Act (CRA) which aims to substantially increase the cybersecurity of products sold in the European Union. Moreover, we discuss why the CRA regulations are especially costly to implement when products rely on open-source software.

- data-src=">
Managing run-time vulnerabiltiies

Managing Run-Time Vulnerabilities

Run-time vulnerabilities are a nasty problem of modern software engineering. In this post, we examine a number of approaches that have been proposed and implemented by the security community. Some approaches aim at preventing the existence of bugs, some others aim at finding the bugs before the code is deployed, and yet others aim at making existing bugs harder to exploit in the field.

- data-src=">
Webinar on Trusted Computing

Webinar on Trusted Computing Technologies

SANCTUARY is proud to introduce its first free webinar on the basic concepts of Trusted Computing and which threats Trusted Execution Environments have to sustain.

- data-src=">
Cybersicherheitsagenda: Containers at a dock, visualizing critical infrastructure

On the New German Cybersecurity Agenda

The German BMI’s recently unveiled cybersecurity agenda calls for broadly promoting innovation, increasing risk awareness, and responding more quickly to cyber threats through closer ties with government agencies. However, these measures are too reactive.

- data-src=">
Industry 4.0 factory

Continuous Protection in Industry 4.0 with Sanctuary

In this blog post, we discuss the need for suitable security solutions in the context of smart industries and show how Sanctuary can support companies to enable the full potential of the fourth industrial revolution.

- data-src=">
Data cloud hovering over computer chip representing confidential computing

Trusted Container Extensions for Container-based Confidential Computing

In this blog post, we introduce Trusted Container Extensions (TCX), a novel container security architecture we designed as part of our applied security research efforts.

- data-src=">
DATE 2022 Conference Logo

SafeTEE: Combining Safety and Security on ARM-based Micro­controllers

We are proud to announce that our paper on SafeTEE, a novel safety and security architecture for ARM-based microcontrollers, got accepted at DATE 2022!

- data-src=">
Horizon Cloud Summit 2021 - Presented talk on Confidential Edge Computing

Confidential Edge Computing @ Horizon Cloud Summit

We just gave a talk about applying lessons learned from Confidential Cloud Computing to the Edge at the Horizon Cloud Summit 2021.

- data-src=">
Car Progress Bar Loading

Security Services: Secure Boot

Secure Boot is one of the powerful security services offered by Sanctuary, which can protect systems from rootkits and another advanced persistent threat (APT). This article explains the concept of secure boot and discusses different aspects of this technology.

- data-src=">
Logo of the VLSI-SoC Conference

Security Architectures on the open RISC-V Platform

Our systematization of knowledge publication „In Hardware We Trust? From TPM to Enclave Computing on RISC-V“ which discusses RISC-V security architectures is published at the VLSI-SoC 2021 conference!

- data-src=">

Our Partners and Sponsors

Sanctuary is funded by the Federal Ministry of Education and Research as part of the StartUpSecure funding program (funding number: 16KIS1417).




Any Questions?