We are an innovation-driven company with broad expertise in cybersecurity. Rooted and well-connected in the research community, our mission is to bring next-generation security technologies from research into industry-leading products.
In our earlier positions at the Technical University of Darmstadt and the automotive industry, we published our innovative research on top-tier international security conferences while applying our ideas to large-scale industry projects with real-world impact.
The experience we gained as academic and industrial researchers puts us into the unique position to build solutions that unite the industry’s requirements on practicality and efficiency with the latest and best security proposed by the research community.
Technologies & Expertise
The SANCTUARY team combines a unique set of expertise to support you in all your cybersecurity projects.
Our cutting-edge security architectures combine compartmentalization and asset protection with modern security features like secure boot, attestation, virtual TPMs/HSMs, and many more.
Protect your individual applications based on our tremendous expertise in software attacks & defenses. Our advanced secure logging and health monitoring solutions ensure control over the complete security lifecycle.
From TPMs over Secure Elements to Trusted Execution Environments (TEEs), we protect your software based on your security requirements. We have years-long experience – from major TEEs (SGX, SEV, TrustZone) to emerging TEEs (Intel TDX, Arm CCA) or RISC-V TEEs.
Preventing bugs in software releases can be challenging. In our software components, we already use a combination of static analysis, unit testing, and fuzzing integrated into our CI pipeline. We have experience in fuzzing all software layers, from application to firmware.
Complex Software Systems
Our products and background make us experts in everything kernel and underneath. We are regularly building and modifying Linux kernels, Android, real-time operating systems (RTOS), hypervisors, and even firmware and bootloaders.
While our products started on Arm Cortex-A platforms, we are continuously expanding our technology and experience on other platforms, particularly RISC-V and Arm Cortex-M/R, but also other microcontrollers.
As a startup funded by the German Ministry of Education and Research, with years of experience in DFG, EU, and other research projects, we know how to plan, manage, and execute research projects. We also have a strong background in industrial projects with big and small corporates.
With the advent of new mission concepts, such as multi-tenant spacecraft, interconnected spacecraft networks, or AI-supported autonomy, onboard spacecraft software needs to provide a growing number of functionalities. However, as onboard software grows more complex, the probability of software bugs rises as well, becoming an increasingly important factor in spacecraft safety, reliability, and cybersecurity considerations.
In this paper, we introduce a novel software architecture for onboard software that builds on a strong hardware-assisted isolation mechanism. Our architecture leverages hardware extensions from Arm processors already deployed today (e.g., in CubeSats) that are becoming common in the space sector. By separating software components into hardware-assisted compartments, we ensure that they cannot affect each other, even when one component crashes. Further, our architecture allows to detect faulty software components and restart them into a safe configuration, reducing dependency on the spacecraft’s safe mode. Especially for missions in which different parties jointly utilize (parts of) a spacecraft, such as hosted payloads or multi-tenant spacecraft, our architecture provides strong safety and cybersecurity guarantees due to the strong separation between components. Due to these properties operating spacecraft becomes inherently more reliable while simplifying onboard software development, as the inherent safety and cybersecurity guarantees reduce the need to extensively test individual software components or auditing of external software. We evaluated our novel software architecture thoroughly on a hardware development board. The research project was done in collaboration with the European Space Agency (ESA).
You can download the full publication here.