C5: Security in Invasive Computing Systems

Principal Investigators:

Prof. F. Freiling, Prof. W. Schröder-Preikschat, Prof. G. Snelting,
in cooperation with Mercator Fellow Prof. I. Verbauwhede

Scientific Researchers:

S. Bischof, Dr.-Ing. J. Götzfried, P. Maene, F. Turan


Project C5 explores security aspects of invasive computing and resource-aware programming. We aim to ensure confidentiality, integrity and availability of the invasive computing system in the presence of untrustworthy programs that compete for resources and can contain malicious functionality, thereby closing a gap in the system architecture. Project C5 has been established within the second funding phase.

In the second funding phase, the groundwork for security concepts had to be laid: We began to devise the attacker model and define specific security properties for invasive applications. Specific to invasive computing, the attacker model comprises an absent or untrusted system layer accessing shared resources. We then devised several new mechanisms that achieved different levels of isolation at different architectural layers against attacker models with different assumption coverage: at the hardware layer (i.e. isolating applications running on the same core against system level attackers), systems software layer (isolating memory abstractions against application level attackers), and the application layer (integrating security requirements as constraints into the invade phase of an invasive program).

In the third funding phase, we aim to pursue two main goals: (1) We wish to provide mechanisms that can reliably and provably enforce security properties that have been requested by applications at run time even if attacker assumptions are violated, thereby increasing the assumption coverage. (2) We plan to finally extend intra-tile to inter-tile security. The main idea that contributes to both goals is to combine static information flow control with remote attestation together with a hardware-based remote (and destructive) reset mechanism to check and (re-)enforce integrity of computations on remote tiles. Ideas specifically in the direction of goal 1 are heuristic run-time-monitoring approaches and static quantitative information flow analyses to detect information leaks within the invasive system. The second goal specifically is targeted by a novel application of memory encryption on inter-tile virtual shared memory.


The overall challenge is always that security is only as strong as the weakest link: Even though we have gained many insights into security considerations on invasive computing systems already, many challenges for security at different abstraction layers remain. Security holes can exist at the application layer, at different software layers, the architecture layer down to the hardware layer. Security attacks can also take on many forms and shapes. All this needs to be taken into account.

Building upon the results of the second phase, we formulate two main goals for our investigations in the third phase:

  • Goal 1: Provide robust run-time monitoring and enforcement mechanisms for security properties to increase assumption coverage.
  • Goal 2: Extend intra-tile to inter-tile security for integrity and confidentiality.

The first goal aims at integrating the diverse solutions for the different layers that were developed in previous work. The choice of layer on which defensive techniques are placed critically depends on the attacker assumption. The choice of attacker assumption, however, is usually performed by the system operator who can misjudge the threat scenario. The idea which we pursue is to develop solutions that enable the system to detect the violation of attacker assumptions and enable more restrictive security techniques automatically. This is achieved through robust combinations of techniques already developed in the second phase or being developed in this or other projects of the SFB in the third phase. Overall, the probability of choosing the right attacker assumption (and therefore the assumption coverage) is increased.

The second goal is directed towards bootstrapping security from single tiles to multiple tiles. Regarding the hardware layer, the focus in the second phase has been to develop stand-alone solutions (individual cores) that can act as trust anchors in an invasive system. If strong attackers are present, it is not sufficient to maintain islands of security; ideally it should be possible to reset applications that do not obey their prescribed control flow from within the trust anchors. Ideally, the entire system can be brought into a well-defined state again.


We wish to explore possible combinations of multiple existing trusted computing solutions (those developed in the second phase and others) to form more powerful security mechanisms in heterogeneous multicore architectures. This approach is relevant to both goals formulated above. We now describe the main ideas and concepts behind our solutions.

One main thrust will be to compose solutions for control flow attestation with static information flow analysis to achieve a novel and strong form of information flow protection against strong adversaries. This idea contributes mainly to Goal 2 but also to Goal 1, since violations of integrity can then be remotely detected. Hardware-based mechanisms to remotely force non-behaving applications to recover from adversarial actions through a novel concept of destructive preemption are investigated as well. Techniques that ensure inter-tile integrity and thus support Goal 2 at the operating system level are explored, where virtual shared memory (VSM) is used to achieve inter-tile encryption, integrity and authorisation against intermediate strength adversaries. At the same level, we wish to study run-time monitoring techniques that can heuristically detect confidentiality violations.

For example, we wish to introduce static information flow control (IFC) on the programming language level for invasive applications to guarantee confidentiality and integrity in close collaboration with C3. Here, confidentiality means that secret inputs do not influence public outputs, while integrity means that untrusted inputs cannot influence trusted behaviour. Our work will leverage the JOANA system, which uses a new, groundbreaking algorithm for probabilistic non-interference and provides IFC for full multithreaded Java (an X10 front end is in preparation).

While we currently focus solely on static attestation, i.e. the authenticity and integrity of an application is only checked while being loaded, we plan to leverage our solutions to support control flow attestation (CFA). Without CFA, the integrity property of a program can be violated, for example because implementation bugs are exploited and the contents of application memory are changed after the application has been loaded. We will address this problem by extending our static attestation solutions such as Soteria and Atlas with CFA but instead of extending measurements on a basic block basis, we only want to consider basic blocks which belong to critical sections within an applications control flow graph. To this end, we will utilise the static IFC algorithms provided by JOANA such that only critical points (see above) need to be checked and measured during run time while the other parts of the application are considered secure.

Finally, we aim to equip each tile with a hardware extension capable of measuring available software and data, supporting attestation to neighbouring tiles. These tile-to-tile attestations will be used to measure whether these tiles can be trusted to process sensitive workloads, or if the code running there should be revised first. For example, a long-running application may require patches to protect against newly detected attack vectors. Consequently, these mutual attestations will ensure that every invaded tile has the most trusted version of the software or data, i.e. the most recent version addressing all known vulnerabilities. Moreover, possible actions in such an attestation policy include updates, even when doing so requires preemption of the running system to launch into the inherently trusted execution environment which can forcibly apply the update.

A comprehensive summary of the major achievements of the second funding phase can be found by accessing Project C5 second phase website.


[1] Johannes Götzfried. Trusted Systems in Untrusted Environments: Protecting against Strong Attackers. Dissertation, Chair for IT Security Infrastructures, Department of Computer Science, Friedrich-Alexander-Universität Erlangen-Nürnberg, Germany, 2018. [ http ]
[2] Simon Bischof, Joachim Breitner, Jürgen Graf, Martin Hecker, Martin Mohr, and Gregor Snelting. Low-deterministic security for low-deterministic programs. Journal of Computer Security, 26:335–366, 2018. [ DOI ]
[3] David Übler, Johannes Götzfried, and Tilo Müller. Secure Remote Computation using Intel SGX. In Sicherheit 2018, Beiträge der 9. Jahrestagung des Fachbereichs Sicherheit der Gesellschaft für Informatik e.V. (GI), 25.-27.4.2018, Konstanz, pages 209–219. Gesellschaft für Informatik e.V., 2018. [ DOI | http ]
[4] Ralph Palutke and Felix C. Freiling. Styx: Countering robust memory acquisition. Digital Investigation, 24:18–28, 2018. [ DOI | http ]
[5] Johannes Götzfried. RAM-Schranke: RAM-Verschlüsselung bei AMD und Intel. c't Magazin für Computertechnik, 10:174–179, 2018. [ http ]
[6] Simon Bischof, Joachim Breitner, Denis Lohner, and Gregor Snelting. Illi isabellistes se custodes egregios praestabant. In Peter Müller and Ina Schaefer, editors, Principled Software Development: Essays Dedicated to Arnd Poetzsch-Heffter on the Occasion of his 60th Birthday, pages 267–282. Springer International Publishing, 2018. [ DOI | http ]
[7] Pieter Maene, Johannes Götzfried, Tilo Müller, Ruan de Clercq, Felix Freiling, and Ingrid Verbauwhede. Atlas: Application Confidentiality in Compromised Embedded Systems. IEEE Transactions on Dependable and Secure Computing (2018), 2018. [ DOI ]
[8] Vincent Lefebvre, Gianni Santinelli, Tilo Müller, and Johannes Götzfried. Universal Trusted Execution Environments for Securing SDN/NFV Operations. In ARES 2018: International Conference on Availability, Reliability and Security. ACM, 2018. [ DOI ]
[9] Pieter Maene, Johannes Götzfried, Ruan de Clercq, Tilo Müller, Felix Freiling, and Ingrid Verbauwhede. Hardware-Based Trusted Computing Architectures for Isolation and Attestation. IEEE Transactions on Computers, 67(3):361–374, 2018. [ DOI ]
[10] Titouan Lazard, Johannes Götzfried, Tilo Müller, Gianni Santinelli, and Vincent Lefebvre. TEEshift: Protecting Code Confidentiality by Selectively Shifting Functions into TEEs. In Proceedings of the 3rd Workshop on System Software for Trusted Execution, SysTEX '18, pages 14–19. ACM, 2018. [ DOI | http ]
[11] Anatoli Kalysch, Johannes Götzfried, and Tilo Müller. VMAttack: Deobfuscating Virtualization-Based Packed Binaries. In Proceedings of the 12th International Conference on Availability, Reliability and Security, pages 2:1–2:10. ACM, 2017. [ DOI | http ]
[12] Job Noorman, Jo Van Bulck, Jan Tobias Mühlberg, Frank Piessens, Pieter Maene, Bart Preneel, Ingrid Verbauwhede, Johannes Götzfried, Tilo Müller, and Felix C. Freiling. Sancus 2.0: A low-cost security architecture for iot devices. ACM Trans. Priv. Secur., 20(3):7:1–7:33, 2017. [ DOI | http ]
[13] Pieter Maene, Johannes Götzfried, Ruan de Clercq, Tilo Müller, Felix Freiling, and Ingrid Verbauwhede. Hardware-Based Trusted Computing Architectures for Isolation and Attestation. IEEE Transactions on Computers, PP(99):1–1, 2017. [ DOI ]
[14] Ruan de Clercq, Johannes Götzfried, David Übler, Pieter Maene, and Ingrid Verbauwhede. SOFIA: Software and Control Flow Integrity Architecture. Computers & Security, 68:16–35, 2017. [ DOI ]
[15] Johannes Götzfried, Moritz Eckert, Sebastian Schinzel, and Tilo Müller. Cache Attacks on Intel SGX. In Proceedings of the Tenth European Workshop on System Security (EuroSec'17), pages 2:1–2:6. ACM, 2017. [ DOI | http ]
[16] Mykola Protsenko. Securing the Android App Ecosystem: Obfuscation, Tamperproofing, and Malware detection. Dissertation, Department of Computer Science, Friedrich-Alexander-Universität Erlangen-Nürnberg, Germany, 2017.
[17] Gabor Drescher, Christoph Erhardt, Felix Freiling, Johannes Götzfried, Daniel Lohmann, Pieter Maene, Tilo Müller, Ingrid Verbauwhede, Andreas Weichslgartner, and Stefan Wildermann. Providing security on demand using invasive computing. it – Information Technology, 58(6):281–295, September 30, 2016. [ DOI ]
[18] Andreas Weichslgartner, Stefan Wildermann, Johannes Götzfried, Felix Freiling, Michael Glaß, and Jürgen Teich. Design-time/run-time mapping of security-critical applications in heterogeneous mpsocs. In Proceedings of the 19th International Workshop on Software and Compilers for Embedded Systems (SCOPES), pages 153–162. ACM, May 23, 2016. [ DOI ]
[19] Ruan de Clercq, Ronald de Keulenaer, Bart Coppens, Bohan Yang, Pieter Maene, Koen de Bosschere, Bart Preneel, Bjorn de Sutter, and Ingrid Verbauwhede. SOFIA: Software and Control Flow Integrity Architecture. In 2016 Design, Automation Test in Europe Conference Exhibition (DATE), pages 1172–1177. IEEE, 2016.
[20] Johannes Götzfried, Nico Dörr, Ralph Palutke, and Tilo Müller. HyperCrypt: Hypervisor-based Encryption of Kernel and User Space. In SBA Research, editor, 11th International Conference on Availability, Reliability and Security (ARES'16). IEEE, 2016. [ DOI | http ]
[21] Lars Richter, Johannes Götzfried, and Tilo Müller. Isolating Operating System Components with Intel SGX. In 1st Workshop on System Software for Trusted Execution (SysTEX'16). ACM, 2016. [ DOI | http ]
[22] Johannes Götzfried, Tilo Müller, Gabor Drescher, Stefan Nürnberger, and Michael Backes. RamCrypt: Kernel-based Address Space Encryption for User-mode Processes. In 11th ACM Asia Conference on Computer and Communications Security (ASAICCS), Special Interest Group on Security, Audit and Control (SIGSAC). ACM, 2016. [ DOI | http ]
[23] Furkan Turan, Ruan de Clercq, Pieter Maene, Oscar Reparaz, and Ingrid Verbauwhede. Hardware Acceleration of a Software-based VPN. In 26th International Conference on Field Programmable Logic and Applications (FPL'16), pages 1–9. IEEE, 2016. [ DOI ]
[24] Alexander Würstlein, Michael Gernoth, Johannes Götzfried, and Tilo Müller. Exzess: Hardware-based RAM Encryption against Physical Memory Disclosure. In Architecture of Computing Systems (ARCS'16). Springer, 2016. [ DOI | http ]
[25] Michael Gruhn. Forensically Sound Data Acquisition in the Age of Anti-Forensic Innocence. Dissertation, Department of Computer Science, Friedrich-Alexander-Universität Erlangen-Nürnberg, Germany, 2016.
[26] Maxim Anikeev, Felix Freiling, Johannes Götzfried, and Tilo Müller. Secure garbage collection: Preventing malicious data harvesting from deallocated java objects inside the dalvik vm. In Journal of Information Security and Applications, pages 81–86, Amsterdam, 2015. Elsevier. [ DOI ]
[27] Johannes Götzfried, Tilo Müller, Ruan de Clercq, Pieter Maene, Felix Freiling, and Ingrid Verbauwhede. Soteria: Offline software protection within low-cost embedded devices. In Proceedings of the 31th Annual Computer Security Applications Conference (ACSAC'15), pages 241–250. ACM, 2015. [ DOI | http ]
[28] Christopher Kugler and Tilo Müller. Separated control and data stacks to mitigate buffer overflow exploits. In Endorsed Transactions on Security and Safety, pages 1–36. European Alliance for Innovation (EAI), Institute for Computer Sciences, Social Informatics and Telecommunications Engineering (ICST), 2015.
[29] Pieter Maene and Ingrid Verbauwhede. Single-cycle implementations of block ciphers. In Lightweight Cryptography for Security and Privacy, Lecture Notes in Computer Science. Springer-Verlag, 2015.
[30] Maximilian Seitzer, Michael Gruhn, and Tilo Müller. A bytecode interpreter for secure program execution in untrusted main memory. In 20th European Symposium on Research in Computer Security (ESORICS'15), pages 376–395. SBA Research, 2015.
[31] R. de Clercq, F. Piessens, D. Schellekens, and I. Verbauwhede. Secure interrupts on low-end microcontrollers. In IEEE 25th International Conference on Application-specific Systems, Architectures and Processors (ASAP), pages 147–152, June 2014. [ DOI ]
[32] Felix Freiling, Mykola Protsenko, and Yan Zhuang. An empirical evaluation of software obfuscation techniques applied to android apks. In Jingqiang Lin and Tilo Müller, editors, International Workshop on Data Protection in Mobile and Pervasive Computing, 2014.
[33] Johannes Götzfried and Tilo Müller. Mutual authentication and trust bootstrapping towards secure disk encryption. In Transactions on Information and System Security (TISSEC), volume 17, New York, 2014. [ DOI | http ]
[34] Christopher Kugler and Tilo Müller. Scads: Separated control- and data-stacks (best student paper award). In Social Informatics ICST (The Institute for Computer Sciences and Telecommunications Engineering), editors, 10th International Conference on Security and Privacy in Communication Networks, 2014. [ .pdf ]