Skip to main content

Secure Hardware-Software Architectures for Robust Computing Systems

Periodic Reporting for period 2 - SHARCS (Secure Hardware-Software Architectures for Robust Computing Systems)

Okres sprawozdawczy: 2016-07-01 do 2017-12-31

SHARCS aimed at designing, building, and demonstrating secure-by-design system architectures, that achieve end-to-end security for their users.
SHARCS achieved this by systematically analyzing and extending, as necessary, every hardware and software layer in a computing system.
The new technologies developed were utilized by applications and services, that require end-to-end security. At the societal level, SHARCS
aimed to increase the trust of citizens in ICT products and services. The promotion of new standards and regulations for building hardware
and software systems, coupled with the new technologies invented, will be beneficial to the consumer, who will reap the rewards of more
secure consumer goods. The technologies coming out of SHARCS will be applicable to both large companies, as well as SMEs, leveling the
playing field in the race to introduce new products. Overall, the outcomes will have a positive impact on society as a whole.

The specific objectives of the project are to:
1. Extend existing hardware and software platforms towards developing secure-by-design enabling technologies.
2. Leverage hardware technology features present in today’s processors and embedded devices to facilitate software-layer security.
3. Build methods and tools for providing maximum possible security-by-design guarantees for legacy systems.
4. Evaluate acceptance, effectiveness and platform independence of SHARCS technologies and processes.
5. Create high impact in the security and trustworthiness of ICT systems.

In conclusion, in SHARCS we showcased three use-cases of entirely different domains enhanced by high quality security mechanism
derived by high-caliber research. The contributions of SHARCS project, stem from the exceptional impact on the research conducted
in regards with Computing Systems security, as well as the highly potential exploitation of the results by the industrial partners of the
consortium, in their future products.
During the final reporting period, the project exploited the evaluation results of the first reporting period in order to tailor the initial implementations of the security techniques presented in the midterm review in the final use-cases.
Moreover, research on security techniques yielded high calibre scientific publications and provided a plethora of techniques available for integration in the use cases.
The overall work conducted in WP5, formed a set of guidelines and methodologies in designing secure applications i.e. the methodology followed in SHARCS.
In terms of dissemination and exploitation, beyond the vast number of scientific publications (~25 more than set in the DoA) the consortium organised workshops and conferences, published videos targeting experienced as well as general audiences.
The industrial partners, through the integration of the security techniques investigated the exploitation possibilities of the high TRL security techniques in their commercial products.
The academic partners, focused mainly on research, moreover they provided SHARCS related courses while many of the security techniques developed in SHARCS were part of the research conducted by students for their MSc and PhD theses.
Finally, we classified each security technique in terms of standardization potential and defined a set of cyber-critical scenarios and how SHARCS results could protect the infrastructure of each of the scenarios.
SHARCS proposes new paradigms for the adoption and enforcement of end-to-end security.
Its focus is distributed throughout the Information and Communication Technology (ICT) ecosystem, creating solutions in both software and hardware,
from Systems-on-a-Chip, running without an operating system present, to major cloud infrastructures with multiple levels of abstraction.
The impact that SHARCS project achieved, enriched the SHARCS project’s use-cases (Implant, Automotive, Cloud) with new security mechanisms.
In more detail, the progress beyond the State-of-the-Art is as follows:

* New paradigms for the design and implementation of ICT technology:
Through modifying or completely redesigning existing technologies, the SHARCS project guarantees end-to-end security for secure execution and communications.
For example, the Cloud platform is making changes to expose hardware security functions to the entire platform.
The Implantable Medical Device (IMD) is being redesigned to enforce safe execution and safe communication with the outside world.
The Automotive use-case is modifying its software and hardware stack, to enforce safe execution and communications.

* ICT products and services compliant with Europe’s security and privacy regulation:
The Cloud platform has already adopted security mechanisms.
The IMD is adopting secure execution technologies as well as secure communication protocols.
The Automotive use-case is also adopting secure execution technologies.

* ICT with a measurably higher level of security and/or privacy, at marginal additional cost compared to ICT technology following the traditional designs (i.e. implementing security as add-on functionality):
By exposing already present hardware security features to the end user, the Cloud platform is enforcing security with no significant cost overhead.
The IMD was redesigned with security in mind.
While the Automotive platform is focusing on automated software protections.

* Increase user trust in ICT and online services:
By exposing security features directly to the clients, Cloud becomes more trustworthy, since the clients can be assured that the data centre’s machines, and by extension their data, are not compromised.
With the protections added to the IMD and Automotive cases, users will be able to trust their privacy and well-being.

* Improve users’ ability to detect breaches of security and privacy:
Through secure boot mechanisms and remote attestation, users will be able to check and isolate security breaches.
In the IMD and Automotive cases, the technologies applied are transparent to the user.

* More resilient critical infrastructures and services:
Through improvements in the security of the Cloud platform, users can be certain that their workloads are running safely and without interruptions.
The IMD and Automotive platforms have been hardened against tampering that could result in malicious behaviour, or denial of service.

* Provides security and privacy as a built-in feature, simpler to understand and manage for the user compared to traditional ICT.
The UI design of the Cloud platform is being improved, to provide an easier and simpler rundown of the security features provided.
In the IMD and Automotive cases, the technologies applied are transparent to the user.

* ICT technology that is proven to be more secure than ICT designed the traditional way:
This will be determined through the automated testing and the evaluation work.
SHARCS framework operational models.