HWSec

HWSec (Hardware-based Security for Commodity Hardware)

Motivation

To apply the concept of security by design, security features need to be integrated into hardware. If the processor is already equipped with security features, they can be used to build a trustworthy IT system. Consequently, many hardware providers offer platforms including an increasing number of security features. However, it is yet unclear how to use these technologies effectively to create a secure and trustworthy overall system that protects against a broad variety of attacks. Another challenge is the increasing complexity of networked systems.

Approach and goals

By developing hardware-based security technologies that are optimized for applications, the project “Hardware-based Security for Commodity Hardware” (HWSec) aims at overcoming these challenges. Different CPU features (e.g. SGX) help building secure, cost-effective and flexible security solutions for networked systems, including already existing systems. To that end, R&S Cybersecurity Sirrix GmbH uses modern and highly reliable technologies for information security and multiple mechanisms for secure compartmentalization, e.g. virtualization and sandboxing procedures. The secure compartments are able to protect systems from within by preventing unauthorized data outflow and against invasive external attacks. Adding CPU features to these systems makes them more efficient and secure while supporting virtualization.

The main goals of the HWSec project include:

  • Improving efficiency when using the hardware security modules of existing and soon-to-be-available processors
  • Supporting already established security mechanisms by using existing hardware features

Project organization

HWSec is a joint research project funded by the German Federal Ministry of Education and Research (BMBF) and involves various expert partners from research and industrial fields. The BMBF is the project owner for this project. The Ruhr University of Bochum (Prof. Thorsten Holz, Chair of Systems Security) is responsible for the project lead.

  • Project management: VDI/VDE Innovation + Technik GmbH
  • Consortium: Ruhr University Bochum, Kobil Systems GmbH, Intel Collaborative Research Institute for Secure Computing, Technische Universität Darmstadt, R&S Cybersecurity Sirrix GmbH
  • Project duration: 04/2017–04/2020