As computing systems become increasingly complex, ensuring the security and integrity of code execution has become a fundamental challenge. Software-based protection mechanisms alone are often insufficient against sophisticated attacks that exploit vulnerabilities in operating systems, firmware, or applications. To address these threats, hardware isolation technologies have become crucial for a trusted system design.

Hardware isolation mechanisms create secure boundaries at the hardware level, enabling sensitive operations to be executed in protected environments isolated from potentially compromised components. Several approaches have been developed to achieve this goal, including Trusted Execution Environments (TEEs), Memory Protection Units (MPUs), Trusted Platform Modules (TPMs), Secure Elements (SEs), etc.

The aim of this work is a:

• literature review of state-of-the-art hardware isolation technologies,
• with a focus on their advantages and disadvantages,
• and summarizing the key findings.

References

[1] C. Lesjak, D. Hein and J. Winter, "Hardware-security technologies for industrial IoT: TrustZone and security controller," IECON 2015 - 41st Annual Conference of the IEEE Industrial Electronics Society, Yokohama, Japan, 2015, pp. 002589-002595, doi: 10.1109/IECON.2015.7392493.

[2] M. Grisafi, M. Ammar and B. Crispo, "On the (in)security of Memory Protection Units : A Cautionary Note," 2022 IEEE International Conference on Cyber Security and Resilience (CSR), Rhodes, Greece, 2022, pp. 157-162, doi: 10.1109/CSR54599.2022.9850322.

The Device Identifier Composition Engine (DICE) is a security architecture proposed by the Trusted Computing Group (TCG), primarily intended for resource-constrained devices. The DICE architecture serves as a basic Root of Trust (RoT) by providing a boot time measurement to generate a unique cryptographic device identity, only leveraging minimal hardware requirements and software techniques. The generated identity can then be used for various purposes, e.g., in a remote attestation process to prove the identity and integrity of the device. A DICE Protection Environment (DPE) protects DICE-related secrets and helps enforce DICE-related policies.

The aim of this work is a:

• literature review of state-of-the-art DICE and DPE implementations,
• with a focus on the DPE,
• and summarizing the key findings.

References

[1] https://trustedcomputinggroup.org/wp-content/uploads/DICE-Layering-Architecture-r19_pub.pdf

[2] https://trustedcomputinggroup.org/wp-content/uploads/DICE-Protection-Environment-Version-1.0_pub.pdf

In principle, an artificial neural network (ANN) can be trained to approximate any function. Progress in the domain of machine learning (ML) has shown that this universal approximation of functions has not only theoretical, but also practical relevance.

Error correction codes (ECCs) map information to a larger space, adding redunandancy so that the original information can be recovered despite erroneous data transmission. To decode a received data word and correct transmission errors, typically bespoke classical algorithms are used.

Prior research, beginning with [1], has shown that using an ANN in place off an ECC decoder is indeed possible. The goal of this work is a thorough literature review of such research.

[1] https://ieeexplore.ieee.org/abstract/document/7926071

With the growing complexity of embedded systems, traditional software-based attack detection approaches face challenges in terms of latency, visibility, and resilience against low-level attacks. Hardware-assisted monitoring, such as using Hardware Performance Counters (HPCs), offers a promising complement. These sources can reveal subtle anomalies and attack traces at the microarchitectural or physical level.

However, the diversity of proposed detection mechanisms (machine-learning-based, threshold-based, hybrid firmware-hardware schemes, etc.) and the wide range of targeted attack types (e.g., side-channel, control-flow hijack, fault injection, denial-of-service) make it difficult to systematically compare and evaluate these techniques. A structured analysis of this research landscape is therefore essential.

The aim of this work is a:

• literature review of hardware-assisted attack detection mechanisms,
• with a focus on the HPCs,
• analysing the detection methodologies,
• and summarizing the key findings.

References:

[1] Foreman, James Christopher. "A survey of cyber security countermeasures using hardware performance counters." arXiv preprint arXiv:1807.10868 (2018).

[2] C. Li and J. -L. Gaudiot, "Detecting Malicious Attacks Exploiting Hardware Vulnerabilities Using Performance Counters," 2019 IEEE 43rd Annual Computer Software and Applications Conference (COMPSAC), Milwaukee, WI, USA, 2019, pp. 588-597, doi: 10.1109/COMPSAC.2019.00090.

Threshold Computationin-the-Head [1] is a relatively new zero-knowledge proof technique that is built upon the MPC-in-the-Head concept. Using this technique, post-quantum secure signatures can be obtained.

In this work, the student should get an overview of the TCitH framework and explain it's basic concepts. Further, a systematic sutdy should analyse, which of the signature schemes in the on-ramp NIST competition [2] is built on that paradigm. 

References:

• [1] https://link.springer.com/article/10.1007/s00145-025-09543-8
• [2] https://csrc.nist.gov/Projects/pqc-dig-sig/round-2-additional-signatures

CPU prefetcher speculatively load data into CPU caches in advance, to prevent CPU stalls due to high memory access latencies. While they are a vital component for performace, they lately got into focus of IT security concerns: As some prefetchers reason about soon to be accessed data by past access patterns, they may leak information similar to cache side-channels.

In this work, we want to give an overview about the different proposed attacks, and what their work principle is. This includes a categorization which kind of prefetcher and which crypto-implementation they target. Finally we give an outlook what future research directions could be interesting.

Reference as a starting point: https://dl.acm.org/doi/10.1145/3575693.3575719

Remark: This topic is supervised by a colleague at Fraunhofer AISEC

Speculative execution attacks like Spectre and Meltdown are dangerous threats to security of modern systems. They exploit flaws in CPU microarchitecture to obtain secret data. Since publication in early 2018 further speculative execution attacks were discovered, like Foreshadow, Zombieload and many more.

In this work, we want to give an overview of some prominent speculative execution attacks and briefly describe their work principle. Most of the attacks were first demonstrated on x86. Hence, we also want to highlight whenever any of the attacks were demonstrated on ARM or RISC-V as well. Finally we also give a brief overview of some of the existing countermeasures. As there are quite a lot of different attacks and variants thereof, we limit ourself to a reasonable scope, covering only some of the exisitng attacks.

Reference as a starting point: https://meltdownattack.com/meltdown.pdf

Remark: This work is supervised by a colleague at Fraunhofer AISEC

The idea of Chiplets has many benefits, like high modularity and smaller silicon sizes, resulting in better yields. However, what implications does the modularity of chiplets have for their security?

A good starting point is:
[1] On Hardware Security and Trust for Chiplet-Based 2.5D and 3D ICs: Challenges and Innovations
[2] Securing the New Frontier Chiplets & HW Security

The core of most ciphers and hash functions is a small substitution table, the S-Box, which provides the confusion and diffusion needed for a good cryptographic security. While such table look-ups are trivial in software, the efficient implementation in hordware modules is still and open question. Various heuristics have been proposed to minimize the area and latency of such almost random circuits.

The task of this seminar is to present and compare several such algorithms.

[1] Y. Jeon et al.: Framework for Generating S-Box Circuits with Boyar–Peralta Algorithm-Based Heuristics, https://tches.iacr.org/index.php/TCHES/article/view/11940/11800

For power side channel attacks, it is common to capture traces with some kind of oscilloscope. Depeding on the model in use one has several degrees of freedom on the properties of such a measurement. This includes the sampling rate of the scope as well as the resolution of the ADC.

The goal of this seminar topic is to summarize findings on the impact of the resolution of an oscilloscope on the resulting side channel attack.

Reference:

For power side channel attacks, it is common to capture traces with some kind of oscilloscope. Depeding on the model in use one has several degrees of freedom on the properties of such a measurement. This includes the sampling rate of the scope as well as the resolution of the ADC.

The goal of this seminar topic is to summarize findings on the impact of the sampling rate of an oscilloscope on the resulting side channel attack.

Reference:

Physical Unclonable Functions (PUFs) offer a way to convert uncontrollable hardware manufacturing variations into digital secrets. When a use a cryptographic keys is targeted, the quality of this inherent randomness needs to be assessed. A number of metrics and statistical tests specific to PUFs emerged for this purpose.

Randomness tests are no less important in the domain of True Random Number Generators (TRNGs). Here, standardised test suites exist, e.g. NIST SP 800-22, BSI AIS 20, BSI AIS 31. Despite the underlying principles and the key metrics being quite different, many PUF publications simply apply TRNG randomness tests to their data without much consideration for the underlying  assumptions of this methodology.

The aim of this work is a comprehensive literature search regarding

• adaptations of TRNG test frameworks to PUF quality assessment (e.g. [1]) and
• significance of the results when applying standard/adapted TRNG tests to PUFs.

[1] https://github.com/cryptoquantique/TuRiNG-A-PUF-randomness-test-suite

VOLE-in-the-Head [1] is a relatively new zero-knowledge proof technique that is built upon the MPC-in-the-Head concept. Using this technique, post-quantum secure signatures can be obtained. In the recently started on-ramp signature call by NIST, FAEST [2] is one candidate that uses the VOLE-in-the-Head concept.

In this work, the student should get an overview of the VOLE-in-the-Head framework and explain it's basic concepts and how the signature scheme FAEST is constructed from it.

References:

• [1] https://link.springer.com/chapter/10.1007/978-3-031-38554-4_19
• [2] https://faest.info/resources.html

There are various methods of Fault Analysis in Neural Networks:
- L. M. Luza et al., “Emulating the effects of radiation-induced soft-errors for the reliability assessment of neural networks”
- E. Ozen and A. Orailoglu, “Sanity-check: Boosting the reliability of safety-critical deep neural network applications”
- Y. Luo et al., “Deepstrike: Remotely-guided fault injection attacks on dnn accelerator in cloud-fpga”
- and more
Fault attacks aim to change the classification outcome of a neural network or to get information on potentially secret input or secret network parameters.

The goal of this seminar topic is to summarize state-of-the-art techniques and draw conclusions on frequent attack goals, targeted parameters, and promising methods.

An often-cited advantage of key storage with physical unclonable functions (PUFs) is that protection mechanisms for stored cryptographic keys need only be active during runtime. Since the secret only exists while the device is active, expensive secure non-volatile storage is no longer needed.

A comprehensive evaluation of such claims however, needs a clearly defined attacker model. Especially in the domain of memristor-based PUFs, discussions of attacker capabilities have been far from commonplace. Some works (e.g. [1]) discuss measures to harden the PUF primitive against prospecitve attackers, some discuss specific attacks (e.g. [2]), while others use the memristors as non-volatile storage (e.g. [3]).

The aim of this work is a

• literature review of memristor-based PUFs with a
• focus on their explicit and implicit security assumptions,
• summarising the results into predominant categories for attacker models.

[1] https://www.science.org/doi/full/10.1126/sciadv.abn7753
[2] https://arxiv.org/abs/2307.01041
[3] https://ieeexplore.ieee.org/abstract/document/7001345

As the development of neural networks requires large amounts of data, expertise, and resources, they are considered valuable intellectual property. This necessitates research into possible attack vectors that could enable the extraction of neural network model parameters. One such attack vector are the memory access patterns of a neural network during inference.

The goal of this seminar is to provide an overview on memory access pattern side channel attacks against neural networks.

[1] X. Hu, L. Liang, S. Li, L. Deng, P. Zuo, Y. Ji, X. Xie, Y. Ding, C. Liu, T. Sherwood, et al. DeepSniffer: A DNN model extraction framework based on learning architectural hints. In ACM International Conference on Architectural Support for Programming Languages and Operating Systems, 2020.

This seminar topic aims to provide an overview of different caching strategies for data stored in DRAM.

A good starting point is:
[1]DRAM Aware Last-Level-Cache Policies