Secure System Architectures (WS 2025/26)

Content

Computing systems have a strong need for deeply rooted security which can only be provided through hardware features. This is especially important for cloud computing and settings in which multiple mutually distrusted parties operate on shared hardware. As such services have become ubiquitous, the issue of providing confidentiality for user data affects billions of people worldwide. CPU vendors implement dedicated hardware features that aim to provide security for computing systems. In this course, we focus on academic and industrial defensive security features that are used in modern systems. We cover the topic of hardware-backed security features including memory safety countermeasures, enclaves, and secure virtualization. We also cover defensive strategies that deviate further from established approaches, such as the CHERI architecture. Among others, we discuss the following topics: * Memory Safety - Memory Tagging - Memory Isolation - CHERI Systems - Compiler Support * Enclaves and Secure virtualization - Intel SGX - AMD SEV, Intel TDX - RISC-V Confidential Computing - Software-based Enclaves The practical part of this course adresses the task of creating and prototyping concepts for hardware-based security features. Contrary to other hardware-focused courses, we do not use hardware design flows for prototyping. Instead, teams of two students implement existing security features using state-of-the-art simulation platforms. Our implementations target RISC-V and x86-64 systems. The practicals cover: * The SPIKE RISC-V ISA Simulator - Implementing additional registers and instructions - LLVM Support - Functional simulation * The gem5 system simulator - Adding instructions to x86 systems - Toolchain support - Full-system simulation

Administrative Information

Previous Knowledge

CON, Information Security, SLP, C, C++, Python, Assembly

Prerequisites Curriculum

See position in the curriculum

Objective

After succesfully finishing this course, the participants have a profound knowledge of existing hardware-based security features found in modern-day computing systems. The participants are able to understand the need for these features and how they address certain aspects of providing security against common threats. Furthermore, the participants are able to develop and implement their own security concept prototypes in state-of-the-art ISA and system simulators.

Language

English

Teaching Method

How to get a grade

Registration

https://online.tugraz.at/tug_online/ee/rest/pages/slc.tm.cp/course-registration/592779

Lecture Dates

Date	Begin	End	Location	Event	Type	Comment
2025/10/01	10:00	12:00	Seminarraum	Abhaltung	VU	fix/
2025/10/08	10:00	12:00	Seminarraum	Abhaltung	VU	fix/Exercise Interviews Project 2b
2025/10/08	10:00	12:00	Seminarraum	Abhaltung	VU	fix/
2025/10/09	13:00	15:00	Seminarraum	Abhaltung	VU	fix/
2025/10/15	10:00	12:00	Seminarraum	Abhaltung	VU	fix/
2025/10/16	13:00	15:00	Seminarraum	Abhaltung	VU	fix/
2025/10/22	10:00	12:00	Seminarraum	Abhaltung	VU	fix/
2025/10/29	10:00	12:00	Seminarraum	Abhaltung	VU	fix/
2025/11/05	10:00	12:00	Seminarraum	Abhaltung	VU	fix/
2025/11/12	10:00	12:00	Seminarraum	Abhaltung	VU	fix/
2025/11/14	09:00	14:00	Seminarraum	Abhaltung	VU	fix/Exercise interviews
2025/11/19	10:00	12:00	Seminarraum	Abhaltung	VU	fix/
2025/11/26	10:00	12:00	Seminarraum	Abhaltung	VU	fix/
2025/12/03	10:00	12:00	Seminarraum	Abhaltung	VU	fix/
2025/12/10	10:00	12:00	Seminarraum	Abhaltung	VU	fix/
2025/12/17	10:00	12:00	Seminarraum	Abhaltung	VU	fix/
2026/01/07	10:00	12:00	Seminarraum	Abhaltung	VU	fix/
2026/01/14	10:00	12:00	Seminarraum	Abhaltung	VU	fix/
2026/01/21	10:00	12:00	Seminarraum	Abhaltung	VU	fix/
2026/01/23	13:00	15:00	HS i6	Abhaltung	VU	fix/Exercise Interviews Project 2b
2026/01/26	09:00	11:00	HS i6	Abhaltung	VU	fix/Exercise Interviews Project 2b

Lecturers