Secure System Architectures (WS 2025/26)
Table of Content
Content
Computing systems have a strong need for deeply rooted security which can only be provided through hardware features. This is especially important for cloud computing and settings in which multiple mutually distrusted parties operate on shared hardware. As such services have become ubiquitous, the issue of providing confidentiality for user data affects billions of people worldwide. CPU vendors implement dedicated hardware features that aim to provide security for computing systems. In this course, we focus on academic and industrial defensive security features that are used in modern systems. We cover the topic of hardware-backed security features including memory safety countermeasures, enclaves, and secure virtualization. We also cover defensive strategies that deviate further from established approaches, such as the CHERI architecture. Among others, we discuss the following topics:- Memory Safety
- Memory Tagging
- Memory Isolation
- CHERI Systems
- Compiler Support
- Enclaves and Secure virtualization
- Intel SGX
- AMD SEV, Intel TDX
- RISC-V Confidential Computing
- Software-based Enclaves
- The SPIKE RISC-V ISA Simulator (C/C++) - Implementing additional registers and instructions
- LLVM (C++) Compiler Support - Create your own IR pass!
- The gem5 system simulator (C++) - Adding instructions to x86 systems - Full-system simulation
Material
Discord for official announcements: https://discord.gg/WQPDP8hwSlides and other Material: https://cloud.tugraz.at/index.php/s/8ZwXXkcm8bgeJg7
Administrative Information
Previous Knowledge
CON, Information Security, SLP, C, C++, Python, AssemblyPrerequisites Curriculum
See position in the curriculumObjective
After succesfully finishing this course, the participants have a profound knowledge of existing hardware-based security features found in modern-day computing systems. The participants are able to understand the need for these features and how they address certain aspects of providing security against common threats. Furthermore, the participants are able to develop and implement their own security concept prototypes in state-of-the-art ISA and system simulators.Language
EnglishTeaching Method
How to get a grade
Two practical tasks and a written exam at the end.Registration
https://online.tugraz.at/tug_online/ee/rest/pages/slc.tm.cp/course-registration/592779Lecture Dates
| Date | Begin | End | Location | Event | Type | Comment |
|---|---|---|---|---|---|---|
| 2025/10/14 | 14:30 | 16:30 | Seminarraum | Abhaltung | VU | fix/Practicals Introduction |
| 2025/10/16 | 14:00 | 16:00 | Seminarraum | Abhaltung | VU | fix/ |
| 2025/10/23 | 14:00 | 16:00 | Seminarraum | Abhaltung | VU | fix/ |
| 2025/10/30 | 14:00 | 16:00 | Seminarraum | Abhaltung | VU | fix/ |
| 2025/11/06 | 14:00 | 16:00 | Seminarraum | Abhaltung | VU | fix/ |
| 2025/11/12 | 10:00 | 12:00 | Seminarraum | Abhaltung | VU | fix/ |
| 2025/11/14 | 09:00 | 14:00 | Seminarraum | Abhaltung | VU | fix/Exercise interviews |
| 2025/11/20 | 14:00 | 16:00 | Seminarraum | Abhaltung | VU | fix/ |
| 2025/11/27 | 14:00 | 16:00 | Seminarraum | Abhaltung | VU | fix/ |
| 2025/12/04 | 14:00 | 16:00 | Seminarraum | Abhaltung | VU | fix/ |
| 2025/12/11 | 14:00 | 16:00 | Seminarraum | Abhaltung | VU | fix/ |
| 2025/12/18 | 14:00 | 16:00 | Seminarraum | Abhaltung | VU | fix/ |
| 2026/01/08 | 14:00 | 16:00 | Seminarraum | Abhaltung | VU | fix/ |
| 2026/01/15 | 14:00 | 16:00 | Seminarraum | Abhaltung | VU | fix/ |
| 2026/01/15 | 14:00 | 16:00 | Seminarraum | Abhaltung | VU | fix/Practicals Introduction |
| 2026/01/22 | 14:00 | 16:00 | Seminarraum | Abhaltung | VU | fix/ |
| 2026/01/23 | 13:00 | 15:00 | HS i6 | Abhaltung | VU | fix/Exercise Interview |
| 2026/01/26 | 09:00 | 11:00 | HS i6 | Abhaltung | VU | fix/Potential Exam Slot |
