CeCaS
Supercomputing Platform for Highly Automated Vehicles
FreeSBee - Generation of Side-Channel-Free Software for Embedded Systems
Hardening of embedded RISC-V software by means of code transformations
Start: 02/2023
End: 01/2026
With increasing digitalization, more and more embedded systems are becoming part of the Internet of Things. This comprehensive network provides significant economic benefits. In many cases, however, security gaps still threaten broad integration. Side-channel attacks, especially timing attacks, are an essential category here.
FreeSBee explores a tool-based methodology for (partially) automated detection and elimination of security vulnerabilities based on timing attacks. Timing attacks make it possible to infer confidential information, such as secret keys, by observing variations in software runtime.
Based on the Astrée and CompCert tools, the FZI develops an approach that uses annotations of confidential information in source code to automatically detect all dependent potential code sections that could cause control-flow-based runtime variations.
The subsequent compilation process has been extended to eliminate these potential control-flow-based runtime variations through code transformations automatically. This allows the user to protect software against control-flow-based timing attacks with just a few annotations.
Approaches to eliminate microarchitecture-related runtime variations are also being investigated. The focus is on hardware architectures for the RISC-V instruction set.
Contact
Dr. rer. nat. Sebastian Reiter
Department Manager
Division: Intelligent Systems and Production Engineering
- +49 721 9654-430
- reiter@fzi.de
- Headquarters Karlsruhe
Research focus
Safety, Security and the Law
In this research focus, the FZI prioritizes the topics of resilience for critical infrastructures, managing security, legal tech, and (post-)quantum cryptography and also deals with the mutual influence of Artificial Intelligence and safety and security.
Funding notice:
The joint project FreeSBee is funded by the Federal Ministry of Education and Research (BMBF).
Project partner:
More projects
Transfer Centre for Cybersecurity in SMEs
Cybersecurity for SMEs
PfleDaKi
Data management repository for care-supporting AI applications
InnoSecBW
Innovation with Cybersecurity for SMEs in Baden-Württemberg
FreeSBee
Hardening of embedded RISC-V software by means of code transformations
RackKI
Automatic Integration of Avionik Racks via Artificial Intelligence
WeForming
Buildings as efficient and interoperable components of the future energy system
Hybrenergy
Hybrid building twins for increased energy efficiency
FlexBlue
Flexible refrigeration systems against the background of increased decarbonization
EDIH-AICS
European Digital Innovation Hub applied Artificial Intelligence and Cybersecurity