21. – 26. Juli 2019, Dagstuhl-Seminar 19301

Secure Composition for Hardware Systems


Divya Arora (Intel – Santa Clara, US)
Ilia Polian (Universität Stuttgart, DE)
Francesco Regazzoni (University of Lugano, CH)
Patrick Schaumont (Virginia Polytechnic Institute – Blacksburg, US)

Auskunft zu diesem Dagstuhl-Seminar erteilt

Dagstuhl Service Team


Gemeinsame Dokumente
Programm des Dagstuhl-Seminars [pdf]


The goal of this Dagstuhl Seminar is to establish a common understanding of principles and techniques that can facilitate composition and integration of hardware systems to achieve specified security guarantees. Theoretical foundations of secure composition have been laid out in the past, but they are limited to software systems. New and unique security challenges arise when a real system composed of a range of hardware components, including application-specific blocks, programmable microcontrollers, and reconfigurable fabrics, is put together. For example, these components may have different owners, different trust assumptions and may not even have a common language to describe their security properties to each other. Physical and side-channel attacks that take advantage of various physical properties to undermine a system’s security objectives add another level of complexity to the secure composition problem. Moreover, practical hardware systems include software of tremendous size and complexity, and hardware-software interaction can create new security challenges.

The seminar will consider secure composition both from a pure hardware perspective, where multiple hardware blocks are composed in, e.g., a system on chip (SoC), and from a hardware-software perspective where hardware is integrated within a system that includes software. Examples of relevant research questions are:

  • What are relevant security properties for hardware-software systems and their parts? This inclu-des properties at different abstraction levels, from hardware to software, system, and application.
  • What models and description languages are useful for the formalization of security properties?A central question is how to make interoperable formalisms for different abstraction levels.
  • Which protocol-level secure composition methods are applicable in hardware domain? Can we apply the existing theory of “universally composable security” to hardware-software systems?
  • Can trust start in software, or are hardware roots and anchors of trust indispensable? If extra hardware is used, does it suffice to have dedicated “root of trust” modules for, e.g., key storage, or do we need to re-design major parts of the system’s mission hardware with security in mind?
  • Who owns the security of a system’s hardware (e.g., secret keys), and who drives security? How and why would component designers, hardware architects, software developers, etc. collaborate?
  • Under what circumstances is security additive, and how can this be proven and validated? How can we know that different countermeasures strengthen, or at least do not contradict, each other?
  • How can existing hardware fulfill expectations and idealistic assumptions of protocols? How can we verify that available hardware indeed fulfills protocol-level requirements (e.g., perfect random number generation) and does not compromise security by implementation weaknesses?
  • How to counter possible loss of security due to the abstraction of hardware components? Can we develop the notion of “secure abstraction”, which enforces that no security vulnerability will be added during system design by implementation details invisible on more abstract level?

The seminar will bring together researchers and industry practitioners from fields that have to deal with secure composition: secure hardware architectures, hardware-oriented security, applied cryptography, test and verification of security properties. By involving industrial participants, we hope to get insights on real-world challenges, heuristics, and methodologies employed to address them and initiate a discussion towards new solutions.

Motivation text license
  Creative Commons BY 3.0 DE
  Arora Divya, Ilia Polian, Francesco Regazzoni, and Patrick Schaumont


  • Hardware
  • Security / Cryptology


  • Secure composition
  • Hardware-oriented security
  • Secure architectures
  • Physical attacks and countermeasures


In der Reihe Dagstuhl Reports werden alle Dagstuhl-Seminare und Dagstuhl-Perspektiven-Workshops dokumentiert. Die Organisatoren stellen zusammen mit dem Collector des Seminars einen Bericht zusammen, der die Beiträge der Autoren zusammenfasst und um eine Zusammenfassung ergänzt.


Download Übersichtsflyer (PDF).


Es besteht weiterhin die Möglichkeit, eine umfassende Kollektion begutachteter Arbeiten in der Reihe Dagstuhl Follow-Ups zu publizieren.

Dagstuhl's Impact

Bitte informieren Sie uns, wenn eine Veröffentlichung ausgehend von
Ihrem Seminar entsteht. Derartige Veröffentlichungen werden von uns in der Rubrik Dagstuhl's Impact separat aufgelistet  und im Erdgeschoss der Bibliothek präsentiert.