July 21 – 26 , 2019, Dagstuhl Seminar 19301

Secure Composition for Hardware Systems


Divya Arora (Intel – Santa Clara, US)
Ilia Polian (Universität Stuttgart, DE)
Francesco Regazzoni (University of Lugano, CH)
Patrick Schaumont (Virginia Polytechnic Institute – Blacksburg, US)

For support, please contact

Dagstuhl Service Team


List of Participants
Shared Documents
Dagstuhl Seminar Schedule [pdf]


The goal of this Dagstuhl Seminar is to establish a common understanding of principles and techniques that can facilitate composition and integration of hardware systems to achieve specified security guarantees. Theoretical foundations of secure composition have been laid out in the past, but they are limited to software systems. New and unique security challenges arise when a real system composed of a range of hardware components, including application-specific blocks, programmable microcontrollers, and reconfigurable fabrics, is put together. For example, these components may have different owners, different trust assumptions and may not even have a common language to describe their security properties to each other. Physical and side-channel attacks that take advantage of various physical properties to undermine a system’s security objectives add another level of complexity to the secure composition problem. Moreover, practical hardware systems include software of tremendous size and complexity, and hardware-software interaction can create new security challenges.

The seminar will consider secure composition both from a pure hardware perspective, where multiple hardware blocks are composed in, e.g., a system on chip (SoC), and from a hardware-software perspective where hardware is integrated within a system that includes software. Examples of relevant research questions are:

  • What are relevant security properties for hardware-software systems and their parts? This inclu-des properties at different abstraction levels, from hardware to software, system, and application.
  • What models and description languages are useful for the formalization of security properties?A central question is how to make interoperable formalisms for different abstraction levels.
  • Which protocol-level secure composition methods are applicable in hardware domain? Can we apply the existing theory of “universally composable security” to hardware-software systems?
  • Can trust start in software, or are hardware roots and anchors of trust indispensable? If extra hardware is used, does it suffice to have dedicated “root of trust” modules for, e.g., key storage, or do we need to re-design major parts of the system’s mission hardware with security in mind?
  • Who owns the security of a system’s hardware (e.g., secret keys), and who drives security? How and why would component designers, hardware architects, software developers, etc. collaborate?
  • Under what circumstances is security additive, and how can this be proven and validated? How can we know that different countermeasures strengthen, or at least do not contradict, each other?
  • How can existing hardware fulfill expectations and idealistic assumptions of protocols? How can we verify that available hardware indeed fulfills protocol-level requirements (e.g., perfect random number generation) and does not compromise security by implementation weaknesses?
  • How to counter possible loss of security due to the abstraction of hardware components? Can we develop the notion of “secure abstraction”, which enforces that no security vulnerability will be added during system design by implementation details invisible on more abstract level?

The seminar will bring together researchers and industry practitioners from fields that have to deal with secure composition: secure hardware architectures, hardware-oriented security, applied cryptography, test and verification of security properties. By involving industrial participants, we hope to get insights on real-world challenges, heuristics, and methodologies employed to address them and initiate a discussion towards new solutions.

Motivation text license
  Creative Commons BY 3.0 DE
  Arora Divya, Ilia Polian, Francesco Regazzoni, and Patrick Schaumont


  • Hardware
  • Security / Cryptology


  • Secure composition
  • Hardware-oriented security
  • Secure architectures
  • Physical attacks and countermeasures


In the series Dagstuhl Reports each Dagstuhl Seminar and Dagstuhl Perspectives Workshop is documented. The seminar organizers, in cooperation with the collector, prepare a report that includes contributions from the participants' talks together with a summary of the seminar.


Download overview leaflet (PDF).


Furthermore, a comprehensive peer-reviewed collection of research papers can be published in the series Dagstuhl Follow-Ups.

Dagstuhl's Impact

Please inform us when a publication was published as a result from your seminar. These publications are listed in the category Dagstuhl's Impact and are presented on a special shelf on the ground floor of the library.