Fraunhofer Institute for Applied and Integrated Security
Fraunhofer Institute for Applied and Integrated Security

Secure Operating Systems

The department Secure Operating Systems at Fraunhofer AISEC deals with topics related to the security of software close to the hardware.

The research activities of the department cover all aspects of operating system security. Especially for Linux-based systems, the scientists of the research department analyse and develop secure software architectures and techniques to protect system integrity, resilience and isolation of critical components and data. Among other things, operating system containers, virtualization, microkernels, Trusted Execution Environments (TEEs), and secure coprocessors are used as technical building blocks.

Another research focus of the department is the security of system software development. On the one hand, the researchers design technologies that improve the security of software in execution and make it resistant to certain attacks. On the other hand, methods for automated security tests to improve software quality are developed and applied, especially in the form of fuzzing.

Labs

System Security Lab

The System Security Lab develops and evaluates secure system solutions for embedded and mobile devices as well as servers.

Software Security Lab

In the Software Security Lab, approaches to software analysis and preventive hardening of software are researched.

Test Lab for Isolation Machanisms

In this test lab, complex, modularized software stacks are tested with the aim of evaluating isolation mechanisms and finding and correcting bugs.

 

Test Lab for IoT Security

In the test lab for IoT security, the software of networked devices is analysed with the aim of finding and correcting bugs.

To our Labs

Offerings

Our goal is to work closely with our customers and partners, in order to systematically improve security of existing systems and products, to design secure systems, and to maintain security throughout the life cycle of products and technologies.

Evaluate security

Research, development and consulting for the evaluation of the security of systems.

  • Risk and threat analysis as a basis for architectural decisions
  • Comparison of products and technologies in the context of studies
  • Concept analysis and evaluation of:
    • Software and hardware architectures
    • Security concepts
    • Complete systems (e.g., IoT devices)
  • Practical analysis of software components
    • Reverse engineering
    • Static code analysis
    • Code reviews
    • Development of analysis tools
  • Practical security tests
    • Fuzz tests
    • Pentests
    • Development of test tools

Design security

Research, development and consulting to improve the security of systems.

  • Support for the development of IT security products
  • Improvement of IT security of products
  • Feasibility studies
  • Concept development
    • System architecture design of single and distributed systems
    • Modularization of software architectures
    • Separation of security-critical components with suitable isolation mechanisms (software and hardware)
    • Systematic reduction of the complexity of components and interfaces and thus of the Trusted Computing Base (TCB)
    • Protocol design, e.g., for remote attestation
    • Development of protection and countermeasures in case of attacks
  • Prototype development and integration into existing solutions
    • Kernel: Linux, L4, ...
    • Distributions: Yocto, Android, ...
    • Virtualization
    • Trusted Execution Environments (TEE)
    • Container
    • AMD SEV, Intel SGX, ARM TrustZone
    • Trusted Computing Technologies: TPM, DICE
    • Secure Elements
    • Compilers: LLVM

Maintain security

Research, development and consulting for preserving the security of operating systems.

  • Increasing efficiency and reducing costs in development, e.g., with regard to re-certifications
  • Hardening of systems
  • Concept and prototype development
    • Secure software updates
    • Security monitoring
    • Resilience against attacks
    • Recovery after successful attacks
    • Integrity protection measures
  • Training

Expertise

Expand all Close all

The Secure Operating Systems research department has many years of experience in the field of platform security. Among other things, the department's scientists design and implement secure processes for bootstrapping and updating modern, especially embedded, systems. Furthermore, they develop secure architectures that incorporate advanced security technologies such as Trusted Execution Environments (TEEs) or secure coprocessors. In addition to integrity, the confidentiality and resilience of the platforms under investigation also play a crucial role. Here, the research department is developing new methods to make various target platforms resistant to physical attackers.

Operating systems form the basis of virtually every IT system. They serve as the interface between hardware and applications. Due to their privileged position, they play a particularly important role with regard to the security of a system.

The research department Secure Operating Systems deals with the security of all types of operating systems and can draw on many years of experience in this area. The department’s research primarily focuses on the security of Linux-based systems. Here, the researchers of the department work on new architectures and features, aiming to harden the kernel and the overall system against a wide range of attacks.

To save resources and costs, several physical systems are often integrated into one system. Since the integrated devices often perform tasks of different criticality, the respective functional groups must be isolated from each other in the remaining physical system. Virtualization is one possible technique to achieve such isolation.

The Secure Operating Systems group has many years of experience in developing, evaluating and improving virtualization techniques. Especially in the context of Linux-based systems, the department’s researchers analyse and improve various possibilities of virtualization, e.g., in the form of containers or kernel-based virtual machines (KVM) and develop new security methods and architectures using virtualization.

A large number of software vulnerabilities and resulting, sometimes massive, security problems in modern IT systems arise from the use of insecure programming languages. Especially in the area of hardware-related software, where speed and direct access to the system are crucial, insecure languages such as C/C++ are often used.
The Secure Operating Systems research area develops concepts and methods to address these problems, especially in the context of operating system development. To this end, the unit's staff analyse existing security mechanisms and develop new mechanisms for protecting system software, e.g., in the form of compiler extensions for Control-Flow Integrity (CFI) and Memory Safety, also considering novel hardware features.

System software components are often highly complex and written in unsafe programming languages. This often leads to heavily error-prone source code in development.

The research department Secure Operating Systems can draw on rich experience in automated security testing for software components and entire IT systems and develops, among other things, new methods for static code analysis and for dynamic testing, especially fuzzing.

Fields of Application

Expand all Close all

The staff of the Secure Operating Systems research department have many years of experience with software architectures for embedded systems in the automobile domain.

The focus here is on high-performance ECUs and the software architectures used on them. AUTOSAR (AUTomotive Open System ARchitecture) pursues the goal of developing an open and standardized software architecture for Electronic Control Units (ECUs) in vehicles. The AUTOSAR Adaptive Platform addresses Linux-based systems, for example in the area of infotainment or driver assistance systems.

Mobile devices and applications are omnipresent these days. They permeate the modern working world, control industrial plants, medical devices, are used for payment transactions, and must meet high security requirements in the process.
The staff of the Secure Operating Systems research area have many years of diverse experience with operating systems and security-critical applications for mobile devices. In 2012, employees of the research area developed an attestation protocol for baseband stacks, in 2013 an operating system level virtualization based on Android, and in 2014 TrustID, a solution for deriving digital identities of the nPA.

Embedded systems can be found in more and more objects in our everyday lives. Such embedded systems perform diverse, demanding and sometimes security-critical tasks.

The research area Secure Operating Systems develops secure embedded platforms with a hardened kernel and operating system stack, hardware security tokens, trusted execution environments and virtualization for strong isolation. The goal is the reliable and secure operation of (networked) embedded systems and the integration of security features into these devices, which are usually resource-limited.

Trusted Computing describes technologies and solution approaches for improving IT security through hardware enhancements and the associated software solutions. Several major hardware manufacturers and software providers have joined forces in the Trusted Computing Group (TCG) and are jointly developing concrete strategies for securing systems, networks and applications.

Fraunhofer AISEC is a member of the TCG and develops solutions to protect critical data and systems from the growing number of attacks and to ensure regulatory compliance through hardware- and software-based solutions. For this purpose, Fraunhofer AISEC bundles competencies from different areas of expertise.

Selected Projects

 

GyroidOS

GyroidOS is a secure virtualization solution at operating system level with a focus on hardware-based platform security. It supports industry-standard certification processes and, unlike other container solutions, features a small software stack and additional isolation of privileged system components.

 

6G-ANNA

The Secure Operating Systems department provides its cybersecurity expertise in the field of "Confidential Computing" in the BMBF research project "6G-ANNA".

IMMUNE

The IMMUNE project increases the resilience of the Factory of the Future against cyber-attacks. Information security in these systems is implemented through flexible and distributed security functionality.

 

 

More about IMMUNE (ger.)

Privacy BlackBox

With the Privacy BlackBox, Fraunhofer AISEC is developing a privacy-compliant dashcam that functions like a normal dashcam and guarantees the protection of personal data through a two-tier solution concept

 

More about Privacy BlackBox (ger.)

 

SOVEREIGN

The SOVEREIGN project is developing a technologically sovereign cyber defense platform for critical and complex infrastructures on behalf of the German Agentur für Innovation in der Cybersicherheit. Fraunhofer AISEC is contributing its expertise in the areas of secure execution environments, integrity verification of software stacks and software hardening.

Other Projects

IntelliSecTest

In recent years, the threat to IT systems from a wide variety of attackers and attacks has increased massively. A large number of the successful attacks could have been prevented by advanced security tests, in particular extensive fuzzing of the software used. Currently, however, it is technically very complex to perform such tests. Above all, the execution and evaluation of the tests require a high level of technical expertise, while at the same time there is a lack of qualified personnel.

The IntelliSecTest project uses novel results in the areas of static and dynamic analysis as well as test case generation and combines them with suitable artificial intelligence methods. This results in a new tool for the automated static and dynamic analysis of IT systems, in particular for the precise detection of software vulnerabilities in C/C++ program code. As a so-called white box method, this tool will be able to generate comprehensibly prepared analysis reports, which in turn will enable efficient and thus cost-effective security tests.

HIVE

The HIVE project is researching innovative methods for integrity protection with the aid of virtualization solutions in order to be able to implement improved methods for anomaly detection. Application areas of the project results include the protection of complex embedded computer systems, e.g., in the automotive sector, as well as the protection against intellectual property infringement in the plant industry and machine tools.

Among other things, a virtualization-supporting hardware security module (HSM) is being designed and prototypically implemented as part of the project. In conjunction with a virtualization solution based on the secure, microkernel-based operating system PikeOS, the consortium is designing a system architecture (see graphic) that allows safety-critical, safety-uncritical, and functional safety-critical applications to be operated on a single target platform. Operating system services to be developed and the HSM will work together so that different safety contexts are available for the different virtual environments. In addition, security-critical reference applications as well as protocols that rely on the underlying HSM and anomaly detection techniques will be designed, implemented and evaluated.

Selected Initiatives and Collaborations

 

Fraunhofer Academy

Cybersecurity Learning Lab

As part of the Cybersecurity Learning Lab, Fraunhofer AISEC offers training courses focusing on embedded systems, mobile security, Internet of Things and other topics.

More (ger.)
 

High Performance Center

Secure Intelligent Systems

The high performance center »Secure Intelligent Systems« is an alliance of the six Fraunhofer Institutes AISEC, EMFT, IKS, IBP, IGCV and IVV with the Technical University of Munich, the Universität der Bundeswehr München and Hochschule München University of Applied Sciences.

 

Secure data exchange

International Data Spaces

The International Data Spaces enable the sovereign, and thus self-determined, sharing of data across company boundaries.

Publications

Expand all Close all

  • Andreas Hager-Clukas and Konrad Hohentanner. “DMTI: Accelerating Memory Error Detection in Precompiled C/C++ Binaries with ARM Memory Tagging Extension”. In: Proceedings of the 2024 on ACM Asia Conference on Computer and Communications Security (ASIA CCS ’24). Singapore, Singapore: ACM, July 2024. ISBN: 9798400704826/24/07. DOI: 10.1145/3634737.3637655.
  • Benjamin Orthen, Oliver Braunsdorf, Philipp Zieris, and Julian Horsch. “SoftBound+CETS Revisited: More Than a Decade Later”. In: The 17th European Workshop on Systems Security (EuroSec’24). Athens, Greece: ACM, Apr. 2024. ISBN: 9798400705427. DOI: 10.1145/3642974.3652285.
  • Kui Wang, Dmitry Kasatkin, Vincent Ahlrichs, Lukas Auer, Konrad Hohentanner, Julian Horsch, and Jan-Erik Ekberg. “Cherifying Linux: A Practical View on using CHERI”. In: The 17th European Workshop on Systems Security (EuroSec ’24). Athens, Greece: ACM, Apr. 2024. ISBN: 9798400705427. DOI: 10.1145/3642974.3652282.

  • Konrad Hohentanner, Florian Kasten, and Lukas Auer. “HWASanIO: Detecting C/C++ Intraobject Overflows with Memory Shading”. In: Proceedings of the 12th ACM SIGPLAN International Workshop on the State Of the Art in Program Analysis. 2023, pp. 27–33.
  • Konrad Hohentanner, Philipp Zieris, and Julian Horsch. „CryptSan: Leveraging ARM Pointer Authentication for Memory Safety in C/C++”. In: Proceedings of the 38th ACM/SIGAPP Symposium on Applied Computing. SAC ’23. New York, NY, USA: Association for Computing Machinery, 2023. ISBN: 9781450395175/23/03. DOI: 10.1145/3555776.3577635. URL: https://doi.org/10.1145/3555776.3577635.
  • Tobias Holl, Katharina Bogad, and Michael Gruber. „Whiteboxgrind – Automated Analysis of Whitebox Cryptography”. In: Constructive Side-Channel Analysis and Secure Design. Ed. by E. B. Kavun and M. Pehl. COSADE 2023. Springer Nature Switzerland, 221–240, 2023.
  • Simon Ott, Monika Kamhuber, Joana Pecholt, and Sascha Wessel. “Universal Remote Attestation for Cloud and Edge Platforms”. In: Proceedings of the 18th International Conference on Availability, Reliability and Security. ARES ’23. Benevento, Italy: Association for Computing Machinery, 2023. ISBN: 9798400707728. DOI: 10.1145/3600160.3600171. URL: https://doi.org/10.1145/3600160.3600171.

  • Oliver Braunsdorf, Stefan Sessinghaus, Julian Horsch. “Compiler-based Attack Origin Tracking with Dynamic Taint Analysis“. In: Information security and cryptology - ICISC 2021 (2022). DOI 10.1007/978-3-031-08896-4_9.
  • Felix Wruck, V. Sarafov, Florian Ralph Jakobsmeier, Michael Weiß. “GyroidOS: Packaging Linux with a Minimal Surface”. In: SaT-CPS 2022, ACM Workshop on Secure andTrustworthyCyber-Physical Systems. Proceedings (2022). DOI 10.1145/3510547.3517917.
  • Monika Huber, Sascha Wessel, Gerd Brost, and Nadja Menz. “Building Trust in Data Spaces,” In: Designing Data Spaces (2022). DOI: 10.1007/978-3-030-93975-5_9; DOI: 10.24406/publica-654 

  • Emanuel Q. Vintila, Philipp Zieris, and Julian Horsch. “MESH: A Memory-Efficient Safe Heap for C/C++”. In: Proceedings of the 16th International Conference on Availability, Reliability and Security. ARES ’21. Vienna, Austria: ACM, Aug. 2021. ISBN: 978-1-4503-9051-4.
    DOI: 10.1145/3465481.3465760. URL: https://doi.org/10.1145/3465481.3465760.
  • Boris Otto, Alina Rubina, Andreas Eitel, Andreas Teuscher, Anna Maria Schleimer, Christoph Lange, Dominik Stingl, et al. "GAIA-X and IDS." In: InDaSpacePlus, 2021. DOI: 10.24406/publica-fhg-301324.

  • Fabian Franzen, Manuel Andreas, and Manuel Huber. “FridgeLock: Preventing Data Theft on Suspended Linux with Usable Memory Encryption”. In: Proceedings of the 10th ACM on Conference on Data and Application Security and Privacy. CODASPY ’20. New Orleans, LA, USA: ACM, 2020, p. 6.
  • Katharina Bogad and Manuel Huber. “Harzer Roller: LinkerBased Instrumentation for Enhanced Embedded Security Testing”. In: Proceedings of the 3rd Reversing and Offensiveoriented Trends Symposium. ROOTS ’19. Vienna, Austria: ACM, 2019.
  • Meng Xu, Manuel Huber, Zhichuang Sun, Paul England, Marcus Peinado, Sangho Lee, Andrey Marochko, Dennis Mattoon, Rob Spiger, and Stefan Thom. “Dominance as a New Trusted Computing Primitive for the Internet of Things”. In: 2019 IEEE Symposium on Security and Privacy (SP). IEEE. 2019.

  • Norman Hänsch, Andrea Schankin, Mykolai Protsenko, Felix Freiling, and Zinaida Benenson. “Programming Experience Might Not Help in Comprehending Obfuscated Source Code Efficiently”. In: Fourteenth Symposium on Usable Privacy and Security (SOUPS 2018). Baltimore, MD: USENIX Association, 2018, pp. 341–356. ISBN: 9781931971454.
    URL: https://www.usenix.org/conference/soups2018/presentation/hansch.
  • Manuel Huber, Julian Horsch, Junaid Ali, and Sascha Wessel. “Freeze and Crypt: Linux Kernel Support for Main Memory Encryption”. In: Computers & Security (2018). ISSN: 01674048. DOI: 10.1016/j.cose.2018.08.011. URL: http://www.sciencedirect.com/science/article/pii/S0167404818310435.
  • Anatoli Kalysch, Oskar Milisterfer, Mykolai Protsenko, and Tilo Müller. “Tackling Androids Native Library Malware with Robust, Efficient and Accurate Similarity Measures”. In: Proceedings of the 13th International Conference on Availability, Reliability and Security. ARES 2018. Hamburg, Germany: ACM, 2018, 58:1–58:10. ISBN: 9781450364485. DOI: 10.1145/3230833.3232828. URL: http://doi.acm.org/10.1145/3230833.3232828.
  • Dominique Seydel, Gereon Weiß, Daniela Pöhn, Sascha Wessel, and Franz Wenninger. “Safety & Security Testing of Cooperative Automotive Systems”. In: Embedded World Conference 2018 (2018). Ed. by WEKA Fachmedien.
  • Philipp Zieris and Julian Horsch. “A LeakResilient Dual Stack Scheme for BackwardEdge ControlFlow Integrity”. In: Proceedings of the 2018 ACM on Asia Conference on Computer and Communications Security. ASIA CCS ’18. Incheon, Republic of Korea: ACM, June 2018. ISBN: 9781450355766.
    DOI: 10.1145/3196494.3196531. URL: http://doi.acm.org/10.1145/3196494.3196531.