A computing platform, be it a large cloud environment or a tiny embedded system, contains a number of sensitive components that must be protected in order to achieve any form of security and privacy. We call this platform security.
Consider the boot sequence in a computer. This sequence must be protected to ensure that a correct chain of software is executed. Furthermore, at runtime important components such as sensitive operations and cryptographic assets must be protected from unauthorized access and manipulation through various isolation and separation mechanisms. Finally, to further improve the level of security achieved, one can make use of a trusted subsystem that is reserved for more sensitive operations.
At RISE we have a long experience in different aspects of platform security and trusted execution. This includes experience in trusted and secure boot mechanisms for embedded systems, expertise in secure lifecycle management in cloud environments and deep knowledge in separation technologies such as virtualization. We have built competence in trusted execution and platform security for technologies such as TPM, Intel SGX, ARM TrustZone, and RISC-V. RISE research has been applied in areas such as IoT, edge and fog computing, cloud security and security in automotive systems.