CROSSCON

Many connected devices that do not have security-related hardware features are used in security-critical scenarios, such as in healthcare, critical infrastructure, or automotive systems, thus becoming valuable targets for cyberattacks. In this very heterogeneous landscape we can find devices with very different hardware, ranging from (i) bare-metal devices equipped with low power microcontrollers (MCU), few  kilobytes of RAM, and tens kilobytes of Flash memory to (ii) devices equipped with powerful application processing units (APUs) with multiple cores, to (iii) reconfigurable hardware devices, in which the functionality of the logic gates is customizable at run-time, or devices using domain-specific hardware architectures that efficiently implement ML engines. Unfortunately, such heterogeneity is also reflected (i) in the security features the hardware offers to the firmware (e.g., ranging from no security at all to implementation of Root of Trust (ROT) and cryptographic engines) and (ii) the security services the firmware exposes to the layers above (e.g., from nothing to a full-fledged trusted execution environment leveraged by rich operating systems).

CROSSCON is a 3-year Research and Innovation Action funded under Horizon Europe. The project aims to design a new open, modular, highly portable, and vendor-independent IoT security stack that can run on various devices using heterogeneous hardware architectures, including RISC-V. The Consortium believes that project can contribute to the expected specifications of ongoing initiatives for Trusted Execution and Confidential Computing on application processors and microcontrollers, as well as to extensions directly to the ISA or non-ISA hardware mechanisms that support the efficient implementation of security guarantees at the application level.