SREX - Secure Remote EXecution

 Funding & Project Partners


Project partners at TU Dresden:
  • Prof. Dr. Christel Baier: Algebraische und Logische Grundlagen der Informatik (Theoretische Informatik)
  • Prof. Dr. Gerhard Fettweis: Vodafone Stiftungslehrstuhl Mobile Nachrichtensysteme (Nachrichtentechnik)
  • Prof. Dr. Christof Fetzer: System Engineering (Systemarchitektur)
  • Prof. Dr. Hermann Härtig: Betriebssysteme (Systemarchitektur)
  • Prof. Dr. Eduard Jorswieck: Theoretische Nachrichtentechnik (Nachrichtentechnik)
  • Prof. Dr. Wolfgang Lehner: Datenbanken (Systemarchitektur)


Nowadays, an IT infrastructure is an essential tool in everyday business of many companies. Especially, for small and medium-sized enterprises this often means a significant financial and time consuming overhead. In recent years, Cloud Computing established as an attractive solution for many companies to reduce this overhead, such that they are able to focus on their core business. Thereby, the whole IT infrastructure is provided and maintained by third-party suppliers, so called cloud service providers, such as Amazon, Microsoft or Google. A remote access to the IT infrastructure and data is provided via the Internet. Finally, the company is disburdened from this additional cost and only pays for the amount of resources (storage/computing) that are actually consumed.
However, the Cloud Computing concept also involves some risks. Since the service is provided by third party suppliers, foreign access and even influence of the data and processing cannot be ruled out. Therefore, Cloud Computing is unfortunately no alternative for many cases where highly sensitive data is handled and a privacy policy must be obeyed.
The objective of the project SREX is to tackle this problem by finding innovative ways for making the remote execution of user applications in a Cloud Computing environment secure and protecting data against access and influence of third party. The challenge to make the execution environment secure requires an interdisciplinary approach that covers many different areas, such as processor design, operating systems, data bases, formal methods, system engineering, and communications engineering.



SREX pursues following three sub-goals:

  • Integrated hardware/software mechanisms for the secure execution of applications: The objective implies run-time monitoring of the application, which should be integrated in the application flow itself. This is supported and accelerated by dedicated hardware components on processor level. It is also essential to explore secure control flow encoding techniques for this purpose. Finally, an analysis of the application overhead and the development of formal analysis methods for verifying the code integrity properties complete this sub-goal.
  • Integrated hardware/software mechanisms to detect and avoid data manipulation: To avoid unauthorized data access and data manipulation, the data must be encrypted before transmission or storage. Hardware support that enables processing of encoded data accelerates the processing and further increases security. Recovery mechanisms have to be studied on data base level to handle manipulated data, once the manipulation has been detected. Similar to the first sub-goal, it will be necessary to find formal analysis methods for ensuring data integrity properties.
  • Trusted execution environment: This mainly comprises the secure interaction with external trusted/non-trusted cloud components, e.g., for supporting distributed applications, an interface to a non-trusted operating system as well as an authentication protocol for the execution environment. The third sub-goal is supported by hardware accelerators for data encryption/decryption.

 Contribution of the Vodafone Chair

Our research focus in SREX is clearly related to the multi-processor environment. We contribute with our experience in the design of multi-processor systems-on-chip and networks-on-chip, dynamic task scheduling and the development of hardware accelerators in the signal processing domain. The core tasks incorporate hardware support to accelerate and facilitate run-time code/data integrity checks, security-aware task scheduling to enhance code integrity, provision of mechanisms to enable processing of encoded data, secure transmission via network-on-chip, and hardware concepts to accelerate data encryption/decryption. Finally, a close cooperation with the OS- and application layers ensures common trusted processor interfaces and execution environments.