R&D Consulting in Systems Security


Systems Security Consulting offers consulting and research services in systems security, including trusted and confidential computing, and embedded systems. Our expertise spans the entire systems stack, from embedded devices to cloud services. With extensive experience in experimental development, applied research, and prototyping, we provide comprehensive solutions to our clients.

Our Technological Areas

Microkernels and Environments

Microkernels enable the creation of highly secure low-TCB (Trusted Computing Base) solutions by reducing the privileges of kernel components. However, microkernel environments are often incompatible with conventional software, which requires porting to these environments. This process involves partitioning, developing interfaces between components, and redesigning incompatible software, among other challenges. With our expertise and hands-on experience in the development of modern microkernels such as seL4 and Fiasco.OC, and microkernel environments like L4Re and Genode, we can implement solutions of any complexity, particularly suited for IoT and embedded systems. Our end-to-end services cover design, development, testing, and deployment to ensure seamless integration with your existing infrastructure. Let us help you leverage the benefits of microkernels while minimising compatibility hurdles.

Trusted Execution Environments

Modern technologies such as Intel SGX, AMD SEV, and Arm realms enable trusted execution in untrusted environments. These technologies eliminate untrusted cloud providers from the TCB, enabling the processing of data in the cloud without the risk of data breaches by other cloud users or the provider's staff. The use of TEE-enabled clouds differs from that of ordinary platforms due to stronger security restrictions, the need for control over information and data flow, and the absence of well-known system support (especially for SGX). Following best practices for trusted deployment and attestation is also crucial. At our company, we can help you partition your services and port them to TEE-enabled clouds. Our expertise includes best practices for trusted deployment, attestation, and more. Let us help you leverage the benefits of TEE-enabled clouds while ensuring the highest level of security for your data.

Hardware-aided security

The CHERI architecture is a hybrid design that combines a conventional memory management unit with hardware memory capabilities. At the instruction level, CHERI separates pointers from integers and provides strong integrity, enforced provenance validity, and access monotonicity. It also offers mechanisms for intra-process isolation and efficient data sharing, enabling the development of new, highly efficient inter-process communication mechanisms and fine-grained partitioned environments. However, porting conventional software to the CHERI architecture may be necessary, requiring a deep understanding of the CHERI architecture and low-level system mechanisms. Our team can help you port your software to CHERI and develop new solutions that fully leverage the benefits of CHERI. With our expertise and hands-on experience in the development of CHERI-enabled systems, we can ensure a seamless integration of your software with the CHERI architecture.