On the importance of software-hardware co-design of Trusted Computing architectures and services

The increasing heterogeneity and connectivity of computer systems, from low-end embedded devices to high-end servers, present a unique security challenge. The ubiquity of these systems and their role in critical infrastructure has made them prime targets for cyberattacks, with potentially disastrous consequences. To address these threats, a broad spectrum of security techniques has been developed, combining hardware and software components. Among these, Trusted Computing technologies stand out, providing hardware Roots of Trust (RoTs), such as Trusted Execution Environments (TEEs), and robust software layers to implement foundational security primitives and services. However, these advanced architectures require specific hardware features, leaving devices without such capabilities — particularly resource-constrained low-end devices — vulnerable. For these devices, security must rely more heavily on software-based approaches, which can bridge the gap by providing critical protections in the absence of specialized hardware. This thesis highlights the need for balanced software-hardware security solutions to accommodate diverse hardware platforms. Focusing on Trusted Computing architectures and services, it proposes several software-hardware co-designs to either create security primitives from scratch, or extend existing ones. The research begins with the development of a novel software-based security stack that operates without relying on hardware security features. This stack, implemented on constrained low-end devices, achieves security guarantees comparable to those of high-end counterparts, even in the absence of fundamental components such as a Memory Protection Unit (MPU). At the core of our stack is a software-based Trusted Computing Base (TCB), functioning as a bare-metal \acrshort{tee} with a self-contained RoT. The TCB enables key security primitives, including memory isolation and privilege separation, and supports Trusted Applications (TAs) such as remote attestation and secure code update. The TCB is further extended with two key security mechanisms: a control-flow integrity system and a secure checkpointing solution for intermittent computing. Then, this thesis shows an example of software-hardware co-design from the opposite perspective, where a security feature like memory tagging implemented in hardware but not yet adequately used by existing software, can be leveraged to introduce a novel and more advanced exploit mitigation technique. By addressing the security gap between low- and high-end devices, this research demonstrates how flexible software-hardware architectures can enhance the security of modern multi-device ecosystems.