The increasing digitalization and interconnectedness of technical systems has heightened the importance of IT security. Embedded systems, crucial components in various applications from automotive systems to industrial automation, require protection against evolving threats. Side-channel attacks on System-on-Chip (SoC) architectures are a significant concern, as research indicates that entire SoCs, not just individual processor cores, can be vulnerable. This vulnerability highlights the need for advanced formal verification methods that consider the entire SoC, not just the processor.

The PROTECT (Proving Next Generation Secure Systems) project addresses this need by developing new, practical methods for comprehensively verifying the security of safety-critical embedded systems. The project integrates established techniques from formal verification, hardware-software co-design, and software verification to enable thorough security analysis. A RISC-V based reference architecture, encompassing both simple and complex systems, will be used. This architecture will facilitate the specification and verification of security properties across different abstraction levels, from hardware to operating system to application software.

PROTECT aims to contribute to the development of robust and trustworthy next-generation hardware-software platforms. The project fosters collaboration between leading academic and industrial partners to advance research and establish a foundation for future safety-critical applications.

PROTECT commenced on January 20, 2025, and is financed by the Agency for Innovation in Cybersecurity GmbH (Cyber Agency)'s "Ecosystem Formally Verifiable IT – Provable Cybersecurity" (EVIT) program. The Deutsches Forschungszentrum für Künstliche Intelligenz GmbH (DFKI) in Bremen leads the project, with participation from the University of Lübeck, researchers from RWTH Aachen and RPTU Kaiserslautern-Landau, and companies Cryspen Sarl, Lubis Eda GmbH, and the Gesellschaft für Informatik e.V.

The four-year project has a total budget of 9.15 million euros, with the University of Lübeck's Institute for IT Security receiving 1.3 million euros for its research contributions (amounts plus VAT).