Abstract: A method for key management in a field-programmable integrated part of an integrated circuit is disclosed herein. According to the method, a hardware configuration for the field-programmable integrated part is loaded into the field-programmable integrated part. The hardware configuration includes a key derivation functionality. Further, using the key derivation functionality, a cryptographic key is derived based on information provided in the field-programmable integrated part.

Abstract: Various embodiments of the teachings herein include a method for assigning a digital model to a physical component of an automation system. An example method includes: consulting a physical component with a piece of link information referring to a digital model of the physical component in a digital twin of the physical component; and using the link information to determine the digital model to which the link information refers and assign said digital model to the physical component.

Abstract: Various embodiments of the teachings herein include a method for enhancing security of a product using a supply chain of suppliers for manufacturing or producing the product. The method may include: consulting a security information dataset including a first security provision datum of a supplier and a second security provision datum of a supplier's supplier; and matching or comparing the first security demand datum and the second security provision datum with the security demand datum. The security information dataset includes a security demand datum of a supplied entity supplied by the supplier. The security provision datum of the supplier's supplier is validated by the supplier.

Abstract: A method for verifying an execution environment provided by a configurable hardware module, where the execution environment is used for execution of at least one hardware-application, includes receiving a hardware-application 16. The hardware-application includes configuration data describing an instantiation as a hardware-application component on the configurable hardware module. A received hardware-application is instantiated as the hardware-application component in the execution environment. The execution environment of the configurable hardware module that executes the hardware-application component in the respective execution environment is analyzed by an instantiated hardware-application component. The hardware application component communicates with a characterizing unit providing characterizing parameters for the execution environment of the configurable hardware module.

Abstract: A method for key management in a field-programmable integrated part of an integrated circuit is disclosed herein. According to the method, a hardware configuration for the field-programmable integrated part is loaded into the field-programmable integrated part. The hardware configuration includes a key derivation functionality. Further, using the key derivation functionality, a cryptographic key is derived based on information provided in the field-programmable integrated part.

Abstract: A method for verifying an execution environment provided by a configurable hardware module, where the execution environment is used for execution of at least one hardware-application, includes receiving a hardware-application 16. The hardware-application includes configuration data describing an instantiation as a hardware-application component on the configurable hardware module. A received hardware-application is instantiated as the hardware-application component in the execution environment. The execution environment of the configurable hardware module that executes the hardware-application component in the respective execution environment is analyzed by an instantiated hardware-application component. The hardware application component communicates with a characterizing unit providing characterizing parameters for the execution environment of the configurable hardware module.

Abstract: A die arrangement and a method of monitoring the same are provided. The die arrangement includes a plurality of dies and a physical interconnection structure extending between and traversing the plurality of dies. The physical interconnection structure is arranged for imparting unpredictable, yet reproducible properties to a digital signal being carried on the physical interconnection structure. The die arrangement further includes a monitoring logic for monitoring the properties of the digital signal. This enables detection of tampering of topological arrangements of semiconductor dies to one another.

Abstract: Incoming and outgoing communication of a hardware-application component is monitored and controlled at runtime of the hardware-application component. In this way, a kind of firewall is provided for ensuring secure and un-altered operation of a hardware-application performing security-critical functionalities on a field-programmable gate array. The hardware-application component may interact with other components directly and/or via an on-chip bus. The monitoring of incoming and/or outgoing communication is particularly advantageous when using third party hardware-applications or software applications, i.e., applications developed by untrusted parties. Another advantage is the possibility of monitoring and controlling all the communication between hardware-applications, hardware- and software applications, hardware-applications and peripherals, IO controllers, etc.

Abstract: A method for granting access to objects by entities in a computerized system includes: providing an access control list (ACL) specifying for each object access rights to the objects of the computerized system; assigning a capability requirement information to at least one of the objects in the ACL; assigning a capability information to at least one entity of the entities in the computerized system; requesting access to an object by an entity; checking if the requesting entity has an access right in accordance with the ACL; and granting access to the requested object by the requesting entity only when the capability information assigned to the requesting entity matches with the capability requirement information assigned to the requested object. The combination of an ACL based access to files with capabilities improves the security of the system.