A workshop at ESORICS 2025, 25th of September 2025 in Toulouse, FR.
The HS3 workshop seeks to share experience, tools and methodology on hardware-assisted software security. We are looking forward to submissions that propose new architectures offering better resilience against software attacks. These architectures should rely on hardware-based security mechanisms to protect the software stack. One of the challenges is to formally specify and verify the security guarantees offered by such architectures and to better assess the security guarantees provided by existing hardware architectures against software attacks, especially attacks against micro-architecture. This can be achieved by identifying new vulnerabilities using reverse engineering, fuzzing or other attack approaches. The goal of the HS3 workshop is to provide a forum for researchers and practitioners from academia, industry and government that work on hardware-assisted software security. HS3 2025 has a special theme on “Secure Monitoring, Intrusion Detection, and Incident Response” and we are specifically looking forward to submissions that present hardware-assisted approaches in this domain.
Combining software and hardware aspects to consider new software attacks is becoming increasingly important. For example, hardware vulnerabilities such as Spectre or Meltdown can be exploited purely by software attacks. Such attacks can be executed remotely and do not require physical access to the targeted hardware platform. On the other hand, hardware features can be used to better detect and respond to traditional software attacks, such as memory corruption. Therefore, it is necessary to study the security of software/hardware interfaces in terms of attacks and defences.
The purpose of the HS3 workshop is to share experience, tools and methodology on hardware-assisted software security. On one hand, we need to propose new architectures offering better resilience against software attacks. These architectures should rely on hardware-based security mechanisms to protect the software stack. One of the challenges is to formally specify and verify the security guarantees offered by such architectures. On the other hand, we also need to assess better the security guarantees provided by existing hardware architectures against software attacks, especially attacks against micro-architecture. This can be achieved by identifying new vulnerabilities using reverse engineering, fuzzing or other attack approaches. The goal of the HS3 workshop is to provide a forum for researchers and practitioners from academia, industry and government that work on hardware-assisted software security.
Intrusion Detection System have become ubiquitous cybersecurity tools that monitor network traffic or other system activity to then identify anomalous behaviour or policy violations. Upon detection, these systems may alert security teams or central security systems, reporting potential threats, or even trigger automated responses. For this year’s edition of the HS3 workshop, we especially encourage submissions that investigate questions regarding the hardware-supported design of such systems. We are specifically interested in submissions in the area of secure monitoring, intrusion detection, and incident response, and we seek to develop a special track, potentially with invited talks or panel discussions, on this domain.
Topics of interest include, but are not limited, to the following
HS3 2025 is co-located with the 30th European Symposium on Research in Computer Security in Toulouse, France. The workshop will take place right after the main conference, on the 25th of September 2025.
A plain-text version of this Call for Papers is available.
There are two categories of submissions:
All papers must be written in English and describe original work that has not been published or submitted elsewhere. The submission category (regular paper, short paper, special theme) should be clearly indicated. Members of the The Program Committee will fully review all submissions. Papers will be published by Springer in the Lecture Notes in Computer Science (LNCS) series as workshop post-proceedings of ESORICS 2025. Contact the Program Chairs if you do not want your short paper to appear in the proceedings.
Papers must be typeset in LaTeX using the LNCS template. Failure to adhere to the page limit and formatting requirements can be grounds for rejection. Well-marked appendices do not count into the page limit; PC members are also not required to consider material presented in appendices when reviewing submissions. We will clarify the constraints for including appendices in camera-ready papers closer to the camera-ready deadline and after discussion with the workshop chairs and the publisher. We follow the ESORICS Call for Papers regarding anonymity of submissions and do not require papers to be anonymised. Anonymised submissions are, however, welcome at HS3.
Paper must be submitted through the ESORICS EasyChair website; select the “HS3” track toindicate that you are submitting to this workshop: https://easychair.org/conferences/?conf=esorics2025
For accepted papers, authors must agree with Springer LNCS copyright and at least one author must attend the workshop.
You find registration information on the ESORICS 2025 website: https://esorics2025.sciencesconf.org/
The workshop will take place in the Thesis Room (IRIT). There will be a workshop dinner (if you included this in your registration) commencing at 19:00 after the workshop.
Please plan in 20 minutes for your presentation, including three to five minutes for questions.
| Time | Session |
|---|---|
| 09:00 | Workshop Opening & Introduction Yuko Hara, Guillaume Hiet, Jan Tobias Muehlberg |
| Session 1: Attacks & Vulnerabilities (Session Chair: Yuko Hara) | |
| OpenGL GPU-Based Rowhammer Attack Antoine Plin, Frédéric Fauberteau and Nga Nguyen |
|
| Cache Attacks in Modern/Multi-socket x86 Systems (Work in Progress) Guillaume Didier, Augustin Lucas and Thomas Rokicki |
|
| Revealing Embedded System Behaviors: A Comparative Analysis of Power Consumption and Hardware Performance Counters Mohammed Mezaouli, Yehya Nasser, Samir Saoudi and Marc-Oliver Pahl |
|
| Germany Is Rolling Out Nation-Scale Key Escrow And Nobody Is Talking About It Jan Sebastian Götte |
|
| 10:30 | Coffee Break |
| 10:50 | Session 2: Defences & Anomaly Detection (Session Chair: Jan Tobias Muehlberg) |
| Hardware Performance Counters for Anomaly Detection in Embedded Devices Victor Breux and Pierre-Henri Thevenon |
|
| Semantic-Aware Provenance-Based Intrusion Detection for Edge Systems Qingyu Zeng, Songxuan Liu, Yu Wu and Yuko Hara |
|
| Inter-Device PUFs: A Novel Paradigm for Physical Unclonable Functions Emiliia Geloczi and Stefan Katzenbeisser |
|
| Mitigation of the impact of Virtual Machine Introspection Pauses on Multi-core Virtual Machines Léo Cosseron, Louis Rilling and Martin Quinson |
|
| 12:20 | Lunch Break |
| 13:50 | Session 3: Invited Talk (Session Chair: Guillaume Hiet) |
| Hardware-software co-design for security with CHERIoT: from memory-safety to software supply-chain resilience Robert Norton |
|
| Abstract: Embedded systems are ubiquitous and an increasingly attractive target for attackers, yet they often run on low-cost hardware that limits the scope for mitigations against software vulnerabilities. CHERIoT builds on 15 years of CHERI research into providing memory safety at the ISA level using a capability security model. It is a fundamental rethink of the hardware-software interface that not only supports complete memory safety for C / C++, but also enables fine-grained compartmentalisation of applications. This allows isolation and quick recovery from failures, as well as auditing of compartment rights to defeat even software supply chain compromises. In this talk I will describe in detail the CHERIoT ISA and the features we designed in tandem with CHERIoT RTOS that enable us to build low cost, performant and extremely secure systems. The CHERIoT ISA will appear in SCI Semiconductor’s family of Iceni microcontrollers, which are currently in test production and will be available commercially in 2026. |
|
| 15:20 | Coffee Break |
| 15:40 | Session 4: Verification and Validation (Session Chair: Yuko Hara) |
| heRVé: towards a formally verified RISC-V processor with security mechanisms (Work in Progress) Cyprien Jules, Pierre Wilke, Guillaume Hiet and Gabriel Desfrene |
|
| InSight - A CoreSight Trace Interpreter for Dynamic Information Flow Tracking (Work in Progress) Quentin Ducasse, Guillaume Hiet, Volker Stolz and Pierre Wilke |
|
| 16:30 | Open Discussion & Closing Everyone :-) |
| 19:00 | Workshop Dinner: Garonne Cruise |
| The workshops dinner will offer a unique opportunity to continue fruitful discussions while cruising along the Garonne River, accompanied by a refreshing cocktail reception. Venue: Péniches «Les Bâteaux Toulousains» Address: Port de la Daurade, 31000 TOULOUSE; Nearest Metro Station: Carmes or Esquirol |
Jan Tobias Muehlberg, Universite Libre de Bruxelles, Belgium (co-chair)
Pierre Wilke, CentraleSupélec/Inria