Abstract: Functional safety is a foundational requirement of railway systems, which operate in highly critical environments and are governed by a rigorous European regulatory framework. Embedded railway systems—ranging from signalling and interlocking equipment to field devices, supervision, and diagnostic platforms—are designed according to well‑established principles such as fail‑safe behaviour, determinism, verifiability, and systematic risk management, as defined by the CENELEC standards. This lecture introduces the regulatory context, safety‑critical design principles, architectures, and lifecycle processes for development, verification, validation, and acceptance. It also discusses diagnostic and maintenance-oriented examples from railway R&D, and concludes with perspectives on software complexity and future interactions between embedded systems and AI, noting that AI is currently not permitted in railway safety-critical systems under current CENELEC regulations.

Abstract: Secure elements play a pivotal role in edge security by providing a trusted foundation for protecting sensitive data, credentials, and operations at the device level. This seminar will introduce the fundamental hardware and software architecture of secure elements, with a focus on Java Card technology, and discuss their role in supporting secure applications across several domains. Particular attention will be given to process-oriented security requirements, such as ISO/SAE 21434, Common Criteria and A-SPICE, and an overview of principal use cases including eSIM, automotive, brand protection, and Android StrongBox security.

Abstract: It is a fact that, according to CENELEC regulations for rail, the use of AI is not allowed in safety-critical applications. On the other hand, it is easy to list a number of applications where AI can contribute to solve problems in rail and even to increase safety, including (controversially) the software development life cycle of safety critical application. This lecture wants to present some examples to openly discuss if the probabilistic nature of AI and generative AI can be reconciled with the deterministic approach of the safety proof. Even more, we want to prove that there are cases where this deterministic approach can actually help using (Generative) AI in an effective way.

Abstract: Machine Learning (ML) is increasingly embedded in safety- and security-critical systems, from industrial IoT to autonomous platforms. Traditional ML focuses on accuracy and offers limited guarantees in real-world settings where misclassifications can have severe consequences. This lecture introduces a dependability-oriented perspective, shifting focus from accuracy to trustworthiness. It presents fail-controlled classifiers that manage uncertainty by rejecting low-confidence predictions, converting potentially dangerous misclassifications into controlled omission failures. Building on this, the lecture discusses redundancy strategies inspired by classical fault-tolerant design, including ensembles of self-checking classifiers that improve availability while preserving safety constraints. Applications to intrusion detection and time-dependent monitoring are also covered, emphasizing uncertainty-aware detection and temporal metrics such as detection latency, and providing a unified framework for integrating ML components into dependable critical systems.

Abstract: This lecture introduces the fundamental concepts of trusted computing, with a focus on the main technologies used to implement Trusted Execution Environments and their foundational trust services. Particular attention is then devoted to remote attestation, a key mechanism for establishing trust in remote systems. The lecture discusses the minimal requirements for implementing remote attestation and provides a technical overview of the main attestation solutions proposed over the years, highlighting their design principles, evolution, and security implications.

Abstract: Cybersecurity and AI are strictly connected and influence each other in an ecosystem which develops along three main avenues, namely: 1) AI for cybersecurity – Meaning: AI used to improve cybersecurity; 2) AI against cybersecurity – Meaning: AI used to launch sophisticated attacks; and 3) Cybersecurity for AI – Meaning: cybersecurity used to improve AI. This talk focuses on the third of the three aforementioned research avenues: Cybersecurity for AI. Even the most secure algorithm is vulnerable, if the computing environment where it is executed is not adequately protected. Effective protection mechanisms must be provided throughout the data cycle, i.e. data must be handled securely at all times and in all locations. This results in stringent confidentiality and integrity requirements, not only when data is “in transfer” (e.g. when it is exchanged over a network connection) or “at rest” (e.g. when it is stored on a disk) but also when it is “in use” (e.g. it is loaded in the RAM or in the CPU for executing a computation). While protection of data in transfer and at rest is relatively easy to achieve, protection of data in use is still - to a large extent - an open issue. The challenge here is that data must be also protected from attacks by privileged users (e.g. system administrators or cloud providers) and software (e.g. the operating system or the hypervisor). The talk will introduce the basic concepts of hardware-assisted security and give an overview of the current State of The Art of CPU support for Trusted Execution Environment technology, as a key enabling technology of virtually any "Trusted AI" offering.

Abstract: As machine learning capabilities move from centralized cloud infrastructures toward distributed and resource-constrained platforms, edge intelligence is emerging as a critical paradigm in modern computing systems. This transition brings opportunities in responsiveness, privacy, and reduced dependence on continuous connectivity, while also introducing major challenges in efficiency, scalability, and trustworthiness. The lecture offers an overview of the main issues in bringing machine learning to the edge, focusing on the balance between performance and resource usage, and on the growing role of interpretable models for dependable decision-making. It also presents a unified system-level view of edge machine learning across algorithms, architectures, and application requirements.

Abstract: For over two decades, the Cloud Computing paradigm, with its extraordinary lure of unlimited capacity and infinite agility, has situated all value-added computing “at the centre of the Cloud” (hence far away from the user end). The latest vision documents put forward yearly by the Vision Team at the HiPEAC project suggest that Embedded Computing could and should become the “new centre” of value-added service delivery. In this talk we shall review the compelling set of technical, methodological and strategic reasons and routes behind this claim and the scenarios that this pivot change may enable.

Abstract: The widespread adoption of Edge AI systems in many application domains has been made possible by computationally powerful circuits (e.g., AI accelerators) manufactured with advanced semiconductor technologies. To meet application requirements, these circuits must operate correctly and remain free from faults across both manufacturing and operational phases. The complexity of modern circuits and the software running on them (often neural-network based) makes this goal highly challenging. This lecture introduces key concepts and terminology, then summarizes the main techniques used to reduce the probability that faulty circuits reach deployment and to mitigate the effects of faults occurring in the field.

Abstract: In this lecture, we explore how to analyze and verify the behavior of embedded systems. We focus on systems modeled as Discrete Event Dynamic Systems (DEDS), and show how formal methods can help ensure their correctness and reliability. We first introduce qualitative model checking techniques of temporal logics such as LTL and CTL to verify properties like: "if the user presses the start button, the system will eventually respond as expected." We then move to quantitative aspects, addressing timing-related questions such as: "will the system respond within a given time bound?" This leads us to timed models, in particular timed automata, which allow us to reason about both logical correctness and timing constraints.

Abstract: Industrial cloud-to-edge platforms increasingly consolidate mixed-criticality applications, yet mainstream cloud technologies often lack the isolation and robustness required in safety- and latency-sensitive domains. This lecture introduces cross-layer containment as a unifying framework to limit temporal and spatial interference, fault propagation, and latency variability across cloud-to-edge systems. It discusses mechanisms spanning runtime isolation, virtualization, and orchestration, including heterogeneous virtualization support, fault-injection techniques for robustness assessment, and latency-aware control-plane design. The session concludes with open research challenges and implications for safety, security, and embedded AI in next-generation edge-cloud platforms.