Enhancing the Security of FPGA-SoCs via the Usage of ARM TrustZone and a Hybrid-TPM

Isolated execution is a concept commonly used for increasing the security of a computer system. In the embedded world, ARM TrustZone technology enables this goal and is currently used on mobile devices for applications such as secure payment or biometric authentication. In this work, we investigate the security benefits achievable through the usage of ARM TrustZone on FPGA-SoCs. We first adapt Microsoft’s implementation of a firmware Trusted Platform Module (fTPM) running inside ARM TrustZone for the Zynq UltraScale+ platform. This adaptation consists in integrating hardware accelerators available on the device to fTPM’s implementation and to enhance fTPM with an entropy source derived from on-chip SRAM start-up patterns. With our approach, we transform a software implementation of a TPM into a hybrid hardware/software design that could address some of the security drawbacks of the original implementation while keeping its flexibility. To demonstrate the security gains obtained via the usage of ARM TrustZone and our hybrid-TPM on FPGA-SoCs, we propose a framework that combines them for enabling a secure remote bitstream loading. The approach consists in preventing the insecure usages of a bitstream reconfiguration interface that are made possible by the manufacturer and to integrate the interface inside a Trusted Execution Environment.

Galactic Air Improves Ancillary Revenues with Dynamic Personalized Pricing

Ancillaries are a rapidly growing source of revenue for airlines, yet their prices are currently statically determined using rules of thumb and are matched only to the average customer or to customer groups. Offering ancillaries at dynamic and personalized prices based on flight characteristics and customer needs could greatly improve airline revenue and customer satisfaction. Through a start-up (Deepair) that builds and deploys novel machine learning techniques to introduce such dynamically priced ancillaries to airlines, we partnered with a major European airline, Galactic Air (pseudonym), to build models and algorithms for improved pricing. These algorithms recommend dynamic personalized ancillary prices for a stream of features (called context) relating to each shopping session. Our recommended prices are restricted to be lower than the human-curated prices for each customer group. We designed and compared multiple machine learning models and deployed the best-performing ones live on the airline’s booking system in an online A/B testing framework. Over a six-month live implementation period, our dynamic pricing system increased the ancillary revenue per offer by 25% and conversion rate by 15% compared with the industry standard of human-curated rule-based prices.

Experimentation and Start-up Performance: Evidence from A/B Testing

Recent scholarship argues that experimentation should be the organizing principle for entrepreneurial strategy. Experimentation leads to organizational learning, which drives improvements in firm performance. We investigate this proposition by exploiting the time-varying adoption of A/B testing technology, which has drastically reduced the cost of testing business ideas. Our results provide the first evidence on how digital experimentation affects a large sample of high-technology start-ups using data that tracks their growth, technology use, and products. We find that, although relatively few firms adopt A/B testing, among those that do, performance improves by 30%–100% after a year of use. We then argue that this substantial effect and relatively low adoption rate arises because start-ups do not only test one-off incremental changes, but also use A/B testing as part of a broader strategy of experimentation. Qualitative insights and additional quantitative analyses show that experimentation improves organizational learning, which helps start-ups develop more new products, identify and scale promising ideas, and fail faster when they receive negative signals. These findings inform the literatures on entrepreneurial strategy, organizational learning, and data-driven decision making. This paper was accepted by Toby Stuart, entrepreneurship and innovation.