Research Projects

IIS&D - Information Infrastructure Security and Dependability

  • Sponsoring body: FNR Luxembourg (PEARL grant). 
  • Project /UniLux funding: 4.975.000,00 €.
  • Coordinator: University of Luxembourg (LU).
  • Start Date: Jan 2015. Duration: 5 years.
  • Principal Investigator: Prof. Paulo Esteves-Veríssimo

ICT (Information and Communication Technology) became so important in our lives that a great deal of society’s stakes is today placed on the cyber sphere. The pillars of this new environment are critical information infrastructures (CII), both classical ones (cyber-physical systems such as energy grids or telecom networks), and emerging infrastructures relying on the Internet-Cloud complex (finance, public administration, or e-biobanks).

Their progressive convergence creates a challenging scenario: extremely large-scale and extremely complex and decentralised computer and network systems. This scenario may create enormous opportunities, but also bring about similarly extreme security and dependability risks, such as sophisticated targeted attacks, or advanced persistent threats (APT), from powerful adversaries, be it from organised crime and cyber-terrorism, cyber-hacktivism organisations or militias, or nation-state armies or agencies.

This project’s main scientific objective is to investigate and develop paradigms and techniques that promote resilience of CIIs, endowing their systems with the capacity of defeating extreme adversary power and sustaining perpetual and unattended operation. We plan on addressing this level of threat drawing from and building on recent research on powerful and innovative automatic security and dependability techniques.

This strategic programme, which will hopefully be reinforced and complemented by ancillary, more focused research projects, national and international, also aims as at building-up research momentum contributing to the visibility of SnT and UL as an international centre of excellence in extreme computing and specifically in the context of information infrastructure security and dependability, seeking high prospective industrial exploitation benefitting industrial partners, and promoting interdisciplinary research, namely within the UL.

Architectural Support for Automatic Resilience of Autonomous Cooperative Systems

  • Sponsoring body: Intel Corporation
  • Coordinator: Intel Collaborative Research Institute for Collaborative Autonomous & Resilient Systems (ICRI-CARS)
  • Start date: 17/10/2017. Duration 3 years.
  • Principal Investigator: Prof. Paulo Esteves-Veríssimo
  • Key Researchers: Dr.-Ing. Marcus Völp, Dr. David Kozhaya

Within the sphere of accidental faults, computing systems and infrastructures in general IT currently use fault-tolerance techniques, yielding automatic error recovery and, in consequence, failure avoidance. Collaborating autonomous systems, such as vehicle eco-systems, use such fault-tolerance extensively, leaving them safe from an accidental faults perspective but highly vulnerable to malicious faults activating defects that would be almost impossible to reach accidentally. This safety-security gap is bound to increase. With the threat of cyber warfare and terrorism one has to expect advanced persistent threats and targeted attacks performed with sophisticated tools by highly-skilled adversarial teams.

This project therefore pursues the development of principled paradigms and techniques which, besides seeking initially correct and fault free system operation, will endow vehicle control systems with the capacity to defeat extreme adversary power automatically, maintain operability in real time during attacks, and sustain perpetual and unattended operation within the limits of warranties, despite faults and attacks. The project will develop tools and architectures ensuring that vehicles can automatically survive, tolerate and self-heal. During attacks, vehicles will safeguard functional safety, resorting in worst case to gracefully degraded or fail-safe operation modes. Techniques such as Byzantine fault and intrusion tolerance, diversification, recovery, self-healing and architectural hybridisation with trusted components will be developed and combined into a coherent whole achieving the goal of automatic resilience.

This project is part of the Intel Collaborative Research Institute for Collaborative Autonomous & Resilient Systems (ICRI-CARS), with the contribution of five universities: TU Darmstadt, Aalto University, Ruhr-University Bochum, TU Wien and the University of Luxembourg. Together they study the security, privacy and safety of autonomous systems, ranging from drones and self-driving vehicles to collaborative systems in industrial automation.

HyLIT - Architectural Support for Intrusion Tolerant Operating-System Kernels

  • Sponsoring body: FNR Luxembourg (CORE). 
  • Project /UniLux funding: 858.000,00 €.
  • Coordinator: University of Luxembourg (LU).
  • Start Date: Nov 2018. Duration: 3 years.
  • Principal Investigator: Dr. Marcus Völp

In nearly all ICT platforms, the hypervisor, microkernel, or, more generally, the lowest-level operating-system kernel, form the last line of defense against intrusions by highly-skilled and well equipped adversarial teams. Once compromised, adversaries gain full access to all information and complete control over all platform resources, including, in the case of cyber-physical systems, extended control over the very physical environments on which these systems act (e.g., a nuclear power plant, a power grid station, or an autonomous car or drone).
Security incidents repeatedly remind us of how  brittle our assumption of the ‘hypervisor as tamperproof and therefore unattackable’ is. In this project, we endorse the vision of fault and intrusion tolerance (a.k.a. Byzantine Fault Tolerance or BFT), applied to operating-system kernels. That is, through redundancy techniques, we make sure that the single point of failure that the latter prefigure today, is made to have a very low probability of failing.
We overcome the generalized opinion that BFT techniques are too heavy and inefficient to be used at such low level, through the investigation of their implementation through hardware/operating-system co-design at the lowest kernel levels: (i) by adopting and extending existing intrusion tolerance mechanisms for use in tightly coupled VLSI settings (e.g., local replication across the tiles of a manycore system); and (ii) by investigating hardware support to allow kernel-level replicas to recover from intrusions.

ThreatAdapt - Adaptive Byzantine Fault and Intrusion Tolerance

  • Sponsoring body: FNR Luxembourg (CORE). 
  • Project /UniLux funding:  967.000,00€.
  • Coordinator: University of Luxembourg (LU).
  • Start Date: Feb 2019. Duration: 3 years.
  • Principal Investigator: Prof. Paulo Esteves-Veríssimo

One of the major stepping stones for a wide application of fault and intrusion tolerance techniques, such as state-machine replication (BFT-SMR), lies in the overheads of these solutions in terms of the number of replicas required. Although architectural hybridization allowed cutting the replication degree (e.g., from 3f+1 to 2f+1 replicas when tolerating f faults), and reactive protocols further reduced that number for correct runs, a fundamental limitation remains: the fault threshold f must be chosen at time of deployment and remains fixed over the lifetime of the system.
The goal of this joint Univ. of Luxembourg and Univ. of Lisboa (resp. FNR and FCT) research project is to explore methods and protocols for dynamically adjusting the set of replicas required in BFT SMR protocols. Fault adaptivity will allow adjusting the replication degree to the threat level assessed by a risk managing distributed control plane, operating across multiple domains. Location adaptivity allows replicas to securely follow load peaks.
In ThreatAdapt, we will study fault, location and combined fault-and-location adaptivity with homogeneous and hybrid system models, evaluate the developed protocols through simulation and over the internet and apply the lessons learned
from generic BFT-SMR protocols on the example of a fault-adaptive blockchain.

European Cybersecurity Competence Networks and ECSO-PPP

  • Sponsoring body: European Commission (H2020). 
  • Start Date: Feb 2019. Duration: 3 years.
  • Principal Investigator: Prof. Paulo Esteves-Veríssimo

Within the next decade cybersecurity and privacy technologies should become complementary enablers of the EU digital economy, ensuring a trusted networked ICT environment for governments, businesses and individuals.EU's strategic interest is to ensure that the EU retains and develops essential capacities to secure its digital economy, infrastructures, society, and democracy. Europe's cybersecurity research, competences and investments are spread across Europe with too little alignment. Europe has to master the relevant cybersecurity technologies from secure components to trustworthy interconnected IoT ecosystems and to self-healing software, in order to make the EU's digital Single Market more cybersecur.

The Public Private Partnership on Cybersecurity ECSO was an important first step (2016). It is to be followed (2019) by  Cybersecurity Competence Networks, with a view on creating a European Cybersecurity Research and Competence Centre. Their objective is to scale up existing research for the benefit of the cybersecurity of the Digital Single Market, and help build and strengthen cybersecurity capacities across the EU.

The objective of these projects is to propose, test, validate and exploit the possible organisational, functional, procedural, technological and operational setup of a cybersecurity competence network with a central competence hub.

GenoMask - PoC - Early stage read filtering and masking of genomic information

  • Sponsoring body: FNR Luxembourg (JUMP Proof-of-Concept). 
  • Project /UniLux funding: 232.240,00 €.
  • Coordinator: University of Luxembourg (LU).
  • Start Date: Feb 2019. Duration: 2 years.
  • Principal Investigator: Dr. Jéremie Decouchant

Large scale sequencing and processing of human genomes has enabled breakthroughs in many areas, including precision medicine, the study of rare diseases, and forensics. However, mass collection of such sensitive data entails enormous risks and requires protection to the highest standards. Leveraging our previous research work, this proof-of-concept project aims at showing that protecting the privacy of genomic information throughout the processing pipeline can be done in a straighforward way, with little intrusiveness, and industrial feasibility.

GenoMask POC sets out to develop a product candidate of the GenoMask box, featuring GDPR compliant, earlystage separation of personal parts of genomic information (DNA, RNA, etc.) from non-personal parts for more finegrained protection of the former.

Biomedical applications, such as personalized medicine, process large amounts of genomic information, such as DNA, RNA and proteins. The challenge addressed by our solution is efficient protection of privacy-sensitive parts in our DNA immediately after it is digitized by next-generation sequencing (NGS) machines. Our approach is to identify sensitive sequences in the reads (short strings) produced by the NGS machines. Identified sensitive parts are masked out in the insensitive information to allow for differentiated processing and protection.
For example, the subsequent alignment (locating reads in the genome) is performed entirely on insensitive information, reverting to masked out information only to refine difficult to locate reads (protecting the refined alignment result in a similar manner). Increased protection of sensitive genomic information increases the confidence in the offered services and helps fulfill regulations such as the GDPR.