Publications & Demonstrators

All accepted publications from SPARTA partners under its funding as well as videos presenting some of the work done under SPARTA


Visual Analytics for Cyber Security Domain: State-of-the-Art and Challenges

Robertas Damaševičius, Jevgenijus Toldinas, Algimantas Venčkauskas, Šarūnas Grigaliūnas, Nerijus Morkevičius, Vaidas Jukavičius

Visual Analytics is a complex sub-field of data analytics that concentrates on the use of the information visualization methods for facilitating effective analysis of data by employing visual and graphical representation. In cyber security domain, Effective visualization of the data allows to infer valuable insights that enable domain analysts to...More>>

Formal Security Verification of Industry 4.0 Applications

Vivek Nigam and Carolyn Talcott

Without appropriate counter-measures, cyber-attacks can exploit the increased system connectivity provided by Industry 4.0 (I4.0) to cause catastrophic events, by, e.g., injecting or tampering with messages. The solution supported by standards, such as, OPC-UA, is to sign or encrypt messages. However, given the limited resources of devices, instead of encrypting...More>>

CFI: Control Flow Integrity or Control Flow Interruption?

Nicoló Maunero, Paolo Prinetto, Gianluca Roascio

2019-09-09 00:00:00 +0000 Runtime memory vulnerabilities, especially present in widely used languages as C and C++, are exploited by attackers to corrupt code pointers and hijack the execution flow of a program running on a target system to force it to behave abnormally. This is the principle of modern Code...More>>

Domains: control, flow

Foreshadow-VMM: Feasibility and Network Perspective

Marco Spaziani Brunella, Giuseppe Bianchi, Sara Turcoy, Francesco Quagliay, Nicola Blefari-Melazzi

On August 14, 2018, a new set of vulnerabilities collectively named “L1 terminal fault” were announced. Systems with microprocessors utilizing out-of-order execution could allow unauthorized disclosure of information residing in the L1 data cache, by tweaking the virtual memory abstraction. The vulnerability was therein mentioned for three different scenarios. In...More>>

Domains: virtualization

Cyberphysical Security for the Masses: A Survey of the Internet Protocol Suite for Internet of Things Security

H. Tschofenig, E. Baccelli

Internet of Things (IoT) deployments expand as IoT security lags. This article surveys IoT security protocols standardized by the Internet Engineering Task Force and discusses remaining gaps. Although these standardized IoT security protocols do not completely secure IoT devices, they go a long way.

Domains: cyberphysical

Fast Keyed-Verification Anonymous Credentials on Standard Smart Cards

Jan Camenisch and Manu Drijvers and Petr Dzurenda and Jan Hajny

Cryptographic anonymous credential schemes allow users to prove their personal attributes, such as age, nationality, or the validity of a ticket or a pre-paid pass, while preserving their privacy, as such proofs are unlinkable and attributes can be selectively disclosed. Recently, Chase et al. (CCS 2014) observe that in such...More>>

Secure Firmware Updates for Constrained IoT Devices Using Open Standards: A Reality Check

K. Zandberg, K. Schleiser, F. Acosta, H. Tschofenig, and E. Baccelli

While IoT deployments multiply in a wide variety of verticals, most IoT devices lack a built-in secure firmware update mechanism. Without such a mechanism, however, critical security vulnerabilities cannot be fixed, and IoT devices can become a permanent liability, as demonstrated by recent large-scale attacks. In this paper, we survey...More>>

Domains: IoT

A Secure Publish/Subscribe Protocol for Internet of Things

Lukas Malina, Gautam Srivastava, Petr Dzurenda and Jan Hajny

The basic concept behind the emergence of Internet of Things (IoT) is to connect as many objects to the Internet as possible in an attempt to make our lives better in some way. However, connecting everyday objects like your car or house to the Internet can open up major security...More>>

Domains: IoT

Advances in Usability of Formal Methods for Code Verification with Frama-C

André Maroneze, Valentin Perrelle, Florent Kirchner

Industrial usage of code analysis tools based on semantic analysis, such as the Frama-C platform, poses several challenges, from the setup of analyses to the exploitation of their results. In this paper, we discuss two of these challenges. First, such analyses require detailed information about the code structure and the...More>>

Domains: formal, methods, frama-c