from 1st March to 31st May

Publications & Demonstrators

All accepted publications from SPARTA partners under its funding as well as videos presenting some of the work done under SPARTA


Security Risk Management in Cooperative Intelligent Transportation Systems: A Systematic Literature Review

Abasi-amefon O. Affia, Raimundas Matulevičius, Alexander Nolte

Automotive industries are maximizing cooperative interactions between vehicular sensors and infrastructure components to make intelligent decisions in its application (i.e traffic management, naviga- tion, or autonomous driving services). This cooperative behaviour also extends to security. With more connected and cooperative components of vehicular intelligent transportation systems (ITS), the possibility of...More>>

Domains: test, automotive

Privacy-preserving and yet Robust Collaborative Filtering Recommender as a Service

Qiang Tang

Collaborative filtering recommenders provide effective personalization services at the cost of sacrificing the privacy of their end users. Due to the increasing concerns from the society and stricter privacy regulations, it is an urgent research challenge to design privacy-preserving and yet robust recommenders which offer recommendation services to privacy-aware users....More>>

Domains: privacy

Visual Analytics for Cyber Security Domain: State-of-the-Art and Challenges

Robertas Damaševičius, Jevgenijus Toldinas, Algimantas Venčkauskas, Šarūnas Grigaliūnas, Nerijus Morkevičius, Vaidas Jukavičius

Visual Analytics is a complex sub-field of data analytics that concentrates on the use of the information visualization methods for facilitating effective analysis of data by employing visual and graphical representation. In cyber security domain, Effective visualization of the data allows to infer valuable insights that enable domain analysts to...More>>

Formal Security Verification of Industry 4.0 Applications

Vivek Nigam and Carolyn Talcott

Without appropriate counter-measures, cyber-attacks can exploit the increased system connectivity provided by Industry 4.0 (I4.0) to cause catastrophic events, by, e.g., injecting or tampering with messages. The solution supported by standards, such as, OPC-UA, is to sign or encrypt messages. However, given the limited resources of devices, instead of encrypting...More>>

CFI: Control Flow Integrity or Control Flow Interruption?

Nicoló Maunero, Paolo Prinetto, Gianluca Roascio

2019-09-09 00:00:00 +0000 Runtime memory vulnerabilities, especially present in widely used languages as C and C++, are exploited by attackers to corrupt code pointers and hijack the execution flow of a program running on a target system to force it to behave abnormally. This is the principle of modern Code...More>>

Domains: control, flow

Foreshadow-VMM: Feasibility and Network Perspective

Marco Spaziani Brunella, Giuseppe Bianchi, Sara Turcoy, Francesco Quagliay, Nicola Blefari-Melazzi

On August 14, 2018, a new set of vulnerabilities collectively named “L1 terminal fault” were announced. Systems with microprocessors utilizing out-of-order execution could allow unauthorized disclosure of information residing in the L1 data cache, by tweaking the virtual memory abstraction. The vulnerability was therein mentioned for three different scenarios. In...More>>

Domains: virtualization

Cyberphysical Security for the Masses: A Survey of the Internet Protocol Suite for Internet of Things Security

H. Tschofenig, E. Baccelli

Internet of Things (IoT) deployments expand as IoT security lags. This article surveys IoT security protocols standardized by the Internet Engineering Task Force and discusses remaining gaps. Although these standardized IoT security protocols do not completely secure IoT devices, they go a long way.

Domains: cyberphysical

Fast Keyed-Verification Anonymous Credentials on Standard Smart Cards

Jan Camenisch and Manu Drijvers and Petr Dzurenda and Jan Hajny

Cryptographic anonymous credential schemes allow users to prove their personal attributes, such as age, nationality, or the validity of a ticket or a pre-paid pass, while preserving their privacy, as such proofs are unlinkable and attributes can be selectively disclosed. Recently, Chase et al. (CCS 2014) observe that in such...More>>

Secure Firmware Updates for Constrained IoT Devices Using Open Standards: A Reality Check

K. Zandberg, K. Schleiser, F. Acosta, H. Tschofenig, and E. Baccelli

While IoT deployments multiply in a wide variety of verticals, most IoT devices lack a built-in secure firmware update mechanism. Without such a mechanism, however, critical security vulnerabilities cannot be fixed, and IoT devices can become a permanent liability, as demonstrated by recent large-scale attacks. In this paper, we survey...More>>

Domains: IoT