Publications & Demonstrators

All accepted publications from SPARTA partners under its funding as well as videos presenting some of the work done under SPARTA


Towards Automating Safety and Security Co-Analysis with Patterns

Yuri Dantas, Antoaneta Kondeva, Vivek Nigam

This article presents the first results towards au-tomating safety and security co-analysis with patterns.

Domains: safety, security, co-analysis, automation

Towards Incremental Safety and Security Requirements Co-Certification

Morgagni Andrea, Massonet Philippe, Dupont Sébastien, Grandclaudon Jeremy

The continuous technological developments andthe growing connectivity of applications and infrastructuresis leading to the new threats to the technological world inparticular to the possibility of considering certain threats inenvironments that were not previously touched by them. Nowthat many safety critical systems are becoming connected,they need to be protected from...More>>

Domains: cybersecurity, safety, certification, require-ments, incremental

Cybersecurity Certification for Agile and Dynamic Software Systems – a Process-Based Approach

Volkmar Lotz

In this extended abstract, we outline an approachfor security certification of products or services for moderncommercial systems that are characterized by agiledevelopment, the integration of development and operations,and high dynamics of system features and structures. Theproposed scheme rather evaluates the processes applied indevelopment and operations than investigates into the...More>>

Domains: security, certification, agile, development, software

Less Manual Work for Safety Engineers: Towards an Automated Safety Reasoning with Safety Patterns

Yuri Dantas, Antoaneta Kondeva, Vivek Nigam

The development of safety-critical systems requires the control of hazards that can potentially cause harm. To this end, safety engineers rely during the development phase on architectural solutions, called safety patterns, such as safety monitors, voters, and watchdogs. The goal of these patterns is to control (identified) faults that...More>>

Domains: Systems, Control;, Cryptography, Security;, Formal, Languages, Automata, Theory;, Logic, in, Computer, Science

Towards Detection of Software Supply Chain Attacks by Forensic Artifacts

Ohm, M., Sykosch, A., Meier, M.

Third-party dependencies may introduce security risks to the software supply chain and hence yield harm to their dependent software. There are many known cases of malicious open source packages posing risks to developers and end users. However, while efforts are made to detect vulnerable open source packages, malicious packages...More>>

Domains: Application, Security, Malware, Supply, Chain, Attack, DevSecOps

Achieving Explainability of Intrusion Detection System by Hybrid Oracle-Explainer Approach

M. Szczepanski, M. Choras, M. Pawlicki, R. Kozik.

With the progressing development and ubiquitousness of Artificial Intelligence (AI) observed in last decade, the need for creating methods which are explainable and/or interpretable for humans has become a pressing matter. The ability to understand how a system makes a decision is necessary to help develop trust, settle issues...More>>

Domains: Explainability, Artificial, Intelligence, Cybersecurity, Intrusion, Detection, Neural, Networks, Decision, Trees

On the Impact of Network Data Balancing in Cybersecurity Applications

Marek Pawlicki, Michał ChoraśRafał, KozikWitold Hołubowicz

Machine learning methods are now widely used to detect a wide range of cyberattacks. Nevertheless, the commonly used algorithms come with challenges of their own - one of them lies in network dataset characteristics. The dataset should be well-balanced in terms of the number of malicious data samples vs. benign...More>>

Domains: Data, imbalance, Machine, learning, Classifiers, Cybersecurity

Disconnection attacks against LoRaWAN 1.0.X ABP devices

Giorgio Bernardinetti, Francesco Mancini, Giuseppe Bianchi

Previous research work has already documented vulnerabilities of LoRaWAN 1.0.x, in the form of Replay Attacks which may cause disconnection situations. To face (also) these concerns, modern network servers implement careful techniques to handle sequence numbers (frame counters) in the presence of unexpected/out-of-sequence messages. In this paper we show...More>>

Domains: Network, servers, Protocols, Security, Microwave, integrated, circuits, Uplink, Chirp, Internet, of, Things

Technical Threat Intelligence Analytics: What and How to Visualize for Analytic Process

R. Damasevicus, J. Toldinas, A. Venckauskas, S. Grigaliunas, N. Morkevicius

Visual Analytics uses data visualization techniques for enabling compelling data analysis by engaging graphical and visual portrayal. In the domain of cybersecurity, convincing visual representation of data enables to ascertain valuable observations that allow the domain experts to construct efficient cyberattack mitigation strategies and provide useful decision support. We...More>>

Domains: Data, visualization, Visual, analytics, Tools, Computer, security, Analytical, models, Task, analysis