Opendata, web and dolomites

Report

Teaser, summary, work performed and final results

Periodic Reporting for period 1 - PROTASIS (Restoring Trust in the cyber space: a Systems Security Proposal)

Teaser

The main problem addressed in this project is to improve security and privacy in our digital world, with a special focus on the Internet of things. We feel that this problem is getting increasingly important for our society and especially for the Digital Single Market. Indeed...

Summary

The main problem addressed in this project is to improve security and privacy in our digital world, with a special focus on the Internet of things. We feel that this problem is getting increasingly important for our society and especially for the Digital Single Market. Indeed, if the cyberspace is not secure, or, to make matters worse, if cyberspace ends up being really dangerous, people, and possibly their business, will just slowly move away from it.

The objectives of the project are to:
• Develop state-of-the-art research in the areas of cyber attacks and defences. In particular PROTASIS aims to push the boundaries of the state of the art and (i) develop novel ways to protect applications against attacks and intrusions, (ii) address exfiltration and loss of sensitive data, (iii) explore hardware-assisted defences that provide speed and non-hackable vantage points, (iv) focus on the upcoming Internet of Things and associated embedded systems, and, last but not least, develop mechanisms to ensure privacy in a networked world.
• Instill Confidence in cyberspace: help European Citizens restore their trust and confidence in cyberspace. Over the past couple of years, the citizens\' confidence in cyberspace has been significantly challenged. PROTASIS aims to empower citizens with tools that will increase their confidence on the devices they use and address their concerns about the protection of their fundamental human rights.
• Transfer knowledge through International and Intersectoral Reach: the beneficiaries of the project have already developed, within the context of the SysSec Network of Excellence, a vibrant community in Europe working in the area of Systems Security. It is now time to broaden their horizon, reach out to the other side of the Atlantic to leading US Universities that also do state-of-the-art research in the area of Systems Security and join forces to cross-fertilize their activities.
• Improve innovation and European expertise in the area of cybersecurity through collaboration and knowledge transfer. This innovation will contribute to the stimulation of the emergence of a “European Industry for secure ICT”, supporting the “growth and competitiveness of the EU economy”.
• Facilitate the Professional Development of the researchers of the consortium beneficiaries through secondments and collaborations in the international and inter-sectoral arena. The beneficiaries of the consortium have a long-running collaboration in the area of systems security. It is now time to benefit the careers of their staff and students through collaborations with top-level places in the US.

Work performed

We had 12 secondments that started (and most of them completed) sometime during the reporting period as follows:
• ESR1: FORTH -> Stony Brook (studied the loss of privacy via first-party cookies)
• ESR21: FORTH -> TID (studied the loss of privacy due to cookie synchronization)
• ESR9: PoliMi -> UCSB (studied the development of an environment for the safe/secure execution of applications – the system is built on top of ARM TrustZone technology))
• ESR13: VU -> Stevens IT (studied the effectiveness of core randomization attacks)
• ESR24: TID -> FORTH (studied the volume of ads in web browsing and how these impact the privacy of the users)
• ESR2: FORTH->UIC (development of a dynamic analysis tool that identifies privacy leakage in smartphones)
• ESR3: FORTH -> UIC (studied session hijacking and impersonation in web browsing)
• ESR29: PoliMi -> Northeastern (work towards an anomaly detection system for cyberphysical systems – cars)
• ESR22: VU -> MIT (work towards the automatic detection of code vulnerabilities)
• ESR14: VU -> UCSB (studies how crpyptocurrency miners steal resources from ordinary web users)
• ESR30: VU -> Columbia
• ESR33: FSECURE -> RUB

We can group the work in three major pillars:
• Privacy: understanding privacy, protecting privacy, and recent attacks to privacy
• Cyberattacks: session hijacking, cookic synchronization, cryptocurrency mining
• Defenses: Code randomization, detection of code vulnerabilities, anomaly detection, TrustZone

Final results

The work was highly innovative as can be seen from the publications which were produced. Indeed, during the first reporting period we had more than 10 publications in well known venues and close to 20 presentations in conferences, workshops and various other fora.

Socio-economic impact: We expect the project to significantly advance the careers of the researchers involved. Indeed, several of them, especially the younger ones, have started created a network that reaches far beyond their home organizations. This network will later help them to flourish as scientists and as professionals in their filed.

Website & more info

More info: http://www.protasis.eu/.