Startseite // SnT // Research // CritiX // CritiX: The Making of a Lab

CritiX, the Making of a Lab: 2015-20

System complexity has reached a point where it is no longer possible to protect valuable targets from attacks by highly skilled and well-equipped hacking teams, using classic security paradigms. The critical information infrastructures on which we depend, such as power grid controlsautonomous driving systems, financial systems, and the forthcoming digital health ecosystems, are at particular risk.

Resilient Computing as the 'Cybersecurity of the XXIst Century'

In 2015, Prof. Paulo Esteves-Veríssimo joined the University of Luxembourg as an FNR Pearl Chair to tackle just this problem, founding the Critical and Extreme Security and Dependability Research Group. Five years later, when Prof. Esteves-Veríssimo left for new adventures, CritiX has been established as a sustainable research group in resilient computing. 

Join us in reflecting on the progress CritiX has made towards its ultimate vision of automated 'off the shelf' resilient computing. 

Four Faces of Resilience

With standard intrusion prevention no longer sufficient to protect our critical infrastructures, CritiX is pushing the state of the art towards resilient computing, in four areas of research. The resulting fundamental techniques and paradigms promise a future in which our critical systems will automatically tolerate faults and intrusions, elastically and plastically adapt to threats, and achieve sustainable, uninterrupted operation.

Ultra-resilient Minimal Roots-of-trust and Enclaves

Research in the area of trustworthy embedded components, focusing on ultra-resilient computing bases: hardened subsystem architectures and code bases that can be re-used in several target systems. Investigation of reference fault and intrusion tolerant mechanisms based on many-cores and SoC. Integration of some of such components as trusted-trustworthy hybrids of hybridisation-aware architectures, anchored on the above-mentioned ultra-resilient roots-of-trust..

Hybridisation-aware Distributed Algorithms, Models, and Architectures

Intrusion tolerant middleware and infrastructures, focusing on frameworks for building dependable and secure services, leveraging modular and distributed systems hybridization.

High-confidence Vertical Verification of Mid-sized Software

Formal, machine-checked verification is one of the most rigorous way to increase confidence in the trustworthiness of hard- and software components, in particular if in the case of hybrids they should fail in more benign ways than the system they protect.

Privacy- and Integrity-preserving Decentralised Data Processing

Analysis of the problems of data privacy and integrity in highly sensitive sectors for citizens and organisations, such as those concerned with biomedical, and with financial data. Investigation of infrastructure-aware data storage and processing algorithms and protocols.


International Recognition

CritiX’ success in advancing the state of the art in these areas has already gained them a position among the leaders in the drive towards resilient computing. Among several prestigious international partnerships, CritiX belongs to the Intel Collaborative Research Institute for Collaborative Autonomous & Resilient Systems and to two of the European Union’s four Cybersecurity Competence Networks.

Achievements in Key Application Areas

CritiX has been able to bring these new techniques and paradigms to bear in several key societal impact areas, outperforming existing technologies in software-defined networking (Internet/cloud), autonomous vehicles, eHealth and fintech.

Internet/Cloud – SDN-based CII (Critical Information Infrastructures)

KISS - Secure SDN control plane communications architecture featuring distribution-less per-message key generation through deterministic but indistinguishable-from-random secret codes. With the same security properties, it outperforms OpenSSL by 30%.

ANCHOR - A world-first comprehensive security architecture for Software-Defined Networks, through logical centralisation of security provision

Autonomous Vehicles – ADAS (Autonomous Driving Assistance Systems), V2X (vehicle-to-vehicle|infrastructure) communication

First comprehensive study of the threat plane and safety-security gap of autonomous and cooperative vehicle ecosystems

RTByzCast - A world-first Byzantine reliable broadcast protocol simultaneously providing resilience against Byzantine attacks, and real-time operation tolerating network uncertainties and weak synchrony

eHealth – Biomedical information, genomics

Optimal high-precision and recall privacy-preserving early-filtering methods for arbitrary-length DNA sequences

High-yield DNA alignment protocol for incomplete genomes (after privacy-preserving digital excision of sensitive nucleotides)

GenoMask - Proof-of-Concept project (FNR-sponsored) to assess exploitation prospects of protected IP from the results listed above

Fintech – Blockchain, cryptocurrency

RepuCoin - A world-first permissionless blockchain protocol secure against attackers with more than 51% network computing power, resilient to all attacks known to date