CritiX, the Making of a Lab: 2015-20
System complexity has reached a point where it is no longer possible to protect valuable targets from attacks by highly skilled and well-equipped hacking teams, using classic security paradigms. The critical information infrastructures on which we depend, such as power grid controls, autonomous driving systems, financial systems, and the forthcoming digital health ecosystems, are at particular risk.
Resilient Computing as the 'Cybersecurity of the XXIst Century'
In 2015, Prof. Paulo Esteves-Veríssimo joined the University of Luxembourg as an FNR Pearl Chair to tackle just this problem, founding the Critical and Extreme Security and Dependability Research Group. Five years later, when Prof. Esteves-Veríssimo left for new adventures, CritiX has been established as a sustainable research group in resilient computing.
Join us in reflecting on the progress CritiX has made towards its ultimate vision of automated 'off the shelf' resilient computing.
Four Faces of Resilience
With standard intrusion prevention no longer sufficient to protect our critical infrastructures, CritiX is pushing the state of the art towards resilient computing, in four areas of research. The resulting fundamental techniques and paradigms promise a future in which our critical systems will automatically tolerate faults and intrusions, elastically and plastically adapt to threats, and achieve sustainable, uninterrupted operation.
Ultra-resilient Minimal Roots-of-trust and Enclaves |
| Research in the area of trustworthy embedded components, focusing on ultra-resilient computing bases: hardened subsystem architectures and code bases that can be re-used in several target systems. Investigation of reference fault and intrusion tolerant mechanisms based on many-cores and SoC. Integration of some of such components as trusted-trustworthy hybrids of hybridisation-aware architectures, anchored on the above-mentioned ultra-resilient roots-of-trust.. |
Hybridisation-aware Distributed Algorithms, Models, and Architectures |
| Intrusion tolerant middleware and infrastructures, focusing on frameworks for building dependable and secure services, leveraging modular and distributed systems hybridization. |
High-confidence Vertical Verification of Mid-sized Software |
| Formal, machine-checked verification is one of the most rigorous way to increase confidence in the trustworthiness of hard- and software components, in particular if in the case of hybrids they should fail in more benign ways than the system they protect. |
Privacy- and Integrity-preserving Decentralised Data Processing |
| Analysis of the problems of data privacy and integrity in highly sensitive sectors for citizens and organisations, such as those concerned with biomedical, and with financial data. Investigation of infrastructure-aware data storage and processing algorithms and protocols. |
International Recognition
CritiX’ success in advancing the state of the art in these areas has already gained them a position among the leaders in the drive towards resilient computing. Among several prestigious international partnerships, CritiX belongs to the Intel Collaborative Research Institute for Collaborative Autonomous & Resilient Systems and to two of the European Union’s four Cybersecurity Competence Networks.
Achievements in Key Application Areas
CritiX has been able to bring these new techniques and paradigms to bear in several key societal impact areas, outperforming existing technologies in software-defined networking (Internet/cloud), autonomous vehicles, eHealth and fintech.
Internet/Cloud – SDN-based CII (Critical Information Infrastructures) |
| KISS - Secure SDN control plane communications architecture featuring distribution-less per-message key generation through deterministic but indistinguishable-from-random secret codes. With the same security properties, it outperforms OpenSSL by 30%. ANCHOR - A world-first comprehensive security architecture for Software-Defined Networks, through logical centralisation of security provision |
Autonomous Vehicles – ADAS (Autonomous Driving Assistance Systems), V2X (vehicle-to-vehicle|infrastructure) communication |
| First comprehensive study of the threat plane and safety-security gap of autonomous and cooperative vehicle ecosystems RTByzCast - A world-first Byzantine reliable broadcast protocol simultaneously providing resilience against Byzantine attacks, and real-time operation tolerating network uncertainties and weak synchrony |
eHealth – Biomedical information, genomics |
|
High-yield DNA alignment protocol for incomplete genomes (after privacy-preserving digital excision of sensitive nucleotides) GenoMask - Proof-of-Concept project (FNR-sponsored) to assess exploitation prospects of protected IP from the results listed above |
Fintech – Blockchain, cryptocurrency |
| RepuCoin - A world-first permissionless blockchain protocol secure against attackers with more than 51% network computing power, resilient to all attacks known to date |
