Startseite // SnT // Research // CritiX // Research Projects

Research Projects

IIS&D - Information Infrastructure Security and Dependability

  • Sponsoring body: FNR Luxembourg (PEARL grant). 
  • Project /UniLux funding: 4.975.000,00 €.
  • Coordinator: University of Luxembourg (LU).
  • Start Date: Jan 2015. Duration: 5 years.
  • Pearl Chair: Prof. Paulo Esteves-Veríssimo
  • Principal Investigator: Prof. Marcus Völp

ICT (Information and Communication Technology) became so important in our lives that a great deal of society’s stakes is today placed on the cyber sphere. The pillars of this new environment are critical information infrastructures (CII), both classical ones (cyber-physical systems such as energy grids or telecom networks), and emerging infrastructures relying on the Internet-Cloud complex (finance, public administration, or e-biobanks).

Their progressive convergence creates a challenging scenario: extremely large-scale and extremely complex and decentralised computer and network systems. This scenario may create enormous opportunities, but also bring about similarly extreme security and dependability risks, such as sophisticated targeted attacks, or advanced persistent threats (APT), from powerful adversaries, be it from organised crime and cyber-terrorism, cyber-hacktivism organisations or militias, or nation-state armies or agencies.

This project’s main scientific objective is to investigate and develop paradigms and techniques that promote resilience of CIIs, endowing their systems with the capacity of defeating extreme adversary power and sustaining perpetual and unattended operation. We plan on addressing this level of threat drawing from and building on recent research on powerful and innovative automatic security and dependability techniques.

This strategic programme, which will hopefully be reinforced and complemented by ancillary, more focused research projects, national and international, also aims as at building-up research momentum contributing to the visibility of SnT and UL as an international centre of excellence in extreme computing and specifically in the context of information infrastructure security and dependability, seeking high prospective industrial exploitation benefitting industrial partners, and promoting interdisciplinary research, namely within the UL.

Architectural Support for Automatic Resilience of Autonomous Cooperative Systems

  • Sponsoring body: Intel Corporation
  • Coordinator: Intel Collaborative Research Institute for Collaborative Autonomous & Resilient Systems (ICRI-CARS)
  • Start date: 17/10/2017. Duration 3 years.
  • Principal Investigator: Prof. Paulo Esteves-Veríssimo
  • Key Researchers: Prof. Marcus Völp, Dr. Jéremie Decouchant, Dr. David Kozhaya

Within the sphere of accidental faults, computing systems and infrastructures in general IT currently use fault-tolerance techniques, yielding automatic error recovery and, in consequence, failure avoidance. Collaborating autonomous systems, such as vehicle eco-systems, use such fault-tolerance extensively, leaving them safe from an accidental faults perspective but highly vulnerable to malicious faults activating defects that would be almost impossible to reach accidentally. This safety-security gap is bound to increase. With the threat of cyber warfare and terrorism one has to expect advanced persistent threats and targeted attacks performed with sophisticated tools by highly-skilled adversarial teams.

This project therefore pursues the development of principled paradigms and techniques which, besides seeking initially correct and fault free system operation, will endow vehicle control systems with the capacity to defeat extreme adversary power automatically, maintain operability in real time during attacks, and sustain perpetual and unattended operation within the limits of warranties, despite faults and attacks. The project will develop tools and architectures ensuring that vehicles can automatically survive, tolerate and self-heal. During attacks, vehicles will safeguard functional safety, resorting in worst case to gracefully degraded or fail-safe operation modes. Techniques such as Byzantine fault and intrusion tolerance, diversification, recovery, self-healing and architectural hybridisation with trusted components will be developed and combined into a coherent whole achieving the goal of automatic resilience.

This project is part of the Intel Collaborative Research Institute for Collaborative Autonomous & Resilient Systems (ICRI-CARS), with the contribution of five universities: TU Darmstadt, Aalto University, Ruhr-University Bochum, TU Wien and the University of Luxembourg. Together they study the security, privacy and safety of autonomous systems, ranging from drones and self-driving vehicles to collaborative systems in industrial automation.

HyLIT - Architectural Support for Intrusion Tolerant Operating-System Kernels

  • Sponsoring body: FNR Luxembourg (CORE). 
  • Project /UniLux funding: 858.000,00 €.
  • Coordinator: University of Luxembourg (LU).
  • Start Date: Nov 2018. Duration: 3 years.
  • Principal Investigator: Prof. Marcus Völp

In nearly all ICT platforms, the hypervisor, microkernel, or, more generally, the lowest-level operating-system kernel, form the last line of defense against intrusions by highly-skilled and well equipped adversarial teams. Once compromised, adversaries gain full access to all information and complete control over all platform resources, including, in the case of cyber-physical systems, extended control over the very physical environments on which these systems act (e.g., a nuclear power plant, a power grid station, or an autonomous car or drone).
Security incidents repeatedly remind us of how  brittle our assumption of the ‘hypervisor as tamperproof and therefore unattackable’ is. In this project, we endorse the vision of fault and intrusion tolerance (a.k.a. Byzantine Fault Tolerance or BFT), applied to operating-system kernels. That is, through redundancy techniques, we make sure that the single point of failure that the latter prefigure today, is made to have a very low probability of failing.
We overcome the generalized opinion that BFT techniques are too heavy and inefficient to be used at such low level, through the investigation of their implementation through hardware/operating-system co-design at the lowest kernel levels: (i) by adopting and extending existing intrusion tolerance mechanisms for use in tightly coupled VLSI settings (e.g., local replication across the tiles of a manycore system); and (ii) by investigating hardware support to allow kernel-level replicas to recover from intrusions.

ThreatAdapt - Adaptive Byzantine Fault and Intrusion Tolerance

  • Sponsoring body: FNR Luxembourg (INTER). 
  • Project /UniLux funding:  967.000,00€.
  • Coordinator: University of Luxembourg (LU).
  • Start Date: Feb 2019. Duration: 3 years.
  • Principal Investigator: Prof. Marcus Völp, Dr. Jéremie Decouchant, Prof. Paulo Esteves-Veríssimo

One of the major stepping stones for a wide application of fault and intrusion tolerance techniques, such as state-machine replication (BFT-SMR), lies in the overheads of these solutions in terms of the number of replicas required. Although architectural hybridization allowed cutting the replication degree (e.g., from 3f+1 to 2f+1 replicas when tolerating f faults), and reactive protocols further reduced that number for correct runs, a fundamental limitation remains: the fault threshold f must be chosen at time of deployment and remains fixed over the lifetime of the system.
The goal of this joint Univ. of Luxembourg and Univ. of Lisboa (resp. FNR and FCT) research project is to explore methods and protocols for dynamically adjusting the set of replicas required in BFT SMR protocols. Fault adaptivity will allow adjusting the replication degree to the threat level assessed by a risk managing distributed control plane, operating across multiple domains. Location adaptivity allows replicas to securely follow load peaks.
In ThreatAdapt, we will study fault, location and combined fault-and-location adaptivity with homogeneous and hybrid system models, evaluate the developed protocols through simulation and over the internet and apply the lessons learned
from generic BFT-SMR protocols on the example of a fault-adaptive blockchain.

European Cybersecurity Competence Networks and ECSO-PPP

  • Sponsoring body: European Commission (H2020). 
  • Start Date: Feb 2019. Duration: 3 years.
  • Principal Investigator: Prof. Marcus Völp, Prof. Paulo Esteves-Veríssimo

Within the next decade cybersecurity and privacy technologies should become complementary enablers of the EU digital economy, ensuring a trusted networked ICT environment for governments, businesses and individuals.EU's strategic interest is to ensure that the EU retains and develops essential capacities to secure its digital economy, infrastructures, society, and democracy. Europe's cybersecurity research, competences and investments are spread across Europe with too little alignment. Europe has to master the relevant cybersecurity technologies from secure components to trustworthy interconnected IoT ecosystems and to self-healing software, in order to make the EU's digital Single Market more cybersecur.

The Public Private Partnership on Cybersecurity ECSO was an important first step (2016). It is to be followed (2019) by  Cybersecurity Competence Networks, with a view on creating a European Cybersecurity Research and Competence Centre. Their objective is to scale up existing research for the benefit of the cybersecurity of the Digital Single Market, and help build and strengthen cybersecurity capacities across the EU.

The objective of these projects is to propose, test, validate and exploit the possible organisational, functional, procedural, technological and operational setup of a cybersecurity competence network with a central competence hub.

GenoMask - PoC - Early stage read filtering and masking of genomic information

  • Sponsoring body: FNR Luxembourg (JUMP Proof-of-Concept). 
  • Project /UniLux funding: 232.240,00 €.
  • Coordinator: University of Luxembourg (LU).
  • Start Date: Feb 2019. Duration: 2 years.
  • Principal Investigator: Dr. Jéremie Decouchant

Large scale sequencing and processing of human genomes has enabled breakthroughs in many areas, including precision medicine, the study of rare diseases, and forensics. However, mass collection of such sensitive data entails enormous risks and requires protection to the highest standards. Leveraging our previous research work, this proof-of-concept project aims at showing that protecting the privacy of genomic information throughout the processing pipeline can be done in a straighforward way, with little intrusiveness, and industrial feasibility.

GenoMask POC sets out to develop a product candidate of the GenoMask box, featuring GDPR compliant, earlystage separation of personal parts of genomic information (DNA, RNA, etc.) from non-personal parts for more finegrained protection of the former.

Biomedical applications, such as personalized medicine, process large amounts of genomic information, such as DNA, RNA and proteins. The challenge addressed by our solution is efficient protection of privacy-sensitive parts in our DNA immediately after it is digitized by next-generation sequencing (NGS) machines. Our approach is to identify sensitive sequences in the reads (short strings) produced by the NGS machines. Identified sensitive parts are masked out in the insensitive information to allow for differentiated processing and protection.
For example, the subsequent alignment (locating reads in the genome) is performed entirely on insensitive information, reverting to masked out information only to refine difficult to locate reads (protecting the refined alignment result in a similar manner). Increased protection of sensitive genomic information increases the confidence in the offered services and helps fulfill regulations such as the GDPR.

ADMORPH: Towards Adaptively Morphing Embedded Systems

  • Sponsoring body: European Commision – H2020-ICT-2019-2 – Proposal No. 871259
  • Coordinator: Prof. Andy Pimentel, Universiteit van Amsterdam (NL)
  • Start date: Jan 2020. Duration 3 years.
  • Principal Investigators: Prof. Marcus Völp
  • Webpage:

Rapidly growing complexity, manifested in increasing numbers of (distributed) computational cores and application components, make Cyber Physical Systems of Systems (CPSoS) increasingly susceptible to hardware failures as well as to disruptions (e.g., due to cyberattacks). System adaptivity, foremost in terms of dynamically remapping of application components to processing cores, represents a promising technique to fuse fault- and intrusion tolerance with the increasing performance requirements of these mission- and safety-critical CPS(oS). The ADMORPH project will evaluate this hypothesis using a novel, holistic approach to the specification, design, analysis and runtime deployment of adaptive, i.e., dynamically morphing, mission- and safety-critical CPS(oS) that are robust against both component failures and cyber-attacks.

The role of CritiX in ADMORPH will be to develop robust application-aware fault and intrusion tolerance techniques and protocols capable of defending the system long enough for adaptation to succeed. Application-awareness, in particular awareness of the control tasks involved in steering CPS systems safely, will allow leveraging application knowledge, such as the system’s inherent stability or overshoot and reaction time tolerances to design cost-efficient resilience techniques and embedding them into a flexible and highly robust runtime for resilient control.

In ADMORPH, CritiX joins forces with an international consortium or expert researchers and practitioners from Universiteit van Amsterdam, Thales Nederland BE, Sysgo S.A.S, Lund Universitet, United Technologies Research Centre Ireland (lt), QMedia S.R.Q, FCiencias.ID and Universität Augsburg.


ByzRT - Intrusion resilient real-time communication and computation in autonomous systems

  • Sponsoring body: FNR Luxembourg (INTER). 
  • Project /UniLux funding:  1.458.000€.
  • Coordinator: University of Luxembourg (LU).
  • Start Date: Sept. 2020. Duration: 3 years.
  • Principal Investigator: Prof. Marcus Völp

Our modern society increasingly depends on networked systems with the ability to exercise control over the physical world. Examples of these, so called Cyber-Physical Systems (CPS) include self-driving cars, surgical robots, but also the individual systems of our power-distribution network or of our water supply and wastewater removal systems. While connectivity allows them to coordinate and fulfill tasks that were unimaginable in the past (e.g., cars sharing planned maneuvers for more energy efficient and faster driving), this connection makes them also vulnerable to targeted attacks by adversarial teams, which we have seen to become increasingly well equipped and highly skilled. Byzantine fault and intrusion tolerance (BFT) stands for one class of tools that counters these attacks in an automated and unattended manner. However, these tools are not yet suitable for controlling physical assets. In addition to functional correctness (e.g., agreeing to engage the brakes of a car if the trajectory of this vehicle crosses an obstacle), cyber-physical systems must also react in a timely manner (e.g., before the car will inevitably crash into the obstacle), even if the system is under attack.

In the FNR-INTER project ByzRT, the Real-Time Systems group of TU Kaiserslautern, Germany, and the CritiX team at SnT, University of Luxembourg, join forces to research and develop novel and innovative BFT tools to tolerate successful intrusion of adversaries in safety-critical systems, while preventing them from causing harm.