Security Lab (SEC)

Security lab

Convenience, cost reductions, and ubiquitous connectivity provided by new networks and services come with new problems. Reliable information and communication services require reliable software and hardware. At the same time, new methods for infecting systems with various types of malware are growing in sophistication and require minimal barriers to entry for attackers. We can say that we pay a price for technological innovation by creating new security concerns as new attacks surfaces are introduced. The threats increase as the systems become more distributed and as devices and networks with varying levels of security protections frequently participate in the same processes. Widespread usage of common software and hardware platforms considerably simplifies the spread of malware. Frequent updates and change of software and system states can also be exploited. Hence, there is an urgent need to address these security concerns and we see increased global secure computing research efforts.

SICS addresses many of these security issues at the Security Lab, primarily working with platform and network security issues.

Our main research areas are:

The Security Lab is distributed between two locations: one part of the group sits in the main office in Kista, while the other part are pioneers in our relatively new SICS offices in Lund.

People

Mohamed Ahmed Abdelraheem
Postdoc

mohamed.abdelraheem [at] sics.se

Rolf Blom
PhD, Senior Researcher
+46 70 325 19 06
rolfb [at] sics.se

Thomas Carnehult
Business Development and Project Manager
+46 70 622 24 09
thomas.carnehult [at] sics.se

Christian Gehrmann
Ph.D, Adj. Professor; Director, Security Laboratory
+46 46 286 59 00
chrisg [at] sics.se

Rosario Giustolisi
Post-doctoral researcher

rosario.giustolisi [at] sics.se

Rikard Höglund
Researcher
+46 70 286 42 86
rhoglund [at] sics.se

Stefan Johansson
Embedded Software Developer
+46 70 248 87 72
stefanj [at] sics.se

Nicolae Paladi
Researcher, PhD candidate
+46 72 528 44 41
nicolae [at] sics.se

Oliver Schwarz
PhD student
+46 72 220 79 54
oliver [at] sics.se

Ludwig Seitz
PhD, Senior Researcher
+46 70 349 92 51
ludwig [at] sics.se

Martin Svensson
IT Security Architect
+46 72 561 25 51
martin.svensson [at] sics.se

Marco Tiloca
Ph.D., Senior Researcher
+46 70 604 65 01
marco [at] sics.se

Arash Vahidi
PhD, Senior Researcher
+46 70 773 15 45
arash [at] sics.se

Publications
Number of items: 65.

Paladi, Nicolae and Gehrmann, Christian (2016) TruSDN: Bootstrapping Trust in Cloud Network Infrastructure. In: 12th EAI International Conference on Security and Privacy in Communication Networks, OCTOBER 10–12, 2016, GUANGZHOU, PEOPLE'S REPUBLIC OF CHINA. (In Press)

Paladi, Nicolae and Gehrmann, Christian and Michalas, Antonis (2016) Providing User Security Guarantees in Public Infrastructure Clouds. IEEE Transactions on Cloud Computing, PP (99). ISSN 2168-7161

Ludwig, Seitz and Stefanie, Gerdes and Göran, Selander and Mehdi, Mani and Sandeep, Kumar (2016) Use Cases for Authentication and Authorization in Constrained Environments. Internet Engineering Task Force, IETF RFC editor.

Raza, Shahid and Seitz, Ludwig and Sytenkov, Denis and Selander, Göran (2016) S3K: Scalable Security With Symmetric Keys—DTLS Key Establishment for the Internet of Things. IEEE Transactions on Automation Science and Engineering, PP (99). pp. 1-11. ISSN 1545-5955

Michalas, Antonis and Dowsley, Rafael and Nagel, Matthias (2016) A report on design and implementation of protected searchable data in IaaS. [SICS Report]

Schwarz, Oliver and Dam, Mads (2016) Automatic Derivation of Platform Noninterference Properties. In: Software Engineering and Formal Methods (SEFM).

Tiloca, Marco and Gehrmann, Christian and Seitz, Ludwig (2016) On Improving Resistance to Denial of Service and Key Provisioning Scalability of the DTLS Handshake. International Journal of Information Security .

Svensson, Martin and Paladi, Nicolae and Giustolisi, Rosario (2015) 5G: Towards secure ubiquitous connectivity beyond 2020. [SICS Report]

Paladi, Nicolae (2015) Towards secure SDN policy management. In: 2015 IEEE/ACM 8th International Conference on Utility and Cloud Computing (UCC), 7-10 December 2015 , Limassol, Cyprus.

Tiloca, Marco and Racciatti, Francesco and Dini, Gianluca (2015) Simulative Evaluation of Security Attacks in Networked Critical Infrastructures. In: 2nd International Workshop on Reliability and Security Aspects for Critical Infrastructure Protection (ReSA4CI 2015), September 2015, Delft (The Netherlands).

Blom, Rolf and Schwarz, Oliver (2015) High Assurance Security Products on COTS Platforms. ERCIM News (102). pp. 39-40. ISSN 0926-4981

Aslam, Mudassar and Gehrmann, Christian and Björkman, Mats (2015) ASArP: Automated Security Assessment & Audit of Remote Platforms using TCG-SCAP synergies. Journal of Information Security and Applications, 22 . pp. 28-39. ISSN 2214-2126

Papatheocharous, Efi and Michalas, Antonis and Gehrmann, Christian (2015) A Holistic Data Privacy and Security by Design Platform-as-a-Service Framework Introducing Distributed Encrypted Persistence in Cloud-based Applications. In: Evaluation of Novel Approaches to Software Engineering (ENASE 15), 29-30 April 2015, Barcelona, Spain. (Submitted)

Höglund, Rikard and Tiloca, Marco (2015) Current State of the Art in Smart Metering Security. [SICS Report]

Gehrmann, Christian and Tiloca, Marco and Höglund, Rikard (2015) SMACK: Short Message Authentication ChecK Against Battery Exhaustion in the Internet of Things. In: The 12th IEEE International Conference on Sensing Communication and Networking (SECON 2015), 2015, Seattle, Washington, USA.

Paladi, Nicolae and Gehrmann, Christian (2015) Towards Secure Multi-tenant Virtualized Networks. In: 1st IEEE International Workshop on 5G Security held in conjunction with IEEE TrustCom-15, August 21-22, 2015, Helsinki, Finland. (In Press)

Ray, Apala and Åkerberg, Johan and Björkman, Mats and Blom, Rolf and Gidlund, Mikael (2015) Applicability of LTE Public Key Infrastructure Based Device Authentication in Industrial Plants. In: 2015 IEEE 39th Annual Computer Software and Applications Conference (COMPSAC, 1-5 July 2015 , Taichung .

Tiloca, Marco and De Guglielmo, Domenico and Dini, Gianluca and Anastasi, Giuseppe and Das, Sajal K. (2015) JAMMY: a Distributed and Dynamic Solution to Selective Jamming Attack in TDMA WSNs. IEEE Transactions on Dependable and Secure Computing . (In Press)

Schwarz, Oliver and Dam, Mads (2014) Formal Verification of Secure User Mode Device Execution with DMA. In: Haifa Verification Conference, Haifa, Israel.

Paladi, Nicolae and Aslam, Mudassar and Gehrmann, Christian (2014) Trusted Geolocation-Aware Data Placement in Infrastructure Clouds. TrustCom . (In Press)

Aslam, Mudassar (2014) Bringing Visibility in the Clouds : using Security, Transparency and Assurance Services. Doctoral thesis, Mälardalen University.

Tiloca, Marco (2014) Efficient Protection of Response Messages in DTLS-Based Secure Multicast Communication. In: The 7th International Conference on Security of Information and Networks (SIN 2014), 9-11 Sept 2014, Glasgow (Scotland, UK).

Vahidi, Arash (2014) The monotonic separation kernel. In: 12th IEEE International Conference on Embedded and Ubiquitous Computing, 26-28 Aug 2014, Milan, Italy.

Niklas, Hjern and Jonas, Vistrand (2014) Authorization for Industrial Control Systems. Masters thesis, Department of Electrical and Information Technology.

Mohanty, Manoranjan and Do, Viktor and Gehrmann, Christian (2014) Media Data Protection during Execution on Mobile Platforms – A Review. [SICS Report]

Schwarz, Oliver and Gehrmann, Christian and Do, Viktor (2014) Affordable Separation on Embedded Platforms: Soft Reboot Enabled Virtualization on a Dual Mode System. In: Trust & Trustworthy Computing (TRUST) 2014, 30 Jun - 2 Jul 2014, Heraklion, Greece.

Denis, Sitenkov (2014) Access Control in the Internet of Things. Masters thesis, KTH.

Paladi, Nicolae and Michalas, Antonis and Christian, Gehrmann (2014) Domain based storage protection with secure access control for the cloud. In: SCC '14 Proceedings of the 2nd international workshop on Security in cloud computing, 3 June 2014, Kyoto, Japan.

Cherkaoui, Abdelkarim and Bossuet, Lilian and Seitz, Ludwig and Selander, Göran and Borgaonkar, Ravi (2014) New Paradigms for Authorization and Access Control in Constrained Environnements. In: 9th International Symposium on Reconfigurable Communication-centric Systems-on-Chip (ReCoSoC 2014), 26-28 March 2014, Montpellier, France.

Gianluca, Dini and Tiloca, Marco (2014) A Simulation Tool for Evaluating Attack Impact in Cyber Physical Systems. In: Modelling & Simulation for Autonomous Systems Workshop (MESAS14), 5-6 May 2014, Rome (Italy). (In Press)

Michalas, Antonis and Komninos, Nikos (2014) The Lord of the Sense: A Privacy Preserving Reputation System for Participatory Sensing Applications. In: the 19th IEEE Symposium on Computers and Communications (ISCC), 23 - 26 June 2014, Madeira, Portugal. (In Press)

Michalas, Antonis and Paladi, Nicolae and Gehrmann, Christian (2014) Security Aspects of e-Health Systems Migration to the Cloud. In: 16th International Conference on E-health Networking, Application & Services (Healthcom'14), 15 - 18 October 2014, Natal, Brazil. (In Press)

Paladi, Nicolae and Michalas, Antonis (2014) "One of Our Hosts in Another Country": Challenges of Data Geolocation in Cloud Storage. In: The 6th IEEE Conference on Wireless Communication, Vehicular Technology, Information Theory and Aerospace & Electronic Systems Technology (Wireless VITAE), 11 - 14 May 2014, Aalborg, Denmark. (In Press)

Paladi, Nicolae and Michalas, Antonis and Gehrmann, Christian (2014) Domain Based Storage Protection with Secure Access Control for the Cloud. In: 2nd international workshop on Security in cloud computing, Kyoto, Japan.

Khakpour, Narges and Schwarz, Oliver and Dam, Mads (2013) Machine Assisted Proof of ARMv7 Instruction Level Isolation Properties. In: Certified Programs and Proofs (CPP), 11-13 December 2013, Melbourne, VIC, Australia.

Dam, Mads and Guanciale, Roberto and Khakpour, Narges and Nemati, Hamed and Schwarz, Oliver (2013) Formal Verification of Information Flow Security for a Simple ARM-Based Separation Kernel. In: 2013 ACM SIGSAC conference on computer & communications security, Berlin, Germany.

Vahidi, Arash and Jämthagen, Christopher (2013) Secure RPC in embedded systems - Evaluation of some GlobalPlatform implementation alternatives. In: 8th Workshop on Embedded Systems Security.

Seitz, Ludwig and Selander, Göran and Gehrmann, Christian (2013) Authorization Framework for the Internet-of-Things. In: 4th IEEE International Workshop on Data Security and PrivAcy in wireless Networks, 2013-06-04, Madrid, Spain.

Vahidi, Arash and Ekdahl, Patrik (2013) VETE: Virtualizing the Trusted Execution Environment. [SICS Report]

Paladi, Nicolae and Gehrmann, Christian and Morenius, Fredric (2013) State of The Art and Hot Aspects in Cloud Data Storage Security. [SICS Report]

Paladi, Nicolae and Gehrmann, Christian and Aslam, Mudassar and Morenius, Fredric (2013) Trusted Launch of Virtual Machine Instances in Public IaaS Environments. In: 15th Annual International Conference on Information Security and Cryptology, 28-30 Nov 2012, Seoul, Korea. (In Press)

Aslam, Mudassar and Gehrmann, Christian and Björkman, Mats (2013) Continuous Security Evaluation and Auditing of Remote Platforms by Combining Trusted Computing and Security Automation Techniques. In: The 6th International Conference on Security of Information and Networks, November 26-28, 2013, Aksaray/Turkey. (In Press)

Paladi, Nicolae and Gehrmann, Christian and Aslam, Mudassar and Morenius, Fredric (2013) Trusted Launch of Virtual Machine Instances in Public IaaS Environments. Lecture Notes in Computer Science, 7839 . pp. 309-323.

Paladi, Nicolae and Gehrmann, Christian and Morenius, Fredric (2013) Domain-Based Storage Protection (DBSP) in Public Infrastructure Clouds. In: 18th Nordic Conference, NordSec 2013, October 18-21, 2013, Ilulissat, Greenland.

Sahlström, Mikael (2013) A thin MIPS hypervisor for embedded systems. Masters thesis, Lund University.

Aslam, Mudassar (2012) Secure Service Provisioning in a Public Cloud. Licentiate thesis, Mälardalen University.

Rasmusson, Lars and Rajabi Nasab, Mazdak (2012) Hypervisor Integrity Measurement Assistant. [SICS Report]

Paladi, Nicolae (2012) Trusted Computing and Secure Virtualization in Cloud Computing. Masters thesis, Luleå University of Technology.

Aslam, Mudassar and Gehrmann, Christian and Björkman, Mats (2012) Security and Trust Preserving VM Migrations in Public Clouds. In: 11th IEEE International Conference on Trust, Security and Privacy in Computing and Communications, 25-27 June 2012, Liverpool, UK.

Aslam, Mudassar and Gehrmann, Christian and Rasmusson, Lars and Björkman, Mats (2012) Securely Launching Virtual Machines on Trustworthy Platforms in a Public Cloud. In: International Conference on Cloud Computing and Services Science, CLOSER 2012, 18 - 21 April 2012, Porto, Portugal. (In Press)

Rasmusson, Lars and Aslam, Mudassar (2012) Protecting Private Data in the Cloud. In: The 2nd International Conference on Cloud Computing and Services Science, CLOSER 2012, 18-21 April 2012, Porto, Portugal. (In Press)

Gehrmann, Christian (2012) Secure Mobile Social Networks using USIM in a Closed Environment. In: 7th International Conference for Internet Technology and Secured Transactions, 10 - 12 Dec 2012, London, UK.

Schwarz, Oliver and Gehrmann, Christian (2012) Securing DMA through Virtualization. In: COMPENG 2012, 11-13 June 2012, Aachen, Germany.

Huang, Qing (2011) An extension to the Android access control framework. Masters thesis, Linköpings universitet.

Elena, Kozhemyak (2011) Privacy considerations for secure identification in social wireless networks. Masters thesis, KTH.

Do, Viktor (2011) Security Services on an Optimized Thin Hypervisor for Embedded Systems. Masters thesis, Faculty of Engineering LTH at Lund University.

Aslam, Mudassar and Gehrmann, Christian (2011) Security Considerations for Virtual Platform Provisioning. In: European Conference on Information Warfare and Security ECIW-2011, 7-8 July 2011, Tallin, Estonia. (In Press)

Gehrmann, Christian and Löfvenberg , Jacob (2011) Trust Evaluation for Embedded Systems Security research challenges identified from an incident network scenario. In: First International Workshop on Dependable and Secure Industrial and Embedded Systems (WORDS 2011), 14 June 2011, Västerås, Sweden.

Omer, Nawaz and Gehrmann, Christian (2011) Secure Identification in Social Wireless Networks. Masters thesis, SICS and Blekinge Institute of Technology.

Aslam, Mudassar and Gehrmann, Christian (2011) Deploying Virtual Machines on Shared Platforms. [SICS Report]

Gehrmann, Christian and Douglas, Heradon and Kengo Nilsson, Dennis (2011) Are there good Reasons for Protecting Mobile Phones with Hypervisors? In: IEEE Consumer Communications and Networking Conference, 9-12 Jan 2011, Las Vegas, Nevada, USA.

Gehrmann, Christian (2011) ARIES WP3 – Needs and Requirements Analyses. Swedish Institute of Computer Science, Kista, Sweden. (Unpublished)

Aslam, Mudassar and Gehrmann, Christian (2010) TCG based approach for secure management of virtualized platforms: state-of-the-art. [SICS Report]

Douglas, Heradon (2010) Thin Hypervisor-Based Security Architectures for Embedded Platforms. Masters thesis, Royal Institute of Technology.

Douglas, Heradon and Gehrmann, Christian (2009) Secure Virtualization and Multicore Platforms State-of-the-Art report. [SICS Report]

This list was generated on Wed Aug 24 11:18:05 2016 CEST.
Projects

Completed projects

News

Pages

In media
Software

The Security Lab at SICS aims at publishing a growing share of our assets as open source. Here you find a list of available software produced in our lab:

  • AssertionServer: The AssertionServer is an open source library providing lightweight identity management functions based on the SAML standard.
  • SICS Thin Hypervisor: The SICS thin hypervisor (STH) is a small hypervisor for embedded systems running on ARMv7. The open source version of the STH is capable of executing Linux on a number of popular development platforms.
  • ARMv7 security proofs in HOL4: As part of the PROSPER project, we have formally verified the security of the ARMv7 instruction set architecture during user mode execution. This work builds upon the Cambridge HOL4 model of ARM. By now, our proofs have become part of the current official HOL4 release. The link points to the corresponding GIT repository.
Security in the Internet of Things

Security in the Internet of Things

The SEC lab works with security in the Internet of Things (IoT) with the goal of providing security services as enablers for other applications for IoT. This work is conducted in close cooperation with Ericsson Security Research.

We are contributing to ongoing standardization efforts at the Internet Engineering Task force (IETF), specifically in the working groups ACE, COSE and CoRE.

In ACE we are editors of  RFC 7744 that describes uses cases for authentication and authorization for constrained environments. Furthermore we have submitted drafts on access control and on object security.

This research area includes the following projects:

Secure Virtualization

The SEC lab works with secure virtualization as an enabler for embedded platform security.

We have developed a hypervisor that allows the operation of multiple guests - strongly isolated - on a single device. Together with our partners from academia and industry we are continously enhancing this solution towards a product providing:

  • execution on ARM (one of the most widespread comodity platform architectures in embedded systems),
  • virtualization in order to achieve secure isolation of critical processes,
  • the ability to run unmodified guests,
  • resource and cost efficiency,
  • multicore support,
  • a secure boot process,
  • formal verification,
  • Common Criteria certified security properties with high assurance level,
  • European origin (with development and security evaluation performed in Sweden),
  • open source

Furthermore, variants of this hypervisor are employed in order to assist in media data protection or in process isolation on constrained architectures such as Cortex-M.

This research area includes the following projects:

Master thesis projects (Exjobb)

 

Please find our current MSc. thesis offers here. Note that our lab is located both in Lund and Stockholm, and the offers may be linked to a specific location, also note that in order to apply you must be an MSc. student at a university in Sweden.

You can find below the  currently available thesis topics: