Security Lab (SEC)

Convenience, cost reductions, and ubiquitous connectivity provided by new networks and services come with new problems. Reliable information and communication services require reliable software and hardware. At the same time, new methods for infecting systems with various types of malware are growing in sophistication and require minimal barriers to entry for attackers. We can say that we pay a price for technological innovation by creating new security concerns as new attacks surfaces are introduced. The threats increase as the systems become more distributed and as devices and networks with varying levels of security protections frequently participate in the same processes. Widespread usage of common software and hardware platforms considerably simplifies the spread of malware. Frequent updates and change of software and system states can also be exploited. Hence, there is an urgent need to address these security concerns and we see increased global secure computing research efforts.

RISE SICS addresses many of these security issues at the Security Lab, primarily working with platform and network security issues. 

The Security Lab at RISE SICS consists of 18 people. Our core research areas, expertise, and the ongoing projects are listed below. 
 

IoT security

RISE SICS is at the forefront of IoT security in Europe. We work primarily on resource-constrained IoT, looking into aspects such as access control, lightweight security protocols, intrusion detection, management and distribution of cryptographic keys, Denial of Service attacks, and interconnection of IoT and cloud infrastructures. Together with Ericsson, RISE SICS is leading the IoT security standardization work at the IETF. Our research on IoT security is funded by Ericsson and by the following ongoing Swedish and EU projects.

Ongoing projects: Eurostars SecureIoT; EIT-Digital HII ACTIVE; Celtic-Plus CyberWI; VINNOVA SIP-IoT CEBOT; H2020 NobelGrid; FP7 SEGRID.

5G security

SICS is active in shaping the security of the next generation of mobile telecommunication. Besides contributing to definition of security use cases and security architecture for 5G networks, SICS conducts research on platform security and trust establishment for Software Defined Network infrastructure, as well as on novel authentication, authorization, and accounting protocols.
Ongoing projects: H2020 5G-ENSURE
 

 Cloud security

SICS has several years of experience in various aspects of cloud security -  based both on its experience in separation, isolation and trust on computation platforms, as well as on its growing expertise in data protection and secure storage. Earlier researcher conducted by SICS in this area in collaboration with Ericsson Research has produced several patented technologies. Currently, SICS’ research focus within cloud security focuses on searchable encryption (PaaSWord) and resource brokerage in federated cloud deployments (COLA).
Ongoing projects:  H2020 PaaSword, H2020 COLA
 

 Software security / virtualization

RISE SICS has several years of experience with high assurance separation/isolation and trust on computation platforms, especially through virtualization, trusted computing, and SGX. Besides our related efforts already described for the cloud area, we have a strong background in secure virtualization on embedded systems. In particular, RISE SICS developed its own open-source hypervisor for ARM. We also are involved in the formal verification of that hypervisor and supported the preparation for a potential Common Criteria certification of related products. RISE SICS also holds a patent on a System-on-Chip extension for secure on-demand virtualization.
Ongoing projects: VINNOVA UDI SECONDS; ARTEMIS EMC2; SSF PROSPER
 

 Blockchain

Blockchain is one of the priority topics for us. We have a couple of submitted proposals around different aspects of Blockchain. We are mostly interested in permissioned Blockchain. We are interested in the Blockchain and IoT, lightweight crypto, open source lightweight APIs for Blockchain, and novel applications of the blockchain technology. Currently, the Blockchain research is funded by a RISE SICS internal project.
 

 Privacy

Privacy is increasingly important in a data driven society. Protecting privacy is not about the absence of surveillance, but rather an understanding of the context in which information is shared and used. RISE SICS works with identifying mechanisms for increasing trust for processing of personal data, mechanisms for creating internal awareness for how data is used, and getting companies to play a more proactive role in taking a responsibility for data collection.
Ongoing projects: Engaging Privacy w. Microsoft, Telia, IIS and Samsung.

 

The Security Lab is distributed between two locations: one part of the group sits in the main office in Kista, while the other part are pioneers in our relatively new SICS offices in Lund. New Director of the Security Lab is Shahid Raza.

People

Mohamed Ahmed Abdelraheem
Postdoc

mohamed.abdelraheem [at] ri.se

Tobias Andersson
Researcher/SW developer at Security Labs
+46 72 728 26 27
tobias.andersson [at] ri.se

Rolf Blom
PhD, Senior Researcher
+46 70 325 19 06
rolf.blom [at] ri.se

Thomas Carnehult
Deputy Lab Manager
+46 70 622 24 09
thomas.carnehult [at] ri.se

Jacob Dexe
Researcher
+46 70 783 23 20
jacob.dexe [at] ri.se

Martin Gunnarsson
Research Engineer
+46 768 110 01
martin.gunnarsson [at] ri.se

Rikard Höglund
Researcher
+46 70 286 42 86
rikard.hoglund [at] ri.se

Linus Karlsson
Researcher
070-514 82 50
linus.karlsson [at] ri.se

Nicolae Paladi
Senior Researcher, PhD
+46 72 528 44 41
nicolae.paladi [at] ri.se

Shahid Raza
PhD, Director Security Lab, Expert Researcher

shahid.raza [at] ri.se

Kiki Rizki
Researcher
+46 72 947 93 31
kiki.rizki [at] ri.se

Oliver Schwarz
Researcher IT Security
+46 72 220 79 54
oliver.schwarz [at] ri.se

Ludwig Seitz
PhD, Senior Researcher
+46 70 349 92 51
ludwig [at] sics.se

Marco Tiloca
Ph.D., Senior Researcher
+46 70 604 65 01
marco.tiloca [at] ri.se

Arash Vahidi
PhD, Senior Researcher
+46 70 773 15 45
arash.vahidi [at] ri.se

Publications
Number of items: 79.

Baumann, Christoph and Schwarz, Oliver and Dam, Mads (2017) Compositional Verification of Security Properties for Embedded Execution Platforms. In: PROOFS 2017, 6th International Workshop on Security Proofs for Embedded Systems, Taipei, Taiwan.

Gunnarsson, Martin and Andersson, Tobias and Seitz, Ludwig (2017) Performance and overhead evaluation of OSCOAP and DTLS. [SICS Report]

Paladi, Nicolae and Linus, Karlsson (2017) Safeguarding VNF Credentials with Intel SGX. In: SIGCOMM 2017, August 22-24, 2017, Los Angeles, California, USA.

Dharmini, Shreenivas and Shahid, Raza and Thiemo, Voigt (2017) Intrusion Detection in the RPL-connected 6LoWPAN Networks. In: ACM 3rd International Workshop on IoT Privacy, Trust, and Security (IoTPTS 2017), co-located with the ACM Asia Conference on Computer and Communications Security (AsiaCCS'17). (In Press)

Tiloca, Marco and Nikitin, Kirill and Raza, Shahid (2017) Axiom - DTLS-based secure IoT group communication. ACM Transactions on Embedded Computing Systems . (In Press)

Gehrmann, Christian and Abdelraheem, Mohammed Ahmed (2016) IoT Protection Through Device to Cloud Synchronization. In: CloudSPD'16 co-located with the 8th IEEE International Conference on Cloud Computing Technology and Science (CloudCom 2016), December 12-15, 2016, Luxembourg.

Giustolisi, Rosario and Gehrmann, Christian and Ahlström, Markus and Holmberg, Simon (2016) A Secure Group-Based AKA Protocol for Machine-Type Communications. In: 19th Annual International Conference on Information Security and Cryptology, 30/11/2016 - 02/12/2016, Seoul. (In Press)

Abdelraheem, Mohammed Ahmed and Gehrmann, Christian and Lindström, Malin and Nordahl, Christian (2016) Executing Boolean Queries on an Encrypted Bitmap Index. In: Cloud Computing Security Workshop, 2016-10-28, Vienna.

Giustolisi, Rosario and Gehrmann, Christian (2016) Threats to 5G Group-Based Authentication. In: 13th International Conference on Security and Cryptography (SECRYPT 2016), 26-28 July 2016, Madrid, Spain.

Giustolisi, Rosario and Iovino, Vincenzo and Roenne, Peter (2016) On the Possibility of Non-Interactive E-Voting in the Public-key Setting. In: Financial Cryptography and Data Security Workshops.

Tiloca, Marco and Stagkopoulou, Alexandra and Dini, Gianluca (2016) Performance and Security Evaluation of SDN Networks in OMNeT++/INET. In: OMNeT++ Community Summit 2016, 15-16 September 2016, Brno (Czech Republic).

Tiloca, Marco and Gehrmann, Christian and Seitz, Ludwig (2016) Robust and Scalable DTLS Session Establishment. ERCIM News No. 106, Special Theme: Cybersecurity (106). pp. 31-32.

Paladi, Nicolae and Gehrmann, Christian (2016) TruSDN: Bootstrapping Trust in Cloud Network Infrastructure. In: 12th EAI International Conference on Security and Privacy in Communication Networks, OCTOBER 10–12, 2016, GUANGZHOU, PEOPLE'S REPUBLIC OF CHINA. (In Press)

Tiloca, Marco and Dini, Gianluca (2016) GREP: a Group REkeying Protocol Based on Member Join History. In: The twenty-first IEEE Symposium on Computers and Communications (ISCC 2016), 27-30 June 2016, Messina (Italy).

Paladi, Nicolae and Gehrmann, Christian and Michalas, Antonis (2016) Providing User Security Guarantees in Public Infrastructure Clouds. IEEE Transactions on Cloud Computing, PP (99). ISSN 2168-7161

Ludwig, Seitz and Stefanie, Gerdes and Göran, Selander and Mehdi, Mani and Sandeep, Kumar (2016) Use Cases for Authentication and Authorization in Constrained Environments. Internet Engineering Task Force, IETF RFC editor.

Raza, Shahid and Seitz, Ludwig and Sytenkov, Denis and Selander, Göran (2016) S3K: Scalable Security With Symmetric Keys—DTLS Key Establishment for the Internet of Things. IEEE Transactions on Automation Science and Engineering, PP (99). pp. 1-11. ISSN 1545-5955

Michalas, Antonis and Dowsley, Rafael and Nagel, Matthias (2016) A report on design and implementation of protected searchable data in IaaS. [SICS Report]

Baumann, Christoph and Näslund, Mats and Gehrmann, Christian and Schwarz, Oliver and Thorsen, Hans (2016) A High Assurance Virtualization Platform for ARMv8. In: European Conference on Networks and Communications (EuCNC) 2016.

Schwarz, Oliver and Dam, Mads (2016) Automatic Derivation of Platform Noninterference Properties. In: Software Engineering and Formal Methods (SEFM).

Tiloca, Marco and Gehrmann, Christian and Seitz, Ludwig (2016) On Improving Resistance to Denial of Service and Key Provisioning Scalability of the DTLS Handshake. International Journal of Information Security .

Svensson, Martin and Paladi, Nicolae and Giustolisi, Rosario (2015) 5G: Towards secure ubiquitous connectivity beyond 2020. [SICS Report]

Paladi, Nicolae (2015) Towards secure SDN policy management. In: 2015 IEEE/ACM 8th International Conference on Utility and Cloud Computing (UCC), 7-10 December 2015 , Limassol, Cyprus.

Tiloca, Marco and Racciatti, Francesco and Dini, Gianluca (2015) Simulative Evaluation of Security Attacks in Networked Critical Infrastructures. In: 2nd International Workshop on Reliability and Security Aspects for Critical Infrastructure Protection (ReSA4CI 2015), September 2015, Delft (The Netherlands).

Blom, Rolf and Schwarz, Oliver (2015) High Assurance Security Products on COTS Platforms. ERCIM News (102). pp. 39-40. ISSN 0926-4981

Aslam, Mudassar and Gehrmann, Christian and Björkman, Mats (2015) ASArP: Automated Security Assessment & Audit of Remote Platforms using TCG-SCAP synergies. Journal of Information Security and Applications, 22 . pp. 28-39. ISSN 2214-2126

Papatheocharous, Efi and Michalas, Antonis and Gehrmann, Christian (2015) A Holistic Data Privacy and Security by Design Platform-as-a-Service Framework Introducing Distributed Encrypted Persistence in Cloud-based Applications. In: Evaluation of Novel Approaches to Software Engineering (ENASE 15), 29-30 April 2015, Barcelona, Spain. (Submitted)

Höglund, Rikard and Tiloca, Marco (2015) Current State of the Art in Smart Metering Security. [SICS Report]

Gehrmann, Christian and Tiloca, Marco and Höglund, Rikard (2015) SMACK: Short Message Authentication ChecK Against Battery Exhaustion in the Internet of Things. In: The 12th IEEE International Conference on Sensing Communication and Networking (SECON 2015), 2015, Seattle, Washington, USA.

Paladi, Nicolae and Gehrmann, Christian (2015) Towards Secure Multi-tenant Virtualized Networks. In: 1st IEEE International Workshop on 5G Security held in conjunction with IEEE TrustCom-15, August 21-22, 2015, Helsinki, Finland. (In Press)

Ray, Apala and Åkerberg, Johan and Björkman, Mats and Blom, Rolf and Gidlund, Mikael (2015) Applicability of LTE Public Key Infrastructure Based Device Authentication in Industrial Plants. In: 2015 IEEE 39th Annual Computer Software and Applications Conference (COMPSAC, 1-5 July 2015 , Taichung .

Tiloca, Marco and De Guglielmo, Domenico and Dini, Gianluca and Anastasi, Giuseppe and Das, Sajal K. (2015) JAMMY: a Distributed and Dynamic Solution to Selective Jamming Attack in TDMA WSNs. IEEE Transactions on Dependable and Secure Computing . (In Press)

Schwarz, Oliver and Dam, Mads (2014) Formal Verification of Secure User Mode Device Execution with DMA. In: Haifa Verification Conference, Haifa, Israel.

Paladi, Nicolae and Aslam, Mudassar and Gehrmann, Christian (2014) Trusted Geolocation-Aware Data Placement in Infrastructure Clouds. TrustCom . (In Press)

Aslam, Mudassar (2014) Bringing Visibility in the Clouds : using Security, Transparency and Assurance Services. Doctoral thesis, Mälardalen University.

Tiloca, Marco (2014) Efficient Protection of Response Messages in DTLS-Based Secure Multicast Communication. In: The 7th International Conference on Security of Information and Networks (SIN 2014), 9-11 Sept 2014, Glasgow (Scotland, UK).

Vahidi, Arash (2014) The monotonic separation kernel. In: 12th IEEE International Conference on Embedded and Ubiquitous Computing, 26-28 Aug 2014, Milan, Italy.

Niklas, Hjern and Jonas, Vistrand (2014) Authorization for Industrial Control Systems. Masters thesis, Department of Electrical and Information Technology.

Mohanty, Manoranjan and Do, Viktor and Gehrmann, Christian (2014) Media Data Protection during Execution on Mobile Platforms – A Review. [SICS Report]

Schwarz, Oliver and Gehrmann, Christian and Do, Viktor (2014) Affordable Separation on Embedded Platforms: Soft Reboot Enabled Virtualization on a Dual Mode System. In: Trust & Trustworthy Computing (TRUST) 2014, 30 Jun - 2 Jul 2014, Heraklion, Greece.

Denis, Sitenkov (2014) Access Control in the Internet of Things. Masters thesis, KTH.

Paladi, Nicolae and Michalas, Antonis and Christian, Gehrmann (2014) Domain based storage protection with secure access control for the cloud. In: SCC '14 Proceedings of the 2nd international workshop on Security in cloud computing, 3 June 2014, Kyoto, Japan.

Cherkaoui, Abdelkarim and Bossuet, Lilian and Seitz, Ludwig and Selander, Göran and Borgaonkar, Ravi (2014) New Paradigms for Authorization and Access Control in Constrained Environnements. In: 9th International Symposium on Reconfigurable Communication-centric Systems-on-Chip (ReCoSoC 2014), 26-28 March 2014, Montpellier, France.

Gianluca, Dini and Tiloca, Marco (2014) A Simulation Tool for Evaluating Attack Impact in Cyber Physical Systems. In: Modelling & Simulation for Autonomous Systems Workshop (MESAS14), 5-6 May 2014, Rome (Italy). (In Press)

Michalas, Antonis and Komninos, Nikos (2014) The Lord of the Sense: A Privacy Preserving Reputation System for Participatory Sensing Applications. In: the 19th IEEE Symposium on Computers and Communications (ISCC), 23 - 26 June 2014, Madeira, Portugal. (In Press)

Michalas, Antonis and Paladi, Nicolae and Gehrmann, Christian (2014) Security Aspects of e-Health Systems Migration to the Cloud. In: 16th International Conference on E-health Networking, Application & Services (Healthcom'14), 15 - 18 October 2014, Natal, Brazil. (In Press)

Paladi, Nicolae and Michalas, Antonis (2014) "One of Our Hosts in Another Country": Challenges of Data Geolocation in Cloud Storage. In: The 6th IEEE Conference on Wireless Communication, Vehicular Technology, Information Theory and Aerospace & Electronic Systems Technology (Wireless VITAE), 11 - 14 May 2014, Aalborg, Denmark. (In Press)

Paladi, Nicolae and Michalas, Antonis and Gehrmann, Christian (2014) Domain Based Storage Protection with Secure Access Control for the Cloud. In: 2nd international workshop on Security in cloud computing, Kyoto, Japan.

Khakpour, Narges and Schwarz, Oliver and Dam, Mads (2013) Machine Assisted Proof of ARMv7 Instruction Level Isolation Properties. In: Certified Programs and Proofs (CPP), 11-13 December 2013, Melbourne, VIC, Australia.

Dam, Mads and Guanciale, Roberto and Khakpour, Narges and Nemati, Hamed and Schwarz, Oliver (2013) Formal Verification of Information Flow Security for a Simple ARM-Based Separation Kernel. In: 2013 ACM SIGSAC conference on computer & communications security, Berlin, Germany.

Vahidi, Arash and Jämthagen, Christopher (2013) Secure RPC in embedded systems - Evaluation of some GlobalPlatform implementation alternatives. In: 8th Workshop on Embedded Systems Security.

Seitz, Ludwig and Selander, Göran and Gehrmann, Christian (2013) Authorization Framework for the Internet-of-Things. In: 4th IEEE International Workshop on Data Security and PrivAcy in wireless Networks, 2013-06-04, Madrid, Spain.

Vahidi, Arash and Ekdahl, Patrik (2013) VETE: Virtualizing the Trusted Execution Environment. [SICS Report]

Paladi, Nicolae and Gehrmann, Christian and Morenius, Fredric (2013) State of The Art and Hot Aspects in Cloud Data Storage Security. [SICS Report]

Paladi, Nicolae and Gehrmann, Christian and Aslam, Mudassar and Morenius, Fredric (2013) Trusted Launch of Virtual Machine Instances in Public IaaS Environments. In: 15th Annual International Conference on Information Security and Cryptology, 28-30 Nov 2012, Seoul, Korea. (In Press)

Aslam, Mudassar and Gehrmann, Christian and Björkman, Mats (2013) Continuous Security Evaluation and Auditing of Remote Platforms by Combining Trusted Computing and Security Automation Techniques. In: The 6th International Conference on Security of Information and Networks, November 26-28, 2013, Aksaray/Turkey. (In Press)

Paladi, Nicolae and Gehrmann, Christian and Aslam, Mudassar and Morenius, Fredric (2013) Trusted Launch of Virtual Machine Instances in Public IaaS Environments. Lecture Notes in Computer Science, 7839 . pp. 309-323.

Paladi, Nicolae and Gehrmann, Christian and Morenius, Fredric (2013) Domain-Based Storage Protection (DBSP) in Public Infrastructure Clouds. In: 18th Nordic Conference, NordSec 2013, October 18-21, 2013, Ilulissat, Greenland.

Sahlström, Mikael (2013) A thin MIPS hypervisor for embedded systems. Masters thesis, Lund University.

Aslam, Mudassar (2012) Secure Service Provisioning in a Public Cloud. Licentiate thesis, Mälardalen University.

Rasmusson, Lars and Rajabi Nasab, Mazdak (2012) Hypervisor Integrity Measurement Assistant. [SICS Report]

Paladi, Nicolae (2012) Trusted Computing and Secure Virtualization in Cloud Computing. Masters thesis, Luleå University of Technology.

Aslam, Mudassar and Gehrmann, Christian and Björkman, Mats (2012) Security and Trust Preserving VM Migrations in Public Clouds. In: 11th IEEE International Conference on Trust, Security and Privacy in Computing and Communications, 25-27 June 2012, Liverpool, UK.

Aslam, Mudassar and Gehrmann, Christian and Rasmusson, Lars and Björkman, Mats (2012) Securely Launching Virtual Machines on Trustworthy Platforms in a Public Cloud. In: International Conference on Cloud Computing and Services Science, CLOSER 2012, 18 - 21 April 2012, Porto, Portugal. (In Press)

Rasmusson, Lars and Aslam, Mudassar (2012) Protecting Private Data in the Cloud. In: The 2nd International Conference on Cloud Computing and Services Science, CLOSER 2012, 18-21 April 2012, Porto, Portugal. (In Press)

Gehrmann, Christian (2012) Secure Mobile Social Networks using USIM in a Closed Environment. In: 7th International Conference for Internet Technology and Secured Transactions, 10 - 12 Dec 2012, London, UK.

Schwarz, Oliver and Gehrmann, Christian (2012) Securing DMA through Virtualization. In: COMPENG 2012, 11-13 June 2012, Aachen, Germany.

Huang, Qing (2011) An extension to the Android access control framework. Masters thesis, Linköpings universitet.

Elena, Kozhemyak (2011) Privacy considerations for secure identification in social wireless networks. Masters thesis, KTH.

Do, Viktor (2011) Security Services on an Optimized Thin Hypervisor for Embedded Systems. Masters thesis, Faculty of Engineering LTH at Lund University.

Aslam, Mudassar and Gehrmann, Christian (2011) Security Considerations for Virtual Platform Provisioning. In: European Conference on Information Warfare and Security ECIW-2011, 7-8 July 2011, Tallin, Estonia. (In Press)

Gehrmann, Christian and Löfvenberg , Jacob (2011) Trust Evaluation for Embedded Systems Security research challenges identified from an incident network scenario. In: First International Workshop on Dependable and Secure Industrial and Embedded Systems (WORDS 2011), 14 June 2011, Västerås, Sweden.

Omer, Nawaz and Gehrmann, Christian (2011) Secure Identification in Social Wireless Networks. Masters thesis, SICS and Blekinge Institute of Technology.

Aslam, Mudassar and Gehrmann, Christian (2011) Deploying Virtual Machines on Shared Platforms. [SICS Report]

Gehrmann, Christian and Douglas, Heradon and Kengo Nilsson, Dennis (2011) Are there good Reasons for Protecting Mobile Phones with Hypervisors? In: IEEE Consumer Communications and Networking Conference, 9-12 Jan 2011, Las Vegas, Nevada, USA.

Gehrmann, Christian (2011) ARIES WP3 – Needs and Requirements Analyses. Swedish Institute of Computer Science, Kista, Sweden. (Unpublished)

Aslam, Mudassar and Gehrmann, Christian (2010) TCG based approach for secure management of virtualized platforms: state-of-the-art. [SICS Report]

Douglas, Heradon (2010) Thin Hypervisor-Based Security Architectures for Embedded Platforms. Masters thesis, Royal Institute of Technology.

Douglas, Heradon and Gehrmann, Christian (2009) Secure Virtualization and Multicore Platforms State-of-the-Art report. [SICS Report]

This list was generated on Wed Dec 13 03:14:39 2017 CET.
Projects

Completed projects

News

Pages

In media
Software

The Security Lab at SICS aims at publishing a growing share of our assets as open source. Here you find a list of available software produced in our lab:

  • AssertionServer: The AssertionServer is an open source library providing lightweight identity management functions based on the SAML standard.
  • SICS Thin Hypervisor: The SICS thin hypervisor (STH) is a small hypervisor for embedded systems running on ARMv7. The open source version of the STH is capable of executing Linux on a number of popular development platforms.
  • ARMv7 security proofs in HOL4: As part of the PROSPER project, we have formally verified the security of the ARMv7 instruction set architecture during user mode execution. This work builds upon the Cambridge HOL4 model of ARM. By now, our proofs have become part of the current official HOL4 release. The link points to the corresponding GIT repository.
Security in the Internet of Things

Security in the Internet of Things

The SEC lab works with security in the Internet of Things (IoT) with the goal of providing security services as enablers for other applications for IoT. This work is conducted in close cooperation with Ericsson Security Research.

We are contributing to ongoing standardization efforts at the Internet Engineering Task force (IETF), specifically in the working groups ACE, COSE and CoRE.

In ACE we are editors of  RFC 7744 that describes uses cases for authentication and authorization for constrained environments. Furthermore we have submitted drafts on access control and on object security.

This research area includes the following projects:

Secure Virtualization

The SEC lab works with secure virtualization as an enabler for embedded platform security.

We have developed a hypervisor that allows the operation of multiple guests - strongly isolated - on a single device. Together with our partners from academia and industry we are continously enhancing this solution towards a product providing:

  • execution on ARM (one of the most widespread comodity platform architectures in embedded systems),
  • virtualization in order to achieve secure isolation of critical processes,
  • the ability to run unmodified guests,
  • resource and cost efficiency,
  • multicore support,
  • a secure boot process,
  • formal verification,
  • Common Criteria certified security properties with high assurance level,
  • European origin (with development and security evaluation performed in Sweden),
  • open source

Furthermore, variants of this hypervisor are employed in order to assist in media data protection or in process isolation on constrained architectures such as Cortex-M.

This research area includes the following projects:

Master thesis projects (Exjobb)

 

Please find our current MSc. thesis offers here. Note that our lab is located both in Lund and Stockholm, and the offers may be linked to a specific location, also note that in order to apply you must be an MSc. student at a university in Sweden.

You can find below the currently available thesis topics: 

Join the Security Lab

You can find the currently open positions at the Security Lab below.

  • The Security lab invites applications for a 1-year postdoctoral researcher position in the area of either Cloud infrastructure, Software Defined Networking (SDN) or Internet of Things (IoT), to begin in November 2016 or later (latest starting date January 1, 2017). Application deadline: October 15th, 2016. See the requirements and application here.