Related projects

Funding agencies:

Research projects

During my research at the DistriNet Research Group, I was involved in several research projects, funded by IBBT, FWO, IWT, and the European Commision. A list of projects, related to my research, can be found below. Currently, I'm involved in the IWT-SBO project SEC SODA and in IBBT research.

Related projects

Security of Software for Distributed Applications (SEC SODA)

SEC SODA is an SBO-project funded by the Flemish government (IWT). The goal of the SEC SODA project is to enable the development and deployment of secure distributed software applications. To do so, SEC SODA project addresses several facets of distributed software development that have a substantial impact on the global security of the software product.

More specifically, the project consists of research activities to :

  • support the systematic development of security-aware software architectures in which security properties can be accommodated, as well as verified for their effectiveness
  • enhance the implementation experience for developers of secure software by providing programming models that provably guarantee the absence of particular security problems, as well as by improving the integration of specialized security measures into a security-unaware, or even untrusted software artefact
  • enable the trustworthy deployment of secure software via techniques of self-protecting code, encrypted execution and remote attestation

This project is executed in collaboration with COSIC.

Verisoft XT

During my 6-month research visit at the European Microsoft Innovation Center (EMIC), I worked on the formal verification of the Microsoft Viridian HyperVisor, which is part of Windows Server 2008. This research was done in the context of the Verisoft project.

Verisoft is a long-term research project funded by the German Federal Ministry of Education and Research (BMBF). The main goal of the project is the pervasive formal verification of computer systems. The correct functionality of systems, as they are used, for example, in automotive engineering, in security technology and in the sector of medical technology, is to be mathematically proved.

During my research visit, I worked together with Microsoft EMIC, Microsoft Research Redmond (MSR) and the Universität des Saarlandes.

Belgian Fundamental Research on Cryptology and Information Security (BCRYPT)

The BCRYPT project is funded by Interuniversity Attraction Pole. The project addresses fundamental research challenges in discrete mathematics, cryptographic algorithms and protocols, watermarking, secure software, and secure hardware. Within the secure software module, we focus on composition technologies, the development process for secure software, countermeasure technologies for software vulnerabilities, and design methdologiesand policies for privacy-preserving and anonymous services.

BCRYPT brings together five Belgian research groups: COSIC and DISTRINET (K.U.Leuven), DICE and TELE (UCL), and the Incidence Geometry group (UGent) with two EU partners: TUHH (Germany) and IAIK, T.U.Graz (Austria).

 

Security of Software and Services for Mobile Systems (S3MS)

The EU-FP6 project Security of Software and Services for Mobile Systems (S3MS) addresses the shortcomings of the current security models for mobile devices, by integrating a variety of existing and newly-developed security technologies into all the phases of the mobile applications life-cycle. The project is a collaboration of academics and industry and is built on the notion of Security by Contract: applications come with contracts describing their security relevant behaviour.

Together with my colleagues, we develop a security architecture for mobile devices on top of .NET Compact framework. Our on-device security architecture enforces security automata on mobile devices and integrates a variety of enforcement techniques such as signing of assemblies, inlined reference monitors, proof-carrying code.

Partners in the project are the University of Trento, France Telecom, Create-Net, DoCoMo Euro-Labs, Fast, KTH, Moviquity, Omnys, SINTEF, Trusted Logic and Vrije Universiteit Amsterdam.

Software Security for Network Applications (SoBeNeT)

SoBeNeT is an SBO-project funded by the Flemish government (IWT). The goal of the SoBeNeT project is to enable the development of secure application software. Today, almost any software application is reachable over a network. Consequently most software applications are becoming more and more vulnerable for security threats and attacks.

The project relies upon the state of the art of security components: a wealth of technologies is already available (and still improving). However, it takes much more than the use of security components to build secure network application software: we need to address programming techniques, composition technology and software engineering methods to bridge this fundamental gap.

The consortium performs research activities in the domains of programming and composition technology for security, of software engineering methods for security, of tamper and analysis resistance technology. In short, the basic concept is to enable software development organizations to construct secure application software, and to ensure that the resulting software is sealed.

Partners in the project are COSIC and Cybertrust (now part of Verizon Business).

Older projects

In the past, I was also involved in the following projects:

  • Distrinet Protocol Stack framework (DiPS). In this in-house project a framework was developed for highly-adaptive and flexible protocol stacks and device drivers. The framework was the core of different research extensions including self-adapting resource management in overload situations (DMonA), component hotswapping (CUPS) and safe distributed service deployment (NeCoMan).
  • Service Centric Access Networks (SCAN). This IWT-funded project in collaboration with Alcatel, DiPS was applied in the context of service-centric access networks to achieve highly customizable protocol stacks. Different extensions were developed including the self-adapting resource management in overload situations (DMonA), the connection abstraction system (CAS) and the address management system (AMS).
  • Run-time Adaptable Component Infrastructure for active ad-hoc NetworkinG (RACING). This FWO-funded project in collaboration with INTEC (Ghent University) studied the run-time adaptation of customizable network infrastructure. Two additional layers were developed on top of the DiPS infrastructure: component hotswapping (CuPS) and the safe distributed service deployment layer (NeCoMan).