Cross-platform Open Security Stack for Connected Devices

Livrables

Extended description of use cases and scenarios including technical diagrams and specification of all scenarios’ components, security services, settings (T1.1).

Validation Criteria Initial Version

Presents the identified validation criteria for the CROSSCON IoT stack (T1.3).

CROSSCON Open Security Stack Documentation - Draft

A report on first research and development results of the CROSSCON stack components across tasks T3.1 to T3.5.

Requirements Elicitation Final Technical Specification

Second and final specification of CROSSCON IoT stack requirement elicitation based on technical and end users’ feedback (T1.2).

Use Cases Definition Initial Version

First version of use cases and scenarios definition including architecture, infrastructure, security services, and stakeholders’ relation (T1.1).

Requirements Elicitation Initial Technical Specification

First version of requirement elicitation for the CROSSCON IoT security stack (T1.2).

Dissemination and Communication Plan

A detailed plan for dissemination and communication of project results including stakeholders’ engagement plan and online channels development (T6.1).

Project Website

A report on the Website created, its layout, structure, and content management (T6.1).

CROSSCON Extensions to Domain Specific Hardware Architectures Documentation - Draft

A report of the first research and development results of the CROSSCON hardware/software extension primitives, algorithms and APIs for domain specific hardware architectures (T4.1, T4.2, T4.3).

Dissemination, Communication and Community Building First Report

A report on the dissemination and communication, stakeholders’ engagement, advisory board, and training activities for the first half of the project (T6.1, T6.3, T6.4).

Data Management Plan

A report describing the project’s data management plan, ethics and gender policy (T7.4).

CROSSCON Open Specification - Draft

A document with code and diagrams describing the initial version of the developed Open Specification and HW/SW co-design (T2.1,T2.3).

CROSSCON Open Security Stack - Initial Version

Software, technical diagrams and algorithms of experimental proof of concept of the CROSSCON stack components developed across tasks T3.1 to T3.5. TRL 3.

CROSSCON Extension Primitives to Domain Specific Hardware Architectures - Initial Version

Development board FPGA implementation of hardware/software extension primitives complemented with technical diagrams of the initial versions, experimental proof of concept, of the CROSSCON extension primitives and mechanisms developed across tasks T4.1, T4.2, and T4.3. TRL 3.

CROSSCON Formal Framework - Draft

A document with code, diagrams, repositories describing the initial formal framework and the developed/adapted tools (T2.2).

Publications

Securing Embedded and IoT Systems with SPMP-based Virtualization

Auteurs: Sandro Pinto, José Martins, Manuel Rodriguez, Tilen Nedanovski, Ziga Putrle, Matjaz Breskvar
Publié dans: RISC-V Summit Europe 2024, 2024
Éditeur: RISC-V Summit Europe 2024

WhisperFuzz: White-Box Fuzzing for Detecting and Locating Timing Vulnerabilities in Processors

Auteurs: Pallavi Borkar, Chen Chen, Mohamadreza Rostami, Nikhilesh Singh, Rahul Kande, Ahmad-Reza Sadeghi, Chester Rebeiro, Jeyavijayan Rajendran
Publié dans: USENIX, 2024
Éditeur: USENIX

μIPS: Software-Based Intrusion Prevention for Bare-Metal Embedded Systems

Auteurs: Luca Degani , Majid Salehi , Fabio Martinelli, Bruno Crispo
Publié dans: ESORICS 2023, 2023
Éditeur: Springer-Verlag
DOI: 10.1007/978-3-031-51482-1_16

BUSted!!! Microarchitectural Side-Channel Attacks on the MCU Bus Interconnect

Auteurs: Cristiano Rodrigues, Daniel Oliveira, Sandro Pinto
Publié dans: 2024 IEEE Symposium on Security and Privacy (SP), 2024, ISSN 2375-1207
Éditeur: IEEE Computer Society
DOI: 10.1109/SP54263.2024.00062

CROSSCON: Interoperable IoT Security Stack - The RISC-V Opportunity

Auteurs: Sandro Pinto, Matjaz Breskvar, Tiago Gomes, Hristo Koshutanski, Aljosa Pasic, Piotr Król, Emna Amri, David Purón, Zoltan Hornak, Marco Roveri, Alexandra Dmitrienko, Ahmad-Reza Sadeghi, Bruno Crispo
Publié dans: RISC-V Europe Summit 2023, 2023
Éditeur: RISC-V Europe Summit

Lost and Found in Speculation: Hybrid Speculative Vulnerability Detection

Auteurs: Mohamadreza Rostami,Shaza Zeitouni,Rahul Kande, Chen Chen, Pouya Mahmoody, Jeyavijayan Rajendran, Ahmad-Reza Sadeghi
Publié dans: Design Automation Conference, 2024, 2024
Éditeur: Design Automation Conference

One for All and All for One: GNN-based Control-Flow Attestation for Embedded Devices

Auteurs: Marco Chilese,Richard Mitev,Meni Orenbach, Robert Thorburn, Ahmad Atamli, Ahmad-Reza Sadeghi
Publié dans: 2024 IEEE Symposium on Security and Privacy (SP), 2024, ISSN 2375-1207
Éditeur: IEEE Computer Society
DOI: 10.1109/SP54263.2024.00182

AppBox: A Black-Box Application Sandboxing Technique for Mobile App Management Solutions

Auteurs: Maqsood Ahmad, Francesco Bergadano, Valerio Costamagna, Bruno Crispo, Giovanni Russello
Publié dans: IEEE Symposium on Computers and Communications (ISCC), 2023, ISSN 2642-7389
Éditeur: IEEE
DOI: 10.1109/ISCC58397.2023.10217861

The Nonce-nce of Web Security: an Investigation of CSP Nonces Reuse

Auteurs: Matteo Golinelli; Francesco Bonomi; Bruno Crispo
Publié dans: Computer Security. ESORICS 2023 International Workshops, 2023, ISBN 978-3-031-54129-2
Éditeur: Springer Nature Switzerland
DOI: 10.1007/978-3-031-54129-2_27

Beyond random inputs: A novel ML-based hardware fuzzing

Auteurs: Mohamadreza Rostami, Marco Chilese, Shaza Zeitouni, Rahul Kande, Jeyavijayan Rajendran, Ahmad-Reza Sadeghi
Publié dans: IEEE Design, Automation and Test in Europe Conference (DATE), 2024
Éditeur: IEEE Design, Automation and Test in Europe

Open-source SPMP-based CVA6 Virtualization

Auteurs: Manuel Rodríguez, José Martins, Bruno Sá and Sandro Pinto
Publié dans: RISC-V Summit EU, 2025
Éditeur: N.A.

CVA6 MMU-less Virtualization – From Hardware to Software, and Vice Versa!

Auteurs: Sandro Pinto
Publié dans: Embedded World, 2025
Éditeur: N.A.

A Novel Trusted Execution Environment for Next-Generation RISC-V MCUs

Auteurs: Sandro Pinto, Matjaz Breskvar
Publié dans: Embedded World, 2024
Éditeur: n.a.

LightShed: Defeating Perturbation-based Image Copyright Protections

Auteurs: Hanna Foerster, Sasha Behrouzi, Phillip Rieger, Murtuza Jadliwala, Ahmad-Reza Sadeghi
Publié dans: Usenix Security Symposium, 2025
Éditeur: N.A.

Cyber-physical metropolitan area digital substations test bench for evaluating intrusion detection systems

Auteurs: Santiago Sanchez-Acevedo, Tesfaye Amare Zerihun, Hristo Koshutanski, Alejandro Garcia-Bedoya
Publié dans: IEEE GPECOM 2024, 2024
Éditeur: IEEE GPECOM 2024
DOI: 10.36227/techrxiv.171778519.94792591/v1

An open-source Trusted Execution Environment for Resource-Constrained RISC-V MCUs

Auteurs: Luís Cunha∗ , Daniel Oliveira, João Sousa, Tiago Gomes, Sandro Pinto
Publié dans: RISC-V Summit EU, 2025
Éditeur: N.A.

Efficient and Safe I/O Operations for Intermittent Systems

Auteurs: Eren Yıldız, Saad Ahmed, Bashima Islam, Josiah Hester, Kasım Sinan Yıldırım
Publié dans: EuroSys: European Conference on Computer Systems, 2023, ISBN 9781450394871
Éditeur: Association for Computing Machinery
DOI: 10.1145/3552326.3587435

GenHuzz: An Efficient Generative Hardware Fuzzer

Auteurs: Lichao Wu, Mohamadreza Rostami, Huimin Li, Jeyavijayan Rajendran, Ahmad-Reza Sadeghi
Publié dans: Usenix Security Symposium, 2025
Éditeur: N.A

AuthentiSafe: Lightweight and Future-Proof Device-to-Device Authentication for IoT

Auteurs: T. Krauß, L. Petzi, G. Tsudik, and A. Dmitrienko.
Publié dans: ACM ASIA Conference on Computer and Communications Security, 2025
Éditeur: N.A.

RLFuzz: Accelerating Hardware Fuzzing with Deep Reinforcement Learning

Auteurs: Raphael Götz, Christoph Sendner, Nico Ruck, Mohamadreza Rostami, Alexandra Dmitrienko, Ahmad-Reza Sadeghi
Publié dans: 2025 IEEE International Symposium on Hardware Oriented Security and Trust (HOST), 2025
Éditeur: IEEE
DOI: 10.1109/HOST64725.2025.11050051

Mind the CORS

Auteurs: Golinelli, Matteo; Arshad, Elham; Kashchuk, Dmytro; Crispo, Bruno
Publié dans: IEEE International Conference on Trust, Privacy and Security in Intelligent Systems and Applications (TPS-ISA), 2023
Éditeur: N.A.
DOI: 10.1109/TPS-ISA58951.2023.00035

PUF-based Authentication in IoT against Strong Physical Adversary using Zero-Knowledge Proofs

Auteurs: Lukas Petzi, Alexandra Dmitrienko, Ivan Visconti
Publié dans: SafeThings 2024, 2024
Éditeur: SafeThings

Device Behavioral Profiling for Autonomous Protection Using Deep Neural Networks

Auteurs: Sandeep Gupta, Bruno Crispo
Publié dans: 2023 IEEE Symposium on Computers and Communications (ISCC), 2023
Éditeur: IEEE Computer Society
DOI: 10.1109/ISCC58397.2023.10218275

Shedding Light on Static Partitioning Hypervisors for Arm-based Mixed-Criticality Systems

Auteurs: Martins, José; Pinto, Sandro
Publié dans: 2023 IEEE 29th Real-Time and Embedded Technology and Applications Symposium (RTAS), 2023, ISSN 2642-7346
Éditeur: IEEE Computer Society
DOI: 10.1109/rtas58335.2023.00011

HFL: Hardware Fuzzing Loop with Reinforcement Learning

Auteurs: Lichao Wu, Mohamadreza Rostami, Huimin Li, Ahmad-Reza Sadeghi
Publié dans: 2025 Design, Automation &amp; Test in Europe Conference (DATE), 2025
Éditeur: IEEE
DOI: 10.23919/DATE64628.2025.10993080

VoiceRadar: Voice Deepfake Detection using Micro-Frequency and Compositional Analysis

Auteurs: Kavita Kumari , Maryam Abbasihafshejani , Alessandro Pegoraro, Phillip Rieger, Kamyar Arshi, Murtuza Jadliwala and Ahmad-Reza Sadeghi
Publié dans: Network and Distributed System Security (NDSS), 2025
Éditeur: N.A.

Bridging the Interoperability Gaps Among Trusted Architectures in MCUs

Auteurs: Sandro Pinto, Luís Cunha, Daniel Oliveira, Michele Grisafi, Emanuele Beozzo, Bruno Crispo
Publié dans: Lecture Notes in Computer Science, Information and Communications Security, 2025
Éditeur: Springer Nature Singapore
DOI: 10.1007/978-981-95-3543-9_15

SafeSplit: A Novel Defense Against Client-Side Backdoor Attacks in Split Learning

Auteurs: Phillip Rieger, Alessandro Pegoraro, Kavita Kumari, Tigist Abera, Jonathan Knauer Ahmad-Reza Sadeghi
Publié dans: Network and Distributed System Security (NDSS), 2025
Éditeur: N.A.

Automatic Adversarial Adaption for Stealthy Poisoning Attacks in Federated Learning

Auteurs: Torsten Krauß, Jan König, Alexandra Dmitrienko, Christian Kanzow
Publié dans: NDSS, 2024
Éditeur: N.A.

Valkyrie: A Response Framework to Augment Runtime Detection of Time-Progressive Attacks

Auteurs: Nikhilesh Singh, Chester Rebeiro
Publié dans: 2025 55th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN), 2025
Éditeur: IEEE
DOI: 10.1109/DSN64029.2025.00053

CROSSCON: Interoperable IoT Security Stack for Embedded Connected Devices

Auteurs: Sandro Pinto, Matjaz Breskvar, Tiago Gomes, Hristo Koshutanski, Aljosa Pasic, Piotr Król, Emna Amri, David Purón, Zoltan Hornak, Marco Roveri, Alexandra Dmitrienko, Ahmad-Reza Sadeghi, Bruno Crispo
Publié dans: Embbeded World 2024, 2024
Éditeur: Embbeded World Exhibition&Conference

Certified Secure Updates for IoT Devices

Auteurs: Tacchella, A., Beozzo, E., Crispo, B., Roveri, M.
Publié dans: ICT Systems Security and Privacy Protection, 2025
Éditeur: Springer, Cham
DOI: 10.1007/978-3-031-92882-6_11

Virtualization today, Virtualization tomorrow

Auteurs: Sandro Pinto
Publié dans: Embedded World, 2023
Éditeur: N.A.

FreqFed: A Frequency Analysis-Based Approach for Mitigating Poisoning Attacks in Federated Learning

Auteurs: Fereidooni, Hossein; Pegoraro, Alessandro; Rieger, Phillip; Dmitrienko, Alexandra; Sadeghi, Ahmad-Reza
Publié dans: Network and Distributed System Security (NDSS) Symposium, 2024
Éditeur: Network and Distributed System Security (NDSS) Symposium
DOI: 10.48550/arxiv.2312.04432

Revisiting Formal Verification in VeriSolid: An Analysis and Enhancements

Auteurs: Chahoki, A. Z.; Roveri, M.; Amyot, D.; Mylopoulos, J.
Publié dans: CEUR-WS, 2023
Éditeur: N.A.

Software and Systems Modeling

Auteurs: Aidin Rasti; Amal Ahmed Anda; Sofana Alfuhaid; Alireza Parvizimosaed; Daniel Amyot; Marco Roveri; Luigi Logrippo; John Mylopoulos
Publié dans: Software and Systems Modeling, 2024, ISSN 1619-1366
Éditeur: Springer-Verlag
DOI: 10.5281/ZENODO.7897782

FLAShadow: A Flash-based Shadow Stack for Low-end Embedded Systems

Auteurs: Michele Grisafi, Mahmoud Ammar, Marco Roveri, Bruno Crispo
Publié dans: ACM Transactions on Internet of Things, Numéro 5, 2025, ISSN 2691-1914
Éditeur: Association for Computing Machinery (ACM)
DOI: 10.1145/3670413

Marionette: Manipulate Your Touchscreen via A Charging Cable

Auteurs: Yan Jiang, Xiaoyu Ji,Kai Wang,Chen Yan, Richard Mitev, Ahmad-Reza Sadeghi, Wenyuan Xu
Publié dans: IEEE Transactions on Dependable and Secure Computing, 2023, ISSN 1941-0018
Éditeur: IEEE Computer Society
DOI: 10.1109/TDSC.2023.3326181

AnyTEE: An Open and Interoperable Software Defined TEE Framework

Auteurs: David Cerdeira, José Martins, Nuno Santos, Sandro Pinto
Publié dans: IEEE Access, Numéro 13, 2025, ISSN 2169-3536
Éditeur: Institute of Electrical and Electronics Engineers (IEEE)
DOI: 10.1109/ACCESS.2025.3581487

CryptojackingTrap: An Evasion Resilient Nature-Inspired Algorithm to Detect Cryptojacking Malware

Auteurs: Atefeh Zareh Chahoki; Hamid Reza Shahriari; Marco Roveri
Publié dans: IEEE Transactions on Information Forensics and Security, 2024, ISSN 1556-6021
Éditeur: IEEE Transactions on Information Forensics and Security
DOI: 10.21227/kwh4-0g27

Automatic Adversarial Adaption for Stealthy Poisoning Attacks in Federated Learning

Auteurs: Torsten Krauß; Jan König; Alexandra Dmitrienko; Christian Kanzow
Publié dans: Network and Distributed System Security Symposium, 2024, ISSN 0000-0000
Éditeur: N.A.
DOI: 10.14722/NDSS.2024.241366

Fuzzerfly Effect: Hardware Fuzzing for Memory Safety

Auteurs: Mohamadreza Rostami, Chen Chen, Rahul Kande, Huimin Li, Jeyavijayan Rajendran, Ahmad-Reza Sadeghi
Publié dans: IEEE Security & Privacy, Numéro 22, 2024, ISSN 1540-7993
Éditeur: Institute of Electrical and Electronics Engineers (IEEE)
DOI: 10.1109/MSEC.2024.3365070

BiRtIO: VirtIO for Real-Time Network Interface Sharing on the Bao Hypervisor

Auteurs: João Peixoto; José Martins; David Cerdeira; Sandro Pinto
Publié dans: IEEE Access, 2024, ISSN 0000-0000
Éditeur: N.A.
DOI: 10.1109/ACCESS.2024.3512777

Firmware Secure Updates meet Formal Verification

Auteurs: Alberto Tacchella, Emanuele Beozzo, Bruno Crispo, Marco Roveri
Publié dans: ACM Transactions on Cyber-Physical Systems, 2025, ISSN 2378-962X
Éditeur: Association for Computing Machinery (ACM)
DOI: 10.1145/3754455

HSP-V: Hypervisor-less Static Partitioning for RISC-V COTS Platforms

Auteurs: João Sousa; José Martins; Tiago Gomes; Sandro Pinto
Publié dans: IEEE Access, 2024, ISSN 2169-3536
Éditeur: IEEE Access
DOI: 10.1109/ACCESS.2024.3399601

Gain insights into the latest empirical Cyber Security trends and results from Horizon Europe Funded Projects

Auteurs: AI4CYBER, CERTIFY, CROSSCON, ENCRYPT, KINAITICS, REWIRE, TRUMPET and TRUSTEE
Publié dans: CROSSCON Website, 2025
Éditeur: N.A.

Automated Generation of Smart Contract Code from Legal Contract Specifications with Symboleo2SC

Auteurs: Aidin Rasti; Amal Ahmed Anda; Sofana Alfuhaid; Alireza Parvizimosaed; Daniel Amyot; Marco Roveri; Luigi Logrippo; John Mylopoulos
Publié dans: Zenodo Platform, 2023
Éditeur: N.A.
DOI: 10.5281/ZENODO.7897782

CROSSCON: Cross-platform Open Security Stack for Connected Devices

Auteurs: Bruno Crispo, Marco Roveri; Sandro Pinto, Tiago Gomes; Aljosa Pasic; Akos Milankovich; David Purón, Ainara Garcia; Ziga Putrle; Peter Ten; Malvina Catalano
Publié dans: 2024
Éditeur: CROSSCON Project

Livrables

Publications

Partager cette page Partager cette page sur les réseaux sociaux

Télécharger Télécharger le contenu de la page