Revolutionised Enhanced Supply Chain Automation with Limited Threats Exposure

Leistungen

RESCALE Continuous Security Assurance Platform (first version)

This deliverable will provide a description (support features, architectures, functionalities) of the first version (MVP) of the continuous security assurance platform.

Dissemination Report (first version)

The deliverable will describe the dissemination plan and report on all relevant activities during the first half of the project.

TBOM Security and Trust Mechanism (first version)

This deliverable will present the initial version of the RESCALE TBOM security and trust mechanism detailing the chosen blockchain infrastructure, entries and initial smart contracts features. It will present also potential issues and will provide a roadmap on the future development towards the final version of these trust mechanisms.

Solutions for Security Testing of Low-Level System Components (first version)

This deliverable will present the initial version of the RESCALE solutions that target security testing of firmware, OS and microarchitectural components. Besides the description of the solutions’ features, functionalities and architecture, the report will present open issues and future features and functionalities that will be included in the final version of the solutions.

Technology Analysis and Requirements Specification (first version)

This deliverable will provide a state-of-the-art analysis and the initial requirements specification.

Specification of the TBOM Structure

This deliverable will provide the complete specification of the TBOM structure and its subcomponents.

Hardware Vulnerability and Leakage Detection (first version)

This deliverable will present the initial version of the RESCALE solutions that target the detection of hardware vulnerabilities and information leakage. It will detail the coverage that this initial version achieves as well as potential issues and will provide a roadmap on the future development towards the final version of these components.

Trust Orchestrator (first version)

The deliverable will provide the description of the first integrated version of the overall Trust Orchestrator framework.

Validation and Evaluation Report (first version)

The deliverable will provide the validation and evaluation report of the first cycle of the project covering the MVP version of all components, initial integration results and pilot deployments.

Use Case Specification (first version)

This deliverable will provide a detailed description and specification of the two pilot use cases of the project.

High Level Architecture (first version)

This deliverable will present the initial version of the high level architecture of all RESCALE tools and components along with their interactions and interfaces.

Dynamic Testing Analysis Components (first version)

This deliverable will provide a description (support features, architectures, functionalities) of the first version of the dynamic testing analysis modules. Additionally it will provide information on open issues with said modules and a roadmap towards their envisioned final version.

Static Code Analysers and Formal Verification Methods (first version)

This deliverable will cover the development of the first version of the RESCALE static code analysers and formal verifications methods and describe their features, functionalities and open issues. The deliverable will also include a roadmap towards a final version of these components.

Project Website

A website will be designed as the main communication portal of the project. After initial deployment, the website will be continuously updated to reflect current information about the project, important news and announcements, public deliverables, events etc. In addition, social media accounts will be created (Twitter, Youtube channel, Facebook page, LinkedIn page) to engage a wider audience, disseminate project activities, drive traffic towards the projects main website and establish easy and direct communication paths with the general academic and industrial community.

Pilot Deployment, Test and Demonstration (first version)

The deliverable will present the results of the deployment and testing of the first version of the RESCALE solutions in the pilot use cases and provide demonstrators for the initial outcomes.

Veröffentlichungen

Training Solo: On the Limitations of Domain Isolation Against Spectre-v2 Attacks

Autoren: Sander Wiebing, Cristiano Giuffrida
Veröffentlicht in: 2025 IEEE Symposium on Security and Privacy (SP), 2025, ISBN 979-8-3315-2236-0
Herausgeber: IEEE
DOI: 10.1109/SP61157.2025.00253

VulnBERTa: On Automating CWE Weakness Assignment and Improving the Quality of Cybersecurity CVE Vulnerabilities Through ML/NLP

Autoren: Hannu Turtiainen, Andrei Costin
Veröffentlicht in: 2024 IEEE European Symposium on Security and Privacy Workshops (EuroS&amp;PW), 2024, ISSN 2768-0657
Herausgeber: IEEE
DOI: 10.1109/EUROSPW61312.2024.00075

Phantom Trails: Practical Pre-Silicon Discovery of Transient Data Leaks

Autoren: Alvise de Faveri Tron, Raphael Isemann, Hany Ragab, Cristiano Giuffrida, Klaus von Gleissenthall, Herbert Bos
Veröffentlicht in: 2025, ISBN 9781939133526
Herausgeber: USENIX Association
DOI: 10.5281/ZENODO.17009888

Leaky Address Masking: Exploiting Unmasked Spectre Gadgets with Noncanonical Address Translation

Autoren: Mathé Hertogh, Sander Wiebing, Cristiano Giuffrida
Veröffentlicht in: 2024 IEEE Symposium on Security and Privacy (SP), 2024, ISBN 979-8-3503-3130-1
Herausgeber: IEEE
DOI: 10.1109/SP54263.2024.00158

Safeguarding Blockchain and Dlts From Arbitrary and Malicious Content

Autoren: Alan Barnett, Merry Globin, Tarek Zaarour, Sean Ahearne, Ahmed Khalid
Veröffentlicht in: 2024 IEEE 32nd International Conference on Network Protocols (ICNP), 2025, ISSN 2643-3303
Herausgeber: IEEE
DOI: 10.1109/ICNP61940.2024.10858544

Predictive Context-sensitive Fuzzing

Autoren: Pietro Borrello, Andrea Fioraldi, Daniele Cono D'Elia, Davide Balzarotti, Leonardo Querzoni, Cristiano Giuffrida
Veröffentlicht in: Proceedings 2024 Network and Distributed System Security Symposium, 2024
Herausgeber: Internet Society
DOI: 10.14722/NDSS.2024.24113

A Review on Privacy and Monetization Aspects Within BCI and XR-BCI Ecosystems

Autoren: Tuomo Lahtinen, Andrei Costin, Guillermo Suarez-Tangil, Narges Yousefnezhad
Veröffentlicht in: Lecture Notes in Business Information Processing, Business Modeling and Software Design, 2024, ISBN 978-3-031-64073-5
Herausgeber: Springer Nature Switzerland
DOI: 10.1007/978-3-031-64073-5_11

iVault: Architectural Code Concealing Techniques to Protect Cryptographic Keys

Autoren: George Christou, Giorgos Vasiliadis, Apostolis Zarras, Sotiris Ioannidis
Veröffentlicht in: Lecture Notes in Computer Science, Embedded Computer Systems: Architectures, Modeling, and Simulation, 2024, ISBN 978-3-031-78380-7
Herausgeber: Springer Nature Switzerland
DOI: 10.1007/978-3-031-78380-7_13

Sticky Tags: Efficient and Deterministic Spatial Memory Error Mitigation using Persistent Memory Tags

Autoren: Floris Gorter, Taddeus Kroes, Herbert Bos, Cristiano Giuffrida
Veröffentlicht in: 2024 IEEE Symposium on Security and Privacy (SP), 2024, ISBN 979-8-3503-3130-1
Herausgeber: IEEE
DOI: 10.1109/SP54263.2024.00263

GhostRace: Exploiting and Mitigating Speculative Race Conditions

Autoren: Hany Ragab, Andrea Mambretti, Anil Kurmus, Cristiano Giuffrida
Veröffentlicht in: 33rd USENIX Security Symposium, 2024, ISBN 978-1-939133-44-1
Herausgeber: USENIX Association
DOI: 10.5281/ZENODO.13771348

Understanding SBOMs in Real-World Systems – A Practical DevOps/SecOps Perspective

Autoren: Narges Yousefnezhad, Andrei Costin
Veröffentlicht in: Lecture Notes in Business Information Processing, Business Modeling and Software Design, 2024, ISBN 978-3-031-64073-5
Herausgeber: Springer Nature Switzerland
DOI: 10.1007/978-3-031-64073-5_20

Half Spectre, Full Exploit: Hardening Rowhammer Attacks with Half-Spectre Gadgets

Autoren: Andrea Di Dio, Mathé Hertogh, Cristiano Giuffrida
Veröffentlicht in: 2025 IEEE Symposium on Security and Privacy (SP), 2025, ISBN 979-8-3315-2236-0
Herausgeber: IEEE
DOI: 10.1109/SP61157.2025.00207

Reproducibility of Firmware Analysis: An Empirical Study

Autoren: Narges Yousefnezhad, Andrei Costin
Veröffentlicht in: Lecture Notes in Business Information Processing, Business Modeling and Software Design, 2024, ISBN 978-3-031-64073-5
Herausgeber: Springer Nature Switzerland
DOI: 10.1007/978-3-031-64073-5_13

Position: On Potential Malware & New Attack Vectors for Internet-of-Brains (IoB)

Autoren: Tuomo Lahtinen, Andrei Costin, Guillermo Suarez-Tangil
Veröffentlicht in: 2024 IEEE European Symposium on Security and Privacy Workshops (EuroS&amp;PW), 2024, ISSN 2768-0657
Herausgeber: IEEE
DOI: 10.1109/EUROSPW61312.2024.00066

RangeSanitizer: Detecting Memory Errors with Efficient Range Checks

Autoren: Floris Gorter, Cristiano Giuffrida
Veröffentlicht in: 2025, ISBN 9781939133526
Herausgeber: USENIX Association
DOI: 10.5281/ZENODO.17009907

SafeFetch: Practical Double-Fetch Protection with Kernel-Fetch Caching

Autoren: Victor Duta, Mitchel Josephus Aloserij, Cristiano Giuffrida
Veröffentlicht in: 33rd USENIX Security Symposium, 2024, ISBN 978-1-939133-44-1
Herausgeber: USENIX Association
DOI: 10.5281/ZENODO.13771642

InSpectre Gadget: Inspecting the Residual Attack Surface of Cross-privilege Spectre v2

Autoren: Sander Wiebing, Alvise de Faveri Tron, Herbert Bos, Cristiano Giuffrida
Veröffentlicht in: 33rd USENIX Security Symposium, 2024, ISBN 978-1-939133-44-1
Herausgeber: USENIX Association
DOI: 10.5281/ZENODO.13771606

Holistic IoT Security, Privacy and Safety: Integrated, Approaches Protecting A Highly Connected World

Autoren: Konstantinos Loupos
Veröffentlicht in: 2025, ISBN 978-1-63828-507-6
Herausgeber: Now Publishers
DOI: 10.1561/9781638285076

Game on: a performance comparison of interpolation techniques applied to Shamir’s secret sharing

Autoren: Anastassis Voudouris, Aristomenis Tressos, Apostolis Zarras, Christos Xenakis
Veröffentlicht in: The Computer Journal, Ausgabe 68, 2024, ISSN 0010-4620
Herausgeber: Oxford University Press (OUP)
DOI: 10.1093/COMJNL/BXAE109

Leistungen

Veröffentlichungen

Diese Seite teilen Diese Seite in sozialen Netzwerken teilen

Herunterladen Den Inhalt der Seite herunterladen