Research Statement

CritiX pursues research excellence, with the right balance between science and technology. We study new theories and we also like to do proof-of-concept experiments about the theories we work on. We try that our papers and theses tell a good story as clearly as possible. We work hard for our demonstrations to be convincing and captivating. We all rejoice when our research impacts the real world. Because we believe science is made for others.

You may know more about our culture in the CritiX Research Book of Style.

CritiX structures its research in order to be compliant to the initial mission, in coherence with the scientific focal points of the strategic PEARL programme Information Infrastructure Security and Dependability (IIS&D). These four points along which we plan to develop mid-term research capacity and activity, are:

• Resilience of Cyber-Physical System Infrastructures and Control.
• Internet and Cloud Infrastructures Resilience.
• Security and Dependability of Embedded Components.
• Data Privacy and Integrity In Highly Sensitive Sectors.

Critical sectors constituting the current focus of interest and activity, and matching the focal points defined for the PEARL programme, are:

• e-Health systems, featuring critical biomedical data processing and storage needs;
• Financial operations featuring blockchain-based infrastructures;
• Autonomous and cooperative vehicles and other CPS featuring SCADA/DCS;
• Cloud data center architectures featuring critical hypervisor and SDN operation needs.

 

Resilience of Cyber-Physical Systems Infrastructures and Control

Critical infrastructures such as the energy grid used to be highly isolated, mostly proprietary, and hence, secure against most threats and reasonably robust against accidental faults. However, in recent years their complexity has increased by way of the added computer and network machinery, a mutation of control systems into cyber-physical systems (CPS) increasing the likelihood of accidental computer-generated faults pervading the control system (a dependability problem), or of these vulnerabilities being exploited with malicious intent (a security problem). Stuxnet, a well-designed worm targeting CPS infrastructures, said to have impaired the operation of hundreds of networked controllers, is a live example of the risks at stake. The main subsystems at stake in CPS infrastructures are SCADA/DCS, whereas specifically in energy grids, as well as the autonomous vehicles ecosystem, which will deserve our special attention.

In this focal point, we wish to investigate the use of techniques such as intrusion tolerance or Byzantine fault tolerance and adaptation and self-healing mechanisms, in the demanding real-time and real-world context of CPS, to achieve resilience as a desirable framework to resist advanced persistent threats: “the adversary controls part of our infrastructure, and yet does not succeed to win”.

Internet and Cloud Infrastructures Resilience

The Internet and Cloud world has two facets of concern with regard to security and dependability, to which we will devote special concern: cloud computing (CC); and software-defined networking (SDN).

Cloud computing has been an extremely successful process and business model. Yet, the dependence of the IT business on clouds is perhaps not yet met by adequate levels of robustness. This can be testified by the numerous failures of cloud provider services made public, having caused service and data loss, as well as confidentiality compromises. Existing approaches (e.g., privileged or federated) provide only partial mitigations to this problem and require ample margin of trust on the providers. Following basic principles of design for resilience, our research here will specifically draw from early advances on using the multi-cloud or cloud-of-clouds paradigm as a path to achieve cloud computing resilience, leveraging the availability of multiple cloud environments to create diverse ecosystems. Such a vision obviously reiterates the framework to resist advanced persistent threats, in that the cloud infrastructure may be partially controlled by adversaries and yet remain secure and dependable. Ransomware attacks like Wannacry in 2017 would have been much less effective if these paradigms were part of the industry s.o.t.a.

Software-defined networking is another path we follow. SDN is an emerging paradigm that consists in the separation of the control plane from the data plane. Whilst control logic centralisation and network programmability is a crucial value proposition of SDN, it also introduces serious security and dependability issues: new fault and attack planes, which open the doors for new threats that did not exist before or were harder to exploit. An attack similar to Stuxnet, could have dramatic consequences in a highly configurable and programmable network, albeit ill-protected. It is more than likely that such advanced persistent threats will be developed against SDNs, if the opportunity of success presents itself. In the context of this focal point, we plan to study approaches that consider security and dependability of the SDN itself as first class properties of future SDNs, built into the design and not bolted on. Avenues for such research include security of control plane communications, or controller resilience.

Security and Dependability of Embedded Components

Whilst the previous focal points are essentially architectural, there are several motivations for looking at component-level trustworthiness, since unexpected failure of key components may entail the failure of a whole system. First, to assess and avoid premature exhaustion failure. Secondly, many systems, especially CPS and VMMS, have unique components that are trusted computing bases without any particular measures to enforce it and, as such, single points of failure. Trusted components must be made trustworthy by design and construction. There are however fragilities in the degree of trustworthiness of several key known components in secure systems, which may undermine the confidence we have in the latter systems.

We will investigate measures to ensure the security and dependability of embedded components against external attacks and in particular, against subversion (RTES, VMMS, etc.). In the RTE facet, relevant to CPS-based infrastructures, we have a particular interest in the smart grid component problems. The VMM part of the equation is especially interesting, since a crucial assumption on which a lot of the cloud business relies, is the tamper-proofness of the hypervisors, whose imperfect coverage deserves some research attention.

Data Privacy and Integrity in Highly Sensitive Sectors

This focal point complements the first ones, which are infrastructural, by addressing the problems of data stored, computed and moved across infrastructures. We wish to specialise on the problems of data privacy and integrity in highly sensitive sectors for citizens and organisations, such as those concerned with biomedical, and with financial data. Special priority will be given to the problem of genomics and disease data, and of financial data and blockchain-based operations. Both are fascinating themes for potential interdisciplinary research, reaching out to bio molecular and medical, or to FinTech and law.

We are observing the advent of the new era of e-Health, where there will be a progressive evolution towards the use of public clouds, coexisting and interplaying with dedicated data centers and private clouds. This vision is triggered by the dramatic evolution of the cost and speed of Next-Generation-Sequencing (NGS), putting pressure to seek affordable storage alternatives, despite the associated risks --- including data and privacy loss. The dawn of personalized medicine and genome editing, further consolidate the trend.We propose to investigate new paradigms and technologies for functional and usable e-Health ecosystems which promote accessibility and sharing of data by researchers, yet preserve reliability, availability, and integrity, and above all, privacy of the stakeholders’ information. Our proposal is that it should be possible to use public clouds to store sensitive information, through adequate combinations of encryption, coding, dispersion and fault-tolerance mechanisms, in order to ensure that no part is a single-point-of-failure. We also plan to investigate innovative algorithms that achieve privacy-preserving disclosure of genomic data, a problem made sensitive after recent re-identification attacks published by researchers.

Cryptocurrencies such as Bitcoin are based on the blockchain principle: all transactions are managed in a shared ledger, in a decentralised way. Participants (“miners”) make transactions advance by solving a difficult cryptographic computing task, to be able to legitimately receive a sum in the cryptocurrency as a reward. Unfortunately, Bitcoin is plagued by several attacks stemming from a basic conceptual vulnerability: it assumes that it should not be possible for any single party to control more than 50% of the network computing power. The vulnerability can be exploited as simply as through a flash attack, where someone briefly hires computing power and can therefore carry out such a 51% attack. We are investigating techniques that leverage Byzantine fault tolerance algorithms to prevent such uncertainties, constraining the formation of colluding cliques that control the network, and mechanisms that take the long-term performance and reliability of a miner into account, preventing flash attacks. Additionally, we intend to devise techniques that do not constrain performance of blockchain, but rather enhance it.