A5051319967- Security and Verification in Computing
- Cloud Data Security Solutions
- Advanced Malware Detection Techniques
- Physical Unclonable Functions (PUFs) and Hardware Security
- IoT and Edge/Fog Computing
- Advanced Memory and Neural Computing
- DNA and Biological Computing
- Advanced Neural Network Applications
- Radiation Effects in Electronics
- Chaos-based Image/Signal Encryption
- Advanced Data Storage Technologies
- Software Reliability and Analysis Research
- Systems Engineering Methodologies and Applications
- Cryptography and Data Security
- Advanced Database Systems and Queries
- IPv6, Mobility, Handover, Networks, Security
- Distributed systems and fault tolerance
- Context-Aware Activity Recognition Systems
- Adversarial Robustness in Machine Learning
- Safety Systems Engineering in Autonomy
- Diamond and Carbon-based Materials Research
University of Neuchâtel
2021-2024
Over the last decade, cloud computing landscape has transformed from a centralised architecture made of large data centres to distributed and heterogeneous embracing edge IoT units. This shift created so-called cloud-edge continuum, which closes gap between end-user devices. Existing solutions for programming continuum are, however, dominated by proprietary silos incompatible technologies, built around dedicated devices run-time stacks. In this position paper, we motivate need an...
WebAssembly is an Increasingly popular lightweight binary instruction format, which can be efficiently embedded and sandboxed. Languages like C, C++, Rust, Go, many others compiled into WebAssembly. This paper describes Twine, a trusted runtime designed to execute unmodified, language-independent applications. We leverage Intel SGX build the environment without dealing with language-specific, complex APIs. While hardware provides secure execution within processor, Twine secure, sandboxed...
WebAssembly (Wasm) is a novel low-level bytecode format that swiftly gained popularity for its efficiency, versatility and security, with near-native performance. Besides, trusted execution environments (TEEs) shield critical software assets against compromised infrastructures. However, TEEs do not guarantee the code to be trustworthy or it was tampered with. Instead, one relies on remote attestation assess before execution. This paper describes WaTZ, which (i) an efficient secure runtime of...
In real-world scenarios, trusted execution environments (TEEs) frequently host applications that lack the trust of infrastructure provider, as well data owners who have specifically outsourced their for remote processing. We present Twine, a runtime running WebAssembly-compiled within TEEs, establishing two-way sandbox. Twine leverages memory safety guarantees WebAssembly (Wasm) and abstracts complexity empowering legacy language-agnostic applications. It extends standard system interface...
The VEDLIoT project targets the development of energy-efficient Deep Learning for distributed AIoT applications. A holistic approach is used to optimize algorithms while also dealing with safety and security challenges. based on a modular scalable cognitive IoT hardware platform. Using microserver technology enables user configure satisfy wide range offers complete design flow Next-Generation devices required collaboratively solving complex applications across systems. methods are tested...
The popularity of the Java programming language has led to its wide adoption in cloud computing infrastructures. However, applications running untrusted clouds are vulnerable various forms privileged attacks. emergence trusted execution environments (TEEs) such as Intel SGX mitigates this problem. TEEs protect code and data secure enclaves inaccessible software, including kernel hypervisors. To efficiently use TEEs, developers must manually partition their into parts, order reduce size base...
Attestation is a fundamental building block to establish trust over software systems. When used in conjunction with trusted execution environments, it guarantees that genuine code executed even when facing strong attackers, paving the way for adoption several sensitive application domains. This paper reviews existing remote attestation principles and compares functionalities of current environments as Intel SGX, Arm TrustZone AMD SEV, well emerging RISC-V solutions.
The VEDLIoT project aims to develop energy-efficient Deep Learning methodologies for distributed Artificial Intelligence of Things (AIoT) applications. During our project, we propose a holistic approach that focuses on optimizing algorithms while addressing safety and security challenges inherent AIoT systems. foundation this lies in modular scalable cognitive IoT hardware platform, which leverages microserver technology enable users configure the meet requirements diverse array...
With the increasing popularity of Internet Things (IoT) devices, securing sensitive user data has emerged as a major challenge. These devices often collect confidential information, such audio and visual data, through peripheral inputs like microphones cameras. Such information is then exposed to potential threats, either from malicious software with high-level access rights or transmitted (sometimes inadvertently) untrusted cloud services. In this paper, we propose generic design enhance...
The widespread adoption of cloud-based solutions introduces privacy and security concerns. Techniques such as homomorphic encryption (HE) mitigate this problem by allowing computation over encrypted data without the need for decryption. However, high computational memory overhead associated with underlying cryptographic operations has hindered practicality HE-based solutions. While a significant amount research focused on reducing utilizing hardware accelerators like GPUs FPGAs, there been...
Traditional email encryption schemes are vulnerable to EFail attacks, which exploit the lack of message authentication by manipulating ciphertexts and exfiltrating plaintext via HTML backchannels. Swiss Post's IncaMail, a secure service for transmitting legally binding, encrypted, verifiable emails, counters attacks using an authenticated-encryption with associated data (AEAD) scheme ensure privacy between servers. IncaMail relies on trusted infrastructure backend encrypts messages per user...
Publish/subscribe systems play a key role in enabling communication between numerous devices distributed and large-scale architectures. While widely adopted, securing such often trades portability for additional integrity attestation guarantees. Trusted Execution Environments (TEEs) offer potential solution with enclaves to enhance security trust. However, application development TEEs is complex, many existing solutions are tied specific TEE architectures, limiting adaptability. Current...
With the increasing popularity of Internet Things (IoT) devices, securing sensitive user data has emerged as a major challenge. These devices often collect confidential information, such audio and visual data, through peripheral inputs like microphones cameras. Such information is then exposed to potential threats, either from malicious software with high-level access rights or transmitted (sometimes inadvertently) untrusted cloud services. In this paper, we propose generic design enhance...
WebAssembly (Wasm) is a novel low-level bytecode format that swiftly gained popularity for its efficiency, versatility and security, with near-native performance. Besides, trusted execution environments (TEEs) shield critical software assets against compromised infrastructures. However, TEEs do not guarantee the code to be trustworthy or it was tampered with. Instead, one relies on remote attestation assess before execution. This paper describes WaTZ, which (i) an efficient secure runtime of...