PROTASIS - Restoring Trust in the Cyber Space: A Systems Security Proposal

Date: 
01/05/2016 to 30/04/2020

Introduction

Fueled by a string of high profile attacks and recent revelations about unprecedented cyber surveillance, interest in systems security is rising-not just among industry and governments, but even among individual citizens across Europe. Corporate organizations worry about the viability of their businesses, nation states about cyber attacks by other nation states or terrorist groups, and citizens about the trustworthiness of the ICT infrastructures.

We this project we address these cybersecurity issues by fostering collaborations via supporting researchers from European institutes to spend time with their American counterparts in top universities. We focus our research efforts on both advanced attacks (e.g., exploits, malware, and exfiltration techniques), and defenses (e.g., developing secure software and protecting resource-constrained devices).

Who is the project designed for?

The project focuses on technical vulnerabilities, cyberattacks and cyber-defenses. In this aspect most (all?) vertical sectors can benefit from it.
The stakeholders of the project are:

  • End users and EU citizens who will mainly receive the benefits of PROTASIS in the form of an increased protection level.
  • Policymakers in the EU will make use of the identified threat vectors and defense techniques to effectively target their efforts for cybersecurity and homeland defense.
  • Security vendors and service providers will be able to integrate and use parts of the produced research information to deliver better protection to their customers.
  • Businesses will be able to assess the impact of cyberattacks against critical business processes, as well as the potential impact of cyber-physical vulnerabilities. Also, they will be able to implement some of the defensive countermeasures to improve their resilience to cyberattacks.
  • Researchers both in the industry and in the academia will be able to get access to some of the collected data and metadata for their ongoing research, besides the obvious networking and publishing fallouts of the project.

How is your project benefitting the end-user?

End users will benefit through better research, superior awareness, and better products.

Please briefly describe the results your project achieved so far

The project so far has implemented several collaborations between the European partners (FORTH, Politecnico di Milano, VUA, RUB, Telefonica, and F-Secure) and the US partners (Columbia, MIT, Northeastern, UCSB, Stony Brook, UCSB, and Stevens IT). These collaborations have resulted in top publications in places such as EuroSec, WWW, IMC, IEEE S&P, etc.
The individual systems developed relate to:

  • Vulnerabilities in industrial control systems
  • Vulnerabilities in smartphones
  • Vulnerabilities and defenses in web browsing and cookie management
  • Attacks in code randomization approaches
  • Bypassing control-flow-based defenses

What are the next steps for your project?

The next two years the project will focus on secondments and collaborations that relate to the protection for the IoT, the protection of the user’s privacy, as well as understanding the mechanisms and the impact of cyberattacks.

Week: 
Thursday, 22 March, 2018

Project type:

News

Europol - Internet Organised Crime Threat Assessment 2018

Europol has just released its fifth annual Internet Organised Crime Threat Assessment (IOCTA).

The report offers a unique law enforcement view of the emerging threats and key developments in the field of cybercrime over the last year and warns of 15 ways in which people can fall prey to cyber criminals.

Events

29/09/2018 to 05/10/2018
Cryptology And Network Security - 30th September/ 3rd October 2018 - Naples (Italy)

The International Conference on Cryptology And Network Security (CANS) is a recognized annual conference, focusing on all aspects of cryptology, and of data, network, and computer security. CANS 2018 will be held in Naples from the next 30th September until the 3rd October.

06/10/2018 to 11/10/2018
Security of Personal Data Processing Event - 8th October - Athens (Greece)

ENISA and Cyberwatching.eu co-organize in October 8, 2018 a workshop on security measures (article 32 GDPR) in Athens.