The SSE group is currently involved in different national and international research projects.
Some members of the group are currently working in the ASPIRE FP7 project; past projects are the FP7 project PANDORA, the ERDF project MCOM on mobile commerce for SMEs, the Powerchex Ltd Knowledge Transfer Partnership (KTP), and the DefTrust EPSRC/British Telecom (BT) funded project.
The group has provided knowledge transfer to the local community through schemes such as Innovation for Growth, Knowledge Connect, Innovation Associates, Enterprise Bureau, and Knowledge Transfer Partnership (KTP).
The group is strongly committed to inter-disciplinary work in joint research projects with bio-chemists and clinical researchers.
Advanced Software Protection: Integration, Research and Exploitation (ASPIRE)
ASPIRE is a European project between University of Gent, UEL, FBK, Politecnico di Torino, Nagravision, Gemalto and SafeNet. The lead at each site is, respectively, Prof. Bjorn De Sutter (coordinator), Dr Paolo Falcarin, Dr Mariano Ceccato, Prof Antonio Lioy, Dr Brecht Wyseur, Jerome d'Annoville and Michael Zunke.
ASPIRE builds on a successful FP6-FET project RE-TRUST, and it draws inspiration from the growing Software Protection community. An overview of Software Protection research problems can be found here, on a special issue of IEEE Software 2011.
Traditional security solutions based on custom hardware like smart cards, set-top boxes, and dongles, are not convenient on mobile devices like smartphones and tablets. Software protection is therefore utterly important; it can be a maker and a breaker in domains like multi-screen mobile TV, software licensing, and credentials and sensitive data stored on mobile devices. However, current software protection techniques are incredibly hard to deploy. Moreover, they cost too much and limit innovation. Therefore many stakeholders in mobile devices need more trustworthy, cheaper software security solutions and more value for the money they spend on security.
In this project, three market leaders in security ICT solutions and four academic institutions join forces to protect the assets of service, software and content providers. From their perspective, mobile devices and their users, which can engage in so-called Man-At-The-End (MATE) attacks, are not trustworthy.
Our goal is to establish trustworthy software execution on untrusted mobile platforms that have a persistent or occasional network connection to a trusted entity at their disposal. With the ASPIRE solutions, we want mobile software security to become (1) trustworthy by leveraging on the available network connection and developing a layered security approach of strong protections; (2) measurable by developing practical metrics based on validated attack and protection models; (3) cheaper by integrating support for the protections into an industrial-strength ASPIRE Framework; (4) more valuable by enabling shorter time-to-markets; and (5) more productive by being more widely applicable.
To provide software protection that is equally strong as the existing hardware-based protection, we will develop software protection techniques along five mutually strengthening lines of defence: data hiding, algorithm hiding, anti-tampering, remote attestation, and renewability. We will integrate compiler support for all lines of defence into the framework to enable service, software and content providers to automatically protect the assets in their mobile apps with the most appropriate local and network-based protection techniques. A decision support system will assist non-security-expert software developers to tune the tool chain for their assets and protection needs. This decision support system will reduce their time-to-market and lower their market entry ticket price. Research into appropriate models and metrics, as well in a protection evaluation methodology will support the system's design and development.
The ASPIRE project website can be found here.
Dr Paolo Falcarin
University of Gent (Belgium) - Project coordinator
FBK Trento (Italy)
Politecnico di Torino (Italy)
This project is funded by the FP7-EU, from November 2013 to October 2016 (call Objective ICT-2013.1.5 Trustworthy ICT b), grant n. 609734.