PROTASIS - Service Offer 2018

Introduction

Fueled by a string of high profile attacks and recent revelations about unprecedented cyber surveillance, interest in systems security is rising-not just among industry and governments, but even among individual citizens across Europe. Corporate organizations worry about the viability of their businesses, nation states about cyber attacks by other nation states or terrorist groups, and citizens about the trustworthiness of the ICT infrastructures.

We this project we address these cybersecurity issues by fostering collaborations via supporting researchers from European institutes to spend time with their American counterparts in top universities. We focus our research efforts on both advanced attacks (e.g., exploits, malware, and exfiltration techniques), and defenses (e.g., developing secure software and protecting resource-constrained devices).

Who is the project designed for?

The project focuses on technical vulnerabilities, cyberattacks and cyber-defenses. In this aspect most (all?) vertical sectors can benefit from it.
The stakeholders of the project are:

• End users and EU citizens who will mainly receive the benefits of PROTASIS in the form of an increased protection level.
• Policymakers in the EU will make use of the identified threat vectors and defense techniques to effectively target their efforts for cybersecurity and homeland defense.
• Security vendors and service providers will be able to integrate and use parts of the produced research information to deliver better protection to their customers.
• Businesses will be able to assess the impact of cyberattacks against critical business processes, as well as the potential impact of cyber-physical vulnerabilities. Also, they will be able to implement some of the defensive countermeasures to improve their resilience to cyberattacks.
• Researchers both in the industry and in the academia will be able to get access to some of the collected data and metadata for their ongoing research, besides the obvious networking and publishing fallouts of the project.

How is your project benefitting the end-user?

End users will benefit through better research, superior awareness, and better products.

Please briefly describe the results your project achieved so far

The project so far has implemented several collaborations between the European partners (FORTH, Politecnico di Milano, VUA, RUB, Telefonica, and F-Secure) and the US partners (Columbia, MIT, Northeastern, UCSB, Stony Brook, UCSB, and Stevens IT). These collaborations have resulted in top publications in places such as EuroSec, WWW, IMC, IEEE S&P, etc.
The individual systems developed relate to:

• Vulnerabilities in industrial control systems
• Vulnerabilities in smartphones
• Vulnerabilities and defenses in web browsing and cookie management
• Attacks in code randomization approaches
• Bypassing control-flow-based defenses

What are the next steps for your project?

The next two years the project will focus on secondments and collaborations that relate to the protection for the IoT, the protection of the user’s privacy, as well as understanding the mechanisms and the impact of cyberattacks.