Research Projects
Current Projects
Past Projects
SMaRtChain : Fast and Energy-efficient Distributed Consensus for Blockchains
This project aims to address critical limitations of existing blockchains by exploiting a set of promising
principles and models that have been mostly unexplored in the blockchain and Byzantine Fault Tolerance (BFT) research literature.
We will devise new consensus protocols for improving both consortium/permissioned blockchains - where the group of nodes maintaining
the blockchain is restricted and known, as in Hyperledger Fabric and Tendermint; and open/permissionless blockchains - where the group
of nodes maintaining the blockchain is open and unknown, as in Bitcoin and Ethereum. Amongst other contributions, we will explore new
probabilistic constructions to devise scalable low-latency BFT consensus protocols, which are particularly interesting in the context
of permissioned blockchains, and also important for certain permissionless networks; and we plan to extend the theoretical underpinnings
of the Consensus with Unknown Participants (CUP) model, which is relevant for devising robust energy-efficient permissionless
blockchains. Investigating these ideas will lead to contributions both to distributed computing theory and experimental systems
research. In the end, we expect to produce an experimental open-source blockchain platform and some representative applications.
Start date: March 1, 2023
Duration: 3 years
Total award amount: 132 KEuros
Sponsoring body: FCT (2022.08431.PTDC)
Official web site: https://www.lasige.pt/project/smartchain/
XIVT: eXcellence In Variant Testing
Within the XIVT project, a method and toolchain will be defined for testing highly configurable,
variant-rich embedded systems in the automotive, rail, telecommunication and industrial production domains. This will enable
a highly effective, cost-efficient quality assurance, allowing the shift to autonomous, flexible and adaptive applications.
The method is founded on a knowledge-based analysis of requirements formulated in natural language, and a model-based test
generation at product-line level. It is expected that XIVT methods will result in higher test coverage, more flexible processes
of higher quality and better products.
Start date: January 1, 2020
Duration: 42 months
Total award amount: 225 KEuros
Sponsoring body: P2020 (LISBOA-01-0247-FEDER-039238)
Official web site: https://www.xivt.org/
SEAL: SEcurity progrAmming of web appLications
The SEAL project aims to make significant advances in security of web applications, developing the SEAL platform
containing tools that implement secure programming in applications written in server-side programming languages (e.g., PHP and .NET). The
platform will be constituted by three layers, namely, code representation, vulnerability detection, and code correction, where: an intermediate
language able to represent server-side languages and secure code features will be defined; on this language, tools to perform code analysis to
detect and identify vulnerabilities will be developed, employing code analysis and machine learning techniques; and a secure code layer to
remove the vulnerabilities found automatically will be created. The SEAL platform, during its development and evaluation, will resort to use
cases defined with the Maxdata enterprise, the market leader in software solutions to health services.
Start date: August 1, 2018
Duration: 3 years
Total award amount: 240 KEuros
Sponsoring body: FCT (PTDC/CCI-INF/29058/2017)
Official web site: http://seal.lasige.di.fc.ul.pt/
uPVN - User-centric Programmable Virtual Networks
Recent network virtualization platforms offer a full decoupling of the virtual networks and the physical infrastructure.
Unfortunately, their provider-centric design has limitations in terms of scalability, security, and dependability, and is restrictive in the
services offered. To address these limitations, we propose a platform that creates user-centric virtual networks, over a substrate that entails
both public clouds and private datacenters. Following the recent trend on data plane programmability, our user-centric virtual networks are fully
programmable: users can customize the packet processing of all network elements with a high level language. To achieve these objectives we innovate
in various areas, from network compilation to algorithms for embedding and orchestration. By empowering users and companies with provider-independence
and unprecedented customizability of their virtual networks, we expect our solution to foster innovation and motivate new business opportunities.
Start date: October 1, 2018
Duration: 3 years
Total award amount: 225 KEuros
Sponsoring body: FCT (PTDC/CCI-INF/30340/2017)
DISIEM - Diversity Enhancements for SIEMs
The project aims to provide improvements to Security Information and Event
Management (SIEM) systems based on diversity related technology. More specifically, the project wants to
(1) enhance the quality of events collected using a diverse set of sensors and novel anomaly detectors,
(2) add support for collecting infrastructure-related information from open source intelligence data
available on diverse sources from the internet, (3) create new ways for visualising the information
collected in the SIEM and provide high-level security metrics and models for improving security-related
decision project, and (4) allow the use of multiple storage clouds for secure long-term archival
of the raw events feed to the SIEM. Given the high costs of deployment of SIEM infrastructures, all these
enhancements will be developed in a SIEM-independent way, as extensions to currently available
systems, and will be validated through the deployed in three large-scale production environments.
Start date: September 1, 2016
Duration: 3 years
Total award amount: 3,4 MEuros
Sponsoring body: European Commission's H2020 Work Programme (EU H2020-DS-2015-1: 700692)
Official web site: http://www.disiem-project.eu
IRCoC - Intelligent Resilience for Cloud-of-Clouds Services
The project aims to make significant advances on the use of a Cloud-of-Cloud (CoC)
for storage, coordination and execution of critical services, enabling organizations and individuals
to benefit from the clouds without requiring complete trust on any single provider.
Start date: July 1, 2016
Duration: 3 years
Total award amount: 100 KEuros
Sponsoring body: FCT (PTDC/EEI-SCR/6970/2014)
Resilient Supervision and Control in Smart Grids
SCADA (Supervisory Control and Data Acquisition) systems have a prominent role in the management of critical
infrastructures. They are used in the monitoring and control of equipment in several different industries, such as the
Energy sector. In this project of researcher exchange of FCUL (Portugal) and PUPCR/Inmetro (Brazil) the
objective is to embrace the following challenge: to collaborate in the design and development of advanced security
mechanisms to be integrated in a next-generation SCADA system, with the goal of assuring correct behaviour in spite of
the presence of a diverse range of faults, both of accidental and/or malicious nature. The teams involved present a
complementary set of skills and experience in building this type of solutions, and therefore this collaboration may yield
important scientific achievements with practical industrial impact. On the other hand, the participation of young
researchers will help foster new projects of advanced learning.
Start date: January 1, 2016
Duration: 3 years
Total award amount: support for mobility of
researchers between Portugal-Brazil
Sponsoring body: FCT/CAPES
SUPERCLOUD - User-Centric Management of Security and Dependability in Cloud of Clouds
The project will develop new security and dependability
infrastructure management paradigms with the objective of providing:
self-service security, related to the implementation of a cloud architecture
that gives users the flexibility to define their own protection requirements and
instantiate policies accordingly; self-managed security, for the development of
an autonomic security management framework that operates seamlessly over
compute, storage and network layers, and across provider domains to ensure
compliance with security policies; resilience, through the implementation of a
resource management framework that composes provider-agnostic resources in a
robust manner using primitives from diverse cloud providers.
The SUPERCLOUD solutions will be validated with real-world use cases in the healthcare
domain, ranging from deploying a distributed medical imaging platform to running a full laboratory information system.
Start date: February 1, 2015
Duration: 3 years
Total award amount: 5,4 MEuros
Sponsoring body: European Commission's H2020 Work Programme (EU H2020-ICT-2014-1: 643964)
Official web site: http://www.supercloud-project.eu
SEGRID: Security for smart Electricity GRIDs
The project main objective is to enhance the protection of smart electrical grids against cyber-attacks.
SEGRID does this by applying a risk management analysis approach to a number of smart grid use cases (the SEGRID use cases),
which will define security requirements and determine gaps in current security technologies, standards and
regulations. The identified gaps and the analysis itself will give input to the enhancement of risk assessment
methodologies and the development of novel security measures for smart grids.
Start date: October 1, 2014
Duration: 3 years
Total award amount: 3,4 MEuros
Sponsoring body: European Commission's FP7-SEC Work Programme (FP7-607109)
Official web site: http://www.segrid.eu
ParIS: Partnership in Information Security
The goal of the project is to establish a consortium of higher education and research organisations active in, or
aiming at being
active in, the strategic area of security and trust in telecommunications, and to prepare a roadmap and a strategy for the
preparation, and the launch at a later stage, of a Joint Master Degree in Security (JMD). The project will also create opportunities
for joint actions, such as the organisation of joint Intensive Study Programmes in Security, encouraged to give lectures and conferences at
other participating institutions, experiment the different teaching methods, while providing at the same time an appropriate context
for additional added values, for instance joint research projects.
Start date: October 1, 2014
Duration: 3 years
Total award amount: 150 KEuros
Sponsoring body: European Commission's Erasmus+ Programme
(H2020)
Official web site: http://paris.uni.lu/
BiobankCloud: Scalable, Secure Storage of Biobank Data
BiobankCloud will develop a cloud-computing platform as a service (PaaS) for Biobanking. The platform will provide security, storage,
data-intensive tools and algorithms, and support for allowing Biobanks to share data with one another, all within the existing regulatory frameworks for Biobanking.
The research challenges include: the definition of the regulatory framework and data model for Biobank data sharing; the development of a scalable, highly
available storage infrastructure; data-intensive tools and workflows for aligning, clustering, aggregating, compressing and anonymizing
sequence data; a security platform that ensures data confidentiality, data integrity, and data access auditing; the inter-connection of Biobanks, while also
leveraging the storage and processing capacity of public clouds; and the integration of these components as a PaaS.
Start date: December 1, 2012
Duration: 3 years
Total award amount: 2 MEuros
Sponsoring body: European Commission's FP7 ICT Work Programme (FP7-317871)
Official web site: http://www.biobankcloud.eu/
MASSIF - MAnagement of Security information and
events in Service InFrastructures
The main objective of MASSIF is to achieve a signicant advance in the area of Security
Information and Event Management (SIEM). On the base of proper multi-level event correlation,
MASSIF will provide innovation techniques in order to enable the detection of upcoming
security threats and trigger remediation actions even before the occurrence of possible security
incidences. Thus, MASSIF will develop a new generation SIEM framework for service
infrastructures supporting intelligent, scalable, and multi-level/multi-domain security event
processing and predictive security monitoring.
Such service-level SIEM involves the modelling and formal validation of security, including
trusted computing concepts, architecture for dependable and resilient collection
of service events, supported by an extremely scalable and performant event
collection and processing framework, in the context of service-level attack models.
Start date: October 1, 2010
Duration: 3 years
Total award amount: 6 MEuros
Sponsoring body: European Commission's FP7 ICT Work Programme (FP7-257475)
Official web site: http://www.massif-project.eu
SITAN - Services for Intrusion Tolerant Ad Hoc Networks
The project will create a toolbox of distributed services that can be employed in the construction of wireless
ad hoc applications, simplifying their design and development, and automatically assuring tolerance to both accidental faults and
attacks. To fulfill this objective, it will be necessary to investigate new distributed protocols and models, which are able to capture the
inherent characteristics of the environment, and explore them to enhance the performance and resilience of the system.
Start date: April 1, 2011
Duration: 3 years
Total award amount: 131 KEuros
Sponsoring body: FCT (PTDC/EIA-EIA/113729/2009)
Official web site:
http://asc.di.fct.unl.pt/SITAN
DIVERSE - Diversity for Intrusion Tolerant Systems
This project studies mechanisms that allow the inclusion
of diversity (mainly at software level) in a replicated system, in a way that
prevents common vulnerabilities from occurring across multiple replicas. The project
also has a strong component about the evaluation of the proposed solutions,
and the creation of methodologies and tools that support the discovery of
vulnerabilities in different kinds of software components.
Start date: January 1, 2010
Duration: 3 years
Total award amount: 88.5 KEuros
Sponsoring body: FCT (PTDC/EIA-EIA/100894/2008)
Official web site:
http://www.di.fc.ul.pt/~nuno/PROJECTS/DIVERSE/
TCLOUDS - Trustworthy Clouds: Privacy and Resilience for Internet-scale Critical Infrastructure
Trustworthy Clouds (TClouds) aims to build a prototype Internet scale ICT infrastructure, which allows
virtualized computing, network, and storage resources over the Internet to provide scalability and cost-efficiency. The following
objectives contribute to achieving the overall goal: 1) Identifying and addressing the legal and business implications and
opportunities of a widespread use of infrastructure clouds, contributing to building a regulatory framework for enabling
resilient and privacy-enhanced cross-border infrastructure clouds; 2) Defining an architecture and prototype for securing
infrastructure clouds by providing security enhancements that can be deployed on top of commodity infrastructure clouds
(as a cloud-of-clouds) and assessing the resilience and privacy benefits of security extensions of existing clouds; 3)
Providing resilient middleware for adaptive security on the cloud-of-clouds. The TClouds platform will provide tolerance
and adaptability to mitigate security incidents and unstable operating conditions for a range of applications running on
such clouds-of-clouds.
Start date: October 1, 2010
Duration: 3 years
Total award amount: 7,5 MEuros
Sponsoring body: European Commission's FP7 ICT Work Programme (FP7-257243)
Official web site: http://www.tclouds-project.eu/
REGENESYS - Regeneration of Replicated Systems
The objective of this project is the design, implementation and evaluation
of a regeneration system capable of improving the security of replicated systems
exposed both to accidental failures (e.g., a replica crash) and malicious attacks
(e.g., a virus infection or an intrusion in a server). The approach being followed
integrates Byzantine fault-tolerant protocols with the regeneration service
to make it intrusion-tolerant. At the same time, the approach is very flexible,
supporting planned and unplanned maintenance operations on the replicas.
Start date: January 1, 2010
Duration: 3 years
Total award amount: 73.5 KEuros
Sponsoring body: FCT (PTDC/EIA-EIA/100581/2008)
Official web site:
http://regenesys.di.fc.ul.pt/
RED - Resilient Database Clusters
The goal of project ReD is to develop a generic, robust,
and inexpensive shared-storage cluster from an off-the-shelf RDBMS. The ReD
approach is to combine the replication protocol with a specialized
copy-on-write volume management system, that holds transient logically
independent partial copies, thus masking internal server non-determinism
and isolating multiple logical replicas for resilience.
Start date: April 1, 2010
Duration: 2 years
Total award amount: 123.5 KEuros
Sponsoring body: FCT (PTDC/EIA-EIA/109044/2008)
Official web site:
http://red.lsd.di.uminho.pt/
CMUPORT - CMU-Portugal Research and Education Partnership
CMU-Portugal is a partnership between Carnegie Mellon
University and the Portuguese Government through the Ministry of Science,
Technology and Higher Education. This partnership has an initial 5-year
phase during 2007-11 and is materialized by a joint "Information and
Communication Technologies Institute", ICTI, with poles in CMU and in
Portugal. LASIGE members are heavily engaged in one of the initiatives of
the CMU-PORTUGAL program, Information and Infrastructure Security and
Dependability, which is led by FCUL in the program. The Information and
Infrastructure Security and Dependability initiative drawing from faculty
and researchers at CMU ECE and CS, expects to become internationally
visible as a distributed centre of excellence. The project will address
the Internet and the Critical Information Infrastructures of the future,
and their interpenetration: the dramatic security and dependability problems
posed the inevitable fusion between classical Internet and embedded and
computer control systems. The proposal features a coordinated set of
initiatives: education at the level of MSc and PhD, and joint research.
Both the Doctoral and the Masters program confer a dual degree, from
CMU and from the University of Lisboa.
Start date: October 27, 2007
Duration: 5 years
Total award amount: 56 MEuros
Sponsoring body: FCT
Official web site:
http://cmuportugal.di.fc.ul.pt/
CRUTIAL - Critical UTility InfrastructurAL Resilience
The project addresses new networked ICT systems for the management of the electric power
grid, in which artifacts controlling the physical process of electricity
transportation need to be connected with information infrastructures, through
corporate networks (intranets), which are in turn connected to the Internet.
CRUTIAL’s innovative approach resides in modeling interdependent infrastructures taking
into account the multiple dimensions of interdependencies, and attempting at
casting them into new architectural patterns, resilient to both accidental
failures and malicious attacks.
Start date: Jan. 1, 2006
Duration: 3 years
Total award amount: 2 MEuros
Sponsoring body: European Commission -
IST Programme (IST-FP6-STREP-027513)
Official web site:
http://crutial.cesiricerca.it/
RESIST
- Resilience for Survivability in IST
ReSIST is an
NoE that addresses the strategic objective “Towards a global dependability and
security framework” of the European Union's FP6 Work Programme for IST
(Information Society Technologies), and responds to the stated “need for
resilience, self-healing, dynamic content and volatile environments”. ReSIST
integrates leading researchers active in the multidisciplinary domains of
Dependability, Security, and Human Factors, in order that Europe will have a
well-focused coherent set of research activities aimed at ensuring that future
“ubiquitous computing systems”, the immense systems of ever-evolving networks of
computers and mobile devices which are needed to support and provide Ambient
Intelligence (AmI), have the necessary resilience and survivability, despite any
residual development and physical faults, interaction mistakes, or malicious
attacks and disruptions.
Start date: Jan. 1, 2006
Duration: 3 years
Total award amount: 4.7 MEuros
Sponsoring body:
European Commission - IST Programme (IST-4-026764-NOE)
Official web site:
http://www.resist-noe.org/
RITAS - Randomized Intrusion Tolerance for Asynchronous Systems
In this project we want to develop a stack of protocols capable of tolerating
intrusions. Distributed applications composed by a set of cooperating processes
running on different nodes, can resort to these protocols for the implementation
of interesting tasks. As a result, if applications are organized properly, they
can continue to provide useful services even if a malicious adversary controls a
number of the processes (and makes them fail in a Byzantine way) or attacks the
network.
The types of networks considered in the project (LAN, WAN or Wireless) are particularly
difficult to tackle because of their unpredictable timeliness (also called
asynchronous systems). A well known result by Fischer et al indicates that
consensus can not be deterministically solved in this setting if a single
process is allowed to crash. Therefore, to be able to circumvent this result, we
will use randomization techniques in the protocols.
Start date: March 1, 2005
End date: December 31, 2007
Total award amount: 50.5 KEuros
Sponsoring body: FCT (POSC/EIA/60334/2004)
Official web site:
http://www.di.fc.ul.pt/~nuno/PROJECTS/RITAS/
AJECT - Attack
Injection on Software Components
Computer
security is an important research subject due to our reliance on computer
systems for the execution of our everyday life activities. An attack to be
executed successfully, and to result in an intrusion, has to be able to explore
a vulnerability in the computer system. These vulnerabilities might be located
in distinct components, ranging from the processor firmware to some library
linked to an application.
In this project we want to study and analyze software vulnerabilities. Modern software
is complex, but it will tend to become even more complicated in the future.
Therefore, if we want to prevent malicious adversaries from compromising our
systems, we need first to get a better understanding about how vulnerabilities
are exploited, and then we have to develop tools that will enable us to
automatically detect potential software problems.
Start date: May 1, 2005
End date: December 31, 2007
Total award amount: 48.5 KEuros
Sponsoring body: FCT (POSC/EIA/61643/2004)
Official web site:
http://www.di.fc.ul.pt/~nuno/PROJECTS/AJECT/
MAFTIA:
Malicious- and Accidental-Fault Tolerance for Internet Applications
The MAFTIA project will investigate the
dependability of large distributed applications thus addressing one of the four
key issues of the IST Programme and in particular the main objectives of CPA2.
Its major innovation is a comprehensive approach for tolerating both accidental
faults and malicious attacks in such systems, including attacks by external
hackers and by corrupt insiders. The objectives of the project will evolve under
the guidance of an Industrial Advisory Board, representing a cross-section of
the industrial organizations which can best exploit MAFTIA's ideas. Board
members will provide "use cases" based on actual or planned major systems and on
realistic threat scenarios; as the project progresses they will play an
ever-increasing role in providing exploitation routes for the results.
Deliverables will include demonstrations and prototypes of several accident- and
attack-tolerant security mechanisms and services.
Start date: Jan. 1, 2000
Duration: 3 years
Total award amount: 5,1 MEuro
Sponsoring body: European Commission -
IST Programme (IST-1999-11583)
Official web site:
http://www.maftia.org/
COPE:
Secure and Reliable Parallel Processing
Throughout the last ten years there has been
an considerable evolution in the area of parallel systems and applications. With
the ending of the Cold War the available funds for the construction of
specialized supercomputers suffered a substantial reduction.
Users, however, continued to demonstrate interest in this kind of systems. In
fact, there has been an increase on the number of applications that need
significant computational capacities. These applications come from the most
diverse areas of knowledge, such as medical sciences including genetic
engineering, financial modeling, and robotics.
In this project we want to develop solutions that improve the
reliability and security of current parallel processing platforms. The
hardware architecture that is most commonly found consists on a group of
workstations or PCs interconnected by a high-performance network. Application
programming can be done using a message-passing platform with a standard
interface, such as the Message Passing Interface (MPI).
Start date: April 2, 2002
Duration: 32 months
Total award amount: 35 KEuros
Sponsoring body: FCT (POSI/CHS/39815/2001)
Official web site:
http://www.di.fc.ul.pt/~nuno/PROJECTS/COPE/
DEFEATS:
Distributed Fault and Attack Tolerant Systems Configuration
With the
increasing experience with applications running in a large-scale asynchronous
network such as the Internet, the need for dependability properties in that
environment has become evident. For example, E-commerce services have to be
secure, reliable and available. There has been research in those properties for
a couple of decades now, but their implementation is still not simple for the
average system architect.
Faults in critical systems have been handled by a number of techniques, from prevention to
fault tolerance mechanisms based on replication. On the other hand, security is
still mostly obtained through prevention, although it is possible to
characterize the malicious faults involved in attacks, which can then be handled
using fault-tolerance techniques. This issue, attack tolerance, only recently
started to receive attention.
The composition of medium/large software systems from smaller components has also
been an area of research in the last years. The application of these ideas to
configuration of distributed systems and processes is a powerful framework. The
basic principle is the separation between systems architecture and computation.
Computation is done by the components. The architecture of the system can be
defined using configuration languages or graphic tools, and changed using a
configuration platform.
Project DEFEATS is concerned with studying a configurable framework to build attack and
intrusion tolerant systems.
Start date: Jan. 1, 2001
Duration: 3 years
Total award amount: 29,5 KEuros
Sponsoring body: FCT (POSI/1999/CHS/33996)
Official web site:
http://defeats.di.fc.ul.pt/
CaberNet:
Network of Excellence in Distributed and Dependable Computing Systems
CaberNet aims to co-ordinate and strengthen the research, the research
training activities and the industrial linkages of the European research
groups. It intends to provide a long-term stable basis for research coloration
and a challenging Trans-European environment for research students. Moreover,
industrial involvement in CaberNet, whether via membership or affiliation,
offers increased and enhanced means of interacting with industry. Members
will obtain valuable feedback from industry about their research, and industry
will access a known reservoir of competence aimed at technology transfer.
The mission of CaberNet is to coordinate top-ranking European research in
distributed and dependable systems, to make that research accessible to governments
and industries and to further the quality of education concerning such systems.
CaberNet addresses all aspects of the design of networked computer systems.
These systems can rangefrom embedded systems used to control an aircraft in
flight to globe-spanning applications searching for information on the World-Wide
Web. CaberNet will build on its Europe-wide community of research groups in
distributed and dependable computing and develop a shared vision of RTD. This
shared vision will provide a focus for work that is central to the success of the
IST Programme, highlighting our strengths and leading to a coherent presentation
of European work in the global marketplace of ideas.
Start date: January 2001
Duration: 39 months
Sponsoring body: European Commission -
IST Programme (IST-2000-25088)
Official web site:
http://research.cs.ncl.ac.uk/cabernet/www.laas.research.ec.org/cabernet/
Back to Nuno Neves' home page
|