Paulo Veríssimo

Paulo Veríssimo
University of Luxembourg · Interdisciplinary Centre for Security, Reliability and Trust

Professor

About

357
Publications
92,726
Reads
How we measure 'reads'
A 'read' is counted each time someone views a publication summary (such as the title, abstract, and list of authors), clicks on a figure, or views or downloads the full-text. Learn more
12,012
Citations
Introduction
Paulo Esteves-Veríssimo is a professor at the Univ. of Luxembourg FSTM / SnT, and Head of the CritiX lab. He was Chair of the IFIP WG 10.4 on Dep. Comp. and F/T and vice-Chair of the S.C. of the IEEE/IFIP DSN conference. He is Fellow of the IEEE and of the ACM, and associate editor of the IEEE TETC journal, author of over 200 peer-refereed publications and co-author of 5 books. He is interested in architectures, middleware and algorithms for resilient modular and distributed computing.

Publications

Publications (357)
Article
The United Nations’ Sustainable Development Goal (SDG) 16—Peace, Justice and Strong Institutions—aims to ensure that we all live in societies that are safe, fair, and shield us from danger. Information and communication technology (ICT) refers to the digital devices that we use. ICT involves using digital services to achieve tasks. For example, we...
Preprint
Full-text available
A long-standing challenge is the design of chips resilient to faults and glitches. Both fine-grained gate diversity and coarse-grained modular redundancy have been used in the past. However, these approaches have not been well-studied under other threat models where some stakeholders in the supply chain are untrusted. Increasing digital sovereignty...
Preprint
Full-text available
Computational offload to hardware accelerators is gaining traction due to increasing computational demands and efficiency challenges. Programmable hardware, like FPGAs, offers a promising platform in rapidly evolving application areas, with the benefits of hardware acceleration and software programmability. Unfortunately, such systems composed of m...
Article
Full-text available
As resilience challenges evolve, namely in safety- and security-critical environments, the demand for cost-efficient, automated and unattended fault and intrusion tolerance (FIT) grows. However, current on-chip solutions typically target only accidental faults and rely on some form of application-specific redundancy, a single-point-of-failure (SPoF...
Preprint
Full-text available
Current vehicular Intrusion Detection and Prevention Systems either incur high false-positive rates or do not capture zero-day vulnerabilities, leading to safety-critical risks. In addition, prevention is limited to few primitive options like dropping network packets or extreme options, e.g., ECU Bus-off state. To fill this gap, we introduce the co...
Preprint
Full-text available
Over-the-Air (OTA) software updates are becoming essential for electric/electronic vehicle architectures in order to reduce recalls amid the increasing software bugs and vulnerabilities. Current OTA update architectures rely heavily on direct cellular repository-to-vehicle links, which makes the repository a communication bottleneck, and increases...
Conference Paper
Full-text available
We introduce the concept of Intrusion Resilience Systems (IRS) for modern vehicles. An IRS enables running a vehicular application in a replicated way, i.e., as a Replicated State Machine, over several ECUs. By requiring the replicated processes to reach a form of Byzantine agreement before changing their local state, the IRS ensures the resilience...
Conference Paper
Full-text available
We introduce the concept of Intrusion Resilience Systems (IRS) for modern vehicles. An IRS enables running a vehicular application in a replicated way, i.e., as a Replicated State Machine, over several ECUs. By requiring the replicated processes to reach a form of Byzantine agreement before changing their local state, the IRS ensures the resilience...
Conference Paper
Full-text available
We introduce the concept of Intrusion Resilience Systems (IRS) for modern vehicles. An IRS enables running a vehicular application in a replicated way, i.e., as a Replicated State Machine, over several ECUs. By requiring the replicated processes to reach a form of Byzantine agreement before changing their local state, the IRS ensures the resilience...
Conference Paper
Full-text available
To cope with the ever increasing threats of dynamic and adaptive persistent attacks, Fault and Intrusion Tolerance (FIT) is being studied at the hardware level to increase critical systems resilience. Based on state-machine replication, FIT is known to be effective if replicas are compromised and fail independently. This requires different ways of...
Preprint
Full-text available
To cope with the ever increasing threats of dynamic and adaptive persistent attacks, Fault and Intrusion Tolerance (FIT) is being studied at the hardware level to increase critical systems resilience. Based on state-machine replication, FIT is known to be effective if replicas are compromised and fail independently. This requires different ways of...
Preprint
Full-text available
We introduce the concept of Intrusion Resilience Systems (IRS) for modern vehicles. An IRS is a middleware that enables running a vehicular application in a replicated way, i.e., as a Replicated State Machine, over several ECUs. By requiring the replicated processes to reach a form of Byzantine agreement before changing their local state, the IRS e...
Article
Today, leveraging the enormous modular power, diversity and flexibility of manycore systems-on-a-chip (SoCs) requires careful orchestration of complex and heterogeneous resources, a task left to low-level software, e.g., hypervisors. In current architectures, this software forms a single point of failure and worthwhile target for attacks: once comp...
Conference Paper
Full-text available
Container-based virtualization has gained momentum over the past few years thanks to its lightweight nature and support for agility. However, its appealing features come at the price of a reduced isolation level compared to the traditional hostbased virtualization techniques, exposing workloads to various faults, such as co-residency attacks like c...
Preprint
Full-text available
Satellites, are both crucial and, despite common misbelieve, very fragile parts our civilian and military critical infrastructure. While, many efforts are focused on securing ground and space segments, especially when national security or large businesses interests are affected, the small-sat, newspace revolution democratizes access to, and exploit...
Preprint
Full-text available
Over the last decades, space has grown from a purely scientific struggle, fueled by the desire to demonstrate superiority of one regime over the other, to an anchor point of the economies of essentially all developed countries. Many businesses depend crucially on satellite communication or data acquisition, not only for defense purposes, but increa...
Preprint
Full-text available
Critical infrastructures have to withstand advanced and persistent threats, which can be addressed using Byzantine fault tolerant state-machine replication (BFT-SMR). In practice, unattended cyberdefense systems rely on threat level detectors that synchronously inform them of changing threat levels. However , to have a BFT-SMR protocol operate unat...
Preprint
Full-text available
While previous works have discussed the network delay upper bound that guarantees the consistency of Nakamoto consensus, measuring the actual network latencies and evaluating their impact on miners/pools in Bitcoin remain open questions. This paper fills this gap by: (1) defining metrics that quantify the impact of network latency on the mining net...
Article
Full-text available
The accelerated digitalisation of society along with technological evolution have extended the geographical span of cyber-physical systems. Two main threats have made the reliable and real-time control of these systems challenging: (i) uncertainty in the communication infrastructure induced by scale, and heterogeneity of the environment and devices...
Conference Paper
Full-text available
Genome-Wide Association Studies (GWAS) identify the genomic variations that are statistically associated with a particular phenotype (e.g., a disease). The confidence in GWAS results increases with the number of genomes analyzed, which encourages feder-ated computations where biocenters would periodically share the genomes they have sequenced. Howe...
Preprint
Full-text available
The accelerated digitalisation of society along with technological evolution have extended the geographical span of cyber-physical systems. Two main threats have made the reliable and real-time control of these systems challenging: (i) uncertainty in the communication infrastructure induced by scale, openness and heterogeneity of the environment an...
Chapter
Full-text available
As of September 2019, Monero is the most capitalized privacy-preserving cryptocurrency, and is ranked tenth among all cryptocurrencies. Monero’s on-chain data privacy guarantees, i.e., how mixins are selected in each transaction, have been extensively studied. However, despite Monero’s prominence, the network of peers running Monero clients has not...
Preprint
Full-text available
Contact tracing is an important instrument for national health services to fight epidemics. As part of the COVID-19 situation, many proposals have been made for scaling up contract tracing capacities with the help of smartphone applications, an important but highly critical endeavor due to the privacy risks involved in such solutions. Extending our...
Preprint
Today, leveraging the enormous modular power, diversity and flexibility of manycore systems-on-a-chip (SoCs) requires careful orchestration of complex resources, a task left to low-level software, e.g. hypervisors. In current architectures, this software forms a single point of failure and worthwhile target for attacks: once compromised, adversarie...
Conference Paper
Full-text available
As of September 2019, Monero is the most capitalized privacy-preserving cryptocurrency, and is ranked tenth among all cryptocurren-cies. Monero's on-chain data privacy guarantees, i.e., how mixins are selected in each transaction, have been extensively studied. However, despite Monero's prominence, the network of peers running Monero clients has no...
Conference Paper
Full-text available
Video consumption is one of the most popular Inter-net activities worldwide. The emergence of sharing videos directly recorded with smartphones raises important privacy concerns. In this paper we propose P3LS, the first practical privacy-preserving peer-to-peer live streaming system. To protect the privacy of its users, P3LS relies on k-anonymity w...
Article
Full-text available
Byzantine fault-tolerant state-machine replication (BFT-SMR) is a technique for hardening systems to tolerate arbitrary faults. Although robust, BFT-SMR protocols are very costly in terms of the number of required replicas (3f+1 to tolerate f faults) and of exchanged messages. However, with "hybrid" architectures, where "normal" components trust so...
Preprint
Full-text available
It is no exaggeration to say that since the introduction of Bitcoin, blockchains have become a disruptive technology that has shaken the world. However, the rising popularity of the paradigm has led to a flurry of proposals addressing variations and/or trying to solve problems stemming from the initial specification. This added considerable complex...
Article
Full-text available
The advent of next-generation sequencing (NGS) machines made DNA sequencing cheaper, but also put pressure on the genomic life-cycle, which includes aligning millions of short DNA sequences, called reads, to a reference genome. On the performance side, efficient algorithms have been developed, and parallelized on public clouds. On the privacy side,...
Article
Full-text available
Existing proof-of-work cryptocurrencies cannot tolerate attackers controlling more than 50% of the network's computing power at any time, but assume that such a condition happening is "unlikely". However, recent attack sophistication, e.g., where attackers can rent mining capacity to obtain a majority of computing power temporarily, render this ass...
Article
Full-text available
Today's cyber-physical systems face various impediments in achieving their intended goals. Namely, communication uncertainties and faults, relative to the increased integration of networked and wireless devices, hinder the synchronism needed to meet real-time deadlines. Moreover, being critical, these systems have higher security threats that cause...
Article
Wireless sensor networks, often adhering to a single gateway architecture, constitute the communication backbone for many modern cyber-physical systems. Consequently, fault-tolerance in CPS becomes a challenging task, especially when accounting for failures (potentially malicious) that incapacitate the gateway or disrupt the nodes-gateway communica...
Conference Paper
Full-text available
The recent introduction of new DNA sequencing techniques caused the amount of processed and stored biological data to skyrocket. In order to process these vast amounts of data, bio-centers have been tempted to use low-cost public clouds. However, genomes are privacy sensitive, since they store personal information about their donors, such as their...
Article
The pace of adoption of secure mechanisms in software-defined networking (SDN) has been slow, largely due to traditional solutions’ performance overhead and their support infrastructure’s complexity. To address these challenges, we propose KISS, a secure SDN control plane communications architecture that includes innovative solutions in the context...
Preprint
Full-text available
Today's cyber-physical systems face various impediments to achieving their intended goals, namely, communication uncertainties and faults, relative to the increased integration of networked and wireless devices, hinder the synchronism needed to meet real-time deadlines. Moreover, being critical, these systems are also exposed to significant securit...
Preprint
Full-text available
Existing proof-of-work (PoW) cryptocurrencies cannot tolerate attackers controlling more than 50% of the net-work's computing power at any time, but assume that such a condition happening is "unlikely". However, recent attack sophistication, e.g., where attackers can rent mining capacity to obtain a majority of computing power temporarily (flash at...
Conference Paper
Full-text available
Our increasing dependence on complex and critical information infrastructures and the emerging threat of sophisticated attacks, ask for extended efforts to ensure the correctness and security of these systems. Byzantine fault-tolerant state-machine replication (BFT-SMR) provides a way to harden such systems. It ensures that they maintain cor-ectnes...
Chapter
Full-text available
Our increasing dependence on complex and critical information infrastructures and the emerging threat of sophisticated attacks, ask for extended efforts to ensure the correctness and security of these systems. Byzantine fault-tolerant state-machine replication (BFT-SMR) provides a way to harden such systems. It ensures that they maintain correctnes...
Article
Full-text available
Sequencing thousands of human genomes has enabled breakthroughs in many areas, among them precision medicine, the study of rare diseases, and forensics. However, mass collection of such sensitive data entails enormous risks if not protected to the highest standards. In this article, we follow the position and argue that post-alignment privacy is no...
Preprint
Full-text available
Sequencing thousands of human genomes has enabled breakthroughs in many areas, among them precision medicine, the study of rare diseases, and forensics. However, mass collection of such sensitive data entails enormous risks if not protected to the highest standards. In this article, we follow the position and argue that post-alignment privacy is no...
Preprint
Full-text available
The advent of high throughput next-generation sequencing (NGS) machines made DNA sequencing cheaper, but also put pressure on the genomic life-cycle, which includes aligning millions of short DNA sequences, called reads, to a reference genome. On the performance side, efficient algorithms have been developed, and parallelized on public clouds. On t...
Conference Paper
Future homes will contain Mobile Service Robots (MSR) with diverse functionality. MSRs act in close proximity to humans and have the physical capabilities to cause serious harm to their environment. Furthermore, they have sensors that gather large amounts of data, which might contain sensitive information. A mobile service robot’s physical capabili...
Conference Paper
Full-text available
The protection of long-lived sensitive information puts enormous stress on traditional ciphers, to survive generations of cryptanalysts. In addition, there is a continued risk of adversaries penetrating and attacking the systems in which these ciphers are implemented. In this paper, we present our work-in-progress on an approach to survive both cry...
Article
Software-defined networking (SDN) decouples the control and data planes of traditional networks, logically centralizing the functional properties of the network in the SDN controller. While this centralization brought advantages such as a faster pace of innovation, it also disrupted some of the natural defenses of traditional architectures against...
Conference Paper
Full-text available
Recent breakthroughs in genomic sequencing led to an enormous increase of DNA sampling rates, which in turn favored the use of clouds to efficiently process huge amounts of genomic data. However, while allowing possible achievements in personalized medicine and related areas, cloud-based processing of genomic information also entails significant pr...
Conference Paper
Full-text available
People usually are aware of the privacy risks of publishing photos online, but these risks are less evident when sharing human genomes. Modern photos and sequenced genomes are both digital representations of real lives. They contain private information that may compromise people's privacy, and still, their highest value is most of times achieved on...
Conference Paper
Full-text available
Thanks to the rapid advances in sequencing technologies, ge-nomic data is now being produced at an unprecedented rate. To adapt to this growth, several algorithms and paradigm shifts have been proposed to increase the throughput of the classical DNA workflow, e.g. by relying on the cloud to perform CPU intensive operations. However, the scientific...
Article
Full-text available
Security is an increasingly fundamental requirement in Software-Defined Networking (SDN). We estimate the slow pace of adoption of secure mechanisms to be a consequence of the overhead of traditional solutions and of the complexity of the support infrastructure required. In this paper we address these two problems as a first step towards defining a...
Conference Paper
Full-text available
Intel SGX is the latest processor architecture promising secure code execution despite large, complex and hence potentially vulnerable legacy operating systems (OSs). However, two recent works identified vulnerabilities that allow an untrusted management OS to extract secret information from Intel SGX's enclaves, and to violate their integrity by e...
Conference Paper
Semi-autonomous driver assists are already widely deployed and fully autonomous cars are progressively leaving the realm of laboratories. This evolution coexists with a progressive connectivity and cooperation, creating important safety and security challenges, the latter ranging from casual hackers to highly-skilled attackers, requiring a holistic...
Article
The paper addresses the problem of providing message latency and reliability assurances for control traffic in wide-area IP networks. This is an important problem for cloud services and other geo-distributed information infrastructures that entail inter-datacenter real-time communication. We present the design and validation of JITeR (Just-In-Time...
Conference Paper
Full-text available
Finding the balance between privacy protection and data sharing is one of the main challenges in managing human genomic data nowadays. Novel privacy-enhancing technologies are required to address the known disclosure threats to personal sensitive genomic data without precluding data sharing. In this paper, we propose a method that systematically de...
Article
Full-text available
Traditional IP networks are complex and hard to manage. The vertical integration of the infrastructure, with the control and data planes tightly coupled in network equipment, makes it a challenging task to build and maintain efficient networks in an era of cloud computing. Software-Defined Networking (SDN) breaks this coupling by segregating networ...
Article
Full-text available
Software-Defined Networking (SDN) is an emerging paradigm that promises to change the state of affairs of current networks, by breaking vertical integration, separating the network's control logic from the underlying routers and switches, promoting (logical) centralization of network control, and introducing the ability to program the network. The...
Conference Paper
The overall performance improvement in Byzantine fault-tolerant state machine replication algorithms has made them a viable option for critical high-performance systems. However, the construction of the proofs necessary to support these algorithms are complex and often make assumptions that may or may not be true in a particular implementation. Fur...
Article
The rise in biobanking (collecting and storing human biological material) has increased the need to store large quantities of related data and make that data available to researchers and others. However, this introduces concerns regarding data security and dependability. The BiobankCloud project is developing technology to help create e-biobanking...
Conference Paper
Full-text available
Software-defined networking empowers network operators with more flexibility to program their networks. With SDN, network management moves from codifying functionality in terms of low-level device configurations to building software that facilitates network management and debugging. By separating the complexity of state distribution from network sp...
Article
Full-text available
The increasing use of productivity and impact metrics for evaluation and comparison, not only of individual researchers but also of institutions, universities and even countries, has prompted the development of bibliometrics. Currently, metrics are becoming widely accepted as an easy and balanced way to assist the peer review and evaluation of scie...
Article
Full-text available
We present two asynchronous Byzantine fault-tolerant state machine replication (BFT) algorithms, which improve previous algorithms in terms of several metrics. First, they require only 2f+1 replicas, instead of the usual 3f+1. Second, the trusted service in which this reduction of replicas is based is quite simple, making a verified implementation...
Article
Full-text available
The paper refers to CRUTIAL, CRitical UTility InfrastructurAL Resilience, a European project within the research area of Critical Information Infrastructure Protection, with a specific focus on the infrastructures operated by power utilities, widely recognized as fundamental to national and international economy, security and quality of life. Such...