Publications & Demonstrators

All accepted publications from SPARTA partners under its funding as well as videos presenting some of the work done under SPARTA


CFI: Control Flow Integrity or Control Flow Interruption?

Nicoló Maunero, Paolo Prinetto, Gianluca Roascio

Runtime memory vulnerabilities, especially present in widely used languages as C and C++, are exploited by attackers to corrupt code pointers and hijack the execution flow of a program running on a target system to force it to behave abnormally. This is the principle of modern Code Reuse Attacks (CRAs)...More>>

Domains: control, flow

Reflection: An Essential Step Towards Whole-Program Analysis of Android Apps

Xiaoyu Sun, Li Li, Tegawendé F. Bissyandé, Jacques Klein, Damien Octeau, John Grundy , Taming

\ Abstract: Android developers heavily use reflection in their apps for legitimate reasons. However, reflection is also significantly used for hiding malicious actions. Unfortunately, current state-of-the-art static analysis tools for Android are challenged by the presence of reflective calls which they usually ignore. Thus, the results of their security analysis,...More>>

Domains: Android, Apps

A Formal Security Assessment Framework for Cooperative Adaptive Cruise Control

Yuri Gil Dantas (fortiss, Germany), Vivek Nigam (fortiss, Germany), Carolyn Talcott (SRI International, USA)

Abstract—For increased safety and fuel-efficiency, vehicle pla- toons use Cooperative Adaptive Cruise Control (CACC) where vehicles adapt their state, incl. speed and position, based on information exchanged between vehicles. Intruders, however, may carry out attacks against CACC platoons by exploiting the communication channels used to cause harm, e.g., a vehicle...More>>

Domains: attacks, formal, verification, platoon, security

Privacy Enhancing Technologies for solving the Privacy-Personalization Paradox

Nesrine Kaaniche, Maryline Laurent and Sana Belguith

Personal data are often collected and processed in a decentralized fashion, within different contexts. For instance, with the emergence of distributed applications, several providers are usually correlating their records, and providing personalized services to their clients. Collected data include geographical and indoor positions of users, their movement patterns as...More>>

Domains: Privacy, enhancing, technologies, Recommendation, services, Web-search, engines, Pervasive, applications, Location-based, Profile-based, Cryptographic, trends, Secure, communications, Anonymous, certification, Private, information, retrieval, multi-party, computation, Homomorphic, encryption, Trust, models

A Method for Managing GDPR Compliance in Business Processes

Matulevičius R., Tom J., Kala K., and Sing E..

Organisational compliance with the Generic Data Protection Regulation (GDPR) is a challenging task. In this paper, we present a GDPR model and its supporting method to manage compliance to the regulation in business processes. Based on a running example, we illustrate how the method is applied to extract an as-is...More>>

Domains: Organisational, compliance, Generic, Data, Protection, Regulation, (GDPR)

Never Trust Your Victim: Weaponizing Vulnerabilities in Security Scanners

Andrea Valenza, Gabriele Costa, Alessandro Armando

The first step of every attack is reconnaissance, i.e., to acquire information about the target. A common belief is that there is almost no risk in scanning a target from a remote location. In this paper we falsify this belief by showing that scanners are exposed to the same risks...More>>

Domains: Research, in, Attacks, Intrusions, Defenses

Another Look at Privacy-Preserving Automated Contact Tracing

Qiang Tang

In the current COVID-19 pandemic, manual contact tracing has been proven very helpful to reach close contacts of infected users and slow down virus spreading. To improve its scalability, a number of automated contact tracing (ACT) solutions have proposed and some of them have been deployed. Despite the dedicated efforts,...More>>

Domains: Cryptography, Security, (cs.CR);, Computers, Society, (cs.CY)

dg2pix: Pixel-Based Visual Analysis of Dynamic Graphs

Eren Cakmak, Dominik Jäckle, Tobias Schreck, Daniel Keim

Presenting long sequences of dynamic graphs remains challenging due to the underlying large-scale and high-dimensional data. We propose dg2pix, a novel pixel-based visualization technique, to visually explore temporal and structural properties in long sequences of large-scale graphs. The approach consists of three main steps: (1) the multiscale modeling of...More>>

Domains: Human-centered, computing, Visualization, Visualization, techniques, Machine, learning, Learning, paradigms, Unsupervised, learning

Multiscale Snapshots: Visual Analysis of Temporal Summaries in Dynamic Graphs

Eren Cakmak, Udo Schlegel, Dominik Jäckle, Daniel Keim, Tobias Schreck

The overview-driven visual analysis of large-scale dynamic graphs poses a major challenge. We propose Multiscale Snapshots, a visual analytics approach to analyze temporal summaries of dynamic graphs at multiple temporal scales. First, we recursively generate temporal summaries to abstract overlapping sequences of graphs into compact snapshots. Second, we apply...More>>

Domains: Dynamic, Graph, Network, Unsupervised, Graph, Learning, Embedding, Multiscale, Visualization