CROSSCON
Cross-platform Open Security Stack for Connected Devices
Full project details (EU Research results portal): https://cordis.europa.eu/project/id/101070537
Project description:
IoT developers face a very fragmented landscape made of very different devices, from bare metal devices with few KB of RAM and limited or no security protection to devices equipped with powerful support for AI and with built-in hardware (HW) to implement Root of Trust (RoT) and Trusted Execution Environments (TEE). Such different devices coexist, and it is an open challenge to guarantee an acceptable level of security across the whole system to avoid “easy” entry points for attackers. The complexity is further exacerbated by the existence of many HW platforms, general purpose but also domain specific, each implementing proprietary instances of RoT and TEE that prevent or make it very difficult for applications and security services to interoperate. CROSSCON aims at addressing all these issues by designing a new open, flexible, highly portable and vendor independent IoT security stack that can run across a variety of different edge devices and multiple HW platforms to offer a consistent security baseline across an entire IoT system. A high-level assurance is guaranteed by the formal verification of the stack specifications. CROSSCON stack offers a unified set of trusted APIs to the layers above. It is modular and among all the security features it offers is possible to configure only the ones needed depending on the underlined HW and firmware. It leverages the security features already implemented in the layers below. In case such security features are missing, like in bare metal devices, the stack offers an entire TEE implementation suitable for such devices. As devices are getting more powerful and use cases more complex, there is the need to add new trusted services as building blocks to implement security at the higher levels, such as protection of the models given in input to ML engines embedded in HW or support for biometrics and template protections. CROSSCON provides the open specifications of the stack along with an open-source reference implementation.
EuroVoc IDs: /natural sciences/computer and information sciences/internet/internet of things
EU Programme: Horizon 2020
EU Project
Project publications:
| EU Project | Has Title | Has Category | Has Type | Has Year | Has DOI |
|---|---|---|---|---|---|
| CROSSCON | BUSted!!! Microarchitectural Side-Channel Attacks on the MCU Bus Interconnect | Cybersecurity, Privacy, and Trust | Conference proceedings | 2024 | https://doi.org/10.1109/SP54263.2024.00062 |
| CROSSCON | Efficient and Safe I/O Operations for Intermittent Systems | Cybersecurity, Privacy, and Trust | Conference proceedings | 2023 | https://doi.org/10.1145/3552326.3587435 |
| CROSSCON | HFL: Hardware Fuzzing Loop with Reinforcement Learning | Cybersecurity, Privacy, and Trust | Conference proceedings | 2025 | https://doi.org/10.23919/DATE64628.2025.10993080 |
| CROSSCON | RLFuzz: Accelerating Hardware Fuzzing with Deep Reinforcement Learning | Cybersecurity, Privacy, and Trust | Conference proceedings | 2025 | https://doi.org/10.1109/HOST64725.2025.11050051 |
| CROSSCON | Valkyrie: A Response Framework to Augment Runtime Detection of Time-Progressive Attacks | Cybersecurity, Privacy, and Trust | Conference proceedings | 2025 | https://doi.org/10.1109/DSN64029.2025.00053 |
| CROSSCON | Shedding Light on Static Partitioning Hypervisors for Arm-based Mixed-Criticality Systems | Cybersecurity, Privacy, and Trust | Conference proceedings | 2023 | https://doi.org/10.1109/rtas58335.2023.00011 |
| CROSSCON | Bridging the Interoperability Gaps Among Trusted Architectures in MCUs | Cybersecurity, Privacy, and Trust | Conference proceedings | 2025 | https://doi.org/10.1007/978-981-95-3543-9 15 |
| CROSSCON | Certified Secure Updates for IoT Devices | Cybersecurity, Privacy, and Trust | Conference proceedings | 2025 | https://doi.org/10.1007/978-3-031-92882-6 11 |
| CROSSCON | The Nonce-nce of Web Security: an Investigation of CSP Nonces Reuse | Cybersecurity, Privacy, and Trust | Conference proceedings | 2023 | https://doi.org/10.1007/978-3-031-54129-2 27 |
| CROSSCON | Cyber-physical metropolitan area digital substations test bench for evaluating intrusion detection systems | Cybersecurity, Privacy, and Trust | Conference proceedings | 2024 | https://doi.org/10.36227/techrxiv.171778519.94792591/v1 |
| CROSSCON | ?IPS: Software-Based Intrusion Prevention for Bare-Metal Embedded Systems | Cybersecurity, Privacy, and Trust | Conference proceedings | 2023 | https://doi.org/10.1007/978-3-031-51482-1 16 |
| CROSSCON | One for All and All for One: GNN-based Control-Flow Attestation for Embedded Devices | Cybersecurity, Privacy, and Trust | Conference proceedings | 2024 | https://doi.org/10.1109/SP54263.2024.00182 |
| CROSSCON | AppBox: A Black-Box Application Sandboxing Technique for Mobile App Management Solutions | Cybersecurity, Privacy, and Trust | Conference proceedings | 2023 | https://doi.org/10.1109/ISCC58397.2023.10217861 |
| CROSSCON | FreqFed: A Frequency Analysis-Based Approach for Mitigating Poisoning Attacks in Federated Learning | Cybersecurity, Privacy, and Trust | Conference proceedings | 2024 | https://doi.org/10.48550/arxiv.2312.04432 |
| CROSSCON | Device Behavioral Profiling for Autonomous Protection Using Deep Neural Networks | Cybersecurity, Privacy, and Trust | Conference proceedings | 2023 | https://doi.org/10.1109/ISCC58397.2023.10218275 |
| CROSSCON | Mind the CORS | Cybersecurity, Privacy, and Trust | Conference proceedings | 2023 | https://doi.org/10.1109/TPS-ISA58951.2023.00035 |
| CROSSCON | CryptojackingTrap: An Evasion Resilient Nature-Inspired Algorithm to Detect Cryptojacking Malware | Cybersecurity, Privacy, and Trust | Peer reviewed articles | 2024 | https://doi.org/10.21227/kwh4-0g27 |
| CROSSCON | BiRtIO: VirtIO for Real-Time Network Interface Sharing on the Bao Hypervisor | Cybersecurity, Privacy, and Trust | Peer reviewed articles | 2024 | https://doi.org/10.1109/ACCESS.2024.3512777 |
| CROSSCON | Fuzzerfly Effect: Hardware Fuzzing for Memory Safety | Cybersecurity, Privacy, and Trust | Peer reviewed articles | 2024 | https://doi.org/10.1109/MSEC.2024.3365070 |
| CROSSCON | HSP-V: Hypervisor-less Static Partitioning for RISC-V COTS Platforms | Cybersecurity, Privacy, and Trust | Peer reviewed articles | 2024 | https://doi.org/10.1109/ACCESS.2024.3399601 |
| CROSSCON | Beyond Random Inputs: A Novel ML-Based Hardware Fuzzing | Cybersecurity, Privacy, and Trust | Peer reviewed articles | 2024 | https://doi.org/10.23919/DATE58400.2024.10546625 |