Sep 152014

“Updaticator: Updating Billions of Devices by an Efficient, Scalable and Secure Software Update Distribution Over Untrusted Cache-enabled Networks”; M. Ambrosin, C. Busold, M. Conti, A. Sadeghi, M. Schunter, accepted at ESORICS 2014.

Secure and fast distribution of software updates and patches is essential for securing systems. Today, each device downloads updates individually from a software provider distribution server. This approach does not scale to large systems with billions of devices where the network bandwidth of the server and the local Internet gateway soon become bottlenecks. Cache-enabled Network (CN) services (either proprietary, as Akamai, or open Content-Distribution Networks) can reduce these bottlenecks. However, currently they do not offer security guarantees against potentially untrusted CN provider that try to threaten the confidentiality of the updates or the privacy of the users.
In this paper, we propose Updaticator, the first protocol for software updates over Cache-enabled Networks that is scalable to billions of concurrent device updates while being secure against malicious networks. We evaluate our proposal considering Named-Data Networking, a novel instance of Cache-enabled overlay Networks. Our analysis and experimental evaluation show that our solution removes the bottlenecks of individual device-update distribution, by reducing the network load at the distribution server from linear in the number of devices to a constant even if billions of devices are requesting updates. Furthermore, the download time is negligible due to local caching when compared to the state-of-the-art individual device-update mechanisms. Thus, our solution makes secure updates practical even for a large number of devices.

Download (PDF, 464KB)

 Posted by at 13:05
Aug 212014

I am participating in the program committee of SEGS2014.


The 2nd Smart Energy Grid Security (SEGS) Workshop aims to foster innovative research and discussion about smart energy grid security and privacy challenges, approaches, and solutions. SEGS’14 takes places in Scottsdale, Arizona in conjunction with ACM CCS 2014.

SEGS seeks paper submissions from academia, industry, and government institutions presenting novel research on all theoretical and practical aspects of smart grid security and privacy, including design, analysis, experimentation, and fielded systems. We encourage submissions from other communities, such as law, economics, and HCI, that present these communities’ perspectives on technological issues.

The scope of the workshop encompasses all aspects of the smart grid, including distribution, transmission, generation, metering, e-mobility, and integration of distributed energy resources.

 Posted by at 14:22
Apr 052014

I will serve as a program committee member of the 20th IEEE International Conference on Parallel and Distributed Systems (ICPADS 2014).

The call for papers can be found at


Important Dates

  • On-line submission system open: April 10, 2014
  • Deadline for paper submissions: July 1, 2014
  • Notification of paper acceptance: September 2, 2014
  • Deadline for author registration: October 7, 2014
  • Deadline of camera-ready version: October 11, 2014


Important dates are:

Dec 292013

November 2013, we have kicked off our new EU Research project PRACTICE.

“The mission of PRACTICE is to design cloud computing technologies that allow computations in the cloud thus enabling new business processes while keeping the used data secret. Unlike today – where insiders can access sensitive data – PRACTICE will prevent cloud providers and other unauthorized parties from obtaining secret or sensitive information.”

Jun 232013

I’ll participate in the Program Committee of the ACM Cloud Computing Security Workshop. .

Please consider submitting your latest research on cloud security.
Important Dates (tentative)
Submissions due: July 23, 2013 (midnight anywhere in the world)
Author notification: August 23, 2013
Camera-ready: August 30, 2013
Workshop: November 8, 2013