ATHENA: Authenticated Encryption Analysis

As opposed to a traditional block cipher that only provides confidentiality, Authenticated Encryption (AE) is a cryptographic primitive achieving confidentiality, integrity, and authenticity in a single function. AE is a fundamental concept in e.g. TLS, with several cipher suites utilizing AES Galois Counter Mode (GCM). Briefly, a TLS Cipher Suite is a combination of cryptographic algorithms to achieve a number of high level security goals.

ATHENA is a two year Academy of Finland project (grant 303814, PI Assistant Professor Billy Bob Brumley) that scrutinizes one of those goals in particular: authentication. Furthermore, in the context of real-world systems and protocols, TLS being the focus and OpenSSL the most popular open source implementation. ATHENA is coming to an end this year, so in this blog post we highlight three research results from this successful NISEC project.

Continue reading

Posted in Projects, Uncategorized | Tagged , , | Leave a comment

Davide Taibi’ Colloquium on Microservices at the ZHAW Zurich University of Applied Sciences

Davide Taibi has been invited to present his research on Cloud Software Engineering at the Service Prototyping Lab of the ZHAW Zurich University of Applied Sciences.

Colloquium on “Microservice migration: motivations, patterns and antipatterns”

He presented the research carried out in the context of migration to microservices.





Microservices is a relatively new architectural pattern. They are increasing their popularity in the industry, being adopted by several big players such as Netflix, Spotify, Amazon, and many others and several companies are now following the trend, migrating their systems to microservices. However, microservices are not the silver bullet, and several companies are migrating to microservices hoping to achieve different benefits.

In this seminar, he presented his research interests, and latest publications, introducing the motivations, issues, and benefits of microservices[1] including technical and cost issues [4]. He presented the most common microservices migration processes, microservices architectural patterns [2],  microservice bad smells [3] and a process mining approach to slice monolithic systems into microservices [under review]. Moreover, he introduced technical debt and continuous architecture issues during the rearchitecting processes [5] and the initial result of a migration framework to evaluate the effectiveness of the migration to microservices.

More information can be found on the slides presented during the seminar and on the referenced papers.


[1] D. Taibi, Lenarduzzi, V. , and Pahl, C. , “Processes, Motivations and Issues for Migrating to Microservices Architectures: An Empirical Investigation”, IEEE Cloud Computing Journal, vol. 4, no. 5, 2017.

[2] D. Taibi, Lenarduzzi, V. , and Pahl, C. , “Architectural Patterns for Microservices: A Systematic Mapping Study”, in 8th International Conference on Cloud Computing and Services Science, CLOSER , 2018

[3] D. Taibi and Lenarduzzi, V. , “On the Definition of Microservice Bad Smells”, IEEE Software , vol. 35, no. 3, 2018

[4] P. Rosati, Fowley, F. , Pahl, C. , Taibi, D. , and Lynn, T. , “Making the Cloud work for Software Producers: linking Architecture, Operating Cost and Revenue”, in 8th International Conference on Cloud Computing and Services Science, 2018

[5] L. Valentina and Davide, T. , “Microservices, Continuous Architecture, and Technical Debt Interest: An Empirical Study”, in Euromicro/SEAA, Prague, 2018

Posted in research, research visit | Leave a comment

Conference trip to DSD/SEAA 2018 in Prague

The Euromicro Digital System Design (DSD)/Software Engineering and Advanced Application (SEAA) conference in Prague displayed a wide spectrum of ongoing research activities and topics. Our lab had six participants this year attending both the SEAA and DSD sides of the joint conference: Valentina Lenarduzzi, Davide Taibi, Sampo Suonsyrjä, Mikko Teuho, Esko Pekkarinen and Markku Vajaranta.

Davide, Valentina, Sampo, Esko, Mikko and Markku at the Old Town Square.

On the first conference day, Tuesday, the posters were put up and presented. Markku presented his poster titled Feasibility of FPGA Accelerated IPsec on Cloud as a part of the Architectures and Hardware for Security Applications track.

Network design for FPGA accelerated IPSec.

IPsec is a popular VPN solution which in some cases becomes very resource-hungry. The work presented how the packet encryption and decryption parts can be accelerating using an FPGA and what real life limitations production-ready solutions face.

Mikko had a poster prepared and presented his work titled Visualization of Memory Map Information in Embedded System Design. Data representation and compression must consider how to visually represent the domain specific artifacts, how to filter data based on context and user, and how to fit and navigate the information in the limited screen space. A detailed approach is needed to detect changes, discover error situations and explore the different choices of changeable items. We presented a method that has been implemented as a Memory Designer tool for ASIC, FPGA and embedded systems using the IP-XACT standard. The presented method compresses the initial  visualization, retaining the same information as the original, and provides access and adjustment of the memory layout from a single view, complementing the “programmer’s view” to the system.

Even though the DSD conference is more hardware oriented, it is good to see the growing interest in the security aspects as well. Unfortunately, the poster session itself was  quiet and only few visited the posters during the session. We suspect it was because of the very good coffee served in the conference while the poster sessions were on.

Sampo starting his presentation in the EBEDE session.

On the SEAA side, Sampo presented his paper Objectives and Challenges of the Utilization of User-Interaction Data in Software Development on Thursday. The study covered the work our group had done with three software teams from the industry and the N4S research program and consisted of three parts. First was designing an utilization method for software teams that want to start using more user-interaction data in their daily work. The second part listed objectives for the teams of how to analyze the collected data and where to use it. Finally, in the third part we interviewed our case teams and described what kind of challenges they had faced with starting the use of user-interaction data for guiding the software processes. The results got the attention of the audience and for example the challenges were similar to the experiences of some of the listeners.

The Evidence Based and Experiment Driven Engineering (EBEDE) session was really well organized: It tightly focused on software usage data and how software development could be arranged as continuous experimentation. No wonder the room was pretty much packed!

If you got interested in using usage data or in continuous experimentation in general, please feel free to contact Sampo ( for more info.

The conference dinner on Thursday evening was preceded by a guided walk tour in the city. In 90 minutes we got introduced to the main sights in and around the Old Town. At the dinner venue, the Kaiserstein palace, we were seated in a grand hall for a short live concert of classical music before the evening truly celebration began. The evening program captured the essence of Prague very nicely: history, architecture and music.

View of the Prague Castle.

On Friday we jump back to DSD, where Esko presented his paper Modeling RISC-V processor in IP-XACT.  Despite IP-XACT’s wide popularity in the industry, there are practically no public and open design examples for any part of the design flow. We have identified the difficulty of creating IP-XACT models for existing RTL projects as one of the major inhibitors. In this work, we address the issues by modeling the PULPino RISC-V microprocessor that is implemented in SystemVerilog and where the project is distributed over several repositories. We propose how to solve the mismatching concepts between a SystemVerilog-based project and IP-XACT for easier packaging of future projects.  The final PULPino model contributes to the rare public non-trivial examples for better adoption of the IP-XACT methodology.

In the afternoon Davide and Valentina presented their paper Microservices, Continuous Architecture, and Technical Debt Interest: An

Davide presenting the paper results.

Empirical Study in the SEAA Work-in-progress track. Continuous architecting recommends postponing decisions until they are absolutely necessary. This approach is especially applied in the context of migration of microservices. In this work, we conducted a preliminary case study to understand the trend of technical debt monitoring of an SME that migrated its monolithic system to microservices. The result is that the total amount of technical debt grows much faster in a microservices-based system, probably due to the large number of postponed refactoring activities. The migration to microservice initially increase the amount of technical debt and the more the activities are delayed, the more interest will be accrued.

Once more, thank you all for the great conference trip. Hope to meet you in DSD/SEAA next year!

Posted in conference, events | Leave a comment

Project GloFuMe 2014-2018

We are starting a new series, “Project of the day”, where we will weekly introduce a research project underway at the Pervasive Computing lab. First up is an Academy of Finland project GloFuMe, which is just ending.


GloFuMe stands for “Optimizing Global Software Projects with Fuzzy Meta-Heuristics”. As the title suggests, the project deals with a software projects (in the context of global software development), and meta-heuristics – with the added flavoursof utilizing fuzzy logic to help with non-numerical input that would be given to the heuristic algorithms.  The main idea was to study global software development projects particularly from an architecture-centric viewpoint – how could the software architecture and the project organization (tasks, teams, people, skills, etc.) be aligned to optimize the projects in terms of effort, cost and time – among other things.

Thus, the project originally had the following objectives:

• Providing a framework for optimizing cost, duration, effort, skills utilization, communication and work allocation in GSD projects
• Linking software architecture solutions to GSD project management issues
• Providing a tool realizing the GSD project optimization framework, augmented with architecture solution proposals

The ultimate goal was thus a tool, where software architecture design would co-evolve with the software project setup, and the two would be continually aligned and optimized to best fit the organization and its goals.

The project started out by mapping software architecting challenges and practics. Together with researchers from Lero – the Irish Software Research Centre, we performed a systematic literature review to answer the questions of what kind of challanges exist in architecting in GSD projects, and what kind of practices there are. We then continued the work by interviewing architects from several companies engaged in distributed software development. We asked about the challenges they had encountered in distributed software development, what kind of practices they had and particularly what kind of practices they had in software architecting.

The project entailed several visits to Limerick to work with researchers at Lero

Throughout the project there was a need to gain access to actual project data from a company involved in distributed software development. Due to a number of hiccups in securing this data, work that would lead to the practical implementation of the tool and algorithms (all requiring the project data) has only started in the past six months. We plan to do case studies with the data and then begin constructive research by actually building the algorithms and the tool and testing it within the company setup – at the same time reflecting on what we have learned from the background studies.

The project started in September 2014, and had funding for three years from the Academy of Finland. As a post-doc project, there is only funding for the main researcher, the undersigned, instead of having an actual research team. The project has been carried out solely by the undersigned, Dr. Sievi-Korte, who has a background in software architecture and utilizing genetic algorithms. There has been very close collaboration with people from Lero, and now with a Finnish company.

The project timeframe was extended for one year as the main researcher took time away to have a baby, and so the project is now ending in mid-September, 2018. The work will still continue, though, as we now have working collaboration with a company. Thus, the project goals are well underway, although in a slower timeframe than expected. We already have as results checklists for architecting in GSD, practice-challenge frameworks and guidances on how to aid the social aspects of GSD. More results to be expected in the coming years.


Posted in Project of the Day, Projects, research | Tagged , , | Leave a comment

3DFysio -projektista, tervehdys!

Kirjoittanut Anu Lehtiö, projektitutkija, 3DFysio -projekti

Päivitetäänpä hieman 3DFysio –projektin (Kelan etäkuntoutushanke) kuulumisia näin syksyn alkuun. Viimeiset haastattelu- ja kyselykierrokset etäkuntoutujille saatiin valmiiksi kesäkuussa. Laadullinen aineisto on nyt perattu analysoitavaan muotoon ja varsinainen tulosten seulonta käynnistynyt. Sovelluksesta tullutta logidataa vielä odotellessa…

Matskua on runsaasti ja olemme pohtineet sopivaa näkökulmaa tieteelliseen artikkeliin sekä Kelan yhteisjulkaisuun. Kirjoitusaikaa on marraskuulle ja ihan jokaisen ajatusjäniksen perään ei ole mahdollista sännätä. Tutkimuksen keskeisenä teemana oli selvittää, millaiset seikat vaikuttavat kuntoutujan motivaatioon pitempiaikaisessa etäkuntoutuksessa. Kuten osallistujat itsekin totesivat, kuntoutuksen kotijaksoilla on keskeinen merkitys kokonaisuuden onnistumiselle. Viikon huhkiminen kylmiltään lähijaksoilla kuntoutuskeskuksessa tekee vain kipeäksi ja harvemmin motivoi pysyvämpään elämänmuutokseen.

Mikä siis avuksi? 3DFysio –sovelluksessa motivaatiota pyrittiin ylläpitämään erilaisilla toiminnallisuuksilla. Sovellusta käyttäneet kuntoutujat kokivat merkityksellisiksi henkilökohtaisen kunto-ohjelman avatarin opastamana ja sovelluksen tarjoaman suoran yhteyden omaan fysioterapeuttiin. Pelko ”väärin tekemisestä” helpotti ja kuntoutuminen tuntui jaetulta, yhteiseltä projektilta, johon myös fysioterapeutti antoi jatkuvaa taustatukea. Valitulla välineellä, tabletilla, oli myös merkitystä. Toisin kuin paperiohjeet, tabletti otettiin osaksi arkea ja se toimi muistuttajana, valmentajana ja jopa jumppakaverina.

Jotta etäkuntoutuksen motivaatiotekijöistä saisi kokonaisvaltaisemman kuvan, vertaamme tutkimukseen osallistuneita eri ryhmiä keskenään. Perinteisiä paperiohjeita käyttäneiden kuntoutujien diskurssissa itsenäinen selviytyminen ja ’konkarikuntoutujuus’ korostui sovellusta käyttäneitä enemmän. Fysioterapeuttien näkemys taas kattoi käsityksen erilaisista kuntoutujatyypeistä ja heidän tarpeistaan. Heidän arvioihinsa sovelluksen käyttökelpoisuudesta vaikutti kuntoutujia enemmän esimerkiksi tekniset ongelmat ja yhteydenpidon tuoma mahdollinen lisätyö.

Tältä pohjalta olisi siis tarkoitus selventää kuvaa siitä, miten nämä erilaiset käyttäjäkokemukset voisi sovittaa yhteen toimivalla tavalla. Millaisia vaatimuksia ne asettavat etäkuntoutusteknologioille? Millaisia rajoitteita, mahdollisuuksia tai ehdotuksia niiden pohjalta voi tunnistaa? Ja millaisia design-suuntaviivoja niiden pohjalta voi määritellä. 3DFysio -projekti jatkuu helmikuun 2019 loppuun.

Wish us luck! Myötätuulta myös muiden syksyn projekteihin!

Osallistujien mielestä sovellus sopii myös muille kuin reumakuntoutujille.

Posted in Digikuntoutus, Uncategorized | Leave a comment

Teekkarilähettiläät were trained to show Pepper in events!


Human-Centered Robotics team has become very popular since Pepper arrived. We are all the time asked to show Pepper in different kinds of events and happenings. Which is fun ofcourse 🙂 Pepper is such a star! However, as we need to concentrate on teaching and research, we have now together with Communications people, trained around 8 students for Pepper demonstration. Today we had a really nice and effective training session given by Aleksi Hiltunen, where the students learned how to pack and unpack Pepper, how to handle it and show the demos on it.

We wish for pleasant experiences and events with Pepper, THE STAR! The first event, Red Carpet Festival will be already on Sunday in Hyvinkää.

Written by Aino

Posted in RoboUX, Uncategorized | Leave a comment

Building a connection between Pepper and Fuksis

Hello everyone,

This post relates both to my master’s thesis as well as Psychology of Pervasive Computing course 2018, where I work as a teaching assistant.

Recently, I have conducted an interesting field study related to my master’s thesis, which was to find out the experience of new students with the social robot Pepper and the tasks they preferred to perform with Pepper. Pepper has been living with us for about a year now and had several emotional impact on us. However, this time we wanted to study what emotional and psychological impact this little guy leaves on the new students.

When Pepper was first taken to the field trial, I could observe different kind of emotions among the crowd. These emotions mostly engage non-verbal cues. For example, there were many new students where Pepper was located. Initially, they would stare at Pepper for a while and the next moment they would disconnect the eye contact. Some would just observe from a distance and smile. When they were asked if they want to interact with Pepper, they would hesitantly agree. These nonverbal cues reflect curiosity and anxiety. On the other hand, many excited participants approached Pepper saying, “Wow what a cool robot!” According to the lecture slide “Motivation and emotion”, emotions sometimes drive people to make decisions, which was clearly reflected in the field study. From the survey questionnaire, people were motivated to interact with Pepper because they were excited. However, some people declined to participate in the beginning, but they were motivated to participate when my fellow colleague said, “Please participate for science”. Moreover, some people waited to interact with Pepper because they study Robotics and AI and their motivation was to know what projects were going on related to their major studies. Therefore, according to lecture 6 “intrinsic motivation” drove most of the participants to participate in the study.

Peers waiting for participant to interact with Pepper

One more interesting psychological factor influenced the new students, which was peer pressure. De Graaf [2] mentioned that technology acceptance depends on social factors when they are voluntary. Most of the students were with their tutor group and preferred to be in the group rather than interacting with Pepper. On the other hand, the whole group would wait if one person wanted to interact with Pepper. This seemed to be the undefined social norms, which the tutor group followed during their campus tour. Many interesting things happened during the interaction phase. Some interacted in groups and tried to ask funny questions to Pepper. Pepper would randomly ask participants to give them a hug and they would smile at it.

Can I hug you?

Social robots are new compared to other technologies and have not been seen commonly yet. Therefore, there is a wow-factor, which emotionally drives and motivates people to interact with it. Onchi [1] talks about how a direction-showing robot is warmly accepted over a paper map. This is an indication that, people tend to accept interactive and new technologies. Also, in my study, participants would comment like “Screens are boring and robot is more interactive and personal”. One participant also said, “It is better to ask a robot because it will not judge me”. Overall it was a nice experience to understand the psychological needs and drives of the international students to interact with Pepper.

Written by Aparajita Chowhury


1. Onchi, E., Lucho, C., Sigüenza, M., Trovato, G., & Cuellar, F. (2016, November). Introducing IOmi-A Female Robot Hostess for Guidance in a University Environment. In International Conference on Social Robotics (pp. 764-773). Springer, Cham.
2. de Graaf, M. M. A., & Ben Allouch, S. (2013). Exploring influencing variables for the acceptance of social robots. Robotics and Autonomous Systems, 61(12), 1476-1486. doi:10.1016/j.robot.2013.07.00

Posted in RoboUX, Uncategorized | 2 Comments

ERC Grant received by Billy Brumley – Warmest congratulations!

This is how Billy describes his achievement and encourages other researchers to apply for it :

What are the details of the project?

Side-Channel Analysis (SCA) is an offensive security technique that targets secrets in implementations of security-critical devices. Examples of existing side-channels include power consumption, electro-magnetic radiation, timing, and acoustic emanations. At a high level, “SCARE: Side-Channel Aware Engineering” will discover new side-channels, utilize them to develop attacks on real-world devices and protocols, and mitigate the attacks with a regression testing approach.

What kind of grant is this? Can researchers from all fields apply for it?

ERC Starting Grant is a basic research funding mechanism for early career scholars with a 2-7 year old doctoral degree. The panels are quite diverse so the funding is available across many (most?) fields.

Which people supported you in the application process?

The biggest support came from TUT research services personnel. Especially Tuukka Pöyry for the initial application process, then also Kaisa Männikkö and Jörg Langwaldt during the extensive training sessions, following information from the ERC that I’d made the short list for interview.

What was your first reaction when you received the decision?

In all honesty, the email from the ERC was not incredibly clear! Even containing the statement “At this stage this message should in no way be considered as a commitment of financial support by the European Research Council.” So I thought it might be just another informational email from the ERC about the application status. It wasn’t until I started receiving messages from TUT colleagues that I realized!

How is the ERC-StG process and funding different from other funding you’ve obtained?

For the 2018 call, ERC-StG success rate was roughly 13%. This is very comparable to 2018 Academy of Finland rates at 14%. The difference is ERC-StG funding is 1.5 MEUR over 5 years: significantly higher than AoF funding. The decision is also great timing for me and my team, since my current AoF grant is ending this month!

From the constructive criticism I received in my ERC-StG evaluation report, I can also tell the ERC did an excellent job of matching my application with domain experts. From the feedback, the critical points were all valid.

Once more, warmest congratulations from the Lab!

Posted in Uncategorized | Leave a comment

Advanced course on real-time Linux on SoC-FPGA

TUT and Wapice are organizing a special hands-on course TIE-50307 on embedded Linux in fall 2018. This course focuses on IoT and intelligent machine devices running Linux on custom HW and real time constraints.

The main topics are

  • Building Linux for custom platforms using Yocto
  • Writing kernel drivers and interrupt services for custom HW blocks
  • Measuring interrupt performance with a configurable interrupt source
  • Tuning Linux for real-time use

The course is implemented as a seminar with guest lectures, weekly exercises and student group presentations on literature. We use Xilinx ZYNQ SoC-FPGAs as the platform, open source tools and FPGA blocks by courtesy of Wapice.

The course is intended for late-stage master’s students and doctoral students who already know operating systems, C/C++ programming and at least basics of FPGA designs. We have 36 seats available because of the seminar implementation.

Please sign up to TIE-50307 at the latest by Sep 3 2018. You may take the course also via Open University, but note that the deadline for applications is Aug 23.2018 and note that we might not be able to accept all applicants. The course starts on week 35 (Sept 3 2018). See details from POP when signed up.

Posted in teaching | Leave a comment

Person of the Day: University Lecturer Terhi Kilamo

 I’m Terhi, a long time member of the Pervasive Computing staff and a graduate of TUT. Since May 2017 I have been working as a University Lecturer. However, I have just recently returned to work after being on family leave for a bit. Before my current position I have been working in both teaching and research for many years.

Today, I teach programming. My main responsibility is Ohjelmointi 3: Tekniikat with its English counterpart Programming 3: Techniques. I’m also supervising both bachelor’s and master’s theses – a part of teaching I particularly like. I am active in our laboratory’s work towards the new Tampere University as well as other more administrative things such as curriculum planning, degree programs and other wibbly wobbly stuff.

My research interests are in modern software development. My doctoral work was about Open Source Software development and during my time as a post-doctoral researcher I focused on DevOps, Continuous Development and how software teams in general work best. 

On my free time I enjoy skiing, running, swimming and cycling. I am a geek so I also spend time watching movies and reading a good book. I have a special soft spot for Shakespeare. The Tempest is my favourite.

“We are such stuff
As dreams are made on, and our little life
Is rounded with a sleep.”
– Prospero, The Tempest Act 4, scene 1

Posted in employee of the day | Leave a comment