Short Bio

Dorottya Papp was born in 1992 in Budapest. She received her BSc degree in Computer Science in 2014 and her MSc degree in Computer Science Engineering in 2016 from the Budapest University of Technology and Economics (BME). Since 2013 she has been working in the Laboratory of Cryptography and System Security (CrySyS), Department of Networked Systems and Services, Budapest University of Technology and Economics.

research | publications | teaching | miscellaneous


D. Papp, L. Buttyán, Z. Ma
Towards Semi-automated Detection of Trigger-based Behavior for Software Security Assurance
ARES '17, Workshop on Software Assurance
Reggio Calabria, Italy, August-September 2017
Link to pdf


D. Papp, Z. Ma, L. Buttyán
RoViM: Rotating Virtual Machines for Security and Fault-Tolerance
EMC2 Summit at CPS Week 2016
Vienna, Austria, April 2016
Link to pdf


D. Papp, B. Kócsó, T. Holczer, L. Buttyán, B. Bencsáth
ROSCO: Repository Of Signed COde
Virus Bulletin 2015
Prague, Czech Republic, September 2015
Link to pdf

D. Papp, Z. Ma, L. Buttyán
Embedded System Security: Threats, Vulnerabilities, and Attack Taxonomy
IEEE International Confenrence on Privacy, Security, and Trust (PST)
Izmir, Turkey, July 2015
Link to pdf, Scripts

Master thesis

Embedded systems are dedicated to a single function in a larger system. They are present in every eld of our daily life, from routers to thermostats and are also commonly applied in safety-critical systems, such as industrial control systems, railway or automotive. These systems are also the main driving force behind the concept of the Internet of Things, where the majority of the connected devices will not be traditional computers but embedded systems.

Traditionally, embedded systems must conform with a number of requirements such as reliability, availability and fault-tolerance and safety. Safety of an embedded system ensures that the operation of the system does not endanger human life or the environment. However, a new requirement arises for embedded systems nowadays: security. The increased connectivity of devices and the usage of o-the-shelf software results in a scenario when a piece of malware is capable of undermining the safety of the embedded system and cause harm in the physical environment, like Stuxnet did. Embedded systems must be fortied against these attacks but the introduced security mechanisms must not hinder the system in conforming with safety requirements. As a result, safety and security should be designed together in embedded systems but the methodology required is still an area of active research.

This diploma project explores the emerging trend of virtualization in embedded systems as a basis on top of which embedded systems can be designed to satisfy both safety and security requirements. A system of rotating virtual machines is presented that provides proactive security for embedded devices while the multiple virtual machines in the system provide redundancy as a safety measure. The designed system satises liveness and safety requirements, the evaluation of which requirements was done with formal verication. The diploma project also includes a proof-of-concept implementation of the designed system by implementing and testing an Internet Protocol Security (IPsec) gateway.

Link to the master thesis: master thesis