Short Bio

Dorottya Futóné Papp was born in 1992 in Budapest. She received her BSc degree in Computer Science in 2014 and her MSc degree in Computer Science Engineering in 2016 from the Budapest University of Technology and Economics (BME). She started her PhD studies in September 2016. Sha has been involved with the Laboratory of Cryptography and System Security (CrySyS) since 2013 and with the Austrian Institute of Technology since 2015.

research | publications | teaching | miscellaneous


Cs. Tamás, D. Papp, L. Buttyán
SIMBIoTA: Similarity-Based Malware Detection on IoT Devices
6th International Conference on Internet of Things, Big Data and Security (IoTBDS)
Online streaming, April 2021
Link to pdf

D. Papp, M. Zombor, L. Buttyán
TEE-based protection of cryptographickeys on embedded IoT devices
Annales Mathematicae et Informaticae 53 (2021) pp. 245 - 256
Link to pdf


M. Juhász, D. Papp, L. Buttyán
Towards Secure Remote Firmware Update on Embedded IoT Devices
12th Conference of PhD Students in Computer Science
Szeged, Hungary, June 2020
Link to pdf

M. Bak, D. Papp, Cs. Tamás, L. Buttyán
Clustering IoT Malware based on Binary Similarity
6th IEEE/IFIP Workshop on Security for Emerging Distributed Network Technologies (DISSECT)
Budapest, Hungary, April 2020
Link to pdf


D. Papp, T. Tarrach, L. Buttyán
Towards Detecting Trigger-based Behavior In Binaries: Uncovering the Correct Environment
International Conference on Software Engineering and Formal Methods (SEFM)
Oslo, Norway, September 2019
Link to pdf
© Springer

D. Papp, K. Tamás, L. Buttyán
IoT Hacking - A Primer
Infocommunications Journal, 2nd Issue in 2019.
Link to pdf


D. Papp, L. Buttyán, Z. Ma
Towards Semi-automated Detection of Trigger-based Behavior for Software Security Assurance
ARES '17, Workshop on Software Assurance
Reggio Calabria, Italy, August-September 2017
Link to pdf


D. Papp, Z. Ma, L. Buttyán
RoViM: Rotating Virtual Machines for Security and Fault-Tolerance
EMC2 Summit at CPS Week 2016
Vienna, Austria, April 2016
Link to pdf


D. Papp, B. Kócsó, T. Holczer, L. Buttyán, B. Bencsáth
ROSCO: Repository Of Signed COde
Virus Bulletin 2015
Prague, Czech Republic, September 2015
Link to pdf

D. Papp, Z. Ma, L. Buttyán
Embedded System Security: Threats, Vulnerabilities, and Attack Taxonomy
IEEE International Confenrence on Privacy, Security, and Trust (PST)
Izmir, Turkey, July 2015
Link to pdf, Scripts

Master thesis

Embedded systems are dedicated to a single function in a larger system. They are present in every eld of our daily life, from routers to thermostats and are also commonly applied in safety-critical systems, such as industrial control systems, railway or automotive. These systems are also the main driving force behind the concept of the Internet of Things, where the majority of the connected devices will not be traditional computers but embedded systems.

Traditionally, embedded systems must conform with a number of requirements such as reliability, availability and fault-tolerance and safety. Safety of an embedded system ensures that the operation of the system does not endanger human life or the environment. However, a new requirement arises for embedded systems nowadays: security. The increased connectivity of devices and the usage of o-the-shelf software results in a scenario when a piece of malware is capable of undermining the safety of the embedded system and cause harm in the physical environment, like Stuxnet did. Embedded systems must be fortied against these attacks but the introduced security mechanisms must not hinder the system in conforming with safety requirements. As a result, safety and security should be designed together in embedded systems but the methodology required is still an area of active research.

This diploma project explores the emerging trend of virtualization in embedded systems as a basis on top of which embedded systems can be designed to satisfy both safety and security requirements. A system of rotating virtual machines is presented that provides proactive security for embedded devices while the multiple virtual machines in the system provide redundancy as a safety measure. The designed system satises liveness and safety requirements, the evaluation of which requirements was done with formal verication. The diploma project also includes a proof-of-concept implementation of the designed system by implementing and testing an Internet Protocol Security (IPsec) gateway.

Link to the master thesis: master thesis