The Computing Systems & Software Engineering (CSE) group at UBITECH specializes in designing and developing robust, scalable, and secure software systems. Our mission is to advance cutting-edge software engineering methodologies, cloud-native architectures, and automation frameworks to support complex computing environments. The group works on integrating DevOps principles, AI-driven software quality assurance, and formal verification techniques to ensure reliable and efficient computing infrastructures.
Key Research Areas:
- Cloud-Native Software Architectures: Cloud computing is the backbone of modern applications, but achieving scalability, flexibility, and resilience requires specialized architectures. The CSE group focuses on microservices, container orchestration (Kubernetes, Docker), and serverless computing to build efficient cloud-native applications. Our research ensures seamless workload management, high availability, and optimized cloud resource utilization.
- Software Engineering (Design, Development and Integration): CSE group is experienced in the design, development, integration and deployment of complex systems, both in research and commercial projects. Through a team that consists of experienced full-stack developers, we specialize in software development using Java frameworks such as Spring and Quarkus to build custom, scalable, high-performance applications for a wide variety of domains. Through the design of APIs, the integration of appropriate systems such as databases, message queues and IAMs, and the setup of CI/CD pipelines we prepare solutions of high TRL.
- Model-Driven Engineering & Formal Verification: Ensuring software correctness and reliability is crucial, especially for safety-critical applications. The CSE group advances formal methods, such as model checking and theorem proving, to verify system behavior. We explore model-driven engineering (MDE) techniques that generate software from high-level specifications, reducing human error and improving maintainability.
- AI-Assisted Software Development: Artificial Intelligence is revolutionizing software engineering, enabling automation in code generation, bug detection, and performance optimization. The group develops AI-powered programming assistants, intelligent debugging tools, and automated refactoring techniques to enhance developer productivity. We explore generative AI, reinforcement learning, and predictive analytics for software engineering.
- DevSecOps & Secure Software Development: Security must be integrated into every stage of the software lifecycle. Our research focuses on DevSecOps pipelines, automated security testing, and vulnerability scanning to enhance software trustworthiness. We develop methodologies for automated compliance checking, secure CI/CD deployment, and runtime threat detection for cloud-native environments to safeguard software from evolving cyber threats.
Technological Domains
The Computing Systems & Software Engineering (CSE) Group focuses on developing scalable, efficient, and secure software solutions leveraging modern computing paradigms. Our key technological domains include:
- Cloud & Edge Computing: Managing infrastructure, developing cloud-native architectures, optimizing containerized applications, and integrating serverless computing frameworks. Technologies used: Kubernetes, K3s, Docker, Terraform, OpenShift, AWS Lambda, Knative, Helm Charts, Talos Linux
- Advanced Networking for Cloud-Edge Continuum: Advanced networking solutions enabling seamless connectivity, orchestration, and data flow across the cloud-edge continuum. Technologies used: WireGuard, HeadScale/Tailscale, OpenVPN, Mikrotik, Yggdrasil, CNI, Cillium, Calico, Zenoh
- Artificial Intelligence in Software Engineering: Implementing AI-driven approaches for automated software development, predictive maintenance, intelligent debugging, and predicting potential system issues.
- Software Performance Optimization: Predicting bottlenecks, memory leaks and performance degradation before their impact
- Code Quality Assessment: Identifying coding errors to prevent issues.
- Security Threat Detection: Detecting vulnerabilities and anomalies to strengthen cybersecurity measures
- Automate Resource Allocation: Predicting computational and network resources for cloud based applications.
- DevSecOps & Software Security: Embedding security at every stage of the software lifecycle using automated security analysis and vulnerability assessment tools. Technologies: SonarQube, OWASP ZAP, Ansible, Trivy, OpenClarity.
- Software Supply Chain Protection: End-to-end software supply chain security based on Bill of Material(xBOM) approach, with artifact provenance, integrity verification, and threat mitigation across build and deployment stages. Technologies used: SBOM, HBOM, CBOM, SLSA, CycloneDX, SPDX, in-toto, Syft/Grype
- Formal Verification & Software Quality Assurance: Applying mathematical and AI-based verification techniques to ensure the correctness and reliability of critical software systems. Methods: Model Checking, Theorem Proving, Fuzz Testing, TLA⁺, SAL.
- Identity and Access Management: Utilizing Keycloak, an open-source solution for authentication and authorization of applications and services, to Single Sign -On, providing seamless authentication across multiple applications using OpenID Connect, OAuth 2.0, and SAML. Furthermore, ABAC adjusts to changing user attributes without the need for manual role changes, in contrast to static role-based architectures leveraging Scalability and Adaptability
- (eHealth) Data Security and Privacy: Development of secure and scalable healthcare data exchange solutions leveraging the FHIR framework for interoperable electronic health records, consent management, and integration with state of the art medical frameworks like ORTHANC for efficient medical imaging storage and retrieval. Implementation of robust security measures to protect sensitive patient data while facilitating real-time collaboration and analytics in healthcare networks. Technologies used: FHIR R5, ORTHANC
- Data Federation & Data Spaces: Design and implementation of secure, interoperable data-sharing frameworks leveraging privacy-preserving technologies, cryptographic access controls, and decentralized trust mechanisms to enable seamless collaboration across heterogeneous data ecosystems. Technologies used : Attribute Based Encryption (ABE)
Specialized Expertise
- Cloud Native Applications Orchestration: CSE specializes in cloud-native applications and offers an advanced developer framework for cloud orchestration and infrastructure automation. It’s a full-scale software solution that allows the design, deployment, and management of cloud-native containerized components in both public and private cloud environments.
- Monitoring and Logging: Monitoring and logging, allowing for real-time observability, performance monitoring, and troubleshooting of cloud-native, containerized environments. The adoption of observability frameworks that integrate logging, metrics, and tracing along with the AI-driven anomaly detection for proactive issue resolution is one of the group focus areas.
Key technologies that the CSE group incorporates:- System & Infrastructure Monitoring : Tools that provide real-time monitoring of system performance, server health, and resource utilization (Netdata, Prometheus)
- Observability, Security, & Service Mesh Monitoring: tools designed to enhance system observability and security through monitoring, logging, and tracing.(Grafana, Kibana, OpenClarity)
- Distributed Tracing & Observability: Tools designed to trace requests across distributed applications, microservices, and serverless architectures. (Jaeger, OpenTelemetry)
- Log Aggregation: Centralized log management platforms that collect, index, and analyze logs from distributed sources. (EFK Stack)
- Identity and Access Control : Securing modern software applications and infrastructure utilizing identity and access control mechanisms. Our expertise in multiple technologies and approaches that ensure that users and systems have the right level of access while maintaining security, compliance, and operational efficiency. Leveraging industry-leading authentication and authorization frameworks like Keycloak along with ABAC allow to implement fine-grained access control, policy-driven security, and scalable identity management.
- Attribute-Based Access Control (ABAC): Through ABAC we provide a policy-driven access control model that grants permissions based on user attributes, environmental conditions, and resource policies. ABAC enables policies to consider real-time attributes like security clearance, device type, location that consider Dynamic Access Decisions. More precise control over who can access what, reducing over-provisioning of permissions with Fine-Grained Authorization. Technologies used: Casbin, Open Policy Agent (OPA), XACML, Balana
- Data Space Connectors: Development of secure and interoperable data-sharing connectors, enabling trusted exchange of healthcare metadata across distributed systems. Implementation of Data Space connectors with popular frameworks like EDC (Eclipse DataSpace Components) to ensure compliance with data sovereignty principles, enforce fine-grained access controls, and facilitate seamless interoperability between different stakeholders in the multiple domains like telecommunications and medicine (European Health Data Space).
- Data processing and Analytics : Big Data and Analytics play an essential part in extracting useful insights from vast amounts of structured and unstructured data. As the collection and the generation of massive datasets are continuous, the ability to process, analyze, and visualize this information is essential for decision-making, automation, and development. The group focuses on advancing scalable data architectures, optimizing data processing techniques, and leveraging AI-driven analytics to enhance efficiency and intelligence in various applications.
Key Technologies that the CSE group incorporates:- Data Storage and Management: Scalable storage architectures, hybrid data lakes, and real-time database management (Hadoop Distributed File System/HDFS, MinIO S3, PostgreSQL, MongoDB, Apache Hive, InfluxDB, Elasticsearch)
- Big Data Processing and stream processing: High-speed data processing, stream analytics, and distributed computing optimization (Apache Spark, Apache Flink, Hadoop MapReduce)
- Machine Learning & Data Analytics: Predictive modeling, automated feature engineering, and AI-driven anomaly detection (TensorFlow, PyTorch, Scikit-learn, Keras)
- Data Visualization: Interactive dashboards, real-time data visualization(Matplotlib, Seaborn, Plotly, Chart, D3.js)
- Real-Time & IoT: Edge computing, real-time event streaming, IoT sensor analytics, low-latency data transmission (Apache Kafka, MQTT, AMQP)
- Data Governance, Privacy, and Security: Secure data access, regulatory compliance, and privacy-preserving analytics (OPA, Keycloak, GDPR Compliance Tools, Data Encryption Techniques like RSA, ECC and ABE)
- Advanced Networking: The group specializes in cutting-edge research and development in advanced networking, focusing on the integration of Software-Defined Networking (SDN), next-generation 5G networks, and containerized services in cloud-native environments. With extensive experience in SDN-based strategies for efficient resource allocation, load balancing, and network optimization, the group investigates and develops scalable and resilient network architectures for modern applications.
Description
In a world where cyberattacks cost an estimated EUR 5.5 trillion annually, the need for robust cybersecurity has never been more critical. The EU-funded CERTIFAI project is rising to the challenge. Traditional conformity assessments fall short in today's fast-paced tech landscape, leaving products vulnerable to evolving cyber threats. CERTIFAI aims to revolutionise this approach with an open software framework that employs AI-driven continuous assessment and re-certification for ICT products and services. Leveraging the EU Cybersecurity Act’s requirements and standards, CERTIFAI ensures that certified products remain compliant throughout their lifecycle. This groundbreaking project promises a more secure and trustworthy digital landscape within the European Union, safeguarding both users and businesses from the ever-present cyber risks.Key Contributions
Within CERTIFAI, UBITECH designs and develops the AI-driven Certification Framework, implementing the agile cybersecurity conformance assessment methodology. The framework will enable checking the ratio of compliance based on the artefacts defined by the use cases and the evidence generated across various phases of the Software/System Development Life Cycle (SDLC) process involved in developing non-AI and AI-based ICT products and services. CERTIFAI framework provides a graph-based interface for defining the artefacts, a dashboard for displaying the evidence. It analyses the overall product or service compliance based on the guidelines and recommendations of the related standards and regulations, such as IEC 62443-4-1, IEC 62443-4-2, EC 62443-2-4 (IEC TS 62443-6-1 for its evaluation), EU Cyber Resilience Act and EU Artificial Intelligence Act.
Description
With the continuing explosive growth of the internet of things (IoT) and cloud-connected devices, so-called middleware is becoming ever more versatile and functional. Middleware is the bridge between the devices at the edge of a network and the cloud. The EU-funded CoGNETs project aims to impart a dynamic, intelligent and largely automated formation of IoT-to-cloud swarm continuums by the edge devices to respond to common AI and cognitive computing tasks. The project’s middleware will integrate a new, decentralised, federated, multi-context broker architecture. Enriched with game-intelligent agents, collaborative federated learning and end-to-end security mechanisms, it will enable energy optimisation and secure dynamic data and resource management across devices.Key Contributions
In CoGNETs, UBITECH builds new agent systems to enable autonomous decision-making abilities at the Edge and device level. The scope is to develop game strategies that will allow on-device “Pricing”, “Bidding”, “Auctioning” abilities via agent systems, which, in turn, will be the core Middleware components for data/resource/task management, sharing and optimisation. First of all, UBITECH will drive the formulation of a new auctioning framework of competitive bidding, considering two types of Price-Auction Pools for effectively combining bidding models (such as infinite-duration Kelly’s biddings, Richman biddings, Poorman biddings, Taxman biddings) which can dynamically execute the autonomous Game auctioning at scale. Secondly, UBITECH will formulate decentralized online game optimization strategies based on multi-player Blotto-type and/or Stackelberg-type stochastic asymmetric competitive game problems. Finally, UBITECH will transform these games into programmable Agent functions, enabling each swarm device's autonomous game-driven decision-making abilities.
Description
The push for European innovation and autonomy in computational infrastructure and chip design has led to many fruitful projects working to achieve this goal. Crucial among these is the EU Processor Initiative (EPI) that is working on the design and development of the first EU processor. The EU-funded AERO project aims to complement the efforts of the EPI project by developing the open-source software ecosystem required to not only improve the efficiency of the EPI hardware but also accelerate and ease the processor's integration into the cloud. Moreover, the project will enhance performance as well as energy and security efficiency, and facilitate and motivate user migration to the European cloud platform, infrastructure and ecosystem.Key Contributions
Within AERO, UBITECH's main activities have a two-fold focus: to bring up and optimize the AERO selected services for cloud management, deployment, monitoring, and orchestration; and to ensure interoperability with the software artefacts developed in other WPs for deployment on the AERO platform/EU cloud.
Description
Cloud computing is a centralised system. Fog computing is a distributed decentralised infrastructure that bridges the gap between the cloud and IoT devices. In the realms of cloud and fog computing brokerage, it’s important to introduce advanced methods and tools. This is the aim of the EU-funded NebulOus project. NebulOus will enable secure and optimal application provisioning and reconfiguration over the cloud computing continuum. Specifically, it will develop a novel Meta Operating System and platform for enabling transient fog brokerage ecosystems that seamlessly exploit edge and fog nodes. This will be in conjunction with multi-cloud resources, to cope with the requirements posed by low latency applications.Key Contributions
Within NebulOus, UBITECH is responsible for the definition and design specification of the service-oriented, modular NebulOuS platform architecture. The architecture will describe in detail the integration logic and interfaces between the involved components and services of the backend core horizontal NebulOuS components and services, along with the upper layer application logic and existing tools. Moreover, UBITECH drive the implementation of a secure network overlay that can quickly interconnect compute resources with one another, irrespectively of their physical location, in order to support the multi-cloud and cloud to edge vision of NebulOuS. UBITECH built upon the most recent advancements in the SDN/NFV mechanisms (Open vSwitch (OvS) or VPN gateways) and the IO Visor Project (e.g., XPD/eBPF), in order to provide support for fog deployments through a secure network overlay mechanism.
Description
While machine learning (ML) can lead to great advancements with respect to digital services and applications in the field of medicine, the training process based on real medical patient data is blocked by the fact that uncontrolled access to and exposure of such assets is not allowed by data protection legislation. The EU-funded PAROMA-MED project aims to develop novel technologies, tools, services and architectures for patients, health professionals, data scientists and health domain businesses so that they will be able to interact in the context of data and ML federations according to legal constraints and with complete respect to data owners rights from privacy protection to fine grained governance, without performance and functionality penalties of ML/AI workflows and applications.Key Contributions
Within PAROMA-MED, UBITECH is responsible for building the PAROMA-MED Application Platform, following a micro-service application architecture. PAROMA-MED is a distributed platform comprising various applications and services (application layer) and is deployed along federation partners and connected devices (device layer). Its main parts, the Hospital Platform and the Application Platform, enable the sharing of medical data and facilitate the execution and serving of analytics on top of encrypted and anonymised data applications.
Description
The EU-funded P2code project plans to develop an open platform for deploying and managing end-user applications over distributed, heterogeneous and trusted IoT node infrastructures. The envisaged platform integrating state-of-the-art IoT, edge/cloud computing and networking platforms will manage end-to-end environment resources according to end-user requests and application content. It will also accelerate development and deployment processes on large swarms of devices, split the application workload tasks efficiently into microservices and provide fast reconfiguration of required resources. Ultimately, the platform will provide IoT device and system authentication, data management and application deployment and guarantee integrity with respect to the deployed applications, the shared data and the generated data.Key Contributions
Within P2CODE, CSE drives the implementation of specific tools, such as the policy based rules engine, the creation of a distributed version of the rete algorithm and assistin on the programming tools developed within P2CODE, in specific with the creation of an IDE plugin.
Description
Malicious actions and adversarial attacks pose significant threats to AI applications and operations, making innovative solutions for AI protection critically necessary. The EU-funded cPAID project aims to research, design, and develop a cloud-based, platform-agnostic defence framework to safeguard AI applications and operations from these attacks. The project will address adversarial attacks such as poisoning and evasion by using AI-based defence methods and ensuring compliance with EU principles for AI ethics. In addition, the project will validate AI system performance in real-life scenarios and promote research to develop certification schemes that certify the robustness, security, privacy, and ethical excellence of AI applications and systems.Key Contributions
Within cPAID, UBITECH is responsible for the platform integration and validation, delivering the Cloud-based Platform-agnostic Adversarial aI Defence framework.
Description
CyberSuite offers a holistic cybersecurity framework to simplify the design, dimensioning, configuration, deployment and management of diverse cybersecurity services, providing advanced levels of security, privacy and trustworthiness for SMEs, into a single platform, directly targeted to fill the existing gap in the market, through an “easy-to-onboard” and “easy-to-deploy” cybersecurity services marketplace.Key Contributions
In CyberSuite, CSE undertakes the technical coordination and contributes in the integration of the CyberSuite solution. Moreover, UBITECH drives (i) the use cases definition and their specific requirements (ii) the use cases demonstration preparation, planning and evaluation framework of the reference scenarios and (iii) their actual demonstration and evaluation of the reference scenarios based on the efficacy and performance measurements collected. Last but not least, UBITECH acts as main provider of services and tools, offering: i) continuous cybersecurity risk assessment; ii) security services orchestration; iii) cybersecurity services policy-based deployment recommendation and management as well as iv) real-time monitoring and Complex Event Processing agents.
Description
Several fields, including health, athletics, video arts and behavioural ecology, need tools that perform motion capture, particularly in natural environments. The EU-funded GESTUS project addresses the needs of athletic trainers and movement physicians, creating a wearable device that integrates global navigation satellite system data, inertial measurement unit data and cloud-based data processing. It will enable easy remote monitoring and data sharing, initially targeting deep analysis during training of high level athletes and highly accurate home monitoring of degenerative neurological diseases, such as multiple sclerosis and Parkinson’s disease. The device will support both early diagnosis and monitoring of disease progression and treatment effects. For athletes, it will be a key element to optimise training sessions and prevent the risk of injury.Key Contributions
UBITECH will lead the design and the development of the cloud based GESTUS platform that will be used to aggregate the captured data and provide users with an easy to use dashboard
Description
The convergence of different technologies coming with their own vulnerabilities, such as Internet of Things (IoT), communication networks, Operating Systems (OS) and Artificial Intelligence (AI) systems open-up new attack fronts and shift the attackers’ interest to more sophisticated techniques. As technology advances in cyber defence services, military digital operations, and civilian safety applications along with the complexity of cyber risks, the need for automated cybersecurity assessments becomes increasingly important. The necessity for regular security testing, including penetration testing, has raised awareness of best practices and standards for such assessments. TRITON‘s vision is to overcome defence-specific obstacles associated to the automation of penetration tests, and fully automate the pre- and post- pentesting process adopting Markov chain Monte Carlo (MCMC) decision processes to discover hidden attack paths and the DevSecOps paradigm integrated with well-known pentesting frameworks (e.g., Kali Linux, Aircrack-ng, Metasploit, etc.) focusing on military Security Operation Centres (SOCs), web and heterogeneous cloud applications, telecom and wireless networks. It introduces the novel concept of Human-as-a-Security-Sensor (HaaSS), letting the operators of the automated penetration testing solution to monitor the progress, perform what-if analysis, predict future paths, and enforce controls through security policies. The key idea is to build a wide‐ranging manifold of novel tools and strategies that enable next‐generation ICT systems and networks with distributed devices, to perform automated and Artificial Intelligence (AI) driven security assessments at massive scale. TRITON is expected to realize its vision through generative AI and ethical attacks performed by Generative Adversarial Networks (GANs) and proactive risk assessments with optimal mitigation controls targeting code, firmware, networks, and ICT deployment environments.Key Contributions
CSE is responsible for the integration activities of the TRITON framework together with the completion of User Acceptance Testing (UAT).
Description
NITRO aims to contribute to and foster the creation of a 5G-IoT cyber range which refers to a specialized cybersecurity testing and training environment that focuses on simulating and evaluating the security of 5G networks interconnected with Internet of Things (IoT) devices and applications. NITRO will provide a controlled platform where cybersecurity professionals, researchers, and organizations can study, practice, and develop skills related to securing 5G mobile networks, IoT wireless technologies and their interconnection. Moreover, this project will examine and identify novel cascading attacks that can exploit the interdependencies between various devices, systems, and network elements in interconnected 5G and IoT networks leading to a domino effect of compromised systems. On top of these, NITRO will deliver a novel set of exercises that consider adversarial AI attacks and their detection, contributing in this way in this emerging interdisciplinary field of AI and cybersecurity. The consortium will leverage existing software, tools and methodologies towards the implementation of the platform software components as well as utilize existing cyber ranges available from the partners of the proposal and results from European funded projects to integrate and deliver a unique and - first of its kind - novel 5G-IoT cyber range.Key Contributions
UBITECH drives the delivery of integrated releases for the NITRO platform, aligning with established architecture and integration plans. In particular, UBITECH create a cyber range platform, and connects it with IoT testbeds emulating IoT devices to deliver a new system that will host the 5G-IoT cybersecurity exercises developed. At the same time, UBITECH drives the definition of attack and defence scenarios and training exercises for 5G-IoT networks, providing participants with hands-on experience in securing and defending complex, interconnected systems. These exercises are simulating real-world scenarios where various devices, sensors, and networks operate within a 5G-enabled environment.
Description
HEISINGBERG aims to bring the state-of-the-art spatial photonic spin simulators (incorporating an iterated cycle of all-optical processing through a spatial light modulator that couples 10,000 spins) into the quantum regime by upgrading its coherent drive to squeezed light, making it fully programmable through vector-matrix multiplication schemes, use of holography, ancillary spins & effective magnetic fields, and designing dedicated custom-tailored and purpose-built algorithms. The reduced fluctuations in one quadrature of the fields will allow us to scale up and optimize the performances beyond the capabilities of both classical supercomputers and competing spin-simulators. HEISINGBERG devices will operate 100,000 spins at room temperature and process new quantum annealing algorithms on an improved XY architecture. Besides, the nonclassical resources of squeezed states when modulated, admixed and phase-controlled through beam splitters, such as entanglement or superpositions of multiphoton states will be prospected to harness a quantum advantage and boost existing spin simulators into their quantum simulation regime. This development will stimulate the quantum information processing community by concretely articulating problems of algorithmic complexity and clarify the nature of the quantum advantage available in annealers and simulators. These advances will allow us to demonstrate, on a cloud platform, annealing and adiabatic algorithms that can efficiently solve NP-hard problems.Key Contributions
The CSE team leads the design, development, and integration of the cloud platform for the HEISINGBERG system, ensuring a scalable, secure, and resilient foundation for the Quantum Optical solutions delivered by the consortium.
Description
PUZZLE's goal was to design solutions that can be easily on-boarded by external cybersecurity providers and seamlessly adopted by end users. To this end, PUZZLE developed cybersecurity tools to enable even the smallest enterprises to monitor, forecast, assess, and manage their cyber risks. Specifically, the project tracked the relationships among the cyber assets of each small and microenterprise. Furthermore, it considered the available network and compute and storage infrastructures and used them to efficiently calculate individual, cumulative, and propagated risks, as well as recommend and apply mitigation actions.Key Contributions
Within PUZZLE, the CSE team UBITECH provided technical coordination, contributing to the successful delivery of the project. Additionally, CSE designed and implemented automated and semi-automated protection mechanisms for Kubernetes, reducing the complexity and burden of deploying the provided services for cybersecurity managers in SMEs and MEs.In addition we contributed to the design, development and integration of the Cyber Threats Data Modeling and Risk Assessment subsystem that identifies and tracks the relationships among the cyber assets of SMEs or ME, considering the available network, compute and storage infrastructure and use them to calculate individual, cumulative and propagated risks efficiently, as well as recommend and apply mitigation actions for tackling identified cyber threats.
Description
RAINBOW designed and developed an open and secured fog computing platform that advanced the management of extensible, diverse, and safe IoT services and cross-cloud applications. The project worked towards extending fog computing to its real potential by supplying the development, composition, data, and network management to reach secure end-user applications.Key Contributions
Within the RAINBOW project, CSE team led the technical coordination of the consortium while driving key technological advancements in novel orchestration models and security enablers for fog computing. UBITECH developed a fog orchestration framework built on top of widely used cloud management stacks, reimagining decentralised computing and networking algorithms for efficient resource provisioning, monitoring, and seamless management of IoT services and cross-cloud applications. Additionally, UBITECH introduced a “zero-configuration” overlay mesh network paradigm to ensure comprehensive security for both edge devices and the network. This included data protection, identity management, anonymity, and resource integrity across all network layers—from device to application—by designing a fog overlay mesh on top of the CJDNS secure routing protocol, enhanced with Direct Anonymous Attestation (DAA) and Control Flow Attestation (CFA) mechanisms.
Description
Nowadays, the increasing pervasiveness of data and computing results in the proliferation of edge applications for timely and effective processing of data and advanced analytics. However, as the available data grows, new solutions are needed to ensure a fluid integration of resources to support dynamic, data-driven application workflows. In that direction, the EU-funded DataCloud project introduces a groundbreaking paradigm with a complete life cycle managing Big Data pipelines through discovery, design, simulation, provisioning, deployment and adaptation across the computing continuum. It will allow Big Data pipelines to interconnect the end-to-end industrial operations from the preprocessing and collecting of data to the realisation of a business target. DataCloud will make Big Data advancements more accessible regardless of hardware.Key Contributions
Within DataCloud, UBITECH has implemented the Flexible and Automated Big Data Pipeline Deployment tool (DEP-PIPE). DEP-PIPE provides means for orchestrating the entire pipeline deployment process. It adaptively responds to significant changes in the pool of available resources during pipeline execution and identifies provisioned resources that do not deliver good performance for a given task in the pipeline. DEP-PIPE replaces low-performing resources, such as VMs or containers that no longer meet SLO requirements, or reconfigures existing ones (for example, increasing the number of CPUs to a VM running a message queue broker) to mitigate the negative effects of infrastructure drift in the Computing Continuum.
Description
High-performance computing (HPC) is at the core of major advances in the massively connected digital economy. Thanks to exascale computing – the capability to perform quintillion operations per second – networking and computing will drive societal and scientific advances. The EU-funded REGALE project will pave the way for next-generation HPC applications to exascale systems. Bringing together key stakeholders, academics, top European supercomputing centres and end users from various sectors, the project will define an open architecture. It will also build a prototype system that can equip supercomputing systems with the mechanisms and policies for effective resource utilisation. REGALE will assist in maintaining Europe’s leading position in the use of HPC-powered applications.Key Contributions
Within REGALE, UBITECH extended its OLISTIC Graph-based Risk Assessment Framework to scale its performance, which critically depends on the number of assets, the number of online sources for analysis and network traffic. In particular, UBITECH developed data analytics methods for risk assessment at scale, focusing on machine-learning models training to analyse online sources and network data analysis, and the efficient calculation of attack paths over complex graphs.
Description
The EU-funded ELEGANT project aims to develop a novel software solution that addresses key challenges facing IoT and Big Data: interoperability, reliability, safety and security. Some of the key innovations of the proposed framework are lightweight virtualisation, automatic code extraction compatible with IoT and Big Data frameworks, intelligent orchestration, dynamic code motion and advanced code verification and cybersecurity mechanisms. These should enable the seamless operation of end-to-end IoT/Big Data systems. To achieve its goal, the project will gather a consortium of experts on low-level system software, IoT, Big Data, AI-assisted scheduling and DevOps.Key Contributions
Within ELEGANT, UBITECH led the implementation of cross-cutting development and management tools, incorporating an IDE plugin, IntelliJ IDEA, and a web-based dashboard for the NebulaStream data streams processing engine, which assists Big Data application developers in using ELEGANT. Additionally, we redesigned and implemented a highly scalable video analytics solution based on NebulaStream.
Description
The increasing use of cloud-based healthcare services is throwing the spotlight on risks related to patient privacy. These are risks that advances in cryptography can address. The EU-funded ASCLEPIOS project will increase and strengthen users’ trust in cloud-based health services, securing the maintenance of corporate and personal sensitive data. The solution will use novel cryptographic methods to establish a cloud-based eHealth structure that preserves users’ privacy and prevents internal and external attacks. ASCLEPIOS will allow users to control the integrity of their medical devices before using them and receive certain guarantees about the reliability of the cloud service provider. It will also allow healthcare professionals and medical researchers to calculate medical data statistics in a privacy-protecting way.Key Contributions
Within ASCLEPIOS, the UBITECH R&D team implemented all the necessary middleware for declaring and enforcing context-aware policy enforcement rules (ABAC) and attribute-based encryption (ABE) policies in modern healthcare systems.
Description
Advances in ICT, the increasing use of devices and networks and the digitalisation of several processes is leading to the generation of vast quantities of data. This rich data environment affects policymaking: Cloud environments, big data and other innovative data-driven approaches for policymaking create opportunities for evidence-based policies. The EU- funded PolicyCLOUD project will deliver an integrated cloud-based environment for data-driven policy management. The environment will provide decision support to public authorities for policy modelling, implementation and simulation through identified populations, as well as for policy enforcement and adaptation. It will ultimately pave the way for an entire ecosystem of stakeholders contributing, producing, processing and using policy-related data assets. Citizen participation will also be ensured exploiting techniques for incentives management.Key Contributions
Within PolicyCLOUD, UBITECH led the conceptualization and implementation of the Data Governance Model (based on RACI) to govern the complete data lifecycle (e.g. who has access, to which data, etc.) using ABAC, in order to ensure access of specific stakeholders to specific data at specific points in the lifecycle.
Description
The collection of data, which is as old as book-keeping, has undergone a remarkable transformation. The rise of information technology has created new opportunities to collect and analyse. Europe’s presence and potential value in the data economy is growing strong but also requires trusted, secure and ethically-driven personal data platforms and privacy-aware analytics methods. The EU-funded DataVaults project is responding to these needs. It is developing a framework and a platform that has personal data coming from diverse sources in its centre, and that defines secure, trusted and privacy preserving mechanisms. This allows individuals to take ownership and control of their data and share them at will, through flexible data sharing and fair compensation schemes with other entities.Key Contributions
Within DataVaults, UBITECH led the platform integration as well as the implementation of the Risk Management Monitor, which is a service that offers near real-time monitoring and evaluation the privacy risks of an individual, the Privacy Metrics Dashboard, which displays the information coming out of the Risk Management Monitor service and gives to each individual a clear and comprehensive view of their current and privacy exposure degrees, and the lightweight Edge Analytics Engine, responsible for running analytics at the edge, in case maximum privacy is necessary and there is only a request to share insights that can be generated in the user’s device.
Description
The eHealth4U project focused on successfully implement a Cyprus EHR thus a) improving the communication between private and public sectors, primary and secondary/tertiary care, b) increasing patients’ empowerment and patients’ education, c) enabling clinical audit and clinical guidelines introduction, d) avoidance of duplication of tests, abuse and corruption, e) increasing patient safety via reduction of medical errors or incomplete health record. In particular, eHealth4U intends to realize a well-designed and prosperous healthcare system in Cyprus by incorporating a successful and integrated EHR platform, as an operational and functional entity, making all involved stakeholders from the quadruple helix (research centres, higher education institutions, enterprises, policy makers, and other interested organisations) to collaborate closely and have clear and converging targets. Indeed, through eHealth4U, for the first time at a national level in the healthcare sector, entities from all main stakeholders that are needed for the development of a complete EHR platform have aligned their interests with the national strategies of the Ministry of Health and structure a very promising path for the future of healthcare in the island.Key Contributions
Within eHealth4U, UBITECH defined a data privacy framework to guarantee full compliance with existing legal and ethical rules on a European and national level. The data privacy framework will guarantee that data are processed in anonymous form wherever possible. Where anonymous processing is not possible for scientific reasons the data processing will be based on an appropriate legal basis, be it the patient’s explicit informed consent, be it an applicable legal rule in the national data privacy and protection regulation. Moreover, UBITECH developed the eHealth4U Semantic EHR Model that encompasses a lightweight ontological model, which will consist of a set of core concepts and their relationships, and implemeted a FHIR based consent managment mechanism
Description
SecureIoT secures the next generation of dynamic, decentralized IoT systems implementing predictive security services, comprising security building blocks at both the edge and the core of IoT systems, providing implementations of security data collection, security monitoring & predictive security mechanisms, offering integrated services for risk assessment, compliance auditing against regulations & directives (GDPR, NIS, ePrivacy), and support to IoT developers based on programming annotations.Key Contributions
Within SecureIoT, UBITECH R&D team provided a significant contribution in the IoT security and privacy modelling, introducing the programming model for supporting secure IoT programming based on annotations that enable the deployment and enforcement of XACML-compliant IoT security and privacy policies across various policy enforcement points (device, edge/fog, core/cloud). Additionally, UBITECH led the implementation of Risk Assessment and Mitigation Services that utilise NIST’s Common Vulnerability Scoring System, taking into account forecasts of the probability, vulnerability level, and criticality of a risk, as well as its likelihood and impact, to compute a normalised “likelihood” factor.
Description
UNICORN simplifies the engineering & management of secure- & elastic- by design multi-Cloud services, achieved by software libraries that provide security enforcement mechanisms, data privacy restrictions, monitoring metric collection & resource management across multiple Clouds; enabling continuous orchestration & automatic optimization of Cloud services running on virtual instances or micro-execution containers for increased security, data protection privacy & vast resource (de)allocation.Key Contributions
Within the UNICORN project, UBITECH served as the technical lead, guiding the project's research and technological direction. UBITECH led the design of a multi-cloud framework for service engineering, orchestration, deployment, and continuous management, enabling developers to embed privacy-by-design and elasticity-by-design principles and optimise resource allocation at both design-time and runtime without manual configuration. UBITECH also implemented core components of the platform, including tools for policy validation, application packaging, and deployment using virtual images and open cloud topology blueprints. The UNICORN Smart Orchestrator managed application instantiation across general-purpose and unikernel-based multi-cloud environments, while the Auto-Scaling Service supported fine-grained horizontal and vertical scaling. Additionally, a Continuous Risk, Cost, and Vulnerability Assessment module enabled automated security testing, risk analysis, and compliance evaluation across distributed cloud environments.
Description
PrEstoCloud provides a dynamic, distributed, self-adaptive and proactively configurable architecture for processing Big Data streams, sensing the need for adapting data-intensive services proactively; defining on-the-fly the most suitable changes in the real-time processing and offloading of processing tasks at the extreme edge of the network; predicting reconfigurations in the underlying Cloud computing infrastructure resources; and optimising continuously the infrastructure performance.Key Contributions
Within the PrEstoCloud project, UBITECH served as the technical integration lead, guiding the project’s R&D activities and driving the design of the PrEstoCloud Self-adaptive Real-time Big Data Processing Framework. UBITECH contributed to defining a semantic and extensible model that maps Big Data processing types, application fragmentations, distribution constraints, and workload requirements. UBITECH also played a key role in implementing the control layer and cloud-edge communication components. These included the Autonomic Resources Manager for dynamic resource monitoring and management across cloud and edge; the Autonomic Data-Intensive Application Manager for scheduling and orchestrating distributed application fragments; the Spatio-Temporal Processing Mechanism for geo-aware resource handling and network congestion detection; the Security Enforcement Mechanism for fine-grained access control across layers; and the Inter-site Network Virtualization Orchestrator for secure orchestration of virtualised resources across multi-cloud environments.
Description
ANASTACIA delivers a trustworthy-by-design security framework that enables inherited trust and security for Cyber Physical Systems, incorporating a security development paradigm based on the compliance to security best practices; a set of distributed trust & security components & enablers; and a Dynamic Security & Privacy Seal, combining security & privacy standards, real time monitoring & online testing providing quantitative & qualitative run-time evaluation of privacy risks & security levels.Key Contributions
Within ANASTACIA, UBITECH undertakes the technical integration lead of the project’s R&D activities, while UBITECH R&D team heavily contributes and leads the technological choices towards the definition and design of a trustworthy-by-design autonomic security framework that allows testing, validating and optimizing security, from design to deployment and maintenance and relies on diverse enablers to dynamically orchestrate and deploy user security preferences, facilitate the deployment of local agents, and enforce security in heterogeneous scenarios including those based on SDN/NFV and Internet-of-Things networks. Moreover, UBITECH significantly contributes towards the implementation of the autonomic plane components, which provides the ANASTACIA trustworthy-by-design security framework with intelligent and dynamic behavior. UBITECH is mainly involved in the implementation of (a) the security enforcement manager that analyses the reaction outcome and oversees the interactions among objects and components in order to ensure that security requirements defined in high-level policies are met, performing resilient control of compromised or threatened components, and controls of interactions among objects and users to ensure that the security requirements of legacy systems and IoT controls are met; and (b) the security orchestrator that organizes the resources to support the required enforcement, mapping source-code metadata security properties to configuration and infrastructural requirements by communicating with NFV orchestrators, the control plane of the framework (either SDN controllers, or IoT controls), and legacy network functions.
Description
PaaSword focuses on the development of Cloud Security technologies & on the implementation of an encrypted & physically distributed persistence as a Platform-as-a-Service capability for Cloud-enabled apps & services, introducing a holistic data privacy & security by design framework enhanced by context-aware policy access models and robust policy access, decision, enforcement and governance mechanisms, which will enable the implementation of secure and transparent Cloud-based apps & services.Key Contributions
Within the PaaSword project, UBITECH served as the technical lead, guiding research activities and driving the design of a holistic, security-by-design framework for cloud-based application development. The framework enabled developers to integrate data protection and privacy features directly at design time, ensuring secure and transparent cloud services. UBITECH led the definition of a context-aware access control model and implemented an XACML-compliant security framework for declaratively defining policies, allowing developers to annotate Data Access Objects (DAOs) with fine-grained access rules. Additionally, UBITECH developed the complete policy decision and enforcement middleware, supporting policy modelling, annotation management, dynamic rule interpretation, and real-time enforcement within cloud applications.
Description
PaaSport project focuses on resolving the data and application portability issues that exist in the Cloud PaaS market through a flexible and efficient deployment and migration approach PaaSport will combine Cloud PaaS technologies with lightweight semantics in order to specify and deliver a thin, non-intrusive Cloud-broker (in the form of a Cloud PaaS Marketplace), to implement the enabling tools and technologies, and to deploy fully operational prototypes and large-scale demonstrators.Key Contributions
Within the PaaSport project, UBITECH introduced the concept of Semantically Interoperable PaaS Solutions—cloud platform services capable of overcoming semantic incompatibilities to enable seamless application deployment and migration across PaaS offerings with different data models and APIs, yet sharing similar technological foundations. UBITECH led the implementation of CAMP-compatible adapters to support key operations, including deployment, undeployment, start, stop, and migration of applications across heterogeneous PaaS environments. Additionally, UBITECH utilised its corporate cloud infrastructure, including OpenStack and CloudStack deployments, to host demonstrators and validate the business value of PaaSport's concepts and tools.Maestro DevOps Framework for Cloud-native Applications:
Maestro is an advanced DevOps framework for cloud orchestration and dynamic resource management. It offers a dashboard that enables the design, deployment, and management of cloud-native, containerized components across both public and private cloud environments, and tools for integrating edge resources. The main features of Maestro include:
- Graph-Based UI & Developer Self-Service: Maestro features a graph-based user interface for interconnecting service templates, fostering collaboration between developers and DevOps teams. It supports a self-service developer experience following the Internal Developer Platform (IDP) approach. Services can be deployed, managed, and monitored via the Maestro orchestrator views. Advanced automation capabilities are enabled through custom elasticity policies ranging from standard horizontal scaling to scaling based on AI-driven predictions (developed in the HYDRA project), and intelligent MAPE-K loop-based reconfigurations.
- Multi-Architecture & Kubernetes Support: The platform supports a wide range of deployment targets, including various Kubernetes distributions (K8s, K3s) and CPU architectures (x86, ARM — e.g., Raspberry Pi, and RISC-V — e.g., StarFive boards). Currently under compatibility testing with the SiPearl processor, part of the European Processor Initiative (EPI), through the AERO project.
- Support for Big Data & Serverless Workloads: Maestro enables the deployment of diverse containerized services, including big data pipelines and serverless applications. Serverless support is integrated via Knative, offering scalable configurations for both serverless (via Knative Pod Autoscaler - KPA) and non-serverless workloads (via Horizontal Pod Autoscaler - HPA). Scalability can be tuned based on runtime metrics such as concurrency and request rate, or CPU and RAM usage, and adjusted dynamically via a user-friendly UI.
- Built-In Security & Fine-Grained Controls: Security is a core component of Maestro. It includes built-in security policies to protect deployed services. Its native integration with the Security Manager (developed under the CyberSuite project) provides fine-grained protection and automated mitigation actions for both applications and the Kubernetes cluster.
- Cross-Region Networking & Dynamic Resource Management: Maestro supports cross-region networking through its ONM module and enables dynamic resource management. This facilitates secure and trusted use of transient resources in any Kubernetes-based deployment, offering a truly distributed and ubiquitous application deployment paradigm.
Supporting Technologies: Docker, Grafana, Prometheus, Cillium,Kubernetes, K3s, Knative, Java, Quarkus
Cloud Native Security and Privacy Manager (SPM)
The Security and Privacy Manager is a key research artifact designed to enforce access control policies and ensure compliance within cloud-native environments. It provides a robust policy management system that integrates seamlessly with OPA Gatekeeper, allowing for fine-grained security governance across distributed Kubernetes (k8s) and lightweight Kubernetes (k3s) clusters. This component enables policy creation, modification, and enforcement, ensuring that access control and security rules are consistently applied across managed cloud infrastructures.
From a technical perspective, the Security and Privacy Manager is implemented as a backend service in Java, leveraging Java 17 and the Quarkus framework for high-performance execution. It supports two operational modes: a) the Client Mode that communicates with policy agents deployed within the clusters to handle policy operations (Create/Read/Update/Delete); and b) the Agent Mode that functions as a policy gatekeeper itself, integrating with other deployed policy agents to enforce security policies dynamically. It incorporates OPA Gatekeeper library, with additional customizations tailored for KubeVela and the Open Application Model (OAM) to enhance policy enforcement in modern cloud-native architectures.
This research artifact has been developed within the NebulOuS framework, supporting secure orchestration in cloud-edge continuum environments. It has potential applications in enterprise security, cloud governance, DevSecOps, and regulatory compliance, making it valuable for industries requiring strict security enforcement and policy-driven access control.
Gitlab Link: https://github.com/eu-nebulous/security-manager
Whitepaper: An Implemented Architecture for a Meta Operating System Managing Distributed Applications across Heterogeneous Resources
Cloud Native Logging Stack
The EFK Logging Stack provides real-time log collection, indexing, and visualization, making it essential for monitoring, troubleshooting, and security analysis in cloud environments. It consists of Elasticsearch for log storage and search, Fluentd for log collection and forwarding, and Kibana for visualization and analysis.
Packaged as Helm charts, the stack is easily deployable in Kubernetes clusters. By default, Fluentd collects logs within the same cluster, but it can be configured to aggregate logs from multiple clusters into a centralized Elasticsearch instance. This ensures scalable and efficient log management across distributed infrastructures.
Fluentd processes and enriches logs before forwarding them, while Kibana provides an interactive interface for log analysis and alerting. The EFK stack enhances cloud observability, DevSecOps workflows, and compliance auditing, ensuring high operational visibility and security in modern deployments.
Overlay Network Manager (ONM ) for CNI/Kubernetes
The Overlay Network Manager (ONM) is a research artifact developed as part of the Nebulous project, designed to provide secure and efficient communication and connectivity among compute resources in both virtual and physical environments. The system is based on WireGuard VPN protocol in order to create encrypted Layer-3 tunnels among distributed network nodes aiming to secure intra-cluster communication within Kubernetes deployments. The system is capable of establishing VPN networks on demand (dynamically) connecting distributed nodes (VMs or bare-metal devices), and maintaining encrypted communication for the entire cluster (ONM also supports multicluster communication).
Also, the ONM supports large-scale deployments considering devices behind NAT or Firewalls. To this end, the system utilizes the Headscale/Tailscale solution to simplify NAT traversal and automate the complex configurations of secure connections in large-scale deployments. This aspect in combination with custom-based CSE implementation enables the dynamic creation of VPN networks connecting multiple compute resources with minimal manual intervention.
Overall, the solution automatically configures nodes, automatically configures nodes, ensuring that devices, whether located in testbeds or remote environments, can securely communicate without complex manual setup. This dynamic, on-demand VPN network ensures that Kubernetes clusters can maintain secure, encrypted pod-to-pod communication across nodes, regardless of their physical location. Future enhancements to the ONM will include support for post-quantum cryptography to future-proof the network infrastructure against emerging threats posed by quantum computing.
Gitlhub Link: https://github.com/eu-nebulous/overlay-network-manager
PUZZLE & C-SHIELD: Threat detection & Mitigation
CSE group develops and implements solutions for threat detection and mitigation in cloud-native environments. We target to cover the vulnerabilities arising from the increasing complexity of modern cloud networks, securing dynamically containerized systems and distributed infrastructures that require real-time monitoring and rapid response capabilities. We use cutting-edge technologies, aiming to provide scalable, automated mechanisms that can effectively detect cyber threats, analyze their behavior, and mitigate their impact before they cause significant damage to the cloud system. The main goal is to ensure continuous protection across microservices, containers, and virtualized networks, enabling secure and resilient cloud-based infrastructures.
Our current technical expertise is based on the integration of state-of-the-art open source solutions and tools to detect cybersecurity threats in real time within cloud deployments. In addition to these tools, we employ custom-based strategies and security policies that are built around centralized monitoring and management. PUZZLE solution (developed in the scope of PUZZLE H2020 project) is based on Cilium and the usage of eBPF technology, to offer highly efficient runtime policies to protect Kubernetes deployments.
In addition, C-SHIELD solution goes even further with the integration of multiple observability and detection options such as Tetragon, Hubble, Suricata, Wazuh and Netdata along with AI to offer even broader detection and mitigation capabilities. Tetragon to monitors system-level interactions within containers, identifying suspicious behaviors such as unauthorized access or privilege escalation. Hubble and Cilium provide deep visibility into network flows, enabling the detection of anomalous traffic and potential vulnerabilities in service-to-service communication. Suricata serves as a high-performance IDS/IPS, inspecting network traffic for known attack patterns and providing immediate alerts for suspicious activities. Wazuh aggregates log data from multiple sources, continuously analyzing it for signs of attacks, such as file integrity violations, while Netdata monitors system metrics to identify performance anomalies that may indicate a cyber threat.
Once threats are detected, we employ a combination of real-time mitigation techniques. Through SDN technology, dynamic network segmentation or the establishment of access control rules can isolate compromised services and prevent the spread of attacks. For example, Cilium enforces fine-grained network policies to limit lateral movement within the system, while Wazuh and Suricata can automatically trigger actions like blocking malicious IPs or quarantining affected files. At this stage of our research, we integrate the advancements of these tools to collect data for training AI models, which will enable automated decision-making. The main goal is to minimize the impact of security incidents while maintaining a proactive security posture across complex, distributed environments.
Group Leader
Giannis Ledakis (Senior Researcher & Software Engineer, Group Leader)
Expertise: Cloud computing, Software engineering, Cybersecurity, System Design, Microservices, Integration, CICD, DevOps, DevSecOps
Short Bio
Ioannis Ledakis is a Senior Research Engineer, working as Team Leader in Computing Systems & Software Engineering (CSE) Research Group at UBITECH Ltd. He participated in commercial projects but also in European and National R&D programs, where he contributed from both technical and managerial perspectives. Through these projects he has collected valuable experience in many state-of-the-art technologies in various ICT fields, including Cloud Computing, Virtualization, Microservices, and Cybersecurity. He graduated from the department of Computer Engineering and Informatics of the University of Patras.
[LinkedIn] [Google Scholar] [ORCID]
Key Team Members
Konstantinos Oikonomou (Full Stack & Research Software Engineer)
Expertise: Edge/Cloud Computing, System integration, Backend development, Identity management
Short Bio
Konstantinos Oikonomou is a Full Stack & Research Software Engineer, working in the Computing Systems & Software Engineering (CSE) Research Group at UBITECH Ltd since 2020. He has a long experience in both commercial and research projects, including H2020, since 2016 both in the role of software engineer and project manager. He received his diploma in Electrical and Computer Engineering from the University of Patras and his Master of Science in Advanced Software Engineering with Management from King’s College of London.
[LinkedIn] [Google Scholar] [ORCID]
Nikos Papageorgopoulos (Senior Researcher & Software Engineer)
Expertise: Big Data, AI, Analytics, LLMs, Cloud computing
Short Bio
Software developer with a strong background in technical systems, research, and industry insights, particularly in maritime sectors such as e-navigation and freight derivatives. My expertise lies in designing and implementing data-driven solutions to address complex challenges. Holding an MSc in Big Data and Analytics, I am passionate about leveraging advanced analytics and innovative technologies to drive efficiency and informed decision-making in the industry
[LinkedIn] [Research Gate] [ORCID]
Vasileios Matsoukas (Research & Development Software Engineer)
Expertise: Software Engineering, Cloud Computing, Data Science & Machine Learning
Short Bio
Vasileios Matsoukas is a Research & Development Software Engineer, working in the Computing Systems & Software Engineering (CSE) Research Group at UBITECH Ltd. He is contributing to research projects and production-grade software solutions, while being a core maintainer of MAESTRO. Through his work, he has gathered strong expertise across the full software development lifecycle including full-stack development, DevOps automation, cloud-native solutions, and the application of data-driven techniques and machine learning to real-world challenges. Vasileios holds an Honours Diploma in Electrical and Computer Engineering from the Aristotle University of Thessaloniki (2020).
[LinkedIn] [Google Scholar] [ORCID] [Research Gate]
Sarantis Kalafatidis (Senior Researcher & Software Engineer)
Expertise: Cybersecurity, Computer Systems and Networks Engineering
Short Bio
Sarantis Kalafatidis received his Ph.D. degree from the Department of Applied Informatics, University of Macedonia, Thessaloniki, Greece, in 2023 and also holds a MSc Degree in Applied Informatics from the same University. He investigates research problems related to cyber security, efficient resource allocation and load balancing for 5G and beyond networks in both data center and Smart-City network environments. He participated in various international research projects, such as SANCUS (H2020), NECOS (H2020) and FED4FIRE+ OC9 (H2020)
[Google Scholar] [ORCID] [Research Gate] [IEEE]
Dr. Andreas Karkatoulis (Research Projects Delivery and Fundraising Manager)
Expertise: Hyperspectral imaging, Optical Sensing, Applied Physics, Chemometrics and Data Science
Short Bio
Dr. Andreas Karkatoulis holds a PhD in Physics (2015) from the Institute of Electronic Structure and Lasers (IESL) of the Foundation for Research and Technology - Hellas (FORTH). He completed his doctoral research in the area of chemical imaging and molecular spectroscopy under the Initial Training Network “Imaging and Control in Chemistry” as a Marie Curie Early Stage Researcher. During his postdoctoral and professional career, he conducted research in areas spanning agrifood technology, biotechnology and medical imaging by using hyperspectral imaging, optical sensing, chemometrics and data science. He received various awards and fellowships such as a Marie Curie Research Fellowship and was selected as Young Transatlantic Innovation Leader (YTILI 2017) by the US State Department and The German Marshall Foundation.
[LinkedIn] [Google Scholar] [ORCID]
Anthony Villios (Full Stack Software Engineer)
Expertise: Edge/Cloud Computing, Frontend development, Backend Development
Short Bio
Anthony Villios is a dedicated software engineer from Piraeus, Greece, born in 1996. He holds a Bachelor's degree in Computer Science from Harokopio University. His diploma thesis was an analysis of the internet of things (iot) ecosystem from the perspective of device functionality, application security and application accessibility. Currently pursuing a Master's degree in Cloud and Edge Systems and Applications in Harokopio University of Athens. Since 2019, he has been working professionally as a software engineer, specializing in full-stack development with a focus on banking and European-funded projects. Passionate about solving complex problems and building efficient, scalable solutions, Anthony is committed to clean code, continuous innovation, and leveraging cutting-edge technologies to deliver high-quality software. In 2023, he joined Ubitech as a member of the Computing Systems & Software Engineering (CSE) Research Group.
Antonis Garyfallou (Full Stack Software Engineer)
Expertise: Cloud Computing, Backend Development, Frontend Development
Short Bio
Antonis Garyfallou was born in Athens, Greece, in 1997. He received his Diploma in Informatics and Telematics from Harokopio University of Athens in December 2022. His diploma thesis in the field of Software Engineering, titled "Obstacle Detection from Sensor Data for UAVs," was partially published in the Proceedings of the Future Technologies Conference (FTC) 2022, Volume 1. The work focused on leveraging algorithms and machine learning techniques for path planning and obstacle avoidance, enabling UAVs to navigate from a starting point to a destination while identifying and avoiding obstacles via optimal routes. In 2025, he earned his Master of Science (M.Sc.) in Web Technologies and Applications from Harokopio University of Athens. His Master’s thesis involved evaluating the application of Large Language Models for the analysis of Government Gazette documents. Since 2023, he has participated in various software projects, including work on Tactical Data Links, serving as a Software Engineer and Full Stack Developer. In 2024, he joined Ubitech as a member of the Computing Systems & Software Engineering (CSE) Research Group.
[LinkedIn] [Google Scholar] [ORCID]
Recent Highlights
Our team contributed to various publications and standardization efforts. Indicatively,
- we have led the design and definition of “DIN SPEC 91337” specification ( “Unified Application Management Interface for Cloud Application Platforms”): https://www.en-standard.eu/din-spec-91337-unified-application-management-interface-for-cloud-application-platforms-only-on-cd-rom/
- the team members participated in the committee of CAMP specification (https://www.oasis-open.org/standard/camp-1-2/)
- we have led the publication of the ICT (Information and Communication Technologies) standardization in data driven policymaking white paper: https://www.standict.eu/white-paper-cloud-data-driven-policy
- Contributed to the book “Personal Data-Smart Cities: How cities can Utilise their Citizen's Personal Data to Help them Become Climate Neutral”: https://www.riverpublishers.com/research_details.php?book_id=1033
Collaboration & Partnerships
Academic & Research:
- Fraunhofer (Germany)
- Eurescom (Germany)
- University of Rennes (France)
- INRIA (France)
- SINTEF (Norway)
- NTNU (Norway)
- Tampere University (Finland)
- UNIMAN (UK)
- University of Cyprus (Cyprus)
- ICCS (Greece)
- FORTH (Greece)
- CERTH (Greece)
- ATHENA (Greece)
- UPRC (Greece)
Industry:
- ATOS (Spain)
- Ericsson (Italy)
- TECNALIA (Spain)
- Red Hat (Israel)
- SiPearl (France)
- Netcompany-Intrasoft
- Montimage (France)
- Suite5 (Cyprus)
- Thales (France, Austria)
For collaboration opportunities and other inquiries, contact us at [email protected]
