Events

Workshop

The annual Cyber Security Next Generation workshop in the Netherlands (supported by ACCSS) aims to contribute to a stronger and more connected cyber security research community in the Netherlands. Seize this excellent opportunity to share ideas, experiences, and information, on the diverse topics of cyber security. Both researchers and practitioners working within the field of cyber security are cordially invited to join.

The 10th edition of this workshop will be held on the 22nd of November, 2024. The event will take place at Bar BETON, Utrecht Central Station: Stationhall 2-9 (1st floor).

As in previous years, the program committee is soliciting abstracts describing work on cyber security. The workshop also encourages the submission of interdisciplinary work on cybersecurity from related fields, including but not limited to all fields of criminology, law, economics, and psychology. All PhD and MSc students are encouraged to submit a one-page abstract in pdf format, including authors' names, affiliations and e-mail addresses. Submission is done by easychair: https://easychair.org/conferences/?conf=csng2024

Registration
Registration is free but appreciated: https://www.aanmelder.nl/160608. Please let us know if you cannot attend.

Important Dates

- Abstract submission deadline: November 7: extended to November 11

- Notification of acceptance: November 14

- Registration deadline: November 18 (EoD)

- Workshop date: November 22

Participation

Participation is free of charge; however, registration is required. Register here!

Program

12:00 - 12:45 Registration and Lunch
12:45 - 13:45 Keynote
13:45 - 15:15 Afternoon talks
15:15 - 16:00 Coffee and Poster session
16:00 - 16:45 BCMT candidate talks and Award ceremony
16:45 - 17:00 ACCSS Ceremony
17:00 - 18:00 Drinks and Networking

Keynote

Speaker: Dr. Riccardo Lazzeretti

Title: Securing the Virtual Realm: An Analysis of Extended Reality Devices and Applications

Extended Reality (XR) technologies are driving a digital revolution, moving beyond 3D visuals to applications in entertainment, education, healthcare, and more. As the metaverse emerges, XR offers transformative possibilities—from assisting astronauts to enabling the hearing-impaired to "see" conversations through subtitles. XR devices are versatile in their functionality, equipped with an array of advanced sensors, communication capabilities, and hardware specifications. As these technologies evolve, our perception of reality seamlessly blends with the virtual world. However, the exponential growth of these technologies raises concerns about whether these devices are secure and the users' sensitive information is kept private.

In this talk, we’ll address the unique risks associated with XR devices—such as potential data breaches involving highly personal information—and the importance of building secure, privacy-centric frameworks as we develop and deploy XR solutions. By understanding these risks and proactively addressing them, we can harness XR’s potential in a responsible and ethical manner, creating digital spaces that are as safe as they are innovative.

Biography
Dr. Riccardo Lazzeretti is an associate professor of engineering in computer science at Sapienza University of Rome, Italy.

His research focuses on security and privacy, particularly the Internet of Things and applied cryptography. Lazzeretti received his PhD in Information Engineering from the University of Siena, Italy. Then, he worked as a post-doc at the Universities of Siena, Padua, and Sapienza. He is a Senior Member of IEEE and associate editor of IEEE Transaction on Information Forensic and Security (TIFS), Elsevier Journal of Information Security and Applications (JISA), and Elsevier Computer Networks (COMNET). He regularly publishes at top-tier security venues and serves on the program committees of security conferences, among which are Usenix Security and ACM CCS.

Afternoon Talks
13:45-14:15: Ruling the Unruly: Network Intrusion Detection Rule Design Principles for Specificity and Coverage to Decrease Unnecessary Workload in SOCs;Koen Theodora Wilhelmina Teuwen, Tom Mulders, Emmanuele Zambon and Luca Allodi
14:15-14:45: Oraqle: A Depth-Aware Secure Computation Compiler; Jelle Vos, Mauro Conti and Zekeriya Erkin
14:45-15:15: Quantifying Risk in the Kill-Chain: Automating Threat Prioritization for Kubernetes Clusters; Stefano Simonetto and Peter Bosch

BCMT award ceremony

16:00 - 16:20: Ioana Marin, Nicola Zannone, Luca Allodi: "The Influence of Personality Traits on the Intention to Report Phishing E-mails"
16:20 - 16:40: Sander Wiebing, Cristiano Giuffrida: "InSpectre Gadget: Assessing the Exploitability of Disclosure Gadgets through Characterization"
16:40 - 16:45: Award ceremony

Accepted posters

Organizing Committee
Abhishta Abhishta (University of Twente)

Zeki Erkin (Technical University of Delft)

9th Annual Cyber Security Next Generation Workshop

Workshop

The annual Cyber Security Next Generation workshop in the Netherlands (supported by ACCSS) aims to contribute to a stronger and more connected cyber security research community in the Netherlands. Seize this excellent opportunity to share ideas, experiences, and information, on the diverse topics of cyber security. Both researchers and practitioners working within the field of cyber security are cordially invited to join.

The 9th edition of this workshop will be held on the 22nd of November, 2023, at the Centrum voor Veiligheid en Digitalisering (CvD) building, Apeldoorn (Wapenrustlaan 11).

As in the previous years, the program committee is soliciting abstracts describing work on cyber security. The workshop also encourages the submission of interdisciplinary work on cybersecurity from related fields, including but not limited to all fields of criminology, law, economics, and psychology. All PhD and MSc students are encouraged to submit a one-page abstract in pdf-format, including names of the authors, affiliations and e-mail addresses. Submission is done by easychair: https://easychair.org/my/conference?conf=csng2023

Important Dates

- Abstract submission deadline: October 27

- Notification of acceptance: November 10

- Registration deadline: November 17

- Workshop date: November 22

Participation

Participation is free of charge however registration is required. Register here!

Program

11:00 - 11:30 Registration
11:30 - 11:40 Welcome
11:40 - 12:30 Keynote (by Andrea Continella)

12:30 - 13:30 Lunch
13:30 - 14:30 Afternoon talks
14:30 - 15:30 Coffee and Poster session
15:30 - 16:15 BCMT candidate talks and Award ceremony

16:15 - 17:00 ACCSS Talk: Dr. Zeki Erkin (vice-chair)

17:00 - 18:30 Drinks and Networking

Keynote

Speaker: Andrea Continella (PhD), University of Twente

Title: "Our detector has a 99.99% accuracy!” but malware is still out there..."

Abstract: Malware is one of the oldest and still nowadays major Internet threats. Over the past 20 years, researchers and practitioners have designed and deployed increasingly sophisticated solutions to detect malicious samples, and the cybersecurity industry is now overflowing with anti-malware solutions, which score almost perfect detection rates. Nonetheless, as a matter of fact, malware still exists and infects systems on a daily basis, including critical infrastructures.

In this talk, I will take you on a journey into the depths of malware analysis and detection, highlighting the current open problems in the state-of-the-art, and pointing out directions for future research in a field too often considered "solved". Finally, I will conclude my talk with takeaways and lessons learned that apply beyond the malware scope and are actionable in several cybersecurity fields, discussing the way forward for our community.

Bio: Andrea Continella is an Associate Professor at the University of Twente, where he leads the cybersecurity team of the Semantics, Cybersecurity & Services group (SCS), and he is a member of the International Secure Systems Lab (iSecLab). Before joining the University of Twente, he was a Postdoctoral Researcher in the Computer Science Department at UC Santa Barbara, and he obtained a Ph.D. cum laude in Computer Science and Engineering at Politecnico di Milano. His research activity focuses on several aspects of systems security, such as malware and threat analysis, mobile and IoT security, automated vulnerability discovery, and large-scale measurements of security issues. Andrea is a strong advocate for open and reproducible science, he regularly publishes at top-tier security venues, and he serves on the program committees of major systems security conferences.

Afternoon Talks

13:30 - 14:00: "Topology-Based Reconstruction Defences for Decentralised Learning" by Florine Dekker (TU Delft)
14:00 - 14:30: "Deployability, Transparency, and Room for Improvement: Reproducing BGP Hijacking Detection Technique" by Ebrima Jaw  (University of Twente)

BCMT award ceremony

15:30 - 15:35: Introduction
15:35 - 16:00: Award Candidate: Jerre Starink (University of Twente): Analysis and Automated Detection of Host-Based Code Injection Techniques in Malware
16:00 - 16:25: Award Candidate: Bjorn Ruytenberg (TU/e): When Lightning Strikes Thrice: Breaking Thunderbolt Security
16:25 - 16:30: Award ceremony

Accepted posters TBA

Organized by Fatih Turkmen (University of Groningen)

Abhishta Abhishta (University of Twente)

Zeki Erkin (Technical University of Delft)

Aula Conference Center TU Delft
Mekelweg 5, 2628 CC Delft
Commissiekamer 3

Thursday 27 October 2022
14:00 - 16:00

Attendance is free of charge, but please register by email at info@pilab.nl. This is an in-person event. No live streaming will be available.

Very recently the Privacy Engineering Network (PEN-NL) was founded, an informal group of people from academia and industry working in privacy engineering. The group will meet several times a year in an informal atmosphere to present the latest developments to each other, and also just to network. The focus of this network will be (perhaps for the time being) on the technical perspective, but we do encourage non-technical people working in the field to join.

The second PEN-NL meeting will take place in Delft on the 27th of October between 14h and 16h. The location is Aula Conference Center, the commission room 3, (commissekamer 3), Mekelweg 5, 2628 CC Delft. Aula is easily accessible by public transportation. If you are by car, you can use P Aula, (navigatieadres Van der Waalsweg 1).

For this event, registration is needed for catering purposes. Attendance is free of charge. Please register by email at info@pilab.nl. This is an in-person event. No live streaming will be available.

Staying informed? Please subscribe to the PEN-NL mailinglist: https://mailman.science.ru.nl/mailman/listinfo/pen-nl

Workshop 

The annual Cyber Security Next Generation workshop in the Netherlands (supported by 4TU.NIRICT) aims to contribute to a stronger and more connected cyber security research community in the Netherlands. Seize this excellent opportunity to share ideas, experiences, and information, on the diverse topics of cyber security. Both researchers and practitioners working within the field of cyber security are cordially invited to join.

The 8th edition of this workshop will be held on the 13th of October, 2022 at the Aula Congress Center, Delft (Commisiekamer 3). Participation is free of charge. 

As in the previous years, the program committee is soliciting abstracts describing work on cyber security. The workshop also encourages the submission of interdisciplinary work on cybersecurity from related fields, including but not limited to all fields of criminology, law, economics, and psychology. All PhD and MSc students are encouraged to submit a one-page abstract in pdf-format, including names of the authors, affiliations and e-mail addresses. Submission is done by easychair: https://easychair.org/conferences/?conf=csng2022

Important Dates

- Abstract submission deadline: September 23 

- Notification of acceptance: September 30

- Registration deadline: October 7

- Workshop date: October 13

Registration

Registration is free but required. Register here!

Program

11:00 - 11:30  Registration
11:30 - 11:40  Welcome
11:40 - 12:30  Keynote
12:30 - 13:30  Lunch
13:30 - 14:30  Afternoon talks
14:30 - 15:30  Coffee and Poster session
15:30 - 16:30  BCMT candidate talks and Award ceremony
16:30 - 17:30  Borrel

Keynote

"Design Automation for Security: History and Perspectives" by Dr. Francesco Regazzoni (UvA)

Abstract:  Physical attacks exploit the physical weaknesses of cryptographic devices to reveal the secret information stored on them. Countermeasures against these attacks are often considered only in the later stages of the full design flow, and applied manually by designers with strong security expertise. This approach, however, negatively affects the robustness, the cost, and the production time of secure devices.
A more effective way to implement secure cryptographic algorithms would enable the automatic application of side channel countermeasures and would support the verification of their correct application. This talk will revise and summarize the research efforts in this important research direction, from the first works implementing hardware design flow for security to the initial steps of automatically driving design tools using security variables, and it will highlight future research direction in design automation for security.

Afternoon Talks

13:30 - 13:50: "Multi-domain Cyber-attack Detection in Industrial Control Systems" by Jan-Paul Konijn (University of Twente)
13:50 - 14:10: "Efficient Circuits for Permuting and Mapping Packed Values Across Leveled Homomorphic Ciphertexts" by Jelle Vos (TU Delft)
14:10 - 14:30: "Digital Signatures from the Matrix-code Equivalence problem" by Monika Trimoska (Radboud University)

BCMT award ceremony

15:30 - 15:35: Introduction
15:35 - 16:00: Finn de Ridder (VU Amsterdam, supervised by Cristiano Giuffrida and Herbert Bos) SMASH: Synchronized Many-sided Rowhammer Attacks from JavaScript
16:00 - 16:25: Arpita Ravindranath (TU Delft, supervised by Mauro Conti and Matteo Cardaioli) For your voice only - exploiting side channels in voice messaging for environment detection [winner]
16:25 - 16:30: Award ceremony 

Accepted posters

- The Effect of Consumer Portfolio on the Risk Profile of Cloud Provider - Muhammad Yasir Muzayan Haq, Abhishta Abhishta and Lambert J.M. Nieuwenhuis
- The State of User Profiling via Installed Mobile Apps and their Access Time - Fadi Mohsen, Dimka Karastoyanova and Fatih Turkmen
- SoK: Explainable Machine Learning for Computer Security Applications - Azqa Nadeem, Daniel Vos, Clinton Cao, Luca Pajola, Simon Dieck, Robert Baumgartner and Sicco Verwer
- Adversarially Robust Decision Tree Relabeling - Daniël Vos and Sicco Verwer
- ENFECTION: Encoding NetFlows for Network Anomaly Detection - Clinton Cao and Sicco Verwer
- Discerning Wheat from Chaff in SOCs: A Model to Identify ‘Non-Interesting’ Events in Security Operation Centers - Leon Kersten, Tom Mulders and Luca Allodi
- Trajectory Hiding and Sharing for Supply Chains with Differential Privacy - Tianyu Li, Li Xu, Zekeriya Erkin and Reginald Lagendijk
- Privacy-preserving data aggregation with public verifiability against internal adversaries - Marco Palazzo, Zekeriya Erkin and Florine W. Dekker
- Impact of Security Awareness Training on the Economic Losses due to Phishing - Robert Kooij
- Acyclic FL: Exploiting and Protecting Composition Gaps in Fully-decentralised Learning - Florine W. Dekker, Zekeriya Erkin and Mauro Conti
- Surveillance on your Sidewalk? A critical analysis of Amazon’s LoRaWAN-based connectivity protocol - Thijmen van Gend and Seda Gurses
- A system-immersion based coding strategy for cyber-attack diagnosis - Jiaxuan Zhang, Alexander J. Gallo and Riccardo M.G. Ferrari

Organized by

Azqa Nadeem (TU Delft)

Fatih Turkmen (University of Groningen)

ONLINE Workshop (due to COVID-19) 

The annual Cyber Security Next Generation workshop in the Netherlands (supported by 4TU.NIRICT) aims to contribute to a stronger and more connected cyber security research community in the Netherlands. Seize this excellent opportunity to share ideas, experiences, and information, within the diverse topics of cyber security. Both researchers and practitioners working within the field of cyber security are cordially invited to join.

The 7th edition of this workshop will be held online on the 25th of November, 2021. Participation is free of charge. The detailed instruction for Gather.town will be send to you via email in due time,  after registration.

As in the previous years, the program committee is soliciting abstracts describing work on cyber security. The workshop also encourages the submission of interdisciplinary work on cybersecurity from related fields, including but not limited to all fields of criminology, law, economics, and psychology. All PhD and MSc students are encouraged to submit a one-page abstract in pdf-format, including names of the authors, affiliations and e-mail addresses. Submission is done by easychair:  https://easychair.org/conferences/?conf=csng2021

Important Dates

- Abstract submission deadline: October 29

- Notification of acceptance: November 4

- Registration deadline: November 19

- Workshop date: November 25

Registration

Registration is free but required. Register here: xxx

Keynote 

(Network Layer) Anonymity By Default? Opportunities and Challenges by Dr. Stefanie Roos

Program
12:45 - 13:00  Welcome to the digital system: Gather.town
13:00 - 13:40  Keynote: Dr. Stefanie Roos, Delft University of Technology
13:40 - 14:30  Coffee Break and Poster session 
14:30 - 16:00  Talks
16:00 - 16:40  Presentation from the BCMT candidates and award ceremony
16:40 - 17:30 Award ceremony and digital drinks

Keynote

 (Network Layer) Anonymity By Default? Opportunities and Challenges

Afternoon Talks

• "DeepCASE: Semi-Supervised Contextual Analysis of Security Events" by Thijs van Ede, Hojjat Aghakhani, Noah Spahn, Riccardo Bortolameotti, Marco Cova, Andrea Continella, Maarten van Steen, Andreas Peter, Christopher Kruegel and Giovanni Vigna

• "Leveraging Partial Model Extractions using Uncertainty Quantification" by Arne Aarts, Wil Michiels and Peter Roelse

• "Encryption 4 All" by Daniel Ostkamp and Merel Brandon

BCMT award ceremony

Candidates:

16:00 - 16:20 Daniel Vos  (TU Delft, supervised by Sicco Verwer) Adversarially Robust Decision Trees Against User-Specified Threat Models [Winner]

16:20 - 16:40  Gabor Kozar (VU Amsterdam, supervised by Herbert Bos and Cristiano Giuffrida) Dangless Malloc: Safe Dangling Pointer Errors [Runner-up]

ONLINE Workshop 

The annual Cyber Security Next Generation workshop in the Netherlands (supported by 4TU.NIRICT) aims to contribute to a stronger and more connected cyber security research community in the Netherlands. Seize this excellent opportunity to share ideas, experiences, and information, within the diverse topics of cyber security. Both researchers and practitioners working within the field of cyber security are cordially invited to join.

The 6th edition of this workshop will be held ONLINE on the 27th of November, 2020. Participation is free of charge.

As in the previous years, the program committee is soliciting abstracts describing work on cyber security. The workshop also encourages the submission of interdisciplinary work on cybersecurity from related fields, including but not limited to all fields of criminology, law, economics, and psychology. All PhD and MSc students are encouraged to submit a one-page abstract in pdf-format, including names of the authors, affiliations and e-mail addresses. Submission is done by easychair: https://easychair.org/my/conference?conf=csng2020

Important Dates

- Abstract submission deadline: October 30

- Notification of acceptance: November 6

- Registration deadline: November 20

- Workshop date: November 27

Registration

Registration is free but required. Register here: https://www.aanmelder.nl/119966

Online Platform

We will use Gather.town. Details will be sent to you by e-mail.

Keynote by Dr. Seda Gurses

Staying with the trouble? Privacy Engineering in Contact Tracing Apps

Contact tracing apps became a phenomenon at the onset of the pandemic, in response to calls from governments to develop apps for contact tracing and at a moment at which large tech companies are becoming more and more interested in delivering privacy-preserving solutions. In this talk, I will provide insights into the privacy engineering approaches taken in the Decentralized Privacy-Preserving Proximity Tracing (DP3T) project. The proximity tracing approach proposed by DP3T was later implemented as the Google and Apple Exposure Notification (GAEN) and adopted by many of the European Contact Tracing apps. I will reflect on some of the lessons learned from this process that brought privacy technologies and privacy engineering to a broader public. I will also consider some of the troubles and challenges. As governments and tech companies prepare to gear up for more “Corona apps”, this talk should provide interesting insights into the potentials and limitations of privacy engineering in addressing associated societal concerns.

Program
12:00 - 13:00  Welcome and exploration of the digital platform to use. 
13:05 - 14:00  Keynote: Seda Gurses
14:00 - 14:15  Digital coffee break 
14:15 - 15:45  Talks
15:45 - 16:15  Digitial break
16:15 - 17:00  Presentation from the BCMT candidates and award ceremony
17:00 - 18:00  Poster session and digital drinks 

Keynote

Afternoon Talks

14:15 - 14:45 Thijs van Ede, Riccardo Bortolameotti, Andrea Continella, Jingjing Ren, Daniel J. Dubois, Martina Lindorfer, David Choffnes, Maarten van Steen and Andreas Peter. FlowPrint: Semi-Supervised Mobile-App Fingerprinting on Encrypted Network Traffic
14:45 - 15:15 Jiyue Huang, Stefanie Roos and Lydia Y. Chen. Contribution Measurement of Users in Federated Learning under Malicious Behavior
15:15 - 15:45 Carlos Hernandez Ganan, Ugur Akyazi and Elena Tsvetkova. Beneath the radar: Exploring the economics of business fraud via underground markets

BCMT award ceremony

Candidates:

16:15 - 16:35 Dominik Leichtle. Post-quantum signatures from identification schemes, TU Eindhoven and Universität Stuttgart.

16:35 - 16:55 Amber van der Heijden. Cognitive Triaging of Phishing Attacks, TU Eindhoven. 

Utrecht, The Netherlands
May 03, 2019

The annual Cyber Security Next Generation workshop in the Netherlands (supported by 4TU.NIRICT, dcypher, and NWO) aims to contribute to a stronger and more connected cyber security research community in the Netherlands. Seize this excellent opportunity to share ideas, experiences, and information, within the diverse topics of cyber security. Both researchers and practitioners working within the field of cyber security are cordially invited to join.

The 5th edition of this workshop will be held at SURFnet in Utrecht on May 03, 2019. Participation is free of charge.

As in the previous years, the program committee is soliciting abstracts describing work on cyber security. The workshop also encourages the submission of interdisciplinary work on cybersecurity from related fields, including but not limited to all fields of criminology, law, economics, and psychology. All PhD and MSc students are encouraged to submit a one-page abstract in pdf-format, including names of the authors, affiliations and e-mail addresses. Submission is done by sending an e-mail to: csngworkshop@gmail.com

Important Dates

- Abstract submission deadline: March 29, 2019

- Notification of acceptance: April 12, 2019

- Registration deadline: April 25, 2019

- Workshop date: May 03, 2019

Registration

Registration is free but required. Please register here.

Venue

The workshop will be held in the rooms of SURFnet in Utrecht which are right next to the train station:

Hoog Overborch Office Building (Hoog Catharijne)
3511 EP Utrecht Moreelspark 48

More details and directions can be found on the website of SURF.

Tentative Program

10:00 - 10:20  Registration
10:20 - 10:30  Welcome
10:30 - 11:15  Keynote: Anna Sperotto (University of Twente) - "Internet Security: Past, Present and Future challenges”
11:15 - 11:45  Morning coffee & poster session
11:45 - 12:30  Talks
12:30 - 13:30  Lunch
13:30 - 14:30  BCMT award ceremony
14:30 - 15:00  Coffee break & poster session
15:00 - 16:00  Talks
16:00 - 17:00  Borrel

Keynote

Anna Sperotto (University of Twente) - "Internet Security: Past, Present and Future challenges”

Abstract: The Internet is a magnificent dynamic system that is growing larger and faster than what we could ever had imagined. While there is speech of considering Internet access as a human right, we are at the same time faced daily with indications that the Internet infrastructure, and as a consequence we as society relying on it, are under attack. As future generation of security professionals, we have a chance to shape how the Internet will look like in the future. But to do so consciously and ethically, we need to know what we need to protect, and what the threats are. This talk with give some examples of attacks targeting the Internet, how we can measure them and what we can do to prevent them.

Morning Talks

11:45 - 12:05 Pavlo Burda (TU/e) - "Characterizing the Redundancy of DarkWeb .onion Services"
12:05 - 12:30 Remco Poortinga - van Wijnen (SURFnet) - "Security & Privacy (Research) at SURF"

Afternoon Talks

15:00 - 15:20 Oğuzhan Ersoy (TU Delft) - Bandwidth-Efficient Transaction Routing Mechanism for Blockchain Networks
15:20 - 15:40 Sharwan Adjodha (TU Delft) - Assessing Cyber Security Of Innovations For Climate Disaster Resilience
15:40 - 16:00 Mina Sheikhalishahi (TU/e) - Privacy Preserving Multi-party Access Control

BCMT award ceremony

13:30 - 13:35 Introduction
13:35 - 14:00 Stephan van Schaik (VU) - "Malicious Management Unit: Why Stopping Cache Attacks in Software is Harder Than You Think"

Abstract: Cache attacks have increasingly gained momentum in the security community. In such attacks, attacker-controlled code sharing the cache with a designated victim can leak confidential data by timing the execution of cache-accessing operations. Much recent work has focused on defenses that enforce cache access isolation between mutually distrusting software components. In such a landscape, many software-based defenses have been popularized, given their appealing portability and scalability guarantees. All such defenses prevent attacker-controlled CPU instructions from accessing a cache partition dedicated to a different security domain. We present a new class of attacks (indirect cache attacks), which can bypass all the existing software-based defenses. In such attacks, rather than accessing the cache directly, attacker-controlled code lures an external, trusted component into indirectly accessing the cache partition of the victim and mount a confused-deputy side-channel attack. To demonstrate the viability of these attacks, we focus on the MMU, demonstrating that indirect cache attacks based on translation operations performed by the MMU are practical and can be used to bypass all the existing software-based defenses. Our results show that the isolation enforced by existing defense techniques is imperfect and that generalizing such techniques to mitigate arbitrary cache attacks is much more challenging than previously assumed.

14:00 - 14:25 Pietro Frigo (VU) - "GLitch: Practical Microarchitectural Attacks from the GPU"

Abstract: Dark silicon is pushing processor vendors to add more specialized units such as accelerators to commodity processor chips. Unfortunately this is done without enough care to security. In this work we look at the security implications of integrated Graphics Processing Units (GPUs) found in almost all mobile processors. We demonstrate that GPUs, already widely employed to accelerate a variety of benign applications such as image rendering, can also be used to “accelerate” microarchitectural attacks (i.e., making them more effective) on commodity platforms. In particular, we show that an attacker can build all the necessary primitives for performing effective GPU-based microarchitectural attacks and that these primitives are all exposed to the web through standardized browser extensions, allowing side-channel and Rowhammer attacks from JavaScript. These attacks bypass state-of-the-art mitigations and advance existing CPU-based attacks: we show the first end-to-end microarchitectural compromise of a browser running on a mobile phone in under two minutes by orchestrating our GPU primitives.

14:25 - 14:30 Award Ceremony

The annual Cyber Security Workshop in the Netherlands (supported by 4TU.NIRICT, dcypher, and NWO) aims to contribute to a stronger and more connected cyber security research community in the Netherlands. Seize this excellent opportunity to share ideas, experiences, and information, within the diverse topics of cyber security. Both researchers and practitioners working within the field of cyber security are cordially invited to join.

The 4th edition of this workshop will be held in The Hague on October 17, 2018 at NWO offices, Laan van Nieuw Oost-Indië 300, Den Haag. Participation is free of charge.

We are delighted to have Dr. Jair Santanna giving a keynote speech: 'DDoSDB.org for mitigating DDoS attacks in the Dutch Society'.

As in the previous year, the program committee is soliciting abstracts describing work on cyber security. The workshop also encourages the submission of interdisciplinary work on cybersecurity from related fields, including but not limited to all fields of criminology, law, economics, and psychology. All PhD and MSc students are encouraged to submit a one-page abstract in pdf-format, including names of the authors, affiliations and e-mail addresses. Submission is done by sending an e-mail to: csngworkshop@gmail.com

Subscription to the event and program will be open soon and announced on this page.

Important Dates

• Abstract submission deadline: October 1, 2018
• Notification of acceptance: October 3, 2018
• Registration deadline: October 10, 2018
• Workshop date: October 17, 2018

Also this year, we hope to see many of you at this exciting workshop!

Register here!

Program:

10:00 - 10:45  Registration
10:45 - 11:00  Welcome words
11:00 - 11:45  Keynote "DDoSDB.org for mitigating DDoS attacks in the Dutch Society" (Jair Santanna, University of Twente)
11:45 - 12:15  Invited student talk: Karine E Silva, University of Tilburg: "Why interdisciplinary research makes a better thesis."
12:15 - 13:30  Lunch Break
13:30 - 14:15  Student presentations
    - "Applying Bayesian Networks to Distinguish between Intentional Attacks and Accidental Technical Failures in Industrial Control Systems" (Sabarathinam Chockalingam, Delft University)
    - "ACDC – Highway to Hell or a Legitimate Self-Defense in Cyberspace?" (Minttu Tasanko, Tilburg University)
14:15 - 15:30  Poster session (with coffee)
15:30 - 16:30  Student presentations
    - "AhEAD: Adaptiv EArly Detection of Botnets" (C. Dietz, Bundeswehr University Munich)
    - "Economic impact of DDoS attacks: How can we measure it?" (Abhishta, University of Twente)
16:30 - 16:45  Wrap up 
16:45 - ...    Networking and Drinks