Events

10th Annual Cyber Security Next Generation Workshop

Workshop

The annual Cyber Security Next Generation workshop in the Netherlands (supported by ACCSS) aims to contribute to a stronger and more connected cyber security research community in the Netherlands. Seize this excellent opportunity to share ideas, experiences, and information, on the diverse topics of cyber security. Both researchers and practitioners working within the field of cyber security are cordially invited to join.

The 10th edition of this workshop will be held on the 22nd of November, 2024. The event will take place at Bar BETON, Utrecht Central Station: Stationhall 2-9 (1st floor).

As in previous years, the program committee is soliciting abstracts describing work on cyber security. The workshop also encourages the submission of interdisciplinary work on cybersecurity from related fields, including but not limited to all fields of criminology, law, economics, and psychology. All PhD and MSc students are encouraged to submit a one-page abstract in pdf format, including authors' names, affiliations and e-mail addresses. Submission is done by easychair: https://easychair.org/conferences/?conf=csng2024

Registration
Registration is free but appreciated: https://www.aanmelder.nl/160608. Please let us know if you cannot attend.

Important Dates

- Abstract submission deadline: November 7: extended to November 11

- Notification of acceptance: November 14

- Registration deadline: November 18 (EoD)

- Workshop date: November 22

Participation

Participation is free of charge; however, registration is required. Register here!

Program

12:00 - 12:45 Registration and Lunch
12:45 - 13:45 Keynote
13:45 - 15:15 Afternoon talks
15:15 - 16:00 Coffee and Poster session
16:00 - 16:45 BCMT candidate talks and Award ceremony
16:45 - 17:00 ACCSS Ceremony
17:00 - 18:00 Drinks and Networking

Keynote

Speaker: Dr. Riccardo Lazzeretti

Title: Securing the Virtual Realm: An Analysis of Extended Reality Devices and Applications

Extended Reality (XR) technologies are driving a digital revolution, moving beyond 3D visuals to applications in entertainment, education, healthcare, and more. As the metaverse emerges, XR offers transformative possibilities—from assisting astronauts to enabling the hearing-impaired to "see" conversations through subtitles. XR devices are versatile in their functionality, equipped with an array of advanced sensors, communication capabilities, and hardware specifications. As these technologies evolve, our perception of reality seamlessly blends with the virtual world. However, the exponential growth of these technologies raises concerns about whether these devices are secure and the users' sensitive information is kept private.

In this talk, we’ll address the unique risks associated with XR devices—such as potential data breaches involving highly personal information—and the importance of building secure, privacy-centric frameworks as we develop and deploy XR solutions. By understanding these risks and proactively addressing them, we can harness XR’s potential in a responsible and ethical manner, creating digital spaces that are as safe as they are innovative.

Biography
Dr. Riccardo Lazzeretti is an associate professor of engineering in computer science at Sapienza University of Rome, Italy.

His research focuses on security and privacy, particularly the Internet of Things and applied cryptography. Lazzeretti received his PhD in Information Engineering from the University of Siena, Italy. Then, he worked as a post-doc at the Universities of Siena, Padua, and Sapienza. He is a Senior Member of IEEE and associate editor of IEEE Transaction on Information Forensic and Security (TIFS), Elsevier Journal of Information Security and Applications (JISA), and Elsevier Computer Networks (COMNET). He regularly publishes at top-tier security venues and serves on the program committees of security conferences, among which are Usenix Security and ACM CCS.

Afternoon Talks
13:45-14:15: Ruling the Unruly: Network Intrusion Detection Rule Design Principles for Specificity and Coverage to Decrease Unnecessary Workload in SOCs;Koen Theodora Wilhelmina Teuwen, Tom Mulders, Emmanuele Zambon and Luca Allodi
14:15-14:45: Oraqle: A Depth-Aware Secure Computation Compiler; Jelle Vos, Mauro Conti and Zekeriya Erkin
14:45-15:15: Quantifying Risk in the Kill-Chain: Automating Threat Prioritization for Kubernetes Clusters; Stefano Simonetto and Peter Bosch

BCMT award ceremony

16:00 - 16:20: Ioana Marin, Nicola Zannone, Luca Allodi: "The Influence of Personality Traits on the Intention to Report Phishing E-mails"
16:20 - 16:40: Sander Wiebing, Cristiano Giuffrida: "InSpectre Gadget: Assessing the Exploitability of Disclosure Gadgets through Characterization" [winner]
16:40 - 16:45: Award ceremony

Accepted posters

  • Ramakrishna Ramadugu, RIDI-Hypothesis: A Foundational Theory for Cybersecurity Risk Assessment in Cyber-Physical Systems
  • Savvas Kastanakis and Cristian Hesselman, From Policy to Practice: A Research Agenda for Measurement-based BGP Risk Assessment
  • Sirui Shen and Chenglu Jin, Reading It like an Open Book: Single-trace Blind Side-channel Attacks on Garbled Circuit Frameworks
  • Amrit Paudel, Kobid Bahadur Aryal, Aditya Mehta, Nalin Pradhan and Monika Kumari, Dynamic Approach to Malware detection and prevention : A comprehensive Analysis
  • Diana-Alexandra Bozea, Dipti Kapoor Sarmah and Mohammed El-Hajj, How Can GAN-DWT StegoMorph Transform Steganographic Techniques with Image Morphing?
  • Michelle Walterscheid, Nicole Huijts and Iris van Sintemaartensijk, Nudging Purchase Intention towards more Secure Domestic IoT: The Effect of Label Features and Psychological Mechanisms
  • Bashar Fteiha, Cybersecurity in Autonomous Vehicles and the Issue of Liability: What can Law and Economics Tell us?
  • Dāvis Šterns, Florine Dekker and Zekeriya Erkin, Efficient Data Unlearning in Privacy-Preserving Matrix Factorization for Personalized Course Recommendations
  • Nithin Reddy, Gadicharla, Enhancing Security and Usability in Semantic Knowledge Management Frameworks
  • Dominik Roy George and Savio Sciancalepore, ePPTM - Enhanced Privacy-Preserving Trajectory Matching on Autonomous Vehicles
  • Arthur van Geenen, Research Proposal: Addressing the Challenges of Digital Identity Fraud and Cybercrime in the Age of Digital Public and Private Services
  • Javara Allah Bukhsh, Maya Daneva and Marten van Sinderen, Understanding Phishing and Victimization from Literature: A Data-driven Meta-analysis
  • Organizing Committee
    Abhishta Abhishta (University of Twente)

    Zeki Erkin (Technical University of Delft)

    Tuesday, October 22, 2024

    9th Annual Cyber Security Next Generation Workshop

    9th Annual Cyber Security Next Generation Workshop

    Workshop

    The annual Cyber Security Next Generation workshop in the Netherlands (supported by ACCSS) aims to contribute to a stronger and more connected cyber security research community in the Netherlands. Seize this excellent opportunity to share ideas, experiences, and information, on the diverse topics of cyber security. Both researchers and practitioners working within the field of cyber security are cordially invited to join.

    The 9th edition of this workshop will be held on the 22nd of November, 2023, at the Centrum voor Veiligheid en Digitalisering (CvD) building, Apeldoorn (Wapenrustlaan 11).

    As in the previous years, the program committee is soliciting abstracts describing work on cyber security. The workshop also encourages the submission of interdisciplinary work on cybersecurity from related fields, including but not limited to all fields of criminology, law, economics, and psychology. All PhD and MSc students are encouraged to submit a one-page abstract in pdf-format, including names of the authors, affiliations and e-mail addresses. Submission is done by easychair: https://easychair.org/my/conference?conf=csng2023

     

    Important Dates

    - Abstract submission deadline: October 27

    - Notification of acceptance: November 10

    - Registration deadline: November 17

    - Workshop date: November 22

     

    Participation

    Participation is free of charge however registration is required. Register here!

     

    Program

    11:00 - 11:30 Registration
    11:30 - 11:40 Welcome
    11:40 - 12:30 Keynote (by Andrea Continella)

    12:30 - 13:30 Lunch
    13:30 - 14:30 Afternoon talks
    14:30 - 15:30 Coffee and Poster session
    15:30 - 16:15 BCMT candidate talks and Award ceremony

    16:15 - 17:00 ACCSS Talk: Dr. Zeki Erkin (vice-chair)

    17:00 - 18:30 Drinks and Networking

    Keynote

    Speaker: Andrea Continella (PhD), University of Twente

    Title: "Our detector has a 99.99% accuracy!” but malware is still out there..."

    Abstract: Malware is one of the oldest and still nowadays major Internet threats. Over the past 20 years, researchers and practitioners have designed and deployed increasingly sophisticated solutions to detect malicious samples, and the cybersecurity industry is now overflowing with anti-malware solutions, which score almost perfect detection rates. Nonetheless, as a matter of fact, malware still exists and infects systems on a daily basis, including critical infrastructures.

    In this talk, I will take you on a journey into the depths of malware analysis and detection, highlighting the current open problems in the state-of-the-art, and pointing out directions for future research in a field too often considered "solved". Finally, I will conclude my talk with takeaways and lessons learned that apply beyond the malware scope and are actionable in several cybersecurity fields, discussing the way forward for our community.

     

    Bio: Andrea Continella is an Associate Professor at the University of Twente, where he leads the cybersecurity team of the Semantics, Cybersecurity & Services group (SCS), and he is a member of the International Secure Systems Lab (iSecLab). Before joining the University of Twente, he was a Postdoctoral Researcher in the Computer Science Department at UC Santa Barbara, and he obtained a Ph.D. cum laude in Computer Science and Engineering at Politecnico di Milano. His research activity focuses on several aspects of systems security, such as malware and threat analysis, mobile and IoT security, automated vulnerability discovery, and large-scale measurements of security issues. Andrea is a strong advocate for open and reproducible science, he regularly publishes at top-tier security venues, and he serves on the program committees of major systems security conferences.

     

    Afternoon Talks

    13:30 - 14:00: "Topology-Based Reconstruction Defences for Decentralised Learning" by Florine Dekker (TU Delft)
    14:00 - 14:30: "Deployability, Transparency, and Room for Improvement: Reproducing BGP Hijacking Detection Technique" by Ebrima Jaw  (University of Twente)

    BCMT award ceremony

    15:30 - 15:35: Introduction
    15:35 - 16:00: Award Candidate: Jerre Starink (University of Twente): Analysis and Automated Detection of Host-Based Code Injection Techniques in Malware
    16:00 - 16:25: Award Candidate: Bjorn Ruytenberg (TU/e): When Lightning Strikes Thrice: Breaking Thunderbolt Security
    16:25 - 16:30: Award ceremony

     

    Accepted posters TBA

    Organized by Fatih Turkmen (University of Groningen)

    Abhishta Abhishta (University of Twente)

    Zeki Erkin (Technical University of Delft)

    Thursday, October 5, 2023

    Privacy Engineering Network NL - second meeting

    Aula Conference Center TU Delft
    Mekelweg 5, 2628 CC Delft
    Commissiekamer 3

    Thursday 27 October 2022
    14:00 - 16:00

     

    Attendance is free of charge, but please register by email at info@pilab.nl. This is an in-person event. No live streaming will be available.

    Very recently the Privacy Engineering Network (PEN-NL) was founded, an informal group of people from academia and industry working in privacy engineering. The group will meet several times a year in an informal atmosphere to present the latest developments to each other, and also just to network. The focus of this network will be (perhaps for the time being) on the technical perspective, but we do encourage non-technical people working in the field to join.

    The second PEN-NL meeting will take place in Delft on the 27th of October between 14h and 16h. The location is Aula Conference Center, the commission room 3, (commissekamer 3), Mekelweg 5, 2628 CC Delft. Aula is easily accessible by public transportation. If you are by car, you can use P Aula, (navigatieadres Van der Waalsweg 1).

    For this event, registration is needed for catering purposes. Attendance is free of charge. Please register by email at info@pilab.nl. This is an in-person event. No live streaming will be available.

    Staying informed? Please subscribe to the PEN-NL mailinglist: https://mailman.science.ru.nl/mailman/listinfo/pen-nl

     

    Monday, September 26, 2022

    8th Annual Cyber Security Next Generation Workshop

    Workshop 

    The annual Cyber Security Next Generation workshop in the Netherlands (supported by 4TU.NIRICT) aims to contribute to a stronger and more connected cyber security research community in the Netherlands. Seize this excellent opportunity to share ideas, experiences, and information, on the diverse topics of cyber security. Both researchers and practitioners working within the field of cyber security are cordially invited to join.

    The 8th edition of this workshop will be held on the 13th of October, 2022 at the Aula Congress Center, Delft (Commisiekamer 3). Participation is free of charge

    As in the previous years, the program committee is soliciting abstracts describing work on cyber security. The workshop also encourages the submission of interdisciplinary work on cybersecurity from related fields, including but not limited to all fields of criminology, law, economics, and psychology. All PhD and MSc students are encouraged to submit a one-page abstract in pdf-format, including names of the authors, affiliations and e-mail addresses. Submission is done by easychair: https://easychair.org/conferences/?conf=csng2022

    Important Dates

    - Abstract submission deadline: September 23 

    - Notification of acceptance: September 30

    - Registration deadline: October 7

    - Workshop date: October 13

    Registration

    Registration is free but required. Register here!

    Program

    11:00 - 11:30  Registration
    11:30 - 11:40  Welcome
    11:40 - 12:30  Keynote
    12:30 - 13:30  Lunch
    13:30 - 14:30  Afternoon talks
    14:30 - 15:30  Coffee and Poster session
    15:30 - 16:30  BCMT candidate talks and Award ceremony
    16:30 - 17:30  Borrel

    Keynote

    "Design Automation for Security: History and Perspectives" by Dr. Francesco Regazzoni (UvA)

    Abstract:  Physical attacks exploit the physical weaknesses of cryptographic devices to reveal the secret information stored on them. Countermeasures against these attacks are often considered only in the later stages of the full design flow, and applied manually by designers with strong security expertise. This approach, however, negatively affects the robustness, the cost, and the production time of secure devices.
    A more effective way to implement secure cryptographic algorithms would enable the automatic application of side channel countermeasures and would support the verification of their correct application. This talk will revise and summarize the research efforts in this important research direction, from the first works implementing hardware design flow for security to the initial steps of automatically driving design tools using security variables, and it will highlight future research direction in design automation for security.

    Afternoon Talks

    13:30 - 13:50: "Multi-domain Cyber-attack Detection in Industrial Control Systems" by Jan-Paul Konijn (University of Twente)
    13:50 - 14:10: "Efficient Circuits for Permuting and Mapping Packed Values Across Leveled Homomorphic Ciphertexts" by Jelle Vos (TU Delft)
    14:10 - 14:30: "Digital Signatures from the Matrix-code Equivalence problem" by Monika Trimoska (Radboud University)

    BCMT award ceremony

    15:30 - 15:35: Introduction
    15:35 - 16:00: Finn de Ridder (VU Amsterdam, supervised by Cristiano Giuffrida and Herbert Bos) SMASH: Synchronized Many-sided Rowhammer Attacks from JavaScript
    16:00 - 16:25: Arpita Ravindranath (TU Delft, supervised by Mauro Conti and Matteo Cardaioli) For your voice only - exploiting side channels in voice messaging for environment detection [winner]
    16:25 - 16:30: Award ceremony 

    Accepted posters

    - The Effect of Consumer Portfolio on the Risk Profile of Cloud Provider - Muhammad Yasir Muzayan Haq, Abhishta Abhishta and Lambert J.M. Nieuwenhuis
    - The State of User Profiling via Installed Mobile Apps and their Access Time - Fadi Mohsen, Dimka Karastoyanova and Fatih Turkmen
    - SoK: Explainable Machine Learning for Computer Security Applications - Azqa Nadeem, Daniel Vos, Clinton Cao, Luca Pajola, Simon Dieck, Robert Baumgartner and Sicco Verwer
    - Adversarially Robust Decision Tree Relabeling - Daniël Vos and Sicco Verwer
    - ENFECTION: Encoding NetFlows for Network Anomaly Detection - Clinton Cao and Sicco Verwer
    - Discerning Wheat from Chaff in SOCs: A Model to Identify ‘Non-Interesting’ Events in Security Operation Centers - Leon Kersten, Tom Mulders and Luca Allodi
    - Trajectory Hiding and Sharing for Supply Chains with Differential Privacy - Tianyu Li, Li Xu, Zekeriya Erkin and Reginald Lagendijk
    - Privacy-preserving data aggregation with public verifiability against internal adversaries - Marco Palazzo, Zekeriya Erkin and Florine W. Dekker
    - Impact of Security Awareness Training on the Economic Losses due to Phishing - Robert Kooij
    - Acyclic FL: Exploiting and Protecting Composition Gaps in Fully-decentralised Learning - Florine W. Dekker, Zekeriya Erkin and Mauro Conti
    - Surveillance on your Sidewalk? A critical analysis of Amazon’s LoRaWAN-based connectivity protocol - Thijmen van Gend and Seda Gurses
    - A system-immersion based coding strategy for cyber-attack diagnosis - Jiaxuan Zhang, Alexander J. Gallo and Riccardo M.G. Ferrari

    Organized by

    Azqa Nadeem (TU Delft)

    Fatih Turkmen (University of Groningen)

     

     

     

    Wednesday, August 17, 2022

    7th Annual Cyber Security Next Generation Workshop

    ONLINE Workshop (due to COVID-19) 

    The annual Cyber Security Next Generation workshop in the Netherlands (supported by 4TU.NIRICT) aims to contribute to a stronger and more connected cyber security research community in the Netherlands. Seize this excellent opportunity to share ideas, experiences, and information, within the diverse topics of cyber security. Both researchers and practitioners working within the field of cyber security are cordially invited to join.

    The 7th edition of this workshop will be held online on the 25th of November, 2021. Participation is free of charge. The detailed instruction for Gather.town will be send to you via email in due time,  after registration.

    As in the previous years, the program committee is soliciting abstracts describing work on cyber security. The workshop also encourages the submission of interdisciplinary work on cybersecurity from related fields, including but not limited to all fields of criminology, law, economics, and psychology. All PhD and MSc students are encouraged to submit a one-page abstract in pdf-format, including names of the authors, affiliations and e-mail addresses. Submission is done by easychair:  https://easychair.org/conferences/?conf=csng2021

    Important Dates

    - Abstract submission deadline: October 29

    - Notification of acceptance: November 4

    - Registration deadline: November 19

    - Workshop date: November 25

    Registration

    Registration is free but required. Register here: xxx

     

    Keynote 

    (Network Layer) Anonymity By Default? Opportunities and Challenges by Dr. Stefanie Roos

     

    Program
    12:45 - 13:00  Welcome to the digital system: Gather.town
    13:00 - 13:40  Keynote: Dr. Stefanie Roos, Delft University of Technology
    13:40 - 14:30  Coffee Break and Poster session 
    14:30 - 16:00  Talks
    16:00 - 16:40  Presentation from the BCMT candidates and award ceremony
    16:40 - 17:30 Award ceremony and digital drinks

    Keynote

     (Network Layer) Anonymity By Default? Opportunities and Challenges

    Afternoon Talks

    • "DeepCASE: Semi-Supervised Contextual Analysis of Security Events" by Thijs van Ede, Hojjat Aghakhani, Noah Spahn, Riccardo Bortolameotti, Marco Cova, Andrea Continella, Maarten van Steen, Andreas Peter, Christopher Kruegel and Giovanni Vigna

    • "Leveraging Partial Model Extractions using Uncertainty Quantification" by Arne Aarts, Wil Michiels and Peter Roelse

    • "Encryption 4 All" by Daniel Ostkamp and Merel Brandon

    BCMT award ceremony

    Candidates:

    16:00 - 16:20 Daniel Vos  (TU Delft, supervised by Sicco Verwer) Adversarially Robust Decision Trees Against User-Specified Threat Models [Winner]

    16:20 - 16:40  Gabor Kozar (VU Amsterdam, supervised by Herbert Bos and Cristiano Giuffrida) Dangless Malloc: Safe Dangling Pointer Errors [Runner-up]

     

     

    Monday, October 4, 2021

    6th Annual Cyber Security Next Generation Workshop

    ONLINE Workshop 

    The annual Cyber Security Next Generation workshop in the Netherlands (supported by 4TU.NIRICT) aims to contribute to a stronger and more connected cyber security research community in the Netherlands. Seize this excellent opportunity to share ideas, experiences, and information, within the diverse topics of cyber security. Both researchers and practitioners working within the field of cyber security are cordially invited to join.

    The 6th edition of this workshop will be held ONLINE on the 27th of November, 2020. Participation is free of charge.

    As in the previous years, the program committee is soliciting abstracts describing work on cyber security. The workshop also encourages the submission of interdisciplinary work on cybersecurity from related fields, including but not limited to all fields of criminology, law, economics, and psychology. All PhD and MSc students are encouraged to submit a one-page abstract in pdf-format, including names of the authors, affiliations and e-mail addresses. Submission is done by easychair: https://easychair.org/my/conference?conf=csng2020

    Important Dates

    - Abstract submission deadline: October 30

    - Notification of acceptance: November 6

    - Registration deadline: November 20

    - Workshop date: November 27

    Registration

    Registration is free but required. Register here: https://www.aanmelder.nl/119966

    Online Platform

    We will use Gather.town. Details will be sent to you by e-mail.

    Keynote by Dr. Seda Gurses

    Staying with the trouble? Privacy Engineering in Contact Tracing Apps

    Contact tracing apps became a phenomenon at the onset of the pandemic, in response to calls from governments to develop apps for contact tracing and at a moment at which large tech companies are becoming more and more interested in delivering privacy-preserving solutions. In this talk, I will provide insights into the privacy engineering approaches taken in the Decentralized Privacy-Preserving Proximity Tracing (DP3T) project. The proximity tracing approach proposed by DP3T was later implemented as the Google and Apple Exposure Notification (GAEN) and adopted by many of the European Contact Tracing apps. I will reflect on some of the lessons learned from this process that brought privacy technologies and privacy engineering to a broader public. I will also consider some of the troubles and challenges. As governments and tech companies prepare to gear up for more “Corona apps”, this talk should provide interesting insights into the potentials and limitations of privacy engineering in addressing associated societal concerns.

    Program
    12:00 - 13:00  Welcome and exploration of the digital platform to use. 
    13:05 - 14:00  Keynote: Seda Gurses
    14:00 - 14:15  Digital coffee break 
    14:15 - 15:45  Talks
    15:45 - 16:15  Digitial break
    16:15 - 17:00  Presentation from the BCMT candidates and award ceremony
    17:00 - 18:00  Poster session and digital drinks 

    Keynote

    Afternoon Talks

    14:15 - 14:45 Thijs van Ede, Riccardo Bortolameotti, Andrea Continella, Jingjing Ren, Daniel J. Dubois, Martina Lindorfer, David Choffnes, Maarten van Steen and Andreas Peter. FlowPrint: Semi-Supervised Mobile-App Fingerprinting on Encrypted Network Traffic
    14:45 - 15:15 Jiyue Huang, Stefanie Roos and Lydia Y. Chen. Contribution Measurement of Users in Federated Learning under Malicious Behavior
    15:15 - 15:45 Carlos Hernandez Ganan, Ugur Akyazi and Elena Tsvetkova. Beneath the radar: Exploring the economics of business fraud via underground markets

    BCMT award ceremony

    Candidates:

    16:15 - 16:35 Dominik Leichtle. Post-quantum signatures from identification schemes, TU Eindhoven and Universität Stuttgart.

    16:35 - 16:55 Amber van der Heijden. Cognitive Triaging of Phishing Attacks, TU Eindhoven. 

     

     

    Wednesday, March 11, 2020

    5th Annual Cyber Security Next Generation Workshop

    Utrecht, The Netherlands
    May 03, 2019

    The annual Cyber Security Next Generation workshop in the Netherlands (supported by 4TU.NIRICT, dcypher, and NWO) aims to contribute to a stronger and more connected cyber security research community in the Netherlands. Seize this excellent opportunity to share ideas, experiences, and information, within the diverse topics of cyber security. Both researchers and practitioners working within the field of cyber security are cordially invited to join.

    The 5th edition of this workshop will be held at SURFnet in Utrecht on May 03, 2019. Participation is free of charge.

    As in the previous years, the program committee is soliciting abstracts describing work on cyber security. The workshop also encourages the submission of interdisciplinary work on cybersecurity from related fields, including but not limited to all fields of criminology, law, economics, and psychology. All PhD and MSc students are encouraged to submit a one-page abstract in pdf-format, including names of the authors, affiliations and e-mail addresses. Submission is done by sending an e-mail to: csngworkshop@gmail.com

    Important Dates

    - Abstract submission deadline: March 29, 2019

    - Notification of acceptance: April 12, 2019

    - Registration deadline: April 25, 2019

    - Workshop date: May 03, 2019

    Registration

    Registration is free but required. Please register here.

    Venue

    The workshop will be held in the rooms of SURFnet in Utrecht which are right next to the train station:

    Hoog Overborch Office Building (Hoog Catharijne)
    3511 EP Utrecht Moreelspark 48

    More details and directions can be found on the website of SURF.

    Tentative Program

    10:00 - 10:20  Registration
    10:20 - 10:30  Welcome
    10:30 - 11:15  Keynote: Anna Sperotto (University of Twente) - "Internet Security: Past, Present and Future challenges”
    11:15 - 11:45  Morning coffee & poster session
    11:45 - 12:30  Talks
    12:30 - 13:30  Lunch
    13:30 - 14:30  BCMT award ceremony
    14:30 - 15:00  Coffee break & poster session
    15:00 - 16:00  Talks
    16:00 - 17:00  Borrel

    Keynote

    Anna Sperotto (University of Twente) - "Internet Security: Past, Present and Future challenges”

    Abstract: The Internet is a magnificent dynamic system that is growing larger and faster than what we could ever had imagined. While there is speech of considering Internet access as a human right, we are at the same time faced daily with indications that the Internet infrastructure, and as a consequence we as society relying on it, are under attack. As future generation of security professionals, we have a chance to shape how the Internet will look like in the future. But to do so consciously and ethically, we need to know what we need to protect, and what the threats are. This talk with give some examples of attacks targeting the Internet, how we can measure them and what we can do to prevent them.

    Morning Talks

    11:45 - 12:05 Pavlo Burda (TU/e) - "Characterizing the Redundancy of DarkWeb .onion Services"
    12:05 - 12:30 Remco Poortinga - van Wijnen (SURFnet) - "Security & Privacy (Research) at SURF"

    Afternoon Talks

    15:00 - 15:20 Oğuzhan Ersoy (TU Delft) - Bandwidth-Efficient Transaction Routing Mechanism for Blockchain Networks
    15:20 - 15:40 Sharwan Adjodha (TU Delft) - Assessing Cyber Security Of Innovations For Climate Disaster Resilience
    15:40 - 16:00 Mina Sheikhalishahi (TU/e) - Privacy Preserving Multi-party Access Control

    BCMT award ceremony

    13:30 - 13:35 Introduction
    13:35 - 14:00 Stephan van Schaik (VU) - "Malicious Management Unit: Why Stopping Cache Attacks in Software is Harder Than You Think"

    Abstract: Cache attacks have increasingly gained momentum in the security community. In such attacks, attacker-controlled code sharing the cache with a designated victim can leak confidential data by timing the execution of cache-accessing operations. Much recent work has focused on defenses that enforce cache access isolation between mutually distrusting software components. In such a landscape, many software-based defenses have been popularized, given their appealing portability and scalability guarantees. All such defenses prevent attacker-controlled CPU instructions from accessing a cache partition dedicated to a different security domain. We present a new class of attacks (indirect cache attacks), which can bypass all the existing software-based defenses. In such attacks, rather than accessing the cache directly, attacker-controlled code lures an external, trusted component into indirectly accessing the cache partition of the victim and mount a confused-deputy side-channel attack. To demonstrate the viability of these attacks, we focus on the MMU, demonstrating that indirect cache attacks based on translation operations performed by the MMU are practical and can be used to bypass all the existing software-based defenses. Our results show that the isolation enforced by existing defense techniques is imperfect and that generalizing such techniques to mitigate arbitrary cache attacks is much more challenging than previously assumed.

    14:00 - 14:25 Pietro Frigo (VU) - "GLitch: Practical Microarchitectural Attacks from the GPU"

    Abstract: Dark silicon is pushing processor vendors to add more specialized units such as accelerators to commodity processor chips. Unfortunately this is done without enough care to security. In this work we look at the security implications of integrated Graphics Processing Units (GPUs) found in almost all mobile processors. We demonstrate that GPUs, already widely employed to accelerate a variety of benign applications such as image rendering, can also be used to “accelerate” microarchitectural attacks (i.e., making them more effective) on commodity platforms. In particular, we show that an attacker can build all the necessary primitives for performing effective GPU-based microarchitectural attacks and that these primitives are all exposed to the web through standardized browser extensions, allowing side-channel and Rowhammer attacks from JavaScript. These attacks bypass state-of-the-art mitigations and advance existing CPU-based attacks: we show the first end-to-end microarchitectural compromise of a browser running on a mobile phone in under two minutes by orchestrating our GPU primitives.

    14:25 - 14:30 Award Ceremony

     

    Monday, January 28, 2019

    4th CSng Workshop

    The annual Cyber Security Workshop in the Netherlands (supported by 4TU.NIRICT, dcypher, and NWO) aims to contribute to a stronger and more connected cyber security research community in the Netherlands. Seize this excellent opportunity to share ideas, experiences, and information, within the diverse topics of cyber security. Both researchers and practitioners working within the field of cyber security are cordially invited to join.

    The 4th edition of this workshop will be held in The Hague on October 17, 2018 at NWO offices, Laan van Nieuw Oost-Indië 300, Den Haag. Participation is free of charge.

    We are delighted to have Dr. Jair Santanna giving a keynote speech: 'DDoSDB.org for mitigating DDoS attacks in the Dutch Society'.

    As in the previous year, the program committee is soliciting abstracts describing work on cyber security. The workshop also encourages the submission of interdisciplinary work on cybersecurity from related fields, including but not limited to all fields of criminology, law, economics, and psychology. All PhD and MSc students are encouraged to submit a one-page abstract in pdf-format, including names of the authors, affiliations and e-mail addresses. Submission is done by sending an e-mail to: csngworkshop@gmail.com

    Subscription to the event and program will be open soon and announced on this page.

    Important Dates

    • Abstract submission deadline: October 1, 2018
    • Notification of acceptance: October 3, 2018
    • Registration deadline: October 10, 2018
    • Workshop date: October 17, 2018

    Also this year, we hope to see many of you at this exciting workshop!

    Register here!

    Program:

    10:00 - 10:45  Registration
    10:45 - 11:00  Welcome words
    11:00 - 11:45  Keynote "DDoSDB.org for mitigating DDoS attacks in the Dutch Society" (Jair Santanna, University of Twente)
    11:45 - 12:15  Invited student talk: Karine E Silva, University of Tilburg: "Why interdisciplinary research makes a better thesis."
    12:15 - 13:30  Lunch Break
    13:30 - 14:15  Student presentations
        - "Applying Bayesian Networks to Distinguish between Intentional Attacks and Accidental Technical Failures in Industrial Control Systems" (Sabarathinam Chockalingam, Delft University)
        - "ACDC – Highway to Hell or a Legitimate Self-Defense in Cyberspace?" (Minttu Tasanko, Tilburg University)
    14:15 - 15:30  Poster session (with coffee)
    15:30 - 16:30  Student presentations
        - "AhEAD: Adaptiv EArly Detection of Botnets" (C. Dietz, Bundeswehr University Munich)
        - "Economic impact of DDoS attacks: How can we measure it?" (Abhishta, University of Twente)
    16:30 - 16:45  Wrap up 
    16:45 - ...    Networking and Drinks

     

     

    Thursday, September 27, 2018

    Chris Brzuska lecture at TU Eindhoven

    Date:   Thursday 16.11.2017, 10-11 hr. 
    Place: Filmzaal de Zwarte Doos + Lounge, Eindhoven.
    Speaker: Chris Brzuska
     
    From MiniCrypt to Obfustopia
     
    Abstract:
     
    Cryptography hinges on assumptions that, if true, imply that P is not equal to NP. Therefore, cryptographic assumptions are unlikely to be proven true in the near future.

    Yet, not all cryptographic assumptions are equally likely to be true. In 2005, Russell Impagliazzo gave an invited talk titled "A personal view of Average-Case Complexity" where he distinguished between the (minimal) "MiniCrypt" world where One-Way Functions exist and the (more adventurous) "Cryptomania" world where One-Way Functions with trapdoors exist.

    Since then, the cryptographic community has become substantially more adventurous. In 2009, Craig Gentry suggested a candidate fully homomorphic encryption (FHE) scheme. If FHE exists, numerous long-standing open crypto problems could be solved. In 2013, Garg, Gentry, Halevi, Raykova, Sahai and Waters suggested a candidate construction for a yet more adventurous primitive called indistinguishability obfuscation (iO). If iO exists, it solves numerous further big open problems in cryptography. Sceptics call this world "Obfustopia".

    Yet, iO is not only a strong assumption, but also a conceptually intriguing object. iO is mutually exclusive with other cryptographic assumptions that were believed before... ...and (unlike most of cryptography) iO exists if P equals NP! In the talk, we will discuss the conceptual oddities of iO.

     

    Thursday, November 16, 2017

    Protecting Web Passwords from Rogue Servers using Trusted Execution Environments

    Guest Lecture by Andrew Paverd
    13:30, Tuesday , October 24th
    Lecture Hall H
    Organized by Cyber Security Group, Supported by 4TU.Nirict

    Passwords are undoubtedly the most dominant user authentication mechanism on the web today. Although password-based authentication is inexpensive and easy-to-use, it faces various security concerns, including phishing and theft of password databases. Users' tendency to re-use passwords across different services further exacerbates these two concerns. Current solutions are not fully satisfactory: they typically address only one of the two concerns; they do not protect passwords from rogue servers; they do not provide users with any verifiable evidence of their (server-side) adoption; and they face deployability challenges in terms of cost for service providers and/or ease-of-use for end users.

    In this talk I will present SafeKeeper, a comprehensive approach to protect the confidentiality of passwords on the web. Unlike previous approaches, SafeKeeper protects against very strong adversaries, including rogue servers and sophisticated external phishers. It is inexpensive to deploy as it (i) uses widely available hardware security mechanisms like Intel SGX; (ii) is integrated into popular web platforms like WordPress; and (iii) has small performance overhead. I will describe a variety of challenges we faced in designing and implementing such a system, and how we overcame them.

    Andrew Paverd is a Research Fellow at Aalto University, Finland, and a Deputy Director of the Helsinki-Aalto Center for Information Security. He obtained his Masters degree in Electrical and Computer Engineering from the University of Cape Town in 2012, and his PhD in Computer Science from the University of Oxford in 2016. He is a recipient of the 2017-18 Fulbright Cybersecurity Scholar Award, for which he will visit the USA in early 2018. His research interests are primarily in the area of systems security, and in particular the use of hardware security mechanisms, such as TPMs, Intel SGX, and ARM TrustZone. His interests also include the design and analysis of security protocols, distributed consensus mechanisms, and privacy-enhancing technologies.

    Tuesday, October 24, 2017

    Pages