User Tools

Site Tools


researchareas

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
researchareas [2017/10/23 17:38]
lallodi [Research output]
researchareas [2022/02/01 09:20]
zannonen [Research output]
Line 3: Line 3:
 Research at the Security Group at TU/e covers both empirical and theoretical areas of computer security, including network detection and system authentication, physical security and malware engineering and trading, as well as management of health and sensible data and risk evaluation. Research at the Security Group at TU/e covers both empirical and theoretical areas of computer security, including network detection and system authentication, physical security and malware engineering and trading, as well as management of health and sensible data and risk evaluation.
  
-Below you can find an updated list of the recent and core contributions in these area of research.+Below you can find an updated list of the recent and core contributions in these areas of research.
  
  
 ===== Research output ===== ===== Research output =====
  
-^ Research Area ^ Staff member(s) ^ Sample of output ^ Full publication list +^ Research Area ^ Staff member(s) ^ Sample of output ^ 
-| Network monitoring | Sandro Etalle, Jerry den Hartog | {{rss>feed://dblp.uni-trier.de/pers/xs/e/Etalle:Sandro.rss 5 description}}| [[http://www.win.tue.nl/~setalle/|SEtalle]] [[http://www.win.tue.nl/~jhartog/| J. Hartog]] | +| Network monitoring | [[http://www.win.tue.nl/~setalle/|S. Etalle]] [[http://www.win.tue.nl/~jhartog/| J. Hartog]] [[https://research.tue.nl/en/persons/emmanuele-zambon-mazzocatoEmmanuele Zambon-Mazzocato]]| <WRAP> 
-| Software security | Wil Michiels |{{rss>feed://dblp.uni-trier.de/pers/xs/m/Michiels:Wil.rss 5 description}}+  * [[ http://www.win.tue.nl/~setalle/2017_etalle_esorics_supervisable.pdf From Intrusion Detection to Software Design. ]] Sandro Etalle. ESORICS - European Symposium on Research in Computer Security 2017 (keynote talk). [[ http://www.win.tue.nl/~setalle/201709_etalle_esorics_slides.pdf (slides) ]] 
-| Secure data management | Jerry den Hartog, Milan Petkovic, [[http://security1.win.tue.nl/~zannone/|Nicola Zannone]] | <WRAP>+  * [[http://www.sciencedirect.com/science/article/pii/S2214212616302629 | A white-box anomaly-based framework for database leakage detection.]] Elisa Costante, Jerry den Hartog, Milan Petkovic, Sandro Etalle, Mykola Pechenizkiya. Journal of Information Security and Applications 32: 27-46 (2017) 
 +  * [[http://www.win.tue.nl/~setalle/2017_fauri_encryption.pdf | Encryption in ICS Networksa Blessing or a Curse?]] Davide Fauri, Bart de Wijs, Jerry den Hartog, Elisa Costante, Emmanuele Zambon, Sandro EtalleIn Proceedings of IEEE SmartGridComm 2017. 
 +  * [[https://scholar.google.com/citations?view_op=view_citation&hl=nl&user=28P--UkAAAAJ&sortby=pubdate&citation_for_view=28P--UkAAAAJ:kRWSkSYxWN8C | Similarity-Based Clustering For IoT Device Classification.]] G Dupont, C Leite, DR dos Santos, E Costante, J den Hartog, S Etalle. 2021 IEEE International Conference on Omni-Layer Intelligent Systems (COINS) 
 +</WRAP> |   
 +| Software security | Wil Michiels | 
 +| Secure data management | Jerry den Hartog, Milan Petkovic, [[http://zannone.win.tue.nl/|Nicola Zannone]] | <WRAP>
   * [[http://www.sciencedirect.com/science/article/pii/S0167404817300135|Formal analysis of XACML policies using SMT.]] Fatih Turkmen, Jerry den Hartog, Silvio Ranise, Nicola Zannone: Formal analysis of XACML policies using SMT. Computers & Security 66: 185-203 (2017)    * [[http://www.sciencedirect.com/science/article/pii/S0167404817300135|Formal analysis of XACML policies using SMT.]] Fatih Turkmen, Jerry den Hartog, Silvio Ranise, Nicola Zannone: Formal analysis of XACML policies using SMT. Computers & Security 66: 185-203 (2017) 
   *  [[https://doi.org/10.1007/978-3-319-41483-6_15|Data Governance and Transparency for Collaborative Systems.]] Rauf Mahmudlu, Jerry den Hartog, Nicola Zannone: Data Governance and Transparency for Collaborative Systems. DBSec 2016: 199-216   *  [[https://doi.org/10.1007/978-3-319-41483-6_15|Data Governance and Transparency for Collaborative Systems.]] Rauf Mahmudlu, Jerry den Hartog, Nicola Zannone: Data Governance and Transparency for Collaborative Systems. DBSec 2016: 199-216
Line 17: Line 22:
   *  [[https://doi.org/10.1145/2752952.2752970|On Missing Attributes in Access Control: Non-deterministic and Probabilistic Attribute Retrieval.]] Jason Crampton, Charles Morisset, Nicola Zannone: On Missing Attributes in Access Control: Non-deterministic and Probabilistic Attribute Retrieval. SACMAT 2015: 99-109   *  [[https://doi.org/10.1145/2752952.2752970|On Missing Attributes in Access Control: Non-deterministic and Probabilistic Attribute Retrieval.]] Jason Crampton, Charles Morisset, Nicola Zannone: On Missing Attributes in Access Control: Non-deterministic and Probabilistic Attribute Retrieval. SACMAT 2015: 99-109
   *  [[https://doi.org/10.1017/S1471068412000397|GEM: A distributed goal evaluation algorithm for trust management.]] Daniel Trivellato, Nicola Zannone, Sandro Etalle: GEM: A distributed goal evaluation algorithm for trust management. TPLP 14(3): 293-337 (2014)   *  [[https://doi.org/10.1017/S1471068412000397|GEM: A distributed goal evaluation algorithm for trust management.]] Daniel Trivellato, Nicola Zannone, Sandro Etalle: GEM: A distributed goal evaluation algorithm for trust management. TPLP 14(3): 293-337 (2014)
- </WRAP> | [[http://security1.win.tue.nl/~zannone/publications.html|N. Zannone]] + </WRAP> |  
-| Deep learning applied to cyber security | Milan Petkovic  |{{rss>feed://dblp.uni-trier.de/pers/xs/p/Petkovic:Milan.rss 5 description}}  | +Trustworthy AI and Deep learning applied to cyber security | Milan Petkovic  |  | 
-| [[processmining|Process mining applied to security and privacy]] | [[http://security1.win.tue.nl/~zannone/|Nicola Zannone]] | <WRAP>+| [[processmining|Process mining applied to security and privacy]] | [[http://zannone.win.tue.nl/|Nicola Zannone]] | <WRAP>
   * [[https://doi.org/10.1007/978-3-319-61461-8_12|Subgraph Mining for Anomalous Pattern Discovery in Event Logs.]] Laura Genga, Domenico Potena, Orazio Martino, Mahdi Alizadeh, Claudia Diamantini, Nicola Zannone: Subgraph Mining for Anomalous Pattern Discovery in Event Logs. NFMCP@PKDD/ECML 2016: 181-197    * [[https://doi.org/10.1007/978-3-319-61461-8_12|Subgraph Mining for Anomalous Pattern Discovery in Event Logs.]] Laura Genga, Domenico Potena, Orazio Martino, Mahdi Alizadeh, Claudia Diamantini, Nicola Zannone: Subgraph Mining for Anomalous Pattern Discovery in Event Logs. NFMCP@PKDD/ECML 2016: 181-197 
   *  [[https://doi.org/10.1109/SSCI.2015.194|Constructing Probable Explanations of Nonconformity: A Data-Aware and History-Based Approach.]] Mahdi Alizadeh, Massimiliano de Leoni, Nicola Zannone: Constructing Probable Explanations of Nonconformity: A Data-Aware and History-Based Approach. SSCI 2015: 1358-1365    *  [[https://doi.org/10.1109/SSCI.2015.194|Constructing Probable Explanations of Nonconformity: A Data-Aware and History-Based Approach.]] Mahdi Alizadeh, Massimiliano de Leoni, Nicola Zannone: Constructing Probable Explanations of Nonconformity: A Data-Aware and History-Based Approach. SSCI 2015: 1358-1365 
Line 25: Line 30:
   *  [[https://doi.org/10.1109/SocialCom.2013.91|Controlling Break-the-Glass through Alignment]] Arya Adriansyah, Boudewijn F. van Dongen, Nicola Zannone: Controlling Break-the-Glass through Alignment. SocialCom 2013: 606-611    *  [[https://doi.org/10.1109/SocialCom.2013.91|Controlling Break-the-Glass through Alignment]] Arya Adriansyah, Boudewijn F. van Dongen, Nicola Zannone: Controlling Break-the-Glass through Alignment. SocialCom 2013: 606-611 
   *  [[https://doi.org/10.1007/978-3-642-23556-6_10|Purpose Control: Did You Process the Data for the Intended Purpose?]] Milan Petkovic, Davide Prandi, Nicola Zannone: Purpose Control: Did You Process the Data for the Intended Purpose? Secure Data Management 2011: 145-168   *  [[https://doi.org/10.1007/978-3-642-23556-6_10|Purpose Control: Did You Process the Data for the Intended Purpose?]] Milan Petkovic, Davide Prandi, Nicola Zannone: Purpose Control: Did You Process the Data for the Intended Purpose? Secure Data Management 2011: 145-168
-</WRAP> | [[http://security1.win.tue.nl/~zannone/publications.html|NZannone]] | +</WRAP> |  
-[[attackereconomics|Attacker economics and operating environment]] [[http://www.win.tue.nl/~lallodi/|L. Allodi]]  [[attackereconomics|Research page]]|+[[attackereconomics|Attacker economics and operating environment]] | [[https://lallodi.github.io|L. Allodi]] | <WRAP> 
 +  * [[https://arxiv.org/abs/1708.04866| Economic Factors of Vulnerability Trade and Exploitation: empirical evidence from a prominent Russian cybercrime market.]] Luca Allodi. ACM Conference on Computer and Communications Security (CCS) 2017. 
 +  * [[http://www.win.tue.nl/~lallodi/allodi-tetcs-15.pdfThen and Now: On The Maturity of the Cybercrime Markets. The lesson black-hat marketeers learned.]] Luca Allodi, Marco Corradin, Fabio Massacci. IEEE Transactions on Emerging Topics in Computing, 4(1):35–46, Jan 2016. 
 +  [[https://papers.ssrn.com/sol3/papers.cfm?abstract_id=2862299|The Work-Averse Cyber Attacker Model. Evidence from two million attack signatures.]] Luca Allodi, Fabio Massacci, Julian Williams.  Published in WEIS 2017. 
 +  * [[http://www.win.tue.nl/~lallodi/allodi-essos-15.pdf|The Heavy Tails of Vulnerability Exploitation]] Luca Allodi. In the Proceedings of ESSoS 2015.  
 +  [[http://www.win.tue.nl/~lallodi/cset-13.pdfMalwareLab: Experimentation with Cybercrime Attack Tools.]] Luca Allodi, Vadim Kotov, Fabio Massacci. In Proceedings of Usenix CSET 2013.  
 + </WRAP> 
 | [[riskanalysis|Cyber-risk quantification]] | [[http://www.win.tue.nl/~lallodi/|L. Allodi]] | <WRAP> | [[riskanalysis|Cyber-risk quantification]] | [[http://www.win.tue.nl/~lallodi/|L. Allodi]] | <WRAP>
-  * [[http://www.win.tue.nl/~lallodi/allodi-risa-17.pdf|Security Events and Vulnerability Data for Cybersecurity Risk Estimation.]]Luca Allodi and Fabio Massacci (2017), Risk Analysis, 37: 1606–1627. doi:10.1111/risa.12864 +  * [[http://www.win.tue.nl/~lallodi/allodi-risa-17.pdf|Security Events and Vulnerability Data for Cybersecurity Risk Estimation.]] Luca Allodi and Fabio Massacci (2017), Risk Analysis, 37: 1606–1627. doi:10.1111/risa.12864 
   * [[http://www.win.tue.nl/~lallodi/allodi-tissec-14.pdf|Comparing vulnerability severity and exploits using case-control studies.]] Luca Allodi, Fabio Massacci.ACM Transactions on Information and System Security (TISSEC). 17, 1, Article 1 (August 2014), 20 pages.   * [[http://www.win.tue.nl/~lallodi/allodi-tissec-14.pdf|Comparing vulnerability severity and exploits using case-control studies.]] Luca Allodi, Fabio Massacci.ACM Transactions on Information and System Security (TISSEC). 17, 1, Article 1 (August 2014), 20 pages.
   * [[http://www.win.tue.nl/~lallodi/allodi-essos-15.pdf|The heavy tails of vulnerability exploitation.]] Luca Allodi. In International Symposium on Engineering Secure Software and Systems (pp. 133-148). Springer, Cham.     * [[http://www.win.tue.nl/~lallodi/allodi-essos-15.pdf|The heavy tails of vulnerability exploitation.]] Luca Allodi. In International Symposium on Engineering Secure Software and Systems (pp. 133-148). Springer, Cham.  
   * [[http://www.win.tue.nl/~lallodi/allodi-massacci-BHUSA13-handout.pdf| How CVSS is DOSsing your patching policy (and wasting your money).]] Luca Allodi, Fabio Massacci. Presentation at BlackHat USA 2013.    * [[http://www.win.tue.nl/~lallodi/allodi-massacci-BHUSA13-handout.pdf| How CVSS is DOSsing your patching policy (and wasting your money).]] Luca Allodi, Fabio Massacci. Presentation at BlackHat USA 2013. 
   * [[http://www.win.tue.nl/~lallodi/allodi-13-iwcc.pdf| Quantitative assessment of risk reduction with cybercrime black market monitoring.]] Luca Allodi, Woohyun Shim, Fabio Massacci. Proceedings of IEEE S&P 2013 International Workshop on Cyber Crime.    * [[http://www.win.tue.nl/~lallodi/allodi-13-iwcc.pdf| Quantitative assessment of risk reduction with cybercrime black market monitoring.]] Luca Allodi, Woohyun Shim, Fabio Massacci. Proceedings of IEEE S&P 2013 International Workshop on Cyber Crime. 
-</WRAP>| [[riskanalysis|Research page]]| +</WRAP> 
-Identification and Authentication | Boris Skoric |  | +| Identification and Authentication | Boris Skoric | <WRAP> 
-| Information-theoretic security | Boris Skoric | |+  * [[ https://ieeexplore.ieee.org/document/8332526 Decay-Based DRAM PUFs in Commodity Devices. ]] André Schaller; Wenjie Xiong; Nikolaos Athanasios Anagnostopoulos; Muhammad Umair Saleem; Sebastian Gabmeyer; Boris Škorić; Stefan Katzenbeisser; Jakub Szefer. IEEE Transactions on Dependable and Secure Computing Volume: 16, Issue: 3, May-June 1 2019. 
 +  * [[ https://iopscience.iop.org/article/10.1088/2058-9565/ab479f/pdf Asymmetric cryptography with physical unclonable keys. ]] Ravitej Uppu, Tom A W Wolterink, Sebastianus A Goorden, Bin Chen, Boris Škorić, Allard P Mosk,and Pepijn W H Pinkse. Quantum Science and Technology, Volume 4, Number 4, 2019.  
 +  * [[ https://www.osapublishing.org/optica/fulltext.cfm?uri=optica-1-6-421&id=306292 Quantum-secure authentication of a physical unclonable key. ]] Sebastianus A. Goorden, Marcel Horstmann, Allard P. Mosk, Boris Škorić, and Pepijn W. H. Pinkse. Optica Vol. 1, Issue 6, 2014 
 +  * [[ https://jis-eurasipjournals.springeropen.com/articles/10.1186/s13635-019-0096-0 Fingerprint template protection using minutia-pair spectral representations. ]] Taras Stanko, Bin Chen & Boris Škorić. EURASIP Journal on Information Security volume 2019 
 +  * [[ https://ieeexplore.ieee.org/document/7041187 | Tally-Based Simple Decoders for Traitor Tracing and Group Testing. ]] Boris Škorić. IEEE Transactions on Information Forensics and Security, Volume: 10, Issue: 6, June 2015 
 +</WRAP> |  
 +| Information-theoretic security | Boris Skoric | <WRAP> 
 +  * [[ https://arxiv.org/abs/2012.15493 | Quantum digital signatures with smaller public keys. ]] Boris Škorić. 2021 
 +  * [[ https://arxiv.org/abs/2006.02476 | Can't Touch This: unconditional tamper evidence from short keys. ]] Bart van der Vecht, Xavier Coiteux-Roy, Boris Skoric. 2020 
 +  * [[ https://arxiv.org/abs/2010.10827 | Two-way Unclonable Encryption with a vulnerable sender. ]] Daan Leermakers, Boris Skoric. 2020 
 +  * [[https://www.rintonpress.com/journals/doi/QIC21.11-12-1.html | Qubit-based Unclonable Encryption with Key Recycling.]] Daan Leermakers and Boris Skoric. Quantum Information and Computation, Vol.21 No.11&12 September 2021 
 +  * [[https://arxiv.org/abs/2008.13151 | Data Sanitisation Protocols for the Privacy Funnel with Differential Privacy Guarantees.]] Milan Lopuhaä-Zwakenberg, Haochen Tong, Boris Škorić. Fourteenth International Conference on the Digital Society, 2020   
 +</WRAP>
 +| IoT Security and Privacy | [[https://ssciancalepore.win.tue.nl/|Savio Sciancalepore]]| <WRAP> 
 +  * [[https://cri-lab.net/wp-content/uploads/2021/08/Mitigating-Energy-Depletion-Attacks-in-IoT.pdf | Mitigating Energy Depletion Attacks in IoT Networks via Random Time-Slotted Channel Access.]] Savio Sciancalepore, Pietro Tedeschi, Usman Riasat, and Roberto Di Pietro. 2021 IEEE Conference on Communications and Network Security (CNS), October 4-6, 2021. 
 +  * [[https://cri-lab.net/wp-content/uploads/2021/11/Tedeschi2021_ACSAC21.pdf | ARID - Anonymous Remote Identification of Unmanned Aerial Vehicles.]] Pietro Tedeschi, Savio Sciancalepore, Roberto Di Pietro. 2021 ACM Annual Computer Security Applications Conference (ACSAC) (ACSAC), December 6-10, 2021. 
 +  * [[https://cri-lab.net/wp-content/uploads/2020/11/pprq_scianca2020.pdf | PPRQ: Privacy-Preserving MAX/MIN Range 
 +Queries in IoT Networks.]] Savio Sciancalepore, Roberto Di Pietro. IEEE Internet of Things Journal (IOT-J), November 2020. doi: 10.1109/JIOT.2020.3037115. 
 +  * [[https://intersct.nl/wp-content/uploads/2022/01/iot_ac_uncertainty-1.pdf | PICO: Privacy-Preserving Access Control in IoT Scenarios through Incomplete Information.]] Savio Sciancalepore, Nicola Zannone. SAC ’22, April 25–29, 2022, Virtual Event. 
 +</WRAP> |  
 +| Social engineering | [[https://lallodi.github.io|Luca Allodi]], [[http://zannone.win.tue.nl/|Nicola Zannone]] | <WRAP> 
 +  * [[https://dl.acm.org/doi/10.1145/3407023.3409178 | Testing the effectiveness of tailored phishing techniques in industry and academia: a field experiment.]] Pavlo Burda, Tzouliano Chotza, Luca Allodi, Nicola Zannone. ARES 2020: 3:1-3:10 
 +  * [[https://doi.org/10.1109/EuroSPW54576.2021.00024 | Dissecting Social Engineering Attacks Through the Lenses of Cognition.]] Pavlo Burda, Luca Allodi, Nicola Zannone. EuroS&P Workshops 2021: 149-160 
 +  * [[https://doi.org/10.1109/MSEC.2019.2940952 |The Need for New Antiphishing Measures Against Spear-Phishing Attacks.]] Luca Allodi, Tzouliano Chotza, Ekaterina Panina, Nicola Zannone.  IEEE Security & Privacy 18(2): 23-34 (2020) 
 +  * [[https://doi.org/10.1007/978-3-030-65610-2_9 |A Toolkit for Security Awareness Training Against Targeted Phishing.]] Simone Pirocca, Luca Allodi, Nicola Zannone. ICISS 2020: 137-159 
 +</WRAP> |
researchareas.txt · Last modified: 2022/02/01 09:20 by zannonen