User Tools

Site Tools


researchareas

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
researchareas [2017/10/23 17:22]
lallodi [Research output]
researchareas [2021/03/05 16:13] (current)
Line 8: Line 8:
 ===== Research output ===== ===== Research output =====
  
-^ Research Area ^ Staff member(s) ^ Sample of recent output ^ Full publication list +^ Research Area ^ Staff member(s) ^ Sample of output ^ 
-| Network monitoring | Sandro Etalle, Jerry den Hartog | {{rss>feed://dblp.uni-trier.de/pers/xs/e/Etalle:Sandro.rss 5 description}}| [[http://www.win.tue.nl/~setalle/|SEtalle]] [[http://www.win.tue.nl/~jhartog/| J. Hartog]] | +| Network monitoring | [[http://www.win.tue.nl/~setalle/|S. Etalle]] [[http://www.win.tue.nl/~jhartog/J. Hartog]] | <WRAP> 
-| Software security | Wil Michiels |{{rss>feed://dblp.uni-trier.de/pers/xs/m/Michiels:Wil.rss 5 description}}+  * [[ http://www.win.tue.nl/~setalle/2017_etalle_esorics_supervisable.pdf From Intrusion Detection to Software Design. ]] Sandro Etalle. ESORICS - European Symposium on Research in Computer Security 2017 (keynote talk). [[ http://www.win.tue.nl/~setalle/201709_etalle_esorics_slides.pdf (slides) ]] 
-| Secure data management | Jerry den Hartog, Milan Petkovic, [[http://security1.win.tue.nl/~zannone/|Nicola Zannone]] | [[http://www.sciencedirect.com/science/article/pii/S0167404817300135|Formal analysis of XACML policies using SMT.]] \\ Fatih Turkmen, Jerry den Hartog, Silvio Ranise, Nicola Zannone: Formal analysis of XACML policies using SMT. Computers & Security 66: 185-203 (2017) \\ [[https://doi.org/10.1007/978-3-319-41483-6_15|Data Governance and Transparency for Collaborative Systems.]] Rauf Mahmudlu, Jerry den Hartog, Nicola Zannone: Data Governance and Transparency for Collaborative Systems. DBSec 2016: 199-216\\ [[https://doi.org/10.3389/fict.2015.00009|SAFAX - An Extensible Authorization Service for Cloud Environments.]] \\ Samuel Paul Kaluvuri, Alexandru Ionut Egner, Jerry den Hartog, Nicola Zannone: SAFAX - An Extensible Authorization Service for Cloud Environments. Front. ICT 2015 (2015)\\ [[https://doi.org/10.1145/2752952.2752970|On Missing Attributes in Access Control: Non-deterministic and Probabilistic Attribute Retrieval.]]\\ Jason Crampton, Charles Morisset, Nicola Zannone: On Missing Attributes in Access Control: Non-deterministic and Probabilistic Attribute Retrieval. SACMAT 2015: 99-109\\ [[https://doi.org/10.1017/S1471068412000397|GEM: A distributed goal evaluation algorithm for trust management.]] \\ Daniel Trivellato, Nicola Zannone, Sandro Etalle: GEM: A distributed goal evaluation algorithm for trust management. TPLP 14(3): 293-337 (2014) | [[http://security1.win.tue.nl/~zannone/publications.html|N. Zannone]] +  * [[http://www.sciencedirect.com/science/article/pii/S2214212616302629 | A white-box anomaly-based framework for database leakage detection.]] Elisa Costante, Jerry den Hartog, Milan Petkovic, Sandro Etalle, Mykola Pechenizkiya. Journal of Information Security and Applications 32: 27-46 (2017) 
-| Deep learning applied to cyber security | Milan Petkovic  |{{rss>feed://dblp.uni-trier.de/pers/xs/p/Petkovic:Milan.rss 5 description}}  | +  * [[http://www.win.tue.nl/~setalle/2017_fauri_encryption.pdf | Encryption in ICS Networksa Blessing or a Curse?]] Davide Fauri, Bart de Wijs, Jerry den Hartog, Elisa Costante, Emmanuele Zambon, Sandro EtalleIn Proceedings of IEEE SmartGridComm 2017. 
-| [[processmining|Process mining applied to security and privacy]] | [[http://security1.win.tue.nl/~zannone/|Nicola Zannone]] | [[https://doi.org/10.1007/978-3-319-61461-8_12|Subgraph Mining for Anomalous Pattern Discovery in Event Logs.]] Laura Genga, Domenico Potena, Orazio Martino, Mahdi Alizadeh, Claudia Diamantini, Nicola Zannone: Subgraph Mining for Anomalous Pattern Discovery in Event Logs. NFMCP@PKDD/ECML 2016: 181-197 \\ [[https://doi.org/10.1109/SSCI.2015.194|Constructing Probable Explanations of Nonconformity: A Data-Aware and History-Based Approach.]] Mahdi Alizadeh, Massimiliano de Leoni, Nicola Zannone: Constructing Probable Explanations of Nonconformity: A Data-Aware and History-Based Approach. SSCI 2015: 1358-1365 \\ [[https://doi.org/10.1524/itit.2013.2006|Privacy Analysis of User Behavior Using Alignments.]] \\ Arya Adriansyah, Boudewijn F. van Dongen, Nicola Zannone: Privacy Analysis of User Behavior Using Alignments. it - Information Technology 55(6): 255-260 (2013) \\ [[https://doi.org/10.1109/SocialCom.2013.91|Controlling Break-the-Glass through Alignment]] Arya Adriansyah, Boudewijn F. van Dongen, Nicola Zannone: Controlling Break-the-Glass through Alignment. SocialCom 2013: 606-611 \\ [[https://doi.org/10.1007/978-3-642-23556-6_10|Purpose Control: Did You Process the Data for the Intended Purpose?]] \\ Milan Petkovic, Davide Prandi, Nicola Zannone: Purpose Control: Did You Process the Data for the Intended Purpose? Secure Data Management 2011: 145-168 | [[http://security1.win.tue.nl/~zannone/publications.html|NZannone]] | +</WRAP> |   
-[[attackereconomics|Attacker economics and operating environment]] Luca Allodi  | [[http://www.win.tue.nl/~lallodi/|LAllodi]]| +| Software security | Wil Michiels | 
-| [[riskanalysis|Cyber-risk quantification]] | Luca Allodi | [[http://www.win.tue.nl/~lallodi/allodi-risa-17.pdf|Security Events and Vulnerability Data for Cybersecurity Risk Estimation.]]Luca Allodi and Fabio Massacci (2017), Risk Analysis, 37: 1606–1627. doi:10.1111/risa.12864 \\  [[http://www.win.tue.nl/~lallodi/allodi-tissec-14.pdf|Comparing vulnerability severity and exploits using case-control studies.]] Luca Allodi, Fabio Massacci.ACM Transactions on Information and System Security (TISSEC). 17, 1, Article 1 (August 2014), 20 pages.\\ [[http://www.win.tue.nl/~lallodi/allodi-essos-15.pdf|The heavy tails of vulnerability exploitation.]] Luca Allodi. In International Symposium on Engineering Secure Software and Systems (pp. 133-148). Springer, Cham.  \\ [[http://www.win.tue.nl/~lallodi/allodi-massacci-BHUSA13-handout.pdf| How CVSS is DOSsing your patching policy (and wasting your money).]] Luca Allodi, Fabio Massacci. Presentation at BlackHat USA 2013. \\ [[http://www.win.tue.nl/~lallodi/allodi-13-iwcc.pdf| Quantitative assessment of risk reduction with cybercrime black market monitoring.]] Luca Allodi, Woohyun Shim, Fabio Massacci. Proceedings of IEEE S&P 2013 International Workshop on Cyber Crime.   | [[http://www.win.tue.nl/~lallodi/|L. Allodi]]+| Secure data management | Jerry den Hartog, Milan Petkovic, [[http://zannone.win.tue.nl/|Nicola Zannone]] | <WRAP> 
-| Identification and Authentication | Boris Skoric |  +  * [[http://www.sciencedirect.com/science/article/pii/S0167404817300135|Formal analysis of XACML policies using SMT.]] Fatih Turkmen, Jerry den Hartog, Silvio Ranise, Nicola Zannone: Formal analysis of XACML policies using SMT. Computers & Security 66: 185-203 (2017)  
-| Information-theoretic security | Boris Skoric |+  *  [[https://doi.org/10.1007/978-3-319-41483-6_15|Data Governance and Transparency for Collaborative Systems.]] Rauf Mahmudlu, Jerry den Hartog, Nicola Zannone: Data Governance and Transparency for Collaborative Systems. DBSec 2016: 199-216 
 +  *  [[https://doi.org/10.3389/fict.2015.00009|SAFAX - An Extensible Authorization Service for Cloud Environments.]] Samuel Paul Kaluvuri, Alexandru Ionut Egner, Jerry den Hartog, Nicola Zannone: SAFAX - An Extensible Authorization Service for Cloud Environments. Front. ICT 2015 (2015) 
 +  *  [[https://doi.org/10.1145/2752952.2752970|On Missing Attributes in Access Control: Non-deterministic and Probabilistic Attribute Retrieval.]] Jason Crampton, Charles Morisset, Nicola Zannone: On Missing Attributes in Access Control: Non-deterministic and Probabilistic Attribute Retrieval. SACMAT 2015: 99-109 
 +  *  [[https://doi.org/10.1017/S1471068412000397|GEM: A distributed goal evaluation algorithm for trust management.]] Daniel Trivellato, Nicola Zannone, Sandro Etalle: GEM: A distributed goal evaluation algorithm for trust management. TPLP 14(3): 293-337 (2014) 
 + </WRAP> |  
 +| Deep learning applied to cyber security | Milan Petkovic  |  | 
 +| [[processmining|Process mining applied to security and privacy]] | [[http://zannone.win.tue.nl/|Nicola Zannone]] | <WRAP> 
 +  * [[https://doi.org/10.1007/978-3-319-61461-8_12|Subgraph Mining for Anomalous Pattern Discovery in Event Logs.]] Laura Genga, Domenico Potena, Orazio Martino, Mahdi Alizadeh, Claudia Diamantini, Nicola Zannone: Subgraph Mining for Anomalous Pattern Discovery in Event Logs. NFMCP@PKDD/ECML 2016: 181-197  
 +  *  [[https://doi.org/10.1109/SSCI.2015.194|Constructing Probable Explanations of Nonconformity: A Data-Aware and History-Based Approach.]] Mahdi Alizadeh, Massimiliano de Leoni, Nicola Zannone: Constructing Probable Explanations of Nonconformity: A Data-Aware and History-Based Approach. SSCI 2015: 1358-1365  
 +  *  [[https://doi.org/10.1524/itit.2013.2006|Privacy Analysis of User Behavior Using Alignments.]] Arya Adriansyah, Boudewijn F. van Dongen, Nicola Zannone: Privacy Analysis of User Behavior Using Alignments. it - Information Technology 55(6): 255-260 (2013)  
 +  *  [[https://doi.org/10.1109/SocialCom.2013.91|Controlling Break-the-Glass through Alignment]] Arya Adriansyah, Boudewijn F. van Dongen, Nicola Zannone: Controlling Break-the-Glass through Alignment. SocialCom 2013: 606-611  
 +  *  [[https://doi.org/10.1007/978-3-642-23556-6_10|Purpose Control: Did You Process the Data for the Intended Purpose?]] Milan Petkovic, Davide Prandi, Nicola Zannone: Purpose Control: Did You Process the Data for the Intended Purpose? Secure Data Management 2011: 145-168 
 +</WRAP> |  
 +[[attackereconomics|Attacker economics and operating environment]] | [[https://lallodi.github.io|L. Allodi]] | <WRAP> 
 +  * [[https://arxiv.org/abs/1708.04866| Economic Factors of Vulnerability Trade and Exploitation: empirical evidence from a prominent Russian cybercrime market.]] Luca Allodi. ACM Conference on Computer and Communications Security (CCS) 2017. 
 +  * [[http://www.win.tue.nl/~lallodi/allodi-tetcs-15.pdfThen and Now: On The Maturity of the Cybercrime Markets. The lesson black-hat marketeers learned.]] Luca Allodi, Marco Corradin, Fabio Massacci. IEEE Transactions on Emerging Topics in Computing, 4(1):35–46, Jan 2016. 
 +  [[https://papers.ssrn.com/sol3/papers.cfm?abstract_id=2862299|The Work-Averse Cyber Attacker Model. Evidence from two million attack signatures.]] Luca Allodi, Fabio Massacci, Julian Williams.  Published in WEIS 2017. 
 +  * [[http://www.win.tue.nl/~lallodi/allodi-essos-15.pdf|The Heavy Tails of Vulnerability Exploitation]] Luca Allodi. In the Proceedings of ESSoS 2015.  
 +  * [[http://www.win.tue.nl/~lallodi/cset-13.pdfMalwareLab: Experimentation with Cybercrime Attack Tools.]] Luca Allodi, Vadim Kotov, Fabio Massacci. In Proceedings of Usenix CSET 2013.  
 + </WRAP> |  
 +| [[riskanalysis|Cyber-risk quantification]] | [[http://www.win.tue.nl/~lallodi/|L. Allodi]] <WRAP> 
 +  * [[http://www.win.tue.nl/~lallodi/allodi-risa-17.pdf|Security Events and Vulnerability Data for Cybersecurity Risk Estimation.]] Luca Allodi and Fabio Massacci (2017), Risk Analysis, 37: 1606–1627. doi:10.1111/risa.12864  
 +  [[http://www.win.tue.nl/~lallodi/allodi-tissec-14.pdf|Comparing vulnerability severity and exploits using case-control studies.]] Luca Allodi, Fabio Massacci.ACM Transactions on Information and System Security (TISSEC). 17, 1, Article 1 (August 2014), 20 pages. 
 +  * [[http://www.win.tue.nl/~lallodi/allodi-essos-15.pdf|The heavy tails of vulnerability exploitation.]] Luca Allodi. In International Symposium on Engineering Secure Software and Systems (pp. 133-148). Springer, Cham.   
 +  * [[http://www.win.tue.nl/~lallodi/allodi-massacci-BHUSA13-handout.pdf| How CVSS is DOSsing your patching policy (and wasting your money).]] Luca Allodi, Fabio Massacci. Presentation at BlackHat USA 2013.  
 +  * [[http://www.win.tue.nl/~lallodi/allodi-13-iwcc.pdf| Quantitative assessment of risk reduction with cybercrime black market monitoring.]] Luca Allodi, Woohyun Shim, Fabio Massacci. Proceedings of IEEE S&P 2013 International Workshop on Cyber Crime.  
 +</WRAP>|  
 +| Identification and Authentication | Boris Skoric |  
 +| Information-theoretic security | Boris Skoric | 
researchareas.1508772139.txt.gz · Last modified: 2021/01/10 20:59 (external edit)