
CyberSecIT will develop a practical, secure and privacy-enhancing solution regaining control for end-users and companies over their IoT ecosystems while enjoying all the benefits that come from automated data analysis and autonomous privacy-preserving security monitoring.
Read more
News in English

Your Consent is Worth 75 Euros a Year
Podcast with Victor where he explains his research on cookie paywalls and how it is being used on the web. This podcast also covers Transparency and Consent Framework (TCF) and the efforts of Belgium Data Protection Agency and similar agencies to audit websites.
Source: Data Skeptic

Slack’s and Teams’ Lax App Security Raises Alarms
Collaboration apps like Slack and Microsoft Teams have become the connective tissue of the modern workplace, tying together users with everything from messaging to scheduling to video conference tools. But as Slack and Teams become full-blown, app-enabled operating systems of corporate productivity, one group of researchers has pointed to serious risks in what they expose to third-party programs—at the same time as they're trusted with more organizations' sensitive data than ever before.
Source: Wired

Robust Security and Privacy for the Internet of Things
The goal of the NEST project CyberSecIT is a secure and well-functioning IoT that poses no threat to users’ personal privacy. “We have collected the most prominent experts in this field in Sweden and I’m convinced that we can make a difference,” says Andrei Sabelfeld, who is leading the initiative.
Source: WASP-Sweden
News in Swedish
Digitalisering som möjliggörare för hållbar utveckling
Hur skapar vi en hållbar omställning i samhället? Var med när ledande forskare från KTH diskuterar digitaliseringens möjligheter och risker.
Source: Internetstiftelsen

IT-experten: Därför är Vklass-läckan i Göteborg allvarlig
Tiotusentals elevers personuppgifter har läckt från Göteborgs stads lärplattform Vklass. Uppgifterna lades ut till försäljning i en annons på internet. Ett allvarligt problem, menar cybersäkerhetsexperten Andrei Sabelfeld som tagit del av annonsen.
Source: SVT

Elevernas uppgifter läckte i augusti – upptäcktes i oktober
Personuppgifter från 47 000 elever i Göteborg läckte från plattformen Vklass i augusti. Det upptäcktes först i oktober, nästan två månader senare.
Source: GP
Publications
2023
Silent Spring: Prototype Pollution Leads to Remote Code Execution in Node.js
Mikhail Shcherbakov, Musard Balliu and Cristian-Alexandru Staicu
In
32nd USENIX Security Symposium (USENIX Security'23), Anaheim, CA, USA. 2023.
2022
Guide to Data Privacy - Models, Technologies, Solutions
Vicenc Torra
In
Undergraduate Topics in Computer Science (UTICS), 2022.
DFTMicroagg: a dual-level anonymization algorithm for smart grid data
Kayode Sakariyah Adewole and Vicenc Torra
In
International Journal of Information Security (IJIS), 2022.
Privacy Issues in Smart Grid Data: From Energy Disaggregation to Disclosure Risk
Kayode Sakariyah Adewole and Vicenc Torra
In
Database and Expert Systems Applications (DEXA), 2022.
Exploring User-Suitable Metaphors for Differentially Private Data Analyses
Farzaneh Karegar, Ala Sarah Alaqra, Simone Fischer-Hübner
In
Eighteenth Symposium on Usable Privacy and Security (SOUPS), 2022.
No Signal Left to Chance: Driving Browser Extension Analysis by Download Patterns
Pablo Picazo-Sanchez, Benjamin Eriksson and Andrei Sabelfeld
In
Annual Computer Security Applications Conference (ACSAC), 2022.
SecWasm: Information Flow Control for WebAssembly
Iulia Bastys, Maximilian Algehed, Alexander Sjösten and Andrei Sabelfeld
In
Static Analysis Symposium (SAS), 2022.
Are Chrome extensions compliant with the spirit of least privilege?
Pablo Picazo-Sanchez, Lara Ortiz-Martin, Gerardo Schneider, and Andrei Sabelfeld
In
International Journal of Information Security (IJIS), 2022.
Practical Data Access Minimization in Trigger-Action Platforms
Yunang Chen, Mohannad Alhanahnah, Rahul Chatterjee, Earlence Fernandes, and Andrei Sabelfeld
In
USENIX Security Symposium (USENIX Security), 2022.
Are Chrome extensions compliant with the spirit of least privilege?
Pablo Picazo-Sanchez, Lara Ortiz-Martin, Gerardo Schneider, and Andrei Sabelfeld
In
International Journal of Information Security (IJIS), 2022.
CatNap: Leveraging Generic MPC for Actively Secure Privacy-Enhancing Proximity Testing with a Napping Party
Ivan Oleynikov, Elena Pagnin and Andrei Sabelfeld
In
International Conference on Security and Cryptography (SECRYPT), 2022.
Outsourcing MPC Precomputation for Location Privacy
Ivan Oleynikov, Elena Pagnin and Andrei Sabelfeld
In
Location Privacy Workshop (LPW), 2022.
Hardening the Security Analysis of Browser Extensions
Benjamin Eriksson, Pablo Picazo-Sanchez and Andrei Sabelfeld
In
ACM Symposium On Applied Computing (SAC), 2022.