CyberSecIT: Automated and Autonomous Cybersecurity for IoT will develop a practical, secure and privacy-enhancing solution regaining control for end-users and companies over their IoT ecosystems while enjoying all the benefits that come from automated data analysis and autonomous privacy-preserving security monitoring.

Read more

News in English

Cristiana Santos and Victor Morel: The problem with CMPs and TCF-based cookie paywalls

Cristiana and Victor have co-authored a recent paper titled “Legitimate Interest is the New Consent – Large-Scale Measurement and Legal Compliance of IAB Europe TCF Paywalls”. With them we are directing our attention to consent walls in the context of publishers and the open market, having already dedicated two recent interviews to the “consent or pay” model as it concerns Instagram and Facebook (ie. Meta). We will also try to understand the challenges and potential conflicts of interest faced by CMP (Consent Management Platform) vendors.

Source: Masters of Privacy podcast

Seminar: Navigating the Cybersecurity Landscape

Chalmers ICT Area of Advance invites you to a full-day seminar of the subject Cyber Security. Several speakers are part of the CyberSecIT project, including Simone Fischer-Hübner, and Tamara Rezk (WASP guest professor) who will give one of the keynote.

Source: Chalmers' news

The Shifting Privacy Left Podcast - "Automated Privacy Decisions: Usability vs. Lawfulness" with Simone Fischer-Hübner & Victor Morel

Today, Debra welcomes Victor Morel, PhD and Simone Fischer-Hübner, PhD to discuss their recent paper, "Automating Privacy Decisions – where to draw the line?" and their proposed classification scheme. We dive into the complexity of automating privacy decisions and emphasize the importance of maintaining both compliance and usability (e.g., via user control and informed consent).

Source: The Shifting Privacy Left Podcast

Meet the WASP Postdocs - Victor Morel

Victor Morel’s fascination of privacy and data protection began during an Erasmus year at Uppsala University in Sweden. After completing his PhD in France in Protecting Privacy, he had the opportunity to return to Sweden for a Postdoc within the WASP NEST CyberSecIT at Chalmers University of Technology. Victor collaborates with Simone Fischer-Hübner, Professor in Privacy Security at Karlstad University, Visiting Professor at Chalmers, and part of WASP Faculty. YouTube video

Source: WASP Sweden & YouTube

2nd Best Presentation at IWPE 2023

Victor Morel won a Linddun Go card deck to assess privacy risks for the 2nd best presentation at IWPE 2023.

How do we keep safe from cyber attacks?

Interview with Andrei Sabelfeld about threats online and how to to think about cyber security. Link to the YouTube video.

Source: Chalmers' CSE department

Your Consent is Worth 75 Euros a Year

Podcast with Victor where he explains his research on cookie paywalls and how it is being used on the web. This podcast also covers Transparency and Consent Framework (TCF) and the efforts of Belgium Data Protection Agency and similar agencies to audit websites.

Source: Data Skeptic

Slack’s and Teams’ Lax App Security Raises Alarms

Collaboration apps like Slack and Microsoft Teams have become the connective tissue of the modern workplace, tying together users with everything from messaging to scheduling to video conference tools. But as Slack and Teams become full-blown, app-enabled operating systems of corporate productivity, one group of researchers has pointed to serious risks in what they expose to third-party programs—at the same time as they're trusted with more organizations' sensitive data than ever before.

Source: Wired

Robust Security and Privacy for the Internet of Things

The goal of the NEST project CyberSecIT is a secure and well-functioning IoT that poses no threat to users’ personal privacy. “We have collected the most prominent experts in this field in Sweden and I’m convinced that we can make a difference,” says Andrei Sabelfeld, who is leading the initiative.

Source: WASP-Sweden

News in Swedish

Digitalisering som möjliggörare för hållbar utveckling

Hur skapar vi en hållbar omställning i samhället? Var med när ledande forskare från KTH diskuterar digitaliseringens möjligheter och risker.

Source: Internetstiftelsen

IT-experten: Därför är Vklass-läckan i Göteborg allvarlig

Tiotusentals elevers personuppgifter har läckt från Göteborgs stads lärplattform Vklass. Uppgifterna lades ut till försäljning i en annons på internet. Ett allvarligt problem, menar cybersäkerhetsexperten Andrei Sabelfeld som tagit del av annonsen.

Source: SVT

Elevernas uppgifter läckte i augusti – upptäcktes i oktober

Personuppgifter från 47 000 elever i Göteborg läckte från plattformen Vklass i augusti. Det upptäcktes först i oktober, nästan två månader senare.

Source: GP



Spider-Scents: Grey-box Database-aware Web Scanning for Stored XSS
Eric Olsson, Benjamin Eriksson, Adam Doupé, Andrei Sabelfeld
In USENIX 2024


Silent Spring: Prototype Pollution Leads to Remote Code Execution in Node.js
Mikhail Shcherbakov, Musard Balliu and Cristian-Alexandru Staicu
In 32nd USENIX Security Symposium (USENIX Security'23), Anaheim, CA, USA. 2023.

LazyTAP: On-Demand Data Minimization for Trigger-Action Applications
Mohammad M. Ahmadpanah, Daniel Hedin and Andrei Sabelfeld
In IEEE Symposium on Security and Privacy (S&P'23), May 2023.

Structural and functional explanations for informing lay and expert users: The case of functional encryption
Ala Alaqra, Farzaneh Karegar, Simone Fischer-Hübner
In PETS 2023 (PoPETS journal issue 4)

Automating privacy decisions – where to draw the line?
Victor Morel and Simone Fischer-Hübner
In IWPE'23, International Workshop on Privacy Engineering 2023 @ Euro S&P

Tapping into Privacy: A Study of User Preferences and Concerns on Trigger-Action Platforms
Piero Romare, Victor Morel, Farzaneh Karegar, Simone Fischer-Hübner
In PST'23, Annual International Conference on Privacy, Security & Trust

Differentially Private Traffic Flow Prediction using Transformers: A Federated Approach
Sargam Gupta, Vicenç Torra
In DPM'2023, 18th DPM International Workshop on Data Privacy Management @ ESORICS

Black Ostrich: Web Application Scanning with String Solvers
Benjamin Eriksson, Amanda Stjerna, Riccardo De Masellis, Philipp Rümmer, Andrei Sabelfeld
In ACM CCS 2023

Legitimate Interest is the New Consent -- Large-Scale Measurement and Legal Compliance of IAB Europe TCF Paywalls
Victor Morel, Cristiana Santos, Viktor Fredholm, Adam Thunberg
In WPES @ ACM CCS 2023

Putting a Padlock on Lambda -- Integrating vTPMs into AWS Firecracker
Melker Veltman, Alexandra Parkegren, Victor Morel


PSO + FL = PAASO: particle swarm optimization + federated learning = privacy-aware agent swarm optimization
Vicenç Torra, Edgar Galván & Guillermo Navarro-Arribas
In International Journal of Information Security (IJIS), 2022.

Guide to Data Privacy - Models, Technologies, Solutions
Vicenc Torra
In Undergraduate Topics in Computer Science (UTICS), 2022.

DFTMicroagg: a dual-level anonymization algorithm for smart grid data
Kayode Sakariyah Adewole and Vicenc Torra
In International Journal of Information Security (IJIS), 2022.

Privacy Issues in Smart Grid Data: From Energy Disaggregation to Disclosure Risk
Kayode Sakariyah Adewole and Vicenc Torra
In Database and Expert Systems Applications (DEXA), 2022.

Exploring User-Suitable Metaphors for Differentially Private Data Analyses
Farzaneh Karegar, Ala Sarah Alaqra, Simone Fischer-Hübner
In Eighteenth Symposium on Usable Privacy and Security (SOUPS), 2022.

Your Consent Is Worth 75 Euros A Year – Measurement and Lawfulness of Cookie Paywalls
Victor Morel, Cristiana Santos, Soheil Human, Yvonne Lintao
In Proceedings of the 21st Workshop on Privacy in the Electronic Society (WPES)

No Signal Left to Chance: Driving Browser Extension Analysis by Download Patterns
Pablo Picazo-Sanchez, Benjamin Eriksson and Andrei Sabelfeld
In Annual Computer Security Applications Conference (ACSAC), 2022.

SecWasm: Information Flow Control for WebAssembly
Iulia Bastys, Maximilian Algehed, Alexander Sjösten and Andrei Sabelfeld
In Static Analysis Symposium (SAS), 2022.

Are Chrome extensions compliant with the spirit of least privilege?
Pablo Picazo-Sanchez, Lara Ortiz-Martin, Gerardo Schneider, and Andrei Sabelfeld
In International Journal of Information Security (IJIS), 2022.

Practical Data Access Minimization in Trigger-Action Platforms
Yunang Chen, Mohannad Alhanahnah, Rahul Chatterjee, Earlence Fernandes, and Andrei Sabelfeld
In USENIX Security Symposium (USENIX Security), 2022.

CatNap: Leveraging Generic MPC for Actively Secure Privacy-Enhancing Proximity Testing with a Napping Party
Ivan Oleynikov, Elena Pagnin and Andrei Sabelfeld
In International Conference on Security and Cryptography (SECRYPT), 2022.

Outsourcing MPC Precomputation for Location Privacy
Ivan Oleynikov, Elena Pagnin and Andrei Sabelfeld
In Location Privacy Workshop (LPW), 2022.

Hardening the Security Analysis of Browser Extensions
Benjamin Eriksson, Pablo Picazo-Sanchez and Andrei Sabelfeld
In ACM Symposium On Applied Computing (SAC), 2022.


*/ ?>


Andrei Sabelfeld

Project Leader and PI

Chalmers University of Technology

Musard Balliu


KTH Royal Institute of Technology

Simone Fischer-Hübner


Chalmers University of Technology
Karlstad University

Vicenc Torra


Umeå University

Tamara Rezk

Chalmers University of Technology

Farzaneh Karegar

Karlstad University

Benjamin Eriksson

Chalmers University of Technology

Victor Morel

Chalmers University of Technology

Iulia Bastys

Chalmers University of Technology

Mohammad Ahmadpanah

Chalmers University of Technology

Sargam Gupta

Umeå University

Ivan Oleynikov

Chalmers University of Technology

Eric Olsson

Chalmers University of Technology

Mojtaba Moazen

KTH Royal Institute of Technology

Piero Romare

Chalmers University of Technology



Chalmers University of Technology
*/ ?>