CyberSecIT will develop a practical, secure and privacy-enhancing solution regaining control for end-users and companies over their IoT ecosystems while enjoying all the benefits that come from automated data analysis and autonomous privacy-preserving security monitoring.

Read more

News in English

Your Consent is Worth 75 Euros a Year

Podcast with Victor where he explains his research on cookie paywalls and how it is being used on the web. This podcast also covers Transparency and Consent Framework (TCF) and the efforts of Belgium Data Protection Agency and similar agencies to audit websites.

Source: Data Skeptic

Slack’s and Teams’ Lax App Security Raises Alarms

Collaboration apps like Slack and Microsoft Teams have become the connective tissue of the modern workplace, tying together users with everything from messaging to scheduling to video conference tools. But as Slack and Teams become full-blown, app-enabled operating systems of corporate productivity, one group of researchers has pointed to serious risks in what they expose to third-party programs—at the same time as they're trusted with more organizations' sensitive data than ever before.

Source: Wired

Robust Security and Privacy for the Internet of Things

The goal of the NEST project CyberSecIT is a secure and well-functioning IoT that poses no threat to users’ personal privacy. “We have collected the most prominent experts in this field in Sweden and I’m convinced that we can make a difference,” says Andrei Sabelfeld, who is leading the initiative.

Source: WASP-Sweden


News in Swedish

Digitalisering som möjliggörare för hållbar utveckling

Hur skapar vi en hållbar omställning i samhället? Var med när ledande forskare från KTH diskuterar digitaliseringens möjligheter och risker.

Source: Internetstiftelsen

IT-experten: Därför är Vklass-läckan i Göteborg allvarlig

Tiotusentals elevers personuppgifter har läckt från Göteborgs stads lärplattform Vklass. Uppgifterna lades ut till försäljning i en annons på internet. Ett allvarligt problem, menar cybersäkerhetsexperten Andrei Sabelfeld som tagit del av annonsen.

Source: SVT

Elevernas uppgifter läckte i augusti – upptäcktes i oktober

Personuppgifter från 47 000 elever i Göteborg läckte från plattformen Vklass i augusti. Det upptäcktes först i oktober, nästan två månader senare.

Source: GP


Publications

2023


Silent Spring: Prototype Pollution Leads to Remote Code Execution in Node.js
Mikhail Shcherbakov, Musard Balliu and Cristian-Alexandru Staicu
In 32nd USENIX Security Symposium (USENIX Security'23), Anaheim, CA, USA. 2023.

2022


Guide to Data Privacy - Models, Technologies, Solutions
Vicenc Torra
In Undergraduate Topics in Computer Science (UTICS), 2022.

DFTMicroagg: a dual-level anonymization algorithm for smart grid data
Kayode Sakariyah Adewole and Vicenc Torra
In International Journal of Information Security (IJIS), 2022.

Privacy Issues in Smart Grid Data: From Energy Disaggregation to Disclosure Risk
Kayode Sakariyah Adewole and Vicenc Torra
In Database and Expert Systems Applications (DEXA), 2022.

Exploring User-Suitable Metaphors for Differentially Private Data Analyses
Farzaneh Karegar, Ala Sarah Alaqra, Simone Fischer-Hübner
In Eighteenth Symposium on Usable Privacy and Security (SOUPS), 2022.

No Signal Left to Chance: Driving Browser Extension Analysis by Download Patterns
Pablo Picazo-Sanchez, Benjamin Eriksson and Andrei Sabelfeld
In Annual Computer Security Applications Conference (ACSAC), 2022.

SecWasm: Information Flow Control for WebAssembly
Iulia Bastys, Maximilian Algehed, Alexander Sjösten and Andrei Sabelfeld
In Static Analysis Symposium (SAS), 2022.

Are Chrome extensions compliant with the spirit of least privilege?
Pablo Picazo-Sanchez, Lara Ortiz-Martin, Gerardo Schneider, and Andrei Sabelfeld
In International Journal of Information Security (IJIS), 2022.

Practical Data Access Minimization in Trigger-Action Platforms
Yunang Chen, Mohannad Alhanahnah, Rahul Chatterjee, Earlence Fernandes, and Andrei Sabelfeld
In USENIX Security Symposium (USENIX Security), 2022.

Are Chrome extensions compliant with the spirit of least privilege?
Pablo Picazo-Sanchez, Lara Ortiz-Martin, Gerardo Schneider, and Andrei Sabelfeld
In International Journal of Information Security (IJIS), 2022.

CatNap: Leveraging Generic MPC for Actively Secure Privacy-Enhancing Proximity Testing with a Napping Party
Ivan Oleynikov, Elena Pagnin and Andrei Sabelfeld
In International Conference on Security and Cryptography (SECRYPT), 2022.

Outsourcing MPC Precomputation for Location Privacy
Ivan Oleynikov, Elena Pagnin and Andrei Sabelfeld
In Location Privacy Workshop (LPW), 2022.

Hardening the Security Analysis of Browser Extensions
Benjamin Eriksson, Pablo Picazo-Sanchez and Andrei Sabelfeld
In ACM Symposium On Applied Computing (SAC), 2022.



People


Andrei Sabelfeld

Project Leader

Chalmers University of Technology

Musard Balliu

CO-PI

KTH Royal Institute of Technology

Simone Fischer-Hübner

CO-PI

Chalmers University of Technology
Karlstad University

Vicenc Torra

CO-PI

Umeå University

Benjamin Eriksson


Chalmers University of Technology

Victor Morel


Chalmers University of Technology

Mohammad Ahmadpanah


Chalmers University of Technology

Sargam Gupta


Umeå University

Ivan Oleynikov


Chalmers University of Technology

Eric Olsson


Chalmers University of Technology

Piero Romare


Chalmers University of Technology