CyberSecIT: Automated and Autonomous Cybersecurity for IoT will develop a practical, secure and privacy-enhancing solution regaining control for end-users and companies over their IoT ecosystems while enjoying all the benefits that come from automated data analysis and autonomous privacy-preserving security monitoring.
Read moreNews in English
2024
Publication of a book on Usable Privacy by Simone Fischer-Hübner and Farzaneh Karegar
Simone Fischer-Hübner and Farzaneh Karegar published their book titled "The Curious Case of Usable Privacy, Challenges, Solutions, and Prospects" at Springer. This book journeys through the labyrinth of usable privacy, a place where the interplay of privacy and Human-Computer Interaction (HCI) reveals a myriad of challenges, solutions, and new possibilities. Establishing a solid understanding of usable privacy research, practices, and challenges, the book illuminates for readers the often shadowy corridors of such a multifaceted domain and offers guidelines and solutions to successfully traverse the challenging maze.
Source: Springer
2023
Lecture on Next-Generation Web Application Scanning
Andrei Sabelfeld gave a CASA Distinguished Lecture on Next-Generation Web Application Scanning.
Source: Ruhr-Universität Bochum's Website
How do we keep safe from cyber attacks?
Interview with Andrei Sabelfeld about threats online and how to to think about cyber security. Link to the YouTube video.
Source: Chalmers' CSE department
2nd Best Presentation at IWPE 2023
Victor Morel won a Linddun Go card deck to assess privacy risks for the 2nd best presentation at IWPE 2023.
Meet the WASP Postdocs - Victor Morel
Victor Morel’s fascination of privacy and data protection began during an Erasmus year at Uppsala University in Sweden. After completing his PhD in France in Protecting Privacy, he had the opportunity to return to Sweden for a Postdoc within the WASP NEST CyberSecIT at Chalmers University of Technology. Victor collaborates with Simone Fischer-Hübner, Professor in Privacy Security at Karlstad University, Visiting Professor at Chalmers, and part of WASP Faculty. YouTube video
Source: WASP Sweden & YouTube
PhD course on Security and Privacy of IoT Apps at the ARCADIAN-IoT Summer School
Andrei Sabelfeld gave a PhD course on Security and Privacy of IoT Apps at the ARCADIAN-IoT Summer School.
Source: ARCADIAN-IoT's website
Today, Debra welcomes Victor Morel, PhD and Simone Fischer-Hübner, PhD to discuss their recent paper, "Automating Privacy Decisions – where to draw the line?" and their proposed classification scheme. We dive into the complexity of automating privacy decisions and emphasize the importance of maintaining both compliance and usability (e.g., via user control and informed consent).
Source: The Shifting Privacy Left Podcast
Seminar: Navigating the Cybersecurity Landscape
Chalmers ICT Area of Advance invites you to a full-day seminar of the subject Cyber Security. Several speakers are part of the CyberSecIT project, including Simone Fischer-Hübner, and Tamara Rezk (WASP guest professor) who will give one of the keynote.
Source: Chalmers' news
Cristiana Santos and Victor Morel: The problem with CMPs and TCF-based cookie paywalls
Cristiana and Victor have co-authored a recent paper titled “Legitimate Interest is the New Consent – Large-Scale Measurement and Legal Compliance of IAB Europe TCF Paywalls”. With them we are directing our attention to consent walls in the context of publishers and the open market, having already dedicated two recent interviews to the “consent or pay” model as it concerns Instagram and Facebook (ie. Meta). We will also try to understand the challenges and potential conflicts of interest faced by CMP (Consent Management Platform) vendors.
Source: Masters of Privacy podcast
Musard Balliu gave a keynote at the CPSIoTSec workshop last November in Copenhagen. CPSIoTSec is a leading workshop on security and privacy of cyber-physical systems and IoT, held in connection to ACM CCS, a flagship conference for computer security and privacy.
Source: ACM
2022
Slack’s and Teams’ Lax App Security Raises Alarms
Collaboration apps like Slack and Microsoft Teams have become the connective tissue of the modern workplace, tying together users with everything from messaging to scheduling to video conference tools. But as Slack and Teams become full-blown, app-enabled operating systems of corporate productivity, one group of researchers has pointed to serious risks in what they expose to third-party programs—at the same time as they're trusted with more organizations' sensitive data than ever before.
Source: Wired
Robust Security and Privacy for the Internet of Things
The goal of the NEST project CyberSecIT is a secure and well-functioning IoT that poses no threat to users’ personal privacy. “We have collected the most prominent experts in this field in Sweden and I’m convinced that we can make a difference,” says Andrei Sabelfeld, who is leading the initiative.
Source: WASP-Sweden
Your Consent is Worth 75 Euros a Year
Podcast with Victor where he explains his research on cookie paywalls and how it is being used on the web. This podcast also covers Transparency and Consent Framework (TCF) and the efforts of Belgium Data Protection Agency and similar agencies to audit websites.
Source: Data Skeptic
News in Swedish
2024
Cybersäkerhetsexperten om Coop-attacken: ”Är väldigt allvarligt”
Att Coop Värmlands medlemmars uppgifter har läckt ut på nätet och finns på Darknet är allvarligt, säger cybersäkerhetsexperten Andrei Sabelfeld som är professor vid Chalmers tekniska högskola i Göteborg.
Source: SVT
Utgå ifrån att allt du gör på din arbetsdator eller telefon kan övervakas av din arbetsgivare. Det säger Andrei Sabelfeld som är professor vid avdelningen för informationssäkerhet på Chalmers tekniska högskola.
Source: Akavia Aspekt
2023
Seminarium: Navigera genom cybersäkerhetens landskap
Chalmers styrkeområde Informations- och kommunikationsteknik bjuder in till ett heldagsseminarium på ämnet cybersäkerhet.
Source: Chalmers's news
2022
IT-experten: Därför är Vklass-läckan i Göteborg allvarlig
Tiotusentals elevers personuppgifter har läckt från Göteborgs stads lärplattform Vklass. Uppgifterna lades ut till försäljning i en annons på internet. Ett allvarligt problem, menar cybersäkerhetsexperten Andrei Sabelfeld som tagit del av annonsen.
Source: SVT
Elevernas uppgifter läckte i augusti – upptäcktes i oktober
Personuppgifter från 47 000 elever i Göteborg läckte från plattformen Vklass i augusti. Det upptäcktes först i oktober, nästan två månader senare.
Source: GP
Digitalisering som möjliggörare för hållbar utveckling
Hur skapar vi en hållbar omställning i samhället? Var med när ledande forskare från KTH diskuterar digitaliseringens möjligheter och risker.
Source: Internetstiftelsen
Publications
2024
Spider-Scents: Grey-box Database-aware Web Scanning for Stored XSS
Eric Olsson, Benjamin Eriksson, Adam Doupé, Andrei Sabelfeld
In
USENIX Security Symposium (USENIX Security), 2024.
Interregional Lens on the Privacy Preferences of Drivers for ITS and Future VANETs
Lejla Islami, Agnieszka Kitkowska, and Simone Fischer-Hübner
In
Conference on Human Factors in Computing Systems (CHI), 2024.
Energy disaggregation risk resilience through microaggregation and discrete Fourier transform
Kayode S. Adewole, Vicenç Torra
In
Information Sciences, 2024.
Unveiling the Invisible: Detection and Evaluation of Prototype Pollution Gadgets with Dynamic Taint Analysis
Mikhail Shcherbakov, Paul Moosbrugger, and Musard Balliu
In
The Web Conference (WWW), 2024.
FakeX: A Framework for Detecting Fake Reviews of Browser Extensions
Eric Olsson, Benjamin Eriksson, Pablo Picazo-Sanchez, Lukas Andersson, Andrei Sabelfeld
In
ACM ASIA Conference on Computer and Communications Security (ASIACCS), 2024.
2023
Silent Spring: Prototype Pollution Leads to Remote Code Execution in Node.js
Mikhail Shcherbakov, Musard Balliu and Cristian-Alexandru Staicu
In
USENIX Security Symposium (USENIX Security), 2023.
LazyTAP: On-Demand Data Minimization for Trigger-Action Applications
Mohammad M. Ahmadpanah, Daniel Hedin and Andrei Sabelfeld
In
IEEE Symposium on Security and Privacy (S&P), 2023.
Structural and functional explanations for informing lay and expert users: The case of functional encryption
Ala Alaqra, Farzaneh Karegar, Simone Fischer-Hübner
In
Privacy Enhancing Technologies Symposium (PETS), 2023.
Automating privacy decisions – where to draw the line?
Victor Morel and Simone Fischer-Hübner
In
International Workshop on Privacy Engineering (IWPE) @ Euro S&P, 2023.
Tapping into Privacy: A Study of User Preferences and Concerns on Trigger-Action Platforms
Piero Romare, Victor Morel, Farzaneh Karegar, Simone Fischer-Hübner
In
Annual International Conference on Privacy, Security & Trust (PST), 2023.
Differentially Private Traffic Flow Prediction using Transformers: A Federated Approach
Sargam Gupta, Vicenç Torra
In
International Workshop on Data Privacy Management (DPM) @ ESORICS, 2023
Black Ostrich: Web Application Scanning with String Solvers
Benjamin Eriksson, Amanda Stjerna, Riccardo De Masellis, Philipp Rümmer, Andrei Sabelfeld
In
ACM Conference on Computer and Communications Security (CCS), 2023.
Legitimate Interest is the New Consent -- Large-Scale Measurement and Legal Compliance of IAB Europe TCF Paywalls
Victor Morel, Cristiana Santos, Viktor Fredholm, Adam Thunberg
In
Workshop on Privacy in the Electronic Society (WPES) @ CCS, 2023.
Putting a Padlock on Lambda -- Integrating vTPMs into AWS Firecracker
Melker Veltman, Alexandra Parkegren, Victor Morel
In
International Symposium on Intelligent and Trustworthy Computing, Communications, and Networking (ITCCN) @ TRUSTCOM, 2023.
Privacy Protection of Synthetic Smart Grid Data Simulated via Generative Adversarial Networks
Kayode S. Adewole, Vicenç Torra
In
International Conference on Security and Cryptography (SECRYPT), 2023.
Differentially Private Traffic Flow Prediction Using Transformers: A Federated Approach
Sargam Gupta, Vicenç Torra
In
Computer Security @ ESORICS, 2023.
User-Driven Privacy Factors in Trigger-Action Apps - A Comparative Analysis with General IoT
Piero Romare
In
Privacy and Identity Management - Sharing in a Digital World @ Privacy and Identity, 2023.
2022
PSO + FL = PAASO: particle swarm optimization + federated learning = privacy-aware agent swarm optimization
Vicenç Torra, Edgar Galván & Guillermo Navarro-Arribas
In
International Journal of Information Security (IJIS), 2022.
Guide to Data Privacy - Models, Technologies, Solutions
Vicenc Torra
In
Undergraduate Topics in Computer Science (UTICS), 2022.
DFTMicroagg: a dual-level anonymization algorithm for smart grid data
Kayode Sakariyah Adewole and Vicenc Torra
In
International Journal of Information Security (IJIS), 2022.
Privacy Issues in Smart Grid Data: From Energy Disaggregation to Disclosure Risk
Kayode Sakariyah Adewole and Vicenc Torra
In
Database and Expert Systems Applications (DEXA), 2022.
Exploring User-Suitable Metaphors for Differentially Private Data Analyses
Farzaneh Karegar, Ala Sarah Alaqra, Simone Fischer-Hübner
In
Symposium on Usable Privacy and Security (SOUPS), 2022.
Your Consent Is Worth 75 Euros A Year – Measurement and
Lawfulness of Cookie Paywalls
Victor Morel, Cristiana Santos, Soheil Human, Yvonne Lintao
In
Workshop on Privacy in the Electronic Society (WPES) @ CCS, 2022.
No Signal Left to Chance: Driving Browser Extension Analysis by Download Patterns
Pablo Picazo-Sanchez, Benjamin Eriksson and Andrei Sabelfeld
In
Annual Computer Security Applications Conference (ACSAC), 2022.
SecWasm: Information Flow Control for WebAssembly
Iulia Bastys, Maximilian Algehed, Alexander Sjösten and Andrei Sabelfeld
In
Static Analysis Symposium (SAS), 2022.
Are Chrome extensions compliant with the spirit of least privilege?
Pablo Picazo-Sanchez, Lara Ortiz-Martin, Gerardo Schneider, and Andrei Sabelfeld
In
International Journal of Information Security (IJIS), 2022.
Practical Data Access Minimization in Trigger-Action Platforms
Yunang Chen, Mohannad Alhanahnah, Rahul Chatterjee, Earlence Fernandes, and Andrei Sabelfeld
In
USENIX Security Symposium (USENIX Security), 2022.
CatNap: Leveraging Generic MPC for Actively Secure Privacy-Enhancing Proximity Testing with a Napping Party
Ivan Oleynikov, Elena Pagnin and Andrei Sabelfeld
In
International Conference on Security and Cryptography (SECRYPT), 2022.
Outsourcing MPC Precomputation for Location Privacy
Ivan Oleynikov, Elena Pagnin and Andrei Sabelfeld
In
Location Privacy Workshop (LPW), 2022.
Hardening the Security Analysis of Browser Extensions
Benjamin Eriksson, Pablo Picazo-Sanchez and Andrei Sabelfeld
In
ACM Symposium On Applied Computing (SAC), 2022.