CyberSecIT will develop a practical, secure and privacy-enhancing solution regaining control for end-users and companies over their IoT ecosystems while enjoying all the benefits that come from automated data analysis and autonomous privacy-preserving security monitoring.
Read more
News in English
Seminar: Navigating the Cybersecurity Landscape
Chalmers ICT Area of Advance invites you to a full-day seminar of the subject Cyber Security. Several speakers are part of the CyberSecIT project, including Simone Fischer-Hübner, and Tamara Rezk (WASP guest professor) who will give one of the keynote.
Source: Chalmers' news
Today, Debra welcomes Victor Morel, PhD and Simone Fischer-Hübner, PhD to discuss their recent paper, "Automating Privacy Decisions – where to draw the line?" and their proposed classification scheme. We dive into the complexity of automating privacy decisions and emphasize the importance of maintaining both compliance and usability (e.g., via user control and informed consent).
Source: The Shifting Privacy Left Podcast
Meet the WASP Postdocs - Victor Morel
Victor Morel’s fascination of privacy and data protection began during an Erasmus year at Uppsala University in Sweden. After completing his PhD in France in Protecting Privacy, he had the opportunity to return to Sweden for a Postdoc within the WASP NEST CyberSecIT at Chalmers University of Technology. Victor collaborates with Simone Fischer-Hübner, Professor in Privacy Security at Karlstad University, Visiting Professor at Chalmers, and part of WASP Faculty. YouTube video
Source: WASP Sweden & YouTube
2nd Best Presentation at IWPE 2023
Victor Morel won a Linddun Go card deck to assess privacy risks for the 2nd best presentation at IWPE 2023.
How do we keep safe from cyber attacks?
Interview with Andrei Sabelfeld about threats online and how to to think about cyber security. Link to the YouTube video.
Source: Chalmers' CSE department
Your Consent is Worth 75 Euros a Year
Podcast with Victor where he explains his research on cookie paywalls and how it is being used on the web. This podcast also covers Transparency and Consent Framework (TCF) and the efforts of Belgium Data Protection Agency and similar agencies to audit websites.
Source: Data Skeptic
Slack’s and Teams’ Lax App Security Raises Alarms
Collaboration apps like Slack and Microsoft Teams have become the connective tissue of the modern workplace, tying together users with everything from messaging to scheduling to video conference tools. But as Slack and Teams become full-blown, app-enabled operating systems of corporate productivity, one group of researchers has pointed to serious risks in what they expose to third-party programs—at the same time as they're trusted with more organizations' sensitive data than ever before.
Source: Wired
Robust Security and Privacy for the Internet of Things
The goal of the NEST project CyberSecIT is a secure and well-functioning IoT that poses no threat to users’ personal privacy. “We have collected the most prominent experts in this field in Sweden and I’m convinced that we can make a difference,” says Andrei Sabelfeld, who is leading the initiative.
Source: WASP-Sweden
News in Swedish
Digitalisering som möjliggörare för hållbar utveckling
Hur skapar vi en hållbar omställning i samhället? Var med när ledande forskare från KTH diskuterar digitaliseringens möjligheter och risker.
Source: Internetstiftelsen
IT-experten: Därför är Vklass-läckan i Göteborg allvarlig
Tiotusentals elevers personuppgifter har läckt från Göteborgs stads lärplattform Vklass. Uppgifterna lades ut till försäljning i en annons på internet. Ett allvarligt problem, menar cybersäkerhetsexperten Andrei Sabelfeld som tagit del av annonsen.
Source: SVT
Elevernas uppgifter läckte i augusti – upptäcktes i oktober
Personuppgifter från 47 000 elever i Göteborg läckte från plattformen Vklass i augusti. Det upptäcktes först i oktober, nästan två månader senare.
Source: GP
Publications
2023
Silent Spring: Prototype Pollution Leads to Remote Code Execution in Node.js
Mikhail Shcherbakov, Musard Balliu and Cristian-Alexandru Staicu
In
32nd USENIX Security Symposium (USENIX Security'23), Anaheim, CA, USA. 2023.
LazyTAP: On-Demand Data Minimization for Trigger-Action Applications
Mohammad M. Ahmadpanah, Daniel Hedin and Andrei Sabelfeld
In
IEEE Symposium on Security and Privacy (S&P'23), May 2023.
Structural and functional explanations for informing lay and expert users: The case of functional encryption
Ala Alaqra, Farzaneh Karegar, Simone Fischer-Hübner
In
PETS 2023 (PoPETS journal issue 4)
Automating privacy decisions – where to draw the line?
Victor Morel and Simone Fischer-Hübner
In
IWPE'23, International Workshop on Privacy Engineering 2023 @ Euro S&P
Tapping into Privacy: A Study of User Preferences and Concerns on Trigger-Action Platforms
Piero Romare, Victor Morel, Farzaneh Karegar, Simone Fischer-Hübner
In
PST'23, Annual International Conference on Privacy, Security & Trust
Differentially Private Traffic Flow Prediction using Transformers: A Federated Approach
Sargam Gupta, Vicenç Torra
In
DPM'2023, 18th DPM International Workshop on Data Privacy Management @ ESORICS
Black Ostrich: Web Application Scanning with String Solvers
Benjamin Eriksson, Amanda Stjerna, Riccardo De Masellis, Philipp Rümmer, Andrei Sabelfeld
In
ACM CCS 2023
2022
PSO + FL = PAASO: particle swarm optimization + federated learning = privacy-aware agent swarm optimization
Vicenç Torra, Edgar Galván & Guillermo Navarro-Arribas
In
International Journal of Information Security (IJIS), 2022.
Guide to Data Privacy - Models, Technologies, Solutions
Vicenc Torra
In
Undergraduate Topics in Computer Science (UTICS), 2022.
DFTMicroagg: a dual-level anonymization algorithm for smart grid data
Kayode Sakariyah Adewole and Vicenc Torra
In
International Journal of Information Security (IJIS), 2022.
Privacy Issues in Smart Grid Data: From Energy Disaggregation to Disclosure Risk
Kayode Sakariyah Adewole and Vicenc Torra
In
Database and Expert Systems Applications (DEXA), 2022.
Exploring User-Suitable Metaphors for Differentially Private Data Analyses
Farzaneh Karegar, Ala Sarah Alaqra, Simone Fischer-Hübner
In
Eighteenth Symposium on Usable Privacy and Security (SOUPS), 2022.
Your Consent Is Worth 75 Euros A Year – Measurement and
Lawfulness of Cookie Paywalls
Victor Morel, Cristiana Santos, Soheil Human, Yvonne Lintao
In
Proceedings of the 21st Workshop on Privacy in the Electronic Society (WPES)
No Signal Left to Chance: Driving Browser Extension Analysis by Download Patterns
Pablo Picazo-Sanchez, Benjamin Eriksson and Andrei Sabelfeld
In
Annual Computer Security Applications Conference (ACSAC), 2022.
SecWasm: Information Flow Control for WebAssembly
Iulia Bastys, Maximilian Algehed, Alexander Sjösten and Andrei Sabelfeld
In
Static Analysis Symposium (SAS), 2022.
Are Chrome extensions compliant with the spirit of least privilege?
Pablo Picazo-Sanchez, Lara Ortiz-Martin, Gerardo Schneider, and Andrei Sabelfeld
In
International Journal of Information Security (IJIS), 2022.
Practical Data Access Minimization in Trigger-Action Platforms
Yunang Chen, Mohannad Alhanahnah, Rahul Chatterjee, Earlence Fernandes, and Andrei Sabelfeld
In
USENIX Security Symposium (USENIX Security), 2022.
CatNap: Leveraging Generic MPC for Actively Secure Privacy-Enhancing Proximity Testing with a Napping Party
Ivan Oleynikov, Elena Pagnin and Andrei Sabelfeld
In
International Conference on Security and Cryptography (SECRYPT), 2022.
Outsourcing MPC Precomputation for Location Privacy
Ivan Oleynikov, Elena Pagnin and Andrei Sabelfeld
In
Location Privacy Workshop (LPW), 2022.
Hardening the Security Analysis of Browser Extensions
Benjamin Eriksson, Pablo Picazo-Sanchez and Andrei Sabelfeld
In
ACM Symposium On Applied Computing (SAC), 2022.
