Modular programming is a key concept in software development where the program consists of code modules that are designed and implemented independently. This approach accelerates the development process and enhances scalability of the final product. Modules, however, are often written by third parties, aggravating security concerns such as stealing confidential information, tampering with sensitive data, and executing malicious code.
The GDPR promotes the principle of Privacy by Design and Default, acknowledging that the individual’s privacy is best protected if privacy law is complemented by privacy enhancing technologies (PETs). While technically advanced PETs have been researched and developed in the last four decades, challenges remain for making PETs and their configurations usable. In particular, PETs are often based on “crypto-magic” operations that are counterintuitive and for which no real-world analogies can be easily found.
Data privacy is an ever important aspect of data analyses. Historically, a plethora of privacy techniques have been introduced to protect data, but few have stood the test of time. From investigating the overlap between big data research, and security and privacy research, I have found that _differential privacy_ presents itself as a promising defender of data privacy.
High-assurance cryptography leverages methods from program verification and cryptography engineering to deliver efficient cryptographic software with machine-checked proofs of memory safety, functional correctness, provable security, and absence of …
There is a long line of research on how to control information flow in pure programming languages. In Haskell, for instance, the MAC library [Russo 2015] provides IFC primitives that allows programmers to write (statically) secure programs. MAC …
This presentation provides an introduction to fuzz testing of automotive systems with a focus on both process and practical topics. We first discuss the typical automotive development process to better understand where the fuzz testing activity fits …
In this talk, I will present some work in progress on using IFC principles for enforcing GDPR-style privacy principles. Privacy legislation such as the GDPR specifies legal requirements for protecting the private data of individuals but remains vague …
Information flow properties are the semantic cornerstone of a wide range of program transformations, program analyses, and security properties. The variety of information that can be transmitted from inputs to outputs in a deterministic system can …
IT security is an ever important topic. From pioneering to modern times, new security problems keep being discovered. Still, many problems stem from similar flaws. As such, solutions to security problems often involve applying old solutions to new …
Histograms and synthetic data are of key importance in data analysis. However, researchers have shown that even aggregated data such as histograms, containing no obvious sensitive attributes, can result in privacy leakage. To enable data analysis, a …