Spring Days on Cyber-Security

Hampshire Hotel — Mooi Veluwe, Putten,
April 7-11, 2014

The IPA Spring Days are an annual multi-day event, dedicated to a specific theme of current interest to the research community of IPA. This year’s Spring Days are dedicated to Cyber-Security, fitting in the Security focus area of the research school for the period 2013-2018.

The programme of the CPS Spring Days is composed by Lejla Batina (RU), Pieter Hartel (UT) and Boris Skoric (TU/e).


Registration is now closed.


Monday 7 April is reserved for the IPA PhD workshop. The workshop aims to promote the interaction and cohesion with PhD students from other universities on both a social and technical level, provide a hospitable setting in which presentation skills can be demonstrated and improved through constructive feedback by peers, and be fun. Click on the titles of the presentations (if present) for an abstract (if present). For the cyber-security programme (8-11 April), please scroll down.


11:30-12:00 Registration
12:00-13:30 Lunch
13:30-14:00 Ana Farcasi, TU/e,
Modularity concerns at the metamodel level in DSLs: composition of DSLs
14:00-14:30 Bugra Yildiz, UT
Time Performance Improvement with Parallel Processing Systems (TIPS)
The project TIPS aims at developing methods, techniques and tools for mapping software systems onto parallel and/or multicore processor architectures in a convenient way. To this aim, the project develops expertise and skills in the following important topics: How to compute the most critical paths in software?; How to identify the parallelizable parts of the critical paths in software without changing its semantics?; How to compute the performance of the model of the software to be parallelized before the costly programming effort is carried out?; How to design the optimal task schedulers?; How to dynamically tune the parallelized software?; and experimentation. In this talk, the presenter will talk about the main steps of the TIPS project and the progress has been done so far.
14:30-15:00 Quirijn Bouts, TU/e
Distribution-Sensitive Construction of the Greedy Spanner
The greedy spanner is the highest quality geometric spanner (in e.g. edge count and weight, both in theory and practice) known to be computable in polynomial time. Unfortunately, all known algorithms for computing it take Ω(n² ) time, limiting its applicability on large data sets. We observe that for many point sets, the greedy spanner has many ‘short’ edges that can be determined locally and usually quickly, and few or no ‘long’ edges that can usually be determined quickly using local information and the well-separated pair decomposition. We give experimental results showing large to massive performance increases over the state-of-the-art on nearly all tests and real-life data sets. On the theoretical side we prove a near-linear expected time bound on uniform point sets and a near-quadratic worst-case bound. Our bound for point sets drawn uniformly and independently at random in a square follows from a local characterization of t-spanners we give on such point sets: we give a geometric property that holds with high probability on such point sets. This property implies that if an edge set on these points has t-paths between pairs of points ‘close’ to each other, then it has t-paths between all pairs of points. This characterization gives a O(n log² n log² log n) expected time bound on our greedy spanner algorithm, making it the first subquadratic time algorithm for this problem on any interesting class of points. We also use this characterization to give a O((n + |E|) log² n log log n) expected time algorithm on uniformly distributed points that determines if E is a t-spanner, making it the first subquadratic time algorithm for this problem that does not make assumptions on E. Full version: http://arxiv.org/pdf/1401.1085
15:00-15:15 Coffee
15:15-15:45 Max Konzack, TU/e
A framework for progressive, user-steered algorithms in visual analytics
Nowadays visual analytics approaches enable users to explore structures, patterns and other interesting parts of data. Interactive visualization helps to detect new patterns by presenting meaningful and interesting information from the data, such that the user can easily analyze the underlying problem space. This gives insight into the concrete structure of the problem and the data itself. However, these approaches are currently lacking guarantees on the qualities of the results. One aim of our research is to develop algorithms, such that results with a guaranteed quality are reported in fast responsive rounds. To enable exploration of the data and steer the computation, the user is able to interact with those intermediate results from the algorithm. These type of algorithms are progressive algorithms. The other aim is to design novel mechanisms for this purpose in the visual analytics. We focus on new metaphors for the presentation and the user interaction with progressive algorithms. This framework will be applied on spatio-temporal data and movement data. In this project, we cooperate with domain experts, analyzing those movement data, in fields ranging from urban design to behavioral ecology.
15:45-16:15 Alejandro Serrano Mena, UU
Enhancing Type Error Diagnosis in Haskell
Domain Specific Languages (DSLs) are growing in popularity. In many cases, DSLs are embedded into a general purpose language, taking advantage of its host features and checks. However, a disadvantage is that errors are reported in host language terms. This is an increasing barrier, as host languages get more advanced.
In the DOMSTED project we focus on modern Haskell. We propose better ways to communicate back problems in code using DSLs, including new types of constraints and specialized type rules. In the meantime, we shall discuss some of the internals of a full-blown Haskell compiler.
16:15-16:30 Coffee
16:30-17:00 Luís Eduardo de Souza Amorim, TUD
The Future of Syntax Definition
A language is defined by means of its syntactic and semantics. The syntax of a language is the structure of its phrases.The Syntax Definition formalism SDF can be used to define the syntax of languages, using the full class of context-free grammars. SDF supports grammar engineering with features such as modules, character classes, regular expressions, and priorities. The recent version, SDF3, introduced template production to support the automatic generation of pretty-printers and syntactic completion editor services. In this presentation, I will give an overview of SDF3 and its implementation, and my ideas for further improvements.
17:00-17:30 Lesley Wevers, UT
Persistent Functional Languages: Toward Functional Relational Databases
Functional languages provide new approaches to concurrency control in database systems, based on techniques such as lazy evaluation and memoization. We have designed and implemented a persistent functional language based on these ideas, which we plan to use for the implementation of a relational database system. With such a database system, we aim to show that lazy evaluation can be used to perform schema transformations without needing to bring the database offline.
17:30-18:30 Drinks
18:30- Dinner

The programme for 8-11 April is available below. Click on a title of the presentation to reveal the abstract of the presentation. Some of the presentations have been made available to us. Check here to see these.


09:00-10:00 Frank Fransen, TNO,
National Cyber Security Research Agenda II – an overview and some examples of research
In this presentation Frank will present the National Cyber Security Research Agenda II (NCSRA II). He will briefly discuss the objectives, application domains and relation to the National Cyber Security Strategy (NCSS) and recent Cyber Security calls. After which he will present the nine research themes with examples of research challenges, and where applicable he will briefly present some of his own research.
10:00-10:30 Coffee
10:30-11:15 Joeri de Ruiter, RU
Robbing the bank using formal methods
EMV is a standard for electronic payments using smart cards. It is widely used and in The Netherlands introduced as ‘het nieuwe pinnen’. The specification is over 700 pages and includes a lot of options. Attacks have been published on We used formal methods to analyse the security of the standard. To analyse actual implementations, active learning techniques are used to discover the internal state machines of bank cards. These techniques can also be applied on a handheld reader that is used for internet banking. Previously, a vulnerability in this reader was discovered. In the models that are learned we can see this problem and see that it is fixed in a new version of the device.
11:15-12:00 Herbert Bos, VUA
When the levee breaks: overflowing buffers for fun and profit
Buffer overflows are among the most dangerous software vulnerabilities today, and have been popular with attackers for over a quarter of a century already. So: What are they? How can attackers abuse them to gain control over my machine? What are our defenses? And why are they still with us in 2020? All this and more in just 45 minutes
12:15-13:30 Lunch
14:00-15:00 Frank Piessens, KU Leuven
Enforcing software security properties without trusting system software
The construction of reliable and secure software systems is known to be challenging. An important source of problems is the size and complexity of infrastructural software one needs to trust to securely run a software application. The security of a thousand line smart-phone app depends crucially on the security of several millions of lines of operating system code and libraries.Over the past 5-10 years, researchers have been developing a novel kind of security architecture that addresses this concern. These so-called protected module architectures can run security-critical software modules in an isolated area of the system where even the operating system can not mess with the state of the module. With Intel’s announcement of their support for Software Guard eXtensions (Intel SGX), these security architectures are about to become mainstream.In this talk, we discuss an example design of a protected module architecture for networked embedded systems, and we show how it can provide remote attestation, secure communication and enforcement of source code abstraction boundaries while only trusting the hardware.
15:00-15:30 Coffee
15:30-16:15 Wolter Pieters, TUD
TREsPASS: the socio-technical attack navigator
Information security threats to organisations have changed completely over the last decade, due to the complexity and dynamic nature of infrastructures and attacks. Successful attacks cost society billions a year, impacting vital services and the economy. Examples include StuxNet, using infected USB sticks to sabotage nuclear plants, and the DigiNotar attack, using fake digital certificates to spy on website traffic. New attacks cleverly exploit multiple organisational vulnerabilities, involving physical security and human behaviour. Defenders need to make rapid decisions regarding which attacks to block, as both infrastructure and attacker knowledge change rapidly. Current risk management methods provide descriptive tools like attack trees for assessing threats by systematic brainstorming. Attack opportunities will be identified and prevented only if people can conceive them. In today’s dynamic attack landscape, this process is too slow and exceeds the limits of human imaginative capability. Emerging security risks demand tool support to predict, prioritise, and prevent complex attacks systematically. The 13.5 MEUR TREsPASS project will make this possible, by building an “attack navigator”. This navigator analyses which attack opportunities are possible, which of them are the most urgent, and which countermeasures are most effective. In this presentation, I will discuss information security risk management, important challenges, and new solutions based on the attack navigator concept.
16:15-17:00 Martijn Warnier, TUD
Privacy preserving systems – the good, the bad and the ugly
This talk discusses privacy preserving systems: systems that are designed with the specific purpose of protecting the privacy of its users. We will address some of the technical issues associated with privacy preserving systems. However, the main focus of the talk will be on sketching a broader vision on other (non-technical) issues, such as legal and policy ones and their implication on the (technical) design of effective privacy preserving systems.
18:00-20:00 Dinner


09:00-10:00 Paul Ducheine, UvA,
Targeting through Military Cyber Operations: why? what? how to?
This presentation will focus on the essence of military cyber operations: to achieve (designated) effects in order to influence other actors, in or through cyberspace. A basic model will be used to describe an ‘effect based approach’ to operations. Secondly, the ‘targeting’ process for cyber operations and (some of) its legal ramifications will be introduced.
10:00-10:30 Coffee
10:30-11:15 Hugo Jonker, UNI.LU
Preserving privacy in a connected world
Much research into privacy focuses on keeping the user anonymous, in effect hiding the user. However, data mining approaches can reveal intimate personal data without even trying to identify users, such as a supermarket that successfully identified pregnancies by shopping habits. Such scenarios, where a user’s interaction with the system reveals personal information, are not addressed by conventional anonymity approaches.Not all such interactions are equal: in some cases, the interactions are actively desired, in others, such interactions are more accidental but revealing. For instance, users voluntarily share private details via Facebook/Whatsapp/Snapchat, but have not chosen to share their browsing habits with (e.g.) Google AdSense. In this talk, we outline threats and solution directions.
11:15-12:00 Jan Joris Vereijken, ING
Inside the mind of the fraudster
When we talk about banking malware, we typically think of bits and bytes: Zeus variants, field injections, Man-in-the-Browser attacks, or forensic analysis of infected PCs. What is actually much more interesting, is to understand what is driving the fraudster. He’s doesn’t care about bits and bytes, he’s just in it for the money. If we get into the mind of the fraudster, we can suddenly understand many issues much better. We’ll see that authentication is irrelevant, fraudsters don’t want to steal millions, that they hate the mobile app, and many more surprising things your never realized were keeping our poor fraudster awake at night.
12:15-13:30 Lunch
14:00-15:00 Johan Pouwelse, TUD
Tribler: privacy-enhancing technology
Mass surveillance and user tracking is increasing in sophistication. The importance of privacy enhancing technology is growing. This requires that anonymizing networks must be able to scale. We present Tribler, a scalable self-organising system designed to offer privacy, even for bandwidth intensive tasks such as HD video streaming. Tribler has been deployed for 8 years and enhanced with novel research ideas such as sub-second content search, a reputation system for rewarding upload, channels for content publishing and spam prevention. Tribler has been installed 1.4 million times, giving us a large testing population.
15:00-15:30 Coffee
15:30-16:15 Hadi Asghari, TUD,
Security Economics and the Underground Market: Extracting Intelligence about Target Selection from Banking Trojans
16:15-17:00 Andreas Peter, UT,
Genome Privacy: Big Data with Big Chance or Big Risk?
Recent developments in genomics and the constant drop in prices for genomic sequencing (< 100 USD for partial genotyping) enable new business and research models that have many individuals’ genomes as an essential driving force. It is predictable that the positive impact on our society and on medical research through personalized medicine or large-scale genomic analysis will be huge. However, the increased availability of genomic data will also have a very negative impact on our privacy. Genetic discrimination or the incrimination by synthetic genomic material planted at a crime scene represent just two serious examples showing the risks of modern genomics.The relatively young field of “Genome Privacy” addresses privacy issues related to genomic data. In my presentation, I will first talk about some of the privacy challenges in this scientific area and will then focus on cryptographic mechanisms to efficiently process genomic data in a privacy-preserving manner.
18:00-20:00 Dinner
20:30- Social Event


09:45-10:15 Coffee
10:15-11:00 Harm van Beek, NFI,
Hansken: Designing a Forensic Big Data Solution
Since 2010, the Netherlands Forensics Institute offers “digital forensics as a service” to law enforcement agencies. Now, three years later, this approach has become a standard for hundreds of criminal cases and over a thousand investigators. After processing more than a petabyte of data, we experience the impact of this service, called Xiraf, but also its limitations. In the beginning of 2012, we started working on the successor of Xiraf, named Hansken. In this talk I introduce the “digital forensics as service” model and explain the impact of the forensic drivers and the major principles security, privacy and transparency on the design of Hansken.
11:00-11:45 Emmanuele Zambon, UT
Protocol-aware Detection of Intrusions in Industrial Control System Networks
Industrial Control Systems (ICSes) are employed to control manufacturing processes, power plants, water and gas distributions systems and they are a key component of most nations critical infrastructures. The ability to detect targeted attacks against ICS networks, carried out by resourceful and motivated individuals, is therefore of paramount importance. In this talk we present results of the research conducted in this direction as part of the CRISALIS FP7 project. We first present a study on the evolution over time of remote code injection attacks across the Internet, and on the effectiveness of state-of-the-art detection and analysis techniques at coping with these threats. We then present a thorough analysis of state-of-the-art anomaly detection algorithms, based on n-gram analysis, and evaluate their detection performance when applied to ICS network traffic. Finally, we present a Protocol Learning and Whitelisting approach for detecting intrusions in ICS networks, which is meant to complement the strengths of anomaly and specification-based techniques. Our approach leverages protocol parsing to enforce that analyzed messages comply with protocol specifications, and can operate in learning mode to build a model that whitelists the value of individual message fields based on the deployment-specific characteristics of the network traffic. The model is then used in detection mode to check that the monitored traffic does not deviate from the learnt behavior.
12:15-13:30 Lunch
14:00-15:00 Sandro Etalle, TU/e
The New CyberWeapons
Stuxnet, Flame, DuQu and Gauss are the tip of a large iceberg indicating that cyber has become a mainstream technology for espionage, if not for warfare already. In this lecture we are going to make a short inventory of the features of these “cyberweapons”, and we will discuss a couple important technological and economical issues that create a favorable environment for the development of offensive technology. If time allows, we are going to discuss advanced detection solutions.
15:00-15:30 Coffee
15:30-16:15 Elisa Costante, TU/e,
Hunting the Unknown- White-Box Database Leakage Detection
Data leakage causes significant losses and privacy breaches worldwide. In this paper we present a white-box data leakage detection system to spot anomalies in database transactions. We argue that our approach represents a major leap forward w.r.t. previous work because: i) it signi cantly decreases the false positive rate (FPR) while keeping the detection rate (DR) high; on our experimental dataset, consisting of millions of real enterprise transactions, we measure a FPR that is orders of magnitude lower than in state-of-the-art comparable approaches; and ii) the white-box approach allows the creation of self-explanatory and easy to update pro les able to explain why a given query is anomalous, which further boosts the practical applicability of the system.
16:15-17:00 Stjepan Picek, RU,
Evolutionary Computation in Cryptology
Cryptology includes a plethora of difficult and non-deterministic problems where evolutionary computation (EC) can be employed. In fact, EC methods have been successfully used in cryptology for more than 20 years. However, more recently, the attempts remain isolated until now. In this talk we will focus on several applications of EC in cryptography. In the first one, we will talk about evolving nonlinear elements. More specifically, we will go through the possibilities for the evolution of Boolean functions and S-boxes. In second application, we talk about a possible application of the genetic algorithms to the fault analysis.Finally, we will discuss several possible research directions.
18:00-20:00 Dinner


09:00-10:00 Pim Vullers, RU,
Towards Practical Attribute-based Identity Management: the IRMA Trajectory
In this talk the concept of attribute-based identity management will be introduced. In particular we will explain the IRMA technology and the goals of the project.
10:00-10:30 Coffee
10:30-11:15 Pim Vullers, RU,
Behind the scenes of IRMA - Attribute-based Credentials on Smart Cards
IRMA (I Reveal My Attributes, https://www.irmacard.org) is a research and development project focusing on attribute-based credentials and their use in practice. This project includes a pilot in which the users obtain a smart card which they can use to prove attributes about themselves.In this talk I’ll give a brief overview of what IRMA is, but the main focus will be on the technological and cryptographic components that are used to build this system.
11:15-12:00 Freek Verbeek, OU,
EUROMILS: Certification of an industrial Separation Kernel
Modern automative and aircraft industry faces the problem of designing and verifying reliable, secure and trustworthy on-board computers. As these systems must be able to control safety-critical systems such as the breaks of a car and the airbags, their certification occurs according to the highest levels set by the European governments. EUROMILS is a project funded by a European consortium with as aim a highly certified on-board chip architecture for future cars and planes. We present our part of this effort, namely the formal verification of such a chip architecture. This concerns security related properties such as non-interference between domains that may not interfere each other. For the verification we use the Isabelle theorem prover.
12:15-13:30 Lunch