Organisatieprofiel

Introductie / missie

Research in the Security (SEC) group spans two areas vital to the security of decentralized and embedded systems, and has its center of gravity in the intersection of these areas. The two areas are security policy specification & enforcement and security of embedded systems.

Over de organisatie

Policy Specification and Enforcement. While the Internet allows for a free exchange of data, the security boundaries  needed to guarantee privacy and confidentiality have become the main obstacle to flexible cooperation within and between (virtual) organizations.

The classical preventive access control mechanisms cannot cope with heterogeneous distributed systems and they have to be at least partially replaced by more elaborate trust management  and compliance control systems. This is where SEC expertise lies: in the specification and implementation of policies for distributed systems.

Security of Embedded Systems

Securing networked embedded systems is particularly challenging because of their lack of computational and physical resources. In this area, SEC focuses presently on the security of mobile (e.g. smart-card based) systems; for instance in the PinpasJC project we are studying side channel attacks on smart cards.

One of the challenges that embedded devices face is secure key storage. This issue is addressed by SEC's research on Physical Unclonable Functions, a novel approach based on the extraction of randomness from the physical components of the device itself. Also in this area and closely linked to coding and crypto we have the project PinpasJC (on the analysis of smart card algorithms to identify possible side-channel attacks).

These areas overlap to a great extent and their intersection forms the core of SEC's research: compliance control for distributed and embedded systems. SEC's approach is to start from a concrete security problem and solve it by addressing the fundamental issues behind it. SEC's strength lies precisely in the ability to understand deeply both the user's concern as well as the theory behind it.

Master's projects

There are many options for master thesis projects, both internal projects and projects in industry.

See the website for more information on the group and its projects.

Vingerafdruk Duik in de onderzoeksthema's waar Security actief is. Deze onderwerplabels komen voort uit het werk van deze leden van de organisatie. Samen vormen ze een unieke vingerafdruk.

Access control Engineering en materiaalwetenschappen
Cryptography Engineering en materiaalwetenschappen
Data privacy Engineering en materiaalwetenschappen
Authentication Engineering en materiaalwetenschappen
Health Engineering en materiaalwetenschappen
Entropy Engineering en materiaalwetenschappen
Requirements engineering Engineering en materiaalwetenschappen
Interoperability Engineering en materiaalwetenschappen

Netwerk Recente externe samenwerking op landenniveau. Duik in de details door op de stippen te klikken.

Onderzoeksoutput 2007 2019

1 Citaat (Scopus)

Access control in Internet-of-Things: a survey

Ravidas, S., Lekidis, A., Paci, F. & Zannone, N., 15 okt 2019, In : Journal of Network and Computer Applications. 144, blz. 79-101 23 blz.

Onderzoeksoutput: Bijdrage aan tijdschriftTijdschriftartikelAcademicpeer review

Access control
Internet of things
Ecosystems
Industry

CARONTE: crawling adversarial resources over non-trusted, high-profile environments

Campobasso, M., Burda, P. & Allodi, L., 1 jun 2019, Proceedings - 4th IEEE European Symposium on Security and Privacy Workshops, EUROS and PW 2019. Piscataway: Institute of Electrical and Electronics Engineers, blz. 433-442 10 blz. 8802484

Onderzoeksoutput: Hoofdstuk in Boek/Rapport/CongresprocedureConferentiebijdrageAcademicpeer review

Scalability
Servers
Resources
Data collection
Monitoring

Characterizing the redundancy of DarkWeb .onion services

Burda, P., Boot, C. & Allodi, L., 26 aug 2019, Proceedings of the 14th International Conference on Availability, Reliability and Security, ARES 2019. New York: Association for Computing Machinery, Inc, 10 blz. 19. (ACM International Conference Proceeding Series).

Onderzoeksoutput: Hoofdstuk in Boek/Rapport/CongresprocedureConferentiebijdrageAcademicpeer review

Redundancy
Law enforcement
Mirrors

Pers/media

CCS 2017 Advances the Science of Cybersecurity

Luca Allodi

26/10/1727/10/17

2 items van Media-aandacht

Pers / media: Vakinhoudelijk commentaar

PCD CVE-2017-9628 Unspecified Information Disclosure Vulnerability

Davide Fauri

22/09/17

1 item van Media-aandacht

Pers / media: Vakinhoudelijk commentaar

Scripties/masterproeven

Automated 2G traffic interception and penetration testing

Auteur: Veens, T., 26 nov 2018

Begeleider: Michiels, W. (Afstudeerdocent 1) & Moonen, R. (Externe persoon) (Externe coach)

Scriptie/masterproef: Master

Bestand

Boarding a sinking ship: trust mechanisms in the underground in the face of high market platform volatility

Auteur: Wouters, R., 25 nov 2019

Begeleider: Allodi, L. (Afstudeerdocent 1)

Scriptie/masterproef: Master

Bestand

Characterization of illegal dark web arms markets

Auteur: Ubbink, J., 25 nov 2019

Begeleider: Allodi, L. (Afstudeerdocent 1)

Scriptie/masterproef: Master

Bestand