Tuesday 23.08.2022 Detailed

Edgar Weippl (SBA Research and University of Vienna, Austria), Mathias Fischer (Universität Hamburg, Germany)

Short Pitch of each EU Symposium Workshop

The strange world of the password

Steve Furnell (University of Nottingham, United Kingdom)

Abstract: Despite years of evidence of poor practice, people continue to choose weak passwords and continue to be allowed to do so. Normally, if something is broken then the answer is to fix or replace it. However, with passwords the problem seems able to persist unchecked and we continue to use them extensively despite the flaws. Adding further evidence of the issue, this presentation reports on the fifth run of a study into the provision of password guidance and the enforcement of password rules by a series of leading websites. The investigation has been conducted every 3-4 years since 2007 and the latest findings continue to reveal areas of notable weakness. This includes many sites still offering little or no meaningful guidance, and still permitting users to choose passwords that ought to be blocked at source. It seems that while we remain ready to criticise users for making poor choices, we repeatedly fail to take steps that would help them to do better.

VMIFresh: Efficient and Fresh Caches for Virtual Machine  Introspection

Thomas Dangl (University of Passau, Germany), Stewart Sentanoe (University of Passau, Germany) and Hans P. Reiser (Reykjavík University, Iceland)

Privacy-Preserving Polyglot Sharing and Analysis of Confidential Cyber Threat Intelligence

Davy Preuveneers and Wouter Joosen (imec-DistriNet, KU Leuven, Belgium)

Distance-based Techniques for Personal Microbiome Identification

Markus Hittmeir, Rudolf Mayer and Andreas Ekelhart (SBA Research, Austria)

SOAR4IoT: Securing IoT Assets with Digital Twins

Philip Empl, Daniel Schlette, Daniel Zupfer and Günther Pernul (University of Regensburg, Germany)

Attacking Power Grid Substations: An Experiment Demonstrating How to Attack the SCADA Protocol IEC 60870-5-104

László Erdődi, Pallavi Kaliyar, Siv Hilde Houmb, Aida Akbarzadeh and Andre Jung Waltoft-Olsen (Department of Information Security and Communication Technology, Norwegian University of Science and Technology, Norway)

Substation-Aware. An intrusion detection system for the IEC 61850 protocol

Jose Antonio Lopez, Iñaki Angulo and Saturnino Martinez (TECNALIA, Basque Research and Technology Alliance (BRTA), Spain)

Cyber-security measures for protecting EPES systems in the 5G area

Alexios Lekidis (Public Power Corporation, Greece)

Handling Critical Infrastructures in Federation of Cyber Ranges: A Classification Model

Evangelos Chaskos, Jason Diakoumakos, Nicholas Kolokotronis and George Lepouras (University of the Peloponnese Department of Informatics and Telecommunications, Greece)

Fault-Tolerant SDN Solution for Cybersecurity Applications

Athanasios Liatifis (University of Western Macedonia, Macedonia), Christos Dalamagkas (Testing Research & Standards Center of Public Power Corporation SA, Greece), Panagiotis Radoglou-Grammatikis (University of Western Macedonia, Macedonia), Thomas Lagkas (International Hellenic University, Greece), Evangelos Markakis (Hellenic Mediterranean University, Greece), Valeri Mladenov (Technical University of Sofia, Bulgaria), Panagiotis Sarigiannidis (University of Western Macedonia, Macedonia)

Securing Communication and Identifying Threats in RTUs: A Vulnerability Analysis

Engla Rencelj Ling (Division of Network and Systems Engineering, KTH Royal Institute of Technology, Sweden), Jose Eduardo Urrea Cabus (Division of Network and Systems Engineering, KTH Royal Institute of Technology, Sweden), Ismail Butun (Division of Network and Systems Engineering, KTH Royal Institute of Technology, Sweden), Robert Lagerström (Division of Network and Systems Engineering, KTH Royal Institute of Technology, Sweden), Johannes Olegard (Department of Computer and Systems Sciences, Stockholm University, Sweden)

Explainability-based Debugging of Machine Learning for Vulnerability Discovery

Angelo Sotgiu, Maura Pintor and Battista Biggio (Pluribus One, University of Cagliari, Italy)

Lightweight Parsing and Slicing for Bug Identification in C

Luca Mecenero (University of Trento, Italy), Ranindya Paramitha (University of Trento, Italy), Ivan Pashchenko (TomTom, The Netherlands), Fabio Massacci (University of Trento, Italy, Vrije Universiteit Amsterdam, The Netherlands)

On the feasibility of detecting injections in malicious npm packages

Simone Scalco (University of Trento, Italy), Ranindya Paramitha (University of Trento, Italy), Duc-Ly Vu (FPT University, Vietnam) and Fabio Massacci (University of Trento, Italy, Vrije Universiteit Amsterdam, The Netherlands)

Towards a Security Benchmark for the Architectural Design of Microservice Applications

Anusha Bambhore Tukaram (Hamburg University of Technology, Germany), Simon Schneider (Hamburg University of Technology, Germany), Nicolás E. Díaz Ferreyra (Hamburg University of Technology, Germany), Georg Simhandl (University of Vienna, Austria), Uwe Zdun (University of Vienna, Austria), Riccardo Scandariato (Hamburg University of Technology, Germany)

Learning State Machines to Monitor and Detect Anomalies on a Kubernetes Cluster

Clinton Cao (Delft University of Technology, The Netherlands), Agathe Blaise (Thales SIX GTS France, France), Sicco Verwer (Delft University of Technology, The Netherlands) and Filippo Rebecchi (Thales SIX GTS France, France)

Security Maturity Self-Assessment Framework for Software Development Lifecycle

Raluca Brasoveanu (TomTom, The Netherlands), Yusuf Karabulut (TomTom, Germany) and Ivan Pashchenko (TomTom, The Netherlands)

Attack graphs as digital twins for managing breach prevention, detection, and reaction

Giuseppe Nebbione and Mathias Ekstedt (KTH Royal Institute of Technology, Sweden)

Methodological improvement of the Cyber Security of Energy Data Services: the CyberSEAS way

Luigi Cappolino (University of Naples “Parthenope”, Italy)

A joint approach to cybersecurity for Energy operators: the CyberEPES cluster

Paolo Roccetti (Engineering R&D Labs, Italy)

Security-by-Design in Intelligent Infrastructures: the HAII-T orchestrator

Gabriele Costa, IMT School for Advanced Studies Lucca

Abstract: In the last years Security-by-Design has emerged as the main methodology for securing the life cycle of software and systems. Its effectiveness is the result of a strong integration with all the development phases, from the earliest conceptualization and design to the final disposal. Large scale, critical infrastructures can benefit the most from this approach. Nevertheless, they also carry an extreme degree of complexity that must be dealt with. In this talk we will consider the SPARTA perspective on the definition and implementation of a secure orchestrator for making intelligent infrastructures Secure-by-Design.

Implementation of Revocable Keyed-Verification Anonymous Credentials on Java Card

Raúl Casanova-Marqués (Brno University of Technology, Universitat Jaume I, Czech Republic), Petr Dzurenda (Brno University of Technology, Czech Republic), Jan Hajny (Brno University of Technology, Czech Republic)

Real-world Deployment of Privacy-Enhancing Authentication System using Attribute-based Credentials

Petr Dzurenda (Brno University of Technology, Czech Republic), Raúl Casanova-Marqués (Brno University of Technology, Universitat Jaume I, Czech Republic), Lukas Malina (Brno University of Technology, Czech Republic)

Cybersecurity Skills Gap: ENISA Analysis and Actions

Fabio Di Franco, ENISA

Abstract: Fabio will provide a holistic view on the nature and characteristics of the skills gap in Europe and the results of the joint effort done with other EU players (eg. the pilots of the EU Competence Network). He will report on the European Cybersecurity Skills Framework (ECSF) which aims to close the cybersecurity skills’ gap on the European labour market, building comprehensive bridges between European workplace context and learning environment through an EU skills framework.  He will also provide insights on the cybersecurity higher education database (CyberHEAD), an initiative to allow young talents to make informed decisions on the variety of possibilities offered by higher education in cybersecurity through an easy-to-use web portal.

Properties for Cybersecurity Awareness Posters’ Design and Quality Assessment

Sunil Chaudhary (Norwegian University of Science and Technology, Norway), Marko Kompara (University of Maribor, Slovenia), Sebastian Pape (Goethe University, Germany), Vasileios Gkioulos (Norwegian University of Science and Technology, Norway)

Security of Smart Grid Networks in the Cyber Ranges

Tomas Lieskovan, Jan Hajny (Brno University of Technology, Czech Republic)

Requirements for an Information Privacy Pedagogy based on the Constructivism Learning Theory

Thanos Papaioannou (Ionian University, Greece), Aggeliki Tsohou (Ionian University, Greece), Maria Karyda (University of the Aegean, Greece), Stylianos Karagiannis (PDM & FC, Portugal)

CyBOK - The Cyber Security Body Of Knowledge

Dr. Yulia Cherdantseva, Senior Lecturer at the School of Computer Science & Informatics at Cardiff University

Abstract: Cyber Security Body of Knowledge (CyBOK) is a major project sponsored by the UK National Cyber Security Centre with the aim of developing a substantial resource offering a guide to the Cyber Security as a discipline and as a field of professional practice.  CyBOK codifies the foundational knowledge in cyber security for education and professional training.  It is an open and freely accessible resource (www.cybok.org) developed by the Community for the Community with contributions from over 115 experts across the world since 2017. CyBOK v1.1 is constituted by 21 knowledge areas. There are also free supplementary resources for students, educators and trainers, e.g. podcasts, resources for developing programmes based on CyBOK, lab materials, case studies for use in classroom, etc. This presentation will describe the process of developing CyBOK and maintaining it up to date, discuss the role of the international community in this process, outline the use cases of CyBOK and the future directions of the CyBOK project evolution.

Hide and Seek: Privacy-Preserving and FAA-compliant Drones Location Tracing

Alessandro Brighente (University of Padova, Italy), Mauro Conti (University of Padova, Italy, Delft University of Technology, The Netherlands), Savio Sciancalepore (Eindhoven University of Technology (TU/e)The Netherlands)

Revisiting Online Privacy and Security Mechanisms Applied in the In-App Payment Realm from the Consumers’ Perspective

Salatiel Ezennaya-Gomez, Edgar Blumenthal, Marten Eckardt, Justus Krebs, Christopher Kuo, Julius Porbeck, Emirkan Toplu, Stefan Kiltz and Jana Dittmann (Otto-von-Guericke University Magdeburg, Germany)

Towards Efficient FHE Based cPIR Schemes and Their Parameter Selection

Cavidan Yakupoglu and Kurt Rohloff (NJIT, United States)

Introduction to the International Workshop on Privacy and Security of Multi-Modal Transport Systems

Roland Rieke (Fraunhofer SIT | ATHENE, Germany)

Challenges and solutions for security and seamless authentication services in airport-train multimodal travels 

Stefano Sebastio (Collins ART, Ireland)

SECurity Test and Evaluation platform for Autonomous driving

Daniel Zelle (Fraunhofer SIT | ATHENE, Germany)

Security Operations Center for Multi-Modal Transport Systems

Ali Recai Yekta (Yekta IT GmbH, Germany)

Collaborative Security Pattern for Automotive Electrical/Electronic (E/E) Architectures

Florian Fenzl (Fraunhofer SIT | ATHENE, Germany)

Demonstration of alignment of the Pan-European Cybersecurity Incidents Information Sharing Platform to Cybersecurity policy, regulatory and legislative advancements

Dimitrios Skias (Netcompany-Intrasoft, Luxembourg), Sofia Tsekeridou (Netcompany-Intrasoft, Greece), Theodore Zahariadis (SYNELIXIS SOLUTIONS S.A, Greece.), Artemis Voulkidis (SYNELIXIS SOLUTIONS S.A., Greece) and Terpsichori-Helen Velivassaki (SYNELIXIS SOLUTIONS S.A., Greece)

A Collaborative Intelligent Intrusion Response Framework for Smart Electrical Power and Energy Systems

Konstantinos P. Grammatikakis, Ioannis Koufos and Nicholas Kolokotronis (University of the Peloponnese, Department of Informatics and Telecommunications, Greece)

Evaluating The Cyber-Security Culture of the EPES Sector

Anna Georgiadou, Ariadni Michalitsi-Psarrou and Dimitris Askounis (National Technical University of Athens, Greece)

Classifying the factors affecting the adoption of the SDN-microSENSE innovations

Theodoros Rokkas and Ioannis Neokosmidis (inCITES Consulting, Luxembourg)

The AssureMOSS security certification scheme

Ákos Milánkovich, Gergely Eberhardt and Dávid Lukács (Search-Lab Ltd., Hungary)

Panel discussion

Panel on delta certification - challenges and possible solutions

Panelists: Eric Vetillard (ENISA), Kai Rannenberg (GUF, Cybersec4Europe), Isaac Dangana (CyberSEAS, Engineering), Luna Garcia Jesus (BOSCH, MEDINA)

Toward Automated Playbook Generation through Natural Language Processing

Zsolt - Levente Kucsván (University of Twente, The Netherlands)            

Algorithms for detecting automatically generated domain names

Irina Chiscop (TNO, the Netherlands) and Francesca Soro (AIT, Austria) 

Analysis of anomalies detected on endpoints

Dmitriy Komashinskiy (F-secure, Finland)

Artificial Intelligence-Assisted Side Channel Attacks

Xiaolu Hou, Faculty of Informatics and Information Technologies, Slovak University of Technology

Abstract: Deep neural networks (DNN) have gained popularity in the last decade due to advances in available computational resources. In particular, side-channel attacks (SCA) have received the most attention as being a classification problem, DNN comes as a natural candidate. In this talk, we will first provide the basics of SCA and explain how it can recover the secret key of a cryptographic implementation. Then, we will present the recent literature on applications of DNN to SCA. As a demonstration, we will detail a work that aims to propose a general framework that helps users with the overall trace analysis aided by DNN, minimizing the necessity for architecture adjustments by the user.

CloudFL: A Zero-Touch Federated Learning Framework for Privacy-aware Sensor Cloud

Viraaji Mothukuri (Kennesaw State University, United States), Reza M. Parizi (Kennesaw State University, United States), Seyedamin Pouriyeh (Kennesaw State University, United States), Afra Mashhadi (University of Washington, United States)

Enhanced anomaly detection for cyber-attack detection in smart water distribution systems

Branka Stojanovic, Helmut Neuschmied, Martin Winter and Ulrike Kleb (JOANNEUM RESEARCH Forschungsgesellschaft mbH, Austria)

Adding European Cybersecurity Skills Framework into Curricula Designer

Jan Hajny (Brno University of Technology, Czech Republic), Marek Sikora (Brno University of Technology, Czech Republic), Athanasios Grammatopoulos (University of Piraeus, Greece), Fabio Di Franco (ENISA, Greece)

The Platform for Czech National Qualifications Framework in Cybersecurity

Jakub Vostoupal (Masaryk University, Faculty of Informatics, Masaryk University, Faculty of Law, Czech Republic), František Kasl (Masaryk University, Faculty of Informatics, Masaryk University, Faculty of Law, Czech Republic), Pavel Loutocký (Masaryk University, Faculty of Informatics, Masaryk University, Faculty of Law, Czech Republic), Tomáš Pitner (Masaryk University, Faculty of Informatics, Czech Republic), Patrik Valo (Masaryk University, Faculty of Informatics, Czech Republic), Adam Valalský (Masaryk University, Faculty of Informatics, Czech Republic), Damián Paranič (Masaryk University, Faculty of Informatics, Czech Republic)

Job Adverts Analyzer for Cybersecurity Skills Needs Evaluation

Sara Ricci (Brno University of Technology, Czech Republic), Marek Sikora (Brno University of Technology, Czech Republic), Simon Parker (Deutsches Krebsforschungszentrum, Germany), Imre Lendak (University of Novi Sad, Serbia), Yianna Danidou (European University Cyprus, Cyprus), Argyro Chatzopoulou (APIROPLUS Solutions Ltd., Cyprus), Remi Badonnel (University of Lorraine, France), Donatas Alksnys (Mykolas Romeris University, Lithuania)

Panel Discussion 

CCN: CONCORDIA (Felicia Cutas), ECHO (Pavel Varbanov), SPARTA (Jan Hajny)

YOU SHALL NOT COMPUTE on my Data: Access Policies for Privacy-Preserving Data Marketplaces and an Implementation for a Distributed Market using MPC

Stefan More and Lukas Alber (Graz University of Technology, Austria)

Identity and Access Management Framework for Multi-tenant Resources in Hybrid Cloud Computing

Saurabh Deochake and Vrushali Channapattan (Twitter, United States)

All that is Solid Melts into Air: Towards Decentralized Cryptographic Access Control

Harry Halpin (K.U. Leuven, Belgium)

Identity management for a seamless authentication in the transportation sector

Piotr Sobonski (Collins ART, Ireland)

Attribute-based authorization for a transaction between a transport company and a passenger

Jean-Paul Bultel (CEA, France)

An authentication and data sharing framework in the mobility service domain

Henry Gadacz (Fraunhofer SIT | ATHENE, Germany)

Utilizing the Trusted Platform Module in automotive networks to secure car sharing applications

Lukas Jäger, Christian Plappert (Fraunhofer SIT | ATHENE, Germany)

Panel disccusion with representatives from EPES projects

Distributed Key Management in Microgrids

Christos Xenakis, University of Piraeus

Abstract: Security for smart industrial systems is prominent due to the proliferation of cyber threats threatening national critical infrastructures. Smart grid comes with intelligent applications that can utilize the bidirectional communication network among its entities. Microgrids are small-scale smart grids that enable Machine-to-Machine (M2M) communications as they can operate with some degree of independence from the main grid. In addition to protecting critical microgrid applications, an underlying key management scheme is needed to enable secure M2M message transmission and authentication. Existing key management schemes are not adequate due to microgrid special features and requirements. We propose the Micro sElf-orgaNiSed mAnagement (MENSA), which is the first hybrid key management and authentication scheme that combines Public Key Infrastructure (PKI) and Web-of-Trust concepts in micro-grids. Our experimental results demonstrate the efficiency of MENSA in terms of scalability and swiftness.

The cybersecurity-related ethical issues of cloud technology and how to avoid them

Aleksandra Pawlicka (ITTI Sp. z o.o. and University of Warsaw, Poland), Marek Pawlicki (ITTI Sp. z o.o. and Bydgoszcz University of Science and Technology, Poland), Rafał Renk (ITTI Sp. z o.o. and Adam Mickiewicz University, Poland), Rafał Kozik (ITTI Sp. z o.o. and Bydgoszcz University of Science and Technology, Poland) and Michal Choras (ITTI Sp. z o.o. and Bydgoszcz University of Science and Technology, Poland)

The PRAETORIAN Project in a Nutshell

Eva María Muñoz Navarro (ETRA I+D) and Frederic Guyomard (Électricité de France)

The PRECINCT Project in a Nutshell

Jenny Rainbird (Inlecom Pathways)

CI Interdependencies and Cascading Effects

Stefan Schauer and Sandra König (AIT Austrian Institute of Technology)

Resilience Management Framework for Interdependent CIs

Lorcan Connolly (Research Driven Solutions)

Parametrization of Probabilistic Risk Models

Sandra König and Abdelkader Magdy Shaaban (AIT Austrian Institute of Technology)

Response Coordination for Complex Scenarios

Lazaros Papadopoulos (Institute of Communication and Computer Systems)

On Secure and Side-Channel Resistant Hardware Implementations of Post-Quantum Cryptography

Petr Jedlicka (Brno University of Technology, FEEC, Department of Telecommunications, Czech Republic), Lukas Malina (Brno University of Technology, FEEC, Department of Telecommunications, Czech Republic), Tomas Gerlich (Brno University of Technology, FEEC, Department of Telecommunications, Czech Republic), Zdenek Martinasek (Brno University of Technology, FEEC, Department of Telecommunications, Czech Republic), Jan Hajny (Brno University of Technology, FEEC, Department of Telecommunications, Czech Republic), Petr Socha (Czech Technical University in Prague, Faculty of Information Technology, Dept. of Digital Design, Czech Republic)

Securing Shared Mobility Integration into Public Transport Infrastructure

Abasi-Amefon Obot Affia and Raimundas Matulevicius

An Internet-Wide View of Connected Cars: Discovery of Exposed Automotive Devices

Takahiro Ueda, Takayuki Sasaki, Katsunari Yoshioka and Tsutomu Matsumoto (Yokohama National University, Japan)

CyberSANE project: concept, background, objectives, consortium (15 min)

Jorge Manuel Martins, Project Manager, PDMFC 

CyberSANE architecture: : Core & 5 components (45 min)

Luis Landeiro Ribeiro, Head of PMO at PDMFC, Project Manager for the CyberSANE project

Thanos Karantjias, Chief Technology Officer, Maggioli 

CyberSANE Business models (30 min)

Armend Duzha, Maggioli

Challenges of cybersecurity education from a learner and educator perspective

COLTRANE project overview

Gregor Langner (Austrian Institute of Technology (AIT), Vienna, Austria)

Steve Furnell (University of Nottingham, Nottingham, United Kingdom)

Ticket based lightweight security solution for small car E/E-components

Claus-Henning Friederichs (AVL, Germany)

Practical guidelines to configure homomorphic encryption schemes: An application to machine learning

Antoine Choffrut (CEA, France)

Homomorphic Encryption Based Pattern Search for Privacy Preserving Analytics

Hoang-Gia NGUYEN (CEA, France)

DRIVES: Android App for Automotive Customized Services

Marco de Vincenzi (CNR, Italy)

SAMM: Situation Awareness with Machine Learning for Misbehavior Detection in VANET

Mohammed A. Abdelmaguid, Hossam S. Hassanein and Mohammad Zulkernine (School of Computing, Queen’s University, Canada)

Towards Deployment Shift Inhibition Through Transfer Learning in Network Intrusion Detection

Marek Pawlicki, Rafał Kozik and Michał Choraś (ITTI Sp. z o.o. Poznań, Bydgoszcz University of Science and Technology Bydgoszcz, Poland)

Image-based Neural Network Models for Malware Traffic Classification using PCAP to Picture Conversion

Giorgos Agrafiotis, Eftychia Makri, Ioannis Flionis, Antonios Lalas, Konstantinos Votis and Dimitrios Tzovaras (Centre for Research and Technology Hellas/ Information Technologies Institute (CERTH/ITI), Greece)

Applying Machine Learning on RSRP-based Features for False Base Station Detection

Prajwol Kumar Nakarmi, Jakob Sternby and Ikram Ullah (Ericsson, Sweden)

Physical and Cyber Situational Awareness for CI

Juan José Hernández Montesino (ETRA I+D) and Stephane Paul (Thales)

Hybrid Situational Awareness

Israel Perez Llopis and Javier Hingant Gómez (Universitat Politecnica de Valencia)

Serious Games in Crisis Situations

Daniel McCrum and Páraic Carroll (University College Dublin)

A Methodology for Enhancing Emergency Situational Awareness through Social Media

Antonios Karteris, Georgios Tzanos, Lazaros Papadopoulos, Konstantinos Demestichas, Dimitrios Soudris, Juliette Pauline Philibert and Carlos López Gómez

The PRAETORIAN Use Cases in a Nutshell

Eva María Munoz Navarro (ETRA I+D), Frederic Guyomard (Électricité de France) and
Tamara Hadjina (KONCAR)

The PRECINCT Living Labs in a Nutshell

Isabel Verwee and Shirley Delannoy (VIAS Institute)

CyberSANE pilots: use cases and lessons learnt (60 min)

Pablo Giménez Salazar, CyberSANE Pilot Coordinator and CyberSANE Transport Pilot Manager at Fundacion Valenciaport

Robert Bordianu, Senior DevOps Engineer & IoT Evangelist in Lightsource Labs Limited and CyberSANE Energy pilot Manager

Andrius Patapovas, CyberSANE Health Pilot, Healthcare Information Processing at Klinikum Nuremberg

Guillermo Yuste, Cybersecurity Specialist and Data Analytics Consultant, Atos

CyberSANE Standardisation activities (15 min)

Manos Athanathos, Technical Project Manager, ICS Forth

Q&A (15 min)

Chaired by Luis Landeiro Ribeiro, Head of PMO at PDMFC, Project Manager for the CyberSANE project