dcypher Symposium 2019 connecting cybersecurity knowledge – enterprises - policies
Time: 11:30 – 12:45
Room: Spark (110)
Chaired by Jan Piet Barthel
In this session four projects highlighted the results obtained in collaborative research. The multidisciplinarity of cybersecurity research was clearly illustrated by two of the projects. Not only the human factor in relation to privacy risks in IoT devices was discussed but also the importance of the regulation of collection and use of personal information by smartphone platforms. The two Supervisory Control And Data Acquisition (SCADA) projects discussed their solutions for detecting vulnerabilities and securing the divers machines in large industrial systems. The collaborating groups all pointed out the benefits of international collaboration: (i) the complementary expertise, (ii) the availability and use of real data, and (iii) the use of the same principles to analyse divers systems and understand common principles.
- Deep packet with Intelligence for Industrial IoT: the DEPICT Project
dr. Alvaro Cardenas, University of Texas at Dallas
DEPICT is a cooperative project between the University of Santa Cruz (USA) and the University of Eindhoven in the Netherlands, funded by the DHS and NWO. The project focuses on network monitoring of Industrial Control Systems and Industrial IoT. In this presentation we will elaborate on the last results of the groups participating in the project.
- Supporting privacy decisions in IoT with defaults and smart profiles: what works best and why?
dr. ir. Martijn Willemsen, Eindhoven University of Technology
Interconnected IoT (Internet of Things) devices offer many benefits, but also have privacy risks as personal data is shared between devices and with 3rd parties via the internet. Privacy decisions for such devices are prone to heuristic influences due to the vast amount of decisions that have to be made about what each device shares with whom for what purpose. In this project we join forces between computer science, HCI and decision psychology to study the decision processes underlying these decisions and design user-tailored privacy setting interfaces. Using eye-tracking and aspect listing techniques we uncover the decision processes, and find that discrepancies between sharing intentions and behaviors (i.e., the privacy paradox) are due to differences in how much benefits and risks are considered. Using data from a large set of privacy decision scenarios, we find that simple default settings and framing effects might oversimplify the decision and we use machine learning to construct smart privacy profiles that could potentially help people to make more adequate decisions.
- Platforms as Regulators: Lessons from the Smartphone Context
Joris van Hoboken, Professor of Law, LSTS, Vrije Universiteit Brussel & Senior Researcher, IViR, University of Amsterdam
In this talk I will explore the developments and legal consequences of different types of platforms being asked and incentivized to start acting as privacy regulators, setting standards (policy and technical) for the collection and use of personal information by their business users and policing these business users on the basis of these policies. I will explain the emergence of platforms as privacy regulators with examples, focusing in particular on the context of smartphone ecosystems. I will show how this development currently challenges other regulatory imperatives, including the calls on platforms to act fairly and transparently vis a vis business users.
- Timely and RObust Patching of Industrial Control Systems (TROPICS)
prof. Chris Kruegel, University of California, International Secure Systems Lab
Related Research Projects:
This session is organised in close cooperation with the Dutch Research Council (NWO)