U bent hier

dcypher verenigt onderzoekers, docenten, producenten, gebruikers en beleidsmakers in Nederland om kennis en kunde over cyberveiligheid te verbeteren

Impressie dcypher Symposium 2017

Cybersecurity hoogleraren vrezen dat Nederland digitaal onder water komt te staan!


March 20th 2018 between 11.00 and 15.45 hours!Word of Welcome by session chair Zekeriya Erkin (TUD) No Free Charge Theorem: a Covert Channel via USB Charging Cable on Mobile Devices Veelasha Moonsamy (UU)* Digital Fingerprinting of Devices for System Recognition Thomas Hupperich (UT)*Plenary interview about their views on Cyber Security and their research Eveline Vreede & Zeki Erkin (TUD)Introduction Best Master Thesis Award Andreas Peter (UT)KINTSUGI: Identifying & addressing challenges in embedded binary securityJos Wetzels, M.Sc. (TU/e)Combating Snowshoe Spam with FireOlivier van der Toorn, M.Sc. (UT)Award Ceremony Best Cyber Security Master Thesis Andreas Peter (UT)Word of session chairZekeriya Erkin (TUD)break Word of welcome & key-note introduction Zekeriya Erkin (TUD)Power and limitation of Adversarial Machine Learning and their consequencesProf. Sakurai (KU, Japan)*DCSRP Award 2017 announcementJan Piet Barthel (dcypher)Economic Factors of Vulnerability Trade and Exploitation Luca Allodi (TU/e)ASLR on the Line: Practical Cache Attacks on the MMU Ben Gras (VU)Millions of targets under attack: a macroscopic characterization of the DoS ecosystem Mattijs Jonker (UT)Herding Vulnerable Cats: A Statistical Approach to Disentangle Joint Responsibility for Web Security in Shared HostingArman Noroozian (TUD)The Dynamics of Innocent Flesh on the Bone: Code Reuse Ten Years Later Manolis Stamatogiannakis (VU)DCSRP Award 2017 ceremonyDCSRP Bonus chequeJan Piet Barthel (dcypher)Michel Bouma (IBM)Round-up by session chairZekeriya Erkin (TUD) *http://www.ictopen.nl/content/Speakers/Day+2+invited+speakers+per+trackRegister HERE for participation via the ICT.OPEN 2018 form  ICT.OPEN is the principal ICT research conference in the Netherlands. It features two distinguished plenary key notes and invited speakers, as well as many oral and poster presentations. The state of art in ICT research is presented and discussed here. More information: www.ictopen.nl 
A cyber world of difference: cyber criminals are not the same as traditional criminals. By: Dr Marleen Weulen Kranenbarg The 18-year-old Jelle S., who is suspected of having carried out various DDoS attacks earlier this month, wrote in a mail exchange with the de Volkskrant newspaper that he did this ‘because it is fun’ and ‘to see if it is possible for a teenager to simply cripple all banks with a relatively simple attack’. In my PhD research, in which I compared cyber criminals with traditional criminals, these were exactly the types of motives for this type of cybercrime. Cyber criminals who commit offences such as hacking, defacing and DDoS attacks state that they do this 'out of boredom, curiosity or thrill seeking' and 'because it was fun and/or felt good’. The respondents who committed Internet-related crimes, such as defacements or DDoS attacks, stated that besides these intrinsic motives they also did it to 'set something right and/or to convey a message’. This was also a clear factor in the motives of Jelle S.However, the general picture about cybercrime is that these offences are committed for financial gain. This was almost never indicated in my research and it does not appear to have played any role in the case of Jelle S. Of course there are enough types of cybercrime in which a lot of money is earned. However, there is also an important category of perpetrators who cause a lot of damage without any financial gain. This is a group whose crimes are possibly correctly referred to by de Volkskrant as online mischief, but then with considerable financial or other consequences. A lack of financial motives and committing offences based on intrinsic motivation, such as curiosity, is an important difference between cybercrime and traditional criminality.Besides these differences in motives, I also investigated other domains in criminology that are traditionally seen as important for understanding criminal behaviour. The first domain was the age of incidence. I asked myself at which moments in their lives cyber criminals are most inclined to commit cyber offences. From research into traditional criminality we know that criminals are, in general, less inclined to commit offences during the years in which they live together with a family and the years in which they have work or are following an educational course. That is because there is more at stake in these years. A possible conviction can have major consequences for work, education or family. In addition, there are simply less opportunities to commit crime in these circumstances. However, employment and following an educational course could actually provide opportunities for cybercrime. After all, having a job, especially in the IT sector, provides access to a wide range of IT systems that you would normally not have access to and you spend a relatively large amount of time behind a computer where you could commit cybercrime.I also saw this in my research, which revealed that having work or following an educational course is not a protective factor for cybercrime. In addition, I found that in the population of cybercrime suspects, these offences are mainly committed in the years in which the suspects had a job in the IT sector or they followed an educational course. Living with a family is still a protective factor, and so the most logical conclusion that can be drawn from this is that the opportunity for cybercrime occurs in entirely different situations and that there is too little social control in those situations to prevent the criminality of this group of suspects. Of course it needs to be stated that this does not mean that everybody who works in the IT sector is a potential cyber criminal. In combination with the motives for cybercrime this offers a possible solution. If we could succeed in giving cyber criminals a legal alternative in which they could satisfy their curiosity, such as a job in the IT sector, and also increase the social control in such a situation then we may be able to prevent such individuals from continuing to commit these offences.Another important difference I found with traditional criminality was the correlation between a person's behaviour and his or her direct social environment. Although that relationship is present in cybercrime, it is far less strong than for traditional criminality. There is therefore much less cyber-criminal behaviour or attitudes in the direct social environment of cyber criminals than the social environment of traditional criminals. It is quite possible that this is related to the relatively low chance of being arrested and the anonymity of cyber criminal behaviour; this means it is less relevant what your social environment thinks about your cyber criminal behaviour in view of the fact that they will probably never find out about it. Furthermore, with the help of information on the Internet, cyber criminals can increase their knowledge of how to abuse IT systems without the need for meaningful social interactions with others.Finally, important differences were also found between cyber criminals. The perpetrators of more technical types of cybercrime, such as forms of hacking, were found to differ from perpetrators of less technical offences in certain ways. For example, IT knowledge was more important for the more technical perpetrators and they also exhibited quite specific online activities in which they could acquire knowledge such as the frequent use of fora. In addition, these perpetrators were found to have a higher level of self-control, which may enable them to be better at planning and executing the more technical offences. The perpetrators of less technical offences had a lower self-control and that is also the case for traditional criminals.Due to the emergence of booter services, which were also used by Jelle S., I expect an enormous increase in cyber criminals within this last group. A decreasing amount of technical knowledge is probably required for the commitment of cybercrimes, so that cyber criminals in the future might exhibit more similarities with traditional criminals. However, I also expect that the differences I have found with respect to opportunity, motives and social environment will continue to play an important role in the future in combatting cybercrime. On 26 January 2018, Marleen Weulen Kranenbarg gained her doctorate from VU University Amsterdam for her research entitled ‘Cyber-offenders versus traditional offenders: an empirical comparison’. You can download the English summary or her entire thesis via this link: http://dare.ubvu.vu.nl/handle/1871/55530   
The Dutch Government organizes the international One Conference 2018. This conference aims to facilitate the exchange of knowledge and ideas within the international cyber security community. To this aim 1200 people from the (inter)national CERT community, academia, security professionals from public and private sector as well as our key partners from law enforcement and intelligence will participate in this event. The conference program offers topics of interest for a wide variety of participants, from (technical) specialists to decision-makers and researchers, from both the private and the public sector.SessionsThe Dutch Government invites researchers, companies and professionals to submit proposals for presentations. All sessions are 40 minutes in length including Q&A. Previously published and/or presented material is welcome if the information and message are still new and relevant to this audience. Presentations will ultimately be chosen based on relevance to the topics below, maturity of results and relevance to the audience.TopicsTopics include but are not limited to:Technical: botnets and C&C, exploitation & malware, vulnerability research, design & attack surface, attacker MO, deployment of defensive measures, (inter)networking and operations, metrics & measurements, field-related (privacy, cryptography, ..), domain-related (IoT, ICS/SCADA, mobile, medical, automotive, ..)Incident response: monitoring and detection, information sharing, threat intelligence, CSIRT maturity, incident handling, cooperation (tactical and operational), incident analysis, coordinated vulnerability disclosure, case studies, lessons learnedGovernance: law enforcement, legal aspects, cross-border collaboration, risk management, public-private partnerships, organizational structures, coordinated vulnerability disclosure, data breaches, supply chain: responsibility & liabilityStrategic issues: cyber security & economic growth, implementing international cyber security strategy, (conflicts of) interest of values in cyber security, future scenarios, the role of the government, cyber espionage & future economic impact, incentives in cyber securityHuman factor: offenders, victims, social engineering, insider threat, post awareness, education and training, privacyResearch & innovation: completed and ongoing cyber security research (fundamental and applied) and innovationProposal requirementsPresentation proposals (maximum one page) should consist of:Title and abstractType of presentation (e.g. lecture, panel, demo and interactive aspects such as         Q&A’s or real time polling) Aim of the presentation. What’s in it for the audience (public and private sector)?Target audience (e.g. technical specialists, analysts, policy makers)Short bio of the speaker All presentations are in English, commercial presentations are excluded.Proposals can be submitted to speakers@one-conference.nlImportant datesDeadline for submission: Friday 15 June 2018Presenter notification: Wednesday 15 August 2018Conference: Tuesday 2 & Wednesday 3 October 2018 The One Conference 2018 is organized by the Ministry of Justice and Security and the Ministry of Economic Affairs and Climate Policy.


"We are hiring: Currently, we have three positions in pretty much any field, including security.  As you can read below, in security we are ideally looking for people who are doing something slightly different from what we already doing (systems), and even better something that can link to other groups already at our department. For instance, we would be interested in research in formal verification, security in/with AI, security in BioInformatics, security in Big Data, usability, etc.We are excited about the possibility of expanding into new security research domains and hope to attract as many strong candidates as possible. Should I apply for the assistant/associate professor positions?Probably! The selection process is entirely open. No candidates have yet been identified a priori. We will simply hire the best researchers in whatever field. So, if we find the top candidates in theoretical computer science or Big Data: great, we will expand there. If we find the top candidate to be in security: we will hire that person. So, if you’re good, you may want to apply.Having said that, with VUSec, VU Amsterdam has a very strong  (and fun) security group in the area of systems security with 3 faculty members, a bunch of postdocs and many Ph.D. students doing research on all sorts of low-level systems. Candidates for the new positions should therefore ideally have a different profile.As the department-wide hiring committee consists of people from all fields in computer science,  candidates should ideallly be interesting (provide a good interface) to  the other research in the department:Theoretical Computer ScienceAIUser Centric Data ScienceBioinformaticsSoftware Engineering and Information Management Obviously, we are looking for researchers with a strong track record. Publications in top venues, successful grant applications, awards: they all help. In addition, this is a university and teaching qualities are also very important.Interested?  See the official ad for more details about the procedure." Herbert BosCristiano GiuffridaKaveh Razavihttps://www.vusec.net/3-positions-cs/
Voor het VWData programma is in het kader van de Startimpuls-2 regeling door het Ministerie OCW en het Ministerie van Defensie subsidie beschikbaar voor een aanvullende onderzoeksactiviteit rondom “uitlegbare veilige Artificial Intelligence in het militaire domein”.Het budget is bestemd voor een onderzoeksproject dat de vraag adresseert hoe een AI systeem beveiligd kan worden tegen ontregeling en tegelijkertijd transparant kan zijn. Moderne, maar ook traditionele AI oplossingen, blijken vatbaar voor subtiele ontregelingen van buitenaf. Zo kunnen diepe neurale netwerken met voor de mens niet waarneembare manipulaties van input op het verkeerde been gezet worden.Dit speelt onder andere in beeldverwerkende AI, zoals aanwezig in autonoom rijdende voertuigen. Minuscule ruisinjecties in inputs kunnen in dergelijke toepassingen leiden tot het foutief herkennen van verkeersborden, met alle gevolgen van dien. Daarnaast kunnen machine learning modellen 'op afstand' worden uitgelezen door input/output gedrag uit te lokken, of worden gemanipuleerd van buitenaf, een reëel gevaar omdat steeds meer AI beschikbaar komt als (cloud) service. Beveiligen van AIHet beveiligen van AI is daarmee een onderwerp dat steeds belangrijker wordt op de onderzoeksagenda van techbedrijven als Google, Facebook en Tesla, en de academia. Maatregelen voor het garanderen van privacy met AI (zoals federated machine learning, of homomorfe encryptie) beveiligen de gebruikers van AI-systemen. Beide soorten beveiliging (de AI zelf, en de privacy van gebruikers) voegen echter extra opaciteit toe aan AI-systemen, via -soms destructieve, niet-reversibele- versleuteling van data of algoritmes. Tegelijkertijd neemt in de AI-wereld de roep om uitlegbaarheid toe, onder andere in de context van operator-intensieve toepassingen zoals defensie. De vraag is dus hoe een AI systeem zowel tegen manipulatie beveiligd kan worden, als tegelijkertijd uitlegbaarheid toestaat. Een deel van de beschikbare middelen voor dit project zijn bestemd voor onderzoeksactiviteiten van TNO. Een ander deel is beschikbaar voor complementaire aansluiting van andere kennisinstellingen op het TNO onderzoeksproject  (bijlage I). De omvang van deze aanvullende subsidie is 100 kEUR. De oproep voor dit aanvullende deel van het onderzoeksproject staat open voor bij de Kenniscoalitie aangesloten publieke kennisinstellingen2: Nederlandse universiteiten, KNAW- en NWO-instituten en Hogescholen.  De volledige projectbeschrijving is terug te lezen op deze pagina. Uitnodiging en Tijdslijn Het VWData programma is vormgegeven als negen projecten verdeeld over vijf inhoudelijke werkpakketten, zie de Programmabeschrijving (bijlage III). Indieners worden hierbij uitgenodigd om een onderzoeksvoorstel in te dienen voor het uitvoeren van een aanvullende onderzoek op het bijgaande onderzoeksproject van TNO (bijlage I). Dit project valt in werkpakket 4 (Transparancy). Voorstellen volgen het bijgaande template en moeten worden ingediend uiterlijk op maandag 2 april 2018. Gebruik hiervoor het indieningsformulier (bijlage II).  Tijdslijn2 april 2018   Sluiting van de indiening van onderzoeksvoorstellen. 6 april 2018   Prioritering van de voorstellen door de Stuurgroep van VWData en het Ministerie van DefensieMedio april 2018 Toekenning van de subsidie door NWO. https://www.dutchdigitaldelta.nl/big-data/call/vwdata-uitlegbare-en-veilige-ai
Call for Participation 3rd Interdisciplinary Summer school on Privacy (ISP 2018) July 9-13, 2018, Berg en Dal / Nijmegen (The Netherlands) Theme:  AI, Algorithms & Privacy. We invite doctoral researchers working on privacy, data protection, security, surveillance and ethics to participate in the second Interdisciplinary Summer school on Privacy (ISP 2018) to be held from July 9 - July 13, 2018 in Berg en Dal (The Netherlands), close to Radboud University (Nijmegen).https://isp.cs.ru.nl# Teachers Mireille Hildebrandt (VUB / Radboud University) Julia Powels (University of Cambridge) Paul Dourish (University of California, Irvine) Christian Sandvig (University of Michigan) Lina Dencik (Cardiff University) Malte Ziewitz (Cornell University Robin Pierce (Tilburg University) Martijn van Otterloo (Tilburg University)(more to be confirmed) # Background of the summerschoolThe interdisciplinary summerschool on privacy (ISP) provides an intensive one week academic post-graduate programme teaching privacy from a technical, legal and social perspective. The goal of the summerschool is to provide students with a solid background in the theory of privacy construction, modelling and protection from these three different perspectives. It also aims to help them to establish a first international network with peers and senior academics across these disparate disciplines.Participants of the summerschool are awarded two ECTS (study credits) and receive a certificate of attendance issued by the Radboud University attesting this.For more information [click here](https://isp.cs.ru.nl) # Theme: AI, Algorithms & PrivacyThe theme "AI, Algorithms & Privacy" addresses the privacy issues that arise from the use of Artificial Intelligence and machine learning algorithms, and studies how to address these issues. Topics within this theme are e.g. transparency, discrimination, and adversarial learning.# FormatThe summer school is interdisciplinary, involving the followingdisciplines: computer science, law and social sciences / media and communication studies. The school lasts one week, with nine scheduled lectures (five morning lectures and four afternoon lectures) of two hours each. These nine lectures are equally distributed over the three disciplines, with top-notch lectures from each of the disciplines. The lectures will lay the grounds for an interdisciplinary conversation among students and lecturers coming from a variety of backgrounds.The remaining time is used for hands on working group sessions to study practical cases. The cases will be offered by businesses, governments, government related institutions (like DPAs) and civil society/NGOs.Groups of six students, ideally two from each discipline, are formed to tackle the cases and report back on their results in a plenary session.The school is held in a location that encourages dialogue and social interactions between both the staff and the students, both during lectures and in the evening. Staff (i.e. lecturers) are encouraged to stay at the summer school for the whole length of the school. The summer school is foremost aimed at PhD students from computer science, law and social sciences.# Practical InformationThe summer school is held at [Hotel Erica](http://www.hotelerica.nl), Berg en Dal, The Netherlands. The hotel is well equipped and ideally situated in the woods close to Nijmegen, and easily reached by bus from Nijmegen train station. Nijmegen has direct train connections with Schiphol, the Dutch national airport.## RegistrationVisit the following web page to register: https://isp.cs.ru.nl/registration.phpWe offer the following options.Single room: € 950 (late: € 1050)Shared room: € 725 (late: € 825)No room (lunch/school only): € 516 (late: € 616)  (for local people who do not need accommodation)Payment by credit card accepted. Early registration fees expire on May 1. Admission after June 1 subject to availability. Registration may close earlier if the maximum number of participants (40) is reached.## StipendsA limited number of stipends is available. To see whether you would qualify for a stipend, and to start the application process, seehttps://isp.cs.ru.nl/stipends.php## ContactFor further information please consult our website https://isp.cs.ru.nl or contact us by email at summerschool@pilab.nl## OrganiserJaap-Henk Hoepman (Radboud University /PI.lab) ## Steering CommitteeClaudia Diaz (KU Leuven / imec),Seda Gürses (KU Leuven / imec),Eleni Kosta (TILT - Tilburg University / PI.lab),Jo Pierson (Vrije Universiteit Brussel / imec), and Thorsten Strufe (TU Dresden) ## Supported by PI.lab - The Privacy & Identity Lab. imec Radboud University(more support to be announced soon) 
Ontwikkeling van ethisch en juridisch kader voor nieuwe technologie noodzakelijkNu kunstmatige intelligentie (AI) steeds dieper in ons dagelijks leven doordringt, moeten we hierover een breed maatschappelijk debat voeren dat moet leiden tot een internationaal erkend ethisch en juridisch kader voor de ontwikkeling en het gebruik van nieuwe technologieën. Dat stelt de European Group on Ethics in Science and New Technologies (EGE) in een publicatie. De groep geeft een aanzet voor de discussie met de presentatie van een reeks fundamentele ethische grondbeginselen die zouden moeten gelden voor de ontwikkeling en het gebruik van AI, robotica en autonome systemen. Volgens een artikel van The Wall Street Journal trachten technologiebedrijven de komst van regels voor te blijven door nu al gedragscodes op te stellen samen met futuristen, burgerrechtenactivisten en sociale wetenschappers.Nieuwsbericht Design for Values – TU DelftPublicatie EGE (pdf)Artikel The Wall Street Journal
Het kabinet gaat extra investeren in vernieuwend en maatschappelijk relevant onderzoek: 70 miljoen euro in 2018, oplopend tot 130 miljoen vanaf 2020. Dit geld wordt besteed via de Nationale Wetenschapsagenda. Daarnaast komen er extra middelen voor het versterken van de kennisbasis, waaronder twintig miljoen euro voor de digitale onderzoeksinfrastructuur, 25 miljoen euro voor praktijkgericht onderzoek en een bedrag oplopend tot 70 miljoen euro voor bèta en technisch onderzoek. Dat meldt minister Ingrid van Engelshoven (OCW) in een brief aan de Tweede Kamer. MKB-Nederland en VNO-NCW stellen dat wetenschap en innovatie “te lang droog” hebben gestaan qua middelen, maar zijn nu ook “positief” over de inzet en de verdeling van het extra geld. De KNAW is “positief” over de extra investeringen in het onderzoek, NWO is “verheugd”, de VSNU spreekt van “een mooie eerste stap ... Maar om aansluiting bij de wereldtop te houden, zal er meer nodig zijn”, stelt de Vereniging van Universiteiten in een factsheet. Het Europees semester, dat vorige week verscheen, geeft de VSNU gelijk. Het constateert dat Nederland nog steeds te weinig investeert in onderzoek. Een artikel van ScienceGuide citeert eurocommissaris Carlos Moedas, die waarschuwt dat Nederland moet blijven investeren in innovatie, om de successen zoals in Delft, Groningen en Wageningen vast te blijven houden.Kamerbrief (pdf)Nieuwsbericht RijksoverheidNieuwsbericht HOP / Univers OnlineNieuwsbericht MKB-Nederland / VNO-NCWNieuwsbericht KNAW Nieuwsbericht NWONieuwsbericht VSNUFactsheet VSNUEuropees Semester – Landenrapport Nederland (pdf)Artikel ScienceGuide 
Bekijk het volledige nieuwsoverzicht >