Wouter Joossen - IBBT Security departement

security departement

security, privacy and trust of E-*

08/04/2023 1

Enhance the leading position

of ICT-security research in FlandersEssential objectives:

perform first class basic and applied research in key areas from ICT security (core)

transfer the acquired basic knowledge into the economy (traditional notion of valorization)

lower the cost of regulatory compliance of new hardware, software and applications (specific: valorization)

contribute actively to training of undergraduate and PhD students, and of industry (valorization too)

2

Context, application and technology trends1. Security is directly related to dependability,

and to trustworthiness – trustworthiness will remain essential

2. Security cannot be achieved as an after-thought; core to software applications and the development & deployment processes

3. Security problems arise anywhere in systems (not only at front- and backdoors): end-to-end quality is required.

4. Trustworthiness requires full life-cycle support (management support)

3

security, privacy & trust of E-*:application areas

E-health

E-media

E-society

E-commerce

E-logistics

E-banking

…

Security Expertise (1/2)Secure programming languages (Clarke, Piessens, Joosen)

Security middleware and component frameworks (Piessens, Desmet, Joosen)

Secure development process (Scandariato, Joosen)

Security monitoring and management (Desmet, Huygens, Joosen)

Security for computer networks and pervasive systems (Verbaeten, Huygens, Preneel, Verbauwhede)

Security for ad-hoc and wireless networks (Preneel, Verbauwhede)

Privacy enhancing technologies, identity management (De Decker, Preneel)

Cryptographic software and software obfuscation (Piessens, Preneel)

Cryptographic hardware and embedded systems (Verbauwhede, Preneel, Rijmen)

Document security, watermarking and perceptual hashing (Preneel)

Trusted computing (Verbauwhede, Preneel)

Legislation, compliance & policy(Dumortier, )

Security Expertise (2/2 and incomplete) Cryptographic algorithms and protocols, foundations of cryptography

and provable security (Rijmen, Preneel)

Risk management (Huygens. Joosen)

Authorisation technologies (Piessens, Joosen, Desmet)

Secure System Software (Piessens, Joosen)

HW implementation of DRM, watermarking and perceptual hashing (Verbauwhede, Preneel, Rijmen)

Side-channel attacks and countermeasures (Verbauwhede, Rijmen, Preneel)

Embedded biometry (Verbauwhede, Tuyls)

Security for RFID’s, smart-cards, sensor nodes (Verbauwhede, Batina,

Preneel, Huygens, Joosen)

Evaluation of system security, including requirements, security architectures, software, hardware, cryptographic libraries and smart cards (All)

Missionrevisited

“To be a one stop shop for security

research”

Cryptography

Secure

Programming

Languages

Security Middleware

Privacy

Risk Management

Watermarking

Sec

ure

Dev

elop

men

t

DRM

Biometric

“one-stop-shop for ICT security research”

5 research programs:

embedded security

privacy & identity management

programming secure software

security through the

engineering process

legal research, regulatory &

policy framework for ICT

securing distributed software

The European context (FP7-IST call 8) Track record:

About 20 FP6/FP7 projects that relate to trust and security

Currently featuring two NoE’s: Cryptology, Bart Preneel from COSIC is currently

coordinating ECRYPT II (Network of Excellence on Cryptology), which is a successor to ECRYPT.

Service Engineering: Wouter Joosen (DistriNet) currently is the Research Director of NESSoS: Engineering Secure Software and Systems for Future Internet Services.

… lead generators for new EU projects

9

For the business – applied to many hot application domains:

1. Assurance, compliance of new applications, typically Future Internet Servicesa. Cloud computing (the next big one after SOA)

b. IoT and embedded software and systems

2. Very long term: Enabling Cost and Risk Assessment

For Society: focus on

3. Privacy (Social Networks)

4. Cybercrime

10

Another example: NextGenITS [ICON]

Privacy preserving Electronic Toll

Only final fee transmitted to Service Provider Only driver has access to location data Authenticity of reported fee and location data Confidentiality of communications

GPS Satellites Service Provider Driver

OBU

GPS GSM

Fee Reporting

Fee Calculation

Bill

Updates

Encrypted Location Data

One Example: Bravehealth (FP7-IP 2010-2013)The BRAVEHEALTH system will enable the integration of services provided by mobile resources, legacy applications, data and computing intensive services within a mobile grid to offer personalized e-health services to mobile, nomadic, stationary users.

12

Our broader context for strategic research

1308/04/2023

Focus of this talk

Three basic themes in the SecCAS program

14

Improved security in multi-tenant applications

End to end data protection

Client-centric protection

Into the market…Some Important trends in cloud security:

Cloud security gateways Cloud based recovery Services

MDM: Mobile Device Management Services

High Assurance Public Identity Providers

08/04/2023 15

Conclusion:what it means for the ICON programme

We have a lot on our plates!New projects being developed:

Mobile device managementSecurity and management dashboardsCloud security Gateways for and by SaaS providersEnhancing the reliability of “social networks” in integrated solutions…

Application cases: logistics, transport, health…!!!!

16

17

Tank you, the Team (>140 FTEs)

Prof. Bart Preneel

Prof. Vincent Rijmen

Prof. Ingrid Verbauwhede

Prof. Claudia Diaz

7 postdocs

40+ junior reserachers

ICRI:

Prof. Jos Dumortier

2 postdocs

15+ junior researchers

Prof. Dave Clarke

Prof. Bart De Decker

Prof. Danny Hughes

Prof. Christophe Huygens

Prof. Wouter Joosen

Prof. Frank Piessens

Prof. Yolande Berbers

Prof. Tom Holvoet

Prof. Bart Jacobs

• 15 postdocs

50+ junior researchers

security departement

security, privacy and trust of E-*

08/04/2023 18