CySeP Plenary Speakers


Prof. Matt Bishop (University of California, Davis, USA)

Example pic
Matt Bishop received his Ph.D. in computer science from Purdue University, where he specialized in computer security, in 1984. He was a research scientist at the Research Institute of Advanced Computer Science and on the faculty at Dartmouth College before joining the Department of Computer Science at the University of California at Davis.
His main research area is the analysis of vulnerabilities in computer systems, including modeling them, building tools to detect vulnerabilities, and ameliorating or eliminating them. He works in network security, resilience, attribution, policy modeling, data sanitization, and formal modeling of access control. He also is interested in electronic voting, worked on numerous analyses of e-voting systems including the RABA study in Maryland, and was one of the two principle investigators of the California Top-to-Bottom Review, which performed a technical review of all electronic voting systems certified in the State of California.
He is active in information assurance education, and co-led the Joint Task Force that developed the ACM/IEEE/ASIS SIGSAC/IFIP WG11.8 Cybersecurity Curricular Guidelines. The second edition of his textbook, “Computer Security: Art and Science”, was published in November 2018 by Addison-Wesley Professional. He teaches introductory programming, software engineering, operating systems, and (of course) computer security.

Seminar title: Is Practical Data Sanitization Possible?

Research in data sanitization (including anonymization) emphasizes ways to prevent an adversary from desanitizing data. Most work focuses on using mathematical mappings to sanitize data, or demonstrates that a sanitized data set can be desanitized. A few papers examine incorporation of privacy requirements, either in the guise of templates or prioritization. Essentially these approaches reduce the information that can be gleaned from a data set. In this talk, we will discuss ongoing work that considers conflicts between privacy requirements and the needs of analysts examining the redacted data. Our goal is to enable an informed decision about the effects of redacting, and failing to redact data. We begin with relationships among the data being examined, including relationships with a known data set and other, additional, external data. By capturing these relationships, desanitization techniques that exploit them can be identified, and what information must be concealed in order to thwart them (if possible) can be determined. Knowing that, a realistic assessment of whether the information and relationships are already widely known or available will enable the sanitizers to assess whether irreversible sanitization is possible, and if so, what to conceal to prevent desanitization.

Visit Homepage

Prof. Yvo G. Desmedt (University of Texas at Dallas, TX, USA)

Yvo Desmedt is the Jonsson Distinguished Professor at the University of Texas at Dallas, a Honorary Professor at University College London, a Fellow of the International Association of Cryptologic Research (IACR) and a Member of the Belgium Academy of Science. He received his Ph.D. (1984, Summa cum Laude) from the University of Leuven, Belgium. He held positions at: Université de Montréal, University of Wisconsin - Milwaukee (founding director of the Center for Cryptography, Computer and Network Security), and Florida State University (Director of the Laboratory of Security and Assurance in Information Technology, one of the first 14 NSA Centers of Excellence). He was BT Chair and Chair of Information Communication Technology at University College London. He has held numerous visiting appointments.
He is the Editor-in-Chief of IET Information Security and Chair of the Steering Committees of CANS and ICITS. He was Program Chair of e.g., Crypto 1994, the ACM Workshop on Scientific Aspects of Cyber Terrorism 2002, and ISC 2013. He has authored over 200 refereed papers, primarily on cryptography, computer security, and network security. He has made important predictions, such as his 1983 technical description how cyber could be used to attack control systems (realized by Stuxnet), and his 1996 prediction hackers will target Certifying Authorities (DigiNotar was targeted in 2011).

Seminar title: Information Security: Back to the Essentials

In the 19th century astronomers studying Mars came up with maps of canals on Mars. In fact it was a logical thinking for people familiar with Earth. Similar mistakes were made in biology, were it was assumed that oxygen and sunshine were required to enable life. Access Control as implemented today is based on a model that predates the Internet, computer viruses and massive hackings. Should we be surprized that it is inadequate? An alternative to the Access Control Matrix is discussed in this context. Chaum's 1980's Dining Cryptographers and Chaum's MIX are very well known approaches towards anonymity. At that time it was not customary for cryptographers to model the security goal. So, Chaum never modeled anonymity. Afterwards researchers were building on top of Chaum's solution, but were not looking back at the foundations of anonymity. We show that there are message probabilities for which anonymity is completely impossible. Moreover, we show that sometimes Chaum's solutions are not optimal and leak information about the sender/receiver. The question will be raised whether after 45 years research on computer security and 40 years open research in cryptography, we should not systematically revisit the foundations we regard as facts. Part of the lecture is based on recent papers in IEEE Tr. on Inform. Th, and in "From Database to Cyber Security", Springer.

Visit Homepage

Prof. Virgil D. Gligor (Carnegie Mellon University, PA, USA)

Example pic
Virgil D. Gligor received his B.Sc., M.Sc., and Ph.D. degrees from the University of California at Berkeley. He taught at the University of Maryland between 1976 and 2007, and is currently a Professor of ECE at Carnegie Mellon University. Between 2007 and 2015 he was the co-Director of CyLab. Over the past forty-five years, his research interests ranged from access control mechanisms, penetration analysis, and denial-of- service protection, to cryptographic protocols and applied cryptography. Gligor was an Associate Editor of several ACM and IEEE transactions and the Editor in Chief of the IEEE Transactions on Dependable and Secure Computing. He received the 2006 National Information Systems Security Award jointly given by NIST and NSA, the 2011 Outstanding Innovation Award of the ACM SIG on Security Audit and Control, and the 2013 Technical Achievement Award of the IEEE Computer Society.

Seminar title: A Rest Stop on the (Never Ending) Road to Provable Security

During the past decade security research has offered persuasive arguments that the road to provable security is never ending, and further that there's no rest stop on this road; e.g., there is no security property one can prove without making assumptions about other, often unproven, system properties. In this seminar I describe what a useful first rest stop might look like, and illustrate one possible place for it on the road to provable security. Specifically, I show that a simple verifier can establish software root of trust (RoT) on an untrusted system unconditionally; i.e., without secrets, trusted hardware modules, or bounds on the adversary power. I will illustrate the theory foundation for proving RoT establishment unconditionally, and show that the proofs require only the availability of randomness in nature and correct specifications for the untrusted system. The verifier is trustworthy as it requires only the off-line ability to construct nonces from strings of truly random bits and evaluate a new computation primitive – the randomized polynomials -- and then perform an on-line measurement of the untrusted system's evaluation of randomized polynomials and its response time. The optimal code for randomized polynomials on the instruction sets of real processors is discussed is some detail. I also illustrate why RoT establishment is useful for obtaining other basic properties unconditionally, such as secure initial state determination and verifiable boot -- a stronger notion than secure and trusted boot. Verifiable boot can be viewed as an instance of the FlipIt game between a defender and an adversary, where the defender wins the game by discovering the presence of malware surreptitiously inserted by the adversary into the system, unconditionally.

Visit Homepage

Prof. Joseph Yehuda Halpern (Cornell University, NY, USA)

Example pic
Joseph Halpern received a B.Sc. in mathematics from the University of Toronto in 1975 and a Ph.D. in mathematics from Harvard in 1981. In between, he spent two years as the head of the Mathematics Department at Bawku Secondary School, in Ghana. After a year as a visiting scientist at MIT, he joined the IBM Almaden Research Center in 1982, where he remained until 1996, also serving as a consulting professor at Stanford. In 1996, he joined the Computer Science Department at Cornell University, where he is currently the Joesph C. Ford Professor and was department department chair 2010-14. Halpern's major research interests are in reasoning about knowledge and uncertainty, security, distributed computation, decision theory, and game theory. Together with his former student, Yoram Moses, he pioneered the approach of applying reasoning about knowledge to analyzing distributed protocols and multi-agent systems. He has coauthored 5 patents, three books ("Reasoning About Knowledge", "Reasoning about Uncertainty", and "Actual Causality"), and over 360 technical publications.
Halpern is a Fellow of AAAI, AAAS (American Association for the Advancement of Science), the American Academy of Arts and Sciences, ACM, IEEE, the Game Theory Society, the National Academy of Engineering, and SAET (Society for the Advancement of Economic Theory). Among other awards, he received the Kampe de Feriet Award in 2016, the ACM SIGART Autonomous Agents Research Award in 2011, the Dijkstra Prize in 2009, the ACM/AAAI Newell Award in 2008, the Godel Prize in 1997, was a Guggenheim Fellow in 2001-02, and a Fulbright Fellow in 2001-02 and 2009-10. Two of his papers have won best-paper prizes at IJCAI (1985 and 1991), and another two received best-paper awards at the Knowledge Representation and Reasoning Conference (2006 and 2012). He was editor-in-chief of the Journal of the ACM (1997-2003) and has been program chair of a number of conferences, including the Symposium on Theory in Computing (STOC), Logic in Computer Science (LICS), Uncertainty in AI (UAI), Principles of Distributed Computing (PODC), and Theoretical Aspects of Rationality and Knowledge (TARK). He started and continues to be the administrator of CoRR, the computer science section of

Seminar title: From Coordination to Blockchain: The Elusive Trail of Common Knowledge

Reasoning about knowledge -- what I know about what you know about what I know ... -- is the type of reasoning that is often seen in puzzles and paradoxes, and has been studied at length by philosophers. But it plays a key role in many other contexts, ranging from understanding conversations to the analysis of distributed computer algorithms. More recently, it has been shown to play a key role in understanding what a blockchain protocol provides. I'll start the talk by considering a number of well-known puzzles and paradoxes, which both illustrate the subtleties of reasoning about knowledge and the advantages of having a good framework in which to make this reasoning precise. These puzzles also turn out to be closely related to important problems in distributed computing and game theory. In particular, they emphasize the importance of the notion of common knowledge, which turns out to be essential for reaching agreements and coordinating action. Unfortunately, we can prove that in practical multi-agent systems, common knowledge is not attainable. This seems somewhat paradoxical. How can common knowledge be both necessary and unattainable? The paradox gets resolved (to some extent) by examining a number of variants of common knowledge that turn out to be both attainable and sufficient for many applications. In particular, I'll show that how that a variant of common knowledge characterizes the guarantees provided by blockchain protocols. The work on blockchain is joint with Rafael Pass. The earlier work is joint with Yoram Moses, Ron Fagin, and Moshe Vardi.

Visit Homepage

Prof. Gernot Heiser (UNSW, Sydney, Australia)

Example pic
Gernot Heiser is Scientia Professor and John Lions Chair of Operating Systems at UNSW Sydney and Chief Research Scientist at Data61, CSIRO. His research interest are in operating systems, real-time systems, security and safety. He is the founder and past leader of Data61’s Trustworthy Systems group, which pioneered large-scale formal verification of systems code, specifically the design, implementation and formal verification of the seL4 microkernel; seL4 is now being designed into real-world security- and safety-critical systems. Heiser's former company Open Kernel Labs, acquired by General Dynamics in 2012, marketed the OKL4 microkernel, which shipped on billions of mobile wireless chips and more recently ships on the secure enclave processor of all iOS devices. He presently serves as Chief Scientist, Software, of HENSOLDT Cyber, a Munich-based company providing a secure hardware-software stack for embedded and cyber-physical systems. Gernot is a Fellow of the ACM, the IEEE and the Australian Academy of Technology and Engineering (ATSE).

Seminar title: The verified seL4 microkernel – trustworthy operating systems for the real world

seL4 is the world’s first operating system (OS) kernel with a formal, machine-checked proof of functional correctness of its implementation. It also has proofs of security enforcement, and is the only OS in the literature with a complete and sound worst-case execution-time analysis. In this lecture I will give an overview of seL4’s verification and what it means in practice, and discuss how seL4 is being used to build secure real-world systems and some of the lessons learned. I will also introduce some of the frameworks that enable the construction of high-assurance systems on seL4, including the CAmkES framework that enables security enforcement by architecture, and the Cogent framework, that aims at reducing the verification cost of critical user-level components.

Visit Homepage

Dr. Herb Lin (Stanford University, CA, USA)

Example pic
Herb Lin is a senior research scholar for cyber policy and security at the Center for International Security and Cooperation and Hank J. Holland Fellow in Cyber Policy and Security at the Hoover Institution. His research interests relate broadly to policy-related dimensions of cybersecurity and cyberspace, and he is particularly interested in and knowledgeable about information warfare; the use of offensive operations in cyberspace, especially as instruments of national policy; and emerging technologies and national security. He was a member of President Obama’s Commission on Enhancing National Cybersecurity.

Seminar title: Cyber-Enabled Information Operations Through the Lens of Cyberwar

Although cyber warfare and cyber-enabled information operations are conceptually different (the former prosecutes conflict through the hacking of computers and the latter through the hacking of people’s minds and hearts), much of the conceptual and doctrinal infrastructure of cyberwarfare is useful for understanding cyber-enabled information operations. This talk presents work in progress that elaborates these connections.

Visit Homepage

Prof. Ravi Sandhu (University of Texas, San Antonio, USA)

Example pic
Ravi Sandhu is Professor of Computer Science, Executive Director of the Institute for Cyber Security and Lead PI of the NSF Center for Security and Privacy Enhanced Cloud Computing at the University of Texas at San Antonio, where he holds the Lutcher Brown Endowed Chair in Cyber Security. Previously he served on the faculty at George Mason University (1989-2007) and Ohio State University (1982-1989). He holds BTech and MTech degrees from IIT Bombay and Delhi, and MS and PhD degrees from Rutgers University. He is a Fellow of IEEE, ACM and AAAS, and has received numerous awards from IEEE, ACM, NSA, NIST and IFIP, including the 2018 IEEE Innovation in Societal Infrastructure award for seminal work on role-based access control (RBAC). A prolific and highly cited author, his research has been funded by NSF, NSA, NIST, DARPA, AFOSR, ONR, AFRL, ARO and private industry.
His seminal papers on role-based access control established it as the dominant form of access control in practical systems. His numerous other models and mechanisms have also had considerable real-world impact. He served as Editor-in-Chief of the IEEE Transactions on Dependable and Secure Computing, and previously as founding Editor-in-Chief of ACM Transactions on Information and System Security. He was Chairman of ACM SIGSAC, and founded the ACM Conference on Computer and Communications Security, the ACM Symposium on Access Control Models and Technologies and the ACM Conference on Data and Application Security and Privacy. He has served as General Chair, Steering Committee Chair, Program Chair and Committee Member for numerous security conferences. He has consulted for leading industry and government organizations, and has lectured all over the world. He is an inventor on 30 security technology patents and has accumulated over 41,000 Google Scholar citations for his papers. At UTSA his team seeks to pursue world-leading research in both the scientific foundations of cyber security and their applications in diverse 21st century cyber technology domains, including cloud computing, internet of things, autonomous vehicles, big data and blockchain. Particular focus is on foundations and technology of attribute-based access control (ABAC) as a successor to RBAC in these contexts. His web site is at

Seminar title: Access Control Evolution and Prospects

This lecture will begin with an overview of important and lasting access control concepts developed in the past 50 years or so. Many of these trace back to the needs of enterprise computing. As computing systems have evolved beyond the enterprise to include modern applications such as electronic commerce, social media and the internet of things, new paradigms of access control are needed. The lecture will conclude with a discussion of the challenges of these application domains and avenues for access control evolution responsive to these needs.

Visit Homepage

Prof. Pierangela Samarati (University of Milano, Italy)

Example pic
Pierangela Samarati is a Professor at the Department of Computer Science of the Universita' degli Studi di Milano, Italy. Her main research interests are on data and applications security and privacy, especially in emerging scenarios. She has participated in several projects involving different aspects of information protection. On these topics, she has published more than 270 peer-reviewed articles in international journals, conference proceedings, and book chapters. She has been Computer Scientist in the Computer Science Laboratory at SRI, CA (USA). She has been a visiting researcher at the Computer Science Department of Stanford University, CA (USA), and at the Center for Secure Information Systems of George Mason University, VA (USA).
She is the chair of the IEEE Systems Council Technical Committee on Security and Privacy in Complex Information Systems (TCSPCIS), of the ERCIM Security and Trust Management Working Group (STM), and of the ACM Workshop on Privacy in the Electronic Society (WPES). She is a member of several steering committees. She is ACM Distinguished Scientist (named 2009) and IEEE Fellow (named 2012). She has received the ESORICS Outstanding Research Award (2018), the IEEE Computer Society Technical Achievement Award (2016), the IFIP WG 11.3 Outstanding Research Contributions Award (2012), and the IFIP TC11 Kristian Beckman Award (2008). She has served as General Chair, Program Chair, and program committee member of several international conferences and workshops.

Seminar title: Data Security and Privacy in Emerging Scenarios

The rapid advancements in Information and Communication Technologies (ICTs) have been greatly changing our society, with clear societal and economic benefits. Mobile technology, Cloud, Big Data, Internet of things, services and technologies that are becoming more and more pervasive and conveniently accessible, towards to the realization of a 'smart' society’. At the heart of this evolution is the ability to collect, analyze, process and share an ever increasing amount of data, to extract knowledge for offering personalized and advanced services. A major concern, and potential obstacle, towards the full realization of such evolution is represented by security and privacy issues. As a matter of fact, the (actual or perceived) loss of control over data and potential compromise of their confidentiality can have a strong detrimental impact on the realization of an open framework for enabling collection, processing, and sharing of data, typically stored or processed by external cloud services. In this seminar, I will illustrate some security and privacy issues arising in emerging scenarios, focusing in particular on the problem of managing data while guaranteeing confidentiality and integrity of data stored or processed by external providers.

Visit Homepage

Prof. Gene Tsudik (University of California, Irvine, USA)

Example pic
Gene Tsudik is a Chancellor's Professor of Computer Science at the University of California, Irvine(UCI). He obtained his PhD in Computer Science from USC in 1991. Before coming to UCI in 2000, he was at IBM Zurich Research Laboratory (1991-1996) and USC/ISI (1996-2000). His research interests include many topics in security, privacy and applied cryptography. Gene Tsudik is a Fulbright Scholar, Fulbright Specialist (twice), a fellow of ACM, a fellow of IEEE, a fellow of AAAS, and a foreign member of Academia Europaea. From 2009 to 2015 he served as Editor-in-Chief of ACM Transactions on Information and Systems Security (TISSEC, renamed to TOPS in 2016). Gene was the recipient of 2017 ACM SIGSAC Outstanding Contribution Award. He is also the author of the first crypto-poem published as a refereed paper.

Seminar title: Formally Verifying Remote Attestation for Simple Embedded Devices

Remote Attestation (RA) is a security service that allows a trusted verifier (Vrf) to measure the software state of an untrusted remote device -- Prv. If correctly implemented, RA allows Vrf to remotely detect if Prv is in an illegal or compromised state. Although several RA architectures have been proposed, little attention has been devoted to their verifiability and security guarantees that can be derived through formal verification of RA architectures. In this talk we introduce VRASED: Verifiable Remote Attestation for Simple Embedded Devices. VRASED instantiates a hybrid (HW/SW) RA co-design aimed at low-end embedded systems, e.g., simple IoT devices. Since VRASED security properties must be jointly guaranteed by HW and SW, verification is a challenging task, which has never been attempted before in the context of RA. Besides being the first formally verified RA scheme, VRASED is the first formally verified HW/SW implementation of any security service. VRASED’s publicly available implementation is realized on Basys3 FPGA and requires 16x fewer Look-Up Tables and 36x fewer registers than the cheapest pure HW-based RA design.

Visit Homepage






Dr. Spiros Antonatos

Spiros Antonatos is currently a research manager at Tenable. His industrial experience is mostly focused on security, data privacy and high-performance network monitoring. He has received his PhD from Computer Science Department, University of Crete. Prior to Tenable, he was a research scientist and manager at IBM Research – Dublin where he worked on data privacy at scale. He was the Principal Investigator for IP deals with external customers as well as internal joint programs, mostly in the healthcare and financial space. During his IBM tenure he authored 4 conference papers and 12 patents. During his 8-year experience as a research assistant at the Institute of Computer Science, Foundation for Research and Technology Hellas (FORTH), he has authored and co-authored 24 conference papers and 4 journal papers regarding Web security, privacy/anonymization issues and network monitoring.

Seminar title: Network monitoring: is it still relevant for measuring our security posture?

In the recent years we observe two major trends regarding IT networks. The first one is the increasing adoption of encryption across communication channels (and predominantly Web). The second one is that OT and IoT networks converge with the traditional IT networks. One of the major questions that arise is how network monitoring can cope up with these two major trends. Is it still relevant? Shall it be considered as part of the security product investments? In this talk we will share some insights and techniques on how network monitoring can be used in today's landscape. We will deep dive into the security posture of OT and IoT networks, their interface with the IT world and the challenges we face for assessing their risk score. We will describe how we can tackle the encryption challenge and how we can detect threats on the wire even in the absence of clear-text traffic.

Visit Homepage

Dr. Petros Efstathopoulos

Example pic
Dr. Petros Efstathopoulos is currently the Global Head of Symantec Research Labs. He holds Ph.D. And M.Sc. degrees in Computer Science from the University of California, Los Angeles (UCLA) and a B.Sc. degree in Electrical and Computer Engineering from the National Technical University of Athens, Greece (NTUA). During his Ph.D. he worked on the Asbestos operating system, which introduced decentralized information flow control to contain the effects of bugs and provide improved security. Dr. Efstathopoulos has worked on the design and implementation of a variety of computer systems, including operating systems and kernel development, storage and file systems, security, distributed systems, virtualization, and systems networking. Since joining Symantec Research Labs in 2009 he has focused particularly on next-generation storage/backup systems, portable storage security, network security, privacy and identity. As a member of SRL he has authored multiple research papers and numerous patents.

Seminar title: The right to be protect: privacy research at Symantec Research Labs

The privacy and identity threat landscape is evolving rapidly, and it’s difficult for businesses or consumers to track and fully comprehend the implications. Personal data can affect our reputations, it can be used to exercise control over us and in the wrong hands, it can cause great harm. People need a partner to safeguard their identity and defend them from nefarious actors. They need help identifying the important elements of their digital life that need to be kept private and secure. Furthermore, enterprises, governments, and all organizations also have sensitive information that can be hacked. Businesses that operate utilizing sensitive data are at risk themselves of legal and financial repercussions. Enterprises must face their responsibilities to ensure business success while securing their assets and preserving privacy for customers and employees. In this talk we will explore some of the challenges that motivate privacy research and we will discuss a few possible directions to address such challenges.

Visit Homepage

Prof. Thorsten Holz (Ruhr-Universität Bochum, Germany)

Example pic
Thorsten Holz is a professor in the Faculty of Electrical Engineering and Information Technology at Ruhr-University Bochum, Germany. His research interests include technical aspects of secure systems, with a specific focus on systems security. Currently, his work concentrates on reverse engineering, automated vulnerability detection, and studying latest attack vectors. He received the Dipl.-Inform. degree in Computer Science from RWTH Aachen, Germany (2005), and the Ph.D. degree from University of Mannheim (2009). Prior to joining Ruhr-University Bochum in April 2010, he was a postdoctoral researcher in the Automation Systems Group at the Technical University of Vienna, Austria. In 2011, Thorsten received the Heinz Maier-Leibnitz Prize from the German Research Foundation (DFG) and in 2014 an ERC Starting Grant. Furthermore, he is Co-Spokesperson of the Cluster of Excellence "CASA - Cyber Security in the Age of Large-Scale Adversaries" (with C. Paar and E. Kiltz).

Seminar title: Advanced Fuzzing to Uncover Software Vulnerabilities

In recent years, randomized fuzz-testing has progressed rapidly, mainly driven by tools such as afl and lots of academic work on this subject. In practice, fuzzing is often superior to seemingly "smarter" approaches such as symbolic or concolic execution. We provide an overview of our recent results, including fuzzing hypervisors, grammar-based fuzzing of complex interpreters, and fuzz-testing of stateful systems. In total, the different methods enabled us to find hundreds of software bugs that lead to more than 50 CVEs.

Visit Homepage

Prof. Ioannis Iglezakis

Example pic
Ioannis Iglezakis is an Associate Professor of Law & Informatics at the School of Law in the Aristotle University in Thessaloniki (Greece) and an Attorney-at-law at the Thessaloniki Bar Association. He was elected as Director of the Department of History, Philosophy and Sociology of Law in the academic year 2016–2017, as a Member of the Office of the Dean of the School of Law of Thessaloniki, and as the Director of the Post-Graduate Programme: "Theory of Law and Interdisciplinary Legal Practice". He is widely published in Greece and has various publications in international legal reviews. His research interests include I.T. law, legal informatics, media law, economic and EU law. He is a member of the editorial team of Greek legal journals and has also edited several books published in English: Legal and Socioeconomic Aspects of Intrusion, IGI (2009); E-Publishing and Digital Libraries: Legal and Organizational Issues, IGI (2010); Values and Freedoms in Modern Information Law & Ethics. Proceedings of the 4th International Conference on Information Law and Ethics (2011); Proceedings of the 6th International Conference on Information Law and Ethics (2015); Cyberlaw in Greece, Kluwer Law International (2015); Legal Regulation of Cyber Attacks, Kluwer Law International (2016); Digital Tools for Computer Production and Distribution, IGI Publishing (2016); Media Law in Greece (2018).

Seminar title: Data Protection with regard to IoT in healthcare

The internet of things (IoT) presents many advantages in healthcare, as it allows patients to store their health data in mobile applications or wearable devices, which can be used for the detailed analysis of their health status and for providing individual health support. IoT devices, however, present many security risks and thus endanger patient’s right to privacy. As the GDPR (Regulation 2016/679) imposes enhanced responsibilities to data controllers and obligations for improving security of personal data processing, IoT devices should be designed to comply with the GDPR requirements, such as the principles of risk assessment and privacy by design and by default.

Visit Homepage

Prof. Dr. Eleni Kosta

Example pic
Prof. Dr. Eleni Kosta is full Professor of Technology Law and Human Rights at the Tilburg Institute for Law, Technology and Society (TILT, Tilburg University, the Netherlands). Eleni obtained her law degree at the University of Athens (Greece) and a Masters degree in Public Law at the same University. She then completed an LL.M. in legal informatics at the University of Hannover (Germany) and in 2011 she was awarded the title of Doctor of Laws at the KU Leuven (Belgium) with a thesis on consent in data protection. Eleni is conducting research on privacy and data protection, specialising in electronic communications and new technologies. She has been involved in numerous EU research projects and is teaching "Capita Selecta Privacy and Data Protection" at the LLM Law & Technology. In 2014 Eleni was awarded a personal research grant for research on privacy and surveillance by the Dutch Research Organisation (VENI/NWO). Eleni also collaborates as associate with timelex (

Seminar title: Human rights safeguards for mass surveillance: recent developments in the CJEU and ECtHR case law

In the aftermath of the Snowden revelations, the surveillance activities carried out by Law Enforcement Authorities and Security and Intelligence Agencies have been in the spotlight of national Courts, the Court of Justice of the European Union (CJEU) and the European Court of Human Rights (ECtHR). This lecture will introduce the audience to the recent case law of the CJEU and ECtHR and will discuss the human rights safeguards introduced in them. It will further reflect on pending UK cases and the potential impact of Brexit in relation to mass surveillance and human rights.

Visit Homepage

Prof. Arno R. Lodder

Example pic
Arno R. Lodder is a professor of Internet Governance and Regulation at Vrije Universiteit Amsterdam Department Transnational Legal Studies, Centre for Law and Internet), and Of Counsel at SOLV lawyers. In his research and lecturing he focuses on topics related to law and internet, such as liability, contracting, security, privacy, freedom of speech, cybercrime; and phenomena related to algorithms, big data, social media, cyberwar, internet of things, smart devices and apps. He has published over 30 (co-)edited and (co-)authored books, such as DiaLaw on Legal Justification and Dialogical Models of Argumentation (1999), Information Technology and Lawyers. Advanced Technology in the Legal Domain (2006), Enhanced Dispute Resolution Through the Use of Information Technology (2010), Cyberlaw in the Netherlands (2016), and EU Regulation of E-commerce (2017). He is involved in the Dutch legal master Internet, IP and ICT (2011-), the English Bachelor Minor Technology, Law, and Ethics (2017-), and the English legal master International Technology Law (2018-). His internet law group offers about 15 courses in Dutch/English on legal (and ethical) aspects of i.a. blockchain (master course as of 2018/19), robots and artificial intelligence (bachelor course as of 2017/18, master 2018/19), e-commerce, data protection, copyright, and cybercrime. He supervised over 100 master theses, and 7 Ph.D theses (currently 10 Ph.d students).

Seminar title: GDPR: data protection, no privacy

The rationale behind the right to privacy is the freedom from interference. The rationale behind data protection legislation is to condition interferences in order to legitimise the processing of personal data. The most relevant parts of the GDPR are discussed, in particular accountability (Article 5(2)), Data protection impact assessment (Articles 35-36), data protection by design and by default (Article 25), and security of processing (Article 32).

Visit Homepage

Prof. Kaveh Razavi

Example pic
Kaveh Razavi is an assistant professor of computer science at the VUSec group of the Vrije Universiteit Amsterdam. His research interests are in the area of system security and more broadly, computer systems. He regularly publishes at top systems and security venues (e.g., S&P, USENIX Security, SOSP/OSDI, etc.) and his research has won multiple industry and academic awards including multiple Pwnies and best papers.

Seminar title: Rowhammer Attacks and Defenses: Past, Present and Future

Recent years have shown that the basic principles on which we rely on for building secure computing systems do not always hold. DRAM, for example, is plagued with disturbance errors that can corrupt information across different security boundaries. In this talk, I will show the true impact of these flaws in real-world systems and discuss our ongoing efforts in mitigating them.

Visit Homepage

Bengt Sahlin

Example pic
Bengt Sahlin has an M.Sc. in Computer Science from Helsinki University of Technology (TKK). At TKK, he has also lectured on Modern Data Communications as well as on DNS and DNS security. He is a Certified Information Systems Security Professional (CISSP). Bengt has worked in the fields of data- and telecommunications for 23 years, mostly with security aspects. In 2000 he joined Ericsson where he has worked on mobile systems security and product security. He was also technical coordinator for Ericsson's security implementation projects. Bengt has been involved in standardization activities since 1997. He has been participating 3GPP, ETSI, GSMA and IETF activities. He was 3GPP TSG SA WG3 (security) chairman 2010-2013. Currently, Bengt is a Research Leader for the security group at Ericsson Research NomadicLab in Jorvas. Bengt has been active in external collaboration projects since 2007, including both national Finnish collaboration projects as well as projects on EU level.

Seminar title: Challenges with Security Assurance

The presentation will discuss the latest developments in the security assurance, including the 3GPP SECAM/GSMA NESAS work and the EU Cybersecurity Act. The presentation will then discuss the challenges with security assurance.

Visit Homepage

Prof. Stefano Zanero

Example pic
Stefano Zanero received a PhD in Computer Engineering from Politecnico di Milano, where he is currently an associate professor with the Dipartimento di Elettronica, Informazione e Bioingegneria. His research focuses on malware analysis, cyberphysical security, and cybersecurity in general. Besides teaching “Computer Security” and “Computer Forensics” at Politecnico, he has an extensive speaking and training experience in Italy and abroad. He co-authored over 90 scientific papers and books. He is a Senior Member of the IEEE, the IEEE Computer Society, and a lifetime senior member of the ACM. Stefano. He has been named a Fellow of ISSA (Information System Security Association) and sits in its International Board of Directors. A long time op-ed writer for magazines, Stefano is also a co-founder and chairman of Secure Network, a leading information security consulting firm based in Milan and in London; a co-founder of 18Months, a cloud-based ticketing solutions provider; and a co-founder of BankSealer, a startup in the FinTech sector that addresses fraud detection through machine learning techniques.

Seminar title: Securing Cyber-physical Systems: Moving Beyond Fear

Cyber-physical systems are attracting a lot of attention: attacks on connected cars received a lot of media exposure, as did attacks on industrial control systems, medical devices, and more generally on IoT devices. A lot of this interest is driven by vulnerability research (often in the form of "stunt hacking"). While useful and frankly engaging and attractive, this research does not really help answer the fundamental question of how to embed security analysis in design. In this talk, we will use automotive security as a case study to try to outline a risk-based design methodology that can be used to deal with our hyper-connected future.

Visit Homepage





Social event

Accepted posters, demos, and short talks

Important Dates