Department of Computer Science and Technology

Security Group

2021 seminars

Expand all Collapse all

If you can't find a talk you are looking for on this page, try the old archives.

View original pageView slides/notesRecording

23 February 14:00Dmitry goes to Hollywood: Criminal Excellence in (Cyber) La La Land / Luca Allodi, Eindhoven University of Technology

Webinar

Cyber-criminals and attackers at large have access to a wide range of technologies and techniques of varying sophistication to deliver attacks: from script-kiddie types of attacks employing automated and well-known exploits, to mature malware delivery platforms capable of crypting or packing malware at delivery time, and multi-stage, highly tailored social engineering attacks employing a large portfolio of targeting and psychological techniques. Yet, most cyber-criminal ventures are relatively un-interesting: dozens of underground market places exists, but which of those support technological innovation rather than mainly scam-for-scammers activities is currently hard to know. Similarly, yet another "Your mailbox is full, please click here to reset your password" phishing attack hardly makes the news, while we lack the tools to characterize much more sophisticated and innovative social engineering attacks targeting, for example, specific individuals across multiple attack stages.

In this talk we discuss what features characterize "cyber-criminal excellence", and distinguish it from "ordinary" Internet crime. Reflecting current attack trends, we focus on criminal markets and social engineering techniques: within both domains, we propose and discuss models and criteria to characterize relevant and highly innovative criminal ventures and sophisticated social engineering attacks which ought to be studied and understood, and showcase their application through real-world case studies.

RECORDING : Please note, this event will be recorded and will be available after the event for an indeterminate period under a CC BY -NC-ND license. Audience members should bear this in mind before joining the webinar or asking questions.

View original pageView slidesRecording

16 February 14:00A Liar and a Copycat: Nonverbal Coordination Increases with Lie Difficulty / Sophie van der Zee, Erasmus University Rotterdam

Webinar

Nonverbal coordination is the tendency to imitate the behaviors of others. Coordination can take place both on a conscious and a more unconscious or automatic level. How much people coordinate with their interaction partner, depends on several factors, including liking and common goals. There is some evidence that the coordination occurrence is also affected by cognitive load. So far, this has only been demonstrated in isolated body part movement. A forensically relevant setting that is strongly associated with increased cognitive load is deception. Lying, especially when fabricating accounts, can be more cognitively demanding than truth telling. In two studies, we demonstrate that interactional nonverbal coordination increases under the cognitive load of lying. Nonverbal coordination is an especially interesting cue to deceit because its occurrence relies on automatic processes and is therefore more difficult to deliberately control. Our findings complement current deception research into the liar’s nonverbal behavior by explicitly considering the interaction with the interviewer. Our findings extent the current literature on increased reliance on automated processes by demonstrating that nonverbal coordination can be such an automated process that is affected by increased cognitive load. The use of motion capture technology provides a novel, objective and efficient means of measurement.

RECORDING : Please note, this event will be recorded and will be available after the event for an indeterminate period under a CC BY -NC-ND license. Audience members should bear this in mind before joining the webinar or asking questions.

View original pageRecording

09 February 14:00Cybersecurity Risk to Hospitals from Building Services / Sheryn Gillin, University of Cambridge

Webinar

Human error and the vulnerability of clinical devices are perceived as the foremost cybersecurity risks in the critical infrastructure sector of Healthcare; this limited view, however, overlooks the possible disruption due to a malicious actor accessing the network or systems that maintain the environmental conditions within a healthcare facility. Operating theatres, laboratories, pharmacies, sterile stores and imaging equipment have stringent environmental requirements. To achieve these conditions, chilled water and ventilation must function within set tolerances; any divergence could significantly impact a hospital due to cancelled surgeries or diagnostic procedures, an MRI quench or the need to dispose of sterile products. Focussing on the systems required to maintain the environment within these specialist rooms, the vulnerabilities, threats, risks and impacts were investigated using based on four case study hospitals in Canada and the UK.

RECORDING : Please note, this event will be recorded and will be available after the event for an indeterminate period under a CC BY -NC-ND license. Audience members should bear this in mind before joining the webinar or asking questions.

View original page

26 January 16:00Towards Provable Physical Safety Against False Actuation Attacks in CPS / Alvaro Cardenas, University of California, Santa Cruz

Webinar

The vulnerability of cyber-physical systems (CPS) is a growing area of concern, and in the past decade, researchers have proposed a variety of security defenses for these systems. Most of these proposals are heuristic in nature, and while they increase the protection of their target, the security guarantees they provide are unclear. In this talk we discuss two different approaches for modeling the security guarantees of a cyber-physical system against arbitrary false command attacks. The first part of the talk discusses the idea of providing physical protections by saturating actuators, and the second part of the talk discusses how to use barrier certificates to prove safety of a real-world system. Our work is an effort to move forward CPS security research towards precise definitions, precise claims, and provable security.

RECORDING : Please note, this event may be recorded and may be available after the event for an indeterminate period under a CC BY -NC-ND license. Audience members should bear this in mind before joining the webinar or asking questions.