Research
This is the portfolio of projects DIES is currently involved in.
Information about completed or discontinued projects is still
available.
National funding
| |
ALwEN: Ambient Living with Embedded Networks
|
DEVLAB/DIES collaboration, funded by SenterNovem under project nr. PNE07007
Duration: January 2008 until December 2010
Contact: Zheng Gong
Ambient Living with Embedded Networks, the combination of Body Sensors, Ambient Sensors, Wireless Networks and Telemedicine implements a novel approach to zeroth, first and second line care and addresses the widely recognized fact that care must be organized differently.
Further information: http://www.alwen.nl/, publications.
|
| |
CASTOR: Controlling Access to SCADA Networked Systems
|
Funded by MinBZK
Duration: April 2011 until September 2012
Contact: Sandro Etalle
The objective of CASTOR is the study of a medium-cost, non-intrusive, vendor-independent access control technology that can be employed to protect SCADA systems from inside attackers. Added value of CASTOR is that it can also prevent accidental misuse.
|
| |
HERMES: Host-based Event Mining in SCADA systems
|
Funded by MinBZK
Duration: March 2010 until March 2011
Contact: Sandro Etalle
The objective of HERMES is to develop a technology for analyzing SCADA event logs in a way that will allow system supervisors to detect anomalies. These anomalies could indicate possible disruptive and abusive actions. HERMES will focus on new techniques to analyze system event logs and to correlate logged events.
| |
Kindred Spirits: Privacy Enhanced Social Networking
|
TUD/ICT/DIES collaboration, funded by STW/Sentinels under project nr. 10527
Duration: October 2009 until October 2013
Contact: Qiang Tang
Computers, handhelds and networks are the fabric that builds the ubiquitously connected world.In such a world, interaction between groups of people is increasingly augmented by beingconnected through one or more social networks on the internet. The connected user expects thesocial network to provide the same level of privacy protection as in a real-life interaction. Theproblem that we address is building social networks of users with similar interests (i.e., kindredspirits) in such a way that (1) users are matched to one another and (2) various levels of personalprivacy are respected when the user enters or leaves social networks.
Further information: http://www.ksproject.nl/, publications.
|
| |
MIDAS: Intrusion detection for SCADA
|
Funded by MinBZK
Duration: March 2010 until March 2014
Contact: Sandro Etalle
The objective of MIDAS is the study of a new type of network intrusion detection and response platform specific for SCADA. Present network intrusion detection systems are signature-based, and this makes them unsuitable to detect attacks against SCADA networks. This happens because the development of new signatures cannot be done timely and cost-effectively. MIDAS will study the use of new statistical methods for detecting attacks on SCADA networks.
| |
SEDAN: Searchable Data Encryption
|
TU/e/DB/DIES collaboration, funded by STW/Sentinels under project nr. EIT.7630
Duration: January 2007 until January 2011
Contact: Svetla Nikova
Nowadays, personal data is stored at very diverse places. Consider, for instance, the emails handled by free web mail services, the personal preferences in an Ambient Intelligence setting, or medical data (e.g. the Dutch electronic patient record). In our increasingly connected world, personal data is often outsourced to external servers, some servers may even be in other countries. This development raises concerns about the security and privacy of those data. The results of this project will allow us to address these concerns by storing the data in an encrypted format such that unauthorized parties (the storage server may even be one of them) cannot read the data, while still allowing efficient querying of the data by authorized parties. Building trust and confidence as well as enabling secure data access is paramount in this setting. With XML becoming the dominant standard for describing and exchanging data, a huge amount of XML-formatted data is being produced, outsourced, and manipulated by different applications across multiple enterprizes on the Internet. The need to protect outsourced data from being disclosed and/or tampered with is growing rapidly. A typical technique for achieving security is to distribute and outsource data in encrypted form. However, this usually implies that one has to sacrifice efficiency for the obtained security. In this project, we aim to bring the worlds of security and data management closer to each other. In particular, we will focus on efficient querying of encrypted XML data, where the major challenge lies in the development of techniques that deal with the seemingly contradictory requirements of security and efficiency. The main objective of this project is to build a multi-user database system capable of searching in encrypted data with powerful nested query capabilities.
Further information: http://www.win.tue.nl/dw/cc/SEDAN/, publications.
| |
SPCMHD: Secure Patient-Centric Management of Health Data
|
Philips/DB/DIES collaboration, funded by Philips Research under project nr. RWC-EP-061-07156-gvg
Duration: November 2007 until November 2011
Contact: Qiang Tang
Digitisation of healthcare data leads to new applications such as for example personal healthcare systems. In such applications various parties exchange healthcare data over open network infrastructures. This results in security and privacy concerns that need to be addressed. The focus of the research is on the development of novel security techniques that address the specific requirements of healthcare data management.
Further information: http://spcmhd.ewi.utwente.nl/, publications.
| |
Natural Teggs: Egg Classification
|
Philips/DB/DIES collaboration, funded by SenterNovem under project nr. PID091043
Duration: October 2009 until October 2011
Contact: Richard Brinkman
The objective of the Natural Teggs project is to design and implement a system that can be used to track and trace fresh eggs from the farm to the supermarket.
| |
VISPER: The VIrtual Security PERimeter for digital, physical, and organisational security
|
IS/DIES collaboration, funded by STW/Sentinels under project nr. TIT.7628
Duration: January 2007 until January 2011
Contact: Wolter Pieters
The security perimeter, which once was simply defined as the fence around the premises of an organisation, is becoming increasingly flexible and adaptable to the environment and the circumstances. We call this process re-perimeterisation (ReP). The effects of ReP are felt in the digital domain (where data moves from organisation to organisation through networks), the social domain (where one individual may play a variety of roles in cooperating organisations) and the physical domain (where appliances such as mobile phones and laptops move around). Re-perimeterisation brings about new security risks because of the difficulty of keeping the domains aligned. For example, stealing a laptop (social domain) with a motion sensor triggers an alarm (physical domain), which then selects a security policy that blocks access to all sensitive data (digital domain). By making the security perimeter explicit in business processes, security policies and security mechanisms, we intend to foster alignment of the three domains. This would then mitigate the risks of ReP.
Further information: http://visper.eemcs.utwente.nl/, publications.
| |
VRIEND: Value-Based Security Risk Mitigation in Enterprise Networks that are Decentralized
|
IS/DIES collaboration, funded by STW/Sentinels under project nr. TIT.7635
Duration: January 2007 until January 2011
Contact: Ayse Morali
In industrial practice, security engineering is risk management: how to mitigate security risk given a finite budget? Today the IT of a business is connected to that of others in a value web of business partners, suppliers and customers, each of whom has its own confidentiality, integrity and availability requirements. This creates new security challenges, because there is no central decision-making authority in these networks. The question to be investigated in VRIEND is how to extend current risk management practices with methods and techniques to deal with security risks in decentralized networks. We will investigate this, firstly, by developing methods and techniques to build up a security baseline for a value web, which is a set of security patterns agreed upon by members of a value web, of which the risk-mitigating properties have been quantitavely specified, and which are related to business goals and external legislation that therse patterns help to achieve. Secondly, we will develop quantitative techniques for security architecture design in decentralized networks, by means of which in a business project can compose the security mechanisms in the baseline into a security architecture of the business project result. In a value web where each business has its own commercial interests, architecture design must use cost/benefit techniques to lead to agreement among different business partners. We will develop dynamic quantitative techniques, that allow businesses to incorporate the appearance of new security mechanisms, the occurrence of new threats or incidents, and of changes in security goals over time.
Further information: http://vriend.eemcs.utwente.nl/, publications.
University funding
| |
DSN: Dependable Systems and Networks
|
DACS/FMT collaboration, funded by CTIT
Duration: January 2007 until December 2009
Contact: Boudewijn Haverkort
An ICT-system is called dependable if reliance can justifiably be placed on the services it delivers. Despite long-standing efforts to achieve dependable systems for classical mission-critical type of systems, the solutions proposed in that field are not necessarily easy to transfer to the much broader class of ICT systems of today. The main aim of the program is therefore to develop new metyhods and tools for dependable ICT.
Further information: http://www.ctit.utwente.nl/research/sro/dsn/, publications.
| |
Istrice: Integrated Security and Privacy in a Networked World
|
DACS/DB/IS/SAS collaboration, funded by CTIT
Duration: January 2004 until December 2008
Contact: Pieter Hartel
This program aims at contributing to a comprehensive framework for the engineering, the deployment and the maintenance of secure distributed systems, in which existing and new techniques are harmonized and integrated.
Further information: http://www.ctit.utwente.nl/research/sro/istrice/, publications.
| |
Prosecco: Next Generation Protection and Security of Content
|
DB/IS/SAS/FW&T collaboration, funded by UT
Duration: July 2004 until June 2008
Contact: Sandro Etalle
The aim of Prosecco is to contribute to scientifically well-founded engineering methods for secure systems design, focusing on content protection systems. The objectives are to: (1) Establish the theoretical basis for the next-generation content protection systems, by a theory based on digital and physical protection mechanisms; (2) Develop an architecture offering protection of secure digital asset delivery, respecting the user's privacy and going beyond the limitation of present multimedia delivery systems; (3) Develop the policies and the new business models belonging to the next generation digital asset protection systems; (4) Study human aspects and societal impact of the introduction of such an architecture.
Further information: http://wwwes.cs.utwente.nl/security/.
| |
S3CADA: Secure and Survivable SCADA
|
DIES/DACS collaboration
Duration: August 2009 until August 2013
Contact: Damiano Bolzoni
We will study the vulnerability of SCADA networks, and we will develop an intrusion detection system specifically tailored for it (inspired by our earlier work on intrusion detection in the internet). Furthermore, we will study in depth the interplay between security and system dependability and survivability, thus giving insight in the trade-offs between security protection (costs) and the gains obtained from a production perspective (in our case, high-quality drinking water production). The study of this interplay (between security and dependability) is unique for SCADA systems.
Further information: , publications.
|
