Dmytro Piatkivskyi – COINS https://coinsrs.no Research School of Computer and Information Security Wed, 01 Sep 2021 06:25:41 +0000 en-US hourly 1 https://wordpress.org/?v=4.9.8 ISC 2015 : The Eighteenth Information Security Conference https://coinsrs.no/isc-2015-the-eighteenth-information-security-conference/ Fri, 11 Sep 2015 05:00:35 +0000 https://coinsrs.no/?p=10415 COINS supported Tetiana YaryginaHåkon Gunleifsen, Martin Strand and Yi-Ching Liao to attend the ISC conference in Trondheim. Here are their travel reports:

Yarygina_ISC2015

håkon_broa

]]>
Jan Roksvold graduated https://coinsrs.no/jan-roksvold-graduated/ Tue, 08 Sep 2015 05:00:41 +0000 https://coinsrs.no/?p=10382 Continue reading ]]> A COINS member, Jan Roksvold, has publicly defended his Ph.D. thesis titled “Some combinatorial invariants determined by Betti numbers of Stanley-Reisner ideals”. The defense took place at University of Tromsø 8th of September.

Evaluation Committee:

  • Associate Professor Johan Peder Hansen from Department of Mathematics at Aarhus University (1st opponent)
  • Maître Assistant Relinda Jurrius from Institut de mathématiques at the University of Neuchatel, Switzerland (2nd opponent)
  • Professor Boris Kruglikov, Department of Mathematics and Statistics at the University of Tromsø – Norway’s Arctic University (internal member and committee chairman)

Supervisor:

  • Professor Trygve Johnsen, Department of Mathematics and Statistics, Faculty of Science and Technology

Head of disputation:

  • Dean Morten Hald, Faculty of Science and Technology

Congratulations!

]]>
Simona Samardjiska graduated https://coinsrs.no/simona-samardjiska-graduated/ Mon, 22 Jun 2015 06:35:54 +0000 https://coinsrs.no/?p=10022 Continue reading ]]> Simona_SamardjiskaSimona Samardjiska successfully completed her trial lecture and PhD thesis defence on Mon Jun 22 2015 and will be awarded the degree of Doctor of Philosophy (Telematics).

The title of her thesis is “Multivariate public key cryptosystems produced by quasigroups” and the given topic for her trial lecture was “What is a quantum computer and what are the relations to cryptology?”.

The following committee had been appointed to evaluate her thesis, trial lecture and defence:

  • Prof. Carlos Frederico Cid, University of London
  • Prof. Ales Dràpal, Charles University of Prague
  • Prof. Stig Frode Mjølsnes, Department of Telematics, NTNU
  • Prof. Stig Frode Mjølsnes, Department of Telematics, NTNU, had been appointed as the administrator of the assessment committee.

Simona Samardjiska carried out her PhD work at the Department of Telematics, NTNU. Her main supervisor was Prof. Danilo Gligoroski.

Congratulations!

]]>
Anika Pflug graduated https://coinsrs.no/anika-pflug-graduated/ Mon, 22 Jun 2015 05:00:49 +0000 https://coinsrs.no/?p=9924 Continue reading ]]> Anika Pflug defended her doctoral thesis in Information Security at Gjøvik University College (GUC) on Friday 19th of June. Pflug is associated to NISlab (Norwegian Information Security laboratory) at Gjøvik University College. The dissertation is titled “Biometric Identification using 2- and 3- Dimensional Images of Human Ears”.

The outer ear is an emerging biometric trait disputas_anika_pflueg_2that has drawn the attention of the research community for more than a decade. The unique structure of the auricle is long known among forensic scientists and has been used for the identification of suspects in many cases. The next logical step towards a broader application of ear biometrics is to create automatic ear recognition systems.

This work focuses on the usage of texture (2D) and depth (3D) data for improving the performance of ear recognition. It compares ear recognition systems using either texture or depth data with respect to segmentation and recognition accuracy, but also in the context of robustness to pose variations, signal degradation and throughput.

The proposed ear recognition system is integrated into a demonstrator system as a part of a novel identification system for forensics. The system is benchmarked against a number of different datasets that comprise of 3D head models, mugshots and CCTV videos from four different perspectives. As a result of this work, limitations of current ear recognition systems are outlined and possible directions for future applied research are provided.

Congratulations!

]]>
Nils Ulltveit-Moe nominated for dissertation award https://coinsrs.no/nils-ulltveit-moe-nominated-for-dissertation-award/ Fri, 29 May 2015 15:41:22 +0000 https://coinsrs.no/?p=9871 Continue reading ]]> The COINS Research School of Computer and Nils Ulltveit-Moe photoInformation Security assembles 47 active Ph.D. students in security in Norway. Out of the 2014 graduates, Nils Ulltveit-Moe was nominated for the SIGSAC Dissertation Award with the thesis on “Privacy-enhanced network monitoring“.

The ACM Special Interest Group for Security Audit and Control (SIGSAC) had requested nominations for this year’s SIGSAC Doctoral Dissertation Award for Outstanding PhD Thesis in Computer and Information Security. This annual award by SIGSAC recognizes excellent research by doctoral candidates in the field of computer and information security. The SIGSAC Doctoral Dissertation Award winner and up to two runners-up will be recognized at the ACM CCS conference. The award winner will receive a plaque, a $1,500 honorarium and a complimentary registration to the current year’s ACM CCS Conference. The runners-up each will receive a plaque.

COINS wishes Nils Ulltveit-Moe luck in the further stages of the selection process.

]]>
COINS @CCIS board meeting presentation https://coinsrs.no/coins-ccis-board-meeting-presentation/ Fri, 20 Mar 2015 11:00:52 +0000 https://www.coinsrs.no/?p=9725 Continue reading ]]> Hanno Langweg gave a presentation on COINS for the CCIS board. CCIS is the Center for Cyber and Information Security at Gjøvik University College. Ph.D. students affiliated with CCIS partners account for almost half of all student members in COINS. Presentation and discussion focused on improving transition of Ph.D. students into the Norwegian job market and recruiting for Ph.D. positions in Norway.

]]>
Ijlal Loutfi attended NDSS https://coinsrs.no/ijlal-loutfi-attended-ndss/ Fri, 27 Feb 2015 16:55:38 +0000 https://coinsrs.no/?p=9876 Continue reading ]]> Ijlal Loutfi attended the NDSS symposium on network and distributed system security with COINS funding. The programme was very relevant to her research interests, especially in authentication. Discussing with active researchers in the field was greatly valuable. Attendance helped Ijlal to refine her research question, connect with international researchers, and make COINS more visible in the U.S.
For further information, please, read The 2015 Network and Distributed System Security Symposium NDSS Report

Ijlal USEC2015

 

]]>
COINS seminar on Multivariate Cryptography at UiB https://coinsrs.no/coins-seminar-on-multivariate-cryptography-at-uib/ Mon, 09 Feb 2015 06:00:44 +0000 https://www.coinsrs.no/?p=9635 Continue reading ]]> image001Simona Samardjiska held a seminar with Ph.D. students and researchers at the Selmer Center (University of Bergen). The topic was «Linear attacks in MQ cryptography».

In the past two decades, as a result of the advancement in quantum algorithms, the crypto community showed increasing interest in algorithms that would be potentially secure in the post quantum world. One of the possible alternatives are Multivariate Quadratic (MQ) public key cryptosystems based on the NP-hard problem of solving quadratic polynomial systems of equations over finite fields.Many different MQ schemes emerged over the years, most of which fall into two main categories – single field schemes, including UOV, Rainbow, STS, the MQQ family of cryptosystems, and mixed field schemes including C*, SFLASH, HFE. Unfortunately, most of them have been successfully cryptanalysed using three major types of attacks:
– MinRank attacks – based on the problem of finding a low rank linear combination of matrices;
– Equivalent Keys attacks – based on finding an equivalent key for the respective scheme.
– Differential attacks – based on specific invariants of the differential of a given public key.

The seminar concentrated on the MinRank attacks and Equivalent Keys attacks on single-field MQ schemes. After an introduction in the topic, the focus was focus on:
– The new attack on the MQQ family of cryptosystems, that will be presented at PKC 2015. The MQQ family of cryptosystems (the name coming from Multivariate Quadratic Quasigroups being used in the design) show especially good performance properties. In particular, the MQQ-SIG signature scheme is the fastest scheme in the ECRYPT benchmarking of cryptographic systems (eBACS). We show that both the signature scheme MQQ-SIG and the encryption scheme MQQ-ENC, although using different types of MQQs, share a common algebraic structure that introduces a weakness in both schemes. We use this weakness to mount a successful polynomial time key-recovery attack that finds an equivalent key. Our theoretical results work in characteristic 2 which is known to be the most difficult case to address in theory for MinRank attacks. Futher, the attack can be applied to any MQ scheme, that exibits linear subspaces. From a practical point of view, we are able to break an MQQ-SIG instance of 80 bits security in less than 2 days, and MQQ-ENC instances of 128 bits security in little bit over 9 days.
– The generalization of the attack on other schemes in MQ cryptography. We will show how this attack extends to a new general framework for the security of MQ schemes with respect to attacks that exploit the existence of linear subspaces. For the purpose, we have adopted the linearity measures that have been used traditionally to estimate the security of symmetric cryptographic primitives, namely, the nonlinearity measure for vectorial functions introduced by Nyberg, and the (s, t)-linearity measure introduced recently by Boura and Canteaut. We redefine some properties of MQ cryptosystems in terms of these known symmetric cryptography notions, and show that our new framework is a compact generalization of several known attacks in MQ cryptography against single field schemes. We use the framework to explain various pitfalls regarding the successfulness of these attacks. Finally, we argue that linearity can be used as a solid measure for the susceptibility of MQ schemes to these attacks, and also as a necessary tool for prudent design practice in MQ cryptography.

]]>
Security Divas 2015 https://coinsrs.no/security-divas-2015/ Sat, 17 Jan 2015 07:44:25 +0000 https://www.coinsrs.no/?p=9797 Continue reading ]]> image001NorSIS organised «Security Divas» for the fifth time in Gjøvik, 15th and 16th January 2015. There were approximately 110 female participants from across the country this year. One of the speakers was Sofie Nystrøm, member of the COINS academic advisory board.

Why it is necessary to have a women’s conference is to recruit women to the security industry – both in terms of education and to seek exciting jobs in an industry that will be of great importance in the future (digitization of our society). The conference is to ensure diversity and balance in this industry. To create an arena where women can gather – such as with Security Divas – should also motivate, engage and inspire more women to participate in this industry.

COINS supported Ambika Chitrakar and Yi-Ching Liao to participate in Security Divas.

]]>
Oleksandr Kazymyrov graduated https://coinsrs.no/oleksandr-kazymyrov-graduates/ Fri, 12 Dec 2014 22:08:52 +0000 https://www.coinsrs.no/?p=9541 Continue reading ]]> img_1479Another COINS student, Oleksandr Kazymyrov, has graduated having defended his doctoral thesis on «Methods and Tools for Analysis of Symmetric Cryptographic Primitives». The defence took place at University of Bergen on the 1st of December, 2014. Six weeks before that, Oleksandr performed a trial defence at the COINS Ph.D. student seminar in Tromsø.

There are many services nowadays that require secure transmission of large amounts of data. For that purpose special algorithms for symmetric cryptography are used. Such types of cryptographic primitives were scrutinized in the thesis. The focus of the research was on block ciphers, stream ciphers, hash functions and the components they are built of. The thesis proposes several methods to assess the reliability of cryptographic algorithms against a variety of modern attacks. It also proposes several criteria to improve resistance ratio. A piece of software was developed as a proof of img_1483concept of the theoretically achieved results. The block cipher and the hash function developed in the research will be implemented in the Ukrainian natioal standards from 2015.

Oleksandr Kazymyrov was born in Ukraine in 1987. He studied information security at Kharkiv National University of Radio Electronics in 2005-2009, and received master’s degree in information security in computer systems and networks in 2010. The doctoral work, begun in 2011, has been performed at the Department of Informatics at the University of Bergen.

]]>
Spanish Cybercamp https://coinsrs.no/spanish-cybercamp/ Mon, 08 Dec 2014 06:00:08 +0000 https://www.coinsrs.no/?p=9598 Continue reading ]]> The Spanish National Cybersecurity Institute INCIBEimg_20141205_192308 organised a CyberCamp in Madrid 5-7 December 2014. COINS supported Andrii Shalaginov, Mohsen Toorani, and Vivek Agrawal to participate in the event. The CyberCamp provided lecture, tutorials, a hackathon, reverse engineering, and a doctoral symposium.

img_20141206_160307

Here are their travel reports:
by Vivek Agrawal
by Andrii Shalaginov
]]>
COINS team participates in hack.lu 2014 CTF competition https://coinsrs.no/coins-team-participates-in-hack-lu-2014-ctf-competition/ Thu, 23 Oct 2014 09:20:44 +0000 https://www.coinsrs.no/?p=9548 Continue reading ]]> wp_20141014_010More COINS students than ever got together to participate in the hack.lu Capture the Flag (CTF) competition from 21st to 23rd October 2014. In an effort to practice their skills in applied IT security, seven COINS students formed a team and competed with 580 teams worldwide for 48 hours. The goal of this „Capture the Flag“ (CTF) competition was to solve several challenges in information security. The tasks ranged from web application vulnerabilities, SQL injection, reverse engineering to cryptography.

Many of the competitors had experience from earlier competitions. At the COINS Ph.D. student seminar last week, the COINS team decided to take part without any special preparation. They finished among the top 50% of all teams. Owing to extensive research project obligations, most team members could only dedicate time in the beginning of the two-day competition. The COINS team reflected the distributed nature of COINS with students being based in four locations (Gjøvik, Grimstad, Oslo, and Trondheim) and communicating by text messaging and video conference.

Congratulations, Ambika, Andrii, Chris, Huihui, Ijlal, Vivek, and Yi-Ching!

]]>
National seminar on research schools 20/21 October 2014 https://coinsrs.no/national-seminar-on-research-schools-2021-october-2014/ Tue, 21 Oct 2014 10:29:26 +0000 https://www.coinsrs.no/?p=9569 Continue reading ]]> The Research Council of Norway (RCN) invited delegates from all 21 existing research schools funded under various of RCN’s schemes to the annual seminar. COINS participated with steering committee members Stig Frode Mjølsnes (NTNU), Vladimir Oleshchuk (UiA) and Pankaj Pandey (elected first student representative). Stig Frode Mjølsnes gave a quick overview of past highlights and of upcoming activities in COINS.

Slides from the presentation.

]]>
Chunlei Li graduated https://coinsrs.no/chunlei-li-graduated/ Wed, 08 Oct 2014 18:40:52 +0000 https://www.coinsrs.no/?p=9281 Continue reading ]]> Chunlei Li is the second COINS student who has graduated this year. The thesis defense took place at the University of Bergen on Monday 16th of June. Title of the dissertation: “Sequences and Linear Codes from Highly Nonlinear Functions”. The dissertation itself can be found by following the link.
chunlei_li

In digital communication data is represented with ones and zeros (binary form). Binary sequences that have good properties are essential to increase robustness and reduce likelihood of errors in modern communication systems. Whole family of binary sequences with good mutual “correlation properties” is used in modern CDMA systems. Such sequences can also be used to construct error correcting codes. They correct errors that occur during transmission (or storage) of data that is susceptible to noise. The binary sequences also have many important applications in cryptography and are therefore of great importance for achieving secure and reliable communications.

A fundamental problem is to construct families of good sequences. A method for constructing both sequence families, error correcting codes and cryptographic systems, with desired properties is by using non-linear functions. The thesis studies special classes of “perfect” (PN) or “almost perfect” (APN) non-linear functions and shows how these features can be used to create new sequence families and classes of codes with optimal error correcting properties. A mathematical analysis of the new sequence families and codes which were constructed in the study shows promising results.

Congratulations!

]]>
Andrii Shalaginov approaches access control as a data streams mining problem https://coinsrs.no/andrii-shalaginov-approaches-access-control-as-a-data-streams-mining-problem/ Mon, 06 Oct 2014 09:56:43 +0000 https://www.coinsrs.no/?p=9559 Continue reading ]]> 19The Summer School was organized by the SFB 876 research center at the TU Dortmund, Germany, during the 29.09. – 02.10.2014. It was focused towards the Machine Learning application using multi-core parallel optimization under constraints of the limited resources. The target group of the school were mostly PhD students from different areas of research that are using ML in their work. On the first day it was given a presentation by Céline Robardet on the graph theory and how it can be applied in case if mining of huge datasets are needed. Then, the presentation of the Streams framework was given. This framework allows to create a ”pipe” and feed any data including numerical series with random distributions or even images. Then, two-sessions lecture on k-means clustering was given. In fact we learned that the k-means can be formulated as a factorization of the matrix in a way X = W · H, where the main optimization problem is to find corresponding matrices W and H under defined constraints, which is not a trivial task. The factorization can be beneficial when it comes to the compression of the storage size that is needed to store the matrix. At the beginning of the second day the Jian-Jian Chen presented results on the scheduling methodology to reduce the overall time of client-server execution. It comes into place when so-called ”thin clients” require to execute set of granular tasks both remotely on the powerful server and locally. Then, the tasks execution has to be planned according to deadlines and required responses. Finally, the privacy learning using Information Theory was provided. By the end it was shown that by means of Entropy and other metrics it is possible to deduce the private information from anonymous datasets.

The third day was devoted to investigation the advantages/disadvantages of multi-core systems. In particular, it was shown that many cores on a lower speed will execute tasks with less power consumption than a single one. Some limitations on the efficiency and cache size were given. Then, Rich Caruana from Microsoft presented an extensive study of different ML models including ensemble classifiers with boosting and bagging. The accuracy of huge number of different combinations of classifiers and datasets were given. Also Deep Learning was investigated in terms of efficiency and model complexity. It was concluded that there is no need to build complex models in order to achieve better and faster results. In fact the model compression is a trade-off. The day was finished by the streams framework explanations together with useful examples of usage. The fourth day consisted of application of ML for astroparticle detectors using Android phones first and then simulating it on the Streams framework.

The main outcome from attending the summer school for me is in the broad understanding the data streams mining and corresponding mechanisms for parallel optimization in Machine Learning. Also a view on model compression in Neural Networks for Big Data was uniquely useful. The attendance was beneficial since I have got multiple ideas for my current work on access control as a data streams mining problem. Moreover, networking was important as well as bringing new international connections. Finally, people wonder a lot about the COINS research school because of t-short, yet nobody knew that it exists.

]]>
ECTS for COINS events https://coinsrs.no/ects-for-coins-events/ Sat, 19 Jul 2014 14:08:56 +0000 https://www.coinsrs.no/?p=8401 Continue reading ]]> HIG is the first COINS consortium member to get approval for the course descriptions covering COINS events. HiG’s Ph.D. students that have registered for COINS can now formally include these courses as part of the taught component of their Ph.D. training. As agreed in the COINS Steering Committee, all consortium members promote equivalent course descriptions to become available under local course codes. The COINS Ph.D. Student Seminar in Tromsø 13-15 October will be the first opportunity to get participation formally credited.

For the full description of the approved courses follow these links:
COINS Winter School
COINS Summer School
COINS Workshop

]]>
COINS supports the Ph.D. movie sequel Kickstarter project https://coinsrs.no/coins-supports-the-ph-d-movie-sequel-kickstarter-project/ Fri, 04 Jul 2014 09:25:15 +0000 https://www.coinsrs.no/?p=9554 Continue reading ]]> The Norwegian Research School of Computer and Information Security (COINS) backs the Kickstarter project to produce a sequel to the famous and popular Ph.D. movie, based on the comic series by Jorge Cham. COINS supports the project as an Associate Producer.

We will increase international awareness of COINS as a research school and as a portal to Ph.D. training in information security in Norway. The Ph.D. movie sequel is expected to be watched by candidates for Ph.D. positions as well as by current Ph.D. students and faculty alike.

f5be9141d169d46d5d1f25c758f57d07_large

]]>
Nils Ulltveit-Moe graduated https://coinsrs.no/nils-ulltveit-moe-graduated/ Fri, 25 Apr 2014 11:59:56 +0000 https://www.coinsrs.no/?p=7968 Continue reading ]]> Nils Ulltveit-Moe defended his Ph.D. dissertation at the University of Agder (UiA) 8 April 2014.

imgp0533

Data surveillance techniques can be problematic from a privacy perspective, even if the intentions behind the surveillance might be commendable.

Surveillance of computer systems is often used to identify cyber attacks, identify violation to internal IT policies or to perform data retention according to legal requirements.

One of the main problems is that surveillance frequently lacks transparency concerning what indeed is being monitored, who have access to this information, and if side information from the surveillance can be used for other purposes than planned. In addition, information about what is being monitored by computer security companies is usually kept secret for business reasons. Another reason is that information about what is being monitored also may hurt the security of the company if attackers learn which strategies that are being used against cyber attacks.

For some businesses, especially critical infrastructures like health institutions, power grids and transport systems, it is still important to know what kind of information that is being monitored, and make sure that person sensitive or confidential information to as small as possible degree leaks to organisations performing monitoring of computer networks, especially when such operation is being outsourced. This often causes a dilemma between the need for protecting sensitive information and efficient methods for detecting computer attacks.

The dissertation amongst others describes a method for reversible anonymisation of sensitive information from computer monitoring systems, a privacy leakage metric based on Shannon entropy, and how these techniques can be used together in an improvement process which reduces leakage of sensitive information over time.

The research is being continued in the EU-projects PRECYSE and SEMIAH.

PRECYSE is a security project which is researching methods for protecting critical infrastructures against cyber attacks.

SEMIAH, which started 1. march 2014, is developing a secure and privacy friendly infrastructure for virtual power plants, which make profit from matching power consumption with production of renewable energy by moving power consumption in time.

Biographynils-ulltveit-moe-foto-kjerringa-1000.jpg_fullwidth

Nils Ulltveit-Moe is from Moe in Gjerstad municipality in Aust-Agder, Norway. He got a bachelor degree in Telematics from Agder Ingeniør- and Distriktshøgskole (now University of Agder) in 1988 and master in Information Technology from Høgskolesenteret i Rogaland (now University of Stavanger) in 1990. He has worked as software developer for Ericsson and has later worked with computer security for Proseq AS which now is acquired by Telenor Security Operations Center.

He has been assistant professor at UiA since 1998, and has previously participated in the EU project EIAO which did research on large-scale automatic measuring of accessibility to web pages for disabled people. He has since 2009 worked with a PhD related to privacy-enhanced network monitoring, and does now work as assistant professor and work package leader for the EU projects PRECYSE and SEMIAH.

The PhD work is supported by Telenor, the PRECYSE project with contract number FP7-SEC-2012-1-285181 (www.precyse.eu) and UiA.

]]>
Security Divas 2014 https://coinsrs.no/security-divas-2014/ Thu, 06 Mar 2014 18:24:18 +0000 https://www.coinsrs.no/?p=7264 Continue reading ]]> image001“The competence of these IT students is very important”, said senior consultant Tone Hoddø Bakås of the Norwegian Centre for Information Security (NorSIS) at the information security conference Security Divas.

Security Divas is an information security conference with and for women that work with information security and ICT. The conference took place 16th and 17th of January at Strand Hotell in Gjøvik, and had remarkable female presenters in information security. One of them was Yi-Ching Liao, COINS student member, with a talk on security incident investigation.

Main topics of the conference were a description of the threat situation, handling of and examples of incidents and challenges related to reporting of events.

Berglind Smaradottir, COINS student member, said: “It was a nice event that gathered over 100 ladies working with information security. The topics at the conference covered aspects of information security in society. The conference gave many possibilities for networking and as a Ph.D. research fellow I established contact with other researchers that provided me with information on relevant research conferences in security. Thanks for the funding from COINS for the conference Security Divas.”

]]>
COINS student Waqas Aman receives best paper award https://coinsrs.no/coins-student-waqas-aman-receives-best-paper-award/ Fri, 27 Dec 2013 08:19:17 +0000 https://www.coinsrs.no/?p=6340 Continue reading ]]> Waqas Aman photo

The paper written by Waqas Aman (picture on the right) who was supervised by Einar Snekkenes on “An Empirical Research on InfoSec Risk Management in IoT-based eHealth” won the best paper award.

img-20131121-01149

The picture on the left shows professor Einar Snekkenes, Waqas Aman’s co-author of the paper.

The paper can be found here.

COINS congratulates on the achievement.

 

]]>
COINS Steering Committee meeting 2013-12-18 https://coinsrs.no/coins-steering-committee-meeting-2013-12-18/ Fri, 06 Dec 2013 21:50:59 +0000 https://www.coinsrs.no/?p=6296 Continue reading ]]> video-conference-webcamDear COINS SC members,
you are invited to participate in SC meeting on Skype. The Steering Committee is the highest body of the consortium, and has responsibility for important strategic decisions, distribution of resources, shaping the budget etc.

Proposed agenda:

  1. Welcome to new SC members
    Pankaj Pandey and Ctirad Sousedik were elected as Ph.D. student representatives for the period 11/2013 to 10/2014.
  2. Agenda
  3. Meeting minutes of the SC meeting in Stavanger 2013-11-18
  4. Status, goals and milestones
    1. Tasks from previous meetings
    2. Admission of students
    3. coinsrs.no
  5. Review of Ph.D. student seminar
  6. Suggestions from FRISC Industrial Advisory Board
  7. SC members, students, supervisors – how to integrate supervisors better in COINS?
  8. Tromsø Ph.D. seminar/winter school 2014 prior to NordSec, Metochi summer school 2015
  9. Plans for 2014
    1. Student Researcher Grant
    2. COINS at Finse winter school
    3. Common course description for COINS activities, ECTS for COINS
    4. Overview and discussion of existing Ph.D. courses
    5. Sharing of teaching material
    6. Discussion of teaching methods in information security
    7. Ph.D. student seminar
    8. Academic Advisory Board 2014 in Finse (Monday) or in Tromsø with NordSec (Wednesday)
  10. Budget
  11. Report to RCN 1/10-2014
  12. Miscellaneous
]]>
Lisa Rajbhandari graduated https://coinsrs.no/doctoral-dissertation-lisa-rajbhandari/ Fri, 15 Nov 2013 22:36:45 +0000 https://www.coinsrs.no/?p=5959 Continue reading ]]> Lisa Rajbhandari is associated to NISlab (Norwegian Information Security laboratory) at Gjøvik University College. Title of the dissertation: «Risk Analysis Using “Conflicting Incentives” as an Alternative Notion of Risk»

lisa_rajbhandari

She is the second student affiliated with COINS Research School of Computer and Information Security that graduates with a Ph.D. degree.

The term risk usually means the outcome of events that may be hazardous or that may cause loss. In our daily life, we make decisions taking account of the “risk” we might face, e.g. when crossing the road, baking a cake, driving, etc. These decisions are guided by our intuitive sense and we feel we understand the underlying risks associated with these events. With an evolving nature of information systems environment e.g. social media, cloud, etc, there is also an increase in the number of threats. Thus, it is important that we can identify and determine risks logically, and this is where risk analysis comes into play. Risk Analysis is a systematic process or guidelines that usually consists of three steps: risk identification, risk estimation and risk evaluation.

This thesis contributes by developing a new approach for risk analysis: Conflicting Incentives Risk Analysis (CIRA). In CIRA, the stakeholders, their actions, and their perceived expected consequences are identified and used to characterize the risk situation. Risk is modeled in terms of conflicting incentives between the stakeholders in regards to the execution of actions. Thus, CIRA does not rely on the concept of incident likelihood, unlike most of the classical methods. Moreover, CIRA focuses on human related risks.

This dissertation also contributes by presenting the theoretical concepts of risk acceptance and rejection, addressing both threat and opportunity risks in the context of CIRA. Furthermore, an initial insight into how CIRA can be extended to risk management is given by explaining the risk treatment (response) measures for threat (opportunity) risks.

The picture above shows Lisa with the evaluation committe and the conductor of the public defense. Picture from left: Dean Terje Stafseng (conductor of public defense), Prof. Dr. Steven Furnell, Faculty of Science and Technology, School of Computing and Mathematics, Plymouth University (First external opponent), Lisa Rajbhandari, Prof. Dr. Stephen Wolthusen, Faculty of Computer Science and Media Technology, Gjøvik University College (Head of committee), Adj. Ass. Prof. Karin Sallhammar Bernsmed, NTNU, Research Scientist SINTEF (Second external opponent) and Prof. Dr. Stewart Kowalski, Faculty of Computer Science and Media Technology, Gjøvik University College (Internal opponent)

Congratulations!

DSC_0024The picture to the right shows Lisa Rajbhandari and Einar Snekkenes both wearing their COINS t-shirts.

]]>
National seminar on research schools 24/25 October 2013 https://coinsrs.no/national-seminar-on-research-schools-2425-october-2013/ Sat, 26 Oct 2013 07:56:09 +0000 https://www.coinsrs.no/?p=3033 Continue reading ]]> The Research Council of Norway (RCN) invited delegates from all 18 existing research schools funded under various of RCN’s schemes to the annual seminar. COINS participated with steering committee members Hanno Langweg (HiG), Audun Jøsang (UiO) and Ragnar Soleng (UiT). Hanno Langweg presented experience from the establishment phase of COINS and gave an outlook on future activities.
Slides from the presentation

]]>
Ebenezer Paintsil graduated https://coinsrs.no/doctoral-dissertation-ebenezer-paintsil/ Thu, 12 Sep 2013 16:46:51 +0000 https://www.coinsrs.no/?p=2432 Continue reading ]]> ebenezer_paintsil

Ebenezer Paintsil defended his doctoral thesis about information security on Thursday 12th of September.

Ebenezer Paintsil is associated to NISlab (Norwegian Information Security laboratory) at Gjøvik University College.  Title of the dissertation: Privacy and Security Risks Analysis of Identity Management Systems.

He is the first student affiliated with the Norwegian COINS Research School of Computer and Information Security  that graduates with a Ph.D. degree.

The thesis develops a risk model and model-based risk analysis method for privacy and security risks analysis of identity management systems (IDMSs) in order to reduce cost and provide scientific support for the choice of identity management approaches. Model-based risk analysis methods can assist system stakeholders in understanding a risk analysis process because of their effective use of graphical models to facilitate participation, risk communication and documentation. These graphical risk models communicate what can go wrong in a system and assist in the security risk analysis.

This thesis develops a balanced approach to risk analysis where systems’ characteristics and tools that hide complex mathematics are relied upon to analyze privacy and security risks in IDMSs. It provides new knowledge on how to develop risk models for IDMSs from the characteristics of information that flow in them.

Congratulations!

]]>
Funding for security research in Tromsø https://coinsrs.no/funding-for-security-research-in-tromso/ Tue, 02 Jul 2013 07:29:54 +0000 http://www.coinsrs.no/?p=557 University of Tromsø (UiT) decided to grant a Ph.D. scholarship to the Faculty of Science and Technology, among other factors because of its membership in COINS. Congratulations to UiT for strengthening its research activity in computer and information security.

]]>
Become a student member of COINS https://coinsrs.no/become-a-student-member-of-coins/ Sun, 16 Jun 2013 12:51:19 +0000 http://www.coinsrs.no/?p=249 registration page for the COINS Research School of Computer and Information Security has now opened. Membership is free of charge and is a prerequisite to enjoy the benefits COINS has to offer. Continue reading ]]> The registration page for the COINS Research School of Computer and Information Security has now opened. Membership is free of charge and is a prerequisite to enjoy the benefits COINS has to offer.

If you are unsure whether to register, talk to your thesis advisor to get encouragement.

]]>
NISK 2013 in Stavanger https://coinsrs.no/nisk-2013-in-stavanger/ Sun, 16 Jun 2013 12:48:43 +0000 http://www.coinsrs.no/?p=245 Continue reading ]]> The 6th Norwegian Information Security Conference (NISK) will be sponsored by the FRISC network and will take place from 18/11 to 20/11 in Stavanger. The conference will be co-located with the Norwegian Computer Science Conference (NIK).

NISK brings together people in all areas of information security. Ph.D. students can submit a paper to be presented and published in the conference proceedings after successful peer review. NISK publications give publication points at level 1. There will be a Ph.D. student seminar co-located with NISK probably on 20/11 and 21/11. Exact date, time and programme TBA.

Conference homepage: http://www.frisc.no/arrangementer/nisk-2013/

COINS student members can apply for travel support to participate in NISK. To foster cooperation between Norwegian and Swedish Ph.D. students, COINS invites up to four students from the Swedish SWITS network to participate in NISK.

]]>
NordSec 2013 in Greenland https://coinsrs.no/nordsec-2013-in-greenland/ Fri, 14 Jun 2013 16:48:50 +0000 http://www.coinsrs.no/?p=179 Continue reading ]]> The 18th Nordic Conference on Secure IT Systems will take place at the Arctic Hotel in Ilulissat, Greenland, from 18th to 21st October 2013.

NordSec addresses a broad range of topics within IT security with the aims of bringing together computer security researchers from around the world and of encouraging interaction between academia and industry. In 2013 the conference has special focus on the security challenges of cyber-physical systems as found within areas as for example avionics, automotive, energy, healthcare and consumer appliances.

Traditionally the conference is arranged in the Nordic countries and in 2013 it will be in Ilulissat (Jakobshavn) situated 200 km north of the Arctic Circle and neighbouring the UNESCO’s World Heritage Centre of Ilulissat Icefjord. Travel to Ilulissat will be limited so early registration and booking is encouraged; please consult the web-page http://nordsec2013.imm.dtu.dk for the latest information.

Student members of COINS can apply for travel support to attend this Nordic information security event.

]]>
COINS@SWITS Malmö 2013 https://coinsrs.no/coinsswits-malmo-2013/ Fri, 07 Jun 2013 15:39:34 +0000 http://coinsrs.no/?p=153 Continue reading ]]> We travelled to Malmö early this month to find out how SWITS operates their annual seminar. SWITS is the Swedish IT Security Network for Ph.D. Students, similar to the COINS research school of computer and information security we are setting up in Norway. SWITS has been in business for more than ten years, and has successfully gathered Ph.D. students and research groups in information security in Sweden.

Each year, SWITS organises a two-day seminar. The seminar is held at a different location every time, this year in Malmö (supported by Lund University), next year probably in Uppsala.

coins swits seminar 2013-06-03 pic1On the first day, research groups presented themselves with each group using only a couple of minutes. This was followed by three consecutive sessions of three Ph.D. student presentations per session, separated by a lunch break and a short break. The presentations were grouped by topics, i.e. “Smart Phone Security and Trusted Platforms”, “Privacy and PETs”, and “Software Security and Information Flow”. Ph.D. students were at different stages in their projects, with some having just started and trying to scope their topic, others in the midst of data gathering and evaluation, and others close to finishing, using the presentation as an exercise for their thesis defence.

 

coins swits seminar 2013-06-03 pic3After the Ph.D. student presentations we gave a presentation on COINS and discussed possible opportunities for Norwegian/Swedish cooperation in Ph.D. training in information security. The discussion yielded several good ideas, and as one concrete result we will invite students from Sweden to NISK, the annual Norwegian information security conference to be held in Stavanger later this year. More ideas were:

  • Promote NordSec better on the COINS website, together with other similar Nordic events
  • Joint courses, block-mode with SWITS member institutions
  • Joint Capture the Flag events, joint teams, organise a Nordic event
  • Joint SWITS/COINS event with students presentations/workshops
  • Various competitions, e.g. along the lines of Harvard Business School competitions where there is a joint Norwegian/Swedish jury
  • Share information about upcoming Ph.D. defences – and send out invitations

Parallel group discussions followed on “Software Security”, “Security Management”, “Network Security”, and “PETs”. After group discussions, participants went on a boat trip and joined for dinner.

coins swits seminar 2013-06-03 pic2The second day also had three sessions of three Ph.D. student presentations each, interrupted by an invited talk (Jonas Hallberg from FOI on the SECURIT research programme) and a lunch break as well as several short breaks. The seminar was concluded by an invited talk presenting new IT security projects at MSB, the department for security and preparedness in Sweden. MSB also supports SWITS financially.

The concept seemed to work well with participants and organisers, so we are considering to have the first COINS Ph.D. student seminar in a similar fashion.

]]>