Skip to main content

Publications

Publications associated with the CDIS research projects.

2024

A. Andreasson, H. Artman, J. Brynielsson and U. Franke, "Cybersecurity work at Swedish administrative authorities: taking action or waiting for approval", Cognition, Technology & Work, 26 (4), 2024, pp. 709-731. doi: 10.1007/s10111-024-00779-1

S. Backman and T. Stevens, "Cyber risk logics and their implications for cybersecurity", forthcoming in Special Issue in International Affairs.

M. Birgersson, M. Balliu and C. Artho, "Sharing without Showing: Secure Cloud Analytics with Trusted Executionrne Environments", IEEE SecDev 2024, Pittsburgh, USA.

M. Brisfors, M. Moraitis, G.K. Landin and T. Jilborg, "Attacking and Securing the Clock Randomization and Duplication Side-Channel Attack Countermeasure". In: Mosbah, M., Sèdes, F., Tawbi, N., Ahmed, T., Boulahia-Cuppens, N., Garcia-Alfaro, J. (eds) Foundations and Practice of Security. FPS 2023. Lecture Notes in Computer Science, vol 14551. Springer, Cham. doi: 10.1007/978-3-031-57537-2_23

E.Cornelissen, M. Shcherbakov, and M. Balliu. "{GHunter}: Universal Prototype Pollution Gadgets in {JavaScript} Runtimes." 33rd USENIX Security Symposium. USENIX Security 24

V. Engström, G. Nebbione, and M. Ekstedt, "A Metalanguage for Dynamic Attack Graphs and Lazy Generation". In Proceedings of the 19th International Conference on Availability, Reliability and Security (ARES '24). Association for Computing Machinery, New York, NY, USA, Article 31, 1–11. doi: 10.1145/3664476.3664508

K. Hammar and R. Stadler, "Intrusion Tolerance for Networked Systems through Two-Level Feedback Control," 2024 54th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN), Brisbane, Australia, 2024, pp. 338-352, doi: 10.1109/DSN58291.2024.00042

Jendral, S., Ngo, K., Wang, R., Dubrova, E., Breaking SCA-Protected CRYSTALS-Kyber with a Single Trace, in Proc. of IEEE International Symposium on Hardware Oriented Security and Trust (HOST’2024), May 6-9, 2024, Washington DC, USA. Cryptology ePrint Archive, report 2023/1587 .

A. Kanellopoulos, C. Mavridis, R. Thobaben, and K. H. Johansson, “A Moving Target Defense Mechanism based on Spatial Unpredictability for Wireless Communication,” 22nd European Control Conference (ECC), 2024. doi: 10.23919/ECC64448.2024.10590962

H. A. Karlsson, "Minimal Partitioning Kernel with Time Protection and Predictability," 2024 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW), Vienna, Austria, 2024, pp. 234-241, doi: 10.1109/EuroSPW61312.2024.00031 .

T. Marinaro, P. Buiras, A. Lindner, R. Guanciale and H. Nemati, “Beyond Over-Protection: A Targeted Approach to Spectre Mitigation and Performance Optimization,” AsiaCCS’24: doi: 10.1145/3634737.3637651 

J. Nyberg and P. Johnson, "Structural Generalization in Autonomous Cyber Incident Response with Message-Passing Neural Networks and Reinforcement Learning," 2024 IEEE International Conference on Cyber Security and Resilience (CSR), London, United Kingdom, 2024, pp. 282-289, doi: 10.1109/CSR61664.2024.10679456

F. Reyes, Y. Gamage, G. Skoglund, B. Baudry and M. Monperrus, "BUMP: A Benchmark of Reproducible Breaking Dependency Updates," 2024 IEEE International Conference on Software Analysis, Evolution and Reengineering (SANER), Rovaniemi, Finland, 2024, pp. 159-170, doi: 10.1109/SANER60148.2024.00024 .

J. Ron, C. Soto-Valero, L. Zhang, B. Baudry and M. Monperrus, "Highly Available Blockchain Nodes With N-Version Design," in IEEE Transactions on Dependable and Secure Computing, vol. 21, no. 4, pp. 4084-4097, July-Aug. 2024, doi: 10.1109/TDSC.2023.3346195 .

M. Shcherbakov, P. Moosbrugger, and M. Balliu. "Unveiling the Invisible: Detection and Evaluation of Prototype Pollution Gadgets with Dynamic Taint Analysis." Proceedings of the ACM on Web Conference 2024. doi: 10.1145/3589334.3645579

D. Umsonst, S. Saritas, G. Dán, and H. Sandberg. “A Bayesian Nash Equilibrium-Based Moving Target Defense Against Stealthy Sensor Attacks.” IEEE Transactions on Automatic Control 69 (3), pp 1659–74. doi: 10.1109/TAC.2023.3328754

2023

L. Backlund, K. Ngo, J. Gärtner, and E. Dubrova, "Secret Key Recovery Attack on Masked and Shuffled Implementations of CRYSTALS-Kyber and Saber". In: Zhou, J., et al. Applied Cryptography and Network Security Workshops. ACNS 2023. Lecture Notes in Computer Science, vol 13907. Springer, Cham, doi: 10.1007/978-3-031-41181-6_9

E. Dubrova, K. Ngo, J. Gärtner, and R. Wang, "Breaking a Fifth-Order Masked Implementation of CRYSTALS-Kyber by Copy-Paste", in Proceedings of the 10th ACM Asia Public-Key Cryptography Workshop, Melbourne, Australia, 2023, pp. 10-20, doi: 10.1145/3591866.3593072

 V. Engström, P. Johnson, R. Lagerström, E. Ringdahl, and M. Wällstedt, "Automated Security Assessments of Amazon Web Service Environments", ACM Transactions on Privacy and Security, 26(2), 1-31, doi: 10.1145/3570903

L. Fernandez and G. Karlsson, "Black-box Fuzzing for Security in Managed Networks: An Outline," in IEEE Networking Letters, doi: 10.1109/LNET.2023.3286443 .

L. Fernandez and G. Karlsson, "Squashing Resource Exhaustion Bugs with Black-Box Fuzzing and Reinforcement Learning," 2023 7th International Conference on System Reliability and Safety (ICSRS), Bologna, Italy, 2023, pp. 439-448, doi: 10.1109/ICSRS59833.2023.10381445.

J. Gärtner, "NTWE: A Natural Combination of NTRU and LWE". In: Johansson, T., Smith-Tone, D. (eds) Post-Quantum Cryptography. PQCrypto 2023. Lecture Notes in Computer Science, vol 14154. Springer, Cham, doi: 10.1007/978-3-031-40003-2_12

J. Gärtner, "Concrete Security from Worst-Case to Average-Case Lattice Reductions". In: El Mrabet, N., De Feo, L., Duquesne, S. (eds) Progress in Cryptology - AFRICACRYPT 2023. AFRICACRYPT 2023. Lecture Notes in Computer Science, vol 14064. Springer, Cham, doi: 10.1007/978-3-031-37679-5_15

K. Hammar and R. Stadler, ”Scalable Learning of Intrusion Response Through Recursive Decomposition”. In: Fu, J., Kroupa, T., Hayel, Y. (eds) Decision and Game Theory for Security. GameSec 2023. Lecture Notes in Computer Science, vol 14167. Springer, Cham. https://doi.org/10.1007/978-3-031-50670-3_9

K. Hammar and R. Stadler, "Learning Near-Optimal Intrusion Responses Against Dynamic Attackers," in IEEE Transactions on Network and Service Management, doi: 10.1109/TNSM.2023.3293413 .

K. Hammar and R. Stadler, "Digital Twins for Security Automation," NOMS 2023-2023 IEEE/IFIP Network Operations and Management Symposium, Miami, FL, USA, 2023, pp. 1-6, doi: 10.1109/NOMS56928.2023.10154288.

M. Moraitis, M. Brisfors, E. Dubrova, N. Lindskog and H. Englund, "A side-channel resistant implementation of AES combining clock randomization with duplication," 2023 IEEE International Symposium on Circuits and Systems (ISCAS), Monterey, CA, USA, 2023, pp. 1-5, doi: 10.1109/ISCAS46773.2023.10181621.

M. Moraitis, Y. Ji, M. Brisfors, E. Dubrova, N. Lindskog and H. Englund, "Securing CRYSTALS-Kyber in FPGA Using Duplication and Clock Randomization," in IEEE Design & Test, vol. 41, no. 5, pp. 7-16, Oct. 2024, doi: 10.1109/MDAT.2023.3298805.

 J. Nyberg and P. Johnson, "Learning Automated Defense Strategies Using Graph-Based Cyber Attack Simulations",  Workshop on Security Operation Center Operations and Construction (WOSOC) 2023, pp. 1-8, doi: 10.14722/wosoc.2023.23006

R. Wang, K. Ngo, J. Gärtner, and E. Dubrova, "Single-Trace Side-Channel Attacks on CRYSTALS-Dilithium: Myth or Reality?" , Cryptology ePrint Archive, report 2023/1587 .

2022

M. Brisfors, M. Moriatis, and E. Dubrova, "Do not rely on clock randomization: A side-channel attack on a protected hardware implementation of AES," 15th International Symposium on Foundations & Practice of Security (FPS'2022), Ottawa, Canada.

V. Engström and R. Lagerström, "Two decades of cyberattack simulations: A systematic literature review," Computers & security, vol. 116, s. 102681-102681, doi: 10.1016/j.cose.2022.102681

U. Franke, A. Andreasson, H. Artman, J.Brynielsson, S. Varga, and N. Vilhelm, " Cyber situational awareness issues and challenges," in Cybersecurity and Cognitive Science, A. A. Moustafa, Ed. San Diego: Academic Press, 2022, pp. 235-265, doi: 10.1016/B978-0-323-90570-1.00015-2

K. Hammar and R. Stadler, "An Online Framework for Adapting Security Policies in Dynamic IT Environments," 2022 18th International Conference on Network and Service Management (CNSM), Thessaloniki, Greece, 2022, pp. 359-363, doi: 10.23919/CNSM55787.2022.9964838 .

K. Hammar and R. Stadler, "A System for Interactive Examination of Learned Security Policies," NOMS 2022-2022 IEEE/IFIP Network Operations and Management Symposium, 2022, pp. 1-3, doi: 10.1109/NOMS54207.2022.9789707

K. Hammar and R. Stadler, "Intrusion Prevention through Optimal Stopping," in IEEE Transactions on Network and Service Management, doi: 10.1109/TNSM.2022.3176781

K. Hammar and R. Stadler. "Learning Security Strategies through Game Play and Optimal Stopping", ICML Ml4Cyber Workshop 2022: International Conference on Machine Learning, arXiv: 2205.14694 .

 J. Nyberg, P. Johnson, and A. Méhes, "Cyber threat response using reinforcement learning in graph-based attack simulations," NOMS 2022-2022 IEEE/IFIP Network Operations and Management Symposium, 2022, pp. 1-4, doi: 10.1109/NOMS54207.2022.9789835

K. Ngo, and E. Dubrova, "Side-Channel Analysis of the Random Number Generator in STM32 MCUs," Proceedings of the Great Lakes Symposium on VLSI 2022, doi: 10.1145/3526241.3530324

K. Ngo, R. Wang, E. Dubrova, and N. Paulsrud, "Side-channel attacks on lattice-based KEMs are not prevented byhigher-order masking," Cryptology ePrint Archive

R. Wang, K. Ngo, and E. Dubrova, "A message recovery attack on LWE/LWR-based PKE/KEMs using amplitude modulated EM emanations," 25th Annual International Conference on Information Security and Cryptology.

R. Wang, K. Ngo, and E. Dubrova, "Side-channel analysis of Saber KEM using amplitude-modulated EM emanations,"  Euromicro Conference on Digital Systems Design 2022.

R. Wang, K. Ngo, and E. Dubrova, "Making biased DL models work: Message and key recovery attacks on saber using amplitude-modulated EM emanations," Cryptology ePint Archive

2021

A. Andreasson, H. Artman, J. Brynielsson and U. Franke, “A census of Swedish public sector employee communication on cybersecurity during the COVID-19 pandemic,” 2021 International Conference on Cyber Situational Awareness, Data Analytics and Assessment (CyberSA), 2021, pp. 1-8, doi: 10.1109/CyberSA52016.2021.9478241

M. Birgersson, C. Artho and M. Musard, "Security-Aware Multi-User Architecture for IoT," 21st IEEE International Conference on Software Quality, Reliability, and Security (QRS'21), 2021, urn: urn:nbn:se:kth:diva-305259

M. Grenfeldt, A. Olofsson, V. Engström and R. Lagerström, "Attacking Websites Using HTTP Request Smuggling: Empirical Testing of Servers and Proxies," 2021 IEEE 25th International Enterprise Distributed Object Computing Conference (EDOC), 2021, pp. 173-181, doi: 10.1109/EDOC52215.2021.00028 .

K. Hammar and R. Stadler, "Learning Intrusion Prevention Policies through Optimal Stopping," 2021 17th International Conference on Network and Service Management (CNSM), 2021, pp. 509-517, doi: 10.23919/CNSM52442.2021.9615542 .

K. Ngo, E. Dubrova, and T. Johansson, "Breaking masked and shuffled CCA secure Saber KEM by power analysis," in Proceedings of the 5th Workshop on Attacks and Solutions in Hardware Security 2021, doi: 10.1145/3474376.3487277

K. Ngo, E. Dubrova, Q. Guo, and T. Johansson, “A Side-Channel Attack on a Masked IND-CCA Secure Saber KEM Implementation”, IACR Transactions on Cryptographic Hardware and Embedded Systems, 2021(4), 676–707. doi: 10.46586/tches.v2021.i4.676-707

2020

A. Andreasson, H. Artman, J. Brynielsson, and U. Franke, “A census of Swedish government administrative authority employee communications on cybersecurity during the COVID-19 pandemic,” in Proceedings of the 2020 IEEE/ACM International Conference on Advances in Social Networks Analysis and Mining (ASONAM 2020). IEEE, 2020, pp. 727-733, doi: doi.org/10.1109/ASONAM49781.2020.9381324

K. Hammar and R. Stadler, “Finding Effective Security Strategies through Reinforcement Learning and Self-Play,” 2020 16th International Conference on Network and Service Management (CNSM), Izmir, Turkey, 2020, pp. 1-9, doi: 10.23919/CNSM50824.2020.9269092