Title Promoter Affiliations Abstract "Automatic identification of semantic security vulnerabilities in system software such as kernels" "Bart Coppens" "Department of Electronics and information systems" "An operating system kernel is the most security-critical piece of system software running on a computer. Linux for example supports a plethora of hardware and different features for its many different use cases. To support its modularity and configurability, this code contains many indirections and interactions between different components. This leads to Linux being a security-critical code base, but at the same time being a code base which is hard to analyse. The correct execution of this expansive code base furthermore relies on developers adhering to many rules, both explicit and implicit. Analysis tools exist that try to reconstruct these rules, and then use this information to find violations in the codebase. However, their false positive rates and their lack of proof-of-concept inputs limit their usefulness to developers. Moreover, the security rules and guidelines are not enforced during the writing of the code, instead analysis is treated as an afterthought. In short, existing tools for securing the Linux kernel suffer from a lack of timely feedback, low overhead analysis and implied rules. My overall goal is to research if I can provide developers of system software with faster and more actionable feedback of their code, increasing the security of their products in the long term. My vision is to have real-time feedback during development of system-level code, rather than post-hoc analyses result that arrive only when the developer has moved on to other aspects." "Cyber-physical security of the bulk electric energy supply system" "Bart Preneel" "Computer Security and Industrial Cryptography (COSIC)" "Electric energy supply systems are transitioning towards strongly interlinked, smarter systems that heavily rely on information and communication systems. Security will be a critical requirement of these systems. Within this PhD, the cyber-physical security of the electric energy supply system and its embedded components will be evaluated. Next, the corresponding countermeasures to mitigate the identified security threats will be investigated." "Evaluating trade-offs between performance and security in hardware and system software" "Frank Piessens" "Distributed and Secure Software (DistriNet), Computer Security and Industrial Cryptography (COSIC)" "The ubiquitous network connectivity of all ICT devices great and small increases the risk of cyber attacks against these devices. The vulnerabilities that enable these attacks used to be mainly software vulnerabilities. However, the last few years have seen a new kind of attacks: remote software controlled attacks that exploit subtle defects, oversights or even features in hardware to break important security objectives of the hardware/software system. The recent Meltdown and Spectre attacks that exploit micro-architectural side-effects of speculatively executed instructions are very high-profile examples. For such attacks, the vulnerability is at least partly in the hardware, and designing countermeasures may require changes to hardware and/or system software. Currently it is unclear how to rigorously mitigate these attacks. Yet, we understand that an important enabler for the vulnerabilities lies in optimisations introduced to increase performance. Hence, this research project aims to develop a better understanding of these attacks, and of the trade-offs between security and performance in hardware and system software. We want to build a deeper understanding of the security risks introduced by this new class of attacks by studying existing attack techniques and developing new ones. We want to design countermeasures that effectively mitigate these attacks, and we want to quantify the performance cost of these countermeasures." "Enhancing Defence Plans to match Future Power System Security Needs" "Dirk Van Hertem" "ESAT - ELECTA, Electrical Energy and Computer Architectures" "The European policy goals on sustainability, security of supply and improved competiveness resulted in an increased share of renewables in generation, which in turn led to a higher loading of the transmission and distribution grids. The transition to a liberalized European market even further increased the loading of the power system. As a consequence the grid is being operated closer to its limits. These limits are determined by the different security criteria. Existing and new criteria will be considered. During high impact low probability events the system can violate this security limit and as a consequence enter the alert or emergency state or even evolve towards a black-out of the complete system. Therefore an analysis of the system needs to be made such that this evolution towards an instability can be detected.The number of power flow controllable devices (PFC), such as phase shifting transformers and HVDC, in the power system has been steadily increasing and will even further increase in the upcoming years. The coordinated use of these power flow controllable devices in the first phase of the defense plans will be investigated. These devices offer an additional means of fast control to the operators or can be used in automatic system protection schemes to bring the system back to a normal situation." "FlexSys - A flexible electricity system contributing to Security of Supply" "Lieven Vandevelde, Jelle Laverge" "Department of Electromechanical, Systems and Metal Engineering, Department of Architecture and urban planning" "Exploiting the enormous flexibility potential of aggregating distributed assets is crucial to maintain Security of Supply in the renewables-focused electricity system of the future. To make this happen, this project lays the missing groundwork in terms of academic knowledge, technology development and value propositions. The unique and multidisciplinary consortium covering the entire value chain fosters innovation and creates social value through a citizen-driven approach.The result enables a sharp reduction in emissions, reliance on fossil fuels, curtailment of renewables and barriers to prosumer investment." "Cyber Security Incident Handling, Warning and Response System for the European Critical Infrastructures" "Anton Vedder" "Research Unit KU Leuven Centre for IT & IP Law (CiTiP)" "In the digital era, Critical Infrastructures (CIs) are operating under the premise of robust and reliable ICT components, complex ICT infrastructures and emerging technologies and are transforming into Critical Information Infrastructures (CIIs) that can offer a high degree of flexibility, scalability, and efficiency in the communication and coordination of advanced services and processes. The increased usage of information technology in modern CIIs means that they are becoming more vulnerable to the activities of hackers and other perpetrators of cyber-related crime (cyber criminals). Several recent studies have shown that the landscape of cyber threats is changing continuously and the nature of attacks of this sort are evolving, involving a great degree of persistence and (technical) sophistication.In addition to this, barriers to entry for would-be cyber criminals are falling rapidly, and nowadays, the attackers have a range of (technical) capabilities and substantial resources at their disposal, since malware and malware-as-a service become more easily and cheaply available through various means and sources (such as Dark Web, Deep Web). Thus, a variety of advanced techniques and tools (e.g. social engineering techniques and zero-day exploits programs) are available and can be used by the cyber criminals to initiate advanced targeted attacks. These threats employ multiple technologies and malware, deployed in multiple stages, to bypass traditional security mechanisms in order to penetrate an organization’s defenses. The attack vectors vary significantly including Application-Layer, Social Engineering Unauthorized Access, Malicious Code, and Reconnaissance and Networking-based service attacks that target applications, host and client operating systems, and even networking equipment. In this vein, the attackers use these techniques to get valuable data assets, such as financial transaction information, user credentials, insider information etc." "European control system security incident analysis network." "Jos Dumortier" "Research Unit KU Leuven Centre for IT & IP Law (CiTiP)" "The protection of critical infrastructures increasingly demands solutions which support incident detection and management at the levels of individual CI, across CIs which are depending on each other, and across borders. An approach is required which really integrates functionalities across all these levels. Cooperation of privately operated CIs and public bodies (governments and EU) is difficult but mandatory. After about 10 years of analysis and research on partial effects in CIP and for individual infrastructure sectors, ECOSSIAN is supposed to be the first attempt to develop this holistic system in the sense portrayed above. A prototype system will be developed which facilitates preventive functions like threat monitoring, early indicator and real threat detection, alerting, support of threat mitigation and disaster management. In the technical architecture with an operations centre and the interfaces to legacy systems (e.g., SCADA), advanced technologies need to be integrated, including fast data aggregation and fusion, visualization of the situation, planning and decision support, and flexible networks for information sharing and coordination support, and the connection of local operations centres. This system will only be successful, if the technical solutions will be complemented by an effective and agreed organizational concept and the implementation of novel rules and regulations. And finally, the large spectrum of economically intangible factors will have significant influence on the quality and acceptance of the system. These factors of societal perception and appreciation, the existing and required legal framework, questions of information security and implications on privacy will be analyzed, assessed and regarded in the concept. The system will be tested, demonstrated and evaluated in realistic use cases. They will be developed with the community of stakeholders and cover the sectors energy, transportation and finance, and the ubiquitous sector of ICT." "ANUBIS: Aligned oNline and multilevel User and entity Behavior analytics for Intelligent System security" "Wouter Verbeke" "Business technology and Operations, Data Analytics Laboratory" "Fraud is a fierce threat to digital business. A typical organization is estimated to lose 5% of its revenues due to fraud, which is hard to eradicate since dynamic, system-dependent and organization- specific. Powerful and intelligent fraud detection systems are therefore of crucial importance, to timely block, prevent and contain fraud and to mitigate losses. User and entity behavior analytics essentially profile the activity of users, peer groups and other entities such as devices, applications and networks, with the aim to detect anomalous patterns which are indicative for security threats, such as fraud. In this research project, we will improve the adaptiveness and detection power of user and entity behavior analytics by aligning the objective of these approaches when learning from data with the business objective of minimizing fraud losses, instead of maximizing performance from a statistical perspective. For this purpose, we will leverage and advance upon profit driven analytics and cost-sensitive ensemble learning approaches. Additionally, we will extend these approaches to accommodate online and multilevel learning from streaming data from across systems and applications. The developed approaches will be empirically evaluated on available data sets and benchmarked to state-of-the-art approaches" "Designation of the competent social security system in case of international employment of reserachers" "Paul Schoukens" "Institute for Social Law" "The research focuses upon the international employment of personnel of the KU Leuven. In a first stage the researchers looked for patterns of international employment on the basis of existing employment cases. Furthermore it has been investigated which the competent social security system is, when applying international and European law for each of the patterns. Finally policy guidelines were developed as how to organise the international employment at the KU Leuven." "Power System and Communication Network Co-Simulation for Cyber Security Analysis" "Geert Deconinck" "Electrical Energy Systems and Applications (ELECTA)" "Nowadays, critical infrastructures such as power networks, power plants, refineries, and governmental organizations are controlled and monitored by Cyber-Physical Systems (CPS) such as Industrial Control Systems (ICS), Supervisory Control and Data Acquisition (SCADA) systems, Distributed Control Systems (DCS) and Sensing and Distribution Automation Systems (DAS). Such systems incorporate Information and Communication Technology (ICT) services to monitor and control the process. Corruption or malfunctioning of CPS may lead to catastrophic environmental disasters with significant effects on human life. Recent cyber-attacks on critical infrastructures revealed that almost all types of attacks can be orchestrated on CPSs. Further investigations illustrated that a considerable number of these attacks are due to the lack or non-existence of audit and accountability in CPS.  Interfacing existing power systems and ICT simulators (termed co-simulation) is thought to be a practical and realistic approach to evaluate complex CPSs. Thus, in this work, in order to assess the influence of the uncertainties within information networks on the performance of the real-time controls in power systems, a co-simulation method is proposed. Then based on the co-simulation testbed, we will conduct a number of tests including protocol evaluation, cyber threat evaluation, cyber-attack recovery planning, risk assessment, and resilience or investment prioritization."