Publications
Chosen filters:
Chosen filters:
Expressive and Systematic Risk Assessments with Instance-Centric Threat Models KU Leuven
A threat modeling exercise involves systematically assessing the likelihood and potential impact of diverse threat scenarios. As threat modeling approaches and tools act at the level of a software architecture or design (e.g., a data flow diagram), they consider threat scenarios at the level of classes or types of system elements. More fine-grained analyses in terms of concrete instances of these elements are typically not conducted explicitly ...
A Run a Day Won't Keep the Hacker Away: Inference Attacks on Endpoint Privacy Zones in Fitness Tracking Social Networks KU Leuven
Fitness tracking social networks such as Strava allow users to record sports activities and share them publicly. Sharing encourages peer interaction but also constitutes a risk, because an activity's start or finish may inadvertently reveal privacy-sensitive locations such as a home or workplace. To mitigate this risk, networks introduced endpoint privacy zones (EPZs), which hide track portions around protected locations. In this paper, we show ...
Tracking the Evolution of Cookie-based Tracking on Facebook KU Leuven
We analyze in depth and longitudinally how Facebook's cookie-based tracking behavior and its communication about tracking have evolved from 2015 to 2022. More stringent (enforcement of) regulation appears to have been effective at causing a reduction in identifier cookies for non-users and a more prominent cookie banner. However, several technical measures to reduce Facebook's tracking potential are not implemented, communication through the ...
OAuch: Exploring Security Compliance in the OAuth 2.0 Ecosystem KU Leuven
The OAuth 2.0 protocol is a popular and widely adopted authorization protocol. It has been proven secure in a comprehensive formal security analysis, yet new vulnerabilities continue to appear in popular OAuth implementations. This paper sets out to improve the security of the OAuth landscape by measuring how well individual identity providers (IdPs) implement the security specifications defined in the OAuth standard, and by providing detailed ...
Unsupervised Acoustic Anomaly Detection Systems Based on Gaussian Mixture Density Neural Network KU Leuven
Design of a Robust MAC Protocol for LoRa KU Leuven
Low power wide area networks (LPWANs) enable large-scale deployments of low-power wireless devices. LoRaWAN is a long-range wireless technology that has emerged as a low-power and low-data rate solution to support Internet-of-Things applications. Although LoRaWAN provides a low-power and cost-efficient networking solution, recent literature shows that it performs poorly in terms of reliability and security in dense deployments due to the ...