Publications
Chosen filters:
Chosen filters:
A User-centric Approach to API Delegations Enforcing Privacy Policies on OAuth Delegations KU Leuven
OAuth is the most commonly used access delegation protocol. It enables the connection of different APIs to build increasingly sophisticated applications that enhance and amplify our abilities. Increasingly, OAuth is used in applications where a significant amount of personal data is exposed about users. Despite this privacy risk, in most OAuth flows that a user encounters, there is a lack of fine-grained control over the amount of data that is ...
AndrAS: Automated Attack Surface Extraction for Android Applications KU Leuven
The attack surface of an Android application captures the set of ways in which attackers can penetrate and compromise the application. Determining the attack surface serves multiple purposes, including assessing the security of the application, identifying weak points, and prioritizing mitigation efforts. In practice, determining the attack surface of an application is still a manual effort, and can be time-consuming and error-prone. This paper ...
Testing and Practical Implementation of a User-Friendly Personalized and Long-Term Electronic Informed Consent Prototype in Clinical Research: Mixed Methods Study KU Leuven
BACKGROUND: Over the years, there has been increasing interest in electronic informed consent (eIC) in clinical research. The user-friendliness of an eIC application and its acceptance by stakeholders plays a central role in achieving successful implementation. OBJECTIVE: This study aims to identify insights for the design and implementation of a user-friendly, personalized, and long-term eIC application based on a usability study with ...
CTAM: a tool for Continuous Threat Analysis and Management KU Leuven
Security and privacy threat modeling approaches are commonly applied to identify and address design-level security and privacy concerns in the early stages of software development. Identifying and mitigating these threats should remain a continuous concern during the development lifecycle, as single-shot analyses become quickly outdated with contemporary agile development practices. Despite expert recommendation, the support for continuously ...
On the adversarial robustness of full integer quantized TinyML models at the edge KU Leuven
The recent surge in deploying machine learning (ML) models at the edge has revolutionized various industries by enabling real-time decision-making on resource-constrained devices, such as TinyML models on microcontrollers. However, this trend brings forth a critical concern - the vulnerability of these models to adversarial examples. ML at the edge offers tremendous potential but demands heightened vigilance in the realm of cybersecurity. Our ...
TC4SE: A High-performance Trusted Channel Mechanism for Secure Enclave-based Trusted Execution Environments KU Leuven
We present TC4SE, a trusted channel mechanism suitable for secure enclave-based trusted execution environments, such as Intel SGX, that leverage on the existing security properties provided by the TEE remote attestation scheme and Transport Layer Security (TLS) protocol. Unlike previous works that integrate attestation into the TLS handshake, TC4SE separates these two processes and binds the trust to the authentication primitives used by the TLS ...