We organize a conference for collecting IMSc points in the context of the IT Security BSc course in the spring semester of the 2023/24 academic year at BME. Beyond IMSc point collection, the goal of the conference is to encourage students to deep-dive into some hot topics of IT security, to get familiar with the challenges and recent research results, and to share knowledge with other students in the form of short presentations. We do hope that the conference will shed light on the beauty of the field of IT security and some of its exciting research areas, and it will stimulate both the active participants of the conference and all other students enrolled in the IT security course to engage in further studies in the domain of IT security.
The Call for Papers (CfP) for the conference is available here.
all, uav, cyber-physical-system, vehicle, network-security, power grid, machine-learning, data-evaluation, privacy, economics, malware, binary-similarity, cryptography, machine-learning-security, LLM-security, LLM, copilot, federated-learning, poisoning, password-manager, AAA, OAuth, web-security, Kerberos
Unmanned aerial vehicles (UAVs) are unmanned aircrafts operated by radio remote control and programmed control equipment. Due to their small size, low cost, and high flexibility, UAVs are widely used in military and civilian fields, such as geological detection, film shooting, traffic control, homeland security, and reconnaissance in battlefield. With the rapid increase of UAVs and the success of their related technologies, they also face many security problems, such as jamming, man-in-the-middle, and false message injection attacks. The security of UAVs has become a hot research topic. However, most UAV-related surveys are analyzed and summarized from a single perspective, there are few surveys about UAV cybersecurity.
Tags: uav, cyber-physical-system
References:
The last decades of the automotive industry have seen a significant change with the adoption of embedded controllers. Digital circuits and software components have taken control of processes previously controlled by analog methods. In addition to supporting more integrated functions and services, the primary motivation for this change was to reduce manufacturing costs. While delivering the expected results, this shift also created an undesirable problem: vehicles inherited the cybersecurity weaknesses of computers. If an attacker can take control of a computer-controlled physical process in an attack, it can cause physical damage by logical means. In the transportation industry, such an attack could endanger human lives or cause significant financial loss.
Tags: vehicle, cyber-physical-system, network-security
References:
Substations are responsible for distributing and transmitting electrical energy between power stations and consumers. The instrumentation and control of each substation is done by a digital system consisting of everyday (like PCs and switches) and special devices like feeder protection and control devices. The topic covers the introduction of special devices and protocols with their special vulnerabilities and countermeasures.
Tags: power grid, cyber-physical-system, network-security
References:
SCADA networks are controlling the electrical systems of all countries. A cyber attack on a SCADA system may create a blackout for wide regions and millions of people. Many attack vectors and vulnerabilites are present in these networks with different risk. The topic covers the general problem of cyber security of SCADA systems with a special attention on the security of a widely used protocol, the IEC 60870-5-104.
Tags: power grid, cyber-physical-system, network-security
References:
The Internet of Things is both a successful technological trend and a cybersecurity nightmare. The huge market for cheap IoT gadgets make manufacturers forget about (even basic, no-brainer) security measures. With historical evidence (e.g., the Mirai botnet) and current and predicted proliferation of IoT, this has to change. Current regulatory and standardization efforts propose several mechanisms to improve the state of affairs including security labels (a la energy labels) and the Software Bill of Materials (SBOM). Will they be successful?
Tags: economics, cyber-physical-system
References:
Embedded computers (e.g., IoT devices, controllers in vehicles and in industrial facilities) can also be infected by malware, just like other computers. The landscape of malware for such embedded devices is already rich, including infamous families like Mirai, and many others...
Tags: malware, cyber-physical-system
References:
Embedded computers (e.g., IoT devices, controllers in vehicles and in industrial facilities) can also be infected by malware, just like other computers. However, these devices are typically resource constrained and cannot run anti-virus solutions developed for desktop PCs. So researchers started to design new malware detection mechanisms tailored for them.
Tags: malware, cyber-physical-system
References:
A Trusted Execution Environment is an environment, where code can have a higher level of trust in the surronding environment. For example, its integrity is verified before it gets executed, it can store data in a confidential and integrity protected way, and it even has access to hardware components, that are off limits for ordinary software, even the operating system kernel. TEEs are ideal for implementing security critical solutions, even if we assume that an attacker has physical access to a system, or if not even the operating system kernel is to be trusted. Applications using TEEs can include mobile payment solutions, digital rights management-related software, cryptographic primitives or antivirus products.
Tags: cyber-physical-system
References: