Vision for the Cluster
Background: Security and privacy have recently been added to WASP in recognition of the fact that autonomous systems have to meet security and privacy requirements to be trustworthy.
Objective: For WASP as a whole, the cluster aims to create a mindset that takes security into account as early and often as possible, and to develop and contribute expertise on security for autonomous systems. In the other direction, the relevant problems arising from autonomous systems will enhance research on security. The cluster itself serves as a platform to bring together researchers on the security and privacy aspects of autonomous systems, for learning, feedback, and collaboration.
Connection to other WASP clusters: most other clusters are concerned with the core of autonomous systems and software. Security is usually not the primary function of an autonomous system but often a necessary component. The security cluster can interact with other clusters taking advantage of the following interdependence:
- Advances in AS pose new research challenges for security and privacy
- Advances in security and privacy make AS trustworthy
For example, using machine learning for improving security (anomaly detection); and conversely, analyzing/improving the security of machine learning (adversarial machine learning, privacy implications).
- Cluster meetings at Winter school and batch 2 kickoff, Jan 8-10, 2018, Lund
- Cluster student meeting May 4, 2018, Stockholm
- Cluster faculty meeting on Faculty and industry day, May 16, 2018, Stockholm
The following are themes currently being investigated in the cluster. They have implications both for security research of specific systems and for the research of security in itself.
- Secure networks, distributed systems, IoT, Cloud
- Privacy, cryptography
- Useable security and privacy
- Provable, verifiable security and privacy
- Software and information system security
Currently, there are three industrial PhD students in the cluster, working with Ericsson, Advenica, and Combitech, on specific topics as listed in the sub-projects. In general, a major challenge for industry is how to integrate security in the development process given resource constraints in terms of cost, time, expertise, and inherent difficulties such as changes, updates, system complexity, interaction with other components, systems run in larger systems not under the same control, human interaction, defining and measuring security, trade-offs with functionality, performance, or usability, etc. Yet, systems need to achieve a sufficient degree of security to be trustworthy and trusted.
- Tomasz@Chalmers: Useable security and privacy
- Shahab@KTH: IoT/information theoretic secrecy
- Sakib@KTH: Privacy for AS in the home
- Georgia@Chalmers: Differential privacy, verifiable delegation of computation
- Karl@KTH@Ericsson: Crypto verification, automated security analysis, tools for distributed systems
- Alexander@Lund@Advenica: Cryptanalysis, side-channel attacks in SW
- Iulia@Chalmers: ITTT information flow, cloud, LBS, policies
- Nikita@LiU: Industrial network security
- Joakim@Lund@Combitech: Decentralized group information sharing
- Pegah@Lund: Secure SW updates