Skip to main content
Centre for Cyber Defence and Information Security

CDIS Spring Conference 2025

CDIS Spring Conference May 22, 2025

The CDIS Spring Conference takes place Thursday May 22, 2025, in KTH Lecture Hall F1 Alfvénsalen, Lindstedtsvägen 22.

To attend, register here  by May 13.

PROGRAMME

9:00 Welcome and Introduction
Musard Balliu KTH, Pontus Johnson, KTH, and David Olgart, Cybercampus

9:30 Keynote: Malware research: History, milestones, and open problems
Davide Balzarotti , Eurecom

Abstract:
Since the emergence of the initial self-replicating viruses in the 1980s, the history of malware has undergone a rich and fascinating evolution - which attracted the interest of researchers, nation-state agencies, and multi-billion dollars corporations. By examining the main contributions in the field through the lens of thousands of published papers, in this talk I will identify a number of recurring themes and long-lasting challenges. The talk will also break down different areas of malware research and try to distill the major results that researchers obtained in this fascinating field.

10:30 Break

11:00 Real-world cryptography: Construct, analyze, code, document, and deploy. Repeat. 
Douglas Wikström , KTH

Abstract:
For almost 20 years we have focused on electronic voting systems as an example of a complex cyberphysical system, i.e., a cryptographic protocol. This has inspired us to do theoretical work on definitions and methodology. We have also constructed and analyzed primitives and protocols which have then been implemented and deployed in real-world national and local elections in several countries. We give a brief presentation of our research efforts, successes and challenges, and what lessons can be learned.

11:30 TRUVALT: A framework for secure and confidential upgradable functions in Trusted Execution Environments
  Marcus Birgersson , CDIS

Abstract:
More and more data storage and processing are moving to the cloud, for many good reasons. This comes with many benefits, but also with a lot of potential security and confidentiality issues. Cloud services must be trust worthy, users should be able to know how their data is managed, and be assured that it is not used in any way not previously approved. For running computations on sensitive data, the use of Trusted Execution Environments (TEE:s), is a good way of balancing security, confidentiality, and computational overhead. They provide a computational environment isolated from the host, with attestation capabilities. The issue is still that clients must be able to inspect the code to be confident of its purpose, a cumbersome and error-prone process. This issue is further exacerbated when small code changes are made, and the whole inspection process must be reiterated. This does not scale well in a system with many thousands of users. We solve the above issues by 1) introducing a formal verification tool, Dafny, which can prove code to be correct based on specifications and 2) running this verification inside the trusted enclave. This reduces the amount of code that a user must inspect, since only specifications must be verified, rather than the complete implementation. This also makes it possible for the developer to use proprietary code since the implementation does not need to be public, and the implementation can be dynamically updated as long as it still adheres to the specification.

11:50 Modeling and Simulating with Adversary-driven System Architecture Dynamics
Viktor Engström , CDIS

Abstract:
Two types of dynamics are important when modeling and simulating cyberattacks: how adversaries chain together different techniques across systems and how they change the target systems as they advance. For the former, a prominent method is to construct and traverse attack graphs automatically. For the latter, modeling and simulating adversary-driven structural changes is comparatively unexplored. So, the state of the art can map out adversary actions but not mirror when those actions realistically add and remove assets, such as applications, accounts, and privileges. Therefore, this work presents the Dynamic Meta Attack Language (DynaMAL), an extension and re-interpretation of the Meta Attack Language (MAL). MAL lets users declare how to construct attack graphs based on the specifications of assets and relations in a system architecture. DynaMAL provides similar but extended modeling capabilities based on a new lazy and event-driven attack graph generation method. The new method only generates what is explicitly requested by the adversary, meaning it can chain together events and let adversaries add or remove assets as attacks unfold. This approach was demonstrated by modeling and simulating three state-of-the-art Amazon Web Services (AWS) penetration testing exercises. The exercises were modeled with a purposive DynaMAL-based AWS language and simulated with the DynaMAL simulation platform. To solve the scenarios autonomously, we used a modified ant colony optimization algorithm to search for initial solutions. Then, we refined the solutions with a variant of simulated annealing. The results are promising: the refined solutions were optimal or near-optimal within the scope of the demonstration. Additionally, such results are attainable within an hour on a standard office laptop.

12:10 Lunch. CDIS posters and demos

13:30 On the quantum threat to cryptography
Martin Ekerå , Swedish Armed Forces

Abstract:
In this short talk, we first introduce the quantum threat to cryptography and provide advice on its mitigation. We then review the state-of-the-art algorithms for factoring integers and computing discrete logarithms quantumly. In so doing, we focus on algorithms of cryptanalytical significance and highlight some of our own research contributions. Finally, we review our full-stack cost estimates for the aforementioned algorithms alongside current industry roadmaps. This enables us to give a coarse projection for when it may first become feasible to use said algorithms to break widely deployed cryptography.

14:00 Protection against quantum computers through lattice problems
Joel Gärtner , CDIS

Abstract:
A sufficiently powerful quantum computer would be able to break much of the asymmetric cryptography that is currently being used. Secure asymmetric cryptography is vital for the security of the internet today, and a powerful quantum computer would therefore pose a significant threat. As there currently is a lot of resources spent on developing quantum computers, it may only be a matter of time before such a threat becomes a reality. Luckily, there are alternative asymmetric cryptosystems, which are not believed to be vulnerable against quantum computers. Recently, NIST standardized a quantum safe key-encapsulation mechanism and three different quantum safe digital signature algorithms. Besides one of the digital signature algorithms, the security of all of these algorithms is based on the assumed hardness of lattice problems. In this talk, I will present the different standardized quantum safe cryptographic algorithms and provide a high-level description of underlying lattice problems. I will also briefly mention how my research has related to these quantum safe cryptographic algorithms.


14:20 Adaptable Partitioning with a Real-Time Separation Kernel
Henrik Karlsson, CDIS

Abstract:
The increasing computational demands and security needs in critical systems require a robust foundation for safety and security. Separation kernels are the industry standard for high-criticality environments, ensuring both security and safety through robust system partitioning and isolation. However, traditional separation kernels lack the flexibility to adapt to modern application demands, particularly in adaptability and resource efficiency. We present S3K, a separation kernel that enables dynamic, policy-free, hierarchical system partitioning in real-time. S3K maintains high levels of safety, security, and control in dynamic environments while optimizing resource usage and efficiency. Its dynamic partitioning capabilities allow for both optimized resource usage and increased scalability, without compromising the security and safety benefits provided by traditional separation kernels.

14:40 Break

15:00 Keynote: War in the Smartphone Age
Matthew Ford , FHS

15:45 Panel: Reflections on navigating dual-use research and innovation during the transition from research to resilience
Moderator Göran Olofsson, Cybercampus Sweden, with an introduction by Henrik Friman, Strategic Solutions

16:30 Closing

16:40 Reception