Department of Information Technology

The Cyber Security Arena @ UU/IT

Facilitating research collaborations between divisions and between the department of Information technology and external parts.

About The Security Arena @ IT/UU

Security is a broad area with many different meanings. One view is that security is about protecting people, places, strategic sites and society's vital functions against for example terrorism, organised crime, and natural disasters. Cyber Security (CS) or Computer Security is aimed at protecting digital infrastructure against (malicious) disruption of the service as provided. This website (arena) collects relevant expertise at the Department of Information Technology of Uppsala University.

Focus Areas

2.1. Cybersecurity and formal verification

Many security vulnerabilities are a result of mistakes in system
design, protocol design, or just programming errors and incorrect use
of APIs. Every single mistake looks like a wide open door to an
attacker trying to hack into the system. A number of techniques,
including blackbox fuzzing, whitebox fuzzing, model checking, program
analysis, and theorem proving, have been developed with an impressive
ability to prevent and detect such vulnerabilities. However, since
vulnerabilities are still very much with us, these and other
techniques must be developed further. At the department, we are
working on

  • blackbox testing techniques, including blackbox fuzzing;
  • symbolic execution, model checking, and automatic approaches in testing;
  • SMT methods to efficiently reason about constraints representing program instructions and specifications.

We apply such techniques in multiple contexts, among others to analyze
software on small networked embedded platforms, such as Contiki, and
to analyze the string-processing code (e.g., JavaScript) that is
prevalent in modern web applications (contact: Bengt Jonsson or Philipp Ruemmer).

2.2. Fault/Fraud/Outliers and Anomaly detection

Faults, fraud, outliers or anomalies point to subjects, individuals or objects presented to a (computer) system that do not follow normal behavior. Techniques of machine learning can be used to learn normal behaviour based on past observations. Those then imply what abnormal ones look like, hence leading to a detection scheme. While traditional research in the area is founded on stochastic models assumed to underly the involved processes, this is a questionable assumption in settings of cyber security. We investigate instead robust methods of fraud/fault or anomaly detection, not based on such assumptions. This line of research is based on classical results in data compression and game theory, and is related to methods of online machine learning and adversarial learning. This line of research is especially fruitful when confronted with high-dimensional, streaming and non-ergodic data. See this paper (contact:kristiaan Pelckmans).

2.3. Transmission Processes over Dynamic Networks

Many problems in security can be seen as various types of transmission processes over a dynamic network: pathogens over a network of hosts in an epidemic, hate-speech or fake news over user accounts in a social media network, or malicious codes over a computer network. Combinatorial stochastic processes over directed graphs provides a unifying mathematical framework to study such processes at the resolution of discrete events over continuous time. Moreover, such mathematical models - when combined with active Apache projects - result in scalable, fault-tolerant and distributed computing and can be used to test scientific hypotheses postulated by domain experts and train predictive models for Markov control operations on undesirable aspects of such transmission processes over dynamic networks.
Theory: The Transmission Process, an application: Hate Transmissions in Twitter during 2016 US Election and commercially-friendly codes.
(contact: Raazesh Sainudiin)

2.4. IoT Security

To implement security on resource constrained devices running on batteries requires new light-weight protocol designs. At the department, we worked on:

  • key distributions aligned to the communication topology to allow for homomorphic operations
  • location privacy frameworks to enable location based services with privacy guarantees
  • security for visible light communication

Most recently we apply security to in-body networks. (contact: Christian Rohner).

2.5. Cyber-Security and Privacy in Digital Control Systems

Control systems are ubiquitous in modern societies, supporting the continuous operation of critical infrastructures such as power systems, transportation networks, and water distribution networks. Reports on cyber-attacks, such as Stuxnet, have shown their devastating consequences on digitally controlled systems supporting modern societies, and shed light on their modus operandi: first learn the system, then tamper the visible information so the attack is undetected, and meanwhile have significant impact on the physical system. It is therefore of the utmost importance for control systems to be able to early detect and mitigate malicious cyber-attacks, which aim at extracting sensitive information from the system, and having a significant impact on the system while remaining undetected.

We aim to bring together information security and control engineering under a risk management framework, by leveraging physics-based models to analyse the impact and vulnerability of feedback control systems to cyber-attacks, and to develop novel methods to detect attacks and efficiently deploy protection mechanisms. See for instance this paper, and this one. (contact: André Teixeira)

paper 1 and paper 2




Master Projects

For (future) master thesis projects, do get in touch directly with the contact person of your preferred focus area.

Contact Us

The Security Arena is part of the Department of Information Technology and is situated at the Information Technology Centre (ITC) in Uppsala, Sweden.

Arena Security e-mail list
To subscribe to the list, send a message to with the following message subject:

subscribe it-security <My Name>

The list (it-security -AT- will be used for announcements.

  • ReBoot meeting, 5e march, 2018
Updated  2018-11-12 09:57:57 by Kristiaan Pelckmans.