Cybersecurity Research in Flanders and in Europe
Bart Preneel
imec-COSIC KU Leuven
Complex and Dynamic Ecosystem
cybersecurity
technology
regulation
economic organization
education
Security and
Privacy by Design
Innovation is key
European Landscape
GDPRNIS
Cybersecurity Act
Cybersecurity Competence Network Pilot
SU-ICT-03-2018
• KU Leuven is coordinating a proposal
• 20 leading academic teams
• 35 ERC grants
• 70 spin-off companies
• Incl. RU Bochum, TUDarmstadt, Uni. Saarbrucken, ETHZ, EPFL
• 13 companies including F-secure,
IBM, Intel, SAP, NXP
Cybersecurity in Germany
• TU Darmstadt (CRISP): 50 PI/400 researchers
• RU Bochum (Horst Görtz Institute ): 26 PI
• Max Planck Institute: +12 prof/100 researchers
• KIT Karlsruhe (KASTEL): 15 PI
• Munich: Bundeswehr University + TU Munich + Fraunhofer AISEC: 15 PI
• Saarbrucken (CISPA): 9 PI
• Helmholtz Center: +40 PI/700 people in 2023 - 50 MEUR//year
Top 5: 155 PIs and 1300 researchers
Fundamental + strategic research funding 150-200 MEUR/year
Excellence + critical mass
Ranking Organizations worldwide (June 2012)
Excellence + critical mass
Ranking Organizations Europe (June 2012)
Excellence + critical mass: staff
Interdisciplinary research team:
26 PIs + 160 researchers
0 20 40 60 80 100 120 140
PI sr. researcher postdoc PhD External
DistriNet COSIC CiTiP
Excellence + critical mass:
selected results
AES: global de facto standard in billions of devices
KRACK attack on WPA2
Excellence + critical mass:
selected results
• Building blocks: (CAESAR competition) - new constructions for authenticated encryption
• Platforms: (FlowFox) - first fully operational web browser with sound and precise information flow control
• Tools: (Verifast) - software verification technology essential for secure software
• Insights: systematic studies of privacy-violating practices on the web: high impact communication to society and the
public
Excellence + critical mass:
selected results
• 2 Advanced ERC Grants
• 40+ EU projects including 7 as coordinator (2008-2018)
• Top publications (2013-2018)
• 20 papers in top security venues Usenix Security, IEEE S&P, CCS, NDSS
• 28 papers in top crypto venues: Asiacrypt, Crypto, Eurocrypt
• h-index distribution top 20 (Google scholar):
0123 4567 1089
20-29 30-39 40-49 50-59 60-69 70-79
A full spectrum of research activities
Demand-driven research in synergy with core, basic, and collaborative research
Up to the offering of value-added services
• to sense needs in the market and spot market opportunities
• to understand and monetize valorization potential of internal expertise
• to test sustainability of specific services
• contract research in collaboration with imec
Core research
Strategic Basic research
Collaborative
research Ready-to-
market
Research Partners
Education and training
• ESAT + CS + CiTiP: 12 specialized courses for Master students
• Computer Science: option Secure Software
• Current graduates per year: 40 Master students + 15 PhD students with thesis on cybersecurity
• 1-week intensive courses: COSIC course and Secappdev
• MOOC on web security
• Master of Intellectual Property and ICT Law: 80 students
• Education in Brugge, Gent, Hasselt
• In preparation
• Electrical engineering: option cybersecurity + telecommunications
• 1-year Master in cybersecurity
• More MOOCs: Privacy by Design (featuring GDPR), IoT security,…
Start-ups (2016-2018):
Enhancing Excellence
Application to major business and digitalization challenges
Collaborative Research (with industry) Industry Training and Knowledge Transfer
Outreach Additional services
Core research to maintain EU leadership in key areas of cybersecurity
Essential foundation to further cultivate and grow excellence, to attract top experts and researchers
Strategic Research to apply core research in the context of major trends and evolution in technology and business challenges; enhancing
applicability and reaching adopters
Need partners that have the capability to absorb research results, technology and novel
approaches; engaging with ring leaders of vertical segments (Fintech, Industry 4.0 etc.)
Education of methods, technologies and best practices, and assessments for a broad range of
stakeholders, guaranteeing proximity for SMEs Support for certification
Spin-of creation
Enhancing Excellence
• Maintaining excellence
• Crypto
• Privacy
• Software Security
• Security Life Cycle (SDLC), including deployment, verification and certification
• System Security
• Hardware Security
• Developing the existing capabilities
• AAA services (Authentication, Authorization, Audit - incl.. Biometrics)
• Network and infrastructure security (DNS, BGP, Network protocols, 5G…)
• Monitoring, management and usability
• Policy, Regulatory & Compliance
• Cybersecurity economics
• Strategic alignment with key national and international partners
Trust4Cloud Security4IoT
Data Protection
& Privacy
Resilience
Dependability Performance
Robustness
Availability
AI Big
Data Smart
everything
Building Trust
Strategic
Research
Conclusion
• Strong cybersecurity expertise in Flanders
• academic expertise concentrated in KU Leuven
• industry: several innovative players
• Strategic approach required to develop the current ecosystem
• Awareness and education based on science
• Maintaining leading position
• enhancing excellence: major progress will require technology innovation
• embed technology innovation in European and Flemish ecosystem
22
Bart Preneel, imec-COSIC KU Leuven
Kasteelpark Arenberg 10, 3000 Leuven
homes.esat.kuleuven.be/~preneel/
Bart.Preneel@esat.kuleuven.be
@CosicBe ADDRESS:
WEBSITE:
EMAIL:
TWITTER:
+32 16 321148 TELEPHONE: