Research of TU Delft cyber security students published at renowned conferences

News - 27 September 2021 - Webredactie

Cyber security students of TU Delft have been very successful in getting their research published in renowned conferences. Over the last year the work of master students Stijn Pletinckx and Jochem van de Laarschot was of such high quality that it resulted in top-tier publications. It is not only the quality of our students, but also the cooperation between the faculties of TPM and EEMCS in jointly supervising these students that shows that synergy creates high-impact and high-relevance research results. At the same time doing a cross-faculty master thesis enables students to enrich their work and broaden their horizon, a win-win situation.

Student Stijn Pletinckx:“Having had the opportunity to span my thesis across two faculties gave me additional perspectives and learning experiences that I would otherwise not get. This enabled me to look beyond the general scope of my field and push the topic further, leading to a top-tier publication.”

“Out of Sight, Out of Mind: Detecting Orphaned Web Pages at Internet-Scale”, 
Stijn Pletinckx (TU Delft), Kevin Borgolte (Ruhr University Bochum), Tobias Fiebig (TU Delft). ACM Conference on Computer and Communications Security (CCS) 2021.

In this paper, based on Stijn Pletinckx’s master thesis, TU Delft researchers present a new method to identify forgotten pages on the web: Websites that were once actively used, but are no longer referenced from the main-page or maintained. Applying this methodology on 100,000 popular domains, the researchers demonstrate that such forgotten sites are widespread and more vulnerable than their maintained counterparts. The forgotten vulnerable sites found during this research include critical systems, as for example, an old instance of a portal for accrediting medical professionals. Thanks to the researchers’ notifications of affected parties, these severe vulnerabilities were quickly mitigated.

Read the paper.

“Risky Business? Investigating the Security Practices of Vendors on an Online Anonymous Market using Ground-Truth Data” 
Jochem van de Laarschot (TU Delft), Rolf Van Wegberg (TU Delft). USENIX SECURITY2021.

This paper, based on Van de Laarschot’s master thesis, presents the first analysis - leveraging unique ground-truth data of Hansa Market - to investigate vendor security practices on an online anonymous market. Cybercriminal entrepreneurs on online anonymous markets rely on security mechanisms to thwart investigators in attributing their illicit activities. Earlier work indicates that – despite the high-risk criminal context – cybercriminals may turn to poor security practices due to competing business incentives. The researchers demonstrate that poor security practices do not occur at random. Rather counter-intuitively, vendors on Hansa Market selling digital cybercrime items are more likely to have insecure practices than vendors selling physical items – e.g., drugs.

Read the paper.