Themes and projects

IoT security

The exponential penetration of Internet-enabled devices in our society has been accompanied by increasing concerns about cybersecurity and privacy. There are a number of technical factors that make IoT devices vulnerable to attack. At the end of the day, however, weak IoT security has its roots in economic factors rather than technical ones.

By leveraging experimental methods, we investigate the root causes of insecure IoT products and services. We research how different stakeholders involved in the supply chain and can influence the security of the IoT ecosystem, form the semiconductor manufacturers till the end users.


  • INTERSECT (NWO & consortium of companies)
  • IoT Monitor (Ministry of Economic Affairs)

To top

Threat intelligence and abuse data

Understanding attacker behaviour enables network defenders to take preventive steps, from network detection to security by design. Knowledge about attacker infrastructure and methods is needed, and in this way cyber defense relies on abuse data and threat intelligence.

We investigate the properties of abuse data and threat intelligence. How are these data compiled? What do they tell us about the different threat vectors? How do they inform organizational processes? Can their impact be measured? What causal factors determine the distribution of incidents across networks and actors?


  • AIVD-TUD program National Cybersecurity (AIVD & TUD)

Security metrics

Why do some firms suffer more breaches than others? We know that some actors have better security than others. Lots of researchers and firms are trying to capture and quantify these differences in metrics.

Most security and risk metrics are pretty bad. They typically count inputs. Things like maturity frameworks count what countermeasures and controls organizations have in place and then rate them higher in terms of security. It is well-known, however, that many countermeasures do not correlate with more security.

Could we base security metrics on measurement data that reflects the actual performance of organizations? While enormous amounts of scan, abuse and vulnerability data are being collected every day, it is still unclear how to make predictive and reliable security metrics from these sources. We think that it is the way forward, though, and pursue this approach in several projects.


  • Outcome-Based Security Metrics, with CMU and Tulsa University (DHS)
  • AIVD-TUD program National Cybersecurity (AIVD & TUD)
  • Hosting providers security benchmarks (Ministry of Economic Affairs)
  • CSAM hosting monitor (Ministry of Justice and Security)
  • Role of ISPs in botnet mitigation (Ministry of Economic Affairs)

To top

Markets for cybercrime

We study the business models of profit-driven cybercrime. Together with bachelor and master students, and in collaboration with Dutch law enforcement, we analyze large-scale datasets - like seized online anonymous markets - to derive criminal strategies and find evidence-based intervention strategies.


  • MALPAY (Police, Fox-IT, TNO, ING, ABN AMRO, Rabobank)
  • Evidence-based financial cybercrime policing (FIOD, Public Prosecution Service)

Security behavior

Why are people still writing passwords on post-it notes? User awareness of information security is important, but this is only the starting point of improving behavior. We study how security incidents can be traced to behaviors.


  • Increasing the effectiveness of voluntary action against cybercrime (DHS & NWO)
  • Investigating behavioural mechanisms as an antecedent of security performance (TUD)
  • Network operator adoption of Source Address Validation (NCSC)

To top

Security governance

Many different public and private actors are involved in tackling, or ignoring, security problems. We study the socio-political arrangements that shape the behavior of firms, governments and other actors around cybersecurity threats.


  • CyberSec4Europe (EU H2020)
  • E-CRIME (EU FP7)
  • Effects of data breach notification laws (Ministry of Justice and Security)
  • Advanced Cyber Defense Center (ACDC) (EU CIP-PSP)
  • Evaluating the effectiveness of ABUSEHUB (Ministry of Economic Affairs)

To top

Software Infrastructures, Privacy and Optimization

What does it take to engineer systems that respect people's privacy? Exploring answers to this question require an understanding of privacy, as well as systems engineering. In our research, we study

  • different notions of privacy and how different privacy enhancing technologies (PETs) come to build these into design
  • translation of data protection requirements into novel system requirements,
  • the development of methods, techniques and tools to "engineer privacy".

Our focus in privacy engineering includes empirically studying the ways in which software production and computational infrastructures are changing and how these come to bear on the feasibility of privacy engineering. We also explore the increased utilization of optimization (Including machine learning and AI) in software production with the intention to identify novel risks and harms that result from such systems. In the spirit of PETs, we design Protective Optimization Technologies to counter these negative externalities.

To top