Publications Press LinkedIn Personal site

Scientific homepage of Wolter Pieters

The TRESPASS project: socio-technical attack navigators

Check out the TRESPASS newsletter for events, publications, and PhD student profiles
Bekijk de TRESPASS presentatie van BlackHatSessions 2014 (Dutch)

Socio-technical cyber security metrics, Information ethics, Adversarial risk management




(Free but not-so-secure energy: Námaskarđ/Hverarönd geothermal field, Mývatn area, Iceland)



Assistant professor cyber riskTRESPASS project technical leader
Section ICTServices, Cybersecurity and Safety group
Faculty of Technology, Policy and ManagementFaculty of Electrical Engineering, Mathematics and Computer Science
Delft University of TechnologyUniversity of Twente
phone: +31 15 27 88989
e-mail: [initial] dot [lastname] at [universitydomain] dot nl

My research focuses on cyber security risk management in complex systems. I work with qualitative and quantitative socio-technical security models, attack models, and attack graphs, to discover and prioritise weaknesses, and evaluate countermeasures. In relation to such decision support, I am also interested in the ethics of cyber security. I address electronic voting, cloud computing and electricity infrastructures as cases.

My research is part of the TRESPASS project.

News

January 26, 2015Papers now available online:
January 19, 2015Important security conferences in The Netherlands
Workshop on the Economics of Information Security (WEIS), New Security Paradigms Workshop (NSPW) and International Conference on Computer Safety, Reliability & Security (SAFECOMP) are all organised in The Netherlands this year (see upcoming events).
January 18, 2015Security-by-experiment for future grids
How to set up security-aware pilots for new technologies? "Experimenting with Incentives: Security in Pilots for Future Grids", joint work with Francien Dechesne and Dina Hadziosmanovic.
January 6, 2015Cyber security as social experiment
Security-by-design or security-by-experiment? Read my New Security Paradigms Workshop paper, joint work with Dina Hadziosmanovic and Francien Dechesne, on responsible deployment of security-sensitive technologies. The paper is based on the paradigm "new technologies as social experiments" of Ibo van de Poel.
December 24, 2014Security awareness testing on Dutch national radio
Today, I appeared on Dutch national radio in an item on security awareness testing. Suspicious USB sticks had been delivered to several companies, causing the police to issue a warning. In the end, it was unclear whether this was malicious or just a test, with the latter being the most likely. This emphasises the importance of informing the right people and following the right procedures in such tests.
December 2014Dagstuhl Socio-Technical Security Metrics
The Dagstuhl seminar on Socio-Technical Security Metrics was excellent in terms of interdisciplinary discussions. Many follow-up activities are planned by participants and working groups.
October 8, 2014Joop Bautz Award
Ruud Verbij won the Joop Bautz Information Security Award for his master's thesis on quantitative adversarial risk assessment of electronic voting systems. He also received the second prize in the NGI-NGN thesis contest.

Older news

Upcoming events

January 21-23, 2015TRESPASS Cybercrime Social Engineering Analysis Challenge @ Computers, Privacy and Data Protection Conference, Brussels, Belgium
February 26, 2015International Conference on Computer Safety, Reliability & Security(SAFECOMP) abstract deadline
February 27, 2015Workshop on the Economics of Information Security (WEIS) paper deadline
April 13-14, 2015NCSC One Conference, The Hague, The Netherlands
April 18, 2015New Security Paradigms Workshop (NSPW) paper deadline (firm!)
April 28-29, 2015TRESPASS visualisation workshop @ CSP Forum, Brussels, Belgium
June 22-23, 2015Workshop on the Economics of Information Security (WEIS), Delft, The Netherlands
September 8-11, 2015New Security Paradigms Workshop (NSPW), Twente, The Netherlands
September 22-25, 2015International Conference on Computer Safety, Reliability & Security (SAFECOMP), Delft, The Netherlands

Selected recent publications: theory

Socio-technical security metrics

Pieters, W. and Padget, J. and Dechesne, F. and Dignum, V. and Aldewereld, H. (2014) Effectiveness of qualitative and quantitative security obligations. Journal of Information Security and Applications, to appear. pp. 1-14. ISSN 2214-2126
Arnold, F. and Pieters, W. and Stoelinga, M.I.A. (2013) Quantitative penetration testing with item response theory. In: 9th International Conference on Information Assurance and Security, IAS 2013, 4-6 Dec 2013, Gammarth, Tunisia. pp. 49-54. IEEE. ISBN 978-1-4799-2989-4
Pieters, W. and Dimkov, T. and Pavlovic, D. (2013) Security policy alignment: A formal approach. IEEE Systems Journal. ISSN 1932-8184
Pieters, W. and Van der Ven, S.H.G. and Probst, C.W. (2012) A move in the security measurement stalemate: Elo-style ratings to quantify vulnerability. In: NSPW '12: Proceedings of the 2012 New security paradigms workshop, 18-21 Sep 2012, Bertinoro, Italy. pp. 1-14 ACM. 978-1-4503-1794-8

Security ethics

Pieters, W. (2013) On thinging things and serving services: technological mediation and inseparable goods. Ethics and information technology, 15 (3). pp. 195-208. ISSN 1388-1957 *** ISI Impact 0,85 ***
Pieters, W. (2011) The (social) construction of information security. The Information Society, 27 (5). pp. 326-335. ISSN 0197-2243 *** ISI Impact 1,111 ***
Pieters, W. and Coles-Kemp, L. (2011) Reducing normative conflicts in information security. In: NSPW '11: Proceedings of the 2011 New security paradigms workshop, 12-15 Sep 2011, Marin County, CA. pp. 11-24. ACM. ISBN 978-1-4503-1078-9
Pieters, W. (2010) Reve{a,i}ling the risks: a phenomenology of information security Techné: Research in Philosophy and Technology, 14 (3). pp. 176-188. ISSN 1091-8264
Pieters, W. and van Cleeff, A. (2009) The Precautionary Principle in a World of Digital Dependencies. IEEE Computer, 42 (6). pp. 50-56. ISSN 0018-9162 *** ISI Impact 2,205 ***

Adversarial risk management

Pieters, W. and Lukszo, Z. and Hadziosmanovic, D. and Van den Berg, J. (2014) Reconciling malicious and accidental risk in cyber security. Journal of Internet Services and Information Security, 4 (2). pp. 2-26. ISSN 2182-2069
Pieters, W. and Probst, C.W. and Lukszo, S. and Montoya Morales, A.L. (2014) Cost-effectiveness of Security Measures: A model-based Framework. In: Approaches and Processes for Managing the Economics of Information Systems. IGI Global, Hershey, PA, USA, pp. 139-156. ISBN 978-1-4666-4983-5
Kulikova, O. and Heil, R. and van den Berg, Jan and Pieters, W. (2012) Cyber crisis management: a decision-support framework for disclosing security incident information. In: International Conference on Cyber Security, CyberSecurity 2012, 14-16 Dec 2012, Washington, USA. pp. 103-112. Cyber Security (CyberSecurity), 2012 International Conference . IEEE Computer Society. ISBN 978-1-4799-0219-4

Selected recent publications: applications

Cloud security

Pieters, W. (2013) Defining "The Weakest Link": Comparative Security in Complex Systems of Systems. In: 2013 IEEE 5th International Conference on Cloud Computing Technology and Science, 2-5 Dec 2013, Bristol, United Kingdom. pp. 39-44. IEEE Computer Society. ISBN 978-0-7695-5095-4
Bleikertz, S. and Mastelic, T. and Pape, S. and Pieters, W. and Dimkov, T. (2013) Defining the cloud battlefield - supporting security assessments by cloud customers. In: International Conference on Cloud Engineering (IC2E 2013), 25-27 Mar 2013 , Redwood City, CA . pp. 78-87. IEEE Computer Society. ISBN 978-1-4673-6473-7
Probst, C.W. and Sasse, A.M. and Pieters, W. and Dimkov, T. and Luysterborg, E. and Arnaud, M. (2012) Privacy penetration testing -- how to establish trust in your cloud provider. In: European Data Protection: In Good Health? International, Foreign and Comparative Law XVIII. Springer, London, pp. 251-266. ISBN 978-94-007-2902-5
Pieters, W. (2011) Security and privacy in the clouds: a bird's eye view. In: Computers, Privacy and Data Protection: an Element of Choice. Springer, Dordrecht, pp. 445-457. ISBN 978-94-007-0640-8
van Cleeff, A. and Pieters, W. and Wieringa, R.J. (2009) Security Implications of Virtualization: A Literature Study. In: 2009 IEEE International Conference on Computational Science and Engineering (CSE09), volume 3, 29 Aug - 31 Aug, Vancouver, BC, Canada. pp. 353-358. IEEE Computer Society. ISBN 978-0-7695-3823-5

Security in electronic voting

Pieters, W. (2011) How devices transform voting. In: Innovating Government. Normative, policy and technological dimensions of modern government. Information Technology and Law Series 20. T.M.C. Asser Press, The Hague, pp. 439-452. ISSN 1570-2782 ISBN 978-90-6704-730-2
van Cleeff, A. and Dimkov, T. and Pieters, W. and Wieringa, R.J. (2011) Realizing Security Requirements with Physical Properties: A Case Study on Paper Voting. In: Proceedings of the International Conference on IT Convergence and Security (ICITCS 2011), December 14 -16, 2011, Suwon, South Korea. pp. 51-67. Lecture Notes in Electrical Engineering 120. Springer Verlag. ISSN 1876-1100 ISBN 978-94-007-2910-0 *** best paper award ***
Jonker, H.L. and Pieters, W. (2010) Anonymity in voting revisited. In: Towards Trustworthy Elections: New Directions in Electronic Voting. Lecture Notes in Computer Science 6000. Springer Verlag, Berlin, pp. 216-230. ISBN 978-3-642-12979-7
Langer, L. and Jonker, H.L. and Pieters, W. (2010) Anonymity and Verifiability in Voting: Understanding (Un)Linkability. In: 12th International Conference Information and Communications Security, ICICS 2010, 15-17 Dec 2010, Barcelona, Spain. pp. 296-310. Lecture Notes in Computer Science 6476. Springer Verlag. ISSN 0302-9743 ISBN 978-3-642-17649-4
Pieters, W. (2010) Verifiability of electronic voting: between confidence and trust. In: Data Protection in a Profiled World. Springer, Dordrecht, pp. 157-175. ISBN 978-90-481-8864-2

All publications