Publications Presentations Press LinkedIn Personal site

Scientific homepage of Wolter Pieters

The TREsPASS project: socio-technical attack navigators

Standpunt elektronisch stemmen




(Free but not-so-secure energy: Námaskarđ/Hverarönd geothermal field, Mývatn area, Iceland)



Assistant professor information riskTREsPASS project technical leader
Section ICTDIES group
Faculty of Technology, Policy and ManagementFaculty of Electrical Engineering, Mathematics and Computer Science
Delft University of TechnologyUniversity of Twente
phone: +31 15 27 88989
e-mail: [initial] dot [lastname] at [universitydomain] dot nl

My research focuses on information security risk management in complex systems. I work with qualitative and quantitative socio-technical security models, attack models, and attack graphs, to discover and prioritise weaknesses, and evaluate countermeasures. In relation to such decision support, I am also interested in the ethics of information security. I address electronic voting, cloud computing and electricity infrastructures as cases.

My research is part of the TREsPASS project.

News

October 25, 2013Quantitative penetration testing
Thus far, penetration testing has been used as a qualitative method, indicating whether certain attack scenarios are possible. Florian Arnold, Marielle Stoelinga and I propose methods for quantitative penetration testing, such that the results can be used in risk assessment. Florian will present the paper at the Information Assurance and Security (IAS) conference
September 20, 2013Finally: a formalisation of "the weakest link"
Ever heard the claim that humans are the weakest link in security? But how to prove such a claim? In my paper "Defining `The Weakest Link': Comparative Security in Complex Systems of Systems" I address this question. The paper will be presented at the Economics of Security in the Cloud (ESC) Workshop
August 15, 2013Dagstuhl seminar proposal accepted
The proposal for a Dagstuhl seminar on Socio-Technical Security Metrics, joint work with Dieter Gollmann, M. Eric Johnson, Vincent Koenig and Angela Sasse, has been accepted. The seminar will take place November 30 - December 5, 2014. The seminar is invitation-only, but expressions of interest are welcome (no guarantees).
July 1, 2013Papers now available online
Security policy alignment: A formal approach.
A move in the security measurement stalemate: Elo-style ratings to quantify vulnerability.
On thinging things and serving services: Technological mediation and inseparable goods.
Cyber Crisis Management: A Decision-Support Framework for Disclosing Security Incident Information.
Defining the Cloud Battlefield - Supporting Security Assessments by Cloud Customers.

Upcoming events

September 8-14, 2013PASSAT '13
I'm a program committee member of the 5th ASE/IEEE International Conference on Information Privacy, Security, Risk and Trust.
November 26-28, 2013 SIN conference
Francien Dechesne will present our paper "Obligations to Enforce Prohibitions: On the Adequacy of Security Policies", joint work with Julian Padget, Huib Aldewereld, and Virginia Dignum, at the Security of Information and Networks conference, Turkey.
December 5, 2013Economics of Security in the Cloud
I'm a program committee member of the Economics of Security in the Cloud (ESC) Workshop @ IEEE CloudCom 2013. I will also present my paper on the weakest link in socio-technical systems.
November 30-December 5, 2014Socio-Technical Security Metrics
I'm an organizer of the Dagstuhl seminar on Socio-Technical Security Metrics.

Older news

Selected recent publications

Cloud security

Probst, C.W. and Sasse, A.M. and Pieters, W. and Dimkov, T. and Luysterborg, E. and Arnaud, M. (2012) Privacy penetration testing -- how to establish trust in your cloud provider. In: European Data Protection: In Good Health? International, Foreign and Comparative Law XVIII. Springer, London, pp. 251-266. ISBN 978-94-007-2902-5
Pieters, W. (2011) Security and privacy in the clouds: a bird's eye view. In: Computers, Privacy and Data Protection: an Element of Choice. Springer, Dordrecht, pp. 445-457. ISBN 978-94-007-0640-8
van Cleeff, A. and Pieters, W. and Wieringa, R.J. (2010) Benefits of Location-Based Access Control: A Literature Study. In: Proceedings of the 3rd IEEE/ACM International Conference on Cyber, Physical and Social Computing (CPSCom 2010), 18-20 Dec, 2010, Hangzhou, China. pp. 739-746. IEEE Computer Society. ISBN 978-1-4244-9779-9
van Cleeff, A. and Pieters, W. and Wieringa, R.J. (2009) Security Implications of Virtualization: A Literature Study. In: 2009 IEEE International Conference on Computational Science and Engineering (CSE09), volume 3, 29 Aug - 31 Aug, Vancouver, BC, Canada. pp. 353-358. IEEE Computer Society. ISBN 978-0-7695-3823-5
Pieters, W. and Tang, Q. (2009) Data is key: introducing the data-based access control paradigm. In: Data and Applications Security 2009, 12-15 Jul 2009, Montreal, Canada. pp. 240-251. Lecture Notes in Computer Science 5645. Springer Verlag. ISBN 978-3-642-03006-2

Security in electronic voting

van Cleeff, A. and Dimkov, T. and Pieters, W. and Wieringa, R.J. (2011) Realizing Security Requirements with Physical Properties: A Case Study on Paper Voting. In: Proceedings of the International Conference on IT Convergence and Security (ICITCS 2011), December 14 -16, 2011, Suwon, South Korea. pp. 51-67. Lecture Notes in Electrical Engineering 120. Springer Verlag. ISSN 1876-1100 ISBN 978-94-007-2910-0 *** best paper award ***
Jonker, H.L. and Pieters, W. (2010) Anonymity in voting revisited. In: Towards Trustworthy Elections: New Directions in Electronic Voting. Lecture Notes in Computer Science 6000. Springer Verlag, Berlin, pp. 216-230. ISBN 978-3-642-12979-7
Langer, L. and Jonker, H.L. and Pieters, W. (2010) Anonymity and Verifiability in Voting: Understanding (Un)Linkability. In: 12th International Conference Information and Communications Security, ICICS 2010, 15-17 Dec 2010, Barcelona, Spain. pp. 296-310. Lecture Notes in Computer Science 6476. Springer Verlag. ISSN 0302-9743 ISBN 978-3-642-17649-4
Pieters, W. (2010) Verifiability of electronic voting: between confidence and trust. In: Data Protection in a Profiled World. Springer, Dordrecht, pp. 157-175. ISBN 978-90-481-8864-2
Pieters, W. (2009) Combatting electoral traces: the Dutch tempest discussion and beyond. In: E-Voting and Identity: Second International Conference, VOTE-ID 2009, 7-8 Sep 2009, Luxembourg city, Luxembourg. pp. 172-190. Lecture Notes in Computer Science 5767. Springer Verlag. ISSN 0302-9743 ISBN 978-3-642-04134-1

Socio-technical security

Pieters, W. and Dimkov, T. and Pavlovic, D. (2013) Security policy alignment: A formal approach. IEEE Systems Journal. ISSN 1932-8184
Pieters, W. and Van der Ven, S.H.G. and Probst, C.W. (2012) A move in the security measurement stalemate: Elo-style ratings to quantify vulnerability. In: NSPW '12: Proceedings of the 2012 New security paradigms workshop, 18-21 Sep 2012, Bertinoro, Italy. pp. 1-14 ACM. 978-1-4503-1794-8
Pieters, W. and Coles-Kemp, L. (2011) Reducing normative conflicts in information security. In: NSPW '11: Proceedings of the 2011 New security paradigms workshop, 12-15 Sep 2011, Marin County, CA. pp. 11-24. ACM. ISBN 978-1-4503-1078-9
Pieters, W. (2011) Representing humans in system security models: An actor-network approach. Journal of Wireless Mobile Networks, Ubiquitous Computing, and Dependable Applications, 2 (1). pp. 75-92. ISSN 2093-5374
Dimkov, T. and van Cleeff, A. and Pieters, W. and Hartel, P.H. (2010) Two methodologies for physical penetration testing using social engineering. In: Proceedings of the Annual Computer Security Applications Conference (ACSAC), 06-10 Dec 2010, Austin, Texas, USA. pp. 399-408. ACM. ISBN 978-1-4503-0133-6

Security ethics

Pieters, W. (2013) On thinging things and serving services: Technological mediation and inseparable goods. Ethics and information technology. ISSN 1388-1957
Pieters, W. (2011) The (social) construction of information security. The Information Society, 27 (5). pp. 326-335. ISSN 0197-2243 *** ISI Impact 1,111 ***
Pieters, W. (2011) How devices transform voting. In: Innovating Government. Normative, policy and technological dimensions of modern government. Information Technology and Law Series 20. T.M.C. Asser Press, The Hague, pp. 439-452. ISSN 1570-2782 ISBN 978-90-6704-730-2
Pieters, W. (2010) Reve{a,i}ling the risks: a phenomenology of information security Techné: Research in Philosophy and Technology, 14 (3). pp. 176-188. ISSN 1091-8264
Pieters, W. and van Cleeff, A. (2009) The Precautionary Principle in a World of Digital Dependencies. IEEE Computer, 42 (6). pp. 50-56. ISSN 0018-9162 *** ISI Impact 2,205 ***

All publications