Associate Professor
biczok (at) crysys.hu
office: I.E. 430
tel: +36 1 463 2080
fax: +36 1 463 3263
Gergely is a freshly-minted associate professor at the CrySyS Lab. He received the PhD (2010) and MSc (2003) degrees in
Computer Science from the Budapest University of Technology and Economics. He was a postdoctoral fellow at the
Norwegian University of Science and Technology from 2011 to 2014. He was a Fulbright Visiting Researcher to
Northwestern University between 2007 and 2008. He also held a researcher position at Ericsson Research Hungary
from 2003 to 2007.
His research interests are in the economics of networked systems focusing on data privacy, information security and incentives.
His Google Scholar profile is here.
This BSc course gives an overview of the different areas of IT security with the aim of increasing the security awareness of computer science students and shaping their attitude towards designing and using secure computing systems. The course prepares BSc students for security challenges that they may encounter during their professional career, and at the same time, it provides a basis for those students who want to continue their studies at MSc level (taking, for instance, our IT Security minor specialization). We put special emphasis on software security and the practical aspects of developing secure programs.
This BSc course gives an overview of the different areas of IT security with the aim of increasing the security awareness of computer science students and shaping their attitude towards designing and using secure computing systems. The course prepares BSc students for security challenges that they may encounter during their professional career, and at the same time, it provides a basis for those students who want to continue their studies at MSc level (taking, for instance, our IT Security minor specialization). We put special emphasis on software security and the practical aspects of developing secure programs.
Information security is as much an economic problem as it is technical. Even given flawless cryptographic protocols and the availability of perfectly secure software, the misaligned economic incentives of different stakeholders in a system often result in a (very) sub-optimal security level. By guiding you through the jungle of asymmetric information, interdependent security, correlated risk and other concepts characteristic for system security, this elective course will enable you to make better decisions in risk management, security investment and policy design on a system level. Furthermore, the course touches upon the economic aspects of data privacy, an emerging area of interest for users and companies in the big data era.
The sharing and explotation of the ever-growing data about individuals raise serious privacy concerns these
days. Is it possible to derive (socially or individually) useful information about people from this Big Data
without revealing personal information?
This course provides a detailed overview of data privacy. It focuses on different privacy problems of web
tracking, data sharing, and machine learning, as well as their mitigation techniques. The aim is to give the
essential (technical) background knowledge needed to identify and protect personal data. These skills are
becoming a must of every data/software engineer and data protection officer dealing with personal and sensitive
data, and are also required by the European General Data Protection Regulation (GDPR).
As evidenced in the last 10-15 years, cybersecurity is not a purely technical discipline. Decision-makers, whether sitting at security providers (IT companies), security demanders (everyone using IT) or the security industry, are mostly driven by economic incentives. Understanding these incentives are vital for designing systems that are secure in real-life scenarios. Parallel to this, data privacy has also shown the same characteristics: proper economic incentives and controls are needed to design systems where sharing data is beneficial to both data subject and data controller. An extreme example to a flawed attempt at such a design is the Cambridge Analytica case.
The prospective student will identify a cybersecurity or data privacy economics problem, and use elements of game theory and other domain-specific techniques and software tools to transform the problem into a model and propose a solution. Potential topics include:
Required skills: model thinking, good command of English
Preferred skills: basic knowledge of game theory, basic programming skills (e.g., python, matlab, NetLogo)
ACM Transactions on Spatial Algorithms and Systems (TSAS), 2022.
@article {
author = {Balazs Pejo, Gergely Biczók},
title = {Games in the Time of COVID-19: Promoting Mechanism Design for Pandemic Response},
journal = {ACM Transactions on Spatial Algorithms and Systems (TSAS)},
year = {2022},
howpublished = "\url{https://dl.acm.org/doi/abs/10.1145/3503155}"
}
Privacy Enhancing Technologies Symposium (PETS), 2022.
Bibtex | Abstract | PDF | Link
@conference {
author = {Szilvia Lestyan, Gergely Ács, Gergely Biczók},
title = {In search of lost utility: private location data},
booktitle = {Privacy Enhancing Technologies Symposium (PETS)},
year = {2022},
howpublished = "\url{https://arxiv.org/pdf/2008.01665.pdf}"
}
Proceedings of the 7th International Conference on Vehicle Technology and Intelligent Transport Systems, 2021.
@inproceedings {
author = {Irina Chiscop, András Gazdag, Joost Bosman, Gergely Biczók},
title = {Detecting Message Modification Attacks on the CAN Bus with Temporal Convolutional Networks},
booktitle = {Proceedings of the
7th International Conference on
Vehicle Technology and Intelligent Transport Systems},
year = {2021}
}
2nd Workshop on vAlidation and verification in FuturE cybeR-physical Systems (WAFERS, co-located with LADC 2021), 2021.
Bibtex | Abstract | PDF | Link
@inproceedings {
author = {, Gergely Biczók, , , },
title = {Impact Assessment of IT Security Breaches in Cyber-Physical Systems},
booktitle = {2nd Workshop on vAlidation and verification in FuturE cybeR-physical Systems (WAFERS, co-located with LADC 2021)},
year = {2021},
howpublished = "\url{https://ieeexplore.ieee.org/document/9672582}"
}
16th International Workshop on Data Privacy Management (DPM, co-located with ESORICS 2021), 2021.
Bibtex | Abstract | PDF | Link
@inproceedings {
author = {Shuaishuai Liu, , Gergely Biczók},
title = {Interdependent privacy issues are pervasive among third-party applications},
booktitle = {16th International Workshop on Data Privacy Management (DPM, co-located with ESORICS 2021)},
year = {2021},
howpublished = "\url{https://link.springer.com/chapter/10.1007/978-3-030-93944-1_5}"
}
ERCIM NEWS, vol. 126, 2021, pp. 35-36.
@article {
author = {Gergely Ács, Gergely Biczók, Balazs Pejo},
title = {Measuring Contributions in Privacy-Preserving Federated Learning},
journal = {ERCIM NEWS},
volume = {126},
year = {2021},
pages = {35-36},
howpublished = "\url{https://ercim-news.ercim.eu/en126/special/measuring-contributions-in-privacy-preserving-federated-learning}"
}
Jajodia S., Samarati P., Yung M. (eds) Encyclopedia of Cryptography, Security and Privacy. Springer, Berlin, Heidelberg., Springer, 2021.
@inproceedings {
author = {Gergely Ács, Szilvia Lestyan, Gergely Biczók},
title = {Privacy of Aggregated Mobility Data},
booktitle = {Jajodia S., Samarati P., Yung M. (eds) Encyclopedia of Cryptography, Security and Privacy. Springer, Berlin, Heidelberg.},
publisher = {Springer},
year = {2021},
howpublished = "\url{https://doi.org/10.1007/978-3-642-27739-9_1575-1}"
}
2021 IEEE 7th International Conference on Network Softwarization (NetSoft 2021), 2021.
@inproceedings {
author = {Enio Marku, Gergely Biczók, Colin Boyd},
title = {SafeLib: a practical library for outsourcing stateful network functions securely},
booktitle = {2021 IEEE 7th International Conference on Network Softwarization (NetSoft 2021)},
year = {2021}
}
Proc. of ACM SIGSPATIAL Workshop on COVID, ACM, 2020.
@inproceedings {
author = {Balazs Pejo, Gergely Biczók},
title = {Corona Games: Masks, Social Distancing and Mechanism Design},
booktitle = {Proc. of ACM SIGSPATIAL Workshop on COVID},
publisher = {ACM},
year = {2020}
}
IEEE Communications Magazine, vol. 58, no. 7, vol. 58, 2020, pp. 1-8.
@article {
author = {Enio Marku, Gergely Biczók, Colin Boyd},
title = {Securing Outsourced VNFs: Challenges, State of the Art, and Future Directions},
journal = {IEEE Communications Magazine, vol. 58, no. 7},
volume = {58},
year = {2020},
pages = {1-8}
}
3rd International Workshop on Emerging Technologies for Authorization and Authentication (Co-Located with ESORICS 2020) - ETAA 2020, 2020.
@inproceedings {
author = {Gergely Biczók, Máté Horváth, Szilveszter Szebeni, Istvan Lam, Levente Buttyán},
title = {The cost of having been pwned: a security service provider's perspective},
booktitle = {3rd International Workshop on Emerging Technologies for Authorization and Authentication (Co-Located with ESORICS 2020) - ETAA 2020},
year = {2020}
}
22th IEEE Intelligent Transportation Systems Conference (ITSC), IEEE, 2019.
@inproceedings {
author = {Mina Remeli, Szilvia Lestyan, Gergely Ács, Gergely Biczók},
title = {Automatic Driver Identification from In-Vehicle Network Logs},
booktitle = {22th IEEE Intelligent Transportation Systems Conference (ITSC)},
publisher = {IEEE},
year = {2019},
howpublished = "\url{https://arxiv.org/pdf/1911.09508.pdf}"
}
5th International Conference on Information Security and Privacy (ICISSP 2019), SCITEPRESS, 2019, shortlisted for Best Student Paper Award.
@inproceedings {
author = {Szilvia Lestyan, Gergely Ács, Gergely Biczók, Zsolt Szalay},
title = {Extracting vehicle sensor signals from CAN logs for driver re-identification},
booktitle = {5th International Conference on Information Security and Privacy (ICISSP 2019)},
publisher = {SCITEPRESS},
year = {2019},
note = {shortlisted for Best Student Paper Award}
}
Proceedings on Privacy Enhancing Technologies (PETS 2019), De Gruyter, 2019.
@inproceedings {
author = {Balazs Pejo, , Gergely Biczók},
title = {Together or Alone: The Price of Privacy in Collaborative Learning},
booktitle = {Proceedings on Privacy Enhancing Technologies (PETS 2019)},
publisher = {De Gruyter},
year = {2019}
}
1st International Workshop on Cyber-Security Threats, Trust and Privacy Management in Software-defined and Virtualized Infrastructures (SecSoft), IEEE, 2019, co-located with IEEE NetSoft 2019.
@inproceedings {
author = {Enio Marku, Gergely Biczók, Colin Boyd},
title = {Towards protected VNFs for multi-operator service delivery},
booktitle = {1st International Workshop on Cyber-Security Threats, Trust and Privacy Management in Software-defined and Virtualized Infrastructures (SecSoft)},
publisher = {IEEE},
year = {2019},
note = {co-located with IEEE NetSoft 2019}
}
1st International Workshop on Smart Circular Economy (co-located with IEEE DCOSS), IEEE, 2019.
@inproceedings {
author = {Iraklis Symeonidis, , , Gergely Biczók},
title = {Towards Systematic Specification of Non-Functional Requirements for Sharing Economy Services},
booktitle = {1st International Workshop on Smart Circular Economy (co-located with IEEE DCOSS)},
publisher = {IEEE},
year = {2019}
}
Computers & Security, vol. 77, 2018, pp. 179-208.
@article {
author = {Iraklis Symeonidis, Gergely Biczók, Fatemeh Shirazi, Cristina Perez-Sola, , Bart Preneel},
title = {Collateral damage of Facebook third-party applications: a comprehensive study},
journal = {Computers & Security},
volume = {77},
year = {2018},
pages = {179-208}
}
CCS 2018 Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security, ACM, 2018.
@inproceedings {
author = {Balazs Pejo, , Gergely Biczók},
title = {POSTER: The Price of Privacy in Collaborative Learning},
booktitle = {CCS 2018 Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security},
publisher = {ACM},
year = {2018}
}
A. Gkoulalas-Divanis and Claudio Bettini (Eds.), Handbook of Mobile Data Privacy, pp. 307-335, Springer, 2018.
@inbook {
author = {Gergely Ács, Gergely Biczók, Claude Castelluccia},
editor = {A. Gkoulalas-Divanis and Claudio Bettini (Eds.)},
title = {Privacy-Preserving Release of Spatio-Temporal Density},
chapter = {Handbook of Mobile Data Privacy},
pages = {307-335},
publisher = {Springer},
year = {2018}
}
IEEE Communications Magazine, vol. 55, no. 4, 2017.
@article {
author = {Håkon Lønsethagen, Poul E. Heegaard, Laszlo Toka, Manos Dramitinos, Gergely Biczók},
title = {Manufactured by software: SDN-enabled multi-operator composite services with the 5G Exchange},
journal = {IEEE Communications Magazine},
volume = {55},
number = {4},
year = {2017}
}
IFIP International Conference on ICT Systems Security and Privacy Protection (IFIP SEC), Springer, 2016.
@inproceedings {
author = {Bart Preneel, Cristina Perez-Sola, Gergely Biczók, Fatemeh Shirazi, Iraklis Symeonidis},
title = {Collateral Damage of Facebook Apps: Friends, Providers, and Privacy Interdependence},
booktitle = {IFIP International Conference on ICT Systems Security and Privacy Protection (IFIP SEC)},
publisher = {Springer},
year = {2016}
}
IEEE/IFIP Network Operations and Management Symposium (NOMS), IEEE, 2016.
@inproceedings {
author = {Colin Boyd, Nikolett Bereczky, Balázs Sonkoly, Gergely Biczók},
title = {Private VNFs for collaborative multi-operator service delivery: An architectural case},
booktitle = {IEEE/IFIP Network Operations and Management Symposium (NOMS)},
publisher = {IEEE},
year = {2016}
}
IEEE Global Communications Conference (GLOBECOM), IEEE, 2016.
@inproceedings {
author = {Laszlo Toka, Gergely Biczók, Poul E. Heegaard},
title = {Sharing is Power: Incentives for Information Exchange in Multi-Operator Service Delivery},
booktitle = {IEEE Global Communications Conference (GLOBECOM)},
publisher = {IEEE},
year = {2016}
}
IEEE INFOCOM Smart Data Pricing WS, IEEE, 2015.
@inproceedings {
author = {Gergely Biczók, Laszlo Toka},
title = {On pricing online data backup},
booktitle = {IEEE INFOCOM Smart Data Pricing WS},
publisher = {IEEE},
year = {2015}
}
Financial Cryptography & Data Security, Springer, 2013.
@inproceedings {
author = {Pern Hui Chia, Gergely Biczók},
title = {Interdependent Privacy: Let Me Share Your Data},
booktitle = {Financial Cryptography & Data Security},
publisher = {Springer},
year = {2013}
}