Dr. Gergely Biczók
Assistant Professor
biczok (at) crysys.hu
web: www.crysys.hu/~biczok/
office: I.E. 430
tel: +36 1 463 2080
fax: +36 1 463 3263
Current courses | Student projects | Publications
Short Bio
Gergely is an assistant professor at the CrySyS Lab. He received the PhD (2010) and MSc (2003) degrees in Computer Science from the Budapest University of Technology and Economics. He was a postdoctoral fellow at the Norwegian University of Science and Technology from 2011 to 2014. He was a Fulbright Visiting Researcher to Northwestern University between 2007 and 2008. He also held a researcher position at Ericsson Research Hungary from 2003 to 2007.
Current Courses
IT Security (VIHIAC01)
This BSc course gives an overview of the different areas of IT security with the aim of increasing the security awareness of computer science students and shaping their attitude towards designing and using secure computing systems. The course prepares BSc students for security challenges that they may encounter during their professional carrier, and at the same time, it provides a basis for those students who want to continue their studies at MSc level (taking, for instance, our IT Security minor specialization). We put special emphasis on software security and the practical aspects of developing secure programs.
IT Security (in English) (VIHIAC01)
This BSc course gives an overview of the different areas of IT security with the aim of increasing the security awareness of computer science students and shaping their attitude towards designing and using secure computing systems. The course prepares BSc students for security challenges that they may encounter during their professional carrier, and at the same time, it provides a basis for those students who want to continue their studies at MSc level (taking, for instance, our IT Security minor specialization). We put special emphasis on software security and the practical aspects of developing secure programs.
Security and Privacy: an Economic Approach (in English) (VIHIAV34)
Information security is as much an economic problem as it is technical. Even given flawless cryptographic protocols and the availability of perfectly secure software, the misaligned economic incentives of different stakeholders in a system often result in a (very) sub-optimal security level. By guiding you through the jungle of asymmetric information, interdependent security, correlated risk and other concepts characteristic for system security, this elective course will enable you to make better decisions in risk management, security investment and policy design on a system level. Furthermore, the course touches upon the economic aspects of data privacy, an emerging area of interest for users and companies in the big data era.
Privacy-Preserving Technologies (VIHIAV35)
The sharing and explotation of the ever-growing data about individuals raise serious privacy concerns these
days. Is it possible to derive (socially or individually) useful information about people from this Big Data
without revealing personal information?
This course provides a detailed overview of data privacy. It focuses on different privacy problems of web
tracking, data sharing, and machine learning, as well as their mitigation techniques. The aim is to give the
essential (technical) background knowledge needed to identify and protect personal data. These skills are
becoming a must of every data/software engineer and data protection officer dealing with personal and sensitive
data, and are also required by the upcoming European General Data Protection Regulation (GDPR).
Student Project Proposals
Economics of cybersecurity and data privacy
As evidenced in the last 10-15 years, cybersecurity is not a purely technical discipline. Decision-makers,
whether sitting at security providers (IT companies), security demanders (everyone using IT) or the security
industry, are mostly driven by economic incentives. Understanding these incentives are vital for designing
systems that are secure in real-life scenarios [1]. Parallel to this, data privacy has also shown the same
characteristics: proper economic incentives and controls are needed
to design systems where sharing data is beneficial to both data subject and data controller. An extreme example to a
flawed attempt at such a design is the Cambridge Analytica case [2].
The prospective student will identify a cybersecurity or data privacy economics problem, and use elements of game
theory and other domain-specific techniques and software tools to
transform the problem into a model and to propose a solution. Potential topics include:
- cyber-insurance
- sharing security-related information
- cyber-warfare
- interdependent privacy
- collaborative machine learning
Required skills: analytic thinking, good command of English
Preferred skills: basic knowledge of game theory, basic programming skills (e.g., python, matlab, NetLogo)
[1] Anderson, Ross, and Moore, Tyler. "The
Economics of Information Security." Science 314.5799(2006):610-613.
[2] Symeonidis, Iraklis and Biczók, Gergely. "
Interdependent privacy in effect: the collateral damage of third-party apps on Facebook. CrySyS Blog.
Publications
2017
Manufactured by software: SDN-enabled multi-operator composite services with the 5G Exchange
G. Biczók, M Dramitinos, L. Toka, P Heegaard, H Lønsethagen
IEEE Communications Magazine, vol. 55, no. 4, 2017.
@article {
author = {Gergely Biczók, Manos Dramitinos, Laszlo Toka, Poul E. Heegaard, Håkon Lønsethagen},
title = {Manufactured by software: SDN-enabled multi-operator composite services with the 5G Exchange},
journal = {IEEE Communications Magazine},
volume = {55},
number = {4},
year = {2017}
}
Abstract
Bla2016
Collateral Damage of Facebook Apps: Friends, Providers, and Privacy Interdependence
I. Symeonidis, F. Shirazi, G. Biczók, C. Perez-Sola, B. Preneel
IFIP International Conference on ICT Systems Security and Privacy Protection (IFIP SEC), Springer, 2016.
@inproceedings {
author = {Iraklis Symeonidis, Fatemeh Shirazi, Gergely Biczók, Cristina Perez-Sola, Bart Preneel},
title = {Collateral Damage of Facebook Apps: Friends, Providers, and Privacy Interdependence},
booktitle = {IFIP International Conference on ICT Systems Security and Privacy Protection (IFIP SEC)},
publisher = {Springer},
year = {2016}
}
Abstract
Third-party apps enable a personalized experience on social networking platforms; however, they give rise to privacy interdependence issues. Apps installed by a user’s friends can collect and potentially misuse her personal data inflicting collateral damage on the user while leaving her without proper means of control. In this paper, we present a multi-faceted study on the collateral information collection of apps in social networks. We conduct a user survey and show that Facebook users are concerned about this issue and the lack of mechanisms to control it. Based on real data, we compute the likelihood of collateral information collection affecting users; we show that the probability is significant and depends on both the friendship network and the popularity of the app. We also show its significance by computing the proportion of exposed user attributes including the case of profiling, when several apps are offered by the same provider. Finally, we propose a privacy dashboard concept enabling users to control the collateral damage.Private VNFs for collaborative multi-operator service delivery: An architectural case
G. Biczók, B. Sonkoly, N. Bereczky, C. Boyd
IEEE/IFIP Network Operations and Management Symposium (NOMS), IEEE, 2016.
@inproceedings {
author = {Gergely Biczók, Balázs Sonkoly, Nikolett Bereczky, Colin Boyd},
title = {Private VNFs for collaborative multi-operator service delivery: An architectural case},
booktitle = {IEEE/IFIP Network Operations and Management Symposium (NOMS)},
publisher = {IEEE},
year = {2016}
}
Abstract
Flexible service delivery is a key requirement for 5G network architectures. This includes the support for collaborative service delivery by multiple operators, when an individual operator lacks the geographical footprint or the available network, compute or storage resources to provide the requested service to its customer. Network Function Virtualisation is a key enabler of such service delivery, as network functions (VNFs) can be outsourced to other operators. Owing to the (partial lack of) contractual relationships and co-opetition in the ecosystem, the privacy of user data, operator policy and even VNF code could be compromised. In this paper, we present a case for privacy in a VNF-enabled collaborative service delivery architecture. Specifically, we show the promise of homomorphic encryption (HE) in this context and its performance limitations through a proof of concept implementation of an image transcoder network function. Furthermore, inspired by application-specific encryption techniques, we propose a way forward for private, payload-intensive VNFs.Sharing is Power: Incentives for Information Exchange in Multi-Operator Service Delivery
P Heegaard, G. Biczók, L. Toka
IEEE Global Communications Conference (GLOBECOM), IEEE, 2016.
@inproceedings {
author = {Poul E. Heegaard, Gergely Biczók, Laszlo Toka},
title = {Sharing is Power: Incentives for Information Exchange in Multi-Operator Service Delivery},
booktitle = {IEEE Global Communications Conference (GLOBECOM)},
publisher = {IEEE},
year = {2016}
}
Abstract
2015
On pricing online data backup
L. Toka, G. Biczók
IEEE INFOCOM Smart Data Pricing WS, IEEE, 2015.
@inproceedings {
author = {Laszlo Toka, Gergely Biczók},
title = {On pricing online data backup},
booktitle = {IEEE INFOCOM Smart Data Pricing WS},
publisher = {IEEE},
year = {2015}
}
Abstract
2013
Interdependent Privacy: Let Me Share Your Data
G. Biczók, P. Chia
Financial Cryptography & Data Security, Springer, 2013.
@inproceedings {
author = {Gergely Biczók, Pern Hui Chia},
title = {Interdependent Privacy: Let Me Share Your Data},
booktitle = {Financial Cryptography & Data Security},
publisher = {Springer},
year = {2013}
}