1st Model-driven Simulation and Training Environments
for Cybersecurity (MSTEC)
26-27 September, 2019 — Luxembourg
co-located with the The European Symposium on Research in Computer Security (ESORICS)


There will be common keynotes with the workshops IOSEC and FINSEC

Conference Program

08:30 – 08:45


08:45 – 10:00

Room: Diekirch

Chairs: Apostolos P. Fournaris & Sotiris Ioannidis

General Welcome IOSEC+MSTEC & Opening Keynote

Cybersecurity for the Protection of Critical Infrastructures

Prof. Vasilis Prevelakis

10:00 – 10:30

Coffee Break

10:30 – 12:00

Session 1: IOSEC (Web-based Attacks & Technologies)

Room: Diekirch

Chairs: Konstantinos Lampropoulos

Event-Based Remote Attacks in HTML5-Based Mobile Apps

Tuong Lau

Web Servers Protection Using Anomaly Detection for HTTP Requests

Paul Satmarean and Ciprian Oprisa

Secure Data Exchange for Computationally Constrained Devices

Vassilis Prevelakis, Mohammad Hamad, Jihane Najar and Ilias Spais

You Shall Not Register! Detecting Privacy Leaks across Registration Forms

Manolis Chatzimpyrros, Konstantinos Solomos and Sotiris Ioannidis

12:00 – 13:30

Lunch Break

13:30 – 14:45

Session 2: IOSEC (SME Security)

Room: Diekirch

Chairs: Vasilis Prevelakis

Horizontal Attacks against ECC: from Simulations to ASIC

Ievgen Kabin, Zoya Dyka, Dan Klann and Peter Langendoerfer

Deploying Fog-to-Cloud Towards a Security Architecture for Critical Infrastructure Scenarios

Sarang Kahvazadeh, Xavi Masip-Bruin, Pau Marcer and Eva Marín-Tordera

A comprehensive technical survey of contemporary cybersecurity products and solutions

Christos Tselios, George Tsolis and Manos Athanatos

CyberSure: A Framework for Liability Based Trust

George Christou, Eva Papadogiannaki, Michalis Diamantaris, Livia Torterolo and Panos Chatziadam

14:45 – 15:15

Coffee Break

15:15 – 16:45

Session 3: MSTEC (Introduction & Cyber Range Platforms)

Room: Diekirch

Chairs: Sotiris Ioannidis

The THREAT-ARREST Cyber-Security Training Platform

Othonas Soultatos, Konstantinos Fysarakis, George Spanoudakis, Hristo Koshutanski, Ernesto Damiani, Kristian Beckers, Dirk Wortmann, George Bravos, and Menelaos Ioannidis

An Open and Flexible CyberSecurity Training Laboratory in IT/OT Infrastructures

U.Morelli, L. Nicolodi, S.Ranise

Model-driven Cyber Range Training - The Cyber Security Assurance Perspective

Iason Somarakis, Michail Smyrlis, Konstantinos Fysarakis, and George Spanoudakis

A model-driven approach for cyber security scenarios deployment,

Chiara Braghin, Stelvio Cimato, Ernesto Damiani, Fulvio Frati, Lara Mauri, Elvinia Riccobene

17:00 – 20:30

Social Activity

20:30 – 22:00

Gala Dinner

9:00 – 10:30

Session 4: MSTEC (System Assurance & Training)

Room: Diekirch

Chairs: Sotiris Ioannidis

Towards the Insurance of Healthcare Systems

George Hatzivasilis, Panos Chatziadam, Andreas Miaoudakis, Eftychia Lakka, Alessia Alessio, Michail Smyrlis, George Spanoudakis, Artsiom Yautsiukhin, Michalis Antoniou, Nikos Stathiakis

Difficult XSS Code Patterns for Static Code Analysis Tools

Felix Schuckert, Basel Katt, Hanno Langweg

Secure Data Exchange for Computationally Constrained Devices

Vassilis Prevelakis, Mohammad Hamad, Jihane Najar and Ilias Spais

PROTECT — An Easy Configurable Serious Game to Train Employees Against Social Engineering

Ludger Goeke, Alejandro Quintanar, Kristian Beckers, Sebastian Pape

10:30 – 11:00

Coffee Break

11:00 – 12:00

Session 5: FINSEC (Introduction to the Workshop)

Room: Diekirch

Chairs: Habtamu Abie & Silvio Ranise

Cybersecurity for the Protection of Critical Infrastructures

Rocco Mammoliti, Poste Italiane

12:00 – 13:00

Lunch Break

13:00 – 15:00

Session 6: FINSEC (Identification, Mitigation, and Threats Mapping)

Room: Diekirch

Chairs: Silvio Ranise & Habtamu Abie

Bunkers: Jail application level firewall for the mitigation and identification of service takeover attacks on HardenedBSD

Alin-Adrian Anton and Razvan-Dorel Cioarga

A Language-Based Approach to Prevent DDoS Attacks in Distributed Financial Agent Systems

Elahe Fazeldehkordi, Olaf Owe and Toktam Ramezanifarkhani

Blockchain based Sharing of Security Information for Critical Infrastructures of the Finance Sector

Ioannis Karagiannis, Kostis Mavrogiannis, John Soldatos and Ariana Polyviou

dAPTaset: a Comprehensive Mapping of APT-related Data

Giuseppe Laurenza and Riccardo Lazzeretti

15:00 – 15:30

Coffee Break

15:30 – 17:00

Session 7: FINSEC (Preliminary Projects Results)

Room: Diekirch

Chairs: Luca Verderame & Silvio Ranise

Call for Papers

Important dates

  • Paper submission deadline: June 30, 2019 extended to July 12, 2019 (AoE, UTC-12)
  • Acceptance notification: June 30, 2019
  • Final paper due: August 31, 2019
  • Workshop: September 26-27, 2019


The 1st Model-driven Simulation and Training Environments for Cybersecurity (MSTEC) addresses recent advances in the field of cyber modeling and simulation. It is aimed at providing a forum of practitioners and researchers to discuss cyber modeling and simulation (M&S) as well as its application to the development of cyber-security training scenarios and courses of action (COAs). Specifically, it will focus on the verification and validation (V&V) process, which provides the operational community with confidence in knowing that cyber models represent the real world, and will discuss how defense training may benefit from cyber models. It will also investigate advances in emulators, simulators and their potential combination. The workshop papers are expected to take a holistic approach to the overall system assurance process, presenting advances in the simulation of people, policies, processes, and technologies currently available in the field. The workshop aims to connect the multiple threads that currently compose cyber modelling and simulation into a coherent view of what is usable in order to train experts and non-computer-savvy users toward and assured operation of critical systems. The workshop will precede the ESORICS 2019 conference.

MSTEC encourages systems security researchers to share early iterations of bleeding-edge ideas with the community, before they are further developed into full papers. Reciprocally, authors receive feedback to help steer and improve their research to its full potential.

Topics of Interest

We invite submissions of full research and survey papers as well as posters on related topics to cybersecurity, including but not limited to:

  • Cyber threat and training preparation models
  • Cyber models and training design
  • Cyber ranges for cybersecurity training and training facility
  • Training platforms and evaluation scenarios
  • On-line training procedures and courses of action (COAs)
  • Training adaptation and training for non-cybersecurity experts
  • Gamification and serious games
  • Modeling and simulation for cyber training (M&S)
  • Simulation and emulation of information systems, networks, and cyber attacks
  • Real-time monitoring and visualization
  • System assurance verification and validation (V&V)

In accordance with the spirit of MSTEC, we also seek:

  • Quantified or insightful experience with existing systems
  • Reproduction or refutation of previous results
  • Negative results and early ideas

Paper submissions

Submitted papers must not substantially overlap with papers that have been published or that are simultaneously submitted to a journal or a conference/workshop with proceedings. The symposium proceedings will be published by Springer in the Lecture Notes in Computer Science series (LNCS).

All submissions should follow the LNCS template (available from http://www.springer.de/comp/lncs/authors.html) from the time they are submitted. Submitted papers should be at most 16 pages (using 10-point font), excluding the bibliography and well-marked appendices, and at most 20 pages total. Committee members are not required to read the appendices, so the paper should be intelligible without them. All submissions must be written in English. Submissions are to be made to the submission web site. Only pdf files will be accepted. Submissions are not anonymous.

Submissions not meeting these guidelines risk rejection without consideration of their merits. Authors of accepted papers must agree with Springer LNCS copyright and guarantee that their papers will be presented at the conference.

Submission website: https://easychair.org/conferences/?conf=mstec2019.


Program Chair

General Chairs

Technical Chairs

  • George Hatzivasilis, FORTH, Greece
  • Fulvio Frati, University of Milan, Italy
  • Marinos Tsantekidis, Technical University of Braunschweig, Germany
  • Kostantinos Fysarakis, Sphynx Technology Solutions AG, Switzerland
  • Ludger Goeke, Social-Engineering Academy, Germany
  • Hristo Koshutanski, ATOS, Spain
  • George Leftheriotis, TUV Hellas, Greece
  • George Tsakirakis, ITML, Greece

Web Chairs