Philippe Letellier, Institut Mines-Telecom
Eric Diehl, Technicolor
Keynote Session (Room: B310)
9:00 - 10:00
Eric Freyssinet, Head of the cybercrime division, Judiciary pole of the
gendarmerie nationale Title: Today's challenges of cybercrime
Abstract
Cybercrime and IT related crime are no longer a question only for specialists,
they are a concern for the whole society. The formidable progress authorised
by digital technologies have also attracted the interest of a growing
number of criminals, mainly because there is a lot of money to make
from an ever increasing number of potential victims. The challenges are
mainly related with the strong involvement of organised crime in those
illegal activities but also with the enlargement of the attack surface
(more potential victims, more technologies). Many of those challenges are
related with the illegal access to personal and critical data. This situation
needs to be faced by a strong community, pulling together law enforcement,
IT specialists, IT security specialists, the industry and the research
community. The talk will try and identify those challenges of today, pinpoint
some of the scenarios that are developping today or will develop in the coming
months and years, and give a few ideas about possible progress. Bio
Lieutenant-colonel Eric Freyssinet, head of the cybercrime division, Gendarmerie nationale
Chairman of the Expert group on IT Crime - Europe of Interpol Education: Ecole Polytechnique (general engineering, X1992), Mastère spécialisé in
Network and IT security from Telecom ParisTech (2000), and currently PhD student at
University Paris 6 on the subject of the fight against botnets.
Break & Demonstrations (Room: Hall)
Session: Cyber Defense (Room: B310)
Chair: Louis Granboulan
10:30 - 12:00
Speakers:
David Bizeul, EADS Cassidian
Olivier Caleff, Devoteam
Yann Le Borgne, Sourcefire
Panel: Cyber Defense (Room: B310)
12:00 - 12:30
Participants:
EADS Cassidian
Devoteam
Sourcefire
Moderator: Louis Granboulan, EADS Cassidian
Lunch (Room: E200)
Afternoon
Keynote Session (Room: B310)
14:00 - 15:00
Ravi SANDHU, University of Texas at San Antonio Title : The Authorization Leap from Rights to Attributes: Maturation or Chaos?
Abstract
The ongoing authorization leap from rights to attributes offers
numerous compelling benefits. Decisions about user,
subject, object and context attributes can be made relatively
independently and with suitable decentralization appropriate
for each attribute. Policies can be formulated by security
architects to translate from attributes to rights. Dynamic elements
can be built into these policies so the outcomes of access
control decisions automatically adapt to changing local
and global circumstances. On the benefits side this leap is a
maturation of authorization matching the needs of emerging
cyber technologies and systems. On the risks side devolving
attribute management may lead to attributes of questionable
provenance and value, with attendant possibility
of new channels for social engineering and malware attacks.
We argue that the potential benefits will lead to pervasive
deployment of attribute-based access control (ABAC), and
more generally attribute-based security. The cyber security
research community has a responsibility to develop models,
theories and systems which enable safe and chaos-free deployment
of ABAC. This is the current grand challenge for
access control researchers. Bio
Ravi Sandhu is Executive Director of the Institute for Cyber Security
at the University of Texas at San Antonio, where he holds the Lutcher
Brown Endowed Chair in Cyber Security. Previously he was on the
faculty at George Mason University (1989-2007) and Ohio State
University (1982-1989). He holds BTech and MTech degrees from IIT
Bombay and Delhi, and MS and PhD degrees from Rutgers University. He
is a Fellow of IEEE, ACM and AAAS, and has received awards from IEEE,
ACM, NSA and NIST. A prolific and highly cited author, his research
has been funded by NSF, NSA, NIST, DARPA, AFOSR, ONR, AFRL and private
industry. His seminal papers on role-based access control established
it as the dominant form of access control in practical systems. His
numerous other models and mechanisms have also had considerable
real-world impact. He is Editor-in-Chief of the IEEE Transactions on
Dependable and Secure Computing, and founding General Chair of the ACM
Conference on Data and Application Security and Privacy. He
previously served as founding Editor-in-Chief of ACM Transactions on
Information and System Security and on the editorial board for IEEE
Internet Computing. He was Chairman of ACM SIGSAC, and founded the
ACM Conference on Computer and Communications Security and the ACM
Symposium on Access Control Models and Technologies and chaired their
Steering Committees for many years. He has served as General Chair,
Program Chair and Committee Member for numerous security conferences.
He has consulted for leading industry and government organizations,
and has lectured all over the world. He is an inventor on 25 security
technology patents. At the Institute for Cyber Security he leads
multiple teams conducting research on many aspects of cyber security
including secure information sharing, social computing security, cloud
computing security, secure data provenance and botnet analysis and
detection, in collaboration with researchers all across the world. Home page
His web site is at www.profsandhu.com.
Session: Innovation & SME (Room: B310)
Chair: Philippe Letellier
15:00 - 16:30
Speakers:
Stéphane Morocci, SWID
Philippe Nguyen, Secure-IC
Rikke Kuipers, Codenomicon
Mark Noctor, Arxan
Philippe Letellier, ITEA
DGCIS (TBC)
Break & Demonstrations (Room: Hall)
Panel: Which business on security for SMEs? (Room: B310)
Josep Domingo-Ferrer, Universitat Rovira i Virgili Rational Co-operation for Privacy, Security and Functionality in the Information Society
Break (Room: B316)
Parallel sessions
Privacy (Room: B310)
Chair: Carlisle Adams
Trust (Room: B312)
Chair: Jennifer Golbeck
10:30 - 12:30
Privacy Session 1
Alexandre Viejo, Jordi Castellà-Roca, Oriol Bernadó and Josep M. Mateo-Sanz. Single-Party Private Web Search
Gianpiero Costantino, Fabio Martinelli, Paolo Santi and Dario Amoruso. An Implementation of Secure Two-Party Computation for Smartphones with Application to Privacy-Preserving Interest-Cast
Marian Harbach, Sascha Fahl, Michael Brenner, Thomas Muders and Matthew Smith. Towards Privacy-Preserving Access Control with Hidden Policies, Hidden Credentials and Hidden Decisions
Arun Prakash Kumara Krishnan and Bon Sy. SIPPA-2.0 - Secure Information Processing with Privacy Assurance (version 2.0)
Trust Session 1
Mehrdad Nojoumian and Douglas R. Stinson. Social Secret Sharing in Cloud Computing Using a New Trust Function
Huiying Duan and Peng Yang. Building Robust Reputation Systems for Travel-related Services
Kasper Lindberg and Christian Damsgaard Jensen. Collaborative Trust Evaluation for Wiki Security
Johannes Viehmann. The Theory of Creating Trust with a Set of Mistrust-Parties
Lunch (Room: E200)
Afternoon
Parallel sessions
Security (Room: B310)
Chair: Ali Ghorbani
Trust (Room: B312)
Chair: Samiha Ayed
14:00 - 16:00
Security Session 1
Kami Vaniea, Lujo Bauer, Lorrie Faith Cranor and Mike Reiter. Out of sight, out of mind: Effects of displaying access-control information near the item it controls
Shushan Zhao, Robert Ken and Akshai Aggarwal. An Integrated Key Management and Secure Routing Framework for Mobile Ad-hoc Networks
Florian Schmitt, Jan Gassen and Elmar Gerhards-Padilla. PDF Scrutinizer: Detecting JavaScript-based Attacks in PDF Documents
Yusuke Takamatsu, Yuji Kosuga and Kono Kenji. Automated Detection of Session Management Vulnerabilities in Web Applications
Trust Session 2 (short papers)
Anirban Basu, Natasha Dwyer and Stephen Naicken. A concordance framework for building trust evidences
Jennifer Golbeck, Hal Warren and Eva Winer. Making Trusted Attribute Assertions Online with the Publish Trust Framework
Cody Buntain, Jennifer Golbeck, Dana Nau and Sarit Kraus. Advice and Trust in Games of Choice
Mark Vinkovits. Towards Requirements for Trust Management (Position paper)
Break (Room: B316)
Parallel sessions
Short papers 1 (Room: B310)
Chair: Joaquin Garcia-Alfaro
Short papers 2 (Room: B312)
Chair: Béchir Ktari
16:30 - 17:40
Short papers 1
Muyiwa Olurin, Carlisle Adams and Luigi Logrippo. Platform for Privacy Preferences: Description, Current Status, and Future Directions (Position paper)
Manuel Lafond, Pierre-Olivier Brosseau and Esma Aimeur. Privacy Invasion in Business Environments
Ali Noman and Carlisle Adams. DLAS: Data Location Assurance Service for Cloud Computing Environments
Short papers 2
Ivan Studnia, Vincent Nicomette, Mohamed Kaâniche and Eric Alata. A distributed platform of high interaction honeypots and experimental results
Said Marouf, Mohamed Shehab and Adharsh Desikan. REM: A Runtime Browser Extension Manager with Fine-Grained Access Control
Julien Bringer, Herve Chabanne and Olivier Cipière. Combining the Setbase Approach with Negative Databases (Position paper)
19:30
Gala dinner
Day 3: July 18th
Morning
Keynote Session (Room: B310)
Chair: Nora Cuppens
9:00 - 10:00
Luigi Logrippo, University of Ottawa Conformance to legal requirements: The last frontier for privacy research
Break (Room: B316)
Parallel sessions
Privacy (Room: B310)
Chair: Esma Aimeur
Security (Room: B312)
Chair: Philip Fong
10:30 - 12:30
Privacy Session 2
Aditi Ramachandran, Lisa Singh, Edward Porter and Frank Nagle. Exploring Re-identification Risks in Public Domains
Denzil Correa, Ashish Sureka and Raghav Sethi. Preserving WhACKy! - What Anyone Could Know About You from Twitter
Francesco Buccafurri, Lidia Fotia and Gianluca Lax. Privacy-Preserving Resource Evaluation in Social Networks
Benjamin Nguyen, Nicolas Anciaux and Michalis Vazirgiannis. Limiting Data Collection in Application Forms: A real-case application of a Founding Privacy Principle
Security Session 2
Hanine Tout, Azzam Mourad, Hamdi Yahyaoui and Chamseddine Talhi. Towards a BPEL Model-Driven Approach for Web Services Security
Daniel Leblanc and Robert Biddle. Risk Perception of Internet-Related Activities
Jaehong Park, Dang Nguyen and Ravi Sandhu. A Provenance-based Access Control Model
Liang Chen, Jason Crampton, Martin J. Kollingbaum and Timothy J. Norman. Obligations in Risk-Aware Access Control
Lunch (Room: E200)
Afternoon
Parallel sessions
Privacy (Room: B310)
Chair: Ana Cavalli
Trust (Room: B312)
Chair: Christian Damsgaard Jensen
14:00 - 15:30
Privacy Session 3
Yasser Jafer, Herna Viktor and Eric Paquet. Aggregation and Privacy in Multi-Relational Databases
Slim Trabelsi and Jakub Sendor. Sticky Policies for Data Control in the Cloud
Fatema Rashid, Ali Miri and Isaac Woungang. A Secure Data Deduplication Framework for Cloud Environments
Trust Session 3
Ayman Tajeddine, Ali Chehab and Ayman Kayssi. CENTER: A Centralized Trust-Based Efficient Routing Protocol for Wireless Sensor Networks
Audun Josang, Kent A. Varmedal, Christophe Rosenberger and Rajendra Kumar. Service Provider Authentication Assurance
Jonathan Lung. Ethical and Legal Considerations of reCAPTCHA
