Eighth Annual Conference
on Privacy, Security and Trust
Call for Workshop and Tutorial Proposals
International Conference on Privacy, Security and Trust (PST)
August 17-19, 2010
Workshops and Tutorials: August 17, 2010
The PST2010 International Conference on Privacy, Security and Trust (PST) is being held in Ottawa, Ontario, Canada, August 17-19, 2010. PST2010 is the eighth such annual conference focusing on PST technologies. PST2010 provides a forum for researchers world-wide to unveil their latest work in privacy, security and trust and to show how this research can be used to enable innovation.
Proposals are solicited for workshops or tutorial sessions to be held on August 17th, 2010 on topics related to the major themes of the conference: privacy, security, trust. Detailed descriptions of each theme can be found at http://www.unb.ca/pstnet/pst2010/
Tutorial/workshops attendance is included in the general conference registration, so proposals should be targeted for a general audience. The preferred format is a half day session for the morning or afternoon.
Workshops are intended is to provide a platform for presenting ideas in a less formal and possibly more focused way than the conference itself. They should allow members of the community to interact and discuss approaches, methods, and concepts about specific topics. They should offer a good opportunity for researchers to present their initial work and to obtain feedback from an interested community. Workshop organizers are responsible for establishing a program committee, collecting and evaluating submissions, notifying authors of acceptance or rejection in due time, and ensuring a transparent and fair selection process, organizing selected papers into sessions, and assigning session chairs.
Tutorials should provide participants with information and instruction on well-established or new cutting-edge topics or tools (including technology demonstrations), relevant to the conference themes. Introductory to advanced tutorial sessions are welcome. They are intended to offer participants an opportunity to learn about new research or applications, to get an introduction to important established topics or tools, or to develop higher skill levels in areas in which they are already knowledgeable.
Any person interested in developing a workshop or tutorial is invited to submit their proposals to the workshop/tutorial chair.
Proposals to organise workshops should include the following information:
- Title of the workshop.
- Name, affiliation, and contact information of the primary organizers.
- Names of the PC members with their affiliations.
- Proposed duration.
- A theme and a short description of the workshop goals.
- A brief introduction of the proposer, explaining his/her qualifications.
Proposals to organise tutorials should include the following information:
- Title of the tutorial
- Indication of the proposed length of the tutorial
- A short description of the tutorial.
- Identification of the tutorial level: introductory, intermediate or advanced.
- Detailed outline for the tutorial.
- Intended audience.
- A brief description of the instructor of the tutorial, including contact information (mailing address, email, fax) and the relevant qualifications and teaching experience.
Important Dates for Workshops/Tutorials
April 3, 2010: Workshop/Tutorial proposal submission due.
April 20, 2010: Feedback provided to the workshop/tutorial proposals.
June 26, 2010: Final manuscript, author and tutorial attendee pre-registration due.
August 17, 2010: Workshops and Tutorials
Natalia Stakhanova, University of New Brunswick, Canada
PST2010 Workshops and Tutorials
Biometrics: Enhancing Privacy, Security and Trust through Privacy by Design
Biometric technologies are beginning to hit the mainstream, touted as ideal for enhancing identity authentication, access controls and fraud detection. Ironically, however, the same technologies that can enhance trust can also undermine it when deployed improperly. Biometric data are exceedingly personal data: unique and permanent identifiers that can serve as both usernames and passwords. As this personal data is collected, used, retained and shared across networked environments by more and more actors for more purposes, how will the security threats that undermine the reliability of biometric systems be overcome? Equally significant, how will individual privacy be assured? Specific privacy concerns include function creep, expanded surveillance, tracking, profiling and potential discrimination, data misuse, the negative personal impacts of false matches, non-matches, system errors, and failure, and of insufficient oversight, openness and accountability in biometric data systems, as well as the potential for collection and use of biometric data without individual knowledge, consent, or control. All of these privacy risks can undermine user confidence, which can lead to a lack of acceptance and trust in biometric systems. Is there a positive-sum way out? The workshop panel will explore current issues and trends in biometrics research and deployment. One of the themes will be a novel application of face recognition for the OLG self-exclusion program.
Office of the Information and Privacy Commissioner of Ontario
Moderator: Commissioner Ann Cavoukian, Ph.D.
1. Regulator – Ontario Privacy Commissioner Ann Cavoukian, Ph.D.
(with assistance from Alex Stoianov, Ph.D.)
2. Government/Academic – Len Goodman, Ph.D. (DRDC)
3. Government (Crown Corporation) – Les DeSouza (OLGC)
4. Industry – Soren Frederiksen (iView)
5. Industry/Academe: Karl Martin, Ph.D. (KMKP Engineering/University of Toronto)
Fred Carter, Senior Policy & Technology Advisor
Office of the Information & Privacy Commissioner of Ontario
2 Bloor St. East, Suite 1400 Toronto, ON M4W 1A8 CANADA
Phone: +1.416.326.8742 | firstname.lastname@example.org
The recent growth of botnet activity in cyberspace has attracted in a significant way the attention of the research community. Botnets have become one of the biggest security threats, responsible for a large volume of malicious activities from distributed-denial-of-service (DDoS) attacks to spamming and phishing.
This tutorial will introduce the notion of botnet and trace the typical lifecycle of a botnet. It will discuss the types of attacks performed by botnets and potential damage they can cause. The tutorial will also walk the participants through a process of creating a real botnet.
The tutorial is targeted toward general audience interested in botnet threat. Audience is generally not required to have any background in botnet; however, it is expected to be familiar with the basic terms used in computer security.
Detailed outline of the presentation:
- What is Botnet?
- Brief overview of terminology (bot, zombie, communication channel, etc.)
- How bots are installed and operate.
- Botnet topologies
- Cover-up techniques (fast flux, encryption)
- What does a botnet do?
- Type of attacks
- Beyond theory: how to make your own botnet.
A brief description of the instructor(s)
Ali Shiravi is a Ph.D. candidate at the University of New Brunswick, Faculty of Computer Science. He has started his PhD studies since September 2008. He is currently conducting research specifically in the area of Botnet defence and network security visualization.
Natalia Stakhanova is a Research Scientist at the Information Security Center of Excellence (www.ISCX.ca), Faculty of Computer Science, University of New Brunswick. She received her Ph.D. degree in Computer Science from Iowa State University, USA. She has extensive research experience in intrusion detection and general information security field. Natalia has published over 10 journal and conference papers and has been the recipient of the “Nokia Best Student Paper Award” at The IEEE International Conference on Advanced Information Networking and Applications (AINA) in 2007. She has two pending patents in the field of computer security.
Hanli REN is a M.S. candidate at the Information Security Center of Excellence
(www.ISCX.ca), Faculty of Computer Science, University of New Brunswick. She received her B.Sc. degree in Electronic Engineering from Shanghai Jiaotong University. She worked with Alcatel Shanghai Bell Co., Ltd as a Software Engineer. Her current research focuses on Alert correlation and Simulation of Network Attacks.
Introduction to Usable Security
This tutorial consists of two sections: a general overview of usable security and an introduction to human-computer interaction methodologies for evaluating usability and practical security.
Part 1 covers an overview of Usable Security, presents relevant design principles, highlights areas where Usable Security differs from standard human-computer interaction, and discusses active research areas.
Part 2 includes heuristic evaluations, cognitive walkthroughs, and different types of user studies. Discussion of user studies will include defining the experimental protocol and tasks, performing usability and statistical analysis, conducting practical security analysis, and getting ethics approval for the study.
Intended audience: Security researchers, students, practitioners
Brief description of the instructor:
Sonia Chiasson is an NSERC ISSNet Post Doctoral Fellow in the School of Computer Science at Carleton University in Ottawa, Canada. Her interdisciplinary research in human-computer interaction and computer security utilizes user-centered approaches to design, formal human-subject experiments, and both quantitative and qualitative data analysis to evaluate usability as well as theoretical and practical security of proposed systems. Her co-authored paper reporting on lab and field studies of an authentication scheme received the Best Paper award at the 2006 Symposium on Usable Privacy and
Security (SOUPS). Sonia was a full-time Computer Science instructor at the University of Saskatchewan for 4 years. She cotaught a full-day tutorial in usable security at the 2009 NSERC ISSNet Summer School and is co-chairing the Usable Security Experiment Reports (USER) Workshop at SOUPS in July 2010.
Tentative detailed outline:
The outline that follows lists the topics that will be covered during the tutorial. Interactive activities/exercises will be included throughout to illustrate concepts and practice new skills.
- Part 1:
- What is usable security?
- Factors that make usable security different from regular usability
- Approaches to usable security
- Design guidelines
- Research areas
- Part 2:
- Key HCI concepts
- HCI evaluation methodologies
- Types of user studies
- Selecting appropriate methodology
- Developing the experimental protocol
- Pilot testing/running the study
- Usability and statistical analysis
- Practical security analysis
- Getting ethics/IRB approval
Dr. Sonia Chiasson
School of Computer Science
Dwindling Consumer Trust in Online Transactions – Causation, Implications and Treatment.
Indication of the proposed length of the tutorial
Three Hours (3 hrs) 40 Minutes for each session with 20 minutes for questioning.
A Short Description Of The Tutorial. The financial crisis and the attendant economic downturn have far reaching impact on the developed and developing nations. Reduction in product exports, failed banks, fall in foreign direct and indirect investment and development assistance are notable consequences from the crisis. According to Okonjo (2009), although the developed world has deep pockets and were able to reach into their pockets for massive fiscal stimulus, developing countries do not have resources to counteract the effects of the crisis. Cybercriminals, all over the world have increased their activity in reaction to the global economic crisis and has reached levels not seen since 2006. Online crime is now being committed every 10 seconds. Andy (2008) opined newly unemployed skilled tech workers, especially those with system security and IT expertise are turning to computer theft and the exploitation of sensitive data to defraud consumer around the banking meltdown. Unfortunately, this trend is having tremendous impacts on consumer trust in online transactioons. Account takeover fraud, where a cybercriminal gains access to a bank account either as the result of phishing or banking Trojans, has risen by 207 percent (Garlik,2009). The research questions that emanates and to which the workshop will proffer answers are:
- (1) Is poverty and unemployment a driving force behind cyber crime in developed and developing countries
- (2) What factors account for success in social engineering attacks through scamming and phishing websites on citizens in these nations.
- (3) What are the current trends and techniques employed by cyber criminals to commit these crimes?
- (4) What are the immediate and long term implications of these criminal activities on consumer trust in online transactions
- (5) Are current policies, laws and technologies employed to fight these crimes effective?
Identification Of The Tutorial Level: Introductory, Intermediate Or Advanced.
The Tutorial serves the 3 purposes - introductory, intermediate or advanced
Detailed Outline For The Tutorial.
We intend to approach this problem using a multidisciplinary approach involving criminal justice, Information technology/Information systems/computer science and public policy. The sessions will provide opportunity for us to brainstorm on the subject matter and come up with ideas on causation and treatment. The intention is to come up with models and the theories that address the issue of consumer trust in online transactions as well as work on how these theories can be merged to form a multidisciplinary chunk that can be applied to mitigating the cyber crime problem. We expect to have three sessions designed to provide opportunity for researchers and scientists to address crime theories, trust models and public policy thoughts and their application to cybercrime.
- Session 1:
Classical, Social Process, Integrated Crime Theories & their Application to Cybercrime Rational Choice Theory, General Deterrence Theory, Routine Activities Theory, Social Control Theories, Social Learning Theories, Label Theory, and Differential Enforcement Theory. Poverty and crime, Subculture theory Strength theory etc.
- Session 2:
Computing and Information Security Models In the Age of Cyber Crime – Theories behind Trust Models, Technology Acceptance (TAM Model), Cyber Security Theories, Web technology/interface design theories, Spamming and Phishing etc
- Session 3: IT Policies, Legislation and Cyber Crime - New Wine in Old Bottles – Public Policy on technology usage, Consumer trust and security Policies, Security and user protection policies. IT Polices and Internet intermediaries. Policy issues as it relates to cross-boundary problems. Findings & Recommendations For Future Policy Research. We expect that our findings will promote and encourage multidisciplinary research in the subject area. We also hope to be able to make recommendations for future policy research based on the interactions and findings from the sessions.
Intended Audience. Academia, Practitioners, Students,
A Brief Description Of The Instructors
Olumide Babatope Longe (PhD) is on faculty at the Department of Computer Science, University of Ibadan, Ibadan, Nigeria. He holds a National Diploma in Electronics Engineering from the Federal polytechnic, Ado Ekiti, Nigeria, a B.Sc. in Computer Science from the University of Benin, Benin City, Nigeria, a Master of Technology Degree in Computer Science from the Federal university of Technology, Akure and a PhD in computer Science from the University of Benin City, Nigeria which focused on cybercrime prevention and control. His scholarly publications, over 50 in number, has appeared and has been quoted in reputable peer-refereed Journals, conference proceedings, Newsletters and edited books. Longe is a recipient of the prestigious John D. and Catherine T. MacArthur fellowship for Staff Development & Training at the University of Ibadan. He Heads the Cybercrime Institute of the International Center for Information Technology and Development (ICITD) Southern University and A & M College, Baton Rouge, Louisiana, USA. He is a member of the IEEE, ACM, ISOC. He is actively researching into cybercrime causation, information security models and social theories with several publications in view. He can be reached at email@example.com, firstname.lastname@example.org, email@example.com +2348024071175
Richard Boateng, (PhD) . is the Director of Research and Operations at the International Center for Information Technology and Development at the College of Business, Southern University. Richard’s research interests embrace topics including e-learning; ICTs for development; and Multimedia technologies in resource poor environments. Richard has worked as a multimedia technologist and behavioral consultant for West African Project to Combat AIDS, (WAPTCAS) –A CIDA funded HIV/AIDs project, Ghana. He led a team of information technology and health professionals from diverse backgrounds to design and produce educational videos on fifteen health topics including HIV/AIDS in English and four local languages. Dr. Boateng also won a British Petroleum Dorothy Hodgkin’s award of £36,000 to examine the role and value of electronic commerce in resource-poor environments. Findings of this research has been published in 10 conference proceedings, books and journals including Internet Research, Development and Learning in Organizations, Journal of African Business, Journal of Internet Banking and Commerce, Information Development, and the Electronic Journal of Information Systems in Developing Countries. The broader impact of this project has been a development of a gender mentoring and development project, Ewuraba.com, which gives Professional African women the opportunity to share their profiles, creative ventures, business, talents and skills with other women and the world. Richard is also an editor of the African Journal of Information Systems and Conference planning chair of the International Conference of Information Technology and Development (www.ictforafrica.org). He can be reached at firstname.lastname@example.org, email@example.com, firstname.lastname@example.org +12254089618
Chanika Jones, (PhD) is on faculty in the Nelson Mandela School of Public Policy and Urban Affairs at Southern University and A&M College and is currently serving as chair for the Department of Criminal Justice. She holds a B.A. in General Studies with minors in Geography, Sociology, and African/African-American Studies, M.A. in Liberal Arts with a concentration in African/African- American Studies, and M.A. and PhD in Sociology/Criminology, all from Louisiana State University. She is an active member of the Academy of Criminal Justice Sciences (ACJS), American Society for Criminology (ASC), African Criminology & Justice Association (ACJA), and the Mid-South Sociological Association (MSSA). Dr. Jones has served as session organizer, presenter, discussant and participant at several professional meetings and conferences, as well as editor for academic journals in her field of study. Dr. Jones’ research interests are centered on African Diaspora Studies, labor market conditions as predictors for crime, the impact of social constructs on arrests, sentencing, and treatment of offenders, and more recently, Health Information Technology (HIT) in Correctional Facilities and rural and/or developing areas, and Sociological theories in the contexts of Information Technology (IT) applications. Dr. Jones has an active research agenda, with several research projects and publications underway in the following areas; cyber crime, crime severity index reporting, funding disparities for correctional facilities, and the impact of ICT’s on the Criminal Justice System. She can be reached at email@example.com +12257193648