10th Information Security Practice & Experience Conference   

5-8 May 2014, Fuzhou, China   


Access Control in and Around the Browser

     We conduct an analysis of access control mechanisms in the browser and note that support for mashups and defences against cross- site scripting attacks are both moving from ad-hoc measures towards solutions where the browser enforces access control policies obtained from a host (CORS and CSP respectively). We also point out the degree of trust these solutions have to take for granted.

     Prof. Dieter Gollmann received his Dipl.-Ing. in Engineering Mathematics (1979) and Dr.tech. (1984) from the University of Linz, Austria, where he was a research assistant in the Department for System Science.

He was a Lecturer in Computer Science at Royal Holloway, University of London, and later a scientific assistant at the University of Karlsruhe, Germany, where he was awarded the 'venia legendi' for Computer Science in 1991. He rejoined Royal Holloway in 1990, where he was the first Course Director of the MSc in Information Security. He moved to Microsoft Research in Cambridge in 1998. In 2003, he took the chair for Security in Distributed Applications at Hamburg University of Technology, Germany.

Dieter Gollmann is an editor-in-chief of the International Journal of Information Security and an associate editor of the IEEE Security & Privacy Magazine. His textbook on 'Computer Security' has appeared in its third edition.

Improving Thomlinson-Walker’s Software Patching Scheme Using Standard Cryptographic and Statistical Tools

     This talk will illustrate how standard cryptographic techniques can be applied to real- life security products and services. This article presents in detail one of the examples given in the talk. It is intended to help the audience follow that part of our presentation. We chose as a characteristic example a little noticed yet ingenious Microsoft patent by Thomlinson and Walker. The Thomlinson-Walker system distributes encrypted patches to avoid reverse engineering by op- ponents (who would then be able to launch attacks on unpatched users). When the proportion of users who downloaded the encrypted patch becomes big enough, the decryption key is disclosed and all users install the patch.

     David Naccache is a member of the ENS's cryptography group and a professor at the University of Paris II. Before joining academia David managed Gemplus' Applied Research & Security Centre (over 100 researchers). He holds 140 patent families, published more than 120 scientific papers and served in more than 80 programme committees, all in cryptography and security. He is a Forensic Scientist by the Court of Appeal Paris. His interests are embedded electronics, cryptography and security.

Enhanced Certificate Transparency and End-to-end Encrypted Mail

     The certificate authority model for authenticating public keys of websites has been attacked in recent years, and several proposals have been made to reinforce it. We develop and extend such a proposal, called "certificate transparency", so that it efficiently handles certificate revocation. We show how this extension can be used to build a secure end-to-end email or messaging system using PKI with no requirement to trust certificate authorities, or to rely on complex peer-to-peer key-signing arrangements such as PGP. This makes end-to-end encrypted mail possible, with apparently few additional usability issues compared to unencrypted mail (specifically, users do not need to understand or concern themselves with keys or certificates). Underlying these ideas is a new attacker model appropriate for cloud computing, which we call "malicious-but-cautious:.

     Mark Ryan is Professor of Computer Security at the University of Birmingham, and director of the GCHQ Academic Centre of Excellence in Cybersecurity Research at Birmingham. He leads the computer security research group in Birmingham, and is an EPSRC Leadership Fellow (2010-2015). He has worked in protocol verification analysis, electronic voting, access control, cloud computing security, verification of the trusted platform module (TPM), privacy analysis, and process calculus. In 2008 Mark spent seven months at Hewlett Packard, on a secondment from the University funded by the Royal Academy of Engineering. Mark currently holds research grants valued at £2.5 million, from the UK EPSRC, the EU and from industry.

Preserving Receiver-Location Privacy in WSNs

     The unattended nature of Wireless Sensor Networks (WSNs) together with the hardware limitation of sensor nodes make them susceptible to various types of attacks. Since the base station is the destination of all communications, the most rewarding attack is to compromise or destroy this critical device. This talk discusses the importance of receiver-location privacy for the survivability of the network, illustrating the particular features that originate the problem and the strategies followed by a typical adversary. A solution will be presented that is capable of thwarting the most common attacks with a computationally lightweight mechanism. However, the success of this solution is dependent on whether the adversary is capable of capturing and analysing the contents of a subset of sensor nodes. Then, we will explore some intuitive solutions that fail to provide sufficient protection against such adversaries and finally introduce an evolutionary algorithm that provides some means of protection at the expense of increased overhead. The talk will conclude by presenting some open issues.

     Prof. Javier Lopez is Full Professor and Head of the Computer Science Department at the University of Malaga. His research activities are mainly focused on network security, security protocols and critical information infrastructures, leading a number of national and international research projects in those areas, including projects in FP5, FP6 and FP7 European Programmes. Prof. Lopez is the Spanish representative in the IFIP Technical Committee 11 on Security and Protection in Information Systems, as well as the Spanish coordinator of ISO/IEC JTC1/SC27 WG5 on Identity management and privacy technologies.

He is Co-Editor in Chief of International Journal of Information Security (IJIS), and a member of the Editorial Boards of, amongst others, IEEE Wireless Communications, Computers & Security, IEEE Internet of Things Journal, Journal of Computer Security, IET Information Security, and International Journal on Critical Infrastructure Protection. In the past, he was Chair of the IFIP Working Group 11.11 on Trust Management and Chair of the ERCIM Working Group on Security and Trust Management.

Data Security and Privacy in the Cloud

     The rapid advancements in Information and Communication Technologies (ICTs) have enabled the emerging of the "cloud" as a successful paradigm for conveniently storing, accessing, processing, and sharing information. With its significant benefits of scalability and elasticity, the cloud paradigm has appealed companies and users, which are more and more resorting to the multitude of available providers for storing and processing data. Unfortunately, such a convenience comes at a price of loss of control over these data and consequent new security threats that can limit the potential widespread adoption and acceptance of the cloud computing paradigm. In this talk I will illustrate some security and privacy issues arising in the cloud scenario, focusing in particular on the problem of guaranteeing confidentiality and integrity of data stored or processed by external providers.

     Pierangela Samarati is a Professor at the Department of Computer Science of the Università degli Studi di Milano. Her main research interests are: data security and privacy; access control policies, models and systems; information system security; and information protection in general. She has participated in several projects involving different aspects of information protection. On these topics she has published more than 230 peer-reviewed articles in international journals, conference proceedings, and book chapters. She has been Computer Scientist in the Computer Science Laboratory at SRI, CA (USA). She has been a visiting researcher at the Computer Science Department of Stanford University, CA (USA), and at the Center Center for Secure Information System of George Mason University, VA (USA). She is the chair of the IEEE Systems Council Technical Committee on Security and Privacy in Complex Information Systems (TCSPCIS), of the Steering Committees of the European Symposium on Research in Computer Security (ESORICS), and of the ACM Workshop on Privacy in the Electronic Society (WPES). She is member of several steering committees. She is ACM Distinguished Scientist (named 2009) and IEEE Fellow (named 2012). She has been awarded the IFIP TC11 Kristian Beckman award (2008) and the IFIP WG 11.3 Outstanding Research Contributions Award (2012)

Classifying Big Internet Traffic Data

     With the arrival of Big Data Era, properly utilizing the power of big data is becoming essential for the strength and competitiveness of businesses and organizations. We are facing grand challenges from big data from different perspectives, such as processing, communication, security, and privacy. In this talk, we will look at the big data problems from a unique perspective from the network level. We will discuss the challenges in classifying big network traffic data and our solutions to the challenges. The significance of the research lies in the fact that the exponentially increasing Internet traffic has become an extremely difficult big data analytic problem. In this talk, we propose a series of novel approaches for traffic classification, which can improve the classification performance effectively by incorporating correlated information into the classification process. We analyze the new classification approaches and their performance benefit from both theoretical and empirical perspectives.

     Professor Yang Xiang received his PhD in Computer Science from Deakin University, Australia. He is currently a full professor at School of Information Technology, Deakin University. He is the Director of the Network Security and Computing Lab (NSCLab). His research interests include network and system security, distributed systems, and networking. In particular, he is currently leading his team developing active defense systems against large-scale distributed network attacks. He is the Chief Investigator of several projects in network and system security, funded by the Australian Research Council (ARC). He has published more than 150 research papers in many international journals and conferences, such as IEEE Transactions on Computers, IEEE Transactions on Parallel and Distributed Systems, IEEE Transactions on Information Security and Forensics, and IEEE Journal on Selected Areas in Communications. Two of his papers were selected as the featured articles in the April 2009 and the July 2013 issues of IEEE Transactions on Parallel and Distributed Systems. He has published two books, Software Similarity and Classification (Springer) and Dynamic and Advanced Data Mining for Progressing Technological Development (IGI-Global). He has served as the Program/General Chair for many international conferences such as ICA3PP 12/11, IEEE/IFIP EUC 11, IEEE TrustCom 13/11, IEEE HPCC 10/09, IEEE ICPADS 08, NSS 11/10/09/08/07. He has been the PC member for more than 60 international conferences in distributed systems, networking, and security. He serves as the Associate Editor of IEEE Transactions on Computers, IEEE Transactions on Parallel and Distributed Systems, Security and Communication Networks (Wiley), and the Editor of Journal of Network and Computer Applications. He is the Coordinator, Asia for IEEE Computer Society Technical Committee on Distributed Processing (TCDP). He is a Senior Member of the IEEE.

Forbidden City Model – towards an efficient framework for designing secure electronic identity documents

     Designing protocols for an interaction with electronic identity documents is a challenging task even for relatively simple application scenarios. The usual approach is to design a protocol having in mind some simple attack scenarios. This produces clean designs and clean security proofs, but a rich variety of potential security problems might be ignored. This is a severe problem, since a replacement of flawed ID documents is a desperate step with extremely high overall costs.

Over the past years the development in this area was a sequence of steps: many protocols have been proposed, but quite frequently they are broken not by showing flaws in the security proofs but by presenting realistic attack situations not covered by the original security model. In many cases the security requirements have been refined.

The resulting situation is an abundance of models, which are less and less intuitive, hard to compare and to understand. Seemingly, only a handful of people really keeps track on the situation. Due to many reasons this may lead to design errors and exclude an effective reviewing process by the research community. Moreover, a majority of models ignores the fact that executing a protocol with a smart card is not really a two party protocol; in particular, the interaction between diverse components of the card has to be taken into account.

Our goal is to provide a simple and intuitive model that would help us to capture the key properties of real world architectures and attack scenarios. Moreover, in order to save the work it should be easy to refine the model in order to express the emerging threat scenarios. The main idea is to describe the architecture of the system in the way that resembles the courts of the Emperor's Palace in the ancient China. There are many internal courts and strict rules how to cross the boundaries between these separate areas. In some sense, a good cryptographic smart card is designed in the same way: there are strict limitations for interaction between diverse components of a smart card and the outside world and the components are encapsulated like in the Emperor's Palace. Moreover, the interactions in the outside world can be defined in the same way - with a number of Palaces modeling security areas.

The modular architecture of the model and the possibility to treat the components one by one make may reduce the burden of creating a security proof and make the proof transparent to a laymen. So the system engineers get a real opportunity to provide a valuable security feedback. It is hardly possible for the classical models, which are on a high level of abstraction accessible for nobody but a group of cryptographers.

     Miroslaw Kutylowski is a full professor at Wroclaw University of Technology in south-west Poland. He is also a member of Scientific Board of Institute of Computer Science, Wroclaw University of Technology. In 2012 he was elected to the Central Committee for Academic Degrees and Titles in Poland, where he is responsible for computer science.

In the past he was awarded Alexander-von-Humboldt Fellowship. During his academic career he spent many years at Technical University of Darmstadt and Heinz Nixdorf Institute at Paderborn University. Since 2000 he holds a position at Faculty of Fundamental Problems of Technology at Wroclaw University of Technology, where he established a research group working on distributed algorithms, privacy, security and cryptography. Recently he was awarded by a MISTRZ Prize by Foundation for Polish Science and IBM Faculty Award for achievements in cyber security.

Particular recent research interests of Prof. Kutylowski in the field of security are anonymous communication protocols, e-voting, and protocols for personal identity documents as well as legal issues of security in information and communication technology. Recently, he was involved deeply in the legal and technical part of e-voting and e-court projects in Poland. In his team he pursues the goal of developing a new generation of authentication and signature systems based on electronic identity documents.