Monday 27th of June

    9-9:15 Welcome

 

    9:15-10:30 Invited talk

            A Non-Standard for Trust

  Steve Marsh, Communications Research Centre, Ottawa (Canada)


Abstract

More and more, our technological use is moving out of the office and classroom and onto the street.Mobile technologies are used for any number of purposes, with and without forethought. This, their vast range of users, and the ubiquity or technology extending to 'Internet of Things' can be recognised as an area of concern related to topics as diverse as privacy, social mobility, crime, information security, and social disruption.

 

The main problem related to security (importantly, of device, information, and person) is the inherent situatedness of the device, the fact that unique relationships exist between environment, device, and user, and that new and unforeseen contexts appear every day. More traditional security and trust models are inadequate to handle this plethora of context. Moreover, the imposition of standard models of trust and security on unique individuals is a problem for gaining acceptance (and ironically, trust).

 

This talk will explore the situatedness of mobile device usage, the uniqueness of individual device-user relationships, and how we can leverage these to create a non-standard, 'trust in the foreground' paradigm to 'advise, encourage, and warn' the humans in the loop of the Internet of Things and People. Relevant current work, such as Device Comfort and trust-enablement, will be examined.


    11:00-12:30. Architectures and Protocols

 

    A Proof-Carrying File System with Revocable and Use-Once Certificates

    Jamie Morgenstern, Deepak Garg and Frank Pfenning

 

    Secure architecure for the integration of RFID and sensors in personal area Networks

    Pablo Najera, Rodrigo Roman and Javier Lopez

 

    The Fairness Requirement for Non-repudiation Protocols

    Wojciech Jamroga, Sjouke Mauw and Matthijs Melissen

 

    14:00 - 15:30 Integrating Trust

 

    Location Privacy in Relation with Trusted Peers

    Klaus Rechert and Benjamin Greschbach

 

    The Role of Data Integrity in EU Digital Signature Legislation - Achieving Statutory Trust     for Sanitizable Signature Schemes

    Henrich Christopher Pöhls and Focke Höhne.

 

    Accepting Information with a Pinch of Salt: Handling Untrusted Information Sources

    Sadie Creese, Michael Goldsmith and Syed Sadiqur Rahman

 

    1600 - 17:00 : PhD winner award invited talk
                           
Automorphic Signatures and its Applications
                            Georg Fuchsbauer

 

    17:00-18:00 STM WG Meeting

 

    7:30: Gala Dinner

 

    Tuesday, 28th of June

 

    9:30 - 10: 30 Invited Talk:

Trust Extorsion on the Internet

Audun Josang, University of Oslo (Norway)
          
Abstract

The Internet is a primary arena for human interaction, e.g. for delivering commercial     and civic services and for building social communities. At the same time, the Internet   is in many ways a dangerous place because we expose ourselves to risks that are       difficult to manage. It is therefore realistic to assume that people could stop doing         business on the Internet for a shorter or longer period if they perceive the risk to be     too high. From the perspective of the service providers the negative effect could be anything from a reduction in business to large scale defection from online services. Such a change in behaviour does not need to be a rational reaction to real threats or serious security incidents, but could be the result of irrational perceptions and mass psychosis. In order to avoid the latter scenario the public must be induced to have trust in the online platform. In fact it has become a primary concern of online service providers to tightly control the dissemination of information about security incidents and vulnerabilities, precisely because negative publicity of this type undermines people's trust, resulting in a reduction in business. Online service providers clearly see a need to be perceived as having a secure IT infrastructure and Web interface, and this should primarily be achieved by actually focusing on real security. However there is a danger that organisations will implement measures aimed at inducing trust, but that in reality give little or no real added security assurance. This creates a market for "fake security", i.e. with the main purpose of giving the impression of security, and to a lesser extent of providing practical security. The need for being perceived as secure can even be amplified when security technology companies try to expand their marked by inducing fear, thereby creating an effect of "trust extortion" in the sense that companies feel obliged to buy security services that induce the impression secure. This talk focuses on certain aspects of the security industry that seem to be more aimed at giving the impression of security than of giving real security.


   

    11:00 -12:30 Access Control

 

    Risk-Aware Role-Based Access Control

    Liang Chen and Jason Crampton

 

    Hiding the Policy in Cryptographic Access Control

    Sascha Müller and Stefan Katzenbeisser

 

    Automated Analysis of Infinite State Workflows with Access Control Policies

    Alessandro Armando and Silvio Ranise

 

    14:00-15:30 Authentication and Authorization

 

    New Modalities for Access Control Logics: Permission, Control and Ratification

    Valerio Genovese and Deepak Garg

 

    Mutual Remote Attestation: Enabling System Cloning for TPM based Platforms

    Benjamin Justus, Ulrich Greveler and Dennis Löhr

 

    Security Notions of Biometric Remote Authentication Revisited

    Neyire Deniz Sarier

 

    16:00 - 17:30 Panel: New Paradigms in Trust

    Audun Josang, Carsten Rudolph, Ketil Stolen, Steve Marsh, Michael Goldsmith

 

LNCS