STM 2014
10th International Workshop on Security and Trust Management
in conjunction with ESORICS 2014
Wrocław, Poland - September 10-11, 2014
Program
Day 1 – September 10 – Wednesday
-
09:00-09:15 Opening 09:15-10:00 Invited talk by Javier Lopez
Prof. Javier Lopez is Full Professor in the Computer Science Department at the University of Malaga. His research activities are mainly focused on network security, security protocols and critical information infrastructures, leading a number of national and international research projects in those areas, including projects in FP5, FP6 and FP7 European Programmes. Prof. Lopez is the Spanish representative in the IFIP Technical Committee 11 on Security and Protection in Information Systems, as well as the Spanish coordinator of ISO/IEC JTC1/SC27 WG5 on Identity management and privacy technologies. He is Co-Editor in Chief of International Journal of Information Security (IJIS), and a member of the Editorial Boards of, amongst others, IEEE Wireless Communications, Computers & Security, IEEE Internet of Things Journal, Journal of Computer Security, IET Information Security, and International Journal on Critical Infrastructure Protection. In the past, he was Chair of the IFIP Working Group 11.11 on Trust Management, and Chair of the ERCIM Working Group on Security and Trust Management.Title: Traffic analysis countermeasures in WSN Abstract: Traffic analysis is a useful tool to uncover sensitive information from online communication patterns. These techniques have been extensively studied and used on the Internet, but are not limited to this domain. This talk firstly overviews the consequences of various types of traffic analysis attacks on Wireless Sensor Networks (WSNs). Then, it concentrates on a noteworthy implication of traffic analysis, that is, the leakage of location information about the data sources and the base station in the WSN. We also will reason why to devise tailored solutions to these problems in WSNs despite the number of anonymous communication systems available for general computer networks. Additionally, we will present and analyse the main features of the countermeasures against those adversaries that have the ability to observe the communications of a limited portion of the WSN, as well as those more powerful adversaries capable of monitoring the whole network. The talk will conclude by presenting some research challenges and open questions. - 10:00-10:15 Short break
Session: Verification
-
10:15-10:45 Sonia Santiago, Santiago Escobar, Catherine Meadows and Jose Meseguer. A Formal Definition of Protocol Indistinguishability and its Verification Using Maude-NPA -
10:45-11:15 Aleksandar S. Dimovski. Ensuring Secure Non-interference of Programs by Game Semantics - 11:15-11:45 Coffee break
Session: Privacy & Implementation security
-
11:45-12:15 Thibaud Antignac and Daniel Le Métayer. Privacy Architectures: Reasoning About Data Minimisation and Integrity -
12:15-12:35 Michael Backes, Niklas Grimm and Aniket Kate. Short paper Lime: Data Lineage in the Malicious Environment -
12:35-12:55 Paolo Modesti. Short paper Efficient Java Code Generation of Security Protocols specified in AnB/AnBx - 13:00-14:30 Lunch
Session: Access Control 1
-
14:30-15:00 Silvio Ranise and Riccardo Traverso. ALPS: An Action Language for Policy Specification and Automated Safety Analysis -
15:00-15:30 Jason Crampton and Charles Morisset. Monotonicity and Completeness in Attribute-based Access Control -
15:30-15:50 Ginés Dólera Tormo, Félix Gómez Mármol and Gregorio Martínez Pérez. Short paper ROMEO: ReputatiOn Model Enhancing OpenID Simulator -
15:50-16:10 Asad Ali and Maribel Fernández. Short paper Hybrid Enforcement of Category-Based Access Control - 16:10-16:40 Coffee break
- 16:40-18:00 ERCIM STM Business Meeting
Day 2 – September 11 – Thursday
- 09:00-09:15 STM award ceremony
-
09:15-10:00 Presentation by award winner: Juraj Somorovsky On the Insecurity of XML Security - 10:00-10:15 Short break
Session: Access Control 2
-
10:15-10:45 Jason Crampton and James Sellwood. Caching and Auditing in the RPPM Model -
10:45-11:15 Aliaksandr Lazouski, Fabio Martinelli, Paolo Mori and Andrea Saracino. Stateful Usage Control for Android Mobile Devices - 11:15-11:45 Coffee break
Session: Education & Evaluation
-
11:45-12:15 Charles Morisset, Iryna Yevseyeva, Thomas Gross and Aad Van Moorsel. A Formal Model for Soft Enforcement: Influencing the Decision-Maker -
12:15-12:35 Gamze Canova, Melanie Volkamer, Clemens Bergmann and Roland Borza. Short paper NoPhish - An Anti-Phishing Education App -
12:35-12:55 Filip Jurnečka, Martin Stehlík and Vashek Matyas. Short paper Evaluation of key management schemes in wireless sensor networks - 13:00-14:30 Lunch
Session: Economic Domain
-
14:30-15:00 Pankaj Pandey and Einar Snekkenes. Using Prediction Markets to Hedge Information Security Risks -
15:00-15:30 Vangalur Alagar and Kaiyu Wan. Integrating Trust and Economic Theories with Knowledge Science for Dependable Service Automation -
15:30-16:00 Tobias Bamert, Christian Decker, Roger Wattenhofer and Samuel Welten. BlueWallet: The Secure Bitcoin Wallet - 16:00-16:10 Closing
- 16:10-16:40 Coffee break