Collaborative Computer Security and Trust Management

Seigneur, Jean-marc (Editor)/ Slagell, Adam (Editor)

ISBN 10: 1605664146 / ISBN 13: 9781605664149

Aims and scope of SECOVAL:

Security is usually centrally managed, for example in a form of policies duly executed by individual nodes. The SECOVAL workshop covers the alternative trend of using collaboration and trust to provide security. Instead of centrally managed security policies, nodes may use specific knowledge (both local and acquired from other nodes) to make security-related decisions. For example, in reputation-based schemes, the reputation of a given node (and hence its security access rights) can be determined based on the recommendations of peer nodes. As systems are being deployed on ever-greater scale without direct connection to their distant home base, the need for selfmanagement is rapidly increasing. Interaction after interaction, as the nodes collaborate, there is the emergence of a digital ecosystem. By guiding the local decisions of the nodes, for example, with whom the nodes collaborate, global properties of the ecosystem where the nodes operate may be guaranteed. Thus, the security property of the ecosystem may be driven by self-organizing mechanisms. Depending on which local collaboration is preferred, a more trustworthy ecosystem may emerge.

While papers will be considered that address any of the topics of security through collaboration from previous years (e.g., benefits from collaboration, methods of creating or measuring trust, self-organizing coalitions and risk analysis), the focus of the workshop will be around privacy and data sanitization. This topic is further divided into three main areas, each answering the related research questions. Contributions addressing at least one of these areas are more likely to be accepted.

What are the fundamental issues that need to be addressed in the areas of data sanitization and anonymization? What problems must be solved to make current tools more effective and sharing more wide-spread? One thing fundamentally missing from this area are metrics to help evaluate the trade-off between information loss and security/privacy. Metrics are needed to measure information loss, and they are needed to measure the utility of the computer log or data source after anonymization. A classification of the types of attacks on anonymization schemes and a formal adversarial model is lacking. Such a threat model would help to develop metrics of the security provided by an anonymization scheme. Are there other basic anonymization algorithms needed for special types of data? One of the last new algorithms developed was prefix-preserving anonymization for IP addresses. Sometimes anonymization needs to be reversed once a problem has been found. How can this be done and when is it practical? Finally, data injection attacks (e.g., an adversary can inject events into a system knowing they will appear in a later public release of anonymized data) are particularly to difficult to protect against. What methods can be used to mitigate such attacks on anonymization systems.

What are the practical problems that have yet to be addressed by current anonymization systems? What new tools and frameworks exist for the task? What are the economic implications of data sanitization and preserving privacy? What are the legal issues involved in protecting privacy, and how do they differ by geo-political areas? How can anonymization utilities be made more usable by a wider audience, and who are the potential consumers? Interesting case studies of implementations of anonymization and privacy enhancing technologies will be considered. Of particular interest are case studies by industry of how they have addressed these hurdles to data sharing. How can effective policies be created and negotiated? Do we need a common anonymization policy language, and what would we need in such a language? How can we identify sensitive information especially in the context of multiple data sources? What are some best practice guidelines that one can follow before releasing or sharing sensitive data? Finally special issues surrounding real-time anonymization and anonymity in Peer-to-Peer systems is of interest.

What privacy and data sanitization issues are specific to data bases and data mining? This would include traditional topics on privacy-preserving data mining and statistical databases. It would also include topics on inference attacks and data aggregation. Much of the research in this area has focused on privacy preserving transformations that would minimally alter traditional data mining functions (e.g., link analysis and clustering). Submissions focusing on less traditional data mining functions are especially encouraged. Another problem with anonymization is data mining across sets anonymized by different parties in different ways. New methods should be created for collaborative anonymization that makes mappings consistent between contributing parties but irreversible to all.

Topics of interest to the workshop include, but are not limited to:

Legal aspects of privacy and anonymization

Economic issues of privacy enhancing tech

Data sanitizing and privacy enhancing tools

Data sharing and anonymization case studies

Real-time anonymization issues

Anonymization policy creation & negotiation

Data sharing & sanitizing best practices

Anonymity in Peer-to-Peer networks

Classification of attacks against anonymization

Metrics of utility, anonymization strength and information loss

Anonymization / privacy-preserving algorithms

Data injection and inference attacks

Identification of sensitive fields and data

Privacy-preserving Data Mining

Statistical databases and protection of sensitive information

Data mining multiple anonymized data sources

Consistent pseudonym mappings in multi-party anonymization

Identification of data sources and types useful to share for collaborative computer security

Insights from industry and case studies

Usability issues of current anonymization tools

Workshop Co-chairs:

Jean-Marc Seigneur, University of Geneva, Switzerland.

Stephen Marsh, National Research Council of Canada.

Kiran Lakkaraju, NCSA, University of Illinois at Urbana-Champaign, USA.

Program Committee:

Ayman Kayssi, University of Beirut, Lebanon.

Pierpaolo Dondio, Trinity College Dublin, Ireland.

Bill Yurcik, Army Research Lab at Aberdeen Proving Grounds, USA.

Daniele Quercia, University College London, UK.

Karl Quinn, Ericsson R&D, Ireland.

Christian Jensen, Technical University of Denmark.

Ronald Dodge, United States Military Academy, USA.

Giannis F. Marias, University of Athens, Greece.

Dieter Sommer, IBM Research, Switzerland.

Himanshu Khurana, NCSA, University of Illinois at Urbana-Champaign, USA.

Pierangela Samarati,  Università degli Studi di Milano, Italy.

Jim Basney, NCSA, University of Illinois at Urbana-Champaign, USA.

Joerg Abendroth, Nokia Siemens Networks, Germany.

Kiran Lakkaraju, NCSA, University of Illinois at Urbana-Champaign, USA.

Konrad Wrona, SAP Research, France.

Lalana Kagal, Massachusetts Institute of Technology, USA.

Licia Capra, University College London, UK.

Michael Kinateder, SAP, Germany.

Nikita Borisov, University of Illinois at Urbana-Champaign, USA.

Noria Foukia, University of Otago, New Zealand.

Richard Anthony, University of Greenwich, UK.

Simson Garfinkel, Naval Post Graduate School, USA.

Sini Ruohomaa, University of Helsinki, Finland.

Victor S. Grishchenko, Ural State University, Russia.

Zoran Despotovic, DoCoMo Communications Laboratories Europe, Germany.

Long Presentations (20mn followed by 10mn questions)

Tailored Trustworthiness Estimations in Peer-to-Peer Networks, Katri Ylitalo, Helsinki Institute for Information Technology, and Silke Holtmanns, Nokia Research Center, Finland.

Privacy Preserving Ubiquitous Service Provisioning Based on Bayesian Network Conversion, Hiroyuki Kasai, Wataru Uchida and Shoji Kurakake, NTT DoCoMo, Japan.

Reasoning about Trust Groups to Coordinate Mobile Ad Hoc Systems, Licia Capra, University College London, UK.

Performance Evaluation of a Self-evolving Trust Building Framework, G. F. Marias, V. Tsetsos, O. Sekkas, and P. Georgiadis, University of Athens, Greece.

A Comprehensive Reputation-based Trust Model for Distributed Systems, Ayman Tajeddine, Ayman Kayssi, Ali Chehab and Hassan Artail, American University of Beirut, Lebanon.

Establishing Agreements in Dynamic Virtual Organizations, Tatyana Ryutov, Clifford Neuman, Li Zhou and Noria Foukia, University of Southern California, USA.

Risk Aware Decision Framework for Trusted Mobile Interactions, Daniele Quercia and Stephen Hailes, University College London, UK.

Short Presentations (15mn followed by 5mn questions)

Sharing Computer Network Logs for Security and Privacy: A Motivation for New Methodologies of Anonymization, Adam Slagell and William Yurcik, NCSA, University of Illinois at Urbana-Champaign, USA.

A Context-Aware Trust-based Security System for Ad Hoc Networks, Maria Moloney and Stefan Weber, Trinity College Dublin, Ireland.

Social Approaches to Trust Building in Web Technologies, Filippo Ulivieri, Istituto di Scienze e Tecnologie della Cognizione, Italy.

Computational Complexity of One Reputation Metric, Victor S. Grishchenko, Ural State University, Russia.

Towards Evidence-based Trust Brokering, Dong Huang, University of Karlsruhe, Germany, and Shane Bracher, Bond University, Australia.

Dynamic Security Teams - Towards Ubiquitous Cooperative Security, Philip Robinson, University of Karlsruhe, Germany.

Privacy in Distributed Reputation Management, Katri Ylitalo and Yki Kortesniemi, Helsinki Institute for Information Technology, Finland.

Demonstration of Security through Collaboration in the Digital Business Ecosystem, J.-M. Seigneur, Trinity College Dublin, Ireland.

New Tools to Anonymize and Share Computer Network Logs, Adam Slagell and William Yurcik, NCSA, University of Illinois at Urbana-Champaign, USA.

9:00 Welcome (by Brajendra Panda, University of Arkansas, USA)

9:15 Keynote: Past work on computational trust and future trends 

presented by Jennifer Golbeck, University of Maryland, USA

10:00 Coffee Break

10:15 Session: Computational Trust Management 

Paper: A History-Based Framework to Build Trust Management Systems 

Authors: Samuel Galice; Véronique Legrand; Marine Minier; John Mullins; Stéphane Ubéda;

presented by Samuel Galice, INRIA, France

Paper: A Unified Framework for Trust Management 

Authors: Weiliang Zhao; Vijay Varadharajan; George Bryan; 

presented by Weiliang Zhao, University of Western Sydney, Australia

Paper: SDV: A new approach to Secure Distance Vector routing protocols 

Authors: Babakhouya abdelaziz; Yacine Challal; Gharout Said; Bouabdallah Abdelmadjid; 

presented by Yacine Challal, UTC, France

Paper: An Infrastructure for Gaining Trust in Context Information 

Authors: Sven Lachmund; Laurent Bussard; Eddy Olk; Frank Fransen; 

presented by Sven Lachmund, DoCoMo Euro-Labs GmbH, Germany

12:15 Lunch Break

13:00 Session: Information Sharing 

Paper: Communal Governed Transaction Among Decentralized Agents 

Authors: Avinanta Tarigan; 

presented by Avinanta Tarigan, Universität Bielefeld, Germany

Paper: Towards Cooperative Self-Protecting Mobile Devices using Trustful Relationships 

Authors: Stephan Groß; 

presented by Stephan Groß, Technische Universität Dresden, Germany 

Paper: Outsourcing Security Analysis with Anonymized Logs 

Authors: Nikita Borisov; Jianqing Zhang; William Yurcik; 

presented by Nikita Borisov, University of Illinois at Urbana-Champaign, USA 

14:30 Coffee Break 

15:00 Session: Online Reputation 

Paper: Reputation-Based Algorithm for Managing Trust in Gnutella Network 

Authors: Ali Chehab; Ayman Kayssi; Lara Srour; 

presented by Ayman Kayssi, University of Beirut, Lebanon

Paper: Reputation-based Trust-Aware Recommender System 

Authors: Sukumal Kitisin; Clifford Neuman; 

presented by Clifford Neuman, University of Southern California, USA

Paper: A Customizable Reputation-based Privacy Assurance System using Active Feedback 

Authors: Stephen Crane; Marco Casassa Mont;

presented by Stephen Crane, Hewlett-Packard, United Kingdom

16:30 Panel: Wrap-up 

Discussions among workshop attendees