In addition to the ACM SAC TRECK track, the trustcomp community has organized 3 editions of the IEEE SECURECOMM SECOVAL workshop from 2005 to 2007. SECOVAL meant the value of security through collaboration and the outcomes of the 3 workshops have been summarized in this book: Collaborative Computer Security and Trust Management Seigneur, Jean-marc (Editor)/ Slagell, Adam (Editor) Edité par Information Science Reference, 2009 ISBN 10: 1605664146 / ISBN 13: 9781605664149 Aims and scope of SECOVAL: Security is usually centrally managed, for example in a form of policies duly executed by individual nodes. The SECOVAL workshop covers the alternative trend of using collaboration and trust to provide security. Instead of centrally managed security policies, nodes may use specific knowledge (both local and acquired from other nodes) to make security-related decisions. For example, in reputation-based schemes, the reputation of a given node (and hence its security access rights) can be determined based on the recommendations of peer nodes. As systems are being deployed on ever-greater scale without direct connection to their distant home base, the need for selfmanagement is rapidly increasing. Interaction after interaction, as the nodes collaborate, there is the emergence of a digital ecosystem. By guiding the local decisions of the nodes, for example, with whom the nodes collaborate, global properties of the ecosystem where the nodes operate may be guaranteed. Thus, the security property of the ecosystem may be driven by self-organizing mechanisms. Depending on which local collaboration is preferred, a more trustworthy ecosystem may emerge. Any useful collaboration is at some point sharing data.Unfortunately, data sharing is one of the greatest hurdles getting in the way of otherwise beneficial collaborations. Data regarding one’s security stance is particularly sensitive, often indicating ones own security weaknesses. This data could include computer or network logs of security incidents, architecture documents, or sensitive organizational information. Even when the data may not compromise the data owner’s security stance, sharing may violate a customer’s privacy. Data sanitization techniques such as anonymization and other mechanisms such as privacy-preserving data mining and statistical data mining try to address this tension between the need to share information and protect sensitive information and user privacy. While papers will be considered that address any of the topics of security through collaboration from previous years (e.g., benefits from collaboration, methods of creating or measuring trust, self-organizing coalitions and risk analysis), the focus of the workshop will be around privacy and data sanitization. This topic is further divided into three main areas, each answering the related research questions. Contributions addressing at least one of these areas are more likely to be accepted. What are the fundamental issues that need to be addressed in the areas of data sanitization and anonymization? What problems must be solved to make current tools more effective and sharing more wide-spread? One thing fundamentally missing from this area are metrics to help evaluate the trade-off between information loss and security/privacy. Metrics are needed to measure information loss, and they are needed to measure the utility of the computer log or data source after anonymization. A classification of the types of attacks on anonymization schemes and a formal adversarial model is lacking. Such a threat model would help to develop metrics of the security provided by an anonymization scheme. Are there other basic anonymization algorithms needed for special types of data? One of the last new algorithms developed was prefix-preserving anonymization for IP addresses. Sometimes anonymization needs to be reversed once a problem has been found. How can this be done and when is it practical? Finally, data injection attacks (e.g., an adversary can inject events into a system knowing they will appear in a later public release of anonymized data) are particularly to difficult to protect against. What methods can be used to mitigate such attacks on anonymization systems. What are the practical problems that have yet to be addressed by current anonymization systems? What new tools and frameworks exist for the task? What are the economic implications of data sanitization and preserving privacy? What are the legal issues involved in protecting privacy, and how do they differ by geo-political areas? How can anonymization utilities be made more usable by a wider audience, and who are the potential consumers? Interesting case studies of implementations of anonymization and privacy enhancing technologies will be considered. Of particular interest are case studies by industry of how they have addressed these hurdles to data sharing. How can effective policies be created and negotiated? Do we need a common anonymization policy language, and what would we need in such a language? How can we identify sensitive information especially in the context of multiple data sources? What are some best practice guidelines that one can follow before releasing or sharing sensitive data? Finally special issues surrounding real-time anonymization and anonymity in Peer-to-Peer systems is of interest. What privacy and data sanitization issues are specific to data bases and data mining? This would include traditional topics on privacy-preserving data mining and statistical databases. It would also include topics on inference attacks and data aggregation. Much of the research in this area has focused on privacy preserving transformations that would minimally alter traditional data mining functions (e.g., link analysis and clustering). Submissions focusing on less traditional data mining functions are especially encouraged. Another problem with anonymization is data mining across sets anonymized by different parties in different ways. New methods should be created for collaborative anonymization that makes mappings consistent between contributing parties but irreversible to all. Topics of interest to the workshop include, but are not limited to: Legal aspects of privacy and anonymization Economic issues of privacy enhancing tech Data sanitizing and privacy enhancing tools Data sharing and anonymization case studies Real-time anonymization issues Anonymization policy creation & negotiation Data sharing & sanitizing best practices Anonymity in Peer-to-Peer networks Classification of attacks against anonymization Metrics of utility, anonymization strength and information loss Anonymization / privacy-preserving algorithms Data injection and inference attacks Identification of sensitive fields and data Privacy-preserving Data Mining Statistical databases and protection of sensitive information Data mining multiple anonymized data sources Consistent pseudonym mappings in multi-party anonymization Identification of data sources and types useful to share for collaborative computer security Insights from industry and case studies Usability issues of current anonymization tools Workshop Co-chairs: Adam Slagell, NCSA, University of Illinois at Urbana-Champaign, USA. Jean-Marc Seigneur, University of Geneva, Switzerland. Stephen Marsh, National Research Council of Canada. Kiran Lakkaraju, NCSA, University of Illinois at Urbana-Champaign, USA. Program Committee: Piotr Cofta, British Telecom, UK. Ayman Kayssi, University of Beirut, Lebanon. Pierpaolo Dondio, Trinity College Dublin, Ireland. Bill Yurcik, Army Research Lab at Aberdeen Proving Grounds, USA. Daniele Quercia, University College London, UK. Karl Quinn, Ericsson R&D, Ireland. Christian Jensen, Technical University of Denmark. Ronald Dodge, United States Military Academy, USA. Giannis F. Marias, University of Athens, Greece. Dieter Sommer, IBM Research, Switzerland. Himanshu Khurana, NCSA, University of Illinois at Urbana-Champaign, USA. Pierangela Samarati, Università degli Studi di Milano, Italy. Jim Basney, NCSA, University of Illinois at Urbana-Champaign, USA. Joerg Abendroth, Nokia Siemens Networks, Germany. Kiran Lakkaraju, NCSA, University of Illinois at Urbana-Champaign, USA. Konrad Wrona, SAP Research, France. Lalana Kagal, Massachusetts Institute of Technology, USA. Licia Capra, University College London, UK. Michael Kinateder, SAP, Germany. Nikita Borisov, University of Illinois at Urbana-Champaign, USA. Noria Foukia, University of Otago, New Zealand. Richard Anthony, University of Greenwich, UK. Simson Garfinkel, Naval Post Graduate School, USA. Sini Ruohomaa, University of Helsinki, Finland. Victor S. Grishchenko, Ural State University, Russia. Zoran Despotovic, DoCoMo Communications Laboratories Europe, Germany.
Long Presentations (20mn followed by 10mn questions) Tailored Trustworthiness Estimations in Peer-to-Peer Networks, Katri Ylitalo, Helsinki Institute for Information Technology, and Silke Holtmanns, Nokia Research Center, Finland. Privacy Preserving Ubiquitous Service Provisioning Based on Bayesian Network Conversion, Hiroyuki Kasai, Wataru Uchida and Shoji Kurakake, NTT DoCoMo, Japan. Reasoning about Trust Groups to Coordinate Mobile Ad Hoc Systems, Licia Capra, University College London, UK. Performance Evaluation of a Self-evolving Trust Building Framework, G. F. Marias, V. Tsetsos, O. Sekkas, and P. Georgiadis, University of Athens, Greece. A Comprehensive Reputation-based Trust Model for Distributed Systems, Ayman Tajeddine, Ayman Kayssi, Ali Chehab and Hassan Artail, American University of Beirut, Lebanon. Establishing Agreements in Dynamic Virtual Organizations, Tatyana Ryutov, Clifford Neuman, Li Zhou and Noria Foukia, University of Southern California, USA. Risk Aware Decision Framework for Trusted Mobile Interactions, Daniele Quercia and Stephen Hailes, University College London, UK. Short Presentations (15mn followed by 5mn questions) Sharing Computer Network Logs for Security and Privacy: A Motivation for New Methodologies of Anonymization, Adam Slagell and William Yurcik, NCSA, University of Illinois at Urbana-Champaign, USA. A Context-Aware Trust-based Security System for Ad Hoc Networks, Maria Moloney and Stefan Weber, Trinity College Dublin, Ireland. Social Approaches to Trust Building in Web Technologies, Filippo Ulivieri, Istituto di Scienze e Tecnologie della Cognizione, Italy. Computational Complexity of One Reputation Metric, Victor S. Grishchenko, Ural State University, Russia. Towards Evidence-based Trust Brokering, Dong Huang, University of Karlsruhe, Germany, and Shane Bracher, Bond University, Australia. Dynamic Security Teams - Towards Ubiquitous Cooperative Security, Philip Robinson, University of Karlsruhe, Germany. Privacy in Distributed Reputation Management, Katri Ylitalo and Yki Kortesniemi, Helsinki Institute for Information Technology, Finland.
Demonstration of Security through Collaboration in the Digital Business Ecosystem, J.-M. Seigneur, Trinity College Dublin, Ireland. New Tools to Anonymize and Share Computer Network Logs, Adam Slagell and William Yurcik, NCSA, University of Illinois at Urbana-Champaign, USA.
9:00 Welcome (by Brajendra Panda, University of Arkansas, USA) 9:15 Keynote: Past work on computational trust and future trends presented by Jennifer Golbeck, University of Maryland, USA 10:00 Coffee Break 10:15 Session: Computational Trust Management Paper: A History-Based Framework to Build Trust Management Systems Authors: Samuel Galice; Véronique Legrand; Marine Minier; John Mullins; Stéphane Ubéda; presented by Samuel Galice, INRIA, France Paper: A Unified Framework for Trust Management Authors: Weiliang Zhao; Vijay Varadharajan; George Bryan; presented by Weiliang Zhao, University of Western Sydney, Australia Paper: SDV: A new approach to Secure Distance Vector routing protocols Authors: Babakhouya abdelaziz; Yacine Challal; Gharout Said; Bouabdallah Abdelmadjid; presented by Yacine Challal, UTC, France Paper: An Infrastructure for Gaining Trust in Context Information Authors: Sven Lachmund; Laurent Bussard; Eddy Olk; Frank Fransen; presented by Sven Lachmund, DoCoMo Euro-Labs GmbH, Germany 12:15 Lunch Break 13:00 Session: Information Sharing Paper: Communal Governed Transaction Among Decentralized Agents Authors: Avinanta Tarigan; presented by Avinanta Tarigan, Universität Bielefeld, Germany Paper: Towards Cooperative Self-Protecting Mobile Devices using Trustful Relationships Authors: Stephan Groß; presented by Stephan Groß, Technische Universität Dresden, Germany Paper: Outsourcing Security Analysis with Anonymized Logs Authors: Nikita Borisov; Jianqing Zhang; William Yurcik; presented by Nikita Borisov, University of Illinois at Urbana-Champaign, USA 14:30 Coffee Break 15:00 Session: Online Reputation Paper: Reputation-Based Algorithm for Managing Trust in Gnutella Network Authors: Ali Chehab; Ayman Kayssi; Lara Srour; presented by Ayman Kayssi, University of Beirut, Lebanon Paper: Reputation-based Trust-Aware Recommender System Authors: Sukumal Kitisin; Clifford Neuman; presented by Clifford Neuman, University of Southern California, USA Paper: A Customizable Reputation-based Privacy Assurance System using Active Feedback Authors: Stephen Crane; Marco Casassa Mont; presented by Stephen Crane, Hewlett-Packard, United Kingdom 16:30 Panel: Wrap-up Discussions among workshop attendees |