Important Dates

  • Paper
    12 June 2011 (extended)
  • Notification:
    11 July 2011
  • Final version due:
    20 July 2011
  • Workshop:
    8 September 2011

Technical
Co-Sponsors


IEEE

sys

Supported by

SnT

UNILU

UNICT

DMU

RHUL

Programme

The workshop's programme is also available in PDF

Session 1: Invited Talk
9:10-10:15 On collaboration and non-collaboration in network security - two case studies
Prof. Luca Viganò (Univ. of Verona)

Abstract: The study of collaboration (and of non-collaboration) is becoming more and more important in the formal analysis of modern systems for network security since the attitude of the system agents may actually play a crucial role in ensuring, or endangering, the security of the system as a whole. In this talk, I will present two case studies that illustrate this further (joint work with Matteo Cristani and Erisa Karafili, and Maria-Camilla Fiazza and Michele Peroli, respectively). First, I will consider the fact that, similar to what happens between humans in the real world, in open multi-agent systems distributed over the Internet, such as online social networks or wiki technologies, agents often form coalitions by agreeing to act as a whole in order to achieve certain common goals. However, agent coalitions are not always a desirable feature of a system, as malicious or corrupt agents may collaborate in order to subvert or attack the system. I will thus consider the problem of hidden coalitions, whose existence and the purposes they aim to achieve are not known to the system, and present a solution to this problem by means of methods that block the actions of potentially dangerous agents, i.e. possibly belonging to such coalitions. Second, I will discuss how although computer security typically revolves around threats, attacks and defenses, the sub-field of security protocol analysis (SPA) has so far focused almost exclusively on the notion of attack. I will motivate that there is room in SPA for a fruitful notion of defense and that the conceptual bridge lies in the notion of multiple non-collaborating attackers. To support SPA for defense-identification, I will propose a paradigm shift that brings security closer to the conceptual tools of fields that have a rich notion of agent, such as robotics and AI, in contrast to the weak notion of agent that is typical of SPA.
10:15-11:45 Coffee break
Session 2: Security and Trust Models with Social/Human Aspects
10:45-11:15 Security Requirements Engineering via Commitments
F. Dalpiaz, E. Paja, and P. Giorgini (University of Trento)
11:15-11:45 Information Security as Organizational Power: A framework for re-thinking security policies
P. Inglesant, and M. A. Sasse (University College London)
11:45-12:15 Controlled Data Sharing in E-health
I. Matteucci, P. Mori, M. Petrocchi, and L. Wiegand (IIT-CNR)
12:15-12:45 An Approach to Measure Effectiveness of Control for Risk Analysis with Game Theory
L. Rajbhandari, and E. Snekkenes (Norwegian Information Security Laboratory)
12:45-14:00 Lunch
Session 3: Session: Security and Trust for Socio-Technical Systems
14:00-14:30 Camera Use in the Public Domain: Towards a "Big Sister" Approach
M. van der Sar, I. Mulder, and S.Choenni (Human Centered ICT, School of Communication, Media and Information Technology Rotterdam University of Applied Science)
14:30-15:00 User Study of the Improved Helios Voting System Interface
F. Karayumak, M. Kauer, M. M. Olembo, T.Volk, and M. Volkamer (Technische Universität Darmstadt)
15:00-15:30 Information Security Management Systems and Sociotechnical Walkthroughs
K.-U. Loser, A. Nolte, and H. te Neues (Ruhr-University Bochum)
15:30-16:00 Coffee Break
Session 4: Session: Social/Human Perception of Security and Trust
16:00-16:30 On-line Trust Perception: What Really Matters
E. Costante, J. den Hartog, and M. Petkovic (TU/e)
16:30-17:00 Trustworthy and Effective Communication of Cybersecurity Risks: A Review
J. R. C. Nurse, S. Creese, M. Goldsmith, and K. Lamberts (University of Warwick)
17:00-17:30 Panel Discussion
17:30-17:40 Closing of the Workshop