|
1st International
Conference on Information Systems Security (ICISS 2005) | |||||||||||
|
ICISS 2005 PROGRAM
The venue of the conference is Dr. H. L. Roy Auditorium in the Indian Institute of Chemical Engineers near Gate No. 3 of Jadavpur University Main Campus. See the Venue Map below.
 |
Ernesto Damiani | Professor, Dept. of Computer Technology, University of Milan, Italy. | ||||||
|
Exploiting Location-based and Video Information in Negotiated Access Control Policies Abstract As the global information infrastructure is becoming more and more pervasive, digital business transactions are increasingly performed using a variety of mobile devices and across multiple communication channels. In this new paradigm of distributed access, a much richer context representation regarding both users and the resources they access could be available to applications, potentially supporting highly expressive and intelligent policies regulating access and fruition. On the other hand, checking advanced context-related information when evaluating a policy involves several unsolved research issues. Predicates representing users' position and posture (e.g., as shown in a video feed), for instance, are semantically different from traditional ones inasmuch their outcome is both highly dynamic and uncertain. The aims of this work are threefold: (i) present some of our our recent work in dynamic context representation, including data streams encoding users location and video images. (ii) discuss the integration of dynamic context representation within current approaches to negotiated access control in a mobile environment.
| ||||||||
 |
Vijay Varadharajan | Microsoft Chair Professor in Computing, Macquarie
University Director : Information and Networked System Security Research Technical Board Director, Australian Computer Society (ACS) Adjunct Professor, University of Western Sydney Macquarie
University | ||||||
|
Authorization and Trust Enhanced Security for Distributed Applications Abstract Security issues are becoming even more significant in the age of pervasive mobile networked computing where we have different types of information being used by mobile and fixed large scale distributed applications interacting over wireless and wired networks to deliver useful services to enterprises and users, fixed and mobile. Service oriented architectures and web services are being recognized as one of the key areas to businesses and applications in such a networked computing context. This talk will begin first by considering some of the security challenges and issues in the area web services. We will outline some of the recent work that is being done in the area of web services security, which deal primarily with secure communications at the transport level. However considerable challenges remain in the design of large scale secure distributed applications based on web services at the higher levels of security policy and management. The main focus of this talk will address the issues of authorization and trust in a federated distributed environment. In this context, we will describe some of our current work in the area of secure authorization service for practical large scale distributed systems. We will present the design of web services authorization architecture and discuss its implementation within the .NET framework. Then we will describe some of our work in the area of trust in distributed systems. In particular, we will describe the notion of “hybrid” trust models, which bring together the so called “hard” trust (based on traditional security mechanisms) with the “soft” trust based on social control aspects such as recommendations, observations and experience. We will outline some of our work in this area of combining hard and soft trust and integrating them to provide a trust enhanced authorization system for distributed applications.
| ||||||||
 |
R. Sekar | Associate Professor of Computer Science Director, Center for Cybersecurity, State University of New York, Stony Brook, USA | ||||||
|
Model-Carrying Code: A Framework for Safe Execution of Mobile and Untrusted Code Abstract Starting from Melissa email virus and continuing to some of the recent phishing attacks, malicious mobile code has become a major security threat facing the Internet today. Yet, the use of such code has continued to expand. Mobile code appears in many forms such as ``active web pages,'' multi-media viewers and players, games, P2P applications and freeware/shareware applications. Current approaches for mobile/untrusted code security haven't been very successful. Virus and malicious code detection techniques rely on attack signatures, and are hence limited to previously known attacks. Behavior confinement ("sandboxing") techniques can cope with unknown malicious behavior, but often end up preventing benign code from carrying out useful functions. In contrast, we describe a new framework, called model-carrying code (MCC), that enables code consumers to benefit from benign mobile code, while minimizing the risk of damage due to malicious or faulty behavior. In this talk, I will describe the MCC framework, and summarize the key techniques that we have developed in intrusion detection, model-checking, security policy enforcement, and isolated program execution in order to realize this framework. We conclude with a discussion of our experiences in incorporating MCC seamlessly into tools that serve as conduits for untrusted code, including software installers, email handlers, and browsers.
| ||||||||
 |
Patrick McDaniel | Hartz Family Career Development Assistant Professor,
Department of Computer Science and Engineering, The Pennsylvania
State University, 360A Information Sciences and Technology
Building University Park, PA 16802 USA | ||||||
|
Understanding Mutable Internet Pathogens or How I Learned to Stop Worrying and Love Parasitic Behavior Abstract Worms are becoming increasingly hostile. The exponential growth of infection rates allows small outbreaks to have worldwide consequences within minutes. Moreover, the collateral damage caused by infections can cripple the entire Internet. While harmful, such behaviors have historically been short-lived. We assert the future holds much more caustic malware. Attacks based on mutation and covert propagation are likely to be ultimately more damaging and long lasting. This assertion is supported by observations of natural systems, where similarly behaving parasites represent by far the most successful class of living creatures. This talk considers a parasite for the Internet, providing biological metaphors for its behavior and demonstrating the structure of pathogens. Through simulation, we show that even with low infection rates, a mutating pathogen will eventually infect an entire community. We posit the inevitability of such parasites, and consider ways that they can be mitigated.
| ||||||||
| Time | ||||
|---|---|---|---|---|
| Monday Morning (December 19, 2005) | ||||
| 0845 – 0945 | Inauguration | |||
| 0945 – 1045 | Keynote
Speech (1)
Vijay Varadharajan: Authorization and Trust Enhanced Security for Distributed Application | |||
| 1045 – 1100 | Tea Break | |||
| 1100 – 1230 |
Technical Session-1 Trust Management and Delegation | |||
| Paper Name | Author | |||
| “Auditable Anonymous Delegation” | Bruce
Christianson, Partha Das Chowdhury and James Malcolm
Computer Science Department University of Hertfordshire England | |||
| “A Robust Double Auction Protocol based on a Hybrid Trust Model” | JungHoon Ha,
JianyingZhou and SangJae Moon School of Electrical Eng. & ComputerScience, Kyungpook National University. Korea | |||
| “VTrust: A Trust Management System Based on a Vector Model of Trust” | Indrajit Ray, Indrakshi
Ray and Sudip Chakraborty
Computer Science Department Colorado State University, Fort Collins, CO 80523 | |||
| “Analysis and Modeling of Trust in Distributed Information Systems” | Weiliang Zhao,
Vijay Varadharajan and George Bryan School of Computing and Information Technology,University of Western Sydney, Australia | |||
| 1230 – 1400 | Lunch | |||
| 1400 – 1500 | Keynote
Speech (2)
Patrick McDaniel: Understanding Mutable Internet Pathogens or How I Learned to stop Worrying and Love Parasitic behavior | |||
| 1500 – 1530 | Tea Break | |||
| 1530 – 1700 | Technical
Session-2
Intrusion Detection, Fraud Detection and Cryptographic Applications | |||
| Paper Name | Author | |||
| “Detecting ARP Spoofing: An Active Technique” | Vivek
Ramachandran and Sukumar Nandi Cisco Systems, Inc., Banagalore | |||
| “Episode Based Masquerade Detection” | Subrata Kumar
Dash, Krupa Sagar Reddy and Arun K Pujari A I Lab, University of Hyderabad, Hyderabad, 500 046, INDIA | |||
| “A Game-Theoretic Approach to Credit Card Fraud Detection” | Vishal Vatsa,
Shamik Sural and A. K. Majumdar
Department of Computer Science & Engineering, School of Information Technology, Indian Institute of Technology, Kharagpur, India | |||
| “Modifications of SHA-0 To Prevent Attacks” | Roshni
Chatterjee, Moiz A. Saifee and Dipanwita RoyChowdhury Dept. of Computer Science & Engineering, Indian Institute of Technology Kharagpur, INDIA-721302 | |||
| “How to Solve Key Escrow and Identity Revocation in Identity-based Encryption Scheme” | JoongHyo Oh,
KyungKeun Lee and SangJae Moon
Digital
Certification Center, | |||
| “On Broadcast Encryption with Random Key Pre-distribution Schemes” | Mahalingam
Ramkumar Department of Computer Science and Engineering, Mississippi State University, Mississippi State, MS 39762, USA | |||
| 1700 – 1800 | Business Meeting | |||
| Tuesday Morning (December 20, 2005) | ||||
| 0900 – 1000 | Keynote
Speech (3)
R Sekar: Model-Carrying Code: A Framework for Safe Execution of Mobile and Untrusted Code | |||
| 1000 – 1030 | Tea Break | |||
| 1030 – 1200 |
Technical Session-3 Sensor, Ad hoc Network and Wireless Security | |||
| Paper Name | Author | |||
| “A Key Reshuffling Scheme for Wireless Sensor Networks” | Ashok Kumar
Das
Department of Computer Science and Engineering, Indian Institute of Technology, Kharagpur-721 302, India | |||
| “CCMEA : Customized Cellular Message Encryption Algorithm for Wireless Networks” | Debdeep
Mukhopadhyay, Abhishek Chaudhary, Arvind Nebhmani and Dipanwita
RoyChowdhury Department of Computer Science and Engineering, Indian Institute of Technology, Kharagpur-721 302, India | |||
| “A Hybrid Design of Key Pre-distribution Scheme for Wireless Sensor Networks” | Dibyendu
Chakrabarti, Subhamoy Maitra and Bimal Roy Applied Statistics Unit, Indian Statistical Institute, 203 B T Road, Kolkata 700 108, India | |||
| 1200 – 1330 | Lunch | |||
| 1330 – 1430 | Keynote
Speech (4)
Ernesto Damiani: Exploiting Location based and Video Information in Negotiated Access Control Policies | |||
| 1430 – 1500 | Tea Break | |||
| 1500 – 1700 |
Technical Session-4 Privacy, Access Control, Database and Network Security | |||
| Paper Name | Author | |||
| “EPAL based Privacy Enforcement Using ECA rules” | Jaijit
Bhattacharya and S.K. Gupta Indian Institute of Technology, Delhi, India | |||
| “An Attribute Graph Based Approach to Map Local Access Control Policies to Credential Based Access Control Policies” | Janice Warner,
Vijayalakshmi Atluri and Ravi Mukkamala
MSIS Department and CIMIC Rutgers University, Newark, NJ 07012, USA
| |||
| “Protection of relationships in XML documents with the XML-BB model” | Frederic
Cuppens, Nora Cuppens-Boulahia and Thierry Sans
GET/ENST Bretagne, 2 rue de la Chataigneraie, 35512 Cesson-Sevigne Cedex, France | |||
| “EISA - An Enterprise Application Security Solution for Databases” | V Radha and N
Hemanth Kumar Institute for Development and Research in Banking Technology, IDRBT, Reserve Bank of India, Hyderabad, India | |||
| “Event Detection in Multilevel Secure Active Databases” | Indrakshi Ray
and Wei Huang
Department of Computer Science Colorado State University Fort Collins, CO 80523 | |||
| “Key management for multicast fingerprinting” | Jian WANG,
Lein HARN and Hideki IMAI College of Information Science & Technology, Nanjing University of Aeronautics and Astronautics, Nanjing, China, 210016 | |||
| 1800 | Cultural Programme and Banquet | |||
| Wednesday Morning (December 21, 2005) | ||||
| 0900 – 1000 | Keynote
Speech (5)
Prem Chand: Building India the Destination for Secure Software Development - Next Wave of Opportunities for the IT Industry | |||
| 1000 – 1030 | Tea Break | |||
| 1030 – 1200 | Research Projects Presentation | |||
| Project Name | Contributor | |||
| “A Framework for Examining Skill Specialization, Gender Inequity, and Career Advancement in the Information Security Field” | Sharmistha Bagchi-Sen, JinKyu Lee, H. Raghav Rao, Shambhu Upadhyaya | |||
| “SPEAR: Design of a Secured Peer-to-Peer Architecture” | Jaydev Misra, Pinakpani Pal, Aditya Bagchi | |||
| “A Web-Enabled Enterprise Security Management Framework Based on a Unified Model of Enterprise Information System Security” | Anirban Sengupta, Aniruddha Mukhopadhyay, Koel Ray, Aveek Guha Roy, Dipankar Aich, Mridul Sankar Barik, Chandan Mazumdar | |||
| “Development of a Comprehensive Intrusion Detection System - Challenges and Approaches” | N. Subramanian, Pramod S. Pawar, Mayank Bhatnagar, Nihar S. Khedekar, Srinivas Guntupalli, N. Satyanarayana, V.K. Vijaykumar, Praveen D. Ampatt, Rajiv Ranjan, Prasad J. Pandit | |||
| “A Transparent End-to-End Security Solution” | Shince Thomas, Devesh Misra, P.R. Lakshmi Eswari, N. Sarat Chandra Babu | |||
| 1200 – 1300 | Industrial Projects Presentation 1 | |||
| 1300 – 1400 |
Lunch | |||
| 1400 – 1500 | Panel
Discussion
“Whither Information Security Research & Education” | |||
| 1500 – 1600 | Industrial Projects Presentation 2 | |||
| 1600 – 1630 |
Concluding Session | |||
| 1630 |
Farewell Tea | |||
|
Home Call For Papers Registration Author Instructions Committees Tutorials Proceedings Location Accommodation Sponsors |
|
Center For
Distributed Computing Jadavpur University Center for Secure Information Systems, George Mason University, Fairfax, VA
Mesra Ranchi |
