ebook img

Data Privacy Management, Autonomous Spontaneous Security, and Security Assurance: 9th International Workshop, DPM 2014, 7th International Workshop, SETOP 2014, and 3rd International Workshop, QASA 2014, Wroclaw, Poland, September 10-11, 2014. Revised Sele PDF

352 Pages·2015·13.243 MB·English
Save to my drive
Quick download
Download
Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.

Preview Data Privacy Management, Autonomous Spontaneous Security, and Security Assurance: 9th International Workshop, DPM 2014, 7th International Workshop, SETOP 2014, and 3rd International Workshop, QASA 2014, Wroclaw, Poland, September 10-11, 2014. Revised Sele

Joaquin Garcia-Alfaro · Jordi Herrera-Joancomartí Emil Lupu · Joachim Posegga · Alessandro Aldini Fabio Martinelli · Neeraj Suri (Eds.) 2 Data Privacy Management, 7 8 8 Autonomous Spontaneous S C N Security, and Security Assurance L 9th International Workshop, DPM 2014 7th International Workshop, SETOP 2014 and 3rd International Workshop, QASA 2014 Wroclaw, Poland, September 10–11, 2014, Revised Selected Papers 123 Lecture Notes in Computer Science 8872 Commenced Publication in 1973 Founding and Former Series Editors: Gerhard Goos, Juris Hartmanis, and Jan van Leeuwen Editorial Board David Hutchison Lancaster University, Lancaster, UK Takeo Kanade Carnegie Mellon University, Pittsburgh, PA, USA Josef Kittler University of Surrey, Guildford, UK Jon M. Kleinberg Cornell University, Ithaca, NY, USA Friedemann Mattern ETH Zurich, Zürich, Switzerland John C. Mitchell Stanford University, Stanford, CA, USA Moni Naor Weizmann Institute of Science, Rehovot, Israel C. Pandu Rangan Indian Institute of Technology, Madras, India Bernhard Steffen TU Dortmund University, Dortmund, Germany Demetri Terzopoulos University of California, Los Angeles, CA, USA Doug Tygar University of California, Berkeley, CA, USA Gerhard Weikum Max Planck Institute for Informatics, Saarbrücken, Germany More information about this series at http://www.springer.com/series/7410 í Joaquin Garcia-Alfaro Jordi Herrera-Joancomart (cid:129) Emil Lupu Joachim Posegga (cid:129) Alessandro Aldini Fabio Martinelli (cid:129) Neeraj Suri (Eds.) Data Privacy Management, Autonomous Spontaneous Security, and Security Assurance 9th International Workshop, DPM 2014 7th International Workshop, SETOP 2014 and 3rd International Workshop, QASA 2014 – Wroclaw, Poland, September 10 11, 2014 Revised Selected Papers 123 Editors JoaquinGarcia-Alfaro Alessandro Aldini TélécomSudParis Universityof Urbino Evry Urbino France Italy JordiHerrera-Joancomartí FabioMartinelli Universitat Autònomade Barcelona PisaResearch Area Bellaterra National Research Council-CNR Spain Pisa Italy EmilLupu ImperialCollege London Neeraj Suri London Technische UniversitätDarmstadt UK Darmstadt Germany JoachimPosegga UniversitätPassau Passau Germany ISSN 0302-9743 ISSN 1611-3349 (electronic) Lecture Notesin ComputerScience ISBN 978-3-319-17015-2 ISBN 978-3-319-17016-9 (eBook) DOI 10.1007/978-3-319-17016-9 LibraryofCongressControlNumber:2015935044 LNCSSublibrary:SL4–SecurityandCryptology SpringerChamHeidelbergNewYorkDordrechtLondon ©SpringerInternationalPublishingSwitzerland2015 Thisworkissubjecttocopyright.AllrightsarereservedbythePublisher,whetherthewholeorpartofthe material is concerned, specifically the rights of translation, reprinting, reuse of illustrations, recitation, broadcasting, reproduction on microfilms or in any other physical way, and transmission or information storageandretrieval,electronicadaptation,computersoftware,orbysimilarordissimilarmethodologynow knownorhereafterdeveloped. Theuseofgeneraldescriptivenames,registerednames,trademarks,servicemarks,etc.inthispublication doesnotimply,evenintheabsenceofaspecificstatement,thatsuchnamesareexemptfromtherelevant protectivelawsandregulationsandthereforefreeforgeneraluse. Thepublisher,theauthorsandtheeditorsaresafetoassumethattheadviceandinformationinthisbookare believedtobetrueandaccurateatthedateofpublication.Neitherthepublishernortheauthorsortheeditors give a warranty, express or implied, with respect to the material contained herein or for any errors or omissionsthatmayhavebeenmade. Printedonacid-freepaper SpringerInternationalPublishingAGSwitzerlandispartofSpringerScience+BusinessMedia (www.springer.com) Foreword from the DPM 2014 Program Chairs Thisvolumecontainstheproceedingsofthe9thDataPrivacyManagementInternational Workshop (DPM 2014), held in Wrocław, Poland, on September 10, 2014, in con- junctionwiththe19thannualEuropeanresearcheventinComputerSecurity(ESORICS 2014)symposium.TheDPMseriesstartedin2005whenthefirstworkshoptookplace in Tokyo (Japan). Since then, the event has been held every year in different venues: Atalanta-USA(2006),Istanbul-Turkey(2007),SaintMalo-France-(2008),Athens- Greece(2009),Leuven-Belgium(2010),Pisa-Italy(2011),andEgham-UK(2012). The aim of DPM is to promote and stimulate the international collaboration and researchexchangeonareasrelatedtothemanagementofprivacy-sensitiveinformation. This is a very critical and important issue for organizations and end users. It poses several challenging problems, such as translation of high-level business goals into system-level privacy policies, administration of sensitive identifiers, data integration and privacy engineering, among others. In this workshop edition, 30 submissions were received and each of them was evaluated on the basis of significance, novelty, and technical quality. The Program Committee, formed by 40 members, performed an excellent task and with the help of additional 14 referees all submissions went through a careful anonymous review process (three or more reviews per submission). In the end, six full papers, accom- panied by four short papers and one position paper were presented at the event. The final program also included a keynote talk by Jordi Herrera-Joancomartí. Wewouldliketothankeveryonewhohelpedinorganizingtheevent,includingall the members of the Organizing Committee of both ESORICS and DPM 2014. In particular,wewouldliketohighlightandacknowledgealltheeffortsfromtheteamof Mirosław Kutyłowski, for all their help and support. Our gratitude goes also to Pier- angela Samarati, Steering Committee Chair of the ESORICS Symposium, for all her arrangements to make possible the satellite events. Our special thanks to the General Chair of DPM 2014, Jordi Castellà-Roca, as well as the Steering Committee member Guillermo Navarro-Arribas, for their unconditional help since the beginning of this event.Lastbut,bynomeanstheleast,wethankalltheDPM2014ProgramCommittee members, additional reviewers, all the authors who submitted papers, and all the workshop attendees. Finally, we want to acknowledge the support received from the sponsors of the workshop: Institut Mines-Télécom, CNRS Samovar UMR 5157, Télécom SudParis, UNESCOChairinDataPrivacy,InternetInterdisciplinaryInstitute(IN3)fromtheUni- versitat Oberta de Catalunya; and projects CONSOLIDER INGENIO 2010 CSD2007- 0004ARESandTIN2011-27076-C03-02CO-PRIVACYfromtheSpanishMICINN. January 2015 Joaquin Garcia-Alfaro Jordi Herrera-Joancomartí Foreword from the SETOP 2014 Program Chairs AutonomousandSpontaneousSecurityfocusesonthedynamicsofsystembehaviorin response to threats, their detection, characterization, diagnosis, and mitigation in par- ticular through architectural and behavioral reconfiguration. Such approaches are needed in Embedded Systems, Pervasive Computing, and Cloud environments, which bridge the physical, social, and computing worlds and challenge traditional security provisions from different perspectives. Systems must be agile and continue to operate in the presence of compromise, introspective, and self-protecting rather than just hardened,resilienttomorecomplexthreats,yetmorevulnerableastheyarephysically accessible,widelyheterogeneous,andneedtointegrate long-term legacy components. Ensuringtheirresilienceandprotectingsuchsystemsatscalerequirenovelsolutions across a broad spectrum of computational and resource environments, which integrate techniques from different areas including security, network management, machine learning, knowledge representation, control theory, stochastic analysis, and software engineering among others. As in previous years, SETOP 2014 was held in conjunction with ESORICS 2014. This year, we were hosted in the historic city of Wrocław, Poland and we combined presentations from SETOP 2014 and QASA 2014 in a unique program – the topics of the two workshops being closely related. In addition to the workshop presentations this year’s program also included a keynote address by Professor Elisa Bertino on Assessing Data Trustworthiness - Concepts and Research Challenges. We are grateful to our hosts and to the ESORICS Steering and Organizing Com- mittees for hosting SETOP, to the members of the Program Committee and external reviewers. This year’s workshop would certainly not have happened without the per- sistence, dedication, and effort of its General Chair Frédéric Cuppens towhom we are indebted. AutonomousandSpontaneousSecurityisachallengingtopicandwearegratefulto the authors who submitted papers, the presenters, and attendees. January 2015 Emil Lupu Joachim Posegga Foreword from the QASA 2014 Program Chairs This post-proceedings volume contains the revised versions of papers presented at QASA 2014: 3rd International Workshop in Quantitative Aspects in Security Assur- ance, held on September 11, 2014 in Wrocław, as an affiliated event of ESORICS 2014. The QASA workshop series responds to the increasing demand for techniques to dealwithquantitativeaspectsofsecurityassuranceatseverallevelsofthedevelopment life cycle of systems and services, from requirements elicitation to run-time operation and maintenance. The aim of QASA is to bring together researchers and practitioners interested in these research topics with a particular emphasis on the techniques for service-oriented architectures. The scope of the workshop is intended to be broad, including aspects as dependability, privacy, risk, and trust. QASA 2014 received 15 submissions, each reviewed by at least 3 Program Com- mittee members. The committee decided to accept 7 papers (after two rounds of evaluations) for the post-proceedings. The program also included two invited talks, givenbyElisaBertinoonassessingdatatrustworthinessandAudunJøsangondefining assurance levels for user and server authentication. Thepresentationsandthediscussionsduringtheworkshophaveshownthatthearea ofquantitativesecurity,initsmanyfacets,isanactiveandinterestingfieldofresearch. We would like to thank the invited speakers, the authors of submitted papers, the membersoftheProgramCommittee,theexternalreferees,andthesponsors,whichare the EU projects SESAMO and SPECS and the IFIP WG 11.14 (NESSoS) on Secure Engineering.WearealsogratefulfortheuseoftheEasyChairplatform,whichoffered an effective and clear way of managing the entire review process as well as the post- proceedings production. Finally, we are also grateful to the Institute of Mathematics and Computer Science of the Wrocław University of Technology for providing the venue for QASA 2014. January 2015 Alessandro Aldini Fabio Martinelli Neeraj Suri 9th International Workshop on Data Privacy Management — DPM 2014 General Chair Jordi Castellà-Roca Universitat Rovira i Virgili, Spain Program Committee Chairs Joaquin Garcia-Alfaro Télécom SudParis, France Jordi Herrera-Joancomartí Universitat Autònoma de Barcelona, Spain Publicity Chair Guillermo Navarro-Arribas Universitat Autònoma de Barcelona, Spain Program Committee Rainer Böhme University of Münster, Germany Ana Cavalli Télécom SudParis, France Frédéric Cuppens Télécom Bretagne, France Nora Cuppens-Boulahia Télécom Bretagne, France Josep Domingo-Ferrer Universitat Rovira i Virgili, Spain Nicola Dragoni Technical University of Denmark, Denmark Christian Duncan Quinnipiac University, USA David Evans University of Derby, UK Sara Foresti Università degli Studi di Milano, Italy Sebastien Gambs University of Rennes 1, France Flavio D. Garcia Radboud University Nijmegen, The Netherlands Paolo Gasti New York Institute of Technology, USA Stefanos Gritzalis University of the Aegean, Greece Marit Hansen Unabhängiges Landeszentrum für Datenschutz, Germany Artur Hecker Télécom ParisTech, France Sokratis Katsikas University of Piraeus, Greece Evangelos Kranakis Carleton University, Canada Pascal Lafourcade IUT Clermont-Ferrand, France Maryline Laurent Télécom SudParis, France Georgios Lioudakis National Technical University of Athens, Greece Giovanni Livraga Università degli Studi di Milano, Italy Javier Lopez University of Málaga, Spain XII 9th International WorkshoponData PrivacyManagement—DPM 2014 Sotirios Maniatis Hellenic Authority for Communications Privacy, Greece Refik Molva Eurécom, France Guillermo Navarro-Arribas Universitat Autònoma de Barcelona, Spain Melek Önen Eurécom, France Cristina Perez-Sola Universitat Autònoma de Barcelona, Spain Silvio Ranise Fondazione Bruno Kessler, Italy Yves Roudier Eurécom, France Mark Ryan University of Birmingham, UK Pierangela Samarati Università degli Studi di Milano, Italy David Sanchez Universitat Rovira i Virgili, Spain Claudio Soriente ETH Zürich, Switzerland Alessandro Sorniotti SAP Research, France Vicenç Torra Artificial Intelligence Research Institute, Spain Yasuyuki Tsukada NTT Communication Science Laboratories, Japan Alexandre Viejo Universitat Rovira i Virgili, Spain Jens Weber University of Victoria, Canada Lena Wiese University of Göttingen, Germany Nicola Zannone Eindhoven University of Technology, The Netherlands Steering Committee Josep Domingo-Ferrer Universitat Rovira i Virgili, Spain Joaquin Garcia-Alfaro Télécom SudParis, France Guillermo Navarro-Arribas Universitat Autònoma de Barcelona, Spain Vicenç Torra Artificial Intelligence Research Institute, Spain AdditionalReviewers Khalifa Toumi Panagiotis Rizomiliotis Hari Siswantoro Samuel Paul Kaluvuri Maria Koukovini Alberto Blanco-Justicia Eugenia Papagiannakopoulou Maximilian Hils Jannik Dreier Aouadi Mohamed Sebastian Luhn Luis Vinh-Hoa La Riccardo Traverso Alexandru Ionut Egner

See more

The list of books you might like

Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.