by Rafael Accorsi and Silvio Ranise
ERCIM’s Working Group “Security and Trust Management” (STM) is responsible for organizing the annual “International ERCIM STM Workshop”, which provides an exciting setting to catch up with the state-of-the-art in this area. The ninth edition of this workshop took place in Egham, UK, in September 2013, in conjunction with ESORICS 2013, the “European Symposium on Research in Computer Security”.
The pervasive nature of emerging information and communication technologies (ICT) brings with it new problems, including:
- New threats and the potential for existing security vulnerabilities to be exploited.
- New and unanticipated application scenarios may be accompanied by novel security threats.
- The increased virtual and physical mobility of users increases their interactions whilst rendering obsolete the notion of security perimeters.
- Privacy is also a major concern in the current ambient intelligence paradigm: devices can be interacting with users anywhere and at any time, allowing sensitive information to be gathered.
These issues create a new demand for reliable trust relationships among users, service providers, and even devices - owing to the increasing popularity of bring-your-own-device policies. End-users, technology producers, scientific and governance communities perceive these deeply intertwined problems at different levels of concern and urgency.
The ERCIM “Security and Trust Management” (STM) Working Group focuses on a series of activities that aim to foster European research and development in the areas of security, trust, and privacy in ICT. One of these activities is the annual ERCIM STM Workshop, which is affiliated with the European Symposium on Research in Computer Security (ESORICS). The workshop’s main goal is to promote progress and novel research on all theoretical and practical aspects of security and trust in ICT by acting as a forum for researchers and practitioners from academia, industry, and government.
As in previous years, the review process for this ninth workshop was very competitive. We received 46 submissions, of which 15 were selected. These, together with two keynotes delivered by Claire Vishik (Intel Corporation, U.K.) and Michael Huth (Imperial College, U.K.), provided a very rich and exciting program that gave rise to lively discussions during both the workshop sessions and the breaks.
The invited speakers approached the problems around security and trust management from several perspectives (industry, research, and practice) to give a comprehensive and novel view of the challenges ahead for the scientific and technical communities in the field. Claire Vishik reported on the Intel’s experiences on building trusted systems. Her invited speech summarized the lessons taken from the first generation of Trusted Computing, as well as the upcoming challenges for research and practice. Michael Huth presented a principled and well-founded approach to trust evidence in distributed systems. He reported on the results of an industry-funded project that provides for the verifiable numerical aggregation of trust evidence for policy-based access control. Together, these keynotes presented complementary views on the challenges of providing trust mechanisms in practical systems, as well as evidence that the provision of such mechanisms can make modern computing applications more trustworthy.
The 15 selected papers identify problems and propose solutions concerning a wide range of security and trust issues in current and future ICT applications related to privacy, cryptographic protocols, authorization and trust management policies, business processes, watermarking, networks, web and mobile applications. The proposed solutions are both theoretical and practical. The former are justified by applying rigorous mathematical techniques or formal method analysis tools, eg, to verify cryptographic protocols or to support the selective disclosure of sensitive data in trust management. The latter propose interesting extensions to existing techniques, eg, browser plug-ins to protect mobile devices from SSL vulnerabilities, or advocate greater attention to socio-technical security factors for evaluating user behaviour in choosing WiFi networks. We believe the contributed papers together with the two invited talks offer an interesting and inspiring picture of the state-of-the-art and indications on future directions in the field of security and trust. We encourage the reader to take a look at the workshop proceedings for a more in-depth overview of these and related problems (see link below).
In summary, we believe that the confluence and combination of rigorous techniques to alleviate certain technical and human-related security problems provide a great perspective for the development of hybrid techniques capable of greatly increasing the trust of both developers and users in the security of deployed ICT technologies. For all these reasons, we are very much looking forward to attending the tenth edition of the ERCIM STM workshop (affiliated with ESORICS) which will take place next year in Wroclaw, Poland.
ERCIM STM WG: http://www.iit.cnr.it/STM-WG/
ERCIM STM Workshop:
Workshop proceedings: http://link.springer.com/book/10.1007/978-3-642-41098-7/page/1
Pierangela Samarati, STM WG coordinator
Università degli Studi di Milano, Italy
Rafael Accorsi, Business Process Security Group,
University of Freiburg, Germany
Silvio Ranise, Centre for Information Technology
Fondazione Bruno Kessler, Trento, Italy