PADG 2018 - 2nd International Workshop on Policy-based Autonomic Data Governance

In conjunction with the 23rd European Symposium on Research in Computer Security (ESORICS 2018) September 3-7, 2018, Barcelona, Spain

The PADG Workshop will be held on September 6 along with the SIoT Workshop. The Joint Program and Keynote information are included below.

SIoT (Secure Internet of Things)
SIoT is a community where interested stakeholders, from academia and industry, can present their original work on providing a secure environment for connecting systems in an Internet-specific structure. The wide spread of mobile and embedded devices, able to connect to a network and share information, requires a careful look at the security risks taken by end users. In this context, the workshop will focus on contributions related to the security of mesh and machine-to-machine networks, secure software stacks running on ubiquitous network nodes, and algorithms used to provide secure end-to-end communication between nodes. 

PADG (Policy-based Autonomic Data Governance)
The proliferation of IoT devices has led to the production of large volumes of data that can be used to characterize and potentially optimize real world processes. At the same time, the influence of edge computing is leading to more distributed architectures incorporating more autonomous elements. The flow of information is critical in such environments, but the real time, distributed nature of the system components complicates the mechanisms for protecting and controlling access to data.

In distributed collections of autonomous devices, perimeter-based approaches to security are less effective. Security and privacy mechanisms must take a data-centric approach to make certain that data is protected as it travels within the system. This would include: data access governance, providing mechanisms to manage data access permissions and identify sensitive data; consent/data subject rights management, enforcing privacy over shared data and allowing organizations to search, identify, segment, and amend sensitive data as necessary; and, providing platforms that help operationalize privacy processes and practices.

One promising direction for the management of complex distributed environments is to make the major elements of the system self-describing and self-managing. This would lead to an architecture where policy mechanisms are tightly coupled with the system elements. In such integrated architectures, we need to create new models for information assurance, providing traceability of information and allowing better provenance on information flows.

In this workshop, we aim to focus primarily on policy based mechanisms for governance of data security and privacy. PADG 2018 will consider original and unpublished research articles that propose bold steps towards addressing the challenges of data security and privacy in multi-site, interconnected processing environments that include autonomous systems. We solicit high-quality original research papers and significant work-in-progress papers.

Topics of interest include but are not limited to:

  • Management of Data Security, Privacy and Trust in Autonomous Systems
  • Policy Mechanisms for Security of Collaborative Systems
  • Architectures for Secure Autonomic Computing and Cyber-infrastructures
  • Management of Data and Information Quality and Trustworthiness
  • Strategies and Algorithms for Security Impact Analysis
  • Autonomic Security Management
  • Security Analytics
  • Autonomic Generation and Evolution of Security Policies, including Access Control and Authentication Policies
  • Policy Models and Mechanisms for Safety, Security and Privacy of Cyber physical Systems

Important Deadlines:

June 27, 2018 June 20, 2018: Submission Deadline

July 15, 2018: Authors Notification

July 25, 2018: Camera-ready & Registration

September 3-7, 2018: Workshops

Paper Submission Instructions:

https://easychair.org/conferences/?conf=padg2018

Papers should be formatted according to the IEEE Computer Society Proceedings Manuscript Formatting Guidelines (see link in "formatting instructions" below). Regular papers should be at most 10 pages in this format, including the bibliography and well-marked appendices. The original settings of textwidth and textheight should be preserved.

The workshop will also accept short paper submissions of up to 6 pages in length. Short papers are for work that makes significant contributions, but that is still in progress, of smaller scale, or that can be reported briefly.

Formatting Instructions
8.5" x 11" (DOC, PDF)
LaTex Formatting Macros

Program Co-Chairs:

  • Seraphin B. Calo, IBM Research, Yorktown Heights, NY, USA
  • Elisa Bertino, Purdue University West Lafayette, IN, USA
  • Dinesh C. Verma, IBM Research, Yorktown Heights, NY, USA

Program Committee Members:

  • Tereza Carvalho, University of Sao Paulo, Brazil
  • Tiziana Catarci, University of Rome, Italy
  • Supriyo Chakraborty, IBM Research, Yorktown Heights, NY, USA
  • Xiaofeng Chen, Xidian University, China
  • Richard Chow, Intel, USA
  • Bruno Crispo, KU Leuven, Belgium
  • Frederic Cuppens, Telecom Bretagne, France
  • Geeth de Mel, IBM Hursley Labs, UK
  • Elena Ferrari, University of Insubria, Italy
  • Murat Sensoy, Ozyegin University, Istanbul, Turkey
  • Jorge Lobo, University Pompeu Fabra, Barcelona, Spain
  • Emil Lupu, Imperial College London, London SW7 2RH, UK
  • Surya Nepal, Data61, CSIRO, Australia
  • Alexander Pretschner, Technical University of Munich, Germany
  • Brian Rivera, Army Research Labs, Adelphi, MD, USA
  • Giovanni Russello, University of Auckland, New Zealand
  • Vladimiro Sassone, University of Southampton, UK
  • Munindar Singh, North Carolina State University, Raleigh, NC, USA
  • Christopher Williams, UK Dstl, Porton Down, Wiltshire SP4 0JQ, UK

Keynote Speaker

Florian Kerschbaum
University of Waterloo
200 University Ave W Waterloo, ON N2L 3G1 Canada

Title:  On Policies, Authentication and Privacy in Large Networks of Cyber-Physical Objects

Abstract
Supply chains are one of the largest connected network of things.  While not yet fully autonomous, they require very domain-specific policies and security mechanisms.  In this talk I will present the concept of supply chain visibility policies that prevent unwanted inferences between supply participants.  Then I will show an authentication mechanism that enables enforcing supply chain visibility policies.  This authentication mechanism makes use of a number of cryptographic techniques and simple RFID tags or other rewriteable media.  In combination, this framework of technologies enables managing data exchange within supply chains that satisfies both -- a protection against harmful inferences as well as the benefit of tracking items through the supply chain which is the prerequisite for applications such as supply time prediction and product authentication.  To conclude the talk, I will present a novel privacy concept that allows partial data collection for verification purposes, but at the same time prevents mass surveillance.  I will instantiate this concept for toll collection of vehicles.  In current toll collection systems, vehicles are surveyed at every possible location resulting in potential or even actual mass surveillance.  However, for successful prevention of fraud it is only necessary to collect the location of vehicles at a few locations.  However, to prevent the vehicles owners from cheating they must not be aware which of their locations have been collected.  We can achieve this using a relatively simple cryptographic protocol.

Bio
Florian is an associate professor in the David R. Cheriton School of Computer Science at the University of Waterloo, a member of the CrySP group, a member of the CACR and executive director of the Waterloo Cybersecurity and Privacy Institute. Before he worked as chief research expert at SAP in Karlsruhe and as a software architect at Arxan Technologies in San Francisco. He holds a Ph.D. in computer science from the Karlsruhe Institute of Technology and a master's degree from Purdue University. He is interested in data security, privacy, search over and computation on encrypted data in machine learning, IoT and blockchains. He is the recipient of a NSERC Discovery Accelerator and NSERC/DND Supplement. His work has been applied in the real world to databases, supply chain management and RFID tracking.

 

Technical Program

PADG + SIoT

2nd International Workshop on Policy-based Autonomic Data Governance (PADG)

Workshop Chairs: Seraphin Calo, Elisa Bertino, Dinesh Verma

Secure Internet of Things (SIoT)

Workshop Chairs: Mihai Chiroiu, Samuel Marchal, Costas Patsakis

Time

Title

Presenter/Author

  8:45am –  9:00am

Opening Remarks

Elisa Bertino, Mihai Chiroiu

 

                        Session I

9:00am –  9:30am

Self-Generating Policies for Machine Learning in Coalition Environments

Seraphin Calo

9:30am –  10:00am

AGENP: An ASGrammar-based GENerative Policy Framework

Alessandra Russo

10:00am – 10:30am

Value of Information: Quantification and Application to Coalition Machine Learning

Geeth de Mel

10:30am – 11:00am

Can N-version Decision-Making Prevent the Rebirth of HAL 9000 in Military Camo?

Elisa Bertino

11:00am –  11:15am

Coffee Break

 

                        Session II

11:15am –  11:40am

Simulating user activity for assessing effect of sampling on DB activity monitoring anomaly detection

Hagit Grushka

11:40am –  12:05pm

FADa-CPS — Faults and Attacks Discrimination in Cyber Physical Systems

Leonardo Querzoni

12:05pm –  12:30pm

Towards Enabling Trusted Artificial Intelligence via Blockchain

Donna Dillenberger

12:55pm –  2:00pm

Lunch Break

 

                        Keynote Speaker

2:00pm –  3:00pm

On Policies, Authentication and Privacy in Large Networks of Cyber-Physical Objects

Florian Kerschbaum

 

                                    Session III

3:00pm – 3:30pm

Optimal Deployments of Defense Mechanisms for the Internet of Things

 

3:30pm –  3:45pm

Coffee Break

3:45pm –  4:15pm

Guidelines for the Choice of a Wireless Secure Positioning and Communication System,

 

4:15pm –  4:45pm

Practical Attestation for Highly Dynamic Swarm Topologies

 

4:45pm –  5:15pm

Source-side DDoS detection on IoT-enabled 5G environments

 

5:15pm –  5:30pm

Closing Remarks