Security through Collaboration

In addition to the ACM SAC TRECK track, the trustcomp community has organized 3 editions of the IEEE SECURECOMM SECOVAL workshop from 2005 to 2007. SECOVAL meant the value of security through collaboration and the outcomes of the 3 workshops have been summarized in this book:  

Seigneur, Jean-marc (Editor)/ Slagell, Adam (Editor)
Edité par Information Science Reference, 2009
ISBN 10: 1605664146 / ISBN 13: 9781605664149
security through collaboration, collaborative security

Aims and scope of SECOVAL:

Security is usually centrally managed, for example in a form of policies duly executed by individual nodes. The SECOVAL workshop covers the alternative trend of using collaboration and trust to provide security. Instead of centrally managed security policies, nodes may use specific knowledge (both local and acquired from other nodes) to make security-related decisions. For example, in reputation-based schemes, the reputation of a given node (and hence its security access rights) can be determined based on the recommendations of peer nodes. As systems are being deployed on ever-greater scale without direct connection to their distant home base, the need for selfmanagement is rapidly increasing. Interaction after interaction, as the nodes collaborate, there is the emergence of a digital ecosystem. By guiding the local decisions of the nodes, for example, with whom the nodes collaborate, global properties of the ecosystem where the nodes operate may be guaranteed. Thus, the security property of the ecosystem may be driven by self-organizing mechanisms. Depending on which local collaboration is preferred, a more trustworthy ecosystem may emerge.

Any useful collaboration is at some point sharing data.Unfortunately, data sharing is one of the greatest hurdles getting in the way of otherwise beneficial collaborations. Data regarding one’s security stance is particularly sensitive, often indicating ones own security weaknesses. This data could include computer or network logs of security incidents, architecture documents, or sensitive organizational information. Even when the data may not compromise the data owner’s security stance, sharing may violate a customer’s privacy. Data sanitization techniques such as anonymization and other mechanisms such as privacy-preserving data mining and statistical data mining try to address this tension between the need to share information and protect sensitive information and user privacy.
While papers will be considered that address any of the topics of security through collaboration from previous years (e.g., benefits from collaboration, methods of creating or measuring trust, self-organizing coalitions and risk analysis), the focus of the workshop will be around privacy and data sanitization. This topic is further divided into three main areas, each answering the related research questions. Contributions addressing at least one of these areas are more likely to be accepted.
What are the fundamental issues that need to be addressed in the areas of data sanitization and anonymization? What problems must be solved to make current tools more effective and sharing more wide-spread? One thing fundamentally missing from this area are metrics to help evaluate the trade-off between information loss and security/privacy. Metrics are needed to measure information loss, and they are needed to measure the utility of the computer log or data source after anonymization. A classification of the types of attacks on anonymization schemes and a formal adversarial model is lacking. Such a threat model would help to develop metrics of the security provided by an anonymization scheme. Are there other basic anonymization algorithms needed for special types of data? One of the last new algorithms developed was prefix-preserving anonymization for IP addresses. Sometimes anonymization needs to be reversed once a problem has been found. How can this be done and when is it practical? Finally, data injection attacks (e.g., an adversary can inject events into a system knowing they will appear in a later public release of anonymized data) are particularly to difficult to protect against. What methods can be used to mitigate such attacks on anonymization systems.

What are the practical problems that have yet to be addressed by current anonymization systems? What new tools and frameworks exist for the task? What are the economic implications of data sanitization and preserving privacy? What are the legal issues involved in protecting privacy, and how do they differ by geo-political areas? How can anonymization utilities be made more usable by a wider audience, and who are the potential consumers? Interesting case studies of implementations of anonymization and privacy enhancing technologies will be considered. Of particular interest are case studies by industry of how they have addressed these hurdles to data sharing. How can effective policies be created and negotiated? Do we need a common anonymization policy language, and what would we need in such a language? How can we identify sensitive information especially in the context of multiple data sources? What are some best practice guidelines that one can follow before releasing or sharing sensitive data? Finally special issues surrounding real-time anonymization and anonymity in Peer-to-Peer systems is of interest.

What privacy and data sanitization issues are specific to data bases and data mining? This would include traditional topics on privacy-preserving data mining and statistical databases. It would also include topics on inference attacks and data aggregation. Much of the research in this area has focused on privacy preserving transformations that would minimally alter traditional data mining functions (e.g., link analysis and clustering). Submissions focusing on less traditional data mining functions are especially encouraged. Another problem with anonymization is data mining across sets anonymized by different parties in different ways. New methods should be created for collaborative anonymization that makes mappings consistent between contributing parties but irreversible to all.

Topics of interest to the workshop include, but are not limited to:
Legal aspects of privacy and anonymization
Economic issues of privacy enhancing tech
Data sanitizing and privacy enhancing tools
Data sharing and anonymization case studies
Real-time anonymization issues
Anonymization policy creation & negotiation
Data sharing & sanitizing best practices
Anonymity in Peer-to-Peer networks
Classification of attacks against anonymization
Metrics of utility, anonymization strength and information loss
Anonymization / privacy-preserving algorithms
Data injection and inference attacks
Identification of sensitive fields and data
Privacy-preserving Data Mining
Statistical databases and protection of sensitive information
Data mining multiple anonymized data sources
Consistent pseudonym mappings in multi-party anonymization
Identification of data sources and types useful to share for collaborative computer security
Insights from industry and case studies
Usability issues of current anonymization tools

Workshop Co-chairs:
Adam Slagell, NCSA, University of Illinois at Urbana-Champaign, USA.
Jean-Marc Seigneur, University of Geneva, Switzerland.
Stephen Marsh, National Research Council of Canada.
Kiran Lakkaraju, NCSA, University of Illinois at Urbana-Champaign, USA.

Program Committee:
Piotr Cofta, British Telecom, UK.
Ayman Kayssi, University of Beirut, Lebanon.
Pierpaolo Dondio, Trinity College Dublin, Ireland.
Bill Yurcik, Army Research Lab at Aberdeen Proving Grounds, USA.
Daniele Quercia, University College London, UK.
Karl Quinn, Ericsson R&D, Ireland.
Christian Jensen, Technical University of Denmark.
Ronald Dodge, United States Military Academy, USA.
Giannis F. Marias, University of Athens, Greece.
Dieter Sommer, IBM Research, Switzerland.
Himanshu Khurana, NCSA, University of Illinois at Urbana-Champaign, USA.
Pierangela Samarati,  Università degli Studi di Milano, Italy.
Jim Basney, NCSA, University of Illinois at Urbana-Champaign, USA.
Joerg Abendroth, Nokia Siemens Networks, Germany.
Kiran Lakkaraju, NCSA, University of Illinois at Urbana-Champaign, USA.
Konrad Wrona, SAP Research, France.
Lalana Kagal, Massachusetts Institute of Technology, USA.
Licia Capra, University College London, UK.
Michael Kinateder, SAP, Germany.
Nikita Borisov, University of Illinois at Urbana-Champaign, USA.
Noria Foukia, University of Otago, New Zealand.
Richard Anthony, University of Greenwich, UK.
Simson Garfinkel, Naval Post Graduate School, USA.
Sini Ruohomaa, University of Helsinki, Finland.
Victor S. Grishchenko, Ural State University, Russia.
Zoran Despotovic, DoCoMo Communications Laboratories Europe, Germany.

  • Presentations

Long Presentations (20mn followed by 10mn questions)

Tailored Trustworthiness Estimations in Peer-to-Peer Networks, Katri Ylitalo, Helsinki Institute for Information Technology, and Silke Holtmanns, Nokia Research Center, Finland.

Privacy Preserving Ubiquitous Service Provisioning Based on Bayesian Network Conversion, Hiroyuki Kasai, Wataru Uchida and Shoji Kurakake, NTT DoCoMo, Japan.

Reasoning about Trust Groups to Coordinate Mobile Ad Hoc Systems, Licia Capra, University College London, UK.

Performance Evaluation of a Self-evolving Trust Building Framework, G. F. Marias, V. Tsetsos, O. Sekkas, and P. Georgiadis, University of Athens, Greece.

A Comprehensive Reputation-based Trust Model for Distributed Systems, Ayman Tajeddine, Ayman Kayssi, Ali Chehab and Hassan Artail, American University of Beirut, Lebanon.

Establishing Agreements in Dynamic Virtual Organizations, Tatyana Ryutov, Clifford Neuman, Li Zhou and Noria Foukia, University of Southern California, USA.

Risk Aware Decision Framework for Trusted Mobile Interactions, Daniele Quercia and Stephen Hailes, University College London, UK.

Short Presentations (15mn followed by 5mn questions)

Sharing Computer Network Logs for Security and Privacy: A Motivation for New Methodologies of Anonymization, Adam Slagell and William Yurcik, NCSA, University of Illinois at Urbana-Champaign, USA.

A Context-Aware Trust-based Security System for Ad Hoc Networks, Maria Moloney and Stefan Weber, Trinity College Dublin, Ireland.

Social Approaches to Trust Building in Web Technologies, Filippo Ulivieri, Istituto di Scienze e Tecnologie della Cognizione, Italy.

Computational Complexity of One Reputation Metric, Victor S. Grishchenko, Ural State University, Russia.

Towards Evidence-based Trust Brokering, Dong Huang, University of Karlsruhe, Germany, and Shane Bracher, Bond University, Australia.

Dynamic Security Teams - Towards Ubiquitous Cooperative Security, Philip Robinson, University of Karlsruhe, Germany.

Privacy in Distributed Reputation Management, Katri Ylitalo and Yki Kortesniemi, Helsinki Institute for Information Technology, Finland.

  • Demonstrations

Demonstration of Security through Collaboration in the Digital Business Ecosystem, J.-M. Seigneur, Trinity College Dublin, Ireland.

New Tools to Anonymize and Share Computer Network Logs, Adam Slagell and William Yurcik, NCSA, University of Illinois at Urbana-Champaign, USA.

  • Date: Friday September 1st, 2006 at Baltimore, MD, USA

9:00 Welcome (by Brajendra Panda, University of Arkansas, USA)

9:15 Keynote: Past work on computational trust and future trends 
presented by Jennifer Golbeck, University of Maryland, USA

10:00 Coffee Break

10:15 Session: Computational Trust Management 

Paper: A History-Based Framework to Build Trust Management Systems 
Authors: Samuel Galice; Véronique Legrand; Marine Minier; John Mullins; Stéphane Ubéda;
presented by Samuel Galice, INRIA, France

Paper: A Unified Framework for Trust Management 
Authors: Weiliang Zhao; Vijay Varadharajan; George Bryan; 
presented by Weiliang Zhao, University of Western Sydney, Australia

Paper: SDV: A new approach to Secure Distance Vector routing protocols 
Authors: Babakhouya abdelaziz; Yacine Challal; Gharout Said; Bouabdallah Abdelmadjid; 
presented by Yacine Challal, UTC, France

Paper: An Infrastructure for Gaining Trust in Context Information 
Authors: Sven Lachmund; Laurent Bussard; Eddy Olk; Frank Fransen; 
presented by Sven Lachmund, DoCoMo Euro-Labs GmbH, Germany

12:15 Lunch Break

13:00 Session: Information Sharing 

Paper: Communal Governed Transaction Among Decentralized Agents 
Authors: Avinanta Tarigan; 
presented by Avinanta Tarigan, Universität Bielefeld, Germany

Paper: Towards Cooperative Self-Protecting Mobile Devices using Trustful Relationships 
Authors: Stephan Groß; 
presented by Stephan Groß, Technische Universität Dresden, Germany 

Paper: Outsourcing Security Analysis with Anonymized Logs 
Authors: Nikita Borisov; Jianqing Zhang; William Yurcik; 
presented by Nikita Borisov, University of Illinois at Urbana-Champaign, USA 

14:30 Coffee Break 

15:00 Session: Online Reputation 

Paper: Reputation-Based Algorithm for Managing Trust in Gnutella Network 
Authors: Ali Chehab; Ayman Kayssi; Lara Srour; 
presented by Ayman Kayssi, University of Beirut, Lebanon

Paper: Reputation-based Trust-Aware Recommender System 
Authors: Sukumal Kitisin; Clifford Neuman; 
presented by Clifford Neuman, University of Southern California, USA

Paper: A Customizable Reputation-based Privacy Assurance System using Active Feedback 
Authors: Stephen Crane; Marco Casassa Mont;
presented by Stephen Crane, Hewlett-Packard, United Kingdom

16:30 Panel: Wrap-up 
Discussions among workshop attendees