Congress_09_top
 
Call for Papers
Important Dates
Organizers & Contacts
Privacy Theme
Security Theme
Trust Theme
eHealth Theme
HCI Theme
eInnovation Theme
eGovernment Theme
Graduate Symposium
Workshops & Tutorials
Registration
Accommodations
Partnership / Sponsorship
Online Submission
Industry Day
Program
Author Instructions
CIPS CIO Panel





mcmaster university


degroote

cips logo


TELUS_logo

Microsoft logo


FAIT logo


SRI logo

CISCO logo

Technical Co-Sponsor:

IEEE

Media Sponsor:

Telegraph Journal

 

 

2009 World Congress on Privacy, Security, Trust and the Management of e-Business

9th annual World Congress on the Management of e-Business
7th annual Privacy, Security and Trust conference
August 25-27, 2009
Workshops and Tutorials: August 25, 2009

 

Workshops and Tutorials

Session #1: Introduction to Intrusion Detection
Session #2: Interactive Privacy: Utilizing Assessments to Support Effective Decision-Making
Session #3: Towards an Open Source Vulnerability Assessment Framework

Session #1: Introduction to Intrusion Detection

Overview
The information technology (IT) has long become an internal part of our modern society.
It is integrated in the infrastructure, vehicles, home appliances, daily communication etc.
Although we are dependent on it at home and at workplace, we rarely realize what challenges the rapid IT development brings to the information security and what opportunities it opens for the attackers. The rapid increase of the number, sophistication and impact of computer attacks makes the computer systems unpredictable and unreliable, emphasizing the importance of timely intrusion detection. This tutorial will introduce the notion of intrusion detection and cover the essentials of intrusion detection process. The tutorial will explain what intrusion detection means in practice and how it differs from other widely used defense tools: firewalls, antivirus, antispam software. It will outline the existing products and explain how they can be used to protect you. The tutorial will demonstrate the intrusion detection process on the example of Snort IDS

Goals
– To introduce the main concepts of intrusion detection field
– To characterize the key issues related to intrusion detection process
– To demonstrate the intrusion detection process on the example of Snort IDS

Intended audience
The tutorial is targeted toward general audience interested in intrusion detection. Audience is generally not required to have any background in intrusion detection; however, it is expected to be familiar with the basic terms used in computer security.

Outline
1. What is intrusion?
a. Brief overview of network attacks, data driven attacks on applications, host based attacks such as privilege escalation, unauthorized logins and access to sensitive files, and malware.
2. What is intrusion detection?
a. What is the intrusion detection?
b. What intrusion detection can and cannot do
c. IDS vs. Firewall & Antivirus software
3. Intrusion detection types
a. Characteristics of host-based and network–based detection.
b. Characteristics of anomaly and signature-based detection.
c. How to decide which type is right for you
4. Intrusion detection tools
a. Overview of free & commercial intrusion detection tools
b. Snort IDS:
i. Overview
ii. How Snort detects: rules
iii. What Snort detects: alerts
5. Future of IDS

Facilitators
Natalia Stakhanova is a Postdoctoral Fellow at the Information Security Center of Excellence (www.ISCX.ca), Faculty of Computer Science, University of New Brunswick. She received her Ph.D. degree in Computer Science from Iowa State University, USA. She has extensive research experience in intrusion detection and general information security field. Natalia has published 10 journal and conference papers and has been the recipient of the “Nokia Best Student Paper Award” at The IEEE International Conference on Advanced Information Networking and Applications (AINA) in 2007. She has pending patent for a system and method for simulating network attacks.

Hanli REN is a M.S. candidate at the Information Security Center of Excellence (www.ISCX.ca), Faculty of Computer Science, University of New Brunswick. She received her B.Sc. degree in Electronic Engineering from Shanghai Jiaotong University. She worked with Alcatel Shanghai Bell Co., Ltd as a Software Engineer. Her current research focuses on Alert correlation and Simulation of Network Attacks.

Ali A. Ghorbani received his PhD (1995) and Masters (1979) from the University of New Brunswick and the George Washington University, Washington D.C., USA, respectively. Currently, he is a Professor and Dean, Faculty of Computer Science, University of New Brunswick, Fredericton, Canada. He is also Director of Information Security Centre of Excellence (http://www.iscx.ca) and the lead researcher in the Privacy Security and Trust (PST) Network. Dr. Ghorbani’s research originated in software development, where he designed and developed a number of large-scale systems. His current research focus is Web Intelligence, Information and Network Security and Critical Infrastructures protection. He has published over 220 journals, refereed conference papers, posters and technical reports, and has edited 8 volumes in the area of Computer Science. He has also supervised more than 120 research associates, postdoctoral fellows, and undergraduate and graduate students. Together with two other researchers, he received a CFI (Canada Foundation for Innovation) grant to establish a research laboratory (LIDS Lab for the Investigation of Discrete Structures). He is the project leader and principal investigator for two Atlantic Innovation Fund projects, “Adaptive Websites” and “Fuzzy Adaptive Survivability Tools for Intrusion Detection (FAST ID)”, valued at 1.05 million and 2.2 million, respectively. In 2003, he received the university’s merit award for outstanding contributions to the University of New Brunswick. With over 28 years of experience in academia and more than 10 years experience in high- tech development at major industrial corporations, including experience in R & D supervision, he brings strong technological visionary skills and team leadership to the Intelligent and Adaptive Systems (IAS) and Network and Information Security (NIS) research groups that he established in 2002 and 2004, respectively. The IAS and NIS groups (http://ias.cs.unb.ca; http://nsl.cs.unb.ca) pursue research on machine and statistical learning, data mining, intelligent agents and multi-agent systems, Web intelligence, trust and network security. Dr. Ghorbani has organized and chaired 11 national and international conferences and workshops. He is the Co-Editor-in-Chief of Computational Intelligence, an international journal, and the Associate Editor of the International Journal of Information Technology and Web Engineering and the ISC Journal of Information Security.

 

Session #2: Interactive Privacy: Utilizing Assessments to Support Effective Decision-Making

Overview
The workshop is based on the use of privacy impact assessments to explore the concepts associated with the operationalization of privacy such as privacy design requirement, and supporting mechanisms for decision-making in privacy such as privacy risk management. 

Goals

  1. Interactive discussion of the approaches, methods and concepts about informational privacy between the researcher and the practitioners
  2. Offer participants an opportunity to learn about privacy and their organizations legislative obligations in providing services (public and private sectors), and offer those that have knowledge an opportunity to further develop their skill sets
  3. Help participants understand how to use assessments to gauge the impact decisions make on the privacy of data subjects

Intended Audience
This workshop is targeted to decision-makers of public and private sector organizations that rely on input from subject matter experts in privacy, security and trust to make decisions that specifically impact the privacy practices of their organizations.
 
More generally, those involved with industries that are regulated by privacy legislation, e.g. ehealth and egovernment practices, would benefit from attending.

 

Outline
Introduction to Privacy, Legislation, Assessment Process
Review / Introduction of Decision Making Tools
Case Study 1 – group discussion
Presentation of Results, Lessons Learned (interactive)
Break
Case Study 2 – breakout sessions
Presentation of Results, Lessons Learned (interactive)
Break
Summary (interactive)

 

Facilitator
Tracy Ann Kosa, PIA Specialist
Office of the Chief Information and Privacy Officer
Ministry of Government Services, Government of Ontari

Session #3: Towards an Open Source Vulnerability Assessment Framework

Overview
Vulnerability assessment is widely used to identify, quantify, and prioritize the security vulnerabilities in a network, system, or application. There is a wide spectrum of commercial resources available to assess and manage vulnerabilities. In addition there are significant open source and government resources relevant for vulnerability assessments including standards, methodologies, numerous tools and databases that list known vulnerabilities.

We survey the available resources, and discuss potential benefits of creating a full open source framework for vulnerability assessment. We also discuss some of the challenges that need to be addressed in order to create it. The current state of the art as supported by open source resources is evaluated against a standard vulnerability assessment process from logistics and scanning, to vulnerability assessment and reporting, and finally to penetration testing and resolution. Of particular concern is the ability to monitor and update vulnerability assessment as networks, systems, and applications evolve and new vulnerabilities are catalogued.

Goals
1. Share Results of Student-led Initiative -Vulnerability Assessment: What is it?
-Open Source Resources
-Issues and Challenges
-Our Vision for a Common Framework
2. Use a case study example to illustrate the Open Source Security Testing Methodology from the Institute for Security and Open Methodologies
(ISECOM) http://www.isecom.org/osstmm/
3.  Solicit feedback and community involvement in our initiative

Intended audience
Beginners who want an introduction to vulnerability assessment. Stakeholders interested in an Open Source Framework for Vulnerability Assessment.

Outline
45 minutes: intro, background, tools, resources, issues
45 - 60 minutes: case study example
45 - 75 minutes: Proposed Framework, Feedback and discussion

Facilitator
Liam Peyton, Ph.D., P.Eng., is a principal investigator for the Intelligent Data Warehouse laboratory and Associate Professor at the University of Ottawa which he joined in 2002 after spending 10 years as an industry consultant and instructor specializing in business process automation, performance management, and software development methodologies. His current research activities are focused on data integration frameworks to support continuous monitoring, compliance, performance management, and quality assurance.  He has degrees from Aalborg Universitet (Ph.D. 1996),Stanford University (M.Sc. 1989), and McGill University (B.Sc. 1984).

 

Call for Workshop and Tutorial Proposals

Operating jointly as the 2009 World Congress on Privacy, Security, Trust and the Management of e-Business, the annual World Congress on the Management of e-Business conference organized by McMaster University’s eBusiness Research Centre (MeRC) and the annual Privacy, Security and Trust conference (PST) organized by the University of New Brunswick (UNB) in cooperation with the National Research Council of Canada Institute for Information Technology (NRC-IIT) will host a joint conference August 25-27, 2009, in Saint John, New Brunswick, Canada.

Proposals are solicited for workshops or tutorial sessions to be held on August 25th, 2009 on topics related to the major themes of the conference: privacy, security, trust, eHealth, Human-Computer Interaction, eInnovation or eGovernment.  Detailed descriptions of each theme can be found linked from the congress website at http://www.unb.ca/pstnet/congress2009/

Tutorial/workshops attendance is included in the general conference registration, so proposals should be targeted for a general audience.  The preferred format is a half day session for the morning or afternoon.

Workshops are intended is to provide a platform for presenting ideas in a less formal and possibly more focused way than the conference itself. They should allow members of the community to interact and discuss approaches, methods, and concepts about specific topics.  They should offer a good opportunity for researchers to present their initial work and to obtain feedback from an interested community. Workshop organizers are responsible for establishing a program committee, collecting and evaluating submissions, notifying authors of acceptance or rejection in due time, and ensuring a transparent and fair selection process, organizing selected papers into sessions, and assigning session chairs. 

Tutorials should provide participants with information and instruction on well-established or new cutting-edge topics or tools (including technology demonstrations), relevant to the conference themes.  Introductory to advanced tutorial sessions are welcome.  They are intended to offer participants an opportunity to learn about new research or applications, to get an introduction to important established topics or tools, or to develop higher skill levels in areas in which they are already knowledgeable.

Any persons interested in developing a workshop or tutorial are invited to contact the workshop/tutorial chairs to discuss their proposal.

Workshop Proposal Format
Workshop title; Primary organizers, their affiliation, and contact details; Committee members with their affiliation; Proposed duration; A statement of goals for the workshop; Workshop theme; Likely participants.
 
Tutorial Proposal Format
A brief description of the instructor(s) indicating the relevant qualifications and teaching experience; Title and expected goals, objectives and motivation of the tutorial; Tutorial level: Introductory, Intermediate or Advanced; Intended audience; Detailed outline of the presentation.
 
Important Dates for Workshops/Tutorials
April 1, 2009: Workshop/Tutorial proposal submission due.
April 15, 2009: Feedback provided to the workshop/tutorial proposals. 
July 1, 2009: Final manuscript, author and tutorial attendee pre-registration due. 
August 25, 2009: Workshops and Tutorials 
 
Contact Information
Scott Buffett, National Research Council, Canada 
Scott.Buffett at nrc-cnrc.gc.ca

Edward Brown,  Memorial University, Canada
brown at mun.ca

 
Call for Papers | Important Dates | Organizers & Contacts | Privacy Theme | Security Theme | Trust Theme | eHealth Theme | HCI Theme | eInnovation Theme | eGovernment Theme | Graduate Symposium | Workshops & Tutorials | Registration | Accommodations | Partnership / Sponsorship | Online Submission | Industry Day | Program | Author Instructions| CIPS CIO Panel |Home
Copyright © 2004 - 2009 "PSTnet.ca". All Rights Reserved.
last revised August 20, 2009