PST 2005 Program

Program

Keynote Speakers
Privacy: Dr. John J. Borking is director of Borking Consultancy (Wassenaar) and associate board member of the Dutch Data Protection Authority (CBP) in The Hague, Netherlands ( www.cbpweb.nl). He is participating in projects doing research on privacy and identity management (PRIME), privacy ontologies and information architectures in relation to privacy law, radio frequency identification (RFID) and privacy in the ambient world. He is arbitrator / mediator and board member of the Dutch Foundation for Alternative Dispute Resolution for ICT (SGOA) ( www.sgoa.org). He is also a board member of the Netherlands Gaming Control Board. He has been vice president and privacy commissioner of the Dutch Data Protection Authority, general manager of COSSO, the Dutch Trade Association for Information & Communication Technology Providers, supervisory board member of Børsen Netherlands B.V., and senior legal counsel and company secretary for Xerox Corp. in The Netherlands and UK.		Dr. John J. Borking is director of Borking Consultancy (Wassenaar) and associate board member of the Dutch Data Protection Authority (CBP) in The Hague, Netherlands ( www.cbpweb.nl)

Security : John McHugh is a professor and Canada Research Chair in Privacy and Security at Dalhousie University in Halifax, NS where he also directs the Privacy and Security Laboratory. Before joining the faculty at Dalhousie, he was a senior member of the technical staff at the CERT Coordination Center, part of the Software Engineering Institute at Carnegie Mellon University where he did research in survivability, network security, and intrusion detection. He was also affiliated with CyLab and the Center for Wireless and Broadband Research, both part of the Department of Electrical and Computer Engineering at CMU. Prior to joining CERT, Dr. McHugh was a professor and chairman of the Computer Science Department at Portland State University in Portland, Oregon where he held a Tektronix Professorship. He has been a member of the research faculty at the University of North Carolina and has taught at UNC and at Duke University. For a number of years, Dr. McHugh was a Vice President of Computational Logic, Inc., a contract research company formed to further the application of formal methods of software design and analysis in support of security and safety critical systems. While at CLI, he developed tools for the analysis of covert channels in multilevel secure systems and worked on the problems associated with the efficient implementation of formally specified systems. He has also worked for the Research Triangle Institute, the Naval Research Laboratory, the National Oceanic and Atmospheric Administration, the University of Minnesota, and the U.S. Patent Office. Dr. McHugh received his PhD degree in computer science from the University of Texas at Austin. He has a MS degree in computer science from the University of Maryland, and a BS degree in physics from Duke University. He is the author of numerous technical papers and reports. He has served as the chair of the IEEE Computer Society's Technical Committee on Security and Privacy and is a member of the advisory board for the International Journal of Information Security. He serves on the program or advisory committees of many of the major conferences and workshops in the computer security field.

Trust: Audun Jøsang is Associate Professor of Security and Trust Management at Queensland University of Technology (QUT) in Brisbane, Australia. Before joining QUT, he was the research leader for IT security at the Distributed Systems Technology Centre (DSTC) in Brisbane, worked in the telecommunications industry for Alcatel in Belgium and for Telenor in Norway, and was Associate Professor at the Norwegian University of Science and Technology (NTNU). He has a BSc in Telematics from NTH, a MSc in Information Security from Royal Holloway College at the University of London, and a PhD from NTNU in Norway. The main focus of Prof. Jøsang’s research is trust management for open computer networks. This includes investigating the factors that influence people's trust in web sites and online services, as well as developing trust and reputation systems to assist users and organisations to make trust assessments about remote parties on the Internet. Prof. Jøsang is well known for his work on trust engines based on subjective logic, and is also working on new solutions for network security and identity management that include trust reasoning.		Audun Jøsang is Associate Professor of Security and Trust Management at Queensland University of Technology (QUT) in Brisbane, Australia.

Public Sector: Michael Binder is the Assistant Deputy Minister, Spectrum, Information Technologies and Telecommunications, Industry Canada Throughout his extensive career in the federal public service, Michael Binder has held many senior positions in several departments and agencies, including Assistant Deputy Minister positions within Industry Canada and its predecessor over the past 20 years. As the Assistant Deputy Minister of the Spectrum, Information Technologies and Telecommunications Sector, Mr. Binder has been a driving force towards the development of a world-class communications and information infrastructure in Canada. His many responsibilities include the allocation of spectrum, licensing of the wireless industries, the promotion of the growth and international competitiveness of the information and communication technologies industry, as well as connecting Canadians to broadband. He also serves on a number of related government and industry boards and committees in such key areas as communications research and development, photonics, and e-commerce. He is the chair of a national government-industry task force on SPAM. Mr. Binder holds a Ph.D. in Physics from the University of Alberta.		Michael Binder is the Assistant Deputy Minister, Spectrum, Information Technologies and Telecommunications, Industry Canada

Brian O’Higgins Chief Technology Officer, Third Brigade Inc. Mr. O’Higgins is seasoned professional in the security industry, and is best known for his role in introducing PKI (Public Key Infrastructure) technology and products to the security landscape. He is also a recognized speaker on IT and Internet security. Prior to joining Third Brigade as a member of the founding executive team, Mr. O'Higgins was the co-Founder and Chief Technology Officer of Entrust, a leading Internet Security company. While at Entrust he had overall responsibility for the technology vision and direction for the company. He was previously with Nortel where he established the Secure Networks group in 1993, and was instrumental in spinning-out this group as an independent company, Entrust. Prior to this, Mr. O’Higgins was with Bell-Northern Research (BNR) where he was involved in a variety of technology development programs including public key security systems, technology for new telephone products, in-building wireless communications systems and high-performance computing architectures for digital telephone switches. Mr. O’Higgins’ current list of affiliations includes advisory board positions with Defence R&D Canada, Information Technology Association of Canada, Communications and Information Technology Ontario, Algonquin College , and the Armed Forces Communications and Electronics Association. In addition, he currently serves on the boards of Recognia and Fischer International.		Brian O’Higgins is the Chief Technology Officer, Third Brigade Inc.

Michael Nowacki, Certified Information Systems Security Professional (CISSP) Senior Security Technology Specialist, Microsoft Canada

Robin T. Wakefield, Senior Security Architect, Chief Technology Office, Sun Microsystems Inc. Robin has worked professionally with computational security and privacy technologies for over 25 years. Current subject matter expertise includes network, platform and application security and supporting processes. His extensive field experience now contributes to research and public policy for the International Centre of Urban Research Studies and the British Columbia government. He lectures on a wide range of security and privacy topics. Robin initiated Sun's Extreme Enterprise Security directives scheduled to be released in the first quarter of 2006. Topographical expertise is focused on security architectures, infrastructure and processes that effect regulatory and legislative compliance for Sun's customers globally. obin develops intellectual property for Sun through the research and development of analytics and informatics - the interpretation of high risk data into information. This draws on his experience, skills and access to a rich knowledge base with Sun, Hewlett Packard, IBM, Linux, Windows and Cisco products, hundreds of point solutions and academic and scientific data.

Conference Workshop: Michael Power, a partner in the Ottawa office of Gowling Lafleur Henderson LLP, provides strategic and legal advice to public and private sector clients in the areas of privacy, information technology security, anti-money laundering and electronic government. Mr. Power also serves as Gowlings’ Chief Privacy Officer. He currently is Secretary of the National Executive of the Privacy Law Section of the Canadian Bar Association and Co-Chair of the Privacy, Security and Data Management Sub-Committee of the American Bar Association’s Cyberspace Law Committee. Michael Power received his LL.B and M.B.A. from Dalhousie University in 1983. He was admitted to the Nova Scotia Barristers Society in 1984 and the Law Society of Upper Canada in 1991. Prior to joining Gowlings, Mr. Power held various positions within the Department of Justice, Treasury Board of Canada Secretariat and the Department of Foreign Affairs and International Trade, which included responsibilities for legal advice, policy development and issue management pertaining to information technology, electronic commerce and international trade and investment issues. Michael Power recently collaborated in writing “Sailing in Dangerous Waters: A Director’s Guide to Data Governance” , a book published by the American Bar Association in August 2005.		Michael Power, a partner in the Ottawa office of Gowling Lafleur Henderson LLP

Steve Katz is often said to be the world's first Chief Information Security Officer (CISO) with over a quarter-century of information security experience. Mr. Katz's background includes six years directing Citigroup's global Corporate Information Security office and a stint with Merrill Lynch as their chief information security and privacy officer. The New York native has testified before the United States Congress on numerous security issues and in 1998, was appointed financial Services Sector Coordinator for Critical Infrastructure Protection by the Secretary of the Treasury. He was also the first chairman for the U.S. based Financial Services Information Sharing and Analysis Centre and remains a member of that board. Steve is the founder and president of Security Risk Solutions, an information security company providing consulting advisory services to major, mid-size, startup and venture capital companies. He is also currently a security advisor with VE Networks.		Steve Katz is often said to be the world's first Chief Information Security Officer (CISO) with over a quarter-century of information security experience.

Conference Proceedings (full-text)

Wednesday October 12

TIME	EVENT	LOCATION

8:00 AM - 05:00 PM	Registration	Lobby

8:30 - 12:00 Noon	Conference Workshop: “Surveillance, Honey Pots and War Driving: A Look at the Privacy Implications of Network Administration” Workshop Coordinator is Steven Johnston, CISSP (Senior Strategic Research and Policy Analyst, Office of the Privacy Commissioner for Canada) This workshop will examine selected aspects of system security and administration including lawful access obligations (David A Townsend UNB-Law & NRC-IIT, Waiting for the “Access” Axe to Fall: New Investigatory Assistance Legislation for Canada ), implications of privacy law (Steve Penney, Associate Professor, University of New Brunswick Law School, Privacy Law for Network Administrators) and technologies for system surveillance and security (Dr. Larry Korba, Head, Information Security Group, Institute of Information Technology, National Research Council of Canada, Hacking, Tracking, and BaitingSurveillance, Wardriving and Honeypot Technologies). ...more	Shaughnessy Room

10:00 - 10:30 AM	Nutrition Break	Passamaquoddy Room

12:00 - 01:30 PM	Lunch, Workshop Keynote: Michael Power, Managing Personal Data Incidents PST 2005	Shaughnessy Room

01:30 - 05:30 PM	Conference Workshop “Introduction to Network Forensics” Workshop coordinators are Scott Knight and Sylvain Leblanc (Professors at the Royal Military College of Canada) Engaging the Adversary as a Viable Response to Network Intrusion. This workshop will provide an overview of the legal and technical issues related to forensic examination of a communications network for prosecution or intelligence gathering purposes. The workshop will be conducted in three segments. In each segment a subject matter expert will offer a short presentation followed by an open forum for discussion. The participation from all workshop attendees in the discussion will be encouraged. Presenters will include Corporal Royce MacCrea (Member of the Atlantic Region Integrated Technological Crime Unit of the RCMP) and René Hamel (VP of Computer Forensic Services at the Inkster Group of the Gowlings law firm), Computer Forensics Methodologies for Fraud Investigations ....more	Shaughnessy Room

03:00 - 03:30 PM	Nutrition Break	Passamaquoddy Room

06:00 - 09:00 PM	Networking Reception : Keynote Steve Katz, The Difficult Road To Cybersecurity.	Shaughnessy Room

Thursday October 13

TIME	EVENT	LOCATION

8:00 AM - 05:00 PM	Registration	Lobby

08:45 - 09:00 AM	Official Opening	Shaughnessy Room

09:00 AM - 5:00 PM	Vendor Displays	Passamaquoddy Room

09:00 - 10:00 AM	Keynote Privacy: John J. Borking, PRIVACY 12212012	Shaughnessy Room

10:00 - 10:30 AM	Nutrition Break	Passamaquoddy Room

10:30 - 12:10 Noon	Papers 1A - Privacy 1: How to Calculate the Information Privacy. Sabah S. Al-Fedaghi.. User Perceptions of Privacy and Security on the Web. Scott Flinn, Jo Lumsden. Specifying Personal Privacy Policies to Avoid Unexpected Outcomes. George Yee, Larry Korba.	Shaughnessy Room
	Papers 1B - Security 1 (Intrusion Detection 1): Context-Based Intrusion Detection Using Snort, Nessus and Bugtraq Databases. Frédéric Massicotte, Mathieu Couture, Yvan Labiche. Network Intrusion Detection using Random Forests. Jiong Zhang, Mohammad Zulkernine, Information Visualization for Intrusion Detection. James Blustein, Daniel L. Silver, Ching-Lung Fu.	Algonquin Room

12:10 - 01:30 PM	Lunch, Keynote: Michael Binder, Trust and Confidence Online:Building a Safer and More Secure Internet	Shaughnessy Room

01:30 - 03:10 PM	Papers 2A - Security 2 (Intrusion Detection 2): Are Deeper Levels of Risk Analysis a Requirement for Enabling Optimal Tactical Responses in INFOSEC Alert Correlation Systems? Stephen Neville. Selecting Features for Intrusion Detection: A Feature Relevance Analysis on KDD 99 Hilmi Gunes Kayacik, Nur Zincir-Heywood, Malcolm I. Heywood. Detecting Computer Intrusions Using Behavioral Biometrics. Ahmed Awad E. Ahmed, Issa Traore.	Shaughnessy Room

03:10 - 03:40 PM	Nutrition Break	Passamaquoddy Room

03:40 - 04:40 PM	Keynote Security :John McHugh, Network Awareness and Network Security	Shaughnessy Room

04:40 - 05:30 PM	Keynote Industry (1): Michael Nowacki, PST Conference 2005	Shaughnessy Room

06:00 - 07:00 PM	Wine and Cheese	Passamaquoddy Room

07:00 - ??:?? PM	Dinner on the Town

Friday October 14

TIME	EVENT	LOCATION

08:00 - 08:45 AM	Keynote Industry (2): Brian O’Higgins, Innovative Hackers are Bad for Business	Shaughnessy Room

08:45 - 09:00 AM	PST2006 Presentation: UOIT	Shaughnessy Room

09:00 AM - 5:00 PM	Vendor Displays	Passamaquoddy Room

09:00 - 10:00 AM	Keynote Trust: Audun Jøsang, Security and Trust:What's the connection?	Shaughnessy Room

10:00 - 10:30 AM	Nutrition Break	Passamaquoddy Room

10:30 - 12:10 Noon	Papers 3A - Trust 1: Credential Networks: a General Model for Distributed Trust and Authenticity Management. Jacek Jonczy, Rolf Haenni. Generic Reliability Trust Model. Glenn Mahoney, Wendy Myrvold, Gholamali C. Shoja. The Advisor-POMDP: A Principled Approach to Trust through Reputation in Electronic Markets. Kevin Regan, Robin Cohen, Pascal Poupart .	Shaughnessy Room
	Papers 3B - Security 3 (Firewalls, Proxies, Access Control) : Usable Firewall Configuration. Weiwei Geng, Scott Flinn, John DeDourek. SHEMP: Secure Hardware Enhanced MyProxy. John Marchesini, Sean Smith. Ubiquitous Redirection as Access Control Response. George Bakos, Sergey Bratus.	Algonquin Room

12:10 - 01:30 PM	Lunch, Keynote Industry (3): Robin T. Wakefield, Data Interoperability & Data Handling Framework	Shaughnessy Room

01:30 - 03:10 PM	Papers 4A Poster Session. (No paper sessions)	Passamaquoddy Room

03:10 - 04:40 PM	Papers 5A Privacy and Trust MONOLOGUE: A Tool for Negotiating Exchanges of Private Information in E-Commerce. Scott Buffett, Luc Comeau, Michael W. Fleming, Bruce Spencer. Trustworthiness Measure for e-Service. Elizabeth Chang, Farookh Khadeer Hussain, Tharam S. Dillon.	Shaughnessy Room
	Papers 5B Security 4 (Java and Security) : Link-Time Enforcement of Confined Types for JVM Bytecode. Philip W. L. Fong. Security Analysis of Wireless Java. Mourad Debbabi, Mohamed Saleh, Chamseddine Talhi, Sami Zhioua.	Algonquin Room

04:40 - 05:00 PM	Closing and Door Prices	Shaughnessy Room

06:00 - ??:?? PM	Pub Night

Submissions are encouraged as long papers (12 pages) short papers (4-5 pages) and posters. Submissions should be in the IEEE format, with the first page bearing authors' affiliations, names and contact details. Details are available at http://www.ieee.org/organizations/pubs/transactions/stylesheets.htm.

List of Accepted Full Papers

Ref# Number	Title	Authors
6	Link-Time Enforcement of Confined Types for JVM Bytecode	Fong
8	How to Calculate the Information Privacy	Al-Fedaghi
14	Credential Networks: a General Model for Distributed Trust and Authenticity Management	Haenni, Jonczy
15	Context-Based Intrusion Detection Using Snort, Nessus and Bugtraq Databases	Massicotte
16	Generic Reliability Trust Model	Mahoney
18	Are Deeper Levels of Risk Analysis a Requirement for Enabling Optimal Tactical Responses in INFOSEC Alert Correlation Systems?	Neville
21	The Advisor-POMDP: A Principled Approach to Trust through Reputation in Electronic Markets	regan
22	MONOLOGUE: A Tool for Negotiating Exchanges of Private Information in E-Commerce	Buffett
26	Network Intrusion Detection using Random Forests	Zhang
27	Selecting Features for Intrusion Detection: A Feature Relevance Analysis on KDD 99 Benchmark	Kayacik
38	Trustworthiness Measure for e-Service	chang
39	User Perceptions of Privacy and Security on the Web	Flinn
41	Usable Firewall Configuration	Geng
42	Detecting Computer Intrusions Using Behavioral Biometrics	Ahmed
44	SHEMP: Secure Hardware Enhanced MyProxy	Smith
45	Security Analysis of Wireless Java	Saleh
49	Ubiquitous Redirection as Access Control Response	Bratus
50	Specifying Personal Privacy Policies to Avoid Unexpected Outcomes	Yee
53	Information Visualization for Intrusion Detection	Fu

List of Accepted Short Papers

Ref# Number	Title	Authors
11	Providing Personalized Privacy Support in Public Places	Roecker
12	Towards Eliminating Steganographic Communication	Whitehead
13	Solitary Confinement: Using Artificial Cells to Control Access and Facilitate Apoptosis in Computer Systems	Gilchrist
20	Graphical and Digital signature Combination for fulfilling the cultural gap between traditional signature and current smart card digital certificate/signature	Elfadil
23	A Practical Buses Protocol for Anonymous Internet Communication	Hirt
29	Towards a Privacy Access Control Model for e-Healthcare Services	Hung
30	A Privacy Preserving Enhanced Trust Building Mechanism for Web Services	Wu
35	Public Trust and Electronic Health Records	Smit
46	Electronic Voting in the UK:Current Trends in Deployment , Requirements and Technologies	Storer
48	MozPETs - a privacy enhanced Web Browser	Brueckner
51	PEEP- Privacy Enforcement in Email Project	Boufaden
54	Enforcing Privacy in Web Applications	Waissbein

Important Dates

Papers

Submission Deadline (Extended):	May 9, 2005
Notification of Acceptance:	July 15, 2005
Final Manuscript Due:	July 30, 2005
Conference:	October 12-14, 2005

Workshops

Workshops Submission Deadline:	May 1, 2005
Workshops Notification of Acceptance:	May 15, 2005
Workshops Papers due	July 30, 2005
Workshops:	October 12, 2005