Abstract
Cybercrime and IT related crime are no longer a question only for specialists, they are a concern for the whole society. The formidable progress authorised by digital technologies have also attracted the interest of a growing number of criminals, mainly because there is a lot of money to make from an ever increasing number of potential victims. The challenges are mainly related with the strong involvement of organised crime in those illegal activities but also with the enlargement of the attack surface (more potential victims, more technologies). Many of those challenges are related with the illegal access to personal and critical data. This situation needs to be faced by a strong community, pulling together law enforcement, IT specialists, IT security specialists, the industry and the research community. The talk will try and identify those challenges of today, pinpoint some of the scenarios that are developping today or will develop in the coming months and years, and give a few ideas about possible progress.
Bio
Lieutenant-colonel Eric Freyssinet, head of the cybercrime division, Gendarmerie nationale Chairman of the Expert group on IT Crime - Europe of Interpol Education: Ecole Polytechnique (general engineering, X1992), Mastère spécialisé in Network and IT security from Telecom ParisTech (2000), and currently PhD student at University Paris 6 on the subject of the fight against botnets.

Abstract
The ongoing authorization leap from rights to attributes offers numerous compelling benefits. Decisions about user, subject, object and context attributes can be made relatively independently and with suitable decentralization appropriate for each attribute. Policies can be formulated by security architects to translate from attributes to rights. Dynamic elements can be built into these policies so the outcomes of access control decisions automatically adapt to changing local and global circumstances. On the benefits side this leap is a maturation of authorization matching the needs of emerging cyber technologies and systems. On the risks side devolving attribute management may lead to attributes of questionable provenance and value, with attendant possibility of new channels for social engineering and malware attacks. We argue that the potential benefits will lead to pervasive deployment of attribute-based access control (ABAC), and more generally attribute-based security. The cyber security research community has a responsibility to develop models, theories and systems which enable safe and chaos-free deployment of ABAC. This is the current grand challenge for access control researchers.
Bio
Ravi Sandhu is Executive Director of the Institute for Cyber Security at the University of Texas at San Antonio, where he holds the Lutcher Brown Endowed Chair in Cyber Security. Previously he was on the faculty at George Mason University (1989-2007) and Ohio State University (1982-1989). He holds BTech and MTech degrees from IIT Bombay and Delhi, and MS and PhD degrees from Rutgers University. He is a Fellow of IEEE, ACM and AAAS, and has received awards from IEEE, ACM, NSA and NIST. A prolific and highly cited author, his research has been funded by NSF, NSA, NIST, DARPA, AFOSR, ONR, AFRL and private industry. His seminal papers on role-based access control established it as the dominant form of access control in practical systems. His numerous other models and mechanisms have also had considerable real-world impact. He is Editor-in-Chief of the IEEE Transactions on Dependable and Secure Computing, and founding General Chair of the ACM Conference on Data and Application Security and Privacy. He previously served as founding Editor-in-Chief of ACM Transactions on Information and System Security and on the editorial board for IEEE Internet Computing. He was Chairman of ACM SIGSAC, and founded the ACM Conference on Computer and Communications Security and the ACM Symposium on Access Control Models and Technologies and chaired their Steering Committees for many years. He has served as General Chair, Program Chair and Committee Member for numerous security conferences. He has consulted for leading industry and government organizations, and has lectured all over the world. He is an inventor on 25 security technology patents. At the Institute for Cyber Security he leads multiple teams conducting research on many aspects of cyber security including secure information sharing, social computing security, cloud computing security, secure data provenance and botnet analysis and detection, in collaboration with researchers all across the world.
Home page
His web site is at www.profsandhu.com.