|
Keynote Speakers
|
Dr. David Basin has the chair for Information Security at the Department of Computer Science, ETH Zurich, since 2003. He is also the director of the ZISC, the Zurich Information Security Center. He received his Ph.D. from Cornell University in 1989, and his Habilitation from the University of Saarbrucken in 1996. His appointments include a postdoctoral research position at the University of Edinburgh (1990-1991), and a senior research position within the Max-Planck-Institut fur Informatik (1992-1997). From 1997-2002 he was a full professor at the University of Freiburg where he held the chair for software engineering. His research focuses on information security, in particular methods and tools for modeling, building, and validating secure and reliable systems. He serves on the editorial boards of numerous journals including IEEE Transactions on Dependable and Secure Computing and Acta Informatica. He is also Editor-in-Chief of Springer-Verlag's book series in Information Security and Cryptography.
|
Title: A Decade of Model-Driven Security
In model-driven development, system designs are modeled in graphical modeling-languages like UML and system artifacts such as code and configuration data are automatically generated from the model.
Model-driven security is a specialization of this paradigm, where system designs are modeled together with their security requirements and security infrastructures are generated directly from the models.
Over the past decade, we have explored different facets of model-driven security, including the use of different modeling languages, code generators for different middleware platforms, model analysis tools, and even model-to-model transformations. For example, in multi-tier systems, we have used model transformations to transform a security policy, formulated for a system's data model, to a security policy governing the behavior of the system's graphical-user interface.
We report on case studies illustrating the flexibility and power of such a multi-faceted approach to building secure systems.
|
|
Dr. Jean-Pierre Seifert studied computer science and mathematics at Johann-Wolfgang-Goethe-University at Frankfurt/Main. Here he received his PhD in the year 2000 with Prof. Dr. Claus Schnorr, one of the most important theoretician in the field of secure information systems. Afterwards Seifert gained intensive practical experience working in the research and development departments for hardware Security at Infineon, Munich and Intel, USA. At Intel, USA (2004-2006), Prof. Seifert has been responsible for the design and integration of new CPU security instructions for micro processors that are going to be integrated in all Intel micro processors. From 2007-2008 he developed for Samsung Electronics the worldwide first commercial secure cell-phone based on the Linux operating system. Since the end of 2008 Jean-Pierre Seifert has been Professor heading the group "Security in Telecommunications" at TU Berlin. This professorship is at the same time related with the management of the identically-named research field at Deutsche Telekom Laboratories, the research and development institute of Deutsche Telekom at TU Berlin. In 2002 Prof. Seifert has been honoured by Infineon with the award "Inventor of the Year" and has received as well two Intel Achievement Awards in 2005 for his new CPU security instructions for the Intel micro processors. Approx. 40 patents have been granted to Prof. Seifert in the field of computer security.
|
Title: Access Control (in Theory) and modern Linux Phones
In this talk we will present the access control architectures of some of the hottest deployed gadgets of this days - Smartphones. Our examples include: Android, LiMo, and MeeGo platforms. Those devices are specifically interesting as we use them in our daily life in a pervasive way and critically depend on their flawless and secure functionality.
In addition to the detailed architecture presentation we will also discuss their implications and shortcomings within practice. Despite their interesting and powerful access control mechanisms the above devices will be seen to suffer from lousy system implementations leading to serious problems for the end user and even the respective cellular providers - leading again to user problems.
|
|