Secure Data Management 2012

The ninth workshop on secure data management (SDM’12) has extended its submission deadline to June 1, 2012.

The topics of interest are:

  • Secure Data Management
  • Database Security
  • Data Anonymization/Pseudonymization
  • Data Hiding
  • Metadata and Security
  • XML Security
  • Authorization and Access Control
  • Data Integrity
  • Privacy Preserving Data Mining
  • Statistical Database Security
  • Control of Data Disclosure
  • Private Information Retrieval
  • Secure Stream Processing
  • Secure Auditing
  • Data Retention
  • Search on Encrypted Data
  • Digital and Enterprise Rights Management
  • Multimedia Security and Privacy
  • Private Authentication
  • Identity Management
  • Privacy Enhancing Technologies
  • Security and Semantic Web
  • Security and Privacy in Ubiquitous Computing
  • Security and Privacy of Health Data
  • Web Service Security
  • Trust Management
  • Policy Management
  • Applied Cryptography

My book

A new step in the creation of my book “Securing Digital Video”. The typesetting phase has started. In other words, Springer’s team is making the final layout of the book. Soon available in bookstores.

 

CFP: Secure Data Management workshop (SDM)

9th VLDB Workshop on Secure Data Management (SDM 2012)

http://www.hitech-projects.com/sdm-workshop/sdm12.html

with special session on trustworthy cloud computing

 

August 27, 2012

Istanbul, Turkey

In conjunction with 38th International Conference on Very Large Databases

http://www.vldb2012.org/

 

The 9th SDM workshop builds upon the success of the first eight workshops, which were

organized in conjunction with VLDB 2004 in Toronto, Canada, VLDB 2005 in Trondheim,

Norway, VLDB 2006 in Seoul, Korea, VLDB 2007 in Vienna, Austria, VLDB 2008 in

Auckland, New Zealand, VLDB 2009 in Lyon, France, VLDB 2010 in Singapore and

VLDB 2011 in Seattle, USA.

 

 

Motivation

Although cryptography and security techniques have been around for quite some time,

emerging technologies such as ubiquitous computing and ambient intelligence that exploit

increasingly interconnected networks, mobility and personalization, put new requirements

on security with respect to data management. As data is accessible anytime anywhere,

according to these new concepts, it becomes much easier to get unauthorized data

access. Furthermore, it becomes simpler to collect, store, and search personal

information and endanger people’s privacy. Therefore, research in the area of secure

data management is of growing importance, attracting attention of both the data

management and security research communities. The interesting problems range from

traditional ones such as, access control (with all variations, like dynamic, context-aware,

role-based), database security (e.g. efficient database encryption schemes, search over

encrypted data, etc.), privacy preserving data mining to controlled sharing of data.

 

This year, we will continue with tradition to have special sessions. We will organize a

special session on trustworthy cloud computing in the context of the EU FP7 TClouds

project (http://www.tclouds-project.eu/) and Trust in Digital Life initiative

(http://www.trustindigitallife.eu/).

 

 

Aim

The aim of the workshop is to bring together people from the security research

community and data management research community in order to exchange ideas on

the secure management of data. This year we intent to organize two special sessions

with the focus on trustworthy cloud computing and trust in digital life. The workshop will

provide forum for discussing practical experiences and theoretical research efforts that

can help in solving the critical problems in secure data management. Authors from both

academia and industry are invited to submit papers presenting novel research on the

topics of interest (see below).

 

Topics

Topics of interest include (but are not limited to) the following:

–              Secure Data Management

–              Database Security

–              Data Anonymization/Pseudonymization

–              Data Hiding

–              Metadata and Security

–              XML Security

–              Authorization and Access Control

–              Data Integrity

–              Privacy Preserving Data Mining

–              Statistical Database Security

–              Control of Data Disclosure

–              Private Information Retrieval

–              Secure Auditing

–              Trustworthy Cloud Computing

–              Search on Encrypted Data

–              Digital and Enterprise Rights Management

–              Multimedia Security and Privacy

–              Private Authentication

–              Identity Management

–              Privacy Enhancing Technologies

–              Security and Semantic Web

–              Security and Privacy in Ubiquitous Computing

–              Security and Privacy of Health Data

–              Watermarking

–              Trust Management

–              Trust in Digital Life

–              Policy Management

–              Applied Cryptography

 

 

Format of the workshop and proceedings

It is proposed to organize the workshop in conjunction with the VLDB conference.

Provisional program:

1.            Invited Talk

2.            Presentation of papers with discussions

3.            Special sessions

 

It is the intention to publish the proceedings in the Spinger-Verlag Lecture Notes on

Computer Science series as it was done for the first seven workshops. Additionally, we

also want to select the best papers with the intent to publish their extended and revised

versions in a special edition of a journal (as it was done for the SDM 2006 and 2007

workshops with the Journal of Computer Security).

 

 

Paper submission

Authors are invited to submit original, unpublished research papers that are not being

considered for publication in any other forum. Manuscripts should be submitted

electronically as PDF or PS files via email to al_sdm05@natlab.research.philips.com

Full papers should not exceed fifteen pages in length (formatted using the camera-ready

templates of Springer Lecture Notes in Computer Science).

 

We also encourage submitting position statement papers describing research work in

progress or lessons learned in practice (max six pages). Submissions must be received

no later than May 1, 2012. Please check the workshop page for further information and

submission instructions: http://www.extra.research.philips.com/sdm-workshop/

 

Duration: 1-day workshop

 

Important dates

Submission deadline: May 1, 2012

Notification of acceptance or rejection: June 8, 2012

Final versions due: June 15, 2012

Workshop: August 27, 2012

 

MegaUpload effect: is technology evil?

My editorial of the last security newsletter provoked many reactions. It could have been expected because I reported about MegaUpload’s shutdown. The typical reaction was the tricky question: how do you decide that a cyber locker is acting evil? Is the cyber locker operator liable for its users to store illegal contents? We’re back to the safe harbor issue.

who-owns-the-rain-a-discussion-on-accountability-of-whats-in-the-cloud posted on http://parasam.me/ blog nicely presents the problem. In a nutshell, why only megaUpload? Most of the other cyber lockers will probably host illegal content.

The issue of cyber lockers is similar with the situation of Peer To Peer. The technology is not to be blamed, it is its misuse that is to be blamed. How often did we see people automatically identifying P2P to piracy? And too often, even us, the specialists, oversimplify communication by identifying the technology with its use. P2P and cyber lockers are valuable technology and have many legitimate use. Therefore, we must be very careful about breaking the identification of cyber locker to piracy harbors.

Now why striking MegaUpload? Of course, there were non-infringing content stored on MegaUpload, as there may be illegal content stored on DropBox (choose any other name). I am sure that I will certainlyfind legitimate content on The Pirate Bay (both on there P2P service and their own cyber locker). When closing MegaUpload, most probably some people did loose legitimate content. Now, why would MegaUpload be evil and not DropBox? Most probably, the difference between bad/good comes from the actual behavior of the site owners. For instance, YouTube answers to cease and desist notice. According to the US justice, MegaUpload did not have such a clean behavior. An extract of the FBI announcement about MegaUpload.

The indictment states that the conspirators conducted their illegal operation using a business model expressly designed to promote uploading of the most popular copyrighted works for many millions of users to download. The indictment alleges that the site was structured to discourage the vast majority of its users from using Megaupload for long-term or personal storage by automatically deleting content that was not regularly downloaded. The conspirators further allegedly offered a rewards program that would provide users with financial incentives to upload popular content and drive web traffic to the site, often through user-generated websites known as linking sites. The conspirators allegedly paid users whom they specifically knew uploaded infringing content and publicized their links to users throughout the world.

The reward program was most probably a good indicator as well as a red rag under the nose of MPAA. The frontier is most probably in the applied business model. Does most of your money come from “legitimate” business? But even that is a difficult test. If your business model is purely based on advertisement revenue, then you should try to increase the traffic, thus the number of eye balls. Free copyright content is one of the categories that attracts visitors.

As for all ethical matters, it is not Manichean. And the grey scale is large.

What is your opinion?

Securing Digital Video: the text is final and frozen

About one year ago, I informed you that the final draft of my book was sent to Springer, my editor.  Today, a new step:  after several copy edit rounds, the text is final.   We enter now the final stage:  layout and printing.  In other words, the book should be now soon available in the stores (before end of this quarter).

The book will have inserts entitled “Devil’s in the Details”.  These short sections will deeply dive in some naughty details highlighting the difference between theoretical schemes and actual robust security.  For instance, you will learn some details on the Black Sunday, or on how AACS was hacked.

I will keep you informed about the next steps.

Online video security 101

Brightcove proposes an interesting whitepaper describing the spectrum of solutions available to secure video. The section describing the security spectrum is a good high-level introduction to the existing problems. It tackles:

  • Unlimited access
  • Watermarking (both visible burn-in and invisible forensics watermark)
  • Geo-restriction; you limit the geographical zone where your content may be viewed. This is why non-US residents cannot access the free episodes on sites such as ABC
  • Domain restriction
  • IP restriction
  • RTMPE for protecting video during transfer
  • Protected page; the usual restriction by an access control to the web page
  • SWF restriction; this is a characteristics of Flash Access, Adobe’s DRM, where you can define the list of AIR players allowed to access a content
  • Anonymous DRM; using a dedicated mode of Flash Access
  • Advanced DRM; using more complex features of Flash Access
  • Secure HLS; the format defined by Apple to securely stream content to an iOS device.
  • User authentication

The beginning of the list is well done. They are generic enough to be able to extrapolate to other solutions than the ones proposed by Brightcove. The last ones (in italic in this post) are very specific either to a solution, or to the offer of Brightcove. They are mostly based on the use of Adobe Flash Access for non-Apple devices, and HLS for Apple devices.

The last section, Security across channels, is not focusing on security challenges in the different environments and may be confusing for the non-specialists.

The document is available here and requires registration.