I received yesterday the page proof edition of my book. I have to review it for the final modifications. Here is an example (first page of the introduction)
Once reviewed, we are set. Springer will then print it and it should be soon available. In other words, it should be out before August.
The ninth workshop on secure data management (SDM’12) has extended its submission deadline to June 1, 2012.
The topics of interest are:
A new step in the creation of my book “Securing Digital Video”. The typesetting phase has started. In other words, Springer’s team is making the final layout of the book. Soon available in bookstores.
9th VLDB Workshop on Secure Data Management (SDM 2012)
http://www.hitech-projects.com/sdm-workshop/sdm12.html
with special session on trustworthy cloud computing
August 27, 2012
Istanbul, Turkey
In conjunction with 38th International Conference on Very Large Databases
The 9th SDM workshop builds upon the success of the first eight workshops, which were
organized in conjunction with VLDB 2004 in Toronto, Canada, VLDB 2005 in Trondheim,
Norway, VLDB 2006 in Seoul, Korea, VLDB 2007 in Vienna, Austria, VLDB 2008 in
Auckland, New Zealand, VLDB 2009 in Lyon, France, VLDB 2010 in Singapore and
VLDB 2011 in Seattle, USA.
Motivation
Although cryptography and security techniques have been around for quite some time,
emerging technologies such as ubiquitous computing and ambient intelligence that exploit
increasingly interconnected networks, mobility and personalization, put new requirements
on security with respect to data management. As data is accessible anytime anywhere,
according to these new concepts, it becomes much easier to get unauthorized data
access. Furthermore, it becomes simpler to collect, store, and search personal
information and endanger people’s privacy. Therefore, research in the area of secure
data management is of growing importance, attracting attention of both the data
management and security research communities. The interesting problems range from
traditional ones such as, access control (with all variations, like dynamic, context-aware,
role-based), database security (e.g. efficient database encryption schemes, search over
encrypted data, etc.), privacy preserving data mining to controlled sharing of data.
This year, we will continue with tradition to have special sessions. We will organize a
special session on trustworthy cloud computing in the context of the EU FP7 TClouds
project (http://www.tclouds-project.eu/) and Trust in Digital Life initiative
(http://www.trustindigitallife.eu/).
Aim
The aim of the workshop is to bring together people from the security research
community and data management research community in order to exchange ideas on
the secure management of data. This year we intent to organize two special sessions
with the focus on trustworthy cloud computing and trust in digital life. The workshop will
provide forum for discussing practical experiences and theoretical research efforts that
can help in solving the critical problems in secure data management. Authors from both
academia and industry are invited to submit papers presenting novel research on the
topics of interest (see below).
Topics
Topics of interest include (but are not limited to) the following:
– Secure Data Management
– Database Security
– Data Anonymization/Pseudonymization
– Data Hiding
– Metadata and Security
– XML Security
– Authorization and Access Control
– Data Integrity
– Privacy Preserving Data Mining
– Statistical Database Security
– Control of Data Disclosure
– Private Information Retrieval
– Secure Auditing
– Trustworthy Cloud Computing
– Search on Encrypted Data
– Digital and Enterprise Rights Management
– Multimedia Security and Privacy
– Private Authentication
– Identity Management
– Privacy Enhancing Technologies
– Security and Semantic Web
– Security and Privacy in Ubiquitous Computing
– Security and Privacy of Health Data
– Watermarking
– Trust Management
– Trust in Digital Life
– Policy Management
– Applied Cryptography
Format of the workshop and proceedings
It is proposed to organize the workshop in conjunction with the VLDB conference.
Provisional program:
1. Invited Talk
2. Presentation of papers with discussions
3. Special sessions
It is the intention to publish the proceedings in the Spinger-Verlag Lecture Notes on
Computer Science series as it was done for the first seven workshops. Additionally, we
also want to select the best papers with the intent to publish their extended and revised
versions in a special edition of a journal (as it was done for the SDM 2006 and 2007
workshops with the Journal of Computer Security).
Paper submission
Authors are invited to submit original, unpublished research papers that are not being
considered for publication in any other forum. Manuscripts should be submitted
electronically as PDF or PS files via email to al_sdm05@natlab.research.philips.com
Full papers should not exceed fifteen pages in length (formatted using the camera-ready
templates of Springer Lecture Notes in Computer Science).
We also encourage submitting position statement papers describing research work in
progress or lessons learned in practice (max six pages). Submissions must be received
no later than May 1, 2012. Please check the workshop page for further information and
submission instructions: http://www.extra.research.philips.com/sdm-workshop/
Duration: 1-day workshop
Important dates
Submission deadline: May 1, 2012
Notification of acceptance or rejection: June 8, 2012
Final versions due: June 15, 2012
Workshop: August 27, 2012
My editorial of the last security newsletter provoked many reactions. It could have been expected because I reported about MegaUpload’s shutdown. The typical reaction was the tricky question: how do you decide that a cyber locker is acting evil? Is the cyber locker operator liable for its users to store illegal contents? We’re back to the safe harbor issue.
who-owns-the-rain-a-discussion-on-accountability-of-whats-in-the-cloud posted on http://parasam.me/ blog nicely presents the problem. In a nutshell, why only megaUpload? Most of the other cyber lockers will probably host illegal content.
The issue of cyber lockers is similar with the situation of Peer To Peer. The technology is not to be blamed, it is its misuse that is to be blamed. How often did we see people automatically identifying P2P to piracy? And too often, even us, the specialists, oversimplify communication by identifying the technology with its use. P2P and cyber lockers are valuable technology and have many legitimate use. Therefore, we must be very careful about breaking the identification of cyber locker to piracy harbors.
Now why striking MegaUpload? Of course, there were non-infringing content stored on MegaUpload, as there may be illegal content stored on DropBox (choose any other name). I am sure that I will certainlyfind legitimate content on The Pirate Bay (both on there P2P service and their own cyber locker). When closing MegaUpload, most probably some people did loose legitimate content. Now, why would MegaUpload be evil and not DropBox? Most probably, the difference between bad/good comes from the actual behavior of the site owners. For instance, YouTube answers to cease and desist notice. According to the US justice, MegaUpload did not have such a clean behavior. An extract of the FBI announcement about MegaUpload.
The indictment states that the conspirators conducted their illegal operation using a business model expressly designed to promote uploading of the most popular copyrighted works for many millions of users to download. The indictment alleges that the site was structured to discourage the vast majority of its users from using Megaupload for long-term or personal storage by automatically deleting content that was not regularly downloaded. The conspirators further allegedly offered a rewards program that would provide users with financial incentives to upload popular content and drive web traffic to the site, often through user-generated websites known as linking sites. The conspirators allegedly paid users whom they specifically knew uploaded infringing content and publicized their links to users throughout the world.
The reward program was most probably a good indicator as well as a red rag under the nose of MPAA. The frontier is most probably in the applied business model. Does most of your money come from “legitimate” business? But even that is a difficult test. If your business model is purely based on advertisement revenue, then you should try to increase the traffic, thus the number of eye balls. Free copyright content is one of the categories that attracts visitors.
As for all ethical matters, it is not Manichean. And the grey scale is large.
What is your opinion?
About one year ago, I informed you that the final draft of my book was sent to Springer, my editor. Today, a new step: after several copy edit rounds, the text is final. We enter now the final stage: layout and printing. In other words, the book should be now soon available in the stores (before end of this quarter).
The book will have inserts entitled “Devil’s in the Details”. These short sections will deeply dive in some naughty details highlighting the difference between theoretical schemes and actual robust security. For instance, you will learn some details on the Black Sunday, or on how AACS was hacked.
I will keep you informed about the next steps.
Brightcove proposes an interesting whitepaper describing the spectrum of solutions available to secure video. The section describing the security spectrum is a good high-level introduction to the existing problems. It tackles:
The beginning of the list is well done. They are generic enough to be able to extrapolate to other solutions than the ones proposed by Brightcove. The last ones (in italic in this post) are very specific either to a solution, or to the offer of Brightcove. They are mostly based on the use of Adobe Flash Access for non-Apple devices, and HLS for Apple devices.
The last section, Security across channels, is not focusing on security challenges in the different environments and may be confusing for the non-specialists.
The document is available here and requires registration.