Information sharing is essential for today’s business and societal transactions. Nevertheless, such a sharing should not violate the security and privacy requirements either dictated by Law to protect data subjects or by internal regulations, which can be provided both at the organisation and at the individual level. An effectual, rapid, and unfailing electronic data sharing among different parties, while protecting legitimate rights on these data, is a key issue with several shades. Among them, how to translate the high-level law obligations, business constraints, and users’ requirements into system-level security and privacy policies, and how to engineer efficient and practical technical solutions for policy definition and enforcement. TELERISE aims at providing a forum for researchers and technicians from the legal and the IT disciplines, both in academia and industry, to foster an exchange of research results, experiences, and products in the area of privacy-preserving and secure data management, as well as, safety aspects in data management systems. The ultimate goal is to conceive new trends and ideas on designing, implementing, and evaluating solutions for safe, reliable, and compliant information sharing, with an eye to the cross-relations between ICT and regulatory aspects of data management.
The list of topics includes (but it is not limited to):
- Model-based and experimental assessment of data protection
- Privacy in identity management and authentication
- Modelling and analysis languages for representation, visualization, specification of legal obligations
- Technical, legal, and user requirements for data protection
- User-friendly authoring tools to edit privacy preferences
- Technical infrastructures for privacy and security policies management
- Technical infrastructure for supporting privacy and security policies evolution
- Privacy and security policies conflict analysis and resolution strategies
- Cross-relations between privacy-preserving technical solutions and legal regulations
- Privacy aware access and usage control
- Privacy and security policies enforcement mechanisms
- Privacy preserving data allocation and storage
- Software systems compliance with applicable laws and regulations
- Heuristic for pattern identification in law text
- Qualitative and/or quantitative analyses of consumers awareness of technical solutions for data management
Welcome domains of application are (but may not limited to):
- Telecommunication and Networks
- Cloud Computing and Web Services
- Mobile Devices
- Video Suirvellance
- Smart Grid, Smart Cities, and Smart Spaces
- Public Administration
- Finance & Business organizations
- Social Networks
|Submission deadline for paper:|
|Notification of authors:|
|Camera-ready copy due:||12/06/2017|
. Public Disclosure of Cyber Threat Information: Risks and Benefits
. A growing number of actors perpetrate cyber attacks to various targets, be them public entities, ISPs, enterprises or citizens. Supported by governments or aiming at criminal activities, attackers dispose of channels for sharing and obtaining undisclosed vulnerabilities, attack toolkits and information. On the other hand, attack targets need to react quickly and effectively but they risk to be alone if they do not join forces with others. However timely reactions depend on the quality and timeliness of interactions among peers (e.g., CERTs, public security bodies, ISPs, service providers). There is a need for automated cyber information preparation, sharing and consumption, being fulfilled by initiatives like CybOX, STIX, Taxii, and MISP. However, concerns exist, related to confidential details withing cyber threat information reports, their usage as well as potential data protection laws violations. These constraints render the actual collaboration quite limited in terms of scope. A number of initiatives are focussing on CTI sharing, tackling the most significant obstacles and aiming at bringing benefits to all stakeholders involved in the process. In the talk, risks and benefits will be presented, together with an overview of existing initiatives active in the field.
- Ilaria Matteucci, IIT-CNR, Italy
- Paolo Mori, IIT-CNR, Italy
- Marinella Petrocchi, IIT-CNR, Italy
- Benjamin Aziz, University of Portsmouth, UK
- Gianpiero Costantino, IIT-CNR, Italy
- Vittoria Cozza, University of Padova, Italy
- Francesco Di Cerbo, SAP Labs, France
- Ioanna Dionysiou, University of Nicosia, Cyprus
- Carmen Fernandez Gago, University of Malaga, Spain
- Sorren Hanvey, Lero - The Irish Software Research Centre, Limerick, Ireland
- Jens Jensen, STFC, UK
- Erisa Karafili, Imperial College London, UK
- Mirko Manea, Hewlett Packard Enterprise, Italy
- Aaron Massey, University of Maryland, Baltimore County, US
- Kevin McGillivray, Dept. of Private Law, University of Oslo, Norway
- Andrea Saracino, IIT-CNR, Italy
- Daniele Sgandurra, Royal Holloway, University of London, UK
- Jatinder Singh, Computer Laboratory, University of Cambridge, UK
- Debora Stella, Bird&Bird, Italy
- Slim Trabelsi, SAP Labs, France
- 09:15-09:30 Opening
- 09:30-10:30 Keynote
- Francesco Di Cerbo. Public Disclosure of Cyber Threat Information: Risks and Benefits.
- 10:30-11:00 Coffee Break
- 11:00-12:30 Session 1. Legal Aspects
- Piero Bonatti, Sabrina Kirrane, Axel Polleres and Rigo Wenning. Transparent Personal Data Processing: The Road Ahead.
- Aaron Ceross and Andrew Simpson. The use of data protection regulatory actions as a data source for privacy economics.
- Silvio Ranise and Hari Siswantoro. Automated Legal Compliance Checking by Security Policy Analysis.
- 12:30-13:50 Lunch
- 13:50-15:30 Session 2. Security Aspects
- Antonello Calabró, Francesca Lonetti and Eda Marchetti. Access control policy coverage assessment through monitoring.
- Giacomo Giorgi, Fabio Martinelli, Andrea Saracino and Mina Sheikhalishahi. Try Walking in My Shoes, if you can: Accurate GAIT Recognition through Deep Learning.
- Marios Argyriou, Nicola Dragoni and Angelo Spognardi. Security flaws in OAuth 2.0 Framework: A Case Study. (Short Paper)
- Gabriele Costa, Federico Sinigaglia and Roberto Carbone. PolEnA: Enforcing Fine-grained Permission Policies in Android. (Short Paper)
- 15:30-16:00 Coffee Break
- 16:00-17:10 Session 3. Privacy Aspects
- Roberto Pellungrini, Luca Pappalardo, Francesca Pratesi and Anna Monreale. Fast estimation of privacy risk in human mobility data.
- Zhendong Ma, Walter Seböck, Bettina Pospisil, Christoph Schmittner and Thomas Gruber. Security and Privacy in the Automotive domain: a Technical and Social Analysis. (Short Paper)
- Philipp Hehnle, Pascal Keilbach, Hyun-Jin Lee, Sabrina Lejn, Daniel Steidinger, Marina Weinbrenner and Hanno Langweg. One Click Privacy for Online Social Networks (Short Paper)
For any question, please contact the firstname.lastname@example.org.