DBSec 2009
23rd Annual IFIP WG 11.3 Working Conference on Data and Applications Security
July 12-15, 2009
Concordia University, Montreal, Canada

About the Conference

The DBSec’09 conference is the 23rd Annual Working Conference of IFIP WG 11.3 on Data and Application Security. The conference will be a full 3-day event featuring technical presentations of 18 full papers and 5 short papers, a keynote and a tutorial.


Registration information is available at http://www.ciise.concordia.ca/newsandevents/2009/dbsec09/registration.htm


Sunday 12th July 2009

19:00-21:30 Reception at the Montefiore Club

Monday 13th July 2009

9.00-9.30 Registration.
9.30-9.45 Opening Remark and Welcome 9.45-10.45 Session 1: Database Security I

- Controlled Query Evaluation and Inference-Free View Updates. Joachim Biskup, Jens Seiler, and Torben Weibert.

- Implementing Reflective Access Control in SQL. Lars E. Olson, Carl A. Gunter, William R. Cook, and Marianne Winslett.

10.45-11.15 Break
11.15-12.45 Session 2: Security Policies I

- An Approach to Security Policy Configuration Using Semantic Threat Graphs. Simon N. Foley and William M. Fitzgerald.

- Formal Specification of a Reaction Policy. Fabien Autrel, Nora Cuppens-Boulahia, and Frederic Cuppens.

- Towards System Integrity Protection with Graph-Based Policy Analysis. Wenjuan Xu, Xinwen Zhang, and Gail-Joon Ahn.

12.45-14.00 Lunch at the Montefiore Club
14.00-15.00 Session 3: Privacy I: Applications

- Practical Private DNA String Searching and Matching through Efficient. Oblivious Automata Evaluation. Keith B. Frikken.

- Privacy-Preserving Telemonitoring for eHealth. Mohamed Layouni, Kristof Verslype, Mehmet Tahir Sandikkaya, Bart De Decker, and Hans Vangheluwe.

15.00-15.30 Break
15.30-17.00 Session 4: Access Control

- Distributed Privilege Enforcement in PACS. Christoph Sturm, Ela Hunt, and Marc H. Scholl.

- Spatiotemporal Access Control Enforcement under Uncertain Location. Estimates Heechang Shin and Vijayalakshmi Atluri.

- Using Edit Automata for Rewriting-Based Security Enforcement. Hakima Ould-Slimane, Mohamed Mejri, and Kamel Adi.

Tuesday 14th July 2009

9.15-10.15 Keynote speaker: Prof. Mike Reiter.

- Better Architectures and New Security Applications for Coarse Network Monitoring

10.15-11.15 Session 5: Privacy II

- Distributed Anonymization: Achieving Privacy for Both Data Subjects and Data Providers. Pawel Jurczyk and Li Xiong

- Detecting Inference Channels in Private Multimedia Data via Social Networks. Bechara Al Bouna and Richard Chbeir.

11.15-11.40 Break
11.40-13.00 Session 6: Short Papers

- Emerging Trends in Health Care Delivery: Towards Collaborative Security for NIST RBAC. Steven Demurjian, Solomon Berhe and Thomas Agresta.

- Methods for computing trust and reputation while preserving privacy. Ehud Gudes, Nurit Gal-Oz, and Alon Grubshtein.

- Building an application data behavior model for intrusion detection. Olivier Sarrouy, Eric Totel and Bernard Jouga.

- A Trust-Based Access Control Model for Pervasive Computing Systems. Manachai Toahchoodee, Ramadan Abdunabi, Indrakshi Ray and Indrajit Ray.

13.00-14.00 Lunch at the Montefiore Club
14.00-15.00 Session 7: Intrusion detection and protocols

- Analysis of Data Dependency Based Intrusion Detection System. Yermek Nugmanov, Brajendra Panda and Yi Hu.

- Secure Method Calls by Instrumenting Bytecode with Aspects. Xiaofeng Yang and Mohammad Zulkernine.

15.00-15.30 Break
15.30-17.00 Session 8: Panel in memory of Prof. Reind van de Riet

- Emerging directions in data and applications security. Organized by: Bhavani Thuraisingham.

17.00-18.00 Business Meeting
19:00-22:30 Banquet at Le bateau Mouche

Wednesday 15th July 2009

8.30-10.30 Tutorial

- How to Protect Information: Inference Control For Logic-Oriented Information Systems. Prof. Joachim Biskup.

10.30-11.00 Break
11.00-12.00 Session 9: Database Security II

- Enforcing confidentiality constraints on sensitive databases with lightweight trusted clients. Valentina Ciriani, Sabrina De Capitani di Vimercati, Sara Foresti, Sushil Jajodia, Stefano Paraboschi and Pierangela Samarati.

- Data is key: introducing the data-based access control paradigm. Wolter Pieters and Qiang Tang.

12.00-13.00 Session 10: Trusted Computing

- Improving Cut-and-Choose Protocols using Trusted Computing Technology, with Applications to Fair Exchange and Verifiable Encryption. Roopa Vishwanathan and Steve Tate.

- PAES: Policy-Based Authority Evaluation Scheme. Enrico Scalavino, Vaibhav Gowadia and Emil C. Lupu.

13.00-14.00 Lunch at the Montefiore Club

General Chair
Mourad Debbabi, Concordia University, Canada

Program Co-Chairs
Ehud Gudes, Ben-Gurion University of the Negev, Israel
Jaideep Vaidya, Rutgers University, U.S.A.

Contact Person
Ms. Sheila Anderson (anderson@ciise.concordia.ca)