Seventh International Conference on Information Systems Security
(ICISS 2011)
15-19 December 2011, Jadavpur University, Kolkata







Our Sponsors
Proceedings Sponsor:
Centre of Excellence on Cryptology
Indian Statistical Institute, Kolkata

Tutorials Sponsor:
Birla Institute of Technology, Mesra, Kolkata Campus

Banquet Sponsor:
M/s. HP India Sales Pvt. Ltd.

Other Sponsor:
Advanced System Lab, DRDO, Hyderabad






















































































































































Title: Analysing risk in practice: The CORAS approach to model-driven risk analysis



Bjørnar Solhaug, PhD, Research scientist, SINTEF ICT, Norway

P.O. Box 124 Blindern, N-0314 Oslo, Norway

Length: 3 hours



The term “risk” is known from many fields. On an almost daily basis we face references to “contractual risk”, “economic risk”, “operational risk”, “environmental risk”, “health risk”, “political risk”, “legal risk”, “security risk”, and so forth. In order to identify and assess risks we may conduct risk analyses. The exact nature of an analysis, however, varies considerably depending on the nature of the risks we address. We may classify risk analysis approaches into two main categories: offensive (balancing potential gain against risk of loss) and defensive (protecting what is already there).

In order to defend something, it is important to know exactly what we are defending. This motivates asset-driven risk analysis, in other words risk analysis where the assets of the target (the tings of value) are identified as early as possible and where the rest of the analysis is driven by these assets. In order to analyse something, it is necessary to have a clear picture of what this something is. Understanding the structure and behaviour of the target of analysis is therefore important. However, understanding and modelling the target is only one aspect the modelling in a risk analysis; modelling what can go wrong is even more important. In fact, this is what risk analysis is all about. We then talk about risk modelling and model-driven risk analysis.

In this tutorial we present CORAS, which is an asset-driven, defensive approach to risk analysis. For risk analysis in practice, there is a need for well-defined methods, techniques and practical guidelines for how to do this. This is exactly what CORAS provides. The CORAS approach is a self-contained risk analysis methodology and the first to be truly model-driven in the sense that modelling is an integrated part in every part of the process. This means that target models and threat and risk models are applied in all phases of the risk analysis for visualization, communication and documentation of risk information, and are the main driver of the risk analysis process. The methodology is described in detail in the book Model-Driven Risk Analysis: The CORAS Approach, and has been validated through application in a large number of full-scale industrial analyses.

The CORAS approach consists of three main components: 1) The CORAS language, which is a language tailor-made for modelling risk in a precise and rigorous, yet intuitive and easily understandable manner. 2) The CORAS method, which provides detailed guidelines for how to conduct the various stages of a risk analysis in practice. 3) The CORAS tool, which is a modelling tool for editing models in the CORAS language. In addition to presenting the basics of risk analysis and the CORAS approach, we also give a presentation of more advanced use of risk models expressed in the CORAS language.



• Give the audience an introduction to the basics of risk analysis.

• Introduce the audience to model-driven risk analysis.

• Provide the audience with an overview of the CORAS method.

• Provide the audience with an understanding of risk modelling through basic and advanced use of the CORAS language.


Intended audience:

The intended audience is anyone with an interest in software engineering, security and risk management. The tutorial should be suitable both for persons new to risk analysis, as well as people familiar with risk analysis that are interested in the model-driven approach. No prior knowledge is required, but a general knowledge of software engineering and some interest in information security are recommended.


Outline of tutorial:

1st hour:

• Introduction to risk analysis

o Central concepts

o Relation to risk management

o The ISO 31000 risk management standard


• Introduction to the CORAS approach

o What is model-driven risk analysis?

o The CORAS risk modelling language

o The use of modelling in risk analysis in practice


2nd hour:

• Example-driven walk-though of the CORAS method

o Establishing the context

o Risk identification using threat diagrams

o Risk estimation using threat diagrams

o Risk evaluation using risk diagram

o Risk treatment using treatment diagrams


3rd hour:

• Advanced use of risk models o Changing and evolving target of analysis

o Modelling and analysing changing and evolving risks


Short biography of presenter:

Bjørnar Solhaug is employed as a research scientist at SINTEF ICT. He received his PhD in information science from the University of Bergen in 2009. His research interests include methods and languages for the modelling and analysis of systems with respect to security, risk and trust. He is one of the designers of the CORAS approach and has strong background in risk analysis.


Gyrd Brændeland, Atle Refsdal, Ketil Stølen. Modular analysis and modelling of risk scenarios with dependencies. Journal of Systems and Software, 83: 1995-2013, Elsevier, 2010.

Mass Soldal Lund, Bjørnar Solhaug, Ketil Stølen. Evolution in relation to risk and trust management. Computer, 43(5):49-55, IEEE Computer Society, May 2010.

Mass Soldal Lund, Bjørnar Solhaug, Ketil Stølen. Model-driven risk analysis. The CORAS approach. Springer, 2011.

Atle Refsdal, Ketil Stølen. Employing key indicators to provide a dynamic risk picture with a notion of confidence. Trust Management III. Third IFIP WG 11.11 International Conference (IFIPTM 2009), pages 215-233, Springer, 2009.


Title: Security and Privacy aspects of Smartphones and Tablets

Amiya Bhattacharya

Assistant Research Professor
School of Computing, Informatics and Decision Systems Engineering
Arizona State University
Tempe, AZ 85287-8809

The past few years have seen an unprecedented market penetration of smartphones and similar class of mobile devices such as tablets (pads) and portable media players. Their computing and networking capabilities parallel that of traditional PCs only a few years older. In addition, they are equipped with a suite of sensors (such as GPS, light, acoustic, acceleration, proximity) and carry a lot more private information about the user. While some of these devices have Internet connectivity only in Wi-Fi hotspots, the vast majority avail ubiquitous connectivity through carrier supported 3G/4G data services. As a result, they are fast becoming the prime target for malware developers.

This tutorial is intended for students, academics and industry professionals, who are either interested in research in mobile computing platform security, aspiring to be mobile app developer, or simply worried about the safety of integrating the latest mobile gadget into own personal lifestyle. The only prerequisite is knowledge of fundamentals of programming, operating systems and IP networks.

In the tutorial, we will take a look at the nature of attacks on smartphones and range of malware as identified by the research community. With a focus on the Android platform and a comparative look at others, we will try to understand the security architectures of this class of mobile devices and explore how vulnerabilities are abused. Finally we will discuss a range of solutions including antivirus, app market control, carrier imposed enforcements, application sandboxing, and cloudsourcing. 

Biographical Sketch:
Amiya Bhattacharya is an Assistant Research Professor in the School of Computing, Informatics, and Decision Systems Engineering at Arizona State University. Prior to joining ASU, he was an Assistant Professor in the Department of Computer Science at New Mexico State University. He received his Ph.D. from The University of Texas at Arlington in 2002, where he was a recipient of the Texas Telecommunication Engineering Consortium Fellowship and the 2002 Outstanding Doctoral Research Award. He received his B.Tech. and M.Tech. from Indian Institute of Technology–Kharagpur in 1987 and 1989 respectively, and his M.S. from University of California–San Diego in 1991, and all in Computer Science and Engineering. His research interests spans several aspects in the area of mobile and pervasive computing, including systems and network security, wireless infrastructure and ad-hoc networks, embedded networked sensing, and cyber-physical systems.


Title: Research Methodology in Cryptography and Information Security

Sourav Sen Gupta
Researcher, Centre of Excellence in Cryptology
Indian Staistical Institute, Kolkata – 700 108, India

According to Wikipedia, “Research can be defined as the search for knowledge, or as any systematic investigation, with an open mind, to establish novel facts, usually using a scientific method.” Research in cryptography and information security, thriving over the last few decades in India and abroad, has not been an exception either. With the increasing number of conferences and workshops on cryptology and information security held each year, and in view of the large volume of research papers submitted and reviewed in the process, familiarity with the scientific methodologies of research has become imperative for anyone who wants to contribute towards these two fields.

This tutorial is targeted towards students, professionals, teachers and researchers who are either already in an early stage of their research career, or look forward to become active members of the community in cryptography and information security.

In this tutorial, we will take a look at an aggregated opinion about research and the associated scientific methodologies from a number of active members in the community. The format of the tutorial will be more biased towards a healthy debate and discussion, where the speaker and the audience can freely interact about various issues that a budding researcher faces in cryptography and information security. The discussion will cover topics like motivation, problem-finding, solving techniques, scientific writing of a paper or a research article, submission procedure and ethics, reviewing a paper, collaborative work, and finally, presentation of a paper or a poster.

Biographical Sketch:
Sourav Sen Gupta is a Researcher at the Centre of Excellence in Cryptology, ISI Kolkata, working towards his PhD with Prof. Subhamoy Maitra. He received his M.Math. degree from Dept. of Pure Mathematics, University of Waterloo, Canada in 2008, and spent a year as a Doctoral Candidate at the Dept. of Mathematics, University of Washington, Seattle, USA with Prof. Neal Koblitz before joining Indian Statistical Institute, Kolkata in 2009. He received his B.E.Tel.E. (Hons.) degree in Electronics and Telecommunication Engineering from Jadavpur University, Kolkata, India in 2006. As a PhD student at the Cryptology Research Group of Indian Statistical Institute, he has worked on a number of projects ranging from public-key cryptanalysis, symmetric key analysis and construction, and hardware implementation of stream ciphers. In 2011, he has spent a summer at RWTH Aachen, learning high-level hardware synthesis and applying it towards high performance cryptographic designs. Sourav has received many fellowships and awards during his academic career, has presented research papers at international cryptology conferences like FSE, Indocrypt, Africacrypt and IWSEC, and has delivered invited talks and tutorials at national level workshops.

Title: Hardware Trojans: Challenges and Emerging Solutions

Dr. Rajat Subhra Chakraborty
Assistant Professor
Dept. of Computer Science and Engineering
Indian Institute of Technology Kharagpur
Kharagpur, India – 721302

Economic reasons dictate the widespread participation of external agents in modern design and manufacture of integrated circuits (ICs), which decreases the control that the IC design houses used to traditionally have over their own designs. In this scenario, malicious, hard-to-detect circuit modifications made during the design or manufacturing steps, commonly known as “Hardware Trojans”, have emerged as a major security concern. This issue raises the question of ensuring Trust in an integrated circuit, and whether the entire design and manufacturing flow can be certified to be secure. A satisfactory answer to this question is of paramount importance in gaining trust about the result of the information processing carried out by the systems of which the ICs are a part. In this tutorial, we would explore this unique challenge and solution for them in the domain of hardware security. We would study pertinent threats and their models, and would explore solutions to them from different perspectives such as circuit design, CAD, circuit testing, etc. This tutorial would bring forward the imminent need to develop and deploy a “Design for Security” methodology that considers security as a fundamental metric for ICs, besides traditional metrics such as power, area and performance.

(in alphabetical order) Design for security, hardware obfuscation, hardware Trojans, logic testing, side-channel analysis for Trojan detection.

Targeted audience:
This tutorial is targeted towards participants from both industry and academia who are interested in diverse aspects of hardware security. Participants working in the Defense or related industry would find this tutorial particularly helpful.

The pre-requisite for this tutorial is a general interest in topics related to security in the domains of Electronics and Computer Science. Familiarity with prevalent practices of ASIC/FPGA design flow will be a bonus. Any mathematical background required to understand some of the topics would be developed during the lectures.

 Detailed Tutorial Program

A design can be tampered in an untrusted fabrication facility by the insertion of malicious circuitry that triggers a malfunction under very rare conditions. Such malicious circuitry, referred to as a Hardware Trojan, can activate in-field, post-deployment, and affect normal circuit operation, potentially with catastrophic consequences in critical application areas and public infrastructure. Such malicious circuitry can also be inserted by CAD automation tools obtained from untrusted third party vendors. Several unexplained military mishaps around the world in recent years are suspected to be the result of undetected hardware Trojans in the electronic systems. In this tutorial, we would explore the operating models and models of hardware Trojans, and detection/prevention techniques for them. The following are the main sub-topics:

Threats from hardware Trojans:
Practical instances, motivations for studying them [1, 4, 5, 18, 22].

Hardware Trojan models:
Hardware Trojan nomenclature based on structure and operational modes [4, 6, 18, 22, 23].

Trojan detection and prevention techniques:
Large variation in the sizes and operating modes of hardware Trojans makes it difficult to design a “golden bullet” technique that can be useful in detecting all types of hardware Trojans. The two main classes of detection techniques that have been proposed depend either on side-channel testing or logic testing. As will be shown, these two classes of test techniques are complementary to each other. While the side-channel testing based techniques are more suitable for detecting relatively larger Trojans of arbitrary functional complexity, the logic testing based Trojan detection techniques are more suitable for detecting ultra-small Trojans of relatively simple functionality. Design techniques based on obfuscation have also been proposed to make Trojan insertion difficult or to make their detection easier. The main idea is to use obfuscation to prevent an adversary from detecting the true rare logic values at the internal nodes of the circuit. If the adversary is unable to do so, it can be shown an inserted Trojan either becomes benign or becomes more easily detectable. Other design techniques use special inserted circuitry or special bus structures to resist inserted Trojans [2-3, 7-8, 9-17, 19-21].

List of Tutorial Material (to be provided to attendees):
Handouts of presentations.

1. DARPA, “TRUST in Integrated Circuits (TIC) - Proposer Information Pamphlet.”, 2007.
2. D. Du, S. Narasimhan, R. S. Chakraborty and S. Bhunia, “Self-referencing: a scalable side-channel approach for hardware Trojan detection,” Proceedings of the Workshop on Cryptographic Hardware and Embedded Systems (CHES), 2010.
3. S. Narasimhan, R. S. Chakraborty, D. Du, S. Paul, F. Wolff, C. Papachristou and S. Bhunia, “Multiple-parameter side-channel analysis: a non-invasive hardware Trojan detection approach,” Proceedings of the International Workshop on Hardware-oriented Security and Trust (HOST), 2010.
4. R. S. Chakraborty, S. Narasimhan and S. Bhunia, “Hardware Trojan: threats and emerging solutions (invited paper),” Proceedings of the International High Level Design Validation and Test Workshop (HLDVT), pp. 166–171, 2009.
5. S. Adee, “The hunt for the kill switch,” IEEE Spectrum, vol. 45, pp. 34–39, May 2008.
6. L. Lin, W. Burleson, and C. Parr, “MOLES: Malicious off-chip leakage enabled by side-channels,” Proceedings of the International Conference on CAD (ICCAD), pp. 117–122, 2009.
7. R. S. Chakraborty and S. Bhunia, “Security against hardware Trojan through a novel application of design obfuscation,” Proceedings of the International Conference on CAD (ICCAD), pp. 113–116, 2009.
8. R. S. Chakraborty, F. Wolff, S. Paul, C. Papachristou and S. Bhunia, “MERO: a statistical approach for hardware Trojan detection using logic testing,” Proceedings of the Workshop on Cryptographic Hardware and Embedded Systems (CHES), pp. 396–410, Sept. 2009.
9. Pomeranz and S. M. Reddy, “A measure of quality for n-detection test sets,” IEEE Transactions on Computers, vol. 53, no. 11, pp. 1497–1503, 2004.
10. R. S. Chakraborty, S. Paul and S. Bhunia, “On-demand transparency for improving hardware Trojan detectability,” Proceedings of the International Workshop on Hardware-oriented Security and Trust (HOST), pp. 48–50, 2008.
11. F. Wolff, C. Papachristou, S. Bhunia, and R. S. Chakraborty, “Towards Trojan-free trusted ICs: problem analysis and detection scheme,” Proceedings of the Conference on Design, Automation and Test in Europe (DATE), pp. 1362–1365, 2008.
12. D. Agrawal, S. Baktir, D. Karakoyunlu, P. Rohatgi, and B. Sunar, “Trojan detection using IC fingerprinting,” Proceedings of the Symposium on Security and Privacy (SP), pp. 296–310, 2007.
13. R. M. Rad, X. Wang, M. Tehranipoor, and J. Plusquellic, “Power supply signal calibration techniques for improving detection resolution to hardware Trojans,” Proceedings of the International Conference on CAD (ICCAD), pp. 632–639, 2008.14. M. Banga and M. S. Hsiao, “A region based approach for the identification of hardware Trojans,” Proceedings of the International Workshop on Hardware-oriented Security and Trust (HOST), pp. 40–47, 2008.
15. Y. Jin and Y. Makris, “Hardware Trojan detection using path delay fingerprint,” Proceedings of the International Workshop on Hardware-oriented Security and Trust (HOST), pp. 51–57, 2008.
16. L.-W. Kim, J. D. Villasenor, and C. K. Koc, “A Trojan-resistant system-on-chip bus architecture,” Proceedings of Military Communications Conference (MILCOM), pp. 1-6, 2009.
17. S. Narasimhan, X. Wang, D. Du, R. S. Chakraborty and S. Bhunia, “Hardware Trojan Detection Using Temporal Self-Referencing”, International Symposium on Hardware-oriented Security and Trust (HOST) 2011 (to appear).
18. M. Tehranipoor and F. Koushanfar, “A Survey of Hardware Trojan Taxonomy and Detection”, IEEE Design and test of Computers, vol. 27, no. 1, pp. 10-25, Jan.-Feb. 2010.
19. J. Aarestad, D. Acharyya, R. Rad and J. Plusquellic, “Detecting Trojans through leakage current analysis using multiple supply pad IDDQs”, IEEE Transactions on Information Forensics and Security, vol. 5, no. 4, pp. 893-904, Dec. 2010.
20. F. Koushanfar and A Mirhoseini, “A unified framework for multimodal submodular integrated circuits Trojan detection”, IEEE Transactions on Information Forensics and Security, vol. 6, no. 1, pp. 162-174, Mar. 2011.
21. R. Rad, J. Plusquellic and M. Tehranipoor, “A sensitivity analysis of power signal methods for detecting hardware Trojans under real process and environmental conditions”, IEEE Transactions on VLSI, vol. 18, no. 12, pp. 1735—1744, Dec. 2010.
22. R. Karri, J. Rajendran, K. Rosenfeld and M. Tehranipoor, “Trustworthy hardware: identifying and classifying hardware Trojans”, Computer, vol. 43, no. 10, pp. 39--46, Oct. 2010.
23. Sk. S. Ali, R. S. Chakraborty, D. Mukhopadhyay and S. Bhunia, "Multi-level Attack: an Emerging Threat Model for Cryptographic Hardware", Proceedings of DATE 2011, Grenoble, France.

Biographical Sketch:
Dr. Rajat Subhra Chakraborty is an Assistant Professor in the Computer Science and Engineering Department of IIT Kharagpur. He received his Ph.D. degree in Computer Engineering from Case Western Reserve University (Cleveland, Ohio, USA) in 2010 and a B.E. (Hons.) degree in Electronics and Telecommunication Engineering from Jadavpur University in 2005. From 2005-2006, he worked as a CAD Software Engineer at National Semiconductor in Bangalore, and in Fall 2007, he was a co-op at Advanced Micro Devices (AMD) in Sunnyvale, California. As a graduate student, he has received multiple student awards from IEEE and ACM, and an annual award for academic excellence from
Case Western Reserve University in 2009. Part of his Ph.D. research work has been the subject of a U.S. patent filed by Case Western Reserve University in 2009. His research interest includes hardware security, including design methodology for hardware IP/IC protection, hardware Trojan detection/prevention through design and testing, attacks on hardware implementation of cryptographic algorithms, and reversible watermarking for digital content protection. He has close to 25 publications in international journals and conferences of repute, (including IEEE TCAD, IEEE TCAS-I, ACM TETCS, IET CDT, ICCAD, DATE, CHES, VTS, VLSID, ISQED, HOST etc.), and has presented his research work at many of these conferences. He has delivered a tutorials on Hardware Security at the IEEE VLSI Design Conference (VLSID), Chennai, India, 2011, and IEEE International Workshop on Information Forensics and Security (WIFS), Foz do Iguacu, Brazil, 2011 (forthcoming). He has acted as a reviewer for multiple international conferences and journals. He is the co-author of one book on hardware security (forthcoming).



SRISP © All Rights Reserved