Eleventh International Conference on Information Systems Security
(ICISS 2015)
16-20 December 2015, Jadavpur University, Kolkata, India









Proceedings being published as LNCS 9478



















































Professor, Department of Computer Science of the Universita' degli Studi di Milano, Crema - Italy

Data Security and Privacy in the Cloud

The rapid advancements in Information and Communication Technologies (ICTs) have enabled the emerging of the “cloud” as a successful paradigm for conveniently storing, accessing, processing, and sharing information. With its significant benefits of scalability and elasticity, the cloud paradigm has appealed companies and users, which are more and more resorting to the multitude of available providers for storing and processing data. Unfortunately, such a convenience comes at a price of loss of control over these data and consequent new security threats that can limit the potential widespread adoption and acceptance of the cloud computing paradigm. In this talk I will illustrate some security and privacy issues arising in the cloud scenario, focusing in particular on the problem of guaranteeing confidentiality and integrity of data stored or processed by external cloud providers.

Pierangela Samarati is a Professor at the Department of Computer Science of the Universita' degli Studi di Milano. Her main research interests are access control policies, models and systems, data security and privacy, information system security, and information protection in general. She has participated in several projects involving different aspects of information protection. On these topics she has published more than 240 peer-reviewed articles in international journals, conference proceedings, and book chapters. She is the Coordinator of the ESCUDO-CLOUD European project (H2020). She has been Computer Scientist in the Computer Science Laboratory at SRI, CA (USA). She has been a visiting researcher at the Computer Science Department of Stanford University, CA (USA), and at the Center for Secure Information Systems of George Mason University, VA (USA).

She is the chair of the IEEE Systems Council Technical Committee on Security and Privacy in Complex Information Systems (TCSPCIS), of the Steering Committees of the European Symposium on Research in Computer Security (ESORICS), and of the ACM Workshop on Privacy in the Electronic Society (WPES). She is member of several steering committees. She is ACM Distinguished Scientist (named 2009) and IEEE Fellow (named 2012). She has been awarded the IFIP TC11 Kristian Beckman award (2008) and the IFIP WG 11.3 Outstanding Research Contributions Award (2012).

More information at: http://www.di.unimi.it/samarati

Professor of Department of Industrial Engineering and Management, Information and Production - DIGIP, University of Bergamo

Extending Mandatory Access Control Policies in Android

Solutions like SELinux have recently regenerated interest toward Mandatory Access Control (MAC) models. The role of MAC models can be expected to increase in modern systems, which are exposed to significant threats and manage high-value resources, due to the stronger protection they are able to offer. Android is a significant representative of these novel systems and the integration of MAC models is an important recent development in its security architecture.

Opportunities indeed exist to further enrich the support offered by MAC models, increasing their flexibility and integrating them with other components of the system. We discuss a number of proposals that have recently been made in this domain.

First, we illustrate the integration of SELinux and SQLite, named {\em SeSQLite}, which permits to apply MAC permissions at a fine granularity into relational databases, offering both a schema-level and row-level support. Then, {\em AppPolicyModules} are presented, which let app developers specify extensions to the system-level policy that protect the resources of each specific app. Finally, an integration between SELinux and the interprocess communication services is proposed, to further regulate the cooperation among separate apps and services. All these enhancements lead to a stronger and more detailed support of the complex security requirements that characterize modern environments.

Stefano Paraboschi was born in 1965 in Milan. He got his degree in Electrical Engineering (Computer Science) in 1990 and the title of Doctor of Philosophy in Computer Engineering and Automatics in 1994 at the Politecnico di Milano. He was a researcher (March 1996-October 1998) and then associate professor (November 1998-October 2002) at the Department of Electronics and Information of the Politecnico di Milano. Since November 2002 he is professor at the Faculty of Engineering, University of Bergamo, where she coordinates the graduate program in Computer Engineering. He is vice-director of the Department of Information Engineering and Mathematical Methods from its foundation. The research interests of Stephen Paraboschi have turned to various areas of computer science. At first, the work has focused on the area of research databases and information systems (specifically, of active rules, management views, data warehouse, workflow management systems), the focus then shifted to the Web technologies (data-intensive Web sites, XML technologies), and then move towards the issues of information security (security for databases, access control for XML and Web services, reputation management in P2P networks, outsourcing data , privacy).

Professor of Università degli Studi di Milano, Italy

Biometric Technologies and Systems for Automated Border Control Gates

Automation of border control gates, as well as easy identification in a variety of daily-life applications (ranging, e.g., from home banking to e-commerce and e-government), requires a high degree of confidence in the identification. Modern solutions are based on biometric technologies to ensure standard quality in operation, by mimicking the usual activities performed by humans in identifying individuals. Biometric technologies allow in fact for efficiently analyzing human traits (e.g., face, fingerprint, iris, palm) for identity management. This talk will analyze the opportunities offered by biometric technologies and their use for identity verification and recognition in automated border control systems and also in many other critical applications. The characteristics of these technologies as well as their implications on the overall system will be considered. Attention will be also given to a comprehensive system design methodology to takeinto account all application requirements, including the need for privacy protection.

Vincenzo PIURI has received his Ph.D. in computer engineering at Politecnico di Milano, Italy (1989). He has been Associate Professor at Politecnico di Milano, Italy and Visiting Professor at the University of Texas at Austin and at George Mason University, USA. He is Full Professor in computer engineering at the Università degli Studi di Milano, Italy (since 2000).
His main research interests are: signal and image processing, machine learning, pattern analysis and recognition, biometrics, theory and industrial applications of neural networks, intelligent measurement systems, industrial applications, fault tolerance, digital processing architectures, embedded systems, and arithmetic architectures. Original results have been published in more than 350 papers in international journals, proceedings of international conferences, books, and book chapters.
He is Fellow of the IEEE, Distinguished Scientist of ACM, and Senior Member of INNS. He is IEEE Vice President for Technical Activities (2015) and Editor-in-Chief of the IEEE Systems Journal (2013-15).

Associate Professor of Rutgers University New Brunswick

Reflections on the Self-service Cloud Computing Project

Modern cloud computing infrastructures use virtual machine monitors (VMMs) that often include a large and complex administrative domain with privileges to inspect client VM state. Attacks against or misuse of the administrative domain can compromise client security and privacy. Moreover, these VMMs provide clients inflexible control over their own VMs, as a result of which clients have to rely on the cloud provider to deploy useful services, such as VM introspection-based security tools.

This talk will present the self-service cloud computing (SSC) project that addresses these two shortcomings. SSC splits administrative privileges between a system-wide domain and per-client administrative domains. Each client can manage and perform privileged system tasks on its own VMs, thereby providing flexibility. The system-wide administrative domain cannot inspect the code, data or computation of client VMs, thereby ensuring security and privacy. SSC also allows providers and clients to establish mutually trusted services that can check regulatory compliance while respecting client privacy. We have used a prototype implementation of SSC atop the Xen hypervisor to build user domains to perform privileged tasks such as memory introspection, storage intrusion detection, and anomaly detection.

Vinod Ganapathy is currently an Associate Professor of Computer Science at Rutgers University New Brunswick, where he has been on the faculty since 2007. He received a Ph.D. in Computer Science from the University of Wisconsin-Madison in 2007, and a B.Tech. in Computer Science and Engineering from IIT Bombay in 2001. His primary research interests are in computer security and software engineering. He is the recipient of a 2013 Rutgers University Board of Trustees Fellowship for Scholarly Excellence, a 2010 National Science Foundation CAREER Award, and together with his students, two outstanding student paper awards at the Annual Computer Security Applications Conference in 2008 and 2009 for work on kernel rootkit detection and Web browser extension security.


SRISP © All Rights Reserved