20th Annual IFIP WG 11.3 Working Conference on

Data and Applications Security

SAP Labs, Sophia Antipolis, France
July 31-August 2, 2006




- News
IFIP WG 11.3
- IFIP TC 11


- Call for Papers
- Important Dates
- Manuscript Instructions
Paper Submission


Accepted Papers
Camera-ready Submission
Final Program


Conference Officers
Program Committees


Participants Info
About Sophia Antipolis
Travel Guidelines





20th Annual IFIP WG 11.3 Working Conference on Data and Applications Security
SAP Labs, Sophia Antipolis, France, July 31-August 2, 2006

 Sunday 30th July:

Arrival at hotel and dinner 

 Monday 31st July:
8:30 Bus to SAP

9:00 Registration

9:30 - 10:30 Welcome and Keynote

Keynote Speech: Security in Enterprise Resource Planning Systems and Service Oriented Architectures.
Volkmar Lotz (Bio ), Security & Trust Research Program Manager at SAP Research

Volkmar Lotz has received his diploma in Computer Science from the University of Kaiserslautern in 1988. Since November 2004, he is the Research Program Manager for Security and Trust at SAP Research. His responsibilities include managing and roadmapping SAP's security research as well as aligning security research to SAP's business needs. From 1989 to 2004, he was affiliated with Siemens Corporate Technology, first in the Software Engineering Department, then, since 1994, in the Security Department. From 1999 to 2004, he was heading the Formal Methods in Security Analysis group, emphasizing on security requirements engineering, evaluation and certification, cryptographic protocol verification, and mobile code security. He has been the main contributor to the LKW model, a formal security model for smartcard processors, which allowed for the Infineon SLE66 processor to be the first smartcard hardware being certified according to ITSEC E4 and Common Criteria EAL5. He was responsible for system architecture and security work packages in the MAP (Multimedia Workplace of the Future) lead project funded by the German Ministry of Economics and Labour and focusing on context-aware mobile systems, legally binding mobile agent transactions, and authorization and delegation in mobile code systems. Volkmar Lotz has published numerous scientific papers in his area of interest.

11:00 - 12:30  Session 1: Privacy and Secrecy

Enhancing User Privacy through Data Handling Policies
Claudio Ardagna, Sabrina De Capitani di Vimercati, Pierangela Samarati

Efficient Enforcement of Security Policies based on Tracking of Mobile Users
Vijay Atluri, Heechang Shin

Information Theoretical Analysis of Two-Party Secret Computation
Da-Wei Wang, Churn-Jung Liau, Yi-Ting Chiang, Tsan-sheng Hsu

13:00 Lunch at SAP

11:30 - 12:30  Session 2: Vulnerability Analysis

Detection and Resolution of Anomalies in Firewall Policy Rules
Muhammad Abedin, Syeda Nessa, Latifur Khan, Bhavani Thuraisingham

Interactive Analysis of Attack Graphs Using Relational
Lingyu Wang, Chao Yao, Anoop Singhal, Sushil Jajodia

 13:00 Lunch at SAP / End of Conference

15:30 - 17:00  Session 3: Access Control for Coalitions and Business Processes

Consolidating the Access Control of Composite Applications and Workflows
Martin Wimmer, Alfons Kemper, Maarten Rits, Volkmar Lotz

A Distributed Coalition Service Registry for Ad-hoc Dynamic Coalitions: A Service-oriented Approach
Ravi Mukkamala, Vijay Atluri, Janice Warner, Ranjit Abbadasari

From Business Process Choreography to Authorization Policies
Philip Robinson, Florian Kerschbaum1, and Andreas Schaad

17:00 - 18:00 IFIP WG 11.3 Business Meeting

17:00 - 18:00 bus back to Hotel

18:30 bus leaves hotel for Antibes / Juan Les Pins

2hrs free time

20:30 dinner at Juan Les Pins

23:00 bus back to hotel


 Tuesday 1st August

8:30 Bus to SAP

9:30 - 11:00  Session 4: Flexible Access Control

Creating Objects in the Flexible Authorization Framework
Nicola Zannone, Sushil Jajodia, Duminda Wijesekera

A Framework for Flexible Access Control in Digital Library Systems
Indrajit Ray, Sudip Chakraborty

Authrule: A Generic Rule-Based Authorization Module
Sonke Busch, Bjorn Muschall, Gunther Pernul, Torsten Priebe

11:30 - 13:00  Session 5: Authentication, Integrity, and Inference Control

Aggregation Queries in the Database-As-a-Service Model
Einar Mykletun, Gene Tsudik

XML Streams Watermarking
Julien Lafaye, David Gross-Amblard

On Finding an Inference-Proof Complete Database for Controlled Query Evaluation 
Joachim Biskup, Lena Wiese

13:00 Lunch at SAP

14:30 - 16:00 Session 6: Role-based Access Control

Resolving Information Flow Conflicts in RBAC Systems
Noa Tuval, Ehud gudes

Discretionary and Mandatory Controls for Role-Based Administration
Jason Crampton

Term Rewriting for Access Control
Steve Barker, Maribel Fernandez

17:00 Direct departure to Vence

19:00 Secret activity at Vence

21:00 Dinner at a secret place

23:00 Bus back to hotel

 Wednesday 2nd August

8:30 Bus to SAP

9:30 - 11:00  Session 7: Identity Management and Applications Security

Notarized Federated Identity Management for Web Services
Michael Goodrich, Roberto Tamassia, Danfeng Yao

Policy Transformations for Preventing Leakage of Sensitive Information in Email Systems
Saket Kaushik, William Winsborough, Duminda Wijesekera, Paul Ammann

Aspect-Oriented Risk Driven Development of Secure Applications
Geri Georg, Siv Hilde Houmb, and Indrakshi Ray

14:00 -- 15:00  Session 8: Secure Query Rewriting and Execution

Authenticating Multi-Dimensional Query Results in Data Publishing
Weiwei Cheng, HweeHwa Pang, Kian-Lee Tan

Policy Classes and Query Rewriting Algorithm for XML Security Views
Nataliya Rassadko, Gabriel Kuper, Fabio Massacci