International Workshop on Cloud Technologies and
Trust Domains (CTTD 2013)
co-located with CloudCom 2013
5 December 2013, Bristol, United Kingdom

Trust Domains are an emergent concept for the design, deployment and assessment of collaborative IT systems. It acknowledges that trust is indispensable for collaborative human action and efficient cooperation. Domains of interactions enabled by trust can be found within organisations, between organisations, and between individuals spanning organisational borders, and they may evolve alongside or orthogonal to defined organisational processes and structures. A methodical approach for describing and designing collaborative information systems must therefore go beyond classical attributes of functional composition, reliability, and security. It must be complemented with aspects such as incentive structures, mutual expectations, reliance, and assurance. These are determinants for the level of trust between participating entities and trust in the underlying technical technical infrastructure.

Co-located with CloudCom 2013, CTTD provides a forum for discussion between Trust Domain proponents and Cloud experts. It will therefore be a unique opportunity for exploring the application of Cloud technologies in the cutting-edge area of Trust Domains, as well as propagating Trust Domains concepts in secure Cloud systems.

Topics of interest include, but are not limited to:

Program

08:30-09:00Welcome Session
09:00-09:30Liqun Chen, Qin Li, Keith Martin and Siaw-Lynn Ng. A Privacy-aware Announcement Scheme Enabling Message Reliability Evaluation in VANETs
09:30-10:00Barry Taylor. Compositional Security Architectures for Establishing and Undermining Trust Domains
10:00-10:30Coffee Break
10:30-11:30Martin Gill. The importance of Trust as a key security measure in managing the insider threat (Invited talk)
11:30-12:00Jiangshan Yu, Vincent Cheval and Mark Ryan. DTKI: Distributed Transparent Key Infrastructure
12:00-13:00Lunch Break
13:00-14:00Robert Clark. The Elephant in the Room: Hypervisor Breakouts (Invited Talk)
14:00-14:30Mark Ryan. Enhanced certificate transparency and ene-to-end encrypted email
14:30-15:00Lee Gillam, Simon Broome and Debbie Garside. On Supply Chains, Deperimeterization, and the IPCRESS solution
15:15-15:30Coffee Break
15:30-16:00Closing Session

Invited Talks

Prof. Martin Gill: The importance of Trust as a key security measure in managing the insider threat

In this presentation Martin Gill will draw on his work interviewing fraudsters in prison, outlining their motivations and approach. He will then talk about the role of trust as a specific security measure. Drawing on empirical work with companies he will outline the conditions necessary to generating trust in a security context. He will focus on the use of process, people and technology, and include organisational factors, to evaluate influences that undermine the presence of trust, and the effectiveness of it in information sharing. In discussing the findings, he will highlight two potential characteristics of trust. The first is that generating trust should be recognised as a security mechanism in its own right, and second, that trust is a facilitator of other mechanisms including the effective development of processes, deployment of people, engagement with technology and mediated by the priority given to trust within organisational settings.

Biography

Professor Martin Gill is a criminologist and Director of Perpetuity Research which started life as a spin out company from the University of Leicester. The company specialises in the areas of security management, risk management, crime and crime prevention and has a specialist expertise in business and financial crime. Martin has published work on crime, fraud, security and policing including over 100 journal and magazines articles and 13 books including the Handbook of Security (and he is currently preparing the second edition). Martin has conducted research into different aspects of financial crime. For example he led a study on the illicit market for fast moving consumer goods (FMCG) looking at how goods ‘disappear’ from the legitimate supply chain from the point of manufacture to the point of sale. Other topics covered include, victims’ perspectives on identity fraud; fraudsters’ reflections on their offending; staff dismissed from the retail sector for dishonesty; the value fraud prevention adds to business; the decisions and resources used by offenders to get around fraud strategies; fraudsters and fraud manager’s views of fraud and the recession; the ways in which companies protect their brands and he has conducted a survey of fraud and bribery in the Middle East. Professor Gill is a Fellow of The Security Institute, a member of the Company of Security Professionals (and therefore a Freeman of the City of London), Chair of the ASIS Research Council. In 2002 the ASIS Security Foundation made a ‘citation for distinguished service’ in ‘recognition of his significant contribution to the security profession’. In 2010 he was recognised by the BSIA with a special award for ‘outstanding service to the security sector’. In 2013 IFSEC placed him in the top 40 most influential fire and security experts in the world.

Robert Clark: The Elephant in the Room: Hypervisor Breakouts

Often ignored or hidden away in risk registers the consequences of hypervisor breakouts are incredibly high. In this presentation I describe potential exploitation vectors in common virtualization stacks before diving into hands on, practical guidance for securing your hypervisor and addressing breakout vulnerabilities when they occur.

Biography

Robert Clark is the Lead Security Architect for HP Cloud Services and co-founder of the OpenStack Security Group (OSSG). Prior to being recruited by HP, he worked in the UK Intelligence Community. Robert has a strong background in threat modeling, security architecture and virtualization technology. Robert has a master's degree in Software Engineering from the University of Wales.

Important Dates

The full call for papers is available here: CTTD call for papers.

Organisers

Program Committee

Contact: philipp.reinecke@hp.com