Prof. Javier LOPEZ – University of Malaga, SpainProf. Javier Lopez is Full Professor in the Computer Science Department at University of Malaga, and Head of NICS (Network, Information and Security) Laboratory. His activities are mainly focused on networks and protocols security, secure services, and critical information infrastructures protection, leading a number of international and national research projects in those areas, including projects in FP5, FP6 and FP7 Framework Programmes. Prof. Lopez is the Co-Editor in Chief of International Journal of Information Security (IJIS) and Spanish representative in the IFIP Technical Committee 11 on Security and Protection in Information Systems. He is Chair of the ERCIM Working Group on Security and Trust Management, and member of the Editorial Boards of different journals, amongst others, Computers & Security, Wireless Communications and Mobile Computing, Computer Communications, Journal of Network and Computer Applications, and International Journal of Communication Systems and International Journal of Critical Infrastructure Protection. Prof Lopez also is member of the Technical Committee on Security and Privacy in Complex Information Systems of IEEE Systems Council.
Toward certifiably secure services
Prof. Ernesto DAMIANI – Università degli Studi di Milano, Italy
The advent of the cloud is reviving the interest for large-scale open service ecosystems, where business processes are built and executed by dynamically selecting and recruiting services provided by third parties. However, such scenarios still pose problems in a number of areas, including security and performance control.
This talk discusses how recent advances in Web service security, Web service testing, and formal methods can be combined to provide certified composite services and processes. The talk deals with the following areas:
- Testing and Formal methods for certified WS security With classic WS security standards and patterns as building blocks, we discuss develop assurance mechanisms supporting the certification of basic security properties for individual Web services and for service containers. Such assurance mechanisms can be based on (model-based) security testing and on formal methods.
- Run-time selection of secure services.
By replacing the traditional red line between the caller – e.g., a BPEL engine – and the callee with a mechanism capable of checking customized assurance policies, we show how to support different isolation and protection mechanisms. We will also discuss how to select accountability and recovery mechanisms at run-time.
- Models and techniques for building end-to-end certified processes.
Generally speaking, security properties of individual services cannot be used to infer security properties of a composition they partake. However, such inference can sometimes be drawn when the composition topology is known a priori (e.g., it is a simple orchestration). We will discuss a set of domain-specific cases involving different components at different abstraction layers (ranging from secure file system, to financial information control), where it is possible to link everything together and use certified services to build end-to-end certified processes.
Ernesto Damiani is currently a professor at the Università degli Studi di Milano and the director of the Università degli Studi di Milano’s PhD program in computer science. He has held visiting positions at a number of international institutions, including George Mason University in Virginia, aTrobe University in Melbourne, Australia, University of Technology in Sydney, Australia and the Institut National des Sciences Appliquées (INSA) at Lyon, France.
Prof. Damiani leads the Software Engineering and Software Architectures Research(SESAR) lab that was established in 2003 at the Dipartimento di Tecnologie dell’Informazione of the Università degli Studi di Milano.
Prof. Damiani has done extensive research on advanced network infrastructure and distributed systems and protocols, taking part in the design and deployment of secure high-performance networking environments, both as chief scientist and in management positions. His areas of interest include business process representation, Web services security, processing of semi and unstructured information (e.g., XML), and semantics-aware content engineering for multimedia. Also, he is interested in models and platforms supporting open source development. He is the chair of the IEEE Conference on Digital Ecosystems (IEEE-DEST), the IFIP Working Conference on Open Source Systems, and the IFIP 2.6 WG on Data Semantics. He is an Associate Editor of the IEEE Transaction on Service Oriented Computing, Area Editor of the Journal of System Architecture and a member of various editorial boards. He has published several books and about 200 papers and international patents. His work has appeared, among others, in the IEEE Transactions on Knowledge and Data Engineering, the ACM Transactions on Information and System Security, and IEEE Transactions on Fuzzy Systems, as well as in the ACM Transactions on Information Systems and the ACM Transactions on Software Engineering and Methodology. He has served and is serving in all capacities on many congress, conference, and workshop committees. Prof. Damiani is a senior member of the IEEE. In 2008 he was nominated ACM Distinguished Scientist and he received the Chester Hall Award for the best paper published in the IEEE Transaction on Consumer Electronics. His current home page is at http://www.dti.unimi.it/~damiani.