Communications in Computer and Information Science 187 Changhoon Lee Jean-Marc Seigneur James J. Park Roland R. Wagner (Eds.) Secure and Trust Computing, Data Management, and Applications STA 2011 Workshops: IWCS 2011 and STAVE 2011 Loutraki, Greece, June 28-30, 2011 Proceedings 1 3 VolumeEditors ChanghoonLee HanshinUniversity,SchoolofComputerEngineering,Suwon,SouthKorea E-mail:[email protected] Jean-MarcSeigneur UniversityofGeneva,CUI,Geneva,Switzerland E-mail:[email protected] JamesJ.Park SeoulNationalUniversityofScienceandTechnology DepartmentofComputerScienceandEngineering,Seoul,SouthKorea E-mail:[email protected] RolandR.Wagner UniversityofLinz,InstituteofFAW,Linz,Austria E-mail:[email protected] ISSN1865-0929 e-ISSN1865-0937 ISBN978-3-642-22364-8 e-ISBN978-3-642-22365-5 DOI10.1007/978-3-642-22365-5 SpringerHeidelbergDordrechtLondonNewYork LibraryofCongressControlNumber:Appliedfor CRSubjectClassification(1998):C.2,H.4,H.3,I.2,K.6.5,D.4.6 ©Springer-VerlagBerlinHeidelberg2011 Thisworkissubjecttocopyright.Allrightsarereserved,whetherthewholeorpartofthematerialis concerned,specificallytherightsoftranslation,reprinting,re-useofillustrations,recitation,broadcasting, reproductiononmicrofilmsorinanyotherway,andstorageindatabanks.Duplicationofthispublication orpartsthereofispermittedonlyundertheprovisionsoftheGermanCopyrightLawofSeptember9,1965, initscurrentversion,andpermissionforusemustalwaysbeobtainedfromSpringer.Violationsareliable toprosecutionundertheGermanCopyrightLaw. Theuseofgeneraldescriptivenames,registerednames,trademarks,etc.inthispublicationdoesnotimply, evenintheabsenceofaspecificstatement,thatsuchnamesareexemptfromtherelevantprotectivelaws andregulationsandthereforefreeforgeneraluse. Typesetting:Camera-readybyauthor,dataconversionbyScientificPublishingServices,Chennai,India Printedonacid-freepaper SpringerispartofSpringerScience+BusinessMedia(www.springer.com) Preface STA 2011 was the eighth in a conference series that provides a forum for re- searchers and practitioners in all areas of security and data management. In conjunctionwithSTA2011,aseriesofworkshopswereheld.Theyweremeantto facilitate the exchange of ideas and experiences between active researchers,and to stimulate discussions on new and emerging topics in line with the conference topics. We see the workshops as a necessary extension of the main conference. STAhasestablisheditselfrapidlyasahigh-qualityconferencewithahighlycom- petitive selectionprocess.The following workshopswere approvedandaccepted for inclusion in the STA 2011 program: – InternationalWorkshoponConvergenceSecurityinPervasiveEnvironments, (IWCS 2011) – InternationalWorkshoponSecurityandTrustforApplicationsinVirtualized Environments, (STAVE 2011) The programof eachof these workshopswas developed by a separate dedicated organizingteam and ProgramCommittee. The organizationof these workshops was made possible by the voluntary dedicated efforts of many individuals. We thank all the workshop organizers, the members of the Program Committees, and the additional reviewers for their excellent service to the community. We thank the authors for submitting papers to these workshops. June 2011 Changhoon Lee Jean-Marc Seigneur James J. (Jong Hyuk) Park Roland R. Wagner International Workshop on Convergence Security in Pervasive Environments (IWCS 2011) Preface On behalf of the Organizing Committees, it is our pleasure to welcome you to the first FTRA International Workshop on Convergence Security in Pervasive Environments (IWCS 2011), which was held in Loutraki, Greece, June 28–30, 2011. A recent emerging issue in information technology is the convergence of dif- ferent kinds of applications. Convergence brings a user-centric environment to provide computing and communication services. In order to realize IT advan- tages,weneedtheintegrationofsecurityanddatamanagementtobesuitablefor pervasive computing environments.However,there are still many problems and majorchallengeswaitingforustosolvesuchasthesecurityrisksinconvergence applications, which could appear when devices interact with different kinds of applications. Therefore, we need to explore convergence security in pervasive environments. IWCS 2011 addressedthe various theories and practical applications of con- vergence security in pervasive environments. It presented important results for improving application services and solving various problems within the scope of IWCS 2011. In addition, we believe it triggered further related research and technology developments that will improve our lives in the future. We sincerely thank all our Chairs and Committees that are listed on the following pages. Without theirhard work, the success of IWCS 2011 would not have been possible.We hope you find the proceedings of IWCS 2011 enjoyable and we would welcome any suggestions for improvement. Jose A. Onieva Charalabos Skianis Conference Organization General Chairs Jose A. Onieva University of Ma´laga, Spain Charalabos Skianis University of the Aegean, Greece Program Chairs Kyusuk Han KAIST, Korea Rodrigo Roman Castro University of Ma´laga, Spain Publicity Co-chairs Christos Xenakis University of Piraeus, Greece Eleni Darra University of Piraeus, Greece Evangelos Rekleitis University of the Aegean, Greece IWCS 2011 Program Committee Alexander De Luca Ludwig-Maximilians-Universita¨t,Germany Anthony H.M. Chung University of Lancaster, UK Antonio Jara University of Murcia, Spain Chan Yeun Yeob Khalifa University of Science Technology and Research, UAE Damien Sauveron XLIM, University of Limoges, France Deok Gyu Lee ETRI, Korea Fabio Martinelli Information Security Group, IIT-CNR, Italy Fernando Ferri InstituteforResearchonPopulationandSocial Policies, Italy Florian Michahelles ETH Zurich, Switzerland Florina Almena´rez University Carlos III of Madrid, Spain Han-You Jeong Pusan University, Korea Hyohyun Choi Inha Technical College, Korea Isaac Agudo Universidad de Ma´laga, Spain Jae-il Lee KISA, Korea Javier Lopez University of M´alaga, Spain Jeong Hyun Yi Soongsil University, Korea Jongsub Moon Korea University, Korea X Conference Organization Jordi Herrera Joancomart´ı Universitat Auto`noma de Barcelona,Spain Jose A. Montes Universidad de Ma´laga, Spain Juan Herna´ndez Serrano Universitat Polit`ecnica de Catalunya, Spain Magdalena Payeras-Capella` University of the Balearic Islands, Spain Manik Lal Das Dhirubhai Ambani Inst. of Information and Communication Tech., India Marc Lacoste France Telecom R&D/Orange Labs, France Mar´ıa Francisca Hinarejos University of the Balearic Islands, Spain Masoom Alam Institute of Management Sciences, Pakistan Nicolas Sklavos Tech. Educational Institute of Patras,Greece Olivier Markowitch Universit´e Libre de Bruxelles, Belgium Panagiotis Rizomiliotis University of the Aegean, Greece Pierangela Samarati University of Milan, Italy Rodrigo Roman Castro University of Ma´laga, Spain Ruben Rios del Pozo University of Ma´laga, Spain Sokratis Katsikas University of Piraeus, Greece Stefanos Gritzalis Info-Sec-Lab, University of the Aegean, Greece Sunwoong Choi Kookmin University, Korea Thomas Strang German Aerospace Center (DLR), Germany Thomas Wook Choi Hankuk University of Foreign Studies, Korea Vishal Kher VMware, USA Won Joo Lee Inha Technical College, Korea Yong Lee ChungJu University, Korea International Workshop on Security and Trust for Applications in Virtualized Environments (STAVE 2011) Preface Virtualisation technologies offer many benefits to IT organisations today and into the future. These technologies allow organisations to increase the utilisa- tion of their IT infrastructure while lowering the overallcosts of ownership and accelerating the return on investment. Asvirtualisationincreasesthesharingofcompute,networkandI/Oresources with multiple users and applications in order to drive higher utilisation rates, it replaces the traditional physical isolation boundaries with virtual ones. This fundamentalchangeinisolationboundariesintroduces new riskvectorsfordata leakage, cross-contamination as well as new requirements for the auditing and monitoring of such virtualised systems. In order to allow the deployment of e-Government, e-Health or other ap- plication services that use, store, and process highly sensitive data, there are a number of significant, common, complex issues which must be addressed by virtualisation technologies and solutions which have particular relevance: (cid:129) Compliance with legal frameworks for data protection and privacy (cid:129) Identity management between different governmentalservices (cid:129) Security and trust aspects of using virtualisation in a distributed environment (cid:129) Policy mapping (existing security and trust systems with virtualisation solutions) (cid:129) Management of risks and policy compliance verification. The First International Workshop on Security and Trust for Applications in Virtualised Environments (STAVE 2011) brought together industry executives, seasoned managers, agency representatives, expert researchers and senior sub- ject matter experts from a broad array of application and technical areas, as well as government officials who are concerned with security and trust in virtu- alised environments. It drew out common themes, problems and issues that are encountered,andthesolutionsthathavebeendevisedtodealwiththeproblems of securing virtualised environments and compliance with government regula- tions. It aimed to provide the basis for a common understanding and common approaches to security and trust that synthesises the insights and best of breed solutions being developed in the diverse areas in which these problems are en- countered. XII Preface The Workshop Chairs wish to thank the authors of presented papers and speakersfortheirfineandinterestingcontributions.Finally,ourwarmestthanks to the Organizing Committee of STA 2011 and in particular to the Program Chairs of the Security and Trust Computing Track, Taeshik Shon and Costas Lambrinoudakis, for making STAVE 2011 possible. June 2011 Charalabos Skianis Panagiotis Rizomiliotis Isaac Agudo Barry P. Mulcahy Eamonn Power Patrick Phelan Conference Organization General Chair Charalabos Skianis University of the Aegean, Greece TPC Chairs Panagiotis Rizomiliotis University of the Aegean, Greece Isaac Agudo University of Ma´laga, Spain Core Organizing Committee Barry P. Mulcahy Waterford Institute of Technology, Ireland Eamonn Power Waterford Institute of Technology, Ireland Patrick Phelan Waterford Institute of Technology, Ireland STAVE 2011 Program Committee Enrico Angori Datamat, Italy PascalBisson Thales Research & Technology, France Alexander Boettcher Technische Universitat Dresden, Germany Caspar Bowden Microsoft, EMEA Pete Bramhall Hewlett Packard Laboritories,UK Jan Camenisch IBM, Switzerland Gregory Chockler IBM, Israel Paolo Collimedaglia Selex Communications, Italy Herve Debar T´el´ecomResearch and Development, France Danny De Cock Katholieke Universiteit Leuven, Belgium Hermann de Meer University of Passau, Germany Shane Dempsey Waterford Institute of Technology, Ireland Rodriguez Diaz Rodrigo ATOS Origin, Spain Zeta Dooly Waterford Institute of Technology, Ireland Guerrero Fernandez Daniel ATOS Origin, Spain Brian Foley Waterford Institute of Technology, Ireland Frederic Gittler Hewlett Packard Laboratories,UK Marit Hansen Independent Centre for Privacy Protection, Germany