Wouter Joossen - Security
1 like397 views
The document summarizes the IBBT security department, which enhances ICT security research in Flanders through first-class basic and applied research, knowledge transfer to industry, lowering regulatory compliance costs, and training students. The department has expertise across many security areas and collaborates between its COSIC, DistriNet, and ICRI groups. It has a strong track record of FP6/FP7 projects and commercial spin-offs. Research focuses include assurance for future internet services, privacy, identity management, and cybercrime.
Wouter Joossen - Security
- 1. IBBT security departement security, privacy and trust of E-* Wouter Joosen IBBT - COSIC – DistriNet – ICRI 3/05/2011, We-BBT Brussel
- 2. enhance the leading position of ICT-security research in Flanders essential objectives: • perform first class basic and applied research in key areas from ICT security (core) • transfer the acquired basic knowledge into the economy (traditional notion of valorization) • lower the cost of regulatory compliance of new hardware, software and applications (specific: valorization) • contribute actively to training of undergraduate and PhD students, and of industry (valorization too) not too different from IBBT as a whole
- 3. ICT security research: context, application and technology trends 1. security research – a strong tradition in Flanders. 2. security is directly related to dependability, and to trustworthiness – trustworthiness will remain essential 3. security cannot be achieved as an after-thought; core to software applications and the development & deployment processes (engineering) 4. security problems arise anywhere in systems (not only at front- and backdoors): end-to-end quality is required. 5. trustworthiness requires full life-cycle support (management support)
- 4. security, privacy and trust of E-* • Many Future Internet Applications need the solutions: being dependable, secure and trustworthy… • For example: Future health – Future Media <IP TV and video on demand> - Smart grids - Smart infrastructures – Mobile applications – Telematics – V2V..
- 5. security expertise (1/2) • secure programming languages (Clarke, Piessens, Joosen) • security middleware and component frameworks (Piessens, Desmet, Joosen) • secure development process (Scandariato, Joosen) • security monitoring and management (Desmet, Huygens, Joosen) • security for computer networks and pervasive systems (Verbaeten, Huygens, Preneel, Verbauwhede) • security for ad-hoc and wireless networks (Preneel, Verbauwhede) • privacy enhancing technologies, identity management (De Decker, Preneel) • cryptographic software and software obfuscation (Piessens, Preneel) • cryptographic hardware and embedded systems (Verbauwhede, Preneel, Rijmen) • document security, watermarking and perceptual hashing (Preneel) • trusted computing (Verbauwhede, Preneel) • legislation, compliance & policy(Dumortier)
- 6. security expertise (2/2) • cryptographic algorithms and protocols, foundations of cryptography and provable security (Rijmen, Preneel) • risk management (Huygens. Joosen) • authorisation technologies (Piessens, Joosen, Desmet) • secure system software (Piessens, Joosen) • HW implementation of DRM, watermarking and perceptual hashing (Verbauwhede, Preneel, Rijmen) • side-channel attacks and countermeasures (Verbauwhede, Rijmen, Preneel) • embedded biometry (Verbauwhede, Tuyls) • security for RFID’s, smart-cards, sensor nodes (Verbauwhede, Batina, Preneel, Huygens, Joosen) • evaluation of system security, including requirements, security architectures, software, hardware, cryptographic libraries and smart cards (All)
- 7. “one stop shop for ICT security research”
- 8. track record – a sample • about 20 FP6/FP7 projects that relate to trust and security (a separate chapter in the Framework Programmes, “alongside” for example infrastructures and service engineering) • featuring some NoE’s: • Cryptology, Bart Preneel from COSIC is currently coordinating ECRYPT II (Network of Excellence on Cryptology), which is a successor to ECRYPT. • Software and Software Engineering: Wouter Joosen (DistriNet) currently is the Research Director of NESSoS: Engineering Secure Software and Systems for Future Internet Services. • in the security and data protection area, ICRI also in a number of FP7-projects, such as PICOS, TURBINE, TAS3 and Primelife.
- 10. track record - valorization home of many succesfull industry training courses (e.g. secappdev.org) home of the AES cryptography standard home of some strong spin-off companies • Utimaco • Ubizen (now part Verizon Business Solutions) • Checkout Market Analysis for Managed Security Solutions: 2009, 2010
- 11. research focus For the business – applied to many hot application domains: 1. Assurance, compliance of new applications, typically Future Internet Services a. Cloud computing (the next big one after SOA) b. IoT and embedded software and systems 2. Very long term: Enabling Cost and Risk Assessment For Society: focus on 1. Privacy (Social Networks) – SBO SPION 2. Long Term: Cybercrime 11
- 12. research focus - progammes • Embedded Security • Privacy and identity Management • Secure Software • Security in the engineering process • Legal Research • Distributed (Internet) Software • (middleware) • What does it mean?
- 13. one example: Bravehealth (FP7-IP 2010-2013) The BRAVEHEALTH system will enable the integration of services provided by mobile resources, legacy applications, data and computing intensive services within a mobile grid to offer personalized e-health services to mobile, nomadic, stationary users.
- 14. another example: NextGenITS (IBBT/ICON) privacy preserving electronic toll GPS Satellites Fee Calculation Service Provider Driver OBU Updates GPS GSM Fee Reporting Bill Encrypted Location Data • only final fee transmitted to Service Provider • only driver has access to location data • authenticity of reported fee and location data • confidentiality of communications
- 15. structure of the department 15
- 16. security united >140 FTE’s COSIC DistriNet ICRI Prof. Jos Dumortier Prof. Bart Preneel Prof. Dave Clarke Prof. Peggy Valcke Prof. Vincent Rijmen Prof. Bart De Decker Prof. Ingrid Verbauwhede Prof. Christophe Huygens 2 postdocs Prof. Claudia Diaz Prof. Wouter Joosen 15+ junior researchers Prof. Frank Piessens 7 postdocs 40+ junior researchers Prof. Yolande Berbers Prof. Tom Holvoet Prof. Bart Jacobs 15 postdocs 50+ junior researchers
- 17. collaboration between departments: obvious overlapping expertise and interest in enabling technologies (FIA) – enabling service platforms - Telecom SOA (TCASE, WTE+) + (CSEMAP) - Cloud Computing (CUSTOMSS) + (DREAMaaS, PUMA) strategic application domains include - Future Health (EHIP, Share4Health) - E-Media (CUPID) - Telematica (NextGenITS) - Logistics (MultiTr@ns, DEUS, Admid) - E-government (IDEM) +(CSEMAP) - … 17
- 18. partnerships research partners: • European universities: Cambridge University, ENS Paris, T.U.Graz, T.U.Eindhoven, R.U.Bochum, Danish Technical University, EPFLausanne, TUDarmstadt, ULancaster, TCD Dublin, UTwente, Univ. Trento, Open University (UK), ESRC Centre for Analysis of Risk and Regulation (Londen School of Economics), Tilburg Law and Economics Center (Tilburg University), Institute for Information Law (IViR) (Universiteit Amsterdam), Institute for European Media Law (EMR, Germany), Hans Bredow Institute (Germany), Wissenschaftliches Institut für Infrastruktur und Kommunikationsdienste (WIK, Germany), Helsinki Institute for Information Technology (HIIT, Finland). • universities outside Europe: Brown University, Korea University, Virginia Tech, Mc Gill University, University of Colorado at Boulder (USA), Annenberg School of Communications at Penn State University (USA), Center for Information Policy Research of the University of Wisconsin (USA), the University of Technology Sydney (Australia) and Hitotsubashi University (Japan). strategic partners: • Flemish companies (or companies with a strong representation in Flanders):Agfa (e-health), Alcatel-Lucent, Barco, Belgacom, Telenet, VRT • European companies: Orange Labs (telecommunications), STMicroelectronics (microelectronics), Gemalto, Giesecke & Devriendt (smart cards), Irdeto and Nagra (content protection), Philips, SAP, Siemens(HQ), Thales, ATOS and Docomo Labs. • International Industry Research Labs Microsoft, Google, and IBM; Sony and Hitachi. 18
- 19. conclusion • nature of the department: highly interdisciplinary in itself • critical mass beats (most – all?) of the European competition • international recognition is a fact • track record: long term and versatile • stable base for sustained success ..no matter what the buzz words are or will be