socio-economic aspects of trusted computing
A provisional timetable is here (pdf). This may be subject to change.
Questioning What You Think You Know
Abstract A great deal of the trust we think we can place (or not) in our computing systems is based on exerperience with the ones we commonly use. However, those computing systems continue to be victimized by a variety of failures and attacks. Perhaps some of the "common knowledge" on which we base our designs is itself faulty? Perhaps we are employing concepts that should be re-examined?
I intend to provoke the audience with this talk to question some assumptions related to computer architecture, the definitions of security, and how best to build trusted systems. In particular, we should question if the current methods of defining security are appropriate, how we might better design a system to be secured, and whether we understand the appropriate tradeoffs when paying for heightened trust.
Trusted Computing Rants, Regrets, and Research
Abstract How do we build trustworthy hardware, and how can we use that to increase the trustworthiness of broader distributed computation? These questions have followed me through a variety of venues in my career so far: academia, government, start-up, large industry, and academia again. This talk presents some things I've learned, some things I wish I had done differently, and some things I'd still like to do.
Online Trust: A Decade of Researching Users' Inferences
Abstract Over the past 10 years the question of what makes people trust websites, companies, and other people online has been a recurrent theme. It has been discussed by human-computer interaction specialists (or, to pick today's term, user experience professionals), economists, security experts, and market researchers.
The question is - what can we learn from the combined efforts?
Rather than trying to answer this question outright, I'll look at how the discourse has evolved over this time. While we are still talking about 'online trust', the concerns and goals of our research may have changed.
As an example, in the nineties many studies were conducted to identify the cues that lead users to place trust in e-commerce sites and use their credit cards online. Today we are faced with the reality of phishing attacks (whose designers may well have had a close look at those early publications) and we wonder how we can create systems with reliable cues that allow users instant and correct inferences. Another example are reputation systems, where much effort is spent on safeguarding them against malicious attackers, but only recently the discussion has begun on provisions to avoid the escalation of the accidental mundane transgressions that are so common in our everyday encounters.
My view in tracing these developments will be a user-centred one. I'm more interested in people's perceptions of trustworthiness than in system attributes. I'll draw on my own academic research in e-commerce, online gaming, and online advice - as well as that of others in the field.
List of accepted papers: Technical Strand
Implementation of Trusted Computing
Towards a Programmable TPM
Paul England, Talha Tariq
- ACPI: Design Principles and Concerns
Loïc Duflot, Olivier Levillain, Benjamin Morin
Implementation Aspects of Mobile and Embedded Trusted Computing
Kurt Dietrich, Johannes Winter
Modeling Trusted Computing Support in a Protection Profile for High
Assurance Security Kernels
Hans Löhr, Ahmad-Reza Sadeghi, Christian Stüble, Marion Weber, Marcel Winandy
- Remote Attestation of Attribute Updates and Information Flows in a
Mohammad Nauman, Masoom Alam, Xinwen Zhang, Tamleek Ali
- Measuring Semantic Integrity for Remote Attestation
Fabrizio Baiardi, Diego Cilea, Daniele Sgandurra, Francesco Ceccarelli
PKI for Trusted Computing
- A PrivacyCA for Anonymity and Trust
Martin Pirker, Ronald Toegl, Daniel Hein, Peter Danner
- Revocation of TPM Keys
Stefan Katzenbeisser, Klaus Kursawe, Frederic Stumpf
- Securing the Dissemination of Emergency Response Data with an
Integrated Hardware-Software Architecture
Timothy Levin, Jeffrey Dwoskin, Ganesha Bhaskara, Thuy Nguyen, Paul Clark, Ruby Lee, Cynthia Irvine, Terry Benzel
- Trustable Remote Verification of Web Services
- Trustworthy Log Reconciliation for Distributed Virtual Organisations
Jun Ho Huh, John Lyle
- Attacking the BitLocker Boot Process
Sven Türpe, Andreas Poller, Jan Steffan, Jan-Peter Stotz, Jan Trukenmöuller
- Secure VPNs for Trusted Computing Environments
Steffen Schulz, Ahmad-Reza Sadeghi
- Merx: Secure and Privacy Preserving Delegated Payments
Christopher Soghoian, Imad Aad
- A Property-dependent Agent Transfer Protocol
Eimear Gallery, Aarthi Nagarajan, Vijay Varadharajan
List of accepted papers: Socio-Economic Strand
The Sociology of Trusted Systems:
The Episteme and Judgment of a Technology
Stefano De Paoli
National University of Ireland Maynooth
- An Institutional Approach To Trust In Electronic Transactions
Chris Smith, Aad van Moorsel, Feng Li and Dariusz Pinkowski
School of Computing Science, Newcastle University and Newcastle University Business School
- Closing the Gap between Acting on Trust and Deciding to Trust
The University of Edinburgh
- Relative Anonymity: Approaches for the Connected World
Claire Vishik, Giusella Finocchiaro
Intel UK, University of Bologna
- Challenging Challenge Questions
David Aspinall, Mike Just
University of Edinburgh
- Internal and external trust in web-based scientific communities
University of Oxford
Using enhanced control of personal data to build trust in Internet based applications and services
Moderated by Prof. Sadie Creese
A reception and presentation from Green Hills Software about their INTEGRITY Operating System and its certification.