Timetable

A provisional timetable is here (pdf). This may be subject to change.

Keynotes

Prof. Eugene H. Spafford

Questioning What You Think You Know

Abstract A great deal of the trust we think we can place (or not) in our computing systems is based on exerperience with the ones we commonly use. However, those computing systems continue to be victimized by a variety of failures and attacks. Perhaps some of the "common knowledge" on which we base our designs is itself faulty? Perhaps we are employing concepts that should be re-examined?

I intend to provoke the audience with this talk to question some assumptions related to computer architecture, the definitions of security, and how best to build trusted systems. In particular, we should question if the current methods of defining security are appropriate, how we might better design a system to be secured, and whether we understand the appropriate tradeoffs when paying for heightened trust.

Prof. Sean Smith

Trusted Computing Rants, Regrets, and Research

Abstract How do we build trustworthy hardware, and how can we use that to increase the trustworthiness of broader distributed computation? These questions have followed me through a variety of venues in my career so far: academia, government, start-up, large industry, and academia again. This talk presents some things I've learned, some things I wish I had done differently, and some things I'd still like to do.

Dr. Jens Riegelsberger

Online Trust: A Decade of Researching Users' Inferences

Abstract Over the past 10 years the question of what makes people trust websites, companies, and other people online has been a recurrent theme. It has been discussed by human-computer interaction specialists (or, to pick today's term, user experience professionals), economists, security experts, and market researchers.

The question is - what can we learn from the combined efforts?

Rather than trying to answer this question outright, I'll look at how the discourse has evolved over this time. While we are still talking about 'online trust', the concerns and goals of our research may have changed.

As an example, in the nineties many studies were conducted to identify the cues that lead users to place trust in e-commerce sites and use their credit cards online. Today we are faced with the reality of phishing attacks (whose designers may well have had a close look at those early publications) and we wonder how we can create systems with reliable cues that allow users instant and correct inferences. Another example are reputation systems, where much effort is spent on safeguarding them against malicious attackers, but only recently the discussion has begun on provisions to avoid the escalation of the accidental mundane transgressions that are so common in our everyday encounters.

My view in tracing these developments will be a user-centred one. I'm more interested in people's perceptions of trustworthiness than in system attributes. I'll draw on my own academic research in e-commerce, online gaming, and online advice - as well as that of others in the field.

List of accepted papers: Technical Strand

Implementation of Trusted Computing

• Towards a Programmable TPM
  Paul England, Talha Tariq
• ACPI: Design Principles and Concerns
  Loïc Duflot, Olivier Levillain, Benjamin Morin
• Implementation Aspects of Mobile and Embedded Trusted Computing
  Kurt Dietrich, Johannes Winter
• Modeling Trusted Computing Support in a Protection Profile for High Assurance Security Kernels
  Hans Löhr, Ahmad-Reza Sadeghi, Christian Stüble, Marion Weber, Marcel Winandy

Attestation

• Remote Attestation of Attribute Updates and Information Flows in a UCON System
  Mohammad Nauman, Masoom Alam, Xinwen Zhang, Tamleek Ali
• Measuring Semantic Integrity for Remote Attestation
  Fabrizio Baiardi, Diego Cilea, Daniele Sgandurra, Francesco Ceccarelli

PKI for Trusted Computing

• A PrivacyCA for Anonymity and Trust
  Martin Pirker, Ronald Toegl, Daniel Hein, Peter Danner
• Revocation of TPM Keys
  Stefan Katzenbeisser, Klaus Kursawe, Frederic Stumpf

Applications I

• Securing the Dissemination of Emergency Response Data with an Integrated Hardware-Software Architecture
  Timothy Levin, Jeffrey Dwoskin, Ganesha Bhaskara, Thuy Nguyen, Paul Clark, Ruby Lee, Cynthia Irvine, Terry Benzel
• Trustable Remote Verification of Web Services
  John Lyle
• Trustworthy Log Reconciliation for Distributed Virtual Organisations
  Jun Ho Huh, John Lyle
• Attacking the BitLocker Boot Process
  Sven Türpe, Andreas Poller, Jan Steffan, Jan-Peter Stotz, Jan Trukenmöuller

Applications II

• Secure VPNs for Trusted Computing Environments
  Steffen Schulz, Ahmad-Reza Sadeghi
• Merx: Secure and Privacy Preserving Delegated Payments
  Christopher Soghoian, Imad Aad
• A Property-dependent Agent Transfer Protocol
  Eimear Gallery, Aarthi Nagarajan, Vijay Varadharajan

List of accepted papers: Socio-Economic Strand

• The Sociology of Trusted Systems: The Episteme and Judgment of a Technology
  Stefano De Paoli
  National University of Ireland Maynooth
• An Institutional Approach To Trust In Electronic Transactions
  Chris Smith, Aad van Moorsel, Feng Li and Dariusz Pinkowski
  School of Computing Science, Newcastle University and Newcastle University Business School
• Closing the Gap between Acting on Trust and Deciding to Trust
  Massimo Felici
  The University of Edinburgh
• Relative Anonymity: Approaches for the Connected World
  Claire Vishik, Giusella Finocchiaro
  Intel UK, University of Bologna
• Challenging Challenge Questions
  David Aspinall, Mike Just
  University of Edinburgh
• Internal and external trust in web-based scientific communities
  Annamaria Carusi
  University of Oxford

Panel Session

• Using enhanced control of personal data to build trust in Internet based applications and services
  Moderated by Prof. Sadie Creese
  Warwick University

Special Session

A reception and presentation from Green Hills Software about their INTEGRITY Operating System and its certification.