Topics for Presentation on April 4
The goal for these presentations is to develop understanding of the following areas based on the recent developments:
Each presentation will be 20 - 25 minutes. I would like each presentation to be done by two people. Each presentation group should either select at least one Journal paper or at least two conference paper (or equivalent). If you are doing labs in groups of two that should be the easiest way to form partners - you are free to form your group as you would like, otherwise.
Each student will evaluate all the presentations and that will constitute 80 Points. I will award the remaining 20 points.
I have attempted to provide some sample papers. If you prefer or have suggestions for other papers, please let me know. I would like to finalize papers and topics by tomorrow so that you can prepare.
Sample paper listings
NSA site has some good resources related to Security guidelines. Of interest would be looking at security architecture, comparison, etc.
The site also has security related to other topics.
Ji-Won Byun, Elisa Bertino, Ninghui Li, Privacy control: Purpose based access control of complex data for privacy protection, Proceedings of the tenth ACM symposium on Access control models and technologies, June 2005
Borking, J. J. (2001). Laws, PETS and other Technologies for Privacy Protection. Journal of Information, Law and Technology.
He, Q. (2003). Privacy Enforcement with an Extended Role-Based Access Control Model, North Carolina State University, Raleigh.
Mont, M. C., Pearson, S. & Bramhall, P. (2003). Towards accountable management of identity and privacy: sticky policies and enforceable tracing services. 14th International Workshop on Database and Expert Systems Applications.
Mavridis, I., Pangalos, G., Khair, M. and Bozios, L., Defining Access Control Mechanisms for Privacy Protection in Distributed Medical Databases. in IFIP Working Conference on User Identification and Privacy Protection, (Stockholm, Sweden, 1999).
RBAC + Administrative
Sandhu, R., Bhamidipani, V. and Munawer, Q. The ARBAC97 model for role-based administration of roles. ACM Transactions on Information and System Security, 1 (2). 105--135.
Jason Crampton, “Understanding and developing role-based administrative models,” Proceedings of the 12th ACM conference on Computer and communications security CCS '05, November 2005.
Jason Crampton, George Loizou, A foundation for role-based administrative models, ACM Transactions on Information and System Security (TISSEC), Volume 6 Issue 2, May 2003 (EXTENDED VERSION OF THE EARLIER ONE)
Beverly L. Harrison, Alex Cozzi, Thomas P. Moran, “Supporting activities: Roles and relationships for unified activity management,” Proceedings of the 2005 international ACM SIGGROUP conference on Supporting group work GROUP '05, November 2005
Axel Kern, Andreas Schaad, Jonathan Moffett, “An administration concept for the enterprise role-based access control model,” Proceedings of the eighth ACM symposium on Access control models and technologies, June 2003
Digital Rights Management
Kuhlmann, D. and Gehring, R.A. Trusted Platforms, DRM, and Beyond. in Eberhard Becker, W.B., Dirk Günnewig, Niels Rump ed. Digital Rights Management: Technological, Economic, Legal and Political Aspects, Springer, New York, 2003.
Key Challenges in DRM: An Industry Perspective, Microsoft Corporation: One
Microsoft Way, 2003.
Liu, Q., Safavi-Naini, R. and Sheppard, N.P. Digital rights management for content distribution. in Proceedings of the Australasian information security workshop conference on ACSW frontiers 2003 - Volume 21, Australian Computer Society, Inc., Adelaide, Australia, 2003, 49-58.
Martin, M., Agnew, G., Kuhlman, D.L., McNair, J.H., Rhodes, W.A. and Tipton, R. Federated Digital Rights Management: A Proposed DRM Solution for Research and Education. D-Lib Magazine, 8.
McKinley, H.L., Digital Rights Management & XML Security Protocols. in 20th Annual Computer Security Applications Conference: Workshop on Trusted Computing, (Tucson, Arizona, 2004).
(I will add the papers soon)
Some people are already working on IPv6. So I would prefer them to group together to present.
XML/Web Services Security