International Workshop on Security and Privacy

in Enterprise Computing (InSPEC 2008)


in conjunction with the 12th IEEE International

EDOC Conference (EDOC 2008)

15 September 2008, München, Germany


About the Workshop

Several technologies have emerged for enterprise computing. Workflows are now widely adopted by industry and distributed workflows have been a topic of research for many years. Today, services are becoming the new building blocks of enterprise systems and service-oriented architectures are combining them in a flexible and novel way. Business applications, such as Enterprise Resource Planning (ERP), Supply Chain Management (SCM) and Supplier Relationship Management (SRM) systems form the core of enterprise systems. In addition, with wide adoption of e-commerce, business analytics that exploits multiple, heterogeneous data sources have become an important field. These technological trends are accompanied by new business trends due to globalization that involve innovative forms of collaborations such as virtual organizations. Further, the increased speed of business requires IT systems to become more flexible and highly dynamic.

All of these trends bring with them new challenges to the security and privacy of enterprise computing. We are increasingly relying on IT systems for our daily business including essential utilities such as water and power. The traditional forms of computer security need to be enhanced to address the distributed nature and multiple administrative domains of conducting business. For example, algorithms for incorporating the new business practices need to be identified for access control. Similarly, data confidentiality cannot be provided on the network layer anymore, it needs to be built into applications and processes that span across various domains. The enhanced data sharing calls for innovative algorithms and protocols. Novel cryptographic techniques need to be developed and established ones evaluated for industrial adoption. In addition to the security measures, this new generation of distributed systems requires techniques for ensuring compliance with regulations on governance and privacy of data, including those asserted by government and regulatory agencies.

New concepts for solving these challenges require the combination of many disciplines from computer science and information systems, such as cryptography, networking, distributed systems, process modeling and design, access control, privacy etc. It is the goal of this workshop to provide a forum for exchange of novel research in these areas among the experts from academia and industry. Completed work as well as research in progress is welcome, as we want to foster the exchange of novel ideas and approaches.


Topics of Interest

  • Security and privacy in workflow systems
    • Access control architectures
    • Modeling of security and privacy constraints
    • Automatic security augmentation
    • Secure/Trusted virtual domains
  • Security and privacy in service-oriented architectures
    • Secure composition of services
    • Semantic aware security
    • Security services
    • Trustworthy computation
  • Identity Management
    • Security and Privacy
    • Applications to compliance
    • Effective use in business IT systems
  • Data sharing
    • Cryptographic protection during data sharing
    • Privacy-preserving distributed applications
    • Efficient multi-party computations
    • Privacy and data sharing policies
  • Security and privacy in management information systems
    • Novel secure applications
    • Secure and private data analytics
    • Flexible and seamless security architectures
    • Secure operating system design
  • Collaborations
    • Secure and private supply chains
    • Security and privacy in virtual organizations
    • Private social network and Web 2.0 applications
    • Security and privacy in outsourcing



11:00 - 11:15 Introduction and Welcome
11:15 - 12:00 Invited Talk: Service Protection in Web Service-based Architectures.
Prof. Norbert Luttenberger (University of Kiel, Germany)
12:00 - 12:30 Reducing the integration tax of cross-organizational identity-based services with identity federation platforms.
Antonio Manuel Fernandez Villamor, Juan Carlos Yelmo Garcia (Polytechnical University of Madrid, Spain)
12:30 - 13:00 A Guanxi Shibboleth based Security Infrastructure.
Wei Jie (University of Manchester, UK), Alistair Young (UHI Millenium Institute, UK), Junaid Arshad (University of Leeds, UK), June Finch, Rob Procter (University of Manchester, UK)
13:00 - 14:00 Lunch Break
14:00 - 14:30 Towards Enhanced Presence Filtering.
Andrew Rutherford, Reinhardt Botha (Nelson Mandela Metropolitan University, South Africa)
14:30 - 15:00 A best practices-oriented approach for establishing trust chains within Virtual Organisations.
Michel Kamel, Romain Laborde, Abdelmalek Benzekri, Francois Barrere (University Paul Sabatier, France)
15:00 - 15:30 Automated Privacy Audits Based on Pruning of Log Data.
Rafael Accorsi, Thomas Stocker (University of Freiburg, Germany)
15:30 - 16:00 Coffee Break
16:00 - 16:30 Protecting Sensitive Business Information While Sharing Serial-Level Data.
Davide Zanetti, Srdjan Capkun (ETH Zurich, Switzerland)
16:30 - 17:00 Industrial Privacy in RFID-based Batch Recalls.
Leonardo Weiss Ferreira Chaves, Florian Kerschbaum (SAP Research, Germany)
17:00 - 17:30 Galois Substitution Counter Mode (GSCM).
Mohamed Abo El-Fotouh, Klaus Diepold (Technical University of Munich, Germany)


Organizing Committee

Ernesto Damiani (University of Milan, Italy)
Florian Kerschbaum (SAP Research, Germany)
Vijaykumar Rachamadugu (MITRE, USA)


Program Committee

Rafael Accorsi (University of Freiburg, Germany)
Jan Camenisch (IBM Research Zurich, Switzerland)
Marco Casassa-Mont (HP Research Labs Bristol, UK)
Octavian Catrina (International University, Germany)
David Chadwick (University of Kent, UK)
Xiuzhen Cheng (George Washington University, USA)
Wenliang Du (Syracuse University, USA)
Keith Frikken (Miami University, USA)
Fabio Massacci (University of Trento, Italy)
Jörn Müller-Quade (University of Karlsruhe, Germany)
Seth Proctor (Sun Microsystems Labs, USA)
Ahmad-Reza Sadeghi (Ruhr-Universität Bochum, Germany)
Andreas Schaad (SAP Research, Germany)
Berry Schoenmakers (TU Eindhoven, Netherlands)
Anoop Singhal (NIST, USA)
Duminda Wijesekera (George Mason University, USA)
Huafei Zhu (I2R, Singapore)