2nd International Workshop on

Security and Privacy

in Enterprise Computing (InSPEC 2009)


in conjunction with the 13th IEEE International

EDOC Conference (EDOC 2009)

1 September 2009, Auckland, New Zealand


About the Workshop

In recent years several technologies have emerged for enterprise computing. Workflows are now widely adopted by industry and distributed workflows have been a topic of research for many years. Today, services are becoming the new building blocks of enterprise systems and service-oriented architectures are combining them in a flexible and novel way. In addition, with wide adoption of e-commerce, business analytics that exploits multiple, heterogeneous data sources have become an important field. Ubiquitous computing technologies, such as RFID or sensor networks change the way business systems interact with their physical environment, such as goods in a supply chain or machines on the shop floor. All these technological trends are accompanied also by new business trends due to globalization that involve innovative forms of collaborations such as virtual organizations. Further, the increased speed of business requires IT systems to become more flexible and highly dynamic.

All of these trends bring with them new challenges to the security and privacy of enterprise computing. We are increasingly relying on IT systems for our daily business including essential utilities such as water and power. The traditional forms of computer security need to be enhanced to address the distributed nature and multiple administrative domains of conducting business. For example, algorithms for incorporating the new business practices need to be identified for access control. Similarly, data confidentiality cannot be provided on the network layer alone anymore, it needs to be built into applications and processes that span across various domains. The enhanced data sharing calls for innovative algorithms and protocols that respect the users' security needs. Novel cryptographic techniques need to be developed and established ones evaluated for industrial adoption. In addition to the security measures, this new generation of distributed systems requires techniques for ensuring compliance with regulations on governance and privacy of data, including those asserted by government and regulatory agencies.

New concepts for solving these challenges require the combination of many disciplines from computer science and information systems, such as cryptography, networking, distributed systems, process modeling and design, access control, privacy etc. It is the goal of this workshop to provide a forum for exchange of novel research in these areas among the experts from academia and industry. Completed work as well as research in progress is welcome, as we want to foster the exchange of novel ideas and approaches.


Topics of Interest

  • Security and privacy in workflow systems
    • Access and usage control architectures
    • Modeling of security and privacy constraints
    • Automatic security augmentation
    • Information flow properties
  • Security and privacy in service-oriented architectures
    • Secure composition of services
    • Semantic aware security
    • Security services
  • Security analysis of business systems
    • Threat and vulnerability analysis
    • Modeling of and reasoning about distributed security policies
    • Forensic analysis
    • Multi-layers audits
    • Risk analysis
  • Identity Management
    • Security and privacy
    • Applications to compliance
    • Effective use in business IT systems
  • Data sharing
    • Cryptographic protection during data sharing
    • Privacy-preserving distributed applications
    • Efficient multi-party computations
    • Privacy and data sharing policies
  • Security and privacy in management information systems
    • Novel secure applications
    • Secure and private data analytics
    • Flexible and seamless security architectures
  • Collaborations
    • Secure and private supply chains
    • Security and privacy in virtual organizations
    • Private social network and Web 2.0 applications
    • Security and privacy in outsourcing



InSPEC 2009 will be held jointly with MTECS 2009.

13:45 - 14:30 InSPEC: Invited Talk: A matter of confidence: privacy compliance for connected-up enterprises.
Dr. Jason Reid (Queensland University of Technology, Australia)
14:30 - 15:00 MTECS: Towards Automatic Behaviour Synthesis of a Coordinator Component for Context-Aware Mobile Applications
Laura M. Daniele, Luis Ferreira Pires and Marten J. van Sinderen (University of Twente, Netherlands)
15:00 - 15:15 InSPEC: Leveraging Service Descriptions for Fraud Detection in Composite Web Services.
Ulrich Flegel, Philip Miseldine and Andreas Schaad (SAP Research, Germany)
15:15 - 15:45 MTECS: Approaches for Optimizing the Performance of a Mobile SAML-based Emergency Response System.
Thang Tran and Christian Wietfeld (Technical University Dortmund, Germany)
15:45 - 16:00 Coffee Break
16:00 - 16:30 InSPEC: Scalable, Accountable Privacy Management for Large Organizations.
Siani Pearson, Prasad Rao, Tomas Sander, Alan Parry, Allan Paull, Satish Patruni, Venkata Dandamudi-Ratnakar and Pranav Sharma (HP Labs, US)
16:30 - 17:00 MTECS: Mobile Marketing Evolution: Systematic Literature Review on Multi-Channel Communication and Multi-Characteristics Campaign Raymond Huang and Judith Symonds (Auckland University of Technology, New Zealand)
17:00 - 18:00 Joint Discussion.
Privacy and security in mobile enterprise systems


Organizing Committee

Rafael Accorsi (University of Freiburg, Germany)
Ernesto Damiani (University of Milan, Italy)
Frank Innerhofer-Oberperfler (University of Innsbruck, Austria)
Florian Kerschbaum (SAP Research, Germany)


Program Committee

Ruth Breu (University of Innsbruck, Austria)
Marco Casassa-Mont (HP Research Labs Bristol, UK)
Octavian Catrina (International University, Germany)
David Chadwick (University of Kent, UK)
Wenliang Du (Syracuse University, USA)
Isao Echizen (NII, Japan)
Keith Frikken (University of Miami, Ohio, USA)
Dieter Hutter (DFKI, Germany)
Jörn Müller-Quade (University of Karlsruhe, Germany)
Alexander Pretschner (University of Kaiserslautern, Germany)
Seth Proctor (Sun Microsystems Labs, USA)
Roland Rieke (Fraunhofer SIT, Germany)
Riccardo Scandariato (KU Leuven, Belgium)
Andreas Schaad (SAP Research, Germany)
Berry Schoenmakers (TU Eindhoven, Netherlands)
Anoop Singhal (NIST, USA)
Ketil Stolen (SINTEF, Norway)
Duminda Wijesekera (George Mason University, USA)
Jon Whittle (Lancaster University, UK)