Keynote Speeches |
| Keynote Speech I |
| Title: |
Application Security - Myth or Reality? |
| Speaker: |
Bill Caelli |
| Abstract: |
The implementation and verification of information
security services and mechanisms within application systems has received
recent widespread attention. Moreover, it has been suggested that
it may be the only way to increase overall information system assurance
in an era where ICT governance and resulting compliance requirements
have taken on new force internationally and the use of commodity
level and “off-the-shelf” ICT products for critical information systems
continues. While it has been argued that an application can be no
more secure than the middleware / libraries it uses, the operating
system upon which this all stands and even computer / data network
hardware and firmware, security at the application layer was always
envisaged as playing a vital role. Indeed security at the “application
layer” was seen as a major technique in the 1980’s “Open Systems
Interconnection (OSI)” security model (International Standard IS
7498 – 2). At a time when
- “end-user” programming is being advocated and could become
a reality in the near future,
- the role and function of computer/information technology education
and training is rapidly changing, and
- the challenge of increased threats from Internet connection
is rapidly rising, coupled with the introduction of “web services” style
applications,
there is a need to reconsider security schemes at the application
level. This paper examines current trends in application design,
development, deployment and management and evaluates these against
known system vulnerabilities and threats. |
|
| Keynote Speech II |
| Title: |
Towards Efficient & Novel Security Solutions -
A Marriage of Crypto and Trusted Computing Platform |
| Speaker: |
Robet H. Deng |
| Abstract: |
Cryptographic algorithms and protocols can do many
wonderful things. Most crypto protocols, however, make very weak
assumptions about the computing platforms. As a result, they are
often too complicated or intruduce too high an overhead to be useful
in real applications.
Trusted computing has a long history. The most recent attempt is
by the Trusted Computing Group which defines a set of trusted computing
platform (TCP) specifications aiming to provide hardware-based root
of trust and a set of mechanisms to propagate trust to applications
as well as across platforms.
In this talk, we advocate a new approach to security designs. Instead
of approaching the problems from pure cryptographic point of review,
we examine problems and assumptions from a combined view of cryptography
and trusted computing with an aim of designing more efficient or
novel security solutions. We illustrate the idea with several specific
examples. |
|
| Keynote Speech III |
| Title: |
Tools and Technology for Computer Forensics: Research
and Development in Hong Kong |
| Speaker: |
Lucas Hui |
| Abstract: |
With the increased use of Internet and information
technology all over the world, there is an increased amount of criminal
activities that involve computing and digital data. These digital
crimes (e-crimes) impose new challenges on prevention, detection,
investigation, and prosecution of the corresponding offences. Computer
forensics (also known as cyberforensics) is an emerging research
area that applies computer investigation and analysis techniques
to help detection of these crimes and gathering of digital evidence
suitable for presentation in courts. This new area combines the knowledge
of information technology, forensics science, and law and gives rise
to a number of interesting and challenging problems related to computer
security and cryptography that are yet to be solved. In this paper,
we present and discuss some of these problems together with two successful
cases of computer forensics technology developed in Hong Kong that
enable the law enforcement departments to detect and investigate
digital crimes more efficiently and effectively. We believe that
computer forensics research is an important area in applying security
and computer knowledge to build a better society. |
|
| Keynote Speech IV |
| Title: |
E-voting by Zero-Knowledge |
| Speaker: |
Victor K. Wei |
|