Minutes: A short list of some of the points that were presented or discussed (ordered by the name of the PhD student that was presenting).
Qian Li (started one week ago)
- PhD in ND on Middleware design leveraging a new transport layer architecture.
- Design a middleware, to enable the application layer to communicate easier with the transport layers.
- A superset of the transport layers like UDP and TCP.
- part of the project NEAT EU project.
- Somehow going back to OSI and service oriented architectures.
- An activity in IETF to make standard of such a transport.
- Innnovation has happened above and below transport layer, but not much at the transport layer.
- Choose an existing middleware, like the JMI for queues.
Sauche
- on "Social network security"
- Location privacy.
- Olaf comment about the PhD student from Chalmers that studies location privacy in facebook.
- targeted for Privacy from other users, not from the service provider.
- develop crypto and network security
- see distributed social networks
Dat (one year in)
- on Studying Tradeoffs in Self protecting systems
- Mapping the security patterns into the Rainbow framework
- Set up a Real Honey Pot for attracting hackers, and studying
- Analyse automatically the logs to see if the system is in an infected state.
- Maybe present the HeartBleed attack ?
- Maybe present the concept and implementation/installation of honey pots ?
- How do the security patterns fit ?
-- They would be mapped into the monitor (decision maker)
-- Monitoring, Analysys/Decision, Planner, Executer/Efector (MAPE)
-- Rambow is a platform for developing self adaptive systems/architectures
Ijlal (one year in)
- Trusted computing plus identity control
- Started in OffPAD on identity management and access control
- Current interest on TPM (Trusted Platform Modules)
- What is TPM used for in real file ?
-- On Windows it is behind Bitlocker (used for disk encryption)
- Worked on FIDO (which was presented previously to Conserns)
- Privacy for the cloud, using TPM (migrateble keys)
-- Eg. a could provider can access your data only if they inform you.
- See the recent PhD from bergen on multy-key encrypotion to protect data in cloud
- Maybe present how TMP works and how it is used eg. in SecureBoot ?