Friday, June 22, 2007

SACMAT Keynote

20 June 2007 - Sophia Country Club, Sophia Antipolis, France

Keynote: Jorge Cuellar - Siemens Corporate Technology, Munich, Germany
Thoughts on Application Layer Access Control

In this keynote, Jorge presented some formal methods representation for the application layer of access control. He motivated the need for formal representation through various research initiatives currently in progress at Siemens, Germany:

  • eHealth Care - ensure confidentiality of patient records
  • Planes - distrusted software
  • Citizen's portal - card to authenticate, management of access to different software.

He also discussed the rational for the need for security using UML system diagrams.

eTransactions were also discussed. Current security for e-Transactions are not enough for eCommerce needs. SSL are currently not made for eTransactions. What kind of access control do we need? What ever is chosen, ease of implementation is an important consideration. The hidden logic needs to consider confidentiality, integrity and atomicity.

No comments: