Stefan Fenz will hold a four week IT security course at the 2009 Konkuk University International Summer Program. Konkuk University, is one of the leading private universities in Korea, generally regarded as one of the top 10 universities in Korea out of over 370 universities and colleges.
Edgar Weippl takes part in the round-table discussion on innovation and knowledge transfer organized by ZIT.
Our paper “Business Process-based Resource Importance Determination” has been accepted at the 7th International Conference on Business Process Management (BPM’2009).
Traditionally, the BPM conference attracts the outstanding researchers in the field and abides to the highest academic standards. BPM solicits original research papers that break new ground in or make significant novel contributions to the field. The acceptance rate in previous editions has been around 14%. (cf. http://www.bpm2009.org/)
Prof. Maria Damiani gave a talk on “Spatio-temporal access control: state-of-the-art and open issues”.
In the last few years, a number of spatial and spatio-temporal access control models have been developed in the framework of pervasive computing and location-based services. The distinguishing feature of those models is that the access authorization is subordinated to the satisfaction of contextual conditions, such as spatial proximity or containment in certain spaces. For example, health records can be only accessed by personnel located in the hospital during working hours. In most cases those models extend RBAC to allow for the specification of simple constraints based on location and time which are then enforced upon users’ request. Many issues, however, remain to be investigated, for example the administration of spatio-temporal policies, the specification of usage control in mobile applications, the development of suitable architectures and the protection of privacy. In this talk, I will overview research in spatio-temporal access control and discuss a few open issues.
Prof. Daniel S. Yeung gave a talk on “Sensitivity Based Generalization Error for Supervised Learning Problem with Applications in Model Selection and Feature Selection”.
Generalization error model provides a theoretical support for a classifier’s performance in terms of prediction accuracy. However, existing models give very loose error bounds. This explains why classification systems generally rely on experimental validation for their claims on prediction accuracy. In this talk we will revisit this problem and explore the idea of developing a new generalization error model based on the assumption that only prediction accuracy on unseen points in a neighborhood of a training point will be considered, since it will be unreasonable to require a classifier to accurately predict unseen points “far away” from training samples. The new error model makes use of the concept of sensitivity measure for an ensemble of multiplayer feedforward neural networks (Multilayer Perceptrons or Radial Basis Function Neural Networks). Two important applications will be demonstrated, model selection and feature reduction for RBFNN classifiers. A number of experimental results using datasets such as the UCI, the 99 KDD Cup, and text categorization, will be presented.
Edgar Weippl gives a talk on Database Forensic at the Security Forum in Hagenberg.
Abstract: Whenever data is being processed, there are many places where parts of the data are temporarily stored; thus forensic analysis can reveal past activities, create a (partial) timeline and restore deleted data. While this fact is well known for computer forensic and multiple tools to forensically analyze data exit, the systematic analysis of database systems has only recently begun.
Clearly, database system are bound to leave more extensive traces since they not only store a file but, in addition, need indexes, rollback segments and log files. In this tutorial we will cover the basics of forensic analysis particularly focusing on database systems.
Günter Müller gave an excellent talk on compliance and risk management.
Our paper “An Evaluation of Technologies for the Pseudonymization of Medical Data” was accepted for publication.
Our paper “An Empirical Study about the Status of Business Process Management” was accepted for publication.