Trust, Privacy, and Security Moderator: Bharat Bhargava Purdue University

Major Research Directions 1.Terminology and Formalization of Security, Privacy, and Trust for Data and Applications 2.Metrics for Trust, Privacy, Risk, Threats 3.New Challenges in Open, Pervasive, and Heterogeneous Environments 4.Testbeds, Experiments, Benchmarks, and Assessment 5.Legal and Social Issues, and Forensics

1. Terminology and Formalization of Security, Privacy, and Trust for Data and Applications Ontologies for Security, Privacy, and Trust Ontologies for Security, Privacy, and Trust Evidence, Credentials, Behavior Evidence, Credentials, Behavior Personal Privacy vs. Organizational Confidentiality Personal Privacy vs. Organizational Confidentiality Representations and Specifications Representations and Specifications Policies Policies Conditions Conditions Enforcement Enforcement

2. Metrics for Trust, Privacy, Risk, Threats Quantitative metrics like those in fault tolerance Quantitative metrics like those in fault tolerance Vulnerability analysis and threat evaluation Vulnerability analysis and threat evaluation Metrics for trust negotiation and privacy-for- trust trade Metrics for trust negotiation and privacy-for- trust trade Risk management Risk management Economic analysis and tradeoffs and impact on community and society Economic analysis and tradeoffs and impact on community and society

3. New Challenges in Open, Pervasive, and Heterogeneous Environ’s Foundations and common understanding Foundations and common understanding Representation, visualization Representation, visualization Uniform framework for multiple organizational and multiple administrative domains Uniform framework for multiple organizational and multiple administrative domains Conflict resolution and negotiation Conflict resolution and negotiation Data integration Data integration Aggregation and inference Aggregation and inference Data access and dissemination, and Web services Data access and dissemination, and Web services Apoptosis (clean self-destruction) and evaporation Apoptosis (clean self-destruction) and evaporation Data protection techniques: distortion, summarization, encryption and key management, integrity validation Data protection techniques: distortion, summarization, encryption and key management, integrity validation Limitations, incl. low power, small devices in mobile Limitations, incl. low power, small devices in mobile

4. Testbeds, Experiments, Benchmarks, and Assessment Security, attack, fraud benchmarks and scenarios Security, attack, fraud benchmarks and scenarios Help from community Help from community Example: IDS, attack benchmarks/scenarios Example: IDS, attack benchmarks/scenarios Tools for building benchmarks Tools for building benchmarks Testbeds Testbeds Who builds it for public access? Who builds it for public access? Simulation models like ns2 Simulation models like ns2 Validation models like TREC (info retrieval) Validation models like TREC (info retrieval) Forming repositories of data sets and software Forming repositories of data sets and software

5. Legal and Social Issues, and Forensics Forensic data management (not only for cybercrimes) Forensic data management (not only for cybercrimes) Authorization models for data capture, storing and processing Authorization models for data capture, storing and processing Legal evaluation of cyberattacks Legal evaluation of cyberattacks Collaboration with legal/social scinces experts Collaboration with legal/social scinces experts Legal ontologies Legal ontologies Legal domains (incl. jurisdiction) and interoperation Legal domains (incl. jurisdiction) and interoperation E.g., what is “trespassing” in cyberspace? E.g., what is “trespassing” in cyberspace? Lawful responses and legal argumentation Lawful responses and legal argumentation “Self-defense” analogies “Self-defense” analogies

Research Synergies Reliability Reliability Economics Economics Semantic Web Semantic Web Social Sciences and Law Social Sciences and Law …

Inference for Prevention, Detection and Reaction, Tolerance [???] Inference for Prevention, Detection and Reaction, Tolerance [???] Models of the Extended Environment [for Inference???] Models of the Extended Environment [for Inference???] Inference Paths Inference Paths Optimization of Paths Based on Constraints Optimization of Paths Based on Constraints

OLD: 2. Data and Application Metrics Metrics for Security, Privacy, Trust, Quality, … Metrics for Security, Privacy, Trust, Quality, … Vulnerability and Threat Measures Vulnerability and Threat Measures Loss Measures Loss Measures Risk Measures Risk Measures Uniform Measures Across Heterogeneous Domains Uniform Measures Across Heterogeneous Domains

3. Risk Analysis and Mitigation Economic Issues Economic Issues Modeling, Incentives, … Modeling, Incentives, …