2nd International Workshop on Critical Information Infrastructures Security
October 3-5, 2007, Benalmadena-Costa (Malaga), Spain

(Including ITCIP '07, Information Technology for Critical Infrastructure Protection)

CRITIS'07 Program - PDF format

14:00 - 14:30Registration
14:30 - 14:45Welcome
14:45 - 15:35Invited Talk: "Critical Information and Critical Infrastructures. How Do They Relate?"
Adrian Gheorghe, Old Dominion University, US.
  Session 1: R&D Agenda
15:35 - 16:00Towards a European Research Agenda for CIIP: Results from the CI2RCO Project
Uwe Bendisch1, Sandro Bologna2, Gwendal Le Grand3, Eric Luiijf4
1 FhG SIT, Germany
2 ENEA, Italy
3 ENST, France
4 TNO Defence, Security and Safety, Netherlands
16:00 - 16:25ICT Vulnerabilities of the power grid: towards a road map for future research
Alberto Stefanini1, Gerard Doorman2, Nouredine Hadjsaid3
1 Joint Research Centre of the European Commission - Institute for the Protection and Security of the Citizen, Italy
2 Norwegian University of Science and Technology, Norway
3 Institut National Polytechnique de Grenoble, France
16:25 - 16:50Coffe Break
  Session 2: Communication Risk & Assurance I
16:50-17:15An Analysis of Cyclical Interdependencies in Critical Infrastructures
Nils Kalstad Svendsen1, Stephen Wolthusen2
1 Gjřvik University College, Norway
2 University of London, UK
17:15-17:40A Framework for 3D Geospatial Buffering of Events of Interest in Critical Infrastructures
Nils Kalstad Svendsen1, Stephen Wolthusen2
1 Gjřvik University College, Norway
2 University of London, UK
17:40-18:05Designing Information System Risk Management Framework Based on the Past Major Failures in the Japanese Financial Industry
Kenji Watanabe, Takashi Moriyasu
Nagaoka University of Technology, Japan
18:05-18:30Advanced Reaction using Risk Assessment in Intrusion Detection Systems
Wael Kanoun, Nora Cuppens, Frédéric Cuppens
ENST Bretagne, France

09:00-09:50Invited Talk: "The tangled webs of Critical Information Infrastructures"
Paulo Veríssimo, Universidade de Lisboa, Portugal
   Session 3: Communication Risk & Assurance II
09:50-10:15Managing Critical Infrastructures through Virtual Network Communities
Fabrizio Baiardi, Gaspare Sala, Daniele Sgandurra
Universita' di Pisa, Italy
10:15-10:40The structure of the sense of security, Anshin
Yuko Murayama1, Natsuko Hikage1, Yasuhiro Fujiwara1, Carl Hauser2
1 Iwate Prefectural University, Japan
2 Washington State University, USA
10:40-11:05Securing Agents against Malicious Host in an Intrusion Detection System
Rafael Páez, Joan Tomŕs-Buliart, Jordi Forné, Miguel Soriano
Technical University of Catalonia, Spain
11:05-11:30Coffe Break
  Session 4: Code of Practice and Metrics
11:30-11:55Representing the CRUTIAL project domain by means of UML diagrams
Davide Cerotti1, Daniele Codetta-Raiteri2, Susanna Donatelli3, Giovanna Dondossola4, Fabrizio Garrone4
1 Universitŕ del Piemonte Orientale, Italy
2 Consorzio Nazionale Interuniversitario per le Telecomunicazioni, Italy
3 Universitŕ di Torino, Italy
4 CESI Ricerca, Italy
11:55-12:20Expert System CRIPS: Support of Situation Assessment and Decision Making
Hermann Dellwing, Walter Schmitz
IABG mbH, Germany
12:20-12:45Using Dependent CORAS Diagrams to Analyse Mutual Dependency
Heidi E. I. Dahl, Iselin Engan, Ketil Střlen
SINTEF ICT, Cooperative and Trusted Systems, Norway
12:45-13:10A Methodology to Estimate Input-output Inoperability Model Parameters
Roberto Setola, Stefano De Porcellinis
Universita' CAMPUS Bio-Medico, Italy
14:50-15:40Invited Talk: "Critical Infrastructure Interdependency Modeling and Simulation: Current Practices and Challenges"
Donald Dudenhoeffer, Idaho National Labs, USA.
 Session 5: Information Sharing and Exchange
15:40-16:05Efficient Access Control for Secure XML Query Processing in Data Stream
Dong Chan An, Seog Park
Sogang University, South Korea
16:05-16:30An Approach to Trust Management Challenges for Critical Infrastructures
Ioanna Dionysiou1, Deborah Frincke2, Carl Hauser3, Dave Bakken3
1 Intercollege, Cyprus
3 Washington State University, USA
 Session 6: Continuity of Services and Resiliency
16:55-17:20Detecting DNS Amplification Attacks
Georgios Kambourakis, Tassos Moschos, Dimitris Geneiatakis, Stefanos Gritzalis
University of the Aegean, Greece
17:20-17:45LoRDAS: A Low-Rate DoS Attack against Application Servers
Gabriel Maciá-Fernández, Jesús E. Díaz-Verdejo, Pedro García-Teodoro, Francisco de Toro-Negro
University of Granada, Spain
17:45-18:10Intra-AS overlay dedicated to communication resilience
Simon Delamare, Gwendal Le Grand
GET/Télécom Paris, France
18:10-18:35A proposal for the definition of operational plans to provide dependability and security
Daniel Martínez, Gabriel López, Manuel Gil, Antonio F. Gómez-Skarmeta
University of Murcia, Spain

09:00-09:50Invited Talk: "Emerging Technology Challenges in the Protection of Critical Information Infrastructures"
Jacques Bus, European Commission, INFSO Unit "Security".
  Session 7: SCADA and Embedded Security
09:50-10:15Application of Kohonen Maps to Improve Security Tests on Automation Devices
Joao Paulo S. Medeiros, Allison C. Cunha, Agostinho M. Brito Jr., Paulo S. Motta Pires
Universidade Federal do Rio Grande do Norte, Brazil
10:15-10:40Ideal Based Cyber Security Technical Metrics for Control Systems
Wayne Boyer, Miles McQueen
Department of Homeland Security, CSSP
Idaho National Laboratory, USA
10:40-11:05Designing critical infrastructure cyber security segmentation architecture by balancing security with reliability and availability
Kegan Kawano
Industrial Defender, UK
11:05-11:30Coffe Break
  Session 8: Threats and Attacks Modeling
11:30-11:55A General Model and Guidelines for Attack Manifestation Generation
Ulf Larson, Dennis Nilsson, Erland Jonsson
Chalmers University of Technology, Sweden
11:55-12:20A survey on detection techniques to prevent cross-site scripting attacks on current web applications
Joaquin Garcia-Alfaro
Universitat Oberta de Catalunya, Spain
12:20-12:45Attack Modeling of SIP-oriented SPIT
John Mallios, Stelios Dritsas, Bill Tsoumas, Dimitris Gritzalis
Athens University of Economics and Business, Greece
12:45-13:10A Malware Detector Placement Game for Intrusion Detection
Stephan Schmidt1, Tansu Alpcan2, Sahin Albayrak1, Tamer Basar3, Achim Müller2
1 DAI-Labor, Technische Universität Berlin, Germany
2 Telekom Laboratories, Germany
3 Decision and Control Laboratory, University of Illinois, USA
14:50-16:05Panel: "Resilient Critical Information Infrastructures: a myth or a realistic target?"
Chaired by: Jacques Bus, European Commission, INFSO Unit "Security".
Panelists: Mike Corcoran (CPNI, UK), Antonio Diu (AIA, Spain), Claudia Eckert (Fraunhofer SIT, Germany), Saifur Rahman (Virginia Tech, USA), Marc Tritschler (KEMA, UK).
 Session 9: Information Exchange and Modelling
16:30-16:55Modeling and Simulating Information Security Management
Jose M. Sarriegi1, Javier Santos1, Jose M. Torres1, David Imizcoz2, Elyoenai Egozcue2, Daniel Liberal2
1 Tecnun (University of Navarra), Spain
2 s21sec, Spain
16:55-17:20Design of a platform for information exchange on protection of critical infrastructures
Carlo Ferigato, Marcelo Masera
Joint Research Centre - European Commission, Italy
17:20-17:45Towards a Standardised Cross-Sector Information Exchange on Present Risk Factors
Felix Flentge1, Césaire Beyel2, Erich Rome2
1 Darmstadt University of Technology, Germany
2 Fraunhofer-Institute Intelligent Analysis and Information Systems, Germany

UMA Last Modified: September 2007