Trust and Privacy in Digital Business Third International Conference, TrustBus 2006, Krakow, Poland, September 4-8, 2006, Proceedings

This book presents the proceedings of the Third International Conference on Trust, Privacy and Security in Digital Business (TrustBus 2006), held in Kraków, Poland, September 5-7, 2006. The conference continues from previous events held in Zaragoza (2004) and Copenhagen (2005), and maintains the aim of bringing together academic researchers and industry developers to discuss the state of the art in technology for establishing trust, privacy and security in digital business. We thank the attendees for coming to Kraków to participate and debate the new emerging advances in this area. The conference programme included two keynote presentations, one panel session and eight technical papers sessions. The keynote speeches were delivered by Jeremy Ward from Symantec EMEA on the topic of “Building the Information Assurance Community of Purpose”, and by Günter Karjoth from IBM Research - Zurich, with a talk entitled “Privacy Practices and Economics –– From Privacy Policies to Privacy SLAs. ” The subject of the panel discussion was “Is Security Without Trust Feasible?” chaired by Leszek T. Lilien from Western Michigan University, USA. The reviewed paper sessions covered a broad range of topics, from access control models to security and risk management, and from privacy and identity management to security protocols. The conference attracted 70 submissions, each of which was assigned to four referees for review. The Programme Committee ultimately accepted 24 papers for inclusion, which were revised based upon comments from their reviews.

Session 1: Privacy and Identity Management.- Towards Scalable Management of Privacy Obligations in Enterprises.- A New User-Centric Identity Management Infrastructure for Federated Systems.- Session 2: Security and Risk Management.- Information Security Risk Assessment Model for Risk Management.- On the Limits of Cyber-Insurance.- Towards a Risk Management Perspective on AAIs.- Session 3: Security Requirements and Development.- Towards a UML 2.0 Extension for the Modeling of Security Requirements in Business Processes.- A Framework for Exploiting Security Expertise in Application Development.- On Diffusion and Confusion – Why Electronic Signatures Have Failed.- Session 4: Privacy Enhancing Technologies and Privacy Management.- Extending P3P to Facilitate Proxies Which Pose as a Potential Threat to Privacy.- A Systematic Approach to Privacy Enforcement and Policy Compliance Checking in Enterprises.- A Generic Privacy Enhancing Technology for Pervasive Computing Environments.- Bringing the User Back into Control: A New Paradigm for Usability in Highly Dynamic Systems.- Session 5: Access Control Models.- Extending SQL to Allow the Active Usage of Purposes.- FGAC-QD: Fine-Grained Access Control Model Based on Query Decomposition Strategy.- A Framework for Modeling Restricted Delegation in Service Oriented Architecture.- Session 6: Trust and Reputation.- Reputation-Based Trust Systems for P2P Applications: Design Issues and Comparison Framework.- Towards Trust in Digital Rights Management Systems.- Cluster-Based Analysis and Recommendation of Sellers in Online Auctions.- Trust Model Architecture: Defining Prejudice by Learning.- Session 7: Security Protocols.- How to Protect a Signature from Being Shown to a Third Party.- Security Analysis and Improvement for Key Issuing Schemes in ID-Based Cryptography.- A Secure E-Tender Submission Protocol.- Session 8: Security and Privacy in Mobile Environments.- A Sophisticated Solution for Revealing Attacks on Wireless LAN.- Information Leakage in Ubiquitous Voice-over-IP Communications.