To raise the security awareness and knowledge within APAN community
- To exchange experience and knowledge in network security technologies and issues, and
- To cooperate with other international security efforts to raise security awareness, capabilities and interoperation globally.
Security related topics includes protection of the physical, intellectual, and electronic assets of the APAN and other network, including its security policies, network access controls, virus protection, network administration, auditing, and transaction security.
Time: 11:00 - 12:30
Session Chair: Yoshiaki Kasahara
- WISE: Bringing into reality global information security collaboration - WISE_AlessandraScicchitano_APAN41_.pdf
Alessandra Scicchitano, GEANT
[Alessandra.Scicchitano AT geant.org]
Nowadays researchers use the network to run their experiments in clouds and grid infrastructures and use the internet to exchange results and data. In order to do that, they have to have confidence that they can use the Internet for secure and reliable communication all across the world.
Real security on the Internet can only be realised within a broader context of trust and respect. Collaboration is the key to successful information security.
WISE stands for Wise Information Security for collaborating E-infrastructures and was born as a workshop from the joint effort of SIG-ISM (Special Interest Group on Information Security Management) and SCI (Security for Collaboration among Infrastructures). The goal of the workshop was bringing together 4 big e-infrastructures EGI, EUDAT, GEANT and PRACE in the same room in order to facilitate the exchange of experience and knowledge on security.
During the three days spent together in Barcelona in October 2015 where not only the e-infrastructures but also NRENs, XSEDE, NCSA, CTSC and communities like HEP/CERN, HBP and many others were present, a more profound need for such a collaboration together with the benefits that it could bring became evident.
The audience engaged in lively discussions on how to collaborate and help each other giving life to what today can be called the WISE community.
WISE aims at providing a trusted global framework where security experts can share information on different topics like risk management, experiences about certification process and threat intelligence.
This presentation will detail the outcome of the workshop and the work being undertaken by WISE to bring into reality this global collaboration. Furthermore, it will be a call for participation to all people interested in security with a summary of the benefits to be gained by e-infrastructures and not only in joining the community.
Alessandra Scicchitano holds a Dr.Ing. degree in Computer Engineering and Ph.D. degree in System and Networking with a PhD dissertation on scheduling algorithm for IQ switches. After her PhD studies, she joined the IBM Zurich Research Lab as a PostDoc, working on the IEEE 802.1au standard and on algorithms for adaptive routing in HPC systems. Today she is a Project Development Officer at the Amsterdam office of GEANT where she works primarily in the security and middleware areas and is responsible for the TCS certificate service and the support of the Information Security Management SIG. Prior to GEANT she was part of the Peta Solutions team at SWITCH, the Swiss NREN, and her main focus was on virtualization and E2E performance. Alessandra is the coordinator of the WISE community and the chair of the Security in Big Data working group.
- Migrating of the student user ID scheme for intra-institutional information service in Kyushu University - Student-ID-kasahara.pdf
Yoshiaki Kasahara, Eisuke Ito, Naomi Fujimura, Masahiro Obana, Kyushu University
[kasahara AT nc.kyushu-u.ac.jp]
In Kyushu University, a traditional "Student ID" based on student number assigned by Student Affairs Department had been used as the user ID of various IT services for a long time. There were some security and usability concerns using Student ID as a user ID. Since Student ID was used as the e-mail address of the student, it was easy to leak outside. Student ID is constructed based on a department code and a serial number, so guessing other ID strings from one ID is easy. Student ID is issued at the day of the entrance ceremony, so it is not usable for pre-entrance education. Student ID will change when the student moves to another department or proceeds from undergraduate to graduate school, so he/she loses personal data when Student ID changes. To solve these problems, Kyushu University decided to introduce another unchanging user ID independent from Student ID. This presentation reports the design of new user ID scheme, ID management system we are using, and the effect of introduction of new user ID scheme.
Yoshiaki Kasahara received the Dr. of Engineering degree from Department of Computer Science and Communication Engineering, Kyushu University in 1996. After that he has been Assistant Professor at Research Institute for Information Technology, formerly Computer Center in Kyushu University. His current research interests include network security such as intrusion detection and prevention, and network and ICT service operation. He is also working for operating campus network and services such as email, DNS, private cloud etc in Kyushu University.
- Detecting Web-based Malware in advance of Downloading Malicious Files - Detecting_Web-based_Malware_kozaki.pdf
Shota Kozaki, Waseda University
[Kozaki AT goto.info.waseda.ac.jp]
This paper tries to detect Web-based malware before a user downloads malicious files. We analyze redirections in HTTP flows. Our new method can discriminate malicious and benign redirections by extracting feature values from HTTP flows. It applies a machine learning method, Support Vector Machine, to the extracted features. The new method is light weight because it is not necessary to analyze contents data from Web servers. This method can detect malicious redirections in a small number of steps.
Shota Kozaki is a second grade master student at Department of Computer
Science and Commuications Engineering, Waseda University, Tokyo, Japan.
He graduated from Waseda University in March 2014. Mr Kozaki has been
conducting projects in network security.