Organisers

Ali E. Abdallah, London South Bank University
Bruce Beckles, University of Cambridge Computing Service
Peter Ryan, Newcastle University

Programme committee

Mark Baker, University of Reading
Andrew Cormack, JANET(UK)
Alejandro Frangi, Universitat Pompeu Fabra
John Harrison, CPNI
Luigi Lo Iacono, NEC Laboratories Europe, NEC Europe Ltd
Jens Jensen, Rutherford Appleton Laboratory, STFC
Mike Jones, The University of Manchester
Andrew Martin, University of Oxford
Geraint Price, RHUL
Richard Sinnott, University of Glasgow
Matthew Smith, Philipps-Universität Marburg
…and others to be confirmed.

This workshop is organised in association with the e-Science Institute Thematic Programme: Trust and Security in Virtual Communities.

Description of workshop

Grid stakeholders, the vast majority of whom are non-security specialists, all have vested interests in grid security, although they may not always be explicitly aware of this. They are likely to view technical grid security controls, mechanisms, and procedures as a means to achieve information assurance – a higher-level goal to which they can more easily relate. For example, information owners seek assurances that their data (whether scientific data, tax information, or patient records) are adequately protected. Project managers (whether scientists, government officials, or hospital managers) seek assurances that the right information assets are protected and that these are protected in the right way. Organizations (such as universities, businesses and government departments) demand assurances that being part of the grid environment does not increase the risk of compromising their resources. Other stakeholders such as application developers need the security requirements of their applications to be met by the security controls provided in the grid environment. Lastly, but no less importantly, end-users require the security mechanisms in their applications to be usable, not to be a barrier to their progress, and to be seamlessly integrated with their desired ways of working.

There seems to be a large gap between the security currently provided by grid applications and the information assurance increasingly demanded by the various stakeholders. As stakeholders increasingly seek to harness the potential of the grid environment for more sensitive applications (such as those involving medical data, e.g. the Virtual Physiological Human), the demands for various sorts of information assurance will only intensify. Unfortunately, these demands are unlikely to be met as long as all classes of stakeholder are not actively involved in determining the security policies and mechanisms of grid environments. The main objective of this workshop is to work towards bridging this gap by providing a forum for interdisciplinary discussions between the various stakeholders. An essential part of this process is eliciting real world problems from existing and potential stakeholders, evaluating proposed solutions, avoiding costly pitfalls and sharing best practice.

Call for papers

The workshop will take the form of a mini-symposium with presentation sessions of refereed papers and a discussion session. Topics of interest include:

• Eliciting security requirements for grid applications with emphasis on authentication, authorisation, auditing, accounting and availability
• Capturing confidentiality, privacy and anonymity requirements and evaluating mechanisms for their implementations on the grid
• Describing security barriers of interest to other stakeholders and sharing best practice for overcoming them
• Integrating security and usability requirements to achieve appropriate levels of assurance
• Integration of security policies of competing stakeholders
• Use of assurance methods for evaluating specific grid applications
• Software engineering best practice in the development of secure software
• Information risk management and evaluation of security risks for various categories of grid applications
• Handling sensitive data (e.g. medical data) in grid environments
• Legal and regulatory compliance of grid applications across national boundaries
• Provisions for business continuity and disaster recovery
• Assurance requirements for mission/safety critical grid applications
• Assurance requirements for medical and e-Health grid applications
• Security of shared resources in academic environments (e.g. Campus Grids)
• Business cases for grid security
• Security of grid Web Services