The document discusses enhancing ICT security research in Flanders. It outlines essential objectives like performing world-class basic and applied security research, transferring knowledge to industry, and contributing to student training. It also discusses maintaining expertise across many security areas like cryptography, privacy, and secure software development to address trends in security for applications involving e-health, e-commerce, and more. The overall goal is to be a "one-stop shop for ICT security research" through several research programs.

1. security departement security, privacy and trust of E-* 13/10/2011 1

2. Enhance the leading position of ICT-security research in Flanders Essential objectives: perform first class basic and applied research in key areas from ICT security (core) transfer the acquired basic knowledge into the economy (traditional notion of valorization) lower the cost of regulatory compliance of new hardware, software and applications (specific: valorization) contribute actively to training of undergraduate and PhD students, and of industry (valorization too) 2

3. Context, application and technology trends Securityis directly related to dependability, and to trustworthiness – trustworthiness will remain essential Security cannot be achieved as an after-thought; core to software applications and the development & deploymentprocesses Security problems arise anywhere in systems (not only at front- and backdoors): end-to-end quality is required. Trustworthiness requires full life-cycle support (management support) 3

4. security, privacy & trust of E-*:application areas E-health E-media E-society E-commerce E-logistics E-banking …

5. Security Expertise (1/2) Secure programming languages (Clarke, Piessens, Joosen) Security middleware and component frameworks (Piessens, Desmet, Joosen) Secure development process (Scandariato, Joosen) Security monitoring and management (Desmet, Huygens, Joosen) Security for computer networks and pervasive systems (Verbaeten, Huygens, Preneel, Verbauwhede) Security for ad-hoc and wireless networks (Preneel, Verbauwhede) Privacy enhancing technologies, identity management (De Decker, Preneel) Cryptographic software and software obfuscation (Piessens, Preneel) Cryptographic hardware and embedded systems (Verbauwhede, Preneel, Rijmen) Document security, watermarking and perceptual hashing (Preneel) Trusted computing (Verbauwhede, Preneel) Legislation, compliance & policy(Dumortier, )

6. Security Expertise (2/2 and incomplete) Cryptographic algorithms and protocols, foundations of cryptography and provable security (Rijmen, Preneel) Risk management (Huygens. Joosen) Authorisation technologies (Piessens, Joosen, Desmet) Secure System Software (Piessens, Joosen) HW implementation of DRM, watermarking and perceptual hashing (Verbauwhede, Preneel, Rijmen) Side-channel attacks and countermeasures (Verbauwhede, Rijmen, Preneel) Embedded biometry (Verbauwhede, Tuyls) Security for RFID’s, smart-cards, sensor nodes (Verbauwhede, Batina, Preneel, Huygens, Joosen) Evaluation of system security, including requirements, security architectures, software, hardware, cryptographic libraries and smart cards (All)

7. Missionrevisited Security Middleware Privacy Cryptography Watermarking DRM Secure Programming Languages Biometric “To be a one stop shop for security research” Secure Development Risk Management

8. “one-stop-shopfor ICT security research” 5 research programs: embeddedsecurity privacy & identity management programming secure software securitythrough the engineering process legal research, regulatory & policyframeworkfor ICT securingdistributed software

9. The European context (FP7-IST call 8) Track record: About 20 FP6/FP7 projects that relate to trust and security Currently featuring two NoE’s: Cryptology, Bart Preneel from COSIC is currently coordinating ECRYPT II (Network of Excellence on Cryptology), which is a successor to ECRYPT. Service Engineering: WouterJoosen (DistriNet) currently is the Research Director of NESSoS: Engineering Secure Software and Systems for Future Internet Services. … lead generators for new EU projects 9

10. For the business – applied to many hot application domains: Assurance, compliance of new applications, typically Future Internet Services Cloud computing (the next big one after SOA) IoT and embedded software and systems Very long term: Enabling Cost and Risk Assessment For Society: focus on Privacy (Social Networks) Cybercrime 10

11. Service Provider GPS GSM Another example: NextGenITS [ICON] Privacy preserving Electronic Toll Only final fee transmitted to Service Provider Only driver has access to location data Authenticity of reported fee and location data Confidentiality of communications GPS Satellites Driver Fee Calculation Updates OBU Bill Fee Reporting Encrypted Location Data

12. One Example: Bravehealth (FP7-IP 2010-2013) The BRAVEHEALTH system will enable the integration of services provided by mobile resources, legacy applications, data and computing intensive services within a mobile grid to offer personalized e-health services to mobile, nomadic, stationary users. 12

13. Our broader context for strategic research 13 13/10/2011 Focus of this talk

14. Three basic themes in the SecCAS program End to end data protection Improved security in multi-tenant applications Client-centric protection 14

15. Into the market…Some Important trends in cloud security: Cloud security gateways Cloud based recovery Services MDM: Mobile Device Management Services High Assurance Public Identity Providers 13/10/2011 15

16. Conclusion:what it means for the ICON programme We have a lot on our plates! New projects being developed: Mobile device management Security and management dashboards Cloud security Gateways for and by SaaS providers Enhancing the reliability of “social networks” in integrated solutions… Application cases: logistics, transport, health…!!!! 16

18. security departement security, privacy and trust of E-* 13/10/2011 18