tuesday october 25, 2005 sobenet project user group meeting 25/10/2005
TRANSCRIPT
![Page 1: Tuesday October 25, 2005 SoBeNeT project User group meeting 25/10/2005](https://reader036.vdocuments.net/reader036/viewer/2022062801/56649e7d5503460f94b8012e/html5/thumbnails/1.jpg)
Tue
sday
Oct
ober
25,
200
5
SoBeNeT project User group meeting
25/10/2005
![Page 2: Tuesday October 25, 2005 SoBeNeT project User group meeting 25/10/2005](https://reader036.vdocuments.net/reader036/viewer/2022062801/56649e7d5503460f94b8012e/html5/thumbnails/2.jpg)
2
Tue
sday
Oct
ober
25,
200
5
Agenda
14:00h Introduction and overview of last year's activities
14:30h Presentation of selected results DistriNet:- Verifiable Contracts for Stack Inspection Based Sandboxing by Jan Smans
- Protecting C and C++ programs from current and future code injection attacks by Yves Younan
15:10h Presentation of selected results COSIC:- Identification and Classification of Critical Software Modules in Modern Applications by Jan Cappaert
15:50h Break
16:00h Presentation of selected results Ubizen:- The best plans don't survive first contact; Bad guys think differently by Eddy Vanlerberghe
16:40h Discussion: feedback and opportunities for validation
17:00h Conclusion
17:10h Informal gathering
![Page 3: Tuesday October 25, 2005 SoBeNeT project User group meeting 25/10/2005](https://reader036.vdocuments.net/reader036/viewer/2022062801/56649e7d5503460f94b8012e/html5/thumbnails/3.jpg)
3
Tue
sday
Oct
ober
25,
200
5
The project in a nutshell
IWT SBO project (2003-2007)Context: availability of security componentsGoal: to enable the development of secure
application software4 Research tracks:
Programming and Composition Software engineering Tamper and analysis resistance Shielding and interception
![Page 4: Tuesday October 25, 2005 SoBeNeT project User group meeting 25/10/2005](https://reader036.vdocuments.net/reader036/viewer/2022062801/56649e7d5503460f94b8012e/html5/thumbnails/4.jpg)
4
Tue
sday
Oct
ober
25,
200
5
The project’s user group
3E Agfa Alcatel Application Engineers (Banksys) Cryptomatic (De Post) EMC2
Inno.com Johan Peeters bvba
Microsoft L-SEC NBB OWASP-Belgium Philips PWC Siemens UZ Gasthuisberg Zetes
User group Channel for direct feedback on the execution of
the project Primary audience for dissemination Possible channel for validation and valorization
Composition:
![Page 5: Tuesday October 25, 2005 SoBeNeT project User group meeting 25/10/2005](https://reader036.vdocuments.net/reader036/viewer/2022062801/56649e7d5503460f94b8012e/html5/thumbnails/5.jpg)
5
Tue
sday
Oct
ober
25,
200
5
Project status
End of second project yearProject execution is mainly on scheduleSubstantial amount of results
Academic: scientific publications and involvement in (inter)national events
Broader: workshops and coursesFirst steps of industrial validation
![Page 6: Tuesday October 25, 2005 SoBeNeT project User group meeting 25/10/2005](https://reader036.vdocuments.net/reader036/viewer/2022062801/56649e7d5503460f94b8012e/html5/thumbnails/6.jpg)
6
Tue
sday
Oct
ober
25,
200
5
Programming and Composition Track
1.1.1: Literature survey of causes and weaknesses Webservices [Krisvdb] and PalmOS [Goovaerts]
1.1.2: Application case studies E-finance [Lagaisse], E-publishing, KWS
1.2.1: Inventory of solution techniques Formal software security [De Win]
1.2.2: Evaluation SoA programming languages C#
1.2.3: Definition optimal programming model Memory allocators for C/C++ [Younan]
![Page 7: Tuesday October 25, 2005 SoBeNeT project User group meeting 25/10/2005](https://reader036.vdocuments.net/reader036/viewer/2022062801/56649e7d5503460f94b8012e/html5/thumbnails/7.jpg)
7
Tue
sday
Oct
ober
25,
200
5
Programming and Composition Track
1.3.1: Composition model for security Survey discussion [De Win], CAS for .NET [Smans]
1.3.2: Complex composition scenarios Improving abstractions [Verhanneman], Generic XACML
binding, Dependency scenarios [Desmet]
1.4.1: Definition basic security requirements 1.4.2: Support for contracts in component frameworks
Extending .NET for contracts [Jacobs]
1.4.3: Evaluation of component frameworks Comparison J2EE, CORBA, .NET, WS, Mobile [Goovaerts]
![Page 8: Tuesday October 25, 2005 SoBeNeT project User group meeting 25/10/2005](https://reader036.vdocuments.net/reader036/viewer/2022062801/56649e7d5503460f94b8012e/html5/thumbnails/8.jpg)
8
Tue
sday
Oct
ober
25,
200
5
Software Engineering Track
2.1.1: Inventory of common security requirements Literature study and case study driven
2.2.1: Study of industry best practice Overview presented in workshop [Ubizen]
2.2.2: Study of mainstream SE processes Focus on UP and XP to be presented in workshop, survey of
relevant research [De Win]
![Page 9: Tuesday October 25, 2005 SoBeNeT project User group meeting 25/10/2005](https://reader036.vdocuments.net/reader036/viewer/2022062801/56649e7d5503460f94b8012e/html5/thumbnails/9.jpg)
9
Tue
sday
Oct
ober
25,
200
5
Tamper and Analysis Resistance Track
3.1.1: Survey of critical software modules Analysis report [Cappaert]
3.2.1: Development of new software effective efforts Description and testing of first ideas [Wyseur]
All results are available on the project website (http://sobenet.cs.kuleuven.be)
![Page 10: Tuesday October 25, 2005 SoBeNeT project User group meeting 25/10/2005](https://reader036.vdocuments.net/reader036/viewer/2022062801/56649e7d5503460f94b8012e/html5/thumbnails/10.jpg)
10
Tue
sday
Oct
ober
25,
200
5
Shielding and Interception Track
4.1.3: Study of interception in the software industry Application to KWS case
4.1.6: Study of transfer mechanisms Inventory of transfer mechanisms
4.1.7: Design of interception point coordination SIAMM and SOSA
4.2.1: Study of formal approaches ASM-based specification of application-level protocols for OO
4.2.2: Derivation of security requirements Protocol conformance checker from ASM specification
[Smans]
4.2.3: Study of attack methods Survey of various attack methods [Ubizen]
4.2.4: Study of attack options Survey of various attack options [Ubizen]
![Page 11: Tuesday October 25, 2005 SoBeNeT project User group meeting 25/10/2005](https://reader036.vdocuments.net/reader036/viewer/2022062801/56649e7d5503460f94b8012e/html5/thumbnails/11.jpg)
11
Tue
sday
Oct
ober
25,
200
5
Focus for Year 02 (revisited)
Headlines Interrelations between point solutions in track
I (Languages and composition)Maturing the application case studies – track I Intensifying the software engineering track –
track II
Cross-fertilization between the above and tracks III en IV respectively
![Page 12: Tuesday October 25, 2005 SoBeNeT project User group meeting 25/10/2005](https://reader036.vdocuments.net/reader036/viewer/2022062801/56649e7d5503460f94b8012e/html5/thumbnails/12.jpg)
12
Tue
sday
Oct
ober
25,
200
5
Headlines of Year 3
Composition model for security (COSMOS): elaboration of new contract types Integration with mainstream component
frameworksRefinement of secure development process
activities (leveraged, among others, by results of other tracks)
Improved techniques for tamper and analysis resistance
Security management and monitoring
![Page 13: Tuesday October 25, 2005 SoBeNeT project User group meeting 25/10/2005](https://reader036.vdocuments.net/reader036/viewer/2022062801/56649e7d5503460f94b8012e/html5/thumbnails/13.jpg)
13
Tue
sday
Oct
ober
25,
200
5
Agenda
14:00h Introduction and overview of last year's activities
14:30h Presentation of selected results DistriNet:- Verifiable Contracts for Stack Inspection Based Sandboxing by Jan Smans
- by Yves Younan
15:10h Presentation of selected results COSIC:- Identification and Classification of Critical Software Modules in Modern Applications by Jan Cappaert
15:50h Break
16:00h Presentation of selected results Ubizen:- The best plans don't survive first contact; Bad guys think differently by Eddy Vanlerberghe
16:40h Discussion: feedback and opportunities for validation
17:00h Conclusion
17:10h Informal gathering
![Page 14: Tuesday October 25, 2005 SoBeNeT project User group meeting 25/10/2005](https://reader036.vdocuments.net/reader036/viewer/2022062801/56649e7d5503460f94b8012e/html5/thumbnails/14.jpg)
14
Tue
sday
Oct
ober
25,
200
5
Feedback and Validation
User group pollMore focus on validationKey target platforms: J2EE and .NET
![Page 15: Tuesday October 25, 2005 SoBeNeT project User group meeting 25/10/2005](https://reader036.vdocuments.net/reader036/viewer/2022062801/56649e7d5503460f94b8012e/html5/thumbnails/15.jpg)
15
Tue
sday
Oct
ober
25,
200
5
Future Events28/10/2005 SoBeNeT workshop “The role of security in
software processes (UP, XP) and software architecture”
14/10/2005 Hack.lu workshop “Web Application Vulnerability Assessment”
09/11/2005 12th ACM Computer and Communication Security Conference (CCS)
21-25/11/2005 IPA Herfstdagen over Security
12-16/12/2005 Javapolis (security track)
20-24/02/2006 Secure application development course
13-15/03/2006 International Symposium on Secure Software Engineering (ISSSE)