Projects



Wireless Web Services Security
Supported by an earmark grant of the U.S. Dept. of Defense (DISA), through Pragmatics, Inc.


Aspects

  • Web services security survey. We have a draft, to be completed and sent to a journal [Fer05].
  • Patterns for web services security. We have written patterns for XML furewalls [Del04], and XACML.
  • Wireless security survey. We have a draft. To be sent to a journal when completed.
  • Architecture for web services/wireless networks. We are preparing a pape
  • We are studying different versions of the problem of access control to physical locations, privacy of cell-phone users, and others. Alvaro Escobar is studying in detail two of these situations. This is part of his Ph. D. Dissertation. Andrei Bretan is studying contexts for access control (his MS Thesis).


Participants

  • Faculty members:
    Dr. Eduardo B. Fernandez, PI
    Dr. Maria M. Larrondo-Petrie, Co-PI
    Dr. Mike VanHilst
    Dr. Shihong Huang

  • Graduate students who are being supported:
    Ph.D.:
    Nelly Delessy-Gassant
    Tami Sorgente
    Alvaro Escobar
    Rashad M. Jillani
    MS:
    Andrei Bretan
    Carlos Oviedo

  • Non-supported individuals (faculty and students):
    Dr. Saeed Rajput
    Juan Pelaez (Ph.D. student)
    Chris Lo (MS student)


Published Or Accepted Conference Papers

  • N. Delessy-Gassant, E. B. Fernandez, S. Rajput, and M. M. Larrondo-Petrie, “Patterns for application firewalls,” Proc. of the Pattern Languages of Programs Conference , September 2004, http://hillside.net/patterns
  • E. B. Fernandez, S. Rajput, M. VanHilst, and M. M. Larrondo-Petrie, “Some security issues of wireless systems”. ISSADS (IEEE Int. Symposium and School on Advanced Distributed Systems), January 24-28, 2005, Guadalajara, Mexico. The paper will appear in the Proceedings to be published by Springer Verlag.
  • E. B. Fernandez, T. Sorgente, and M.M.Larrondo-Petrie, “A UML-based methodology for secure systems: The design stage”, accepted for the 3rd International Workshop on Security in Information Systems (WOSIS-2005), Miami, May 24-25, 2005.
  • E. B. Fernandez and M.M. Larrondo-Petrie, “A secure system development methodology as a guide for teaching security”, accepted for the 3rd Latin American and Caribbean Conference for Engineering and Technology (LACCEI), Cartagena, Colombia, June 2005.
  • J. Pelaez and E. B. Fernandez, “Security in Voice over Internet Protocols (VoIP) networks”, accepted for the 3rd Latin American and Caribbean Conference for Engineering and Technology (LACCEI), Cartagena, Colombia, June 2005.
  • E. B. Fernandez and M. M. Larrondo-Petrie, “Using UML and security patterns to teach secure systems design”, accepted for the ASEE 2005 Annual Conference. Submitted
  • E. B. Fernandez, M. M. Larrondo-Petrie, T. Sorgente, and M. VanHilst, “UML as a generalized access control model”, was sent to the 10th European Symposium on Research in Computer Security (ESORICS 2005).
  • E. B. Fernandez and T. Sorgente, “A pattern language for secure operating system architectures”, was sent to the 5th Latin American Conference on Pattern Languages of Programs, Brazil, August 16-19, 2005.
  • Nelly Delessy and E. B.Fernandez, “Patterns for the eXtensible Access Control Markup Language”, was sent to the Pattern Languages of Programs Conference (PLoP 2005).
  • Tami Sorgente, E. B. Fernandez, and M. M. Larrondo-Petrie, “The SOAP pattern for medical charts”, was sent to PLoP 2005.
  • E. B. Fernandez, Tiranuch Anantvalee, Jennifer Labush, and Maria M. Larrondo-Petrie, .“Analysis patterns for elections”, was sent to VikingPloP 2005.
  • E. B. Fernandez and Ajoy Kumar, “A security pattern for rule-based intrusion detection”, was sent to VikingPLoP 2005.
  • Mauricio Sadicoff, Maria M. Larrondo-Petrie, and E.B.Fernandez, “Privacy-Aware Network Client Pattern”, was sent to PLoP 2005.
  • E. B. Fernandez and Tami Sorgente, “Constrained Resource Assignment Description Pattern”, was sent to VikingPLoP 2005. Tutorials
  • E. B. Fernandez presented a 5-day short course on Internet and web services security at the IEEE International Symposium and School on Advanced Distributed Systems (ISSADS 2005), in Guadalajara, Mexico, January 24-28, 2005.
  • S. Rajput presented a Tutorial on wireless security at the IEEE 2004 International Multitopic Conference in Lahore, Pakistan, Dec. 24-26, 2004.
    http://www.ieeenuces.org/inmic2004/default.asp?page=cfp
  • E. B. Fernandez presented a tutorial on web services security at the IEEE Southeastcon, Fort Lauderdale, April 16, 2005.
  • E. B. Fernandez, “Security patterns and secure systems design using UML”, will be presented at the Int. Conference on Enterprise Information Systems (ICEIS-2005), in Miami, May 24-28, 2005.


Talks and Attendance to Conferences

  • E. B. Fernandez and N. Delessy-Gassant presented a paper at the Pattern Languages of Programs Conference (see above).
  • S. Rajput presented an invited talk on “Application Security is good but Application Defense is better”, at the NSF-sponsored 2nd Intl. Workshop on Frontiers of Information and Technology- 2004, Islamabad, Pakistan, Dec. 20-21.
    http://multimedia.ece.uic.edu/FIT04/
  • E. B. Fernandez presented a paper at ISSADS, Mexico (described above).