1. Secure and Distributed
Software
Wouter Joosen, IBBT-DistriNet

2. Context
Rapid growth of the Internet:
“not just network applications but
distributed software with
new and complex applications
crossing the boundaries
of organisations…”
Hence a boom of
security challenges.....
(focus of this talk)

3. Secu
Mission Middl rity
eware
Privacy Crypt
ograp
hy
Watermarking
DRM
Secure
g
Programmin Biometric
nt
es
Developme
Languag
“To be a one stop
Secure
Risk
Management
shop for security
research”

4. Expertise (1/2)
Secure programming languages (Piessens, Joosen)
Security middleware and component frameworks (Piessens, Desmet, Joosen)
Secure development process (Scandariato, Joosen)
Security monitoring and management (Huygens, Joosen)
Security for computer networks and pervasive systems
(Verbaeten, Huygens, Preneel, Verbauwhede)
Security for ad-hoc and wireless networks (Preneel, Verbauwhede)
Privacy enhancing technologies, identity management (De Decker, Preneel)
Cryptographic software and software obfuscation (Piessens, Preneel)
Cryptographic hardware and embedded systems (Verbauwhede, Preneel, Rijmen)
Document security, watermarking and perceptual hashing (Preneel)
Trusted computing (Verbauwhede, Preneel)

5. Expertise (2/2)
Cryptographic algorithms and protocols, foundations of cryptography and
provable security (Rijmen, Preneel)
Risk management (Huygens)
Authorisation technologies (Piessens, Joosen, Desmet)
Secure System Software (Piessens, Joosen)
HW implementation of DRM, watermarking and perceptual hashing
(Verbauwhede, Preneel)
Side-channel attacks and countermeasures (Verbauwhede, Rijmen, Preneel)
Embedded biometry (Verbauwhede, Tuyls)
Security for RFID’s, smart-cards, sensor nodes (Verbauwhede, Batina, Preneel)
Evaluation of system security, including requirements, security
architectures, software, hardware, cryptographic libraries and smart cards
(All)

6. Relevance
Tradition in Flanders: security
companies have flourished
Resulting in a competitive education
in a European context
Thus a continuous “stream” of human
capital can enter the labour market
In addition, society urgently
needs solutions – e.g. privacy

7. Evolution and Trends
Systems and applications of growing scale, heterogeneity and
pervasiveness ... “Towards the Internet of Things”
Loosely-coupled ecosystems of services, multi-tenant
systems, outsourced deployment, Software as a Service
(SaaS).
High frequency of change – dynamic adaptations are required.
Support for long term evolution
“All these trends impose challenges for the development and
deployment of software and systems,
the challenge of securing these co-evolves with these trends....”

8. From the FP7 Work Programme:
”Technology and Tools for Trustworthy ICT”
In highly distributed networked process control systems and in
networks of very high number of things. Understanding threat patterns
for pro-active protection.
For user-centric and privacy preserving identity management,
including for management of risks and policy compliance verification.
For management and assurance of security, integrity and availability,
also at very long term, of data and knowledge in business processes
and services.
For assurance and assessment of the trustworthiness of complex and
continuously evolving software systems and services.
In enabling technologies for trustworthy ICT. This includes
cryptography, biometrics; trustworthy communication; virtualisation;
and certification methodologies.

9. Security Team: 9 professors, 80 researchers
Prof. Bart Preneel Prof. Dave Clarke
Prof. Vincent Rijmen Prof. Bart De Decker
Prof. Ingrid Verbauwhede Prof. Christophe Huygens
7 postdocs Prof. Wouter Joosen
40+ doctoral students Prof. Frank Piessens
5 postdocs
30+ doctoral students
9

10. Illustration
AES PeCMan
[Open Competition1997-2001] [IBBT] 2007-2009
S3MS
[FP6+] 2006-2009 Secure Change
[FP7] 2009-2012
Turbine
[FP7] 2008-2011 HATS
[FP7] 2009-2013
TAS3
[FP7] 2008-2011

11. Cryptographic algorithms: Rijndael/AES
S S S S S S S S S S S S S S S S
round
round MixColumns MixColumns MixColumns MixColumns
S S S S S S S S S S S S S S S S
Key Schedule
round key length: 16/24/32 bytes
block length:
.
.
. Rijndael: 16/24/32 bytes
.
. AES: 16 bytes
round
From 2009 onwards all Intel
processors will have a
hardware AES implementation

12. S3MS:
Security of Software and Services for Mobile Systems
FP6 STREP and beyond
Objective:
creation of framework and technological solutions for
secure deployment and execution of mobile
applications
Outcomes:
Definition of the Security by Contract (SxC) paradigm
Java ME and .NET CF realizations of all the necessary
supporting technologies for SxC

13. S3MS:
Security by contract in a nutshell

14. Turbine:
Innovative Digital Identity Solutions
TURBINE aims to develop
innovative digital identity
solutions, combining:
secure, automatic user Name: SMITH
identification thanks to Date of birth: .....
electronic fingerprint Identity managed by issuance
State, including biometrics,
authentication certificates & data protection
mechanism
reliable protection of the
biometrics data through
advanced cryptography
technology. Mr SMITH + ID1 + I0I 0II I0I 0II II0 00II 0I
ID2 + I0I I0I II0 I0I II0 I0I0 I0
ID3 + II0 0II 0II I0I I0I 0II0 I0
.....
Research efforts focus on
transformation of a description
of fingerprints, so that the result
can only be re-generated by
the person with the fingerprints.
Identities are not invertible

15. PecMan:
Introducing Security Service Bus
Application Application Application
Binding Binding Binding
Authorization & Attribute Requests
Security Service Bus Manager Service
Authorization &
Attribute Requests
Authorization
Service
(XACML)

16. PecMan:
An Open Deployment Architecture
AZN Server
PDP 1
Metadata Metadata 3P PIP 3P PEP
3P PIP PIP PEP
PeCMan PeCMan Metadata 3rd Party
3rd Party
Client Server Service Service
Service
Client
MP1 PEP
PeCMan Middleware platform 1 Middleware platform 2
Client PDP 2
Client PeCMan Server 1 PeCMan Server 2

17. TAS3
TAS3 focuses on federated identity management
TAS3 consolidates scattered research inSecurity, Trust,
Privacy, Digital identities, Authorization, Authentication…
TAS3 integrates adaptive business-driven end2end Trust
Services based on personal information:Semantic integration
of Security, Trust, Privacy components
TAS3 provides dynamic view on application-level end2end
exchange of personal data:Distributed data repositories

18. TAS3
Employability Employability
Companies Portfolio
Repository
Schools
Private
Employment
Services Trusted
Employability
Platform Universities
Training
Institutes
Public
Employability Employment
Social Services
Service Network
Providers
Social
Certification Security
Services Services

19. HATS:
Advanced software validation tools
Advanced software validation tools need rigorous
and unambiguous models
Abstract Behavioural Specification Language
Adaptability concerns drive its design
Formalises successful SWPF development method
Behavioural model: concurrency, composability,
modularity, deployment
Abstract away from programming languages, system
architecture

20. HATS:
Scaling Formal Methods to Adaptable Systems
Software Family
models
describes ABS Modeling
variability Language
Parameter
space
Domain Feature model
System derivation
spatial & customization
variability
models Existing Formal Methods
System Product SPEC#, JML, UML, OCL, State
Diagrams, ...
temporal
evolution

21. Secure Change:
Lifelong Development Cycle

22. 4 Research Programs for ICT Security
Embedded Security
Privacy and Identity Management
Secure Software:
support at the implementation level
Security Engineering:
support throughout the software/hardware engineering
process

23. Obvious collaborations
Enabling technologies
Application domains
Industrial collaboration
Europe
Flanders

24. 2019 WILL BRING...

25. THANK YOU