This book constitutes the refereed proceedings of the 35th IFIP TC 11 International Conference on Information Security and Privacy Protection, SEC 2020, held in Maribor, Slovenia, in September 2020. The conference was held virtually due to the COVID-19 pandemic. The 29 full papers presented were carefully reviewed and selected from 149 submissions. The papers present novel research on theoretical and practical aspects of security and privacy protection in ICT systems. They are organized in topical sections on channel attacks; connection security; human aspects of security and privacy; detecting malware and software weaknesses; system security; network security and privacy; access control and authentication; crypto currencies; privacy and security management; and machine learning and security.

This book constitutes the refereed proceedings of the 35th IFIP TC 11 International Conference on Information Security and Privacy Protection, SEC 2020, held in Maribor, Slovenia, in September 2020. The conference was held virtually due to the COVID-19 pandemic. The 29 full papers presented were carefully reviewed and selected from 149 submissions. The papers present novel research on theoretical and practical aspects of security and privacy protection in ICT systems. They are organized in topical sections on channel attacks; connection security; human aspects of security and privacy; detecting malware and software weaknesses; system security; network security and privacy; access control and authentication; crypto currencies; privacy and security management; and machine learning and security.

This book constitutes the refereed conference proceedings of the 7th Annual Privacy Forum, APF 2019, held in Rome, Italy, in June 2019. The 11 revised full papers were carefully reviewed and selected from 49 submissions. The papers present original work on the themes of data protection and privacy and their repercussions on technology, business, government, law, society, policy and law enforcement bridging the gap between research, business models, and policy. They are organized in topical sections on transparency, users' rights, risk assessment, and applications.

This book constitutes the thoroughly refereed post-conference proceedings of the 6th Annual Privacy Forum, APF 2018, held in Barcelona, Spain, in June 2018. The 11 revised full papers were carefully reviewed and selected from 49 submissions. The papers are grouped in topical sections named: technical analysis and techniques; privacy implementation; compliance; and legal aspects.

The need for information privacy and security continues to grow and gets increasingly recognized. In this regard, Privacy-preserving Attribute-based Credentials (Privacy-ABCs) are elegant techniques to provide secure yet privacy-respecting access control. This book addresses the federation and interchangeability of Privacy-ABC technologies. It defines a common, unified architecture for Privacy-ABC systems that allows their respective features to be compared and combined Further, this book presents open reference implementations of selected Privacy-ABC systems and explains how to deploy them in actual production pilots, allowing provably accredited members of restricted communities to provide anonymous feedback on their community or its members. To date, credentials such as digitally signed pieces of personal information or other information used to authenticate or identify a user have not been designed to respect the users' privacy. They inevitably reveal the identity of the holder even though the application at hand often needs much less information, e.g. only the confirmation that the holder is a teenager or is eligible for social benefits. In contrast, Privacy-ABCs allow their holders to reveal only their minimal information required by the applications, without giving away their full identity information. Privacy-ABCs thus facilitate the implementation of a trustworthy and at the same time privacy-respecting digital society. The ABC4Trust project as a multidisciplinary and European project, gives a technological response to questions linked to data protection. Viviane Reding (Former Vice-president of the European Commission, Member of European Parliament)

The need for information privacy and security continues to grow and gets increasingly recognized. In this regard, Privacy-preserving Attribute-based Credentials (Privacy-ABCs) are elegant techniques to provide secure yet privacy-respecting access control. This book addresses the federation and interchangeability of Privacy-ABC technologies. It defines a common, unified architecture for Privacy-ABC systems that allows their respective features to be compared and combined Further, this book presents open reference implementations of selected Privacy-ABC systems and explains how to deploy them in actual production pilots, allowing provably accredited members of restricted communities to provide anonymous feedback on their community or its members. To date, credentials such as digitally signed pieces of personal information or other information used to authenticate or identify a user have not been designed to respect the users' privacy. They inevitably reveal the identity of the holder even though the application at hand often needs much less information, e.g. only the confirmation that the holder is a teenager or is eligible for social benefits. In contrast, Privacy-ABCs allow their holders to reveal only their minimal information required by the applications, without giving away their full identity information. Privacy-ABCs thus facilitate the implementation of a trustworthy and at the same time privacy-respecting digital society. The ABC4Trust project as a multidisciplinary and European project, gives a technological response to questions linked to data protection. Viviane Reding (Former Vice-president of the European Commission, Member of European Parliament)

At the end of the PrimeLife EU project, a book will contain the main research results. It will address primarily researchers. In addition to fundamental research it will contain description of best practice solutions.

The IT environment now includes novel, dynamic approaches such as mobility, wearability, ubiquity, ad hoc use, mind/body orientation, and business/ market orientation. This modern environment challenges the whole information security research community to focus on interdisciplinary and holistic approaches while retaining the benefit of previous research efforts. This book contains the Proceedings of the 21st IFIP TC-11 International Information Security Conference (IFIP/SEC 2006) on "Security and Privacy in Dynamic Environments." The papers in this have a special emphasis on Privacy and Privacy Enhancing Technologies. Further topics addressed include security in mobile and ad hoc networks, access control for dynamic environments, new forms of attacks, security awareness, intrusion detection, and network forensics.

Digitising personal information is changing our ways of identifying persons and managing relations. What used to be a "natural" identity, is now as virtual as a user account at a web portal, an email address, or a mobile phone number. It is subject to diverse forms of identity management in business, administration, and among citizens. Core question and source of conflict is who owns how much identity information of whom and who needs to place trust into which identity information to allow access to resources.

This book presents multidisciplinary answers from research, government, and industry. Research from states with different cultures on the identification of citizens and ID cards is combined towards analysis of HighTechIDs and Virtual Identities, considering privacy, mobility, profiling, forensics, and identity related crime.

"FIDIS has put Europe on the global map as a place for high quality identity management research." -V. Reding, Commissioner, Responsible for Information Society and Media (EU)

These proceedings contain the papers of IFIP/SEC 2010. It was a special honour and privilege to chair the Program Committee and prepare the proceedings for this conf- ence, which is the 25th in a series of well-established international conferences on security and privacy organized annually by Technical Committee 11 (TC-11) of IFIP. Moreover, in 2010 it is part of the IFIP World Computer Congress 2010 celebrating both the Golden Jubilee of IFIP (founded in 1960) and the Silver Jubilee of the SEC conference in the exciting city of Brisbane, Australia, during September 20-23. The call for papers went out with the challenging motto of "Security & Privacy Silver Linings in the Cloud" building a bridge between the long standing issues of security and privacy and the most recent developments in information and commu- cation technology. It attracted 102 submissions. All of them were evaluated on the basis of their significance, novelty, and technical quality by at least five member of the Program Committee. The Program Committee meeting was held electronically over a period of a week. Of the papers submitted, 25 were selected for presentation at the conference; the acceptance rate was therefore as low as 24. 5% making SEC 2010 a highly competitive forum. One of those 25 submissions could unfortunately not be included in the proceedings, as none of its authors registered in time to present the paper at the conference.

Digitising personal information is changing our ways of identifying persons and managing relations. What used to be a "natural" identity, is now as virtual as a user account at a web portal, an email address, or a mobile phone number. It is subject to diverse forms of identity management in business, administration, and among citizens. Core question and source of conflict is who owns how much identity information of whom and who needs to place trust into which identity information to allow access to resources.

This book presents multidisciplinary answers from research, government, and industry. Research from states with different cultures on the identification of citizens and ID cards is combined towards analysis of HighTechIDs and Virtual Identities, considering privacy, mobility, profiling, forensics, and identity related crime.

"FIDIS has put Europe on the global map as a place for high quality identity management research." V. Reding, Commissioner, Responsible for Information Society and Media (EU)"

Jan Muntermann presents an intraday event study that is conducted within the German capital market, and provides evidence that investors could exploit intraday stock price effects following critical market events. He then develops the concept for a corresponding mobile decision support system that assists investors in identifying those events. Based on the design science research paradigm, he uses this concept in the design of a novel mobile decision support system, which can provide ubiquitous information access to private investors.

This book constitutes the refereed proceedings of the Second International Workshop on Security, IWSEC 2007, held in Nara, Japan, October 29-31, 2007.

The 30 revised full papers presented were carefully reviewed and selected from 112 submissions. The papers are organized in topical sections on Software and Multimedia security, Public-key cryptography, Network security, E-commerce and Voting, Operating systems, Security and Information management, Anonymity and Privacy and Digital signatures, Hash function and Protocol.

This book constitutes the refereed proceedings of the First International Workshop on Security, IWSEC 2006, held in Kyoto, Japan in October 2006. The 30 revised full papers presented were carefully reviewed and selected from 147 submissions.

This book contains the Proceedings of the 21st IFIP TC-11 International Information Security Conference (IFIP/SEC 2006) on "Security and Privacy in Dynamic Environments." The papers presented here place a special emphasis on Privacy and Privacy Enhancing Technologies. Further topics addressed include security in mobile and ad hoc networks, access control for dynamic environments, new forms of attacks, security awareness, intrusion detection, and network forensics.

This book constitutes the refereed conference proceedings of the 10th Annual Privacy Forum, APF 2022 in Warsaw, Poland in June 2022. The 8 full papers were carefully reviewed and selected from 38 submissions. The papers are organized in the area of privacy and data protection while focusing on privacy related application areas. A large focus of the 2022 conference was on the General Data Protection Regulation (GDPR).

For 60 years the International Federation for Information Processing (IFIP) has been advancing research in Information and Communication Technology (ICT). This book looks into both past experiences and future perspectives using the core of IFIP's competence, its Technical Committees (TCs) and Working Groups (WGs). Soon after IFIP was founded, it established TCs and related WGs to foster the exchange and development of the scientific and technical aspects of information processing. IFIP TCs are as diverse as the different aspects of information processing, but they share the following aims: To establish and maintain liaison with national and international organizations with allied interests and to foster cooperative action, collaborative research, and information exchange. To identify subjects and priorities for research, to stimulate theoretical work on fundamental issues, and to foster fundamental research which will underpin future development. To provide a forum for professionals with a view to promoting the study, collection, exchange, and dissemination of ideas, information, and research findings and thereby to promote the state of the art. To seek and use the most effective ways of disseminating information about IFIP's work including the organization of conferences, workshops and symposia and the timely production of relevant publications. To have special regard for the needs of developing countries and to seek practicable ways of working with them. To encourage communication and to promote interaction between users, practitioners, and researchers. To foster interdisciplinary work and - in particular - to collaborate with other Technical Committees and Working Groups. The 17 contributions in this book describe the scientific, technical, and further work in TCs and WGs and in many cases also assess the future consequences of the work's results. These contributions explore the developments of IFIP and the ICT profession now and over the next 60 years. The contributions are arranged per TC and conclude with the chapter on the IFIP code of ethics and conduct.

For 60 years the International Federation for Information Processing (IFIP) has been advancing research in Information and Communication Technology (ICT). This book looks into both past experiences and future perspectives using the core of IFIP's competence, its Technical Committees (TCs) and Working Groups (WGs). Soon after IFIP was founded, it established TCs and related WGs to foster the exchange and development of the scientific and technical aspects of information processing. IFIP TCs are as diverse as the different aspects of information processing, but they share the following aims: To establish and maintain liaison with national and international organizations with allied interests and to foster cooperative action, collaborative research, and information exchange. To identify subjects and priorities for research, to stimulate theoretical work on fundamental issues, and to foster fundamental research which will underpin future development. To provide a forum for professionals with a view to promoting the study, collection, exchange, and dissemination of ideas, information, and research findings and thereby to promote the state of the art. To seek and use the most effective ways of disseminating information about IFIP's work including the organization of conferences, workshops and symposia and the timely production of relevant publications. To have special regard for the needs of developing countries and to seek practicable ways of working with them. To encourage communication and to promote interaction between users, practitioners, and researchers. To foster interdisciplinary work and - in particular - to collaborate with other Technical Committees and Working Groups. The 17 contributions in this book describe the scientific, technical, and further work in TCs and WGs and in many cases also assess the future consequences of the work's results. These contributions explore the developments of IFIP and the ICT profession now and over the next 60 years. The contributions are arranged per TC and conclude with the chapter on the IFIP code of ethics and conduct.

This book constitutes the refereed conference proceedings of the 9th Annual Privacy Forum, APF 2021. Due to COVID-19 pandemic the conference was held virtually. The 9 revised full papers were carefully reviewed and selected from 43 submissions. The papers are organized in topical sections on Implementing Personal Data Processing Principles; Privacy Enhancing Technologies; Promoting Compliance with the GDPR.

This book constitutes the refereed conference proceedings of the 8th Annual Privacy Forum, APF 2020, held in Lisbon, Portugal, in October 2020. The 12 revised full papers were carefully reviewed and selected from 59 submissions. The papers are organized in topical sections on impact assessment; privacy by design; data protection and security; and transparency.

This book constitutes the thoroughly refereed post-conference proceedings of the 5th Annual Privacy Forum, APF 2017, held in Vienna, Austria, in June 2017. The 12 revised full papers were carefully selected from 41 submissions on the basis of significance, novelty, and scientific quality. These selected papers are organized in three different chapters corresponding to the conference sessions. The first chapter, "Data Protection Regulation", discusses topics concerning big genetic data, a privacy-preserving European identity ecosystem, the right to be forgotten und the re-use of privacy risk analysis. The second chapter, "Neutralisation and Anonymization", discusses neutralisation of threat actors, privacy by design data exchange between CSIRTs, differential privacy and database anonymization. Finally, the third chapter, "Privacy Policies in Practice", discusses privacy by design, privacy scores, privacy data management in healthcare and trade-offs between privacy and utility.

This book constitutes the refereed conference proceedings of the 4th Annual Privacy Forum, APF 2016, held in Frankfurt/Main, Germany, in September 2016. The 12 revised full papers presented in this volume were carefully reviewed and selected from 32 submissions. The papers are organized in three sessions: eIDAS and data protection regulation; IoT and public clouds; and privacy policies and privacy risk presentation.

Mit dem Beginn des neuen Jahrtausends werden die Themen um die Verlasslichkeit komplexer, vernetzter Systeme so virulent wie nie zuvor. Es sind Konzepte und Losungswege gefragt, die sich in einer global vernetzten IT-Umgebung bewahren und gleichzeitig offen sind fur Erweiterungen, mit denen neuen Herausforderungen an die IT-Sicherheit gegegnet werden kann. Im einzelnen geht es insbesondere um die folgenden sicherheitskritischen Themenbereiche: Elektronischer Handel, Virtualisierung des Geldes, rechtlich wirksame Geschaftsablaufe, Digitale Signaturen. Es geht ferner um Fragen des Copyrights im Zeitalter elektronisch verfugbarer Dokumente, neue Techniken bei der Nutzung des Internets zur Realisierung sicherer Kommunikation, schliesslich um die Vernetzung in extrem sicherheitssensitiven Bereichen wie z.B. bei der medizinischen Versorgung.
Das Buch ist Ergebnis und Arbeitsgrundlage der GI-Tagung "VIS99 - Verlassliche IT-Systeme," die vom 22-24. September 1999 in Essen stattgefunden hat.
"

Anwendungen wie "Electronic Commerce" oder Mobilkommunikation machen deutlich, dass das Thema IT-Sicherheit aktueller ist denn je. Die sorgfaltig ausgewahlten Beitrage der VIS '97 (5. Fachtagung der GI-Fachgruppe "Verlassliche IT-Systeme") bieten einen guten Uberblick nicht nur uber die technischen, sondern auch die organisatorischen, rechtlichen und politischen Rahmenbedingungen. Themen sind u. a. Copyright-Schutz digitaler Daten, Electronic Commerce, das Signaturgesetz, Systemschutz in offenen Netzen, Schutz von Kommunikationsinhalten und -beziehungen und Steganographie. Das Buch empfiehlt sich insbesondere fur IT-Verantwortliche in Unternehmen sowie Entwickler und Berater im Bereich IT-Sicherheit."

Zertifizierung und Evaluation von IT-Sicherheit gewinnen mehr und mehr Bedeutung, nicht zuletzt durch einschlagige Bestimmungen des neuen deutschen Gesetzes zur digitalen Signatur.
Dieses Buch gibt aus unabhangiger Perspektive einen Uberblick uber Stand, Entwicklung und Kriterien der IT-Sicherheitszertifizierung. Es stellt herkommlicher IT-Sicherheit, die vor allem das Interesse der Systembetreiber im Blickfeld hatte, mehrseitige IT-Sicherheit gegenuber, also den gleichberechtigten Schutz von Nutzern und Kunden.
Auf der Basis neuer Erfahrungen werden zusatzlich die Organisation von IT-Sicherheitszertifizierung und -evaluation untersucht und Vorschlage zur Steigerung ihrer Effizienz entwickelt.
Dieses Buch nutzt besonders Beschaffern, Betreibern und Verwaltern von IT-Systemen sowie Datenschutz- und Sicherheitsverantwortlichen und gibt ihnen u.a. die Moglichkeit, bei einer Kaufentscheidung die ihnen prasentierten Zertifikate besser einzuordnen. Produkt- und Systementwickler bekommen Einblick in Ziele und Ablauf der IT-Sicherheitszertifizierung."