This event is endorsed
and organized by

The First EAI International Conference on Security and Privacy in New Computing Environments

December 15–16, 2016 | Guangzhou, People's Republic of China

Dr. Victor Chang, IBSS, Xi'an Jiaotong University, Suzhou, China

The journey and development for Cloud Computing Adoption

Framework (CCAF) for cloud and big data security



This keynote presents a cloud computing adoption framework (CCAF) security suitable for business clouds. CCAF multi-layered security is based on the development and integration of three major security technologies: firewall, identity management, and encryption based on the development of enterprise file sync and share technologies. This keynote presents the vision, related works, industrial requirements and views on security framework. Core technologies have been explained in detail, and experiments were designed to demonstrate the robustness of the CCAF multi-layered security. In penetration testing, CCAF multi-layered security could detect and block 99.95% viruses and trojans, and could achieve ≥85% of blocking for 100 h of continuous attack. Detection and blocking took < 0.012 s/trojan or virus. A full CCAF multi-layered security protection could block all SQL (structured query language) injection, providing real protection to data. CCAF multi-layered security did not report any false alarm. All F-measures for CCAF test results were ≥99.75%. Since our Data Center has 10 petabytes of data, there is a huge task to provide real-time protection and quarantine. We use Business Process Modeling Notation (BPMN) to simulate how data is in use to know how long recovery should be complete. The mechanism of blending of CCAF multi-layered security with policy, real services, and business activities has been illustrated. Research contributions have been justified and CCAF multi-layered security can be beneficial for volume, velocity, and veracity of big data services operated in the cloud.
Dr. Victor Chang is an Associate Professor in Information Management and Information Systems at International Business School Suzhou (IBSS), Xi'an Jiaotong Liverpool University, China. He is a Director of PhD Program and the 2016 European and Cloud Identity winner of "Best Project in Research". Victor Chang was a Senior Lecturer in the School of Computing, Creative Technologies at Leeds Beckett University, UK and a visiting Researcher at the University of Southampton, UK. He is an expert on Cloud Computing and Big Data in both academia and industry with extensive experience in related areas since 1998. He completed a PGCert (Higher Education) and PhD (Computer Science) within four years while working full-time. He has over 100 peer-reviewed published papers. He won £20,000 funding in 2001 and £81,000 funding in 2009. He was involved in part of the £6.5 million project in 2004, part of the £5.6 million project in 2006 and part of a £300,000 project in 2013. He won a 2011 European Identity Award in Cloud Migration and 2016 award. He was selected to present his research in the House of Commons in 2011 and won the best papers in 2012 and 2015. He has demonstrated ten different services in Cloud Computing and Big Data services in both of his practitioner and academic experience. His proposed frameworks have been adopted by several organizations. He is the founding chair of international workshops in Emerging Software as a Service and Analytics and Enterprise Security. He is a joint Editor-in-Chief (EIC) in International Journal of Organizational and Collective Intelligence and a founding EIC in Open Journal of Big Data. He is the Editor of a highly prestigious journal, Future Generation Computer Systems (FGCS). His security paper is the most popular paper in IEEE Transactions in Services Computing and his FGCS paper has one of the fastest citation rate. He is a reviewer of numerous well-known journals and had published three books on Cloud Computing which are available on Amazon website. He is a keynote speaker for CLOSER 2015/WEBIST2015/ICTforAgeingWell 2015 and has received positive support. He is the founding chair of IoTBD 2016 and COMPLEXIS 2016 conferences.

Fernando Pérez-González, University of Vigo, Spain

Location privacy: where do we stand and where are we going?







Over time, users have become accustomed to sharing personal data when they install new apps in their smartphones. Declining to do so, normally aborts the installation process. Sadly, users have convinced themselves that the value of their data is much lower than that of the apps they install, “after all, they have nothing to hide”. And thus, in redefining their business models many companies have touted better services and applications which even come for free, in exchange for some loss of privacy. However, as we will argue, privacy and utility do not necessarily make up a zero-sum game.


In the case of space-time location, a kind of information that should be considered private, there are a number of alternatives for adversaries to learn it, ranging from the triangulation of cellular phone signals to the metadata of pictures shared in social networks. Using the powerful inference capabilities of data mining, some companies are even promising to combine all the available inputs to predict what will be the location of a person in the near future. A recent MIT study showed that with only four approximate space-time points, it was possible to univocally de-anonymize a user in a database with 1.5 million of them. And this might be only the beginning, as ever more intrusive applications step in. Even putting such Orwellian perspective aside, it is easy to understand the immense value of location data. But there is more that users can do than giving up...


In this talk we will revisit the techniques, some of them little known, that can be applied to find out where we are, and the potential threats that they entail when combined with data mining. Guaranteeing location privacy turns out to be an elusive problem, starting with the lack of one-fits-all definitions. We will describe the technologies that have been proposed during the last decade to protect location privacy, including anonymization, obfuscation, mixes, and processing with encrypted signals. Those technologies stand at the crossroads of several disciplines such as signal processing, information theory, software engineering, database management, game theory and cryptography. But we will also adopt a critical point of view: in complicating the setups and definitions, researchers have failed to answer some fundamental questions that we will single out. To conclude, we will discuss the challenges that lie ahead and their practical and societal impact.    





Fernando Pérez-González received his Ph.D. in Telecommunication Engineering from the University of Vigo, Spain, in 1993. He is Professor at the Signal Theory and Communications Department, University of Vigo since 2000, where he leads the Signal Processing and Communications Group (GPSC).


In 2007-2014 he was the founding Executive Director of the Galician Research and Development Center in Advanced Telecommunications (GRADIANT), a semi-private research center. From 2009-2012 he was the holder of the prestigious Prince of Asturias Endowed Chair on Information Science and Technology at the University of New Mexico (UNM).


His research interests lie in the crossroads of signal processing, security/privacy and communications, in particular, those problems in which an adversary is present. Prof. Pérez-González has coauthored more than 200 journal and conference papers, 15 international patents, and has participated in 5 European projects related to multimedia security. He has served in the Editorial Board of several international journals, including IEEE Trans. on Information Forensics and Security and IEEE Signal Processing Letters.


He is a member of the Galician Royal Academy of Sciences and an IEEE Fellow. 



Dongdai Lin

Institute of Information Engineering of the Chinese Academy of Sciences

Security Challenges in the “Sea-Cloud” Environment


With the rapid development of communication and computer science, Information technology such as computer and computer network has been deeply merged into every aspect of our lives. Information technology linked the human society, the physical world and information space together, formed a new environment of "human-machine-thing" integration. And this greatly influenced the politics, economy, culture and our daily lives, promoted the progress of the society. The informatization level has become a symbol of the contemporary social productivity.


The future information technology is facing four fundamental challenges: the scalability of the amounts of accessed terminals, mass data processing performance, energy consumption and security. In response to these challenges, in 2012, the Chinese Academy of Sciences started "For the perception of China's new generation of information technology research" Strategic Priority Research Program. The Program gears to the needs of the "Perception of China" strategy, seizes the new opportunities of "human-machine-thing" integration, and takes the building of "Sea-Cloud innovation testing environment" as the driving force. The Program will change the information technology research mode, and promote a number of major information technologies and scientific innovations. The Program will lay the technological foundation for the integration and utilization of information resources, physical resources and social resources, and hence lead the new generation of IT strategic emerging industries by leaps and bounds. As a result, the Program will provide critical technical support for the construction and development ubiquitous, intelligence, security, service-oriented information society.


In this talk, we will explore the new problems and new challenges in the “human-machine-thing” integration and sea-cloud collaborative computation environment from the point of view of information security, introduce the thoughts and efforts we have made under the framework of this project.




Dongdai Lin received his M.S. degree and the Ph.D. degree in fundamental mathematics from the Institute of Systems Science, Chinese Academy of Sciences, Beijing, China, in 1987 and in 1990 respectively. He is currently the Director of the State Key Laboratory of Information Security, Institute of Information Engineering of the Chinese Academy of Sciences. He has published more than 200 research papers in journals and conference proceedings. His research interests include cryptology, security protocols, information security and symbolic computation, and he is currently working on information security and privacy, sequences and stream cipher, Boolean functions and Block ciphers. He has been awarded the first prize of Science and Technology Progress Award for Cryptology in 2006 and the second prize of National Award for Science and Technology Progress in 2011.


HUI, Lucas Chi-kwong (Dr.)

The University of Hong Kong

"Vehicular ad hoc network security, what are the issues?"


Recently, vehicular ad hoc network (VANET) becomes increasingly popular in many countries. It is an important element of the Intelligent Transportation Systems (ITSs). In a typical VANET, each vehicle is assumed to have an on-board unit (OBU) and there are road-side units (RSU) installed along the roads. A trusted authority (TA) and maybe some other application servers are installed in the backend. The OBUs and RSUs communicate using the Dedicated Short Range Communications (DSRC) protocol over the wireless channel while the RSUs, TA, and the application servers communicate using a secure fixed network (e.g. the Internet). The basic application of a VANET is to allow arbitrary vehicles to broadcast safety messages (e.g. vehicle speed, turning direction, traffic accident information) to other nearby vehicles (V2V communications) and to RSU (vehicle-infrastructure or V2I communications) regularly such that other vehicles may adjust their travelling routes and RSUs may inform the traffic control center to adjust traffic lights for avoiding possible traffic congestion. As such, a VANET can also be interpreted as a sensor network because the traffic control center or some other central servers can collect lots of useful information about road conditions from vehicles. In fact, VANET is an excellent example of ad hoc network, being dynamic in its topology. This special property will induce different security concerns, and solutions to those concerns require new application of different technologies such as cryptography, data mining etc. This talk will discuss various security issues related to VANET, as well as the research solutions to those issues.



Dr. Hui is the founder and Honorary Director of the Center for Information Security and Cryptography (CISC), and concurrently an associate professor in the Department of Computer Science, The University of Hong Kong. Dr. Hui received his BSc and MPhil degrees in computer science from The University of Hong Kong, and his MSc and PhD degrees in computer science from the University of California, Davis. Besides actively publishing more than one hundred internationally referred research papers, he is also involved in consultation work in security systems, and in industrial collaboration projects involving government departments and commercial companies. Dr. Hui's research interests include different areas in information security, including Internet security, vehicular network security, mobile network security, smart grid security, security system design involving hardware and software, security and privacy in education systems, computer forensics, cryptography, and electronic commerce. He is steering committee member of AsiaCrypt, and had organized many international conferences (ICS 2014, ProvSec 2014, ICICS 2012, AsiaCCS 2011, etc) and have been program committee of many international conferences.