The Netherlands is primarily a trading nation, which in the digital age
requires state of the art security that is tailored to specific needs.
Many universities, industrial and government laboratories perform
security research. Because of the nature of the subject, some of the
research is shrouded in secrecy; we have therefore been unable to obtain
a complete overview of all relevant research. Many of the research
topics that are supported by clearly visible research teams are
identified in the following sections.
The current situation is fragmented and (sometimes) even leads to
duplication of efforts and waste of resources. This asks for a
unifying initiative to strengthen and integrate the current
activities.
Indeed, one of the secondary aims of SENTINELS is to foster
closer links between the research groups, between research
groups and industry, and to strengthen the
security research community in the Netherlands.
For this reason the
SENTINELS Program Committee has already organized a first
meeting of the SENTINELS community on March 7, 2003 at the
Technology Foundation STW
office in Utrecht. The meeting was attended by 41 security experts from
finance, government, industry, research institutes and
universities. The aim of the meeting was to obtain a national consensus
about the research needs and priorities that should be addressed by
SENTINELS. It resulted in the focus described in
section 3.2.
Below we list security research groups in the Netherlands, starting
with universities (sections 2.7.1-2.7.7), then some important
national and industrial labs and ministerial activities (sections
2.7.8-2.7.24). This is followed with other activities and
law, business and social sciences activities. Concluded is with the
Dutch interest groups working in security and examples of existing
research.
Technische Universiteit Eindhoven, TU/e
Prof. Henk van Tilborg's group within the Mathematics department of the TU/e is internationally well known for its work on Coding and Cryptography [41]. Within this group Berry Schoenmakers researches electronic voting techniques,
for instance within the European project http://www.eucybervote.org.
The Eindhoven Computer System Security Group lead by dr. Sjouke Mauw
(see http://www.win.tue.nl/~ecss) researches technical and
logical aspects of computer security. This encompasses various topics,
ranging from smart card security, via network security, to formal
verification of security protocols.
In the Signal Processing Systems group at the Electrical Engineering department, prof. Ton Kalker addresses content protection, in particular the field of electronic watermarking and fingerprinting.
Security research in the Computer Science department focuses on Smart cards and Digital Rights Management (prof. Pieter Hartel), Protocol verification (dr. Sandro Etalle), Information Systems Security, and Internet security (prof. Eddie Michiels).
The focus of security research in the Electrical Engineering department is on biometrics (prof. Slump).
Research in the Information and Communication Theory group (dr. Jan van der Lubbe) focuses on cryptographic techniques and mechanisms for security and privacy.
Research in the Information, Systems and Algorithmics group (dr. Marcel Spruit) focuses on information security, including Internet security, risk management and organization. The group is a partner in the European PISA project: Privacy Incorporated Software Agent: Building a privacy guardian for the electronic age (lead by dr. Jan Huizenga of TNO-FEL).
Dr.ir. Floor Koornneef (ITS) is member of the European Workshop on Industrial Computer Security (EWICS) and studies safety in relationship with information security aspects. EWICS provides an important link to safety related research.
Digital Rights Management based watermarking technology is a topic of research since 1995 in the group of prof.dr.ir. Inald Lagendijk (ITS faculty).
Prof.dr.ir. J. Simonis (ITS faculty) works on Discrete Mathematics and public key systems.
The faculty of Technology, Policy and Management researches security
and privacy aspects of ICT within organizations. The research of
prof.dr. Willem Vree [43] on the dependability of the Internet
has revealed that Internet traffic does not often take the shortest
route [39]. As a consequence, traffic between for example two
Dutch government departments may well be routed via a foreign Internet
Service Provider. This is a potential source of security threats and
thus a highly relevant research topic for a SENTINELS proposal.
Prof.dr. Bart Jacobs at the Computer Science Department of the Catholic
University of Nijmegen is leading an expertise group on Java program
correctness and security, and is coordinator of a European Research
Project called VerifiCard on verification of Java-based smart cards.
Security research in Information Systems Security is also done by dr.
Jaap-Henk Hoepman.
Within the Leiden Institute of Advanced Computer Science, dr. Herbert Bos focuses on security and safety in network programming, where third party code with appropriate credentials may be executed on a networked host. Further, Erik de Vink (also at TU/e) and Boaz Gelboard (also at KPN) work on security.
Within the Institute for Logic, Language and Computation, prof. Peter van Emde Boas aims for a systematic exploration of computational analysis for imperfect information games, which is seen as essential for fundamentally understanding the security of multi-agent networks.
Vrije Universiteit, VU
Prof. Andy Tanenbaum leads the Globe project (see http://www.cs.vu.nl/globe), in which Internet security, and security of e-commerce systems, middleware, multi-agent systems, and large-scale distributed systems are focal points.
Centrum voor Wiskunde en Informatica, CWI
CWI has long been a leading research institution with a world-renowned Crypto group lead by dr. David Chaum. When he left CWI to form his company DigiCash, CWI temporarily lost its focus on security. This focus is being re-established by prof. Wan Fokkink in CWI's Security Platform (see http://www.cwi.nl/~wan/security-platform.html). Research areas include Computational Number Theory (prof. te Riele) and Data Security, Verification of Security protocols, Java Security, and Security in Quantum Information processing (prof. Vitànyi).
The research program of the Telematica Instituut is strongly focussed around (mobile) Internet technology, Internet services and multimedia content. The issues of trust and privacy play an important role here. There are groups working within the scope of the GigaPort program on digital rights management, secure virtual identities and the related user profile management. Within the Virtuele Haven project extensive work has been done around public key infrastructures and VPN-technology. Security-related activities are positioned within the e-commerce and middleware groups, coordinated by Wil Janssen and Henk Eertink, respectively.
For a letter of intent from Telematica Instituut, see appendix .
The Ministry of Economic Affairs stimulates the use of information
security means by Dutch industry and the development thereof.
Furthermore, the Ministry is responsible for the telecommunication
policy which includes security in general and critical infrastructure
protection of telecommunication and energy.
In 2001, both the Ministries of Transport, Public Works and Water
Management, and Economic Affairs have published a policy
document [42]. One of the important aims is to improve (via
R&D) the development of new information security methods and tools.
The Ministry of the Interior and Kingdom Relations is responsible for
coordination in the Dutch critical infrastructure protection project.
Furthermore, government information and communication security and
evaluation certificates are the responsibility of this Ministry.
The Dutch Police/Digital crime squad (KLPD/Digitaal Rechercheren) is
establishing a computer crime R&D task force that may require
long-term academic results as input. TNO is one of the partners in
this initiative (contact person Huizenga, TNO-FEL).
Current standards and tools for the evaluation and management of
information security and the security of information systems are large
and often difficult to use. For example the Code of practice for
information security management (BS7799-1:1999, ISO 17799:2000)
contains 120 rules, of which 25% are difficult to interpret without
expert knowledge. Similarly using the common criteria guidelines
requires significant expertise. Many, especially small departments and
organizations struggle with the implementation of security standards,
and are lacking time and expertise to implement the required security
measures. Current tools provide partial solutions, but still require
significant expertise.
We need effective, broadly supported guidelines that are easy to use.
One of the fundamental problems is that there is no overall security
engineering method that could act as a framework for specific security
evaluations. New methods, tools and techniques are required to make
security evaluations available to non-specialists, at affordable cost
and with predictable effectiveness.
These issues are relevant for several more Ministries, such as
the Ministry of Economic Affairs, which supports the above mentioned
Code of practice,
and the Ministry of Defense, which requires Common Criteria evaluations
for many of its critical systems, following NATO standards.
The Ministry of Justice has the Dutch Forensic Institute (NFI) as a
field organization. The NFI has a digital forensic laboratory and
establishes research to improve methods and means of forensics.
The Ministry of Transport, Public Works and Water Management in the
Netherlands has been working on a major change to the way road traffic is
taxed. The
idea is that the present combination of direct and indirect taxation
systems on cars, fuel and road usage might be replaced by a novel system
in which road users are charged depending on when and where they are
travelling, and potentially other factors as well. The system is touted
to be fairer than the present system. It is unique in the world.
The reference architecture (Mobimiles, R. Pieper, July 2001, see www.roadpricing.nl) states that the security of the system hinges on a small trusted device in every car, and trusted devices along the roads. In-car support equipment, and wireless networking do not require trust.
The project poses enormous challenges to the security engineering of the system, primarily because the requirement of using standard ``tried and tested'' security products for a novel application. In all security products, the design is based on explicit but also implicit assumptions about the environment in which products are used.
Using standard products in a new environment requires a careful analysis of the assumptions, and invariably a (partial) redesign of the products. This problem is exacerbated by the fact that some assumptions are implicit. Coupled with the desire to develop and roll out the road pricing system in a very short time frame carries a high risk of failure. Clearly there is a need for powerful security engineering methods that allow a high degree of automation in order to meet stringent deadlines, while at the same time offering a high degree of trust.
For a letter of intent from the
Ministry of Transport, Public Works and Water Management,
Rijkswaterstaat,
see appendix .
TNO-TPD (contact persons Jan Pieters en Ralph Tadema Wielandt) has
developed advanced evaluation methods for embedded systems security
(smart cards, SIM cards, SAM cards, etc.), for which it is renowned
worldwide.
TNO-FEL (contact person Henk Jan Vink) is actively involved in
security research, including cryptography and network security
(e.g. distributed intrusion detection systems), and the evaluation of
security techniques, including:
Infrastructure security (Internet, mobile networks, intrusion detection systems, etc.). Contact person: Jan Huizenga.
Information Operations looks at information (means) as target, means and weapon. The research includes the protection of the (Dutch) critical infrastructures and Information Assurance. Contact persons: Marieke Klaver en Eric Luiijf.
TNO-FEL and Stratix studied the vulnerability of the Dutch Internet
(KWINT [37]) and is involved in current national critical
infrastructures studies ([Tweede Kamer, dossier 27925, Countering
international terrorism, No 65 - action line 10]) and international
research (EU FP5.8 roadmap projects ACIP). They are also is involved
in various EU FP5 security projects (ACIP, PISA, RAPID) and FP6
proposals.
For a letter of intent from TNO-FEL, see appendix .
TNO-FEL has transferred all their Common Criteria/ISO15408 activities to a separate TNO-organization called TNO-ITSEF BV (IT Security Evaluation Facility). Reason for this is to strongly separate security advice (``how to make it secure?'') and evaluation (``is it secure?''). TNO-ITSEF BV main activities concern formal requirement definition (leading to a so-called Protection Profile/Security Target in Common Criteria terms) and formal security evaluations that comply to the Common Criteria. TNO-ITSEF is a currently in the process of accreditation/licensing, such that TNO's Common Criteria evaluations are internationally recognized.
Contact persons: dr.ir. Dirk-Jan Out and dr.ir. Olaf Tettero. Dirk-Jan Out is member of the Common Criteria Implementation Management Board and has written the Security Target section of this standard (how to define a security claim for an IT-product or system).
At TNO-Telecom (formerly KPN Research) fraud management in the network
operator/service provider context is being addressed. ``Fraud'' is a
broad topic, and in this discussion we include also abuse and misuse
under the term. KPN, as the leading operator in the Netherlands for fixed and
mobile telephony as well as the leading Internet service provider,
has a great interest in protecting its own infrastructure and it
services as well as its customers from harm though fraud, be it
intentional or not. Unwanted actions can result in unfair advantage, in
service disruption, or in a multitude of other effects. Such actions can
be technical in nature or can aim at organizational, process- or social
and personal weaknesses either at the service provider or at the
customer. All these threats are relevant for both KPN and TNO-Telecom.
It will never be possible to exhaustively define fraud and the ways of
achieving it, let alone to prevent all fraudulent actions. Also, the law
of diminishing returns applies: at a certain point the cost (monetary
and otherwise) of fighting the remaining fraud exceeds the cost incurred
by the fraud itself. The emphasis of the work at TNO-Telecom is
therefore to keep fraud to an acceptable level, and to minimize the
effects of inevitable incidents as much as possible. To indicate the
main axes of attention:
Primary means for fighting fraud are prevention, detection, correction, impact analysis, and damage control. The right balance between them differs from case to case but is crucial for optimal results.
For a network operator/service provider the relationship between network events (which are routinely available) and possible fraud on the service level is important but sometimes difficult to establish.
A comprehensive view is necessary to get the best possible indications for fraud occurring.
The key ingredients are technological instruments (e.g. IDS), of protocol knowledge, and broad knowledge of systems, organization and processes.
As a result of their inherent complexity, the processes needed to provide a service are a potential weak spot than can be exploited by malicious parties.
The key to fraud management is the triangle technology-processes-organization. A working approach must address all three together.
In summary, the aim of the research at TNO-Telecom is focused on working solutions to keep fraud at an acceptable level and to minimize the damage. The approach is multidisciplinary. Technical means are essential, but not sufficient, to achieve the objectives.
For a letter of intent from TNO-Telecom (in fact, from KPN Research),
see appendix .
Dr. Ted Lindgreen leads research aiming at providing a new, secure standard for the domain name service (DNS) that maps domain names to IP-addresses. The current DNS system can easily be spoofed. This was used in the attack in 2000 on an earlier version of the Internet banking system of the ABN/AMRO bank that was widely publicized in the Netherlands (e.g. on TV by RTL4). The new standard DNSSEC reduces the vulnerabilities of DNS and makes it also possible to introduce new security applications. NLnet Labs collaborates with CENTR (Council of European National Top-level domain Registries), of which SIDN (registry of .nl) is the most active country-code Top Level Domain (ccTLD) in the area of DNSSEC.
Philips Research has a research group called Processing and Architectures for Content Management, headed by dr. Jean-Paul Linnartz. The methods for Digital watermarking of audio and video are strong candidates for international standardization for content protection (DVD) and monitoring of broadcast material. The group has published a number of attacks on watermarks and developed countermeasures.
The group works on downloadable Digital Rights Management functions, using the so-called OPIMA standard.
The group has developed a number of cryptographic and system architectural solutions for content management and is now developing expertise in areas such as multiparty computing. The security aspects of distributed networks with versatile applications are currently investigated. Secure implementations are another important aspect, relevant to Consumer Electronics and PC platforms. This includes work on timing and power attacks on smart cards.
For a letter of intent from Philips Research,
see appendix .
LogicaCMG (formerly CMG), an IT consultancy firm in the Netherlands, is
delivering security solutions to its customers. LogicaCMG is interested in
research into the following subjects:
PKI in general, including more specific subjects as management of keys, key storage and key recovery.
Authorization Management. Authorization Management is mostly organized on platform and application basis, based on technical rather than business requirements. This leads to ``pollution'' for the authorization databases, thus violating the ``least-privilege'' principle. LogicaCMG develops and deploys systems for central Authorization Management, but these systems have their own technical and organizational problems. The most prominent is de set-up and maintenance of role models.
Authentication Services and Management. The basis for authorization management is the correct identification of users. At all times the way of identification and authentication should be sufficient for the needed level of (information) security. So, there is a need for several authentication methods and the management thereof.
Security Architecture. The basis for the full range of technique and organization is the Security Architecture, which is based on the organizations information security policy. It is necessary to build Security Architectures, which are flexible and robust; what is the best way to do so?
Security assurance. The complement of security is Security Assurance: after all measures are taken, the active control that the measures still comply and the active control on unusual behavior in the systems.
Risk Management. Optimal information security is balancing costs versus damage: it is information risk management, just like doing business. What are the consequences of managing security in this way?
These subjects are nor purely technical nor purely organizational: most deal with the manner technique is or can be applied within organizations.
For a letter of intent from LogicaCMG, see appendix .
Ernst & Young has a tradition of working with many of the world's most
information intensive organizations to help define and implement
effective security strategies. To help prepare these organizations to
meet ongoing IT security risks and challenges, Ernst & Young has developed a
comprehensive security framework.
Using this framework, solutions that address the critical security needs
can be rapidly identified. These
solutions are most effective and successful when there is a focus on a
simple and proven set of key characteristics that are consistently
employed.
In the Netherlands, Ernst & Young EDP Audit is
highly interested in the results of scientific research relating to ICT
security. The following research areas are of particular interest:
vulnerability assessment models, techniques and tools;
Postbank, as a business unit of the ING Group, has used cryptography since 1978 to secure their electronic financial transactions. The experience in applied security research and its use in the development of new products and services are concentrated in the New Business Technology department. The practical experience with magnetic stripe, smart card technology and other means, have been demonstrated in a number of products/services in the market today. Recently, with the distribution of about 500.000 mobile phones, Postbank has implemented security functionality in the SIM/WIM for today, as well as for new applications in the very near future.
The following information security subjects that are interesting to the Rabobank might be suitable as part of the SENTINELS program:
Computer security monitoring. How to implement Security Monitoring, Intrusion Detection Systems and Reporting on security in large IT environments. The security monitoring should detect unauthorized access to systems as well as unauthorized (system management) actions on systems.
Secure Software Development. How to ensure the integrity of mission critical software.
Management of encryption on stored data in large PKI environments. PKI based encryption can be used to encrypt stored data. However using the employee's keys (e.g. from a smartcard) to encrypt the data stores would imply re-encryption whenever the employee gets a new keypair. Furthermore, the limited processing power of a smartcard does not really allow large amounts of data to be encrypted using the public key techniques.
Benchmarking the security level of organizations. Management would like to get an idea of the security level of organizations compared to other similar organizations.
Interpay Nederland, as the major service provider in payment processing and related services, is highly interested in the results of scientific research in security. Specific areas of interest are authentication, secure networks and infrastructures, user-friendliness and security, standardization, secure use of e-mail, and the vulnerabilities of the Internet.
Thales is specialized in designing and producing integrated defense systems for command & control, sensor and communications purposes. Most of the work is dedicated to naval combat systems. Thales Nederland systems are used on board vessels of more than 45 countries, including 14 NATO nations. Thales also produces low-level air defense systems for ground forces all over the world.
The application of modern ICT within the military operational domain is sometimes described as the ``digitalization of the battlefield''. The available information is faster collected, better processed, more effectively exchanged and tailored to the specific need of the different functions in the military operational organization. To facilitate the exchange of large amounts of data, distributed systems are created by ``internetting'' available equipment.
For the battlefield of the future, interoperability is one of the major themes. In many situations units provided by different nations have to operate together in international task forces. The available battlefield information is processed in a distributed network of automated Command and Control systems, sensors and weapon systems provided by the different nations. The objective is to provide complete and actual battlefield pictures to the different levels of command. Battlefield information is not only provided by sensors, but also by military or civilian observers, intelligence organizations and commercial environmental databases. Furthermore, it is possible that Internet information like weather reports are used.
The distributed network contains a large number of computer systems. Due to hostile combat actions it is possible that one or more systems fall in hostile hands or are illegally accessed by enemy agents. Assuming only limited security measures, computer experts (``hackers'') can easily gain access to computers. This provides the opportunity to obtain information vital for the success of hostile operations by installing so called ``sniffer'' programs. Furthermore, there is ample opportunity to feed the network false information or to seed viruses in the network with the objective to corrupt or destroy information on the different computers. If Internet facilities are used, the situation is even worse. Without sufficient precautions it is possible to flood the network by bogus email messages to prevent the communication of important information.
The future distributed real-time military networks on the battlefield have to be protected against deliberate electronic attacks without compromising the objective to provide timely information. The conclusion is that research in network security and information warfare is vital to realize this.
Research for the military has always had significant spin-offs for
everyday life. For example spin-offs of research for the digital
battle field are possible in disaster management, where the existing
communication infrastructure is damaged and rapid deployment of a new
infrastructure could save the lives of victims of power outages, earth
quakes, floods etc.
For a letter of intent from Thales Nederland,
see appendix .
At Nedap, a major development effort is spent on building solutions by
connecting devices. By using state of the art software and hardware
architectures, very powerful systems can be constructed. Intelligent
devices communicating over a, preferably, existing infrastructure and
connected to the Internet, pose a wide range of security issues. Some of
the examples include, protection of private information, handling of
financial transactions, using encryption algorithms with minimum
performance degradation, etc.
Moving to the field of Application
Service Providing, the complications of sharing system components
amongst multiple customers play an important role. Some examples in
which the intelligent devices are applied are: Access Control,
Healthcare, Mobile Payment, and Retail Support. The research is
presently directed towards encryption algorithms, which have minimum
impact on system performance, and towards continuously improving the
overall strategy with respect to security issues (network, devices,
servers, public infrastructure, transactions and processes). Since most
end-to-end solutions involve many different stakeholders and parties,
subsystem interfaces and responsibilities but also failure mode analyses
are a major concern.
Chess
Chess
develops custom specific systems of digital hardware and (embedded)
software. In typical projects innovative ideas from R&D are put
into practice following the project procedures that fit the level of
security or mission criticality. Life cycle models of the European Space
Agency or the Department of Defense are used whenever desired.
In many
cases Chess participates in system development (design, implementation
and test) of mission critical systems, such as the flower auction
system, Internet on-line payment system, advanced voting systems, or
remotely managed point of sale terminals. All these systems have to deal
with security. Systems have been
audited with respect to resistance against internal/external attacks or
with respect to system security. Chess R&D is related to near future
projects or on life cycle processes, for instance:
The integration of formal methods, UML, Testing, Simulation and ECSS.
The possibilities of Digital Rights Management.
The limits of Java for Mission Critical Embedded Systems.
Implementation of encryption and decryption algorithms on various
hardware and software platforms.
The list above contains many of the more visible security projects. No claim is made that this list is complete. Within industry and the government in the Netherlands there are several more, less visible, teams dedicated to security, notably in telecommunications, finance, and in the military domain.
Given that security is affecting every aspect of computing and communication there is a great need for a boost via additional well-focussed investments. The Netherlands does have a strong tradition in formal approaches to computing: cryptology, program language semantics, process theory, verification tools, and test theory. This background forms a rich basis and source on which to develop a broad, practical as well as theoretical expertise in technical security. In the next section we identify some of the relevant expertise in other areas that indicate the multidisciplinary of security research.
Security is not purely a technical matter; one must take legal, business and social aspects into account. A number of groups in Law, Business and Social Science departments have been identified as potential partners in the SENTINELS program.
Tilburg University.
Prof. Corien Prins and dr. Bert-Jaap Koops of the CRBI (Centre for Law,
Public Administration and Informatisation) investigate legal aspects of
ICT and privacy, biometrics en anonymity, PKI infrastructures, IPR
(Intellectual Property Rights), etc. CRBI collaborates with IViR
(Institute for Information Law, http://www.ivir.nl).
Univ. Amsterdam.
Prof. Bernt Hugenholtz, prof. Egbert Dommering and prof. Jan Kabel of IViR
research IPR protection (contact person Nico van Eijk).
Nauta Dutilh, Amsterdam (http://www.nautadutilh.com) are experts in
Intellectual Property, Information technology and advertising (contact
person mr.dr. Doeko Bosscher).
Chapter 4 of this document elaborates how the
SENTINELS program wishes to develop the necessary links in
multidisciplinary groups. An example of such links is the recent
support provided by SENTINELS (and SAFE-NL) for the
initiative of de Vereniging Open Source Nederland (VOSN) to oppose
article VI of directive 2001/29/EG, which would restrict the freedom of
research in security.
Dutch interest groups
There are a number of Dutch interest groups, academic and non-academic in areas that are closely related to security. We list a numbers of these activities, with which SENTINELS aims to build a close relationship through its workshops:
EIDMA (http://www.win.tue.nl/math/eidma) is a research institute that has been established by the Dutch universities of technology at Eindhoven (TU/e), Twente (UT) and Delft (TUD) in 1994. One of the research areas is Information Theory and Cryptology. EIDMA organizes a bi-monthly workshop on Cryptology that is attended by many security researchers.
Almost every year, EIDMA organizes a one-week mini-course
lectured by a distinguished researcher from abroad.
EUFORCE (http://www.euforce.tue.nl), the TU/e organization
for post academic education organizes a two-year part-time course
leading to the degree of Master of Security in Information Technology.
The course director is prof. van Tilborg.
The Platform for Electronic Business in the Netherlands
(ECP.NL) (http://www.ecp.nl) provides a forum for
users from government and
industry to strengthen the competitive position of the Netherlands in
the digital age. ECP.NL has a number of expert groups in
security areas, such as the expert group Security & Control, and the
expert group Smart Cards. It is also
responsible for implementation of most of the KWINT action
lines [37].
SAFE-NL (http://wwwes.cs.utwente.nl/safe-nl) provides a forum for
researchers, practitioners, and implementers from research
institutions, industries and government agencies to exchange ideas on
state of the art technology, current and novel application areas and
on the requirements for effective deployment of secure
systems. SAFE-NL is organized by dr. Jaap-Henk Hoepman (KUN)
and dr. Sandro Etalle (UT).
This section shows a number of research projects currently being
carried out by the SENTINELS community to indicate the
strength of cooperation already taking place in the Netherlands.
ProSecCo: Program Security and Correctness, the prestigious NWO
Pioneer project lead by Bart Jacobs (KUN) (2002-2007).
A Framework for the Electronic Sale of Information Products (funded by
the Technology Foundation (STW)), lead by Andy Tanenbaum (VU). Industrial
partners include NOB Interactive, KPN research, Océ, Netherlands
Audiovisual Archive, and PCM Interactive Media (2000-2005).
Summer: SecUre MultiMEdia Retrieval (sponsored by SENTER). Partners:
Pieter Hartel, Wim Jonker (UT), KPN Research,
Ministry of Transport, Public Works and Water Management, and
V2 Labs Rotterdam (2000-2002).
LicenseScript: a language and framework for calculating licenses on
information over constrained domains. Partners: Sandro Etalle (UT), Wouter
Teeuw (Telematica Instituut), Wim Jonker (Philips Research) (2002-2004).
CNTDatSec: Computational Number Theory and Data Security (CWI project
MAS2.2, previously sponsored by NWO), lead by Herman te Riele (CWI).
Industrial partners: Verdonck, Klooster & Associates, and MID
(Militaire Inlichtingen Dienst Amsterdam) (1997-2006).
SAMASC: Security Analysis for Multi-Applet Smart Cards (sponsored by NWO).
Partners: Bart Jacobs (KUN), Erik de Vink (TU/e), and KPN (2002-2006).
PINPAS: Program INferred Power Analysis in Software (sponsored by TU/e).
Partners: Erik de Vink (TU/e), and TNO-TPD (2001-2003).
See http://www.win.tue.nl/~ecss/pinpas.html.
Account: Accountability in Electronic Commerce Protocols (sponsored by
NWO). Partners: Wan Fokkink (CWI), Bruno Crispo (VU) and Sandro Etalle
(UT) (2003-2007).
Execution of Transactional Contracted Electronic Services (sponsored by
NWO). Partner: Mike Papazoglou (UvT) (2003-2007).
UbiSec: Security in Ubiquitous Computing (sponsored by
NWO). Andy Tanenbaum (VU) (2003-2007).
Log in
Sentinels
General info
![[*]](crossref.gif)
![[*]](footnote.gif)