SACMAT Proceedings Online

SACMAT’08 Proceedings have been posted online at ACM. Visit here to see our “Model-based Behavioral Attestation Framework”.

(Incidentally, Security Engineering Research Group blog is also up at


Google Alerts for Research

If you’ve been working on research papers, you must realize how difficult it is to keep track of latest papers and upcoming conferences. So, here’s the solution. Use Google Alerts to set up alerts for yourself. Here’s a screenshot of my settings. I’ve set up alerts for IEEE, ACM and Usenix for “remote attestation” so that whenever there appears a new paper, I’ll see it. (The CFP thing also works fine. I’ve managed to find many conferences this way.) If you can think of any more alerts, do let me know.



It’s been a while since I wrote something abstract here. I hardly get the time to write something that’s not a paper or part of a (research) proposal. I’m writing this now because of one reason: I’m looking for people who can work with me. Because I’m not teaching full-time, I can’t find students who’d commit to work with me. So, I’m floating some ideas. If you think you might be interested in working on them with me, mail me (or comment here).

  1. I’ve worked on “common sense and folksonomy” for some time now. This work is in the background now that I’m working on security but I still have quite a few ideas which can not only be researched but also implemented and tested. So, this can be useful if you’re looking for some work related to web search or collaborative systems.
  2. Usage control: This is what I’m focusing on nowadays. Usage contol deals with access decisions on a client platform. Imagine a scenario where you release some artwork to your agent. The agent can pass the artwork to others but only art galleries can view the image. You can also restrict the usage to a certain amount of time or to a number of views. This seems like Digital Rights Management but it’s much more than that; it’s also especially relevant to systems like those involved in e-government – an area where Pakistan needs a vast human resource.
  3. Remote Attestation: This is an extremely rich field of security. An important aspect of Trusted Computing, remote attestation deals with the questions: “can the remote platform be trusted?”, “will it behave in the future as I expect it to?” and “are there any softwares on the remote platform which can misuse my resources?”. Put remote attestation and usage control together and you have one air-tight security mechanism. My work in this area goes beyond just theoretical research. I’ve done some practical implementations and I have a few ideas about how to proceed.

All these areas have lots of work in them. What’s needed is some human resource to do the work!