--------- Please distribute further ---------
CALL FOR PAPERS
Workshop on Information Security and Privacy
in a De-Perimeterised World (DISP09)
(www.disp09.info)
Associated with the
2009 IEEE International Conference on
Information Privacy, Security, Risk and Trust
(PASSAT-09)
(http://cse.stfx.ca/~passat09/)
Vancouver, Canada, August 29, 2009
De-perimeterisation is the process in which the boundary around the
trusted environment inside organisations is disappearing due to joint
ventures and the use of distributed resources. Examples of such
developments include outsourcing, cloud computing, mobile workforce and
the effects of insider abuse. Instead of well-defined organisational and
system boundaries, in a de-perimeterised world organisations have to
protect their information in a situation of increased connectivity and
dependency. Similar developments take place with respect to information
about individuals, which is stored in social networking sites, personal
health records, etc. rather than in a clearly located system.
Organisations as well as individuals thus need to protect their
information without relying on security boundaries, which challenges
various aspects of information security and privacy. In the field of
security modelling and threat analysis, models will have to include the
mobility of data, people and systems typical of de-perimeterised
settings.
In the field of security mechanisms, protection mechanisms have to be
developed that must function in a potentially hostile environment. And
in the field of security requirements engineering and policy
specification, methods have to be developed that do not assume
well-defined boundaries between systems and organisations.
The perspectives of requirements engineering, modelling and mechanisms
are interrelated. What is possible in modelling depends on the
mechanisms available for security, and the way security is modelled also
influences the degrees of freedom one has in the requirements
engineering process. These connections lead to the following major
research goals:
- techniques for including the increased uncertainties due to
de-perimeterisation in both security models and security requirements
engineering;
- integrated combinations of de-perimeterised security policies that can
be described in security models and de-perimeterised security mechanisms
that can be implemented in practice;
- directions for research in security primitives based on new security
requirements induced by de-perimeterisation.
In this workshop, we bring together researchers from the mechanisms,
modelling and requirement engineering communities to study the security
and privacy problems induced by the process of de-perimeterisation, and
to discuss integrated solutions that transcend these disciplines.
Topics of interest include, but are not limited to:
- access control
- applied crypto and protocols for de-perimeterised security and privacy
- auditing de-perimeterised systems
- centralised vs. decentralised security architectures
- data-centric security and data classification
- de-perimeterised trust management
- economic, social and legal aspects of de-perimeterisation
- identity-centric security and identity management
- incident identification and management
- interaction between the physical, digital and social security domains
- risk analysis and risk management of de-perimeterised systems
- security and privacy in cloud computing
- security and privacy in outsourcing
- security and privacy in virtual worlds
- security and privacy in Web 2.0
- security modelling and threat analysis for de-perimeterised systems
- security requirements engineering for de-perimeterised systems
We especially encourage the submission of papers that connect two or
more of these topics. Papers should be PDF, 8 pages maximum, in IEEE
conference proceedings style, without author identification, and should
be submitted through the EasyChair website by May 15. Submission implies
that, should the paper be accepted, at least one author will attend the
workshop and present the paper. Papers will be selected based on blind
review. Accepted papers will be published by IEEE in the workshop
section of the conference proceedings.
IMPORTANT DATES:
Paper submission: May 15, 2009, 23:59 GMT (firm)
Notification: June 3, 2009
Final papers & registration: June 15, 2009
Workshop: August 29, 2009
ORGANISING COMMITTEE:
dr. Wolter Pieters
Prof.dr. Pieter Hartel (program chair)
Prof.dr. Roel Wieringa
University of Twente, Netherlands
Prof.dr. Sandro Etalle
Eindhoven University of Technology, Netherlands
Prof.dr. Bart Jacobs
Radboud University Nijmegen, Netherlands
Prof.dr. Sjouke Mauw
University of Luxembourg, Luxembourg
PROGRAM COMMITTEE:
Pieter Hartel, University of Twente, Netherlands (chair)
Yudis Asnar, University of Trento, Italy
Travis Breaux, North Carolina State University, USA
Ruth Breu, University of Innsbruck, Austria
Sandro Etalle, Eindhoven University of Technology, Netherlands
David Evans, University of Cambridge, UK
Paul de Hert, Free University Brussels, Belgium
Bart Jacobs, Radboud University Nijmegen, Netherlands
Ronald Leenes, University of Tilburg, Netherlands
Fabio Massacci, University of Trento, Italy
Sjouke Mauw, University of Luxembourg, Luxembourg
Bashar Nuseibeh, Open University, UK
Wolter Pieters, University of Twente, Netherlands
Joachim Posegga, University of Passau, Germany
Geraint Price, Royal Holloway University of London, UK
Christian W. Probst, Technical University of Denmark, Denmark
Simon Rogerson, De Montfort University, UK
Eric Verheul, PWC & Radboud University Nijmegen, Netherlands
Roel Wieringa, University of Twente, Netherlands
Sheng Zhong, State University of New York at Buffalo, USA
_______________________________________________
Tccc mailing list
Tccc@lists.cs.columbia.edu
https://lists.cs.columbia.edu/cucslists/listinfo/tccc
Posts
No comments:
Post a Comment