2009-06-10

[Tccc] CfP: ACM CCS Workshop on Assurable & Usable Security Configuration (SafeConfig)

===================================================================
Please excuse multiple copies of this message.
===================================================================
Call for Papers:
ACM CCS Workshop on Assurable & Usable Security Configuration
(SafeConfig)
http://www.arc.cs.depaul.edu/~ehab/ccs/safeconfig09/

co-located with the
16th ACM Conference on Computer and Communications Security (CCS) 2009
===================================================================
Important Dates:

Abstract Registration 6/26
Submission 6/29
Notification 8/10
Camera Ready 8/18

===================================================================
Sponsors: ACM SIGSAC, NSF

A typical enterprise network might have hundreds of security devices
such as firewalls, IPSec gateways, IDS/IPS, authentication servers,
authorization/RBAC servers and crypto systems. These must be logically
integrated into a security architecture satisfying security goals at
and across multiple networks. Logical integration is accomplished by
consistently setting thousands of configuration variables and rules on
the devices. The configuration must be constantly adapted to optimize
protection and block prospective attacks. The configuration must be
tuned to balance security with usability. These challenges are
compounded by the deployment of mobile devices and ad hoc networks.
The resulting security configuration complexity places a heavy burden
on both regular users and experienced administrators and dramatically
reduces overall network assurability and usability. For example, a
December 2008 report from Center for Strategic and International
Studies "Securing Cyberspace for the 44th Presidency" states that
"inappropriate or incorrect security configurations … were responsible
for 80% of Air Force vulnerabilities" and a May 2008 report from
Juniper Networks "What is Behind Network Downtime?" states that "human
factors … [are] responsible for 50 to 80 percent of network device
outages".

The fist event of this workshop was invitation-only and sponsored by
NSF to promote research in this area. This workshop has an open call
for paper and aims to bring together academic as well as industry
researchers to exchange experiences, discuss challenges and propose
solutions for offering assurable and usable security. This workshop is
an open call for submission workshop will consist of presentations and
panel discussions on the following topics:

===================================================================
Topics

* Integrating network and host configuration
* Automated forensics and mitigation
* Metrics for measuring assurability and usability: Usable security
often involves trade offs between security or privacy and
usability/utility
* Abstract models and languages for configuration specification
* Configuration refinement and enforcement
* Configuration of MANETS and coalition networks
* Formal semantics of security policies
* Configuration testing, debugging and evaluation
* Reasoning about uncertainly in configuration management
* Representation of belief, trust, and risk in security policies
* Configuration/misconfiguration visualization
* Configuration reasoning and conflict analysis
* Risk adaptive configuration systems
* Context-aware security configuration for pervasive and mobile
computing
* Configuration accountability
* Automated signature and patch management
* Automated alarm management
* Protecting the privacy and integrity of security configuration
* Optimizing security, flexibility and performance
* Measurable metric of flexibility and usability
* Design for flexibility and manageability – clean slate approach
* Configuration management vs. least-privilege

===================================================================
Papers must present original work and must be written in English. We
require that the authors use the ACM format for papers, using one of
the ACM SIG Proceeding Templates (http://www.acm.org/sigs/pubs/proceed/template.html
). We solicit two types of papers, regular papers and position papers.
The length of the regular papers in the proceedings format should not
exceed 8 US letter pages, excluding well-marked appendices. Committee
members are not required to read the appendices, so papers must be
intelligible without them. Position papers may not exceed 4 pages.
Papers are to be submitted electronically as a single PDF file.
Further submission details will be available on-line. The accepted
papers will be published in the workshop proceedings and the ACM
Digital Library

===================================================================
Committee

General Chairs:

Ehab Al-Shaer, DePaul University
Mohamed Gouda, UT Austin

TPC Co-Chairs

Jorge Lobo, IBM Watson
Sanjai Narain, Telcordia
Felix Wu, UC Davis

Technical Program Committee

Gail-Joon Ahn (Arizona State University)
Steven Bellovin (Columbia University)
Elisa Bertino (Purdue University)
Lorrie Cranor (Carnegie Mellon University)
Annarita Giani (UC Berkeley)
Vincent Hu (NIST)
Chin-Tser Huang (University of South Carolina)
George Kesidis (Pennsylvania State University)
Hong Li (Intel Corporation)
Ninghui Li (Purdue University)
Heather Lipford (University of North Carolina at Charlotte)
Alex Liu (Michigan State University)
Xinming Ou (Kansas State University)
Sanjay Rao (Purdue University)
Indrajit Ray (Colorado State University)
Subhabrata Sen (AT&T Labs - Research)
Mohamed Shehab (University of North Carolina at Charlotte)
Frederick Sheldon (Oak Ridge National Laboratory)
Sreedhar Vugranam (IBM T.J. Watson Research Center)
Jia Wang (AT&T Labs - Research)
Geoffrey Xie (Naval Postgraduate School)
_______________________________________________
Tccc mailing list
Tccc@lists.cs.columbia.edu
https://lists.cs.columbia.edu/cucslists/listinfo/tccc

No comments: