2009-05-15

[Tccc] 2nd CfP [SecuCode] ACM CCS 2009 workshop - Workshop on Secure Execution of Untrusted Code - Deadline: June 12 – Call for Paper

CALL FOR PAPERS



***********************************************************************

Workshop on Secure Execution of Untrusted Code (SecuCode 2009)

November 9, 2009, Hyatt Regency Chicago, IL, USA

http://www.docomoeurolabs.de/secucode/



In conjunction with

ACM Conference on Computer and Communications Security 2009

(CCS 2009)

http://www.sigsac.org/ccs/CCS2009/

***********************************************************************



***** Deadline in four weeks, June 12, 2009 *****

***** Abstract due on June 7 *****

***** Invited talk by Wolfram Schulte, Microsoft Research, USA *****



The workshop aims at bringing together researchers and practitioners from

industry and academia working on the protection of software systems against

untrusted code. The workshop will be a platform for presenting and discussing

recent developments and future directions.



Broadband access to the Internet is a key factor to the increased availability

of untrusted code. Typically, various applications are downloaded and executed

locally. All these applications have in common that their origin is often

unknown or their trustworthiness cannot be assessed. The user wants to be sure

that his system is not harmed when executing untrusted applications from an

unknown source. Thus, the applications should only access those resources and

only call those functions that are considered as non-security-critical. However,

to allow applications to execute properly, they need a minimal set of rights

which differs from application to application. The proliferation of malware and

the increment of flaws in program code require securing systems against

untrusted code to prevent unauthorized access to resources. The workshop

addresses various topics of this field.



TOPICS OF INTEREST

Intermediate languages (Java and .NET)

- Programming language safety

- Intermediate languages (e.g. Java bytecode, .NET CLI) safety

- Security applied to intermediate language code

- Intermediate language code verification and secure class loading

- Runtime environment security and security extensions

- Policy definition and policy enforcement

- Access control

- Information flow control

- Security of distributed computing

Interpreted languages (Python, PHP, …)

- Programming language safety

- Interpreter security

- Access control

- Information flow control

- Security of distributed computing

Runtime monitoring (identifying prohibited resource accesses or function calls at runtime)

- In-lining of code in applications

- External monitors not running inside the application

- Sandboxing: preventing applications from escaping their restricted

environment

Static analysis (identifying prohibited resource accesses or function calls

prior to execution)

- Source code analysis

- Intermediate language code analysis

- Reduction of the number of security checks at runtime

- Policy generation

Security architectures (sound, coherent and holistic security approaches for a

system)

- Protecting the system against untrusted code

- Security policies

Miscellaneous (touches all the before mentioned topics)

- Insufficiency of known security mechanisms and concepts

- Security activities at standardisation organisations (e.g. JCP)

- Performance loss due to security mechanisms (especially in resource

constraint devices)

- Hot topics and future topics in securing systems against untrusted code



SUBMISSION INSTRUCTIONS

Please consider to submit your contribution to the workshop. Submissions shall

be original, previously unpublished and not currently under review by another

conference or journal. Theoretic work and pragmatic approaches are welcomed.

Submissions that are usable and applicable in practice are especially welcomed.

Your contribution should either cover your current research in progress, your

research results, your experience from practical deployment of security

features, or it should be a position paper containing your thesis and

comprehensible reasoning. It should be written text at most eight pages

double-column ACM format

(http://www.acm.org/sigs/publications/proceedings-templates), including

references and appendices. Authors of accepted papers must guarantee that their

papers will be presented at the workshop.

Authors should submit the abstract of the paper through the online submission

system the week before the paper is due; helping us to assign reviewers.

Please submit your abstract and upload your paper in PDF format at EasyChair:

http://www.easychair.org/conferences/?conf=secucode09.



IMPORTANT DATES

- Abstract submission due: Sun June 7, 2009

- Paper submissions due: Fri June 12, 2009

- Acceptance notifications: Fri August 14, 2009

- Camera-ready papers due: Tue August 25, 2009

- Workshop: Mon November 9, 2009



PUBLICATION

Accepted papers will be published in the ACM Digital Library and in the

workshop proceedings on CD.



COMMITTEES



ORGANISATION COMMITTEE & PROGRAM CHAIRS

- Sven Lachmund, DOCOMO Euro-Labs, Germany

- Christian Schaefer, DOCOMO Euro-Labs, Germany



PROGRAM COMMITTEE

- Joerg Abendroth (Nokia Siemens Networks, Germany)

- Mads Dam (Royal Institute of Technology (KTH), Sweden)

- Jochen Haller (SAP, Germany)

- Antonio Lioy (Politecnico di Torino, Italy)

- Fabio Martinelli (National Research Council (IIT-CNR), Italy)

- Fabio Massacci (University of Trento, Italy)

- Chris Mitchell (Royal Holloway University of London, U.K.)

- Frank Piessens (Katholieke Universiteit Leuven, Belgium)

- Anand Prasad (NEC, Japan)

- Alexander Pretschner (Fraunhofer Institut Experimentelles Software

Engineering, Germany)

- Thomas Quillinan (Vrije Universiteit Amsterdam, Netherlands)

- Yves Roudier (Institut Eurecom, France)

- Frederic Stumpf (Fraunhofer Institut Sichere

Informationstechnologie, Germany)

- Eric Vetillard (Trusted Labs, France)

- Dan Wallach (Rice University, Houston, USA)

- Alf Zugenmaier (DOCOMO Euro-Labs, Germany)





_______________________________________________
Tccc mailing list
Tccc@lists.cs.columbia.edu
https://lists.cs.columbia.edu/cucslists/listinfo/tccc

No comments: