SAFECONFIG 2010 - 2nd ACM Workshop on Assurable & Usable Security Configuration (SafeConfig)

Website http://hci.sis.uncc.edu/safeconfig/ | Edit Freely

Category SAFECONFIG 2010

Deadline: June 28, 2010 | Date: October 04, 2010

Venue/Country: Chicago, U.S.A

Updated: 2010-06-12 10:18:25 (GMT+9)

Call For Papers - CFP

October 4, 2010 [ Collocated with ACM CCS 2010 ]

A typical enterprise network might have hundreds of security appliances such

as firewalls, IPSec gateways, IDS/IPS, authentication servers,

authorization/RBAC servers and crypto systems. An enterprise network may

also have other non-security devices such as routers, name servers, protocol

gateways, etc. These must be logically integrated into a security

architecture satisfying security goals at and across multiple networks.

Logical integration is accomplished by consistently setting thousands of

configuration variables and rules on the devices. The configuration must be

constantly adapted to optimize protection and block prospective attacks. The

configuration must be tuned to balance security with usability. These

challenges are compounded by the deployment of mobile devices and ad hoc

networks. The resulting security configuration complexity places a heavy

burden on both regular users and experienced administrators and dramatically

reduces overall network assurability and usability. For example, a December

2008 report from Center for Strategic and International Studies "Securing

Cyberspace for the 44th Presidency" states that "inappropriate or incorrect

security configurations ... were responsible for 80% of Air Force

vulnerabilities" and a May 2008 report from Juniper Networks "What is Behind

Network Downtime?" states that "human factors ... [are] responsible for 50

to 80 percent of network device outages." This workshop will bring together

academic as well as industry researchers to exchange experiences, discuss

challenges and propose solutions for offering assurable and usable security.

This workshop will consist of presentations and panel discussions on the

following topics:

Topics but are not limited to

- Integrating network and host configuration

- Automated forensics and mitigation

- Usability issues in security management

- Metrics for measuring assurability and usability: Usable security

often involves trade offs between security or privacy and usability/utility

- Abstract models and languages for configuration specification

- Configuration refinement and enforcement

- Formal semantics of security policies

- Configuration testing, debugging and evaluation

- Representation of belief, trust, and risk in security policies

- Configuration/misconfiguration visualization

- Configuration reasoning and conflict analysis

- Risk adaptive configuration systems

- Context-aware security configuration for pervasive and mobile computing

- Configuration accountability

- Automated signature and patch management

- Automated alarm management

- Protecting the privacy and integrity of security configuration

- Optimizing security, flexibility and performance

- Measurable metric of flexibility and usability

- Design for flexibility and manageability ? clean slate approach

- Configuration management vs. least-privilege

- Configuration management and delegation issues in name resolution

- Configuration and policy issue in inter-domain routing

- Configuration management issues in virtualized environments

- Configuration Management case studies or user studies

Papers must present original work and must be written in English. We require

that the authors use the ACM format for papers, using one of the ACM SIG

Proceeding Templates, http://www.acm.org/sigs/pubs/proceed/template.html.

We solicit two types of papers, regular papers and position papers. The

length of the regular papers in the proceedings format should not exceed 8

US letter pages, excluding well-marked appendices. Committee members are not

required to read the appendices, so papers must be intelligible without

them. Position papers may not exceed 4 pages. Papers are to be submitted

electronically as a single PDF file. Further submission details will be

available on-line. The accepted papers will be published in the workshop

proceedings and the ACM Digital Library in accordance with ACM copyright

policy. Authors of accepted papers must guarantee that their papers will be

presented at the conference. Submission instructions will be available at

http://hci.sis.uncc.edu/safeconfig/ .

Important Dates:

Abstract Registration: June 7 (optional)

Submission: June 28

Notification: August 6

Camera Ready: August 16

Organizing Committee

Steering Committee:

Ehab Al-Shaer, UNC Charlotte

Jorge Lobo, IBM Watson

Sanjai Narain, Telcordia

General Chair:

Tony Sager, National Security Agency

TPC Co-Chairs:

Gail-Joon Ahn, Arizona State University

Krishna Kant, Intel/NSF

Heather Richter Lipford, UNC Charlotte

Technical Program Committee:

Elisa Bertino, Purdue University

Konstantin Beznosov, University of British Columbia

Lorrie Cranor, Carnegie Mellon University

Dipankar Dasgupta, Univ. of Memphis

Trent Jaeger, Pennsylvania State University

Chin-Tser Huang, University of South Carolina

John Karat, IBM T.J. Watson Research Center

George Kesidis, Pennsylvania State University

Kyung-Hee Lee, Samsung Advanced Institute of Technology

Hong Li, Intel Corporation

Ninghui Li, Purdue University

Alex Liu, Michigan State University

Emil Lupu, Imperial College

Roy Maxion, Carnegie Mellon University

Xinming Ou, Kansas State University

Sanjay Rao, Purdue University

Indrajit Ray, Colorado State University

Mohamed Shehab, UNC Charlotte

Subhabrata Sen, AT&T Labs

Rajesh Talpade, Telcordia

Sreedhar Vugranam, IBM T.J. Watson Research Center

Jeff Yan, Newcastle University