[asterisk-security] CfP: ACM CCS Workshop on Assurable & Usable Security Configuration (SafeConfig)

[Christopher Kruegel]

===================================================================
              Please excuse multiple copies of this message.
===================================================================
Call for Papers:
ACM CCS Workshop on Assurable & Usable Security Configuration  
(SafeConfig)
http://www.arc.cs.depaul.edu/~ehab/ccs/safeconfig09/

co-located with the
16th ACM Conference on Computer and Communications Security (CCS) 2009
===================================================================
Important Dates:

Abstract Registration 6/26
Submission 6/29
Notification 8/10
Camera Ready 8/18

===================================================================
Sponsors: ACM SIGSAC, NSF

A typical enterprise network might have hundreds of security devices  
such as firewalls, IPSec gateways, IDS/IPS, authentication servers,  
authorization/RBAC servers and crypto systems. These must be logically  
integrated into a security architecture satisfying security goals at  
and across multiple networks. Logical integration is accomplished by  
consistently setting thousands of configuration variables and rules on  
the devices. The configuration must be constantly adapted to optimize  
protection and block prospective attacks. The configuration must be  
tuned to balance security with usability. These challenges are  
compounded by the deployment of mobile devices and ad hoc networks.  
The resulting security configuration complexity places a heavy burden  
on both regular users and experienced administrators and dramatically  
reduces overall network assurability and usability. For example, a  
December 2008 report from Center for Strategic and International  
Studies "Securing Cyberspace for the 44th Presidency" states that  
"inappropriate or incorrect security configurations … were responsible  
for 80% of Air Force vulnerabilities" and a May 2008 report from  
Juniper Networks "What is Behind Network Downtime?" states that "human  
factors … [are] responsible for 50 to 80 percent of network device  
outages".

The fist event of this workshop was invitation-only and sponsored by  
NSF to promote research in this area. This workshop has an open call  
for paper and aims to bring together academic as well as industry  
researchers to exchange experiences, discuss challenges and propose  
solutions for offering assurable and usable security. This workshop is  
an open call for submission workshop will consist of presentations and  
panel discussions on the following topics:

===================================================================
Topics

  * Integrating network and host configuration
  * Automated forensics and mitigation
  * Metrics for measuring assurability and usability: Usable security
    often involves trade offs between security or privacy and
    usability/utility
  * Abstract models and languages for configuration specification
  * Configuration refinement and enforcement
  * Configuration of MANETS and coalition networks
  * Formal semantics of security policies
  * Configuration testing, debugging and evaluation
  * Reasoning about uncertainly in configuration management
  * Representation of belief, trust, and risk in security policies
  * Configuration/misconfiguration visualization
  * Configuration reasoning and conflict analysis
  * Risk adaptive configuration systems
  * Context-aware security configuration for pervasive and mobile
    computing
  * Configuration accountability
  * Automated signature and patch management
  * Automated alarm management
  * Protecting the privacy and integrity of security configuration
  * Optimizing security, flexibility and performance
  * Measurable metric of flexibility and usability
  * Design for flexibility and manageability – clean slate approach
  * Configuration management vs. least-privilege

===================================================================
Papers must present original work and must be written in English. We  
require that the authors use the ACM format for papers, using one of  
the ACM SIG Proceeding Templates (http://www.acm.org/sigs/pubs/proceed/template.html 
). We solicit two types of papers, regular papers and position papers.  
The length of the regular papers in the proceedings format should not  
exceed 8 US letter pages, excluding well-marked appendices. Committee  
members are not required to read the appendices, so papers must be  
intelligible without them. Position papers may not exceed 4 pages.  
Papers are to be submitted electronically as a single PDF file.  
Further submission details will be available on-line. The accepted  
papers will be published in the workshop proceedings and the ACM  
Digital Library

===================================================================
Committee

General Chairs:

Ehab Al-Shaer, DePaul University
Mohamed Gouda, UT Austin

TPC Co-Chairs

Jorge Lobo, IBM Watson
Sanjai Narain, Telcordia
Felix Wu, UC Davis

Technical Program Committee

Gail-Joon Ahn (Arizona State University)
Steven Bellovin (Columbia University)
Elisa Bertino (Purdue University)
Lorrie Cranor (Carnegie Mellon University)
Annarita Giani (UC Berkeley)
Vincent Hu (NIST)
Chin-Tser Huang (University of South Carolina)
George Kesidis (Pennsylvania State University)
Hong Li (Intel Corporation)
Ninghui Li (Purdue University)
Heather Lipford (University of North Carolina at Charlotte)
Alex Liu (Michigan State University)
Xinming Ou (Kansas State University)
Sanjay Rao (Purdue University)
Indrajit Ray (Colorado State University)
Subhabrata Sen (AT&T Labs - Research)
Mohamed Shehab (University of North Carolina at Charlotte)
Frederick Sheldon (Oak Ridge National Laboratory)
Sreedhar Vugranam (IBM T.J. Watson Research Center)
Jia Wang (AT&T Labs - Research)
Geoffrey Xie (Naval Postgraduate School)