[asterisk-security] Call for Papers: IEEE SafeConfig Symposium (deadline: August 20)

Xie, Geoffrey (Geoff) (CIV) xie at nps.edu
Tue Jun 19 14:48:24 CDT 2012 

SafeConfig 2012

 -- IEEE 5th Symposium on Configuration Analytics & Automation



Octobers 3-4, 2012


Baltimore, Maryland, USA


http://www.safeconfig.org


CALL FOR PAPERS

Configuration is a key component that determines the security, performance and reliability of networked systems and services. A typical enterprise network contains thousands of network and security appliances such as firewalls, IPSec gateways, IDS/IPS, authentication servers, proxies, load balancers, QoS routers, virtual overlays, mobility managers, etc. and all these devices must be configured uniformly considering their functional and logical inter-dependency in order to enforce global polices and requirements. ISP operators face a similar challenge in their configuration of routing policy. As the current technology moves toward “smart” cyber infrastructure and open configurable platforms (e.g., OpenFlow and virtual cloud computing), the need for configuration analytics and automation significantly increases. Automated and provable synthesis, refinement, validation and tuning of configurations parameters such as policy rules, variables or interfaces are required for supporting assurable, secure and sustainable networked services.

Configuration complexity places a heavy burden on both regular users and experienced administrators and dramatically reduces overall network assurability and usability. For example, a December 2008 report from the Center for Strategic and International Studies, “Securing Cyberspace for the 44th Presidency,” states that “inappropriate or incorrect security configurations were responsible for 80% of Air Force vulnerabilities” and a May 2008 report from Juniper Networks, Inc., “What is Behind Network Downtime?” states that “human factors [are] responsible for 50 to 80 percent of network device outages”.
This symposium offers a unique opportunity by bringing together researchers form academia, industry as well as government agencies to discuss these challenges, exchange experiences, and propose joint plans for promoting research and development in this area. The two-day program will include invited talks, technical presentation of peer-reviewed papers, poster/demo sessions, and joint panels on research collaboration, funding and technology transfer opportunities. Specifically, we solicit the submission of original unpublished ideas in 8-page long papers, 4-page short papers, 2-pages posters and demos on one of the following or related domains/topics. Selected accepted papers will be invited for submission as book chapters. Anonymous submissions are allowed.

TOPICS INCLUDE BUT ARE NOT LIMITED TO:

Application-specific Configuration Analysis:

• Enterprise Networking for Clouds and Data Centers.

• Cyber-Physical Systems and Intelligent Infrastructure (e.g., Smart Grid, remote medical systems, transportation, building etc)

• Mission-critical Networking (sensor-actuator, and ad hoc networks)

• Overlay and Virtual and Mobile Systems

• Server, VM, storage network and database configuration management

Science of Configuration:

• Abstract models and languages for configuration specification

• Formal semantics of security policies

• Configuration composition and integration 

• Autonomic and self-configuration (auto-tune and auto-defense)

• Integration of sensor information and policy configuration

• Theory of defense-of-depth 

• Configuration for sustainability

• Configuration as a game

• Configuration synthesis, remediation and planning 

• Smart Configuration

• Configuration accountability

• Configuration provenance

• Declarative and virtual configuration

Analytics:

• Techniques: formal methods, statistical, interactive visualization, reasoning, etc 

• Methodology: multi-level, multi-abstraction, hierarchical etc.

• Integrated Analytics for security, reliability and QoS assurance.

• Analytics under uncertainty

• Security analytics using heterogeneous sensors

• Automated verification of system configuration and integration

• Configuration Metrics

• Integrated network and host configuration

• Configuration testing, forensics, debugging and evaluation

• Analytics of cyber attacks and terrorism

• Misconfiguration (forensics) root cause analysis

• Tools and case studies

• DNS, DNS-SEC, inter, intra-domain and QoS routers configuration management 

• Wireless, sensor and MANET configuration management

• RBAC configuration management

Automation and Optimization:

• Configuration refinement and enforcement

• Health-inspired and 0-configuraiton

• Risk-aware and Context-aware adaptation

• Machine-based configuration synthesis and enforcement

• Moving target defense and polymorphic networks

• Configuration Economics: balancing goals and constraints

• Continuous monitoring

• Usability issues in security management

• Automated signature and patch management

• Automated alarm management

• Configuration management in name resolution, inter-domain routing, and virtualized environments

• Survivable complex adaptive system

Open Interfaces, Standardization and Management:

• SCAP-based solutions (Security Content Automation Protocol)

• Configuration sharing (for cloud, agencies, companies)

• Configuration provenance
• Usability: human factors and cognitive science

• Abstraction and frameworks: evolutionary and clean slate approaches

• Protecting the privacy and integrity of security configuration

• Configuration Management case studies or user studies


SUBMISSION GUIDELINES:

• EDAS Paper/Abstract submission link for SafeConfig 2012 is:

  http://www.edas.info/newPaper.php?c=12925


• If you are new to EDAS, please visit this page:

  http://edas.info/doc/authors.html

Papers must present original work and must be written in English. We require that the authors use the IEEE format for papers, using one of the IEEE Proceeding Templates. We solicit two types of papers, regular papers and position papers. The length of the regular papers in the proceedings format should not exceed 8 US letter pages, excluding well-marked appendices. Committee members are not required to read the appendices, so papers must be intelligible without them. Short papers may not exceed 4 pages. All papers are to be submitted electronically as a single PDF file. Authors of accepted papers must guarantee that their papers will be presented at the conference.

IMPORTANT DATES:

Abstract Registration: August 15, 2012

Submission: August 20, 2012



Review Notification: September 10, 2012

Camera Ready: September 20, 2012

Conference Dates: October 3-4, 2012


ORGANIZING COMMITTEE

General Chairs:
    John Banghart (NIST)
    Ehab Al-Shaer (UNC Charlotte)

Program Chairs:
    Geoffrey Xie (Naval Postgraduate School)
    Simon Ou (Kansas State Univ.)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.digium.com/pipermail/asterisk-security/attachments/20120619/7c018098/attachment.htm>

More information about the asterisk-security mailing list