[Tccc] SAFECONFIG extended deadline (ASAP pls) (fwd)

Carlos Becker Westphall westphal
Thu Sep 8 23:35:59 EDT 2011


---------- Forwarded message ----------
Date: Tue, 6 Sep 2011 13:56:21 -0400
From: Ehab Al-Shaer <ealshaer at uncc.edu>
To: 'Carlos Becker Westphall' <westphal at inf.ufsc.br>
Cc: 'Ehab Al-Shaer' <ealshaer at uncc.edu>
Subject: SAFECONFIG extended deadline (ASAP pls)

Hi Carlos

Can you please forward this the CFP for SAFECONFIG (Extended Deadline) to
all CCS and NOMS mailing list. Thanks


CALL FOR PAPERS

SafeConfig 2011: 4th Symposium on Configuration Analytics and Automation
Arlington, VA, USA
October 31 - November 1, 2011
Sponsors: NIST (and Technical Co-Sponsorship pending from IEEE and ACM)

Important Dates:
Submission: Deadline. September 19, 2011
Camera Ready: October 17, 2011

Configuration is a key component that determines the security, performance
and reliability of
networked systems and services. A typical enterprise network contains
thousands of network and security appliances such as firewalls, IPSec
gateways, IDS/IPS, authentication servers, authorization, proxies, load
balancer, QoS routers, virtual overlays, mobility managers etc, that must be
configured uniformly considering their functional and logical
inter-dependency in order to enforce global polices and requirements. As the
current technology moves toward "smart" cyber infrastructure and open
configurable platforms (e.g., OpenFlow and virtual cloud computing), the
need for configuration analytics and automation significantly increases. The
automated and provable synthesis, refinement, validation and tuning of
configurations parameters such as polices, rules, variables or interfaces
are required for supporting assurable, secure and sustainable networked
services.
Configuration complexity places a heavy burden on both regular users and
experienced administrators and dramatically reduces overall network
assurability and usability. For example, a December 2008 report from Center
for Strategic and International Studies "Securing Cyberspace for the 44th
Presidency" states that "inappropriate or incorrect security configurations
were responsible for 80% of Air Force vulnerabilities" and a May 2008 report
from Juniper Networks "What is Behind Network Downtime?" states that "human
factors [are] responsible for 50 to 80 percent of network device outages".
This symposium offers a unique opportunity by bringing together researchers
form academic, industry as well as government agencies to discuss these
challenges, exchange experiences, and propose joint plans for promoting
research and development in this area. SafeConfig Symposium program will
include invited talks, technical presentation of peer-reviewed papers,
poster/demo sessions, and joint panels on research collaboration, funding
and technology transfer opportunities. SafeConfig Symposium solicit the
submission of original unpublished ideas in 8-page long papers, 4-page short
papers, 2-pages posters and demos on one of the following or related
domains/topics. Selected accepted papers will be invited for submission as
book chapters.

Topics (but are not limited to)

Application-specific Configuration Analysis:
. Enterprise Networking for Clouds and Data Centers. . Cyber-Physical
Systems and Intelligent Infrastructure (e.g., Smart Grid, remote medical
systems, transportation, building etc) . Mission-critical Networking
(sensor-actuator, and ad hoc networks) . Overly and Virtual and Mobile
Systems
Science of Configuration: . Abstract models and languages for configuration
specification . Formal semantics of security policies . Configuration
composition and integration . Autonomic and self-configuration (auto-tune
and auto-defense) . Integration of sensor information and policy
configuration . Theory of defense-of-depth . Configuration for
sustainability . Configuration as a game . Configuration synthesis,
remediation and planning . Smart Configuration . Configuration
accountability . Configuration provenance . Declarative and virtual
configuration

Analytics:
. Techniques: formal methods, statistical, interactive visualization,
reasoning, etc . Methodology: multi-level, multi-abstraction, hierarchical
etc. . Integrated Analytics for security, reliability and QoS assurance. .
Analytics under uncertainty . Security analytics using heterogeneous sensors
. Automated verification of system configuration and integration .
Configuration Metrics . Integrated network and host configuration .
Configuration testing, forensics, debugging and evaluation . Analytics of
cyber attacks and terrorism . Misconfiguration (forensics) root cause
analysis . Tools and case studies . DNS, DNS-SEC, inter, intra-domain and
QoS routers configuration management . Wireless, sensor and MANET
configuration management . Servers, VMs, storage network and database
configuration management . RBAC configuration management

Automation and Optimization:
. Configuration refinement and enforcement . Health-inspired and
0-configuraiton . Risk-aware and Context-aware adaptation . Machine-based
configuration synthesis and enforcement . Moving target defense and
polymorphic networks . Configuration Economics: balancing goals and
constraints . Continuous monitoring . Usability issues in security
management . Automated signature and patch management . Automated alarm
management . Configuration management in name resolution, inter-domain
routing, and virtualized environments . Survivable complex adaptive system

Open Interfaces, standardization and management:
. SCAP-based solutions (Security Content Automation Protocol) .
Configuration sharing (for cloud, agencies, companies) . Configuration
provenance . Usability: human factors and cognitive science . Abstraction
and frameworks: evolutionary and clean slate approaches . Protecting the
privacy and integrity of security configuration . Configuration Management
case studies or user studies

Submission Guidelines

Papers must present original work and must be written in English. We require
that the authors use the IEEE format for papers, using one of the IEEE
Proceeding Templates. We solicit two types of papers, regular papers and
position papers. The length of the regular papers in the proceedings format
should not exceed 8 US letter pages, excluding well-marked appendices.
Committee members are not required to read the appendices, so papers must be
intelligible without them. Short papers may not exceed 4 pages. Papers are
to be submitted electronically as a single PDF file at www.edas.info.
Authors of accepted papers must guarantee that their papers will be
presented at the conference.

TPC Co-Chairs:

Ehab Al-Shaer, UNC Charlotte
Tony Sager, National Security Agency
Harigovind V Ramasamy, IBM Research

General Chair:

John Banghart, National Institute of Standards and Technology (NIST)

Steering Committee:

Ehab Al-Shaer, UNC Charlotte
Krishna Kant, Intel / NSF
Sanjai Narain, Telcordia





More information about the TCCC mailing list