[ecoop-info] ICST - CALL FOR PAPERS - SECOVAL 2007
info at icstconferences.org
info at icstconferences.org
Tue Apr 17 14:15:03 CEST 2007
The 3RD Annual Workshop on the Value of Security through Collaboration
in cooperation with IEEE/CREATE-NET SECURECOMM '07
Aims and scope of SECOVAL:
Security is usually centrally managed, for example in the form of
policies duly executed by individual nodes. The SECOVAL workshop
covers the alternative trend of using collaboration and trust to
provide security. Instead of centrally managed security policies,
nodes may use specific knowledge (both local and acquired from other
nodes) to make security-related decisions. For example, in
reputation-based schemes, the reputation of a given node (and hence
its security access rights) can be determined based on the
recommendations of peer nodes. As systems are being deployed on
ever-greater scale without direct connection to their distant home
base, the need for self-management is rapidly increasing. Interaction
after interaction, as the nodes collaborate, there is the emergence of
a digital ecosystem. By guiding the local decisions of the nodes, for
example, with whom the nodes collaborate, global properties of the
ecosystem where the nodes operate may be guaranteed. Thus, the
security property of the ecosystem may be driven by self-organizing
mechanisms. Depending on which local collaboration is preferred, a
more trustworthy ecosystem may emerge.
This year SECOVAL is focusing upon a special research subtopic within
the scope of collaborative security, namely, Privacy and Data
Sanitization. Any useful collaboration is at some point sharing
data. Unfortunately, data sharing is one of the greatest hurdles
getting in the way of otherwise beneficial collaborations. Data
regarding one's security stance is particularly sensitive, often
indicating ones own security weaknesses. This data could include
computer or network logs of security incidents, architecture
documents, or sensitive organizational information. Even when the data
may not compromise the data owner's security stance, sharing may
violate a customer's privacy. Data sanitization techniques such as
anonymization and other mechanisms such as privacy-preserving data
mining and statistical data mining try to address this tension between
the need to share information and protect sensitive information and
user privacy.
While papers will be considered that address any of the topics of
security through collaboration from previous years (e.g., benefits
from collaboration, methods of creating or measuring trust,
self-organizing coalitions and risk analysis), the focus of the
workshop will be around privacy and data sanitization. This topic is
further divided into three main areas, each answering the related
research questions. Contributions addressing at least one of these
areas are more likely to be accepted.
1. What are the fundamental issues that need to be addressed in the
areas of data sanitization and anonymization? What problems must be
solved to make current tools more effective and sharing more
wide-spread? One thing fundamentally missing from this area are
metrics to help evaluate the trade-off between information loss and
security/privacy. Metrics are needed to measure information loss,
and they are needed to measure the utility of the computer log or
data source after anonymization. A classification of the types of
attacks on anonymization schemes and a formal adversarial model is
lacking. Such a threat model would help to develop metrics of the
security provided by an anonymization scheme. Are there other basic
anonymization algorithms needed for special types of data? One of
the last new algorithms developed was prefix-preserving
anonymization for IP addresses. Sometimes anonymization needs to be
reversed once a problem has been found. How can this be done and
when is it practical? Finally, data injection attacks (e.g., an
adversary can inject events into a system knowing they will appear
in a later public release of anonymized data) are particularly to
difficult to protect against. What methods can be used to mitigate
such attacks on anonymization systems.
2. What are the practical problems that have yet to be addressed by
current anonymization systems? What new tools and frameworks exist
for the task? What are the economic implications of data
sanitization and preserving privacy? What are the legal issues
involved in protecting privacy, and how do they differ by
geo-political areas? How can anonymization utilities be made more
usable by a wider audience, and who are the potential consumers?
Interesting case studies of implementations of anonymization and
privacy enhancing technologies will be considered. Of particular
interest are case studies by industry of how they have addressed
these hurdles to data sharing. How can effective policies be
created and negotiated? Do we need a common anonymization policy
language, and what would we need in such a language? How can we
identify sensitive information especially in the context of
multiple data sources? What are some best practice guidelines that
one can follow before releasing or sharing sensitive data? Finally
special issues surrounding real-time anonymization and anonymity in
Peer-to-Peer systems is of interest.
3. What privacy and data sanitization issues are specific to data
bases and data mining? This would include traditional topics on
privacy-preserving data mining and statistical databases. It would
also include topics on inference attacks and data aggregation. Much
of the research in this area has focused on privacy preserving
transformations that would minimally alter traditional data mining
functions (e.g., link analysis and clustering). Submissions
focusing on less traditional data mining functions are especially
encouraged. Another problem with anonymization is data mining
across sets anonymized by different parties in different ways. New
methods should be created for collaborative anonymization that
makes mappings consistent between contributing parties but
irreversible to all.
Topics of interest to the workshop include, but are not limited to:
* Legal aspects of privacy and anonymization
* Economic issues of privacy enhancing tech
* Data sanitizing and privacy enhancing tools
* Data sharing and anonymization case studies
* Real-time anonymization issues
* Anonymization policy creation & negotiation
* Data sharing & sanitizing best practices
* Anonymity in Peer-to-Peer networks
* Classification of attacks against anonymization
* Metrics of utility, anonymization strength and information loss
* Anonymization / privacy-preserving algorithms
* Data injection and inference attacks
* Identification of sensitive fields and data
* Privacy-preserving Data Mining
* Statistical databases and protection of sensitive information
* Data mining multiple anonymized data sources
* Consistent pseudonym mappings in multi-party anonymization
* Identification of data sources and types useful to share for
collaborative computer security
* Insights from industry and case studies
* Usability issues of current anonymization tools
We welcome submissions from industry and are contemplating a special
industry track. Whether we dedicate an entire track to this depends
upon responses in this area, of course.
Submission Details:
Submission guidelines are posted on the SECOVAL
2007 website (http://www.trustcomp.org/secoval/), which always
contains the latest updates:
Authors are invited to submit papers formatted according to IEEE
conference style 2-column (from a 2-page extended abstract to 10 pages
limit). Paper submissions should be sent via the online management
system available at http://www.trustcomp.org/secoval/. Submissions
will be accepted until 23:59 GMT, May 18, 2007.
Important Dates:
May 31, 2007: Expression of interest to participate to the workshop
and submit a paper.
June 3, 2007: Paper submissions (until 23:59 GMT).
June 24, 2007: Author notification.
July 22, 2007: Camera-ready copy according to IEEE conference style
2-column proceedings.
Sep. 17, 2007: SECURECOMM in Nice, France
End of 2007: Preparation of the Journal special issue.
Workshop Co-chairs:
Adam Slagell NCSA, University of Illinois at Urbana-Champaign, USA
Kiran Lakkaraju NCSA, University of Illinois at Urbana-Champaign, USA
J.M. Seigneur University of Geneva, Switzerland
Stephen Marsh National Research Council of Canada
Program Committee:
Adam Slagell NCSA, University of Illinois at Urbana-Champaign, USA
Ayman Kayssi University of Beirut, Lebanon
Bill Yurcik Army Research Lab at Aberdeen Proving Grounds, USA
Daniele Quercia University College London, UK
Dieter Sommer IBM Research, Switzerland.
Giannis F. Marias University of Athens, Greece
Himanshu Khurana NCSA, University of Illinois at Urbana-Champaign, USA
Jim Basney NCSA, University of Illinois at Urbana-Champaign, USA
J.M. Seigneur University of Geneva, Switzerland
Joerg Abendroth Nokia Siemens Networks, Germany
Kiran Lakkaraju NCSA, University of Illinois at Urbana-Champaign, USA
Konrad Wrona SAP Research, France
Lalana Kagal Massachusetts Institute of Technology, USA
Licia Capra University College London, UK
Michael Kinateder SAP, Germany
Nikita Borisov University of Illinois at Urbana-Champaign, USA
Noria Foukia University of Otago, New Zealand
Pierpaolo Dondio Trinity College Dublin, Ireland.
Piotr Cofta British Telecom, UK.
Richard Anthony University of Greenwich, UK
Ron Dodge United States Military Academy, USA
Simson Garfinkel Naval Post Graduate School, USA
Sini Ruohomaa University of Helsinki, Finland
Stephen Marsh National Research Council of Canada
Victor S. Grishchenko Ural State University, Russia
Zoran Despotovic DoCoMo Communications Laboratories Europe, Germany
For more information please visit: http://www.trustcomp.org/secoval/
or send an email to secoval at trustcomp.org.
--------------------------------------------------
You are reading ICST conference newsletter. To report any kind of abuse, please contact admin at icst.org.
To unsubscribe, please visit the following page: http://icstconferences.org/unsubscribe.php?p=htzqgjovll and enter your email address.
More information about the ecoop-info
mailing list