C&ESAR 2012: CLOUD & SECURITY, THREAT OR OPPORTUNITY
Computer & Electronics Security Applications Rendez-vous

** Key dates

Submission deadline: June 11,2012 (via http://cesar-submission.rennes.supelec.fr)

Notification to authors: July 13,2012

Camera ready version: September 17,2012

Conference: November 20-21-22,2012, Rennes, France

** About C&ESAR
Every year since 1997,the French Ministry of Defense has organised an IT Security event to bring together governmental, industrial, and academic stakeholders around important themes in the field of information systems security (C&ESAR is the continuation of the former “Journées SSI”).

This event is both educational and scientific, with experts from across the IT security community, ranging from researchers to practitioners and decision makers. The three-day conference explores an important topic within the field of information security. We always strive to approach chosen themes from both a theoretical and practical perspective, and to consider the range of technologies at stake, from hardware to software and IT services. C&ESAR emphasizes an educational approach to help information security professionals with different backgrounds share a common understanding of complex issues. It is this inter-disciplinary approach within the IT security profession that will allow operational practitioners to learn about and anticipate future technological inflexion points, and for industry and academia to confront research and product development to operational realities of the field.

** C&ESAR 2012: Cloud and Security, threat or opportunity?

The adoption of cloud computing challenges existing IT operations and associated risk management models. Many security questions arise because of the way cost reductions afforded by cloud computing approaches tend to come at the cost of increased multi-tenancy of computing resources and consumption “as-a-service” of hosted computing services. This year, C&ESAR will focus on discussing what is different about cloud computing models as relates to security, from the sharing of applications, services or infrastructure across multiple IT domains, to the impact of new business eco-systems and economic frameworks on traditional governance approaches, to decoupling of application delivery from client device management. This year,C&ESAR will focus on understanding the impact to security management and governance of the IT transformation driven by “cloud”.

The conference is interested in papers and communications that cover the following topics. It will cover technical advances,operational challenges, as well as economic or regulatory implications of the adoption of cloud computing.

- Multi-tenant isolation techniques at the Infrastructure, Platform, or Software as-a-Service layers (e. g. Computing, storage, and networking virtualisation; multi-tenant software, and platform services), and assessment of their security properties.

- Management of security (updates,patches,…) in cloud architectures: hypervisor, OSs, network components, security components, applications…

- Security implications of end-user and data mobility in cloud-based infrastructure where business applications must be available from anywhere, at any time.

- Information security techniques for cloud-based architectures (e. g. encryption, integrity, secure erase, access control, auditing, forensics,etc. ).

- Acceleration of end-user device ‘consumerisation’ (e. g. smartphones, tablets, notebooks, etc. ).

- Information security risks associated to cloud architectures (e. g. side channel attacks in multi-tenant environments).

- Methodologies and case studies for the risk assessment of information systems based on cloud architectures.

- Modelling of security properties in solution architectures based on the cloud paradigm.

- Information flow security in hybrid cloud environments (private and public).

- Threats and attacks specific to cloud-based architectures.

- Exploitation of the move to cloud-based computing models for offensive purposes.

- Economic and business model changes in a cloud eco-system,and related analysis of their impact to risk management and governance of cloud-based solutions.

- Traceability,transparency, and governance challenges in cloud-based solutions (e. g. assessment of solutions, geographic distribution of customer data, privacy, etc.).

- Certification and evaluation of security properties in cloud based solutions.

- Regulatory implications and necessary legal advances with the move to cloud computing.

- Norms and standards for interoperability, compatibility and reversibility of cloud solutions and their security properties.

** Submission process

Submission proposals for communications and presentations should reach the program committee by June 11,2012 (3 to 8 pages). Submissions will be converted to PDF format and posted to the C&ESAR website (http://cesar-submission.rennes.supelec.fr). Each submission will include a title, the authors’ names, affiliations, and emails, a proposed category among « educational », « general », and « specialised »,as well as an abstract (approx. 15 lines) and a list of key words. The authors will be notified of acceptance by July 13,2012.

In a second phase,the authors whose papers are accepted must commit to address reviewer comments, and submit a final version of their papers (8 to 16 pages) by September 17,2012. This final submission will be done via the C&ESAR website in PDF format.

For C&ESAR 2012, every paper and communication will be submitted in English, in order to facilitate review by international experts. Selection criteria will include efforts to be clear and educational, as well as contribution to address and explore the topics highlighted in the call of papers. Specialized technical papers will be taken into consideration to the extent that they contribute to explaining and analysing the state of the art or its deficiencies, rather than presenting individual technical contributions. Accepted papers will be published in both online and printed versions in the proceedings of the conference.

**Steering Committee

José Araujo ANSSI, French Govt
Florent Chabaud DGSIC, MoD, French Govt
Yves Correc (Chair) DGA-MI, MoD, French Govt
Olivier Heen Technicolor
Ludovic Mé Supélec
Eric Wiatrowski Orange Business Services

** Program Committee

Gabriel Antoniu INRIA Rennes / IRISA
Jean-Francois Audenard Orange Business Services
Boris Balacheff (Chair) HP Labs
Emmanuel Bouillon NC3A,NATO
Yves Correc DGA-MI, MoD, French Govt
Hervé Debar Telecom Sud-Paris
Fabrice Derepas CEA
Paul England Microsoft
David Grawrock Intel
Olivier Heen Technicolor
Isabelle Hirayama ANSSI,SGDSN,French Govt
Trent Jaeger PennState University
Derrick Kondo INRIA / LIG
Volkmar Lotz SAP Labs
Andrew Martin Oxford University
Thierry Priol INRIA Rennes
Hervé Putigny ANSSI, SGDSN, French Govt
Dominique Rodrigues NanoCloud / CNRS GRD ASR
Ahmad Sadeghi T.U. Darmstadt
Simon Shiu HP Labs
Paul Waller CESG, UK Govt