posted by user: gamblerf || 5903 views || tracked by 6 users: [display]

CSAW - SERVICES 2013 : 2013 Cloud Security Auditing Workshop

FacebookTwitterLinkedInGoogle

Link: http://www.csaw2013.org
 
When Jun 27, 2013 - Jul 2, 2013
Where Santa Clara, CA USA
Submission Deadline Mar 18, 2013
Notification Due Apr 5, 2013
Final Version Due Apr 15, 2013
Categories    security   services   cloud   auditing
 

Call For Papers

Security concerns are a major impediment to the widespread adoption of cloud services. Cloud services often deal with sensitive information and operations. Thus, cloud service providers must provision services to rapidly identify security threats for increased information assurance. In addition, when a threat is identified or an attack is detected, incident reporting should be timely and precise to allow cloud tenants and users to respond appropriately. Detection and reporting require meta-information to be captured across the cloud in order to audit and monitor it for potential threats that may lead to attacks and to discern when and where an attack has already occurred.

Capturing security relevant information and auditing the results to determine the existence of security threats in the cloud is challenging for multiple reasons. Cloud tenants rely on the cloud for diverse tasks and have services and data that may require isolation or be provisioned for composition with other services in cloud applications. Organizations may not have the logging capabilities in place for their services or may not be predisposed to share the information. Cloud management services are needed to log relevant events at their endpoints, including user interactions and interactions within the cloud federation. Consistent formats for capturing events and generating logs to be hosted within the cloud are not specified as part of current service level agreements (SLAs). Near real-time analysis is needed for prediction of potential threats in order to respond quickly to prevent an attack. Centralized analysis of information captured may present too much overhead for timely alerts and incident reporting. But distributed analysis must guarantee that the partial information it uses is sufficient to determine a threat. All analyses must consider the configuration of the cloud and its tenant services and resources.

The goal of this one day workshop is to bring together researchers and practitioners to explore and assess varied and viable technologies for capturing security relevant events throughout the cloud and performing monitoring and analyses on the captured information to detect, prevent, and mitigate security threats.

LIST OF TOPICS
• Languages and protocols for specifying, composing, and analyzing security-relevant, distributed logs of audit data from a cloud-wide perspective
• Cloud security, threat modeling, and analysis, including centralized/distributed attack detection and prediction/prevention algorithms based on audited information, and automated tools for capturing, integrating, and analyzing cloud audit data
• Algorithms and protocols for audit data stream delivery, manipulation, and analysis for big cloud audit data
• Access control and information flow control models for disclosure and modification of sensitive cloud audit data
• Methods for expressing and representing the cloud infrastructure and configuration to influence logging and monitoring processes
• Information assurance (authenticity, integrity, confidentiality and availability) of cloud audit data, including security and privacy policies and compliance with security controls such as NIST sp800-53 and Cloud Security Alliance guidance 3.0
• Service-level agreements that formalize and guarantee logging and analysis capabilities

IMPORTANT DATES
Paper Submission Deadline: March 18, 2013
Decision Notification: April 5, 2013
Camera Ready Copy and Pre-registration Deadline: April 15, 2013

SUBMISSION GUIDELINES
The workshop invites authors to submit original papers that have not been previously published and are not currently under review for publication elsewhere. The workshop will accept a combination of long papers (maximum of 8 pages) and short papers (maximum of 4 pages). Accepted and presented papers will appear in the IEEE SERVICES 2013 conference proceedings published by the IEEE Computer Society Press. At least one author of an accepted paper must register for the conference and present the paper. In addition, all authors will have the opportunity to display a poster during the workshop to foster continued discussion.

IEEE Conference Proceedings Templates:
Submitted papers must be formatted using the IEEE Proceedings template in WORD or in Latex or using http://www.ieee.org/conferences_events/conferences/publishing/templates.html.
The CSA Workshop 2013 Paper Submission Portal:
Authors upload the paper to http://www.confhub.com/conf.php?id=285. You will need to register with confhub if you do not have an account on the system.

WORKSHOP CHAIRS
Rose Gamble, University of Tulsa, gamble@utulsa.edu
Indrakshi Ray, Colorado State University, iray@cs.colostate.edu
Keesook J. Han, Air Force Research Laboratory, keesook.han@rl.af.mil

Related Resources

ACM AICCC 2024   ACM--2024 7th Artificial Intelligence and Cloud Computing Conference (AICCC 2024)
IEEE COINS 2024   IEEE COINS 2024 - London, UK - July 29-31 - Hybrid (In-Person & Virtual)
CEVVE 2024   2024 2nd International Conference on Electric Vehicle and Vehicle Engineering (CEVVE 2024)
GECON 2024   GECON 2024 : 20th Intl Conf on Economics of Grids, Clouds, Systems and Services
CSW 2024   2024 3rd International Conference on Cyber Security
Security 2025   Special Issue on Recent Advances in Security, Privacy, and Trust
AIFU 2024   10th International Conference on Artificial Intelligence and Applications
ICBICC 2024   2024 International Conference on Big Data, IoT, and Cloud Computing (ICBICC 2024)
CIoT 2024   6th International Conference on Internet of Things
ADMIT 2024   2024 3rd International Conference on Algorithms, Data Mining, and Information Technology (ADMIT 2024)