CALL FOR PAPERS IEEE SafeConfig 2013 -------------------- 6th Symposium on Security Analytics and Automation (www.safeconfig.org) (collocated with IEEE Conference on Communications and Network Security) Washington, D.C., USA October 14, 2013 Sponsors: IEEE (COMSOC). Important Dates Abstract Registration Deadline: June 25 Manuscript Submission: July 1, 2013 Review Notification: August 7, 2013 Camera Ready: August 15, 2012 Conference Dates: October 14, 2012 The new sophisticated cyber security threats demand new security management approaches that offer a holistic security analytics based on the system data including configurations, logs and network traffic. Security analytics must be able to handle large volumes of data in order to model, integrate, analyze and respond to threats at real time. The system configuration/policy is a key component that determines the security and resiliency of networked information systems and services. However, a typical enterprise networked environment contains thousands of network and security devices and millions of inter-dependent configuration variables (e.g., rules) that orchestrate the end-to-end system behavior globally. As the current technology moves toward "smart" cyber infrastructure and open networking platforms (e.g. OpenFlow and virtual computing), the need for security analytics and automation significantly increases. The coupled integration of network sensor data and configuration in a unified framework will enable intelligent response, automated defense, and network resiliency/agility. This symposium offers a unique opportunity by bringing together researchers form academic, industry as well as government agencies to discuss these challenges, exchange experiences, and propose joint plans for promoting research and development in this area. SafeConfig Symposium is a one day program that will include invited talks, technical presentations of peer-reviewed papers, poster/demo sessions, and joint panels on research collaboration. SafeConfig Symposium solicits the submission of original unpublished ideas in 8-page long papers, 4-page sort papers, or 2-pages posters. Security analytics and automation for new emerging application domains such as clouds and data centers, cyber-physical systems software defined networking and Internet of things are of particular interest to SafeConfig community. Topics (but are not limited to) Science of Security Analytics and Automation: • Security metrics. • Abstract models and languages for configuration specification. • Formal semantics of security policies. • Model composition and integration. • Autonomic defense and configuration. • Integration of sensor information and policy configuration. • Theory of defense-of-depth. • Security games. • Attack prediction and attribution. Security Analytics Techniques: • Techniques: formal methods, statistical, interactive visualization, reasoning, etc. • Methodology: multi-level, multi-abstraction, hierarchical etc. • Analytics under uncertainty. • Security analytics using heterogeneous sensors. • Automated configuration verification. • Integrated network and host configuration. • Configuration testing, forensics, debugging and evaluation. • Analytics of attacks motive and attribution. • Tools and case studies. • Security analytics for wireless sensors and MANET. • Security policy management. • Accountability and provenance. • Attack forensics and automated incident analysis. Security Automation Techniques: • Automated security hardening and optimization • Security synthesis and planning. • Policy/Configuration refinement and enforcement. • Health-inspired security. • Risk-aware and context-aware security. • Cyber agility and moving target defense. • Security configuration economics. • Continuous monitoring. • Usability issues in security management. • Automated patch management. • Automated attack response and alarm management. Submission Guidelines EDAS Paper/Abstract submission link for SafeConfig 2013 can be found at www.safeconfig.org. Papers must present original work and must be written in English. We require that the authors use the IEEE format for papers, using one of the IEEE Proceeding Templates. We solicit two types of papers, regular papers and position papers. The length of the regular papers in the proceedings format should not exceed 8 US letter pages excluding well-marked appendices. Committee members are not required to read the appendices, so papers must be intelligible without them. Short papers and posters may not exceed 4, and 2 pages, respectively. Papers are to be submitted electronically as a single PDF file at www.edas.info. Authors of accepted papers must guarantee that their papers will be presented at the conference. TPC Co-Chairs James Joshi, University of Pittsburgh , USA Ehab Al-Shaer, UNC Charlotte, USA