Fourth International Workshop on Analysis of Security APIs July 21 2010, Edinburgh, Scotland A satellite workshop of CSF, part of FLoC 2010 http://www.lsv.ens-cachan.fr/~steel/asa4/ Aim and Format Security APIs allow untrusted code to access sensitive resources in a secure way. They arise naturally, for example, in the context of tamper resistant cryptographic hardware or web based services. Security API analysis is an emerging field of computer security research. The aim of the ASA workshop is to bring together researchers working in security API analysis for a day of presentations and discussions. Since the field is relatively young, polished research papers will not be solicited. Instead, the workshop will follow the format that was highly successful at ASA in 2007-9: prospective participants are invited to submit a short (1-4 page) abstract describing their current work and/or interests in the area. Early work or work submitted elsewhere is welcome - abstracts will be distributed to participants, but there will be no formal proceedings. We plan to have sessions of 20-minute talks, with each session followed by informal discussion. There will also be a workshop dinner in the evening, and subject to confirmation, an invited speaker. Scope The scope of ASA runs from theoretical results and formalisms for API analysis right through to applications and empirical results with security APIs deployed `in the field'. Applications of interest include (but are not limited to) financial applications (e.g. APIs of Hardware Security Modules), smartcard APIs, the Trusted Computing Architecture, and security APIs for web based systems. Submission Submission is via the easychair website. Please use the EasyChair latex class file (http://www.easychair.org/coolnews.cgi) if you're preparing your abstract with LaTeX (if you have to use something else, we'll negotiate). Submit your 1-4 page extended abstract at: http://www.easychair.org/conferences/?conf=asa4 Deadline for extended abstracts: April 5th 2010 All submissions will be reviewed by the PC for relevance and interest. Notification of acceptance/rejection will be given by April 25th, giving time to register for the workshop at the early registration rate. Programme Committee * Mike Bond, Cryptomathic * Dan Cvrcek, Deloitte & Brno University of Technology * Ralf Kuesters, Universität Trier * Joshua D. Guttman, Worcester Polytechnic Institute * Graham Steel, LSV, INRIA & CNRS & ENS-Cachan (chair)