Fourth Cyber Security and Information Intelligence Research Workshop
Oak Ridge National Laboratory, Oak Ridge, TN, May 12-14, 2008

Sponsored by Federal Business Council, Inc.
In cooperation with ACM and EUROSIS


  Mar 03  Extended to Mar 17: abstracts (up to 3 pgs) submitted
  Mar 17  Extended to Mar 24: author notification (visitation req URL)
  Apr 03  Foreign National visitation request (HARD deadline)
  May 09  Subm of slides (10 pgs 2 slides/pg) & revised abstracts

  Jun 15  Subm of full papers (optional) to HICSS CSIIR Minitrack
               Prelim CSIIRM CFP available at

  Jun 16  Publication CSIIR Workshop Proceedings in ACM Digital Library
               Extended abstracts and presentations


As our dependence on the cyber infrastructure grows ever larger, more
complex and more distributed, the systems that compose it become more
prone to failures and/or exploitation. Intelligence is information
valued for its currency and relevance rather than its detail or
accuracy.  Information explosion describes the pervasive abundance of
(public/private) information and the effects of such. Gathering,
analyzing, and making use of information constitutes a business- /
sociopolitical- / military-intelligence gathering activity and
ultimately poses significant advantages and liabilities to the
survivability of "our" society.  The combination of increased
vulnerability, increased stakes and increased threats make cyber
security and information intelligence (CSII) one of the most important
emerging challenges in the evolution of modern cyberspace


The aim of this workshop is to discuss (and publish) novel theoretical
and empirical research focused on (the many) different aspects of
software security/dependability, because as we know, the heart of the
cyber infrastructure is software. The scope of the workshop covers a
wide range of methodologies, techniques, and tools (i.e., applications)
to (1) assure, measure, estimate and predict software
security/dependability and (2) analyze and evaluate the impact of such
applications on software security/dependability.

We encourage researchers and practitioners from a wide swath of
professional areas (not only the programmers, designers, testers, and
methodologists but also the users and risk managers) to participate so
that we can better understand the needs (requirements), stakes and the
context of the ever evolving cyber world; where software forms the core
and security/dependability are crucial properties that must be built-in
or baked on and maintained. Secure systems must be dependable and
dependable systems fail if they are not secure. We look to software
engineering to help provide us the products and methods to accomplish
these goals.


We aim to challenge, establish and debate a far-reaching agenda that
broadly and comprehensively outlines a strategy for cyber security and
information intelligence that is founded on sound principles
and technologies, including and not limited to:

 + Better precision in understanding existing and emerging
      vulnerabilities and threats.

 + Advances in insider threat detection, deterrence, mitigation and

 + Game-changing ventures, innovations and conundrums
      (e.g., quantum comp., QKD, phishing, malware market, botnet/DOS)

 + Assuring security, survivability and dependability of our critical

 + Assuring the availability of time-critical scalably secure systems,
      information provenance and security with privacy.

 + Observable/ measurable/ certifiable security claims, rather than
      hypothesized causes.

 + Methods that enable us to specify security requirements, formulate
      security claims, and certify security properties.

 + Assurance against known and unknown (though perhaps pre-modeled)

 + Mission fulfillment, whether or not security violations have taken
      place (rather than chasing all violations indiscriminately).


  +  Dick Kemmerer, Security Group, UC Santa Barbara
  +  Michael Franz, Secure Systems and Software Laboratory, UC Irvine
  +  Ravi Iyer, Director Coordinated Science Laboratory, UIUC
  +  Jeff Voas, Director of System Assurance, SAIC
  +  Brian Witten, Director of Government Research, Symantec
  +  Mike McDuffie VP, Patrick Arnold CTO, Pub. Sector Serv., Microsoft
  +  Keynote Panel From Application to Network Security Engineering:
       Theory and Practice


Participants are invited to submit extended abstracts of no more than
three pages (single-spaced) on or before Mar. 3rd to
Read the full instructions here:


General Chair:
  +  Frederick T. Sheldon, Computational Sciences and Engineering Div.
      Oak Ridge National Laboratory

Program Co-Chairs:

  +  Ali Mili, College of Computing Science
      New Jersey Institute of Technology
  +  Axel Krings, Computer Science Department
      University of Idaho