Call for Papers =============== InSPEC 2009 2nd International Workshop on Security and Privacy in Enterprise Computing in conjunction with the 13th IEEE International EDOC Conference 2009 Auckland, New Zealand, 31 August - 4 September 2009 http://sesar.dti.unimi.it/InSPEC2009/ In recent years several technologies have emerged for enterprise computing. Workflows are now widely adopted by industry and distributed workflows have been a topic of research for many years. Today, services are becoming the new building blocks of enterprise systems and service-oriented architectures are combining them in a flexible and novel way. In addition, with wide adoption of e-commerce, business analytics that exploits multiple, heterogeneous data sources have become an important field. Ubiquitous computing technologies, such as RFID or sensor networks change the way business systems interact with their physical environment, such as goods in a supply chain or machines on the shop floor. All these technological trends are accompanied also by new business trends due to globalization that involve innovative forms of collaborations such as virtual organizations. Further, the increased speed of business requires IT systems to become more flexible and highly dynamic. All of these trends bring with them new challenges to the security and privacy of enterprise computing. We are increasingly relying on IT systems for our daily business including essential utilities such as water and power. The traditional forms of computer security need to be enhanced to address the distributed nature and multiple administrative domains of conducting business. For example, algorithms for incorporating the new business practices need to be identified for access control. Similarly, data confidentiality cannot be provided on the network layer alone anymore, it needs to be built into applications and processes that span across various domains. The enhanced data sharing calls for innovative algorithms and protocols that respect the users security needs. Novel cryptographic techniques need to be developed and established ones evaluated for industrial adoption. In addition to the security measures, this new generation of distributed systems requires techniques for ensuring compliance with regulations on governance and privacy of data, including those asserted by government and regulatory agencies. New concepts for solving these challenges require the combination of many disciplines from computer science and information systems, such as cryptography, networking, distributed systems, process modeling and design, access control, privacy etc. It is the goal of this workshop to provide a forum for exchange of novel research in these areas among the experts from academia and industry. Completed work as well as research in progress is welcome, as we want to foster the exchange of novel ideas and approaches. Topics of interest include but are not limited to: * Security and privacy in workflow systems o Access and usage control architectures o Modeling of security and privacy constraints o Automatic security augmentation o Information flow properties * Security and privacy in service-oriented architectures o Secure composition of services o Semantic aware security o Security services * Security analysis of business systems o Threat and vulnerability analysis o Modeling of and reasoning about distributed security policies o Forensic analysis o Multi-layers audits o Risk analysis * Identity Management o Security and privacy o Applications to compliance o Effective use in business IT systems * Data sharing o Cryptographic protection during data sharing o Privacy-preserving distributed applications o Efficient multi-party computations o Privacy and data sharing policies * Security and privacy in management information systems o Novel secure applications o Secure and private data analytics o Flexible and seamless security architectures * Collaborations o Secure and private supply chains o Security and privacy in virtual organizations o Private social network and Web 2.0 applications o Security and privacy in outsourcing Workshop Chairs Rafael Accorsi (University of Freiburg, Germany) Ernesto Damiani (University of Milan, Italy) Frank Innerhofer-Oberperfler (University of Innsbruck, Austria) Florian Kerschbaum (SAP Research, Germany) Program Committee Ruth Breu (University of Innsbruck, Austria) Marco Casassa-Mont (HP Research Labs Bristol, UK) Octavian Catrina (International University, Germany) David Chadwick (University of Kent, UK) Wenliang Du (Syracuse University, USA) Isao Echizen (NII, Japan) Keith Frikken (University of Miami, Ohio, USA) Dieter Hutter (DFKI, Germany) Jörn Müller-Quade (University of Karlsruhe, Germany) Alexander Pretschner (University of Kaiserslautern, Germany) Seth Proctor (Sun Microsystems Labs, USA) Roland Rieke (Fraunhofer IESE, Germany) Riccardo Scandariato (KU Leuven, Belgium) Andreas Schaad (SAP Research, Germany) Anoop Singhal (NIST, USA) Ketil Stolen (SINTEF, Norway) Duminda Wijesekera (George Mason University, USA) Jon Whittle (Lancaster University, UK) Important Dates Paper submission deadline: 31 May 2009 Paper acceptance notification: 12 July 2009 Camera ready of papers: 24 July 2009 Submission Instructions Authors are invited to submit previously unpublished, high-quality papers. Submitted papers must be unpublished and must not be currently under review for any other publication. Submissions can be either short papers of at most 4 pages length or full papers of at most 8 pages length. All papers should be formatted in IEEE Computer Society format and include the author's name, affiliation and contact details. Guidelines and templates for the IEEE format are available at the IEEE Computer Society site (http://www.computer.org/portal/pages/cscps/cps/cps_forms.html). At least one author of every accepted paper MUST register for the Workshop and present the paper. The workshop proceedings will be published on the conference CD-ROM. Previous years workshop proceedings have appeared in the IEEE Digital Library and it is expected (but yet to be confirmed) that all accepted papers of this year will also appear in the IEEE Digital Library. Submissions are to be made to the submission web site at http://www.easychair.org/conferences/?conf=inspec09. Only pdf files will be accepted.