Call for Papers

                              InSPEC 2009
2nd International Workshop on Security and Privacy in Enterprise Computing 
   in conjunction with the 13th IEEE International EDOC Conference 2009
            Auckland, New Zealand, 31 August - 4 September 2009

In recent years several technologies have emerged for enterprise computing.
Workflows are now widely adopted by industry and distributed workflows have
been a topic of research for many years.  Today, services are becoming the 
new building blocks of enterprise systems and service-oriented 
architectures are combining them in a flexible and novel way.  In addition,
with wide adoption of e-commerce, business analytics that exploits 
multiple, heterogeneous data sources have become an important field. 
Ubiquitous computing technologies, such as RFID or sensor networks change 
the way business systems interact with their physical environment, such as 
goods in a supply chain or machines on the shop floor. All these 
technological trends are accompanied also by new business trends due to 
globalization that involve innovative forms of collaborations such as 
virtual organizations. Further, the increased speed of business requires IT
systems to become more flexible and highly dynamic.

All of these trends bring with them new challenges to the security and 
privacy of enterprise computing. We are increasingly relying on IT systems 
for our daily business including essential utilities such as water and 
power. The traditional forms of computer security need to be enhanced to 
address the distributed nature and multiple administrative domains of 
conducting business. For example, algorithms for incorporating the new 
business practices need to be identified for access control. Similarly, 
data confidentiality cannot be provided on the network layer alone anymore,
it needs to be built into applications and processes that span across 
various domains. The enhanced data sharing calls for innovative algorithms 
and protocols that respect the users’ security needs. Novel cryptographic 
techniques need to be developed and established ones evaluated for 
industrial adoption. In addition to the security measures, this new 
generation of distributed systems requires techniques for ensuring 
compliance with regulations on governance and privacy of data, including 
those asserted by government and regulatory agencies.

New concepts for solving these challenges require the combination of many
disciplines from computer science and information systems, such as
cryptography, networking, distributed systems, process modeling and design, 
access control, privacy etc.  It is the goal of this workshop to provide a 
forum for exchange of novel research in these areas among the experts from
academia and industry. Completed work as well as research in progress is 
welcome, as we want to foster the exchange of novel ideas and approaches. 

Topics of interest include but are not limited to:

* Security and privacy in workflow systems
  o Access and usage control architectures
  o Modeling of security and privacy constraints
  o Automatic security augmentation
  o Information flow properties
* Security and privacy in service-oriented architectures
  o Secure composition of services
  o Semantic aware security
  o Security services
* Security analysis of business systems
  o Threat and vulnerability analysis
  o Modeling of and reasoning about distributed security policies
  o Forensic analysis
  o Multi-layers audits
  o Risk analysis
* Identity Management
  o Security and privacy
  o Applications to compliance
  o Effective use in business IT systems
* Data sharing
  o Cryptographic protection during data sharing
  o Privacy-preserving distributed applications
  o Efficient multi-party computations
  o Privacy and data sharing policies
* Security and privacy in management information systems
  o Novel secure applications
  o Secure and private data analytics
  o Flexible and seamless security architectures
* Collaborations
  o Secure and private supply chains
  o Security and privacy in virtual organizations
  o Private social network and Web 2.0 applications
  o Security and privacy in outsourcing

Workshop Chairs

Rafael Accorsi (University of Freiburg, Germany)
Ernesto Damiani (University of Milan, Italy)
Frank Innerhofer-Oberperfler (University of Innsbruck, Austria)
Florian Kerschbaum (SAP Research, Germany)

Program Committee

Ruth Breu (University of Innsbruck, Austria)
Marco Casassa-Mont (HP Research Labs Bristol, UK)
Octavian Catrina (International University, Germany)
David Chadwick (University of Kent, UK)
Wenliang Du (Syracuse University, USA)
Isao Echizen (NII, Japan)
Keith Frikken (University of Miami, Ohio, USA)
Dieter Hutter (DFKI, Germany)
Jörn Müller-Quade (University of Karlsruhe, Germany)
Alexander Pretschner (University of Kaiserslautern, Germany)
Seth Proctor (Sun Microsystems Labs, USA)
Roland Rieke (Fraunhofer IESE, Germany)
Riccardo Scandariato (KU Leuven, Belgium)
Andreas Schaad (SAP Research, Germany)
Anoop Singhal (NIST, USA)
Ketil Stolen (SINTEF, Norway)
Duminda Wijesekera (George Mason University, USA)
Jon Whittle (Lancaster University, UK) 

Important Dates

Paper submission deadline: 31 May 2009
Paper acceptance notification: 12 July 2009
Camera ready of papers: 24 July 2009

Submission Instructions

Authors are invited to submit previously unpublished, high-quality papers. 
Submitted papers must be unpublished and must not be currently under review
for any other publication. Submissions can be either short papers of at 
most 4 pages length or full papers of at most 8 pages length.  All papers 
should be formatted in IEEE Computer Society format and include the 
author's name, affiliation and contact details. Guidelines and templates 
for the IEEE format are available at the IEEE Computer Society site
( At least 
one author of every accepted paper MUST register for the Workshop and 
present the paper. The workshop proceedings will be published on the 
conference CD-ROM. Previous years’ workshop proceedings have appeared in 
the IEEE Digital Library and it is expected (but yet to be confirmed) that 
all accepted papers of this year will also appear in the IEEE Digital 
Library.  Submissions are to be made to the submission web site at Only pdf files will 
be accepted.