SafeConfig 2013: 6th Symposium on Security Analytics and Automation

(collocated with IEEE Conference on Communications and Network Security)

Washington, D.C., USA
October 14, 2013

Sponsors: IEEE (COMSOC).

Important Dates

Abstract Registration Deadline: June 25, 2013
Manuscript Submission: July 1, 2013
Review Notification: August 7, 2013
Camera Ready: August 15, 2013
Conference Dates: October 14, 2013

The new sophisticated cyber security threats demand new security 
management approaches that offer a holistic security analytics based on 
the system data including configurations, logs and network traffic. 
Security analytics must be able to handle large volumes of data in order 
to model, integrate, analyze and respond to threats at real time. The 
system configuration/policy is a key component that determines the 
security and resiliency of networked information systems and services. 
However, a typical enterprise networked environment contains thousands 
of network and security devices and millions of inter-dependent 
configuration variables (e.g., rules) that orchestrate the end-to-end 
system behavior globally. As the current technology moves toward "smart" 
cyber infrastructure and open networking platforms (e.g. OpenFlow and 
virtual computing), the need for security analytics and automation 
significantly increases. The coupled integration of network sensor data 
and configuration in a unified framework will enable intelligent 
response, automated defense, and network resiliency/agility.

This symposium offers a unique opportunity by bringing together 
researchers form academic, industry as well as government agencies to 
discuss these challenges, exchange experiences, and propose joint plans 
for promoting research and development in this area. SafeConfig 
Symposium is a one day program that will include invited talks, 
technical presentations of peer-reviewed papers, poster/demo sessions, 
and joint panels on research collaboration. SafeConfig Symposium 
solicits the submission of original unpublished ideas in 8-page long 
papers, 4-page sort papers, or 2-pages posters. Security analytics and 
automation for new emerging application domains such as clouds and data 
centers, cyber-physical systems software defined networking and Internet 
of things are of particular interest to SafeConfig community.

Topics (but are not limited to)

Science of Security Analytics and Automation:
 o  Security metrics.
 o  Abstract models and languages for configuration specification.
 o  Formal semantics of security policies.
 o  Model composition and integration.
 o  Autonomic defense and configuration.
 o  Integration of sensor information and policy configuration.
 o  Theory of defense-of-depth.
 o  Security games.
 o  Attack prediction and attribution.

Security Analytics Techniques:
 o  Techniques: formal methods, statistical, interactive visualization, 
reasoning, etc.
 o  Methodology: multi-level, multi-abstraction, hierarchical etc.
 o  Analytics under uncertainty.
 o  Security analytics using heterogeneous sensors.
 o  Automated configuration verification.
 o  Integrated network and host configuration.
 o  Configuration testing, forensics, debugging and evaluation.
 o  Analytics of attacks motive and attribution.
 o  Tools and case studies.
 o  Security analytics for wireless sensors and MANET.
 o  Security policy management.
 o  Accountability and provenance.
 o  Attack forensics and automated incident analysis.

Security Automation Techniques:
 o  Automated security hardening and optimization
 o  Security synthesis and planning.
 o  Policy/Configuration refinement and enforcement.
 o  Health-inspired security.
 o  Risk-aware and context-aware security.
 o  Cyber agility and moving target defense.
 o  Security configuration economics.
 o  Continuous monitoring.
 o  Usability issues in security management.
 o  Automated patch management.
 o  Automated attack response and alarm management.

Submission Guidelines

EDAS Paper/Abstract submission link for SafeConfig 2013 can be found at Papers must present original work and must be 
written in English. We require that the authors use the IEEE format for 
papers, using one of the IEEE Proceeding Templates. We solicit two types 
of papers, regular papers and position papers. The length of the regular 
papers in the proceedings format should not exceed 8 US letter pages 
excluding well-marked appendices. Committee members are not required to 
read the appendices, so papers must be intelligible without them. Short 
papers and posters may not exceed 4, and 2 pages, respectively. Papers 
are to be submitted electronically as a single PDF file at Authors of accepted papers must guarantee that their 
papers will be presented at the conference.

TPC Co-Chairs

James Joshi, University of Pittsburgh , USA
Ehab Al-Shaer, UNC Charlotte, USA

TPC Committee: TBD