CALL FOR PAPERS Cyber Security Analytics and Automation - SafeConfig 2014 (Collocated with ACM CCS 2014) http://www.cyberdna.uncc.edu/safeconfig/ The Scottsdale Plaza Resort, Scottsdale, Arizona, USA, November 3, 2014 IMPORTANT DATES Manuscript Submission: July 18, 2014 Review Notification: August 25, 2014 Camera Ready: September 5, 2014 Conference Dates: November 3, 2014 Ensuring correctness and integrity of system configurations and associated policies are key to proper functioning, accessibility, security, privacy and resilience of modern information systems and services. However, this is a daunting in large enterprise systems that may contain millions of physical and/or virtual components that must be properly configured and secured from unauthorized access. Furthermore, the configuration variables often have explicit or hidden interdependencies that must be understood in order to ensure proper end to end behavior. The new sophisticated cyber security threats demand new security techniques and approaches that offer proactive, intelligent and a holistic security analytics based on analyzing the system artifacts including system traces, configurations, logs, incident reports, alarms and network traffic. Scalable analytics techniques are essential to handle large volumes of data and to normalize, model, integrate, analyze and respond to threats in real time. As the current technology moves toward "smart" cyber infrastructure and open networking platforms (e.g. OpenFlow and virtual computing) and integration of large variety of sensors, the need for large-scale security analytics and automation becomes essential to enable intelligent response, automated defense, and network resilience and agility. This workshop offers a unique opportunity by bringing together researchers from academia, industry as well as government agencies to discuss the challenges listed above, to exchange experiences, and to propose joint plans for promoting research and development in this area. SafeConfig is a one day forum that includes invited talks, technical presentations of peer-reviewed papers, poster/demo sessions, and joint panels on research collaboration. SafeConfig was started in 2009 and has been continuously running since then. It provides a unique forum to explore theoretical foundations, algorithmic advances, modeling, and evaluation of configuration related challenges for large scale cyber and cyber-physical systems. This installment of SafeConfig is being run in conjunction with the CCS (Computing and Communications Security) conference, to be held Nov 3-7, 2014 in Scottsdale, Arizona. TOPICS (but are not limited to) * Big data analytics for cyber security. * Attack prediction and attribution. * Security metrics. * Formal semantics of security policies. * Model composition and integration. * Autonomic proactive defense. * Cyber Agility. * Theory of defense-of-depth. * Security games. * Security analytics under uncertainty. * Automated configuration verification. * Configuration testing, forensics, debugging and evaluation. * Automated analytics of attacks motive and attribution. * Security policy management. * Accountability and provenance. * Attack forensics and automated incident analysis. * Automated security hardening and optimization. * Security synthesis and planning. * Health-inspired security. * Risk-aware and context-aware security. * Cyber agility and moving target defense. * Security configuration economics. * Continuous monitoring. * Usability issues in security management. TPC CO-CHAIRS Ehab Al-Shaer, UNC Charlotte, USA Krishna Kant, Temple University, USA TECHNICAL PROGRAM COMMITTEE (TBA) SUBMISSION GUIDELINES Papers must present original work and must be written in English. We require that the authors use the ACM format for papers, using one of the ACM proceedings templates. Papers are to be submitted electronically as a single PDF file at www.edas.info<http://www.edas.info>. The papers can be one the following 3 types: (a) Long papers (8 pages), (b) Short papers (4 pages), and (c) posters (1-2 pages). Authors may include optional details in form of appendices if they wish but (a) the papers must be self-contained without the appendices, and (b) the committee members are not required to read the appendices. Authors of accepted papers will be asked to guarantee that their papers will be presented at the conference.