Cyber Security Analytics and Automation - SafeConfig 2014 
(Collocated with ACM CCS 2014)

The Scottsdale Plaza Resort, Scottsdale, Arizona, USA,
November 3, 2014


Manuscript Submission: July 18, 2014
Review Notification: August 25, 2014
Camera Ready: September 5, 2014
Conference Dates: November 3, 2014

Ensuring correctness and integrity of system configurations and
associated policies are key to proper functioning, accessibility,
security, privacy and resilience of modern information systems and
services. However, this is a daunting in large enterprise systems that
may contain millions of physical and/or virtual components that must
be properly configured and secured from unauthorized
access. Furthermore, the configuration variables often have explicit
or hidden interdependencies that must be understood in order to ensure
proper end to end behavior.

The new sophisticated cyber security threats demand new security
techniques and approaches that offer proactive, intelligent and a
holistic security analytics based on analyzing the system artifacts
including system traces, configurations, logs, incident reports,
alarms and network traffic. Scalable analytics techniques are
essential to handle large volumes of data and to normalize, model,
integrate, analyze and respond to threats in real time. As the current
technology moves toward "smart" cyber infrastructure and open
networking platforms (e.g. OpenFlow and virtual computing) and
integration of large variety of sensors, the need for large-scale
security analytics and automation becomes essential to enable
intelligent response, automated defense, and network resilience and

This workshop offers a unique opportunity by bringing together
researchers from academia, industry as well as government agencies to
discuss the challenges listed above, to exchange experiences, and to
propose joint plans for promoting research and development in this
area. SafeConfig is a one day forum that includes invited talks,
technical presentations of peer-reviewed papers, poster/demo sessions,
and joint panels on research collaboration. SafeConfig was started in
2009 and has been continuously running since then. It provides a
unique forum to explore theoretical foundations, algorithmic advances,
modeling, and evaluation of configuration related challenges for large
scale cyber and cyber-physical systems. This installment of SafeConfig
is being run in conjunction with the CCS (Computing and Communications
Security) conference, to be held Nov 3-7, 2014 in Scottsdale, Arizona.

TOPICS (but are not limited to)

* Big data analytics for cyber security.
* Attack prediction and attribution.
* Security metrics.
* Formal semantics of security policies.
* Model composition and integration.
* Autonomic proactive defense.
* Cyber Agility.
* Theory of defense-of-depth.
* Security games.
* Security analytics under uncertainty.
* Automated configuration verification.
* Configuration testing, forensics, debugging and evaluation.
* Automated analytics of attacks motive and attribution.
* Security policy management.
* Accountability and provenance.
* Attack forensics and automated incident analysis.
* Automated security hardening and optimization.
* Security synthesis and planning.
* Health-inspired security.
* Risk-aware and context-aware security.
* Cyber agility and moving target defense.
* Security configuration economics.
* Continuous monitoring.
* Usability issues in security management.


Ehab Al-Shaer, UNC Charlotte, USA
Krishna Kant, Temple University, USA



Papers must present original work and must be written in English. We
require that the authors use the ACM format for papers, using one of
the ACM proceedings templates. Papers are to be submitted
electronically as a single PDF file at<>. The papers can be one the
following 3 types: (a) Long papers (8 pages), (b) Short papers (4
pages), and (c) posters (1-2 pages).  Authors may include optional
details in form of appendices if they wish but (a) the papers must be
self-contained without the appendices, and (b) the committee members
are not required to read the appendices. Authors of accepted papers
will be asked to guarantee that their papers will be presented at the