CFP: The Value of Security through Collaboration


CALL FOR PAPERS - SECOVAL 2005 - The Value of Security through Collaboration

in cooperation with SECURECOMM'05 (the International Conference on Security
and Privacy for Emerging Areas in Communication Networks). The best
contributions will be considered for publication in a Journal special issue.
It is recommended to send an email confirming your expression of interest to
participate to the workshop by April 11, 2005 to secoval@trustcomp.org.

August/September, 2005, Athens, Greece

Aims and scope of the SECOVAL Workshop:

Security is usually centrally managed, for example in a form of policies
duly executed by individual nodes. This workshop will cover the alternative
trend of using collaboration to provide security. Instead of centrally
managed security policies, nodes may use specific knowledge (both local and
acquired from other nodes) to make security-related decisions. For example,
in reputation-based schemes, the reputation of a given node (and hence its
security access rights) can be determined based on the recommendations of
peer nodes.

The research addressed by the workshop can be roughly divided into three
main areas, each answering the individual research questions. Contributions
should address at least one of these areas. It is expected that the workshop
will address all of them.

1. It is necessary to define the reasoning behind current trends in security
through collaboration. Does such security solve security issues that cannot
be tackled by traditional security solutions? What is the added value of
security through collaboration? In the same line of thought, we should
investigate the value of trust as a foundation of security. Specifically,
changes to the nature of the security perimeter and possible pervasiveness
of trust-based security through collaboration require investigation
regarding scalability of such solutions in a world, as envisioned by Weiser,
where billions of computing entities are woven into the fabrics. Further, we
should address the dynamics of such security that makes it possible to draw
from trusted entities (both human and computers) and extend trust towards
strangers, possibly through the self-learning of individual nodes.

2. The second set of contributions is expected to address the different
approaches and models to security through collaboration. Models of security
and trust used for security through collaboration should take into account
several aspects of trust evaluation, including collection of evidence, the
underlying model, the decision making process and the learning process.
Reputation schemes have been already mentioned as one example, but there are
several other possible collaboration models, rewarding for example
individual experience or centrally managed evidence. Further, models may
consist of collaboration supervised by administrators or users or
collaboration that is fully automated, where the computing entities
collaborate without human intervention and make security decisions on behalf
of their owners.

3. Security through collaboration brings its own unique set of problems and
risks. For example, privacy can be impacted by different aspects of
collaboration, as more information about individuals may lead to better
trust estimates. This inevitable breach of privacy may affect not only
individuals but may also propagate through the network of relationships.
Further, collaboration invites new types of attacks that require new threat
analysis. A well-known example of the vulnerabilities introduced by implicit
trust relations is the Internet Worm that penetrated 5% of the Internet in
1988: once logged into one machine, remote login into another machine part
of the trust relations did not require another login/password check. Of
course, there exist many possible attacks on different trust metrics,
including identity usurpation attacks and identity multiplicity attacks such
as Douceurs Sybil attack. Further, certain network topologies can be more
vulnerable to specific forms of attacks and certain network nodes (for
example, the most trusted ones) can be more likely to be attacked, which
raises questions regarding additional protection such nodes may require.

Topics of interest to the workshop include, but are not limited to:
    *      Approaches to security through collaboration
    *      Specificities of security through collaboration
    *      Trust models and metrics
    *      Standardisation of trust metrics
    *      Value and meaning of trust
    *      Trust-based security decision process
    *      Value and models of networks of collaborators
    *      Threat and risk analysis of security through collaboration
    *      Attacks due to collaboration and mitigation of these attacks
    *      Technical trust of the underlying infrastructure used for
deployment
    *      Costs and benefits of trust and collaboration based security
compared to other models
    *      Privacy and legal aspects of security through collaboration 

Submission guidelines are posted on the SECOVAL 2005 website
(http://www.secoval.org/), which always contains the latest updates:
Authors are invited to submit papers formatted according to IEEE conference
style 2-column (from a 2-page extended abstract to 10 pages limit). 
Paper submissions should be sent (as an attached PDF file) to:
secoval2005@trustcomp.org
The body of the email should include the title of the paper, the author(s)
name(s) and affiliation(s), and the address (including e-mail, telephone,
and fax) to which correspondence should be sent.
Submissions will be accepted until 23.59 PM GMT, April 22, 2005.

The best contributions will be considered for publication in a Journal
special issue.

For more information please visit: http://www.secoval.org or send an email
to secoval@trustcomp.org.

IMPORTANT DUE DATES

April 11, 2005: Recommended to send an email confirming your expression of
interest to participate to the workshop
April 22, 2005: Paper submissions (until 23:59 PM GMT)
May 23, 2005: Author notification
June 15, 2005: Camera-ready copy according to IEEE conference style 2-column
proceedings
September 5-9, 2005: SECURECOMM in Athens
End of 2005: Preparation of the Journal special issue

Conference Venue: Athens!

Workshop Co-chairs:

Jean-Marc Seigneur, Trinity College Dublin, Ireland

Piotr Cofta, Media Lab Europe, Ireland

Stephen Marsh, National Research Council, Canada

Program Committee:

Ciarán Bryce, University of Geneva, Switzerland

Joerg Abendroth, Siemens, Germany

Tobias Mahler, Norwegian Research Center for Computers and Law, Norway

Damien Weldon, Loan Performance, USA

Michael Kinateder, University of Stuttgart, Germany

Farez Rahman, University College London, United Kingdom

Roy Campbell, University of Illinois at Urbana-Champaign, USA

Zoran Despotovic, Ecole Polytechnique Federale de Lausanne, Switzerland

Kostas Anagnostakis, University of Pennsylvania, USA

Christian Damsgaard Jensen, Technical University, Denmark

Marianne Winslett, University of Illinois at Urbana-Champaign, USA

Lik Mui, Massachusetts Institute of Technology, USA

Michael Lyu, The Chinese University of Hong Kong, China

Marco Carbone, Queen Mary University of London, United Kingdom

Jennifer Golbeck, University of Maryland, USA

Léon Benjamin, ecademy, United Kingdom

Magdy Saeb, Arab Academy for Science, Egypt

Anthony Meehan, Open University, United Kingdom

Tang Wen, Siemens, China

Seamus Moloney, Nokia, Finland

Leszek Lilien, Purdue University, USA