IEEE 2014 SECOND INTERNATIONAL WORKSHOP ON CLOUD SECURITY AUDITING (CSAW 2014) http://www.csaworkshop.org One day between June 27 and July 2, 2014, at Hilton Anchorage, Alaska, USA in conjunction with IEEE SERVICES 2014 http://www.servicescongress.org/2014/ DESCRIPTION Building on the success of the first workshop and its alignment within the IEEE World Congress on Services, the Cloud Security Auditing Workshop provides a unique setting for the exchange of research and development practices for the detection, prevention, mitigation, and reporting of security attacks in the cloud. The concepts surrounding security auditing cover issues related to cloud architectures, tenant services and resources, service interactions, privacy, and standards, where meta-information must be captured, shared, and monitored across the cloud. The workshop solicits original papers on increasing cloud resiliency and trustworthiness through security auditing as applied to various cloud models, layers, services, resources, and application domains. Though not limited to these topics, contributions can address issues such as cloud mashing, technologies for capturing security relevant events, service level agreements, session management, languages and protocols, real-time analysis, streaming and manipulation of big cloud data, and information assurance standards application. The workshop also welcomes survey papers and practitioner experiences. LIST OF TOPICS Cloud mashing security issues Languages and protocols for specifying, composing, analyzing, and sharing security-relevant, distributed logs of audit data from a cloud-wide perspective Cloud security, threat modeling, and analysis, including centralized/distributed attack detection and prediction/prevention algorithms Automated tools for capturing, integrating, and analyzing cloud audit data Algorithms and protocols for audit data stream delivery, manipulation, and analysis for big cloud audit data Access control and information flow control models for disclosure and modification of sensitive cloud audit data Methods for expressing and representing the cloud infrastructure and configuration to influence logging and monitoring processes Information assurance (authenticity, integrity, confidentiality and availability) of cloud audit data, including security and privacy policies and compliance with security controls such as NIST sp800-53 and Cloud Security Alliance guidance 3.0 Service-level agreements that formalize and guarantee logging and analysis capabilities Session management, tracking, and alerting of vulnerabilities and threats IMPORTANT DATES (Workshop chairs can grant extension to individuals provided that the hard deadline for the camera-ready version is respected.) Full Paper Submission Due Date: March 29, 2014 Decision Notification (Electronic): April 12, 2014 Camera-Ready Copy Due Date & Pre-registration Due: May 1, 2014 Please check the workshop website at www.csaworkshop.org for any changes to deadlines, submission information, and for the final program. SUBMISSION GUIDELINES Authors are invited to submit full papers (about 8 pages) or short papers (about 4 pages) as per IEEE 8.5 x 11 manuscript guidelines (download Word templates or LaTeX templates ). The submitted papers can only be in the format of PDF or WORD. Please follow the IEEE Computer Society Press Proceedings Author Guidelines to prepare your papers. At least one author of each accepted paper is required to attend the workshop and present the paper. All papers must be submitted via the confhub submission system for the CSA workshop (TBD). First time users need to register with the system first (see these instructions for details). All the accepted papers by the workshops will be included in the Proceedings of the IEEE 10th World Congress on Services (SERVICES 2014) which will be published by IEEE Computer Society. WORKSHOP CHAIRS Rose Gamble, General Chair, University of Tulsa, gamble AT utulsa.edu Indrakshi Ray, Program Co-Chair, Colorado State University, iray AT cs.colostate.edu Keesook J. Han, Program Co-Chair, Air Force Research Laboratory, keesook.han AT rl.af.mil PROGRAM COMMITTEE Norman Ahmed, Air Force Research Laboratory, Rome, NY, USA Yu Chen, Binghamton University, USA Nora Cuppens, Telecom Bretagne, France Matthew Hale, University of Tulsa, USA Ravi Jhawar, Università degli Studi di Milano, Italy Ravi Kaliappa, City University of New York, USA Murat Kantarcioglu: University of Texas at Dallas, USA Mauricio Papa, University of Tulsa, USA Atul Prakash, University of Michigan, USA Indrajit Ray, Colorado State University, USA Shouhuai Xu, University of Texas at San Antonio, USA