First CFP: IEEE SECURECOMM SECOVAL'06, IEEE Xplore and JoATC
proceedings, 

2nd Workshop on the Value of Security through Collaboration

CALL FOR PAPERS - SECOVAL 2006 - The Value of Security through Collaboration

in cooperation with IEEE/CREATE-NET SECURECOMM'06, http://www.securecomm.org.

As last year, all accepted papers will appear on the SECURECOMM CDs
and in IEEE Xplore.

Then, the best contributions will be revised and extended for
publication in a special issue of the Journal of Autonomic and Trusted
Computing published by American Scientific Publishers.

It is recommended to send an email confirming your expression of
interest to participate to the workshop and submit a paper by April
15, 2006 to secoval@trustcomp.org.

Aug. 28 - Sep. 1, 2006, Baltimore, MD, USA

Aims and scope of the SECOVAL Workshop:

Security is usually centrally managed, for example in a form of
policies duly executed by individual nodes. The SECOVAL workshop
covers the alternative trend of using collaboration and trust to
provide security.

Instead of centrally managed security policies, nodes may use specific
knowledge (both local and acquired from other nodes) to make
security-related decisions.  For example, in reputation-based schemes,
the reputation of a given node (and hence its security access rights)
can be determined based on the recommendations of peer nodes.

As systems are being deployed on ever-greater scale without direct
connection to their distant home base, the need for self-management is
rapidly increasing. Interaction after interaction, as the nodes
collaborate, there is the emergence of a digital ecosystem.

By guiding the local decisions of the nodes, for example, with whom
the nodes collaborate, global properties of the ecosystem where the
nodes operate may be guaranteed. Thus, the security property of the
ecosystem may be driven by self-organising mechanisms. Depending on
which local collaboration is preferred, a more trustworthy ecosystem
may emerge.

The research addressed by the workshop can be roughly divided into
three main areas, each answering the related research
questions. Contributions should address at least one of these
areas. It is expected that the workshop will address all of them.

1. It is necessary to define the reasoning behind current trends in
security through collaboration. Does such security solve security
issues that cannot be tackled by traditional security solutions? What
is the added value of security through collaboration?

In the same line of thought, we should investigate the value of trust
as a foundation of security. Specifically, changes to the nature of
the security perimeter and possible pervasiveness of trust-based
security through collaboration require investigation regarding
scalability of such solutions in a world, as envisioned by Weiser,
where billions of computing entities are woven into the
fabrics. Further, we should address the dynamics of such security that
makes it possible to draw from trusted entities (both human and
computers) and extend trust towards strangers, possibly through the
self-learning of individual nodes.

2. The second set of contributions is expected to address the
different approaches to and models of security through
collaboration. Models of security and trust used for security through
collaboration should take into account several aspects of trust
evaluation, including trust collection of evidence, the underlying
trust methodology and model, the decision making process and the
learning process. Reputation schemes have been already mentioned as
one example, but there are several other possible collaboration
models, rewarding for example individual experience or centrally
managed evidence.

Further, models may consist of collaboration supervised by
administrators or users or collaboration that is fully automated,
where the computing entities collaborate without human intervention
and make security decisions on behalf of their owners. Self-organising
and self-management mechanisms seem to be important for the emergence
of a more trustworthy ecosystem of collaborating nodes.

3. Security through collaboration brings its own unique set of
problems and risks. For example, privacy can be impacted by different
aspects of collaboration, as more information about individuals may
lead to better trust estimates. This inevitable breach of privacy may
affect not only individuals but may also propagate through the network
of relationships. Further, collaboration invites new types of attacks
that require new threat analysis. A well-known example of the
vulnerabilities introduced by implicit trust relations is the Internet
Worm that penetrated 5% of the Internet in 1988: once logged into one
machine, remote login into another machine part of the trust relations
did not require another login/password check. Of course, many possible
types of attack on different trust metrics exist, including identity
usurpation attacks and identity multiplicity attacks such as
Douceur's Sybil attack.  Further, certain network topologies can be
more vulnerable to specific forms of attacks and certain network nodes
(e.g. most trusted ones) can be more likely to be attacked, which
raises questions regarding additional protection such nodes may
require.

Topics of interest to the workshop include, but are not limited to:

*	Approaches to security through collaboration

*	Specificities of security through collaboration

*	Trust methodologies, models and metrics

*	Interoperability and standardization of trust metrics

*	Value and meaning of trust

*	Trust-based security decision process

*	Security based on reputation and recommendations

*	Self-organisation mechanisms for a more secure digital ecosystem

*	The role of emergence in dynamic trust models

*	Collaborative autonomic computing

*	Value and models of networks of collaborators and information sharing

*	Threat and risk analysis of security through collaboration

*	Attacks due to collaboration and mitigation of these attacks

*	Technical trust of the underlying infrastructure used for deployment

*	Costs and benefits of trust and collaboration based security compared to other models

*	Privacy and legal aspects of security through collaboration


Submission guidelines are posted on the SECOVAL 2006 website
(http://www.trustcomp.org/secoval/), which always contains the latest
updates:

Authors are invited to submit papers formatted according to IEEE
conference style 2-column (from a 2-page extended abstract to 10 pages
limit).  Paper submissions should be sent via the online management
system available at http://www.trustcomp.org/secoval/.  Submissions
will be accepted until 23.59 PM GMT, May 1, 2006.

For more information please visit: http://www.trustcomp.org/secoval/
or send an email to secoval@trustcomp.org.

IMPORTANT DUE DATES

April 15, 2006: Expression of interest to participate to the workshop
and submit a paper.

May 1, 2006: Paper submissions (until 23:59 PM GMT)

May 23, 2006: Author notification

June 20, 2006: Camera-ready copy according to IEEE conference style
2-column proceedings

Aug. 28 - Sep. 1, 2006: SECURECOMM in Baltimore, MD, USA

End of 2006: Preparation of the Journal special issue

Workshop Co-chairs:

Brajendra Panda, University of Arkansas, USA.
Richard Anthony, University of Greenwich, UK.
Stephen Marsh, National Research Council of Canada.
Jean-Marc Seigneur, University of Geneva, Switzerland.


Program Committee:

Brajendra Panda, University of Arkansas, USA.
Richard Anthony, University of Greenwich, UK.
Stephen Marsh, National Research Council of Canada.
Jean-Marc Seigneur, University of Geneva, Switzerland.
Giannis F. Marias, University of Athens, Greece.
Laurence T. Yang, St. Francis Xavier University, Canada.
Stefan Weber, Trinity College Dublin, Ireland.
Zoran Despotovic, DoCoMo Communications Laboratories Europe.
Katri Sarkio, Helsinki Institute for Information Technology, Finland.
Christian Damsgaard Jensen, Technical University of Denmark.
Jianhua Ma, Hosei University, Japan.
Filippo Ulivieri, Institute of Cognitive Sciences and Technologies, Italy.
Karl Quinn, Trinity College Dublin, Ireland.
Michael R. Lyu, The Chinese University of Hong Kong, China.
Sini Ruohomaa, University of Helsinki, Finland.
Joerg Abendroth, Siemens, Germany.
Daniele Quercia, University College London, UK.
Lea Kutvonen, University of Helsinki, Finland.
Tom De Wolf, KULeuven, Belgium.
Adam Slagell, NCSA, University of Illinois at Urbana-Champaign, USA.
Noria Foukia, University of Otago, New Zealand.
Licia Capra, University College London, UK.
Victor S. Grishchenko, Ural State University, Russia.
Konrad Wrona, SAP Research, France.
Ayman Kayssi, University of Beirut, Lebanon.
Lik Mui, Google Inc., USA.
Philip Robinson, University of Karlsruhe, Germany.
Magdy Saeb, Arab Academy for Science, Egypt.
Jennifer Golbeck, University of Maryland, USA.
Lalana Kagal, Massachusetts Institute of Technology, USA.
Marianne Winslett, University of Illinois at Urbana-Champaign, USA.
Paolo Massa, University of Trento, Italy.