Workshop on Logical Foundations of an Adaptive Security Infrastructure
(WOLFASI), a sub-workshop of the Logic in Computer Science (LICS)
Foundations of Computer Security (FCS'04) Workshop.

LICS '04, July 12-13, 2004, Turku, Finland

LICS Conference:
FCS Workshop:
WOLFASI Subworkshop:

It was felt that the field of adaptive security is sufficiently
well-defined, sufficiently important, and sufficiently of current
interest to warrant a special session of its own in the framework of
FCS.  The Workshop on Logical Foundations of an Adaptive Security
Infrastructure deals with the logical underpinnings of the following

A distributed computer system operates in a semi-autonomous mode,
serving as a communications network, with nodes that perform control
functions pertaining to the network and to local hardware devices.
During a period of critical operation, the system detects an intrusion
attempt in some nodes, along with a power glitch at other nodes, and
an intelligence report about an increase in a certain type of
threat. This information is analyzed and various responses are
executed: dealing with the perceived intrusion, rerouting network
traffic around suspect nodes, adjusting the power allocation,
adjusting the crptographic strength of certain message authentication
functions, etc. This set of executed responses is chosen to best
achieve the desired result, within the confines of the security
policy, as currently re-evaluated, at the appropriate time, and with
currently available resources.

This scenario is more general than those that can currently be
handled, but less general than the most general scenario of "adaptive
security" that can be imagined. Currently many sophisticated
capabilities of intrusion detection, data mining, self-reconfiguring
systems, policy management etc. are being developed, but there is no
agreed upon unifying logical view of the general aspects of such a
system.  For example, it is not known how to prove (or even specify)
capabilities or deduce rigorously the appropriate responses to
security-relevant inputs.

We have included the term "infrastructure" in the title to indicate
that we are interested in approaches to formalizations of a complete
solution, not just individual pieces.  Issues arising from considering
how a whole infrastructure for adaptive security could be specified,
designed, and verified will hopefully yield more directed research
areas and questions for the various ASI components (see below.)

Also the word "foundations" is meant to indicate a focus on the "big
picture", issues that are fundamental to the broad general
capabilities that an ASI would perhaps need.

The conceptual components of a general Adaptive Security
Infrastructure (ASI) are Detector, Analyzer, and Responder:

the Detector senses, collects, and distributes information
about the security environment;

the Analyzer processes Detector data, along with other information
(e.g. security policy, threat levels, or node trust levels) and
occasionally proposes actions to bring about a new state;

the Responder executes the actions as directed by the Analyzer.  These
actions could include adjusting preventive mechansisms, adjusting
detector settings, adjusting internal system parameters, etc.

The purpose of this workshop is to try to formalize such a system
using methods of logic in order to answer questions such as:

1. How should the semantics of a dynamic security policy be specified,
one that can deal with potential future security questions and
facilitate proof that a candidate response is in fact consistent with
current policy?

2. How should we take into account the global-local (or
distributed-centralized or hierarchical) nature of all components of
an ASI?

3. How should we specify the "security-relevant resources" available so that
at any time the analyzer can choose an appropriate response (for
example, viewed as an algorithm written in the system's atomic
resources, with their current capabilities?)

4. How should we  unify the temporal-spatial reasoning aspects?

5. What are the decidability or complexity issues in such a system?

6. What is the role of "approximate security"?  Most verification
tasks are so hard that only approximate security seems feasible.

7. What is the role of computational Game theory? Many security
protocols can be viewed as a game played by many participants, in
which properties of equilibria are essential. How should such
properties be specified and verified?


Submission deadline: 	April 2, 2004
Notification of acceptance: 	May 19, 2004
Final papers: 	June 7, 2004
Workshop: 	July 12-13, 2004

Send submissions to
Use the same submission guidelines as those for FCS04.

Leo Marcus, Chair  WOLFASI
The Aerospace Corporation

Andrei Sabelfeld, Chair FCS04
Chalmers University of Technology and Grit Denker, SRI

David Evans, U. of Virginia

Wei Fan, IBM

Elena Ferrari, Insubria

Christopher Geib, Honeywell

Joe Halpern, Cornell

Sushil Jajodia, George Mason

Alan Jeffrey, De Paul

Angelos Keromytis, Columbia

Wenke Lee, Georgia Tech

Janos Makowsky, Technion

Tal Malkin, Columbia

Fabio Massacci, Trento

John McLean, Naval Research Laboratory

Stephan Merz, LORIA

Jonathan Millen, SRI

Carlo Montangero, Pisa

Alan Mycroft, Cambridge

Dusko Pavlovic, Kestrel

Paolo Perlasca, Milan

S. Raj Rajagopalan, Telecordia

Peter Reiher, UCLA

Michel de Rougemont, LRI

Vitaly Shmatikov, SRI

Alexander Shnitko, Novosibirsk

Luca Vigano`, ETH

Ron Watro, BBN

Duminda Wijesekera, George Mason