CALL FOR PAPERS Workshop on Logical Foundations of an Adaptive Security Infrastructure (WOLFASI), a sub-workshop of the Logic in Computer Science (LICS) Foundations of Computer Security (FCS'04) Workshop. LICS '04, July 12-13, 2004, Turku, Finland LICS Conference: http://www.dcs.ed.ac.uk/home/als/lics/lics04/ FCS Workshop: http://www.cs.chalmers.se/~andrei/FCS04/ WOLFASI Subworkshop: http://www.aero.org/wolfasi It was felt that the field of adaptive security is sufficiently well-defined, sufficiently important, and sufficiently of current interest to warrant a special session of its own in the framework of FCS. The Workshop on Logical Foundations of an Adaptive Security Infrastructure deals with the logical underpinnings of the following scenario: A distributed computer system operates in a semi-autonomous mode, serving as a communications network, with nodes that perform control functions pertaining to the network and to local hardware devices. During a period of critical operation, the system detects an intrusion attempt in some nodes, along with a power glitch at other nodes, and an intelligence report about an increase in a certain type of threat. This information is analyzed and various responses are executed: dealing with the perceived intrusion, rerouting network traffic around suspect nodes, adjusting the power allocation, adjusting the crptographic strength of certain message authentication functions, etc. This set of executed responses is chosen to best achieve the desired result, within the confines of the security policy, as currently re-evaluated, at the appropriate time, and with currently available resources. This scenario is more general than those that can currently be handled, but less general than the most general scenario of "adaptive security" that can be imagined. Currently many sophisticated capabilities of intrusion detection, data mining, self-reconfiguring systems, policy management etc. are being developed, but there is no agreed upon unifying logical view of the general aspects of such a system. For example, it is not known how to prove (or even specify) capabilities or deduce rigorously the appropriate responses to security-relevant inputs. We have included the term "infrastructure" in the title to indicate that we are interested in approaches to formalizations of a complete solution, not just individual pieces. Issues arising from considering how a whole infrastructure for adaptive security could be specified, designed, and verified will hopefully yield more directed research areas and questions for the various ASI components (see below.) Also the word "foundations" is meant to indicate a focus on the "big picture", issues that are fundamental to the broad general capabilities that an ASI would perhaps need. The conceptual components of a general Adaptive Security Infrastructure (ASI) are Detector, Analyzer, and Responder: the Detector senses, collects, and distributes information about the security environment; the Analyzer processes Detector data, along with other information (e.g. security policy, threat levels, or node trust levels) and occasionally proposes actions to bring about a new state; the Responder executes the actions as directed by the Analyzer. These actions could include adjusting preventive mechansisms, adjusting detector settings, adjusting internal system parameters, etc. The purpose of this workshop is to try to formalize such a system using methods of logic in order to answer questions such as: 1. How should the semantics of a dynamic security policy be specified, one that can deal with potential future security questions and facilitate proof that a candidate response is in fact consistent with current policy? 2. How should we take into account the global-local (or distributed-centralized or hierarchical) nature of all components of an ASI? 3. How should we specify the "security-relevant resources" available so that at any time the analyzer can choose an appropriate response (for example, viewed as an algorithm written in the system's atomic resources, with their current capabilities?) 4. How should we unify the temporal-spatial reasoning aspects? 5. What are the decidability or complexity issues in such a system? 6. What is the role of "approximate security"? Most verification tasks are so hard that only approximate security seems feasible. 7. What is the role of computational Game theory? Many security protocols can be viewed as a game played by many participants, in which properties of equilibria are essential. How should such properties be specified and verified? IMPORTANT DATES: Submission deadline: April 2, 2004 Notification of acceptance: May 19, 2004 Final papers: June 7, 2004 Workshop: July 12-13, 2004 Send submissions to marcus@aero.org. Use the same submission guidelines as those for FCS04. Leo Marcus, Chair WOLFASI The Aerospace Corporation Andrei Sabelfeld, Chair FCS04 Chalmers University of Technology and Grit Denker, SRI David Evans, U. of Virginia Wei Fan, IBM Elena Ferrari, Insubria Christopher Geib, Honeywell Joe Halpern, Cornell Sushil Jajodia, George Mason Alan Jeffrey, De Paul Angelos Keromytis, Columbia Wenke Lee, Georgia Tech Janos Makowsky, Technion Tal Malkin, Columbia Fabio Massacci, Trento John McLean, Naval Research Laboratory Stephan Merz, LORIA Jonathan Millen, SRI Carlo Montangero, Pisa Alan Mycroft, Cambridge Dusko Pavlovic, Kestrel Paolo Perlasca, Milan S. Raj Rajagopalan, Telecordia Peter Reiher, UCLA Michel de Rougemont, LRI Vitaly Shmatikov, SRI Alexander Shnitko, Novosibirsk Luca Vigano`, ETH Ron Watro, BBN Duminda Wijesekera, George Mason