SECOVAL 2007 - The 3RD Annual Workshop on the Value of Security through Collaboration (SECOVAL '07)
|Event Date/Time: Sep 17, 2007||End Date/Time: Sep 21, 2007|
The 3RD Annual Workshop on the Value of Security through Collaboration
in cooperation with IEEE/CREATE-NET SECURECOMM '07
Nice, France, Sep. 17 - Sep. 21, 2007
Aims and scope of SECOVAL:
Security is usually centrally managed, for example in the form of policies duly executed by individual nodes. The SECOVAL workshop covers the alternative trend of using collaboration and trust to provide security. Instead of centrally managed security policies, nodes may use specific knowledge (both local and acquired from other nodes) to make security-related decisions. For example, in reputation-based schemes, the reputation of a given node (and hence its security access rights) can be determined based on the recommendations of peer nodes. As systems are being deployed on ever-greater scale without direct connection to their distant home base, the need for self-management is rapidly increasing. Interaction after interaction, as the nodes collaborate, there is the emergence of a digital ecosystem. By guiding the local decisions of the nodes, for example, with whom the nodes collaborate, global properties of the ecosystem where the nodes operate may be guaranteed. Thus, the security property of the ecosystem may be driven by self-organizing mechanisms. Depending on which local collaboration is preferred, a more trustworthy ecosystem may emerge.
This year SECOVAL is focusing upon a special research subtopic within the scope of collaborative security, namely, Privacy and Data Sanitization. Any useful collaboration is at some point sharing data. Unfortunately, data sharing is one of the greatest hurdles getting in the way of otherwise beneficial collaborations. Data regarding one's security stance is particularly sensitive, often indicating ones own security weaknesses. This data could include computer or network logs of security incidents, architecture documents, or sensitive organizational information. Even when the data may not compromise the data owner's security stance, sharing may violate a customer's privacy. Data sanitization techniques such as anonymization and other mechanisms such as privacy-preserving data mining and statistical data mining try to address this tension between the need to share information and protect sensitive information and user privacy.
Topics of interest to the workshop include, but are not limited to:
* Legal aspects of privacy and anonymization
* Economic issues of privacy enhancing tech
* Data sanitizing and privacy enhancing tools
* Data sharing and anonymization case studies
* Real-time anonymization issues
* Anonymization policy creation & negotiation
* Data sharing & sanitizing best practices
* Anonymity in Peer-to-Peer networks
* Classification of attacks against anonymization
* Metrics of utility, anonymization strength and information loss
* Anonymization / privacy-preserving algorithms
* Data injection and inference attacks
* Identification of sensitive fields and data
* Privacy-preserving Data Mining
* Statistical databases and protection of sensitive information
* Data mining multiple anonymized data sources
* Consistent pseudonym mappings in multi-party anonymization
* Identification of data sources and types useful to share for collaborative computer security
* Insights from industry and case studies
* Usability issues of current anonymization tools
We welcome submissions from industry and are contemplating a special industry track. Whether we dedicate an entire track to this depends upon responses in this area, of course.
Submission guidelines are posted on the SECOVAL 2007 website (http://www.trustcomp.org/secoval/), which always contains the latest updates:
Authors are invited to submit papers formatted according to IEEE conference style 2-column (from a 2-page extended abstract to 10 pages limit). Paper submissions should be sent via the online management system available at http://www.trustcomp.org/secoval/. Submissions will be accepted until 23:59 GMT, May 18, 2007.
May 31, 2007: Expression of interest to participate to the workshop and submit a paper.
June 3, 2007: Paper submissions (until 23:59 GMT).
June 24, 2007: Author notification.
July 22, 2007: Camera-ready copy according to IEEE conference style 2-column proceedings.
Sep. 17 - Sep. 21, 2007: SECURECOMM in Nice, France
For more information please visit: http://www.trustcomp.org/secoval/ or send an email to firstname.lastname@example.org.