Call for Papers: CPSRT 2010 - Deadlines Extended!

Call for Papers: CPSRT 2010 - Deadlines Extended!

Call for Papers: CPSRT 2010 - Deadlines Extended!

Posted:

InfoSec News: Call for Papers: CPSRT 2010 - Deadlines Extended!: Forwarded from: George Yee <gmyee (at) sce.carleton.ca>
DEADLINES EXTENDED!!
CALL FOR PAPERS (For HTML version, please visit http://CPSRT.cloudcom.org/)
INTERNATIONAL WORKSHOP ON CLOUD PRIVACY, SECURITY, RISK & TRUST (CPSRT 2010)
In conjunction with 2nd IEEE International Conference on Cloud Computing Technology and Science (CloudCom 2010), November 30 - December 3, 2010 Indiana University, USA, http://2010.cloudcom.org/
IMPORTANT DATES - EXTENDED!
Submission deadline: 15 August 2010 Author notification: 15 September 2010 Camera-ready manuscript: 1 October 2010 Author registration: 1 October 2010 Workshop date: 30 November 2010
WORKSHOP CHAIRS
Latifur Khan University of Texas at Dallas, USA email: lkhan (at) utdallas.edu
Siani Pearson Hewlett-Packard Laboratories, Bristol, UK e-mail: Siani.Pearson (at) hp.com
George Yee Carleton University, Canada e-mail: gmyee (at) sce.carleton.ca
WORKSHOP STEERING COMMITTEE (in progress)
Martin Gilje Jaatun, Department of Software Engineering, Safety and Security, SINTEF, Trondheim, Norway Chunming Rong, Center of IP-based Services Innovation (CIPSI), University of Stavanger, Stavanger, Norway Bhavani Thuraisingham, Cyber Security Research Center, University of Texas at Dallas, U.S.A.
WORKSHOP PROGRAM COMMITTEE
Carlisle Adams, University of Ottawa, Canada Andrew Charleswoth, University of Bristol, UK Giles Hogben, ENISA, Greece Paul Hopkins, University of Warwick, UK Latifur Khan, University of Texas at Dallas, USA Steve Marsh, Communications Research Centre Canada, Canada Christopher Millard, University of London, UK Andrew Patrick, Office of the Privacy Commissioner of Canada, Canada Siani Pearson, HP Labs, UK Simon Shiu, HP Labs, UK Sharad Singhal, HP Labs, USA Ronggong Song, National Research Council Canada, Canada Anthony Sulistio, Hochschule Furtwangen University, Germany George Yee, Carleton University, Canada
WORKSHOP OBJECTIVE
Cloud computing has emerged to address an explosive growth of web-connected devices, and handle massive amounts of data. It is defined and characterized by massive scalability and new Internet-driven economics. Yet, privacy, security, and trust for cloud computing applications are lacking in many instances and risks need to be better understood. Privacy in cloud computing may appear straightforward, since one may conclude that as long as personal information is protected, it shouldnt matter whether the processing is in a cloud or not. However, there may be hidden obstacles such as conflicting privacy laws between the location of processing and the location of data origin. Cloud computing can exacerbate the problem of reconciling these locations if needed, since the geographic location of processing can be extremely difficult to find out, due to cloud computings dynamic nature. Another issue is user-centric control, which can be a legal requirement and also something consumers want. However, in cloud computing, the consumers' data is processed in the cloud, on machines they don't own or control, and there is a threat of theft, misuse or unauthorized resale. Thus, it may even be necessary in some cases to provide adequate trust for consumers to switch to cloud services. In the case of security, some cloud computing applications simply lack adequate security protection such as fine-grained access control and user authentication (e.g. Hadoop). Since enterprises are attracted to cloud computing due to potential savings in IT outlay and management, it is necessary to understand the business risks involved. If cloud computing is to be successful, it is essential that it is trusted by its users. Therefore, we also need studies on cloud-related trust topics, such as what are the components of such trust and how can trust be achieved, for security as well as for privacy.
MISSION
This year, the CPSRT workshop will bring together a diverse group of academics and industry practitioners in an integrated state-of-the-art analysis of privacy, security, risk, and trust in the cloud. The workshop will address cloud issues specifically related to access control, trust, policy management, secure distributed storage and privacy-aware map-reduce frameworks.
TOPICS OF INTEREST
The workshop includes but is not limited to the following topics that refer to computing in the cloud: * Access control and key management * Security and privacy policy management * Identity management * Remote data integrity protection * Secure computation outsourcing * Secure data management within and across data centers * Secure distributed data storage * Secure resource allocation and indexing * Intrusion detection/prevention * Denial-of-Service (DoS) attacks and defense * Web service security, privacy, and trust * User requirements for privacy * Legal requirements for privacy * Privacy enhancing technologies * Privacy aware map-reduce framework * Risk or threat identification and analysis * Risk or threat management * Trust enhancing technologies * Trust management
These topics give rise to a number of interesting research questions to be discussed at the workshop, such as the following: * How can consumers retain control over their data when it is stored and processed in the cloud? * How can users' trust in cloud computing be enhanced? How can reputation management be used in a practical way? * How can transborder data flow regulations be enforced within the cloud? * How can solutions be tailored to a specific context? For example, how can privacy and security requirements be gathered and matched to service provisioning in an automated or semi-automated way, and on an ongoing basis? * How can adequate assurance be given about the way in which cloud providers process and protect data? * How can audit mechanisms be provided for the cloud?
Software demonstrations are welcome. We encourage submissions of greenhouse work, which present early stages of cutting-edge research and development.
SUBMISSION
The submission format must conform to the following: 10 pages maximum including figures, tables and references (see http://CPSRT.cloudcom.org/). Authors should submit the manuscript in PDF format. The official language of the meeting is English. Please submit your paper to the CPSRT 2010 Workshop submission server (https://www.easychair.org/account/signin.cgi?conf=cpsrt2010) via an EasyChair account.
DISSEMINATION
Peer-reviewed papers that are accepted for presentation at the workshop will be published in the CloudCom 2010 IEEE proceedings, and will be available in IEEExplore (EI indexing). The workshop organisers plan to invite the authors of selected high quality papers to revise and lengthen their papers for a special issue of a related journal or an edited book.
For further details, please visit the workshop Web site: http://CPSRT.cloudcom.org/

White House meeting will stress economic side of cybersecurity

Posted:

InfoSec News: White House meeting will stress economic side of cybersecurity: http://thehill.com/blogs/hillicon-valley/technology/108203-white-house-meeting-will-stress-economic-side-of-cybersecurity
By Gautham Nagesh Hillicon Valley 07/12/10
Cyber czar Howard Schmidt will hold a meeting on Wednesday with Secretary of Commerce Gary Locke and Department of Homeland Security Secretary Janet Napolitano, where he is expected to discuss how to improve private-sector cybersecurity through economic incentives.
The stated purpose of the meeting is to discuss the activities since President Barack Obama unveiled the administration's "Cyber Space Policy Review" last May. Among those invited is Larry Clinton, president of the Internet Security Alliance, which represents a range of critical private security industries concerned about cybersecurity.
Clinton said the policy review was the first government document that began to address cybersecurity as an economic rather than operational issue.
"Cybersecurity obviously has technical components, but it's more of a strategic and operational problem. You have to look at things from that economic perspective," Clinton told Hillicon Valley on Monday. "For example, if you take a technical operational perspective, you're really focusing on how cyber-attacks occur, not why they occur."
[...]

White hat hacker Maiffret returns to eEye

Posted:

InfoSec News: White hat hacker Maiffret returns to eEye: http://news.cnet.com/8301-27080_3-20010339-245.html
By Elinor Mills InSecurity Complex CNet News July 13, 2010
Security researcher and former Microsoft gadfly Marc Maiffret has returned to the company he started when he was a teenager, eEye Digital Security. [...]

Don't be too quick to dismiss FISMA

Posted:

InfoSec News: Don't be too quick to dismiss FISMA: http://gcn.com/articles/2010/07/12/cybereye-fisma-evolving.aspx
By William Jackson GCN.com July 12, 2010
The Federal Information Security Management Act has become the whipping boy for security vendors, chief information security officers and legislators, but we should not be too eager to abandon it, says a leading security researcher at the National Institute of Standards and Technology.
"We tend to want to make 'compliance' a bad word today," said NIST senior computer scientist Ron Ross. But regulatory compliance does not have to be a static checklist, and it is part of effective risk management, he said.
If the regulations are fundamentally sound and adaptable, they can evolve to address a rapidly changing security environment, and that is what is happening with FISMA, he said. "The fundamental reforms already are ongoing, coming from grass-roots activities," not from policy or legislative changes, Ross said.
As the head of NIST's FISMA implementation program, Ross, who spoke recently about changes in cybersecurity requirements at a forum hosted by InformationWeek, is hardly a disinterested observer. Since the passage of FISMA in 2002, a great deal of the resources of NIST's Computer Security Division have gone to creating standards, recommendations and guidelines on how to achieve compliance. That body of work has been praised as one of the accomplishments of FISMA while at the same time condemned as overly comprehensive and prescriptive.
[...]

Finally -- a hacking conference just for kids!

Posted:

InfoSec News: Finally -- a hacking conference just for kids!: http://www.infoworld.com/t/hacking/finally-hacking-conference-just-kids-818
By Paul F. Roberts InfoWorld July 12, 2010
Technology enthusiasts and the ranks of the curious have been trying for years to rescue the term "hacker" from its pejorative meaning. [...]

[Dataloss Weekly Summary] Week of Sunday, July 4, 2010

Posted:

InfoSec News: [Dataloss Weekly Summary] Week of Sunday, July 4, 2010: ========================================================================
Open Security Foundation - DataLossDB Weekly Summary Week of Sunday, July 4, 2010
17 Incidents Added.
======================================================================== [...]

FBI Raids 'Electronik Tribulation Army' Over Witness Intimidation

Posted:

InfoSec News: FBI Raids 'Electronik Tribulation Army' Over Witness Intimidation: http://www.wired.com/threatlevel/2010/07/eta/
By Kevin Poulsen Threat Level Wired.com July 8, 2010
FBI agents have raided the homes of three alleged members of a hacker gang that harassed a security expert who helped put the group's leader in jail, according to a recently unsealed search warrant affidavit.
Jesse William McGraw, aka "GhostExodus," pleaded guilty in May to computer-tampering charges for putting malware on a dozen machines at the Texas hospital where he worked as a security guard. He also installed the remote-access program LogMeIn on the hospital's Windows-controlled HVAC system.
Last month's raids were prompted by the aftermath of McGraw's arrest. McGraw was the leader of an anarchistic hacking group called the Electronik Tribulation Army, and his bust led to a flood of harassment against the Mississippi computer-security researcher who discovered screenshots of the HVAC access online and informed the FBI.
"They set up website in my name to pose as me, and put up embarrassing content or things they thought would embarrass me, including a call-to-action to buy sex toys, and fake pornographic images," says R. Wesley McGrew, 30, of McGrew Security. "They harvested e-mail addresses from the university I work at and e-mailed it out to those."
[...]

Career Bobs

Posted by Rohan ingale at 1:14 AM

0 comments:

Post a Comment