CALL FOR PAPERS
CERT Software, System and
Information Security Cluster
Hawaii International Conference on System Sciences (HICSS-41)
January 7-10, 2008
Waikoloa, Hawaii
SCOPE
The CERT Software, System and Information Security (CSSIS) Cluster is
a composition of two related minitracks from the Software Technology
and Internet and the Digital Economy tracks. This Cluster focuses on
the security issues facing software developers and implementation
strategies. The description of minitracks covered follows:
THE CERT SOFTWARE APPLICATION SECURITY (CSAS) MINITRACK
This minitrack focuses on the research and automation techniques
required to develop secure software systems that do not compromise
other system properties such as performance or reliability. Current
security engineering methods are demonstrably inadequate as software
vulnerabilities are currently being discovered at the rate of over
4,000 per year. These vulnerabilities are caused by software designs
and implementations that do not adequately protect systems and by
development practices that do not focus sufficiently on eliminating
implementation defects that result in security flaws. An opportunity
exists for systematic improvement that can lead to secure software
applications and implementations.
THE CYBER THREATS, EMERGING RISKS, AND SYSTEMIC CONCERNS (CTERSC)
MINITRACK
This minitrack addresses issues related to detecting, mitigating and
preventing the threat of computer-based attacks and operational
failures. Papers that address improving the security of
computer-reliant organizations from these threats through technical,
organizational, or behavioral change are encouraged. These may include
simulation studies, case-based research, empirical studies, and other
applications of quantitative and qualitative methods. Contributions
that rely on a perspective that is systemic and holistic are
especially appreciated. The following topics are appropriate for
research papers in the CSISS Cluster:
* Static analysis tools and techniques for detecting security flaws
and software vulnerabilities in source or binary code.
* Dynamic analysis tools for detecting security flaws and software
vulnerabilities in source or binary code.
* Model checking tools for detecting security flaws and software
vulnerabilities in software systems.
* Software architectures and designs for securing against
denial-of-service attacks and other software exploits.
* Coding practices for improved security and secure library
implementations.
* Computational security engineering.
* Other tools and techniques for reducing or eliminating
vulnerabilities during the development and maintenance.
* Identifying modes of misuse
* Applications of access policies
* Analysis of known and unknown modes of attack
* Separating anomalous from routine behavior
* Detecting and mitigating insider threats
* Modeling risks and approaches to mitigation
* Teaching and training security and business managers about the risks
of cyber-attacks
* The economics of information security
* Creating channels and techniques to share confidential information
* Modeling and theory building of security issues
* Unifying security and safety models
PAPER REVIEW AND PROCEEDINGS PUBLICATION
Papers in each of the HICSS tracks frequently make significant
contributions to the application of information systems technology.
All papers submitted to HICSS are independently reviewed in a
double-blind process by three individuals who are selected for their
respective expertise and active involvement in the field of research
for the paper(s) under consideration.
Acceptance rates vary from year to year, but have averaged
approximately 50% during the past few years. There may be lower rates
in mature fields and slightly higher rates when a new area of research
is specifically nurtured in its infancy. After a HICSS conference many
papers are revised or extended and republished in various journals,
transactions and monographs, or may appear as chapters in books. All
accepted papers become part of the Proceedings of the Hawai'i
International Conference on System Sciences that are published and
distributed by the IEEE Computer Society and carried on the IEEE
Digital Library, Xplore.
Each year's papers are published on a CD-Rom distributed at each
conference as part of the conference registration material. Prior to
the conference Minitrack Chairs nominate candidates for a Best Paper
Award (noted in the conference program). Judging for these awards is
conducted by panel of judges in each Track, with winners announced on
the last day of the conference.
INSTRUCTIONS FOR PAPER SUBMISSION
* HICSS papers must contain original material not previously published
nor currently submitted elsewhere.
* It is recommended that authors contact the Minitrack Chair(s) by email
for guidance regarding appropriate content.
* HICSS will conduct double-blind reviews of each submitted paper.
* Submit full paper according to detailed author instructions to be
found on the HICSS web site
(http://www.hicss.hawaii.edu/hicss_41/cfp_41.htm) by June 15.
IMPORTANT 2007 DATES
Abstracts are required for submission to this Cluster, or its
minitracks. Please submit abstracts to the Cluster chairs by June 1st
at [EMAIL PROTECTED] Please contact the Cluster Chairs for further
guidance and indication of appropriate content at any time.
* June 1
Authors should submit an abstract of their paper by this date to the
Cluster Chairs ([EMAIL PROTECTED]).
* June 15
Authors submit full papers by this date, following Author Instructions
found on the HICSS web site. All papers will be submitted in double
column publication format and limited to 10 pages including diagrams
and references. HICSS papers undergo a double-blind review (June15 ?
August15). Submit full paper according to detailed author instructions
to be found on the HICSS web site
(http://www.hicss.hawaii.edu/hicss_41/cfp_41.htm).
* August 15
Acceptance notices are sent to Authors. At this time, at least one
author of an accepted paper should begin fiscal and travel
arrangements to attend the conference to present the paper.
* September 15
Authors submit Final Version of papers following submission
instructions posted on the HICSS web site. At least one author of each
paper should register by this date with specific plans to attend the
conference.
* October 2
Papers without at least one registered author will be pulled from the
publication process; authors will be notified.
* December 1
Deadline to guarantee your hotel reservation at conference rate.
Conference rate will be granted after this date, only if rooms are
available.
* December 15
There will be no refund for cancellation of registration after this
date.
CO-CHAIRS OF THE CSSIS CLUSTER
Guido Schryen (RWTH Aachen University)
Jason A. Rafail (CERT/CC)
Address email to the Cluster Chairs to [EMAIL PROTECTED]
CO-CHAIRS OF THE CSAS MINITRACK
Jason A. Rafail (CERT/CC)
Robert C. Seacord (CERT/CC)
Dan Plakosh (CERT/CC)
CO-CHAIRS of the CTERSC Minitrack
Guido Schryen (RWTH Aachen University)
Jose J. Gonzalez (Agder University College)
Eliot H. Rich (University at Albany, State University of New York)
PROGRAM COMMITTEE MEMBERS
Julia Allen SEI, CMU
Yue Chen University of Southern California
Felix Freiling University of Mannheim
Jose J. Gonzalez Agder University College
Fred Long University of Wales, Aberystwyth
Pascal Meunier Purdue University
David Riley University of Wisconsin - La Crosse
David Spooner Rensselaer Polytechnic Institute
John Steven Cigital
Kenneth Van Wyk KRvW Associates, LLC
Carol Woody CERT, SEI, CMU
-- Robert C. Seacord Senior Vulnerability Analyst CERT/CC Work:
412-268-7608 FAX: 412-268-6989
--
Robert C. Seacord
Senior Vulnerability Analyst
CERT/CC
Work: 412-268-7608
FAX: 412-268-6989
_______________________________________________
Secure Coding mailing list (SC-L) SC-L@securecoding.org
List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l
List charter available at - http://www.securecoding.org/list/charter.php
SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com)
as a free, non-commercial service to the software security community.
_______________________________________________
