CALL FOR PAPERS CERT Software, System and Information Security Cluster
Hawaii International Conference on System Sciences (HICSS-41) January 7-10, 2008 Waikoloa, Hawaii SCOPE The CERT Software, System and Information Security (CSSIS) Cluster is a composition of two related minitracks from the Software Technology and Internet and the Digital Economy tracks. This Cluster focuses on the security issues facing software developers and implementation strategies. The description of minitracks covered follows: THE CERT SOFTWARE APPLICATION SECURITY (CSAS) MINITRACK This minitrack focuses on the research and automation techniques required to develop secure software systems that do not compromise other system properties such as performance or reliability. Current security engineering methods are demonstrably inadequate as software vulnerabilities are currently being discovered at the rate of over 4,000 per year. These vulnerabilities are caused by software designs and implementations that do not adequately protect systems and by development practices that do not focus sufficiently on eliminating implementation defects that result in security flaws. An opportunity exists for systematic improvement that can lead to secure software applications and implementations. THE CYBER THREATS, EMERGING RISKS, AND SYSTEMIC CONCERNS (CTERSC) MINITRACK This minitrack addresses issues related to detecting, mitigating and preventing the threat of computer-based attacks and operational failures. Papers that address improving the security of computer-reliant organizations from these threats through technical, organizational, or behavioral change are encouraged. These may include simulation studies, case-based research, empirical studies, and other applications of quantitative and qualitative methods. Contributions that rely on a perspective that is systemic and holistic are especially appreciated. The following topics are appropriate for research papers in the CSISS Cluster: * Static analysis tools and techniques for detecting security flaws and software vulnerabilities in source or binary code. * Dynamic analysis tools for detecting security flaws and software vulnerabilities in source or binary code. * Model checking tools for detecting security flaws and software vulnerabilities in software systems. * Software architectures and designs for securing against denial-of-service attacks and other software exploits. * Coding practices for improved security and secure library implementations. * Computational security engineering. * Other tools and techniques for reducing or eliminating vulnerabilities during the development and maintenance. * Identifying modes of misuse * Applications of access policies * Analysis of known and unknown modes of attack * Separating anomalous from routine behavior * Detecting and mitigating insider threats * Modeling risks and approaches to mitigation * Teaching and training security and business managers about the risks of cyber-attacks * The economics of information security * Creating channels and techniques to share confidential information * Modeling and theory building of security issues * Unifying security and safety models PAPER REVIEW AND PROCEEDINGS PUBLICATION Papers in each of the HICSS tracks frequently make significant contributions to the application of information systems technology. All papers submitted to HICSS are independently reviewed in a double-blind process by three individuals who are selected for their respective expertise and active involvement in the field of research for the paper(s) under consideration. Acceptance rates vary from year to year, but have averaged approximately 50% during the past few years. There may be lower rates in mature fields and slightly higher rates when a new area of research is specifically nurtured in its infancy. After a HICSS conference many papers are revised or extended and republished in various journals, transactions and monographs, or may appear as chapters in books. All accepted papers become part of the Proceedings of the Hawai'i International Conference on System Sciences that are published and distributed by the IEEE Computer Society and carried on the IEEE Digital Library, Xplore. Each year's papers are published on a CD-Rom distributed at each conference as part of the conference registration material. Prior to the conference Minitrack Chairs nominate candidates for a Best Paper Award (noted in the conference program). Judging for these awards is conducted by panel of judges in each Track, with winners announced on the last day of the conference. INSTRUCTIONS FOR PAPER SUBMISSION * HICSS papers must contain original material not previously published nor currently submitted elsewhere. * It is recommended that authors contact the Minitrack Chair(s) by email for guidance regarding appropriate content. * HICSS will conduct double-blind reviews of each submitted paper. * Submit full paper according to detailed author instructions to be found on the HICSS web site (http://www.hicss.hawaii.edu/hicss_41/cfp_41.htm) by June 15. IMPORTANT 2007 DATES Abstracts are required for submission to this Cluster, or its minitracks. Please submit abstracts to the Cluster chairs by June 1st at [EMAIL PROTECTED] Please contact the Cluster Chairs for further guidance and indication of appropriate content at any time. * June 1 Authors should submit an abstract of their paper by this date to the Cluster Chairs ([EMAIL PROTECTED]). * June 15 Authors submit full papers by this date, following Author Instructions found on the HICSS web site. All papers will be submitted in double column publication format and limited to 10 pages including diagrams and references. HICSS papers undergo a double-blind review (June15 ? August15). Submit full paper according to detailed author instructions to be found on the HICSS web site (http://www.hicss.hawaii.edu/hicss_41/cfp_41.htm). * August 15 Acceptance notices are sent to Authors. At this time, at least one author of an accepted paper should begin fiscal and travel arrangements to attend the conference to present the paper. * September 15 Authors submit Final Version of papers following submission instructions posted on the HICSS web site. At least one author of each paper should register by this date with specific plans to attend the conference. * October 2 Papers without at least one registered author will be pulled from the publication process; authors will be notified. * December 1 Deadline to guarantee your hotel reservation at conference rate. Conference rate will be granted after this date, only if rooms are available. * December 15 There will be no refund for cancellation of registration after this date. CO-CHAIRS OF THE CSSIS CLUSTER Guido Schryen (RWTH Aachen University) Jason A. Rafail (CERT/CC) Address email to the Cluster Chairs to [EMAIL PROTECTED] CO-CHAIRS OF THE CSAS MINITRACK Jason A. Rafail (CERT/CC) Robert C. Seacord (CERT/CC) Dan Plakosh (CERT/CC) CO-CHAIRS of the CTERSC Minitrack Guido Schryen (RWTH Aachen University) Jose J. Gonzalez (Agder University College) Eliot H. Rich (University at Albany, State University of New York) PROGRAM COMMITTEE MEMBERS Julia Allen SEI, CMU Yue Chen University of Southern California Felix Freiling University of Mannheim Jose J. Gonzalez Agder University College Fred Long University of Wales, Aberystwyth Pascal Meunier Purdue University David Riley University of Wisconsin - La Crosse David Spooner Rensselaer Polytechnic Institute John Steven Cigital Kenneth Van Wyk KRvW Associates, LLC Carol Woody CERT, SEI, CMU -- Robert C. Seacord Senior Vulnerability Analyst CERT/CC Work: 412-268-7608 FAX: 412-268-6989 -- Robert C. Seacord Senior Vulnerability Analyst CERT/CC Work: 412-268-7608 FAX: 412-268-6989 _______________________________________________ Secure Coding mailing list (SC-L) SC-L@securecoding.org List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l List charter available at - http://www.securecoding.org/list/charter.php SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com) as a free, non-commercial service to the software security community. _______________________________________________