[liberationtech] Security & Privacy (Oakland) rates increase TOMORROW!

Sat Apr 20 14:24:09 PDT 2013

EARLY REGISTRATION CLOSES TOMORROW!!

Security & Privacy (aka "Oakland", alas now at the Westin)
Thursday, May 23
CREDS: Cyber-security Research Ethics Dialog & Strategy
DUMA: 4th International Workshop on Data Usage Management
MoST: Mobile Security Technologies

Friday, May 24
IWCC: International Workshop on Cyber Crime
WRIT: 2nd Workshop on Research for Insider Threat
W2SP: Web 2.0 Security and Privacy

Each day pass allows for all workshops! The schedules are aligned for
workshop hopping.
http://www.regonline.com/Register/Checkin.aspx?EventID=1181099

Don't Wait! Prices go up tomorrow!

************* WORKSHOP DETAILS  ****************************

CREDS: Cyber-security Research Ethics Dialog & Strategy
*Date:* Thursday, May 23, 2013
*Website:* http://www.caida.org/workshops/creds

*Workshop objectives and goals:*
Commercial and public computer security researchers and policymakers are
tackling novel ethical challenges that exert a strong influence for online
trust dynamics. These challenges are not exceptional, but increasingly the
norm: (i) to understand and develop effective defenses to significant
Internet threats, researchers infiltrate malicious botnets; (ii) to
understand Internet fraud (phishing) studies require that users are unaware
they are being observed in order to ascertain typical behaviors; and (iii)
to perform experiments measuring Internet usage and network characteristics
that require access to sensitive network traffic. These research activities
are prerequisite for evidence-based policymaking that impacts us
individually and collectively, such as infrastructure security, network
neutrality, free market competition, spectrum application and broadband
deployment, and intellectual property rights. Therefore, in the wake of
failures to resolve these mounting tensions, ethics has re-emerged as a
crucial ordering force. For this reason, ethics underpins the debate among
CS researchers, oversight entities, industrial organizations, the
government and end users about what research activity is or is not
acceptable.

This workshop is anchored around the theme of "ethics-by-design," and aims
to:
1) Educate participants about underlying ethics principles and
applications;
2) Discuss ethical frameworks and how they are applied across the various
stakeholders and respective communities who are involved;
3) Impart recommendations about how ethical frameworks can be used to
inform policymakers in evaluating the ethical underpinning of critical
policy decisions;
4) Explore cybersecurity research ethics techniques, tools, standards and
practices so researchers can apply ethical principles within their research
methodologies; and
5) Discuss specific case vignettes and explore the ethical implications of
common research acts and omissions.
DUMA: 4th International Workshop on Data Usage Management
*Date:* Thursday, May 23, 2013
*Website:* http://dig.csail.mit.edu/2012/IEEESP-DUMA13/

*Workshop objectives and goals:*
Data usage control generalizes access control to what happens to data in
the future and after it has been given away (accessed). Spanning the
domains of privacy, the protection of intellectual property and compliance,
typical current requirements include "delete after thirty days," "don't
delete within five years," "notify whenever data is given away," and "don't
print." However, in the near future more general requirements may include
"do not use for employment purposes," "do not use for tracking," as well as
"do not use to harm me in any way." Major challenges in this field include
policies, the relationship between end user actions and technical events,
tracking data across layers of abstraction and logical as well as physical
systems, policy enforcement, protection of the enforcement mechanisms and
guarantees.

Following three successful events - the Dagstuhl Seminar on Distributed
Usage Control, the W3C Privacy and Data Usage Control Workshop, and the WWW
2012 Workshop on Data Usage Management on the Web - the goal of the 4th
International Workshop on Data Usage Management is to discuss current
technical developments in usage control and, in particular, foster
collaboration in the area of usage representation (policies is one
mechanism), provenance tracking, misuse identification, and distributed
usage enforcement. Though enabling privacy through careful and controlled
dissemination of sensitive information is an obvious fallout of usage
control, this workshop is interested in understanding data usage control as
a whole. The workshop is also interested in discussing domain-specific
solutions (which typically exist in semi-controlled environments) and their
generalization to more open environments such as the Web.
 MoST: Mobile Security Technologies
*Date:* Thursday, May 23, 2013
*Website:* http://mostconf.org/2013/

*Workshop objectives and goals:*
Mobile Security Technologies (MoST) brings together researchers,
practitioners, policy makers, and hardware and software developers of
mobile systems to explore the latest understanding and advances in the
security and privacy for mobile devices, applications, and systems. We are
seeking both short position papers (2-4 pages) and longer papers (a maximum
of 10 pages).

The scope of MoST 2012 includes, but is not limited to, security and
privacy specifically for mobile devices and services related to: Device
hardware, Operating systems, Middleware, Mobile web, Secure and efficient
communication, Secure application development tools and practices, Privacy,
Vulnerabilities and remediation techniques, Usable security, Identity and
access control, Risks in putting trust in the device vs. in the
network/cloud, Special applications, such as medical monitoring and
records, Mobile advertisement, Economical impact of security and privacy
technologies
IWCC: International Workshop on Cyber Crime
*Date:* Friday, May 24, 2013
*Website:* http://stegano.net/IWCC2013/

*Workshop objectives and goals:*
Today's world's societies are becoming more and more dependent on open
networks such as the Internet - where commercial activities, business
transactions and government services are realized. This has led to the fast
development of new cyber threats and numerous information security issues
which are exploited by cyber criminals. The inability to provide trusted
secure services in contemporary computer network technologies has a
tremendous socio-economic impact on global enterprises as well as
individuals. Moreover, the frequently occurring international frauds impose
the necessity to conduct the investigation of facts spanning across
multiple international borders. Such examination is often subject to
different jurisdictions and legal systems. A good illustration of the above
being the Internet, which has made it easier to perpetrate traditional
crimes. It has acted as an alternate avenue for the criminals to conduct
their activities, and launch attacks with relative anonymity. The increased
complexity of the communications and the networking infrastructure is
making investigation of the crimes difficult. Traces of illegal digital
activities are often buried in large volumes of data, which are hard to
inspect with the aim of detecting offences and collecting evidence.
Nowadays, the digital crime scene functions like any other network, with
dedicated administrators functioning as the first responders. This poses
new challenges for law enforcement policies and forces the computer
societies to utilize digital forensics to combat the increasing number of
cybercrimes. Forensic professionals must be fully prepared in order to be
able to provide court admissible evidence. To make these goals achievable,
forensic techniques should keep pace with new technologies.

The aim of this workshop is to bring together the research accomplishments
provided by the researchers from academia and the industry. The other goal
is to show the latest research results in the field of digital forensics
and to present the development of tools and techniques which assist the
investigation process of potentially illegal cyber activity. We encourage
prospective authors to submit related distinguished research papers on the
subject of both: theoretical approaches and practical case reviews. The
workshop will be accessible to both non-experts interested in learning
about this area and experts interesting in hearing about new research and
approaches.
WRIT: 2nd Workshop on Research for Insider Threat
*Date:* Friday, May 24, 2013
*Website:* http://www.sei.cmu.edu/community/writ2013/

*Workshop objectives and goals:*
The threat of malicious insiders to organizational security has
historically been one of the most difficult challenges to address. Insiders
often attack using authorized access and with behavior very difficult to
distinguish from normal activities. Modern insiders are further enabled by
immense data storage capabilities, advanced searching algorithms, and the
difficulty of comprehensive monitoring of networked systems. Furthermore,
several recent high-profile attacks have been enabled by non-malicious, or
unintentional, insiders fooled by exploits from external attackers.
Technical solutions to this problem are emerging, but studies show little
significant progress has been made in reducing the numbers or impacts of
insider attacks. There are two main reasons for the relative lack of
success in identifying insider threats: 1) The problem is not well
understood. In addition to the complex challenges surrounding collection,
correlation, and detection of technical indicators, researchers must also
understand underlying human motivations and behaviors. This is not a
traditional area of study for IT security researchers; configuring
technical solutions to monitor for human deception is challenging. 2) Data
on insider attacks is difficult to obtain. Ground truth data: Organizations
suffering insider attacks are often reluctant to share data about those
attacks publicly. Studies show over 70% of attacks are not reported
externally, including many of the most common, low-level attacks. This
leads to uncertainty that available data accurately represents the true
nature of the problem. Baseline data: The rate of insider attacks is
relatively unknown; furthermore, the behaviors of non-malicious users are
also not available in large data sets. The insider threat problem has been
receiving increased attention. Recently, three workshops were held,
sponsored by the Institute for Information Infrastructure Protection (I3P),
the National Security Agency's Centers of Academic Excellence (CAE)
program, and the CERT Insider Threat Center. However, these were not widely
accessible by the general community. Additionally, DARPA has two programs
(CINDER and ADAMS) aimed at Insider Threat challenges, so there is an
active and growing research community in this area. Finally, Executive
Order 13587 requires all US Government agencies handling classified
information to implement insider threat programs to protect sensitive
information, leading to a greatly increased interest among US Government
agencies in advances in detection of insider threats.

The proposed workshop will highlight challenges specific to the insider
threat problem from multiple viewpoints, such as information technology,
behavioral sciences, or criminology, and will review existing promising
approaches and experimentation possibilities for evaluation of solution
approaches. The workshop will therefore be accessible to both non-experts
interested in learning about this area and experts interesting in hearing
about approaches being taken by others. A moderated panel discussion will
review and comment on the workshop presentations to provide a capstone
activity.
W2SP: Web 2.0 Security and Privacy
*Date:* Friday, May 24, 2013
*Website:* http://www.w2spconf.com/2013/

*Workshop objectives and goals:*
W2SP brings together researchers, practitioners, web programmers, policy
makers, and others interested in the latest understanding and advances in
the security and privacy of the web, browsers and their eco-system. We have
had five years of successful W2SP workshops. This year, we will
additionally invite selected papers to a special issue of the journal. W2SP
is held in conjunction with the IEEE Symposium on Security and privacy,
which will take place from May 20-23, 2012, at the Westin St. Francis Hotel
in San Francisco. W2SP will continue to be open-access: all papers will be
made available on the workshop website, and authors will not need to
forfeit their copyright. We are seeking both short position papers (2-4
pages) and longer papers (a maximum of 10 pages). Papers must be formatted
for US letter (not A4) size paper with margins of at least 3/4 inch on all
sides. The text must be formatted in a two-column layout, with columns no
more than 9 in. high and 3.375 in. wide. The text must be in Times font,
10-point or larger, with 12-point or larger line spacing. Authors are
encouraged to use the IEEE conference proceedings templates.

The scope of W2SP 2012 includes, but is not limited to: Trustworthy
cloud-based services, Privacy and reputation in social networks, Security
and privacy as a service, Usable security and privacy, Security for the
mobile web, Identity management and psuedonymity, Web
services/feeds/mashups, Provenance and governance, Security and privacy
policies for composible content, Next-generation browser technology, Secure
extensions and plug-ins, Advertisement and affiliate fraud, Measurement
study for understanding web security and privacy

-- 
Prof. L. Jean Camp
http://www.ljean.com
Net Trust
http://code.google.com/p/nettrust/
Economics of Security
http://www.infosecon.net/
ETHOS
http://ethos.indiana.edu
Congressional Fellow
http://www.ieeeusa.org/policy/govfel/congfel.asp
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.stanford.edu/pipermail/liberationtech/attachments/20130420/20fd7f09/attachment.html>