CCSW 2014: The ACM Cloud Computing Security Workshop
in conjunction with the ACM Conference on Computer and Communications Security (CCS)
November 7, 2014, The Scottsdale Plaza Resort, Scottsdale, Arizona, USA.
The CCSW workshop brings together researchers and practitioners in all security aspects of cloud-centric and outsourced computing, including:
CCSW has had a significant impact in our research community. As of September 2013, in the new Google Scholar Metrics entry for CCS (which encompasses CCSW), 4 of the top 20 cited papers of the past five years come from CCSW. One way to look at it is that you're as likely or perhaps more likely to have a top-20 paper publishing in CCSW than in CCS! (thanks to Ari Juels for noticing this)
Student stipends may be available to attend CCSW. Please apply on the CCS website for a CCS grant and then email firstname.lastname@example.org to let us know why you would be a good fit for CCSW. We plan on awarding several student travel grants (a function also of the quality of the applications).
Submissions due: 30 July, 2014 (midnight anywhere in the world) (absolutely firm)
Author notification: 25 August, 2014
Camera-ready: 7 September, 2014
Workshop: November 7, 2014
CCSW is soliciting full papers of up to 12 pages which will be judged based on the quality per page. Thus, shorter, high-quality papers are encouraged, and papers may be perceived as too long if they are repetitive or verbose. Submissions must use the ACM SIG Proceedings Templates (available at the ACM website) in double-column format with a font no smaller than 9 point. Only PDF files will be accepted. Submissions not meeting these guidelines risk rejection without consideration of their merits. Accepted papers will be published by the ACM Press and/or the ACM Digital Library.
Submissions must be anonymous, and authors should refer to their previous work in the third-person. Submissions must not substantially overlap with papers that have been published or that are simultaneously submitted to a journal or a conference with proceedings. Each accepted paper must be presented by one registered author. Submissions not meeting these guidelines risk immediate rejection. For questions about these policies, please contact the chairs.
Please submit your paper via EasyChair.
Dr. David Mc Grew, Fellow, Cisco
Bio: David McGrew is a Cisco Fellow who works to improve network and system security through applied research, standards, and product engineering. His current focus is on the detection of advanced threats using network monitoring and analytic techniques, and he works in the Office of the CTO in Cisco Systems' Security Business Group. Previously, he was instrumental in the development of several cryptographic standard algorithms and protocols, chaired the IRTF CFRG, and managed Cisco's IPsec development team. He holds a PhD in Physics from Michigan State University.
Title: Privacy vs. Efficacy in Cloud-based Threat Detection
Abstract: Advanced threats can be detected by monitoring information systems and networks, then applying advanced analytic techniques to the data thus gathered. It is natural to gather, store, and analyze this data in the Cloud, but doing so introduces significant privacy concerns. There are technologies that can protect privacy to some extent, but these technologies reduce the efficacy of threat analytics and forensics, and introduce computation and communication overhead. This talk considers the tension between privacy and efficacy in Cloud threat detection, and analyzes both pragmatic techniques such as data anonymization via deterministic encryption and differential privacy as well as interactive techniques such as private set intersection and searchable encryption, and highlights areas where further research is needed.
Dr. Bryan D. Payne, Director of Security Research, Nebula
Bio: Dr. Bryan D. Payne is the Director of Security Research at Nebula and co-founder of the OpenStack Security Group. He authored the OpenStack Security Guide and many research papers on virtual machine introspection. He is also the creator of LibVMI, an open source software library for runtime monitoring of virtual machines. Prior to joining Nebula, Dr. Payne worked at Sandia National Labs, the National Security Agency, BAE Systems, and IBM Research. He graduated with a Ph.D. in Computer Science from the Georgia Tech College of Computing, specializing in systems security. His research interests include operating system security, virtualization security, usable security, live and forensic memory analysis, and trusted platforms.
Title: Reducing the Cost of Security in the Cloud
Abstract: Software engineering has matured significantly over the past decade. Using modern software building blocks, we have seen companies build web services for 100s of millions of users with only 30 software engineers. These building blocks demonstrate the power of cloud computing and have fundamentally changed how applications will be created and delivered in the future. Unfortunately, fitting security into this picture -- at the application or the infrastructure level -- remains a tremendous challenge. It doesn't need to be this way. With an aggressive research investment, we can reduce the cost of high quality security. This talk will explore why security is so expensive and what can be done to reduce this cost, from the perspective of someone working to create security focused cloud infrastructure while also leading security efforts in the OpenStack community.
Dr. Joanne Martin, CISO and VP for IT Risk, IBM
Bio: Joanne Martin is currently IBM's CISO, and VP for IT Risk. In this role, she is responsible for defining and maintaining the vision, strategy, and programs that ensure IBM's information assets are adequately protected. Her organization develops policy and processes to reduce IT risks globally, manages and responds to incidents, establishes standards, and guides the implementation of technology to support the enterprise security mission. Joanne is a member of the Security 50 group. Previously, as a Distinguished Engineer and Vice President of Technology, Dr. Martin was responsible for supporting the development of IBM's technical strategy and for the global technical community. She is Past-President of the IBM Academy of Technology, and was VP of Infrastructure Management Services for Global Technology Services (GTS), responsible for providing a consistent and coherent architecture for the development and delivery of service products in the transformed GTS. She served on the management team that developed and delivered IBM's first supercomputer, with specific responsibility for the performance measurement and analysis of the system. She was named by Working Mother magazine as one of the 25 most influential working mothers for 1998 and was elected to the Women in Technology International Hall of Fame in 2012.
Title: Securing Cloud Environments for Enterprise Computing
Abstract: Cloud changes the economics of computing. Service delivery is faster and more agile and IT is delivered without boundaries. Cloud computing is a pivotal strategy for IBM, and to support it, we have to transform and simplify our approach to IT security. To operate securely in the cloud, we need to know what is being stored and where, what it's worth, how it moves, where it goes, and who is trying to access it. This new approach to IT forces us to rethink our data management strategy and identity and access control. To transform security practices for this seismic shift in IT, we need a forward-looking, principles-based cloud policy, an updated data governance model, and a new framework for determining roles and responsibilities.
Principles-based policy - This approach to policy states "what" is required for IT security, not so much "how" it should be implemented. The new policy will account for differences in environments and security assurance levels.
New data governance model - Our new data governance model, being developed in parallel to the cloud security policy, will better define different types of data and assign levels of data sensitivity with minimum security requirements for each sensitivity level. The new data governance framework will help us decide what data can be hosted in different types of cloud environments. (See the related fact sheet for another of our IT Risk 2014 Strategic Priorities
Roles and responsibilities - A new layer of responsibility now exists for the cloud service provider, in addition to the established roles for CIO and Service Delivery. These new roles require new interlocks for activities such as security patching and security monitoring.
Please register here on the main CCS website.
Alina Oprea, RSA Labs
Rei Safavi-Naini, University of Calgary
Giuseppe Ateniese, Sapienza, Italy and JHU, USA
Erik-Oliver Blass, Northeastern University, USA
Kevin Butler, University of Oregon, USA
Christian Cachin, IBM Research, Switzerland
Srdjan Capkun, ETH-Zurich, Switzerland
David Cash, Rutgers University, USA
Reza Curtmola, New Jersey Institute of Technology, USA
Robert Deng, Singapore Management University, Singapore
Srini Devadas, MIT, USA
Marten van Dijk, University of Connecticut, USA
Roberto Di Pietro, Bell Labs, France
Andreas Haeberlen, University of Pennsylvania, USA
Vinod Ganapathy, Rutgers University, USA
Seny Kamara, Microsoft Research, USA
Aggelos Kiayias, University of Athens, Greece
Florian Kerschbaum, SAP, Germany
Ralf Kuesters, Universitaet Trier, Germany
Cedric Lauradoux , INRIA, France
Ruby Lee, Princeton University, USA
Yingjiu Li, Singapore Management University, SIngapore
David Lie, University of Toronto, Canada
Catherine Meadows, Naval Research Laboratory, USA
Cristina Nita-Rotaru, Purdue University, USA
Charalampos Papamanthou, University of Maryland, USA
Mariana Raykova, SRI, USA
Mike Reiter, UNC Chapel Hill, USA
Thomas Ristenpart, University of Wisconsin, USA
Ahmad-Reza Sadeghi, TU Darmstadt, Germany
Nabil Schear, MIT Lincoln Laboratory, USA
Thomas Schneider, TU Darmstadt, Germany
Anil Somayaji, Carleton University, Canada
Nikos Triandopoulos, RSA Laboratories, USA
Dongyan Xu, Purdue University, USA
Kristin Lauter, Microsoft
Adrian Perrig, ETH Zurich
Radu Sion, Stony Brook (chair)
Gene Tsudik, UC Irvine
Moti Yung, Google Inc.
Gail-Joon Ahn, Arizona State University, USA
Interested in sponsoring CCSW (this or next year)? Please contact us directly.
CCSW 2009, CCSW 2010, CCSW 2011. CCSW 2012. CCSW 2013.