Difference between pages "IEEE/SADFE-2009" and "UPSEC 08"

From ForensicsWiki
(Difference between pages)
Jump to: navigation, search
 
m (New page: CALL FOR PAPERS Usability, Psychology, and Security 2008 April 14, 2008 San Francisco, CA, USA Sponsored by USENIX, The Advanced Computing Systems Association Co-located with the 5th US...)
 
Line 1: Line 1:
IEEE/SADFE-2009
+
CALL FOR PAPERS
  
4th International Workshop on Systematic Approaches to Digital Forensic Engineering (IEEE/SADFE)
+
Usability, Psychology, and Security 2008
 +
April 14, 2008
 +
San Francisco, CA, USA
  
Thursday, May 21, 2009, The Claremont Resort, Oakland, California
+
Sponsored by USENIX, The Advanced Computing Systems Association
  
Sponsored by the IEEE Technical Committee on Security and Privacy
+
Co-located with the 5th USENIX Symposium on Networked Systems Design 
Held in conjunction with the 2009 IEEE Symposium on Security and Privacy
+
& Implementation (NSDI '08), which will take place April 16-18, 2008, 
 +
and the First USENIX Workshop on Large-Scale Exploits and Emergent 
 +
Threats (LEET '08), which will take place April 15, 2008
  
Call for Papers
+
IMPORTANT DATES
Deadline: March 25, 2009
+
Submissions due: January 18, 2008
 +
Notification of acceptance: February 28, 2008
 +
Final papers due: March 18, 2008
  
http://conf.ncku.edu.tw/sadfe/sadfe09/cfp.html
+
WORKSHOP ORGANIZERS
  
aper submissions due: Mar. 25, 2009 (this is an extended date, and is now firm)
+
Program Chairs
Decisions by: Apr. 15, 2009
+
Elizabeth Churchill, Yahoo! Research
 +
Rachna Dhamija, Harvard University
  
The IEEE/SADFE (Systematic Approaches to Digital Forensic Engineering) International Workshop promotes systematic approaches to computer investigations, by furthering the advancement of digital forensic engineering as a disciplined practice.
+
Program Committee
 +
Steven M. Bellovin, Columbia University
 +
Dan Boneh, Stanford University
 +
Coye Cheshire, University of California, Berkeley
 +
Julie Downs, Carnegie Mellon University
 +
Stuart Schechter, Microsoft Research
 +
Sean Smith, Dartmouth University
 +
J.D. Tygar, University of California, Berkeley
 +
Paul Van Oorschot, Carleton University
  
Most previous SADFE papers have emphasized cyber crime investigations, and this is still a key focus of the meeting.  However, we also welcome papers on forensics that do not necessarily involve a crime:   general attack analysis, insider threat, insurance and compliance investigations, and similar forms of retrospective analysis are all viable topics. Digital forensic engineering is characterized by the application of scientific and mathematical principles to the investigation and establishment of facts or evidence, either for use within a court of law or to aid in understanding past events on a computer system.
+
OVERVIEW
 +
Information security involves both technology and people. To design 
 +
and deploy secure systems, we require an understanding of how users 
 +
of those systems perceive, understand, and act on security risks and
 +
threats.
  
Past speakers and attendees of SADFE have included computer scientists, social scientists, forensic practitioners, law enforcement, lawyers, and judges. The synthesis of hard technology and science with social science and practice forms the foundation of this conference.
+
This one-day workshop will bring together an interdisciplinary group 
 +
of researchers, systems designers, and developers to discuss how the 
 +
fields of human computer interaction, applied psychology, and
 +
computer security can be brought together to inform innovations in 
 +
secure systems design. We seek to deepen the conversation about 
 +
usable security to go beyond the user interface, toward developing 
 +
useful and usable systems of humans and technology.
  
 +
TOPICS
 +
Topics include but are not limited to:
  
Workshop Topics
+
- Error detection and recovery
 +
- Human perception and cognitive information processing
 +
- Identity and impression management
 +
- Individual and cultural differences
 +
- Information seeking and evaluation
 +
- Judgment and decision-making
 +
- Learning, training, and experience
 +
- Mental models
 +
- Models of privacy, sharing, and trust
 +
- Organizational, group, and individual behavior
 +
- Risk perception, risk analysis, and risk communication
 +
- Security behavior study methodology
 +
- Social engineering
 +
- Social influence and persuasion
 +
- System proposals and design approaches
 +
- Threat evaluation
 +
- Usability
 +
- User motivation and incentives for secure behavior
  
The field of digital forensics faces many challenges, including scale, scope and presentation or reintegration of primarily technical information and conclusions into a non-technical societal framework.
+
The study of human attention, learning, reasoning, and behavior 
 +
addresses issues of central relevance to computer security. For example:
  
Digital information now permeates cyber-crimes and cyber-enabled crimes.  It may be available for only nanoseconds or for years; it may involve only a single bit that has been modified, or huge volumes of data that may be found locally or spread globally throughout a variety of infrastructures. Correlating large amounts of digital information, establishing relevance and reliability and authenticating electronic evidence may be exceptionally difficult across geographically dispersed public and proprietary platforms.
+
- Security weaknesses often arise from biases in human perception and
 +
cognitive information processing. For example, phishing attacks use 
 +
confusing perceptual cues and fear to trick users into revealing 
 +
sensitive information.
  
To advance the state of the art, IEEE/SADFE-2009 solicits broad-based, innovative digital forensic engineering technology, techno-legal and practice-related submissions in the following four areas:
+
- Assessing, creating, and managing secure systems requires ongoing 
 +
information seeking and information evaluation, as new threats emerge 
 +
constantly. However, understanding complex and dynamic systems is 
 +
time-consuming and error-prone, and users have little motivation to 
 +
spend the time and effort that is required.
  
Digital Data and Evidence Management: advanced digital evidence discovery, collection, and storage
+
- The perception of risk can influence users' willingness to employ 
 +
security mechanisms or engage in risky behavior. However, risk 
 +
perception and decision-making are often based on limited domain 
 +
knowledge and are subject to bias; we underestimate some risks and
 +
exaggerate others.
  
* Identification, authentication and collection of digital evidence<BR>
+
- People's level of confidence in their risk assessments can be 
* Post-collection handling of evidence and the preservation of data integrity<BR>
+
perceptually and socially manipulated, independent of actual risks. 
* Evidence preservation and storage<BR>
+
Attackers (and system designers) often create the perception of
* Forensic-enabled architectures and processes, including network processes<BR>
+
security, even when none exists.
* Managing geographically, politically and/or jurisdictionally dispersed data<BR>
+
* Data and web mining systems for identification and authentication of relevant data <BR>
+
+
Principle-based Digital Forensic Processes: systematic engineering processes supporting digital evidence management which are sound on scientific, technical and legal grounds
+
  
* Legal and technical aspects of admissibility and evidence tests<BR>
+
- Human reasoning follows certain patterns, which are subject to 
* Examination environments for digital data<BR>
+
change with experience. Through training and education, we can help 
* Courtroom expert witness and case presentation<BR>
+
users to learn methods and procedures and develop mental models of 
* Case studies illustrating privacy, legal and legislative issues<BR>
+
how security systems work.
* Forensic tool validation: legal implications and issues<BR>
+
* Legal and privacy implications for digital and computational forensic analysis<BR>
+
  
Digital Evidence Analytics: advanced digital evidence analysis, correlation, and presentation
+
- People learn through interaction with others. Models of social 
 +
influence suggest that information garnered from a trusted source can 
 +
affect people's behavior or attitudes, but the level of trust 
 +
conferred on others is dependent on situational factors. 
 +
Organizational factors and group behavior can also have a large 
 +
effect on individual behavior.
  
* Advanced search, analysis, and presentation of digital evidence<BR>
+
- Approaches to risk assessment, identity and impression management,
* Progressive cyber crime scenario analysis and reconstruction technology<BR>
+
and trust vary from one individual to another and also vary by culture.
* Legal case construction & digital evidence support<BR>
+
* Cyber-crime strategy analysis & modeling<BR>
+
* Combining digital and non-digital evidence<BR>
+
* Supporting qualitative or statistical evidence<BR>
+
* Computational systems and computational forensic analysis<BR>
+
  
Forensic-support technologies: forensic-enabled and proactive monitoring/response
+
SUBMISSIONS
 +
Usability, Psychology, and Security 2008 invites insightful new 
 +
contributions that apply aspects of human/computer interaction and 
 +
applied psychology to solving problems in computer security. We 
 +
invite submissions in two categories.
  
* Forensics of embedded or non-traditional devices (e.g., digicams, cell phones, SCADA)<BR>
+
1. Short papers: We encourage short papers that describe innovative 
* Innovative forensic engineering tools and applications<BR>
+
work in progress or position papers that map out directions for
* Forensic-enabled support for incident response<BR>
+
future research or design. Short papers should be no longer than five 
* Forensic tool validation: methodologies and principles<BR>
+
(5) pages.
* Legal and technical collaboration<BR>
+
* Digital Forensics Surveillance Technology and Procedures<BR>
+
* "Honeypot" and other target systems for data collection and monitoring<BR>
+
  
 +
2. Full papers: Full papers may describe systems, case studies, 
 +
fieldwork descriptions, experimental studies, and design frameworks. 
 +
Full papers must be no longer than ten (10) single-spaced 8.5" x 11" 
 +
pages, including figures, tables, and references.
  
Instructions for Paper and Panel Submissions
+
All submissions should offer new contributions that have not been 
 +
published elsewhere. Author names and affiliations should appear on 
 +
the title page. Submissions must be in PDF and must be submitted via 
 +
the form on the Usability, Psychology, and Security 2008 Call for 
 +
Papers Web site:
  
The IEEE/SADFE-2009 Program Committee invites three types of submissions:
+
http://www.usenix.org/upsec08/cfp
  
 +
Papers accompanied by nondisclosure agreement forms will not be 
 +
considered. All submissions will be treated as confidential prior to 
 +
publication in the Proceedings.
  
Full papers
+
Simultaneous submission of the same work to multiple venues, 
 +
submission of previously published work, and plagiarism constitute 
 +
dishonesty or fraud. USENIX, like other scientific and technical 
 +
conferences and journals, prohibits these practices and may, on the 
 +
recommendation of a program chair, take action against authors who 
 +
have committed them. In some cases, program committees may share 
 +
information about submitted papers with other conference chairs and 
 +
journal editors to ensure the integrity of papers under 
 +
consideration. If a violation of these principles is found, sanctions 
 +
may include, but are not limited to, barring the authors from 
 +
submitting to or participating in USENIX conferences for a set 
 +
period, contacting the authors' institutions, and publicizing the 
 +
details of the case.
  
Full papers present mature research results. Papers accepted for presentation at the Workshop will be included in the IEEE/SADFE-2009 proceedings, which will be published by IEEE Press following the workshop.  This gives authors a chance to revise their submissions based on feedback received during the workshop.  Full papers should be 8-12 pages when formatted according to IEEE 6x9, one-column guidelines [http://www.computer.org/portal/site/cscps/menuitem.02df7cde46985ea21618fc2e6bcd45f3/index.jsp?&pName=cscps_level1&path=cscps/cps&file=cps_forms.xml&xsl=generic.xsl&;jsessionid=JPLBhvXvQppybVBYCp1wSjlJJ8L15DW1GRsLsvxTRl8gVnT7fz52!-551649330].  Papers must include an abstract and a list of keywords, and clearly indicate the corresponding author.
+
Note, however, that we expect that many papers accepted for the
 +
workshop will eventually be extended as full papers suitable for 
 +
presentation at future conferences.
  
 +
Authors uncertain whether their submission meets USENIX's guidelines 
 +
should contact the Program Chairs, upsec08chairs@usenix.org, or the 
 +
USENIX office, submissionspolicy@usenix.org.
  
"Work-in-Progress" short papers
+
HISTORY
 +
This workshop evolved from Usable Security (USEC'07). The USEC'07 
 +
program and papers are available on the workshop Web site:
  
These shorter papers should describe interesting developing work or concept in the field of digital forensic engineering. These papers should emphasize the nature of the problem they present, potential solution and implications/impacts to the field, in such a way that it will engender community discussion. A selection of these papers will be presented at IEEE/SADFE-2009 in a Works-in-Progress session. Work-in-Progress papers should be 3-5 pages long. Work-in-Progress papers will be included as an appendix in the IEEE/SADFE-2009 proceedings. Authors may participate in only one Work-in-Progress paper (in the case of multiple submissions, later submissions will be deleted).
+
http://www.usablesecurity.org/
 
+
 
+
Posters
+
 
+
Describing work in progress and/or specific tools available without charge to the research community (ie, no vendor posters should be submitted). Submissions must consist of a one-page abstract. Posters will not be included in the proceedings.  There will be a session at the workshop in which authors of selected posters will have individual opportunities to briefly introduce their work during the meeting, and will receive live feedback and questions on their work from members of the program committee.
+
 
+
 
+
Each paper submission will be reviewed by at least three IEEE/SADFE-2009 Program Committee members. The selection process will be based on review technical merits. Panel and posters decisions will be made by Program Chair with recommendations from Program Committee and Steering Committee.
+
 
+
 
+
Double Submissions, Uniqueness & Presentation
+
 
+
IEEE/SADFE-2009 is intended to support discussion and publication of novel results. To meet this goal, submissions must not substantially duplicate work that any of the authors has published elsewhere. Work submitted in parallel to any other conference or workshop with proceedings is explicitly excluded from participation. If the work has been submitted elsewhere in a venue that does not include proceedings, the extent of the replication and the nature of the other venue should be clearly indicated in a cover letter submitted along with the paper. Finally, plagiarism has no place in the scholarly community and the program committee reserves the right to notify employers and/or others of any confirmed cases of plagiarism.
+
 
+
For accepted Full Papers, Posters, and for the Work-in-Progress, it is required that at least one of the authors attends the conference to present the paper.  The presenting author must be registered by the date of the camera-ready submission.  The deadline for Work-in-Progress and Full papers is the same.
+
 
+
All submissions (papers & panel proposals) must be submitted electronically, following the instructions to be provided on the IEEE/SADFE'09 website (http://conf.ncku.edu.tw/sadfe/sadfe09/). Papers must list all authors and their affiliations; in case of multiple authors, the contact author must be indicated.
+
 
+
 
+
Workshop Format
+
 
+
The SADFE workshop will consist of invited talks, paper presentations and panel discussions. All presentations, talks and panel discussions will be made in English.
+
 
+
Steering Committee:
+
 
+
Deb Frincke, co-chair       Pacific Northwest National Labs<BR>
+
Ming-Yuh Huang, co-chair    The Boeing Company<BR>
+
Chi Sung Laih               National Cheng Kung University<BR>
+
Michael Losavio             University of Louisville<BR>
+
Alec Yasinsac               University of South Alabama<BR>
+
 
+
Organizing Committee:
+
 
+
General Chair:  Rob Erbacher (Utah State University)<BR>
+
Program Committee Co-Chairs:  Matt Bishop (UC Davis) and [[Sean_Peisert|Sean]] [http://www.cs.ucdavis.edu/~peisert/ Peisert] (UC Davis)<BR>
+
Publication Chair: Carrie Gates (CA Labs)<BR>
+
Publicity Chair, North America: Marc Rogers (Purdue University)<BR>
+
Publicity Co-Chair, Asia: Chi-Sung Laih (National Cheng Kung University)<BR>
+
K P Chow (University of Hong Kong)<BR>
+
Publicity Co-Chair, Europe: Erland Jonsson (Chalmers University of Technology)<BR>
+
Publicity Co-Chair, Australia: Trish Williams (Edith Cowan University)<BR>
+
Submission Chair: Adel Elmaghraby (University of Louisville)<BR>
+
Sponsorship Chair: Alec Yasinsac (University of Southern Alabama)<BR>
+
Website Host: Chi-Sung Laih (National Cheng Kung University)<BR>
+
 
+
Program Committee:<BR>
+
 
+
Becky Bace                  Infidel, Inc.<BR>
+
Matt Bishop                 University of California, Davis<BR>
+
[[Brian_Carrier|Brian Carrier]]               Basis Corp.<BR>
+
Charisse Castagnoli         Independent Consultant<BR>
+
Herve Debar                 France Telecom R&D<BR>
+
Barbara Endicott-Popovsky   University of Washington<BR>
+
Deb Frincke                 Pacific Northwest National Labs<BR>
+
[[Simson_L._Garfinkel|Simson Garfinkel]]            Naval Postgraduate School<BR>
+
Carrie Gates                CA Labs<BR>
+
Brian Hay                   University of Alaska, Fairbanks<BR>
+
Erin Kenneally              University of California, San Diego<BR>
+
Chi Sung Laih               National Cheng Kung University<BR>
+
Michael Losavio             University of Louisville<BR>
+
Keith Marzullo              University of California, San Diego<BR>
+
Kara Nance                  University of Alaska, Fairbanks<BR>
+
Sean Peisert                University of California, Davis<BR>
+
Mark Pollitt                University of Central Florida<BR>
+
Christian Probst            Technical University of Denmark<BR>
+
Clay Shields                Georgetown University<BR>
+
Abe Singer                  California Institute of Technology<BR>
+
Fred Chris Smith            Former Assistant U.S. Attorney<BR>
+
Tye Stallard                University of California, Davis<BR>
+
Bill Tafoya                 University of New Haven<BR>
+
Carol Taylor                Eastern Washington University<BR>
+
Wietse Venema               IBM T.J. Watson Research Center<BR>
+
Giovanni Vigna              University of California, Santa Barbara<BR>
+
Avishai Wool                Tel Aviv University<BR>
+

Latest revision as of 10:47, 16 January 2008

CALL FOR PAPERS

Usability, Psychology, and Security 2008 April 14, 2008 San Francisco, CA, USA

Sponsored by USENIX, The Advanced Computing Systems Association

Co-located with the 5th USENIX Symposium on Networked Systems Design & Implementation (NSDI '08), which will take place April 16-18, 2008, and the First USENIX Workshop on Large-Scale Exploits and Emergent Threats (LEET '08), which will take place April 15, 2008

IMPORTANT DATES Submissions due: January 18, 2008 Notification of acceptance: February 28, 2008 Final papers due: March 18, 2008

WORKSHOP ORGANIZERS

Program Chairs Elizabeth Churchill, Yahoo! Research Rachna Dhamija, Harvard University

Program Committee Steven M. Bellovin, Columbia University Dan Boneh, Stanford University Coye Cheshire, University of California, Berkeley Julie Downs, Carnegie Mellon University Stuart Schechter, Microsoft Research Sean Smith, Dartmouth University J.D. Tygar, University of California, Berkeley Paul Van Oorschot, Carleton University

OVERVIEW Information security involves both technology and people. To design and deploy secure systems, we require an understanding of how users of those systems perceive, understand, and act on security risks and threats.

This one-day workshop will bring together an interdisciplinary group of researchers, systems designers, and developers to discuss how the fields of human computer interaction, applied psychology, and computer security can be brought together to inform innovations in secure systems design. We seek to deepen the conversation about usable security to go beyond the user interface, toward developing useful and usable systems of humans and technology.

TOPICS Topics include but are not limited to:

- Error detection and recovery - Human perception and cognitive information processing - Identity and impression management - Individual and cultural differences - Information seeking and evaluation - Judgment and decision-making - Learning, training, and experience - Mental models - Models of privacy, sharing, and trust - Organizational, group, and individual behavior - Risk perception, risk analysis, and risk communication - Security behavior study methodology - Social engineering - Social influence and persuasion - System proposals and design approaches - Threat evaluation - Usability - User motivation and incentives for secure behavior

The study of human attention, learning, reasoning, and behavior addresses issues of central relevance to computer security. For example:

- Security weaknesses often arise from biases in human perception and cognitive information processing. For example, phishing attacks use confusing perceptual cues and fear to trick users into revealing sensitive information.

- Assessing, creating, and managing secure systems requires ongoing information seeking and information evaluation, as new threats emerge constantly. However, understanding complex and dynamic systems is time-consuming and error-prone, and users have little motivation to spend the time and effort that is required.

- The perception of risk can influence users' willingness to employ security mechanisms or engage in risky behavior. However, risk perception and decision-making are often based on limited domain knowledge and are subject to bias; we underestimate some risks and exaggerate others.

- People's level of confidence in their risk assessments can be perceptually and socially manipulated, independent of actual risks. Attackers (and system designers) often create the perception of security, even when none exists.

- Human reasoning follows certain patterns, which are subject to change with experience. Through training and education, we can help users to learn methods and procedures and develop mental models of how security systems work.

- People learn through interaction with others. Models of social influence suggest that information garnered from a trusted source can affect people's behavior or attitudes, but the level of trust conferred on others is dependent on situational factors. Organizational factors and group behavior can also have a large effect on individual behavior.

- Approaches to risk assessment, identity and impression management, and trust vary from one individual to another and also vary by culture.

SUBMISSIONS Usability, Psychology, and Security 2008 invites insightful new contributions that apply aspects of human/computer interaction and applied psychology to solving problems in computer security. We invite submissions in two categories.

1. Short papers: We encourage short papers that describe innovative work in progress or position papers that map out directions for future research or design. Short papers should be no longer than five (5) pages.

2. Full papers: Full papers may describe systems, case studies, fieldwork descriptions, experimental studies, and design frameworks. Full papers must be no longer than ten (10) single-spaced 8.5" x 11" pages, including figures, tables, and references.

All submissions should offer new contributions that have not been published elsewhere. Author names and affiliations should appear on the title page. Submissions must be in PDF and must be submitted via the form on the Usability, Psychology, and Security 2008 Call for Papers Web site:

http://www.usenix.org/upsec08/cfp

Papers accompanied by nondisclosure agreement forms will not be considered. All submissions will be treated as confidential prior to publication in the Proceedings.

Simultaneous submission of the same work to multiple venues, submission of previously published work, and plagiarism constitute dishonesty or fraud. USENIX, like other scientific and technical conferences and journals, prohibits these practices and may, on the recommendation of a program chair, take action against authors who have committed them. In some cases, program committees may share information about submitted papers with other conference chairs and journal editors to ensure the integrity of papers under consideration. If a violation of these principles is found, sanctions may include, but are not limited to, barring the authors from submitting to or participating in USENIX conferences for a set period, contacting the authors' institutions, and publicizing the details of the case.

Note, however, that we expect that many papers accepted for the workshop will eventually be extended as full papers suitable for presentation at future conferences.

Authors uncertain whether their submission meets USENIX's guidelines should contact the Program Chairs, upsec08chairs@usenix.org, or the USENIX office, submissionspolicy@usenix.org.

HISTORY This workshop evolved from Usable Security (USEC'07). The USEC'07 program and papers are available on the workshop Web site:

http://www.usablesecurity.org/