CRAWDAD

SECOVAL 2007

http://www.trustcomp.org/secoval/

Date of event: September 17, 2007 until September 21, 2007
Submission deadline: June 3, 2007
Registration deadline: February 11, 2007

CALL FOR PAPERS

— SECOVAL 2007 — The Value of Security through Collaboration

The 3RD Annual Workshop on the Value of Security through Collaboration in cooperation with IEEE/CREATE-NET SECURECOMM '07

Aims and scope of SECOVAL:

Security is usually centrally managed, for example in the form of policies duly executed by individual nodes. The SECOVAL workshop covers the alternative trend of using collaboration and trust to provide security. Instead of centrally managed security policies, nodes may use specific knowledge (both local and acquired from other nodes) to make security-related decisions. For example, in reputation-based schemes, the reputation of a given node (and hence its security access rights) can be determined based on the recommendations of peer nodes. As systems are being deployed on ever-greater scale without direct connection to their distant home base, the need for self-management is rapidly increasing. Interaction after interaction, as the nodes collaborate, there is the emergence of a digital ecosystem. By guiding the local decisions of the nodes, for example, with whom the nodes collaborate, global properties of the ecosystem where the nodes operate may be guaranteed. Thus, the security property of the ecosystem may be driven by self-organizing mechanisms. Depending on which local collaboration is preferred, a more trustworthy ecosystem may emerge.

This year SECOVAL is focusing upon a special research subtopic within the scope of collaborative security, namely, Privacy and Data Sanitization. Any useful collaboration is at some point sharing data. Unfortunately, data sharing is one of the greatest hurdles getting in the way of otherwise beneficial collaborations. Data regarding one’s security stance is particularly sensitive, often indicating ones own security weaknesses. This data could include computer or network logs of security incidents, architecture documents, or sensitive organizational information. Even when the data may not compromise the data owner’s security stance, sharing may violate a customer’s privacy. Data sanitization techniques such as anonymization and other mechanisms such as privacy-preserving data mining and statistical data mining try to address this tension between the need to share information and protect sensitive information and user privacy.

While papers will be considered that address any of the topics of security through collaboration from previous years (e.g., benefits from collaboration, methods of creating or measuring trust, self-organizing coalitions and risk analysis), the focus of the workshop will be around privacy and data sanitization. This topic is further divided into three main areas, each answering the related research questions. Contributions addressing at least one of these areas are more likely to be accepted.

1. What are the fundamental issues that need to be addressed in the areas of data sanitization and anonymization? What problems must be solved to make current tools more effective and sharing more wide-spread? One thing fundamentally missing from this area are metrics to help evaluate the trade-off between information loss and security/privacy. Metrics are needed to measure information loss, and they are needed to measure the utility of the computer log or data source after anonymization. A classification of the types of attacks on anonymization schemes and a formal adversarial model is lacking. Such a threat model would help to develop metrics of the security provided by an anonymization scheme. Are there other basic anonymization algorithms needed for special types of data? One of the last new algorithms developed was prefix-preserving anonymization for IP addresses. Sometimes anonymization needs to be reversed once a problem has been found. How can this be done and when is it practical? Finally, data injection attacks (e.g., an adversary can inject events into a system knowing they will appear in a later public release of anonymized data) are particularly to difficult to protect against. What methods can be used to mitigate such attacks on anonymization systems.

2. What are the practical problems that have yet to be addressed by current anonymization systems? What new tools and frameworks exist for the task? What are the economic implications of data sanitization and preserving privacy? What are the legal issues involved in protecting privacy, and how do they differ by geo-political areas? How can anonymization utilities be made more usable by a wider audience, and who are the potential consumers? Interesting case studies of implementations of anonymization and privacy enhancing technologies will be considered. Of particular interest are case studies by industry of how they have addressed these hurdles to data sharing. How can effective policies be created and negotiated? Do we need a common anonymization policy language, and what would we need in such a language? How can we identify sensitive information especially in the context of multiple data sources? What are some best practice guidelines that one can follow before releasing or sharing sensitive data? Finally special issues surrounding real-time anonymization and anonymity in Peer-to-Peer systems is of interest.

3. What privacy and data sanitization issues are specific to data bases and data mining? This would include traditional topics on privacy-preserving data mining and statistical databases. It would also include topics on inference attacks and data aggregation. Much of the research in this area has focused on privacy preserving transformations that would minimally alter traditional data mining functions (e.g., link analysis and clustering). Submissions focusing on less traditional data mining functions are especially encouraged.
Another problem with anonymization is data mining across sets anonymized by different parties in different ways. New methods should be created for collaborative anonymization that makes mappings consistent between contributing parties but irreversible to all.

Topics of interest to the workshop include, but are not limited to:

• Legal aspects of privacy and anonymization
• Economic issues of privacy enhancing tech
• Data sanitizing and privacy enhancing tools
• Data sharing and anonymization case studies
• Real-time anonymization issues
• Anonymization policy creation & negotiation
• Data sharing & sanitizing best practices
• Anonymity in Peer-to-Peer networks
• Classification of attacks against anonymization
• Metrics of utility, anonymization strength and information loss
• Anonymization / privacy-preserving algorithms
• Data injection and inference attacks
• Identification of sensitive fields and data
• Privacy-preserving Data Mining
• Statistical databases and protection of sensitive information
• Data mining multiple anonymized data sources
• Consistent pseudonym mappings in multi-party anonymization
• Identification of data sources and types useful to share for collaborative computer security
• Insights from industry and case studies
• Usability issues of current anonymization tools
We welcome submissions from industry and are contemplating a special industry track. Whether we dedicate an entire track to this depends upon responses in this area, of course.

Submission Details:

Submission guidelines are posted on the SECOVAL 2007 website (http://www.trustcomp.org/secoval/), which always contains the latest updates:

Authors are invited to submit papers formatted according to IEEE conference style 2-column (from a 2-page extended abstract to 10 pages limit). Paper submissions should be sent via the online management system available
at http://www.trustcomp.org/secoval/. Submissions will be accepted until 23:59 GMT, May 18, 2007.

Important Dates:

May 31, 2007: Expression of interest to participate to the workshop and submit a paper.
June 3, 2007: Paper submissions (until 23:59 GMT).
June 24, 2007: Author notification.
July 22, 2007: Camera-ready copy according to IEEE conference style 2-column proceedings.
Sep. 17 – Sep. 21, 2007: SECURECOMM in Nice, France
End of 2007: Preparation of the Journal special issue.

Workshop Co-chairs:

Adam Slagell NCSA, University of Illinois at Urbana-Champaign, USA
Kiran Lakkaraju NCSA, University of Illinois at Urbana-Champaign, USA
J.M. Seigneur University of Geneva, Switzerland
Stephen Marsh National Research Council of Canada

Program Committee:

Adam Slagell NCSA, University of Illinois at Urbana-Champaign, USA
Ayman Kayssi University of Beirut, Lebanon
Bill Yurcik Army Research Lab at Aberdeen Proving Grounds, USA
Daniele Quercia University College London, UK
Dieter Sommer IBM Research, Switzerland.
Giannis F. Marias University of Athens, Greece
Himanshu Khurana NCSA, University of Illinois at Urbana-Champaign, USA
Jim Basney NCSA, University of Illinois at Urbana-Champaign, USA
J.M. Seigneur University of Geneva, Switzerland
Joerg Abendroth Nokia Siemens Networks, Germany
Kiran Lakkaraju NCSA, University of Illinois at Urbana-Champaign, USA
Konrad Wrona SAP Research, France
Lalana Kagal Massachusetts Institute of Technology, USA
Licia Capra University College London, UK
Michael Kinateder SAP, Germany
Nikita Borisov University of Illinois at Urbana-Champaign, USA
Noria Foukia University of Otago, New Zealand
Pierpaolo Dondio Trinity College Dublin, Ireland.
Piotr Cofta British Telecom, UK.
Richard Anthony University of Greenwich, UK
Ron Dodge United States Military Academy, USA
Simson Garfinkel Naval Post Graduate School, USA
Sini Ruohomaa University of Helsinki, Finland
Stephen Marsh National Research Council of Canada
Victor S. Grishchenko Ural State University, Russia
Zoran Despotovic DoCoMo Communications Laboratories Europe, Germany

For more information please visit: http://www.trustcomp.org/secoval/ or send an email to secoval@trustcomp.org.