Registration

To register for the workshop, go to the main CCS conference site. Early bird registration is until 7 October 2007.

Posters/Lightning Round

Due to scheduling limitations, we will not be having a lightning round/work in progess session

Panel on Distributed Authentication

Details to follow.

Invited Paper

• Some Thoughts on Security After Ten Years of qmail 1.0, Daniel J. Bernstein

Accepted Papers

• Yet Another MicroArchitectural Attack: Exploiting I-cache, Onur Aciicmez.
• A flexible security architecture to support third-party applications on mobile devices Dries Vanoverberghe, Pieter Philippaerts, Lieven Desmet, Wouter Joosen, Frank Piessens, Katsiaryna Naliuka and Fabio Massacci
• Protecting Users From "Themselves", William Enck, Sandra Rueda, Yogesh Sreenivasan, Joshua Schiffman, Luke St. Clair, Trent Jaeger and Patrick McDaniel.
• Analysis of Three Multilevel Security Architectures Tim Levin, Cynthia Irvine, Clark Weissman and Thuy Nguyen.
• Implementing Middleware for Content Filtering and Information Flow Control Jeffrey Choi Robinson, W. Scott Harrison, Nadine Hanebutte, Paul Oman and Jim Alves-Foss.
• Improving Multi-Tier Security Using Redundant Authentication, Jodie Boyer, Ragib Hasan, Lars E. Olson, Nikita Borisov, Carl A. Gunter and David Raila.
• A Data Outsourcing Architecture Combining Cryptography and Access Control Sabrina De Capitani di Vimercati, Sara Foresti, Sushil Jajodia, Stefano Paraboschi and Pierangela Samarati.
• A Cryptographic Access Control Architecture Secure Against Privileged Attackers Christian Payne.
• Non-Volatile Memory and Disks: Avenues for Policy Architectures Kevin Butler, Stephen McLaughlin and Patrick McDaniel.

Call for papers (now closed)

The Computer Security Architecture Workshop (CSAW)--pronounced see-saw--solicits papers on security architectures, their interfaces, implementations, and implications.

Architectures, whether system or application, are composed of abstractions (interfaces) and their implementations. Security Architectures are architectures which enable implementations that are resilient to an appropriate and broad-based spectrum of threats. An evaluation of a Security Architecture requires understanding these threats; the tradeoffs between different system goals, including between security and non-security goals; the long-term appropriateness of its interfaces; and the implementations it allows. The best interfaces are those that capture the most important issues, enable different implementations, and are flexible enough to adapt (or be adapted) to different threats.

Two well-known issues are particularly important: First, complexity is a source of security holes. Second, security is a matter of the weakest link. Because of the need to balance off complexity versus protections, these tradeoffs are often controversial. Other tradeoffs include performance, usability, and flexibility. This workshop focuses on understanding the new ideas that will compose the next generation of Security Architectures.

The design and evaluation of Security Architectures is of fundamental importance to security. And yet, many of our fundamental architectures were created when security was less appreciated and less well understood. Since it is notoriously difficult to add security after the fact, our systems are far too susceptible to attack. Moreover, architectures, because they are broad based, are difficult to understand and this is a specialized workshop in which Security Architecture experts will gather. As far as we know, this workshop is unique in its focus on Security Architectures.

The workshop topics include, but are not limited to:

Authorization	Specialized applications (e.g., electronic voting systems)
Authentication	Hardware-Software co-design for security
Network Security	Analysis of Architectures
Distributed Systems	System Composability (properties, pitfalls, analysis and reasoning)
Operating Systems	Assurance Techniques
Privacy	Case Studies
Applications and Security Frameworks	Usability Issues

Paper Submission

Submitted papers must not substantially overlap papers that have been published or that are simultaneously submitted to a journal or a conference with proceedings. Submissions should be at most 6 pages in doublecolumn ACM format, excluding the bibliography and well-marked appendices. Please include page numbers on all submissions to make it easier for reviewers to provide helpful comments. Committee members are not required to read appendices, so the paper should be intelligible without them. Final proceedings versions will be 10 pages in double-column ACM format; although authors will have the option of buying a limited number of additional pages. Submissions are not anonymized. Submissions are to be made to the submission web site, to be announced. Only pdf or postscript files will be accepted. Submissions not meeting these guidelines risk rejection without consideration of their merits. Papers must be received by the deadline of June 20, 2007. Authors of accepted papers must guarantee that their papers will be presented at the workshop. Accepted papers will be published by the ACM in a workshop proceedings.

To submit a paper now click here.

Fraudulent submission policy Simultaneous submission of the same work to multiple venues, submission of previously published work, and plagiarism constitute dishonesty or fraud. CCS, like other scientific and technical conferences and journals, prohibits these practices and may, on the recommendation of a program chair, take action against authors who have committed them. In some cases, program committees may share information about submitted papers with other conference chairs and journal editors to ensure the integrity of papers under consideration. Violation of these principles is a serious matter and will be treated as such.

Important dates

General Chair

Vijay Atluri, Rutgers University

Organizers

Daniel J. Bernstein, UIC
Trent Jaeger, Penn State
Angelos Keromytis, Columbia
Ravi Sandhu, George-Mason/Univ. of Texas, San Antonio
Jon A. Solworth, UIC

Program Co-Chairs

Ravi Sandhu, George-Mason/Univ. of Texas, San Antonio
Jon A. Solworth, UIC

Program committee

Scott Alexander, Telcordia
Steven M. Bellovin, Columbia
Daniel J. Bernstein, UIC
Tal Garfinkel, Stanford
Jonathon Giffin, Georgia Tech
Trent Jaeger, Penn State
Angelos Keromytis, Columbia
Sam King, UIUC
Karl N. Levitt, NSF
Peter G. Neumann, SRI
Reiner Sailer, IBM Research
Umesh Shankar, Google
Sean Smith, Dartmouth
Nicholas Weaver, ICSI, Berkeley