___________________________________________________________ [Apologies for multiple copies] CALL FOR PARTICIPATION QoP 2006 2nd Workshop on Quality of Protection Security Measurements and Metrics URL: http://dit.unitn.it/~qop/ To be held in conjunction with CCS-2006 (13th ACM Conference on Computer and Communication Security) October 30, 2006 Alexandria, VA USA _____________________________________________________________ GENERAL DESCRIPTION This year’s QoP’06 (Quality of Protection Workshop – Security Measurements and Metrics) workshop continues a roadmap towards the establishment of scientific and technical methods for the quantitative evaluation of a variety of security services, solutions and patterns. The objective is to provide for Security Engineering the same set of tools and techniques that are available in empirical Software Engineering, Communication Engineering and other sister disciplines and that mark the shift from arts to engineering. The workshop called for original research results and industrial experience reports on leading edge issues in security measurements and metrics, including models, systems, applications, and theory. QoP’06 gives to academia and industry a unique opportunity to share their perspectives with others interested in the various aspects of security measurements and metrics. ______________________________________________________________ The preliminary Advance Program is below. ADVANCE PROGRAM Opening ------- Fabio Massacci (chair) Guenter Karjoth (chair) INVITED TALK: ------------- - Quality of Protection: Measuring the Unmeasurable? John McHugh SESSION 1: Software security metrics ------------------------------------ - Measuring the Attack Surfaces of Two FTP Daemons Pratyusa K. Manadhata, Jeannette M. Wing, Mark A. Flynn and Miles A. McQueen - Using model-based security assessment in component-oriented system development. A case-based evaluation Gyrd Braendeland and Ketil Stolen - Contracting over the Quality aspect of Security in Software Product Markets Jari Raman - Towards a measuring framework for security properties of software (Short) Riccardo Scandariato, Bart De Win and Wouter Joosen SESSION 2: Network security metrics ----------------------------------- - Measuring Denial of Service Jelena Mirkovic, Peter Reiher, Sonia Fahmy, Roshan Thomas, Alefiya Hussain, Stephen Schwab and Calvin Ko - A Weakest-Adversary Security Metric for Network Configuration Security Analysis Joseph Pamula, Paul Ammann, Sushil Jajodia and Vipin Swarup - Framework for Malware Resistance Metrics Hanno Langweg - Modelling the Relative Strength of Security Protocols (short) Ho Chung and Clifford Neuman - Vulnerability Analysis For Evaluating Quality of Protection of Security Policies (short) Muhammad Abedin, Syeda Nessa, Ehab Al-Shaer and Latifur Khan PANEL SESSION: -------------- Is risk analysis a good system security metric? O. Sami Saydjari (moderator) Virgil D. Gligor Deb Bodeau Alessandro Acquisti Roy Maxion _______________________________________________________________ PC CHAIRS: Fabio Massacci - Univ. di Trento (IT) Guenter Karjoth - IBM Research (CH) PROGRAM COMMITTEE: Alessandro Acquisti - Carnegie Mellon University (USA) Guenter Bitz - SAP (DE) Yves Deswarte - LAAS-CNRS (FR) Dieter Gollmann - TU Hamburg-Harburg (DE) Virgil D. Gligor - University of Maryland (USA) Judith N. Froscher - Naval Research Laboratory (USA) Erland Jonsson - Chalmers University of Technology (SW) Svein Johan Knapskog - The Norwegian University of Science and Technology (NOR) Helmut Kurth - ATSEC (DE) Bev Littlewood - City University, London (UK) Volkmar Lotz - SAP (DE) Roy Maxion - Carnegie Mellon University (USA) David M. Nicol - University of Illinois (USA) Mario Piattini - University of Castilla-La Mancha (SP) Anand R. Prasad - DoCoMo Communications Laboratories Europe (DE) Tomas Sander - HP Labs (USA) Shrivastava Santosh - University of Newcastle upon Tyne (UK) Ketil Stolen - SINTEF (NO) & Univ. of Oslo (NO) Vipin Swarup - The MITRE Corporation (USA) Nicola Zannone - University of Trento (IT) Marvin Zelkowitz - University of Maryland (USA) ___________________________________________________ REGISTRATION Online registration is available on the CCS-2006 web page (online registration for QoP Workshop will be added soon): http://www.acm.org/sigs/sigsac/ccs/CCS2006/