___________________________________________________________ [Apologies for multiple copies]
CALL FOR PARTICIPATION
QoP 2006
2nd Workshop on Quality of Protection Security Measurements and Metrics
URL: http://dit.unitn.it/%7Eqop/
To be held in conjunction with CCS-2006 (13th ACM Conference on Computer and Communication Security)
October 30, 2006
Alexandria, VA USA _____________________________________________________________
GENERAL DESCRIPTION
This year’s QoP’06 (Quality of Protection Workshop – Security Measurements and Metrics) workshop continues a roadmap towards the establishment of scientific and technical methods for the quantitative evaluation of a variety of security services, solutions and patterns. The objective is to provide for Security Engineering the same set of tools and techniques that are available in empirical Software Engineering, Communication Engineering and other sister disciplines and that mark the shift from arts to engineering.
The workshop called for original research results and industrial experience reports on leading edge issues in security measurements and metrics, including models, systems, applications, and theory. QoP’06 gives to academia and industry a unique opportunity to share their perspectives with others interested in the various aspects of security measurements and metrics. ______________________________________________________________
The preliminary Advance Program is below.
ADVANCE PROGRAM
Opening ------- Fabio Massacci (chair) Guenter Karjoth (chair)
INVITED TALK: -------------
- Quality of Protection: Measuring the Unmeasurable? John McHugh
SESSION 1: Software security metrics ------------------------------------
- Measuring the Attack Surfaces of Two FTP Daemons Pratyusa K. Manadhata, Jeannette M. Wing, Mark A. Flynn and Miles A. McQueen
- Using model-based security assessment in component-oriented system development. A case-based evaluation Gyrd Braendeland and Ketil Stolen
- Contracting over the Quality aspect of Security in Software Product Markets Jari Raman
- Towards a measuring framework for security properties of software (Short) Riccardo Scandariato, Bart De Win and Wouter Joosen
SESSION 2: Network security metrics -----------------------------------
- Measuring Denial of Service Jelena Mirkovic, Peter Reiher, Sonia Fahmy, Roshan Thomas, Alefiya Hussain, Stephen Schwab and Calvin Ko
- A Weakest-Adversary Security Metric for Network Configuration Security Analysis Joseph Pamula, Paul Ammann, Sushil Jajodia and Vipin Swarup
- Framework for Malware Resistance Metrics Hanno Langweg
- Modelling the Relative Strength of Security Protocols (short) Ho Chung and Clifford Neuman
- Vulnerability Analysis For Evaluating Quality of Protection of Security Policies (short) Muhammad Abedin, Syeda Nessa, Ehab Al-Shaer and Latifur Khan
PANEL SESSION: --------------
Is risk analysis a good system security metric? O. Sami Saydjari (moderator) Virgil D. Gligor Deb Bodeau Alessandro Acquisti Roy Maxion
_______________________________________________________________
PC CHAIRS:
Fabio Massacci - Univ. di Trento (IT) Guenter Karjoth - IBM Research (CH)
PROGRAM COMMITTEE:
Alessandro Acquisti - Carnegie Mellon University (USA)
Guenter Bitz - SAP (DE)
Yves Deswarte - LAAS-CNRS (FR)
Dieter Gollmann - TU Hamburg-Harburg (DE)
Virgil D. Gligor - University of Maryland (USA)
Judith N. Froscher - Naval Research Laboratory (USA)
Erland Jonsson - Chalmers University of Technology (SW)
Svein Johan Knapskog - The Norwegian University of Science and Technology (NOR)
Helmut Kurth - ATSEC (DE)
Bev Littlewood - City University, London (UK)
Volkmar Lotz - SAP (DE)
Roy Maxion - Carnegie Mellon University (USA)
David M. Nicol - University of Illinois (USA)
Mario Piattini - University of Castilla-La Mancha (SP)
Anand R. Prasad - DoCoMo Communications Laboratories Europe (DE)
Tomas Sander - HP Labs (USA)
Shrivastava Santosh - University of Newcastle upon Tyne (UK)
Ketil Stolen - SINTEF (NO) & Univ. of Oslo (NO)
Vipin Swarup - The MITRE Corporation (USA)
Nicola Zannone - University of Trento (IT)
Marvin Zelkowitz - University of Maryland (USA)
___________________________________________________
REGISTRATION
Online registration is available on the CCS-2006 web page (online registration for QoP Workshop will be added soon): http://www.acm.org/sigs/sigsac/ccs/CCS2006/