-------- Original-Nachricht -------- Betreff: [isworld] Workshop on Information Security and Privacy in a De-Perimeterised World (DISP09) Datum: Thu, 2 Apr 2009 02:49:07 -0500 Von: Andre a.vancleeff@ewi.utwente.nl Antwort an: Andre a.vancleeff@ewi.utwente.nl An: AISWORLD Information Systems World Network isworld@lyris.isworld.org

------- Apologies for multiple copies ------- --------- Please distribute further ---------

CALL FOR PAPERS

Workshop on Information Security and Privacy in a De-Perimeterised World (DISP09) (www.disp09.info)

Associated with the 2009 IEEE International Conference on Information Privacy, Security, Risk and Trust (PASSAT-09) (http://cse.stfx.ca/~passat09/)

Vancouver, Canada, August 29, 2009

De-perimeterisation is the process in which the boundary around the trusted environment inside organisations is disappearing due to joint ventures and the use of distributed resources. Examples of such developments include outsourcing, cloud computing, mobile workforce and the effects of insider abuse. Instead of well-defined organisational and system boundaries, in a de-perimeterised world organisations have to protect their information in a situation of increased connectivity and dependency. Similar developments take place with respect to information about individuals, which is stored in social networking sites, personal health records, etc. rather than in a clearly located system. Organisations as well as individuals thus need to protect their information without relying on security boundaries, which challenges various aspects of information security and privacy. In the field of security modelling and threat analysis, models will have to include the mobility of data, people and systems typical of de-perimeterised settings. In the field of security mechanisms, protection mechanisms have to be developed that must function in a potentially hostile environment. And in the field of security requirements engineering and policy specification, methods have to be developed that do not assume well-defined boundaries between systems and organisations.

The perspectives of requirements engineering, modelling and mechanisms are interrelated. What is possible in modelling depends on the mechanisms available for security, and the way security is modelled also influences the degrees of freedom one has in the requirements engineering process. These connections lead to the following major research goals: - techniques for including the increased uncertainties due to de-perimeterisation in both security models and security requirements engineering; - integrated combinations of de-perimeterised security policies that can be described in security models and de-perimeterised security mechanisms that can be implemented in practice; - directions for research in security primitives based on new security requirements induced by de-perimeterisation.

In this workshop, we bring together researchers from the mechanisms, modelling and requirement engineering communities to study the security and privacy problems induced by the process of de-perimeterisation, and to discuss integrated solutions that transcend these disciplines.

Topics of interest include, but are not limited to: - access control - applied crypto and protocols for de-perimeterised security and privacy - auditing de-perimeterised systems - centralised vs. decentralised security architectures - data-centric security and data classification - de-perimeterised trust management - economic, social and legal aspects of de-perimeterisation - identity-centric security and identity management - incident identification and management - interaction between the physical, digital and social security domains - risk analysis and risk management of de-perimeterised systems - security and privacy in cloud computing - security and privacy in outsourcing - security and privacy in virtual worlds - security and privacy in Web 2.0 - security modelling and threat analysis for de-perimeterised systems - security requirements engineering for de-perimeterised systems

We especially encourage the submission of papers that connect two or more of these topics. Papers should be PDF, 8 pages maximum, in IEEE conference proceedings style, without author identification, and should be submitted through the EasyChair website by May 15. Submission implies that, should the paper be accepted, at least one author will attend the workshop and present the paper. Papers will be selected based on blind review. Accepted papers will be published by IEEE in the workshop section of the conference proceedings.

IMPORTANT DATES:

Paper submission: May 15, 2009, 23:59 GMT (firm) Notification: June 3, 2009 Final papers & registration: June 15, 2009 Workshop: August 29, 2009

ORGANISING COMMITTEE:

dr. Wolter Pieters Prof.dr. Pieter Hartel (program chair) Prof.dr. Roel Wieringa University of Twente, Netherlands

Prof.dr. Sandro Etalle Eindhoven University of Technology, Netherlands

Prof.dr. Bart Jacobs Radboud University Nijmegen, Netherlands

Prof.dr. Sjouke Mauw University of Luxembourg, Luxembourg

PROGRAM COMMITTEE:

Pieter Hartel, University of Twente, Netherlands (chair) Yudis Asnar, University of Trento, Italy Travis Breaux, North Carolina State University, USA Ruth Breu, University of Innsbruck, Austria Sandro Etalle, Eindhoven University of Technology, Netherlands David Evans, University of Cambridge, UK Paul de Hert, Free University Brussels, Belgium Bart Jacobs, Radboud University Nijmegen, Netherlands Ronald Leenes, University of Tilburg, Netherlands Fabio Massacci, University of Trento, Italy Sjouke Mauw, University of Luxembourg, Luxembourg Bashar Nuseibeh, Open University, UK Wolter Pieters, University of Twente, Netherlands Joachim Posegga, University of Passau, Germany Geraint Price, Royal Holloway University of London, UK Christian W. Probst, Technical University of Denmark, Denmark Simon Rogerson, De Montfort University, UK Eric Verheul, PWC & Radboud University Nijmegen, Netherlands Roel Wieringa, University of Twente, Netherlands Sheng Zhong, State University of New York at Buffalo, USA

The AISWorld LISTSERV is a service of the Association for Information Systems (http://www.aisnet.org). To unsubscribe, redirect, or change subscription options please go to http://lyris.isworld.org/. You are subscribed to AISworld as: neumann@wu-wien.ac.at. Each Sender assumes responsibility that his or her message conforms to the AISWorld LISTSERV policy and conditions of use available at http://lyris.isworld.org/isworldlist.htm.