6th Workshop on Recent Advances in
Intrusion Tolerance and reSilience
WRAITS 2012
In conjunction with The 42nd IEEE/IFIP International
Conference on Dependable Systems and Networks - DSN 2012
June 25, 2012
http://www.csr.city.ac.uk/people/ilir.gashi/WRAITS2012/
PRELIMINARY PROGRAM
8:30-10:00 - Session 1: Security of service-oriented systems
-
Introduction to the workshop
Ilir Gashi and Pat Kreidl
CSR, City University London, UK and University of
North Florida, FL, USA
-
Avoiding Common Security Flaws in Composed Service-Oriented Systems
Michael Atighetchi, Partha Pal, Joseph Loyall and Asher Sinclair
Raytheon BBN Technologies, Cambridge, MA, USA and US Air Force Research Laboratory, Rome, NY, USA
-
Improving Resilience of SOA Services along Space-Time Dimensions
Quyen L. Nguyen and Arun Sood
International Cyber Center and Department of Computer Science, George Mason University, VA, USA
10:30-12:00 - Session 2: Invited talk
-
People-Oriented Cyber Security
Greg Frazier
Apogee Research, LLC, USA
Abstract: With the introduction of DEP and ASLR, the degree of difficulty in finding network-accessible zero-day attacks has increased dramatically. Linux versions 2.6 and higher are significantly more robust to attack than was 2.4, and Windows 7 is comparably more robust than was XP. That said, we continue to see computer systems being widely compromised. The reasons for this are many, but this talk will focus on the user as the critical vulnerability and the complexity and opacity of computer systems as contributing factors. I will discuss economic drivers for security (and lack thereof), point out some foibles in current enterprise, Internet and handheld device architectures, and present some problems that should be amenable to analysis. Finally, I will propose some research directions which facilitate including the human as a critical element of the system architecture.
Bio: Dr. Frazier is the CSO of Apogee Research, LLC, a small company providing cyber research to Department of Defense and intelligence community customers. He recently left BAE Systems (before acquisition, ALPHATECH), where he was a Research Fellow and Chief Scientist for cyber-oriented research. He is or has been Principal Investigator on research projects covering a variety of computer security topics, including routing protocols that encourage trustworthy network behavior; automated specification elicitation for Trojan horse detection in Android apps; automated reverse engineering techniques; game-theoretic analysis of cyber conflict; and anomaly-based intrusion detection systems. In 2009, Dr. Frazier served on the Avionics, Software, and Cybersecurity Subcommittee of the NASA Advisory Council to the Information Technology Infrastructure Committee, advising on the susceptibility and available countermeasures to cyber attack against both space-based and ground-based systems. He received his SB in Computer Science and Engineering from MIT in 1986 and his PhD in Computer Science from UCLA in 1995.
13:30-15:00 - Session 3: Security
Assessment
-
A Model for Security Analysis of Smart Meters
Farid Molazem Tabrizi and Karthik Pattabiraman
ECE Department University of British Columbia, Vancouver, Canada
-
On Limitations of Using Cloud Storage for Data Replication
Christian Cachin, Birgit Junker and Alessandro Sorniotti
IBM Research - Zurich, Switzerland and Open Systems AG, Zurich, Switzerland
-
Towards Incorporating Human Intelligence into Online Security Solutions
Saman Zonouz, Robin Berthier and Negin Arhami
University of Miami, FL, USA and University of Illinois, IL, USA
15:30-17:00 - Session 4: Keynote talk
-
Title to be confirmed
Engin Kirda
Northeastern University, Boston, MA, USA
OVERVIEW
The 6th edition of the Workshop on Recent Advances on Intrusion Tolerance and reSilince aims to continue the collaborative discourse on the challenges of building intrusion-tolerant systems alongside innovative ideas to address them. As a technical area, Intrusion Tolerance (IT) lies at the intersection of Fault Tolerance and Computer Security. As a practical discipline, it brings in additional topics ranging from software engineering, adaptive system development to reasoning, coordination and control of distributed resources and mechanisms, as well as validation and evaluation of security and survivability claims. Other descriptions used for similar themed research include resilience, survivability, trustworthy systems, byzantine fault tolerance, and autonomic self-healing systems.
Intrusion Tolerance (IT) starts with the premise that
software-based components will always contain bugs and
misconfigurations that can be discovered, exposed and enabled by the
increasingly new ways in which distributed and networked computer
systems are being created today. IT acknowledges that it is impossible
to detect and prevent all intrusions and attacks. Intrusion tolerant
systems therefore must have the means to continue to operate correctly
despite attacks and intrusions, still denying the resident
attacker/intruder the success they seek. For instance, an intrusion
tolerant system under an attack intended to compromise system
resources may actively transition non-essential services to a degraded
mode in order to sustain critical services and trigger alternative
recovery mechanisms. The workshop aims to provide a forum for
researchers and practitioners to present designs, algorithms and
architectures for intrusion tolerance, to discuss new security
mechanisms or novel use of existing mechanisms, and to identify open
problems or domain-specific considerations in need of further
research.
Information about previous editions of WRAITS can be found on the main WRAITS
site.
CALL FOR PAPERS Authors are invited to submit papers to the workshop, which
will be held in conjunction with the 42nd IEEE/IFIP International
Conference on Dependable Systems and Networks (DSN), June 25-28,
2012. Papers can present ongoing work and/or speculative/futuristic
ideas. Experimental results or other forms of validation are
especially encouraged. The workshop papers will be published in a
supplementary volume of the conference proceedings. Topics of interest
related to advances in intrusion-tolerant systems include, but are not
limited to: * Assurance and survivability benefits of hardware and software
virtualization * Assessment and evaluation of intrusion-tolerant systems * Automatic recovery and response techniques * Biologically inspired defenses * Byzantine fault tolerance * Diversity (software/hardware) and coincident failures * Defending against botnet herds; * Effective evaluation of IT systems including red teaming * Intrusion tolerance in cyber-physical systems and critical
infrastructures * Intrusion-tolerant web-scale systems * Real world case studies * Security and Resilience of Service Oriented Systems * Security and resilience issues of large social computing systems (e.g., gmail and Facebook); * Security and resilience of large interconnected and critical infrastructure systems (e.g., energy grids, telecoms) * Survivability and information assurance in the Cloud * Theoretical limits/boundaries of intrusion tolerance * Threat of botnet herds and surviving them More information about the workshop can be obtained by
emailing to i_DOT_gashi_AT_city_DOT_ac_DOT_uk SUBMISSION INSTRUCTIONS The workshop will accept
two formats of papers: regular papers (maximum 6 pages) and position
papers (maximum 2 pages). Position papers allow researchers to present more
speculative/futuristic ideas to stimulate discussion and further work. Papers
have to adhere to the IEEE Computer Society camera-ready 8.5''x11'' two-column
camera-ready format, like regular DSN papers: Each paper
should be submitted as a single PDF file through the EasyChair submission website for WRAITS'12: At least one author of an accepted
paper must register at the conference and present the paper at the
workshop. IMPORTANT DATES Submission deadline: Author notification: Final version: May 1, 2012
WORKSHOP ORGANIZERS Ilir Gashi, CSR, City University London, UK PROGRAM COMMITTEE Robin Berthier, University of Illinois at Urbana-Champaign, USA Michel Cukier, University of Maryland, USA Ilir Gashi, City University of London, UK Ruediger Kapitza, Technische Universitat Braunschweig, Germany Patrick Kreidl, University of North Florida, USA Nuno Neves, University of
Lisboa, Portugal Partha Pal, BBN Technologies,
USA Marco Serafini, Yahoo! Research,
Spain Arun Sood, George Mason University, USA Olivier Thonnard, Symantec Research, France Paulo Verissimo, University
of Lisboa, Portugal Yu-Sung Wu, National Chiao Tung University, Taiwan Saman Zonouz, University of Miami, USA March 16, 2012 March 23, 2012 April 13, 2012 April
20, 2012
O. Patrick Kreidl, University of North Florida, USA