Date: Thursday, May 23, 2013
Website: http://www.caida.org/workshops/creds

Workshop objectives and goals:
Commercial and public computer security researchers and policymakers are tackling novel ethical challenges that exert a strong influence for online trust dynamics. These challenges are not exceptional, but increasingly the norm: (i) to understand and develop effective defenses to significant Internet threats, researchers infiltrate malicious botnets; (ii) to understand Internet fraud (phishing) studies require that users are unaware they are being observed in order to ascertain typical behaviors; and (iii) to perform experiments measuring Internet usage and network characteristics that require access to sensitive network traffic. These research activities are prerequisite for evidence-based policymaking that impacts us individually and collectively, such as infrastructure security, network neutrality, free market competition, spectrum application and broadband deployment, and intellectual property rights. Therefore, in the wake of failures to resolve these mounting tensions, ethics has re-emerged as a crucial ordering force. For this reason, ethics underpins the debate among CS researchers, oversight entities, industrial organizations, the government and end users about what research activity is or is not acceptable.

This workshop is anchored around the theme of "ethics-by-design," and aims to:
1) Educate participants about underlying ethics principles and applications;
2) Discuss ethical frameworks and how they are applied across the various stakeholders and respective communities who are involved;
3) Impart recommendations about how ethical frameworks can be used to inform policymakers in evaluating the ethical underpinning of critical policy decisions;
4) Explore cybersecurity research ethics techniques, tools, standards and practices so researchers can apply ethical principles within their research methodologies; and
5) Discuss specific case vignettes and explore the ethical implications of common research acts and omissions.

Date: Thursday, May 23, 2013
Website: http://dig.csail.mit.edu/2012/IEEESP-DUMA13/

Workshop objectives and goals:
Data usage control generalizes access control to what happens to data in the future and after it has been given away (accessed). Spanning the domains of privacy, the protection of intellectual property and compliance, typical current requirements include "delete after thirty days," "don't delete within five years," "notify whenever data is given away," and "don't print." However, in the near future more general requirements may include "do not use for employment purposes," "do not use for tracking," as well as "do not use to harm me in any way." Major challenges in this field include policies, the relationship between end user actions and technical events, tracking data across layers of abstraction and logical as well as physical systems, policy enforcement, protection of the enforcement mechanisms and guarantees.

Following three successful events - the Dagstuhl Seminar on Distributed Usage Control, the W3C Privacy and Data Usage Control Workshop, and the WWW 2012 Workshop on Data Usage Management on the Web - the goal of the 4th International Workshop on Data Usage Management is to discuss current technical developments in usage control and, in particular, foster collaboration in the area of usage representation (policies is one mechanism), provenance tracking, misuse identification, and distributed usage enforcement. Though enabling privacy through careful and controlled dissemination of sensitive information is an obvious fallout of usage control, this workshop is interested in understanding data usage control as a whole. The workshop is also interested in discussing domain-specific solutions (which typically exist in semi-controlled environments) and their generalization to more open environments such as the Web.

Date: Thursday, May 23, 2013
Website: http://mostconf.org/2013/

Workshop objectives and goals:
Mobile Security Technologies (MoST) brings together researchers, practitioners, policy makers, and hardware and software developers of mobile systems to explore the latest understanding and advances in the security and privacy for mobile devices, applications, and systems. We are seeking both short position papers (2-4 pages) and longer papers (a maximum of 10 pages).

The scope of MoST 2012 includes, but is not limited to, security and privacy specifically for mobile devices and services related to: Device hardware, Operating systems, Middleware, Mobile web, Secure and efficient communication, Secure application development tools and practices, Privacy, Vulnerabilities and remediation techniques, Usable security, Identity and access control, Risks in putting trust in the device vs. in the network/cloud,  Special applications, such as medical monitoring and records, Mobile advertisement, Economical impact of security and privacy technologies

Date: Friday, May 24, 2013
Website: http://stegano.net/IWCC2013/

Workshop objectives and goals:
Today's world's societies are becoming more and more dependent on open networks such as the Internet - where commercial activities, business transactions and government services are realized. This has led to the fast development of new cyber threats and numerous information security issues which are exploited by cyber criminals. The inability to provide trusted secure services in contemporary computer network technologies has a tremendous socio-economic impact on global enterprises as well as individuals. Moreover, the frequently occurring international frauds impose the necessity to conduct the investigation of facts spanning across multiple international borders. Such examination is often subject to different jurisdictions and legal systems. A good illustration of the above being the Internet, which has made it easier to perpetrate traditional crimes. It has acted as an alternate avenue for the criminals to conduct their activities, and launch attacks with relative anonymity. The increased complexity of the communications and the networking infrastructure is making investigation of the crimes difficult. Traces of illegal digital activities are often buried in large volumes of data, which are hard to inspect with the aim of detecting offences and collecting evidence. Nowadays, the digital crime scene functions like any other network, with dedicated administrators functioning as the first responders. This poses new challenges for law enforcement policies and forces the computer societies to utilize digital forensics to combat the increasing number of cybercrimes. Forensic professionals must be fully prepared in order to be able to provide court admissible evidence. To make these goals achievable, forensic techniques should keep pace with new technologies.

The aim of this workshop is to bring together the research accomplishments provided by the researchers from academia and the industry. The other goal is to show the latest research results in the field of digital forensics and to present the development of tools and techniques which assist the investigation process of potentially illegal cyber activity. We encourage prospective authors to submit related distinguished research papers on the subject of both: theoretical approaches and practical case reviews. The workshop will be accessible to both non-experts interested in learning about this area and experts interesting in hearing about new research and approaches.

Date: Friday, May 24, 2013
Website: http://www.sei.cmu.edu/community/writ2013/

Workshop objectives and goals:
The threat of malicious insiders to organizational security has historically been one of the most difficult challenges to address. Insiders often attack using authorized access and with behavior very difficult to distinguish from normal activities. Modern insiders are further enabled by immense data storage capabilities, advanced searching algorithms, and the difficulty of comprehensive monitoring of networked systems. Furthermore, several recent high-profile attacks have been enabled by non-malicious, or unintentional, insiders fooled by exploits from external attackers. Technical solutions to this problem are emerging, but studies show little significant progress has been made in reducing the numbers or impacts of insider attacks. There are two main reasons for the relative lack of success in identifying insider threats: 1) The problem is not well understood. In addition to the complex challenges surrounding collection, correlation, and detection of technical indicators, researchers must also understand underlying human motivations and behaviors. This is not a traditional area of study for IT security researchers; configuring technical solutions to monitor for human deception is challenging. 2) Data on insider attacks is difficult to obtain. Ground truth data: Organizations suffering insider attacks are often reluctant to share data about those attacks publicly. Studies show over 70% of attacks are not reported externally, including many of the most common, low-level attacks. This leads to uncertainty that available data accurately represents the true nature of the problem. Baseline data: The rate of insider attacks is relatively unknown; furthermore, the behaviors of non-malicious users are also not available in large data sets. The insider threat problem has been receiving increased attention. Recently, three workshops were held, sponsored by the Institute for Information Infrastructure Protection (I3P), the National Security Agency's Centers of Academic Excellence (CAE) program, and the CERT Insider Threat Center. However, these were not widely accessible by the general community. Additionally, DARPA has two programs (CINDER and ADAMS) aimed at Insider Threat challenges, so there is an active and growing research community in this area. Finally, Executive Order 13587 requires all US Government agencies handling classified information to implement insider threat programs to protect sensitive information, leading to a greatly increased interest among US Government agencies in advances in detection of insider threats.

The proposed workshop will highlight challenges specific to the insider threat problem from multiple viewpoints, such as information technology, behavioral sciences, or criminology, and will review existing promising approaches and experimentation possibilities for evaluation of solution approaches. The workshop will therefore be accessible to both non-experts interested in learning about this area and experts interesting in hearing about approaches being taken by others. A moderated panel discussion will review and comment on the workshop presentations to provide a capstone activity.

Date: Friday, May 24, 2013
Website: http://www.w2spconf.com/2013/

Workshop objectives and goals:
W2SP brings together researchers, practitioners, web programmers, policy makers, and others interested in the latest understanding and advances in the security and privacy of the web, browsers and their eco-system. We have had five years of successful W2SP workshops. This year, we will additionally invite selected papers to a special issue of the journal. W2SP is held in conjunction with the IEEE Symposium on Security and privacy, which will take place from May 20-23, 2012, at the Westin St. Francis Hotel in San Francisco. W2SP will continue to be open-access: all papers will be made available on the workshop website, and authors will not need to forfeit their copyright. We are seeking both short position papers (2-4 pages) and longer papers (a maximum of 10 pages). Papers must be formatted for US letter (not A4) size paper with margins of at least 3/4 inch on all sides. The text must be formatted in a two-column layout, with columns no more than 9 in. high and 3.375 in. wide. The text must be in Times font, 10-point or larger, with 12-point or larger line spacing. Authors are encouraged to use the IEEE conference proceedings templates.

The scope of W2SP 2012 includes, but is not limited to: Trustworthy cloud-based services, Privacy and reputation in social networks, Security and privacy as a service, Usable security and privacy, Security for the mobile web, Identity management and psuedonymity, Web services/feeds/mashups, Provenance and governance, Security and privacy policies for composible content, Next-generation browser technology, Secure extensions and plug-ins, Advertisement and affiliate fraud, Measurement study for understanding web security and privacy