Call For Papers
3nd International Workshop on Quality of
protection (QoP 2007)
Security Measurements and Metrics
Mon. Oct. 29- Alexandria VA, USA
Affiliated with 14th ACM Conference
on Computer and Communications Security (CCS-2007).
Call For Papers in pdf
Call For Papers in text
the last few decades, Information Security has gained numerous
standards, industrial certifications, and risk analysis
methodologies. However, security still lacks the strong,
quantitative, measurement-based assurance that we find in other
fields. For example, Networking researchers have created and
utilize Quality of Service (QoS), Service Level Agreements (SLAs),
and performance evaluation metrics. Empirical Software Engineering
has made similar advances with software metrics: processes to
measure the quality and reliability of software exist and are
appreciated in industry.
Security looks different. Even a fairly
sophisticated standard such as ISO17799 has an intrinsically
qualitative nature. Notions such as Security Metrics, Quality of
Protection (QoP) or Protection Level Agreement (PLA) have surfaced
in the literature, but they still have a qualitative flavor.
Furthermore, many recorded security incidents have a non-IT cause.
As a result, security requires a much wider notion of "system"
than do most other fields in computer science. In addition to the
IT infrastructure, the "system" in security includes
users, work processes, and organizational structures.
The goal of the QoP Workshop is to help security
research progress towards a notion of Quality of Protection in
Security comparable to the notion of Quality of Service in
Networking, Software Reliability, or Software Measurements and
Metrics in Empirical Software Engineering.
Original submissions are
solicited from industry and academic experts to presents their
work, plans and views related to Quality of Protection. The topics
of interest include but are not limited to:
decision making and risk management
assessment of security architectures and solutions
Mining data from
attack and vulnerability repositories
Formal theories of
measurement & monitoring
validation of models
June 17 (Sun) - Paper submissions (EXTENDED)
July 20 (Fri) - Authors' notification
- August 22 (Wed) -
Camera ready paper due
- October 29 (Mon) - QoP Workshop
of accepted papers are expected to give full presentations at the
workshop. The proceedings will be published by the ACM; they will
have an ISBN number and be included in the ACM digital library.
papers are solicited in any of the above
mentioned topics describing significant research results.
Preliminary research results can be submitted in the form of short
papers. We also solicit industry
experience reports about the use of
security measurements and metrics in industrial environments.
Industry papers should have at least one author from industry or
government, and will be considered for their industrial relevance.
Experimental papers are required (1) to explicitly
state the hypothesis being tested, or the problem being solved,
and (2) to have a methodology section. The methodology section
should contain enough details that a reader could reproduce the
work, at least as a thought-experiment. Where appropriate this
section should include information like: materials, apparatus &
stimuli used, a description of the subjects or data sets used, the
experimental design, and the procedure followed.
Theoretical papers should succinctly state the
hypothesis that results from the theory and describe an experiment
for its validation.
Authors should use the ACM
SIG proceedings template when preparing their submission. The
page limit for the final proceedings version will be 6 pages in
double-column ACM format; short papers are limited to 3 pages.
Only PDF or PS files are accepted.
Papers must be submitted through EasyChair
site. If you use EasyChair for the first time you may found it
useful to read a short
Karjoth - IBM Research (CH)
Stølen - SINTEF (NO)
Ozment - University of Cambridge (UK)
Acquisti - Carnegie Mellon
- SAP (DE)
D. Gligor - University of Maryland
Gollmann - TU Hamburg-Harburg
Hongxia Jin -
IBM Almaden Research Center (US)
Jonsson - Chalmers University of
Josang - Queensland University
Karabulut - SAP Research Palo Alto
Volkmar Lotz -
Massacci - University of Trento
Maxion - Carnegie Mellon U.
McHugh - Dalhousie U. (CA)
M. Nicol - University of Illinois
Ozment - University of Cambridge
Fernández-Medina Patón -
University of Castilla-La Mancha (SP)
Sander - HP Labs (USA)
H. Sanders - University of Illinois
at Urbana-Champaign (USA)
- DoCoMo EuroLabs (DE)
Shrivastava - University of Newcastle
upon Tyne (UK)
- The MITRE Corporation (USA)
Zannone - University of Trento (IT)