About EuroSec

EuroSec is a new workshop associated with the Annual ACM SIGOPS EuroSys conference. The workshop aims to bring together researchers, practitioners, system administrators, system programmers, and others interested in the latest advances in the security of computer systems and networks. The focus of the workshop is on novel, practical, systems-oriented work.

EuroSec is a new workshop associated with the Annual ACM SIGOPS EuroSys conference. The workshop aims to bring together researchers, practitioners, system administrators, system programmers, and others interested in the latest advances in the security of computer systems and networks. The focus of the workshop is on novel, practical, systems-oriented work.

Topics of Interest

EuroSec seeks contributions on all aspects of systems security. Topics of interest include (but are not limited to):

• Operating systems security
• Web/network/distributed systems security
• New attacks and evasion techniques
• Hardware architectures
• Trusted computing and its applications
• Identity management, anonymity
• Small trusted computing bases
• Mobile systems security
• Measuring security
• Malicious code analysis and detection
• Systems-based forensics
• Systems work on fighting spam/phishing

In accordance with the spirit of the EuroSys conference, we also seek:

• Quantified or insightful experience with existing systems
• Reproduction or refutation of previous results
• Negative results
• Early ideas

EuroSec explicitly encourages members of the systems community to explore leading-edge topics and ideas before they are presented at a major conference. All submissions will be reviewed by the Program Committee. Only original, novel work will be considered for publication. Accepted papers will be published in the Proceedings of EuroSec in the ACM Digital Library.

You are hereby invited to submit papers of up to 6 pages, with 10-point font, in a two-column format (including figures, tables and references). The format of submitted papers should correspond to our LaTeX style file. Instructions for the submissions can be found at http://www.iseclab.org/eurosec-2010.

Important dates

• Paper submission: February 7, 2010 (Hard deadline, no extensions), 5pm, PST
• Acceptance notification: March 1, 2010
• Final paper due: March 12, 2010
• Workshop: April 13, 2010

One of the highlights of this years EUROSEC workshop was the panel on emerging research directions. The panel was filled out by Angelos Keromytis (Columbia University and Symantec), Herber Bos (Vrije Universiteit Amsterdam), Georg Portokalidis (Vrjie Universiteit Amsterdam), Christian Platzer (Technical University of Vienna), and Edita Djambazova (Bulgarian Academy of Sciences), and the panel was moderated and organized by this blog’s one and own Sotiris Ioannidis.

Although, the topic is a throw away — emerging research what does that really mean? — we had a very engaging conversation about the future of security as computers get even more pervasive. The topic is best exemplified by an anecdote told by Herbert Bos about how one of his graduate students planned to get their Ph. D.

Herbert’s story takes place during an auspicious weekend in the lab where he instructs his “lazy” graduate student to stop putzing around and get some real work done. Being the weekend and all, Herbert intends to relax, so he heads out to a cafe (an Amsterdam cafe). He gets, in his own words, “high as a kite” and somehow meanders into the red light district to soak up some of the entertainment. Thirty minutes later, he heads back to the lab to ask what his graduate student has been up to.
“Hacking smart phones,” he replies, and this intrigues Herbert who asks, “Whose smart phone?”
“Yours.” The student answers, “and I know what you have been up to while I’ve been working. First, you went to a cafe, and then you went to a club. If you don’t write my thesis for me, I will tell your wife.” And, of course, Herbert must now write his thesis.

Even though it is not a *true* story, it demonstrates the pervasiveness of computers. The smart phone is a phone, but it also much more then a phone, it is a computer. The student hacked the phone, turned on the GPS, and was able to track the location of his adviser. Even more devious, he could have turned on the microphone and recorded the illicit conversations and produced more evidence for his Ph. D. in blackmail.

Phones are not the only computers that are everywhere in the modern age. For example, computers are in our road signs. Perhaps you weren’t aware that there were “Zombies Ahead.” They also manage our most important infrastructure: the power grid, communication satellites, air traffic control, etc. All of which must be considered vulnerable. Additionally, the home computer has proliferated, and with so many computers, often sitting idle with their butts exposed to the world, they get compromised and  organized into massive Bot-Nets which threaten these critical systems.

So, the panel asked, “What do we do now?” And, perhaps most importantly, how do we communicate about this brave new world to the public? Sensationalism, like the recent 60 Minutes piece, is not the way. Not only is it alarmist, it gave no practical solutions other than to go buy anti-virus software from these companies that were just interviewed. It is not like computer security hasn’t been in the public view before. It’s been reported for at least 20 years (NYT 11/7/1988 “Computer Invasion: ‘Back Door’ Ajar”), and still the public is naive to the real threat of pervasively networked computers.

Like all panels, we thought, discussed, and speculated about the future, but reached no all encompassing conclusions. The problems will persist, and perhaps, it is our fault — we are loosing the war against the bad guys. The only real conclusion the panel can reach is that emerging research must include a clear discussion that the public can understand. People need their iPhones, but they should also understand what carrying an iPhone with them everywhere they go really means to their privacy. It is our responsibility as researchers to drive the discussion and be easily accessible because the world is changing faster and emerging threats are everywhere. If not us, then whom?

EuroSec seeks contributions on all aspects of systems security. Topics of interest include (but are not limited to):

• new attacks, evasion techniques, and defenses
• operating systems security
• network/distributed systems security
• hardware architectures
• trusted computing and its applications
• identity management, anonymity
• small trusted computing bases
• mobile systems security
• measuring security
• malicious code analysis and detection
• Web security
• systems-based forensics
• systems work on fighting spam/phishing

In accordance with the spirit of the EuroSys conference we also seek:

• Quantified or insightful experience with existing systems
• Reproduction or refutation of  previous results
• Negative results
• Early ideas

You are hereby invited to submit papers of up to 8 single-spaced pages (including figures, tables and references). Submission information: http://www.ics.forth.gr/dcs/eurosec09/

For convenience, we allow authors to indicate potential conflicts of interest (e.g., to exclude PC members from within their research group).  EuroSec explicitly encourages members of the systems community to explore leading-edge topics and ideas before they are presented at a major conference. All submissions will be reviewed by the Program Committee. Only original, novel work will be considered for publication. Accepted papers will be published in the proceedings of EuroSec in the  ACM Digital Library. EuroSec will be held on the 31st  of March, 2009, in Nuremberg, Germany.

Important dates

• Paper Submission Deadline: January 19th, 2009
• Notification of Acceptance : February 16th, 2009
• Final Paper Due: March 2nd, 2009
• Workshop Date: March 31st, 2009

Organization

• Program Co-chairs:
  • Evangelos Markatos (FORTH and Univ. of Crete)
  • Manuel Costa (Microsoft Research Cambridge)
• Publicity Co-chairs:
  • Thorsten Holz (Universitat Mannheim)
  • Sotiris Ioannidis (FORTH)

• Program Committee:
  • Kostas Anagnostakis (Institute for Infocomm Research)
  • John Aycock (University of Calgary)
  • Herbert Bos (Vrije Universiteit Amsterdam)
  • Manuel Costa (Microsoft Research Cambridge)
  • Jedidiah Crandal (U of New Mexico)
  • Marc Dacier (Symantec)
  • Leendert van Doorn (AMD)
  • Kevin Elphinstone (U of New South Wales)
  • Jon Giffin (Georgia Tech)
  • Ashvin Goel (U. of Toronto)
  • Hermann Hartig (TU Dresden)
  • Gernot Heiser (UNSW / NICTA / Open Kernel Labs)
  • Thorsten Holz (Universitat Mannheim)
  • Sotiris Ioannidis (FORTH)
  • Angelos Keromytis (Columbia)
  • Engin Kirda (Eurecom Institute)
  • Christopher Krugel (UC Santa Barbara and TU Vienna)
  • Wenke Lee (Georgia Tech)
  • Zhenkai Liang (CMU)
  • Evangelos Markatos (FORTH and Univ. of Crete)
  • Niels Provos (Google)
  • R Sekar (Stony Brook)
  • Angelos Stavrou (George Mason University)
  • Wietse Venema (IBM TJ Watson)
  • Michael Waidner (IBM Tivoli Software, Somers, NY)
  • Stefano Zanero (Politecnico di Milano)