CCSW 2014: The ACM Cloud Computing Security Workshop
in conjunction with the ACM Conference on Computer and Communications Security (CCS)
November 7, 2014, The Scottsdale Plaza Resort, Scottsdale, Arizona, USA.


The CCSW workshop brings together researchers and practitioners in all security aspects of cloud-centric and outsourced computing, including:
  • practical cryptographic protocols for cloud security
  • secure cloud resource virtualization mechanisms
  • secure data management outsourcing (e.g., database as a service)
  • practical privacy and integrity mechanisms for outsourcing
  • foundations of cloud-centric threat models
  • secure computation outsourcing
  • remote attestation mechanisms in clouds
  • sandboxing and VM-based enforcements
  • trust and policy management in clouds
  • secure identity management mechanisms
  • new cloud-aware web service security paradigms and mechanisms
  • cloud-centric regulatory compliance issues and mechanisms
  • business and security risk models and clouds
  • cost and usability models and their interaction with security in clouds
  • scalability of security in global-size clouds
  • trusted computing technology and clouds
  • binary analysis of software for remote attestation and cloud protection
  • network security (DOS, IDS etc.) mechanisms for cloud contexts
  • security for emerging cloud programming models
  • energy/cost/efficiency of security in clouds
We would like to especially encourage novel paradigms and controversial ideas that are not on the above list. The workshop is to act as a fertile ground for creative debate and interaction in security-sensitive areas of computing impacted by clouds.

Impact
CCSW has had a significant impact in our research community. As of September 2013, in the new Google Scholar Metrics entry for CCS (which encompasses CCSW), 4 of the top 20 cited papers of the past five years come from CCSW. One way to look at it is that you're as likely or perhaps more likely to have a top-20 paper publishing in CCSW than in CCS! (thanks to Ari Juels for noticing this)

Student Stipends
Student stipends may be available to attend CCSW. Please apply on the CCS website for a CCS grant and then email radu@digitalpiglet.org to let us know why you would be a good fit for CCSW. We plan on awarding several student travel grants (a function also of the quality of the applications).

Important Dates
Submissions due: 30 July, 2014 (midnight anywhere in the world) (absolutely firm)
Author notification: 25 August, 2014
Camera-ready: 7 September, 2014
Workshop: November 7, 2014

Submissions
CCSW is soliciting full papers of up to 12 pages which will be judged based on the quality per page. Thus, shorter, high-quality papers are encouraged, and papers may be perceived as too long if they are repetitive or verbose. Submissions must use the ACM SIG Proceedings Templates (available at the ACM website) in double-column format with a font no smaller than 9 point. Only PDF files will be accepted. Submissions not meeting these guidelines risk rejection without consideration of their merits. Accepted papers will be published by the ACM Press and/or the ACM Digital Library.

Submissions must be anonymous, and authors should refer to their previous work in the third-person. Submissions must not substantially overlap with papers that have been published or that are simultaneously submitted to a journal or a conference with proceedings. Each accepted paper must be presented by one registered author. Submissions not meeting these guidelines risk immediate rejection. For questions about these policies, please contact the chairs.

Please submit your paper via EasyChair.

Keynote Speakers


Dr. David Mc Grew, Fellow, Cisco
Bio: David McGrew is a Cisco Fellow who works to improve network and system security through applied research, standards, and product engineering. His current focus is on the detection of advanced threats using network monitoring and analytic techniques, and he works in the Office of the CTO in Cisco Systems' Security Business Group. Previously, he was instrumental in the development of several cryptographic standard algorithms and protocols, chaired the IRTF CFRG, and managed Cisco's IPsec development team. He holds a PhD in Physics from Michigan State University.
Title: Privacy vs. Efficacy in Cloud-based Threat Detection
Abstract: Advanced threats can be detected by monitoring information systems and networks, then applying advanced analytic techniques to the data thus gathered. It is natural to gather, store, and analyze this data in the Cloud, but doing so introduces significant privacy concerns. There are technologies that can protect privacy to some extent, but these technologies reduce the efficacy of threat analytics and forensics, and introduce computation and communication overhead. This talk considers the tension between privacy and efficacy in Cloud threat detection, and analyzes both pragmatic techniques such as data anonymization via deterministic encryption and differential privacy as well as interactive techniques such as private set intersection and searchable encryption, and highlights areas where further research is needed.


Dr. Bryan D. Payne, Director of Security Research, Nebula
Bio: Dr. Bryan D. Payne is the Director of Security Research at Nebula and co-founder of the OpenStack Security Group. He authored the OpenStack Security Guide and many research papers on virtual machine introspection. He is also the creator of LibVMI, an open source software library for runtime monitoring of virtual machines. Prior to joining Nebula, Dr. Payne worked at Sandia National Labs, the National Security Agency, BAE Systems, and IBM Research.  He graduated with a Ph.D. in Computer Science from the Georgia Tech College of Computing, specializing in systems security.  His research interests include operating system security, virtualization security, usable security, live and forensic memory analysis, and trusted platforms.
Title: Reducing the Cost of Security in the Cloud
Abstract: Software engineering has matured significantly over the past decade. Using modern software building blocks, we have seen companies build web services for 100s of millions of users with only 30 software engineers. These building blocks demonstrate the power of cloud computing and have fundamentally changed how applications will be created and delivered in the future. Unfortunately, fitting security into this picture -- at the application or the infrastructure level -- remains a tremendous challenge. It doesn't need to be this way. With an aggressive research investment, we can reduce the cost of high quality security. This talk will explore why security is so expensive and what can be done to reduce this cost, from the perspective of someone working to create security focused cloud infrastructure while also leading security efforts in the OpenStack community.


Dr. Joanne Martin, CISO and VP for IT Risk, IBM
Bio: Joanne Martin is currently IBM's CISO, and VP for IT Risk. In this role, she is responsible for defining and maintaining the vision, strategy, and programs that ensure IBM's information assets are adequately protected. Her organization develops policy and processes to reduce IT risks globally, manages and responds to incidents, establishes standards, and guides the implementation of technology to support the enterprise security mission. Joanne is a member of the Security 50 group. Previously, as a Distinguished Engineer and Vice President of Technology, Dr. Martin was responsible for supporting the development of IBM's technical strategy and for the global technical community. She is Past-President of the IBM Academy of Technology, and was VP of Infrastructure Management Services for Global Technology Services (GTS), responsible for providing a consistent and coherent architecture for the development and delivery of service products in the transformed GTS. She served on the management team that developed and delivered IBM's first supercomputer, with specific responsibility for the performance measurement and analysis of the system. She was named by Working Mother magazine as one of the 25 most influential working mothers for 1998 and was elected to the Women in Technology International Hall of Fame in 2012.
Title: Securing Cloud Environments for Enterprise Computing
Abstract: Cloud changes the economics of computing. Service delivery is faster and more agile and IT is delivered without boundaries. Cloud computing is a pivotal strategy for IBM, and to support it, we have to transform and simplify our approach to IT security. To operate securely in the cloud, we need to know what is being stored and where, what it's worth, how it moves, where it goes, and who is trying to access it. This new approach to IT forces us to rethink our data management strategy and identity and access control. To transform security practices for this seismic shift in IT, we need a forward-looking, principles-based cloud policy, an updated data governance model, and a new framework for determining roles and responsibilities.
Principles-based policy - This approach to policy states "what" is required for IT security, not so much "how" it should be implemented. The new policy will account for differences in environments and security assurance levels.
New data governance model - Our new data governance model, being developed in parallel to the cloud security policy, will better define different types of data and assign levels of data sensitivity with minimum security requirements for each sensitivity level. The new data governance framework will help us decide what data can be hosted in different types of cloud environments. (See the related fact sheet for another of our IT Risk 2014 Strategic Priorities
Roles and responsibilities - A new layer of responsibility now exists for the cloud service provider, in addition to the established roles for CIO and Service Delivery. These new roles require new interlocks for activities such as security patching and security monitoring.

       
Schedule  
  7:30 - 8:30 Breakfast and registration
  8:30 - 8:40 Opening remarks by PC chairs
Alina Oprea and Rei Safavi-Naini
  Session: Attacks and mitigation   Chair: Nick Nikiforakis (Stony Brook University)  
  8:40 - 9:40 Guardians of the Clouds: When Identity Providers Fail
Andreas Mayer; Marcus Niemietz; Vladislav Mladenov; Joerg Schwenk
  Your Software at my Service
Vladislav Mladenov, Christian Mainka; Florian Feldmann; Julian Krautwald; Joerg Schwenk
  Co-Location-Resistant Clouds
Yossi Azar; Seny Kamara; Ishai Menache; Mariana Raykova; Bruce Shepherd
  Keynote I     
  9:40 - 10:30 Reducing the Cost of Security in the Cloud, Bryan D. Payne (Director of Security Research, Nebula)
Abstract: Software engineering has matured significantly over the past decade. Using modern software building blocks, we have seen companies build web services for 100s of millions of users with only 30 software engineers. These building blocks demonstrate the power of cloud computing and have fundamentally changed how applications will be created and delivered in the future. Unfortunately, fitting security into this picture -- at the application or the infrastructure level -- remains a tremendous challenge. It doesn't need to be this way. With an aggressive research investment, we can reduce the cost of high quality security. This talk will explore why security is so expensive and what can be done to reduce this cost, from the perspective of someone working to create security focused cloud infrastructure while also leading security efforts in the OpenStack community.
  10:30 - 11:00 Coffee Break
  Session: Secure computation    Chair: Nikos Triandopoulos (Boston University)  
 11:00 - 12:00 A Framework for Outsourcing of Secure Computation
Jesper Buus Nielsen; Claudio Orlandi
  Certification and Efficient Proofs of Topology Graphs
Thomas Gross
  Streaming Authenticated Data Structures: Abstraction and Implementation
Yi Qian, Yupeng Zhang, Xi Chen and Charalampos Papamanthou
  Keynote II     
  12:00 - 12:50 Privacy vs. Efficacy in Cloud-based Threat Detection, David Mc Grew (Fellow, Cisco)
Abstract: Advanced threats can be detected by monitoring information systems and networks, then applying advanced analytic techniques to the data thus gathered. It is natural to gather, store, and analyze this data in the Cloud, but doing so introduces significant privacy concerns. There are technologies that can protect privacy to some extent, but these technologies reduce the efficacy of threat analytics and forensics, and introduce computation and communication overhead. This talk considers the tension between privacy and efficacy in Cloud threat detection, and analyzes both pragmatic techniques such as data anonymization via deterministic encryption and differential privacy as well as interactive techniques such as private set intersection and searchable encryption, and highlights areas where further research is needed.
  12:50 - 14:00 Lunch
  Session: Storage security    Chair: Seny Kamara (Microsoft Research)   
 14:00 - 14:40 Reconciling End-to-End Confidentiality and Data Reduction In Cloud Storage
Nathalie Baracaldo; Elli Androulaki; Joseph Glider; Alessandro Sorniotti
  Distributed Key Generation for Encrypted Deduplication: Achieving the Strongest Privacy
Yitao Duan
  Keynote III     
  14:40 - 15:30 Securing Cloud Environments for Enterprise Computing, Joanne Martin (CISO and VP for IT Risk, IBM)
Abstract: Cloud changes the economics of computing. Service delivery is faster and more agile and IT is delivered without boundaries. Cloud computing is a pivotal strategy for IBM, and to support it, we have to transform and simplify our approach to IT security. To operate securely in the cloud, we need to know what is being stored and where, what it's worth, how it moves, where it goes, and who is trying to access it. This new approach to IT forces us to rethink our data management strategy and identity and access control. To transform security practices for this seismic shift in IT, we need a forward-looking, principles-based cloud policy, an updated data governance model, and a new framework for determining roles and responsibilities. (1) Principles-based policy: This approach to policy states "what" is required for IT security, not so much "how" it should be implemented. The new policy will account for differences in environments and security assurance levels. (2) New data governance model: Our new data governance model, being developed in parallel to the cloud security policy, will better de?ne different types of data and assign levels of data sensitivity with minimum security requirements for each sensitivity level. The new data governance framework will help us decide what data can be hosted in different types of cloud environments. (See the related fact sheet for another of our IT Risk 2014 Strategic Priorities). (3) Roles and responsibilities: A new layer of responsibility now exists for the cloud service provider, in addition to the established roles for CIO and Service Delivery. These new roles require new interlocks for activities such as security patching and security monitoring.
  15:30 - 15:50 Coffee Break
  Memorial session: Emil Stefanov: Bridging the Theory and Practice of Cloud Computing Security    Chair: Elaine Shi (UMD)  
 15:50-16:40 Memory Access Pattern Protection in the World of Malicious Operating Systems and Commercial Hardware
Srini Devadas
  A Visitor's Guide to a Post-Privacy World
Ari Juels
  A new look at human problem solving: near-optimal solutions to NP-hard problems
Zygmunt Pizlo
  Session: Secure and resilient architectures    Chair: Nabil Schear (MIT Lincoln Lab)   
 16:40 - 18:00 RAID-PIR: Practical Multi-Server PIR
Daniel Demmler; Amir Herzberg;Thomas Schneider
  Swap and Play: Live Updating Hypervisors and Its Application to Xen
Franz Ferdinand Brasser; Mihai Bucicoiu; Ahmad-Reza Sadeghi
  CloudSafetyNet: Detecting Data Leakage between Cloud Tenants
Christian Priebe; Divya Muthukumaran; Dan O'Keeffe; David Eyers; Brian Shand; Ruediger Kapitza; Peter Pietzuch
  Inevitable Failures: The Flawed Trust Assumption in Cloud
Yuqiong Sun; Giuseppe Petracca; Trent Jaeger


 Registration
Please register here on the main CCS website.

Organizers

CHAIRS

Alina Oprea, RSA Labs
Rei Safavi-Naini, University of Calgary


COMMITTEE

Giuseppe Ateniese, Sapienza, Italy and JHU, USA
Erik-Oliver Blass, Northeastern University, USA
Kevin Butler, University of Oregon, USA
Christian Cachin, IBM Research, Switzerland
Srdjan Capkun, ETH-Zurich, Switzerland
David Cash, Rutgers University, USA
Reza Curtmola, New Jersey Institute of Technology, USA
Robert Deng, Singapore Management University, Singapore
Srini Devadas, MIT, USA
Marten van Dijk, University of Connecticut, USA
Roberto Di Pietro, Bell Labs, France
Andreas Haeberlen, University of Pennsylvania, USA
Vinod Ganapathy, Rutgers University, USA
Seny Kamara, Microsoft Research, USA
Aggelos Kiayias, University of Athens, Greece
Florian Kerschbaum, SAP, Germany
Ralf Kuesters, Universitaet Trier, Germany
Cedric Lauradoux , INRIA, France
Ruby Lee, Princeton University, USA
Yingjiu Li, Singapore Management University, SIngapore
David Lie, University of Toronto, Canada
Catherine Meadows, Naval Research Laboratory, USA
Cristina Nita-Rotaru, Purdue University, USA
Charalampos Papamanthou, University of Maryland, USA
Mariana Raykova, SRI, USA
Mike Reiter, UNC Chapel Hill, USA
Thomas Ristenpart, University of Wisconsin, USA
Ahmad-Reza Sadeghi, TU Darmstadt, Germany
Nabil Schear, MIT Lincoln Laboratory, USA
Thomas Schneider, TU Darmstadt, Germany
Anil Somayaji, Carleton University, Canada
Nikos Triandopoulos, RSA Laboratories, USA
Dongyan Xu, Purdue University, USA

STEERING

Kristin Lauter, Microsoft
Adrian Perrig, ETH Zurich
Radu Sion, Stony Brook (chair)
Gene Tsudik, UC Irvine
Moti Yung, Google Inc.

GENERAL CHAIR

Gail-Joon Ahn, Arizona State University, USA


Sponsorship
Interested in sponsoring CCSW (this or next year)? Please contact us directly.

Platinum Sponsor




Previous Workshops
CCSW 2009, CCSW 2010, CCSW 2011. CCSW 2012. CCSW 2013.




Updated: April 28, 2014
© 2009-2014 NSAC Lab.
All Rights Reserved.