A typical enterprise network might have hundreds of security appliances such as firewalls, IPSec gateways, IDS/IPS, authentication servers, authorization/RBAC servers and crypto systems. An enterprise network may also have other non-security devices such as routers, name servers, protocol gateways, etc. These must be logically integrated into a security architecture satisfying security goals at and across multiple networks. Logical integration is accomplished by consistently setting thousands of configuration variables and rules on the devices. The configuration must be constantly adapted to optimize protection and block prospective attacks. The configuration must be tuned to balance security with usability. These challenges are compounded by the deployment of mobile devices and ad hoc networks. The resulting security configuration complexity places a heavy burden on both regular users and experienced administrators and dramatically reduces overall network assurability and usability. This symposium will bring together academic as well as industry researchers to exchange experiences, discuss challenges and propose solutions for offering assurable and usable security.
The first instance of this workshop was held by invitation only in August 2008, funded by the NSF to promote this important area of research. The next instances were held as a workshop in 2009/2010 at CCS, with approximately 55 attendees from academia and industry. In 2011 we wish to build on this success and aim to attract a strong set of submissions and a diverse audience from both academia and industry.
SafeConfig 2011 will be collocated with 7th Annual IT Security Automation Conference