Program

DAY 1 - Monday, August 11, 2008
07:30 - 08:10 Breakfast
08:10 - 08:30 Opening Talk & Agenda for Day 1 (Download, PDF 176 kb)
08:30 - 10:00 Session I: Metrics/Risk and Configuration Reasoning
Metricizing (Mis)Configuration (Roy Maxion, Carnegie Mellon University)
Assured Policy and Configuration Management: Risk-awareness and User-centricity (Gail Ahn, Arizona State University)
Recent Results On Logic-Based Approaches To Enterprise Network Security Defense (Xinming Ou, Kansas State University)
Safe Configuration Alternatives via Lightweight Process Transposition (Angelos Stavrou and Michael Locasto, George Mason University)
Evaluating Security Controls Based on Key Performance Indicators and Stakeholder Mission (Frederick T. Sheldon, DOE)
10:00 - 10:30 Discussion
10:30 - 10:45 C o f f e e B r e a k
10:45 - 12:00 Session II: Assurable Security Configuration: Bottom-up
Towards Global Verification of Security Configuration (Ehab Al-Shaer, DePaul University)
Shadow Configuration as a Network Management Primitive (Richard Yang, Yale University)
Visualization And Semantics To Support Fast And Accurate Policy Authoring (Lorrie Cranor, Carnegie Mellon University)
Unexpected Interferences between Routing Dynamics and Security Policy (Felix Wu, University of California at Davis)
12:00 - 12:30 Discussion
12:30 - 01:30 L U N C H
01:30 - 03:00 Session III: Usable Network Configuration Design & Refinement: Top-Down
Usable Security With Constraint Satisfaction (Gary Levin, Telcordia Technologies)
Presto: Configuration Management at Massive Scale (Patrick McDaniel, Penn State University & Shubho Sen, AT&T)
Towards Systematic Design of Enterprise Networks (Sanjay Rao, Purdue University)
A User Study of Policy Creation in a Flexible Access-Control System (Lorrie Cranor, Carnegie Mellon University)
03:00 - 03:30 Discussion
03:30 - 03:45 C o f f e e  B r e a k
03:45 - 05:00 Session IV: Dynamic Policy Configuration
Expressive Policy Analysis with Enhanced System Dynamicity (Jorge Lobo, IBM)
Dynamic Negotiation of Security Parameters (Alwyn Goodloe, National Institute of Aerospace & Carl Gunter, University of Illinois at Urbana-Champagne)
Community voucher based trust establishment and provisioning for distributed networks (Hong Li & Rita Wouhaybi, Intel Corporation)
Architectural Design for Peer-to-Peer Communication Services (Duminda Wijesekera, George Mason University)
05:00 - 05:30 Discussion
   
DAY 2 - Tuesday, August 12, 2008
07:30 - 08:10 Breakfast
08:10 - 08:30 Agenda for Day 2
08:30 - 10:30 Breakout/Theme-based Discussion I: Definition, Scope and Impact

  • What is security configuration: definition and scope? Keep in mind various dimensions such as location: host, network and services, and scope.
  • What is the impact of security configuration on other security areas such crypto systems, access control, intrusion detection, prevention and response, mitigation/recovery, patching, auditing, forensics and others
10:30 - 10:45 C o f f e e B r e a k
10:45 - 12:30 Breakout/Theme-based Discussion II: Current Challenges and Future Objectives based on the State-of-the-art

  • What are main challenges/attributes of security configuration (e.g., usable, assurable) – 5 years plan? Define a metric for each challenge
  • What are the best practices in managing security today and how this is short for addressing these challenges. Any tools?
  • Are the notions of manageable security for end-users and IT professionals the same? Is the approach to address this is different?
  • Does security management lack a new theoretical foundation for building rigorous solution? If yes then what?
12:30 - 01:30 L U N C H
01:30 - 03:30 Breakout Discussion III: Creating Future Research Directions
03:30 - 04:00 C o f f e e  B r e a k
04:00 - 04:30 Draft Recommendations
04:30 - 04:35 Closing Talk