The new sophisticated cyber security threats demand new security management approaches that offer a holistic security analytics based on the system data including configurations, logs and network traffic. Security analytics must be able to handle large volumes of data in order to model, integrate, analyze and respond to threats at real time. The system configuration/policy is a key component that determines the security and resiliency of networked information systems and services. However, a typical enterprise networked environment contains thousands of network and security devices and millions of inter-dependent configuration variables (e.g., rules) that orchestrate the end-to-end system behavior globally. As the current technology moves toward "smart" cyber infrastructure and open networking platforms (e.g. OpenFlow and virtual computing), the need for security analytics and automation significantly increases. The coupled integration of network sensor data and configuration in a unified framework will enable intelligent response, automated defense, and network resiliency/agility.

This symposium offers a unique opportunity by bringing together researchers form academic, industry as well as government agencies to discuss these challenges, exchange experiences, and propose joint plans for promoting research and development in this area. SafeConfig Symposium is a one day program that will include invited talks, technical presentations of peer-reviewed papers, poster/demo sessions, and joint panels on research collaboration. SafeConfig Symposium solicits the submission of original unpublished ideas in 8-page long papers, 4-page sort papers, or 2-pages posters. Security analytics and automation for new emerging application domains such as clouds and data centers, cyber-physical systems software defined networking and Internet of things are of particular interest to SafeConfig community.
Topics (but are not limited to)

Science of Security Analytics and Automation:
• Security metrics.
• Abstract models and languages for configuration specification.
• Formal semantics of security policies.
• Model composition and integration.
• Autonomic defense and configuration.
• Integration of sensor information and policy configuration.
• Theory of defense-of-depth.
• Security games.
• Attack prediction and attribution.

Security Analytics Techniques:
• Techniques: formal methods, statistical, interactive visualization, reasoning, etc.
• Methodology: multi-level, multi-abstraction, hierarchical etc.
• Analytics under uncertainty.
• Security analytics using heterogeneous sensors.
• Automated configuration verification.
• Integrated network and host configuration.
• Configuration testing, forensics, debugging and evaluation.
• Analytics of attacks motive and attribution.
• Tools and case studies.
• Security analytics for wireless sensors and MANET.
• Security policy management.
• Accountability and provenance.
• Attack forensics and automated incident analysis.

Security Automation Techniques:
• Automated security hardening and optimization.
• Security synthesis and planning.
• Policy/Configuration refinement and enforcement.
• Health-inspired security.
• Risk-aware and context-aware security.
• Cyber agility and moving target defense.
• Security configuration economics.
• Continuous monitoring.
• Usability issues in security management.
• Automated patch management.
• Automated attack response and alarm management.