CALL FOR PAPERS
SafeConfig 2016 : Testing and Evaluation for Active and Resilient Cyber Systems:
Identifying and understanding novel means of verifying and validating next generation cyber systems
(Collocated with ACM CCS 2016)
Hofburg Palace, Vienna, Austria
October 24, 2016
Information: http://www.cyberdna.uncc.edu/safeconfig/
The premise of this year’s SafeConfig Workshop is that existing tools and methods for security assessments are necessary but insufficient for scientifically rigorous testing and evaluation of resilient and active cyber systems. For example, we contend that existing penetration testing tools, red team processes, and security testing are not able to cope with inherent nature of continuous and resilient systems. Existing tactics, techniques and procedures (TTP) by the adversary, and even existing penetration teams are often adequate to accomplish the job needed for their own specific purposes. However to increase the scientific validity, the validation of resilient systems is not a static nor one of breach of perimeter or exfiltration of data. Rather the objectives for this workshop are the exploration and discussion of scientifically sound testing regimen(s) that will continuously and dynamically probe, attack, and “test” the various resilient and active technologies. This adaptation, and change in focus necessitates at the very least modification, and at the most, wholesale new developments to ensure that resilient and agile aware security testing is available to the research community. These impediments will also include natural faults such as flooding, fire, or hardware failure, or even staff member negligence. They must also be repeatable, reproducible, subject to scientific scrutiny, measurable and meaningful to both researcher’s and practitioners. The following topics (but are not limited to) are of interest of this workshop:
• Configuration testing, forensics, debugging and evaluation.
• Continuous monitoring and response.
• Cyber agility and moving target defense.
• Cyber resiliency.
• Cost effectiveness.
• Resilience/ agility effectiveness.
• Risk measurement.
• Testbeds.
• Research Infrastructure.
• Verification techniques.
• Validation techniques.
• Testing & evaluation methods.
• Cyber-physical systems security.
• Security configuration verification and economics.
• Security metrics - Adversarial Measures, User measures
• Mission metrics - Mission assurance, Mission measures, Conflicting mission management
• Security policy management
• Theory of defense-of-depth

Important Dates
Manuscript Submission: August 05, 2016
Acceptance Notification: September 06, 2016
Camera Ready: September 15, 2016
Conference Date: October 23, 2016

Submission Guidelines
Papers must present original work and must be written in English. We require that the authors use the ACM format for papers, using one of the ACM proceeding templates. We solicit two types of papers, regular papers and position papers. The length of the regular papers in the proceedings format should not exceed 6 pages for long papers, 3 pages for short papers, and 1 page for posters, excluding well-marked references and appendices. Committee members are not required to read the appendices, so papers must be intelligible without them. Papers are to be submitted electronically as a single PDF file at www.softconf.com/g/safeconfig2016/. Authors of accepted papers must guarantee that their papers will be presented at the workshop.