Second Workshop on
Quality of Protection
Workshop co-located with CCS-2006

Mon. Oct. 30 - Alexandria VA, USA


Home

Programme

Invited Speaker

Panel Session

QoP 2005 Proceedings

Call For Papers

Call For Participation

Registration

Committees

Acknowledgments

QoP 2005

QoP 2007

QoP 2008

MetriSec 2009





Call For Participation


Call For Participation in pdf file
Call For Participation in text file


Quality of protection - QoP 2006

Mon. Oct. 30 - Alexandria VA, USA.

Affiliated with 13th ACM Conference on Computer ad Communication security CCS-2006


GENERAL DESCRIPTION

This year’s QoP’06 (Quality of Protection Workshop – Security Measurements and Metrics) workshop continues a roadmap towards the establishment of scientific and technical methods for the quantitative evaluation of a variety of security services, solutions and patterns. The objective is to provide for Security Engineering the same set of tools and techniques that are available in empirical Software Engineering, Communication Engineering and other sister disciplines and that mark the shift from arts to engineering.

The workshop called for original research results and industrial experience reports on leading edge issues in security measurements and metrics, including models, systems, applications, and theory. QoP’06 gives to academia and industry a unique opportunity to share their perspectives with others interested in the various aspects of security measurements and metrics.



TECHNICAL PROGRAM

Monday, October 30th

09:00 - 09:15

Opening

Fabio Massacci (chair)
Guenter Karjoth (chair)

Foreword

09:15 - 10:45

Session 1: Software security metrics

Pratyusa K. Manadhata, Jeannette M. Wing, Mark A. Flynn and Miles A. McQueen
- Measuring the Attack Surfaces of Two FTP Daemons
Abstract

Gyrd Brændeland and Ketil Stølen
Using model-based security assessment in component-oriented system development. A case-based evaluation
Abstract

Jari Råman
Contracting over the Quality aspect ofSecurity in Software Product Markets
Abstract

10:45 - 11:00

Coffee Break

11:00 - 12:00

Invited Talk

John McHugh
- Quality of Protection: Measuring the Unmeasurable?

12:00 - 12:20

Session 1. Continuation

Riccardo Scandariato, Bart De Win and Wouter Joosen
- Towards a measuring framework for security properties of software (Short)
Abstract

12:20 - 13:30

Lunch

13:30 - 15:00

Session 2: Network security metrics

Jelena Mirkovic, Peter Reiher, Sonia Fahmy, Roshan Thomas, Alefiya Hussain, Stephen Schwab and Calvin Ko
- Measuring Denial of Service
Abstract

Joseph Pamula, Paul Ammann, Sushil Jajodia and Vipin Swarup
- A Weakest-Adversary Security Metric for Network Configuration Security Analysis
Abstract

Hanno Langweg
- Framework for Malware Resistance Metrics
Abstract

15:00 - 15:15

Coffee Break

15:15 - 16:00

Session 2. Continuation

Ho Chung and Clifford Neuman
- Modelling the Relative Strength of Security Protocols (short)
Abstract

Muhammad Abedin, Syeda Nessa, Ehab Al-Shaer and Latifur Khan
- Vulnerability Analysis For Evaluating Quality of Protection of Security Policies (short)
Abstract

16:00 - 17:30

Panel Session: Is risk analysis a good system security metric?

O. Sami Saydjari (moderator)
Virgil D. Gligor
Deb Bodeau
Alessandro Acquisti
Roy Maxion

17:30 - 17:45

Conclusion


PC CHAIRS:

Fabio Massacci - Univ. di Trento (IT)
Guenter Karjoth - IBM Research (CH)

PROGRAM COMMITTEE:

Alessandro Acquisti - Carnegie Mellon University (USA)
Guenter Bitz - SAP (DE)
Yves Deswarte - LAAS-CNRS (FR)
Dieter Gollmann - TU Hamburg-Harburg (DE)
Virgil D. Gligor - University of Maryland (USA)
Judith N. Froscher - Naval Research Laboratory (USA)
Erland Jonsson - Chalmers University of Technology (SW)
Svein Johan Knapskog - The Norwegian University of Science and Technology (NOR)
Helmut Kurth - ATSEC (DE)
Bev Littlewood - City University, London (UK)
Volkmar Lotz - SAP (DE)
Roy Maxion - Carnegie Mellon University (USA)
David M. Nicol - University of Illinois (USA)
Mario Piattini - University of Castilla-La Mancha (SP)
Anand R. Prasad - DoCoMo Communications Laboratories Europe (DE)
Tomas Sander - HP Labs (USA)
Shrivastava Santosh - University of Newcastle upon Tyne (UK)
Ketil Stølen - SINTEF (NO) & Univ. of Oslo (NO)
Vipin Swarup - The MITRE Corporation (USA)
Nicola Zannone - University of Trento (IT)
Marvin Zelkowitz - University of Maryland (USA)

ORGANIZER:

Nicola Zannone - University of Trento (IT)

PUBLICITY CHAIR

Artsiom Yautsiukhin - University of Trento (IT)


REGISTRATION

Online registration is available on the CCS-2006 web page
(online registration for QoP Workshop will be added soon):
http://www.acm.org/sigs/sigsac/ccs/CCS2006/


VENUE / TRAVEL:

Please see CCS-2006 web site.