Third Workshop on
Quality of Protection
Workshop co-located with CCS-2007

Mon. Oct. 29 - Alexandria VA, USA
Hilton Alexandria Mark Center



Invited Speaker

Accepted papers

Call For Papers

Call For Participation




QoP 2005

QoP 2006

QoP 2008

MetriSec 2009

General description

In the last few decades, Information Security has gained numerous standards, industrial certifications, and risk analysis methodologies. However, the field still lacks the strong, quantitative, measurement-based assurance that we find in other fields. For example, Networking researchers have created and utilize Quality of Service (QoS), Service Level Agreements (SLAs), and performance evaluation metrics. Empirical Software Engineering has made similar advances with software metrics: processes to measure the quality and reliability of software exist and are appreciated in industry.

Security looks different. Even a fairly sophisticated standard such as ISO17799 has an intrinsically qualitative nature. Notions such as Security Metrics, Quality of Protection (QoP) or Protection Level Agreement (PLA) have surfaced in the literature, but they still have a qualitative flavor. Furthermore, many recorded security incidents have a non-IT cause. As a result, security requires a much wider notion of "system" than do most other fields in computer science. In addition to the IT infrastructure, the "system" in security includes users, work processes, and organizational structures.

The goal of the QoP Workshop is to help security research progress towards a notion of Quality of Protection in Security comparable to the notion of Quality of Service in Networking, Software Reliability, or Software Measurements and Metrics in Empirical Software Engineering.

The 3rd QoP Workshop is co-located with 14th ACM Conference on Computer and Communication Security CCS-2007 which will be on Oct 29 - Nov 2.

Previous Workshops