First International Workshop on

Advances in Policy Enforcement (APE'08)

 

Collocated with the 3rd ARES 2008

Barcelona, Catalonia, March 4th-7th 2008

 

***Workshop programme***

 

***List of Accepted Papers and Invited Talk***

                           

Scope

The problem of complying with increasingly complex requirements is gaining importance in organizations of all sizes.  Such requirements stipulate how organizations must perform a number of accountable actions with regard to, e.g., accounting -- Basel II and SOX -- and the treatment of personal information -- HIPAA, Fair Information Practices and negotiated privacy preferences.  From a technical standpoint, these requirements are mere policies whose modeling (expression), adherence (enforcement), and verification (audit) dictate the workflow of organizations.

 

However, existing modeling techniques often fail to characterize the requirements in a correct manner.  Moreover, current policy enforcement techniques are mainly tailored for preventive action, e.g. by precluding unauthorized access.  Such systems are too invasive and inflexible to be used in heterogeneous settings like collaborative environments, in particular in scenarios where usage control plays a role.  Similarly, audit techniques should tightly work with enforcement mechanisms to allow for timely and complete audit trails and (in case of continuous assurance, real time) analysis.

 

The goal of this workshop is to bring together researchers and practitioners working on innovative methods for policy enforcement and its a posteriori audit.  The focus of the workshop is primarily technological, yet it encourages papers with a multidisciplinary character, encompassing for instance economic, legal, and sociological aspects, as well as papers more purely focused on information technology.

 

Proposed topics

Submission topics include, but are not limited to:

-         A posteriori policy enforcement

-         Complementing a priori and a posteriori approaches to enforcement

-         Usage control

-         Audit strategies

-         Forensics and legal issues

-         Provable enforcement

-         Accountability and liability

-         Secure logging mechanisms

-         Expression of security and privacy requirements

-         Monitoring techniques

-         Implementation experiences

 

Important dates

Manuscript submission (firm):

  November 20th 2007

Notification:

December 10th 2007

Workshop registration:

December 20th 2007

Camera-ready version:

January  2nd 2008

Workshop:

March 6th-7th 2008

 

 

 

 

 

 

 

Formatting guidelines

Submitted manuscripts should be no longer than 6 pages and describe completed research as well as work in progress.  They should be formatted according to the IEEE Computer Society Proceedings Manuscripts style (two columns, single-spaced, including figures and references, using 10pt fonts and numbering each page).  The detailed author guidelines and toolkit for manuscript preparation can be found at <http://computer.org/cspress/instruct.htm>.

 

Manuscripts will be reviewed based on originality, significance, technical soundness and clarity of exposition.  Submitted manuscripts must not substantially overlap manuscripts that have been published or that are simultaneously submitted to a journal or a conference with proceedings.

 

Submission guidelines

The papers should be submitted electronically via ARES 2008 website <http://www.ares-conference.eu/conf/>. To this end, you first create an account at ConfDriver and then submit you manuscript by logging in and selecting the APE workshop.  If there is any problem during submission, please contact the workshop organizers at <accorsi (at) iig.uni-freiburg.de> or the conference chair <anjomshoaa@ifs.tuwien.ac.at>

 

Publication

Proceedings of the APE will be published by IEEE Computer Society Press and also be made available online by IEEE Xplore.

 

Organizing committee

Rafael Accorsi (U Freiburg)

Sandro Etalle (U Twente and TU Eindhoven)

William H. Winsborough (U of Texas San Antonio)

 

Program committee

Dieter Gollmann (TU Hamburg-Harburg)

Andy Gordon (MS Research Cambridge)

Erin Kenneally (U California San Diego)

Volkmar Lotz (SAP Research Sofia Antipolis)

Fabio Martinelli (CNR Pisa)

Fabio Massacci (U of Trento)

Daniel le Metayer (INRIA)

John Mitchell (Stanford U)

Judie Mulholland (Florida State U)

Guenter Mueller (U Freiburg)

Alexander Pretschner (ETH Zurich)

Simon Shiu (HP Bristol)

Luca Vigano (U of Verona)

Daniel J. Weitzner (MIT)

Ting Yu (North Carolina State U)