2013 International WOrkshop on ClOud Security (WOCOS)

Within the 2013 ASE International Workshop on Cyber Security

Cloud technology offers a powerful and fast growing approach to the provision of infrastructure, platform and software services without the high costs of owning, operating and maintaining the computational infrastructures required for this purpose. However, despite its appeal from the economic, operational and even energy consumption perspectives, cloud technology still raises concerns regarding the security, privacy, governance and compliance of the data and software services offered through it.

These concerns arise from the difficulty to verify security properties of the different types of applications and services available through cloud technology and the uncertainty of the owners and users of such services about the security of their services, and of the applications based on them, once they are deployed and offered through a cloud. This difficulty stems from both the fact that the provision and security of a cloud service is sensitive to potential interference between the features and behaviour of all the inter-dependent services in all layers of the cloud stack, as well as dynamic changes in them; and the fact that current cloud models and infrastructure do not provide adequate support for controlling the behaviour of cloud software and for managing the decoupling of evolution cycles of the different software components, both applications and services, which happens in these scenarios.

In this setting, system evolution, an inherent process in most computing systems, has an important impact on the security, resilience and quality of the cloud. In this line certification and other assurance approaches become crucial for establishing the necessary trust relationships. Likewise, novel testing mechanisms, engineering approaches, formal modelling paradigms, monitoring models, runtime support infrastructures, secure dynamic application building and service orchestration approaches, etc. are needed in order to fill other gaps and to restore the missing trust links in these new scenarios. The workshop will provide a forum for presenting research results, practical experiences, and innovative ideas in security infrastructures and applications for cloud computing.

The workshop will focus on Cloud Computing security, how users of Cloud systems can be educated to maintain the security posture of their systems, and how to improve the state of the art of Cloud Computing. The workshop will also look at the need to facilitate research and development of the next generation of Cloud Computing security standards and tools to assist in the creation of better, more secure systems.

Topics of the Workshop include, but are not limited to:

  • Secure Virtualization Structures
  • Privacy Enforcement for cloud applications, platforms and operations
  • Monitoring systems for cloud infrastructure/platform applications
  • Cloud security architecture and protocol
  • Data protection and secured information sharing in the cloud
  • Evolution of multi-tenant monitoring as a function of the number of tenants
  • Intra- and inter-cloud security issues and considerations
  • Privacy policy framework for clouds
  • Access control mechanisms and trust models for cloud services
  • Energy/cost/efficiency of security in clouds
  • Mobile Cloud Networking Content and Service Distribution Organization

 Workshop chairs

  • ANTONIO MUÑOZ, University of Málaga, Spain
  • ERNESTO DAMIANI, University of Milan, Italy

Submissions and Registration

Authors are invited to submit Regular Papers (maximum 8 pages) or Short Papers (maximum 4 pages) using EasyChair. Regular papers will be evaluated according to normal research conference criteria with respect to relevance, originality, and quality of the methodology and writing. Work that is highly novel, controversial, or preliminary can be submitted as a short paper. Proceedings of WOCOS 2013 will be included in the IEEE ASE CyberSecurity 2013 conference proceedings. Implementation Plan WOCOS will have a hybrid approach that will combine a traditional scientific workshop with an interactive forum for discussion of the main workshop topics, seeking the creation of a community and a clear focus on producing tangible results and making an impact on the situation of web service security and assurance.