Pre-Conference Workshops on Monday, October 30, 2017

We live in an interconnected world where ever increasing multitudes of devices and people can be connected to each other by intelligent algorithms, apps, social networks, and the infrastructure set by Internet of Things (IoT). As more people and their devices are connected without much restriction, the issues of security, privacy, and trust remain a challenge. Multimedia in IoT services should provide robust and resilient security platforms and solutions against any unauthorized access. Recent literature shows increased concerns about hacking, security breaches, data manipulation, social engineering and new attack methods. Malware can be hidden within multimedia files and visiting infected websites can trigger its download to victims' machines. There are a multitude of techniques to steal personal information and other sensitive media for unauthorized dissemination; imposters/identity thefts are common in social networks. In order to demonstrate the effectiveness of resilient security and privacy solutions, methods such as new standards, advanced cryptography, improved algorithms for intrusion detection, personalized privacy and isolation of questionable or malicious files can be used independently or all together to minimize the threats.

The need for privacy-aware policies, regulations and techniques has been widely recognized. This workshop discusses the problems of privacy in the global interconnected societies and possible solutions. The 2017 Workshop, held in conjunction with the ACM CCS conference, is the sixteenth in a yearly forum for papers on all the different aspects of privacy in today's electronic society.

The static nature of current computing systems has made them easy to attack and hard to defend. Adversaries have an asymmetric advantage in that they have the time to study a system, identify its vulnerabilities, and choose the time and place of attack to gain the maximum benefit. The idea of moving-target defense (MTD) is to impose the same asymmetric disadvantage on attackers by making systems dynamic and therefore harder to explore and predict. With a constantly changing system and its ever adapting attack surface, attackers will have to deal with a great deal of uncertainty just like defenders do today. The ultimate goal of MTD is to increase the attackers’ workload so as to level the cybersecurity playing field for both defenders and attackers - hopefully even tilting it in favor of the defender. This workshop seeks to bring together researchers from academia, government, and industry to report on the latest research efforts on moving-target defense, and to have productive discussion and constructive debate on this topic.

During the past decades, information security developments have been mainly concerned with preventing illegal attacks by outsiders, such as hacking, virus propagation, and spyware. However, according to a recent Gartner Research Report1), information leakage caused by insiders who are legally authorized to have access to some corporate information is increasing dramatically. These leakages can cause significant damages such as weakening the competitiveness of companies (and even countries). Information leakage caused by insiders occurs less frequently than information leakage caused by outsiders2), but the financial damage is much greater. Countermeasures in terms of physical, managerial, and technical aspects are necessary to construct an integral security management system to protect companies' major information assets from unauthorized internal attackers. The objective of this workshop is to showcase the most recent challenges and advances in security technologies and management systems to prevent leakage of organizations' information caused by insiders. It may also include state-of-the-art surveys and case analyses of practical significance. We expect that the workshop will be a trigger for further research and technology improvements related to this important subject.

PLAS aims to provide a forum for exploring and evaluating ideas on the use of programming language and program analysis techniques to improve the security of software systems. Strongly encouraged are proposals of new, speculative ideas, evaluations of new or known techniques in practical settings, and discussions of emerging threats and important problems. We are especially interested in position papers that are radical, forward-looking, and likely to lead to lively and insightful discussions that will influence future research that lies at the intersection of programming languages and security.

Differential privacy is a promising approach to privacy-preserving data analysis. Differential privacy provides strong worst-case guarantees about the harm that a user could suffer from participating in a differentially private data analysis, but is also flexible enough to allow for a wide variety of data analyses to be performed with a high degree of utility. Having already been the subject of a decade of intense scientific study, it has also now been deployed in products at government agencies such as the U.S. Census Bureau and companies like Apple and Google.

Researchers in differential privacy span many distinct research communities, including algorithms, computer security, cryptography, databases, data mining, machine learning, statistics, programming languages, social sciences, and law. This workshop will bring researchers from these communities together to discuss recent developments in both the theory and practice of differential privacy.

We hope this workshop can attract more female cybersecurity professionals and female students (including both graduate and undergraduate students) to attend top security conferences such as ACM CCS. In addition, it will provide opportunities for female researchers to network, as well as sharing career development experiences. The workshop is motivated by the significant gender imbalance in all security conferences, in terms of both the number of publishing authors and attendees. What causes this gender imbalance remains unclear. However, multiple research studies have shown that a diverse group is more creative, diligent, and productive than a homogeneous group. In order to maintain a sustainable and creative workforce, substantial efforts need to be made by our security community to broaden the participation from women and other underrepresented groups in cyber security research conferences. This inaugural workshop will consist of invited talks by leading researchers, a panel, lightening talks, and a social event.

Post-Conference Workshops on Friday, November 3, 2017

The focus of this workshop will be the application of scientific practices to cyber security research. The research may address a wide variety of technical questions in the cyber domain and the maturity of the work can span the range of initial ideas and proofs of concept to mature work that is ready for operational implementation. The content of the papers should emphasize the implementation of science practices and the tradeoffs between simplifications to obtain interpretable results vs. observational studies of systems in the wild where the results can lead to ambiguous interpretations. Papers will be evaluated for the reproducibility of the work as represented by the documentation of methods and testing environments.

Cyber-Physical Systems (CPS) integrate computing and communication capabilities with monitoring and control of entities in the physical world. These systems are usually composed of a set of networked agents, including sensors, actuators, control processing units, and communication devices. While some forms of CPS are already in use, the widespread growth of wireless embedded sensors and actuators is creating several new applications in areas such as medical devices, autonomous vehicles, and smart infrastructure, and is increasing the role that the information infrastructure plays in existing control systems such as in the process control industry or the power grid.

The 2017 Workshop on Forming an Ecosystem Around Software Transformation (FEAST 2017) will be held in conjunction with the 24th ACM Conference on Computer and Communications Security (CCS) on 03 November 2017. The workshop is geared toward discussion and understanding of several critical topics surrounding software executable transformation for improving the security and efficiency of all software used in security-critical applications. The scope of discussion for this workshop will include topics that may be necessary to fully exploit the power and impact of late-stage software customization efforts as described in the Call for Papers.

The 1st Workshop on Attacks and Solutions in Hardware Security (ASHES) deals with all aspects of hardware security, welcoming any contributions to this area. Among other things, it particularly highlights emerging techniques and methods, as well as recent application areas within the field. This includes new attack vectors, novel designs and materials, lightweight primitives, use of nanotechnology, PUFs on the methodological side, as well as the internet of things, automotive security, smart homes, pervasive and wearable computing on the applications side.

In order to meet the requirements of these rapidly developing subareas, ASHES hosts four categories of papers: Classical short and full research papers; systematization of knowledge papers (which subsume, structure, and systematize a certain subarea); and, finally, wild and crazy papers (whose purpose is the rapid dissemination of seminal, disruptive ideas within the community).

The workshop will host several technical sessions and invited keynotes by Srini Devadas (MIT), Ulfar Erlingsson (Google), and Ahmad-Reza Sadeghi (Darmstadt).

The future of the Internet-of-Things is already upon us; a variety of sensors and devices are already available in the market, ranging from smart light bulbs to juicers, barbeques, and security systems. This has implications for privacy—what sort of information are these sensors collecting about users?—and security, with recent Internet-scale DDoS attacks caused by thousands of cheap, poorly patched devices. Motivated by an increasing number of attacks and information leaks, IoT device manufactures, cloud providers, and researchers are working to design systems to secure to control the flow of in- formation between devices, to detect new vulnerabilities; and to provide security and privacy within the context of user and the devices. While researchers continue to tackle IoT security and privacy, many questions remain open. Further, with the growing adoption of IoT devices, we will see a growth in the number of security and privacy issues. The goal of the First ACM CCS Workshop on IoT S&P is to bring together academic and industry researchers from the security and communication communities to design, measure, and analyze secure and privacy enhancing systems for IoT devices.

The use and prevalence of cloud and large-scale computing infrastructures is increasing. They are projected to be a dominant trend in computing for the foreseeable future: major cloud operators are now estimated to house millions of machines each and to host substantial (and growing) fractions of corporate and government IT infrastructure. CCSW is a forum for bringing together researchers and practitioners to discuss the challenges and implications of current and future trends to the security and privacy of cloud operators, tenants, and the larger Internet community. Of special interest are the security and privacy challenges from the integration of cloud infrastructures with IoT and mobile application deployments. We invite submissions on new threats, countermeasures, intelligent algorithms, novel paradigms, controversial ideas, unconventional approaches, and opportunities brought about by the move to cloud computing, as well as measurement and case studies that shed light on the security and privacy implications of clouds.

AISec serves as the primary meeting place for diverse researchers in security, privacy, AI, and machine learning, and as a venue to develop the fundamental theory and practical applications supporting the use of machine learning for security and privacy. The workshop addresses on this burgeoning community who are especially focused on (among other topics) learning in game-theoretic adversarial environments, privacy-preserving learning, or use of sophisticated new learning algorithms in security.