Home      Log In      Contacts      FAQs      INSTICC Portal
 
Special Session
9th International Workshop on Security in Information Systems - WOSIS 2012

28 June, 2012 - Wrocław, Poland

In conjunction with the 14th International Conference on Enterprise Information Systems - ICEIS 2012


CO-CHAIRS

David G. Rosado
University of Castilla-la Mancha
Spain
 
Brief Bio
David G. Rosado holds a Ph.D. in Computer Science from University of Castilla-La Mancha and has an MSc in Computer Science from the University of Málaga (Spain). His research activities are focused on security for Information systems and Cloud Computing. He has published several papers in national and international conferences on these subjects. He is a member of the GSYA research group of the Information Systems and Technologies Department at the University of Castilla-La Mancha, in Ciudad Real, Spain.
Luis Enrique Sánchez Crespo
Sicaman Nuevas Tecnologias
Spain
 
Brief Bio
Not Available
Carlos Blanco
University of Cantabria
Spain
 
Brief Bio
Carlos Blanco has an MSc and PhD in Computer Science from the University of Castilla-La Mancha (Spain). He is working as a lecturer at the Science Faculty at the University of Cantabria (Spain) and is a member of the GSyA Research Group at the School of Computer Science at the University of Castilla-La Mancha (Spain). His research activity is in the field of Security for Information Systems and its specially focused on Data Warehouses, OLAP tools, MDD and Ontologies. He has published several communications, papers and book chapters related with these topics. He is author of several papers in international journals such as DSS, CSI, JUCS, JRPIT, IJBIDM. He is involved in the organization of several international workshop (WOSIS, WISSE, MoDiC) and has served as reviewer for international journals, conferences and workshops (CSI, ASE, IJITDM, JUCS, JITSE, JWE, ARES, DaWaK, SECRYPT, EssOs, etc.).
Jan Jürjens
Fraunhofer ISST and TU Dortmund
Germany
 
Brief Bio
.
Keynote Lecture

Dr. Christos Kalloniatis


Biography of Dr. Christos Kalloniatis

Principal Lecturer in Secure Systems and Software Development.
Dr. Christos Kalloniatis holds a bachelor degree from the Department of Informatics of the Technological Institute of Athens (2000). In 2001 he took his master degree on Computer Science from the University of Essex, UK. In 2008 he finished his PhD at the Department of Cultural Technology and Communication of the University of the Aegean. The objective of his PhD was the protection of privacy during the design of Information Systems. From 2003 until 2011 he taught as an Adjunct Lecturer at the Department of Cultural Technology and Communication of the University of the Aegean. From January 2012 he is a lecturer in the same department. He is an author of several refereed papers in international scientific journals and conferences. He has also served in various administrative positions in Greek public sector with the most recent position as an advisor of the Special Secretary of the Operational Program "Administrative Reform" in the Ministry of Interior, Decentralisation and Electronic Governance..

Abstract

Nowadays the rapid development of new information infrastructures increases users' dependability on Information Systems and this can lead to a vulnerable information society based on insecure technologies. Indeed, more and more users access services and electronically transmit information which is usually disseminated over insecure networks and processed by websites and databases, which lack proper security protection mechanisms and tools. This may have an impact on both the users' trust as well as the reputation of the system's stakeholders. As the nature of software systems change, with systems becoming more complex, interconnected and liable to continuous change and evolution, it is necessary to develop appropriate methods and techniques to ensure user's security and privacy. Research efforts aiming at the protection of users' security and privacy fall in two main categories: the development of requirements engineering methods and the development of respective implementation techniques. This presentation aims on introducing new research efforts for designing secure and privacy oriented information systems. Also new challenges that arise from the implementation of cloud oriented applications are presented.

SCOPE

Information Systems Security is one of the most pressing challenges facing all kinds of organizations today. Although many companies have discovered how critical information is to the success of their business or operations, very few have managed to be effective in maintaining their information secure, avoiding unauthorized access, preventing intrusions, stopping secret information disclosure, etc.

There are various definitions of security, but all of them basically agree on the same components. Security in information systems considers the protection of information and of the systems that manage it, against a wide range of threats in order to ensure business continuity, minimize risks and maximize the return on investment and business opportunities.

Security is, therefore, currently a widespread and growing concern that covers all areas of society: business, domestic, financial, government, and so on. In fact, the so-called information society is increasingly dependent on a wide range of software systems whose mission is critical, such as air traffic control systems, financial systems, or public health systems. The potential losses that are faced by businesses and organizations that rely on all these systems, both hardware and software, therefore signify that it is crucial for information systems to be properly secured from the outset.

With the increasing dependence that the information society has on Information and Communication Technology (ICT), the need to protect information is increasingly important for companies. The demand for products, systems and services with which to manage and maintain information is therefore increasing, and the realization of superficial security controls is not sufficient. It is necessary to apply a rigorous approach to the assessing and improvement of the security of products and processes that take place in the context of ICT. This has led to the emergence of Information Security Management Systems (ISMS), which are of great importance to the stability of companies’ information systems.

In this new edition of WOSIS, the traditional information systems security topics will remain but we want explicitly focus the workshop on one of the most important issues and currently considered as it is security in Cloud computing. Although there are many benefits to adopting cloud computing, there are also some significant barriers to adoption as is security followed by issues regarding compliance, privacy and legal matters. Security is the main obstacle for many organizations in their move to the cloud, related to risk areas such as external data storage, dependency on the “public” internet, multi-tenancy and integration with internal security. The objective of this new edition is to contribute to the study and analysis of solutions and approaches which help to achieve and facilitate the level of security needed for such distributed environments and that its adoption is not any problem for the society, administration and enterprise.

Topics of Interest
Topics of interest include, but are not limited to:

Topics for Cloud Computing
  • Security Engineering for Cloud-Based Systems
  • Security Requirements Engineering for Cloud-Based Systems
  • Risks and threats in Cloud
  • Privacy and Data protection in Cloud
  • Cloud Legal Issues
  • Trust and policy management in Clouds
  • Issues and recent approaches in portability, interoperability and migration
  • Secure migration processes to cloud computing
  • Security in migration models
  • Systems adapted to the cloud
  • Storage security
  • Cloud Infrastructure Security
  • Security Governance in the Cloud
  • Risk management and assessment and third-party risk management
  • Identity & Access Management in the Cloud
  • Security and Virtualization
  • Security in SaaS, PaaS and IaaS
  • Security in Cloud applications
  • Cloud security models
  • MDA and MDS applied to cloud computing
  • Case studies

Rest of topics
  • Security in Software development Life Cycle
  • Information Security Management System
  • Security Management and Assessment
  • Analysis and management of risks
  • Security Implementation, Secure programming and Security Deployment
  • Case studies and experiences of secure software
  • Security culture
  • IT Governance
  • IT Service Continuity
  • Language-based Security
  • Open Security Standards and Security Certification
  • Common practice, legal and regulatory issues
  • Security for SOA, Web Services, Grid computing
  • Security for Databases and Data Warehouses
  • Metadata and Security
  • Secure Data Management
  • Workflow and Business Process Security
  • Security Metrics and Measurement
  • Security Ontologies
  • Security in Software Product Lines
  • Distributed and Network Security
  • Security & Trust Models
  • Authentication, Authorization and Access Control
  • Anonymity and Privacy
  • Security for Mobile Computing, sensors networks, multimedia systems
  • Security for Electronic Commerce, Electronic Business and e-Services (e-voting, e-banking, e-governement, e-health)
  • Security in Social Networks
  • Security for embedded systems, smart cards and RFID
  • Security Issues in Ubiquitous/Pervasive Computing
  • Intellectual Property Protection
  • Digital Rights Management (DRM). Mobile DRM
  • Personal Data Protection for Information Systems and Digital Identity management
  • Access Control and Rights Expression Languages
  • Semantic Web Technologies applied to Security
  • Security Engineering
  • Disaster Recovery and Failure Prevention
  • Incident Response and Prevention
  • Intrusion Detection and Fraud Detection
  • Biometric Security
  • Cryptology: Cryptography and Cryptanalysis
  • Information hiding: Steganography & Steganalysis
  • Digital Forensics
  • Cyber terrorism
Workshop Program Committee

Andreas Bauer, National ICT Australia, , Australia
Rajkumar Buyya, University of Melbourne and Manjrasoft Private Limited, , Australia
Mihai Christodorescu, IBM, , United States
Ernesto Damiani, EBTIC-KUSTAR, , United Arab Emirates
Sabrina de Capitani di Vimercati, Università degli Studi di Milano, , Italy
Jaime Delgado, Universitat Politècnica de Catalunya, , Spain
Csilla Farkas, University of South Carolina, , United States
Eduardo B. Fernandez, Florida Atlantic University, , United States
Maria Carmen Fernández, University of Málaga, , Spain
Eduardo Fernández-medina, University of Castilla-La Mancha, , Spain
Steven Furnell, University of Plymouth, , United Kingdom
Debasis Giri, Haldia Institute of Technology, , India
Shareeful Islam, University of East London, , United Kingdom
Hugo Jonker, University of Luxembourg, , Luxembourg
Stamatis Karnouskos, SAP, , Germany
Shinsaku Kiyomoto, KDDI Research Inc., , Japan
Spyros Kokolakis, University of the Aegean, , Greece
Jaejoon Lee, Lancaster University, , United Kingdom
Luigi Lo Iacono, Cologne University of Applied Sciences, , Germany
Antonio Maña, University of Malaga, , Spain
Raimundas Matulevicius, University of Tartu , , Estonia
Daniel Mellado, Spanish Tax Agency & GSyA Research Group , , Spain
Haralambos Mouratidis, University of Brighton, , United Kingdom
Federica Paci, University of Trento , , Italy
Brajendra Panda, University of Arkansas, , United States
Siani Pearson, HP Labs, Bristol, , United Kingdom
Günther Pernul, University of Regensburg, , Germany
Mario Piattini, Escuela Superior de Informatica, , Spain
Indrakshi Ray, Colorado State University, , United States
Alfonso Rodriguez, University of Bio-Bio, , Chile
Ketil Stolen, SINTEF, , Norway
Ambrosio Toval, University of Murcia, , Spain
Duminda Wijesekera, George Mason University, , United States
Toshihiro Yamauchi, Okayama University, , Japan

Paper Submission
Prospective authors are invited to submit papers in any of the topics listed above.
Instructions for preparing the manuscript (in Word and Latex formats) are available at: Paper Templates
Please also check the Submission Guidelines.
Papers should be submitted electronically via the web-based submission system at: http://www.insticc.org/Primoris
Publications
All accepted papers (full, short and posters) will be published in a special section of the conference proceedings book - under an ISBN reference and on CD-ROM support - and submitted for indexation by Thomson Reuters Conference Proceedings Citation Index (ISI), INSPEC, DBLP and EI (Elsevier Index).
All papers presented at the conference venue will be available at the SciTePress Digital Library (http://www.scitepress.org/DigitalLibrary/). SciTePress is member of CrossRef (http://www.crossref.org/).
The best papers will have the chance to publish extended and revised versions in a special issue of Computer Standards and Interfaces in the ISI Journal Citation Reports with Impact factor of 0.825.
Secretariat Contacts
ICEIS Workshops - WOSIS 2012
e-mail: iceis.workshops.secretariat@insticc.org
footer