THE 12th ANNUAL FIRST CONFERENCE on COMPUTER SECURITY and INCIDENT HANDLING CHICAGO, IL 25 - 30 JUNE 2000 CALL FOR PAPERS OVERVIEW The Forum of Incident Response and Security Teams (FIRST, http://www.first.org/) brings security incident response teams together including government, commercial, and academic organizations. World-wide, FIRST aims to foster cooperation and coordination in incident prevention to prompt rapid reaction to incidents and to promote information sharing among members and the global community. The FIRST conference (http://www.first.org/conference/2000/) brings together IT managers, system and network administrators, security practitioners, academia, security solutions vendors, Computer Security Incident Response Team personnel and everyone interested in: - the most advanced techniques in detecting and responding to computer security incidents, - the latest advances in computer security tools, methodologies and practice, - sharing their views and experience in the computer security field. The conference is a five day event, two days of tutorials and three days of technical sessions including refereed paper presentations, invited talks, and panel discussions. Technical sessions The focus of the conference is on the most recent practical advances in computer security in all its aspects. The Program Committee is soliciting original papers analyzing, among other topics, methodologies for drafting security policies, recent intrusion techniques, describing experiences in building incident response capabilities, working security architectures, pros and cons of both commercial and experimental pro-active security tools. The presentation of new security tools and methodologies, when their actual effectiveness and applicability are shown, is also welcome. Topics of interest include, but are not limited to, the following: - security policy writing - risk analysis - international legal issues - computer forensics - liability issues - legal and administrative issues in incident handling - competition, espionage, information warfare - vulnerability analysis and advisory process - coordinating international incidents - intrusion detection, response, and analysis - building perimeter defenses - secure network administration - building security infrastructures against internal attacks - securing operating systems - experiences with virus/antivirus - experiences with commercial security tools - Java/ActiveX security - proactive security tools - Internet service providers and security - programming securely - collecting evidences - experience with PKI'’. Tutorial Submission Two tutorial tracks are planned. One oriented to IT managers will deal with topics such as drafting a security policy, organizing incident response teams, computer forensics, setting up a PKI. The second track is oriented to technical staff and will provide information on security tools, designing security architectures, monitoring tools and web security, etc. Proposals are solicited from individuals interested in giving a tutorial. Tutorials may be half or full day in length and cover topics at an introductory or advanced level. Proposals for tutorials should be submitted to the following address: tuto2000at_private and should include an extended abstract describing the topic and objectives, a detailed outline of the content, a description of the intended audience, a biography of the speaker(s), and an indication of length (full or half day). Individuals interested in submitting tutorial proposals are encouraged to contact the Program Chair before the deadline to discuss the proposed content. Panel Submission Panels are solicited that examine innovative, controversial, or otherwise provocative issues of interest. Panel proposals should not exceed 3 pages, including biographical sketches of the panelists. Potential panel organizers should contact the Program Chair. Paper Submission Authors are invited to submit papers, preferably in Post Script or PDF format, RTF and HTML are also accepted, whose length does not exceed 15 double spaced typeset pages. All paper submissions will be handled electronically. Authors should e-mail a version of their full paper to first2000at_private In addition, authors should separately send via e-mail title, author names and full address, specifying the corresponding author, and abstract of their paper to the Program Chair. Authors will receive an immediate notification of the successful receipt of the file containing their paper. Subsequently, a formal notification will be sent after verifying that the paper can be printed successfully. Papers will be evaluated by the program committee based on their quality and relevance. Each paper will be reviewed by three independent reviewers, whose reviews will be relayed to the corresponding author. All submissions are held in the highest confidentiality prior to publication in the proceedings. Papers submitted after the deadline will not be accepted unless an extension has been granted. Authors must obtain employer, client, or government releases prior to submitting the final manuscript. Accepted papers will be presented during the conference and will be published in the conference proceedings. The proceedings are provided free of charge to conference attendees. Additional copies will be available for purchase at the conference. IMPORTANT DATES Submission Deadline: November 15, 1999 Notification of Acceptance: January 20, 2000 Final Version Due: March 15, 2000 PROGRAM COMMITTEE M. Bishop, UC Davis (USA) D. Bruschi, Univ. di Milano (IT), PC Chair, chair2000at_private W. Caelli, Queensland Univ. of Tech. (AU) D. Crochemore, CERT - Renater (FR) D. Gollmann, Microsoft (UK) K. Hooker, Univ. of Wisconsin (USA) K. Houle, CERT-CC (USA) K. Kossakowski, SECU-CERT (D) M. Miqueu, CERT-IST (FR) C. Nathanson, BT (UK) M. J. Ranum, NFR (USA) C. Serban, ATT (USA) P. Sommer, LSE (UK) D. Stikvoort, Stelvio (NL) MICHELE SENSALARI CERT-IT
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 15:07:51 PDT