Call for Papers - FIRST 2002 - 2nd notice

From: Roger Safian (r-safianat_private)
Date: Wed Oct 24 2001 - 07:46:20 PDT

  • Next message: Ofir Arkin: "Xprobe 0.0.2 Released"

    		14th Annual Computer Security
    		  Incident Handling Conference
    		Hilton Waikoloa Village, Hawaii
    			June 24-28, 2002
    			Call for Papers
    This text is also available at
    The Forum of Incident Response and Security Teams (FIRST, is a global organization whose aim is to
    facilitate the sharing of security-related information and to foster
    cooperation in the effective prevention, detection, and recovery
    from computer security incidents. Its members are CSIRTs (Computer
    Security Incident Response Teams) from government, commercial,
    academic, and other environments.
    The FIRST conference ( brings
    together IT managers, system and network administrators, security
    specialists, academics, security solutions vendors, CSIRT personnel
    and anyone interested in
       * the most advanced techniques in detecting and responding to
         computer security incidents
       * the latest improvements in computer security tools, methodologies,
         and practice
       * sharing their views and experiences with those in the computer
         security incident response field
    The Conference
    The conference is a five day event, comprising two days of tutorials
    and three days of technical sessions which include refereed paper
    presentations, invited talks, and panel discussions.
    The conference will discuss the most recent practical issues in
    computer and network security, focusing on incident response.
    The program committee solicits original contributions on the
    following topics:
       * Incident Response
         Specific Incidents:
            o large computer virus outbreaks
            o Distributed Denial-of-Service (DDOS) attacks
            o Privacy and Intellectual Property incidents
            o insider incident response
         General Issues:
            o intrusion detection, analysis, and response automation
            o collecting evidence
            o computer and network forensics
       * CSIRT Operation and Tools
            o CSIRT Best Practices
            o automation of CSIRT operations
    	o informing customers of new security threats (vulnerabilities,
    	  exploitation tools, viruses, etc.)
            o vulnerability analysis and advisory process
            o drafting incident response and security policies
    	o experience with security tools, both commercial and free,
    	  both experimental and stable
            o new approaches to attack analysis
            o OS-specific log analysis tools
            o multi-source intrusion detection analysis
       * Response Team Cooperation and Legal Issues
            o coordinating international incident handling
            o trust relationships in incident response
            o international legal and liability in incident response
            o dealing with black hats
       * New Technologies, New Vulnerabilities
    	o impact of new technologies (IPSEC and others) on incident
            o vulnerabilities in WAP enabled web applications
            o vulnerabilities in PDA and Pocket PC's
            o forensics on wireless devices
            o experiences with deploying VoIP
            o commercial shopping and banking systems
       * Other Topics
            o competition, espionage, and information warfare
            o secure system and network administration
            o secure programming techniques and practices
            o Internet service providers and security
            o intruder profiling
            o outsourcing security -- managed security services
    Tutorial Submission
    Three tutorial tracks are planned:
       * The first track is oriented toward IT managers and will deal
         with topics such as drafting security policies incorporating
         policies for incident response, computer forensics, setting
         up security infrastructures, etc.
       * The second track is oriented toward technical staff and will
         provide in-depth information on security tools, designing
         security architectures, intrusion detection and monitoring
         tools, web security, etc. - in particular COMPUTER FORENSICS
         is a special interest topic this year.
       * The third track is tailored for people interested in building
         and organizing an incident response team or related services
         like security advisories, vulnerability analysis, etc.
    Proposals are solicited from experts interested in giving a tutorial.
    Tutorials may be half or full day in length and can cover topics
    either at an introductory or advanced level.
    All tutorial submissions will be handled electronically. Authors
    should email the completed submission form (attached below) to
    Individuals interested in submitting tutorial proposals are encouraged
    to contact the program chair
    before the deadline to discuss the proposed content.
    Panel Submission
    Panels are solicited that examine innovative, controversial, or
    otherwise provocative issues of interest.
    All panel submissions will be handled electronically.  Authors
    should e-mail the completed submission form (attached below) to
    A reduction of the conference fee will be offered to panel organizers.
    Paper Submission
    Authors are invited to submit papers, preferably in PostScript or
    PDF format (RTF and HTML are also accepted). The length should not
    exceed 12 pages typeset in a 12-point font. A detailed synthesis
    (2 pages minimum) will be considered if it gives a clear reflection
    of the contents and key points of the coming paper.
    All paper submissions will be handled electronically.  Authors
    should email a version of their paper and the completed submission
    form (attached below) to paper2002at_private
    Authors will receive an immediate notification of the successful
    receipt of the file containing their paper.  Subsequently, a second
    notification of receipt will be sent after the paper has been
    printed successfully.
    A reduction of the conference fee will be offered to one author of
    each accepted paper.
    Process of Selection
    Papers, tutorials, and panels will be evaluated by the program
    committee based on their quality and relevance. Each proposal will
    be reviewed by at least three independent reviewers, whose reviews
    will be relayed to the corresponding author. All submissions are
    held in confidentiality prior to publication in the proceedings.
    Submissions received after the deadline will not be considered
    unless an extension has been granted.  Authors must obtain employer,
    client, or government releases prior to submitting the final
    Accepted papers will be presented by their authors and will be
    published in the conference proceedings. The proceedings are provided
    free of charge to conference attendees. Additional copies will be
    available for purchase at the conference.
    FIRST requires a non exclusive copyright license for all the papers
    presented at the conference and for the presentation material. This
    includes potential distribution on a conference CD and/or the FIRST
    Important Dates
     Submission deadline:                November 16, 2001
     Notification of acceptance:         January 11, 2002
     Final version of the paper due:     March 11, 2002
     Final presentation material
     (slides) due:                       May 1, 2002
    Note that tutorial and panel proposals, as well as papers (or
    detailed syntheses, as described above) are expected to arrive
    prior to the submission deadline (NOVEMBER 16) in order to be
    If you have questions about the submission process, don't hesitate
    to send them to the appropriate email address:
       * paper2002at_private
       * tuto2002at_private
       * panel2002at_private
    Program Committee
    Cristina SERBAN (Chair), chair2002at_private - AT&T Labs, USA
    Anne BENNETT - Concordia University - Canada
    David CROCHEMORE - CERT Renater - France
    Kathy FITHEN - PriceWaterhouseCoopers - USA
    Dan GARRETT - ETG Inc. - USA
    Klaus-Peter KOSSAKOWSKI - Germany
    Larry LEIBROCK - eforensic - USA
    Xing LI - CCERT - China
    Chaeho LIM - CERTCC-KR - Korea
    Francisco MONSERRAT COLL - IRIS-CERT - Spain
    David MAILLARD - Intexxia - France
    David MORTMAN - Siebel Systems - USA
    Claudia NATANSON - British Telecom - UK
    Steve ROMIG - Ohio State University - USA
    Roger SAFIAN - Northwestern University - USA
    Kurt SAUER - Sun Microsystems - France
    Derrick SCHOLL - Sun Microsystems - USA
    Elizabeth SIEMERS - Guardent - USA
    Hironobu SUZUKI - JPCERT/CC - Japan
    Franck VEYSSET - Intranode - France
    Proposal Submission Form
    The Proposal Submission Form for the FIRST 2002 Conference is
    available on-line at 
    Roger A. Safian 
    r-safianat_private (email) public key available on many key servers.
    (847) 491-4058   (voice)
    (847) 467-5690   (Fax) "You're never too old to have a great childhood!"

    This archive was generated by hypermail 2b30 : Wed Oct 24 2001 - 08:15:36 PDT