Managing Insider Security
Threats
(MIST 2012)
November 8-9, 2012
Nishijin Plaza, Kyushu University, Fukuoka,
Japan
[Overview][Topic][CFP][Important Date][Submission
Guideline][Organization]
[Special Issue][Invited Talks][Program][Registration][Previous Workshops][Workshop
Venue][Contact]
ORGANIZED BY
Innovative Information Science &
Technology Research Group
## NEWS
- The tentative program is avail at here and the registration guideline is available at here.
- The submission deadline is extended to August 31, 2012
- The MIST 2012 submission system is available is here
- Prof. Dieter Gollmann will give the 2nd invited talk. titled "Security for Cyber-physical Systems"
- Prof. Eugene H. Spafford will give the 1st invited talk titled "Inside, Outside -- But Clearly Not on *Our* Side".
- The information of the workshop venue is available at here
- MIST 2012 is in cooperation with IEICE-ICSS
- MIST 2012 is in cooperation with IPSJ SIG on Security Psychology and Trust (SPT)
During the past two decades, information security technology developments have been mainly concerned with intrusion detection to prevent unauthorized attacks from outside the network. This includes hacking, virus propagation, spyware and more. However, according to a recent Gartner Research Report, information leaks have drastically increased from insiders who are legally authorized to access corporate information.
The unauthorized leak of critical or proprietary information can cause significant damage to corporate image and reputation, perhaps even weakening its competitiveness in the marketplace. On a larger scale, government and public sectors may suffer competitive loss to other nations due to an internal intelligence breach. While the leaking of critical information by insiders has a lower public profile than that of viruses and hacker attacks, the financial impact and loss can be just as devastating.
The
objective of this workshop is to showcase the most recent challenges and
advances in security and cryptography technologies and management systems for
preventing information breaches by insiders. The workshop promotes
state-of-the-art research, surveys and case analyses of practical significance.
Physical, managerial, and technical countermeasures will be covered in the
context of an integrated security management system that protects critical
cyber-infrastructure against unauthorized internal attack. We expect that this
workshop will be a trigger for further research and technology improvements
related to this important subject.
[Top]
- Theoretical
foundations and algorithms for addressing insider threats
- Insider
threat assessment and modeling
- Security
and cryptography technologies to prevent, detect, and predict insider threats
- Cryptographic
protocols against insider threats
- Validating
the trustworthiness of staff
- Post-insider
threat incident analysis
- Data
breach modeling and mitigation techniques
- Registration,
authentication and identification
- Certification
and authorization
- Database
security
- Device
control system
- Digital
forensic system
- Fraud
detection
- Network
access control system
- Intrusion
detection
- Keyboard
information security
- Information
security governance
- Information
security management systems
- Risk
assessment and management
- Log
collection and analysis
- Trust
management
- IT
compliance (audit)
- Continuous
auditing
- Corporate
ethics, accountability and integrity
- Decision-making
modeling and process
[Top]
- Submission Deadline: August 31, 2012 (Extended)
- Authors Notification: September 30, 2012
- Author Registration: October 12, 2012
- Final Manuscript: October 12, 2012
[Top]
Authors are
invited to submit original papers: they must not substantially duplicate work
that any of the authors have published elsewhere or have submitted in parallel
to any other conferences that have proceedings.
The
submission of contributions to MIST 2012 must occur through the workshop
submission system:
http://www.easychair.org/conferences/?conf=mist2012
The submission file is in PDF or PS file format produced via the Easychair Latex Class file (US letter size).
[available
at http://jowua.yolasite.com/resources/easychair.zip]
Each
paper should be at least 10 and at most 15 pages long based on the easychair
style.
Submission
of a paper implies that should the paper be accepted, at least one of the
authors will register
and present the paper at the workshop.
All
accepted papers will be published in the following journals:
- MIST
2012 Volume 1 will be published in JoWUA vol. 3, no. 4, 2012
Journal of
Wireless Mobile Networks, Ubiquitous Computing and Dependable Applications
(JoWUA)
- MIST 2012 Volume 2 will be published in JISIS
vol. 2, no. 4, 2012
Journal of
Internet Services and Information Security (JISIS)
* The
above two volumes will be available at MIST 2012
[Top]
General
Co-Chairs
Ilsun You
(Korea Bible University, Korea)
Steering Committee
Dieter
Gollmann (Hamburg University of Technology, Germany)
Kouichi
Sakurai (Kyushu University, Japan)
Program
Co-Chairs
(1)
Track: Insider Threats Prevention
Shuyuan
Mary Ho (Drexel University, USA)
(2)
Track: Information Leakage Prevention
Kangbin
Yim (Soonchunhyang University, Korea)
Local
Arrangement Chair
Yoshiaki
Hori (Kyushu University, Japan)
Program
Committee Members
William
R. Claycomb (Carnegie Mellon University, USA)
Xiaofeng Chen (Xidian University, China)
Steven
Furnell (University of Plymouth, UK)
Shinsaku Kiyomoto
(KDDI R&D Laboratories Inc., Japan)
Masahiro
Mambo (Kanazawa University, Japan)
Günther
Pernul (University of Regensburg, Germany)
Wolter
Pieters (Delft University of Technology, the Netherlands)
Kazuhiro
Minami (Institute of Statistical Mathematics, Japan)
Andrew P.
Moore (CyLab at Carnegie Mellon University, USA)
Malek Ben
Salem (Accenture Technology Labs, USA)
Dongwan
Shin (New Mexico Tech, USA)
Sean W.
Smith (Dartmouth College, USA)
Masakazu
Soshi (Hiroshima City University, Japan)
Willy
Susilo (University of Wollongong, Australia)
Shambhu
Upadhyaya (SUNY Buffalo, USA)
Zhiwei Wang (Nanjing University of Posts and Telecommunications, China)
Toshihiro
Yamauchi (Okayama University, Japan)
(More
members are being invited)
[Top]
At least 40~50% good papers presented at MIST 2012 will be invited to SCIE Indexed Journals.
(Soon, the detail plan will be announced).
[Top]
- MIST 2011 - December 1-2,
2011, Fukuoka Institute of Technology, Fukuoka, Japan (with InCos 2011)
- MIST 2010 - June 15, 2010,
Morioka, Iwate, Japan (with IFIPTM 2010)
- MIST 2009 - June 16, 2009,
Purdue University, West Lafayette, USA (with IFIPTM 2009)
[Top]
We are proud to announce the following confirmed invited speakers:
- Title: Inside, Outside -- But Clearly Not on *Our* Side
- Speaker: Prof. Eugene H. Spafford (Purdue University, USA)
Eugene H. Spafford is one of the most senior cyber security researchers in the field. During his 30 years in computing—including 24 years as a faculty member at Purdue University—Spaf (as he is widely known) has worked on issues in privacy, public policy, law enforcement, software engineering, education, social networks, operating systems, and cyber security. He has been involved in the development of fundamental technologies in intrusion detection, incident response, firewalls, integrity management, and forensic investigation. His interests range over these and many other areas, and this has been one of the factors behind his leadership of CERIAS, the Center for Education and Research in Information Assurance and Security. In that role, he continues to be a polymathic futurist, although some view him as simply an iconoclastic crank. More information: <http://info.spaf.us>.
- Abstract: Historically, the community was first concerned with insider attacks. Then, starting in the 1980s, we connected systems together and began to be concerned about outsiders. The pendulum swung nearly completely in that direction, to the point where insiders were often not considered. Now we are again considering insiders. Is this a good way to think about system protection? Is there a better way? What should we really be worried about? In this talk, I'll recount some of the issues of insider vs. outsider, history of detection, and likely future developments. I hope to provide some ideas about how to protect systems and consider the threats we face.
- Title: Security for Cyber-physical Systems
- Speaker: Prof. Dieter Gollmann (Hamburg University of Technology, Germany)
Prof. Dieter Gollmann received his Dipl.-Ing. in Engineering Mathematics (1979) and Dr.tech. (1984) from the University of Linz, Austria, where he was a research assistant in the Department for System Science. He was a Lecturer in Computer Science at Royal Holloway, University of London, and later a scientific assistant at the University of Karlsruhe, Germany, where he was awarded the 'venia legendi' for Computer Science in 1991. He rejoined Royal Holloway in 1990, where he was the first Course Director of the MSc in Information Security. He joined Microsoft Research in Cambridge in 1998. In 2003, he took the chair for Security in Distributed Applications at Hamburg University of Technology, Germany. Dieter Gollmann is the acting editor-in-chief of the International Journal of Information Security and an associate editor of the IEEE Security & Privacy Magazine.
His textbook on 'Computer Security' has appeared in its third edition.
- Abstract: Historically, the community was first concerned with insider attacks. Then, starting in the 1980s, we connected systems together and began to be concerned about outsiders. The pendulum swung nearly completely in that direction, to the point where insiders were often not considered. Now we are again considering insiders. Is this a good way to think about system protection? Is there a better way? What should we really be worried about? In this talk, I'll recount some of the issues of insider vs. outsider, history of detection, and likely future developments. I hope to provide some ideas about how to protect systems and consider the threats we face.
[Top]
For more
information, please contact the general chair, Ilsun You (ilsunu@gmail.com).
[Top]
In
Cooperation With
IPSJ SIG
on Security Psychology and Trust (SPT)
IEICE Technical Committee on
Information and Communication System Security (ICSS)
== ORGANIZED BY ==
Innovative
Information Science & Technology Research Group