The first international workshop on Enterprise Security
as part of CloudCom 2014 (http://2014.cloudcom.org/), Singapore, 15-18 December, 2014.
Enterprise security is the key to achieving global information security in business and organizations. Cloud computing is a new paradigm for enterprise where businesses need to be secured. However, this new trend needs to be more systematic with respect to cloud security, which is a factor in sustaining cloud technology by building-in trust. For example, current challenges with cyber security and application security flaws are highlighting important lessons to be learned and also lead to the adoption of best practices. Similarly, as the demand for cloud services increases, the importance of security and privacy will also increase.
One solution is to develop a framework for enterprise security to analyze and model organizational security of the cloud and its data. In particular, cloud data and cloud storage technologies (Amazon s3, drop box, Google drive, etc.) have now become normal practice for almost every computing user. This can explain why building trust for cloud users is one of the main focuses of cloud computing research. On the other hand, the social, human and business aspects of enterprise security are essential to users to keep their skills, business concepts and policies up-to-date. By maintaining all these aspects of security, organizations can develop an enterprise security solution to work together with business models, such as cloud provider enterprise model and cloud consumer enterprise model. In this way, enterprise security can address technical and organizational aspects of security to provide added value and win-win situations for users, adopters and service providers.
By blending technical and organizational aspects of security, our workshop can provide a platform for intellectual discussions and interactions. To highlight the significance of enterprise security and disseminate research contributions in cloud community, we welcome papers addressing technical (implementations, algorithms, experiments, simulation, modeling and prototypes) and organizational (information system related issues, recommendation and best practices, frameworks, risks) issues.
- Algorithms, software engineering and development
- System design and implementation
- Testing (software; penetration; product development)
- Encryption, access control, identity management
- Experiments of using security solutions and proof-of-concepts
- Large-scale simulations in the Cloud and Big Data
- Intrusion and detection techniques
- Risk Modeling, business process modeling
- Trust and privacy
- Data security, disaster recovery
- Data center management
- Adoption challenges and recommendation
- Risk management and control
- Business models
- Change management
- Information systems related issues
- Conceptual frameworks and models
- Emerging issues and recommendations for organizational security
- E-Commerce and online banking
- Social network analysis, emerging issues in social networks
- Education and e-Learning
- Surveys and their quantitative analysis
- Architecture (technical or organizational)
- Case studies
The focus of this workshop is to present new techniques, demonstrations, innovative approaches and case studies related to Enterprise Security. The impacts of research contributions are as follows.
- Explain how to implement enterprise security and their added values.
- Demonstrate how enterprise security can be used in different case studies.
- Describe how to resolve challenges in each adoption scenario.
- Provide reproducible steps for anyone to follow, and support reproducibility, an important aspect in Cloud Computing science.
- Explain how their Cloud services can work effectively in production and real-time
- Present how their services can make contributions to users involved in the use of Cloud services and adoption.
- Sum up and disseminate all the lessons learned and recommendation to play an influential role in academia and industry.
Date: 15 Dec 2014
|8:30-8:55||Coffee and welcome|
|8:55-9:00||Briefing (main chair)|
Recommendations and Best Practices for Cloud Enterprise Security
Homomorphic Exclusive-or Operation Enhance Secure Searching on Cloud Storage
A Wavelet Entropy-based Change Point Detection on Network Traffic:A Case Study of Heartbleed Vulnerability
Towards Strong Accountability for Cloud Service Providers
A Framework to Assist Organizations with It Adoption Governance
OpenStack Secure Enterprise File Sync and Share Turnkey Solution
Yen-Hung Kuo,Tzu-Wei Yeh,Guang-Yan Zheng,Jyun-Kai Wu,Chao-Chin Yang,Jia-Ming Lin
Seamless Enablement of Intelligent Protection for Enterprise Cloud Applications through Service Store
Towards Establishing Security-Aware Cloud Markets
A Mantrap-Inspired, User-Centric Data Leakage Prevention (DLP) Approach
Trust Challenges in a High Performance Cloud Computing Project
Factors Influencing an Organisation's Intention to Adopt Cloud Computing in Saudi Arabia
Security Challenges in Cloud Storages
Towards a Framework for Securing a Document Outside an Organisational Firewall
|17:30-17:45||Award ceremony and photographic session|
Title: Secure Database and Data Mining Techniques for Secure Cloud Data Management and Analytics
Speaker: Dr. Ng Wee Keong
Data security is a widely acknowledged and discussed issue for enterprises migrating their IT systems to the cloud. The concern is that data confidentiality may be compromised when data is outsourced to a cloud service provider that is unable to technically and legally provide such guarantee. An intuitive and ideal approach is to encrypt the data before uploading the server and to have the server perform operations on the encrypted data without excessive computational overheads. What is the state-of-the-art and what are the remaining issues to realize this goal? This talk provides an overview on two broad groups of work that have been looking at related problems for the past two decades. The first group looks at supporting encrypted data management supporting store, search, and retrieval of encrypted data in a multi-user setting. The second group looks at privacy-preserving data mining via the secure multi-party computation approach. Collectively, both groups provide the much needed data security needs for secure cloud computing.
Academic Keynote 2
Title: Trustworthy Cloud Services by Dynamic Certification
Speaker: Mr. Mario Hoffmann
In general, cloud service certifications attempt to assure a high level of security and compliance. Cloud services, however, are part of an ever-changing environment. Multi-year validity periods, thus, may put in doubt the reliability of certifications. This talk will illustrate how continuous auditing of selected certification criteria could be achieved by aggregating and interpreting could sensor data in order to assure continuously reliable and secure cloud services and thereby increase the trustworthiness of certifications.
Title: Cloud Data and Cloud Storage Security Solutions
Speaker: Dr Khin Mi Mi, Aung
Several studies show that Cloud Computing tops the highest increase in IT adoption rate. Enterprises are taking advantage of the efficiencies, flexibilities, and cost-savings made possible by Cloud Computing Environments. Despite the adoption rate of Cloud Computing, many are still NOT outsourcing their IT workloads in the public cloud. Security remains the top concern in Cloud Computing adoption. Because data is one of the most valuable assets of any enterprise, outsourcing the processing of this valuable asset is a huge business risk. The enterprises do not have control of the security of the data once they outsource the storage and processing into the public Cloud. This talk will address some of the biggest security concerns of enterprises when adopting to the cloud and security solutions for enterprise applications that run in the Public Cloud.
The workshop chairs (Biographies at the end of the proposal):
Dr. Victor Chang, Leeds Beckett University and University of Southampton, UK
Dr. Muthu Ramachandran, Leeds Beckett University, UK
Dr. Gary Wills, University of Southampton, UK
Dr. Robert John Walters, University of Southampton, UK
Dr. Chung-Sheng Li, IBM, US
Prof. Wendy Currie, Audencia Nantes, France
Paper Submissions: September 8, 2014
Notification of Acceptance: September 20, 2014
Camera Ready Versions: October 14, 2014
Other relevant information:
- Disseminate good practices and case studies offered by in the use of Enterprise Security.
- Demonstrate the proof-of-concepts, prototypes, algorithms, software engineering and development.
- Disseminate on how to resolve existing issues in Enterprise Security and the added value offered by Enterprise Security.
- Present case studies, frameworks, recommendations and new research/enterprise contributions to the organizations that adopt and improve on their security policies, technologies and practices.
Workshop: We will select good papers demonstrating their merits in offering research/enterprise contributions. Each presentation will take around 25 minutes, and be followed by about 5 minutes of questions and answer session per talk. The chairs will also have a final discussion topic right before the end of the workshop. We welcome researchers in either technical or organizational aspects of Enterprise Security, as well as industrial practitioners in Enterprise Security to join our discussions and social interactions.
Authors are invited to submit papers containing unpublished, original work (not under review elsewhere) of up to 6 pages of double column text using single spaced 10 point size on 8.5 x 11 inch pages, as per IEEE 8.5 x 11 manuscript guidelines. Templates are available from:
Authors should submit a PDF file. Papers conforming to the above guidelines can be submitted through the workshop's EasyChair submission system. At least one author of each accepted submission must attend the workshop and all workshop participants must pay at least the CloudCom 2014 workshop registration fee. All accepted papers will be published by the IEEE in the same volume as the main conference.
All presented papers will be undertaken with a double-blind review process, and extended versions of the workshop papers will be likely to be published in a special issue: Enterprise Security, International Journal of Organizational and Collective Intelligence (IJOCI) and Open Journal of Big Data (OJBD).
2 best papers of the workshop will be invited to the contribute to a special issue of Future Generation Computer Systems (a leading journal in CS/IT): Big Data in the Cloud under the theme of security topic of the special issue. Further details will be announced after the workshop.
Please submit your papers on EasyChair: https://www.easychair.org/conferences/?conf=es2014
Dr. Victor Chang is a Senior Lecturer at Leeds Beckett University and a Visiting Researcher at University of Southampton. He has been a technical lead in web applications, web services, database, grid, cloud, storage/backup, bioinformatics, financial computing and research and has also successfully delivered many IT projects in Taiwan, Singapore, Australia, and the UK since 1998. Victor is experienced in a number of different IT subjects and has 27 certifications with 97% on average, including security certifications offered by several vendors. He completed PGCert (Higher Education) and PhD (C.S) within four years part-time while working full-time, whereby the distance between his work and research is hundreds of miles away.
Victor is a winner in 2011 European Identity Award in On Premise to Cloud Migration. He was selected to present his research in the House of Commons, UK, in 2011. He won the best student paper in CLOSER 2012. Victor demonstrated several different types of Cloud services in both of his practitioner and academic experience. He has 27 publications in the last four years as the first author. In April 2014 he received 5 certificates in a single international conference. His recent work with Dr Muthu Ramachandran on Cloud security will be published in a pretigious journal.
Dr. Muthu Ramachandran is a Principal Lecturer at Leeds Beckett University. He has extensive research coupled with teaching background and experiences on software and systems engineering methods & lifecycle. He is an expert in SOA, Cloud and security.
Muthu is an author of two books. He is also an edited co-author of a book. He has also widely authored published journal articles, book chapters and conferences materials on various advanced topics in software engineering and education. He is a member of various professional organizations and computer societies. He is also invited speaker on 5th International symposium on SOA Cloud 2012, London. Muthu's research projects and books publications can be accessed on www.se.moonfruit.com and on www.soft-research.com
Dr. Gary Wills is an Associate Professor in Computer Science at the University of Southampton. He graduated from the University of Southampton with an Honours degree in Electromechanical Engineering, and then a PhD in Industrial Hypermedia systems. He is a Chartered Engineer, a member of the Institute of Engineering Technology and a Principal Fellow of the Higher Educational Academy. He is also an adjunct professor at the Cape Peninsular University of Technology and a research professor at RLabs. Gary's research projects focus on System Engineering and applications for industry, medicine and education, see research pages for more information. He has several students working in related areas to Enterprise Security.
Dr. Robert John Walters is an Assistant Professor in Computer Science at the University of Southampton. His research interests include middleware, distributed computing, hypermedia and graphical formal modeling language. Related Experiences: Dr. Robert John Walters is supervising a few PhD students specializing in Cloud Computing.
Dr. Chung-Sheng Li is currently the director of the Commercial Systems Department, PI for the IBM Research Cloud Initiatives, and the executive sponsor of the Security 2.0 strategic initiative. He has been with IBM T.J. Watson Research Center since May 1990. His research interests include cloud computing, security and compliance, digital library and multimedia databases, knowledge discovery and data mining, and data center networking. He has authored or coauthored more than 130 journal and conference papers and received the best paper award from IEEE Transactions on Multimedia in 2003. He is both a member of IBM Academy of Technology and a Fellow of the IEEE. He received BSEE from National Taiwan University, Taiwan, R.O.C., in 1984, and the MS and PhD degrees in electrical engineering and computer science from the University of California, Berkeley, in 1989 and 1991, respectively.
Prof. Wendy Currie is a Professor in Information Systems at the School of Management, Audencia Nantes, France. She is Founding Editor-in-Chief of Health Policy and Technology, published by Elsevier and owned by a UK Charity, the Fellowship of Postgraduate Medicine. She was formally, Professor and Head of Information Systems and Management at Warwick Business School. She has an extensive experience and publication in information systems, IT in healthcare, organizational issues for IT adoption, information security and cloud computing. She has served on the editorial boards of Management Information Systems Quarterly, Information Systems Research, Journal of IT and the ACM IEEE Transactions on Management Information Systems (ACM TMIS). She is currently working on several research projects including, a cross-national study of electronic health (e-health) in 29 EU Member States, cloud computing adoption and diffusion in the U.S, France and UK, and mobile health benchmarking. She holds a PhD in Management and a BSc in Sociology.