The second international workshop on Enterprise Security

as part of CloudCom 2015 (, Vancouver, Canada, Novmber 30-December 3, 2015.

Outcome of Enterprise Security 2015:

We are very pleased to successfully deliver Enterprise Security 2015 with CloudCom 2015. Altogether 11 papers were selected out of 24 submissions. 11 papers, 1 keynote talk and 2 panel sessions were presented and there was a great discussion between participants, authors and audience. The winners of ES 2015 include the followings:

  • Best paper in Information Systems category: 
    • ES_04: The Importance of Proper Measurement for a Cloud Security Assurance Model, Bob Duncan, University of Aberdeen, UK
  • Best paper in computational category: 
    • ES_24: Risk Management Using Big Real Time Data, Zheng Xianghan, Fuzhou University, China
  • Best presenter: Dr Martin Gilje Jaatun, SINTEF ICT, Norway

Congratulations! We wish to see you again next year. Authors can extend their papers and submit to Enterprise Security Springer Book 2016 project. Please ensure that you have around 8,000 words in your main body and can justify your research contributions.



Enterprise Security Springer Book 2016 (ESSB 2016)     

Enterprise security is an important area since all types of organizations require secure and robust environments, platforms and services to work with people, data and computing applications. There are instances whereby security breach and privacy concerns have been the main factors preventing organizations to put their resources in public and community domains. Even in the private domains, there is no escape from the threat imposed by cyber security, privacy, trust and risk. We live in an information age whereby there is a massive and rapid dissemination of information. Protecting our data, privacy and rights have become increasingly important regardless where we are based and which organization that we work. Challenges such as data ownership, trust, unauthorized access and big data management should be resolved by using innovative methods, models, frameworks, case studies and analysis to reduce risk imposed by data leakage, hacking, breach of privacy and abuse use of data. To adopt the best practices, papers that can fully address security, privacy and risk concerns are welcome. We seek papers from both technical security and information system security that provide good recommendations and research contributions to enterprise security. Topics are the same as the ES 2015 workshop. Anyone with or without attending ES 2015 can submit. The important dates:

Submission deadline: March 31, 2016

Result of the first round returned: May 2, 2016 or as soon as possible

Submission deadline of the 2nd round: May 31, 2016

Notification of results: June 15, 2016 or as soon as possible

Final version of book chapter: July 8, 2016 or as early as possible


Editors: Dr Victor Chang, Leeds Beckett University, UK (corresponding editor, email: This email address is being protected from spambots. You need JavaScript enabled to view it. with the email title: Enterprise Security Springer Book 2016)

Dr Muthu Ramachandran, Leeds Beckett University, UK

Dr Bob Walters and Dr Gary Wills, University of Southampton, UK

Recommended reading:


Enterprise security is the key to achieving global information security in business and organizations. Cloud computing is a new paradigm for enterprise where businesses need to be secured. However, this new trend needs to be more systematic with respect to cloud security, which is a factor in sustaining cloud technology by building-in trust. For example, current challenges with cyber security and application security flaws are highlighting important lessons to be learned and also lead to the adoption of best practices. Similarly, as the demand for cloud services increases, the importance of security and privacy will also increase. 


One solution is to develop a framework for enterprise security to analyze and model organizational security of the cloud and its data. In particular, cloud data and cloud storage technologies (Amazon s3, drop box, Google drive, etc.) have now become normal practice for almost every computing user. This can explain why building trust for cloud users is one of the main focuses of cloud computing research. On the other hand, the social, human and business aspects of enterprise security are essential to users to keep their skills, business concepts and policies up-to-date. By maintaining all these aspects of security, organizations can develop an enterprise security solution to work together with business models, such as cloud provider enterprise model and cloud consumer enterprise model. In this way, enterprise security can address technical and organizational aspects of security to provide added value and win-win situations for users, adopters and service providers. Following the successful delivery of our workshop in 2014, we oversee the importance of enterprise security as a unique and rising field to ensure all aspects of security and risks can be identified, surveyed, tested, prototyped and minimized with recommendations and lessons learned disseminated.


By blending technical and organizational aspects of security, our workshop can provide a platform for intellectual discussions and interactions. To highlight the significance of enterprise security and disseminate research contributions in cloud community, we welcome papers addressing technical (implementations, algorithms, experiments, simulation, modeling and prototypes) and organizational (information system related issues, recommendation and best practices, frameworks, risks) issues. We offer the best paper awards and winners will be invited to contribute to high-quality journals.



  • Algorithms, software engineering and development
  • System design and implementation
  • Testing (software engineering; penetration; product development)
  • Encryption (all aspects)
  • Firewall, access control, identity management
  • Experiments of using security solutions and proof-of-concepts
  • Large-scale simulations in the Cloud, Big Data and Internet of Things
  • Intrusion and detection techniques
  • Social engineering and ethical hacking: techniques and case studies 
  • Risk Modeling, business process modeling and analytics
  • Trust and privacy
  • Data security, data recovery, disaster recovery
  • Data center management 
  • Adoption challenges and recommendation
  • Risk management and control
  • Business and economic models
  • Change management and continuous service improvement
  • Information systems related issues  
  • Conceptual frameworks and models
  • Emerging issues and recommendations for organizational security
  • E-Commerce and online banking
  • Social network analysis, emerging issues in social networks
  • Education and e-Learning
  • Surveys and their quantitative analysis
  • Architecture (technical or organizational)
  • Case studies

The focus of this workshop is to present new techniques, demonstrations, innovative approaches and case studies related to Enterprise Security. The impacts of research contributions are as follows.

- Explain how to implement enterprise security and their added values.

- Demonstrate how enterprise security can be used in different case studies.

- Describe how to resolve challenges in each adoption scenario.

- Provide reproducible steps for anyone to follow, and support reproducibility, an important aspect in Cloud Computing science.

- Explain how their Cloud services can work effectively in production and real-time

- Present how their services can make contributions to users involved in the use of Cloud services and adoption. 

- Sum up and disseminate all the lessons learned and recommendation to play an influential role in academia and industry.


Program Schedule

Papers in blue are competing for the best paper award (information system category) and papers in red can compete best paper in computational category. Names in bold are the presenters. Duration of presentation time is decided by the review outcomes.





Briefing by Workshop Chair


ES_01: Passing the Buck: Outsourcing Incident Response Management,  Alfredo Ramiro Reyes Zúñiga and Martin Gilje Jaatun SINTEF ICT, Norway


ES_20: Validating Technology Acceptance Model (TAM) during IT adoption in OrganisationsOsden Jokonya, North-West University, South Africa


Panel Discussions


Coffee break


ES_04: The Importance of Proper Measurement for a Cloud Security Assurance Model,Bob Duncan and Mark Whittington, University of Aberdeen, UK


ES_05: Information Security in the Cloud: Should We be Using a Different Approach? Bob Duncan and Mark Whittington, University of Aberdeen, UK


Keynote 1: Human and Organizational Aspects of Enterprise Security Management, Konstantin (Kosta) Beznosov, University of British Columbia, Canada


Lunch break


ES_06: Security and Privacy in Cloud Computing via Obfuscation and Diversification: a Survey, Shohreh Hosseinzadeh, Sami Hyrynsalmi and Ville Leppänen, University of Turku, Finland and Mauro Conti, University of Padova, Italy


ES_17: Cloud Storage Forensic: hubiC as a Case-Study, Ben Blakeley, Chris Cooney, Ali Dehghantanha, University of Salford, UK


ES_24: Risk Management Using Big Real Time Data, Jie Cheng, Chunming RongHuijuan Ye, University of Stavanger, Norway and Zheng Xianghan, Fuzhou University, China


ES_16: Cryptanalysis and Enhancement of a Password-Based Authentication Scheme,Mohamed Eldefrawy and Jalal Al-Muhtadi, King Saud University, Saudi Arabia




ES_14: An Efficient Framework and Access control scheme for cloud health care,Saravana Kumar N, VIT University, India and Rajya Lakshmi G.V, California State University, USA


ES_22: Risk Analysis of Business Intelligence, Raed Alsufyani / Victor Chang, Leeds Beckett University, UK


ES_23: Security decisions in a cloud HPC environment, Morgan Eldred, , Alice Good and Carl Adams, University of Portsmouth, UK


Wrap-up session, award ceremony and photographic session


The workshop chairs (Biographies at the end of the proposal):

Main chair:

Dr. Victor Chang, Leeds Beckett University, UK


Dr. Muthu Ramachandran, Leeds Beckett University, UK
Mr. Mario Hoffmann, Fraunhofer Institute for Applied and Integrated Security (AISEC), Germany
Dr. Gary Wills, University of Southampton, UK
Dr. Robert John Walters, University of Southampton, UK
Dr. Neil N. Yen, University of Aizu, Japan
Prof. Laurence T. Yang, St. Francis Xavier University, Canada
Dr. Chung-Sheng Li, IBM, US
Prof. Wendy Currie, Audencia Nantes, France


Keynote Speaker 1

Title: Human and Organizational Aspects of Enterprise Security Management
Konstantin (Kosta) Beznosov is an Associate Professor at the Department of Electrical and Computer Engineering, University of British Columbia, where he directs the Laboratory for Education and Research in Secure Systems Engineering. His research interests are usable security, mobile security and privacy, security and privacy in online social networks, and web security. Prior UBC, he was a Security Architect at Hitachi Computer Products (America) and Concept Five. Besides many academic papers, he is also a co-author of “Enterprise Security with EJB and CORBA” and “Mastering Web Services Security” books, as well as XACML and several CORBA security specifications. He has served on program committees and/or helped to organize SOUPS, ACM CCS, IEEE Symposium on Security & Privacy, NSPW, NDSS, ACSAC, SACMAT. Prof. Beznosov has served as an associate editor of ACM Transactions on Information and System Security (TISSEC) and Elsevier’s Computers & Security.



Program Committee:

Mitra Arami, American University of Middle East, Kuwait
Reinhold Behringer, Leeds Beckett University, United Kingdom
Victor Chang, Leeds Beckett University, United Kingdom
Sidney Chapman, Freelance, Australia
Tzu-chun Chen, TU Darmstadt, Germany
Chung-Sheng Li, IBM, USA
Muthu Ramachandran, Leeds Beckett University, United Kingdom
Jose Simao, Instituto Superior de Engenharia de Lisboa, Portugal
Robert John Walters, University of Southampton, United Kingdom
Gary Wills, University of Southampton, United Kingdom
Fara Yahya, University of Southampton, United Kingdom


Important dates:
Paper Submissions:  August 4, 2015  August 11, 2015
Notification of Acceptance: August 25, 2015  August 30, 2015
Camera Ready Versions: September 15, 2015
Other relevant information:


  • Disseminate good practices and case studies offered by in the use of Enterprise Security.
  • Demonstrate the proof-of-concepts, prototypes, algorithms, software engineering and development.
  • Disseminate on how to resolve existing issues in Enterprise Security and the added value offered by Enterprise Security.
  • Present case studies, frameworks, recommendations and new research/enterprise contributions to the organizations that adopt and improve on their security policies, technologies and practices.

Workshop: We will select good papers demonstrating their merits in offering research/enterprise contributions. Each presentation will take around 25 minutes, and be followed by about 5 minutes of questions and answer session per talk. The chairs will also have a final discussion topic right before the end of the workshop. We welcome researchers in either technical or organizational aspects of Enterprise Security, as well as industrial practitioners in Enterprise Security to join our discussions and social interactions.

Submission Process

Authors are invited to submit papers containing unpublished, original work (not under review elsewhere) of up to 6 pages of double column text using single spaced 10 point size on 8.5 x 11 inch pages, as per IEEE 8.5 x 11 manuscript guidelines. Templates are available from:

Authors should submit a PDF file. Papers conforming to the above guidelines can be submitted through the workshop's EasyChair submission system. At least one author of each accepted submission must attend the workshop and all workshop participants must pay at least the CloudCom 2015 workshop registration fee. All accepted papers will be published by the IEEE in the same volume as the main conference.


All presented papers will be undertaken with a double-blind review process, and extended versions of the workshop papers will be likely to be published in a special issue: Enterprise Security, International Journal of Organizational and Collective Intelligence (IJOCI) and Open Journal of Big Data (OJBD). We plan to set up a special issue with leading journals for top paper CloudCom delegate winners. A Cloud security book by Springer edited by the main chair will be available for workshop/conference delegates. We have a special section in International Journal of Information Management (IJIM). The best paper based on the review maybe invited to submit one article. The best paper winner in computation/prototype/experiment/simulation category after our workshop will be invited to a forthcoming special issue in Future Generation Computer Systems (FGCS, IF=2.786). Please submit your papers on EasyChair:


Additionally, 1 top paper in each category can be either invited to Computers and Electrical Engineering, Special Issue on: “Methods and Tools for Programming Many-core Embedded Systems" or Journal of Personal and Ubiquitous Computing (IF=1.6), Special Issue on: “Internet of People and Situated Computing".



Dr. Victor Chang is a Senior Lecturer in the School of Computing, Creative Technologies at Leeds Beckett University, UK and a visiting Researcher at the University of Southampton, UK. He is an expert on Cloud Computing and Big Data in both academia and industry with extensive experience in related areas since 1998. Dr Chang completed a PGCert (Higher Education) and PhD (Computer Science) within four years while working full-time. He has over 70 peer-reviewed published papers. He won £20,000 funding in 2001 and £81,000 funding in 2009. He was involved in part of the £6.5 million project in 2004, part of the £5.6 million project in 2006 and part of a £300,000 project in 2013. Dr Chang won a 2011 European Identity Award in Cloud Migration. He was selected to present his research in the House of Commons in 2011 and won the best student paper in CLOSER 2012. 

He has demonstrated ten different Cloud Computing and Big Data services in both of his practitioner and academic experience. His proposed frameworks have been adopted by several organizations. He is the founding chair of international workshops on Emerging Software as a Service and Analytics and Enterprise Security. He is a joint Editor-in-Chief (EIC) in International Journal of Organizational and Collective Intelligence and a founding EIC in Open Journal of Big Data. He is the Editor of a highly prestigious journal, Future Generation Computer Systems (FGCS). He is a reviewer of numerous well-known journals. He has 27 certifications with 97% on average. He is a keynote speaker of CLOSER/WEBIST/ICT4AgeingWell 2015. Dr Chang has published three books on Cloud Computing which are available on Amazon website. Dr. Victor Chang obtained 1 award and 4 certificate in a single conference in May 2015 to set another record.


Dr. Muthu Ramachandran is a Principal Lecturer at Leeds Metropolitan University. He has extensive research coupled with teaching background and experiences on software and systems engineering methods & lifecycle. He is an expert in SOA, Cloud and security. 

Muthu is an author of two books. He is also an edited co-author of a book. He has also widely authored published journal articles, book chapters and conferences materials on various advanced topics in software engineering and education. He is a member of various professional organizations and computer societies. He is also invited speaker on 5th International symposium on SOA Cloud 2012, London. Muthu’s research projects and books publications can be accessed on and on


Mario D. Hoffmann is head of department “Service & Application Security” at Fraunhofer Institute for Applied and Integrated Security (AISEC) in Garching (near Munich), Germany. His research interest has been dedicated to user centric identity management in contextual environments. Following the “Laws of Identity” he designed an identity management middleware layer for the EU project HYDRA (2006-2010). He aims at establishing life management platforms empowering the user to interact with personalised environments in a privacy preserving way. In Dec 2013 he was awarded “Privacy by Design Ambassador” by the Information & Privacy Commissioner Ontario. 

Mario has been chair of the Working Group ”Security&Trust” of the Wireless World Research Forum (WWRF) from 2005 to 2012. Since 2009 he has been an active role in the Kantara Initiative – hosting the yearly conference in 2012. Moreover, he is a member of ACM, Germany’s Gesellschaft für Informatik, Chaos Computer Club, and Digitalcourage.


Dr. Gary Wills is an Associate Professor in Computer Science at the University of Southampton. He graduated from the University of Southampton with an Honours degree in Electromechanical Engineering, and then a PhD in Industrial Hypermedia systems. He is a Chartered Engineer, a member of the Institute of Engineering Technology and a Principal Fellow of the Higher Educational Academy. He is also an adjunct professor at the Cape Peninsular University of Technology and a research professor at RLabs. Gary’s research projects focus on System Engineering and applications for industry, medicine and education, see research pages for more information. He has several students working in related areas to Enterprise Security.


Dr. Robert John Walters is an Assistant Professor in Computer Science at the University of Southampton. His research interests include middleware, distributed computing, hypermedia and graphical formal modeling language. Related Experiences: Dr. Robert John Walters is supervising a few PhD students specializing in Cloud Computing and security.


Dr. Neil Y. Yen is an Associate Professor at the University of Aizu, Japan. Dr. Yen received doctorates in Human Sciences (major in Human Informatics) at Waseda University, Japan, and in Engineering (major in Computer Science) at Tamkang University, Taiwan in March and June 2012 respectively. His doctor degree at Waseda University was funded by the JSPS (Japan Society for the Promotion of Science) under RONPAKU program. Dr. Yen has actively involved himself in the international activities, including editorial works in journals and books, society services in academic conferences sponsored by IEEE/ACM, etc., and devoted himself to discover advanced and interesting research directions. Dr. Yen has been engaged in the interdisciplinary realms of research, and his research interests are now primarily in the scope of human-centric computing, computational intelligence, and big data.


Prof. Laurence T. Yang graduated from Tsinghua University, China and got his Ph.D in Computer Science from University of Victoria, Canada. He joined St. Francis Xavier University in 1999. His current research includes parallel and distributed computing, embedded and ubiquitous/pervasive computing. He has published many papers in various refereed journals, conference proceedings and book chapters in these areas, including around 100 international journal papers in numerous IEEE Transactions journals. He has been involved actively in conferences and workshops as a program/general/steering conference chair and numerous conference and workshops as a program committee member. He served as the vice-chair of IEEE Technical Committee of Supercomputing Applications (TCSA) until 2004, was the chair (elected in 2008 and 2010) of IEEE Technical Committee of Scalable Computing (TCSC), the chair of IEEE Task force on Ubiquitous Computing and Intelligence (2009- ). He was also in the steering committee of IEEE/ACM Supercomputing conference series (2008-2011), and the National Resource Allocation Committee (NRAC) of Compute Canada (2009-2013).

In addition, he is the editors-in-chief of several international journals. He is serving as an editor for many international journals. He has been acting as an author/co-author or an editor/co-editor of many books from Kluwer, Springer, Nova Science, American Scientific Publishers and John Wiley & Sons. He has won several Best Paper Awards (including IEEE Best and Outstanding Conference Awards such as the IEEE 20th International Conference on Advanced Information Networking and Applications (IEEE AINA-06), etc); one Best Paper Nomination; Distinguished Achievement Award, 2005; Canada Foundation for Innovation Award, 2003. He has been invited to give around 30 keynote talks at various international conferences and symposia.


Dr. Chung-Sheng Li is currently the director of the Commercial Systems Department, PI for the IBM Research Cloud Initiatives, and the executive sponsor of the Security 2.0 strategic initiative. He has been with IBM T.J. Watson Research Center since May 1990. His research interests include cloud computing, security and compliance, digital library and multimedia databases, knowledge discovery and data mining, and data center networking. He has authored or coauthored more than 130 journal and conference papers and received the best paper award from IEEE Transactions on Multimedia in 2003. He is both a member of IBM Academy of Technology and a Fellow of the IEEE. He received BSEE from National Taiwan University, Taiwan, R.O.C., in 1984, and the MS and PhD degrees in electrical engineering and computer science from the University of California, Berkeley, in 1989 and 1991, respectively.


Prof. Wendy Currie is a Professor in Information Systems at the School of Management, Audencia Nantes, France. She is Founding Editor-in-Chief of Health Policy and Technology, published by Elsevier and owned by a UK Charity, the Fellowship of Postgraduate Medicine. She was formally, Professor and Head of Information Systems and Management at Warwick Business School. She has an extensive experience and publication in information systems, IT in healthcare, organizational issues for IT adoption, information security and cloud computing. She has served on the editorial boards of Management Information Systems Quarterly, Information Systems Research, Journal of IT and the ACM IEEE Transactions on Management Information Systems (ACM TMIS). She is currently working on several research projects including, a cross-national study of electronic health (e-health) in 29 EU Member States, cloud computing adoption and diffusion in the U.S, France and UK, and mobile health benchmarking. She holds a PhD in Management and a BSc in Sociology.


Please visit our social media websites: