2010 ACM CCS Workshop on Insider Threats

October 8, 2010

Hyatt Regency, Chicago, USA

Held in conjunction with the 2010 ACM Conference on Computer and Communications Security

Call for Papers

(This call is also available in PDF and TXT format.)

When equipped with insider knowledge, an attacker is a particular risk to an organization: they may know the policies and security measures of an organization and devise ways to subvert them. Such attackers can have a variety of motives and triggers that cause them to act against the organization's interests. Further, the mechanisms these attackers can use can range from unsophisticated abuses of their own authority to elaborate techniques to acquire unauthorized access. The duration of the attacks may be short or longer-term. Finally, the goal from these attacks can be simple exfiltration of information or even direct sabotage.

The Insider Threat has been identified as a hard, but important, computer security problem. This workshop broadly calls for novel research in the defense against insider threats. Relevant research may leverage operating systems, communication networking, data mining, social networking, or theoretical techniques to inform or create systems capable of detecting malicious parties. Cross-disciplinary work is encouraged but such work should contain a significant technical computer security contribution. Research in non-traditional systems, such as smart spaces, is encouraged as well as enterprise systems. Finally, while we discourage exploits of limited scope, we solicit generalized techniques that help an inside attacker evade modern defensive techniques.

Topics of interest include but are not limited to:

  • Novel data collection of threat indicators,
  • Detection of triggers and behavior modeling associated with insider threat development,
  • Detection of malicious users acting within their own authority against organizational interests,
  • Detection of unauthorized escalation of rights,
  • Covert exfiltration of data and approaches to thwart such techniques,
  • Automatic detection of high-value digital assets,
  • Techniques to minimize false positives in insider threat detection,
  • Advances in access control, data compartmentalization or administration of compartments,
  • Detection techniques for resource constrained clients (limited processor, bandwidth, or battery capacity),
  • Data and digital asset tracking,
  • Techniques to provide near real-time forensics

Important Dates

  • Paper Submission Due: June 28, 2010 July 2, 2010 at 11:59pm PDT
  • Acceptance Notification: August 6, 2010
  • Camera-ready Due: August 16, 2010
  • Workshop: October 8, 2010

All deadlines are firm due to publisher time constraints

Program Committee

Program Chairs

Brent Lagesse, Oak Ridge National Laboratory
Craig Shue, Oak Ridge National Laboratory

Program Committee

Michel Barbeau, Carleton University
Elisa Bertino, Purdue University
Dawn Cappelli, CERT
Erik Ferragut, Oak Ridge National Laboratory
Deborah Frincke, Pacific Northwest National Laboratory
Minaxi Gupta, Indiana University
Markus Jakobsson, FatSkunk
Apu Kapadia, Indiana University
Marc Liberatore, University of Massachusetts
Donggang Liu, University of Texas Arlington
Gerome Miklau, University of Massachusetts
Sean Smith, Dartmouth College
Matthew Wright, University of Texas Arlington


For more information, please contact shueca AT ornl.gov.