WASH 2006 The 1st Workshop on Automated Self-Healing (WASH) Held in conjunction with ESORICS 2006 Important Dates: Workshop: September 18th, 2006 Paper submissions due: July 15th, 2006 (deadline extended) Author notification: August 7th, 2006 http://nsl.cs.columbia.edu/wash2006/ CALL FOR PAPERS A key problem in computer security is the inability of systems to automatically protect themselves from attacks, especially when attacks are delivered via previously unseen inputs or exploit previously unknown vulnerabilities. Exploits will continue to emerge and take advantage of mistakes in system design, construction, configuration, and deployment. It is difficult, if not impossible, to perceive or predict all threats a priori. Since many attacks are automated, it appears that defense systems must also be automated. Recent advances in secure systems have led to a growing interest in self-healing software as a solution to this problem. However, the unpredictable nature of attacks, the imprecision of detection mechanisms, and the dearth of analysis and hard guarantees for automatic response systems has led to a lack of confidence and a justifiable degree of skepticism about the use of automated defense and self-healing systems. This workshop is a forum to address these challenges by bringing together experts in the field to share ideas, techniques, and information in order to gain a deeper understanding of these problems, the underlying principles of Secure Self-Healing, and potential solutions. The workshop encourages the submission of both analytical and systems-oriented papers from academia, industry, and government. In particular, we solicit papers including, but not limited to, the following topics: * Self-healing Applications & Techniques o Survivable software and frameworks o Automated recovery of networks from DoS or misconfiguration o Self-healing routing algorithms o Post detection response learning and adaptation o System repair and recovery techniques (control flow, data structures, etc.) o Host-based intrusion prevention o Vulnerability-specific identification and protection * Measurement & Evaluation of Self-healing Systems o Testing self healing techniques o Empirical studies of network self-healing techniques o Assessment or proof of the quality of self-generated 'fixes' o Assessing the success rate of recovery techniques o Identifying appropriate deployment scenarios (e.g., types of applications: scientific, server-type, etc.) o Tradeoffs of self-healing systems (optimization vs robustness) o Economic models for self-healing o Formal analysis and algorithms for self-healing o Analytical bounds on confidence of intrusion response o Experience reports on successes (and failures) of automated defense * Challenges o Self-healing techniques against multi-stage or stealthy attacks o Instrumentation of software systems that aid in self-healing (retrofitting legacy software) o Programming language support for self-healing software o Ideas that challenge the immune system analogy o Unsupervised learning mechanisms for intrusion detection We solicit papers that describe original and novel work. The preference is for papers that show solid early thinking on new ideas rather than minor extensions of author's previous work. Papers must be written in English and should be at most 5 pages long (double column) in an 11-point font with at least 1-inch margins, excluding references. Papers submitted must be original unpublished work and must not be simultaneously submitted or under review for any other workshop, conference, or journal. Submissions should included all authors names and affiliations (reviewing is not blind). Panel proposals must include the title of the panel, a 2-paragraph abstract describing the topic and why it should be of interest to the WASH community, and a list of panelists that have agreed to serve on the panel. Panels are expected to be at most 1 hour long, comprised of short presentations by the panelists followed by discussion among panel members and the audience; other formats may be used, but should be described in the proposal. Papers must be received by 23:59:59 (PDT) of July 15th, 2006. Reviews of submissions and notification of acceptance or rejection will be sent to the authors no later than August 7, 2006, and, for papers to appear in the WASH Proceedings, authors will have an opportunity to revise their work based on the comments of the reviewers and the feedback at the workshop. PLEASE NOTE: Authors of accepted papers must guarantee that their paper will be presented at the workshop. For more information about submission and paper details, please see the website at: http://nsl.cs.columbia.edu/wash2006/ Important Dates: Paper submissions due: July 15th, 2006 Acceptance notifications: August 7th, 2006 ESORICS Conference: September 18 -- 20, 2006 WASH Workshop: September 18th, 2006 Program Committee: * Scott Alexander (Telecordia) * Kostas Anagnostakis (I2R) * Ivan Balepin (UC Davis) * David Brumley (CMU) * Rean Griffith (Columbia University) * Sotiris Ioannidis (Stevens Institute of Technology) * Zhenkai Liang (SUNY Stony Brook) * James Newsome (CMU) * Vassilis Prevelakis (Drexel) * Martin Rinard (MIT) * Anil Somayaji (Carlton University) * Sal Stolfo (Columbia University) Organizers * Michael E. Locasto * Stelios Sidiroglou * Angelos Stavrou