CCSW 2011: The ACM Cloud Computing Security Workshop
in conjunction with the 17th ACM Conference on Computer and Communications Security (CCS)
October 21, 2011, SWISSÔTEL Chicago, Chicago, IL.

Check out CCSW 2012 !

Notwithstanding the latest buzzword (grid, cloud, utility computing, SaaS, etc.), large-scale computing and cloud-like infrastructures are here to stay. How exactly they will look like tomorrow is still for the markets to decide, yet one thing is certain: clouds bring with them new untested deployment and associated adversarial models and vulnerabilities. It is essential that our community becomes involved at this early stage. The CCSW workshop aims to bring together researchers and practitioners in all security aspects of cloud-centric and outsourced computing, including:
  • practical cryptographic protocols for cloud security
  • secure cloud resource virtualization mechanisms
  • secure data management outsourcing (e.g., database as a service)
  • practical privacy and integrity mechanisms for outsourcing
  • foundations of cloud-centric threat models
  • secure computation outsourcing
  • remote attestation mechanisms in clouds
  • sandboxing and VM-based enforcements
  • trust and policy management in clouds
  • secure identity management mechanisms
  • new cloud-aware web service security paradigms and mechanisms
  • cloud-centric regulatory compliance issues and mechanisms
  • business and security risk models and clouds
  • cost and usability models and their interaction with security in clouds
  • scalability of security in global-size clouds
  • trusted computing technology and clouds
  • binary analysis of software for remote attestation and cloud protection
  • network security (DOS, IDS etc.) mechanisms for cloud contexts
  • security for emerging cloud programming models
  • energy/cost/efficiency of security in clouds
We would like to especially encourage novel paradigms and controversial ideas that are not on the above list. The workshop is to act as a fertile ground for creative debate and interaction in security-sensitive areas of computing impacted by clouds.

Student Stipends
Student stipends are available to attend CCSW. Please apply on the CCS website (direct link here) and mention CCSW as your target workshop. We plan on awarding 5-10 student travel grants (a function also of the quality of the applications). Don't forget to mention CCSW as your workshop of choice if you'd like to be considered by us. Also please explain why you are a good fit to attend the workshop.

Important Dates
Submissions due: July 1, 2011 (11:59pm PDT)  July 16, 2011 (18:00h UTC)
Author notification: August 4, 2011  August 11, 2011
Camera-ready: August 19, 2011  August 22, 2011
Panel submissions due: August 10, 2011
Workshop: October 21, 2011

CCSW is soliciting full papers of up to 12 pages and short papers of up to 6 pages. Submissions must be in double-column ACM format with a font no smaller than 9 point. Please use the ACM SIG Proceedings Templates, available at
the ACM website. Only PDF files will be accepted. Submissions not meeting these guidelines risk rejection without consideration of their merits. Accepted papers will be published by the ACM Press and/or the ACM Digital Library.

Both research and position/vision/white papers are invited. Submissions must not substantially overlap with papers that have been published or that are simultaneously submitted to a journal or a conference with proceedings. All authors and their affiliations must be listed. Each accepted paper must be presented by one registered author. Please submit your paper here.

Proposals for panels are also solicited. The proposals are to be concise, up to 2 pages in length, describe the handled topics, name potential panelists and briefly scope the panel for CCSW. Disruptive and controversial panels are particularly encouraged.

Keynote Speakers

Tim Brown
SVP Chief Security Architect and Distinguished Engineer
CA Technologies, Security Business

Tim Brown is a SVP distinguished engineer and chief security architect for the Security business unit at CA Technologies. He has overall technical direction and oversight responsibilities for the CA security products. This includes solutions to control users, their access and how they use information across physical, virtual and cloud environments. With more than 20 years of information security expertise, Brown has been involved in many areas of security including identity and access management, security compliance, threat research, vulnerability management, encryption and managed security services.

Brown has worked with many companies and government agencies to implement sound and practical security policies and solutions. He is on the board of the Open Identity Exchange, and has provided expert testimony at a U.S. Congressional hearing entitled "Cyber Security R&D." He also is a frequent speaker on the evolution of security and cloud computing.

Prior to joining CA Technologies, he spent 12 years at Symantec where in the CTO office he was responsible for companywide technical architecture, integration, gap analysis and technical strategy.

Brown is an avid inventor with over 20 filed patents in the security field. He is active in promoting cross-industry initiatives and has participated on a number of standards boards.

Charlie Kaufman
Security Architect, Windows Azure

Charlie Kaufman is security architect for Windows Azure, Microsoft's public cloud service. Previously, he was a member of the Windows Core Architecture Group, and before that was security architect for Lotus Notes and Domino at IBM. He's and active member of the Internet Engineering Task Force and was the lead designer of IKEv2, the key management protocol for IPsec. He is author of the popular textbook: "Network Security: Private Communication in a Public World".

John Manferdelli
Intel Senior Principal Engineer

John Manferdelli is co-lead of the Intel Science and Technology Center for Secure Computing. Previously, he was a distinguished engineer at Microsoft where he ran the Extreme Computing Group (XCG) System, Security, and Quantum Computing research group. His group performed research on computer security, cryptography, and quantum computing. In his role there, he also advised product groups on security and cryptography. He joined Microsoft in 1995 when his company, Natural Language, Inc., was acquired by them. Before that he held various positions at Lawrence Livermore National Laboratory, Bell Labs, the University of Washington, and the Stevens Institute of Technology.

The workshop takes place at the CCS venue, the SWISSÔTEL Chicago, and the room will be the Grand I-II.

  08:30 Welcome
The Organizers
  Session: Resource Management   Chair: Hovav Shacham  
  08:30-08:50 All Your Clouds are Belong to us - Security Analysis of Cloud Management Interfaces
Juraj Somorovsky, Mario Heiderich, Meiko Jensen, Joerg Schwenk, Nils Gruschka and Luigi Lo Iacono
  08:50-09:05 Trusted Platform-as-a-Service: A Foundation for Trustworthy Cloud-Hosted Applications
Andrew Brown and Jeff Chase
  09:05-09:25 Verifiable Resource Accounting for Cloud Computing Services (Position Paper)
Vyas Sekar and Petros Maniatis
  Keynote I   Chair: Thomas Ristenpart  
  09:30-10:15 Clouds and their Discontents
John L. Manferdelli (Intel)
  10:15-10:45 Break
  Session: Virtualization   Chair: Ari Juels  
  10:45-11:05 An Exploration of L2 Cache Covert Channels in Virtualized Environments
Yunjing Xu, Michael Bailey, Farnam Jahanian, Kaustubh Joshi, Matti Hiltunen and Richard Schlichting
  11:05-11:20 Eliminating Fine Grained Timers in Xen
Bhanu C. Vattikonda, Sambit Das and Hovav Shacham
  11:20-11:40 Automated Verification of Virtualized Infrastructures
Soeren Bleikertz, Thomas Gross and Sebastian Moedersheim
  Keynote II   Chair: Christian Cachin  
  11:45-12:30 What's Different about Security in a Public Cloud?
Charlie Kaufman (Microsoft)
  12:30-14:00 Lunch
  Keynote III   Chair: Radu Sion  
  14:00-14:45 Cloud Security - Myth or Reality?
Tim Brown (CA Technologies)
  Session: Verification and Legal Concerns   Chair: Kui Ren  
  14:50-15:10 Detecting Fraudulent Use of Cloud Resources
Joseph Idziorek, Mark Tannian and Doug Jacobson
  15:10-15:30 Do You Know Where Your Cloud Files Are?
Karyn Benson, Rafael Dowsley and Hovav Shacham
  15:30-15:50 Managing Multi-Jurisdictional Requirements in the Cloud: Towards a Computational Legal Landscape
David Gordon and Travis Breaux
  15:50-16:15 Break
  Session: Cryptographic Protocols   Chair: Seny Kamara  
  16:15-16:35 Can Homomorphic Encryption be Practical?
Kristin Lauter, Michael Naehrig and Vinod Vaikuntanathan
  16:35-16:50 Oblivious RAM Simulation with Efficient Worst-Case Access Overhead
Michael T. Goodrich, Michael Mitzenmacher, Olga Ohrimenko and Roberto Tamassia
  16:50-17:10 Privacy-Preserving Outsourcing of Brute-Force Key Searches
Ghassan O. Karame, Srdjan Capkun and Ueli Maurer
  17:10-17:30 Towards Ensuring Client-Side Computational Integrity (Position Paper)
George Danezis and Benjamin Livshits
  17:30 Closing
The Organizers

The accepted papers
are also listed here.

Please register
here on the main CCS website.


Kristin Lauter, Microsoft
Adrian Perrig, Carnegie Mellon
Radu Sion, Stony Brook (chair)
Gene Tsudik, UC Irvine
Moti Yung, Google Inc.

Christian Cachin, IBM Research - Zurich
Thomas Ristenpart, University of Wisconsin, Madison

Mark Lee Badger, National Institute of Standards and Technology
Jeffrey Chase, Duke University
Mihai Christodorescu, IBM Research
Byung-Gon Chun, Yahoo Research
Nick Feamster, Georgia Institute of Technology
Bryan Ford, Yale University
Jonathon Giffin, Georgia Institute of Technology
Ari Juels, RSA Labs
Seny Kamara, Microsoft Research
Ruby Lee, Princeton University
David Molnar, Microsoft Research
Cristina Nita-Rotaru, Purdue University
Alina Oprea, RSA Labs
KyoungSoo Park, Korea Advanced Institute of Science and Technology
Kui Ren, Illinois Institute of Technology
Rodrigo Rodrigues, Max Planck Institute for Software Systems
Matthias Schunter, IBM Research
Elaine Shi, University of California, Berkeley and PARC
Alexander Shraer, Yahoo Research
Nigel Smart, University of Bristol
Andrew Warfield, University of British Columbia
Dongyan Xu, Purdue University

Interested in sponsoring CCSW (this or next year)? Please
contact us directly.

Previous Workshops
Check out
CCSW 2009 and CCSW 2010.

Updated: June 8, 2011

© 2009-2011 NSAC Lab.

All Rights Reserved.