DIMACS/BIC/A4Cloud/CSA International Workshop on Trustworthiness, Accountability and Forensics in the Cloud (TAFC)

June 6 - 7, 2013
Hotel NH Málaga Málaga, Spain
held in conjunction with 7th IFIP WG 11.11 International Conference on Trust Management.

Organizers:
James Clarke, Waterford Institute of Technology - TSSG, (co-chair)
Rebecca Wright, Rutgers University, (co-chair)
Julie Grady, HP Labs Bristol
Aljosa Pasic, AtoS Spain SA
Siani Pearson, HP Labs Bristol
Keyun Ruan, University College Dublin
Contact information: tafc at dimacs.rutgers.edu
Presented under the auspices of the DIMACS Special Focus on Cybersecurity supported by the National Science Foundation under Grants Number CCF 1144502 and CNS 1040356. Any opinions, findings, and conclusions or recommendations expressed in this material are those of the author(s) and do not necessarily reflect the views of the National Science Foundation.
Workshop Announcement

Topic

Cloud computing is an enabler for innovation. Cloud computing has been widely advocated as a "game changer" in the EU's economy, for example as stated at the 2012 Davos Summit in January 2012 by European Commission Vice-President Neelie Kroes, who has pledged to work towards increasing the adoption of Cloud. At the Summit, Ms. Kroes stated that the main obstacles currently impeding broader cloud adoption are standards, certification, data protection, interoperability, lock-in, and legal certainty. This workshop will address such issues with a particular focus on how accountability and transparency can enhance trustworthiness in the cloud, and the technical and policy mechanisms required to enable them. The split of control over data and operations among cloud actors, particularly cloud service providers and cloud consumers has made trust management a critical focus for accelerating cloud adoption. Currently there is a lack of transparency and accountability from the provider side as for service provisioning/de-provisioning, tenant isolation, data processing and movement, privacy protection as well as many other aspects which were once fully under the control and monitoring of the consumer. Even if key terms are being added into cloud contracts (Service Level Agreements), processes and techniques must be developed to continuously monitor and audit these terms and ensure adequate transparency, and cloud providers must both provide adequate security and privacy and be prepared to provide adequate evidence about security and privacy provision. Many of these required capabilities overlap with forensic and investigative techniques. Cloud forensics, i.e., post-incident investigation in cloud computing environments, is an emerging area faced with significant challenges compared with traditional computer/network forensics; however, the cloud also offers unique opportunities such as cost-effectiveness, elasticity and service-oriented modelling that might facilitate investigations both for internal security incident management and for civil/criminal investigations.

The TFAC 2013 workshop will bring together experts from computer science and other disciplines to discuss collectively how public and private sectors as well as the research community can increase the confidence in the use of cloud computing to deploy and use innovative services by citizens and businesses.

Workshop Format

The workshop will run from morning of 6th June 2013 until lunchtime of 7th June 2013. It is intended as a multi-disciplinary forum for experts to discuss, brainstorm, and share insights on accountability, covering conceptual discussions and legal, socio-economic and policy aspects as well as technical mechanisms including how to design a forensic-enabling cloud ecosystem to improve accountability and transparency of cloud service provision. The outcome from the workshop can provide valuable input for building international cooperation on various cloud standard acceleration projects, as well as drive research and technological innovations towards future research programmes such as Horizon 2020. The workshop will comprise a mixture of invited talks, contributed talks, panels, and breakout groups.

*If there is enough interest, other activities can be organized for the afternoon of 7th June 2013.


About the Sponsors

DIMACS is a Center for Discrete Mathematics & Theoretical Computer Science founded as a National Science Foundation Science and Technology Center. DIMACS is a joint collaboration coordinated by Rutgers University, New Jersey, United States of America. More information can be found at http://dimacs.rutgers.edu.

BIC, which stands for Building International Cooperation for Trustworthy ICT is an EU FP7 Coordination Action project bringing together researchers from around the globe to scope mutually beneficial research topics in the areas related to Trustworthy ICT. The topics of this workshop were among the many research topics recommended for international research by the working groups of BIC leading to the proposition of this workshop and have the subject of a number of working papers, which can be found in the project impact section of the web. The BIC project, coordinated by Waterford Institute of Technology in Ireland, is supported within the portfolio of the European Commission's DG-CNECT Unit H.4 Trust and Security. More in depth information on BIC can be found at http://www.bic-trust.eu/.

A4Cloud is an Integrated Project on Accountability for Cloud, an EU FP7 Research Project started in October 2012, coordinated by HP Labs and funded within the portfolio of the European Commission's DG-CNECT Unit H.4, Trust and Security.

UK and Irish Chapters of the Cloud Security Alliance (CSA): The CSA is a global not-for-profit organization with a mission to promote the use of best practices for providing security assurance within Cloud Computing, and to provide education on the uses of Cloud Computing to help secure all other forms of computing. The UK and Irish Chapters facilitate project work, share news and organise events for UK and Irish Chapter members. In terms of research direction, the UK chapter is focusing on guidance about cloud security for SMBs and the Irish chapter is looking at incident response and Ireland's strategic role in the EU cloud ecosystem by hosting most of the major US provider data centres.


About the Workshop Series

This workshop is a continuation of what began as the EU US summit series of international workshops that started in 2007. These have expanded to include other countries around the globe with the INCO-Trust project (EU-United States-Canada-Japan-Korea-Australia) and BIC project (EU-Brazil-India-South Africa). The purpose of the series was for high level researchers to come together to brainstorm and discuss research topics of mutual interest specifically in the areas of ICT trust and security that would have significant impact if worked on jointly.

The workshops were supported by the European Commission within Framework programme 6 and 7 via Coordination action projects SecurIST, INCO-Trust and BIC and the United States National Science Foundation grant on International cooperation on Trustworthy Computing.

The following international workshops have been held to date:

  1. First EU-US Summit on Cyber Trust: System Dependability & Security, Dublin, Ireland, 15-16th November, 2006.
  2. Second EU-US Summit Cyber Trust: System Dependability & Security, Illinois, USA, 26-27th April, 2007.
  3. International Co-operation in Trustworthy Systems: Security, Privacy and Trust in Large-Scale Global Networks & Services as Part of the Future Internet, Madrid, Spain, 31st March 01st April, 2009.
  4. International Co-operation in Security and Privacy: International Data Exchange with Security and Privacy: Applications, Policy, Technology, and Use, New York, U.S.A., 3-5th May 2010.
  5. Cross domain coordination of International Cooperation (INCO) and technical themes in Trustworthy ICT and INCO, Brussels, Belgium, 21-22nd June 2012.
  6. BIC Annual Forum 2012 and Workshop on Trust management in emerging countries, Lisbon, Portugal, 27th November 2012.

Next: Call for Participation
Workshop Index
DIMACS Homepage
Contacting the Center
Document last modified on April 3, 2013.