SIGSAC Annual Report
July 2002 - June 2003
Submitted by:Ravi Sandhu, Chair SIGSAC
SPECIAL NOTE FROM OUTGOING CHAIR
It is with a sense of pride and accomplished mission that I submit the last annual report of my tenure as SIGSAC Chair. It has been an eventful 8 years. The SIGSAC CCS and SACMAT conferences have established a strong presence in the security community and have a very bright future. CCS in particular is recognized as the world's leading security research conference. SACMAT is the world's leader in the access control arena. SIGSAC conversion to a conference SIG has been a very successful move. The launching of TISSEC was initiated by SIGSAC and TISSEC has become the world's leading security research journal. Looking back these are significant accomplishments that put SIGSAC and ACM as the world's foremost research publication brands in the security arena. Looking ahead I see an exciting future for SIGSAC. It is an honor and privilege to hand over to Sushil Jajodia. Sushil has made a tremendous mark on CCS in the past three years since he stepped in as Program Committee Chair in 2000 in Athens, Greece. I have every confidence that he will not only sustain and build our existing activities but will introduce new initiatives to further diversify SIGSAC. This is SIGSAC's first transition of Chair as a conference-only SIG and I am pleased to report it has gone very well.
END SPECIAL NOTE
SIGSAC's mission is to develop the information security profession by sponsoring high quality research conferences and workshops. SIGSAC sponsored conferences are recognized as the world's leading security conferences. This annual report outlines accomplishments of the past year and future plans.
1. SIGSAC CONFERENCES AND WORKSHOPS
SIGSAC's oldest conference is the ACM Conference on Computer and Communications Security (CCS). The conference was initiated in 1993. Since then it has been held twice in Fairfax (1993, 1994), and once each in New Delhi, India (1996), Zurich, Switzerland (1997), San Francisco (1998), Singapore (1999), Athens, Greece (2000) and Philadelphia (2001). Since 2002 the conference has been held in Washington, DC. We expect it to remain in the DC area for some time. From its inception CCS has established itself as among the very best research conferences in security. This reputation continues to grow and is reflected in high quality and prestige of the program. The 2003 Conference introduced several innovations. It received a record 260 submissions (up 70% from last year's 153 submissions) from which a record 37 papers have been selected. The Workshop Program, the new Industry Track and the new Tutorial format have all been very successful. The state of CCS is truly excellent.
Starting in 2001 SIGSAC launched a second major annual conference called the ACM Symposium on Access Control Models and Technologies (SACMAT). SACMAT is the first conference in the security research community exclusively focused on access control. It evolved from the SIGSAC sponsored ACM Workshop on Role-Based Access Control (RBAC). The RBAC series was initiated in 1995 in collaboration with the National Institute of Standards and Technology (NIST). The first workshop was held at NIST in Gaithersburg, Maryland, November 30 - December 1, 1995. The next three workshops were held at the GMU campus in Fairfax in the October-November timeframe in 1997, 1998 and 1999. In 2000 the workshop was held at the Technical University of Berlin in Berlin, Germany in July 2000. The first meeting under the SACMAT name was help in Chantilly, Virginia in May 2001. The 2002 conference was held in Monterey, California in June 2002 and the 2003 conference in Como, Italy in June 2003. The 2002 and 2003 meetings were co-located with the IEEE International Workshop on Policies for Distributed Systems and Networks. These two meeting will again be co-located in 2004 at IBM Yorktown Heights. There is an understanding we will continue to collocate, alternating in Europe and North America for some time. The 2004 conference will be expanded to 2.5 days from the 2 days in the past. Also the post-conference 1/2 day tutorial program introduced in 2003 in Como will be continued in 2004.
CCS and SACMAT give SIGSAC and ACM two major annual conferences in Summer and in Fall. Both conferences have a strong future and have developed outstanding reputations. CCS in particular has emerged as the world's leading security research conference, going against established conferences that are much older.
2. SIGSAC PUBLICATION INITIATIVES
SIGSAC has been instrumental in creating the new ACM Transactions on Information and System Security (TISSEC). Outstanding papers from CCS and SACMAT are invited each year for publication in TISSEC after appropriate enhancement and review.
3. SIGSAC SPECIAL PROJECTS
SIGSAC continues to support the Computer Security Day.
A robust SIGSAC is recognized world-wide for its technical leadership in the Information and System Security arena. SIGSAC has two major annual conferences. SIGSAC has been instrumental in creating a new ACM Transactions on Information and System Security. In conclusion, SIGSAC is providing strong technical leadership to the community and has a cadre of volunteers to provide leadership.
Written by leading domain experts for software engineers, ACM Case Studies provide an in-depth look at how software teams overcome specific challenges by implementing new technologies, adopting new practices, or a combination of both. Often through first-hand accounts, these pieces explore what the challenges were, the tools and techniques that were used to combat them, and the solution that was achieved.
ACM Queue’s “Research for Practice” serves up expert-curated guides to the best of computing research, and relates these breakthroughs to the challenges that software engineers face every day. This installment, “The DevOps Phenomenon” by Anna Wiedemann, Nicole Forsgren, Manuel Wiesche, Heiko Gewald and Helmut Krcmar, gives an overview of stories from across the industry about software organizations overcoming early hurdles of adopting DevOps practices, and coming out on the other side with tighter integration between software and operations teams, faster delivery times for new software features, and achieving higher levels of stability.