SIGSAC FY'04 Annual Report

July 2003 - June 2004
Submitted by: Sushil Jajodia, SIGSAC Chair

It is a great honor and privilege for me to take over as the chair of the SIGSAC in July 2003. Although I have been involved in the Computer and Communication Security Conference (CCS) as an author since its inception in 1993, my active participation in SIGSAC began in 2000 when I was asked to join the SIGSAC Steering Committee. SIGSAC is in excellent shape; however, as the interest in research and development in security continues to experience the remarkable growth, it is imperative that SIGSAC continues to evolve with a spirit of innovation, growth, and comprehensiveness. My goal as the SIGSAC chair is to ensure that we adhere to this spirit.

First, I would like to thank my predecessor Ravi Sandhu for his excellent leadership for last eight years. A lot was accomplished during his tenure: He was responsible for establishing the CCS and SACMAT conferences. CCS is recognized as the world's leading security research conference, and SACMAT is the primary symposium in the access control arena. The launching of TISSEC was initiated by him, and TISSEC has become the premiere security research journal.

The remainder of this annual report outlines accomplishments of the past year and future plans.

1. SIGSAC Conferences and Workshops

SIGSAC's mission is to develop the information security profession by sponsoring high quality research conferences and workshops. SIGSAC's first sponsored event was the ACM Conference on Computer and Communications Security in 1993. Since then, it has been held twice in Fairfax, Virginia (1993, 1994), and once each in New Delhi, India (1996), Zurich, Switzerland (1997), San Francisco (1998), Singapore (1999), Athens, Greece (2000) and Philadelphia (2001). Since 2002, the conference has been held in Washington, DC. We expect it to remain in the DC area for some time.

From its inception, CCS has established itself as among the very best research conferences in security. This reputation continues to grow and is reflected in the high quality and prestige of the program. In 2003, CCS received a record 253 submissions (up 70% from last year's 153 submissions), from which 35 papers were selected. The standards for acceptance (14%) continued to remain high for ensuring a quality program.

The 2003 CCS program was expanded to include a parallel industry and tutorials track. The workshops that have become an integral part of CCS Conferences in the past have continued, with eight workshops held in 2003 (Workshop on Formal Methods in Security Engineering: From Specifications to Code, Workshop on Business Driven Security Engineering, Workshop on XML Security, Workshop on Survival and Self-Regenerative Systems, Workshop on Privacy in the Electronic Society, Workshop on Rapid Malacode, Workshop on Security of Ad Hoc and Sensor Networks, and Workshop on Digital Rights Management).

CCS attendance has also increased dramatically, from nearly 100 participants up to 2001 to over 350 participants in 2003, largely because of the many changes that have been incorporated in the conference's structure.

Starting in 2001, SIGSAC launched a second major annual conference called the ACM Symposium on Access Control Models and Technologies (SACMAT). The first three meetings were held in Chantilly, Virginia; Monterey, California; and Como, Italy. The 2002 and 2003 meetings were co-located with the IEEE International Workshop on Policies for Distributed Systems and Networks. These two meetings were again co-located in 2004 at IBM Yorktown Heights, New York. There is an understanding that we will continue to collocate these conferences, alternating in Europe and North America, for some time.

CCS and SACMAT give SIGSAC and ACM two major annual conferences, in summer and fall. Both conferences have a strong future and have developed outstanding reputations. CCS in particular has emerged as the world's leading security research conference, compared to much older, established conferences.

2. SIGSAC Publication Initiatives

SIGSAC has been instrumental in creating the new ACM Transactions on Information and System Security (TISSEC). Outstanding papers from CCS and SACMAT are invited each year for publication in TISSEC after appropriate enhancement and review.

ACM Publications Board has formed a search committee to find the next editor-in-chief of TISSEC. Of note is that SIGSAC was consulted during the formation of the search committee.

3. SIGSAC Special Projects

SIGSAC continues to support the Computer Security Day.

4. Awards

ACM SIGSAC is planning to offer two annual awards: SIGSAC Outstanding Innovation Award and SIGSAC Outstanding Contributions Award. The award criteria are as follows:

SIGSAC Outstanding Innovation Award: This award is given for outstanding and innovative technical contributions to the field of computer and communication security that have had lasting impact in furthering or understanding the theory and/or development of commercial systems.

SIGSAC Outstanding Contribution Award: This award is given for significant contribution to the field of computer and communication security through fostering research and development activities, educating students, and providing professional services such as the running of professional societies and conferences.

The proposal for the creation of these awards has been submitted to SIG Governing Board (SGB) and, if approved, the details related to the nomination process and administration of the awards will be posted on the SIGSAC web site. The first awards are expected to be given at 2005 CCS.

5. SIGSAC By-laws and Elections

ACM has recently adopted several changes regarding SIG governance, including a call for elections as part of every SIG's structure. Since 1997, SIGSAC became a conference-only SIG (which did not require elections). SIGSAC is currently formulating bylaws for its governance and elections.

6. Summary

A robust SIGSAC is recognized worldwide for its technical leadership in the Information and System Security arena. SIGSAC has two major annual conferences. SIGSAC has been instrumental in creating a new ACM Transactions on Information and System Security. SIGSAC is providing strong technical leadership to the community and has a cadre of distinguished volunteers who are able and willing to provide their support.