SIGSAC FY'04 Annual Report
July 2003 - June 2004
Submitted by: Sushil Jajodia, SIGSAC Chair
It is a great honor and privilege for me to take over as the chair of the SIGSAC in July 2003. Although I have been involved in the Computer and Communication Security Conference (CCS) as an author since its inception in 1993, my active participation in SIGSAC began in 2000 when I was asked to join the SIGSAC Steering Committee. SIGSAC is in excellent shape; however, as the interest in research and development in security continues to experience the remarkable growth, it is imperative that SIGSAC continues to evolve with a spirit of innovation, growth, and comprehensiveness. My goal as the SIGSAC chair is to ensure that we adhere to this spirit.
First, I would like to thank my predecessor Ravi Sandhu for his excellent leadership for last eight years. A lot was accomplished during his tenure: He was responsible for establishing the CCS and SACMAT conferences. CCS is recognized as the world's leading security research conference, and SACMAT is the primary symposium in the access control arena. The launching of TISSEC was initiated by him, and TISSEC has become the premiere security research journal.
The remainder of this annual report outlines accomplishments of the past year and future plans.
1. SIGSAC Conferences and Workshops
SIGSAC's mission is to develop the information security profession by sponsoring high quality research conferences and workshops. SIGSAC's first sponsored event was the ACM Conference on Computer and Communications Security in 1993. Since then, it has been held twice in Fairfax, Virginia (1993, 1994), and once each in New Delhi, India (1996), Zurich, Switzerland (1997), San Francisco (1998), Singapore (1999), Athens, Greece (2000) and Philadelphia (2001). Since 2002, the conference has been held in Washington, DC. We expect it to remain in the DC area for some time.
From its inception, CCS has established itself as among the very best research conferences in security. This reputation continues to grow and is reflected in the high quality and prestige of the program. In 2003, CCS received a record 253 submissions (up 70% from last year's 153 submissions), from which 35 papers were selected. The standards for acceptance (14%) continued to remain high for ensuring a quality program.
The 2003 CCS program was expanded to include a parallel industry and tutorials track. The workshops that have become an integral part of CCS Conferences in the past have continued, with eight workshops held in 2003 (Workshop on Formal Methods in Security Engineering: From Specifications to Code, Workshop on Business Driven Security Engineering, Workshop on XML Security, Workshop on Survival and Self-Regenerative Systems, Workshop on Privacy in the Electronic Society, Workshop on Rapid Malacode, Workshop on Security of Ad Hoc and Sensor Networks, and Workshop on Digital Rights Management).
CCS attendance has also increased dramatically, from nearly 100 participants up to 2001 to over 350 participants in 2003, largely because of the many changes that have been incorporated in the conference's structure.
Starting in 2001, SIGSAC launched a second major annual conference called the ACM Symposium on Access Control Models and Technologies (SACMAT). The first three meetings were held in Chantilly, Virginia; Monterey, California; and Como, Italy. The 2002 and 2003 meetings were co-located with the IEEE International Workshop on Policies for Distributed Systems and Networks. These two meetings were again co-located in 2004 at IBM Yorktown Heights, New York. There is an understanding that we will continue to collocate these conferences, alternating in Europe and North America, for some time.
CCS and SACMAT give SIGSAC and ACM two major annual conferences, in summer and fall. Both conferences have a strong future and have developed outstanding reputations. CCS in particular has emerged as the world's leading security research conference, compared to much older, established conferences.
2. SIGSAC Publication Initiatives
SIGSAC has been instrumental in creating the new ACM Transactions on Information and System Security (TISSEC). Outstanding papers from CCS and SACMAT are invited each year for publication in TISSEC after appropriate enhancement and review.
ACM Publications Board has formed a search committee to find the next editor-in-chief of TISSEC. Of note is that SIGSAC was consulted during the formation of the search committee.
3. SIGSAC Special Projects
SIGSAC continues to support the Computer Security Day.
ACM SIGSAC is planning to offer two annual awards: SIGSAC Outstanding Innovation Award and SIGSAC Outstanding Contributions Award. The award criteria are as follows:
SIGSAC Outstanding Innovation Award: This award is given for outstanding and innovative technical contributions to the field of computer and communication security that have had lasting impact in furthering or understanding the theory and/or development of commercial systems.
SIGSAC Outstanding Contribution Award: This award is given for significant contribution to the field of computer and communication security through fostering research and development activities, educating students, and providing professional services such as the running of professional societies and conferences.
The proposal for the creation of these awards has been submitted to SIG Governing Board (SGB) and, if approved, the details related to the nomination process and administration of the awards will be posted on the SIGSAC web site. The first awards are expected to be given at 2005 CCS.
5. SIGSAC By-laws and Elections
ACM has recently adopted several changes regarding SIG governance, including a call for elections as part of every SIG's structure. Since 1997, SIGSAC became a conference-only SIG (which did not require elections). SIGSAC is currently formulating bylaws for its governance and elections.
A robust SIGSAC is recognized worldwide for its technical leadership in the Information and System Security arena. SIGSAC has two major annual conferences. SIGSAC has been instrumental in creating a new ACM Transactions on Information and System Security. SIGSAC is providing strong technical leadership to the community and has a cadre of distinguished volunteers who are able and willing to provide their support.
Written by leading domain experts for software engineers, ACM Case Studies provide an in-depth look at how software teams overcome specific challenges by implementing new technologies, adopting new practices, or a combination of both. Often through first-hand accounts, these pieces explore what the challenges were, the tools and techniques that were used to combat them, and the solution that was achieved.
ACM Queue’s “Research for Practice” serves up expert-curated guides to the best of computing research, and relates these breakthroughs to the challenges that software engineers face every day. This installment, “The DevOps Phenomenon” by Anna Wiedemann, Nicole Forsgren, Manuel Wiesche, Heiko Gewald and Helmut Krcmar, gives an overview of stories from across the industry about software organizations overcoming early hurdles of adopting DevOps practices, and coming out on the other side with tighter integration between software and operations teams, faster delivery times for new software features, and achieving higher levels of stability.