The 6th International Workshop on Visualization for Cyber Security is a forum that brings together researchers and practitioners in information visualization and security to address the specific needs of the cyber security community through new and insightful visualization techniques. Co-located this year with IEEE VisWeek 2009, VizSec will continue to provide opportunities for the two communities to collaborate and share insights into providing solutions for security needs through visualization approaches. Accepted papers will be published by the IEEE and archived in the IEEE Digital Library. The authors of the best papers will be invited to extend and revise their paper for journal publication in a special issue of Information Visualization.

This year our focus is on advancing Visualization for Cyber Security as a scientific discipline. While art, engineering, and intuitions regarding the human element will always remain important if we are to obtain useful cyber security visualizations, advances in the scientific practice of research are needed. The scientific aspects of visualization for cyber security draw both on empirical observation (similar to many natural and social sciences) and formal science (such as the formal derivations in mathematics). Barriers confronting current researchers include concerns about available data, lack of a common agreement about what constitutes sound experimental design, the difficulties of measuring the relative effectiveness of security visualizations in practice, and the lack of a common understanding of user requirements. While many researchers are making progress in these and other critical areas, much work yet remains.

Papers offering novel contributions in security visualization are solicited. Papers may present technique, applications, practical experience, theory, or experiments and evaluations. Papers are encouraged on technologies and methods that have been demonstrated to be useful for improving information systems security and that address lessons from actual application. We encourage papers that report results on visualization techniques and systems in solving all aspects of cyber security problems, including how visualization applies to:

• Different aspects of security: software, networks and log files (e.g., Internet routing, packet traces and network flows, intrusion detection alerts, attack graphs, application security, etc.)
• Application of visualization techniques in formalizing, defining and analyzing security policies
• Forensic analysis, correlating events, cyber-defense task analysis
• Computer network defense training and offensive information operations
• Building rules, feature selection, and detecting anomalous activity
• Software, software security, and viruses
• Deployment and field testing of VizSec systems
• Evaluation and user testing of VizSec systems
• User and design requirements for VizSec systems
• Lessons learned from development and deployment of VizSec systems
• Field Research Best Practices
• Interaction with domain experts - best practices, lessons learned
• Differentiating the needs of different domains and time frames
• Best practices for obtaining and sharing potentially sensitive data for purposes of visualization and assessment, including how to approach personal privacy, regulatory, and organizational issues
• Metrics and measurements (e.g., criteria for the relative effectiveness of cyber visualizations)
• Handling large datasets, scalability issues, and providing real time or near-real time visualizations

Please consider using public data sets to demonstrate your VizSec system. Using public data sets makes it easier to compare VizSec systems. One example comes from this year's VAST Challenge 2009: An employee is leaking important information to the outside world.

The authors of the best papers from the accepted program will be invited to extend and revise their paper for a special issue of Information Visualization (IVS), an international, peer-reviewed journal publishing articles on fundamental research and applications of information visualization. These papers will be chosen by the program committee.

There will be an award for the best paper from the accepted program. The best paper award will be given to the paper judged to have the highest overall quality. A key element of the best paper selection process will be whether the results are believed to be repeatable by other scientists based on the algorithms and data provided in the paper. This award will be chosen by the program committee.

After the success of the poster session last year, we are going to have a poster session again this year. One-page poster abstracts are due by September 14 by email to 'carrie dot gates at ca dot com' and 'johng at securedecisions dot com'. Final notification of acceptance will be sent by September 17. Poster abstracts need be no more than one page describing your poster content, and can be provided in any format (e.g., Word, PDF, plain text). Accepted proposals will be posted online.

Submitted papers must not substantially overlap papers that have been published or that are simultaneously submitted to a journal or a conference with proceedings. All submissions should be appropriately anonymized (i.e., papers should not contain author names or affiliations, or obvious citations).

The VizSec proceedings will be published by IEEE. The VGTC paper formatting page provides templates and guidelines for preparing a paper submission.
Helpful Hints for Working with MS Word
Helpful Hints for Working with LaTeX

• Full papers should be at most 12 pages, including the bibliography.
• Short papers should be at most 6 pages, including the bibliography.
• Follow the formatting guidelines.
• A list of relevant keywords should be included at the conclusion of the paper's abstract. Use the ACM 1998 Computing Classification System
• Prepare a high quality PDF.
• Submit files online to EasyChair: http://www.easychair.org/conferences/?conf=vizsec2009

Deadline for full paper submission

Deadline for short paper submissions

Notification of paper acceptance

Deadline for final camera ready full and short papers

Deadline for poster abstract submissions

VizSec

Visual Tools for Security: Is there a there there?

It seems obvious: networks, software, authentication, and people have important and often complicated relationships and interactions. There's far too much going on to keep track of all of it, but we know there are important devils down in the details. We know they are there.
Though many have been chasing this dream of security visualization for a couple of decades, we don't have that much to show for our efforts. We use NOCs and tools widely for managing large networks, but they get complicated fast. And most of the anomalous activity is weird but benign, leaving us awash in a sea of false positives. And those people in the NOCs seem totally resistant to 3D displays, data gloves,and other cool tools of our trade.
What can we do? How can we help, really?

Bill Cheswick is interested in security that's too hard to ensure, passwords that are too hard to remember, graphs that are too hard to visualize, and VCRs that are too hard to program. And lots of other stuff. Ches is an early innovator in Internet security. He is known for his work in firewalls, proxies, and Internet mapping at Bell Labs and Lumeta Corp. He is best known for the book he co-authored with Steve Bellovin and now Avi Rubin, Firewalls and Internet Security; Repelling the Wily Hacker. Ches is now a member of the technical staff at AT&T Labs - Research in Florham Park, NJ, where he is working on security, visualization, user interfaces, and a variety of other things.

The workshop will be held at Bally's Atlantic City.

The special conference nightly room rate of $145.00, plus tax and fees, is based on group block availability until September 10, 2009. The rate is based on single or double occupancy and an additional per person charge of $20.00 will apply.

Make Reservations

We anticipate that there will be a limited number of scholarships will be available for students and first-year faculty who have had papers accepted to VizSec. Please Contact us.

Deborah Frincke, Pacific Northwest National Laboratory

John Goodall, Secure Decisions division of Applied Visions
Carrie Gates, CA Labs

Robert Erbacher, Utah State University

Richard Bejtlich, General Electric
Gregory Conti, United States Military Academy
Marc Dacier, Symantec Europe Research Labs
Anita D'Amico, Secure Decisions division of Applied Visions
Ron Dilley, Information Security Professional
David Ebert, Purdue University
Glenn Fink, Pacific Northwest National Laboratory
John Gerth, Stanford University
Warren Harrop, Swinburne University of Technology
Mark Haselkorn, University of Washington
Richard Johnson, Microsoft
Richard Kemmerer, UC Santa Barbara
Toby Kohlenberg, Intel
Florian Mansmann, University of Konstanz
Raffael Marty, Splunk
Douglas Maughan, Department of Homeland Security
John McHugh, Dalhousie University / University of North Carolina
Jan P. Monsch, Dublin City University
Chris North, Virginia Tech
Stephen North, AT&T Research
Sean Peisert, UC Davis
Greg Schmidt, SPADAC
George Tadda, Air Force Research Lab
Ed Talbot, Sandia National Laboratories
Joanne Treurniet, Defence Research and Development Canada
Grant Vandenberghe, Defence Research and Development Canada
Kirsten Whitley, Department of Defense
Pak Chung Wong, Pacific Northwest National Laboratory
Tamara Yu, Massachusetts Institute of Technology

Email questions about the workshop to Deborah Frincke:
    deborah < dot > frincke < at > pnl < dot > gov