>> CD-ARES

The 2nd International Workshop on Recent Advances in Security Information and Event Management (RaSIEM 2013)

To be held in conjunction with the 8th International Conference on Availability, Reliability and Security (ARES 2013 – http://www.ares-conference.eu).

September 2nd – 6th, 2013
University of Regensburg
Regensburg, Germany

Management of events and incidents is one of the cornerstones for any service. Traditionally, event management frameworks are reactionary. The SIEM (Security Information and Event Management) approach enables near-real time event management as well as proactive management of security incidents and events for IT infrastructures. However, the SIEM solutions available commercially are not able to interpret high-level data from  such as the service view or the business impact view. Another limitation of SIEMs is related to scalability. Indeed, current solutions are limited since they depend on centralized rule processing performed on a single node.

One of the most challenging domains for SIEMs, but not only, is the protection of critical infrastructures. Over the last few years, there has been growing understanding of security risks related to (targeted) cyber attacks against critical infrastructures in all sectors (dams, energy, transport, etc.). Critical infrastructure networks are very different in comparison to other IT infrastructures. Most of the endpoint actors are machines rather than people, their malfunction can have immediate physical consequences, and they are more likely to be targeted by malicious adversaries. The protection of these networks faces several challenges, such as:

  • Recognizing real threats in the multitude of daily alerts.
  • Ensuring data source reliability.
  • Managing data from heterogeneous devices and networks.
  • Correlation of highly heterogeneous data to identify threats.
  • Ensuring the resilience against all hazards;

The workshop will present technical and practical results of EU FP7 MASSIF project partners and those of invited presenters working in related fields.

The workshop aim is to discuss hot topics and demonstrate advances in the field of Security Information and Event Management (SIEM). We intend to bring together contributors of the EU FP7 MASSIF project as well as external  researchers working in this area to present and discuss their recent results. We therefore expect this workshop to give an extensive insight into the state-of-the-art and novel perspectives of SIEM technologies.

The goal of the EU FP7 MASSIF project (http://www.massif-project.eu/) is to provide a new SIEM framework for service infrastructures supporting intelligent, scalable, and multi-level/multi-domain security event processing and predictive security monitoring as well as decision support.

Topics of interest comprise but are not limited to:

  • Case study of SIEM in operational scenarios (Olympic games, critical infrastructures such as dams, mobile money transfer service, enterprise service infrastructures)
  • SIEM for distributed computing
  • Fault tolerance for SIEM
  • Security analysis for SIEM
  • Workflow monitoring for SIEM
  • Decision systems in SIEM
  • Event translation for SIEM
  • Event processing for SIEM

      Important dates

      Submission Deadline
      alt May 1st, 2013 extended to May 19th, 2013
      Author Notification
      alt May 25th, 2013
      Author Registration
      alt May 30th, 2013
      Proceedings Version
      alt June 14th, 2013
      Conference/Workshop
      alt September 04th, 2013

      Submission Guidelines

      All accepted papers of ARES 2013 and associated workshops will be published as ISBN proceedings published by IEEE Conferencing Publishing Service!

      Papers must be written in English. Authors are invited to contribute Regular Papers describing original research as well as design, development and experimental results of operational systems, or Practical Experience Reports describing on-going industrial projects, prototype systems and exploratory or emerging applications. Papers should be no longer than 8 pages, strictly following the IEEE two-column format and adhere to the submission guidelines of the ARES conference. They can be found >>here<<.

      Authors are requested to send their manuscripts in PDF format to This e-mail address is being protected from spambots. You need JavaScript enabled to view it , This e-mail address is being protected from spambots. You need JavaScript enabled to view it and This e-mail address is being protected from spambots. You need JavaScript enabled to view it before the 19th of May.

      All paper submissions of this workshop will be sent to MASSIF program committee and internally reviewed.

      Tentative schedule

      Please find the program of RaSIEM 2013 >>here<<.

      Chairs

      • Mohammed Achemlal, France Télécom-Orange - France
      • Romain Giot, France Télécom–Orange - France
      • Chrystel Gaber, France Télécom–Orange – France
      • Elsa Prieto Perez, Atos - Spain
      • Roland Rieke, Fraunhofer SIT-Germany

      Program Committee

        • Luidgi Coppolino, Epsilon - Italy
        • Andrey Chechulin, SPIIRAS – Russia
        • Rodrigo Diaz Rodriguez, Atos – Spain
        • Gustavo Gonzales Granadillo, TELECOM SudParis - France
        • Igor Kotenko, SPIIRAS – Russia
        • Andrew Hutchison, T-systems – South Africa
        • Luigi Romano, University of Naples - Italy
        • Maria Zhdanova, Fraunhofer SIT - Germany