The First Workshop on Security and Privacy in E-Commerce Athens, Greece November 4, 2000 www.rstcorp.com/conferences/wspec00/ held in conjunction with the ACM Conference on Computer and Communications Security www.ccs2000.org Preliminary Call for Papers The market for e-commerce is predicted to exceed US $3.2 trillion by the year 2002. Almost all of these transactions will be Internet based. The Internet, a communications medium originally built for open collaboration among academics, is an inherently insecure medium. As a result, systems built on top of the Internet must be designed and developed with intrinsic security. As the complexity of Internet-based software systems has grown, the security and privacy risks have grown in scope and magnitude. The value of the digital assets brought to the Internet gives new incentive to malicious computer hackers (or even competitors) to sabotage online systems or simply steal intellectual property. Hacking into online systems has proven all to easy for amateurs equipped only with a US $500 personal computer, a basic modem, and Internet service. The First Workshop on Security and Privacy in E-Commerce seeks to bring together practitioners and researchers to address the real-world security and privacy concerns in e-commerce. We are seeking contributions on topics in security and privacy that will enable the e-commerce systems of tomorrow to be developed more securely and robustly without compromising individual privacy rights. The workshop will focus on group discussion and collaboration in identifying the important problems and potential solutions in this important topic area. Proceedings from the workshop will be published and distributed to attendees. Highest quality papers will be published in a book and widely distributed after the workshop. We are seeking research papers, business case studies, or system designs that address security and privacy concerns in any of the following topic non-exclusive areas: anonymizing e-commerce/Web transactions component-based software in e-commerce databases access control denial of service attacks and countermeasures detecting anomalous database transactions detection and recovery from Internet-based attacks e-commerce protocols e-commerce systems Internet client risks malicious software or Trojan functionality mobile agents in e-commerce novel attacks and countermeasures privacy negotiation/bartering privacy risks with cookies/tokens/identifiers software analysis and certification. Submissions will be accepted for regular research papers, case studies, and panel proposals. Important Dates: Abstract submission deadline: May 1, 2000 Panel Proposal submission deadline: May 1, 2000 Paper submission deadline: June 1, 2000 Case Studies submission deadline: June 1, 2000 Acceptance Notification: July 21, 2000 Workshop: November 4, 2000 Regular Papers should not exceed 20 pages, including figures and text (typed with 1.5 spacing and 12 point font). Papers published, accepted for publication, or submitted elsewhere are not eligible and will be rejected without review. The cover page must include (1) the title, (2) the names, complete mailing addresses, e-mail, telephone, and fax numbers of all authors, (3) the name of the contact author, (4) an abstract not exceeding 250 words, and (5) a list of around 5 keywords. The first page of the paper should have the paper title and the beginning text of the document. If the paper is accepted, one of the authors is expected to pre-register and present the paper at the workshop. Please submit an abstract (250 words maximum in plain ASCII text) and a list of keywords to the Program Chair, Anup K. Ghosh [anup.ghosh@computer.org], before May 1, 2000, to enable proper referee assignment. Complete papers should be submitted electronically in PostScript or PDF format to the Program Chair by June 1, 2000. All accepted papers and case studies will be published in the conference proceedings. Case Studies are intended to provide exposure to practical experiences with the security and privacy of Internet-based software systems. The contributors should submit electronically an abstract and a 5-10 page description of the experience or case study, and a one page summary of the project for a short presentation at the conference. The paper should be clearly identified as a case study. Submit an abstract (250 words maximum) by email to the Industry Track Chair, Win Treese [treese@openmarket.com] by June 1, 2000. Panel proposals are intended to provide discussion on emerging or controversial topics in e-commerce security and privacy. Panel Proposals should include the title, proposed chair, proposed panelists (include short vitae), two or three paragraphs describing the panel subject matter and the rationale for it. Panelists must have agreed to participate prior to the submission of the panel proposal. Panel discussions should represent the range of positions for the proposed topic of discussion. Panel proposals should be submitted electronically to the Industry Track by May 1, 2000. Conference Chairs Workshop Chair: Nikos Kyrloglou Informatics Advisor Athens Chamber of Commerce and Industry 7, Akademias str., GR-10671 Athens, Greece nikoky@acci.gr Program Chair: Anup K. Ghosh Reliable Software Technologies 21351 Ridgetop Circle #400 Dulles, VA 20166 USA anup.ghosh@computer.org Industry Track Chair: Win Treese Open Market 1 Wayside Rd. Burlington, MA 01803 treese@openmarket.com Publicity Chair: Gary McGraw Reliable Software Technologies 21351 Ridgetop Circle, #400 Dulles, Virginia 20166 USA gem@rstcorp.com Program Committee Yair Frankel, CertCo Anup K. Ghosh, Reliable Software Technologies Dimitris Gritzalis, Athens University of Economics and Business, Greece Sushil Jajodia, George Mason University Nikos Kyrloglou, Athens Chamber of Commerce and Industry Gary McGraw, Reliable Software Technologies Fabian Monrose, Bell Labs, Lucent Technologies Pierangela Samarati, Universita' di Milano Tomas Sander, InterTrust Sang Son, University of Virginia Bhavani Thuraisingham, MITRE Win Treese, Open Market Vijay Varadharajan, University of Western Sydney Giovanni Vigna, University of California, Santa Barbara