MaS is about computer security, malware and spam issues in general.


6th VLDB Workshop on Secure Data Management (SDM) - extended

In Conjunction with VLDB 2009
Lyon, France
August 28, 2009

See also the official web site.

The 6th SDM workshop builds upon the success of the first five workshops (SDM'04, SDM'05, SDM'06, SDM'07, and SDM'08), which were organized in conjunction with VLDB 2004 in Toronto, Canada, VLDB 2005 in Trondheim, Norway, VLDB 2006 in Seoul, Korea, VLDB 2007 in Vienna, Austria, and VLDB 2008 in Auckland, New Zealand.

Deadline for paper submission extended:

May 1, 2009


Although cryptography and security techniques have been around for quite some time, emerging technologies such as ubiquitous computing and ambient intelligence that exploit increasingly interconnected networks, mobility and personalization, put new requirements on security with respect to data management. As data is accessible anytime anywhere, according to these new concepts, it becomes much easier to get unauthorized data access. Furthermore, it becomes simpler to collect, store, and search personal information and endanger people's privacy. Therefore, research in the area of secure data management is of growing importance, attracting attention of both the data management and security research communities The interesting problems range from traditional ones such as, access control (with all variations, like dynamic, context-aware, role-based), database security (e.g. efficient database encryption schemes, search over encrypted data, etc.), privacy preserving data mining to controlled sharing of data.

This year, we will continue with a tradition to have a special session devoted to secure data management in healthcare. Data security and privacy issue are traditionally important in the medical domain. However, recent developments and increasing deployment of IT in healthcare such as the introduction of electronic health records and extramural applications in the personal health care domain, pose new challenges towards the protection of medical data. In contrast to other domains, such as financial, which can absorb the cost of the abuse of the system, healthcare cannot. Once sensitive information about individual's health problems is uncovered and social damage is done, there is no way to revoke the information or to restitute the individual. In addition to this, the medical field has some other specific characteristics, such as long-term value of medical data and flexibility with respect to, on one hand confidentiality, and on the other hand availability of medical data in the case of emergency.


The aim of the workshop is to bring together people from the security research community and data management research community in order to exchange ideas on the secure management of data. This year an additional special session will be organized with the focus on secure and private data management in healthcare. The workshop will provide forum for discussing practical experiences and theoretical research efforts that can help in solving the critical problems in secure data management. Authors from both academia and industry are invited to submit papers presenting novel research on the topics of interest (see below).

Workshop Format

The workshop will be organized in conjunction with the VLDB conference. It is proposed to organize the workshop in conjunction with the VLDB conference.
Also, it is the intention to publish the proceedings in the Spinger-Verlag Lecture Notes on Computer Science series as it was done for the first four workshops. Additionally, we
also want to select the best papers with the intent to publish their extended and revised versions in a special edition of a journal (as it was done for the SDM 2006&2007 workshop with the Journal of Computer Security).
Topics of Interest

Topics of interest include (but are not limited to) the following:

- Secure Data Management
- Database Security
- Data Anonymization/Pseudonymization
- Data Hiding
- Metadata and Security
- XML Security
- Authorization and Access Control
- Data Integrity
- Privacy Preserving Data Mining
- Statistical Database Security
- Control of Data Disclosure
- Private Information Retrieval
- Secure Auditing
- Data Retention
- Search on Encrypted Data
- Digital and Enterprise Rights Management
- Multimedia Security and Privacy
- Private Authentication
- Identity Management
- Privacy Enhancing Technologies
- Security and Semantic Web
- Security and Privacy in Ubiquitous Computing
- Security and Privacy of Health Data
- Web Service Security
- Trust Management
- Policy Management
- Applied Cryptography

Paper Submission

Authors are invited to submit original, unpublished research papers that are not being considered for publication in any other forum. Manuscripts should
be submitted electronically as PDF or PS files via email to

Full papers should not exceed fifteen pages in length (formatted using the camera-ready templates of Springer Lecture Notes in Computer Science We also encourage submitting position statement papers describing research work in progress or lessons learned in practice (max six pages). Submissions must be received no later than May 1.

Each submission must be accompanied by a separate submission overview specifying the title, three keywords, author names with organizational affiliations, and must specify a contact author along with corresponding phone number, fax number, postal address and email address. The submission overview can be included in the body of the email. Each submission will be acknowledged by e-mail. If acknowledgment is not received within 3 days, please contact the organizers. It is intended to publish the proceedings in in the Springer Lecture Notes on Computer Science series. Additionally, we also want to select the best papers with the intent to publish their extended and revised versions in a special edition of a journal (as it was done for the SDM 2006 & 2007 workshop with the Journal of Computer Security).


Computer Security Ontologies

Just by chance, I stumbled over a set of computer security ontologies that the US Navy Center for High Assurance Computing Systems has apparently been working on as a part of a SOA security project 4SEA. From that page:

The NRL Security Ontology was designed with the following objectives in mind:

  • Describe security related information applicable to all types of resources

  • Provide the ability to annotate security related information in various levels of detail for various environments (both commercial and military)

  • Create ontologies that are easy to extend and provide reusability

  • Facilitate mapping of higher-level (mission-level) security requirements to lower-level (resource-level) capabilities

It's a bit difficult to tell where they are going with this, but with the emphasis on web services, UDDI and MDA, it looks similar to Data Centric Security.