The 8th International Conference on Malicious and Unwanted Software "The Americas" (Malware 2013 The Americas) will be held at the Waldorf Astoria El Conquistador Resort, Fajardo, Puerto Rico, USA, October 22-24, 2013 (October 24, 2013 - optional). This year’s conference has adopted as its main theme "Malware in the Era of Cloud Services and Mobile Endpoints" in recognition of a major paradigm shift that has transformed the computer industry as a whole, and created major challenges to the Security Community in particular. For complete information on the Malware 2013 - The Americas and a copy of the official Call For Papers (CFP) click here.
Fundamentally, over the last 12 years three important dates have marked the beginnings of a major paradigm shift in computing and the security models applied to protect an emerging computing environment - March 1999, January 9th, 2007, and July 2007. These dates roughly correspond to the birth of SalesForce.com, the most successful Software as a Service (SaS) provider to date, Steve Jobs introduction of the Iphone,, and the discovery of the Zeus Botnet. These innovations have been instrumental in enabling a paradigm shift in computing, away from a corporate network centric model with Windows end-point devices to what we called the Circa 2020 Computing Model. In the circa 2020 Computing model applications and data reside in the Cloud, the concept of an extended Trust Domain (network) disappears - there are no barriers to protect when your data and applications reside with your vendors, and the end-point device is a SmartPhone owned and operated by your employees- Bring Your Own Device (BYOD).
Three major research trends have emerged within this context. First, at the end of the chain, the end-point device is a mobile BYOD with security and mobility properties never anticipated. If the end-point device is own and operated by the employee of a large corporation, and the boundaries between "personal" and "Corporate" data, as well as applications disappears, then what is the protection model that can be used? Is the device to be "trusted", Un-Trusted, or simply operates in different modes of protection, one when interacting in a corporate environment, and one when being used strictly as a personal device?
Second, the existence of either a physical or a logical "Trusted Domain" that resides and operates within the confines of a single corporate entity has disappeared. Within this context, we encourage the submission of manuscripts exploring new models of protection that do not depend on ownership or management of a Corporate Trusted Domain, and incorporate elements whereas part of the data, applications, and infrastructure are managed by third parties such as SalesForce.com or Amazon Cloud Services.
Finally, the protection model and measures to be applied within the context of the new computing/protection paradigm is an important challenge. Do we protect the data?, the applications?, and how do we measure protection? In this last area, we clearly understand that measuring how many infected files are detected by an Anti-Malware product is a very limiting and not very practical measure. We encourage authors to propose innovative solutions to this problem, and the set of associate metrics to be used. We encourage authors to submit manuscripts that addresses issues in each one of these new research directions.
Submissions are solicited in, but not limited to, the following areas:
• Theoretical aspects and new directions in Malware related research, specifically, manuscripts that explore the concepts of “Trust Domains” that do not have or desire physical boundaries
• Smartphone Malware, protecting a new class of end-points with hyper-mobility
• Analysis and measurements of real malware incidents
• Worms, viruses and other propagating Malware
• Spyware, keystroke loggers, information theft Malware
• Honeypots and other sample collection methodologies
• Botnet attacks, detection/tracking and defense
• Malware economics and black market studies
• Code reverse engineering tools and practices
• Malware performance, analysis and capture tools
• Anti-spam and anti-phishing techniques and practices
• Legal aspects of unwanted software use
• Malware and its impact in social networking and cloud computing
• Rootkit and virtualization techniques
• Malware in wireless mobile devices