Ensuring correctness and integrity of system configurations and associated policies are key to proper functioning, accessibility, security, privacy and resilience of modern information systems and services. However, this is a daunting in large enterprise systems that may contain millions of physical and/or virtual components that must be properly configured and secured from unauthorized access. Furthermore, the configuration variables often have explicit or hidden interdependencies that must be understood in order to ensure proper end to end behavior.

The new sophisticated cyber security threats demand new security techniques and approaches that offer proactive, intelligent and a holistic security analytics based on analyzing the system artifacts including system traces, configurations, logs, incident reports, alarms and network traffic. Scalable analytics techniques are essential to handle large volumes of data and to normalize, model, integrate, analyze and respond to threats in real time. As the current technology moves toward "smart" cyber infrastructure and open networking platforms (e.g. OpenFlow and virtual computing) and integration of large variety of sensors, the need for large-scale security analytics and automation becomes essential to enable intelligent response, automated defense, and network resilience and agility.

This workshop offers a unique opportunity by bringing together researchers from academia, industry as well as government agencies to discuss the challenges listed above, to exchange experiences, and to propose joint plans for promoting research and development in this area. SafeConfig is a one day forum that includes invited talks, technical presentations of peer-reviewed papers, poster/demo sessions, and joint panels on research collaboration. SafeConfig was started in 2009 and has been continuously running since then. It provides a unique forum to explore theoretical foundations, algorithmic advances, modeling, and evaluation of configuration related challenges for large scale cyber and cyberphysical systems. This installment of SafeConfig is being run in conjunction with the CCS (Computing and Communications Security) conference, to be held Nov 3-7, 2014 in Scottsdale, Arizona.