Contents
PADM 2006
IEEE International Workshop on Privacy Aspects of Data Mining,
Held in conjunction with the 6th IEEE International Conference on Data Mining (ICDM 2006),
Hong Kong, December 18, 2006.
[posted here 7/18/06]
Privacy protection in data mining is a crucial issue that has
captured the attention of many researchers and administrators across
a large number of application domains. Despite such efforts there
are still many open issues that deserve further investigation. The
workshop hopes to gather researchers and practitioners interested in
the privacy aspects of data mining, both by a technical, and a social
and legal point of views. We hope to attract interest from a wide range
of possible data mining subareas, including: web mining, medical data
mining, spatio-temporal data mining, ubiquitous knowledge discovery,
and obviously, privacy-preserving data mining.
The workshop will seek submissions that cover aspects of privacy
protection solutions and threats as they pertain to various data mining
endeavors. The following comprises a sample, but not complete,
listing of topics:
- Biomedical and healthcare data mining research privacy
- Cryptographic tools for privacy preserving data mining
- Inference and disclosure control for data mining
- Learning algorithms for randomized/perturbed data
- Legal and regulatory frameworks for data mining and privacy
- Privacy and anonymity in e-commerce and user profiling
- Privacy aspects of business processes and enterprise management
- Privacy aspects of geographic, spatial, and temporal data
- Privacy aspects of ubiquitous computing systems
- Privacy enhancement technologies in web environments
- Privacy policy infrastructure, enforcement, and analysis
- Privacy preserving link and social network analysis
- Privacy preserving applications for homeland security
- Privacy preserving data integration
- Privacy protection in fraud and identify theft prevention
- Privacy threats due to data mining
- Query systems and access control
- Trust management for data mining
For more information, please see
http://liuppamdm.univ-pau.fr/sws06/.
ICISS 2006
2nd International Conference on Information Systems Security,
Kolkata, India, December 17-21, 2006.
[posted here 3/6/06]
ICISS conference presents a forum for disseminating the latest
research results in Information Systems Security and related
areas. Topics of interest include but are not limited to:
- Authentication and Access Control
- Mobile Code Security
- Key Management and Cryptographic Protocols
- E-Business / E-Commerce Security
- Privacy And Anonymity
- Intrusion Detection and Avoidance
- Security Verification
- Database and Application Security and Integrity
- Digital Rights Management
- Security In P2P, Sensor and Ad Hoc Networks
- Secure Web Services
- Fault Tolerance and Recovery Methods For Security Infrastructure
- Threats, Vulnerabilities and Risk Management
- Commercial and Industrial Security
For more information, please see
http://www.cdcju.org.in/iciss2006/.
CANS 2006
5th International Conference on Cryptology and Network Security,
Suzhou, China, December 8-10, 2006.
[posted here 2/8/06]
The main goal of this conference is to promote research
on all aspects of network security and cryptology. It is
also the goal to build a bridge between research on cryptography
and network security. So, we welcome scientific and academic papers
that focus on this multidisciplinary area.
Areas of interest for CANS '06 include, but are not limited to, the following topics:
- Ad Hoc Network Security
- Access Control for Networks
- Anonymity and internet voting
- Cryptology
- Denial of Service
- Fast Cryptographic Algorithms
- Information Hiding
- Intrusion Detection
- IP Security
- Multicast Security
- PKI
- Phishing
- Router Security
- Secure E-Mail
- Secure protocols (SSH, SSL, ...)
- Spam
- Spyware
- Scanning
For more information, please see
http://cis.sjtu.edu.cn/cans2006/index.htm.
ASIAN 2006
11th Annual Asian Computing Science Conference,
Tokyo, Japan, December 6-8, 2006.
[posted here 7/28/06]
The theme of this year's Annual ASIAN Conference is Secure Software and
related computer security issues. The conference aims at discovering and
promoting new ways to apply theoretical and practical techniques in secure
software analysis, design, development, and operation. Papers are invited
on all aspects of theory, practice, applications, and experiences related
to this theme. Moreover, papers targeting lessons learn from and education
for the development and operation of secure software are particularly welcome.
Topics of interest include but are not limited to:
- Theoretical approaches to secure software
- Formal specification and verification of software
- Programming language semantics
- Static analysis
- Type systems and type theory for secure programming
- Automated deduction and reasoning about secure software
- Model checking for security
- Testing and aspects of security in software
- Secure protocols and networks
- Authentication and cryptography issues
- logic and semantics for protocol analysis
- Dependable and autonomic architectures and design
- Secure OS and middleware
- Artificial intelligence for secure systems
- Secure software engineering
- Education for secure software development
- Security-specific software development practices
- Case analysis and failure analysis for secure software
- Policy and standardization issues for secure software
For more information, please see
http://www.nii.ac.jp/asian2006/.
ICICS 2006
8th International Conference on Information and Communications Security,
Raleigh, NC, USA, December 4-7, 2006.
[posted here 6/8/06]
The 2006 International Conference on Information and Communications Security
(ICICS '06) will be the eighth event in the ICICS conference series,
started in 1997, that brings together researchers and scholars involved
in multiple disciplines of Information and Communications Security in
order to foster exchange of ideas.
ICICS 2006 seeks submissions from academia and industry presenting
novel research on all aspects of information and communications security,
as well as experimental studies of fielded systems.
Topics of interest include, but are not limited to, the following:
- Access Control and Audit
- Anonymity and Pseudonymity
- Authentication
- Automated and Large-Scale Attacks
- Biometrics
- Commercial and Industrial Security
- Data Integrity
- Database security
- Denial of Service
- Distributed Systems Security
- Electronic Privacy
- Information Flow
- Intrusion Detection
- Language-Based Security
- Malicious Code
- Mobile Code and Agent Security
- Network Security
- Peer-to-Peer Security
- Secure Hardware and Smartcards
- Security Protocols
- Security Verification
- Security of Emerging Networks (e.g., Ad-Hoc Networks)
For more information, please see
http://discovery.csc.ncsu.edu/ICICS06/.
WATC 2006
2nd Workshop on Advances in Trusted Computing,
Tokyo, Japan, November 30 - December 1, 2006.
[posted here 6/10/06]
Modern computer systems in large-scale, decentralized, and heterogeneous
environments are now facing the diverse threats such as from viruses and
other malware. Security research seeks to make computers safer and less
vulnerable to those IT threats, and thus more dependable. The goal of
Trusted Computing is to allow computers and servers to offer improved
computer security relative to that what is currently available.
The workshop solicits technical papers offering research contributions
spanning from foundations, theory and tools of trusted computing to
up-to-date issues. The workshop proceedings will be available at the workshop
and via its website. Papers may present theory, applications, or practical
experiences on topics including, but not limited to:
- models and principles for trusted computing
- formal models and verification
- software- or hardware-based approaches
- cryptographic approaches
- remote attestation of trusted devices
- standardization in trusted computing groups
- issues in trusted platform modules
- property-based and semantic attestation
- theory and practice for trusted virtual domains
- privacy and legal issues
- applications and case studies
- compliance and conformance
- trust evaluations of computing systems
- scalability
- applications and use cases
- system and platform architectures
- access control and information flow control
- communications
- virtualization and trusted computing
- trusted client architectures
- integrity-evaluating architectures
- integrity management infrastructures
For more information, please see
http://www.trl.ibm.com/projects/watc/.
TrustCol 2006
Workshop on Trusted Collaboration,
Held in conjunction with the 2nd IEEE International Conference
on Collaborative Computing: Networking, Applications and Worksharing (CollaborateCom 2006),
Atlanta, GA, USA, November 17 - 20, 2006.
[posted here 7/6/06]
The ongoing, rapid developments in information systems technologies
and networking have enabled significant opportunities for streamlining
decision making processes and maximizing productivity through distributed
collaborations that facilitate unprecedented levels of sharing of information
and computational resources. Emerging collaborative environments need to
provide efficient support for seamless integration of heterogeneous technologies
such as mobile devices and infrastructures, web services, grid computing systems,
various operating environments, and diverse COTS products. Such heterogeneity
introduces, however, significant security and privacy challenges for distributed
collaborative applications. Balancing the competing goals of collaboration
and security is difficult because interaction in collaborative systems is
targeted towards making people, information, and resources available to all who
need it whereas information security seeks to ensure the availability, confidentiality,
and integrity of these elements while providing it only to those with proper
trustworthiness. The key goal of this workshop is to foster active interactions
among diverse researchers and practitioners, and generate added momentum towards
research in finding viable solutions to the security and privacy challenges faced
by the current and future collaborative systems and infrastructures.
Topics of interest include, but are not limited to:
- Access control models and mechanisms for collaboration environments
- Security frameworks and architectures for trusted collaboration
- Privacy control in collaborative environments
- Secure middleware for large scale collaborative infrastructures
- Secure dynamic coalition environments
- Secure workflows for collaborative computing
- Secure interoperation in multidomain collaborative environments
- Security and privacy issues in mobile collaborative applications
- Trust models, trust negotiation/management for collaborative systems
- Policy-based management of collaborative workspace
- Secure distributed multimedia collaboration
- Protection models and mechanisms for peer-to-peer collaborative environments
- Delegation, accountability, and information flow control in collaborative applications
- Intrusion detection, recovery and survivability of collaborative systems/infrastructures
- Security of web services and grid technologies for supporting multidomain collaborative applications
- Semantic web technologies for security collaborative infrastructures
For more information, please see
http://www.trustcol.org/.
SSI 2006
8th International Symposium on System and Information Security,
Sao Jose dos Campos, Sao Paulo, Brazil, November 8-10, 2006.
[posted here 8/20/06]
The International Symposium on System and Information Security (SSI) is
organized by Instituto Tecnologico de Aeronautica (ITA) and is the foremost
event of its kind in Latin America. Submission of original papers on all aspects
of computer and network security is invited. Topics of interest
include but are not limited to the following:
- Artificial Intelligence methods in system security
- Authentication, access control and auditing
- Computer forensics
- Cryptography
- Database security
- Dependability
- Digital certificates and Public Key Infrastructure - PKI
- Digital Rights Management
- E-commerce security
- Firewalls and other security tools
- Formal methods in system security
- Internet/Web security
- Intrusion detection and prevention
- Management of enterprise security
- Mobile code and agent security
- Network security
- New security paradigms
- Operating systems security
- Risk/vulnerability analysis, assessment and management
- Security in electronic voting systems
- Security of distributed systems
- Security of emerging technologies
- Security policies
- Secure programming
- Security in P2P and Grid computing
- Threats and information warfare
- Trust management
- User privacy and anonymity
- Viruses and other malicious code
- Wireless and ubiquitous computing security
For more information, please see
http://www.ssi.org.br/english/.
SWS 2006
1st Workshop on Secure Web Services,
Held in conjunction with the 13th ACM Conference on Computer and Communications Security (CCS 2006),
FairFax, VA, USA, November 3, 2006.
[posted here 5/26/06]
Basic security protocols for Web Services, such as XML Security, the
WS-* series of proposals, SAML, and XACML are the basic set of building
blocks enabling Web Services and the nodes of GRID architectures to
interoperate securely. While these building blocks are now firmly in place,
a number of challenges are still to be met for Web services and GRID nodes
to be fully secured and trusted, providing for secure communications
between cross-platform and cross-language Web services. Also, the current
trend toward representing Web services orchestration and choreography via
advanced business process metadata is fostering a further evolution of current
security models and languages, whose key issues include setting and managing
security policies, inter-organizational (trusted partner) security issues and
the implementation of high level business policies in a Web services
environment. The SWS workshop explores these challenges, ranging from
the advancement and best practices of building block technologies such as
XML and Web services security protocols to higher level issues such as
advanced metadata, general security policies, trust establishment, risk
management, and service assurance.
Topics of interest include, but are not limited to, the following:
- Web services and GRID computing security
- Authentication and authorization
- Frameworks for managing, establishing and assessing inter-organizational trust relationships
- Web services exploitation of Trusted Computing
- Semantics-aware Web service security and Semantic Web Secure orchestration of Web services
- Privacy and digital identities support
For more information, please see
http://liuppamdm.univ-pau.fr/sws06/.
DIM 2006
2nd Workshop on Digital Identity Management,
Held in conjunction with the 13th ACM Conference on Computer and Communications Security (CCS 2006),
FairFax, VA, USA, November 3, 2006.
[posted here 5/26/06]
The Second Workshop on Digital Identity Management will explore the relevance
of User Centric Identity Management as an organizing principle for digital
identity. It is designed to bring together practitioners, corporate researchers
and academics to explore the newly emerging “User Centric” technologies for
identity management. The goal of the workshop is to lay the foundation and
agenda for further research and development in this area. Under the broad
umbrella of user-centric identity, we are soliciting papers from researchers
and practitioners on topics including, (but not limited to):
- Basic principles – what makes an identity system user-centric?
- Client-hosted identity
- Consistent UI for identity transactions
- Identity lifecycle management
- Identity Metasystem
- Identity theft prevention
- Privacy-enhancing identity management
- Private Credentials
- Social networks
- Strong authentication
- Unlinkability of Transactions
- URI-based identity systems
For more information, please see
http://www2.pflab.ecl.ntt.co.jp/dim2006/.
VizSEC 2006
3rd Workshop on Visualization for Computer Security,
Held in conjunction with the 13th ACM Conference on Computer and Communications Security (CCS 2006),
FairFax, VA, USA, November 3, 2006.
[posted here 3/29/06]
In many applications, visualization has proven to be very effective to
understanding such high-dimensional data. Thus, there is a growing
interest in the development of visualization methods as alternative or
complementary solutions for pressing cybersecurity problems. Visualization
represents high-dimensional security data in 2D/3D graphics and animations
intended to facilitate quick inferences for situational awareness and/or
focusing of attention on potential security events. In order to promote
the highest intellectual exchange possible, we seek submissions in four
different paper categories, specifically: (1) Tool Update (1-2 pages),
(2) Short Paper (3-5 pages), (3) Long Paper (6-10 pages), and (4) Position
Paper (2-5 pages). All accepted papers will be published in hardcopy ACM
proceedings available the day of the workshop and as well as within the
ACM Digital Library. A list of potential topics includes, but is not
limited to, the following:
- visualization support for Internet security situational awareness
- visualization support for end user security
- visualization for ISP management support (highlighting security)
- visual authentication schemes (graphical passwords, biometrics)
- visualization to enable secure E-commerce
- visualization for secure transactions via web browsers
- visualization support for secure programming
- visualization support for security device management
- visualizing intrusion detection system alarms (NIDS/HIDS)
- visualizing worm/virus propagation
- visualizing routing anomalies
- feature selection
- forensic visualization
- visualizing network traffic for security
- dynamic attack tree creation (graphic)
- usability studies of security visualization tools
- visualizing large volume computer network logs
For more information, please see
http://www.projects.ncassr.org/sift/vizsec/vizsec06/.
STC 2006
1st Workshop on Scalable Trusted Computing,
Held in conjunction with the 13th ACM Conference on Computer and Communications Security (CCS 2006),
FairFax, VA, USA, November 3, 2006.
[posted here 5/26/06]
In a society increasingly dependent on networked information systems,
trusted computing plays a crucial role. Despite significant progress
in trusted computing components, the issue of scalability in trusted
computing and its impact on security are not well-understood. Consequently,
there is a dearth of practical solutions for trusted computing in large-scale
systems. Approaches suitable for small- or medium-scale trusted computing
systems might not be applicable to larger-scale scenarios.
This new workshop is focused on trusted computing in large-scale
systems -- those involving (at the very least) many millions of users
and thousands of third parties with varying degrees of trust.
The workshop is intended to serve as a forum for researchers as well as
practitioners to disseminate and discuss recent advances and emerging issues.
Topics of interest to the workshop include the following:
- models for trusted computing
- principles of trusted computing
- modeling of computing environments, threats, attacks and countermeasures
- limitations, alternatives and tradeoffs regarding trusted computing
- trust in authentications, users and computing services
- hardware based trusted computing
- software based trusted computing
- pros and cons of hardware based approach
- remote attestation of trusted devices
- censorship-freeness in trusted computing
- cryptographic support in trusted computing
- case study in trusted computing
- applications of trusted computing
- intrusion resilience in trusted computing
- access control for trusted computing
- trust of computing systems
- principles for handling scales
For more information, please see
http://www.cs.utsa.edu/~shxu/stc06/.
FMSE 2006
4th Workshop on Formal Methods in Security Engineering: From Specifications to Code,
Held in conjunction with the 13th ACM Conference on Computer and Communications Security (CCS-13),
Fairfax, VA, USA, November 3, 2006.
[posted here 5/26/06]
Information security has become a crucial concern for the commercial
deployment of almost all applications and middleware. Although this is
commonly recognized, the incorporation of security requirements in the
software development process is not yet well understood. The deployment of
security mechanisms is often ad hoc, without a formal security specification
or analysis, and practically always without a formal security validation of
the final product. Progress is being made, but there remains a wide gap
between high-level security models and actual code development.
We seek original research papers addressing foundational issues in formal
methods in security engineering. Topics covered include, but are not
limited to:
- security specification techniques
- formal trust models
- combination of formal techniques with semi-formal techniques such as UML
- formal analyses of specific security properties relevant to software development
- security-preserving composition and refinement of processes
- symbolic and computational models of security protocols
- integration of security aspects into formal development methods and tools
- access control policies
- information flow
- risk management and network security
- formal analysis of firewalls and intrusion detection systems
- trusted computing
- case studies
For more information, please see
http://www.cs.chalmers.se/~dave/FMSE06/.
WORM 2006
4th Workshop on Recurring Malcode,
Held in conjunction with the 13th ACM Conference on Computer and Communications Security (CCS-13),
Fairfax, VA, USA, November 3, 2006.
[posted here 5/15/06]
Internet-wide infectious epidemics have emerged as one of
the leading threats to information security and service availability.
Self-propagating threats, generally termed 'worms', exploit software
weaknesses, hardware limitations, Internet topology, and the open
Internet communication model to compromise large numbers of networked
systems. Internet worms are increasingly being used as delivery
mechanisms for malicious payloads such as spyware, phishing servers,
spam relays, and information espionage. Unfortunately, current
operational practices still face significant challenges in
containing these threats as evidenced by the rise in automated
botnet networks and the continued presence of worms released
years ago. This workshop provides a forum for exchanging
ideas, increasing understanding, and relating experiences
on self-propagating malicious software from a wide range of
communities, including academia, industry, and the government.
We are soliciting papers from researchers and practitioners on
subjects including, but not limited to:
- Automatic worm detection and characterization
- Reactive countermeasures
- Proactive defenses
- Detecting and disrupting botnets and malware command and control
- Threat assessment
- New threats and related challenges
- Measurement studies
- Testbeds & evaluation
- Reverse engineering
- Significant operational experiences
- Analysis of worm/botnet construction, current & future
- Modeling and analysis of propagation dynamics
- Forensic methods of attribution
For more information, please see
http://www.eecs.umich.edu/~farnam/worm2006.html.
CCS 2006
13th ACM Conference on Computer and Communications Security,
Alexandria, VA, USA, October 30 – November 3, 2006.
[posted here 3/15/06]
The conference seeks submissions from academia and industry
presenting novel research on all theoretical and practical
aspects of computer security, as well as case studies and
implementation experiences. Papers should have practical relevance
to the construction, evaluation, application, or operation of
secure systems. Theoretical papers must make convincing argument
for the practical significance of the results. Theory must be
justified by compelling examples illustrating its application.
The primary criterion for appropriateness for CCS is demonstrated
practical relevance. CCS may therefore reject perfectly good
papers that are appropriate for theory-oriented conferences.
Topics of interest include:
- anonymity
- access control
- secure networking
- accounting and audit
- trust models
- key management
- intrusion detection
- authentication
- smartcards
- security location services
- data and application security
- privacy-enhancing technology
- inference/controlled disclosure
- intellectual property protection
- digital rights management
- trust management policies
- phishing and countermeasures
- commercial and industry security
- security management
- database security
- applied cryptography
- peer-to-peer security
- security for mobile code
- cryptographic protocols
- data/system integrity
- information warfare
- identity management
- security in IT outsourcing
For more information, please see
http://www.acm.org/sigs/sigsac/ccs/CCS2006/.
StorageSS 2006
2nd Workshop on Storage Security and Survivability,
Held in conjunction with the 13th ACM Conference on Computer and Communications Security (CCS 2006),
Alexandria, VA, USA, October 30, 2006.
[posted here 5/26/06]
There has been an evolution of protection solutions mirrored in both
the security and survivability research communities: (1) from physical
protection solutions targeting people, (2) to system protection solutions
targeting networked-systems, (3) and now the new emerging paradigm of
information-centric solutions targeting the data itself. This workshop will
focus on stimulating new ideas in order to reshape storage protection strategies.
Clearly, storage security and survivability is a complex, multi-dimensional
problem that changes over time, so a large variety of approaches may be
appropriate including prevention, monitoring, measurements, mitigation,
and recovery. The StorageSS workshop aims to foster a greater exchange
between computer protection researchers/professionals and computer
storage researchers and professionals. A list of potential topics includes
but is not limited to the following:
- storage protection tradeoffs
- storage protection deployment (including case studies)
- smart storage for security/survivability
- analysis of covert storage channels
- storage leak analysis
- mobile storage protection
- novel backup protection techniques
- storage versioning protection techniques
- storage encryption techniques (both key mgmt and crypto algorithms)
- tamper-evident storage protection techniques
- immutable storage protection techniques; provenance
- storage threat models
- storage intrusion detection systems
- storage area network (SAN) security/survivability
- security/survivability for storage over a distance
- security/survivability with Internet storage service providers
- security for long-term / archival storage
- storage security/survivability in an HPC environment
- interaction of storage security/survivability and databases
- privacy issues in remote/hosted storage
For more information, please see
http://www.storagess.org/.
SASN 2006
4th ACM Workshop on Security of Ad Hoc and Sensor Networks,
Held in conjunction with the 13th ACM Conference on Computer and Communications Security (CCS 2006),
Alexandria, VA, USA, October 30, 2006.
[posted here 4/17/06]
Ad hoc and sensor networks are expected to become an integral
part of the future computing landscape.
However, these networks introduce new security challenges due
to their dynamic topology, severe resource constraints,
and absence of a trusted infrastructure. SASN 2006 seeks
submissions from academia and industry presenting novel research
on all aspects of security for ad hoc and sensor networks,
as well as experimental studies of fielded systems.
Topics of interest include, but are not limited to, the following
as they relate to mobile ad hoc networks or sensor networks:
- Security under resource constraints (e.g., energy, bandwidth,
memory, and computation constraints)
- Performance and security tradeoffs
- Secure roaming across administrative domains
- Key management
- Cryptographic Protocols
- Authentication and access control
- Trust establishment, negotiation, and management
- Intrusion detection and tolerance
- Secure location services
- Secure clock distribution
- Privacy and anonymity
- Secure routing
- Secure MAC protocols
- Denial of service
- Prevention of traffic analysis
For more information, please see
http://www.cse.psu.edu/~szhu/SASN2006/.
DRM 2006
6th Workshop on Digital Rights Management,
Held in conjunction with the 13th ACM Conference on Computer and Communications Security (CCS 2006),
Alexandria, VA, USA, October 30, 2006.
[posted here 5/26/06]
Digital Rights Management (DRM) is an area of pressing interest, as
the Internet has become the center of distribution for digital goods of
all sorts. The business potential of digital content distribution is huge,
as are its economic, legal and social implications. DRM, as a technical
interdisciplinary field, is at the heart of controlling the digital content
and assuring authorized, user friendly, safe, well-managed, automated, and
fraud-free distribution. The field of DRM combines cryptographic technology,
software and systems research, information and signal processing methods,
legal, social and policy aspects, as well as business analysis and economics.
Original papers on all aspects of Digital Rights Management are solicited
for submission to DRM 2006, the Sixth ACM Workshop on Digital Rights Management.
Topics of interest include but are not limited to:
- anonymous publishing
- architectures for DRM systems auditing
- business models for online content distribution
- computing environments and platforms for DRM systems
- copyright-law issues, including but not limited to fair use
- digital policy management
- implementations and case studies
- privacy and anonymity
- risk management
- robust identification of digital content
- security issues, including but not limited to authorization, encryption,
tamper resistance, and watermarking
- software related issues
- supporting cryptographic technology including but not limited to traitor tracing, broadcast encryption, obfuscation
- threat and vulnerability assessment
- concrete software patent cases
- usability aspects of DRM systems
- web services related to DRM systems
For more information, please see
http://www.titr.uow.edu.au/DRM2006/.
WPES 2006
5th Workshop on Privacy in the Electronic Society,
Held in conjunction with the 13th ACM Conference on Computer and Communications Security (CCS 2006),
Alexandria, VA, USA, October 30, 2006.
[posted here 5/26/06]
The need for privacy-aware policies, regulations, and techniques has been
widely recognized. This workshop discusses the problems of privacy in the global
interconnected societies and possible solutions.
The workshop seeks submissions from academia and industry presenting novel
research on all theoretical and practical aspects of electronic privacy,
as well as experimental studies of fielded systems. We encourage submissions
from other communities such as law and business that present these communities'
perspectives on technological issues. Topics of interest include, but are
not limited to:
- anonymity, pseudonymity, and unlinkability
- data correlation and leakage attacks
- electronic communication privacy
- information dissemination control
- privacy in health care and public administration
- privacy and confidentiality management
- personally identifiable information
- privacy-aware access control
- privacy in the digital business
- privacy enhancing technologies
- privacy policies
- privacy and anonymity on the Web
- privacy in the electronic records
- public records and personal privacy
- privacy and human rights
- privacy threats
- privacy and virtual identity
- privacy policy enforcement
- privacy and data mining
- privacy vs. security
- user profiling
- wireless privacy
- economics of privacy
For more information, please see
http://freehaven.net/wpes2006/.
QOP 2006
2nd Workshop on Quality of Protection,
Held in conjunction with the 13th ACM Conference on Computer and Communications Security (CCS 2006),
Alexandria, VA, USA, October 30, 2006.
[posted here 5/26/06]
The QoP Workshop intends to discuss how security research can progress
towards a notion of Quality of Protection in Security comparable to the
notion of Quality of Service in Networking, Software Reliability, or
Software Measurements and Metrics in Empirical Software Engineering.
Original submissions are solicited from industry and academic experts to
presents their work, plans and views related to Quality of Protection.
The topics of interest include but are not limited to:
- Case studies
- Security Risk Analysis
- Security Quality Assurance
- Measurement-based decision making and risk management
- Empirical assessment of security architectures and solutions
- Mining data from attacks and vulnerabilities repositories
- Security metrics
- Measurement theory and formal theories of security metrics
- Security measurement and monitoring
- Experimental verification and validation of models
- Simulation and statistical analysis, stochastic modelling
- Reliability analysis
For more information, please see
http://dit.unitn.it/~qop/.
WESII 2006
The Workshop on the Economics of Securing the Information Infrastructure,
Arlington, VA, USA, October 23-24, 2006.
[posted here 2/3/06]
Our information infrastructure suffers from decades-old vulnerabilities,
from the low-level algorithms that select communications routes to the
application-level services on which we are becoming increasingly
dependent. Are we investing enough to protect our infrastructure? How
can we best overcome the inevitable bootstrapping problems that impede
efforts to add security to this infrastructure? Who stands to benefit
and who stands to lose as security features are integrated into these
basic services? How can technology investment decisions best be
presented to policymakers?
We invite infrastructure providers, developers, social scientists,
computer scientists, legal scholars, security engineers, and especially
policymakers to help address these and other related questions.
Suggested topics (not intended to be comprehensive):
- The economics of deploying security into: The Domain Name System (DNS),
BGP & routing infrastrucure, Email & spam prevention, Programming languages,
Legacy code bases, User interfaces, and Operating systems
- Measuring the cost of adding security
- Models of deployment penetration
- Empirical studies of deployment
- Measuring/estimating damages
- Code origin authentication
- Establishing roots of trust
- Identity management infrastructure
- Data archival and warehousing infrastructure
- Securing open source code libraries
- Adding security to/over existing APIs
- Liability and legal issues
- Internet politics
- Antitrust Issues
- Privacy Issues
For more information, please see
http://wesii.econinfosec.org/.
IWSEC 2006
1st International Workshop on Security,
Kyoto, Japan, October 23-24, 2006.
[posted here 3/6/06]
Information society based on a cyber space is facing now to
the diverse threats due to the complexity of its structure in
terms of networking, middleware, agents, P2P applications and
ubiquitous computing with such diverse as commercial, personal,
communal and public usage. What is needed with security research
is to look at the issues from the interdisciplinary viewpoints.
Papers may present theory, applications or practical experiences
on topics including, but not limited to:
- Fundamental Tools for Information Security
- Network and Distributed Systems Security
- Privacy Enhancing Technology
- Secure Living and Working Environments
- Security in Commerce and Government
- Security Management
- Software and System Security
- Protection of Critical Infrastructures
- Testing, Verification and Certification
- Law, Policy, Ethics and Related Technologies
For more information, please see
http://www.iwsec.org/.
CMS 2006
10th Joint IFIP TC6 and TC11 Open Conference on Communications and Multimedia Security,
Heraklion, Greece, October 19-21, 2006.
[posted here 3/27/06]
CMS’2006 is the 10th Conference in the “Communications and Multimedia
Security” series. The series is a joint effort of IFIP Technical
Committees TC6 (Communication Systems) and TC11 (Security and Protection
in Information Processing Systems). The conference provides a forum for
engineers and scientists in information security. State-of-the-art issues
as well as practical experiences and new trends in the areas will be the
topics of interest again, as proven by preceding conferences. This year
the conference will address in particular network and information security
issues. We solicit papers describing original ideas and research results on
topics that include, but are not limited to:
- Applied cryptography
- Biometrics
- Computer emergency / security incident response
- Multimedia systems security
- Critical Information Infrastructure Protection
- Privacy protection
- Digital watermarking
- Identification and authentication
- Identity management
- Information security management
- Intrusion detection
- Mobile communication security
- Network and Information Security
- Risk Management
- Web Services Security
- Wireless Network Security
For more information, please see
http://www.ics.forth.gr/cms06.
NordSec 2006
11th Nordic Workshop on Secure IT-systems,
Linköping, Sweden, October 19-20, 2006.
[posted here 2/13/06]
The NordSec workshops started in 1996 with the aim of bringing
together researchers and practitioners within computer security
in the Nordic countries. The theme of the workshop has been
applied security, i.e. all kinds of security issues that could
encourage interchange and cooperation between the research
community and the industrial/consumer community.
Possible topics include, but are not limited to the following:
- Anonymity and Privacy
- Applied Cryptography
- Computer Crime
- Information Warfare
- E-and M-Business Security
- Inter/Intra/Extranet Security
- Intrusion Detection
- Language-Based Security
- New Firewall Technologies
- New Ideas and Paradigms for Security
- Operating System Security
- Phishing and Anti-Phishing
- PKI and Key Escrow
- Privacy-Preserving Data-Mining
- Security Education and Training
- Security Evaluations and Measurements
- Security Management and Audit
- Security of Commercial Products
- Security Models
- Security Protocols
- Smart Card Applications
- Software Security
- Web Services Security
- Wireless Communication Security
- Trust and trust management
For more information, please see
http://www.ida.liu.se/conferences/nordsec06/.
IMF 2006
International Conference on IT-Incident Management & IT-Forensics,
Stuttgart, Germany, October 18 - 19, 2006.
[posted here 3/20/06]
In order to advance the fields of IT-Incident Management and Forensics,
IMF aims at bringing together experts from throughout the world, to
discuss state of the art in the areas of Incident Management and
IT-Forensics (IMF). IMF promotes collaboration and exchange of ideas
between industry, academia, law-enforcement and other government
bodies. The scope of IMF 2006 is broad and includes, but is not
restricted to the following areas:
IT-Incident Management:
- Purposes of IT-Incident Management
- Trends, Processes and Methods in Incident Management
- Formats and Standardisation in Incident Management
- Tools for Incident Management
- Education and Training in the field of Incident Management Awareness
- Determination, Detection and Evaluation of Incidents
- Procedures for Handling Incidents
- Problems and Challenges while establishing CERTs/ CSIRTs
- Sources of Information/ Information Exchange/ Communities
- Dealing with Vulnerabilities (vulnerability response)
- Current Threats
- Early Warning Systems
- Organisations (Nat. CERT-Associations, FIRST, TERENA/ TI, TF-CSIRT)
IT-Forensics:
- Trends and Challenges within IT-Forensics
- Methods, Processes and Applications for IT-Forensics
(Networks, Operating Systems, Storage Media, ICT-Systems etc.)
- Evidence Protection in IT-Environments
- Standardisation of Evidence Protection Processes
- Data Protection- and other legal implications for IT-Forensics
- Investigation Methods and Processes
- Juristic Relevance of IT-Forensic Investigations
- Tools for IT-Forensics
- Forensic readiness
For more information, please see
http://www.imf-conference.org/.
WSNS 2006
2nd International Workshop on Wireless and Sensor Networks Security,
Held in conjunction with the 3rd IEEE International Conference on Mobile Ad-hoc and Sensor Systems (MASS 2006),
Vancouver, Canada, October 9-12, 2006.
[posted here 5/1/06]
Wireless networks have experienced an explosive growth during the
last few years. Nowadays, there is a large variety of networks spanning from
the well-known cellular networks to non-infrastructure wireless networks
such as mobile ad hoc networks and sensor networks. Security issue is a
central concern for achieving secured communication in these networks.
This one day workshop aims to bring together researchers and practitioners
from wireless and sensor networking, security, cryptography, and
distributed computing communities, with the goals of promoting
discussions and collaborations. We are interested in novel research
on all aspects of security in wireless and sensor networks and tradeoff
between security and performance such as QoS, dependability, scalability,
etc. Topics of interest include, but are not limited to:
- Authentication and Access Control
- Cryptographic Protocol
- Experimental Studies
- Key Management
- Information Hiding
- Intrusion Detection and Response
- Privacy and Anonymity
- Secure Localization and Synchronization
- Security and Performance tradeoff
- Security Policy and Enforcement Issues
- Security Protocols Design, Analysis and Verification
- Secure Routing/MAC
- Surveillance and Monitoring
- Trust Management
For more information, please see
http://www.cs.wcupa.edu/~zjiang/wsns06.htm.
ICS 2006
Workshop on Information and Computer Security,
Held in conjunction with the 8th International Symposium on
Symbolic and Numeric Algorithms for Scientific Computing (SYNASC 2006),
Timisoara, Romania, September 29-30, 2006.
[posted here 5/15/06]
The ICS 2006 Workshop is intended as an international forum for
researchers in all areas of information and computer security. Submissions
of papers presenting original research are invited for the following
workshop tracks:
Formal methods in security
- Decidability and complexity
- Language-based security
- Security models
- Security protocols
- Security verification
Security policies and services
- Authentication
- Anonymity and privacy
- Electronic voting
- Information flow
- Intrusion detection
- Resource usage control
- Security for mobile computing
- Trust management
Cryptology
- Protocols that provide services in application fields
such as e-government, and that are simple enough (or so
precisely defined) as to serve as reasonable targets for
formal analysis tools;
- Cryptographic primitive implementations that can be formally analyzed;
- Work on combinatorial optimization problems that arise in cryptographic
applications and that can be approximately solved using
techniques from formal modeling.
For more information, please see
http://ics.ieat.ro/.
WiSe 2006
ACM Workshop on Wireless Security,
Held in conjunction with ACM MobiCom 2006,
Los Angeles, California, USA, September 29, 2006.
[posted here 5/1/06]
The objective of this workshop is to bring together
researchers from research communities in wireless networking, security,
applied cryptography, and dependability; with the goal of fostering
interaction. With the proliferation of wireless networks, issues related
to secure and dependable operation of such networks are gaining
importance. Topics of interest include, but are not limited to:
- Key management in wireless/mobile environments
- Trust establishment
- Computationally efficient primitives
- Intrusion detection, detection of malicious behavior
- Revocation of malicious parties
- Secure PHY/MAC protocols
- Denial of service
- User privacy, location privacy
- Anonymity, prevention of traffic analysis
- Dependable wireless networking
- Identity theft and phishing in mobile networks
- Charging in wireless networks
- Cooperation in wireless networks
- Vulnerability modeling
- Incentive-aware secure protocol design
- Security in vehicular networks
- Jamming
- Cross-layer design for security
- Monitoring and surveillance
For more information, please see
http://www.ee.washington.edu/research/nsl/wise2006.
SKM 2006
2nd Secure Knowledge Management Workshop,
Brooklyn, NY, USA, September 28-29, 2006.
[posted here 6/15/06]
Knowledge management is the methodology for systematically
gathering, organizing, and disseminating knowledge. It
essentially consists of processes and tools to effectively capture
and share knowledge as well as use the knowledge of individuals
within an organization. Knowledge Management Systems (KMS) promote
sharing information among employees and require security mechanisms
to prevent unauthorized access and misuse. Security is a major issue
revolving around KMS. Topics of interest include, and are not limited to:
- Developing access controls and policies for knowledge management
- Statistical data mining techniques under security and privacy constraints
- Methods for measuring security effectiveness
- Design techniques for secure knowledge systems
- Integration for data management, information management and knowledge management
- Inference control policies for sensitive knowledge manipulation
- Secure knowledge query manipulation languages
- Security and privacy assertion markup languages
- B2B circles of trust
- Return on investment in secure knowledge systems
- Digital policy management
- Secure content management
- Knowledge management for national security
- Security and privacy in knowledge management
- Network security in the context of knowledge management
- Economic issues in securing knowledge
- Trust management
- Human factors in knowledge management
- Security, privacy and economic issues in information sharing
- Intersection of knowledge and security policy management
For more information, please see
http://www.cs.stonybrook.edu/skm2006.
VietCrypt 2006
1st International Conference on Cryptology in Vietnam,
Hanoi, Vietnam, September 25-28, 2006.
[posted here 4/3/06]
Cryptology, the science of information protection blending pure
computing theory with practical aspects, has been a strongly
expanding research area over the last few years. VietCrypt 2006 will
provide an international forum on cryptology for the first time in
Vietnam. It is an opportunity for scientists, researchers, entrepreneurs,
government officers and implementers to exchange novel ideas,
new results and practical experiences. Original papers on all
technical aspects of cryptology are solicited for submission.
For more information, please see
http://www.vietcrypt.org/.
SETA 2006
4th International Conference on Sequences and Their Applications,
Beijing, China, September 24-28, 2006.
[posted here 2/20/06]
Original papers on all technical aspects of
sequences and their applications in communications, cryptography,
and combinatorics are solicited for submission to SETA'06.
Topics of this conference include, but are not limited to,
the following::
- Randomness of sequences
- Correlation (periodic and aperiodic types) and combinatoric aspects of sequences
- Sequences with applications in error-correcting codes
- Sequences over finite fields/rings/function fields, and arrays
- Nonlinear feedback shift register sequences
- Sequences for radar distance range, synchronization, identification,
and hardware testing
- Sequences for wireless CDMA systems, low probability interception,
and spread spectrum communication
- Pseudorandom sequence generators for stream ciphers
- Correlation and transformations of boolean functions
- Pseudorandom number/function generators and their randomness extraction
For more information, please see
http://www.aegean.gr/ISC06.
ESAS 2006
3rd European Workshop on Security and Privacy in Ad hoc and Sensor Networks,
Held in conjunction with the European Symposium on Research in Computer
Security (ESORICS 2006),
Hamburg, Germany, September 20-21, 2006.
[posted here 3/13/06]
The vision of ubiquitous computing has generated a lot of
interest in wireless ad hoc and sensor networks. However,
besides their potential advantages, these new generations
of networks also raise some challenging problems with
respect to security and privacy. The aim of this workshop
is to bring together the network security, cryptography,
and wireless networking communities in order to discuss
these problems and to propose new solutions. The third
ESAS workshop seeks submissions that present original
research on all aspects of security and privacy in wireless
ad hoc and sensor networks. Submission of papers based on
work-in-progress is encouraged. Topics of interest include,
but are not limited to the following:
- Privacy and anonymity
- Prevention of traffic analysis
- Location privacy
- Secure positioning and localization
- Secure MAC protocols
- Secure topology control
- Secure routing
- Secure context aware computing
- Secure in-network processing
- Attack resistant data aggregation
- Cooperation and fairness
- Key management
- Trust establishment
- Embedded security
- Cryptography under resource constraints
- Distributed intrusion detection
For more information, please see
http://www.crysys.hu/ESAS2006/.
STM 2006
2nd International Workshop on Security and Trust Management,
Held in conjunction with ESORICS 2006,
Hamburg, Germany, September 20, 2006.
[posted here 4/12/06]
STM 2006, sponsored by the Security and Trust Management working
group of ERCIM (European Research Consortium in Informatics and
Mathematics, is the second workshop in this series.
The primary focus is on high-quality original
unpublished research, case studies, and implementation experiences.
We encourage submissions discussing the application and deployment
of security technologies in practice. Topics of interest include but
are not limited to:
- semantics and computational models for security and trust
- security and trust management architectures, mechanisms and policies
- networked systems security
- privacy and anonymity
- Identity management
- ICT for securing digital as well as physical assets
- cryptography
For more information, please see
http://www.hec.unil.ch/STM06.
NSPW 2006
New Security Paradigms Workshop,
Schloss Dagstuhl, Germany, September 18-21, 2006.
[posted here 1/24/06]
NSPW is a unique workshop that is devoted to the critical
examination of new paradigms in security. Each year, since 1995,
we examine proposals for new principles upon which information
security can be rebuilt from the ground up. We conduct
extensive, highly interactive discussions of
these proposals, from which we hope both the audience and the authors
emerge with a better understanding of the strengths and weaknesses
of what has been discussed.
NSPW aspires to be the philosophical and intellectual
breeding ground from which a revolution in the science of
information security will emerge.
We solicit and accept papers on any topic in information
security subject to the following caveats:
- Papers that present a significant shift in thinking about
difficult security issues are welcome.
- Papers that build on a recent shift are also welcome.
- Contrarian papers that dispute or call into question accepted
practice or policy in security are also welcome.
- We solicit papers that are not technology-centric, including
those that deal with public policy issues and those that deal with
the psychology and sociology of security theory and practice.
- We discourage papers that represent established or completed
works as well as those that substantially overlap other submitted
or published papers.
- We discourage papers which extend well-established security
models with incremental improvements.
- We encourage a high level of scholarship on the part of
contributors. Authors are expected to be aware of related prior
work in their topic area, even if it predates Google. In the
course of preparing an NSPW paper, it is far better to read an
original source than to cite a text book interpretation of it.
For more information, please see
http://www.nspw.org.
ACEIS 2006
1st Annual Conference on Education in Information Security,
Ames, IA, USA, September 18-19, 2006.
[posted here 3/27/06]
May 2006 will mark the seventh year of the National Centers of
Academic Excellence in Information Assurance Education program.
With 67 centers now in operation in the United States as well as
many efforts internationally, it is time for educators, students,
and employers to join in a scholarly, peer-reviewed effort to
discuss unmet needs, exchange ideas, pedagogical methods, research,
and future plans for education in information security.
The goals of ACEIS '06 are: (1) Disseminate new information assurance
educational research and scholarship and (2) Build a community interested
in information security education across all levels of pedagogy
(K-12 through postgraduate). Example Areas of Interest:
- Educational Methods in Infosec and Assurance
- Instructional theory and methods applied to Infosec and Assurance education
- Student Assessment
- Hardware and Software Tools
- Curricula in Infosec and Assurance
- Papers addressing the body of knowledge in Infosec and Assurance
- Curriculum models for Infosec and Assurance in different disciplines
- Innovative programs or classes
- Industry/government needs in education
- Evaluation and research in Infosec and Assurance Education
- Models for evaluating curricula, courses, instructional methods and students
- Research studies in teaching/learning in Infosec and Assurance
- Panels discussing controversial or timely issues in the area
For more information, please see
http://www.aceis.org/.
ESORICS 2006
11th European Symposium On Research In Computer Security,
Hamburg, Germany, September 18-20, 2006.
[posted here 2/3/06]
Papers offering novel research contributions in any aspect of
computer security are solicited for submission to the Eleventh
European Symposium on Research in Computer Security (ESORICS 2006).
Topics include, but are not limited to:
- access control
- accountability
- applied cryptography
- authentication
- covert channels
- cryptographic protocols
- cybercrime
- data and application security
- denial of service attacks
- digital rights management
- distributed trust management
- formal methods in security
- identity management
- inference control
- information assurance
- information dissemination controls
- information flow controls
- information warfare
- intellectual property protection
- intrusion tolerance
- language-based security
- network security
- peer-to-peer security
- privacy-enhancing technology
- secure electronic commerce
- security as quality of service
- security evaluation
- security management
- security models
- security requirements engineering
- smartcards
- subliminal channels
- system security
- trust models
- trustworthy user devices
For more information, please see
http://www.esorics06.tu-harburg.de/.
LSAD 2006
ACM SIGCOMM workshop on Large Scale Attack Defense,
Held in conjunction with ACM SIGCOMM 2006,
Pisa, Italy, September 11, 2006.
[posted here 3/13/06]
In recent years, we have seen an increasing number of large-scale
attacks, such as severe worms and DDoS attacks, threatening our
systems and networks. Especially, fast spreading attacks present
a serious challenge to today's attack defense systems. Speed,
frequency, and damage potential of these attacks call for automated
response systems. Research in automated defense systems for Internet-wide
attacks is focused on large-scale monitoring infrastructures, such as network
telescopes and honeynets; intrusion detection approaches, such as memory
tainting, network anomaly detection, automated defense strategies, such as
signature generation distribution; and identification and analysis of
future threats, such as obfuscation methods and novel spreading
techniques. The goal of this one day workshop is to explore new directions
in monitoring, analysis, and automated defense systems for existing and
future large-scale attacks. We invite experts from academia and industry,
to discuss and exchange ideas in a broad range of topics.
We are soliciting original papers on topics (including, but not limited
to) listed below.
- Automated attack detection and classification
- Monitoring and measurement studies
- Anomaly detection
- Reactive and proactive defense systems
- Modelling and analysis of propagation dynamics
- Future challenges for attack defense systems
- Vulnerability assessment methods
- Countermeasure evaluation methods
- Honeypot infrastructures
- Honeypot detection and counter-detection
- Forensics
- Malcode analysis
For more information, please see
http://www.acm.org/sigs/sigcomm/sigcomm2006/php/?lsad.
TrustBus 2006
3rd International Conference on Trust, Privacy and Security of Digital Business,
Held in conjunction with the 17th International Conference on Database
and Expert Systems Applications (DEXA 2006),
Krakow, Poland, September 4-8, 2006.
[posted here 11/24/05]
TrustBus’06 will bring together researchers from different disciplines,
developers, and users all interested in the critical success factors
of digital business systems.
We are interested in papers, work-in-progress reports, and industrial
experiences describing advances in all areas of digital business
applications related to trust and privacy, including, but not limited to:
- Anonymity and pseudonymity in business transactions
- Business architectures and underlying infrastructures
- Common practice, legal and regulatory issues
- Cryptographic protocols
- Delivery technologies and scheduling protocols
- Design of businesses models with security requirements
- Economics of Information Systems Security
- Electronic cash, wallets and pay-per-view systems
- Enterprise management and consumer protection
- Identity and Trust Management
- Intellectual property and digital rights management
- Intrusion detection and information filtering
- Languages for description of services and contracts
- Management of privacy & confidentiality
- Models for access control and authentication
- Multimedia web services
- New cryptographic building-blocks for e-business applications
- Online transaction processing
- PKI & PMI
- Public administration, governmental services
- P2P transactions and scenarios
- Real-time Internet E-Services
- Reliability and security of content and data
- Reliable auction, e-procurement and negotiation technology
- Reputation in services provision
- Secure process integration and management
- Security and Privacy models for Pervasive Information Systems
- Security Policies
- Shopping, trading, and contract management tools
- Smartcard technology
- Transactional Models
- Trust and privacy issues in mobile commerce environments
- Usability of security technologies and services
For more information, please see
http://www.icsd.aegean.gr/trustbus06/.
WENS 2006
Workshop on Enterprise Network Security,
held in conjunction with IEEE Communications Society/CreateNet SecureComm 2006,
Baltimore, MD, USA, September 1, 2006.
[posted here 5/15/06]
The introduction of networking to the enterprise has introduced an
explosion of new productivity. However, the connectivity offered by
networking has also introduced significant security issues that can no
longer be easily addressed by control of physical access. Specifically,
management and monitoring of the security or health of internal
LAN/MAN-side services on an enterprise network can often consume
significant portions of the IT resource budget. The focus of this
workshop is to provide a forum for the exploration of issues unique to
the enterprise network. Topics for the workshop include
but are not limited to:
- Network risk assessment
- Rogue device detection (wireless APs)
- Trust inference
- Security visualization
- Security and grid computing
- Obfuscation and privacy mechanisms over the grid
- Intrusion dataset creation
- Case studies
- Security testbeds
For more information, please see
http://gipse.cse.nd.edu/WENS06.
ISC 2006
9th Information Security Conference, Pythagoras, Greece, August 30 - September 2, 2006.
[posted here 11/26/05]
ISC is an annual international conference covering research in
and applications of Information Security. ISC aims to attract
high quality papers in all technical aspects of information security.
Topics of interest include, but are not limited to, the following:
- Access Control
- Accounting and Audit
- Anonymity and Pseudonymity
- Applied Cryptography
- Authentication and Non-repudiation
- Biometrics
- Cryptographic Protocols
- Database and System Security
- Design and Analysis of Cryptographic Algorithms
- Digital Rights Management
- eCommerce, eBusiness and eGovernment Security
- Foundations of Computer Security
- Grid Security
- Identity and Trust Management
- Information Flow
- Information Hiding and Watermarking
- Infrastructure Security
- Intrusion Detection and Prevention
- Mobile, Ad Hoc and Sensor Network Security
- Network and Wireless Network Security
- Peer-to-Peer Network Security
- PKI and PMI
- Privacy
- Security and Privacy Economics
- Security and Privacy in IT Outsourcing
- Security and Privacy in Pervasive and Ubiquitous Computing
- Security Verification
- Security for Mobile Code
- Security Modeling and Architecture
- Trusted Computing
- Security Models for Ambient Intelligence environments
- Usable Security
For more information, please see
http://www.aegean.gr/ISC06.
SecureComm 2006
2nd IEEE Communications Society/CreateNet International Conference on
Security and Privacy for Emerging Areas in Communication Networks,
Baltimore, MD, USA, August 28 - September 1, 2006.
[posted here 1/16/06]
The scope of Securecomm 2006 has been broadened since the inaugural
2005 event. Topics of interest encompass research advances in ALL
areas of secure communications and networking.
Topics in other areas (e.g., formal methods, database security,
secure OS/software, theoretical cryptography, e-commerce) will
be considered only if a clear connection to privacy and/or
security in communication/networking is demonstrated.
Presentations reporting on cutting-edge research results are
supplemented by panels on controversial issues and invited talks on
timely and important topics.
Areas of interest include, but ARE NOT limited to, the following:
- Security & Privacy in Wired, Wireless, Mobile, Hybrid, Sensor,
Ad Hoc networks
- Network Intrusion Detection and Prevention, DoS Countermeasures
- Firewalls, Routers, Filters and Malware detectors
- Public Key Infrastructures and Other Security Architectures
- Secure Web Communication
- Communication Privacy and Anonymity
- Secure/Private E-commerce
- Secure Routing, Naming/Addressing, Network Management
- Security & Privacy in Pervasive and Ubiquitous Computing, e.g., RFIDs
For more information, please see
http://www.securecomm.org.
SECOVAL 2006
2nd IEEE SECURECOMM SECOVAL Workshop: The Value of Security through Collaboration,
Held in conjunction with IEEE/CREATE-NET SECURECOMM 2006,
Baltimore, MD, USA, August 28 - September 1, 2006.
[posted here 3/20/06]
Security is usually centrally managed, for example in a form
of policies duly executed by individual nodes. The SECOVAL workshop
covers the alternative trend of using collaboration and trust to
provide security. Instead of centrally managed security policies,
nodes may use specific knowledge (both local and acquired from other
nodes) to make security-related decisions.
For example, in reputation-based schemes, the reputation of a
given node (and hence its security access rights) can be determined
based on the recommendations of peer nodes.
As systems are being deployed on ever-greater scale without
direct connection to their distant home base, the need for
self-management is rapidly increasing. Interaction after interaction,
as the nodes collaborate, there is the emergence of a digital
ecosystem. By guiding the local decisions of the nodes,
for example, with whom the nodes collaborate, global properties
of the ecosystem where the nodes operate may be guaranteed. Thus,
the security property of the ecosystem may be driven by self-organising
mechanisms. Depending on which local collaboration is preferred,
a more trustworthy ecosystem may emerge.
Topics of interest to the workshop include, but are not limited to:
- Approaches to security through collaboration
- Specificities of security through collaboration
- Trust methodologies, models and metrics
- Interoperability and standardization of trust metrics
- Value and meaning of trust
- Trust-based security decision process
- Security based on reputation and recommendations
- Self-organisation mechanisms for a more secure digital ecosystem
- The role of emergence in dynamic trust models
- Collaborative autonomic computing
- Value and models of networks of collaborators and information sharing
- Threat and risk analysis of security through collaboration
- Attacks due to collaboration and mitigation of these attacks
- Technical trust of the underlying infrastructure used for deployment
- Costs and benefits of trust and collaboration based security compared to other models
- Privacy and legal aspects of security through collaboration
For more information, please see
http://www.trustcomp.org/secoval/.
SBSEG 2006
6th Brazilian Symposium on Information and Computer Systems Security,
Santos, Brazil, August 28 - September 01, 2006.
[posted here 2/27/06]
The 6th Brazilian Symposium on Information and Computer System
Security is an annual event promoted by the Brazilian Computer Society
(SBC). Its main goal is to provide a forum for presenting new research
ideas and other relevant activities in the area of information systems
security. Topics of interest for SBSeg 2006 include but are not
limited to the following:
- cryptographic algorithms and techniques
- legal aspects of data and systems security
- audit and system security assessment
- biometry
- software assurance
- electronic commerce
- computational forensics
- mobile devices, embedded systems and wireless networks
- cryptographic hardware, RFID devices, smart cards
- public-key infrastructure
- data integrity and data confidentiality
- contingency planning and disaster recovery
- autentication techniques
- access control models and techniques
- digital TV, and multimedia content
- standardization
- software piracy
- security policy
- security protocols
- security in grids, P2P and overlay networks
- security in middleware (Java RMI, J2EE, CorbaSec, .Net)
- security in web services (WS-Security, SOAP, XML, XACML)
- distributed systems security
- operating systems security
- secure systems development techniques
- firewall technology
- intrusion detection and other vulnerabilities
- electronic voting
- virus, worms and malicious codes
For more information, please see
http://www.unisantos.br/sbseg2006/english/.
CERTSOFT 2006
International Workshop on Software Certification,
Ontario, Canada, August 26-27, 2006.
[posted here 5/15/06]
Software is currently used to control medical devices,
automobiles, aircraft, manufacturing plants, nuclear
generating stations, space exploration systems, elevators,
electric motors, automated trains, banking transactions,
telecommunications devices and a growing number of devices
in industry and in our homes. Software is also mission critical
for many organizations, even if the software does not control
what happens. Clearly, many of these systems have the potential
to cause physical harm if they malfunction. Even if they do not
cause physical harm, their malfunctions are capable of causing
financial and political chaos. Currently there is no consistent
regulation of software, and society is starting to demand that
software used in critical systems must meet minimum safety,
security and reliability standards. Manufacturers of these
systems are in the unenviable position of not having any clear
guidelines as to what may be regarded as acceptable standards
in these situations. Even where the systems are not mission
critical, software producers and their customers are becoming
interested in methods for assuring quality that may result in
software supplied with guarantees. The purpose of the workshop
is to discuss issues related to software certification.
Possible topics include:
- What is software certification, and what is its relation to system
certification?
- Methods, processes, and tools for developing certified software
- Certifying safety-critical applications
- Certifying embedded systems
- Certifying non-critical but commercially significant applications
- Certification of software components
- Developing standards based on experimental analysis of methods
- Formalization of Regulatory Requirements for Software
- Repositories of assured/verified/validated software components
- Using the Common Criteria for IT Security Evaluation as a model
- Standardization of certification methods used in different industries
- Evolutionary and incremental certification
For more information, please see
http://fm06.mcmaster.ca/certsoft.
NIST-CHW 2006
2nd Cryptographic Hash Workshop,
Santa Barbara, California, USA, August 24-25, 2006.
[posted here 2/27/06]
In response to the SHA-1 vulnerability that was announced in Feb. 2005,
NIST held a Cryptographic Hash Workshop on Oct. 31-Nov. 1, 2005 to solicit
public input on its cryptographic hash function policy and standards. NIST
continues to recommend a transition from SHA-1 to the larger approved hash
functions (SHA-224, SHA-256, SHA-384, and SHA-512). In response to the
workshop, NIST has also decided that it would be prudent in the long-term
to develop an additional hash function through a public competition,
similar to the development process for the block cipher in the Advanced
Encryption Standard (AES). Before initiating the competition, NIST plans
to host several more public
workshops that will focus on hash function research. The next workshop
will be held on August 24-25, 2006, in conjunction with Crypto 2006, with
the following goals:
- Explore potential mathematical principles and structures that can
provide the foundation for cryptographic hash functions;
- Foster accelerated research on the analysis of hash functions,
especially the SHA-2 hash functions;
- Survey the uses of hash functions, and investigate the properties that
are assumed, used, or needed. Identify and articulate the required or
desirable properties for future hash functions.
Topics for submissions should include, but are not limited to, the following:
Mathematical Foundations
- Iterative structures, i.e., Damgård-Merkle or alternatives
- Compression function constructions, e.g. Davies-Meyer
- Hashing modes, e.g. randomized hashing or keyed hashing
- Formal properties
Analysis and Design
- Analysis and design of hash functions and their components
- New cryptanalytic techniques against hash functions
- Security report on existing hash functions, especially SHA-2
- Tools for designing and analyzing compression functions
- Provable properties of compression functions, e.g., reductions to
hard problems.
Practical Uses and Pitfalls
- Uses of hash functions in applications and protocols
- Properties of hash functions that are assumed, required, or
obtained in practice
- Vulnerabilities of hash functions caused by unexpected properties
or misuse
- Desirable properties for future hash functions
For more information, please see
http://www.nist.gov/hash-function.
DFRWS 2006
6th Annual Digital Forensic Research Workshop,
Lafayette, Indiana, USA, August 14-16, 2006.
[posted here 3/13/06]
The purpose of this workshop is to bring together researchers,
practitioners, and educators interested in digital forensics.
We welcome the participation of people in industry, government,
law enforcement, and academia who are interested in advancing the
state of the art in digital forensics by sharing their results,
knowledge, and experiences. The accepted papers will be published
in printed proceedings. We are looking for research papers, demo
proposals, and panel proposals. Major areas of interest include,
but are not limited to, the following topics:
- Incident response and live analysis
- OS and application analysis
- Multimedia analysis
- File system analysis
- Memory analysis
- Network analysis
- Data hiding and recovery
- Event reconstruction
- Large-scale investigations
- Data mining techniques
- Automated searching
- Tool testing and development
- Digital evidence storage formats
- Digital evidence and the law
- Traceback and attribution
- Physical media analysis
- Case studies and trend reports
- Non-traditional approaches to forensic analysis
For more information, please see
http://www.dfrws.org.
SecUbiq 2006
2nd International Workshop on Security in Ubiquitous Computing Systems,
Seoul, Korea, August 1-4, 2006.
[posted here 11/29/05]
Ubiquitous computing technology provides an environment where
users expect to access resources and services anytime and anywhere.
The serious security risks and problems arise because resources
can now be accessed by almost anyone with a mobile device in such
an open model. The security threats exploited the weakness of protocols
as well as operating systems, and also extended to attack ubiquitous
applications. The security issues, such as authentication, access
control, trust management, privacy and anonymity, etc., should be
fully addressed. This workshop provides a forum for academic
and industry professionals to discuss recent progress in the area
of ubiquitous computing system security, and includes studies
on analyses, models and systems, new directions, and novel
applications of established mechanisms approaching the risks and
concerns associated with the utilization and acceptance of
ubiquitous computing devices and systems.
Topics: Topics of interest include, but are not limited to:
- Access control
- Ad hoc and sensor network security
- Buffer overflows
- Commercial and industrial security
- Cryptographic algorithms and protocols
- Data privacy and trustiness
- Digital signatures
- Distributed denial of service attacks
- Information hiding and multimedia watermarking in distributed systems
- Internet and web security
- Intrusion detection and protection systems
- Key management and authentication
- Mobile codes security
- Network security issues and protocols
- Privacy and anonymity
- Privacy issues in the use of smart cards and RFID systems
- Security in e-commerce and e-business and other applications
- Security in P2P networks and Grid computing
- Security in distributed and parallel systems
- Software security
- Trust management
For more information, please see
http://www.sitacs.uow.au/secubiq06/.
DBSEC 2006
20th Annual IFIP WG 11.3 Working Conference on Data and Applications Security,
Sophia Antipolis, France, July 31-August 2, 2006.
[posted here 12/16/05]
The conference provides a forum for presenting original
unpublished research results, practical experiences, and
innovative ideas in data and applications security. Papers and
panel proposals are solicited. The conference is limited to about
forty participants so that ample time for discussion and
interaction may occur. Proceedings will be published by Springer
as the next volume in the Research Advances in Database and
Information Systems Security series.
Papers may present theory, techniques, applications, or practical
experience on topics of interest of IFIP WG11.3:
- Access Control
- Application level attacks and intrusion detection
- Applied cryptography in data security
- Identity theft and countermeasures
- Integrity maintenance
- Intrusion tolerance and trusted recovery
- Knowledge discovery and privacy
- Organizational security
- Privacy and privacy-preserving data management
- Secure transaction processing
- Security assessment, planning and administration
- Secure information integration
- Secure sensor information processing
- Threats, vulnerabilities, and risk management
- Trust management
- Web services/application security
- Secure Semantic Web
Additional topics of interest include but not limited to:
Critical Infrastructure Protection, Cyber Terrorism, Information
Warfare, Database Forensics, Electronic Commerce Security, and
Security in Digital Health Care.
For more information, please see
http://cimic.rutgers.edu/ifip113/2006/.
USENIX Security 2006
15th USENIX Security Symposium, Vancouver, B.C., Canada, July 31–August 4, 2006.
[posted here 10/10/05]
The USENIX Security Symposium brings together researchers,
practitioners, system administrators, system programmers, and others
interested in the latest advances in the security of computer systems
and networks.
All researchers are encouraged to submit papers covering novel
and scientifically significant practical works in security or
applied cryptography.
The Symposium will span five days: a training program will be
followed by a two and one-half day technical program, which will include
refereed papers, invited talks, Work-in-Progress reports, panel
discussions, and Birds-of-a-Feather sessions. New in 2006, a workshop,
titled Hot Topics in Security (HotSec '06), will be held in
conjunction with the main conference. More details will be
announced soon on the USENIX Web site.
For more information, please see
http://www.usenix.org/events/sec06/.
HotSec 2006
1st Workshop on Hot Topics in Security,
Vancouver, B.C., Canada, July 31, 2006.
[posted here 4/7/06]
HotSec is intended as a forum for lively discussion of aggressively
innovative and potentially disruptive ideas in all aspects of systems security.
Surprising results and thought-provoking ideas will be strongly favored;
complete papers with polished results in well-explored research areas are
discouraged. Papers will be selected for their potential to stimulate
discussion in the workshop. Position papers are expected to fit into
one of the following categories:
- Fundamentally new techniques for and approaches to dealing
with current security problems
- New major problems arising from new technologies that are
now being developed or deployed
- Truly surprising results that cause rethinking of previous approaches
While our goal is to solicit ideas that are not completely worked out,
we expect submissions to be supported by some evidence of feasibility
or preliminary quantitative results.
Possible topics of interest include but are not limited to:
- Secure operation, management, and event response of/for
ultra-large-scale systems
- Designing secure large-scale systems and networks
- Self-organizing and self-protecting systems
- Security assurance for non-expert users
- Balancing security and privacy/anonymity
- Interactions between security technology and public policy
For more information, please see
http://www.usenix.org/events/hotsec06/cfp/.
CEAS 2006
3rd Conference on Email and Anti-Spam,
Mountain View, CA, USA, July 27-28, 2006.
[posted here 12/16/05]
The Conference on Email and Anti-Spam (CEAS) invites short and
long paper submissions on research results pertaining to a broad range
of issues in email and Internet communication. Submissions may address
issues relating to any form of electronic messaging, including
traditional email, instant messaging, mobile telephone text messaging,
and voice over IP. Issues of interest include the analysis and
abatement of abuses (such as spam, phishing, identity theft, and
privacy invasion) as well as enhancements to and novel
applications of electronic messaging.
For more information, please see
http://www.ceas.cc/2006/cfp.html.
IFMIP 2006
5th International Forum on Multimedia and Image Processing,
Special Sessions on Information Security and Hardware Implementations,
Budapest, Hungary, July 25-28, 2006. [posted here 9/7/05]
This special session is within the Multimedia and Image Processing
Track (5th International Forum on Multimedia and Image Processing, IFMIP 2006).
The IFMIP is going to take place in the World Automation Congress.
The scope of this special session is on all views of communication security,
and cryptography implementations. The call is addressed to scientists and engineers,
who design, develop, and implement information security and cryptography subsystems.
We encourage scientists and engineers from both academic and industrial
environments to submit their works in order to enhance the knowledge,
expertise, and experience of the whole community in information security,
cryptography and hardware implementations. The subject areas include,
but are not limited to, the following:
- Security for mobile devices and 3G applications
- Reconfigurable processors in cryptography
- Smart cards security
- Computer architectures for public-key and secret-key cryptosystems
- Crypto-Processors for wireless networks
- Cryptography for pervasive computing (e.g., RFID, Bluetooth, etc.)
- True and pseudo random number generators
- Identification and authentication
- New encryption algorithms
- Cryptography and cryptanalysis
- Case studies, surveys
- Architectural optimizations of security schemes and ciphers for wireless communications
- Modular and Galois field arithmetic architectures for security applications
For more information, please see
http://wacong.org.
CEC 2006
IEEE CEC 2006 Special Session on Evolutionary Computation in
Cryptology and Computer Security, Vancouver, BC, Canada, July 16-21, 2006.
[posted here 10/10/05]
Techniques taken from the field of Evolutionary Computation
(especially Genetic Algorithms, Genetic Programming, Artificial
Immune Systems, but also others) are steadily gaining ground in
the area of cryptology and computer security.
The special session encourages the submission of novel research
at all levels of abstraction (from the design of cryptographic
primitives through to the analysis of security aspects of
"systems of systems").
For more information, please see
http://kolmogorov.seg.inf.uc3m.es/.
DIMVA 2006
3rd GI SIG SIDAR Conference on Detection of Intrusions & Malware,
and Vulnerability Assessment, Berlin, Germany, July 13-14, 2006.
[posted here 10/10/05]
The special interest group Security - Intrusion Detection and Response
(SIDAR) of the German Informatics Society (GI) organizes DIMVA as an annual
conference that brings together experts from throughout and outside of
Europe to discuss the state of the art in the areas of intrusion detection,
malware detection, and vulnerability assessment.
The scope of DIMVA is broad and includes, but is not restricted to the
following areas:
Vulnerability Assessment:
- Vulnerabilities and exploitation techniques
- Vulnerability detection
- Avoidance of vulnerabilities and software testing
- Reverse engineering
- ROI on vulnerability assessment and management
Intrusion Detection:
- Intrusion techniques
- Intrusion detection and event correlation
- Intrusion response and intrusion prevention
- Benchmarking of intrusion detection and prevention systems
- Incident management and response
Malware:
- Malware techniques
- Malware detection
- Malware prevention
- Benchmarking of malware detection and prevention systems
- Computer and network forensics
For more information, please see
http://www.dimva.org/dimva2006.
RFIDSec 2006
Workshop on RFID Security,
Graz, Austria, July 12-14, 2006.
[posted here 2/13/06]
The Workshop on RFID Security 2006 focuses on approaches to solve security
issues in advanced contactless technologies like RFID systems. It stresses
implementation aspects imposed by resource constraints.
Topics of the workshop include but are not limited to:
- New applications for secure RFID systems
- Privacy-enhancing techniques for RFID
- Cryptographic protocols for RFID (Authentication, Key update, Scalability issues)
- Integration of secure RFID systems (Middleware and security, Public-key Infrastructures)
- Resource-efficient implementation of cryptography (Small-footprint hardware,
Low-power architectures)
For more information, please see
http://events.iaik.tugraz.at/RFIDSec06/CfP/index.htm.
SOUPS 2006
Symposium On Usable Privacy and Security,
Pittsburgh, PA, USA, July 12-14, 2006.
[posted here 1/22/06]
The 2006 Symposium on Usable Privacy and Security (SOUPS) will
bring together an interdisciplinary group of researchers and
practitioners in human computer interaction, security, and privacy.
The program will feature technical papers, a poster session,
panels and invited talks, discussion sessions, and in-depth
sessions (workshops and tutorials).
Topics include, but are not limited to:
- innovative security or privacy functionality and design,
- new applications of existing models or technology,
- field studies of security or privacy technology,
- usability evaluations of security or privacy features or security
testing of usability features, and
- lessons learned from deploying and using usable privacy and security features.
For more information, please see
http://cups.cs.cmu.edu/SOUPS/.
IHW 2006
8th Information Hiding Workshop, Alexandria, VA, USA, July 10-12, 2006.
[posted here 11/26/05]
For many years Information Hiding has captured the imagination of
researchers. Tools such as digital watermarking and steganography
are used to protect information, conceal secrets, and protecting
intellectual property. From an investigators perspective, information
hiding provides an interesting challenge for digital forensic investigations
and steganalysis techniques allows hidden information to be discovered.
These are but a small number of related topics and issues.
Current research themes include:
- anonymous communications
- covert channels in computer systems
- detection of hidden information (steganalysis)
- digital forensics
- information hiding aspects of privacy
- steganography
- subliminal channels in cryptographic protocols
- watermarking for protection of intellectual property
- other applications of watermarking
For more information, please see
http://ih2006.jjtc.com/.
FCC 2006
Workshop on Formal and Computational Cryptography,
Venice, Italy, July 9, 2006.
[posted here 2/3/06]
Cryptographic protocols are small distributed programs that add
security services, like confidentiality or authentication, to
network communication. Since the 1980s, two approaches have been
developed for analyzing security protocols. One of the approaches
relies on a computational model that considers issues of complexity
and probability. The other approach relies on a symbolic model of
protocol executions in which cryptographic primitives are black
boxes.
The workshop focuses on the relation between the symbolic (Dolev-Yao)
model and the computational (complexity-theoretic) model. Recent
results have shown that in some cases the symbolic analysis is sound
with respect to the computational model. A more direct approach which
is also investigated considers symbolic proofs in the computational model.
Research that proposes formal models sound for quantum security protocols
are also relevant. The workshop seeks results in any of these areas.
For more information, please see
http://www.lsv.ens-cachan.fr/FCC2006/.
CSFW 2006
19th IEEE Computer Security Foundations Workshop, Venice, Italy, July 5-7, 2006.
[posted here 12/7/05]
For nearly two decades, CSFW has brought together a small
group of researchers to examine foundational issues in information
security. Many seminal papers and techniques were first presented
at CSFW. We are interested in new theoretical results in computer
security, but also in more exploratory presentations. Exploratory work
may examine open questions and raise fundamental concerns about existing
theories. Panel proposals are welcome as well as papers. Possible topics
include, but are not limited to:
- Authentication
- Information flow
- Security protocols
- Anonymity and Privacy
- Electronic voting
- Network security
- Resource usage control
- Access control
- Trust and trust management
- Security models
- Intrusion detection
- Data and system integrity
- Database security
- Distributed systems security
- Security for mobile computing
- Executable content
- Decidability and complexity
- Formal methods for security
- Language-based security
For more information, please see
http://www.dsi.unive.it/CSFW19/.
ACISP 2006
11th Australasian Conference on Information Security and Privacy,
Melbourne, Australia, July 3 - 5, 2006.
[posted here 1/9/06]
Original papers pertaining to all aspects of information
security and privacy are solicited for submission to the
11th Australasian Conference on Information Security and
Privacy (ACISP 2006). Papers may present theory, techniques,
applications and practical experiences on a variety of topics.
Topics of interest include, but are not limited to:
- Cryptology
- Mobile communications security
- Database security
- Authentication and authorization
- Secure operating systems
- Intrusion detection
- Access control
- Security management
- Security protocols
- Network security
- Secure commercial applications
- Privacy Technologies
- Smart cards
- Key management and auditing
- Mobile agent security
- Risk assessment
- Secure electronic commerce
- Privacy and policy issues
- Copyright protection
- Security architectures and models
- Evaluation and certification
- Software protection and viruses
- Computer forensics
- Distributed system security
- Phishing attacks and countermeasures
For more information, please see
http://acisp2006.it.deakin.edu.au/.
PET 2006
6th Workshop on Privacy Enhancing Technologies,
Robinson College, Cambridge, United Kingdom,
June 28-30, 2006.
[posted here 10/10/05]
Privacy and anonymity are increasingly important in the online
world. Corporations, governments, and other organizations are
realizing and exploiting their power to track users and their
behavior. Approaches to protecting individuals, groups, but also
companies and governments from profiling and censorship include
decentralization, encryption, distributed trust, and automated
policy disclosure. This 6th workshop addresses the design and
realization of such privacy services for the Internet and other
communication networks by bringing together anonymity and privacy
experts from around the world to discuss recent advances and
new perspectives. Suggested topics include but are not restricted to:
- Anonymous communications and publishing systems
- Censorship resistance
- Pseudonyms, identity management, linkability, and reputation
- Data protection technologies
- Location privacy
- Privacy in Ubiquitous Computing Environments
- Policy, law, and human rights relating to privacy
- Privacy and anonymity in peer-to-peer architectures
- Economics of privacy
- Fielded systems and techniques for enhancing privacy in existing systems
- Protocols that preserve anonymity/privacy
- Privacy-enhanced access control or authentication/certification
- Privacy threat models
- Models for anonymity and unobservability
- Attacks on anonymity systems
- Traffic analysis
- Profiling and data mining
- Privacy vulnerabilities and their impact on phishing and identity theft
- Deployment models for privacy infrastructures
- Novel relations of payment mechanisms and anonymity
- Usability issues and user interfaces for PETs
- Reliability, robustness and abuse prevention in privacy systems
For more information, please see
http://petworkshop.org/2006/.
WEIS 2006
5th Workshop on the Economics of Information Security,
University of Cambridge, England, June 26-28, 2006.
[posted here 10/10/05]
One of the most exciting and rapidly-growing fields at the
boundary between technology and the social sciences is the economics of
information security. Many security and privacy failures are not purely
technical: for example, the person best placed to protect a system may
be poorly motivated if the costs of system failure fall on others.
Many pressing problems, such as spam, are unlikely to be solved by
purely technical means, as they have economic and policy aspects too.
Building dependable systems also raises questions such as open versus
closed systems, the pricing of vulnerabilities and the frequency of
patching. The `economics of bugs' are of growing importance to
both vendors and users. Original research papers are sought for
the Fifth Workshop on the Economics of Information Security.
Topics of interest include the dependability of open source
and free software, the interaction of networks with crime
and conflict, the economics of digital rights
management and trusted computing, liability and
insurance, reputation, privacy, risk perception, the
economics of trust, the return on security
investment, and economic perspectives on spam.
For more information, please see
http://www.cl.cam.ac.uk/~twm29/WEIS06/.
TSPUC 2006
2nd International Workshop on Trust, Security and Privacy for
Ubiquitous Computing, Buffalo, NY, USA, June 26, 2006.
[posted here 11/11/05]
This workshop aims at focussing the attention of the research
community on the increasing complexity and relevance of trust,
privacy and security issues in ubiquitous computing.
Papers may present theory, applications or practical experiences
on topics including, but not limited to:
- key establishment and key distribution
- access control models, policies and mechanisms
- trust and reputation management
- privacy and identity management
- digital assets management
- context/location aware computation
- self-organizing networks and communities
- intrusion and anomaly detection
- secure user-device interfaces
- distributed consensus in the presence of active adversaries
- analysis/simulation/validation techniques
- handling emergent properties
- phishing - attacks and countermeasures
- case studies
For more information, please see
http://www.iit.cnr.it/TSPUC2006/.
EuroPKI 2006
3rd European PKI workshop: theory and practice, Torino, Italy, June 19-20, 2006.
[posted here 2/3/06]
The 3rd European PKI workshop: theory and practice is focusing on
research and applications on all aspects of public-key certificates
and Public Key Infrastructures. Submitted papers may present theory,
applications or practical experiences on topics including, but not
limited to:
- Modelling and Architecture
- Bridge CA
- Cross Certification
- Directories
- Mobile PKI
- Authentication
- Reliability in PKI
- Certificate Policy
- Privacy
- Fault-Tolerance in PKI
- Privilege Management and PMI
- PKI Performance Evaluation
- eCommerce, eBusiness, eGovernment applications
- Key Management and Recovery
- Certificate Status Information
- Interoperability
- Repository Protocols
- Timestamping
- Verification
- Standards
- Certification Practice Statements
- Legal issues, Policies & Regulations
- Case Studies
- Trust
For more information, please see
http://taurus.polito.it/europki2006/.
PLAS 2006
ACM SIGPLAN Workshop on Programming Languages and Analysis for Security,
Ottawa, Canada, June 10, 2006.
[posted here 1/9/06]
The goal of PLAS 2006 is to provide a forum for researchers
and practitioners to exchange and understand ideas and to seed
new collaboration on the use of programming language and
program analysis techniques that improve the security of
software systems. The scope of PLAS includes, but is not
limited to:
- Language-based techniques for security
- Program analysis and verification (including type systems
and model checking) for security properties
- Compiler-based and program rewriting security
enforcement mechanisms
- Security policies for information flow and access control
- High-level specification languages for security properties
- Model-driven approaches to security
- Applications, examples, and implementations of these
security techniques
For more information, please see
http://www.cis.upenn.edu/~stevez/plas06.html.
VSRW 2006
Voting System Ratings Workshop,
Washington DC, USA, June 8-9, 2006.
[posted here 4/7/06]
This workshop, co-sponsored by NIST and NSF, and located at
George Washington University, will be a follow-up of the
highly successful one on Threats to Voting Systems, organized
by NIST in October 2005.
Numerous election procedures and supporting technologies have
been used over the centuries, yet no formal methodology for examining
these exists. This absence is particularly conspicuous today, and
the discovery of several security vulnerabilities in commercially
available voting systems has led to confusion about the merits of voting
systems. A rigorous objective rating framework for comparing and
evaluating systems, based on their performance with respect to desirable
properties, would expose a rich field of theoretical and practical
challenges, and go a long way towards restoring faith in voting technology.
This workshop will take the first steps towards an objective rating
framework. The Technical Committee calls for submissions
that focus on one of:
- Voting System Straw Models: Straw models of one of the following
types of voting systems: (a) those with Voter Verifiable Paper Audit
Trails (VVPAT), (b) those using optical scan, (c) those using modular
architectures ("frogs"), where vote generation is separate from
vote casting, and (d) those based on cryptography.
- Privacy Threats and Reliability Vulnerabilities
- Ratings: Measures of system performance (preferably derived from
rigorous definitions) with respect to one or more of the following
desirable properties: integrity, privacy and reliability.
For more information, please see
http://vote.cs.gwu.edu/vsrw2006/.
MOSIDS 2006
Workshop on Management of Security in Dynamic Systems,
Held in conjunction with the International Conference on
Emerging Trends in Information and Communication Security (ETRICS’06),
Freiburg, Germany, June 6-9, 2006.
(Submissions due 15 April 2006) [posted here 3/13/06]
This workshop focuses primarily on modern, outstanding approaches to
provide security guarantees in dynamic systems, as well as practical
experiences on deploying secure ubiquitous computing applications.
Thematically, this workshop focuses on, but is not restricted to:
- Scenarios and applications for dynamic systems
- Security architectures and mechanisms for dynamic systems
- Policy languages for changing requirements
- Mapping changing requirements into IT
- Service engineering for secure dynamic systems
- Dependability in spite of change
For more information, please see
http://www.etrics.org/workshop_mosids.php.
ACNS 2006
4th International Conference on Applied Cryptography and Network Security ,
Singapore, June 6-9, 2006.
[posted here 7/20/05]
Original papers on all technical aspects of cryptology and network
security are solicited for submission to ACNS'06, the 4th annual conference
on Applied Cryptography and Network Security. There are two tracks for ACNS:
an academic track and an industrial track. The latter has an emphasis on
practical applications. The PC will consider moving submissions between
tracks if the PC feels that a submission is more appropriate for that track
(with author permission). Topics of relevance include but are not
limited to:
- Applied cryptography, cryptographic constructions
- Cryptographic applications: payments, fair exchange, time-stamping, auction, voting, polling
- Denial of service: attacks and countermeasures
- Email security, spam prevention
- Fundamental services on network and distributed systems: authentication,
data integrity, confidentiality, authorization, non-repudiation, and availability
- Implementation, deployment and management of network security policies
- Integrating security in Internet protocols: routing, naming, TCP/IP, multicast, network management
- Integrating security services with system and application security facilities and
protocols: message handling, file transport/access, directories, time synchronization,
database management, boot services, mobile computing
- Intellectual property protection: protocols, implementations, metering,
watermarking, digital rights management
- Intrusion avoidance, detection, and response: systems, experiences and architectures
- Network perimeter controls: firewalls, packet filters, application gateways
- Public key infrastructure, key management, certification, and revocation
- Securing critical infrastructure: routing protocols, and emergency communication
- Security and privacy for emerging technologies: sensor networks, wireless/mobile
(and ad hoc) networks, bluetooth, 802.11, and peer-to-peer systems
- Security of limited devices: light-weight cryptography, efficient protocols and implementations
- Security modeling and protocol design in the context of rational and malicious adversaries
- Usable security and deployment incentives for security technology
- Virtual private networks
- Web security and supporting systems security, such as databases, operating systems, etc.
For more information, please see
http://acns2006.i2r.a-star.edu.sg/.
ETRICS 2006
International Conference on Emerging Trends in Information and
Communication Security, FREIBURG, GERMANY, June 6-9, 2006.
[posted here 10/24/05]
Protecting information and communication systems and services from
malicious use is essential for their deployment and acceptance.
In addition to applying techniques from traditional security research
and security engineering, it is necessary to take into account the
vulnerabilities originating from increased mobility at application level
and the integration of security requirements into business processes.
ETRICS solicits research contributions focusing on emerging trends in
security and privacy. Submissions may present foundational research in
security and privacy, report experiences from novel applications of
security technologies, as well as discuss their changing impact on
society and economy. Topics of interest include but are not limited to:
- Access control and secure audit
- Analysis of security protocols
- Anonymity services
- Cryptographic primitives
- Electronic payment systems
- Enforcement of security policies
- Language-based security
- Privacy and identity management
- Secure mobile code
- Secure operating systems
- Security requirements engineering
- Security verification
- Vulnerability and threat analysis
For more information, please see
http://www.etrics.org/.
POLICY 2006
7th IEEE International Workshop on Policies for Distributed Systems and Networks,
London, Ontario, Canada, June 5-7, 2006.
[posted here 11/17/05]
The policy workshop aims to bring together researchers and
practitioners working on policy-based systems across a wide range
of application areas including policy-based networking, security
management, storage area networking, and enterprise systems.
Policy 2006 is the 7th in a series of successful workshops that
since 1999 have provided a forum for discussion and collaboration
between researchers, developers and users of policy-based systems.
This year, in addition to the latest research results from the
communities working in the areas mentioned above, we encourage
contributions on policy-based techniques in support of: On-demand
computing/Utility Computing, SLA/Contract based Management, Virtualization
and Policy-based collaboration.
Topics of interest include, but are not limited to:
Policy Definition and Models:
- Abstractions and languages for policy specification processes
- Methodologies, and tools for discovering, specifying, reasoning
about, and refining policy
- Extensions and refinements of policy standards
- Relationships between policies, e.g. hierarchies
- Analyzing policies
- Mapping from policies to management services
Policy Applications:
- Policy models for access-control, resource allocation, systems
management, QoS adaptation, intrusion detection and privacy
- Policy based networking, including active networks, mobile
systems and e-commerce
- Business rules and organizational modeling
- Trust models and trust management policies
- Policies for pervasive computing
- Case studies of applying policy-based technologies
- Policy-based autonomic computing
- Policy-based utility computing
- SLA/contract based Management
- Policy based collaboration
For more information, please see
http://www.csd.uwo.ca/Policy2006.
SUTC 2006
IEEE International Conference on Sensor Networks, Ubiquitous, and Trustworthy Computing,
Taichung, Taiwan, June 5-7, 2006. [posted here 11/5/05]
The IEEE International Conference on Sensor Networks, Ubiquitous, and
Trustworthy Computing (SUTC2006) is an international forum for researchers
to exchange information regarding advancements in the state of the art and
practice of sensor networks, ubiquitous and trustworthy computing, as well
as to identify the emerging research topics and define the future of sensor
networks, ubiquitous and trustworthy computing. The technical program of
SUTC2006 will consist of invited talks, paper presentations, and
panel discussions. Submissions of high quality papers describing mature
results or on-going work are invited. Topics for submission
include but are not limited to:
- Sensor network architecture and protocols
- Operating systems
- Routing protocols
- Data storage
- Ubiquitous computing and Ad Hoc networking
- Ubiquitous intelligence and smart spaces
- Embedded chips, sensor, and actuator
- Self-adaptive and self-healing systems
- Topology construction and coverage maintenance
- Energy and mobility management
- Context and location aware applications
- Data gathering, fusion, and dissemination
- Distributed coordination algorithms
- Complexity analysis of algorithms
- QoS, security, privacy, reliability, and social issues
- Trust establishment, negotiation, and management
- Authentication and access control
- Intrusion detection and tolerance
- Design and programming methodologies for wireless systems
- Formal methods for analysis of wireless systems
- Performance evaluation and modeling of mobile and wireless networks
- Simulation languages and systems for wireless systems
- Testing and debugging techniques for wireless systems
- Personel Area Networks
- Database management systems and mobile computing
- User interface technologies
- Applications of wireless sensor networks
For more information, please see
http://sutc2006.asia.edu.tw/.
USENIX 2006
USENIX Annual Technical Conference, Boston, MA, USA, May 30-June 3, 2006.
[posted here 9/13/05]
The 2005 USENIX Annual Technical Conference General Session Program Committee
seeks original and innovative papers that further the knowledge
and understanding of modern computing systems,
with an emphasis on practical implementations and
experimental results. We encourage papers that break
new ground or present insightful results based on experience
with computer systems. The USENIX conference has a broad scope,
and we encourage papers in a wide range of topics in systems, including:
- Architectural interaction
- Benchmarking
- Deployment experience
- Distributed and parallel systems
- Embedded systems
- Energy/power management
- File and storage systems
- Networking and network services
- Operating systems
- Reliability, availability, and scalability
- Security, privacy, and trust
- Self-managing systems
- Usage studies and workload characterization
- Virtualization
- Web technology
- Wireless and mobile systems
For more information, please see
http://www.usenix.org/events/usenix06/index.html.
I-NetSec 2006
4th Working Conference on Privacy and Anonymity in Networked and Distributed Systems,
Held in conjunction with the 21st IFIP TC-11 International Information Security Conference,
Karlstad, Sweden, May 22-24, 2006.
[posted here 9/6/05]
Privacy and anonymity are increasingly important aspects in electronic
services. The workshop will focus on these aspects in advanced
distributed applications, such as m-commerce, agent-based systems,
P2P, ... Suggested topics include, but are not restricted to:
- Models for threats to privacy and/or anonymity
- Models and measures for privacy and/or anonymity
- Secure protocols that preserve privacy and/or anonymity
- Anonymous and/or privacy-preserving credential systems
- Privacy, anonymity and peer-to-peer systems
- Privacy, anonymity and mobile agents
- Privacy, anonymity in payment systems
- Privacy, anonymity in pervasive computing applications
- Anonymous communication systems
- Legal issues of anonymity
- Techniques for enhancing privacy in existing systems
For more information, please see
http://www.sec2006.org/index.php?INETWS=true.
SEC 2006
21st IFIP TC-11 International Information Security Conference,
Karlstad, Sweden, May 22-24, 2006.
[posted here 7/12/05]
The IT environment now includes novel, dynamic approaches such as: mobility,
wearability, ubiquity, ad hoc use, mind/body orientation, and business/market
orientation. This modern environment challenges the whole information security
research community to focus on interdisciplinary and holistic disciplines
whilst retaining the benefit of previous research efforts. Papers offering
research contributions focusing on dynamic environments in addition to
other aspects of computer security and privacy are solicited for
submission to the 21st IFIP International Information Security Conference.
Papers may present theory, applications or practical experiences on
security and privacy topics including, but not limited to:
- Mobile or Ubiquitous technologies
- Wireless or Ad-hoc systems
- Changing organizational environments
- Implications for virtual organizations
- Crossing organizational/national boundaries
- Process orientation
- New business models
- Offshoring/Nearshoring and outsourcing
- New markets
- Marketing and awareness
- Biometrics
- E-applications
- DRM & content security
- Applications of cryptography
- Authentication, Authorization, and Access Control
- Data Protection
- Multilateral security
- Identity management
- Privacy and Privacy Enhancing Technologies (PETs)
- Computer forensics
- Internet and web security
- Information hiding
- Sensor networks
- Intrusion detection
- Attacks and malware
- Systems development
- Architectures
- Security management
- Verification, Assurance, Metrics, and Measurements
- Data and system integrity
- Information warfare and Critical infrastructure protection
- Risk analysis and risk management
- Law and ethics
- Education
For more information, please see
http://www.sec2006.org/.
Oakland 2006
The 2006 IEEE Symposium on Security and Privacy, The Claremont
Resort, Berkeley/Oakland, California, USA, May 21-24, 2006.
[posted here 9/12/05]
Since 1980, the IEEE Symposium on Security and Privacy has been
the premier forum for the presentation of developments in computer
security and electronic privacy, and for bringing together
researchers and practitioners in the field. Previously unpublished
papers offering novel research contributions in any aspect of
computer security or electronic privacy are solicited for submission
to the 2005 symposium. Papers may represent advances in the theory,
design, implementation, analysis, or empirical evaluation of secure
systems, either for general use or for specific application domains.
Topics of interest include, but are not limited to, the following:
- Access Control and Audit
- Anonymity and Pseudonymity
- Authentication, including Phishing
- Automated and Large-Scale Attacks
- Biometrics
- Commercial and Industrial Security
- Data Integrity
- Database Security
- Denial of Service
- Distributed Systems Security
- Electronic Privacy
- Information Flow
- Intrusion Detection
- Language-Based Security
- Malicious Code
- Mobile Code and Agent Security
- Network Security
- Peer-to-Peer Security
- Secure Hardware and Smartcards
- Security Protocols
- Security Verification
- Security of Mobile Ad-Hoc Networks
The full call for papers can be found at
http://www.ieee-security.org/TC/SP2006/oakland06-cfp.html.
WSSS 2006
IEEE Workshop on Web Services Security,
Held in conjunction with the 2006 IEEE Symposium on Security and Privacy,
Berkeley, California, USA, May 21, 2006.
[posted here 3/13/06]
The advance of Web Services technologies promises to have far reaching
effects on the Internet and enterprise networks. Web services based on
eXtensible Markup Language (XML), Simple Object Access Protocol (SOAP)
and related open standards in the area of Service Oriented Architectures
(SOA) allow data and applications to interact without human intervention
through dynamic and adhoc connections. However, the security challenges
presented by the Web Services approach are formidable. Many of the features
that make Web Services attractive are at odds with traditional security
models and controls. This workshop will explore the challenges in the
area of Web Services Security ranging from security issues in XML, SOAP
and UDDI to higher level issues such as advanced metadata, general
security policies and service assurance.
Topics of interest include, but are not limited to the following:
- Web services and GRID computing security
- Authentication and authorization
- Integrity and transaction management for Web Services
- Use of Web Services in Trusted Computing Platform
- Semantic aware Web Services security
- Privacy and digital identity
- Trust negotiation for Web Services
- Secure web service composition and workflows
For more information, please see
http://www.ieee-security.org/Calendar/cfps/cfp-WSSS.html.
Cluster-Sec 2006
2nd International Workshop on Cluster Security,
Held in conjunction with the Sixth IEEE/ACM International Symposium on
Cluster Computing and the Grid (CCGrid),
Singapore, May 16-19, 2006. [posted here 10/24/05]
After successful Internet attacks on HPC centers worldwide, there
has been a paradigm shift in cluster security strategies. Clusters
are no longer thought of as just a collection of individual computers
but rather as an integrated single unit in which any breach may
result in a "class break" compromise of the entire cluster. Furthermore,
it has also been shown that clusters communicating via grids create
dependent risks between clusters such that any cluster compromise may
cascade to effect an entire grid.
This workshop focuses on stimulating new ideas in order to reshape
cluster protection strategies. Papers with demonstrated
results will be given priority. A list of potential topics
includes but is not limited to the following:
- secure on-demand computing (single machine)
- secure multi-cluster computing (a single job spread across clusters)
- cluster security as an emergent property
- analysis of cluster attacks
- new techniques to protect clusters
- virtualization approach for secure cluster computing
- visualizing cluster security
- commercial grade cluster security
- high availability clusters
- reliability enhancement techniques for large clusters
- fault detection in clusters
- cluster rejuvenation
- cluster failover
- cluster survivability/recoverability
- cluster-specific intrusion detection
- the relationship between cluster security and grid security
- cluster security vulnerabilities
- cluster security best practices
- storage clusters
- storage security on clusters
- storage survivability on clusters
For more information, please see
http://www.ncassr.org/projects/cluster-sec/ccgrid06/.
iTrust 2006
4th International Conference on Trust Management,
Pisa, Tuscany, Italy, May 16-19, 2006.
[posted here 9/13/05]
The iTrust international Conference looks at trust from multidisciplinary
perspectives: economic, legal, psychology, philosophy, sociology,
as well as information technology.
Building upon the work of the IST iTrust working group
(http://www.itrust.uoc.gr) and the success of the three previous
iTrust International conferences, the aims of iTrust'2006 are to attract
a critical mass of experts from industry, government, and academia
with a keen interest in the area of trust management.
Full technical papers contributing to the issue of trust management
are solicited in relevant areas, including but not limited to:
- The legal notion of trust in computer science and engineering
- Requirements and methodologies to ensure that the user can reasonably
trust the functioning of software systems
- Trust management frameworks for secure collaborations in dynamic
Virtual Organisations
- Design of trust-based architectures and decision-making mechanisms
for e-community and e-service interactions
- Trust specification, analysis and reasoning
- Dynamics of trust dispositions and relations
- Realization of prototypes of software architectures and applications
- Trust elements in contract negotiation, execution monitoring,
re-negotiation and arbitration
- Legal contribution to trust in technological infrastructures and
interactions: the on-line identification of subjects, the evaluation
of their reliability, data protection, security, privacy and,
confidentiality, commercial transactions, the resolution of disputes,
software agents, and management of access to source code
- Trust in interaction and cooperation mediated through computer
and network, and the balance of control and intervention
- Research in on-line trust, the trust of the consumer towards the
web sites of distribution companies
- Analysis of the relationship between trust and such notions as
Confidence, distrust, diffidence, expectation, risk, and reliance
For more information, please see
http://www.iit.cnr.it/iTrust2006/.
PSACE 2006
1st International Workshop on Privacy and Security in Agent-based Collaborative Environments,
Held in conjunction with the fifth International Joint Conference on
Autonomous Agents and Multi-Agent Systems (AAMAS 2006),
Future University-Hakodate, Japan, May 9, 2006. [posted here 2/3/06]
PSACE aims to provide a forum to discuss privacy and legal issues
raised by multi-agent systems as well as to describe research results
regarding privacy technology in distributed collaborative
environments. The main topics of interest include but are not limited to:
- Privacy and security for collaboration in distributed environments
- Privacy and security in wireless and ad hoc environments
- Privacy in location-aware and context-aware services
- Security protocols for agent-based collaboration systems
- Assessing impact of distributed collaboration on privacy
- Effect of environment on collaborative strategies
- Effect of negotiation strategies on privacy
- Confidentiality and privacy in critical applications
(healthcare application, business-to-business, etc.)
- Applications of privacy in distributed collaborative environments
- Individual privacy retention during collaboration and individual privacy
among agent societies and institutions
- Infrastructural support for privacy in distributed collaborative
environments: architectures, mechanisms, models/frameworks and implementation
- Privacy issues for agent societies and institutions considered as a group
- Impact of security on the openness and usability of the agent architecture
- Privacy and other socio-legal aspects of collaborative MAS
- Integration of security and privacy mechanisms across multiple agent platforms
- Multi-agent systems and rights management systems for tracking
of intellectual property and workflow
- Privacy in pervasive computing
- Privacy and provenance and dissemination
- Privacy in relation to varying degrees of trust and reliability
- Operational schemes and workflows for managing rights and intellectual property
- Agent coalition and privacy preserving
- Privacy preserving distributed data mining
For more information, please see
http://secml.otago.ac.nz/privacy2006/.
ACIS 2006
Applied Cryptography and Information Security Workshop,
Held in conjunction with International Conference on
Computational Science and its Applications (ICCSA 2006)
Glasgow, UK, May 8-11, 2006.
[posted here 11/11/05]
Applied Cryptography and Information Security are essential
elements in this digital era. Commerce activities, business
transactions and government services have been, and more and more
of them will be, conducted and offered over open computer and communication
networks such as Internet. The role of applied cryptography and
information security thus becomes more and more important in computer
science. Academic research in these two areas often draws the interest
from various industries since it carries over the confidence found
in the physical world to the electronic world. ACIS '06 provides a
platform for researchers, scholars and practitioners to exchange new
ideas for solving various open problems in this area.
Topics of relevance include but are not limited to the following areas:
- Accountability and audit trail
- Anonymity and pseudonymity
- Authentication and access control
- Data confidentiality and integrity
- Delegation of authority
- Identity-based cryptography
- Pairing-based cryptography
- PKI and its alternatives
- Block ciphers
- Cryptographic primitives
- Hash functions and MAC
- Secure model and protocol
- Digital signature
- Key exchange protocol
- Public key encryption
- Time stamping
- Exposure-resilient cryptography
- Privacy-enhancing technology
- Provable security
- Applications security and malicious codes
- Computer forensics and cybercrime
- Electronic commerce and democracy
For more information, please see
http://www.acis06.org/.
SAC-TRECK 2005
21st ACM Symposium on Applied Computing:
Trust, Recommendations, Evidence and other Collaboration Know-how Track(TRECK),
Dijon, France, April 23-27, 2006. [posted here 5/23/05]
Computational models of trust and mechanisms based on the human notion
of trust have been gaining momentum. One reason for this is that
traditional security mechanisms are challenged by open, large scale and
decentralised environments. The use of an explicit trust management
component goes beyond security though. The goal of the ACM SAC 2006 TRECK
track remains to review the set of applications that benefit from the use
of computational trust.
Computational trust has been used in reputation systems, risk
management, collaborative filtering, social/business networking
services, dynamic coalitions and virtual organisations. The TRECK track
covers all computational trust applications, especially those used in
the real world. The topics of interest include, but are not limited to:
- Recommender and reputation systems
- Trust-enhanced collaborative applications
- Tangible guarantees given by formal models of trust and risk
- Trust metrics assessment and threat analysis
- Pervasive computational trust and use of context-aware features
- Trade-off between privacy and trust
- Trust/risk-based security frameworks
- Automated collaboration and trust negotiation
- Trust in peer-to-peer systems
- Technical trust evaluation, especially at the identity level
- Impacts of social networks on computational trust
- Evidence gathering and management
- Real-world applications, running prototypes and advanced simulations
- Applicability in large-scale, open and decentralised environments
- Legal and economic aspects related to the use of trust engines
- User-studies and user interfaces of computational trust applications
For more information, please see
http://www.trustcomp.org/treck/.
PEP 2006
Workshop on Privacy-Enhanced Personalization,
Held in conjunction with the International Conference for Human-Computer Interaction (CHI 2006),
Montréal, Canada, April 22-23, 2006.
[posted here 11/30/05]
Personalizing people's interaction with computer systems entails
gathering considerable amounts of data about them. As numerous recent
surveys have consistently demonstrated, computer users are very
concerned about their privacy. Moreover, the collection of personal
data is also subject to legal regulations in many countries and states.
Both user concerns and privacy regulations impact frequently-used
personalization methods. This workshop will explore the potential
of research on "privacy-enhanced personalization," which aims at
reconciling the goals and methods of user modeling and personalization
with privacy constraints imposed by individual preferences,
conventions and laws. The workshop will look at the following
questions:
- How much personal data do individual personalization methods really need?
Can we find out in advance or in hindsight what types of data contribute
to reasonably successful personalization in a specific application domain,
and restrict data collection to these types of data?
- What are motivators for people to disclose personal information, and
what motivators are present in what kinds of personalization? How can
the presence of such motivating factors be conveyed to users?
- If discrepancies between users' stated privacy attitudes and observed
privacy behavior are rampant, what methods should be chosen under what
circumstances to conduct empirical research on privacy?
- If privacy decisions are impaired by limited information and bounded
rationality, how can we help people make better choices?
- In this context, what is the status of "privacy preferences"?
- How much can we benefit from anonymity or pseudonymity infrastructures
and trusted third parties, and are there limits that should be observed?
- Are distributed user models an answer or a problem from a privacy perspective?
- Does personalization in mobile and ubiquitous computing contexts pose
additional challenges? How can they be overcome?
- Is client-side personalization a possible answer to privacy concerns
and legal restrictions? What technical, legal and business obstacles
will have to be overcome?
- What should an ideal legal framework look like from the
perspective of privacy-enhanced personalization?
For more information, please see
http://www.isr.uci.edu/pep06.
DeSeGov 2006
Workshop on Dependability and Security in e-Government,
Held in conjunction with the 1st International Conference on Availability,
Reliability and Security (ARES 2006), Vienna, Austria, April 20-22, 2006.
[posted here 1/9/06]
The aim of this workshop is to foster a forum for discussing
and presenting recent research results on dependability and
security in e-Government applications. Scientific rigor and
discussions of state of the art of dependability and security in
e-Government are strongly encouraged. Besides, innovative
research work in progress and studies of dependability aspects
of practical e-Government projects and systems implementation
are also welcome.
Topics of interest include, although not limited to,
the following:
- Trust and security: provisions and instruments
- Online availability of public services
- Service survivability and maintainability
- Interoperability of services
- Security in e-democracy (including e-participation and e-voting)
- E-justice (administration and workflow security for legal processes)
- Secure federating information access (from different government
and third party agencies)
- Security and reliability in media integration
- Secure e-government and Identity Management
- Security and reliability of Smart Card System
- Availability and reliability of mobile services
- Data protection and data privacy (e.g. e-health and e-education)
- Intrusion detection and prevention
- Anti-spam legislation and solution
- Public-private- partnerships management
- Role-based management and usage restriction
For more information, please see
http://www.ares-conf.org/?q=DeSeGov.
ARES 2006
1st International Conference on Availability, Reliability and Security,
Held in conjunction with the IEEE 20th International Conference on Advanced
Information Networking and Applications (AINA 2006),
Vienna, Austria, April 20-22, 2006. [posted here 9/26/05]
ARES 2006 aims at a full and detailed discussion of the research issues of
dependability as an integrative concept that covers amongst others availability, safety,
confidentiality, integrity, maintainability and security in the different fields
of applications. Topics of interest include, but are not limited to:
- Secure Enterprise Architectures
- (Process based) Security Models/Methods
- Risk planning, analysis & awareness
- Availability and Reliability
- Reliability Models
- Failure Prevention
- Dependability Assessment
- Standards, Guidelines and Certification
- Common Criteria Protocol
- Security in Distributed Systems / Distributed Databases
- Dependability in Open Source Software
- Authorization and Authentication
- Dependability Requirement Engineering
- Network Security
- Software Security
- Dependability Modelling and Prediction
- Cryptographic protocols
- Intrusion Detection and Fraud Detection
- Privacy-enhancing technologies
- Security and privacy issues for sensor networks,
wireless/mobile devices and applications
- Security and Trust Management in P2P and Grid applications
- Survivability of Computing Systems
- Interoperability aspects
- Security as Quality of Service.
- Information Flow Control
- Dependability Modelling and Prediction
- Tools for Dependable System Design and Evaluation
- Temporal Aspects of Dependability
- Dependability administration
- Dependability Measurement and Analysis
- Dependability Benchmarking
- Trust Models and Trust Management
- Fault/Bug Tolerant Aspects
- Internet Dependability
- E-Commerce Dependability
- Safety Critical Systems
- Software Engineering of Dependable Systems
- Dependability Aspects of Mobile Government (m-Government)
- Dependability Aspects of Electronic Government (e-Government)
- Effectivity of Biometrics
- Security in Electronic Voting
- Security Issues for Ubiquitous Systems
- Availability of Pervasive Computing Systems
- Dependability Aspects for Special Applications (e.g ERP-Systems, Logistics)
- Designing Business Models with security requirements
- Security for Biometrics Applications
- Security in Electronic Payments
- Incident Response and Prevention
- Mobile Resources/Services
- Mobile Security
- VOIP/wireless Security
- Web Security
- RFID Security and Privacy
- User Interfaces and Dependability
- Legal issues
- IPR of Security Technology
For more information, please see
http://www.ifs.tuwien.ac.at/ares2006/.
SPC 2006
3rd International Conference on Security in Pervasive Computing,
York, UK, April 18-21, 2006. [posted here 5/9/05]
The security of pervasive computing is a critically important area for commerce, the public
sector, academia and the individual citizen. Although pervasive computing presents exciting
enabling opportunities, the benefits will only be reaped if security aspects can be
appropriately addressed. Threats exploiting vulnerabilities of new kinds of user interfaces,
displays, operating systems, networks, and wireless communications give rise to new concerns
about loss of confidentiality, integrity, privacy, and availability. How can these risks be
reduced to an acceptable level? Original research contributions are sought in all areas
relating to the security of pervasive computing. Topic include (but are not restricted to):
- Models for access control, authentication and privacy management
- Biometric methods in pervasive computing systems
- Tradeoffs between security and other criteria (e.g. due to deployment on resource
constrained devices)
- Protocols for trust management in pervasive computing networks
- Analysis of protocols for pervasive computing
- Hardware security issues for pervasive computing
- Audit and accountability in pervasive systems
- Non-technical implications of pervasive computing
For more information, please see
http://www.cs.york.ac.uk/security/spc-2006/spc-2006-cfp.html.
SNDS 2006
2nd International Workshop on Security in Networks and Distributed Systems,
Held in conjunction with the IEEE 20th International Conference on Advanced
Information Networking and Applications (AINA 2006),
Vienna, Austria, April 18-20, 2006. [posted here 26/9/05]
Security is an important issue in the research of networks and
distributed systems, ranging from the traditional computer networks to
newly proliferated areas like sensor networks, P2P systems, and
ubiquitous computing. The security threats exploited the weakness of
protocols as well as operating systems, and also extended to attack
Internet applications such as database systems and web servers. The
attacks, including Distributed Deny of Service, Virus, Buffer Overflows
and Worms, are causing more economic damages and arouse more attentions.
To achieve a secured distributed system, the cybersecurity aspects,
namely, data confidentiality, authentication, nonrepudiation, data
integrity, privacy, access control and availability, should be fully attained.
This workshop provides a forum for academic and industry professionals
to discuss recent progress in the area of network and distributed system
security, and includes studies on security attacks that occur in
today networks, security mechanisms that are designed to detect,
prevent, or recover from a security attack and security services that
are available to enhance system security.
Topics of interest include, but are not limited to:
- Distributed digital signatures
- Distributed denial of service attacks
- Distributed intrusion detection and protection systems
- Distributed access control and firewalls
- Security in e-commerce and e-business and other applications
- Security in P2P networks and Grid computing
- Security in mobile and pervasive computing
- Security architectures in distributed and parallel systems
- Security theory and tools in distributed and parallel systems
- Ad hoc and sensor network security
- Buffer overflows
- Cryptographic algorithms
- Data privacy and trustiness
- Information hiding and multimedia watermarking in distributed systems
- Key management and authentication
- Mobile codes security
- Network security issues and protocols
- Software security
- World Wide Web Security
For more information, please see
http://www.comp.polyu.edu.hk/SNDS06/.
ISPEC 2006
Workshop on Secure Software Engineering Education & Training,
Turtle Bay, Oahu, Hawaii, April 18, 2006. [posted here 7/31/05]
Driven by awareness of the rampant Internet-wide explosion in exploitation of
software vulnerabilities, a growing market (and potentially regulatory) demand
exists for low-defect, secure software. Current commonplace software specification,
design, implementation, and testing practices provide users with software
containing numerous defects and security vulnerabilities. Industry needs
processes that effectively and efficiently incorporate rigorous techniques
for producing secure software and practitioners that are motivated, disciplined,
and proficient in their execution. These practitioners must come from both the
existing workforce and new graduates. While industry clearly plays a central
role in changing software production practices, higher education needs to step
up to the crucial role it must play if this change – critical to meeting both
commercial and national security needs – is to occur by helping create the
required workforce through initial and continuing education. This pioneering
workshop will consist of a mixture of presentations, panels and discussions,
covering a range of select topics, including – identification of workforce
skill set requirements, experiences and plans for secure software engineering
education and training, instructional and change efforts, and innovative
and proven methods in the field.
For more information, please see
http://www.jmu.edu/iiia/wsseet/.
IWIA 2006
4th IEEE International Information Assurance Workshop,
Royal Holloway, UK, April 13-14, 2006. [posted here 6/14/05]
The IEEE Task Force on Information Assurance is sponsoring a workshop
on information assurance in cooperation with the ACM SIGSAC on research and
experience in information assurance. The workshop seeks submissions from
academia, government, and industry presenting novel research, applications
and experience, and policy on all theoretical and practical aspects of IA.
Possible topics include, but are not limited to the following:
- Operating System IA & S
- Storage IA & S
- Network IA & S
- IA Standardization Approaches
- Information Sharing in Coalition Settings
- Security Models
- Survivability and Resilient Systems
- Formal Methods and Software Engineering for IA
- Proactive Approaches to IA
- CCITSE Experience and Methodology
- Intrusion Detection, Prediction, and Countermeasures
- Insider Attack Countermeasures
- Specification, Design, Development, and Deployment of IA Mechanisms
- Policy Issues in Information Assurance
For more information, please see
http://iwia.org/2006/.
ISPEC 2006
2nd Information Security Practice and Experience Conference,
Hangzhou, China, April 11-14, 2006. [posted here 7/9/05]
As applications of information security technologies become pervasive,
issues pertaining to their deployment and operation are becoming
increasingly important. ISPEC is an annual conference that brings
together researchers and practitioners to provide a confluence of new
information security technologies, their applications and their
integration with IT systems in various vertical sectors.
Authors are invited to submit full papers presenting new research
results related to information security technologies and applications.
Areas of interest include, but are not limited to:
- Applications of cryptography
- Critical infrastructure protection
- Digital rights management
- Economic incentives for deployment of information security systems
- Information security in vertical applications
- Legal and regulatory issues
- Privacy and anonymity
- Risk evaluation and security certification
- Resilience and availability
- Secure system architectures
- Security policy
- Security standards activities
- Trust model and management
- Usability aspects of information security systems
For more information, please see
http://ispec2006.i2r.a-star.edu.sg/.
WEBIST 2006
2nd International Conference on Web Information Systems and Technologies,
Setúbal, Portugal, April 10-13, 2006. [posted here 8/12/05]
The purpose of the 2nd International Conference on Web Information
Systems and Technologies (WEBIST-2006) is to bring together researchers,
engineers and practitioners interested in the technological advances
and business applications of web-based information systems. The
conference has four main track, covering different aspects of Web
Information Systems, including Internet Technology, Web Interfaces
and Applications, Society, e-Communities, e-Business and, last
but not least, e-Learning. WEBIST focuses on real world applications;
therefore authors should highlight the benefits of Web Information
Systems and Technologies for industry and services, in addition to
academic applications. Possible topics include, but are not
limited to the following:
AREA 1 - INTERNET TECHNOLOGY
- XML and data management
- Web Security and Privacy
- Intrusion Detection and Response
- Authentication and Access Control
- Grid Computing
- Web Services and Web Engineering
- System Integration
- Databases and Datawarehouses
- Wireless Applications
- Distributed and Parallel Applications
- Protocols and Standards
- Network systems, proxies and servers
AREA 2 - WEB INTERFACES AND APPLICATIONS
- Multimedia and User interfaces
- Accessibility issues and Technology
- User Modeling
- Web Personalization
- Usability and Ergonomics
- Personalized Web Sites and Services
- Portal strategies
- Searching and Browsing
- Ontology and the Semantic Web
- Metadata and Metamodeling
- Web mining
- Digital Libraries
AREA 3: SOCIETY, e-COMMUNITIES and e-BUSINESS
- e-Business and e-Commerce
- e-Payment
- B2B, B2C and C2C
- Knowledge Management
- Social Networks and Organizational Culture
- Social Information Systems
- Communities of practice
- Communities of interest
- Social & Legal Issues
- Tele-Work and Collaboration
- e-Government
AREA 4: e-LEARNING
- e-Learning standards and tools
- Web-based Education
- Web-based Teaching and Learning Technologies
- Designing Learning Activities
- Content-based and Context-based Learning
- Learning Materials Development
- Intelligent Tutoring Systems
- Virtual Learning Communities
- Case-studies and applications
- Competition and Collaboration
- Software tools for e-Learning
For more information, please see
http://www.webist.org/.
WIA 2006
Workshop on Information Assurance,
Held in conjunction with the 25th IEEE International Performance Computing and
Communications Conference (IPCCC),
Phoenix, Arizona, April 10-12, 2006.
[posted here 10/31/05]
We seek papers that address theoretical, experimental, systems-related
and work in-progress in the area of Information Assurance at the network
and system levels. We expect to have three types of sessions - the first
related to survivability and fault tolerance, the second related to
security, and the third related to the interactions between security
and survivability. Papers should describe original, previously
unpublished work, not currently under review by another conference,
workshop, or journal. Papers accepted for presentation will
be published in the IPCCC conference proceedings. The workshop will
also include invited papers. Topics of interest include, but
are not limited to:
- Authorization and access-control
- Web services security
- Database and system security
- Risk analysis and security management
- Security verification/validation
- Wireless LAN Security
- Restoration techniques for networks
- Reliability/Availability of IP networks
- Digital Rights Management
- DoS protection for the Internet
- Cryptographic protocols and Key management
- Intrusion Detection Techniques
- Ad hoc and sensor network security
- Models and architectures for systems security and survivability
- Security and survivability in optical networks
- E/M-commerce security and survivability architectures
- Public policy issues for security and survivability
For more information, please see
http://www.sis.pitt.edu/~lersais/WIA2006/.
PKI R&D Workshop 2006
5th Annual PKI R&D Workshop: Making PKI Easy to Use,
Gaithersburg, MD, USA, April 4-6, 2006. [posted here 9/7/05]
This workshop considers the full range of public key technology used
for security decisions and supporting functionalities, including
authentication, authorization, identity (syndication, federation,
and aggregation), and trust. This year, the workshop has a
particular interest in novel approaches to simplifying the use
and management of X.509 digital certificates, both within
and across enterprises. This workshop has three goals:
(1)Explore the current state of public key technology and
emerging trust mechanisms in different domains including
web services; grid technologies; encryption functionality;
authentication systems, et al., in academia, government and the private sector;
(2) Share & discuss lessons learned and scenarios from vendors
and practitioners on current deployments; (3) Provide a forum
for leading security researchers to explore the issues relevant
to the PKI space in areas of security management, identity,
trust, policy, authentication, authorization and encryption (e.g.,
supporting privacy requirements). Topics include (but are not limited to):
- Federated versus Non-Federated trust models
- Standards related to PKI and security decision systems, such as
X.509, SPKI/SDSI, PGP, XKMS, XACML, XRML, XML signatures and SAML
- Cryptographic and alternative methods for supporting security decisions,
including the characterization and encoding of data
- Intersection of assertion-based systems and PKI
- Human-Computer Interaction (HCI) advances that improve usability
of PKI for users and administrators
- Privacy protection and implications
- Use of PKI in emerging technologies (i.e., sensor networks)
- Scalability of security systems
- Security of the components of PKI systems
- Security infrastructures for constrained environments
- Improved human factor designs for security-related interfaces
including authorization and policy management, naming, use of
multiple private keys, and selective disclosure
- New paradigms in PKI architectures
- Reports of real-world experience with the use and deployment of
PKI, including the use of digital certificates with major
off-the-shelf application programs, how best to integrate
such usage into legacy systems, and future research directions.
For more information, please see
http://middleware.internet2.edu/pki06/.
WITS 2006
6th International Workshop on Issues in the Theory of Security,
Vienna, Austria, March 25-26, 2006. [posted here 10/24/05]
WITS is the official workshop organised by the IFIP WG 1.7 on
"Theoretical Foundations of Security Analysis and Design", established
to promote the investigation on the theoretical foundations of
security, discovering and promoting new areas of application of theoretical
techniques in computer security and supporting the systematic use of
formal techniques in the development of security related applications.
The members of the WG hold their annual workshop as an open event to which
all researchers working on the theory of computer security are invited.
This is the sixth meeting of the series, and is organized in cooperation
with ACM SIGPLAN and the German Computer Society (GI) working group FoMSESS.
Suggested submission topics include:
- formal definition and verification of security aspects, in
articular of new properties arising in novel applications
- new techniques for the formal analysis and design of cryptographic
protocols and their namifold applications (e.g., electronic commerce)
- information flow modelling and its application to the theory of
confidentiality policies, composition of systems, and covert channel analysis
- formal techniques for the analysis and verification of code security,
including mobile code security
- formal analysis and design for prevention of denial of service
- security in real-time/probabilistic systems
- language-based security
- formal foundations of policy languages
For more information, please see
http://www4.in.tum.de/~wits06/.
AsiaCCS 2006
ACM Symposium on Information, Computer and Communications Security,
Taipei, Taiwan, March 21-23, 2006. [posted here 7/31/05]
Papers representing original results in both theory and practice
concerning computer and communications security are solicited. Topics
of interest include, but are not limited to:
- Access control and authorization
- Applied cryptography
- Authentication, biometrics, smartcards
- Data integrity and audit
- Database security
- Digital Right Management
- Distributed systems security
- E-commerce and mobile e-commerce
- Electronic privacy, anonymity
- Formal verification and testing
- Hardware design
- High speed network
- Information flow
- Intrusion detection and survivability
- Mobile code and mobile agent security
- P2P & ad hoc networks
- RFID applications
- Security protocols
- Viruses and other malicious code
- Watermarking and data hiding
- Wireless communications
- Wireless sensor networks
For more information, please see
http://www.iis.sinica.edu.tw/asiaccs06/indexhome.html.
FSE 2006
13th annual Fast Software Encryption workshop,
Graz, Austria, March 15-17, 2006. [posted here 7/14/05]
FSE 2006 is the 13th annual Fast Software Encryption workshop, for the fifth
year sponsored by the International Association for Cryptologic Research(IACR).
Original research papers on symmetric cryptology are invited for submission
to FSE 2006. The workshop concentrates on fast and secure primitives for
symmetric cryptography, including the design and analysis of block ciphers,
stream ciphers, encryption schemes, analysis and evaluation tools,
hash functions, and message authentication codes (MACs).
For more information, please see
http://fse2006.iaik.tugraz.at/.
ISSSE 2006
IEEE International Symposium on Secure Software Engineering,
Washington DC, USA, March 13-15, 2006. [posted here 6/14/05]
Today, security problems involving computers and software are frequent, widespread,
and serious. The number and variety of attacks by persons and malicious
software from outside organizations, particularly via the Internet, are
increasing rapidly, and the amount and consequences of insider attacks
remains serious. Over 90% of security incidents reported to the CERT
Coordination Center result from defects in software requirements, design, or
code. The Symposium covers all aspects of the processes, techniques, technology,
people, and knowledgebase that have or need the capability to contribute to
producing (more) secure software including their characteristics, interrelationships,
creation, sources, transfer, introduction, use, and improvement.
Potential topics include:
- Threat modeling and analysis of vulnerabilities
- Secure architectures & design
- Formal specification, designs, policies, and proofs
- Model checking for security
- Coding practices
- Static analysis and other automated support
- Processes for producing secure software
- Testing of security in software
- Certification and accreditation
- Relationships among software correctness, reliability, safety, and security
- Market and legal forces
- Lessons learned
- Ethics and human factors
- Technology transfer
For more information, please see
http://www.jmu.edu/iiia/issse/.
TRIDENTCOM 2006
2nd International IEEE/Create-Net Conference on Testbeds and Research
Infrastructures for the Development of Networks and Communities,
Barcelona, Spain, March 1-3, 2006. [posted here 7/21/05]
Telecommunication infrastructures play a vital role in modern society. The
advancements in the range of network service offerings, their performance,
quality of service, security, and ubiquity are relentless, despite global economy
fluctuations. The demand for high bandwidth network infrastructures is continuously
growing within both academic and industrial sectors. To meet these challenges,
experimental activities on infrastructures, such as testing, verification,
deployment, are pivotal for academic researchers, developers, service managers
and providers, as well as for end users. The management of research infrastructures
is increasingly dependent on a business model that optimizes their operational
price/performance ratio. For example, access to experimental infrastructures for
real-life applications by specific user communities would benefit all the
stakeholders involved: the end users, because of the experimental evaluation of
the provided services, the researchers and infrastructure experimenters, because of
the knowledge gained from case-study analysis, and the infrastructure managers,
because of the business exploitation of the network.
Research on all aspects of testbed and research infrastructure operation and
management will find in Tridentcom its primary forum for focused discussion.
High quality papers reporting on original research and on experiment results
addressing the above areas are solicited for submission.
The main topics of the conference are:
- Next Generation Internet Testbeds
- Next Generation Wireless Network Testbeds
- Next Generation Optical Network Testbeds
- Ubiquitous Network Testbeds
- Wireless Sensor Testbeds
- Testbed Operation & Management for User Communities
- Testbed Operation & Management for Research Communities
- Testbed Cooperation & Integration
- Innovative Measurements Methodologies & Tools
- Traffic Measurements Testbeds
- Software Tools to Support Distributed Testbeds / Virtual Laboratories
- Management of Massive Databases of Experimental Data
- Knowledge & Technology Transfer Procedures
- Security (AAA) Testing on Open Testbeds
- Social Impacts of Infrastructures
- Infrastructure Real-Life Applications
- Business Models for Infrastructure Budgeting & Planning
- Infrastructure Renting & Pricing Policies
- Vendors & Providers Partnerships
For more information, please see
http://www.tridentcom.org/.
FC 2006
10th International Conference on Financial Cryptography and Data Security,
Anguilla, British West Indies, February 27 - March 2, 2006.
[posted here 8/3/05]
At its 10th year edition, Financial Cryptography and Data Security (FC'06)
is a well established and major international forum for research, advanced
development, education, exploration, and debate regarding security in the
context of finance and commerce. Original papers, surveys and presentations
on all aspects of financial and commerce security are invited. Submissions
must have a visible bearing on financial and commerce security issues,
but can be interdisciplinary in nature and need not be exclusively
concerned with cryptography or security. Possible topics for submission
to the various sessions include, but are not limited to:
- Anonymity and Privacy
- Auctions
- Audit and Auditability
- Authentication and Identification, including Biometrics
- Certification and Authorization
- Commercial Cryptographic Applications
- Commercial Transactions and Contracts
- Digital Cash and Payment Systems
- Digital Incentive and Loyalty Systems
- Digital Rights Management
- Financial Regulation and Reporting
- Fraud Detection
- Game Theoretic Approaches to Security
- Identity Theft, Physhing and Social Engineering
- Infrastructure Design
- Legal and Regulatory Issues
- Microfinance and Micropayments
- Monitoring, Management and Operations
- Reputation Systems
- RFID-Based and Contactless Payment Systems
- Risk Assessment and Management
- Secure Banking and Financial Web Services
- Securing Emerging Computational Paradigms
- Security and Risk Perceptions and Judgments
- Security Economics
- Smart Cards and Secure Tokens
- Trust Management
- Trustability and Trustworthiness
- Underground-Market Economics
- Usability and Acceptance of Security Systems
- User and Operator Interfaces
- Voting system security
For more information, please see
http://fc06.ifca.ai/.
Nano-Security 2006
Nano-Security Workshop,
Gaithersburg, MD, USA, February 22-23, 2006. [posted here 10/10/05]
As the promise of nanotechnology is realized, researchers at the
National Institute of Standards and Technology (NIST) and Southern
Methodist University (SMU) recognize the importance of understanding
the security issues associated with fabrication and deployment of
nano-devices. The focus of the workshop is to: (1) identify new
security applications enabled with the availability of nanotechnology
components and (2) characterize special security threats and requirements
at the nanoscale. The workshop’s main goals include: (1) Characterizing the role
of nanoscale components in securing IT systems, (2) Formulating security
threats and requirements for nanoscale devices and their applications,
and (3) Defining nanosecurity metrology to enable fabrication of secure reliable devices.
NIST solicits papers, presentations, case studies, panel
proposals, and participation from any interested parties,
including researchers, systems architects, vendors, and users.
General topics for submissions include, but are not limited
to, the following:
- Security applications that use nanotechnology
- Security requirements for nanotechnology applications
- Security characteristics of IT systems involving nanoscale components
- Security implications of nanotechnology
- Potential metrics for nanosecurity
For more information, please see
http://www.csrc.nist.gov/pki/Nano-Security/index.html.
NDSS 2006
13th Annual Network and Distributed System Security Symposium,
San Diego, CA, USA, February 2-3, 2006. [posted here 8/8/05]
The symposium fosters information exchange among research scientists and
practitioners of network and distributed system security services. The target
audience includes those interested in practical aspects of network and distributed
system security, with a focus on actual system design and implementation
(rather than theory). A major goal is to encourage and enable the Internet
community to apply, deploy, and advance the state of available security
technology. The proceedings are published by the Internet Society.
Submissions are solicited in, but not limited to, the following areas:
- Integrating security in Internet protocols: routing, naming, TCP/IP, multicast, network management, and the Web.
- Intrusion prevention, detection, and response: systems, experiences and architectures.
- Privacy and anonymity technologies.
- Network perimeter controls: firewalls, packet filters, application gateways.
- Virtual private networks.
- Security for emerging technologies: sensor networks, specialized testbeds, wireless/mobile (and ad hoc) networks, personal communication systems, RFID systems, peer-to-peer and overlay network systems.
- Secure electronic commerce: e.g., payment, barter, EDI, notarization, timestamping, endorsement, and licensing.
- Supporting security mechanisms and APIs; audit trails; accountability.
- Implementation, deployment and management of network security policies.
- Intellectual property protection: protocols, implementations, metering, watermarking, digital rights management.
- Fundamental services on network and distributed systems: authentication, data integrity, confidentiality, authorization, non-repudiation, and availability.
- Integrating security services with system and application security facilities and protocols: e.g., message handling, file transport/access, directories, time synchronization, data base management, boot services, mobile computing.
- Public key infrastructure, key management, certification, and revocation.
- Special problems and case studies: e.g., tradeoffs between security and efficiency, usability, reliability and cost.
- Security for collaborative applications: teleconferencing and video-conferencing, electronic voting, groupwork, etc.
- Software hardening: e.g., detecting and defending against software bugs (overflows, etc.)
- Security for large-scale systems and critical infrastructures.
For more information, please see
http://www.isoc.org/isoc/conferences/ndss/06/index.shtml.
AISW-NetSec 2006
Australasian Information Security Workshop,
Hobart, Tasmania, Australia, January 16-19, 2006. [posted here 8/4/05]
The proliferation of new networking technologies and protocols has intensified concerns about confidentiality and authenticity of data. The emerging areas of ubiquitous services, peer-to-peer networks, wireless networking, and mobile ad hoc networks present challenging security problems. Providing security guarantees in these highly vulnerable and dynamic environments requires a combination of traditional techniques with new approaches. The purpose of the workshop is to promote further research interests and activities on network security. It is also aimed at increasing the synergy between academic and industrial researchers working in this area. We are interested in experimental, systems-related, and work-in-progress papers in all aspects of network security. The topics of interest include (but are not limited to):
- Wireless Network Security
- Security of Sensor and Mobile Ad Hoc Networks
- Security of GSM/GPRS/UMTS systems
- RFID security and privacy
- Intrusion Detection Systems
- Firewalls and Application gateways for wireless/mobile networks
and pervasive/ubiquitous computing
- Secure group communication in ad-hoc networks
- Protection against spam, spyware, viruses, malicious software
- Secure Routing
- Denial of Service Attacks
- Web Security, Authentication & Authorization in wireless/mobile
networks and pervasive/ubiquitous computing
- Security in hybrid (eg. Wired/wireless) networks
- Secure Routing Protocols
- Distributed Firewalls
- Distributed DOS
For more information, please see
http://www.titr.uow.edu.au/AISWNS2006/.
DRM 2005
2nd Workshop on Digital Rights Management Impact on Consumer Communications,
Held in conjunction with IEEE Consumer Communications and Networking Conference (CCNC 2006),
Las Vegas, Nevada, USA, January 10, 2006.
[posted here 4/22/05]
Consumers and consumer electronics are increasingly using the Internet for distribution of
digital goods, including digital versions of books, articles, music, and images.
The ease with which digital goods can be copied and redistributed makes the Internet
well suited for unauthorized copying, modification and redistribution. The rapid
adoption of new technologies such as high-bandwidth connections, wireless networks,
and peer-to-peer networks is accelerating this process. This half-day workshop on
Digital Rights Management Impact on Consumer Communications addresses problems
faced by rights holders (who seek to protect their intellectual property rights) and
by end consumers (who seek to protect their privacy and to preserve access they now
enjoy in traditional media under).
The workshop seeks submissions on all theoretical and practical aspects of DRM,
as well as experimental studies of fielded systems on topics including, but not limited to,
those shown below:
- DRM protocols
- architectures for DRM systems
- interoperability
- auditing
- business models for online content distribution
- copyright-law issues, including but not limited to fair use
- digital policy management
- information ownership
- privacy and anonymity
- risk management
- robust identification of digital content
- security issues, including but not limited to authorization, encryption,
amper resistance, and watermarking
- threat and vulnerability assessment
- usability aspects of DRM systems
- web services
- CAPEX, OPEX, TCO examples/ estimations/models
- computing environments and platforms for DRM (TCP - Trusted Computing Platform)
- Implementations and case studies
For more information, please see
http://www.ieee-ccnc.org/2006/conf_program/drm_workshop/index.htm.
HICSS-39 Security Minitrack 2005
Security and Survivability in Unbounded Networked Systems Minitrack,
Part of the Software Technology Track,
39th Hawai'i International Conference on System Sciences (HICSS-39),
Kauai, Hawaii, USA, January 4-7, 2006. [posted here 3/14/05]
The physical and logical boundaries of networked computing systems are becoming
increasingly difficult to specify. Many applications, ranging from simple distributed
databases to grid-based medical image manipulations, are utilizing resources of
unbounded environments. For other applications, like the control of critical
infrastructures, the bounds of the traditional control infrastructure are fading
due to a general desire to have ease of access over the Internet. However, this
increases the chances of the applications to be affected by malicious act, e.g.
hacking, virus or Trojans. It is thus more important than ever to design
mechanisms into the infrastructure and the applications that ensure survivability
of critical or essential functionalities.
This minitrack addresses issues of security and survivability in large,
non-trivial, unbounded networked computer systems, with an emphasis on
recovery and adaptation. It considers systems and networks, including dynamic
paradigms based on migratory agents, ad-hoc networks or grid computing. Papers
on resistance and recognition that address the need or capability for safety critical
software systems to "fail-safe" and "fail-secure" are also desired. Submissions will
be sought from researchers in the area of system survivability, software dependability,
computer and network security, fault-tolerance and intrusion tolerance, and
economic or statistical modeling of secure/survivable systems. Topics include,
but are not limited to:
- Survivability in unbounded systems
- Software survivability and its measurement
- Safety critical failure modes
- Network or system intrusion tolerance
- Tolerating attacks in grid computing
- Modeling malicious behavior or attacks
- Survivability and security issues of mobile agent based systems
- Survivability and security issues of ad-hoc networks
- Models for verification of vulnerability to malicious acts
- Models for measurement, evaluation, or validation of survivability
- Software and hardware fault-tolerance
- Design for dependability and/or survivability
- PRA & hybrid fault models accounting for malicious acts and events
For more information, please see
http://www.cs.uidaho.edu/~krings/HICSS39.htm.
