Contents
IWSSE 2008
2nd International Workshop on Security in Software Engineering,
Held in conjunction with the IEEE COMPSAC 2008,
Turku, July 28 – August 1, 2008.
[posted here 1/15/08]
Secure software engineering has become an emerging interdisciplinary area
across software engineering, programming languages, and security engineering.
Secure software engineering focuses on developing secure software and
understanding the security risks and managing these risks throughout the
life-cycle of software. The purpose of the workshop is to bring together
researchers and practitioners who work closely in this area to create a
forum for reporting and discussing recent advances in improving security
in software engineering and inspiring collaborations and innovations on
new methods and techniques to advance software security in our practices.
Researchers and practitioners worldwide are invited to present their
research expertise and experience, and discuss the issues and challenges
in security from software engineering perspective.
Submissions of quality papers in the following non-exhaustive list of
topics are invited:
- Management of software security in industrial practice
- Security requirements and policies
- Abuse cases and threat modeling
- Architecture and design for security
- Model-based security
- Language-based security
- Malicious code prevention and code safety
- Security risk analysis
- Security taxonomy and metrics
- Testing for security
- Application security: detection and protection
- Software piracy and protection
For more information, please see
http://www.sis.pitt.edu/%7Elersais/IWSSE/IWSSE08.html.
USENIX-Security 2008
17th USENIX Security Symposium,
San Jose, California, USA, July 28-August 1, 2008.
[posted here 10/1/07]
On behalf of the 17th USENIX Security Symposium (USENIX Security '08) program committee, we are inviting you to
submit high-quality papers in all areas relating to systems and network security.
Please note that the USENIX Security Symposium is primarily a systems security conference.
Papers whose contributions are primarily new cryptographic algorithms or protocols,
cryptanalysis, electronic commerce primitives, etc., may not be appropriate for this
conference. Refereed paper submissions are solicited in all areas relating to systems
and network security, including:
- Adaptive security and system management
- Analysis of network and security protocols
- Applications of cryptographic techniques
- Attacks against networks and machines
- Authentication and authorization of users, systems, and applications
- Automated tools for source code analysis
- Botnets
- Cryptographic implementation analysis and construction
- Denial-of-service attacks and countermeasures
- File and filesystem security
- Firewall technologies
- Forensics and diagnostics for security
- Intrusion and anomaly detection and prevention
- Malicious code analysis, anti-virus, anti-spyware
- Network infrastructure security
- Operating system security
- Privacy-preserving (and -compromising) systems
- Public key infrastructure
- Rights management and copyright protection
- Security architectures
- Security in heterogeneous and large-scale environments
- Security policy
- Self-protecting and healing systems
- Techniques for developing secure systems
- Technologies for trustworthy computing
- Usability and security
- Voting systems analysis and security
- Wireless and pervasive/ubiquitous computing security
- Web security
For more information, please see
http://www.usenix.org/sec08/cfpa/.
EVT 2008
USENIX/ACCURATE Electronic Voting Technology Workshop,
Held in conjunction with the 17th USENIX Security Symposium,
San Jose, CA, USA, July 28-29, 2008.
[posted here 2/11/08]
EVT '08 seeks to bring together researchers from a variety of disciplines,
ranging from computer science and human-computer interaction experts through
political scientists, legal experts, election administrators, and voting
equipment vendors. EVT seeks to publish original research on important problems
in all aspects of electronic voting. We welcome papers on voting topics
including but not limited to:
- Voter registration and pre-voting
- Vote collection
- Vote tabulation
- Post-election auditing
- Design, implementation, and evaluation of new voting technologies and protocols
- Scientific evaluations of existing voting technologies
- System testing methodologies
- Deployment and lifecycle issues
- Threat mitigation
- Usability
- Accessibility
- Legal issues, including ADA, HAVA, intellectual property, and nondisclosure
agreements on voting system evaluations
- Issues with and evolution of voting technology standards
For more information, please see
http://www.usenix.org/evt08/cfpa.
CSET 2008
Workshop on Cyber Security Experimentation and Test,
Held in conjunction with the USENIX Security Symposium 2008,
San Jose, CA, USA, July 28, 2008.
[posted here 5/12/08]
The workshop aims to gather both researchers who use testbeds for security
experimentation and testbed developers, to share their ideas and results, and to
discuss open problems in this area. While we particularly invite papers that deal
with security experimentation, we are also interested in papers that address general
testbed/ experiment issues that have implications on security experimentation such
as: traffic and topology generation, large-scale experiment support, experiment
automation, etc. We are further interested in educational efforts that involve
security experimentation. Please see workshop URL for a more detailed listing
of topics.
For more information, please see
http://www.usenix.org/event/cset08/.
SOUPS 2008
Symposium On Usable Privacy and Security,
Carnegie Mellon University, Pittsburgh, PA, USA, July 23-25, 2008.
[posted here 10/15/07]
The 2008 Symposium on Usable Privacy and Security (SOUPS) will bring
together an interdisciplinary group of researchers and practitioners in
human computer interaction, security, and privacy. The program will feature
technical papers, a poster session, panels and invited talks, discussion
sessions, and in-depth sessions (workshops and tutorials).
We invite authors to submit original papers describing research or experience
in all areas of usable privacy and security. Topics include, but are not
limited to:
- innovative security or privacy functionality and design
- new applications of existing models or technology
- field studies of security or privacy technology
- usability evaluations of security or privacy features or security
testing of usability features
- lessons learned from deploying and using usable privacy
and security features
For more information, please see
http://cups.cs.cmu.edu/SOUPS/.
SMPE 2008
2nd International Symposium on Security and Multimodality in Pervasive Environments,
Held in conjunction with the 5th ACM Annual International Conference on Mobile and
Ubiquitous Systems: Computing, Networking and Services (MOBIQUITOUS 2008),
Trinity College Dublin, Ireland, July 21-25, 2008.
[posted here 2/4/08]
Pervasive computing environments present specific peculiarities with
respect to aspects like security and multimodality. As a matter of fact,
the accessibility level of a virtual environment can definitively be improved
by natural interfaces and multimodal interaction systems, which offer users
the freedom to select from multiple modes of interaction with services and
permit to break down barriers about human-computer interaction making
communication intuitive and spontaneous. On the other hand, while enlarging
and easing the ways to access to the environment, security threads arise
and the environment must be properly equipped in order to protect itself
from malicious attacks and/or from wrong actions performed by inexpert
users. Topics include:
- Trust and reputation management in UE
- Security applications and services in pervasive
- Security model for pervasive computing
- Intelligent multimedia security services in pervasive computing
- Key management and authentication in pervasive computing
- Network security issues and protocols in pervasive computing
- Access control and privacy protection in pervasive computing
- Security Standard for next pervasive computing
- Security in Human Centred Environments
- Natural interfaces security issues
- Advanced multimodal interfaces
- Human oriented interfaces
- Multimodal mobile and ubiquitous services
- Methods for multimodal integration
- Middleware services for multimodal and pervasive applications
- Context-Awareness in multimodal applications
- Multimodal analysis and recognition of contex
- Next ubiquitous and immersive environments
- Virtual reality and ubiquitous computing
- Usability and accessibility in ubiquitous applications
- Applications and scenarios
- Others: Commercial or Industrial Issue in pervasive computing
For more information, please see
http://www.na.icar.cnr.it/smpe08/.
DEON 2008
9th International Conference on Deontic Logic in Computer Science,
Luxembourg, July 15-18, 2008.
[posted here 12/10/07]
The biennial DEON conferences are designed to promote interdisciplinary cooperation
amongst scholars interested in linking the formal-logical study of normative concepts
and normative systems with computer science, artificial intelligence, philosophy, organization
theory and law. DEON2008 has a special focus on logical approaches to deontic notions
in computer science in security and trust, encompassing applications in e-commerce as
well as traditional areas of computer security. Topics of interest in this special
theme include, but are not limited to:
- digital rights management
- electronic contracts, including service level agreements and digital media licenses
- authorization
- access control
- security
- privacy policies
- business processes
- regulatory compliance
For more information, please see
http://deon2008.uni.lu.
ACISP 2008
13th Australasian Conference on Information Security and Privacy,
Wollongong, Australia, July 14-16, 2008.
[posted here 9/10/07]
ACISP 2008 is the main computer security and cryptography conference organized
in Australia that provides an avenue for discussion and exchange of ideas for
researchers from academia and industry. Original papers pertaining to all aspects
of information security and privacy are solicited for submission to the ACISP 2008.
Papers may present theory, techniques, applications and practical experiences on
a variety of topics. Topics of interest include, but are not limited to:
- access control
- authentication and identi?cation
- authorization
- biometrics
- computer forensics
- copyright protection
- cryptography
- database security
- electronic surveillance
- evaluation and certification
- intrusion detection
- key management
- key establishment protocols
- legal and privacy issues
- mobile system security
- network and communication security
- secure electronic commerce
- secure operating systems
- secure protocols
- smart cards
- malware and viruses
For more information, please see
http://www.uow.edu.au/conferences/acisp%202008/index.html.
IFIP-DAS 2008
22nd Annual IFIP WG 11.3 Working Conference on Data and Applications Security,
London, UK, July 13-16, 2008.
[posted here 12/10/07]
The 22nd Annual IFIP WG 11.3 Working Conference on Data and Applications Security
provides a forum for presenting original unpublished research results, practical
experiences, and innovative ideas in data and applications security. Papers and panel
proposals are also solicited. Proceedings will be published by Springer as the
next volume in the Research Advances in Database and Information Systems Security
series. Papers may present theory, techniques, applications, or practical
experience on topics of relevance to IFIP WG 11.3:
- Access Control
- Applied cryptography in data security
- Identity theft and countermeasures
- Integrity maintenance
- Intrusion detection
- Knowledge discovery and privacy
- Organizational security
- Privacy and privacy-preserving data management
- Secure transaction processing
- Secure information integration
- Secure Semantic Web
- Secure sensor monitoring
- Secure Web Services
- Threats, vulnerabilities, and risk management
- Trust management
For more information, please see
http://seclab.dti.unimi.it/~ifip113/2008/.
DIMVA 2008
5th Conference on Detection of Intrusions and Malware & Vulnerability Assessment,
Paris, France, July 10-11, 2008.
[posted here 11/19/07]
The annual DIMVA conference serves as a premier forum for advancing the state of
the art in intrusion detection, malware detection, and vulnerability assessment.
Each year DIMVA brings together international experts from academia, industry and
government to present and discuss novel research in these areas. DIMVA is organized
by the special interest group Security - Intrusion Detection and Response of the German
Informatics Society (GI). DIMVA's scope includes, but is not restricted to the
following areas:
Intrusion Detection
- Approaches
- Implementations
- Prevention and response
- Result correlation
- Evaluation
- Potentials and limitations
- Operational experiences
- Evasion and other attacks
- Legal and social aspects
Malware
- Techniques
- Detection
- Prevention and containment
- Evaluation
- Trends and upcoming risks
- Forensics and recovery
Vulnerability Assessment
- Vulnerabilities
- Vulnerability detection
- Vulnerability prevention
- Classification and evaluation
For more information, please see
http://www.dimva.org/dimva2008/.
ACSF 2008
3rd Conference on Advances in Computer Security and Forensics,
Liverpool, UK, July 10-11, 2008.
[posted here 3/3/08]
The purpose of this conference is to bring together academics, researchers, IT managers, system
administrators, security specialists, forensic practitioners and other interested parties to
share the latest developments in research and applications from both fields. The conference
affords academics, researchers and practitioners the opportunity to share views and experiences
in these fields. The topics below are for guidance only and not as an exhaustive list:
- Incident Response and Management
- Legal issues in computer forensics
- Mobile phone and PDA forensics
- Collecting digital evidence
- Network forensics
- Computer forensics case studies
- Storage media and file forensic techniques
- Multimedia source identification
- Data carving and data mining
- Fraud investigation techniques
- Intrusion Detection Systems
- Wireless and ad hoc network security
- Mobile agents for secure systems
- Mobile device and mobile phone security
- Network Security
- Viruses, hostile code and Denial of Service
- Trusted computing
- Trust and resilience
- Privacy and anonymity
- Access control, auditing and accountability
For more information, please see
http://www.cms.livjm.ac.uk/acsf3/.
HAISA 2008
2nd International Conference on Human Aspects of Information Security & Assurance,
Plymouth, United Kingdom, July 8-10, 2008.
[posted here 9/17/07]
The symposium welcomes papers addressing research and case studies in relation to
any aspect of information security that pertains to the attitudes, perceptions and
behaviour of people, and how human characteristics or technologies may be positively
modified to improve the level of protection. Indicative themes include:
- Information security culture
- Awareness and education methods
- Enhancing risk perception
- Public understanding of security
- Usable security
- Psychological models of security software usage
- User acceptance of security policies and technologies
- User-friendly authentication methods
- Biometric technologies and impacts
- Automating security functionality
- Non-intrusive security
- Assisting security administration
- Impacts of standards, policies, compliance requirements
- Organizational governance for information assurance
- Simplifying risk and threat assessment
- Understanding motivations for misuse
- Social engineering and other human-related risks
- Privacy attitudes and practices
- Computer ethics and security
For more information, please see
http://www.haisa.org.
ICIMP 2008
3rd International Conference on Internet Monitoring and Protection,
Bucharest, Romania, June 29 - July 5, 2008.
[posted here 12/10/07]
The International Conference on Internet Monitoring and Protection (ICIMP 2008)
initiates a series of special events targeting security, performance, vulnerabilities in
Internet, as well as disaster prevention and recovery. Dedicated events focus on measurement,
monitoring and lessons learnt in protecting the user. ICIMP 2008 Tracks include:
- TRASI: Internet traffic surveillance and interception
- IPERF: Internet performance
- RTSEC: Security for Internet-based real-time systems
- DISAS: Disaster prevention and recovery
- EMERG: Networks and applications emergency services
- MONIT: End-to-end sampling, measurement, and monitoring
- REPORT: Experiences & lessons learnt in securing networks and applications
- USSAF: User safety, privacy, and protection over Internet
- SYVUL: Systems vulnerabilities
- SYDIA: Systems diagnosis
- CYBER-FRAUD: Cyber fraud
- BUSINESS: Business continuity
- RISK: Risk assessment
- TRUST: Privacy and trust in pervasive communications
- RIGHT: Digital rights management
- BIOTEC: Biometric techniques
For more information, please see
http://www.iaria.org/conferences2008/ICIMP08.html.
FCC 2008
4th Workshop on Formal and Computational Cryptography,
Carnegie Mellon University, Pittsburgh, PA, USA, June 26, 2008.
[posted here 4/28/08]
Since the 1980s, two approaches have been developed for analyzing security protocols.
One of the approaches is based on a computational model that considers issues of
computational complexity and probability. Messages are modeled as bitstrings and
security properties are defined in a strong form, in essence guaranteeing security
with high probability against all probabilistic polynomial-time attacks. However,
it is difficult to prove security of large, complex protocols in this model. The
other approach relies on a symbolic model of protocol execution in which messages
are modelled using a term algebra and cryptographic primitives are treated as
perfect black-boxes, e.g. the only way to decrypt a ciphertext is to use the
corresponding decryption key. This abstraction enables significantly simpler and
often automated analysis of complex protocols. Since this model places strong
constraints on the attacker, a fundamental question is whether such an analysis
implies the strong security properties defined in the computational model.
This workshop focuses on approaches that combine and relate symbolic and computational
protocol analysis. Over the last few years, there has been a spate of research results
in this area. One set of results establish correspondence theorems between the two models,
in effect showing that for a certain class of protocols and properties, security
in the symbolic model implies security in the computational model. In other work,
researchers use language-based techniques such as process calculi and protocol
logics to reason directly about the computational model. Several projects are
investigating ways of mechanizing computationally sound proofs of protocols. T
he workshop seeks results in this area of computationally sound protocol analysis:
foundations and tools.
For more information, please see
http://www.di.ens.fr/~blanchet/fcc08/.
WEIS 2008
Workshop on the Economics of Information Security,
Hanover, New Hampshire, USA, June 25-27, 2008.
[posted here 2/18/08]
The 2008 Workshop on the Economics of Information Security invites original
research papers focused on the economics of information security and the
economics of privacy. We encourage economists, computer scientists, business
school researchers, law scholars, security and privacy specialists, as well as
industry experts to submit their research and attend the Workshop. Suggested topics
include (but are not limited to) empirical and theoretical economic studies of:
- Optimal investment in information security
- Privacy, confidentiality and anonymity
- Cybertrust and reputation systems
- Intellectual property protection
- Information access and provisioning
- Risk management and cyberinsurance
- Security standards and regulation
- Behavioral security and privacy
- Cyberterrorism policy
- Organizational security and metrics
- Psychology of risk and security
- Phishing, spam, and cybercrime
- Vulnerability discovery, disclosure, and patching
For more information, please see
http://weis2008.econinfosec.org.
ATC 2008
5th International Conference on Autonomic and Trusted Computing,
Oslo, Norway, June 23-25, 2008.
[posted here 10/29/07]
Computing systems including hardware, software, communication and networks are
growing dramatically in both scale and heterogeneity, becoming overly complex.
Such complexity is getting even more critical with the ubiquitous permeation of
embedded devices and other pervasive systems. To cope with the growing and
ubiquitous complexity, Autonomic Computing (AC) focuses on self-manageable
computing and communication systems that exhibit self-awareness, self-configuration,
self-optimization, self-healing, self-protection and other self-x operations to
the maximum extent possible without human intervention or guidance.
Organic Computing (OC) additionally emphasizes natural-analogue concepts like
self-organization and controlled emergence.
Trusted/Trustworthy Computing (TC) aims at making computing and communication
systems as well as services available, predictable, traceable, controllable,
assessable, sustainable, dependable, persist-able, security/privacy protect-able,
etc. ATC-08 addresses the most innovative research and development in these
challenging areas and includes all technical aspects related to
autonomic/organic computing (AC/OC) and trusted computing (TC).
Topics of interest include, but are not limited to:
- AC/OC Theory and Models (
Nervous/organic models, negotiation, cooperation, competition,
self-organization, emergence, etc.)
- AC/OC Architectures and Systems (Autonomic elements & their relationship,
frameworks, middleware, observer/controller architectures, etc.)
- AC/OC Components and Modules (Memory, storage, database, device, server,
proxy, software, OS, I/O, etc.)
- AC/OC Communication and Services (Networks, self-organized net, web service,
grid, P2P, semantics, agent, transaction, etc.)
- AC/OC Tools and Interfaces (Tools/interfaces for AC/OC system development,
test, monitoring, assessment, supervision, etc.)
- Trust Models and Specifications (Models and semantics of trust,
distrust, mistrust, over-trust, cheat, risk, reputation, reliability, etc.)
- Trust-related Security and Privacy (Trust-related secure architecture,
framework, policy, intrusion detection/awareness, protocols, etc.)
- Trusted Reliable and Dependable Systems (Fault-tolerant systems,
hardware redundancy, robustness, survivable systems, failure recovery, etc.)
- Trustworthy Services and Applications (Trustworthy Internet/web/grid/P2P
e-services, secured mobile services, novel applications, etc.)
- Trust Standards and Non-Technical Issues (Trust standards and issues related
to personality, ethics, sociology, culture, psychology, economy, etc.)
For more information, please see
http://www.ux.uis.no/atc08/.
CSF 2008
21st IEEE Computer Security Foundations Symposium,
Pittsburgh, PA, USA, June 23-25, 2008.
[posted here 10/22/07]
The IEEE Computer Security Foundations (CSF) series brings together researchers in
computer science to examine foundational issues in computer security. Over the
past two decades, many seminal papers and techniques have been presented first at
CSF. The CiteSeer Impact page (http://citeseer.ist.psu.edu/impact.html ) lists CSF
as 38th out of more than 1200 computer science venues, top 3.11% in impact based
on citation frequency. New theoretical results in computer security are welcome.
Also welcome are more exploratory presentations, which may examine open questions
and raise fundamental concerns about existing theories. Panel proposals are sought
as well as papers. Possible topics include, but are not limited to:
- Access control
- Anonymity and Privacy
- Authentication
- Data and system integrity
- Database security
- Decidability and complexity
- Distributed systems security
- Electronic voting
- Executable content
- Formal methods for security
- Information flow
- Intrusion detection
- Language-based security
- Network security
- Resource usage control
- Security for mobile computing
- Security models
- Security protocols
- Trust and trust management
For more information, please see
http://www.cylab.cmu.edu/CSF2008/.
USENIX 2008
2008 USENIX Annual Technical Conference,
Boston, MA, USA, June 22-27, 2008.
[posted here 12/24/07]
Authors are invited to submit original and innovative papers to the Refereed Papers
Track of the 2008 USENIX Annual Technical Conference. We seek high-quality submissions
that further the knowledge and understanding of modern computing systems, with an
emphasis on implementations and experimental results. We encourage papers that break
new ground or present insightful results based on practical experience.
The USENIX conference has a broad scope; specific topics of interest include
but are not limited to:
- Architectural interaction
- Deployment experience
- Distributed and parallel systems
- Embedded systems
- Energy/power management
- File and storage systems
- Networking and network services
- Operating systems
- Reliability, availability, and scalability
- Security, privacy, and trust
- System and network management and troubleshooting
- Usage studies and workload characterization
- Virtualization
- Web technology
- Wireless, sensor, and mobile systems
For more information, please see
http://www.usenix.org/events/usenix08/.
W2Trust 2008
Web 2.0 Trust Workshop (No Proceedings),
Held in conjunction with the IFIP-TM 2008,
Trondheim, Norway, June 21, 2008.
[posted here 3/31/08]
Web 2.0 has emerged as the adopted suite of technologies by developers,
users and business. The new web 2.0 paradigm provides the technology that enables government,
businesses and users to interact and integrate services and data and benefit
The Wisdom of the Crowds. Because of strong collaborative nature of Web 2.0 applications,
mechanisms for trust management are crucial for its healthy development. Trust in Web 2.0 opens
several new vistas for researchers and practitioners. In particular, approaches to trust management
designed for Web 1.0 need to be revisited. In Web 1.0 Trust was mostly related to e-commerce
and security of the portal. The main trust issues were related to the website content,
and authenticity of the source which posted data. With the advent of the Web 2.0 the
issue of trust has shifted from the people or companies that run a site to focus more on
the people that populate it. This new technology in fact enables users to interact and
collaborate seamlessly. For example, using social networks users are engaging with each
other at a one to one level in several ways, for business, pleasure, for knowledge
sharing and so forth. The predominant issue is now whether one can trust the people on
a site, since the content is being generated by anyone and then being rated by anyone.
How to ensure that what other users write is true, authentic and will not misused is an
open challenge. Trust evaluations are however fundamental to help users making the best
decisions when sharing resources and data. Thus, the success of Web 2.0 strongly depends
on the development of efficient, adequate and scalable trust models.
We solicit papers, case studies, and participation from researchers, systems architects,
vendor engineers, and users. Suggested topics include but are not limited to:
- Secure Mashup Technologies
- Trust in Data Aggregation and Integration
- Trust in Service Oriented Architecture
- Security in Social Networks
- Trust in New Technologies Such as AJAX
- Trust models in Social Networks
- Web Services Security
- Trust in Grid Environments
For more information, please see
http://www.sis.uncc.edu/~mshehab/W2Trust/index.html.
IFIP-TM 2008
Joint iTrust and PST conferences on Privacy, Trust Management and Security,
Trondheim, Norway, June 18-20, 2008.
[posted here 10/15/07]
The mission of the IFIPTM 2008 conference is to share research solutions to
problems of Trust, Security and Privacy and to identify new issues and
directions for future research and development work. IFIPTM 2008 invites
research submissions on all topics related to Trust, Security and Privacy,
including but not limited to those listed below:
- Security and trust for composite applications
- Trust models, formalization, specification, analysis and reasoning
- Engineering of trustworthy and secure software
- The ethics, sociology and psychology of trust
- Security management and usability issues including security configuration
- Trust management frameworks for secure collaborations
- Language security
- Security and privacy for software as a service (SaaS)
- Security and trust for Web 2.0 mashups
- Legal issues related to the management of trust
- Semantically-aware security management
- Adaptive security policy management
- Security, trust and privacy for service oriented architectures
- Mobile security
- Anonymity and privacy vs. accountability
- Critical infrastructure protection, public safety and emergency management
- Intrusion detection systems and technologies
- Operating systems security
- Network security (anti-virus, anti-DoS-tools, firewalls etc.)
- Privacy and identity management in e-services
- Biometrics, national ID cards, identity theft
- Distributed trust and reputation management systems
- Human computer interaction and privacy, security & trust
- Applications of trust and reputation management in e-services
For more information, please see
http://www.ntnu.no/videre/konferanse/IFIPTM08/.
ICDCS 2008
28th International Conference on Distributed Computing Systems,
Beijing, China, June 17-20, 2008.
[posted here 8/13/07]
ICDCS is an IEEE Computer Society sponsored premier conference with a wide
coverage of topics in Distributed Computing. It has a long history of
significant achievements and worldwide visibility.
The conference provides a forum for engineers and scientists in academia,
industry and government to present their latest research findings in
any aspects of distributed and parallel computing. Topics of particular
interest include, but are not limited to:
- Theoretical Foundations
- Data Management and Data Centers
- Distributed Cyber-Physical Systems
- Reliability and Dependability
- Security and Privacy
- Network Architectures and Protocols
- Operating Systems and Middleware
- Cyber-Infrastructure for Distributed Computing
- Sensor Networks and Applications
- Wireless and Mobile Computing
- Multimedia Systems
- Web-Based Distributed Computing
For more information, please see
http://www.engin.umd.umich.edu/icdcs/.
PLAS 2008
3rd ACM SIGPLAN Workshop on Programming Languages and Analysis for Security,
Tucson, Arizona, USA, June 8, 2008.
[posted here 2/25/08]
PLAS aims to provide a forum for exploring and evaluating ideas on the use
of programming language and program analysis techniques to improve the
security of software systems. Strongly encouraged are proposals of new,
speculative ideas; evaluations of new or known techniques in practical settings;
and discussions of emerging threats and important problems. The scope of PLAS
includes, but is not limited to:
- Language-based techniques for security
- Verification of security properties in software
- Automated introduction and/or verification of security enforcement mechanisms
- Program analysis techniques for discovering security vulnerabilities
- Compiler-based security mechanisms, such as host-based intrusion
detection and in-line reference monitors
- Specifying and enforcing security policies for information flow
and access control
- Model-driven approaches to security
- Applications, examples, and implementations of these techniques
For more information, please see
http://research.ihost.com/plas2008/.
NYS-IA 2008
3rd Annual Symposium on Information Assurance,
Albany, NY, USA, June 4-5, 2008.
[posted here 1/7/08]
Authors are invited to submit original and unpublished papers to the
3rd Annual Symposium on Information Assurance, which will be jointly held with
the 11th Annual NYS Cyber Security Conference. This two day event attracts practitioners,
researchers, and vendors providing opportunities for business and intellectual engagement
among attendees. The conference program will be organized into topics not limited to:
- Security Policy Implementation & Compliance
- Computer & Network Forensics
- Information Security Risk Management
- Network Security and Intrusion Detection
- Economics of Information Security
- Reverse Engineering of Viruses and Worms
- Security Metrics for Evaluating Security
- Botnet Detection and Prevention
- Computer Crime Data Analytics
- Security in Wireless and Ad hoc Networks
- Internet-based Terrorism and Espionage
- Adaptive & Resilient Security Models
- Digital Rights Management
- Biological Models of Security
- Privacy & Security
- Distributed Systems Security
- Security Glossaries and Ontologies
- Database Security and Data Integrity
- Trust Modeling and Management
- Curriculum Development in Information Security
For more information, please see
http://www.albany.edu/iasymposium.
SHPCS 2008
Workshop on Security and High Performance Computing Systems,
Held in conjunction with the 2008 International Conference on High Performance Computing & Simulation (HPCS 2008)
and the 22nd European Conference on Modelling and Simulation (ECMS 2008),
Nicosia, Cyprus, June 3-6, 2008.
[posted here 12/10/07]
This workshop addresses relationships between security and high performance systems in three
directions. First, it considers how to add security properties (authentication, confidentiality,
integrity, non-repudiation, access control) to high performance computing systems.
Second, it covers how to use high performance computing systems to solve security problems.
Third, it investigates the tradeoffs between maintaining high performance and achieving security
in computing systems and solutions to balance the two objectives. In all these directions,
various performance analyses or monitoring techniques can be conducted to show the efficiency
of a security infrastructure. This workshop covers (but is not limited to) the following topics:
- Access Control
- Accounting and Audit
- Anonymity
- Applied Cryptography
- Authentication
- Commercial and Industry Security
- Cryptographic Protocols
- Data and Application Security
- Data/System Integrity
- Database Security
- Digital Rights Management
- Formal Verification of Secure Systems
- Identity Management
- Inference/Controlled Disclosure
- Information Warfare
- Intellectual Property Protection
- Intrusion and Attack Detection
- Intrusion and Attack Response
- Key Management
- Privacy-Enhancing Technology
- Secure Networking
- Secure System Design
- Security Management
- Security for Mobile Code
- Security for Specific Domains (e.g., E-Government, E-Business, P2P)
- Security in IT Outsourcing
- Security in Mobile and Wireless Networks
- Security in Operating Systems
- Security Location Services
- Security of Grid and Cluster Architectures
- Smartcards
- Trust Management Policies
- Trust Models
For more information, please see
http://www.diiga.univpm.it/~spalazzi/nicosia/.
ACNS 2008
6th International Conference on Applied Cryptography and Network Security,
New York, New York, USA, June 3-6, 2008.
[posted here 8/13/07]
ACNS is an annual conference concentrating on current developments that
advance the areas of applied cryptography and its application to systems
and network security.
Original papers on all aspects of applied cryptography and network security
are solicited for submission to ACNS'08. Topics of relevance include
but are not limited to:
- Applied cryptography and provably-secure cryptographic protocols
- Design and analysis of efficient cryptographic primitives: public-key
and symmetric-key cryptosystems, block ciphers, and hash functions
- Network security protocols
- Techniques for anonymity; trade-offs between anonymity and utility
- Integrating security into the next-generation Internet: DNS security, routing,
naming, denial-of-service attacks, TCP/IP, secure multicast
- Economic fraud on the Internet: phishing, pharming, spam, and click fraud
- Email and web security
- Public key infrastructure, key management, certification, and revocation
- Security and privacy for emerging technologies: sensor networks, mobile (ad hoc)
networks, peer-to-peer networks, bluetooth, 802.11, RFID
- Trust metrics and robust trust inference in distributed systems
- Security and usability
- Intellectual property protection: metering, watermarking, and digital rights management
- Modeling and protocol design for rational and malicious adversaries
- Automated analysis of protocols
For more information, please see
http://acns2008.cs.columbia.edu/.
SSDU 2008
2nd International Symposium on Service, Security and its Data management
technologies in Ubi-comp,
Held in conjunction with the 3rd International Conference on Grid and Pervasive
Computing (GPC 2008),
Kunming, China, May 25-28, 2008.
[posted here 1/14/08]
Ubiquitous Computing (Ubi-comp) is emerging rapidly as an exciting new
paradigm with user-centric environment to provide computing and
communication services at any time and anywhere. In order to realize
their advantages, it requires integrating security, services and data management
to be suitable for Ubi-com. However, there are still many problems and
major challenges awaiting for us to solve such as the security risks in
ubiquitous resource sharing, which could be occurred when data resources are
connected and accessed by anyone in Ubi-com. Therefore, it will be needed
to explore more secure and intelligent mechanism in Ubi-com. Topics include:
- Context-Awareness and its Data mining for Ubi-com service
- Human-Computer Interface and Interaction for Ubi-com
- Smart Homes and its business model for Ubi-com service
- Intelligent Multimedia Service and its Data management for Ubi-com
- USN / RF-ID for Ubi-com service
- Network security issues, protocols, data security in Ubi-com
- Database protection for Ubi-com
- Privacy Protection and Forensic in Ubi-com
- Multimedia Security in Ubi-com
- Authentication and Access control for data protection in Ubi-com
- Service, Security and its Data management for U-commerce
- New novel mechanism and Applications for Ubi-com
For more information, please see
http://grid.hust.edu.cn/gpc2008/.
Oakland 2008
29th IEEE Symposium on Security and Privacy,
The Claremont Resort, Berkeley/Oakland, California, USA, May 18-21, 2008.
[posted here 8/13/07]
Since 1980, the IEEE Symposium on Security and Privacy has been the premier forum for
the presentation of developments in computer security and electronic privacy, and
for bringing together researchers and practitioners in the field.
Previously unpublished papers offering novel research contributions in any
aspect of computer security or electronic privacy are solicited for submission
to the 2008 symposium. Papers may represent advances in the theory, design,
implementation, analysis, or empirical evaluation of secure systems, either
for general use or for specific application domains. The Symposium is also
open to the submission of co-located half-day or one-day workshops.
Topics of particular interest include, but are not limited to:
- Access control and audit
- Anonymity and pseudonymity
- Application-level security
- Biometrics
- Cryptographic protocols
- Database security
- Denial of service
- Distributed systems security
- Formal methods for security
- Information flow
- Intrusion detection and prevention
- Language-based security
- Malicious code prevention
- Network security
- Operating system security
- Peer-to-peer security
- Privacy
- Risk analysis
- Secure hardware and smartcards
- Security engineering
- Security policy
- User authentication
For more information, please see
http://www.ieee-security.org/TC/SP2008/oakland08.html.
SADFE 2008
3rd International Workshop on Systematic Approaches to Digital Forensic Engineering,
Held in conjunction with the 2008 IEEE Symposium on Security and Privacy (SP 2008),
The Claremont Resort, Oakland, CA, USA, May 22, 2008.
[posted here 1/14/08]
The SADFE (Systematic Approaches to Digital Forensic Engineering) International
Workshop promotes systematic approaches to cyber crime investigation, by furthering
the advancement of digital forensic engineering as a disciplined practice. Digital
forensic engineering is characterized by the application of scientific and
mathematical principles to the investigation and establishment of facts or
evidence, either for use within a court of law or to aid understanding of cyber
crimes or cyber-enabled crimes. To advance the state of the art, SADFE 2008
solicits broad-based, innovative digital forensic engineering technology,
techno-legal and practice-related submissions in the following four areas:
- Digital Data and Evidence Management: advanced digital evidence discovery,
collection, and storage.
- Principle-based Digital Forensic Processes: systematic engineering processes
supporting digital evidence management which are sound on scientific, technical
and legal grounds.
- Digital Evidence Analytics: advanced digital evidence analysis, correlation,
and presentation.
- Forensic-support technologies: forensic-enabled and proactive
monitoring/response.
For more information, please see
http://conf.ncku.edu.tw/sadfe/sadfe08/.
W2SP 2008
2nd Workshop on Web 2.0 Security and Privacy,
Held in conjunction with the 2008 IEEE Symposium on Security and Privacy (SP 2008),
The Claremont Resort, Oakland, CA, USA, May 22, 2008.
[posted here 1/14/08]
The goal of this one day workshop is to bring together researchers and
practitioners from academia and industry to focus on understanding Web 2.0
security and privacy issues, and establishing new collaborations in these areas.
Web 2.0 is about connecting people and amplifying the power of working together.
The mixing of technology and social interaction is occurring in the context of
a wave of technologies supporting rapid development of these interpersonal and
business interactions. Many of the new web technologies rely on the composition
of content and services from multiple sources, resulting in complex technology
compositions (mash-ups). The content composition trend is likely to continue.
The lure of these technologies is the promise of simpler ways to compose
software service and content, at lower cost. However, there are issues with
respect to management of identities, reputation, privacy, anonymity, transient
and long term relationships, and composition of function and content, both
on the server side and at the client (web browser). While the security
and privacy issues are not new, these issues are increasingly becoming
acute as the technologies are adopted and adapted to appeal to wider
audiences. Some of these technologies deliberately bypass existing
security mechanisms. This workshop is intended to discuss the limitations
of the current technologies and explore alternatives.
The scope of W2SP 2008 includes, but is not limited to:
- Identity, privacy, reputation and anonymity
- End-to-end security architectures
- Security of content composition
- Security and privacy policy definition and modeling of content composition
- Provenance and governance
- Usable security and privacy models
- Static and dynamic analysis for security
- Security as a service
- Click fraud
- Software as a service
- Web services/feeds/mashups
- Next generation browser technology
For more information, please see
http://www.ieee-security.org/TC/SP2008/oakland08.html.
WISTP 2008
Workshop in Information Security Theory and Practices 2008:
Smart Devices, Convergence and Next Generation Networks,
Sevilla, Spain, May 13-16, 2008.
[posted here 12/17/07]
With the rapid technological development of information technologies and with
the transition from the common to the next generation networks, computer systems
and especially embedded systems are becoming more mobile and ubiquitous,
increasingly interfacing with the physical world. Ensuring the security of these
complex and yet, resource constraint systems has emerged as one of the most pressing
challenges. Another important challenge is related to the convergence of these new
technologies. The aim of this second workshop is to bring together researchers
and practitioners in related areas and to encourage interchange and cooperation
between the research community and the industrial/consumer community.
Topics of interest include, but are not limited to:
Smart Devices
- Biometrics, National ID cards
- Embedded Systems Security and TPMs
- Interplay of TPMs and Smart Cards
- Mobile Codes Security
- Mobile Devices Security
- New Applications for Secure RFID Systems
- RFID Systems Security
- Smart Card Security
- Smart Devices Applications
- Wireless Sensor Node Security
Convergence: Security Architectures, Protocols, Policies and Management for Mobility
- Critical Infrastructure (e.g. for Medical or Military Applications) Security
- Digital Rights Management (DRM)
- Distributed Systems and Grid Computing Security
- Industrial and Multimedia Applications
- Information Assurance and Trust Management
- Intrusion Detection and Information Filtering
- Localization Systems Security (Tracking of People and Goods)
- M2M (Machine to Machine), H2M (Human to Machine) and M2H (Machine to Human) Security
- Mobile Commerce Security
- Public Administration and Governmental Services
- Privacy Enhancing Technologies
- Security Models and Architecture
- Security Policies (Human-Computer Interaction and Human Behavior Impact)
- Security Protocols (for Identification and Authentication, Confidentiality and Privacy, and Integrity)
- Security Measurements
Next Generation Networks
- Ad Hoc Networks Security
- Delay-Tolerant Network Security
- Domestic Network Security
- Peer-to-Peer Networks Security
- Security Issues in Mobile and Ubiquitous Networks
- Security of GSM/GPRS/UMTS Systems
- Sensor Networks Security
- Vehicular Network Security
- Wireless Communication Security: Bluetooth, NFC, WiFi, WiMAX, WiMedia, others
For more information, please see
http://wistp2008.xlim.fr/.
ISPEC 2008
4th Information Security Practice and Experience Conference,
Sydney, Australia, April 21-23, 2008.
[posted here 8/21/07]
As applications of information security technologies become pervasive, issues
pertaining to their deployment and operation are becoming increasingly important.
ISPEC is an annual conference that brings together researchers and practitioners to
provide a confluence of new information security technologies, their applications
and their integration with IT systems in various vertical sectors.
Topics of interest include, but are not limited to:
- Applications of cryptography
- Critical infrastructure protection
- Digital rights management
- Information security in vertical applications
- Legal and regulatory issues
- Network security
- Privacy and anonymity
- Privacy issues in the use of smart cards and RFID systems
- Risk evaluation and security certification
- Resilience and availability
- Secure system architectures
- Security in e-commerce and e-business and other applications
- Security policy
- Security standards activities
- Trusted Computing
- Trust model and management
- Usability aspects of information security systems
For more information, please see
http://www.uow.edu.au/conferences/ISPEC%202008/index.html/.
UPSEC 2008
Workshop on Usability, Psychology, and Security,
Co-located with the 5th USENIX Symposium on Networked Systems Design & Implementation (NSDI 2008),
San Francisco, California, USA, April 14, 2008.
[posted here 11/19/07]
Information security involves both technology and people. To design and deploy secure
systems, we require an understanding of how users of those systems perceive,
understand, and act on security risks and threats. This one-day workshop will
bring together an interdisciplinary group of researchers, systems designers,
and developers to discuss how the fields of human computer interaction, applied psychology,
and computer security can be brought together to inform innovations in secure systems
design. We seek to deepen the conversation about usable security to go beyond the user
interface, toward developing useful and usable systems of humans and technology.
Topics include but are not limited to:
- Error detection and recovery
- Human perception and cognitive information processing
- Identity and impression management
- Individual and cultural differences
- Information seeking and evaluation
- Judgment and decision-making
- Learning, training, and experience
- Mental models
- Models of privacy, sharing, and trust
- Organizational, group, and individual behavior
- Risk perception, risk analysis, and risk communication
- Security behavior study methodology
- Social engineering
- Social influence and persuasion
- System proposals and design approaches
- Threat evaluation
- Usability
- User motivation and incentives for secure behavior
For more information, please see
http://www.usenix.org/upsec08/cfp.
CT-RSA 2008
RSA Conference 2008: Cryptographers' Track,
San Francisco, California, USA, April 8-11, 2008.
[posted here 8/13/07]
The RSA Conference is the largest, regularly-staged computer security event,
with over 350 vendors, and thousands of attendees. The Cryptographers' Track (CT-RSA)
is a research conference within the RSA Conference. CT-RSA has begun in 2002, and
has become an established venue for presenting cryptographic research papers.
The conference proceedings will be published in Springer’s Lecture Notes in
Computer Science (LNCS) series and should be available at the conference.
Special academic discount for registration will be available, as well as a
waiver for speakers presenting papers accepted to CT-RSA 08.
Original research papers pertaining to all aspects of cryptography are solicited.
Submissions may present applications, techniques, theory, and practical
experience on topics including, but not limited to:
- public-key encryption
- symmetric-key encryption
- digital signatures
- hash functions
- cryptographic protocols
- tamper-resistance
- fast implementations
- elliptic-curve cryptography
- quantum cryptography
- formal security models
- network security
- e-commerce
For more information, please see
http://ct-rsa08.cs.columbia.edu/.
WiSec 2008
1st ACM Conference on Wireless Network Security,
Alexandria, Virginia, USA, March 31 - April 2, 2008.
[posted here 6/6/07]
As wireless communications are becoming ubiquitous, their security is
gaining in importance. The ACM Conference on Wireless Network
Security (WiSec) aims at exploring attacks on wireless networks as
well as techniques to thwart them.
Topics of interest include, but are not limited to:
- Naming and addressing vulnerabilities
- Key management in wireless/mobile environments
- Secure neighbor discovery
- Secure PHY and MAC protocols
- Trust establishment
- Intrusion detection, detection of malicious behavior
- Revocation of malicious parties
- Denial of service
- User privacy, location privacy
- Anonymity, prevention of traffic analysis
- Identity theft and phishing in mobile networks
- Charging
- Cooperation and prevention of non-cooperative behavior
- Economics of wireless security
- Vulnerability and attacker modeling
- Incentive-aware secure protocol design
- Jamming
- Cross-layer design for security
- Monitoring and surveillance
- Computationally efficient cryptographic primitives
For more information, please see
http://discovery.csc.ncsu.edu/WiSec08/.
EUROSEC 2008
European Workshop on System Security,
Held in conjunction with the Annual ACM SIGOPS EuroSys conference (EUROSYS 2008),
Glasgow, Scotland, March 31, 2008.
[posted here 1/14/08]
The workshop aims to bring together researchers, practitioners, system
administrators, system programmers, and others interested in the latest
advances in the security of computer systems and networks. The focus of the
workshop is on novel, practical, systems-oriented work.
EuroSec seeks contributions on all aspects of systems security.
Topics of interest include (but are not limited to):
- new attacks, evasion techniques, and defenses
- operating system security
- hardware architectures
- "trusted computing" and its applications
- identity management, anonymity
- small trusted computing bases
- mobile systems security
- measuring security
- malicious code analysis and detection
- web security
- systems-based forensics
- systems work on fighting spam/phishing
For more information, please see
http://www.cs.vu.nl/eurosec08/.
SAC-TRECK 2008
23rd ACM Symposium on Applied Computing,
Track: Trust, Recommendations, Evidence and other Collaboration Know-how,
Fortaleza, Ceará, Brazil, March 16-20, 2008.
[posted here 6/6/07]
Computational models of trust and online reputation mechanisms have been gaining momentum.
The goal of the ACM SAC 2008 TRECK track remains to review the set of applications that
benefit from the use of computational trust and online reputation. Computational trust
has been used in reputation systems, risk management, collaborative filtering,
social/business networking services, dynamic coalitions, virtual organisations and
even combined with trusted computing hardware modules. The TRECK track covers all
computational trust applications, especially those used in real-world applications.
The topics of interest include, but are not limited to:
- Recommender and reputation systems
- Trust-enhanced collaborative applications
- Trust and identity management
- Combined computational trust and trusted computing
- Tangible guarantees given by formal models of trust and risk
- Trust metrics assessment and threat analysis
- Pervasive computational trust and use of context-awareness
- Autonomic and adaptive trust
- Trade-off between privacy and trust
- Trust/risk-based security frameworks
- Automated collaboration and trust negotiation
- Trust in peer-to-peer and open source systems
- Technical trust evaluation and certification
- Impacts of social networks on computational trust
- Evidence gathering and management
- Real-world applications, running prototypes and advanced simulations
- Applicability in large-scale, open and decentralised environments
- Legal and economic aspects related to the use of trust engines
- User-studies and user interfaces of computational trust applications
For more information, please see
http://www.trustcomp.org/treck/.
IFIP-CIP 2008
2nd Annual IFIP WG 11.10 International Conference on Critical Infrastructure Protection,
Arlington, Virginia, USA, March 16–19, 2008.
[posted here 10/9/07]
The IFIP Working Group 11.10 on Critical Infrastructure Protection is an active
international community of researchers, infrastructure operators and policy-makers
dedicated to applying scientific principles, engineering techniques and public policy
to address current and future problems in information infrastructure protection.
Following the success of the inaugural conference in March 2007, the Second Annual
IFIP WG 11.10 International Conference on Critical Infrastructure Protection
will again provide a forum for presenting original, unpublished research results
and innovative ideas related to all aspects of critical infrastructure protection.
The conference will be limited to eighty participants to facilitate interactions
among researchers and intense discussions of research and implementation issues.
Areas of interest include, but are not limited to:
- Infrastructure vulnerabilities, threats and risks
- Security challenges, solutions and implementation issues
- Infrastructure sector interdependencies and security implications
- Risk analysis and risk assessment methodologies
- Modeling and simulation of critical infrastructures
- Legal, economic and policy issues related to critical infrastructure protection
- Secure information sharing
- Infrastructure protection case studies
- Distributed control systems/SCADA security
- Telecommunications network security
For more information, please see
http://www.ifip1110.org/.
APE 2008
1st International Workshop on Advances in Policy Enforcement,
Held in conjunction with the 3rd International Conference on Availability, Reliability and Security (ARES 2008),
Barcelona, Catalonia, Spain, March 4-7, 2008.
[posted here 10/8/07]
The problem of complying with increasingly complex requirements is gaining importance
in organizations of all sizes. Such requirements stipulate how organizations must
perform a number of accountable actions with regard to, e.g., accounting -- Basel II
and SOX -- and the treatment of personal information -- HIPAA, Fair Information
Practices and negotiated privacy preferences. From a technical standpoint, these
requirements are mere policies whose modeling (expression), adherence (enforcement),
and verification (audit) dictate the workflow of organizations. The goal of this workshop
is to bring together researchers and practitioners working on innovative methods for
policy enforcement and its a posteriori audit. The focus of the workshop is primarily
technological, yet it encourages papers with a multidisciplinary character, encompassing
for instance economic, legal, and sociological aspects, as well as papers more purely
focused on information technology. Submission topics include, but are not limited to:
- A posteriori policy enforcement
- Complementing a priori and a posteriori approaches to enforcement
- Usage control
- Audit strategies
- Forensics and legal issues
- Provable enforcement
- Accountability and liability
- Secure logging mechanisms
- Expression of security and privacy requirements
- Monitoring techniques
- Implementation experiences
For more information, please see
http://www.telematik.uni-freiburg.de/ape/.
PSAI 2008
Workshop on Privacy and Security by means of Artificial Intelligence,
Held in conjunction with the third International Conference on Availability, Reliability and Security (ARES 2008),
Barcelona, Spain, March 4–7, 2008.
[posted here 9/27/07]
In this workshop, we aim to convene researchers in the areas of Security, Data Privacy
and Artificial Intelligence. We seek to collect the most recent advances in artificial
intelligence techniques (i.e. neural networks, fuzzy systems, multi-agent systems,
genetic algorithms, image analysis, clustering, etc), which are applied to the
protection of privacy and security.
Topics of interest include, but are not limited to:
- Statistical Disclosure Control
- Location-based services
- Statistical databases
- Homeland security
- Robotics
- Cryptography and security protocols
- Intrusion detection systems
- Denial of service attacks
by means of
- Pattern recognition
- Image analysis
- Evolutionary computation
- Neural networks
- Multi-agent systems
- Clustering
- Case-based reasoning
- Fuzzy logic
For more information, please see
http://crises-deim.urv.cat/psai/.
DAWAM 2008
3rd International Workshop on Dependability Aspects on Data WArehousing and Mining applications,
Held in conjunction with the third International Conference on Availability, Reliability and Security (ARES 2008),
Barcelona, Spain, March 4–7, 2008.
[posted here 9/17/07]
The goals of this workshop are to bring together users, engineers and
researchers (from industry and academy) alike to present their recent
work, discuss and identify problems, synergize different views of
techniques and policies, and brainstorm future research directions on
various dependability aspects of data warehousing and data mining
applications. Topics related to any of dependability aspects in data warehousing
and mining, theory, systems and applications are of interest. These
include, but are not limited to the following areas:
- Dependability and fault tolerance
- High Availability and Disaster Recovery
- Survivability of evaluative systems
- Reliability and Robustness Issues
- Accuracy and reliability of responses
- Reliable and Failure Tolerant Business Process Integration
- Reliable Event Management and Data Stream Processing
- Failure Tolerant and trustworthy Sensor Networks
- Highly available data warehouses for business processes integration
- Handling different or incompatible formats, and erroneous data
- Privacy and security policies and social impact of data mining
- Privacy preserving data integration
- Access control techniques and secure data models
- Encryption & Authentication
- Pseudonymization and Encryption
- Anonymization and pseudonymization
- Trust management, and security
- Security in Aggregation and Generalization
- User Profile Based Security
- Secure multi-party computation
- Secondary use of personal data, clinic data, credit record
- Fraud and misuse detection
- Intrusion detection and tolerance
- Data mining applications for terrorist detection
- Private queries by a (semi-trusted) third party
- Query authentication, logging, auditing, access control and authorization policies
For more information, please see
http://www.ares-conference.eu/conf/index.php?option=com_content&task=view&id=35.
SecSE 2008
2nd International Workshop on Secure Software Engineering,
Held in conjunction with the 3rd International Conference on Availability, Reliability and Security (ARES 2008),
Barcelona, Catalonia, Spain, March 4-7, 2008.
[posted here 9/12/07]
In our modern society, software is an integral part of everyday life, and we
expect and depend upon software systems to perform correctly. Software security
is about ensuring that systems continue to function correctly also under
malicious attack. As most systems now are web-enabled, the number of attackers
with access to the system increases dramatically and thus the threat scenario
changes. The traditional approach to secure a system includes putting up defence
mechanisms like IDS and firewalls, but such measures are no longer sufficient by
themselves. We need to be able to build better, more robust and more secure systems.
Even more importantly, however, we should strive to achieve these qualities in all
software systems, not just the ones that need special protection.
This workshop will focus on techniques, experiences and lessons learned for
engineering secure and dependable software. Suggested topics include,
but are not limited to:
- Secure architecture and design
- Security in agile software development
- Aspect-oriented software development for secure software
- Security requirements
- Risk management in software projects
- Secure implementation
- Secure deployment
- Testing for security
- Quantitative measurement of security properties
- Static and dynamic analysis for security
- Verification and assurance techniques for security properties
- Lessons learned
- Security and usability
- Teaching secure software development
- Experience reports on successfully attuning developers to secure software engineering
For more information, please see
http://www.ares-conference.eu/conf/index.php?option=com_content&task=view&id=10&Itemid=11.
ARES 2008
3rd International Conference on Availability, Reliability and Security,
Barcelona, Catalonia, Spain, March 4-7, 2008.
[posted here 9/12/07]
The Third International Conference on Availability, Reliability and Security
(“ARES – The International Security and Dependability Conference”) will bring
together researchers and practitioners in the area of IT-Security and Dependability.
ARES will highlight the various aspects of security – with special focus on
secure internet solutions, trusted computing, digital forensics, privacy and
organizational security issues. ARES aims at a full and detailed discussion of
the research issues of security as an integrative concept that covers amongst
others availability, safety, confidentiality, integrity, maintainability
and security in the different fields of applications.
Topics of interest include, but are not limited to:
- Process based Security Models and Methods
- Authorization and Authentication
- Availability and Reliability
- Common Criteria Protocol
- Cost/Benefit Analysis
- Cryptographic protocols
- Dependability Aspects for Special Applications (e.g. ERP-Systems, Logistics)
- Dependability Aspects of Electronic Government (e-Government)
- Dependability administration
- Dependability in Open Source Software
- Designing Business Models with security requirements
- Digital Forensics
- E-Commerce Dependability
- Failure Prevention
- IPR of Security Technology
- Incident Response and Prevention
- Information Flow Control
- Internet Dependability
- Interoperability aspects
- Intrusion Detection and Fraud Detection
- Legal issues
- Mobile Security
- Network Security
- Privacy-enhancing technologies
- RFID Security and Privacy
- Risk planning, analysis & awareness
- Safety Critical Systems
- Secure Enterprise Architectures
- Security Issues for Ubiquitous Systems
- Security and Privacy in E-Health
- Security and Trust Management in P2P and Grid applications
- Security and privacy issues for sensor networks, wireless/mobile devices and applications
- Security as Quality of Service
- Security in Distributed Systems / Distributed Databases
- Security in Electronic Payments
- Security in Electronic Voting
- Software Engineering of Dependable Systems
- Software Security
- Standards, Guidelines and Certification
- Survivability of Computing Systems
- Temporal Aspects of Dependability
- Trusted Computing
- Tools for Dependable System Design and Evaluation
- Trust Models and Trust Management
- VOIP/Wireless Security
For more information, please see
http://www.ares-conference.eu/conf/.
IDtrust 2008
7th Symposium on Identity and Trust on the Internet,
Gaithersburg, MD, USA, Mar 4-6, 2008.
[posted here 8/27/07]
This symposium brings together academia, government, and industry to explore
all aspects of identity and trust. Previously known as the PKI R&D Workshop (2002-2007),
our new name reflects interest in a broader set of tools and the goal of an identity
layer for the Internet. We aim to get practitioners in different sectors together to
apply the lessons of real-world deployments to the latest research and ideas on the
horizon. In addition to peer-reviewed papers, we facilitate discussions among panels
of invited experts and symposium participants.
We solicit technical papers and panel proposals from researchers, systems architects,
vendor engineers, and users. Suggested topics include but are not limited to:
- Reports of real-world experience
- Identity management protocols
- Identity metasystems, frameworks, and systems
- User-centric identity, delegation, reputation
- Identity and Web 2.0, secure mash-ups, social networking,
trust fabric and mechanisms of “invited networks”
- Identity management of devices
- Federated approaches to trust
- Trust management across security domains
- Standards related to identity and trust
- Policy
- Attribute management, attribute-based access control
- Trust path building and certificate validation
- Improved usability of identity and trust systems
- Identity and privacy
- Levels of trust and assurance
- Trust infrastructure issues of scalability, performance, etc.
- Use of PKI in emerging technologies (e.g., sensor networks)
- Application domain requirements
For more information, please see
http://middleware.internet2.edu/idtrust/2008/.
NDSS 2008
15th Annual Network & Distributed System Security Symposium,
San Diego, California, USA, February 10 - 13, 2008.
[posted here 8/13/07]
The symposium fosters information exchange among research scientists and
practitioners of network and distributed system security services.
This year’s symposium continues our theme of “theory meets practice” so we
encourage submission both from traditional academic researchers as well as
industrial practitioners of applied security with innovative insights.
Submissions are solicited in, but not limited to, the following areas:
- Integrating security in Internet protocols: routing, naming, TCP/IP, multicast,
network management, and the Web.
- Intrusion prevention, detection, and response: systems, experiences and architectures.
- Privacy and anonymity technologies.
- Network perimeter controls: firewalls, packet filters, application gateways.
- Virtual private networks.
- Security for emerging technologies: sensor networks, specialized testbeds,
wireless/mobile (and ad hoc) networks, personal communication systems.
- ID systems, peer-to-peer and overlay network systems.
- Secure electronic commerce: e.g., payment, barter, EDI, notarization,
timestamping, endorsement, and licensing.
- Supporting security mechanisms and APIs; audit trails; accountability.
- Implementation, deployment and management of network security policies.
- Intellectual property protection: protocols, implementations, metering,
watermarking, digital rights management.
- Fundamental services on network and distributed systems: authentication,
data integrity, confidentiality, authorization, non-repudiation, and availability.
- Integrating security services with system and application security facilities and
protocols: e.g., message handling, file transport/access, directories,
time synchronization, data base management, boot services, mobile computing.
- Public key infrastructure, key management, certification, and revocation.
- Special problems and case studies: e.g., tradeoffs between security and efficiency,
usability, reliability and cost.
- Security for collaborative applications: teleconferencing and video-conferencing,
electronic voting, groupwork, etc.
- Software hardening: e.g., detecting and defending against software bugs (overflows, etc.)
- Security for large-scale systems and critical infrastructures.
- Security of Web-based applications and services.
For more information, please see
http://www.isoc.org/isoc/conferences/ndss/08/cfp.shtml.
FC 2008
12th International Conference on Financial Cryptography and Data Security,
Cozumel, Mexico, January 28-31, 2008.
[posted here 6/25/07]
Financial Cryptography and Data Security is a major international forum for research, advanced
development, education, exploration, and debate regarding information assurance in the context
of finance and commerce. The conference covers all aspects of securing transactions and systems.
Submissions focusing on both theoretical (fundamental) and applied real-world deployments are
solicited. The goal of the conference is to bring security/cryptography researchers and
practitioners together with economists, bankers, implementers, and policy-makers.
Topics include (but are not limited to):
- Anonymity and Privacy
- Auctions and Audits
- Authentication and Identification
- Biometrics
- Certification and Authorization
- Commercial Applications
- Transactions and Contracts
- E-Cash and Payment Systems
- Incentive and Loyalty Systems
- Digital Rights Management
- Regulation and Reporting
- Fraud Detection
- Game Theoretic Security
- Identity Theft
- Spam, Phishing
- Social Engineering
- Infrastructure Design
- Legal and Regulatory Issues
- Microfinance and Micro-payments
- Monitoring, Management and Operations
- Reputation Systems
- RFID/Contact-less Payment Systems
- Risk Assessment and Management
- Secure Banking, Financial Web Services
- Securing New Computation Paradigms
- Security and Risk Perceptions
- Security Economics
- Smartcards and Secure Tokens
- Trust Management
- Underground-Market Economics
- Virtual Economies
- Voting systems
For more information, please see
http://fc08.ifca.ai.
IFIP-DF 2008
4th Annual IFIP WG 11.9 International Conference on Digital Forensics,
Kyoto, Japan, January 27-30, 2008.
[posted here 6/18/07]
The IFIP Working Group 11.9 on Digital Forensics (www.ifip119.org) is an active international
community of scientists, engineers and practitioners dedicated to advancing the state of
the art of research and practice in the emerging field of digital forensics.
The Fourth Annual IFIP WG 11.9 International Conference on Digital Forensics will provide a
forum for presenting original, unpublished research results and innovative ideas related to
the extraction, analysis and preservation of all forms of electronic evidence.
Technical papers are solicited in all areas related to the theory and practice of digital
forensics. Areas of special interest include, but are not limited to:
- Theories, techniques and tools for extracting, analyzing and preserving digital evidence
- Network forensics
- Portable electronic device forensics
- Digital forensic proceses and workflow models
- Digital forensic case studies
- Legal, ethical and policy isues related to digital forensics
For more information, please see
http://www.ifip119-kyoto.org.
SeMIC 2008
1st International Workshop on Security for Mobile Wireless Communications,
Held in conjunction with the 3rd International Conference on COMmunication
System softWAre and MiddlewaRE (COMSWARE 2008),
Bangalore, India, January 6, 2008.
[posted here 9/3/07]
Mobile Wireless Communications enable the exchange of information in a real, or
near real-time manner, without the constraint of a fixed point of access.
Reliable and secure communications combined with constant and universal network
availability, are key elements for the successful commercialization of the
applications that utilize the wireless technology.
However, new security challenges emerge due to the dynamic network topology,
the open nature of the wireless medium, the resource constraints of the mobile
devices and, possibly, the lack of a pre-deployed infrastructure. The workshop
seeks submissions from the academia and industry, that present novel approaches
on addressing security issues for mobile wireless communications.
Topics of interest include, but are not limited to:
- Authentication and access control
- Secure MAC/PHY protocols for mobile networks
- Cooperation, fairness and incentive -based security
- Key management for wireless/mobile environments
- Trust establishment
- Intrusion detection in mobile networks
- Accountability for malicious behavior and resource misuse
- Revocation of malicious parties
- Secure location services
- Privacy, anonymity and prevention of traffic analysis
- Security in cognitive radios
- Security in vehicular networks
- Anti-Jamming techniques, and DoS Countermeasures
- Vulnerability modeling and threat analysis
- Security & privacy in RFID systems
- Secure routing
For more information, please see
http://www.comsware.org/workshop_SeMIC08.htm.
