| |
Calls for Papers
Last Modified:7/21/08
Upcoming Conferences and Workshops
Note: The submission date has passed.
July 2008
SMPE 2008
2nd International Symposium on Security and Multimodality in Pervasive Environments,
Held in conjunction with the 5th ACM Annual International Conference on Mobile and
Ubiquitous Systems: Computing, Networking and Services (MOBIQUITOUS 2008),
Trinity College Dublin, Ireland, July 21-25, 2008.
[posted here 2/4/08]
Pervasive computing environments present specific peculiarities with
respect to aspects like security and multimodality. As a matter of fact,
the accessibility level of a virtual environment can definitively be improved
by natural interfaces and multimodal interaction systems, which offer users
the freedom to select from multiple modes of interaction with services and
permit to break down barriers about human-computer interaction making
communication intuitive and spontaneous. On the other hand, while enlarging
and easing the ways to access to the environment, security threads arise
and the environment must be properly equipped in order to protect itself
from malicious attacks and/or from wrong actions performed by inexpert
users. Topics include:
- Trust and reputation management in UE
- Security applications and services in pervasive
- Security model for pervasive computing
- Intelligent multimedia security services in pervasive computing
- Key management and authentication in pervasive computing
- Network security issues and protocols in pervasive computing
- Access control and privacy protection in pervasive computing
- Security Standard for next pervasive computing
- Security in Human Centred Environments
- Natural interfaces security issues
- Advanced multimodal interfaces
- Human oriented interfaces
- Multimodal mobile and ubiquitous services
- Methods for multimodal integration
- Middleware services for multimodal and pervasive applications
- Context-Awareness in multimodal applications
- Multimodal analysis and recognition of contex
- Next ubiquitous and immersive environments
- Virtual reality and ubiquitous computing
- Usability and accessibility in ubiquitous applications
- Applications and scenarios
- Others: Commercial or Industrial Issue in pervasive computing
For more information, please see
http://www.na.icar.cnr.it/smpe08/.
SOUPS 2008
Symposium On Usable Privacy and Security,
Carnegie Mellon University, Pittsburgh, PA, USA, July 23-25, 2008.
[posted here 10/15/07]
The 2008 Symposium on Usable Privacy and Security (SOUPS) will bring
together an interdisciplinary group of researchers and practitioners in
human computer interaction, security, and privacy. The program will feature
technical papers, a poster session, panels and invited talks, discussion
sessions, and in-depth sessions (workshops and tutorials).
We invite authors to submit original papers describing research or experience
in all areas of usable privacy and security. Topics include, but are not
limited to:
- innovative security or privacy functionality and design
- new applications of existing models or technology
- field studies of security or privacy technology
- usability evaluations of security or privacy features or security
testing of usability features
- lessons learned from deploying and using usable privacy
and security features
For more information, please see
http://cups.cs.cmu.edu/SOUPS/.
CSET 2008
Workshop on Cyber Security Experimentation and Test,
Held in conjunction with the USENIX Security Symposium 2008,
San Jose, CA, USA, July 28, 2008.
[posted here 5/12/08]
The workshop aims to gather both researchers who use testbeds for security
experimentation and testbed developers, to share their ideas and results, and to
discuss open problems in this area. While we particularly invite papers that deal
with security experimentation, we are also interested in papers that address general
testbed/ experiment issues that have implications on security experimentation such
as: traffic and topology generation, large-scale experiment support, experiment
automation, etc. We are further interested in educational efforts that involve
security experimentation. Please see workshop URL for a more detailed listing
of topics.
For more information, please see
http://www.usenix.org/event/cset08/.
EVT 2008
USENIX/ACCURATE Electronic Voting Technology Workshop,
Held in conjunction with the 17th USENIX Security Symposium,
San Jose, CA, USA, July 28-29, 2008.
[posted here 2/11/08]
EVT '08 seeks to bring together researchers from a variety of disciplines,
ranging from computer science and human-computer interaction experts through
political scientists, legal experts, election administrators, and voting
equipment vendors. EVT seeks to publish original research on important problems
in all aspects of electronic voting. We welcome papers on voting topics
including but not limited to:
- Voter registration and pre-voting
- Vote collection
- Vote tabulation
- Post-election auditing
- Design, implementation, and evaluation of new voting technologies and protocols
- Scientific evaluations of existing voting technologies
- System testing methodologies
- Deployment and lifecycle issues
- Threat mitigation
- Usability
- Accessibility
- Legal issues, including ADA, HAVA, intellectual property, and nondisclosure
agreements on voting system evaluations
- Issues with and evolution of voting technology standards
For more information, please see
http://www.usenix.org/evt08/cfpa.
USENIX-Security 2008
17th USENIX Security Symposium,
San Jose, California, USA, July 28-August 1, 2008.
[posted here 10/1/07]
On behalf of the 17th USENIX Security Symposium (USENIX Security '08) program committee, we are inviting you to
submit high-quality papers in all areas relating to systems and network security.
Please note that the USENIX Security Symposium is primarily a systems security conference.
Papers whose contributions are primarily new cryptographic algorithms or protocols,
cryptanalysis, electronic commerce primitives, etc., may not be appropriate for this
conference. Refereed paper submissions are solicited in all areas relating to systems
and network security, including:
- Adaptive security and system management
- Analysis of network and security protocols
- Applications of cryptographic techniques
- Attacks against networks and machines
- Authentication and authorization of users, systems, and applications
- Automated tools for source code analysis
- Botnets
- Cryptographic implementation analysis and construction
- Denial-of-service attacks and countermeasures
- File and filesystem security
- Firewall technologies
- Forensics and diagnostics for security
- Intrusion and anomaly detection and prevention
- Malicious code analysis, anti-virus, anti-spyware
- Network infrastructure security
- Operating system security
- Privacy-preserving (and -compromising) systems
- Public key infrastructure
- Rights management and copyright protection
- Security architectures
- Security in heterogeneous and large-scale environments
- Security policy
- Self-protecting and healing systems
- Techniques for developing secure systems
- Technologies for trustworthy computing
- Usability and security
- Voting systems analysis and security
- Wireless and pervasive/ubiquitous computing security
- Web security
For more information, please see
http://www.usenix.org/sec08/cfpa/.
IWSSE 2008
2nd International Workshop on Security in Software Engineering,
Held in conjunction with the IEEE COMPSAC 2008,
Turku, July 28 – August 1, 2008.
[posted here 1/15/08]
Secure software engineering has become an emerging interdisciplinary area
across software engineering, programming languages, and security engineering.
Secure software engineering focuses on developing secure software and
understanding the security risks and managing these risks throughout the
life-cycle of software. The purpose of the workshop is to bring together
researchers and practitioners who work closely in this area to create a
forum for reporting and discussing recent advances in improving security
in software engineering and inspiring collaborations and innovations on
new methods and techniques to advance software security in our practices.
Researchers and practitioners worldwide are invited to present their
research expertise and experience, and discuss the issues and challenges
in security from software engineering perspective.
Submissions of quality papers in the following non-exhaustive list of
topics are invited:
- Management of software security in industrial practice
- Security requirements and policies
- Abuse cases and threat modeling
- Architecture and design for security
- Model-based security
- Language-based security
- Malicious code prevention and code safety
- Security risk analysis
- Security taxonomy and metrics
- Testing for security
- Application security: detection and protection
- Software piracy and protection
For more information, please see
http://www.sis.pitt.edu/%7Elersais/IWSSE/IWSSE08.html.
August 2008
ICITS 2008
International Conference on Information Theoretic Security,
Calgary, Canada, August 10-13, 2008.
[posted here 11/26/07]
This is the second conference in a series of conferences that is
aimed to bring together the leading researchers in the area of information
and quantum theoretic security. This series of conferences is a successor to
the 2005 IEEE Information Theory Workshop on Theory and Practice in
Information-Theoretic Security (ITW 2005). The first ICITS conference was
held in Madrid, after Eurocrypt 2007. Conference proceedings will be published
by Springer Verlag in the Lecture Notes in Computer Science. The topics of interest
are on work on any aspect of information theoretical security, this means security
based on information theory. This includes, but is not limited to the following
topics:
- Information theoretic analysis of security
- Private and Reliable Networks
- Anonymity
- Public Key Cryptosystems using Codes
- Authentication Codes
- Quantum Cryptography
- Conventional Cryptography using Codes
- Quantum Information Theory
- Fingerprinting
- Randomness extraction
- Ideal Ciphers
- Secret Sharing
- Information Hiding
- Secure Multiparty Computation
- Key Distribution
- Traitor Tracing
- Oblivious Transfer
- Data hiding and Watermarking
For more information, please see
http://iqis.org/events/icits2008.
DFRWS 2008
8th Annual Digital Forensic Research Workshop,
Baltimore, MD, USA, August 11-13, 2008.
[posted here 12/17/07]
DFRWS brings together leading researchers, developers, practitioners, and
educators interested in advancing the state of the art in digital forensics
from around the world. As the most established venue in the field, DFRWS is the
preferred place to present both cutting-edge research and perspectives on best
practices for all aspects of digital forensics. As an independent organization,
we promote open community discussions and disseminate the results of our work to
the widest audience. We invite original contributions as research papers, panel
proposals, Work-in-Progress talks, and demo proposals. All papers are evaluated
through a double-blind peer-review process, and those accepted will be published
in printed proceedings by Elsevier. Topics of Interest include:
- Incident response and live analysis
- Network-based forensics, including network traffic analysis,
traceback and attribution
- Event reconstruction methods and tools
- File system and memory analysis
- Application analysis
- Embedded systems
- Small scale and mobile devices
- Large-scale investigations
- Digital evidence storage and preservation
- Data mining and information discovery
- Data hiding and recovery
- File extraction from data blocks (“file carving”)
- Multimedia analysis
- Tool testing and development
- Digital evidence and the law
- Anti-forensics and anti-anti-forensics
- Case studies and trend reports
- Non-traditional approaches to forensic analysis
For more information, please see
http://www.dfrws.org/2008/.
PODC 2008
27th Annual ACM SIGACT-SIGOPS Symposium on the Principles of
Distributed Computing,
Toronto, Canada, August 18-21, 2008.
[posted here 11/26/07]
PODC solicits papers on all areas of distributed systems. We encourage submissions
dealing with any aspect of distributed computing from the theoretical or
experimental viewpoints. The common goal is to improve understanding of
principles underlying distributed computing. Topics of interest include
the following subjects in distributed systems:
- distributed algorithms: design and analysis
- communication networks: architectures, services, protocols, applications
- multiprocessor and multi-core architectures and algorithms
- shared and transactional memory, synchronization protocols, concurrent programming
- fault-tolerance, reliability, availability, self organization
- Internet applications, social networks, recommender systems
- distributed operating systems, middleware platforms, databases
- distributed computing with selfish agents
- peer-to-peer systems, overlay networks, distributed data management
- high-performance, cluster, and grid computing
- mobile computing, autonomous agents, location- and context-aware distributed systems
- security in distributed computing, cryptographic protocols
- sensor, mesh, and ad hoc networks
- specification, semantics, verification, and testing of distributed systems
For more information, please see
http://www.podc.org/podc2008.
SecCo 2008
6th International Workshop on Security Issues in Concurrency,
Toronto, Canada, August 23, 2008.
[posted here 4/21/08]
Emerging trends in concurrency theory require the definition of models and
languages adequate for the design and management of new classes of applications,
mainly to program either WANs (like Internet) or smaller networks of mobile and
portable devices (which support applications based on a dynamically reconfigurable
communication structure). Due to the openness of these systems, new critical
aspects come into play, such as the need to deal with malicious components
or with a hostile environment. Current research on network security issues
(e.g. secrecy, authentication, etc.) usually focuses on opening cryptographic
point-to-point tunnels. Therefore, the proposed solutions in this area are
not always exploitable to support the end-to-end secure interaction
between entities whose availability or location is not known beforehand.
The aim of the workshop is to cover the gap between the security and the
concurrency communities. More precisely, the workshop promotes the exchange of ideas,
trying to focus on common interests and stimulating discussions on central research
questions. In particular, we look for papers dealing with security issues (such as
authentication, integrity, privacy, confidentiality, access control, denial of service,
service availability, safety aspects, fault tolerance, trust, language-based security)
in emerging fields like web services, mobile ad-hoc networks, agent-based infrastructures,
peer-to-peer systems, context-aware computing, global/ubiquitous/pervasive computing.
For more information, please see
http://www.lsv.ens-cachan.fr/SecCo08/.
September 2008
Pairing 2008
2nd International Conference on Pairing-based Cryptography,
Egham, UK, September 1-3, 2008.
[posted here 11/12/07]
Pairing-based cryptography is an extremely active area of research which
has allowed elegant solutions to a number of long-standing open problems
in cryptography (such as efficient identity-based encryption).
New developments continue to be made at a rapid pace. The aim of "Pairing"
conference is thus to bring together leading researchers and practitioners
from academia and industry, all concerned with problems related to
pairing-based cryptography. Authors are invited to submit papers describing
their original research on all aspects of pairing-based cryptography,
including, but not limited to the following topics:
Area I: Novel cryptographic protocols
- ID-based and certificateless cryptosystems
- Broadcast encryption, signcryption etc
- Short/multi/aggregate/group/ring/threshold/blind signatures
- Designed confirmer or undeniable signatures
- Identification/authentication schemes
- Key agreement
Area II: Mathematical foundations
- Weil, Tate, Eta, and Ate pairings
- Security consideration of pairings
- Other pairings and applications of pairings in mathematics
- Generation of pairing friendly curves
- (Hyper-) Elliptic curve cryptosystems
- Number theoretic algorithms
- Addition algorithms in divisor groups
Area III: SW/HW implementation
- Secure operating systems
- Efficient software implementation
- FPGA or ASIC implementation
- Smart card implementation
- RFID security
- Middleware security
- Side channel and fault attacks
Area IV: Applied security
- Novel security applications
- Secure ubiquitous computing
- Security management
- PKI models
- Application to network security
- Grid computing
- Internet and web security
- E-business or E-commerce security
For more information, please see
http://www.pairing-conference.org/.
OSSCoNF 2008
1st Workshop on Open Source Software for Computer and Network Forensics,
Held in conjunction with the 4th International Conference on Open Source Systems (OSS 2008),
Milan, Italy, September 7-10, 2008.
[posted here 2/25/08]
OSSCoNF aims at creating an informal, but selected academic venue to discuss
the benefits (and drawbacks, if any) of using Free, Libre, and Open Source
Software (FLOSS) for computer and network forensics, incident management and
digital investigations. The main topics of interest for the workshop are:
- FLOSS tools for Evidence Management
- Tools for acquisition, collection, and storage of digital evidence
- Tools for identification, authentication, integrity preservation of digital evidence
- FLOSS tools for Analysis and Identification of Evidence
- Tools for the analysis and search of digital evidence
- Tools for cybercrime scenarios reconstruction, correlation and data mining applied to digital forensics
- Tools for analysis of embedded or non-traditional devices such as cellphones, cameras...
- FLOSS tools for analysis of cybercrime
- Data mining systems for cyber-crime strategy analysis and modeling
- Systems for data collection and monitoring of attack trends
- FLOSS tools validation and test cases, or FLOSS validation approaches for proprietary tools
- FLOSS tools for the automation of the forensic process and case management
For more information, please see
http://conferenze.dei.polimi.it/ossconf.
SEC 2008
23rd International Information Security Conference,
Co-located with IFIP World Computer Congress 2008,
Milan, Italy, September 8-10, 2008.
[posted here 9/27/07]
The conference seeks submissions from academia and industry presenting
novel research on all theoretical and practical aspects of computer security,
as well as case studies and implementation experiences. Papers should have
practical relevance to the construction, evaluation, application, or operation
of secure systems. Theoretical papers must make convincing argument for the
practical significance of the results.
Topics of interest include, but are not limited to:
- access control
- accounting and audit
- anonymity
- applied cryptography
- authentication
- computer forensics
- cryptographic protocols
- database security
- data protection
- data/system integrity
- digital rights management
- electronic frauds
- identity management
- information warfare
- intrusion detection
- key management
- law and ethics
- peer-to-peer security
- privacy-enhancing technology
- secure location services
- secure networking
- security education
- security management
- smartcards
- commercial and industry security
- data and application security
- inference/controlled disclosure
- risk analysis and risk management
- intellectual property protection
- security in IT outsourcing
- security for mobile code
- trust management
- trust models
For more information, please see
http://sec2008.dti.unimi.it.
CARDIS 2008
8th Smart Card Research and Advanced Application Conference,
Royal Holloway, University of London, Egham, Surrey, UK, September 8-11, 2008.
[posted here 11/26/07]
Since 1994, CARDIS has been the foremost international conference dedicated to smart
card research and applications. Submissions across a broad range of smart card
development phases are encouraged, from exploratory research and proof-of-concept
studies to practical applications and deployment of smart card technology.
As a response to the growing development of contactless applications and RFID
systems, a special interest is also devoted to low cost cryptographic mechanisms
and physical security of constrained devices. Topics of interest include,
but are not limited to:
- From smart cards to smart devices (hardware, form factor, display)
- Software environments for smart cards and devices (OS, VM, API)
- Smart cards and devices networking and high-level data models
- Smart cards and devices applications, development and deployment
- Person representation and biometrics using smart technologies
- Identity, privacy and trust issues for smart technologies
- High-speed, small-footprint implementations of cryptographic algorithms
- Attacks and countermeasures in hardware and software
- Cryptographic protocols for smart cards and devices
- Biometrics and smart cards
- Formal modeling of environments and applications
- Interplay of TPMs and smart cards
- Security of RFID systems
For more information, please see
http://www.scc.rhul.ac.uk/CARDIS/.
SCN 2008
6th Conference on Security and Cryptography for Networks,
Amalfi, Italy, September 10-12, 2008.
[posted here 3/31/08]
Security and privacy are increasing concerns in computer networks such as the
Internet. The availability of fast, reliable, and cheap electronic communication
offers the opportunity to perform electronically and in a distributed way a wide range
of transactions of a most diverse nature. SCN 2008 aims at bringing together researchers
in the field of cryptography and security in communication networks to foster
cooperation and exchange of ideas. Original papers on all technical aspects of
cryptography and security are solicited for submission to SCN 2008.
Topics of interest are (but not limited to):
- Anonymity
- Implementations
- Authentication
- Symmetric-Key Cryptography
- Complexity-based Cryptography
- Privacy
- Cryptanalysis
- Cryptographic Protocols
- Digital Signatures
- Public-Key Cryptography
- Hash Functions
- Survey and state of the art
- Identification
For more information, please see
http://scn.dia.unisa.it/.
InSPEC 2008
International Workshop on Security and Privacy in Enterprise Computing,
Held in conjunction with the 12th IEEE International EDOC Conference (EDOC 2008),
Munich, Germany, September 15, 2008.
[posted here 4/7/08]
Several technologies have emerged for enterprise computing. Today, services
are becoming the new building blocks of enterprise systems and service-oriented
architectures are combining them in a flexible and novel way. These technological
trends are accompanied by new business trends due to globalization that involve
innovative forms of collaborations. All of these trends bring with them new
challenges to the security and privacy of enterprise computing. New concepts
for solving these challenges require the combination of many disciplines from
computer science and information systems, such as cryptography, networking,
distributed systems, process modeling and design, access control, privacy etc.
It is the goal of this workshop to provide a forum for exchange of novel research
in these areas among the experts from academia and industry. Topics include:
Security and privacy in workflow systems
- Access control architectures
- Modeling of security and privacy constraints
- Automatic security augmentation
- Secure/Trusted virtual domains
Security and privacy in service-oriented architectures
- Secure composition of services
- Semantic aware security
- Security services
- Trustworthy computation
Identity Management
- Security and Privacy
- Applications to compliance
- Effective use in business IT systems
Data sharing
- Cryptographic protection during data sharing
- Privacy-preserving distributed applications
- Efficient multi-party computations
- Privacy and data sharing policies
Security and privacy in management information systems
- Novel secure applications
- Secure and private data analytics
- Flexible and seamless security architectures
- Secure operating system design
Collaborations
- Secure and private supply chains
- Security and privacy in virtual organizations
- Private social network and Web 2.0 applications
- Security and privacy in outsourcing
For more information, please see
http://ra.crema.unimi.it/inspec2008/.
VizSEC 2008
5th Workshop on Visualization for Cyber Security,
Held in conjunction with the 11th International Symposium on Recent Advances in
Intrusion Detection (RAID 2008),
Cambridge, MA USA, September 15, 2008.
[posted here 3/24/08]
As a result of previous VizSec workshops, we have seen both the application of existing
visualization techniques to security problems and the development of novel security
visualization approaches. However, VizSec research has focused on helping human
analysts to detect anomalies and patterns, particularly in computer network defense.
Other communities, led by researchers from the RAID Symposia, have researched
automated methods for detecting anomalies and malicious activity. The theme for
this year's workshop will be on bridging the gap between visualization and
automation, such as leveraging the power of visualization to create rules for
intrusion detection and defense systems. We also solicit papers that report results
on visualization techniques and systems in solving all aspects of cyber security
problems, including:
- Visualization of Internet routing
- Visualization of packet traces and network flows
- Visualization of intrusion detection alerts
- Visualization of attack tracks
- Visualization of security vulnerabilities
- Visualization of attack paths
- Visualization of application processes
- Visualization for forensic analysis
- Visualization for correlating events
- Visualization for computer network defense training
- Visualization for offensive information operations
- Visualization for building rules
- Visualization for feature selection
- Visualization for cryptology
- Visualization for detecting anomalous activity
- Deployment and field testing of VizSec systems
- Evaluation and user testing of VizSec systems
- User and design requirements for VizSec systems
- Lessons learned from development and deployment of VizSec systems
For more information, please see
http://vizsec.org/workshop2008/.
RAID 2008
11th International Symposium on Recent Advances in Intrusion Detection,
Cambridge, Massachusetts, USA, September 15-17, 2008.
[posted here 1/7/08]
This symposium, the 11th in an annual series, brings together leading
researchers and practitioners from academia, government, and industry
to discuss issues and technologies related to intrusion detection and
defense. The Recent Advances in Intrusion Detection (RAID) International
Symposium series furthers advances in intrusion defense by promoting the
exchange of ideas in a broad range of topics. As in previous years, all
topics related to intrusion detection, prevention and defense systems
and technologies are within scope, including but not limited to the
following:
- Network and host intrusion detection and prevention
- Anomaly and specification-based approaches
- IDS cooperation and event correlation
- Malware prevention, detection, analysis and containment
- Web application security
- Insider attack detection
- Intrusion response, tolerance, and self protection
- Operational experience and limitations of current approaches
- Intrusion detection assessment and benchmarking
- Attacks against IDS including DoS, evasion, and IDS discovery
- Formal models, analysis, and standards
- Deception systems and honeypots
- Vulnerability analysis, risk assessment, and forensics
- Adversarial machine learning for security
- Visualization techniques
- Special environments, including mobile and sensor networks
- High-performance intrusion detection
- Legal, social, and privacy issues
- Network exfiltration detection
- Botnet analysis, detection, and mitigation
For more information, please see
http://www.ll.mit.edu/IST/RAID2008/.
ISC 2008
Information Security Conference,
Taipei, Taiwan, September 15-18, 2008.
[posted here 1/7/08]
ISC aims to attract high quality papers in all technical aspects of
information security. The topics of interest of ISC include, but
are not limited to, the following:
- Access Control
- Accounting and Audit
- Anonymity and Pseudonymity
- Applied Cryptography
- Attacks and Prevention of Online Fraud
- Authentication and Non-repudiation
- Biometrics
- Cryptographic Protocols and Functions
- Database and System Security
- Design and Analysis of Cryptographic Algorithms
- Digital Rights Management
- Economics of Security and Privacy
- Formal Methods in Security
- Foundations of Computer Security
- Identity and Trust Management
- Information Hiding and Watermarking
- Infrastructure Security
- Intrusion Detection, Tolerance and Prevention
- Mobile, Ad Hoc and Sensor Network Security
- Network and Wireless Network Security
- Peer-to-Peer Network Security
- PKI and PMI
- Private Searches
- Security and Privacy in Pervasive/Ubiquitous Computing
- Security in Information Flow
- Security for Mobile Code
- Security of Grid Computing
- Security of eCommerce, eBusiness and eGovernment
- Security Modeling and Architectures
- Security Models for Ambient Intelligence environments
- Trusted Computing
- Usable Security
- Special Session on AES
For more information, please see
http://isc08.twisc.org/.
WIFISEC 2008
1st International workshop on Wireless and Mobile Security,
Held in conjunction with the 2nd IEEE International Conference and Exhibition on
Next Generation Mobile Applications, Services, and Technologies (NGMAST 2008),
Cardiff, Wales, UK, September 16-19, 2008.
[posted here 3/10/08]
As Mobile and Wireless networks are becoming increasingly prevalent, the problem of
ensuring that those networks are secure is an increasingly important issue.
The issue of securing the different types of mobile and wireless networks,
their operation and use is the focus of this workshop. Mobile and Wireless Networking
environments eliminate many of the problems associated with traditional wired
networks. However, the security and privacy risks introduced by such environments
need to be addressed by exploiting appropriate security measures and techniques.
Topics include but are not limited to:
- Key Management in wireless/mobile environments
- Intrusion detection, detection of malicious behaviour
- Denial of service
- User privacy, location privacy
- Authentication and Access control
- Anonymity, prevention of traffic analysis
- Dependable wireless networking
- Identity theft and phising in mobile networks
- Charging in wireless networks
- Security in vehicular networks
- Cross-layer design for security
- Monitoring and surveillance
- Identity theft and ciphering in mobile networks
- Vulnerability and attacker modelling
- Incentive-aware secure protocol design
- Routing Path Security in Ad-Hoc Networks
- Public Cryptography in Wireless Networks
For more information, please see
http://www.comp.glam.ac.uk/wifisec/.
SECOVAL 2008
4th International Workshop on the Value of Security through Collaboration,
Held in conjunction SecureComm 2008,
Istanbul, Turkey, September 22, 2008.
[posted here 6/2/08]
Security is usually centrally managed, for example in a form of policies duly executed by
individual nodes. The SECOVAL workshop covers the alternative trend of using collaboration
and trust to provide security. Instead of centrally managed security policies, nodes
may use specific knowledge (both local and acquired from other nodes) to make security-related
decisions. For example, in reputation-based schemes, the reputation of a given node
(and hence its security access rights) can be determined based on the recommendations of
peer nodes. As systems are being deployed on ever-greater scale without direct connection
to their distant home base, the need for self management is rapidly increasing.
Interaction after interaction, as the nodes collaborate, there is the emergence of a
digital ecosystem. By guiding the local decisions of the nodes, for example, with
whom the nodes collaborate, global properties of the ecosystem where the nodes operate
may be guaranteed. Thus, the security property of the ecosystem may be driven by self-organizing
mechanisms. Depending on which local collaboration is preferred, a more trustworthy ecosystem
may emerge. While papers will be considered that address any of the topics of security through
collaboration from previous years (e.g., benefits from collaboration, methods of creating or
measuring trust, self-organizing coalitions and risk analysis), the focus of the workshop
will be around mobile application domains. Topics of interest to the workshop include,
but are not limited to:
- Mobile collaborative security
- Data sharing and anonymization case studies
- Metrics of utility, anonymization strength and information loss
- Identification of data sources and types useful to share for
collaborative computer security
- Context-aware trust and reputation management
- Insights from industry and case studies
For more information, please see
http://www.secoval.org/.
SOSOC 2008
International Workshop on Security in Opportunistic and SOCial Networks,
Held in conjunction SecureComm 2008,
Istanbul, Turkey, September 22, 2008.
[posted here 6/2/08]
Opportunistic Networks are considered as an evolution of the Mobile Ad-hoc
Networking paradigm, in which the assumption of an existing end-to-end
connectivity is relaxed. The evolving topologies are expected to resemble
the actual social networks of the communicating users and information on
their characteristics can be a powerful aid for any network operation.
Online services that assist social networks (facebook, linkedin, xing, etc.)
in consequence are able to provide additional information on contacts and their
relations. The lack of end-to-end connectivity and the use of personal information
for the networking operations raise entirely new privacy concerns and require new
reflections on security problems. The aim of this workshop is to encompass research
advances in all areas of security, trust and privacy in Opportunistic and Social
Networks. Topics of interest include but are not limited to:
- new aspects of trust
- privacy concerns
- availability and resilience
- community based secure communication
- data confidentiality, data integrity
- anonymity, pseudonymity
- key management
- secure bootstrapping
- security issues in forwarding, routing
- security aspects regarding cooperation
- reputation systems for opportunistic/social networks
- new security issues, new attack paradigms
- new requirements for software security
- malware analysis in opportunistic/social networks
For more information, please see
http://www.sosoc.org.
SecureComm 2008
4th International Conference on Security and Privacy for Communication Networks,
Istanbul, Turkey, September 22-25, 2008.
[posted here 3/3/08]
Securecomm seeks high-quality research contributions in the form of well developed papers.
Topics of interest encompass research advances in ALL areas of secure communications and networking.
Topics in other areas (e.g., formal methods, database security, secure software, theoretical cryptography)
will be considered only if a clear connection to private or secure communication/networking is
demonstrated. Securecomm brings together security and privacy experts in academia, industry and
government as well as practitioners, standards developers and policy makers.
Topics of interest include, but are not limited to, the following:
- Security & Privacy in Wired, Wireless, Mobile, Hybrid, Sensor, Ad Hoc networks
- Network Intrusion Detection and Prevention, Firewalls, Packet Filters
- Malware and botnets
- Communication Privacy and Anonymity
- Distributed denial of service
- Public Key Infrastructures, key management, credentials
- Web security
- Secure Routing, Naming/Addressing, Network Management
- Security & Privacy in Pervasive and Ubiquitous Computing, e.g., RFIDs
- Security & Privacy for emerging technologies: VoIP, peer-to-peer and
overlay network systems, Web 2.0
For more information, please see
http://www.securecomm.org.
NSPW 2008
New Security Paradigm Workshop,
Olympic Valley, CA, USA, September 22-25, 2008.
[posted here 1/14/08]
The computers of the world are under siege. Denial of service attacks
plague commercial sites, large and small. Major companies are hacked
for consumer credit card numbers. Phishing attacks for personal
information are commonplace, and million-machine botnets are a
reality. Our tools for combating these threats--cryptography,
firewalls, access controls, vulnerability scanners, malware and
intrusion detectors--are insufficient. We need radical new solutions,
but most security researchers propose only incremental improvements.
Since 1992, the New Security Paradigm Workshop (NSPW) has been a home for
research that addresses the fundamental limitations of current work in
information security. NSPW welcomes papers that present a significant shift
in thinking about difficult security issues, build on such a recent shift,
offer a contrarian view of accepted practice or policy, or address non-technological
aspects of security. Our program committee particularly looks for new approaches
to information security, early thinking on new topics, innovative solutions to
long-time problems, and controversial issues which might not be accepted at
other conferences but merit a hearing. We discourage papers that represent
completed or established works, or offer incremental improvements to
well-established models. NSPW expects a high level of scholarship from contributors,
including awareness of prior work produced before the World Wide Web.
For more information, please see
http://www.nspw.org.
October 2008
ESORICS 2008
13th European Symposium on Research in Computer Security,
Malaga, Spain, October 6-8, 2008.
[posted here 1/18/08]
Papers offering novel research contributions in any aspect of computer
security are solicited for submission to the Thirteenth European Symposium
on Research in Computer Security (ESORICS 2008). Organized in a series
of European countries, ESORICS is confirmed as the European research event
in computer security. The symposium started in 1990 and has been held on
alternate years in different European countries and attracts an international
audience from both the academic and industrial communities. From 2002
it has been held yearly. The Symposium has established itself as one of the
premiere, international gatherings on Information Assurance.
Papers may present theory, technique, applications, or practical
experience on topics including:
- Access control
- Anonymity
- Authentication
- Authorization and delegation
- Cryptographic protocols
- Data integrity
- Dependability
- Information flow control
- Smartcards
- System security
- Digital right management
- Accountability
- Applied cryptography
- Covert channels
- Cybercrime
- Denial of service attacks
- Formal methods in security
- Inference control
- Information warfare
- Steganography
- Transaction management
- Data and application security
- Intellectual property protection
- Intrusion tolerance
- Peer-to-peer security
- Language-based security
- Network security
- Non-interference
- Privacy-enhancing technology
- Pseudonymity
- Subliminal channels
- Trustworthy user devices
- Identity management
- Security as quality of service
- Secure electronic commerce
- Security administration
- Security evaluation
- Security management
- Security models
- Security requirements engineering
- Security verification
- Survivability
- Information dissemination control
- Trust models and trust management policies
For more information, please see
http://www.isac.uma.es/esorics08.
WDFIA 2008
3rd International Annual Workshop on Digital Forensics and Incident Analysis,
Held in conjunction with the 13th European Symposium on Research in Computer Security (ESORICS 2008),
University of Malaga, Malaga, Spain, October 9, 2008.
[posted here 2/18/08]
The field of digital forensics is rapidly evolving and continues to gain
significance in both the law enforcement and the scientific community.
Being intrinsically interdisciplinary, it draws upon a wide range of subject areas
such as information & communication technologies, law, social sciences and
business administration. The workshop aims to provide a forum for researchers
and practitioners to present original, unpublished research results and innovative
ideas. We welcome the submission of papers from the full spectrum of issues relating
to the theory and practice of digital forensics and incident analysis.
Areas of special interest include, but are not limited to:
- Digital forensics tools and applications
- Incident response and investigation
- Forensic standards and procedures
- Portable electronic device forensics
- Network forensics
- Data hiding and recovery
- Network traffic analysis, traceback and attribution
- Data mining and e-discovery and their corporate use
- Legal, ethical and policy issues related to digital forensics
- Digital evidence visualisation and presentation
- Integrity of digital evidence and live investigations
- Digital evidence chain of custody, storage and preservation
- Multimedia analysis
- Digital forensics case studies
- The Trojan defence
- Forensics issues of malicious code
- Best practices and case studies
- Anti-forensics
For more information, please see
http://www.aegean.gr/wdfia08.
FAST 2008
5th International Workshop on Formal Aspects in Security & Trust,
Held in conjunction with the 13th European Symposium on Research in Computer Security (ESORICS 2008),
Malaga, Spain, October 9-10, 2008.
[posted here 5/12/08]
The fifth International Workshop on Formal Aspects in Security and Trust (FAST2008)
aims at continuing the successful efforts of the previous FAST workshops, fostering
the cooperation among researchers in the areas of security and trust. As computing
and network infrastructures become increasingly pervasive, and as they carry
increasing economic activity, society needs well matched security and trust
mechanisms. These interactions increasingly span several enterprises and involve
loosely structured communities of individuals. Participants in these activities
must control interactions with their partners based on trust policies and business
logic. Trust-based decisions effectively determine the security goals for shared
information and for access to sensitive or valuable resources. FAST focuses on
the formal models of security and trust that are needed to state goals and
policies for these interactions. We also seek new and innovative techniques
for establishing consequences of these formal models. Implementation
approaches for such techniques are also welcome.
Suggested submission topics include, but are not limited to:
- Formal models for security, trust and reputation
- Security protocol design and analysis
- Logics for security and trust
- Trust-based reasoning
- Distributed Trust Management Systems
- Digital Assets Protection
- Data protection
- Privacy and ID management issues
- Information flow analysis
- Language-based security
- Security and Trust aspects in ubiquitous computing
- Validation/Analysis tools and techniques
- Web/Grid Services Security/Trust/Privacy
- Security and Risk Assessment
- Resource and Access Control
- Case studies
For more information, please see
http://www.iit.cnr.it/FAST2008/.
PiLBA 2008
International Workshop on Privacy in Location-Based Applications,
Held in conjunction with the the 13th European Symposium on Research in Computer Security (ESORICS 2008),
Malaga, Spain, October 10, 2008.
[posted here 4/7/08]
Although data security and privacy issues have been extensively investigated
in several domains, the current available techniques are not readily applicable
for privacy protection in location based applications (LBA). An example application
is a Location Based Service, which is typically invoked through mobile devices
that can include location and movement information in service requests. Other
location based applications use similar data, possibly stored in a moving object
database, to solve various kinds of optimization problems, to perform statistical
analysis of specific phenomena, as well as to predict potentially critical
situations. While location data can be very effective for better services and
can enable new kind of services, it poses serious threats to the privacy of
users. LBA in travel, logistics, health care, and other industries already exist
and are poised to proliferate. Examples include the identification of resources
close to the user (e.g., the closest pharmacy), and the identification of the
optimal route to reach a destination from the user's position considering
traffic conditions and possibly other constraints. One of the critical issues
for a wide-spread deployment of these applications is how to conciliate the
effectiveness and quality of these services with privacy concerns. They bring
unique challenges mostly due to the richness of location and time information
that is necessarily connected to location based applications. The research in
this field involves aspects of spatio-temporal reasoning, query processing,
system security, statistical inference, and anonymization techniques. Several
research groups have been working in the recent years to identify privacy
attacks and defense techniques in this domain. Topics of interest include
everything involving privacy aspects arising
in the design, development and deployment of location-based applications.
Examples are the following:
- Formal models of attacks and defenses in LBA
- Anonymization/Pseudonymization in LBA
- Sensitive data obfuscation in LBA
- Authorization and Access Control involving spatio-temporal data
- Publication of micro-data acquired through LBA
- Privacy preserving data mining on geographically referenced data
- Statistical approaches to privacy preservation in LBA
- Trust Management in LBA
- Applied Cryptography for LBA
For more information, please see
http://pilba.dico.unimi.it.
SecPri-WiMob 2008
1st International Workshop on Security and Privacy in Wireless and
Mobile Computing, Networking and Communications,
Held in conjunction with the 4th IEEE International Conference on Wireless and Mobile
Computing, Networking and Communications (WiMob 2008),
Avignon, France, October 12, 2008.
[posted here 4/14/08]
Wireless and Mobile communication networks offer organizations and users several
benefits, such as portability, mobility and flexibility, while increasing
everyday business productivity, and reducing installation cost. However, although
Wireless and Mobile communication environments eliminate many of the problems
associated with traditional wired networks, the new security and privacy risks
introduced by such environments need to be reduced by exploiting appropriate
security measures and safeguards, ensuring an acceptable level of overall
residual hazard. The objectives of the SecPri-WiMob 2008 Workshop are to bring
together researchers from research communities in Wireless and Mobile Computing,
Networking and Communications, Security and Privacy, with the goal of
fostering interaction. We welcome the submission of papers from the full
spectrum of issues related with Security and Privacy in Wireless and Mobile
Computing, Networking and Communications. Papers may focus on protocols,
architectures, methods, technologies, applications, practical experiences,
simulation results and analysis, theory and validation on topics include,
but not limited to:
- Cryptographic Protocols for Mobile and Wireless Networks
- Key Management in Mobile and Wireless Computing
- Reasoning about Security and Privacy
- Privacy and Anonymity in Mobile and Wireless Computing
- Public Key Infrastructure in Mobile and Wireless Environments
- Economics of Security and Privacy in Wireless and Mobile environments
- Security Architectures and Protocols in Wireless LANs
- Security Architectures and Protocols in B3G/4G Mobile Networks
- Security and Privacy features into Mobile and Wearable devices
- Location Privacy
- Ad hoc Networks Security
- Sensor Networks Security
- Wireless Ad Hoc Networks Security
- Role of Sensors to Enable Security
- Security and Privacy in Pervasive Computing
- Trust Establishment, Negotiation, and Management
- Secure PHY/MAC/routing protocols
- Security under Resource Constraints (bandwidth, computation constraints, energy)
For more information, please see
http://www.aegean.gr/SecPri_WiMob_2008.
eCrime 2008
3rd APWG eCrime Researchers Summit,
Atlanta, GA, USA, October 15-16, 2008.
[posted here 5/12/08]
Original papers on all aspects of electronic crime are solicited for submission to eCrime '08.
Topics of relevance include but are not limited to:
- Phishing, pharming, click-fraud, crimeware, extortion and emerging attacks.
- Technical, legal, political, social and psychological aspects of fraud and fraud prevention.
- Techniques to assess the risks and yields of attacks and the success rates of countermeasures.
- Delivery techniques, including spam, voice mail and rank manipulation; and countermeasures.
- Spoofing of different types, and applications to fraud.
- Techniques to avoid detection, tracking and takedown; and ways to block such techniques.
- Honeypot design, data mining, and forensic aspects of fraud prevention.
- Design and evaluation of user interfaces in the context of fraud and network security.
- Best practices related to digital forensics tools and techniques, investigative procedures,
and evidence acquisition, handling and preservation.
For more information, please see
http://www.ecrimeresearch.org/.
NSS 2008
IFIP International Workshop on Network and System Security,
Shanghai, China, October 18-19, 2008.
[posted here 3/24/08]
While the attack systems have become more easy-to-use, sophisticated,
and powerful, interest has greatly increased in the field of building
more effective, intelligent, adaptive, active and high performance
defense systems which are distributed and networked. We will focus our program
on issues related to Network and System Security, such as authentication,
access control, availability, integrity, privacy, confidentiality,
dependability and sustainability of computer networks and systems.
The aim of this workshop is to provide a leading edge forum to foster
interaction between researchers and developers with the network and
system security communities, and to give attendees an opportunity to
interact with experts in academia, industry and governments. NSS 2008
will feature new results, challenging research questions,
novel approaches and innovative directions in network and system security.
Contributions are solicited in all areas of network and system security
research and applications. Topics include, but not limited to:
- Active Defense Systems
- Adaptive Defense Systems
- Benchmark, Analysis and Evaluation of Security Systems
- Distributed Access Control and Trust Management
- Distributed Attack Systems and Mechanisms
- Distributed Intrusion Detection/Prevention Systems
- Denial-of-Service Attacks and Countermeasures
- High Performance Security Systems
- Identity Management and Authentication
- Implementation, Deployment and Management of Security Systems
- Intelligent Defense Systems
- Internet and Network Forensics
- Large-scale Attacks and Defense
- RFID Security and Privacy
- Security Architectures in Distributed Network Systems
- Security for Critical Infrastructures
- Security for P2P systems and Grid Systems
- Security in E-Commerce
- Security and Privacy in Wireless Networks
- Secure Mobile Agents and Mobile Code
- Security Simulation and Tools
- Security Theory and Tools in Network Systems
- Viruses, Worms, and Other Malicious Code
- World Wide Web Security
For more information, please see
http://nss.cqu.edu.au.
NPSec 2008
4th workshop on Secure Network Protocols,
Held in conjunction with the 16th IEEE International Conference on Network Protocols (ICNP 2008),
Orlando, Florida, USA, October 19, 2008.
[posted here 5/5/08]
NPSec focuses on two general areas. The first focus is on the development and
analysis of secure or hardened protocols for the operation (establishment and maintenance)
of network infrastructure, including such targets as secure multidomain, ad hoc, sensor
or overlay networks, or other related target areas. This can include new protocols,
enhancements to existing protocols, protocol analysis, and new attacks on existing
protocols. The second focus is on employing such secure network protocols to create
or enhance network applications. Examples include collaborative firewalls, incentive
strategies for multiparty networks, and deployment strategies to enable secure
applications. NPSec 2008 particularly welcomes new ideas on security in the context
of future Internet design, such as architectural considerations for future Internet
security and new primitives for supporting secure network protocol and application
design. Topics of interest include but are not limited to:
- security in future Internet architectures
- secure and/or resilient network protocols, e.g. (internetworking/routing, MANETs,
LANs and WLANs, mobile/cellular data networks, p2p and other overlay networks,
federated trust systems, sensor networks)
- vulnerabilities of existing protocols and applications (both theoretical and case studies), including attacks
- key distribution/management
- intrusion detection and response
- incentive systems for p2p systems and MANETs routing
- secure protocol configuration and deployment
For more information, please see
http://www.netsec.colostate.edu/npsec08/.
ICICS 2008
10th International Conference on Information and Communications Security,
Birmingham, UK, October 20-22, 2008.
[posted here 3/24/08]
The event, which started in 1997, brings together individuals involved in multiple
disciplines of Information and Communications Security, in order to
foster the exchange of ideas. ICICS 2008 will be organised by the School
of Computer Science, University of Birmingham, in co-operation with HP
Laboratories (Bristol, UK) and the International Communications and
Information Security Association (ICISA).
Original papers on all aspects of information and communications
security are solicited for submission to ICICS 2008. Areas of interest
include, but are not limited to:
- Access control
- Anti-malware
- Anonymity
- Applied cryptography
- Authentication and authorization
- Biometric security
- Data and system integrity
- Database security
- Distributed systems security
- Electronic commerce
- Fraud control
- Grid security
- Information hiding and watermarking
- Intellectual property protection
- Intrusion detection
- Key management and key recovery
- Language-based security
- Operating system security
- Network security
- Risk evaluation and security certification
- Security for mobile computing
- Security models
- Security protocols
- Trusted computing
For more information, please see
http://events.cs.bham.ac.uk/icics08/.
SIS 2008
3rd International Workshop on Secure Information Systems,
Wisla, Poland, October 20-22, 2008.
[posted here 4/21/08]
The SIS workshop is envisioned as a forum to promote the exchange of
ideas and results addressing complex security issues that arise in
modern information systems. We aim at bringing together a community of
security researchers and practitioners working in such divers areas as
networking security, antivirus protection, intrusion detection,
cryptography, security protocols, and others. We would like to promote
an integrated view at the security of information systems.
Covered topics include (but are not limited to):
- Access control
- Adaptive security
- Cryptography
- Copyright protection
- Cyberforensics
- Honeypots
- Information hiding
- Intrusion detection
- Network security
- Privacy
- Secure commerce
- Security exploits
- Security policies
- Security protocols
- Security services
- Security evaluation and prediction
- Software protection
- Trusted computing
- Threat modeling
- Usability and security
- Viruses and worms
- Zero-configuration security mechanisms
For more information, please see
http://www.sis.imcsit.org/.
CCS 2008
15th ACM Conference on Computer and Communications Security,
Alexandria, Virginia, USA, October 27-31, 2008.
[posted here 3/24/08]
The annual ACM Computer and Communications Security
Conference is a leading international forum for
information security researchers, practitioners,
developers, and users to explore cutting-edge ideas and
results, and to exchange techniques, tools, and
experiences. We invite submissions from academia,
government, and industry presenting novel research on all
theoretical and practical aspects of computer security, as
well as case studies and implementation experiences.
The conference seeks submissions from academia,
government, and industry presenting novel research on all
theoretical and practical aspects of computer and
communications security, as well as case studies and
implementation experiences. Papers should have relevance
to the construction, evaluation, application, or operation
of secure systems. Theoretical papers must make a
convincing argument for the practical significance of the
results. All topics related to computer and communications
security are of interest. Authors interested in submitting
but unsure if their topic is in scope should assume that
it probably is in scope but should contact the program
chairs if further guidance is desired.
For more information, please see
http://www.sigsac.org/ccs/CCS2008/.
WPES 2008
7th ACM Workshop on Privacy in the Electronic Society,
Held in conjunction with the 15th ACM Conference on Computer and Communication Security (CCS 2008),
Alexandria, VA, USA, October 27, 2008.
[posted here 4/21/08]
The need to consider privacy has been widely recognized in society at large,
with resulting impact on government, commerce, education, health care, entertainment,
and other sectors. This workshop discusses the problems related to privacy in the global
interconnected society and their possible solutions. The workshop seeks submissions from
academia and industry presenting novel research on all theoretical and practical
aspects of electronic privacy, as well as experimental studies of fielded systems.
We encourage submissions from other communities such as law and business that present
these communities' perspectives on technological issues. Topics of interest include,
but are not limited to:
- anonymity, pseudonymity, and unlinkability
- privacy and confidentiality management
- business models with privacy requirements
- privacy in electronic records
- protection from correlation, inference, and linking attacks
- privacy in health care and public administration
- electronic communication privacy
- public records and personal privacy
- information dissemination control
- privacy and virtual identity
- privacy-aware access control
- personally identifiable information
- privacy in the digital business
- privacy policy enforcement
- privacy enhancing technologies
- privacy and data mining
- privacy policies and their enforcement
- relationships between privacy and security
- privacy and anonymity in Web transactions
- user profiling
- privacy in social networks
- wireless privacy
- privacy threats
- economics of privacy
- privacy and human rights
- RFIDs and privacy
- privacy in mobile computing
- privacy in outsourced computing
- privacy in electronic voting
For more information, please see
http://dais.cs.uiuc.edu/wpes08.
QOP 2008
4th International Workshop on Quality of Protection,
Held in conjunction with the 15th ACM Conference on Computer and Communication Security (CCS 2008),
Alexandria, VA, USA, October 27, 2008.
[posted here 3/3/08]
In the last few decades, Information Security has gained numerous standards, industrial
certifications, and risk analysis methodologies. However, the field still lacks the strong, quantitative,
measurement-based assurance that we find in other fields. For example, Networking researchers
have created and utilize Quality of Service (QoS), Service Level Agreements (SLAs), and performance
evaluation measures. Empirical Software Engineering has made similar advances with software measures:
processes to measure the quality and reliability of software exist and are appreciated in industry.
Security looks different. Even a fairly sophisticated standard such as
ISO17799 has an intrinsically qualitative nature. Notions such as Security Metrics, Quality of
Protection (QoP) or Protection Level Agreement (PLA) have surfaced in the literature, but they
still have a qualitative flavor. Furthermore, many recorded security incidents have a non-IT cause.
As a result, security requires a much wider notion of "system" than do most other fields in
computer science. In addition to the IT infrastructure, the "system" in security includes users,
work processes, and organizational structures. The goal of the QoP Workshop is to help security
research progress towards a notion of Quality of Protection in Security comparable to the
notion of Quality of Service in Networking, Software Reliability, or measures in Empirical
Software Engineering. The topics of interest include but are not limited to:
- Industrial experience
- Security risk analysis
- Security measures
- Reliability analysis
- Security quality assurance
- Measurement-based decision making and risk management
- Empirical assessment of security architectures and solutions
- Mining data from attack and vulnerability repositories
- Measurement theory
- Formal theories of security measures
- Security measurement and monitoring
- Experimental validation of models
- Simulation and statistical analysis
- Stochastic modeling
For more information, please see
http://qop-workshop.org.
DRM 2008
8th ACM Workshop on Digital Rights Management,
Held in conjunction with the 15th ACM Conference on Computer and Communication Security (CCS 2008),
Alexandria, VA, USA, October 27, 2008.
[posted here 3/10/08]
The ACM Workshop on Digital Rights Management is an international forum that
serves as an interdisplinary bridge between areas that can be applied to solving
the problem of Intellectual Property protection of digital content. These include:
cryptography, software and computer systems design, trusted computing, information
and signal processing, intellectual property law, policy-making, as well as business
analysis and economics. Its purpose is to bring together researchers from the above
fields for a full day of formal talks and informal discussions, covering new
results that will spur new investigations regarding the foundations and
practices of DRM.
For more information, please see
http://www.ece.unm.edu/DRM2008/.
StorageSS 2008
4th International Workshop on Storage Security and Survivability,
Held in conjunction with the 15th ACM Conference on Computer and Communication Security (CCS 2008),
Alexandria, VA, USA, October 27, 2008.
[posted here 5/5/08]
The 4th ACM International Workshop on Storage Security and
Survivability (StorageSS 2008) will bring together researchers in
storage systems, computer and network security, and cryptography. We
encourage paper submissions from both research and industry presenting
novel ideas on all theoretical and practical aspects of protecting
data in storage and file systems. TOPICS OF INTEREST include, but aren't
limited to:
- storage protection tradeoffs
- storage protection deployment (including case studies)
- smart storage for security and/or survivability
- analysis of covert storage channels and leaks
- mobile storage protection
- novel backup protection techniques
- protection using versioning
- storage encryption techniques (modes of operation, fast software/hardware encryption)
- key management techniques
- encrypted keyword search and database query
- security analysis of deployed file/volume encryptor, encrypted disc
- tamper-evident storage protection techniques
- immutable storage protection techniques, provenance
- storage threat models
- storage intrusion detection systems
- security for long-term / archival storage
- privacy and trust issues in (untrusted) remote/hosted storage
- TPM and storage security
For more information, please see
http://storagess.org/2008/.
AISec 2008
1st ACM Workshop on AISec,
Held in conjunction with the 15th ACM Conference on Computer and Communication Security (CCS 2008),
Alexandria, VA, USA, October 27, 2008.
[posted here 3/3/08]
The ubiquitous nature of information and communication today is often cited as the cause of
many security and privacy problems including identity and reputation management, viruses/worms
and phishing/pharming. There is strong evidence, however, that this abundance of information
and communication has at least as many security and privacy benefits as costs. Consider for
example, the use of machine learning algorithms to detect network intrusions, crowd-based
approaches to anonymous communication and the use of data mining algorithms to determine
content sanitization. All of these efforts benefit from recent advances in AI, which have
often been driven by increases in the amount of available data.
To fully realize the security and privacy benefits of today's ubiquitous information, the
security community needs expertise in the tools and techniques for managing that information,
namely, artificial intelligence technology, and the AI community needs an understanding of
security and privacy problems. To facilitate an exchange of ideas between these two communities,
we are holding the first workshop in "AISec" in conjunction with the 15th ACM Conference on
Computer and Communications Security (CCS), the new field of security and privacy solutions
that leverage AI technologies. The topics of interest include but are not limited to:
- Spam detection
- Fraud detection
- Botnet detection
- Intrusion detection
- Malware identification
- Insider threat detection
- Privacy-preserving data mining
- Inference detection and control
- Phishing detection and prevention
- Design and analysis of CAPTCHAs
- AI approaches to trust and reputation
- Machine learning techniques for optimizing user experience
- Vulnerability testing through intelligent probing (e.g. fuzzing)
- Content-driven security policy management & access control
- Techniques and methods for generating training and test set
For more information, please see
http://www.aisec.info.
CRiSIS 2008
3rd International Conference on Risks and Security of Internet and Systems,
Tozeur, Tunisia, October 28-30, 2008.
[posted here 2/18/08]
The topics addressed by CRiSIS’2008 range from the analysis of faults,
risks, attacks and vulnerabilities to system survivability and adaptability,
passing through security policies and models, security and dependability
mechanisms and privacy enhancing technologies.
Topics include but are not limited to:
Models for specification, design and validation of security and dependability
- Security and trust models
- Models for security policies
- Formal methods, verification and certification
- UML and MDA for dependable systems
- Architectures for secure and dependable systems
- Self-protecting models and architectures
- Designing business models with security management
Management of security and dependability
- Management of risks, attacks and vulnerabilities
- Risk analysis, security and quality assurance
- Awareness of risks, attacks and vulnerabilities
- Metrology and security management
- Key management Infrastructure (PKI) and trust management
- Monitoring and management of faults
- Planning and executing of repair actions
- Adaptability management
Security and dependability techniques and mechanisms
- Authentication, authorization and audit
- Privacy protection and anonymization
- Intrusion detection and fraud detection
- Traceability and forensics
- Biometrics, watermarking, cryptography and security protocols
- Access and information flow controls
- Use of smartcards and personal devices
- Firewalls and intrusion detection systems
- Viruses, worms and malicious codes
- Attack data acquisition (honeypots) and network monitoring
- Adaptation of security policies
Secure and dependable systems
- Security and dependability of operating systems and network components
- Security of services oriented applications
- Security dependability of distributed and grid applications
- Fault tolerance of Internet applications
- Reflective middleware
- Security and safety of critical infrastructures
- Security and privacy of peer-to-peer system, wireless networks, VPN and embedded systems
- Security of new generation networks, security of Voice-over-IP and multimedia
- Self-protecting, self-stabilizing and self-healing systems
Secure and dependable applications
- Security in Electronic payment
- Security of electronic voting
- Security in e-health
- Dependability in e-learning
For more information, please see
http://www.redcad.org/crisis2008/.
DIM 2008
4th ACM Workshop on Digital Identity Management,
Held in conjunction with the 15th ACM Conference on Computer and Communication Security (CCS 2008),
Fairfax, VA, USA, October 31, 2008.
[posted here 3/3/08]
As the competitive edge of the global economy is shifting to
"services" delivered over the Internet, we need a way of making
identity available on-demand to the services in an open, scalable,
and secure manner. Identity for services is a holistic concern
that must satisfy technology, regulatory and business needs for
existing and emerging markets, such as Software as a Service (SaaS)
and Service Oriented Architectures (SOA). Identity services should
introduce consistency, efficiency and scalability in IT infrastructures
built on the Internet to form the new "identity layer". Also, it
should be easy for developers to incorporate identity services as part
of distributed application logic.
To fully achieve the potential benefits of identity managed as a set
of services, such as cost-effectiveness and shorter deployment times,
several security and privacy challenges must be addressed. Such
challenges arise because of the complex and distributed systems across
different organizations involved in identity service offerings. The goal
of the workshop is to lay the foundation and agenda for further research
and development in this area. Under the broad umbrella of "Services and
Identity", we encourage both researchers and practitioners to participate
and submit papers on topics including, but not limited to the following:
- Identity management for SaaS
- SOA for identity
- Scalability issues in identity management
- Resilient identity service provisioning
- Dynamic mutual trust negotiation
- SLA for identity services
- Identity based access control
- Migration to identity services
- Identity service discovery
- Virtual directories
- Identity management process assurance
- Identity life-cycle
- Externalization of identity
- Risk management for identity
- Identity oracles
- Translation and resolution of namespaces
- Network transport as a service
- Privacy and hosted services
- Mobile identities
- Balance between de-centralization of identity and centralization of controls
- Privacy preservation during orchestration of services in multiple domains
For more information, please see
http://www2.pflab.ecl.ntt.co.jp/dim2008.
VMSec 2008
1st ACM Workshop on Virtual Machine Security,
Held in conjunction with the 15th ACM Conference on Computer and Communication Security (CCS 2008),
Fairfax, VA, USA, October 31, 2008.
[posted here 4/21/08]
This workshop, the first of its kind to deal exclusively with virtual machine security,
will tackle the important research topics in virtualization security. Virtualization
has seen an explosion in growth in deployment, implementations, and applications.
Virtualization holds unique properties that make it attractive for security including
isolation, compartmentalization, live state capture, and replay. Virtualization
has been used to study malicious software as well as to prevent malicious software
infection. In addition, virtualization itself is now the subject of attack. This workshop
aims to bring together leading researchers in the fields of virtualization and security
to present the latest work on these topics. Scope and topics include:
- Applications of virtualization for security
- Security and integrity of virtual machines
- Detecting virtualization
- Evading virtualization
- Trapping malicious code via virtualization
- Economic implications of virtualization
- Attacks and vulnerabilities against virtualization environments
- Honey Nets and Honey Client architectures, systems, and results
- Management and control of virtual machine farms for security
- Forensics using virtualization
- Enhancing privacy and anonymity using virtualization
- Measuring security and performance of virtualization
- Instrumentation and control of virtualization
- Performance optimization of virtual machines
- Performance and security analysis of lightweight virtualization
- Virtualization for mobile devices
- Vulnerabilities in virtualization environments
For more information, please see
http://csis.gmu.edu/VMSec/.
STC 2008
3rd ACM Workshop on Scalable Trusted Computing,
Held in conjunction with the 15th ACM Conference on Computer and Communication Security (CCS 2008),
Fairfax, VA, USA, October 31, 2008.
[posted here 3/31/08]
Built on the continuous success of ACM STC'06 and STC'07, this
workshop focuses on fundamental technologies of trusted computing
and its applications in large-scale systems -- those involving
large number of users and parties with varying degrees of trust.
The workshop is intended to serve as a forum for researchers as
well as practitioners to disseminate and discuss recent advances
and emerging issues. Topics of interests include but not limited to:
- security policies and models of trusted computing
- architecture and implementation technologies for trusted platform
- limitations, alternatives and tradeoffs regarding trusted computing
- trust in authentications, users and computing services
- hardware based trusted computing
- software based trusted computing
- pros and cons of hardware based approach
- remote attestation of trusted devices
- censorship-freeness in trusted computing
- cryptographic support in trusted computing
- case study in trusted computing
- applications of trusted computing
- intrusion resilience in trusted computing
- access control for trusted computing
- principles for handling scales
- scalable trust supports and services
- trusted embedded computing and systems
- trusted computing in networks and distributed systems
- virtualization and trusted computing
For more information, please see
http://www.sisa.samsung.com/innovation/stc08.
CSAW 2008
2nd Computer Security Architecture Workshop,
Held in conjunction with the 15th ACM Conference on Computer and Communication Security (CCS 2008),
Fairfax, VA, USA, October 31, 2008.
[posted here 6/2/08]
The design and evaluation of Security Architectures is of fundamental importance
to security. And yet, many of our fundamental architectures were created when
security was less appreciated and less well understood. Since it is notoriously
difficult to add security after the fact, our systems are far too susceptible
to attack. Moreover, architectures, because they are broad based, are difficult
to understand and this is a specialized workshop in which Security Architecture
experts will gather. As far as we know, this workshop is unique in its focus
on Security Architectures. The workshop topics include, but are not limited to:
- Authorization
- Authentication
- Network security
- Distributed systems
- Operating systems
- Privacy
- Applications and security frameworks
- Specialized applications such as voting systems
- Hardware/software co-design for security
- Analysis of architectures
- System composability (properties, pitfalls, analysis & reasoning
- Assurance techniques
- Case studies
- Usability issues
For more information, please see
http://www.rites.uic.edu/csaw/.
November 2008
SKM 2008
Workshop on Secure Knowledge Management,
Richardson, Texas, USA, November 3-4, 2008.
[posted here 5/5/08]
Knowledge management is the methodology for systematically gathering, organizing,
and disseminating information. It essentially consists of processes and tools to
effectively capture and share data as well as use the knowledge of individuals
within an organization. Knowledge Management Systems (KMS) promote sharing
information among employees and should contain security features to prevent
any unauthorized access. Security is becoming a major issue revolving around
KMS. Security methods may include authentication or passwords, cryptography
programs, intrusion detection systems or access control systems. Issues
include insider threat (protecting from malicious insiders), infrastructure
protection (securing against subversion attacks) and establishing correct
policies and refinement and enforcement. Furthermore KMS content is much
more sensitive than raw data stored in databases and issues of privacy
also become important.
Since the attacks in 2001, many organizations, especially the US government,
have increased their concern about KMS. With the advent of intranets and
web-access, it is even more crucial to protect corporate knowledge as numerous
individuals now have access to the assets of a corporation. Therefore, we need
effective mechanisms for securing data, information, and knowledge as well as the
applications. The proposed workshop in Secure Knowledge Management will help in
raising the awareness of academics and practitioners in this critical area of
research and develop important questions that need to be tackled by the research community.
Topics of interest include, and are not limited to:
- Secure Languages (Secure Knowledge Query Manipulation Language, Security Assertion
Markup Language, B2B Circles of Trust)
- Return of Investment on Secure Knowledge Systems
- Digital Rights Management (Digital Policy Management)
- Secure Content Management (Secure Content Management in Authorized Domains,
Secure Content Delivery, Content Trust Index)
- Knowledge Management for National Security (Securing and Sharing What We Know:
Privacy, Trust and Knowledge Management, Identity Security Guarantee, Building
Trust and Security in the B2B Marketplace)
- Security and Privacy in Knowledge Management
- Wireless security in the context of Knowledge Management
For more information, please see
http://cs.utdallas.edu/skm2008/call_for_papers.htm.
IS 2008
3rd International Symposium on Information Security,
Monterrey, Mexico, November 10-11, 2008.
[posted here 4/21/08]
The goal of this symposium is to bring together researchers from the academia and practitioners
from the industry in order to address information security issues. The symposium will provide
a forum where researchers shall be able to present recent research results and describe
emerging technologies and new research problems and directions related to them. The
symposium seeks contributions presenting novel research in all aspects of information
security. Topics of interest may include one or more of the following (but are not limited to)
themes:
- Access Control and Authentication
- Accounting and Audit
- Biometrics for Security
- Buffer Overflows
- Computer Forensics
- Cryptographic Algorithms and Protocols
- Databases and Data Warehouses Security
- Honey Nets
- Identity and Trust Management
- Intrusion Detection and Prevention
- Information Filtering and Content Management
- Information Hiding and Watermarking
- Mobile Code Security
- Multimedia Security
- Network Security
- Privacy and Confidentiality
- Public-Key Infrastructure
- Privilege Management Infrastructure
- Risk Assessment
- Security Issues in E-Activities
- Security and Privacy Economics
- Security in RFID Systems
- Security and Trustiness in P2P Systems and Grid Computing
- Security in Web Services
- Smart Card Technology
- Software Security
- Usability of Security Systems and Services
- Vulnerability Assessment
For more information, please see
http://www.cs.rmit.edu.au/fedconf/index.html?page=is2008cfp.
IWDW 2008
7th International Workshop on Digital Watermarking,
Busan, Korea, November 10-12, 2008.
[posted here 6/16/08]
IWDW 2008 is the seventh of a series of international work-shops focusing on
digital watermarking and relevant techniques. It will provide an excellent opportunity
for researchers and practitioners to present as well as to keep abreast with the latest
developments in watermarking technologies. IWDW 2008 aims to provide a high quality
forum for dissemination of research results. Areas of interest include, but
are not limited to:
- Mathematical modeling of embedding and detection
- Information theoretic, stochastic aspects of data hiding
- Security issues, including attacks and counter-attacks
- Combination of data hiding and cryptography
- Optimum watermark detection and reliable recovery
- Estimation of watermark capacity
- Channel coding techniques for watermarking
- Large-scale experimental tests and benchmarking
- New statistical and perceptual models of content
- Reversible data hiding
- Data hiding in special media
- Data hiding and authentication
- Steganography and steganalysis
- Data forensics
- Copyright protection, DRM, and forensic watermarking
- Visual cryptography
For more information, please see
http://multimedia.korea.ac.kr/iwdw2008.
SERENE 2008
RISE/EFTS Joint International Workshop
on Software Engineering for REsilieNt systEms,
Newcastle upon Tyne, UK, November 17-19, 2008.
[posted here 4/21/08]
The SERENE 2008 workshop is an international forum for researchers and practitioners
interested in the advances in Software Engineering for Resilient Systems. SERENE 2008
views resilient systems as open distributed systems that have capabilities to
dynamically adapt, in a predictable way, to unexpected and harmful events,
including faults and errors. Engineering such systems is a challenging issue
which needs urgent attention from and combined efforts by people working in various
domains. Achieving this objective is a very complex task, since it implies reasoning
explicitly and in a consistent way about systems functional and non-functional
characteristics. SERENE advocates the idea that resilience should be explicitly included
into traditional software engineering theories and practices and should become an
integral part of all steps of software development. As current software engineering
practices tend to either capture only normal behaviour, or to deal with all abnormal
situations only at the late development phases, new software engineering methods and
tools need to be developed to support explicit handling of abnormal situations
through the whole software life cycle. Moreover, every phase of the software
development process needs to be enriched with the phase-specific resilience means.
The following constitutes a list of the key software engineering domains that
the SERENE workshop will focus on. This list should not, however, be considered as
closed or technically restrictive:
- Formal and semi-formal modelling of resilience properties
- Re-engineering for resilience
- Software development processes for resilience
- Requirement engineering processes for resilience
- Model Driven Engineering of resilient systems
- Verification and validation of resilient systems
- Error and fault handling in the software life-cycle
- Resilience through exception handling in the software life-cycle
- Frameworks and design patterns for resilience
- Software architectures for resilience
- Component-based development and resilience
- System structuring for resilience
- Atomic actions
- Dynamic resilience mechanisms
- Resilience prediction
- Resilience metadata
- Reasoning and adaptation services for improving and ensuring resilience
- Intelligent and adaptive approaches to engineering resilient systems
- Engineering of self-healing autonomic systems
- Dynamic reconfiguration for resilience
- Run-time management of resilience requirements
- CASE tools for developing resilient systems
For more information, please see
http://serene2008.uni.lu.
TrustCom 2008
The 2008 International Symposium on Trusted Computing,
Central South University, Zhang Jia Jie, China, November 18-20, 2008.
[posted here 4/28/08]
This symposium, held in conjunction with The 9th International Conference
for Young Computer Scientists (ICYCS 2008), brings together researchers and
engineers from academia, government and industry working on topics of
trusted computing with regard to security, safety, privacy, reliability,
dependability, survivability, availability, and fault tolerance aspects
of computer systems and networks. The aim is to provide a forum for them
to present and discuss emerging ideas and trends in this highly challenging
research field. Main topics of interest include, but are not limited to:
- Semantics, metrics and models of trust
- Trust establishment, propagation, and management
- Trusted computing platform
- Trusted network computing
- Trusted operating system
- Trusted software
- Trusted database
- Trusted services and applications
- Trust in e-commerce and e-government
- Trust in mobile and wireless networks
- Cryptography and security protocols
- Reliable and fault-tolerant computer systems/networks
- Survivable computer systems/networks
- Authentication in computer systems/networks
- Access control in computer systems/networks
- Key management in computer systems/networks
For more information, please see
http://trust.csu.edu.cn/conference/trustcom2008/.
STM 2008
4th International Workshop on Security and Trust Management,
Held in conjunction with the IFIP TM 2008,
Trondheim, Norway, November 25-27, 2008.
[posted here 4/14/08]
STM08 is the fourth international workshop under the auspices of
the Security and Trust Management working group of ERCIM (European Research
Consortium in Informatics and Mathematics). STM 2008 has at least the
following aims: (1) To investigate the foundations and applications of security and trust in ICT;
(2) To study the deep interplay between trust management and common security issues such as
confidentiality, integrity and availability; (3) To identify and promote new areas of
research connected with security management, e.g. dynamic and mobile coalition management
(e.g., P2P, MANETs, Web/GRID services); (4) To identify and promote new areas of research
connected with trust management, e.g. reputation, recommendation, collaboration etc.;
and (5)To provide a platform for presenting and discussing emerging ideas and trends.
Topics of interest include but are not limited to:
- Semantics and computational models for security and trust
- Security and trust management architectures, mechanisms and policies
- Software engineering for security, trust and privacy
- Networked systems security
- Privacy and anonymity
- Identity management
- ICT for securing digital as well as physical assets
- Cryptography
For more information, please see
http://www.isac.uma.es/stm08.
IWSEC 2008
3rd International Workshop on Security,
Kagawa, Japan, November 25-27, 2008.
[posted here 1/17/08]
The aim of IWSEC2008 is to contribute to security research and
development addressing the topics from traditional theory and tools
on security to other up-to-date issues.
Topics include but are not limited to:
- Cryptography
- Authorization and Access Control
- Biometrics
- Information Hiding
- Quantum Security
- Network and Distributed Systems Security
- Privacy Enhancing Technology
- Security Issues in Ubiquitous/Pervasive Computing
- Security Management
- Software and System Security
- Protection of Critical Infrastructure
- Digital Forensics
- Economics and Other Scientific Approaches for Security
For more information, please see
http://www.iwsec.org.
Globecom-CCNS 2008
Computer and Communications Network Security Symposium,
Held in conjunction with the IEEE Global Communications Conference (GLOBECOM 2008),
New Orleans, LA, USA, November 30 - December 4, 2008.
[posted here 1/7/08]
The Computer and Communications Network Security Symposium will
address all aspects of the modelling, design, implementation,deployment, and management of
computer/network security algorithms, protocols,architectures, and systems.
Furthermore, contributions devoted to the evaluation, optimization, or
enhancement of security mechanisms for current technologies as well as
devising efficient security and privacy solutions for emerging technologies
are solicited. Topics of interest include:
- Secure PHY, MAC, Routing and Upper Layer Protocols
- Secure Cross Layer Design
- Authentication Protocols and Services Authorization
- Confidentiality
- Data and System Integrity
- Availability of Secure Services
- Key Distribution and Management
- PKI and Security Management
- Trust Models and Trust Establishment
- Identity Management and Access Control
- Deployment and Management of Computer/Network Security Policies
- Monitoring Design for Security
- Distributed Intrusion Detection Systems and Countermeasures
- Traffic Filtering and Firewalling
- IPv6 security, IPSec
- Virtual Private Networks (VPNs)
- Prevention, Detection and Reaction Design
- Revocation of Malicious Parties
- Light-Weight Cryptography
- Quantum Cryptography and QKD
- Applications of Cryptography and Cryptanalysis in communications security
- Security and Mobility
- Mobile Code Security
- Network traffic Analysis Techniques
- Secure Naming and Addressing (Privacy and Anonymity)
- Application/Network Penetration Testing
- Advanced Cryptographic Testbeds
- Network Security Metrics and Performance Evaluation
- Operating System(OS) Security and Log Analysis Tools
- Security Modelling and Protocol Design
- Security Specification Techniques
- Self-Healing Networks
- Smart Cards and Secure Hardware
- Biometric Security: Technologies, Risks and Vulnerabilities
- Information Hiding and Watermarking
- Vulnerability, Exploitation Tools, and Virus/Worm Analysis
- Distributed Denial-Of-Service (DDOS) Attacks and Countermeasures
- DNS Spoofing and Security
- Critical infrastructure Security
- Single- and Multi-Source Intrusion Detection and Response (Automation)
- Web, E-commerce, M-commerce, and E-mail Security
- New Design for Unknown Attacks Detection
For more information, please see
http://www.comsoc.org/confs/globecom/2008/symposium/compcom.html.
December 2008
ACSAC 2008
24th Annual Computer Security Applications Conference,
Anaheim, California, December 8-12, 2008.
[posted here 4/21/08]
ACSAC is an internationally recognized forum where practitioners, researchers,
and developers in information system security meet to learn and to exchange
practical ideas and experiences. Papers offering novel contributions in
any aspect of computer and application security are solicited. Papers may
present technique, applications, or practical experience, or theory that
has a clear practical impact. Papers are encouraged on technologies and
methods that have been demonstrated to be useful for improving information
systems security and that address lessons from actual application.
Topics of interest include, but are not limited to:
- access control
- applied cryptography
- audit and audit reduction
- biometrics
- boundary control devices
- certification and accreditation
- database security
- defensive information warfare
- denial of service protection
- electronic commerce security
- enterprise security
- forensics
- identification and authentication
- identity management
- incident response planning
- information survivability
- insider threat protection
- integrity
- intellectual property rights protection
- intrusion detection
- malware
- multimedia security
- operating systems security
- peer-to-peer security
- privacy and anonymity
- product evaluation criteria and compliance
- risk/vulnerability assessment
- secure location services
- security engineering and management
- security in IT outsourcing
- service oriented architectures
- software assurance
- trust management
- virtualization security
|
