Cipher Upcoming Conferences
Cipher
Calls for Papers



IEEE Computer Society's Technical Committee on Security and Privacy


 


Calls for Papers

Last Modified:7/21/08

Upcoming Conferences and Workshops

Note: The submission date has passed.

July 2008

SMPE 2008 2nd International Symposium on Security and Multimodality in Pervasive Environments, Held in conjunction with the 5th ACM Annual International Conference on Mobile and Ubiquitous Systems: Computing, Networking and Services (MOBIQUITOUS 2008), Trinity College Dublin, Ireland, July 21-25, 2008. [posted here 2/4/08]
Pervasive computing environments present specific peculiarities with respect to aspects like security and multimodality. As a matter of fact, the accessibility level of a virtual environment can definitively be improved by natural interfaces and multimodal interaction systems, which offer users the freedom to select from multiple modes of interaction with services and permit to break down barriers about human-computer interaction making communication intuitive and spontaneous. On the other hand, while enlarging and easing the ways to access to the environment, security threads arise and the environment must be properly equipped in order to protect itself from malicious attacks and/or from wrong actions performed by inexpert users. Topics include:
- Trust and reputation management in UE
- Security applications and services in pervasive
- Security model for pervasive computing
- Intelligent multimedia security services in pervasive computing
- Key management and authentication in pervasive computing
- Network security issues and protocols in pervasive computing
- Access control and privacy protection in pervasive computing
- Security Standard for next pervasive computing
- Security in Human Centred Environments
- Natural interfaces security issues
- Advanced multimodal interfaces
- Human oriented interfaces
- Multimodal mobile and ubiquitous services
- Methods for multimodal integration
- Middleware services for multimodal and pervasive applications
- Context-Awareness in multimodal applications
- Multimodal analysis and recognition of contex
- Next ubiquitous and immersive environments
- Virtual reality and ubiquitous computing
- Usability and accessibility in ubiquitous applications
- Applications and scenarios
- Others: Commercial or Industrial Issue in pervasive computing

For more information, please see http://www.na.icar.cnr.it/smpe08/.

SOUPS 2008 Symposium On Usable Privacy and Security, Carnegie Mellon University, Pittsburgh, PA, USA, July 23-25, 2008. [posted here 10/15/07]
The 2008 Symposium on Usable Privacy and Security (SOUPS) will bring together an interdisciplinary group of researchers and practitioners in human computer interaction, security, and privacy. The program will feature technical papers, a poster session, panels and invited talks, discussion sessions, and in-depth sessions (workshops and tutorials). We invite authors to submit original papers describing research or experience in all areas of usable privacy and security. Topics include, but are not limited to:
- innovative security or privacy functionality and design
- new applications of existing models or technology
- field studies of security or privacy technology
- usability evaluations of security or privacy features or security testing of usability features
- lessons learned from deploying and using usable privacy and security features

For more information, please see http://cups.cs.cmu.edu/SOUPS/.

CSET 2008 Workshop on Cyber Security Experimentation and Test, Held in conjunction with the USENIX Security Symposium 2008, San Jose, CA, USA, July 28, 2008. [posted here 5/12/08]
The workshop aims to gather both researchers who use testbeds for security experimentation and testbed developers, to share their ideas and results, and to discuss open problems in this area. While we particularly invite papers that deal with security experimentation, we are also interested in papers that address general testbed/ experiment issues that have implications on security experimentation such as: traffic and topology generation, large-scale experiment support, experiment automation, etc. We are further interested in educational efforts that involve security experimentation. Please see workshop URL for a more detailed listing of topics.

For more information, please see http://www.usenix.org/event/cset08/.

EVT 2008 USENIX/ACCURATE Electronic Voting Technology Workshop, Held in conjunction with the 17th USENIX Security Symposium, San Jose, CA, USA, July 28-29, 2008. [posted here 2/11/08]
EVT '08 seeks to bring together researchers from a variety of disciplines, ranging from computer science and human-computer interaction experts through political scientists, legal experts, election administrators, and voting equipment vendors. EVT seeks to publish original research on important problems in all aspects of electronic voting. We welcome papers on voting topics including but not limited to:
- Voter registration and pre-voting
- Vote collection
- Vote tabulation
- Post-election auditing
- Design, implementation, and evaluation of new voting technologies and protocols
- Scientific evaluations of existing voting technologies
- System testing methodologies
- Deployment and lifecycle issues
- Threat mitigation
- Usability
- Accessibility
- Legal issues, including ADA, HAVA, intellectual property, and nondisclosure agreements on voting system evaluations
- Issues with and evolution of voting technology standards

For more information, please see http://www.usenix.org/evt08/cfpa.

USENIX-Security 2008 17th USENIX Security Symposium, San Jose, California, USA, July 28-August 1, 2008. [posted here 10/1/07]
On behalf of the 17th USENIX Security Symposium (USENIX Security '08) program committee, we are inviting you to submit high-quality papers in all areas relating to systems and network security. Please note that the USENIX Security Symposium is primarily a systems security conference. Papers whose contributions are primarily new cryptographic algorithms or protocols, cryptanalysis, electronic commerce primitives, etc., may not be appropriate for this conference. Refereed paper submissions are solicited in all areas relating to systems and network security, including:
- Adaptive security and system management
- Analysis of network and security protocols
- Applications of cryptographic techniques
- Attacks against networks and machines
- Authentication and authorization of users, systems, and applications
- Automated tools for source code analysis
- Botnets
- Cryptographic implementation analysis and construction
- Denial-of-service attacks and countermeasures
- File and filesystem security
- Firewall technologies
- Forensics and diagnostics for security
- Intrusion and anomaly detection and prevention
- Malicious code analysis, anti-virus, anti-spyware
- Network infrastructure security
- Operating system security
- Privacy-preserving (and -compromising) systems
- Public key infrastructure
- Rights management and copyright protection
- Security architectures
- Security in heterogeneous and large-scale environments
- Security policy
- Self-protecting and healing systems
- Techniques for developing secure systems
- Technologies for trustworthy computing
- Usability and security
- Voting systems analysis and security
- Wireless and pervasive/ubiquitous computing security
- Web security

For more information, please see http://www.usenix.org/sec08/cfpa/.

IWSSE 2008 2nd International Workshop on Security in Software Engineering, Held in conjunction with the IEEE COMPSAC 2008, Turku, July 28 – August 1, 2008. [posted here 1/15/08]
Secure software engineering has become an emerging interdisciplinary area across software engineering, programming languages, and security engineering. Secure software engineering focuses on developing secure software and understanding the security risks and managing these risks throughout the life-cycle of software. The purpose of the workshop is to bring together researchers and practitioners who work closely in this area to create a forum for reporting and discussing recent advances in improving security in software engineering and inspiring collaborations and innovations on new methods and techniques to advance software security in our practices. Researchers and practitioners worldwide are invited to present their research expertise and experience, and discuss the issues and challenges in security from software engineering perspective. Submissions of quality papers in the following non-exhaustive list of topics are invited:
- Management of software security in industrial practice
- Security requirements and policies
- Abuse cases and threat modeling
- Architecture and design for security
- Model-based security
- Language-based security
- Malicious code prevention and code safety
- Security risk analysis
- Security taxonomy and metrics
- Testing for security
- Application security: detection and protection
- Software piracy and protection

For more information, please see http://www.sis.pitt.edu/%7Elersais/IWSSE/IWSSE08.html.

August 2008

ICITS 2008 International Conference on Information Theoretic Security, Calgary, Canada, August 10-13, 2008. [posted here 11/26/07]
This is the second conference in a series of conferences that is aimed to bring together the leading researchers in the area of information and quantum theoretic security. This series of conferences is a successor to the 2005 IEEE Information Theory Workshop on Theory and Practice in Information-Theoretic Security (ITW 2005). The first ICITS conference was held in Madrid, after Eurocrypt 2007. Conference proceedings will be published by Springer Verlag in the Lecture Notes in Computer Science. The topics of interest are on work on any aspect of information theoretical security, this means security based on information theory. This includes, but is not limited to the following topics:
- Information theoretic analysis of security
- Private and Reliable Networks
- Anonymity
- Public Key Cryptosystems using Codes
- Authentication Codes
- Quantum Cryptography
- Conventional Cryptography using Codes
- Quantum Information Theory
- Fingerprinting
- Randomness extraction
- Ideal Ciphers
- Secret Sharing
- Information Hiding
- Secure Multiparty Computation
- Key Distribution
- Traitor Tracing
- Oblivious Transfer
- Data hiding and Watermarking

For more information, please see http://iqis.org/events/icits2008.

DFRWS 2008 8th Annual Digital Forensic Research Workshop, Baltimore, MD, USA, August 11-13, 2008. [posted here 12/17/07]
DFRWS brings together leading researchers, developers, practitioners, and educators interested in advancing the state of the art in digital forensics from around the world. As the most established venue in the field, DFRWS is the preferred place to present both cutting-edge research and perspectives on best practices for all aspects of digital forensics. As an independent organization, we promote open community discussions and disseminate the results of our work to the widest audience. We invite original contributions as research papers, panel proposals, Work-in-Progress talks, and demo proposals. All papers are evaluated through a double-blind peer-review process, and those accepted will be published in printed proceedings by Elsevier. Topics of Interest include:
- Incident response and live analysis
- Network-based forensics, including network traffic analysis, traceback and attribution
- Event reconstruction methods and tools
- File system and memory analysis
- Application analysis
- Embedded systems
- Small scale and mobile devices
- Large-scale investigations
- Digital evidence storage and preservation
- Data mining and information discovery
- Data hiding and recovery
- File extraction from data blocks (“file carving”)
- Multimedia analysis
- Tool testing and development
- Digital evidence and the law
- Anti-forensics and anti-anti-forensics
- Case studies and trend reports
- Non-traditional approaches to forensic analysis

For more information, please see http://www.dfrws.org/2008/.

PODC 2008 27th Annual ACM SIGACT-SIGOPS Symposium on the Principles of Distributed Computing, Toronto, Canada, August 18-21, 2008. [posted here 11/26/07]
PODC solicits papers on all areas of distributed systems. We encourage submissions dealing with any aspect of distributed computing from the theoretical or experimental viewpoints. The common goal is to improve understanding of principles underlying distributed computing. Topics of interest include the following subjects in distributed systems:
- distributed algorithms: design and analysis
- communication networks: architectures, services, protocols, applications
- multiprocessor and multi-core architectures and algorithms
- shared and transactional memory, synchronization protocols, concurrent programming
- fault-tolerance, reliability, availability, self organization
- Internet applications, social networks, recommender systems
- distributed operating systems, middleware platforms, databases
- distributed computing with selfish agents
- peer-to-peer systems, overlay networks, distributed data management
- high-performance, cluster, and grid computing
- mobile computing, autonomous agents, location- and context-aware distributed systems
- security in distributed computing, cryptographic protocols
- sensor, mesh, and ad hoc networks
- specification, semantics, verification, and testing of distributed systems

For more information, please see http://www.podc.org/podc2008.

SecCo 2008 6th International Workshop on Security Issues in Concurrency, Toronto, Canada, August 23, 2008. [posted here 4/21/08]
Emerging trends in concurrency theory require the definition of models and languages adequate for the design and management of new classes of applications, mainly to program either WANs (like Internet) or smaller networks of mobile and portable devices (which support applications based on a dynamically reconfigurable communication structure). Due to the openness of these systems, new critical aspects come into play, such as the need to deal with malicious components or with a hostile environment. Current research on network security issues (e.g. secrecy, authentication, etc.) usually focuses on opening cryptographic point-to-point tunnels. Therefore, the proposed solutions in this area are not always exploitable to support the end-to-end secure interaction between entities whose availability or location is not known beforehand. The aim of the workshop is to cover the gap between the security and the concurrency communities. More precisely, the workshop promotes the exchange of ideas, trying to focus on common interests and stimulating discussions on central research questions. In particular, we look for papers dealing with security issues (such as authentication, integrity, privacy, confidentiality, access control, denial of service, service availability, safety aspects, fault tolerance, trust, language-based security) in emerging fields like web services, mobile ad-hoc networks, agent-based infrastructures, peer-to-peer systems, context-aware computing, global/ubiquitous/pervasive computing.

For more information, please see http://www.lsv.ens-cachan.fr/SecCo08/.

September 2008

Pairing 2008 2nd International Conference on Pairing-based Cryptography, Egham, UK, September 1-3, 2008. [posted here 11/12/07]
Pairing-based cryptography is an extremely active area of research which has allowed elegant solutions to a number of long-standing open problems in cryptography (such as efficient identity-based encryption). New developments continue to be made at a rapid pace. The aim of "Pairing" conference is thus to bring together leading researchers and practitioners from academia and industry, all concerned with problems related to pairing-based cryptography. Authors are invited to submit papers describing their original research on all aspects of pairing-based cryptography, including, but not limited to the following topics:
Area I: Novel cryptographic protocols
- ID-based and certificateless cryptosystems
- Broadcast encryption, signcryption etc
- Short/multi/aggregate/group/ring/threshold/blind signatures
- Designed confirmer or undeniable signatures
- Identification/authentication schemes
- Key agreement
Area II: Mathematical foundations
- Weil, Tate, Eta, and Ate pairings
- Security consideration of pairings
- Other pairings and applications of pairings in mathematics
- Generation of pairing friendly curves
- (Hyper-) Elliptic curve cryptosystems
- Number theoretic algorithms
- Addition algorithms in divisor groups
Area III: SW/HW implementation
- Secure operating systems
- Efficient software implementation
- FPGA or ASIC implementation
- Smart card implementation
- RFID security
- Middleware security
- Side channel and fault attacks
Area IV: Applied security
- Novel security applications
- Secure ubiquitous computing
- Security management
- PKI models
- Application to network security
- Grid computing
- Internet and web security
- E-business or E-commerce security

For more information, please see http://www.pairing-conference.org/.

OSSCoNF 2008 1st Workshop on Open Source Software for Computer and Network Forensics, Held in conjunction with the 4th International Conference on Open Source Systems (OSS 2008), Milan, Italy, September 7-10, 2008. [posted here 2/25/08]
OSSCoNF aims at creating an informal, but selected academic venue to discuss the benefits (and drawbacks, if any) of using Free, Libre, and Open Source Software (FLOSS) for computer and network forensics, incident management and digital investigations. The main topics of interest for the workshop are:
- FLOSS tools for Evidence Management
- Tools for acquisition, collection, and storage of digital evidence
- Tools for identification, authentication, integrity preservation of digital evidence
- FLOSS tools for Analysis and Identification of Evidence
- Tools for the analysis and search of digital evidence
- Tools for cybercrime scenarios reconstruction, correlation and data mining applied to digital forensics
- Tools for analysis of embedded or non-traditional devices such as cellphones, cameras...
- FLOSS tools for analysis of cybercrime
- Data mining systems for cyber-crime strategy analysis and modeling
- Systems for data collection and monitoring of attack trends
- FLOSS tools validation and test cases, or FLOSS validation approaches for proprietary tools
- FLOSS tools for the automation of the forensic process and case management

For more information, please see http://conferenze.dei.polimi.it/ossconf.

SEC 2008 23rd International Information Security Conference, Co-located with IFIP World Computer Congress 2008, Milan, Italy, September 8-10, 2008. [posted here 9/27/07]
The conference seeks submissions from academia and industry presenting novel research on all theoretical and practical aspects of computer security, as well as case studies and implementation experiences. Papers should have practical relevance to the construction, evaluation, application, or operation of secure systems. Theoretical papers must make convincing argument for the practical significance of the results. Topics of interest include, but are not limited to:
- access control
- accounting and audit
- anonymity
- applied cryptography
- authentication
- computer forensics
- cryptographic protocols
- database security
- data protection
- data/system integrity
- digital rights management
- electronic frauds
- identity management
- information warfare
- intrusion detection
- key management
- law and ethics
- peer-to-peer security
- privacy-enhancing technology
- secure location services
- secure networking
- security education
- security management
- smartcards
- commercial and industry security
- data and application security
- inference/controlled disclosure
- risk analysis and risk management
- intellectual property protection
- security in IT outsourcing
- security for mobile code
- trust management
- trust models

For more information, please see http://sec2008.dti.unimi.it.

CARDIS 2008 8th Smart Card Research and Advanced Application Conference, Royal Holloway, University of London, Egham, Surrey, UK, September 8-11, 2008. [posted here 11/26/07]
Since 1994, CARDIS has been the foremost international conference dedicated to smart card research and applications. Submissions across a broad range of smart card development phases are encouraged, from exploratory research and proof-of-concept studies to practical applications and deployment of smart card technology. As a response to the growing development of contactless applications and RFID systems, a special interest is also devoted to low cost cryptographic mechanisms and physical security of constrained devices. Topics of interest include, but are not limited to:
- From smart cards to smart devices (hardware, form factor, display)
- Software environments for smart cards and devices (OS, VM, API)
- Smart cards and devices networking and high-level data models
- Smart cards and devices applications, development and deployment
- Person representation and biometrics using smart technologies
- Identity, privacy and trust issues for smart technologies
- High-speed, small-footprint implementations of cryptographic algorithms
- Attacks and countermeasures in hardware and software
- Cryptographic protocols for smart cards and devices
- Biometrics and smart cards
- Formal modeling of environments and applications
- Interplay of TPMs and smart cards
- Security of RFID systems

For more information, please see http://www.scc.rhul.ac.uk/CARDIS/.

SCN 2008 6th Conference on Security and Cryptography for Networks, Amalfi, Italy, September 10-12, 2008. [posted here 3/31/08]
Security and privacy are increasing concerns in computer networks such as the Internet. The availability of fast, reliable, and cheap electronic communication offers the opportunity to perform electronically and in a distributed way a wide range of transactions of a most diverse nature. SCN 2008 aims at bringing together researchers in the field of cryptography and security in communication networks to foster cooperation and exchange of ideas. Original papers on all technical aspects of cryptography and security are solicited for submission to SCN 2008. Topics of interest are (but not limited to):
- Anonymity
- Implementations
- Authentication
- Symmetric-Key Cryptography
- Complexity-based Cryptography
- Privacy
- Cryptanalysis
- Cryptographic Protocols
- Digital Signatures
- Public-Key Cryptography
- Hash Functions
- Survey and state of the art
- Identification

For more information, please see http://scn.dia.unisa.it/.

InSPEC 2008 International Workshop on Security and Privacy in Enterprise Computing, Held in conjunction with the 12th IEEE International EDOC Conference (EDOC 2008), Munich, Germany, September 15, 2008. [posted here 4/7/08]
Several technologies have emerged for enterprise computing. Today, services are becoming the new building blocks of enterprise systems and service-oriented architectures are combining them in a flexible and novel way. These technological trends are accompanied by new business trends due to globalization that involve innovative forms of collaborations. All of these trends bring with them new challenges to the security and privacy of enterprise computing. New concepts for solving these challenges require the combination of many disciplines from computer science and information systems, such as cryptography, networking, distributed systems, process modeling and design, access control, privacy etc. It is the goal of this workshop to provide a forum for exchange of novel research in these areas among the experts from academia and industry. Topics include:
Security and privacy in workflow systems
- Access control architectures
- Modeling of security and privacy constraints
- Automatic security augmentation
- Secure/Trusted virtual domains
Security and privacy in service-oriented architectures
- Secure composition of services
- Semantic aware security
- Security services
- Trustworthy computation
Identity Management
- Security and Privacy
- Applications to compliance
- Effective use in business IT systems
Data sharing
- Cryptographic protection during data sharing
- Privacy-preserving distributed applications
- Efficient multi-party computations
- Privacy and data sharing policies
Security and privacy in management information systems
- Novel secure applications
- Secure and private data analytics
- Flexible and seamless security architectures
- Secure operating system design
Collaborations
- Secure and private supply chains
- Security and privacy in virtual organizations
- Private social network and Web 2.0 applications
- Security and privacy in outsourcing

For more information, please see http://ra.crema.unimi.it/inspec2008/.

VizSEC 2008 5th Workshop on Visualization for Cyber Security, Held in conjunction with the 11th International Symposium on Recent Advances in Intrusion Detection (RAID 2008), Cambridge, MA USA, September 15, 2008. [posted here 3/24/08]
As a result of previous VizSec workshops, we have seen both the application of existing visualization techniques to security problems and the development of novel security visualization approaches. However, VizSec research has focused on helping human analysts to detect anomalies and patterns, particularly in computer network defense. Other communities, led by researchers from the RAID Symposia, have researched automated methods for detecting anomalies and malicious activity. The theme for this year's workshop will be on bridging the gap between visualization and automation, such as leveraging the power of visualization to create rules for intrusion detection and defense systems. We also solicit papers that report results on visualization techniques and systems in solving all aspects of cyber security problems, including:
- Visualization of Internet routing
- Visualization of packet traces and network flows
- Visualization of intrusion detection alerts
- Visualization of attack tracks
- Visualization of security vulnerabilities
- Visualization of attack paths
- Visualization of application processes
- Visualization for forensic analysis
- Visualization for correlating events
- Visualization for computer network defense training
- Visualization for offensive information operations
- Visualization for building rules
- Visualization for feature selection
- Visualization for cryptology
- Visualization for detecting anomalous activity
- Deployment and field testing of VizSec systems
- Evaluation and user testing of VizSec systems
- User and design requirements for VizSec systems
- Lessons learned from development and deployment of VizSec systems

For more information, please see http://vizsec.org/workshop2008/.

RAID 2008 11th International Symposium on Recent Advances in Intrusion Detection, Cambridge, Massachusetts, USA, September 15-17, 2008. [posted here 1/7/08]
This symposium, the 11th in an annual series, brings together leading researchers and practitioners from academia, government, and industry to discuss issues and technologies related to intrusion detection and defense. The Recent Advances in Intrusion Detection (RAID) International Symposium series furthers advances in intrusion defense by promoting the exchange of ideas in a broad range of topics. As in previous years, all topics related to intrusion detection, prevention and defense systems and technologies are within scope, including but not limited to the following:
- Network and host intrusion detection and prevention
- Anomaly and specification-based approaches
- IDS cooperation and event correlation
- Malware prevention, detection, analysis and containment
- Web application security
- Insider attack detection
- Intrusion response, tolerance, and self protection
- Operational experience and limitations of current approaches
- Intrusion detection assessment and benchmarking
- Attacks against IDS including DoS, evasion, and IDS discovery
- Formal models, analysis, and standards
- Deception systems and honeypots
- Vulnerability analysis, risk assessment, and forensics
- Adversarial machine learning for security
- Visualization techniques
- Special environments, including mobile and sensor networks
- High-performance intrusion detection
- Legal, social, and privacy issues
- Network exfiltration detection
- Botnet analysis, detection, and mitigation

For more information, please see http://www.ll.mit.edu/IST/RAID2008/.

ISC 2008 Information Security Conference, Taipei, Taiwan, September 15-18, 2008. [posted here 1/7/08]
ISC aims to attract high quality papers in all technical aspects of information security. The topics of interest of ISC include, but are not limited to, the following:
- Access Control
- Accounting and Audit
- Anonymity and Pseudonymity
- Applied Cryptography
- Attacks and Prevention of Online Fraud
- Authentication and Non-repudiation
- Biometrics
- Cryptographic Protocols and Functions
- Database and System Security
- Design and Analysis of Cryptographic Algorithms
- Digital Rights Management
- Economics of Security and Privacy
- Formal Methods in Security
- Foundations of Computer Security
- Identity and Trust Management
- Information Hiding and Watermarking
- Infrastructure Security
- Intrusion Detection, Tolerance and Prevention
- Mobile, Ad Hoc and Sensor Network Security
- Network and Wireless Network Security
- Peer-to-Peer Network Security
- PKI and PMI
- Private Searches
- Security and Privacy in Pervasive/Ubiquitous Computing
- Security in Information Flow
- Security for Mobile Code
- Security of Grid Computing
- Security of eCommerce, eBusiness and eGovernment
- Security Modeling and Architectures
- Security Models for Ambient Intelligence environments
- Trusted Computing
- Usable Security
- Special Session on AES

For more information, please see http://isc08.twisc.org/.

WIFISEC 2008 1st International workshop on Wireless and Mobile Security, Held in conjunction with the 2nd IEEE International Conference and Exhibition on Next Generation Mobile Applications, Services, and Technologies (NGMAST 2008), Cardiff, Wales, UK, September 16-19, 2008. [posted here 3/10/08]
As Mobile and Wireless networks are becoming increasingly prevalent, the problem of ensuring that those networks are secure is an increasingly important issue. The issue of securing the different types of mobile and wireless networks, their operation and use is the focus of this workshop. Mobile and Wireless Networking environments eliminate many of the problems associated with traditional wired networks. However, the security and privacy risks introduced by such environments need to be addressed by exploiting appropriate security measures and techniques. Topics include but are not limited to:
- Key Management in wireless/mobile environments
- Intrusion detection, detection of malicious behaviour
- Denial of service
- User privacy, location privacy
- Authentication and Access control
- Anonymity, prevention of traffic analysis
- Dependable wireless networking
- Identity theft and phising in mobile networks
- Charging in wireless networks
- Security in vehicular networks
- Cross-layer design for security
- Monitoring and surveillance
- Identity theft and ciphering in mobile networks
- Vulnerability and attacker modelling
- Incentive-aware secure protocol design
- Routing Path Security in Ad-Hoc Networks
- Public Cryptography in Wireless Networks

For more information, please see http://www.comp.glam.ac.uk/wifisec/.

SECOVAL 2008 4th International Workshop on the Value of Security through Collaboration, Held in conjunction SecureComm 2008, Istanbul, Turkey, September 22, 2008. [posted here 6/2/08]
Security is usually centrally managed, for example in a form of policies duly executed by individual nodes. The SECOVAL workshop covers the alternative trend of using collaboration and trust to provide security. Instead of centrally managed security policies, nodes may use specific knowledge (both local and acquired from other nodes) to make security-related decisions. For example, in reputation-based schemes, the reputation of a given node (and hence its security access rights) can be determined based on the recommendations of peer nodes. As systems are being deployed on ever-greater scale without direct connection to their distant home base, the need for self management is rapidly increasing. Interaction after interaction, as the nodes collaborate, there is the emergence of a digital ecosystem. By guiding the local decisions of the nodes, for example, with whom the nodes collaborate, global properties of the ecosystem where the nodes operate may be guaranteed. Thus, the security property of the ecosystem may be driven by self-organizing mechanisms. Depending on which local collaboration is preferred, a more trustworthy ecosystem may emerge. While papers will be considered that address any of the topics of security through collaboration from previous years (e.g., benefits from collaboration, methods of creating or measuring trust, self-organizing coalitions and risk analysis), the focus of the workshop will be around mobile application domains. Topics of interest to the workshop include, but are not limited to:
- Mobile collaborative security
- Data sharing and anonymization case studies
- Metrics of utility, anonymization strength and information loss
- Identification of data sources and types useful to share for collaborative computer security
- Context-aware trust and reputation management
- Insights from industry and case studies

For more information, please see http://www.secoval.org/.

SOSOC 2008 International Workshop on Security in Opportunistic and SOCial Networks, Held in conjunction SecureComm 2008, Istanbul, Turkey, September 22, 2008. [posted here 6/2/08]
Opportunistic Networks are considered as an evolution of the Mobile Ad-hoc Networking paradigm, in which the assumption of an existing end-to-end connectivity is relaxed. The evolving topologies are expected to resemble the actual social networks of the communicating users and information on their characteristics can be a powerful aid for any network operation. Online services that assist social networks (facebook, linkedin, xing, etc.) in consequence are able to provide additional information on contacts and their relations. The lack of end-to-end connectivity and the use of personal information for the networking operations raise entirely new privacy concerns and require new reflections on security problems. The aim of this workshop is to encompass research advances in all areas of security, trust and privacy in Opportunistic and Social Networks. Topics of interest include but are not limited to:
- new aspects of trust
- privacy concerns
- availability and resilience
- community based secure communication
- data confidentiality, data integrity
- anonymity, pseudonymity
- key management
- secure bootstrapping
- security issues in forwarding, routing
- security aspects regarding cooperation
- reputation systems for opportunistic/social networks
- new security issues, new attack paradigms
- new requirements for software security
- malware analysis in opportunistic/social networks

For more information, please see http://www.sosoc.org.

SecureComm 2008 4th International Conference on Security and Privacy for Communication Networks, Istanbul, Turkey, September 22-25, 2008. [posted here 3/3/08]
Securecomm seeks high-quality research contributions in the form of well developed papers. Topics of interest encompass research advances in ALL areas of secure communications and networking. Topics in other areas (e.g., formal methods, database security, secure software, theoretical cryptography) will be considered only if a clear connection to private or secure communication/networking is demonstrated. Securecomm brings together security and privacy experts in academia, industry and government as well as practitioners, standards developers and policy makers. Topics of interest include, but are not limited to, the following:
- Security & Privacy in Wired, Wireless, Mobile, Hybrid, Sensor, Ad Hoc networks
- Network Intrusion Detection and Prevention, Firewalls, Packet Filters
- Malware and botnets
- Communication Privacy and Anonymity
- Distributed denial of service
- Public Key Infrastructures, key management, credentials
- Web security
- Secure Routing, Naming/Addressing, Network Management
- Security & Privacy in Pervasive and Ubiquitous Computing, e.g., RFIDs
- Security & Privacy for emerging technologies: VoIP, peer-to-peer and overlay network systems, Web 2.0

For more information, please see http://www.securecomm.org.

NSPW 2008 New Security Paradigm Workshop, Olympic Valley, CA, USA, September 22-25, 2008. [posted here 1/14/08]
The computers of the world are under siege. Denial of service attacks plague commercial sites, large and small. Major companies are hacked for consumer credit card numbers. Phishing attacks for personal information are commonplace, and million-machine botnets are a reality. Our tools for combating these threats--cryptography, firewalls, access controls, vulnerability scanners, malware and intrusion detectors--are insufficient. We need radical new solutions, but most security researchers propose only incremental improvements. Since 1992, the New Security Paradigm Workshop (NSPW) has been a home for research that addresses the fundamental limitations of current work in information security. NSPW welcomes papers that present a significant shift in thinking about difficult security issues, build on such a recent shift, offer a contrarian view of accepted practice or policy, or address non-technological aspects of security. Our program committee particularly looks for new approaches to information security, early thinking on new topics, innovative solutions to long-time problems, and controversial issues which might not be accepted at other conferences but merit a hearing. We discourage papers that represent completed or established works, or offer incremental improvements to well-established models. NSPW expects a high level of scholarship from contributors, including awareness of prior work produced before the World Wide Web.

For more information, please see http://www.nspw.org.

October 2008

ESORICS 2008 13th European Symposium on Research in Computer Security, Malaga, Spain, October 6-8, 2008. [posted here 1/18/08]
Papers offering novel research contributions in any aspect of computer security are solicited for submission to the Thirteenth European Symposium on Research in Computer Security (ESORICS 2008). Organized in a series of European countries, ESORICS is confirmed as the European research event in computer security. The symposium started in 1990 and has been held on alternate years in different European countries and attracts an international audience from both the academic and industrial communities. From 2002 it has been held yearly. The Symposium has established itself as one of the premiere, international gatherings on Information Assurance. Papers may present theory, technique, applications, or practical experience on topics including:
- Access control
- Anonymity
- Authentication
- Authorization and delegation
- Cryptographic protocols
- Data integrity
- Dependability
- Information flow control
- Smartcards
- System security
- Digital right management
- Accountability
- Applied cryptography
- Covert channels
- Cybercrime
- Denial of service attacks
- Formal methods in security
- Inference control
- Information warfare
- Steganography
- Transaction management
- Data and application security
- Intellectual property protection
- Intrusion tolerance
- Peer-to-peer security
- Language-based security
- Network security
- Non-interference
- Privacy-enhancing technology
- Pseudonymity
- Subliminal channels
- Trustworthy user devices
- Identity management
- Security as quality of service
- Secure electronic commerce
- Security administration
- Security evaluation
- Security management
- Security models
- Security requirements engineering
- Security verification
- Survivability
- Information dissemination control
- Trust models and trust management policies

For more information, please see http://www.isac.uma.es/esorics08.

WDFIA 2008 3rd International Annual Workshop on Digital Forensics and Incident Analysis, Held in conjunction with the 13th European Symposium on Research in Computer Security (ESORICS 2008), University of Malaga, Malaga, Spain, October 9, 2008. [posted here 2/18/08]
The field of digital forensics is rapidly evolving and continues to gain significance in both the law enforcement and the scientific community. Being intrinsically interdisciplinary, it draws upon a wide range of subject areas such as information & communication technologies, law, social sciences and business administration. The workshop aims to provide a forum for researchers and practitioners to present original, unpublished research results and innovative ideas. We welcome the submission of papers from the full spectrum of issues relating to the theory and practice of digital forensics and incident analysis. Areas of special interest include, but are not limited to:
- Digital forensics tools and applications
- Incident response and investigation
- Forensic standards and procedures
- Portable electronic device forensics
- Network forensics
- Data hiding and recovery
- Network traffic analysis, traceback and attribution
- Data mining and e-discovery and their corporate use
- Legal, ethical and policy issues related to digital forensics
- Digital evidence visualisation and presentation
- Integrity of digital evidence and live investigations
- Digital evidence chain of custody, storage and preservation
- Multimedia analysis
- Digital forensics case studies
- The Trojan defence
- Forensics issues of malicious code
- Best practices and case studies
- Anti-forensics

For more information, please see http://www.aegean.gr/wdfia08.

FAST 2008 5th International Workshop on Formal Aspects in Security & Trust, Held in conjunction with the 13th European Symposium on Research in Computer Security (ESORICS 2008), Malaga, Spain, October 9-10, 2008. [posted here 5/12/08]
The fifth International Workshop on Formal Aspects in Security and Trust (FAST2008) aims at continuing the successful efforts of the previous FAST workshops, fostering the cooperation among researchers in the areas of security and trust. As computing and network infrastructures become increasingly pervasive, and as they carry increasing economic activity, society needs well matched security and trust mechanisms. These interactions increasingly span several enterprises and involve loosely structured communities of individuals. Participants in these activities must control interactions with their partners based on trust policies and business logic. Trust-based decisions effectively determine the security goals for shared information and for access to sensitive or valuable resources. FAST focuses on the formal models of security and trust that are needed to state goals and policies for these interactions. We also seek new and innovative techniques for establishing consequences of these formal models. Implementation approaches for such techniques are also welcome. Suggested submission topics include, but are not limited to:
- Formal models for security, trust and reputation
- Security protocol design and analysis
- Logics for security and trust
- Trust-based reasoning
- Distributed Trust Management Systems
- Digital Assets Protection
- Data protection
- Privacy and ID management issues
- Information flow analysis
- Language-based security
- Security and Trust aspects in ubiquitous computing
- Validation/Analysis tools and techniques
- Web/Grid Services Security/Trust/Privacy
- Security and Risk Assessment
- Resource and Access Control
- Case studies

For more information, please see http://www.iit.cnr.it/FAST2008/.

PiLBA 2008 International Workshop on Privacy in Location-Based Applications, Held in conjunction with the the 13th European Symposium on Research in Computer Security (ESORICS 2008), Malaga, Spain, October 10, 2008. [posted here 4/7/08]
Although data security and privacy issues have been extensively investigated in several domains, the current available techniques are not readily applicable for privacy protection in location based applications (LBA). An example application is a Location Based Service, which is typically invoked through mobile devices that can include location and movement information in service requests. Other location based applications use similar data, possibly stored in a moving object database, to solve various kinds of optimization problems, to perform statistical analysis of specific phenomena, as well as to predict potentially critical situations. While location data can be very effective for better services and can enable new kind of services, it poses serious threats to the privacy of users. LBA in travel, logistics, health care, and other industries already exist and are poised to proliferate. Examples include the identification of resources close to the user (e.g., the closest pharmacy), and the identification of the optimal route to reach a destination from the user's position considering traffic conditions and possibly other constraints. One of the critical issues for a wide-spread deployment of these applications is how to conciliate the effectiveness and quality of these services with privacy concerns. They bring unique challenges mostly due to the richness of location and time information that is necessarily connected to location based applications. The research in this field involves aspects of spatio-temporal reasoning, query processing, system security, statistical inference, and anonymization techniques. Several research groups have been working in the recent years to identify privacy attacks and defense techniques in this domain. Topics of interest include everything involving privacy aspects arising in the design, development and deployment of location-based applications. Examples are the following:
- Formal models of attacks and defenses in LBA
- Anonymization/Pseudonymization in LBA
- Sensitive data obfuscation in LBA
- Authorization and Access Control involving spatio-temporal data
- Publication of micro-data acquired through LBA
- Privacy preserving data mining on geographically referenced data
- Statistical approaches to privacy preservation in LBA
- Trust Management in LBA
- Applied Cryptography for LBA

For more information, please see http://pilba.dico.unimi.it.

SecPri-WiMob 2008 1st International Workshop on Security and Privacy in Wireless and Mobile Computing, Networking and Communications, Held in conjunction with the 4th IEEE International Conference on Wireless and Mobile Computing, Networking and Communications (WiMob 2008), Avignon, France, October 12, 2008. [posted here 4/14/08]
Wireless and Mobile communication networks offer organizations and users several benefits, such as portability, mobility and flexibility, while increasing everyday business productivity, and reducing installation cost. However, although Wireless and Mobile communication environments eliminate many of the problems associated with traditional wired networks, the new security and privacy risks introduced by such environments need to be reduced by exploiting appropriate security measures and safeguards, ensuring an acceptable level of overall residual hazard. The objectives of the SecPri-WiMob 2008 Workshop are to bring together researchers from research communities in Wireless and Mobile Computing, Networking and Communications, Security and Privacy, with the goal of fostering interaction. We welcome the submission of papers from the full spectrum of issues related with Security and Privacy in Wireless and Mobile Computing, Networking and Communications. Papers may focus on protocols, architectures, methods, technologies, applications, practical experiences, simulation results and analysis, theory and validation on topics include, but not limited to:
- Cryptographic Protocols for Mobile and Wireless Networks
- Key Management in Mobile and Wireless Computing
- Reasoning about Security and Privacy
- Privacy and Anonymity in Mobile and Wireless Computing
- Public Key Infrastructure in Mobile and Wireless Environments
- Economics of Security and Privacy in Wireless and Mobile environments
- Security Architectures and Protocols in Wireless LANs
- Security Architectures and Protocols in B3G/4G Mobile Networks
- Security and Privacy features into Mobile and Wearable devices
- Location Privacy
- Ad hoc Networks Security
- Sensor Networks Security
- Wireless Ad Hoc Networks Security
- Role of Sensors to Enable Security
- Security and Privacy in Pervasive Computing
- Trust Establishment, Negotiation, and Management
- Secure PHY/MAC/routing protocols
- Security under Resource Constraints (bandwidth, computation constraints, energy)

For more information, please see http://www.aegean.gr/SecPri_WiMob_2008.

eCrime 2008 3rd APWG eCrime Researchers Summit, Atlanta, GA, USA, October 15-16, 2008. [posted here 5/12/08]
Original papers on all aspects of electronic crime are solicited for submission to eCrime '08. Topics of relevance include but are not limited to:
- Phishing, pharming, click-fraud, crimeware, extortion and emerging attacks.
- Technical, legal, political, social and psychological aspects of fraud and fraud prevention.
- Techniques to assess the risks and yields of attacks and the success rates of countermeasures.
- Delivery techniques, including spam, voice mail and rank manipulation; and countermeasures.
- Spoofing of different types, and applications to fraud.
- Techniques to avoid detection, tracking and takedown; and ways to block such techniques.
- Honeypot design, data mining, and forensic aspects of fraud prevention.
- Design and evaluation of user interfaces in the context of fraud and network security.
- Best practices related to digital forensics tools and techniques, investigative procedures, and evidence acquisition, handling and preservation.

For more information, please see http://www.ecrimeresearch.org/.

NSS 2008 IFIP International Workshop on Network and System Security, Shanghai, China, October 18-19, 2008. [posted here 3/24/08]
While the attack systems have become more easy-to-use, sophisticated, and powerful, interest has greatly increased in the field of building more effective, intelligent, adaptive, active and high performance defense systems which are distributed and networked. We will focus our program on issues related to Network and System Security, such as authentication, access control, availability, integrity, privacy, confidentiality, dependability and sustainability of computer networks and systems. The aim of this workshop is to provide a leading edge forum to foster interaction between researchers and developers with the network and system security communities, and to give attendees an opportunity to interact with experts in academia, industry and governments. NSS 2008 will feature new results, challenging research questions, novel approaches and innovative directions in network and system security. Contributions are solicited in all areas of network and system security research and applications. Topics include, but not limited to:
- Active Defense Systems
- Adaptive Defense Systems
- Benchmark, Analysis and Evaluation of Security Systems
- Distributed Access Control and Trust Management
- Distributed Attack Systems and Mechanisms
- Distributed Intrusion Detection/Prevention Systems
- Denial-of-Service Attacks and Countermeasures
- High Performance Security Systems
- Identity Management and Authentication
- Implementation, Deployment and Management of Security Systems
- Intelligent Defense Systems
- Internet and Network Forensics
- Large-scale Attacks and Defense
- RFID Security and Privacy
- Security Architectures in Distributed Network Systems
- Security for Critical Infrastructures
- Security for P2P systems and Grid Systems
- Security in E-Commerce
- Security and Privacy in Wireless Networks
- Secure Mobile Agents and Mobile Code
- Security Simulation and Tools
- Security Theory and Tools in Network Systems
- Viruses, Worms, and Other Malicious Code
- World Wide Web Security

For more information, please see http://nss.cqu.edu.au.

NPSec 2008 4th workshop on Secure Network Protocols, Held in conjunction with the 16th IEEE International Conference on Network Protocols (ICNP 2008), Orlando, Florida, USA, October 19, 2008. [posted here 5/5/08]
NPSec focuses on two general areas. The first focus is on the development and analysis of secure or hardened protocols for the operation (establishment and maintenance) of network infrastructure, including such targets as secure multidomain, ad hoc, sensor or overlay networks, or other related target areas. This can include new protocols, enhancements to existing protocols, protocol analysis, and new attacks on existing protocols. The second focus is on employing such secure network protocols to create or enhance network applications. Examples include collaborative firewalls, incentive strategies for multiparty networks, and deployment strategies to enable secure applications. NPSec 2008 particularly welcomes new ideas on security in the context of future Internet design, such as architectural considerations for future Internet security and new primitives for supporting secure network protocol and application design. Topics of interest include but are not limited to:
- security in future Internet architectures
- secure and/or resilient network protocols, e.g. (internetworking/routing, MANETs, LANs and WLANs, mobile/cellular data networks, p2p and other overlay networks, federated trust systems, sensor networks)
- vulnerabilities of existing protocols and applications (both theoretical and case studies), including attacks
- key distribution/management
- intrusion detection and response
- incentive systems for p2p systems and MANETs routing
- secure protocol configuration and deployment

For more information, please see http://www.netsec.colostate.edu/npsec08/.

ICICS 2008 10th International Conference on Information and Communications Security, Birmingham, UK, October 20-22, 2008. [posted here 3/24/08]
The event, which started in 1997, brings together individuals involved in multiple disciplines of Information and Communications Security, in order to foster the exchange of ideas. ICICS 2008 will be organised by the School of Computer Science, University of Birmingham, in co-operation with HP Laboratories (Bristol, UK) and the International Communications and Information Security Association (ICISA). Original papers on all aspects of information and communications security are solicited for submission to ICICS 2008. Areas of interest include, but are not limited to:
- Access control
- Anti-malware
- Anonymity
- Applied cryptography
- Authentication and authorization
- Biometric security
- Data and system integrity
- Database security
- Distributed systems security
- Electronic commerce
- Fraud control
- Grid security
- Information hiding and watermarking
- Intellectual property protection
- Intrusion detection
- Key management and key recovery
- Language-based security
- Operating system security
- Network security
- Risk evaluation and security certification
- Security for mobile computing
- Security models
- Security protocols
- Trusted computing

For more information, please see http://events.cs.bham.ac.uk/icics08/.

SIS 2008 3rd International Workshop on Secure Information Systems, Wisla, Poland, October 20-22, 2008. [posted here 4/21/08]
The SIS workshop is envisioned as a forum to promote the exchange of ideas and results addressing complex security issues that arise in modern information systems. We aim at bringing together a community of security researchers and practitioners working in such divers areas as networking security, antivirus protection, intrusion detection, cryptography, security protocols, and others. We would like to promote an integrated view at the security of information systems. Covered topics include (but are not limited to):
- Access control
- Adaptive security
- Cryptography
- Copyright protection
- Cyberforensics
- Honeypots
- Information hiding
- Intrusion detection
- Network security
- Privacy
- Secure commerce
- Security exploits
- Security policies
- Security protocols
- Security services
- Security evaluation and prediction
- Software protection
- Trusted computing
- Threat modeling
- Usability and security
- Viruses and worms
- Zero-configuration security mechanisms

For more information, please see http://www.sis.imcsit.org/.

CCS 2008 15th ACM Conference on Computer and Communications Security, Alexandria, Virginia, USA, October 27-31, 2008. [posted here 3/24/08]
The annual ACM Computer and Communications Security Conference is a leading international forum for information security researchers, practitioners, developers, and users to explore cutting-edge ideas and results, and to exchange techniques, tools, and experiences. We invite submissions from academia, government, and industry presenting novel research on all theoretical and practical aspects of computer security, as well as case studies and implementation experiences.

The conference seeks submissions from academia, government, and industry presenting novel research on all theoretical and practical aspects of computer and communications security, as well as case studies and implementation experiences. Papers should have relevance to the construction, evaluation, application, or operation of secure systems. Theoretical papers must make a convincing argument for the practical significance of the results. All topics related to computer and communications security are of interest. Authors interested in submitting but unsure if their topic is in scope should assume that it probably is in scope but should contact the program chairs if further guidance is desired.

For more information, please see http://www.sigsac.org/ccs/CCS2008/.

WPES 2008 7th ACM Workshop on Privacy in the Electronic Society, Held in conjunction with the 15th ACM Conference on Computer and Communication Security (CCS 2008), Alexandria, VA, USA, October 27, 2008. [posted here 4/21/08]
The need to consider privacy has been widely recognized in society at large, with resulting impact on government, commerce, education, health care, entertainment, and other sectors. This workshop discusses the problems related to privacy in the global interconnected society and their possible solutions. The workshop seeks submissions from academia and industry presenting novel research on all theoretical and practical aspects of electronic privacy, as well as experimental studies of fielded systems. We encourage submissions from other communities such as law and business that present these communities' perspectives on technological issues. Topics of interest include, but are not limited to:
- anonymity, pseudonymity, and unlinkability
- privacy and confidentiality management
- business models with privacy requirements
- privacy in electronic records
- protection from correlation, inference, and linking attacks
- privacy in health care and public administration
- electronic communication privacy
- public records and personal privacy
- information dissemination control
- privacy and virtual identity
- privacy-aware access control
- personally identifiable information
- privacy in the digital business
- privacy policy enforcement
- privacy enhancing technologies
- privacy and data mining
- privacy policies and their enforcement
- relationships between privacy and security
- privacy and anonymity in Web transactions
- user profiling
- privacy in social networks
- wireless privacy
- privacy threats
- economics of privacy
- privacy and human rights
- RFIDs and privacy
- privacy in mobile computing
- privacy in outsourced computing
- privacy in electronic voting

For more information, please see http://dais.cs.uiuc.edu/wpes08.

QOP 2008 4th International Workshop on Quality of Protection, Held in conjunction with the 15th ACM Conference on Computer and Communication Security (CCS 2008), Alexandria, VA, USA, October 27, 2008. [posted here 3/3/08]
In the last few decades, Information Security has gained numerous standards, industrial certifications, and risk analysis methodologies. However, the field still lacks the strong, quantitative, measurement-based assurance that we find in other fields. For example, Networking researchers have created and utilize Quality of Service (QoS), Service Level Agreements (SLAs), and performance evaluation measures. Empirical Software Engineering has made similar advances with software measures: processes to measure the quality and reliability of software exist and are appreciated in industry. Security looks different. Even a fairly sophisticated standard such as ISO17799 has an intrinsically qualitative nature. Notions such as Security Metrics, Quality of Protection (QoP) or Protection Level Agreement (PLA) have surfaced in the literature, but they still have a qualitative flavor. Furthermore, many recorded security incidents have a non-IT cause. As a result, security requires a much wider notion of "system" than do most other fields in computer science. In addition to the IT infrastructure, the "system" in security includes users, work processes, and organizational structures. The goal of the QoP Workshop is to help security research progress towards a notion of Quality of Protection in Security comparable to the notion of Quality of Service in Networking, Software Reliability, or measures in Empirical Software Engineering. The topics of interest include but are not limited to:
- Industrial experience
- Security risk analysis
- Security measures
- Reliability analysis
- Security quality assurance
- Measurement-based decision making and risk management
- Empirical assessment of security architectures and solutions
- Mining data from attack and vulnerability repositories
- Measurement theory
- Formal theories of security measures
- Security measurement and monitoring
- Experimental validation of models
- Simulation and statistical analysis
- Stochastic modeling

For more information, please see http://qop-workshop.org.

DRM 2008 8th ACM Workshop on Digital Rights Management, Held in conjunction with the 15th ACM Conference on Computer and Communication Security (CCS 2008), Alexandria, VA, USA, October 27, 2008. [posted here 3/10/08]
The ACM Workshop on Digital Rights Management is an international forum that serves as an interdisplinary bridge between areas that can be applied to solving the problem of Intellectual Property protection of digital content. These include: cryptography, software and computer systems design, trusted computing, information and signal processing, intellectual property law, policy-making, as well as business analysis and economics. Its purpose is to bring together researchers from the above fields for a full day of formal talks and informal discussions, covering new results that will spur new investigations regarding the foundations and practices of DRM.

For more information, please see http://www.ece.unm.edu/DRM2008/.

StorageSS 2008 4th International Workshop on Storage Security and Survivability, Held in conjunction with the 15th ACM Conference on Computer and Communication Security (CCS 2008), Alexandria, VA, USA, October 27, 2008. [posted here 5/5/08]
The 4th ACM International Workshop on Storage Security and Survivability (StorageSS 2008) will bring together researchers in storage systems, computer and network security, and cryptography. We encourage paper submissions from both research and industry presenting novel ideas on all theoretical and practical aspects of protecting data in storage and file systems. TOPICS OF INTEREST include, but aren't limited to:
- storage protection tradeoffs
- storage protection deployment (including case studies)
- smart storage for security and/or survivability
- analysis of covert storage channels and leaks
- mobile storage protection
- novel backup protection techniques
- protection using versioning
- storage encryption techniques (modes of operation, fast software/hardware encryption)
- key management techniques
- encrypted keyword search and database query
- security analysis of deployed file/volume encryptor, encrypted disc
- tamper-evident storage protection techniques
- immutable storage protection techniques, provenance
- storage threat models
- storage intrusion detection systems
- security for long-term / archival storage
- privacy and trust issues in (untrusted) remote/hosted storage
- TPM and storage security

For more information, please see http://storagess.org/2008/.

AISec 2008 1st ACM Workshop on AISec, Held in conjunction with the 15th ACM Conference on Computer and Communication Security (CCS 2008), Alexandria, VA, USA, October 27, 2008. [posted here 3/3/08]
The ubiquitous nature of information and communication today is often cited as the cause of many security and privacy problems including identity and reputation management, viruses/worms and phishing/pharming. There is strong evidence, however, that this abundance of information and communication has at least as many security and privacy benefits as costs. Consider for example, the use of machine learning algorithms to detect network intrusions, crowd-based approaches to anonymous communication and the use of data mining algorithms to determine content sanitization. All of these efforts benefit from recent advances in AI, which have often been driven by increases in the amount of available data. To fully realize the security and privacy benefits of today's ubiquitous information, the security community needs expertise in the tools and techniques for managing that information, namely, artificial intelligence technology, and the AI community needs an understanding of security and privacy problems. To facilitate an exchange of ideas between these two communities, we are holding the first workshop in "AISec" in conjunction with the 15th ACM Conference on Computer and Communications Security (CCS), the new field of security and privacy solutions that leverage AI technologies. The topics of interest include but are not limited to:
- Spam detection
- Fraud detection
- Botnet detection
- Intrusion detection
- Malware identification
- Insider threat detection
- Privacy-preserving data mining
- Inference detection and control
- Phishing detection and prevention
- Design and analysis of CAPTCHAs
- AI approaches to trust and reputation
- Machine learning techniques for optimizing user experience
- Vulnerability testing through intelligent probing (e.g. fuzzing)
- Content-driven security policy management & access control
- Techniques and methods for generating training and test set

For more information, please see http://www.aisec.info.

CRiSIS 2008 3rd International Conference on Risks and Security of Internet and Systems, Tozeur, Tunisia, October 28-30, 2008. [posted here 2/18/08]
The topics addressed by CRiSIS’2008 range from the analysis of faults, risks, attacks and vulnerabilities to system survivability and adaptability, passing through security policies and models, security and dependability mechanisms and privacy enhancing technologies. Topics include but are not limited to:
Models for specification, design and validation of security and dependability
- Security and trust models
- Models for security policies
- Formal methods, verification and certification
- UML and MDA for dependable systems
- Architectures for secure and dependable systems
- Self-protecting models and architectures
- Designing business models with security management
Management of security and dependability
- Management of risks, attacks and vulnerabilities
- Risk analysis, security and quality assurance
- Awareness of risks, attacks and vulnerabilities
- Metrology and security management
- Key management Infrastructure (PKI) and trust management
- Monitoring and management of faults
- Planning and executing of repair actions
- Adaptability management
Security and dependability techniques and mechanisms
- Authentication, authorization and audit
- Privacy protection and anonymization
- Intrusion detection and fraud detection
- Traceability and forensics
- Biometrics, watermarking, cryptography and security protocols
- Access and information flow controls
- Use of smartcards and personal devices
- Firewalls and intrusion detection systems
- Viruses, worms and malicious codes
- Attack data acquisition (honeypots) and network monitoring
- Adaptation of security policies
Secure and dependable systems
- Security and dependability of operating systems and network components
- Security of services oriented applications
- Security dependability of distributed and grid applications
- Fault tolerance of Internet applications
- Reflective middleware
- Security and safety of critical infrastructures
- Security and privacy of peer-to-peer system, wireless networks, VPN and embedded systems
- Security of new generation networks, security of Voice-over-IP and multimedia
- Self-protecting, self-stabilizing and self-healing systems
Secure and dependable applications
- Security in Electronic payment
- Security of electronic voting
- Security in e-health
- Dependability in e-learning

For more information, please see http://www.redcad.org/crisis2008/.

DIM 2008 4th ACM Workshop on Digital Identity Management, Held in conjunction with the 15th ACM Conference on Computer and Communication Security (CCS 2008), Fairfax, VA, USA, October 31, 2008. [posted here 3/3/08]
As the competitive edge of the global economy is shifting to "services" delivered over the Internet, we need a way of making identity available on-demand to the services in an open, scalable, and secure manner. Identity for services is a holistic concern that must satisfy technology, regulatory and business needs for existing and emerging markets, such as Software as a Service (SaaS) and Service Oriented Architectures (SOA). Identity services should introduce consistency, efficiency and scalability in IT infrastructures built on the Internet to form the new "identity layer". Also, it should be easy for developers to incorporate identity services as part of distributed application logic. To fully achieve the potential benefits of identity managed as a set of services, such as cost-effectiveness and shorter deployment times, several security and privacy challenges must be addressed. Such challenges arise because of the complex and distributed systems across different organizations involved in identity service offerings. The goal of the workshop is to lay the foundation and agenda for further research and development in this area. Under the broad umbrella of "Services and Identity", we encourage both researchers and practitioners to participate and submit papers on topics including, but not limited to the following:
- Identity management for SaaS
- SOA for identity
- Scalability issues in identity management
- Resilient identity service provisioning
- Dynamic mutual trust negotiation
- SLA for identity services
- Identity based access control
- Migration to identity services
- Identity service discovery
- Virtual directories
- Identity management process assurance
- Identity life-cycle
- Externalization of identity
- Risk management for identity
- Identity oracles
- Translation and resolution of namespaces
- Network transport as a service
- Privacy and hosted services
- Mobile identities
- Balance between de-centralization of identity and centralization of controls
- Privacy preservation during orchestration of services in multiple domains

For more information, please see http://www2.pflab.ecl.ntt.co.jp/dim2008.

VMSec 2008 1st ACM Workshop on Virtual Machine Security, Held in conjunction with the 15th ACM Conference on Computer and Communication Security (CCS 2008), Fairfax, VA, USA, October 31, 2008. [posted here 4/21/08]
This workshop, the first of its kind to deal exclusively with virtual machine security, will tackle the important research topics in virtualization security. Virtualization has seen an explosion in growth in deployment, implementations, and applications. Virtualization holds unique properties that make it attractive for security including isolation, compartmentalization, live state capture, and replay. Virtualization has been used to study malicious software as well as to prevent malicious software infection. In addition, virtualization itself is now the subject of attack. This workshop aims to bring together leading researchers in the fields of virtualization and security to present the latest work on these topics. Scope and topics include:
- Applications of virtualization for security
- Security and integrity of virtual machines
- Detecting virtualization
- Evading virtualization
- Trapping malicious code via virtualization
- Economic implications of virtualization
- Attacks and vulnerabilities against virtualization environments
- Honey Nets and Honey Client architectures, systems, and results
- Management and control of virtual machine farms for security
- Forensics using virtualization
- Enhancing privacy and anonymity using virtualization
- Measuring security and performance of virtualization
- Instrumentation and control of virtualization
- Performance optimization of virtual machines
- Performance and security analysis of lightweight virtualization
- Virtualization for mobile devices
- Vulnerabilities in virtualization environments

For more information, please see http://csis.gmu.edu/VMSec/.

STC 2008 3rd ACM Workshop on Scalable Trusted Computing, Held in conjunction with the 15th ACM Conference on Computer and Communication Security (CCS 2008), Fairfax, VA, USA, October 31, 2008. [posted here 3/31/08]
Built on the continuous success of ACM STC'06 and STC'07, this workshop focuses on fundamental technologies of trusted computing and its applications in large-scale systems -- those involving large number of users and parties with varying degrees of trust. The workshop is intended to serve as a forum for researchers as well as practitioners to disseminate and discuss recent advances and emerging issues. Topics of interests include but not limited to:
- security policies and models of trusted computing
- architecture and implementation technologies for trusted platform
- limitations, alternatives and tradeoffs regarding trusted computing
- trust in authentications, users and computing services
- hardware based trusted computing
- software based trusted computing
- pros and cons of hardware based approach
- remote attestation of trusted devices
- censorship-freeness in trusted computing
- cryptographic support in trusted computing
- case study in trusted computing
- applications of trusted computing
- intrusion resilience in trusted computing
- access control for trusted computing
- principles for handling scales
- scalable trust supports and services
- trusted embedded computing and systems
- trusted computing in networks and distributed systems
- virtualization and trusted computing

For more information, please see http://www.sisa.samsung.com/innovation/stc08.

CSAW 2008 2nd Computer Security Architecture Workshop, Held in conjunction with the 15th ACM Conference on Computer and Communication Security (CCS 2008), Fairfax, VA, USA, October 31, 2008. [posted here 6/2/08]
The design and evaluation of Security Architectures is of fundamental importance to security. And yet, many of our fundamental architectures were created when security was less appreciated and less well understood. Since it is notoriously difficult to add security after the fact, our systems are far too susceptible to attack. Moreover, architectures, because they are broad based, are difficult to understand and this is a specialized workshop in which Security Architecture experts will gather. As far as we know, this workshop is unique in its focus on Security Architectures. The workshop topics include, but are not limited to:
- Authorization
- Authentication
- Network security
- Distributed systems
- Operating systems
- Privacy
- Applications and security frameworks
- Specialized applications such as voting systems
- Hardware/software co-design for security
- Analysis of architectures
- System composability (properties, pitfalls, analysis & reasoning
- Assurance techniques
- Case studies
- Usability issues

For more information, please see http://www.rites.uic.edu/csaw/.

November 2008

SKM 2008 Workshop on Secure Knowledge Management, Richardson, Texas, USA, November 3-4, 2008. [posted here 5/5/08]
Knowledge management is the methodology for systematically gathering, organizing, and disseminating information. It essentially consists of processes and tools to effectively capture and share data as well as use the knowledge of individuals within an organization. Knowledge Management Systems (KMS) promote sharing information among employees and should contain security features to prevent any unauthorized access. Security is becoming a major issue revolving around KMS. Security methods may include authentication or passwords, cryptography programs, intrusion detection systems or access control systems. Issues include insider threat (protecting from malicious insiders), infrastructure protection (securing against subversion attacks) and establishing correct policies and refinement and enforcement. Furthermore KMS content is much more sensitive than raw data stored in databases and issues of privacy also become important. Since the attacks in 2001, many organizations, especially the US government, have increased their concern about KMS. With the advent of intranets and web-access, it is even more crucial to protect corporate knowledge as numerous individuals now have access to the assets of a corporation. Therefore, we need effective mechanisms for securing data, information, and knowledge as well as the applications. The proposed workshop in Secure Knowledge Management will help in raising the awareness of academics and practitioners in this critical area of research and develop important questions that need to be tackled by the research community. Topics of interest include, and are not limited to:
- Secure Languages (Secure Knowledge Query Manipulation Language, Security Assertion Markup Language, B2B Circles of Trust)
- Return of Investment on Secure Knowledge Systems
- Digital Rights Management (Digital Policy Management)
- Secure Content Management (Secure Content Management in Authorized Domains, Secure Content Delivery, Content Trust Index)
- Knowledge Management for National Security (Securing and Sharing What We Know: Privacy, Trust and Knowledge Management, Identity Security Guarantee, Building Trust and Security in the B2B Marketplace)
- Security and Privacy in Knowledge Management
- Wireless security in the context of Knowledge Management

For more information, please see http://cs.utdallas.edu/skm2008/call_for_papers.htm.

IS 2008 3rd International Symposium on Information Security, Monterrey, Mexico, November 10-11, 2008. [posted here 4/21/08]
The goal of this symposium is to bring together researchers from the academia and practitioners from the industry in order to address information security issues. The symposium will provide a forum where researchers shall be able to present recent research results and describe emerging technologies and new research problems and directions related to them. The symposium seeks contributions presenting novel research in all aspects of information security. Topics of interest may include one or more of the following (but are not limited to) themes:
- Access Control and Authentication
- Accounting and Audit
- Biometrics for Security
- Buffer Overflows
- Computer Forensics
- Cryptographic Algorithms and Protocols
- Databases and Data Warehouses Security
- Honey Nets
- Identity and Trust Management
- Intrusion Detection and Prevention
- Information Filtering and Content Management
- Information Hiding and Watermarking
- Mobile Code Security
- Multimedia Security
- Network Security
- Privacy and Confidentiality
- Public-Key Infrastructure
- Privilege Management Infrastructure
- Risk Assessment
- Security Issues in E-Activities
- Security and Privacy Economics
- Security in RFID Systems
- Security and Trustiness in P2P Systems and Grid Computing
- Security in Web Services
- Smart Card Technology
- Software Security
- Usability of Security Systems and Services
- Vulnerability Assessment

For more information, please see http://www.cs.rmit.edu.au/fedconf/index.html?page=is2008cfp.

IWDW 2008 7th International Workshop on Digital Watermarking, Busan, Korea, November 10-12, 2008. [posted here 6/16/08]
IWDW 2008 is the seventh of a series of international work-shops focusing on digital watermarking and relevant techniques. It will provide an excellent opportunity for researchers and practitioners to present as well as to keep abreast with the latest developments in watermarking technologies. IWDW 2008 aims to provide a high quality forum for dissemination of research results. Areas of interest include, but are not limited to:
- Mathematical modeling of embedding and detection
- Information theoretic, stochastic aspects of data hiding
- Security issues, including attacks and counter-attacks
- Combination of data hiding and cryptography
- Optimum watermark detection and reliable recovery
- Estimation of watermark capacity
- Channel coding techniques for watermarking
- Large-scale experimental tests and benchmarking
- New statistical and perceptual models of content
- Reversible data hiding
- Data hiding in special media
- Data hiding and authentication
- Steganography and steganalysis
- Data forensics
- Copyright protection, DRM, and forensic watermarking
- Visual cryptography

For more information, please see http://multimedia.korea.ac.kr/iwdw2008.

SERENE 2008 RISE/EFTS Joint International Workshop on Software Engineering for REsilieNt systEms, Newcastle upon Tyne, UK, November 17-19, 2008. [posted here 4/21/08]
The SERENE 2008 workshop is an international forum for researchers and practitioners interested in the advances in Software Engineering for Resilient Systems. SERENE 2008 views resilient systems as open distributed systems that have capabilities to dynamically adapt, in a predictable way, to unexpected and harmful events, including faults and errors. Engineering such systems is a challenging issue which needs urgent attention from and combined efforts by people working in various domains. Achieving this objective is a very complex task, since it implies reasoning explicitly and in a consistent way about systems functional and non-functional characteristics. SERENE advocates the idea that resilience should be explicitly included into traditional software engineering theories and practices and should become an integral part of all steps of software development. As current software engineering practices tend to either capture only normal behaviour, or to deal with all abnormal situations only at the late development phases, new software engineering methods and tools need to be developed to support explicit handling of abnormal situations through the whole software life cycle. Moreover, every phase of the software development process needs to be enriched with the phase-specific resilience means. The following constitutes a list of the key software engineering domains that the SERENE workshop will focus on. This list should not, however, be considered as closed or technically restrictive:
- Formal and semi-formal modelling of resilience properties
- Re-engineering for resilience
- Software development processes for resilience
- Requirement engineering processes for resilience
- Model Driven Engineering of resilient systems
- Verification and validation of resilient systems
- Error and fault handling in the software life-cycle
- Resilience through exception handling in the software life-cycle
- Frameworks and design patterns for resilience
- Software architectures for resilience
- Component-based development and resilience
- System structuring for resilience
- Atomic actions
- Dynamic resilience mechanisms
- Resilience prediction
- Resilience metadata
- Reasoning and adaptation services for improving and ensuring resilience
- Intelligent and adaptive approaches to engineering resilient systems
- Engineering of self-healing autonomic systems
- Dynamic reconfiguration for resilience
- Run-time management of resilience requirements
- CASE tools for developing resilient systems

For more information, please see http://serene2008.uni.lu.

TrustCom 2008 The 2008 International Symposium on Trusted Computing, Central South University, Zhang Jia Jie, China, November 18-20, 2008. [posted here 4/28/08]
This symposium, held in conjunction with The 9th International Conference for Young Computer Scientists (ICYCS 2008), brings together researchers and engineers from academia, government and industry working on topics of trusted computing with regard to security, safety, privacy, reliability, dependability, survivability, availability, and fault tolerance aspects of computer systems and networks. The aim is to provide a forum for them to present and discuss emerging ideas and trends in this highly challenging research field. Main topics of interest include, but are not limited to:
- Semantics, metrics and models of trust
- Trust establishment, propagation, and management
- Trusted computing platform
- Trusted network computing
- Trusted operating system
- Trusted software
- Trusted database
- Trusted services and applications
- Trust in e-commerce and e-government
- Trust in mobile and wireless networks
- Cryptography and security protocols
- Reliable and fault-tolerant computer systems/networks
- Survivable computer systems/networks
- Authentication in computer systems/networks
- Access control in computer systems/networks
- Key management in computer systems/networks

For more information, please see http://trust.csu.edu.cn/conference/trustcom2008/.

STM 2008 4th International Workshop on Security and Trust Management, Held in conjunction with the IFIP TM 2008, Trondheim, Norway, November 25-27, 2008. [posted here 4/14/08]
STM08 is the fourth international workshop under the auspices of the Security and Trust Management working group of ERCIM (European Research Consortium in Informatics and Mathematics). STM 2008 has at least the following aims: (1) To investigate the foundations and applications of security and trust in ICT; (2) To study the deep interplay between trust management and common security issues such as confidentiality, integrity and availability; (3) To identify and promote new areas of research connected with security management, e.g. dynamic and mobile coalition management (e.g., P2P, MANETs, Web/GRID services); (4) To identify and promote new areas of research connected with trust management, e.g. reputation, recommendation, collaboration etc.; and (5)To provide a platform for presenting and discussing emerging ideas and trends. Topics of interest include but are not limited to:
- Semantics and computational models for security and trust
- Security and trust management architectures, mechanisms and policies
- Software engineering for security, trust and privacy
- Networked systems security
- Privacy and anonymity
- Identity management
- ICT for securing digital as well as physical assets
- Cryptography

For more information, please see http://www.isac.uma.es/stm08.

IWSEC 2008 3rd International Workshop on Security, Kagawa, Japan, November 25-27, 2008. [posted here 1/17/08]
The aim of IWSEC2008 is to contribute to security research and development addressing the topics from traditional theory and tools on security to other up-to-date issues. Topics include but are not limited to:
- Cryptography
- Authorization and Access Control
- Biometrics
- Information Hiding
- Quantum Security
- Network and Distributed Systems Security
- Privacy Enhancing Technology
- Security Issues in Ubiquitous/Pervasive Computing
- Security Management
- Software and System Security
- Protection of Critical Infrastructure
- Digital Forensics
- Economics and Other Scientific Approaches for Security

For more information, please see http://www.iwsec.org.

Globecom-CCNS 2008 Computer and Communications Network Security Symposium, Held in conjunction with the IEEE Global Communications Conference (GLOBECOM 2008), New Orleans, LA, USA, November 30 - December 4, 2008. [posted here 1/7/08]
The Computer and Communications Network Security Symposium will address all aspects of the modelling, design, implementation,deployment, and management of computer/network security algorithms, protocols,architectures, and systems. Furthermore, contributions devoted to the evaluation, optimization, or enhancement of security mechanisms for current technologies as well as devising efficient security and privacy solutions for emerging technologies are solicited. Topics of interest include:
- Secure PHY, MAC, Routing and Upper Layer Protocols
- Secure Cross Layer Design
- Authentication Protocols and Services Authorization
- Confidentiality
- Data and System Integrity
- Availability of Secure Services
- Key Distribution and Management
- PKI and Security Management
- Trust Models and Trust Establishment
- Identity Management and Access Control
- Deployment and Management of Computer/Network Security Policies
- Monitoring Design for Security
- Distributed Intrusion Detection Systems and Countermeasures
- Traffic Filtering and Firewalling
- IPv6 security, IPSec
- Virtual Private Networks (VPNs)
- Prevention, Detection and Reaction Design
- Revocation of Malicious Parties
- Light-Weight Cryptography
- Quantum Cryptography and QKD
- Applications of Cryptography and Cryptanalysis in communications security
- Security and Mobility
- Mobile Code Security
- Network traffic Analysis Techniques
- Secure Naming and Addressing (Privacy and Anonymity)
- Application/Network Penetration Testing
- Advanced Cryptographic Testbeds
- Network Security Metrics and Performance Evaluation
- Operating System(OS) Security and Log Analysis Tools
- Security Modelling and Protocol Design
- Security Specification Techniques
- Self-Healing Networks
- Smart Cards and Secure Hardware
- Biometric Security: Technologies, Risks and Vulnerabilities
- Information Hiding and Watermarking
- Vulnerability, Exploitation Tools, and Virus/Worm Analysis
- Distributed Denial-Of-Service (DDOS) Attacks and Countermeasures
- DNS Spoofing and Security
- Critical infrastructure Security
- Single- and Multi-Source Intrusion Detection and Response (Automation)
- Web, E-commerce, M-commerce, and E-mail Security
- New Design for Unknown Attacks Detection

For more information, please see http://www.comsoc.org/confs/globecom/2008/symposium/compcom.html.

December 2008

ACSAC 2008 24th Annual Computer Security Applications Conference, Anaheim, California, December 8-12, 2008. [posted here 4/21/08]
ACSAC is an internationally recognized forum where practitioners, researchers, and developers in information system security meet to learn and to exchange practical ideas and experiences. Papers offering novel contributions in any aspect of computer and application security are solicited. Papers may present technique, applications, or practical experience, or theory that has a clear practical impact. Papers are encouraged on technologies and methods that have been demonstrated to be useful for improving information systems security and that address lessons from actual application. Topics of interest include, but are not limited to:
- access control
- applied cryptography
- audit and audit reduction
- biometrics
- boundary control devices
- certification and accreditation
- database security
- defensive information warfare
- denial of service protection
- electronic commerce security
- enterprise security
- forensics
- identification and authentication
- identity management
- incident response planning
- information survivability
- insider threat protection
- integrity
- intellectual property rights protection
- intrusion detection
- malware
- multimedia security
- operating systems security
- peer-to-peer security
- privacy and anonymity
- product evaluation criteria and compliance
- risk/vulnerability assessment
- secure location services
- security engineering and management
- security in IT outsourcing
- service oriented architectures
- software assurance
- trust management
- virtualization security