Contents
ICISS 2007
3rd International Conference on Information Systems Security,
Delhi, India, December 16-20, 2007.
[posted here 2/28/07]
After the successful organization of ICISS 2006 at the Indian Statistical Institute,
Kolkata, India, the 3nd conference will be organized by the University of Delhi.
ICISS presents a forum for disseminating the latest research results in
Information Systems Security and related areas. Topics of interest include
but are not limited to:
- Authentication and Access Control
- Mobile Code Security
- Key Management and Cryptographic Protocols
- E-business / E-commerce Security
- Privacy and Anonymity
- Intrusion Detection and Avoidance
- Security Verification
- Network Security
- Database and Application Security and Integrity
- Digital Rights Management
- Security in P2P, Sensor and Ad hoc Networks
- Digital Forensics
- Biometric Security
- Secure Web Services
- Fault Tolerance and Recovery Methods for Security Infrastructure
- Threats, Vulnerabilities and Risk Management
- Commercial and Industrial Security
For more information, please see
http://siis.cse.psu.edu/iciss07/cfp.htm.
ICICS 2007
9th International Conference on Information and Communications Security,
Zhengzhou, Henan Province, China, December 12-15, 2007.
[posted here 6/26/07]
The 2007 International Conference on Information and Communications Security
will be the 9th event in the ICICS conference series, started in 1997, that
brings together individuals involved in multiple disciplines of Information and
Communications Security in order to foster exchange of ideas.
Original papers on all aspects of information and communications security
are solicited for submission to ICICS 2007. Areas of interests include but
not limited to:
- Access Control
- Anti-Virus and Anti-Worms
- Anonymity
- Authentication and Authorization
- Applied Cryptography
- Biometric Security
- Data and System Integrity
- Database Security
- Distributed Systems Security
- Electronic Commerce Security
- Fraud Control
- Grid Security
- Information Hiding and Watermarking
- Intellectual Property Protection
- Intrusion detection
- Key Management and Key Recovery
- Language-based Security
- Operating System Security
- Network Security
- Risk Evaluation and Security Certification
- Security for Mobile Computing
- Security Models
- Security Protocols
- Trusted Computing
For more information, please see
http://www.icics2007.org.cn/.
ACSAC 2007
23rd Annual Computer Security Applications Conference,
Miami Beach, Florida, USA, December 10-14, 2007.
[posted here 3/21/07]
ACSAC is an internationally recognized forum where practitioners, researchers,
and developers in information system security meet to learn and to exchange
practical ideas and experiences. Papers offering novel contributions in any
aspect of computer and application security are solicited. Papers may present
technique, applications, or practical experience, or theory that has a clear
practical impact. Papers are encouraged on technologies and methods that have
been demonstrated to be useful for improving information systems security and
that address lessons from actual application. Topics of interest include,
but are not limited to:
- Access control
- Applied cryptography
- Audit and audit reduction
- Biometrics
- Certification and accreditation
- Database security
- Denial of service protection
- Defensive information warfare
- Electronic commerce security
- Enterprise security
- Firewalls and other boundary control devices
- Forensics
- Identification and authentication
- Identity Management
- Information survivability
- Insider threat protection
- Integrity
- Intellectual property rights protection
- Incident response planning
- Intrusion detection and event correlation
- Malware
- Middleware and distributed systems security
- Mobile and wireless security
- Modeling and simulation related to security
- Operating systems security
- Peer-to-peer security
- Product evaluation criteria and compliance
- Privacy
- Risk/vulnerability assessment
- Secure location services
- Security engineering and management
- Security in IT outsourcing
- Service Oriented Architectures
- Software assurance
- Trust management
- VoIP Security
- Wireless Security
For more information, please see
http://www.acsac.org.
ASIAN 2007
12th Annual Asian Computing Science Conference Focusing on Computer and Network Security,
Carnegie Mellon University, Doha, Qatar, December 9-11, 2007.
[posted here 6/4/07]
The ASIAN conference series provides a forum for researchers throughout Asia
to present cutting-edge results in yearly-themed areas of Computer Science, to
discuss advances in these fields, and to interact with researchers from other continents.
The 2007 edition focuses on computer and network security.
New results in the fields of computer and network security are welcome.
Also welcome are more exploratory presentations, which may examine open questions and raise
fundamental concerns about existing theories and practices.
Topics of interest include, but are not limited to:
- Access control
- Database security
- Privacy and Anonymity
- Cryptographic protocols
- Trust and trust management
- Authentication
- Digital rights management
- Executable content
- Language-based security
- Formal methods for security
- Data and system integrity
- Distributed systems security
- Security for mobile computing
- Wireless network security
- Denial-of-service and prevention
- Intrusion detection and avoidance
- Digital forensics
- Vulnerabilities and risk management
- Secure electronic commerce
- Secure software engineering
For more information, please see
http://www.qatar.cmu.edu/asian07.
Asiacrypt 2007
13th Annual International Conference on the Theory and Application of
Cryptology & Information Security,
Kuching, Sarawak, Malaysia, December 2-6, 2007.
[posted here 3/19/07]
Original research papers on all technical aspects of cryptology are
solicited for submission to ASIACRYPT 2007, the annual International
Conference on Theory and Application of Cryptology and Information Security.
The conference is sponsored by the International Association for Cryptologic
Research (IACR) in cooperation with the Information Security
Research (iSECURES) Lab of Swinburne University of Technology (Sarawak Campus)
and the Sarawak Development Institute (SDI); and financially supported by the
Sarawak Government.
For more information, please see
http://www.swinburne.edu.my/asiacrypt2007.
HASE 2007
10TH IEEE International Symposium on High Assurance Systems Engineering,
Dallas, TX, USA, November 14-16, 2007.
[posted here 6/11/07]
The IEEE International Symposium on High Assurance Systems Engineering is a
forum for discussion of systems and software engineering issues to achieve high
assurance systems. The focus is on integrated approaches for assuring reliability,
availability, integrity, privacy, confidentiality, safety, and real-time of complex
systems and the methods for assessing the assurance levels of the systems to a
high degree of confidence. Technical and experience papers on algorithms, policies,
middleware, tools, and models for high assurance systems development, verification
and validation, and assessment are welcome.
Topics of interests for the symposium include, but are not limited to:
- Design and development of highly reliable, survivable, secure, safe, and time-assured systems
- Integrated system reliability, availability, security, safety, and timing analysis and evaluation methods
- Policies for reliability, safety, security, integrity, privacy, and confidentiality of high assurance systems
- Formal specification, specification validation, testing, and model checking for high assurance systems
- High assurance software architectures and design
- Transformation-based and evolutionary-based system development
- Reconfigurable system design for evolving high assurance requirements
- Dynamic monitoring and adaptation for run-time assurance
- High assurance information/knowledge systems and data grids
- High assurance embedded systems, ubiquitous systems and sensor networks
- High assurance web services
- Extending web service specifications for reliability, safety, security, privacy and other QoS properties
- Assurance techniques for service-oriented systems
- Case studies, experiments and tools for high assurance systems
For more information, please see
http://hase07.utdallas.edu/.
TGC 2007
The Symposium on Trustworthy Global Computing,
Sophia-Antipolis, France, November 5-6, 2007.
[posted here 6/26/07]
The Symposium on Trustworthy Global Computing is an international annual
venue dedicated to safe and reliable computation in global computers.
It focuses on providing tools and frameworks for constructing well-behaved
applications and for reasoning about their behaviour and properties in
models of computation that incorporate code and data mobility over
distributed networks with highly dynamic topologies and heterogeneous
devices. We solicit paper in all areas of global computing,
including (but not limited to):
- theories, models and algorithms for global computing and service
- oriented computing
- language concepts and abstraction mechanisms
- security through verifiable evidence
- information flow and resource usage policies
- verification of cryptographic protocols and their use
- trust, access control and security enforcement mechanisms
- self configuration, adaptation, and dynamic components management
- software principles to support debugging and verification
- test generators, symbolic interpreters, type checkers
- model checkers, theorem provers
- privacy, reliability and business integrity
For more information, please see
http://www-sop.inria.fr/everest/tgc/tgc07.
STC 2007
2nd ACM Workshop on Scalable Trusted Computing,
Held in conjunction with the 14th ACM Conference on Computer and Communications Security (CCS 2007),
Fairfax, VA, USA, November 2, 2007.
[posted here 4/30/07]
In a society increasingly dependent on networked information systems, trusted
computing plays a crucial role. Despite significant progress in trusted computing components,
the issue of scalability in trusted computing and its impact on security are not well-understood.
Consequently, there is a dearth of practical solutions for trusted computing in large-scale systems.
Approaches suitable for small- or medium-scale trusted computing systems might not be applicable
to larger-scale scenarios. This workshop, built on the success of its predecessor (STC'06),
is focused on trusted computing in large-scale systems -- those involving (at the very least)
many millions of users and thousands of third parties with varying degrees of trust.
Topics of interest to the workshop include the following:
- models for trusted computing
- principles of trusted computing
- modeling of computing environments, threats, attacks and countermeasures
- limitations, alternatives and tradeoffs regarding trusted computing
- trust in authentications, users and computing services
- hardware based trusted computing
- software based trusted computing
- pros and cons of hardware based approach
- remote attestation of trusted devices
- censorship-freeness in trusted computing
- cryptographic support in trusted computing
- case study in trusted computing
- applications of trusted computing
- intrusion resilience in trusted computing
- access control for trusted computing
- trust of computing systems
- principles for handling scales
- scalable trust support and service
- trusted embedded computing and systems
- trusted computing in networks and distributed systems
- virtualization and trusted computing
For more information, please see
http://www.cs.utsa.edu/~shxu/stc07/.
CSAW 2007
1st ACM Computer Security Architecture Workshop,
Held in conjunction with the 14th ACM Conference on Computer and Communications Security (CCS 2007),
Fairfax, VA, USA, November 2, 2007.
[posted here 4/23/07]
The Computer Security Architecture Workshop (CSAW)}--pronounced
see-saw--solicits papers on security architectures, their interfaces,
implementations, and implications. The design and evaluation of
Security Architectures is of fundamental
importance to security. And yet, many of our fundamental
architectures were created when security was less appreciated and less
well understood. Since it is notoriously difficult to add security
after the fact, our systems are far too susceptible to attack.
Moreover, architectures, because they are broad based, are difficult
to understand and this is a specialized workshop in which Security
Architecture experts will gather. As far as we know, this workshop is
unique in its focus on Security Architectures.
The workshop topics include, but are not limited to:
- Authorization
- Authentication
- Network security
- Distributed systems
- Operating systems
- Privacy
- Applications and security frameworks
- Specialized applications such as voting systems
- Hardware/software co-design for security
- Analysis of architectures
- System composability (properties, pitfalls, analysis & reasoning)
- Assurance techniques
- Case studies
- Usability issues
For more information, please see
http://www.rites.uic.edu/csaw.
WORM 2007
5th ACM Workshop on Recurring Malcode,
Held in conjunction with the 14th ACM Conference on Computer and Communications Security (CCS 2007),
Fairfax, VA, USA, November 2, 2007.
[posted here 4/16/07]
Internet-wide infectious epidemics have emerged as one of the leading threats to
information security and service availability. Self-propagating threats, often termed
worms, exploit software weaknesses, hardware limitations, Internet topology, and the open
Internet communication model to compromise large numbers of networked systems. Malware
is increasingly used as a beachhead to launch further malicious activities, such as
installing spyware, deploying phishing servers and spam relays, or performing
information espionage. Unfortunately, current operational practices still face
significant challenges in containing these threats as evidenced by the rise in
automated botnet networks and the continued presence of worms released years ago.
The goal of this workshop is to provide a forum for exchanging ideas, increasing the
understanding, and relating experiences on malicious code from a wide range of communities,
including academia, industry, and the government. We are soliciting papers from researchers
and practitioners on subjects including, but not limited to:
- Automatic malcode detection
- Malicious code characterization
- Botnet detection and disruption
- Malcode reverse engineering
- Modeling and analysis of propagation dynamics
- Forensic methods of attribution
- Threat assessment
- Reactive countermeasures
- Proactive malware defenses
- Significant operational experiences
- Measurement studies
- New threats and related challenges
For more information, please see
http://www.auto.tuwien.ac.at/~chris/worm07.html.
DIM 2007
3rd ACM Workshop on Digital Identity Management,
Held in conjunction with the 14th ACM Conference on Computer and Communications Security (CCS 2007),
Fairfax, VA, USA, November 2, 2007.
[posted here 3/16/07]
This year's theme is "Usability Issues for Identity Management." As the Web 2.0 trend exemplifies,
user experiences on the Net are becoming more and more interactive, dynamic, and personalized.
With appropriate control over the number and use of their identity(s), users can enjoy the advantages
of highly sophisticated personal services without the management burden they currently face or
sacrificing their privacy. However, standing in the way of this attractive goal are malicious
identity-motivated attacks (such as phishing & pharming), inadequate user understanding of the
underlying trust models (including the consequences of poorly set security and privacy preferences),
and the complexity of managing how identities are to be used, shared, and delegated.
To address such issues, many technological solutions have been already proposed, both in the
industry and academia, to date with mixed success.
To ensure that the emerging identity management technologies are accepted by end-users,
we must reconcile (or strike the right balance between) two goals that are generally thought
to be contradictory: the usability of the systems on one hand and their security and privacy
on the other. The aim of this workshop is to gather vendors, users, and researchers, in the
areas of identity management, to discuss and provide recommendations for the best approaches
for making implementable and deployable improvements to the usability of identity management.
Topics of particular interest include (but are not limited to):
- User interaction design for identity management
- Social identity
- User centric identity
- Expressing trustworthiness of identity management to users
- Empirical analysis of usability problems with identity management systems
- Evaluation methodologies for usability of identity management systems
- Novel user interface technologies for identity management
- Privacy enhanced user interaction
- User education on identity management
- Elicitation of privacy preferences from end users
- Identity theft prevention
- User-readable privacy policies
- Methodologies and interfaces for managing multiple identities including delegation
- Identity theft prevention
- Privacy-enhancing identity management
- Consistent UI for identity transactions
For more information, please see
http://www2.pflab.ecl.ntt.co.jp/dim2007/.
FMSE 2007
5th ACM Workshop on Formal Methods in Security Engineering: From Specifications to Code,
Held in conjunction with the 14th ACM Conference on Computer and Communications Security (CCS 2007),
Fairfax, VA, USA, November 2, 2007.
[posted here 4/16/07]
Information security has become a crucial concern for the commercial deployment of
almost all applications and middleware. Although this is commonly recognized,
the incorporation of security requirements in the software development process
is not yet well understood. The deployment of security mechanisms is often ad hoc,
without a formal security specification or analysis, and practically always without
a formal security validation of the final product. Progress is being made, but there
remains a wide gap between high-level security models and actual code development.
We seek original research papers addressing foundational issues in formal methods
in security engineering. Topics covered include, but are not limited to:
- security requirements and risk analysis
- access control models, information flow models, and trust models
- specification and analysis of security properties
- stepwise development by refinement and composition
- computationally sound abstraction
- program logics and type systems for security
- other techniques for verification and static analysis
- tool support for the development and analysis of security-critical systems
- design and analysis of security protocols
- security aspects of operating systems and middleware
- case studies
For more information, please see
http://www.fmis.informatik.tu-darmstadt.de/fmse07/.
DRM 2007
7th ACM Workshop on Digital Rights Management,
Held in conjunction with the 14th ACM Conference on Computer and Communications Security (CCS 2007),
Alexandria, VA, USA, October 29, 2007.
[posted here 4/23/07]
Digital Rights Management (DRM) is an interdisciplinary field intersecting with many
different areas including cryptography, software and computer systems design,
information and signal processing, law, policy-making, as well as business analysis
and economics. Currently human intellectual product is predominantly produced in digital
form and as a result the DRM problem ought to be viewed in the broader sense that
spans the full spectrum of human productivity rather than a narrow perspective that
applies it to music or videos. ACM-DRM is an international workshop that looks at the
DRM problem in its broadest possible interpretation and aims to bring together
scientists and scholars from all the related disciplines for an exchange of ideas
and presentation of cutting edge results related to digital content distribution.
Topics of interest include but are not limited to:
- anonymous publishing, privacy and DRM
- architectures for DRM systems
- business models for online content distribution. risk management
- copyright-law issues, including but not limited to fair use
- digital goods and online multiplayer games
- digital policy management
- implementations and case studies
- robust identification of digital content
- security issues, including authorization, encryption, tamper resistance, watermarking, and fingerprinting
- information theory and combinatorics, including marking assumptions and related codes
- supporting cryptographic technology including but not limited to traitor tracing, broadcast encryption, obfuscation
- threat and vulnerability assessment
- trusted computing, attestation, hardware support for DRM, side-channel attacks
- usability aspects of DRM systems
- web services related to DRM systems
For more information, please see
http://www.cse.uconn.edu/~drm2007.
QoP 2007
3rd International Workshop on Quality of Protection,
Held in conjunction with the 14th ACM Conference on Computer and Communications Security (CCS 2007),
Alexandria, VA, USA, October 29, 2007.
[posted here 4/2/07]
In the last few decades, Information Security has gained numerous standards, industrial
certifications, and risk analysis methodologies. However, the field still lacks the strong,
quantitative, measurement-based assurance that we find in other fields. For example, Networking
researchers have created and utilize Quality of Service (QoS), Service Level Agreements (SLAs),
and performance evaluation metrics. Empirical Software Engineering has made similar advances
with software metrics: processes to measure the quality and reliability of software exist
and are appreciated in industry. The goal of the QoP Workshop is to help security research
progress towards a notion of Quality of Protection in Security comparable to the notion of
Quality of Service in Networking, Software Reliability, or Software Measurements and Metrics
in Empirical Software Engineering. The topics of interest include but are not limited to:
- Industrial experience
- Security risk analysis
- Security metrics
- Reliability analysis
- Security quality assurance
- Measurement-based decision making and risk management
- Empirical assessment of security architectures and solutions
- Mining data from attack and vulnerability repositories
- Measurement theory
- Formal theories of security metrics
- Security measurement & monitoring
- Experimental validation of models
- Simulation & statistical analysis
- Stochastic modeling
For more information, please see
http://www.qop-workshop.org/.
WPES 2007
6th ACM Workshop on Privacy in Electronic Society,
Held in conjunction with the 14th ACM Conference on Computer and Communications Security (CCS 2007),
Alexandria, VA, USA, October 29, 2007.
[posted here 6/4/07]
The need for privacy-aware policies, regulations, and techniques has been widely recognized.
This workshop discusses the problems related to privacy in the global interconnected society
and their possible solutions. The workshop seeks submissions from academia and industry
presenting novel research on all theoretical and practical aspects of electronic privacy,
as well as experimental studies of fielded systems. We encourage submissions from other
communities such as law and business that present these communities' perspectives on
technological issues. Topics of interest include, but are not limited to:
- anonymity, pseudonymity, and unlinkability
- privacy and confidentiality management
- business model with privacy requirements
- privacy in the electronic records
- data protection from correlation and leakage attacks
- privacy in health care and public administration
- electronic communication privacy
- public records and personal privacy
- information dissemination control
- privacy and virtual identity
- privacy-aware access control
- personally identifiable information
- privacy in the digital business
- privacy policy enforcement
- privacy enhancing technologies
- privacy and data mining
- privacy policies
- relationships between privacy and security
- privacy and anonymity in Web transactions
- user profiling
- Privacy in social networks
- wireless privacy
- privacy threats
- economics of privacy
- privacy and human rights
For more information, please see
http://www.csc2.ncsu.edu/workshops/wpes07/.
CCS 2007
14th ACM Conference on Computer and Communications Security,
Alexandria, VA, USA, October 29 - November 2, 2007.
[posted here 12/4/06]
The conference seeks submissions from academia and industry presenting novel
research on all theoretical and practical aspects of computer security,
as well as case studies and implementation experiences. Papers should have practical
relevance to the construction, evaluation, application, or operation of secure
systems. Theoretical papers must make convincing argument for the practical
significance of the results. Topics of interest include, but are not limited to:
- access control
- trust models
- smartcards
- key management
- information warfare
- authentication
- anonymity
- applied cryptography
- secure networking
- security management
- accounting and audit
- peer-to-peer security
- database security
- intrusion detection
- electronic fraud relating to phishing
- privacy-enhancing technology
- data and application security
- inference/controlled disclosure
- intellectual property protection
- commercial and industry security
- trust management policies
- digital rights management
- secure location services
- security for mobile code
- cryptographic protocols
- data/system integrity
- identity management
- security in IT outsourcing
For more information, please see
http://www.acm.org/sigs/sigsac/ccs/CCS2007/.
IWSEC 2007
2nd International Workshop on Security,
Nara, Japan, October 29-31, 2007.
[posted here 11/13/06]
The complex structure of networks, middleware, agents, P2P applications
and ubiquitous computing for commercial, personal, communal and public use,
brought forth the advent of information society in the cyberspace.
However the system poses new and diverse threats to the world. It is imperative
for the security researchers to look into the issues from an interdisciplinary
perspective. Papers may present theory, applications or practical experiences
on topics including, but not limited to:
- Fundamental Tools for Information Security
- Network and Distributed Systems Security
- Privacy Enhancing Technology
- Secure Living and Working Environments
- Security in Commerce and Government
- Security Management
- Software and System Security
- Protection of Critical Infrastructures
- Testing, Verification and Certification
- Law, Policy, Ethics and Related Technologies
For more information, please see
http://www.iwsec.org/.
VizSEC 2007
4th Workshop on Visualization for Computer Security,
Held in conjunction with IEEE Vis 2007 and IEEE InfoVis 2007,
Sacramento, California, USA, October 29, 2007.
[posted here 8/13/07]
The VizSEC 2007 Workshop on Visualization for Computer Security will provide
a forum for new research in visualization for computer security.
In many applications, visualization proves very effective to understand large high-dimensional data.
Thus, there is a growing interest in the development of visualization methods as alternative or
complementary solutions to the pressing cyber security problems.
However, while security visualization research has addressed the development of applications,
there has only been limited coverage of user needs and designing visualization to support
those needs. To address this shortcoming, the theme of this year's workshop will be on
applying user-centered design to VizSEC research, focusing on integrating users' needs,
visualization design, and evaluation. We solicit papers that report results on
visualization techniques and systems in solving all aspects of cyber security
problems. Topics include, but are not limited to:
- Visualization of Internet routing for security
- Visualization of packet traces and network flows for security
- Visualization of security vulnerabilities and attack paths
- Visualization of intrusion detection alerts
- Visualization of application processes for security
- Visualization for forensic analysis
- Visualization for correlating events
- Visualization for computer network defense training
- Visualization for offensive information operations
- Visualization for feature selection
- Visualization for detecting anomalous activity
- Deployment and field testing of VizSEC systems
- Evaluation and user testing of VizSEC systems
- User and design requirements for VizSEC systems
- Lessons learned from VizSEC systems development and deployment
For more information, please see
http://vizsec.org/workshop2007/.
StaR_SEC 2007
1st ACM Workshop on Information and Communications Security Standards and Regulations,
Held in conjunction with the 14th ACM Conference on Computer and Communications Security (CCS 2007),
Alexandria, VA, USA, October 29, 2007.
[posted here 4/2/07]
The main objective of the StaR_SEC 2007 Workshop is to explore the security aspects of
standards, regulations and certifications for Information and Communication Systems.
For many years the Security field was somehow isolated in the Information and
Communications Technology arena. Inevitably this isolation has been inherited to
the standards governing the security techniques and mechanisms that are currently
employed. It is therefore important to inform the scientific community about these
problems and facilitate better collaboration on the security aspects of international
standards and regulations. We welcome the submission of papers that address Security
Standards and Regulations activities, including, but not limited to:
- Access Control and Authorization
- Assurance Services
- Auditing and Forensic Information Management
- Authentication, Authorization, and Accounting
- Business Services
- Biometrics Technologies
- Confidentiality and Privacy Services
- Developing Secure Information and Communications Infrastructures
- Digital Rights Management
- eBusiness, eCommerce, eGovernment Security: Establishing Trust and Confidence of Citizens in eTransactions and eServices
- eHealth Security
- Lawful Interception Architectures and Functions
- Legal Issues
- Location Privacy and Secure Localization
- Long-term Archive and Notary Services
- Mail Security
- Methodologies for Authentication and Traceability
- Mobile, Ad hoc and Sensors Networks Security
- Multicast Security
- Network Defense Services
- PKI and PMI environments
- Privacy and Identity Management
- Registration and Authentication Services
- Security and Interoperability
- Security Challenges to the use and deployment of Disruptive Technologies (Trusted Computing, VoIP, WiMAX, RFID, IPv6)
- Securing Critical Information and Communication Infrastructures
- Security issues in Network Event Logging
- Security Policies
- Security Solutions for IP Multimedia Systems
- Standardization Aspects of Electronic Signatures
- Trust Services
- Wireless Security
For more information, please see
http://www.aegean.gr/StaR_SEC_2007.
PADM 2007
6th International Workshop on Privacy Aspects of Data Mining,
Held in conjunction with the IEEE International Conference on Data Mining (ICDM 2007) ,
Omaha, NE, USA, October 28, 2007.
[posted here 5/21/07]
Privacy aspects of data mining have an important impact on many data
analysis applications. The aim of the workshop is to bring together researchers
and practitioners interested in the privacy aspects of data mining, both
by from a technical perspective and from social and legal
perspectives. We hope to attract interest across a wide range of
possible data mining subareas, including: web mining, medical data
mining, spatio-temporal data mining, ubiquitous knowledge discovery,
stream data mining, multimedia mining, and obviously,
privacy-preserving data mining.
Topics of interest to the workshop include the following:
- Cryptographic tools for privacy preserving data mining
- Inference and disclosure control for data mining
- Learning algorithms for randomized/perturbed data
- Legal and regulatory frameworks for data mining and privacy
- Privacy and anonymity in e-commerce and user profiling
- Privacy aspects of business processes and enterprise management
- Privacy aspects of geographic, spatial, and temporal data
- Privacy aspects of ubiquitous computing systems
- Privacy enhancement technologies in web environments
- Privacy policy infrastructure, enforcement, and analysis
- Privacy preserving link and social network analysis
- Privacy preserving applications for homeland security
- Privacy preserving data integration
- Privacy protection in fraud and identify theft prevention
- Privacy threats due to data mining
- Biomedical and healthcare data mining research privacy
- Query systems and access control
- Trust management for data mining
For more information, please see
http://cimic.rutgers.edu/~padm.
NordSec 2007
12th Nordic Workshop on Secure IT Systems,
Reykjavik, Iceland, October 11-12, 2007.
[posted here 2/8/07]
Since 1996, the NordSec workshops have brought together computer security researchers
and practitioners from the Nordic countries, Northern Europe, and elsewhere.
The workshop is focused on applied computer security and is intended to encourage
interchange and cooperation between research and industry. Topics include, but are
not limited to, the following areas of computer security:
- Applied Cryptography
- Commercial Security Policies and Enforcement
- Communication and Network Security
- Computer Crime and Information Warfare
- Hardware and Smart Card Applications
- Internet and Web Security
- Intrusion Detection
- Language-based Techniques for Security
- New Ideas and Paradigms in Security
- Operating System Security
- PKI Systems and Key Escrow
- Privacy and Anonymity
- Security Education and Training
- Security Evaluations and Measurements
- Security Management and Audit
- Security Models
- Security Protocols
- Social-Engineering and Phishing
- Software Security, Attacks, and Defenses
- Trust and Trust Management
For more information, please see
http://www.ru.is/nordsec2007/.
IDMAN 2007
1st IFIP WG 11.6 working conference on Policies & Research in Identity Management,
Rotterdam, The Netherlands, October 11-12, 2007.
[posted here 4/16/07]
Papers offering research contributions focusing on national identity management are
solicited for submission to the 1st IFIP WG-11.6 International Conference on
National Identity Management. Papers may present theory, applications or practical
experiences in the field of national identity management, including, but not necessarily
limited to:
- History
- Law
- Philosophical and ethical aspects
- Economics
- Impact of free travel, weakening national borders and cyberspace on character and importance
- Impact on society and politics
- Impact on e-government and e-government applications
- Quality of national identity management in general
- Quality of national identity data
- Security of national identity management
- Central storage of general and biometric identity data
- Effectiveness of national identity management in fighting terrorism, international crime and human trafficking
- Methods of identification, authentication and authorisation
- Models of identity and access control procedures
- Government PKI
- (Possible) role of pseudonymous and anonymous identity in national identity management
- Electronic IDs
- European and worldwide policies and cooperation
- (Inter)national policies on social security numbers / personalisation IDs
- (Inter)national applications of passport biometrics
- Vulnerabilities of electronic passport protocols
- Multilateral national identity management
- Biometric verification, assurance, metrics and measurements
- Fraud resistance of biometrics
- Data Protection
- Privacy and Privacy Enhancing Technologies (PETs) and national identity management
- (Inter)national threats
- Intelligence
- Fraud and fraud detection
- Impersonation, identity fraud, identity forge and identity theft
- Tracing, monitoring and forensics
- Attacks on national identity and access management infrastructure and procedures
For more information, please see
http://privare.fbk.eur.nl/idman07/.
WSNS 2007
3rd IEEE International Workshop on Wireless and Sensor Networks Security,
Held in conjunction with the 4th IEEE International Conference on Mobile Ad-hoc and Sensor Systems (MASS 2007),
Pisa, Italy, October 8, 2007.
[posted here 3/12/07]
Wireless networks have experienced an explosive growth during the last few years.
Nowadays, there is a large variety of networks spanning from the well-known cellular
networks to non-infrastructure wireless networks such as mobile ad hoc networks and
sensor networks. Security issue is a central concern for achieving secured communication
in these networks. This one day workshop aims to bring together researchers and practitioners
from wireless and sensor networking, security, cryptography, and distributed computing
communities, with the goals of promoting discussions and collaborations. We are interested
in novel research on all aspects of security in wireless and sensor networks and tradeoff
between security and performance such as QoS, dependability, scalability, etc.
Topics include, but not limited to:
- Authentication and Access Control
- Cryptographic Protocol
- Experimental Studies
- Key Management
- Information Hiding
- Intrusion Detection and Response
- Privacy and Anonymity
- Secure Localization and Synchronization
- Security and Performance tradeoff
- Security Policy and Enforcement Issues
- Security Protocols Design, Analysis and Verification
- Secure Routing/MAC
- Surveillance and Monitoring
- Trust Management
For more information, please see
http://www7.informatik.uni-erlangen.de/~dressler/wsns07/.
EC2ND 2007
3rd European Conference on Computer Network Defence,
Heraklion, Crete, Greece, October 4-5, 2007.
[posted here 5/21/07]
The theme of the conference is the protection of computer networks.
The conference will draw participants from academia and industry in Europe and beyond to
discuss hot topics in applied network and systems security.
EC2ND invites submissions presenting novel ideas at an early stage with the intention to
act as a discussion forum and feedback channel for promising, innovative security research.
While our goal is to solicit ideas that are not completely worked out, and might have
challenging and interesting open questions, we expect submissions to be supported by some
evidence of feasibility or preliminary quantitative results.
Topics include but are not limited to:
- Intrusion Detection
- Denial-of-Service
- Privacy Protection
- Security Policies
- Peer-to-Peer and Grid Security
- Network Monitoring
- Web Security
- Vulnerability Management and Tracking
- Network Forensics
- Wireless and Mobile Security
- Cryptography
- Network Discovery and Mapping
- Incident Response and Management
- Malicious Software
- Web Services Security
- Legal and Ethical Issues
For more information, please see
http://2007.ec2nd.org/index.html.
eCrime 2007
2nd APWG eCrime Researchers Summit,
Pittsburgh, PA, USA, October 4-5, 2007.
[posted here 1/22/07]
The second Anti-Phishing Working Group (APWG) eCrime Researchers Summit
will be hosted by Carnegie Mellon CyLab, October 4-5, 2007, in Pittsburgh, PA.
Original papers on all aspects of electronic crime are solicited for submission
to eCrime '07. Topics of relevance include but are not limited to:
- Phishing, pharming, click-fraud, crimeware, extortion and emerging attacks.
- Technical, legal, political, social and psychological aspects of fraud and fraud prevention.
- Techniques to assess the risks and yields of attacks and the success rates of countermeasures.
- Delivery techniques, including spam, voice mail and rank manipulation; and countermeasures.
- Spoofing of different types, and applications to fraud.
- Techniques to avoid detection, tracking and takedown; and ways to block such techniques.
- Honeypot design, datamining, and forensic aspects of fraud prevention.
- Design and evaluation of user interfaces in the context of fraud and network security.
- Best practices related to digital forensics tools and techniques, investigative procedures,
and evidence acquisition, handling and preservation.
For more information, please see
http://www.ecrimeresearch.com/2007/cfp.html.
CRITIS 2007
2nd International Workshop on Critical Information Infrastructures Security,
Benalmadena-Costa, Malaga, Spain, October 3-5, 2007.
[posted here 5/14/07]
CRITI workshop aims at bringing together researchers and professionals from universities,
private companies and Public Administrations interested or involved in all security-related
heterogeneous aspects of Critical Information Infrastructures.
We invite research papers, work-in-progress reports, R&D projects results, surveying
works and industrial experiences describing significant security advances in the
following (non-exclusive) areas of Critical Information Infrastructures for which
we plan to have sessions:
- Code of Practice and Metrics
- Communication Risk & Assurance
- Early Warning Systems
- Economics on CIP
- R&D Agenda
- SCADA and Embedded Security
- National and Cross Border Issues
- Information Sharing and Exchange
- Policy Options Elaboration
- Threats and Attacks Modeling
- Continuity of Services and Resiliency
- Dependable Infrastructure Communications
- Internet-based remote control
- Forensic Techniques
- Incident Response
- Network Survivability
- Trust Models in Critical Scenarios
- Security Logistics
For more information, please see
http://critis07.lcc.uma.es.
SISW 2007
4th International IEEE Security in Storage Workshop,
San Diego, California, USA, September 27, 2007.
[posted here 2/8/07]
Stored information critical to individuals, corporations and governments
must be protected, but the continually changing uses of storage and the
exposure of storage media to adverse conditions make meeting that
challenge increasingly difficult. Example uses include employment of large
shared storage systems for cost reduction and, for convenience, wide use of
transiently-connected storage devices offering significant capacities and
manifested in many forms, often embedded in mobile devices.
Protecting intellectual property, personal records, health records, and
military secrets when media or devices are lost, stolen, or captured
is critical to information owners. To remain or become viable, activities
that rely on storage technology require a comprehensive systems approach
to storage security. This workshop serves as an open forum to discuss storage
threats and the technology and deployment of countermeasures.
The workshop seeks submissions from academia and industry presenting
novel research on all theoretical and practical aspects of designing,
building and managing secure storage systems; possible topics include,
but are not limited to the following:
- Cryptographic Algorithms for Storage
- Cryptanalysis of Systems and Protocols
- Key Management for Sector and File based Storage Systems
- Balancing Usability, Performance and Security concerns
- Unintended Data Recovery
- Attacks on Storage Area Networks and Storage
- Insider Attack Countermeasures Security for Mobile Storage
- Defining and Defending Trust Boundaries in Storage
- Relating Storage Security to Network Security
- Database Encryption
- Search on Encrypted Information
For more information, please see
http://ieeeia.org/sisw/2007/.
ESORICS 2007
12th European Symposium on Research in Computer Security,
Dresden, Germany, September 24-26, 2007.
[posted here 1/22/07]
Papers offering novel research contributions on any aspect of computer security
are solicited for submission to the Twelfth European Symposium on Research
in Computer Security (ESORICS 2007). Organized in a series of European countries,
ESORICS is confirmed as the European research event in computer security.
Papers may present theory, mechanisms, applications, or practical experience on all
traditional or emerging topics relevant for security in computing systems. For example,
the submissions might treat any innovative aspects of one or several topics listed
in the following:
- security architecture and secure components (trusted computing modules, smartcards,
personal computing devices, networks, information systems, applications,
peer-to-peer connections, language-based security, ... )
- access control (authorization, privileges, delegation, revocation, credentials,
authentication, accountability, safety analysis, ... )
- information control (data flows, information flows, inferences,
covert channel analysis, ... )
- applied cryptography (protocol design, protocol verification,
authentication protocols, identity management, key distribution, ... )
- tolerance and survivability (attack models, vulnerability analysis, intrusion detection,
malware collection and analysis, ... )
- security management (requirements engineering, policy specification,
trust evaluation, policy enforcement, ... )
- secure electronic commerce, administration, and government
(digital rights management, intellectual property protection,
privacy-enhancing technologies, e-voting, ... )
- formal methods in security (security models, security verification, ... )
For more information, please see
http://esorics2007.inf.tu-dresden.de/.
NSS 2007
IFIP International Workshop on Network and System Security,
Dalian, China, September 20, 2007.
[posted here 2/28/07]
In recent years, there has been significant increase in Internet attacks, such as DDoS,
viruses, worms, spyware, and malware, etc, causing huge economical and social damage.
While the attack systems have become more easy-to-use, sophisticated, and powerful, interest
has greatly increased in the field of building more effective, intelligent, and active defense
systems which are distributed and networked. We will focus our program on issues related to Network
and System Security, such as authentication, access control, availability, integrity, privacy,
confidentiality, dependability and sustainability of network defense systems. We also welcome
research reports on network attack systems; because we believe only by fully understanding the
attack mechanisms can we perform effective and comprehensive defense. The aim of this workshop is
to provide a leading edge forum to foster interaction between researchers and developers with the
network and system security communities, and to give attendees an opportunity to network with experts
in network and system security. Topics include, but not limited to:
- Active Defense Systems
- Benchmark, Analysis and Evaluation of Security Systems
- Distributed Access Control and Trust Management
- Distributed Attack Systems and Mechanisms
- Distributed Database Security
- Distributed Intrusion Detection/Prevention Systems
- Denial-of-Service Attacks and Countermeasures
- Identity Management and Authentication
- Implementation, Deployment and Management of Security Systems
- Intelligent Defense Systems
- Internet and Network Forensics
- Security Architectures in Distributed Network Systems
- Security for Large-scale Systems and Critical Infrastructures
- Security for P2P systems and Grid Systems
- Security for Ad-Hoc and Sensor Networks
- Security in E-Commerce
- Secure Mobile Agents and Mobile Code
- Security Theory and Tools in Network Systems
- Viruses, Worms, and Other Malicious Code
- World Wide Web Security
For more information, please see
http://nss2007.cqu.edu.au/.
NSPW 2007
New Security Paradigms Workshop,
White Mountain Hotel and Resort, New Hampshire, USA, September 18-21, 2007.
[posted here 4/6/07]
NSPW is a unique workshop that is devoted to the critical examination of new paradigms
in security. Each year, since 1992, we examine proposals for new principles upon which
information security can be rebuilt from the ground up. We conduct extensive, highly
interactive discussions of these proposals, from which we hope both the audience and the
authors emerge with a better understanding of the strengths and weaknesses of what has
been discussed. The New Security Paradigms workshop is dedicated to the proposition that
what Kuhn called "anomalies"---signs that the prevailing paradigm can no longer explain
phenomena observed in the real world---are already visible in the science of information
security, and, indeed, that the anomalies are so obvious and so serious that the
prevailing information security paradigm is or soon will be in crisis. NSPW aspires to
be the philosophical and intellectual breeding ground from which a revolution in the
science of information security will emerge. We solicit and accept papers on any topic in
information security subject to the following caveats:
- Papers that present a significant shift in thinking about difficult security issues are welcome.
- Papers that build on a recent shift are also welcome.
- Contrarian papers that dispute or call into question accepted practice or policy in
security are also welcome.
- We solicit papers that are not technology-centric, including those that deal with public
policy issues and those that deal with the psychology and sociology of security theory and practice.
- We discourage papers that represent established or completed works as well as those that
substantially overlap other submitted or published papers.
- We discourage papers which extend well-established security models with incremental improvements.
- We encourage a high level of scholarship on the part of contributors. Authors are expected to be
aware of related prior work in their topic area, even if it predates Google. In the course of
preparing an NSPW paper, it is far better to read an original source than to cite a text book
interpretation of it.
Our program committee particularly looks for new paradigms, innovative approaches to
older problems, early thinking on new topics, and controversial issues that might not
make it into other conferences but deserve to have their try at shaking and breaking
the mold.
For more information, please see
http://www.nspw.org/current/.
SecureComm 2007
3rd International Conference on Security and Privacy in Communication Networks,
Nice, France, September 17-21, 2007.
[posted here 12/4/06]
Securecomm seeks high-quality research contributions in the form of well-developed full papers.
Topics of interest encompass research advances in ALL areas of secure communications and
networking. Topics in other areas (e.g., formal methods, database security, secure software,
theoretical cryptography) will be considered only if a clear connection to private or secure
communication/networking is demonstrated. Securecomm brings together security and privacy
experts in academia, industry and government as well as practitioners, standards developers
and policy makers. Securecomm also serves as a venue for learning about state-of-the-art in
security and privacy research. Presentations reporting on cutting-edge research results
are supplemented by panels on controversial issues and invited talks on timely and
important topics.
- Security & Privacy in Wired, Wireless, Mobile, Hybrid, Sensor, Ad Hoc networks
- Network Intrusion Detection and Prevention, DoS Countermeasures
- Firewalls, Routers, Filters and Malware detectors
- Public Key Infrastructures and Other Security Architectures
- Secure Web Communication
- Communication Privacy and Anonymity
- Secure/Private E-commerce
- Secure Routing, Naming/Addressing, Network Management
- Security & Privacy in Pervasive and Ubiquitous Computing, e.g., RFIDs
For more information, please see
http://www.securecomm.org/2007/.
SECOVAL 2007
3rd Annual Workshop on the Value of Security through Collaboration in cooperation,
Held in conjunction with the 3rd International Conference on Security and Privacy in Communication Networks (SecureComm 2007),
Nice, France, September 17, 2007.
[posted here 1/31/07]
Security is usually centrally managed, for example in the form of policies duly
executed by individual nodes. The SECOVAL workshop covers the alternative trend of using
collaboration and trust to provide security. Instead of centrally managed security
policies, nodes may use specific knowledge (both local and acquired from other
nodes) to make security-related decisions. For example, in reputation- based schemes, the reputation
of a given node (and hence its security access rights) can be determined based on the
recommendations of peer nodes. As systems are being deployed on ever-greater scale without
direct connection to their distant home base, the need for self- management is rapidly
increasing. Interaction after interaction, as the nodes collaborate, there is the emergence of
a digital ecosystem. By guiding the local decisions of the nodes, for example, with whom the
nodes collaborate, global properties of the ecosystem where the nodes operate may be
guaranteed. Thus, the security property of the ecosystem may be driven by self-organizing
mechanisms. Depending on which local collaboration is preferred, a more trustworthy
ecosystem may emerge.
This year SECOVAL is focusing upon a special research subtopic within the scope of collaborative
security, namely, Privacy and Data Sanitization. Any useful collaboration is at some point sharing
data. Unfortunately, data sharing is one of the greatest hurdles getting in the way of
otherwise beneficial collaborations. Data regarding one's security stance is particularly
sensitive, often indicating ones own security weaknesses. This data could include computer or
network logs of security incidents, architecture documents, or sensitive organizational
information. Even when the data may not compromise the data owner's security stance, sharing
may violate a customer's privacy. Data sanitization techniques such as anonymization and other
mechanisms such as privacy-preserving data mining and statistical data mining try to address
this tension between the need to share information and protect sensitive information and user
privacy. Topics of interest to the workshop include, but are not limited to:
- Legal aspects of privacy and anonymization
- Economic issues of privacy enhancing tech
- Data sanitizing and privacy enhancing tools
- Data sharing and anonymization case studies
- Real-time anonymization issues
- Anonymization policy creation & negotiation
- Data sharing & sanitizing best practices
- Anonymity in Peer-to-Peer networks
- Classification of attacks against anonymization
- Metrics of utility, anonymization strength and information loss
- Anonymization / privacy-preserving algorithms
- Data injection and inference attacks
- Identification of sensitive fields and data
- Privacy-preserving Data Mining
- Statistical databases and protection of sensitive information
- Data mining multiple anonymized data sources
- Consistent pseudonym mappings in multi-party anonymization
- Identification of data sources and types useful to share for collaborative computer security
- Insights from industry and case studies
- Usability issues of current anonymization tools
For more information, please see
http://www.trustcomp.org/secoval/.
MMM–ACNS 2007
International Conference on Mathematical Methods, Models and Architectures
for Computer Networks Security,
St. Petersburg, Russia, September 16-18, 2007.
[posted here 12/4/06]
The First, Second and Third International Workshops "Mathematical Methods, Models
and Architectures for Computer Networks Security" organized in 2001, 2003 and
2005 were very successful. These workshops demonstrated the high interest of the
international scientific community to the theoretical aspects of the
computer network and information security and the need for conducting of such
workshops as on-going series. The proposed MMM-ACNS-2007 Conference is intended
as a next step in this series and will be focused on theoretical problems in the area
under consideration. Its objectives are to bring together leading researchers from
academia and governmental organizations as well as practitioners in the area of
computer networks and information security, facilitating personal interactions
and discussions on various aspects of information technologies in conjunction with
computer network and information security problems arising in large-scale computer
networks engaged in information storing, transmitting, and processing.
Papers may present theory, technique, and applications on topics including
but not restricted to:
- Adaptive security
- Authentication, Authorization and Access Control
- Computer and network forensics
- Covert channels
- Data and application security
- Data mining, machine learning, and bio-inspired approaches for security
- Deception systems and honeypots
- Denial-of-service attacks and countermeasures
- Digital Rights Management
- eCommerce, eBusiness and eGovernment Security
- Firewall Technologies
- Formal analysis of security properties
- Information warfare
- Internet and web security
- Intrusion detection and prevention
- Language-based security
- Network survivability
- New ideas and paradigms for security
- Operating system security
- Risk analysis and risk management
- Security and Privacy in Pervasive and Ubiquitous Computing
- Security for Grid Computing
- Security of emerging technologies (sensor, wireless/mobile, peer-to-peer and overlay networks)
- Security of autonomous agents and multi-agent systems
- Security modeling and simulation
- Security policies
- Security protocols
- Security verification
- Software protection
- Trust management
- Viruses, worms, and other malicious code
- Vulnerability assessment
For more information, please see
http://www.comsec.spb.ru/mmm-acns07/.
CHES 2007
9th Workshop on Cryptographic Hardware and Embedded Systems,
Vienna, Austria, September 10-13, 2007.
[posted here 12/18/06]
The focus of this workshop is on all aspects of cryptographic
hardware and security in embedded systems. The workshop is a forum
for new results from the research community as well as from the
industry. Of special interest are contributions that describe new
methods for secure and efficient hardware implementations, and
high-speed or leak-resistant software for embedded systems, e.g.
smart cards, microprocessors, DSPs, etc. The workshop helps to
bridge the gap between the cryptography research community and the
application areas of cryptography. Consequently, we encourage
submissions from academia, industry, and other organizations. All
submitted papers will be reviewed. The topics of CHES 2007
include but are not limited to:
- Computer architectures for public-key and secret-key cryptosystems
- Reconfigurable computing in cryptography \& FPGAs
- Cryptography for pervasive computing (RFID, sensor networks, etc.)
- Device identification
- Cryptography in wireless applications (mobile phone, LANs, etc.)
- Smart card attacks and architectures
- True and pseudo random number generators
- Embedded security
- Efficient algorithms for embedded processors
- Cryptographic processors and co-processors
- Nonclassical cryptographic technologies
- Security in commercial consumer applications such as pay-TV systems, automotive etc.
- Tamper resistance on the chip and board level
- Special-purpose hardware for cryptanalysis
- Side channel cryptanalysis
- Trusted computing platforms
For more information, please see
http://www.chesworkshop.org/.
RAID 2007
10th International Symposium on Recent Advances in Intrusion Detection,
Gold Coast, Queensland, Australia, September 5-7, 2007.
[posted here 1/8/07]
This symposium, the 10th in an annual series, brings together leading
researchers and practitioners from academia, government, and industry to
discuss issues and technologies related to intrusion detection and defense.
The Recent Advances in Intrusion Detection (RAID) International Symposium series
is intended to further advances in intrusion defense by promoting the exchange of
ideas in a broad range of topics. As in previous years, all topics related to
intrusion detection, prevention and defense systems and technologies are within
scope, including but not limited to the following:
- Intrusion detection and prevention techniques
- High-performance intrusion detection
- Intrusion detection in special environments (e.g., mobile networks)
- IDS cooperation and event correlation
- Formal models and analysis
- Attack response, countermeasures, and intrusion tolerance
- Survivability and self-protection
- Attacks against IDS and evasion
- Insider threat detection and mitigation
- Deception systems and honeypots
- Malicious code detection and containment
- Visualization techniques
- Intrusion detection assessment and benchmarking
- IDS interoperability standards and standardization
- Vulnerability analysis and risk assessment
- Legal and social issues
For more information, please see
http://www.isi.qut.edu.au/go/raid07.
SPatterns 2007
1st International Workshop on Secure Systems Methodologies Using Patterns,
Held in conjunction with the 4th International Conference on Trust, Privacy & Security in Digital Business (TrustBus 2007),
Regensburg, Germany, September 3-7, 2007.
[posted here 1/22/07]
Security patterns have arrived to a stage where there are a significant number
of them, two books about them have been published, and industry is starting to
accept and use them. Analysis and design patterns have been around for about
ten years and have found practical use in many projects. They have been
incorporated into several software development methodologies where less
experienced developers can use them to receive the advice and knowledge of
experts. The situation is not so clear for security patterns because
no accepted methodology exists for their use. This workshop focuses on
secure software methodologies. We seek papers describing individual security
patterns, new methodologies, new aspects of existing methodologies, pattern
languages to use in the methodologies, reference architectures, blueprints,
and related aspects. Experiences in applying the methodologies to real
situations are especially welcome.
For more information, please see
http://www-ifs.uni-regensburg.de/spattern07/.
TrustBus 2007
4th International Conference on Trust, Privacy & Security in Digital Business,
Held in conjunction with the 18th International Conference on Database and Expert Systems Applications (DEXA 2007),
Regensburg, Germany, September 3-7, 2007.
[posted here 12/4/06]
TrustBus’07 will bring together researchers from different disciplines,
developers, and users all interested in the critical success factors of digital
business systems. We are interested in papers, work-in-progress reports, and
industrial experiences describing advances in all areas of digital business
applications related to trust and privacy, including, but not limited to:
- Anonymity and pseudonymity in business transactions
- Business architectures and underlying infrastructures
- Common practice, legal and regulatory issues
- Cryptographic protocols
- Delivery technologies and scheduling protocols
- Design of businesses models with security requirements
- Economics of Information Systems Security
- Electronic cash, wallets and pay-per-view systems
- Enterprise management and consumer protection
- Identity and Trust Management
- Intellectual property and digital rights management
- Intrusion detection and information filtering
- Languages for description of services and contracts
- Management of privacy & confidentiality
- Models for access control and authentication
- Multimedia web services
- New cryptographic building-blocks for e-business applications
- Online transaction processing
- PKI & PMI
- Public administration, governmental services
- P2P transactions and scenarios
- Real-time Internet E-Services
- Reliability and security of content and data
- Reliable auction, e-procurement and negotiation technology
- Reputation in services provision
- Secure process integration and management
- Security and Privacy models for Pervasive Information Systems
- Security Policies
- Shopping, trading, and contract management tools
- Smartcard technology
- Transactional Models
- Trust and privacy issues in mobile commerce environments
- Usability of security technologies and services
For more information, please see
http://www.icsd.aegean.gr/trustbus07/.
WICS 2007
5th International Workshop on Internet Communications Security,
Held in conjunction with the International Conference on Database and Expert Systems Applications (DEXA 2007),
Regensburg, Germany, September 3-7, 2007.
[posted here 1/9/07]
With the advent of Web and its increasing dominant force in industry and
commerce, the Internet has become not only a communications means, but also
a key tool for businesses, research and social development. Nowadays it is
possible for us to file our tax report, buy books and CD's from a vendor in
another continent and even download multimedia content to out TV, thanks to
the use of those information networks. However, the more information is being
transmitted, the more probable is that we are interested in providing that
communication with some type of security (let it be confidentiality,
authenticity, non-repudiation, etc...) Furthermore, with the emergence of
new technologies and devices that are capable of getting access to the Internet,
we are also looking for solutions that allow these devices to secure the
information they transmit in a similar way that it is done with personal
computers. Original research papers on all technical aspects of Internet
security are solicited for submission to WICS 07. Topics of relevance
include but are not limited to:
- Authentication and authorization
- Intrusion detection and response
- Biometrics
- Key management
- Computer Forensics
- Mobile communications security
- Cryptography and its applications
- Network security
- Security Interoperability
- E-Commerce security
- Non repudiation
- Information Assurance
- Security protocols
- Intellectual property protection
- Security for emerging technologies
- Security in new generation technologies for the Internet: VoIP, contact-less smartcards, RFID, ...
For more information, please see
http://aspects.uc3m.es/wics07/.
SecCo 2007
5th International Workshop on Security Issues in Concurrency,
Lisboa, Portugal, September 3, 2007.
[posted here 4/2/07]
Emerging trends in concurrency theory require the definition of models and languages
adequate for the design and management of new classes of applications, mainly to
program either WANs (like Internet) or smaller networks of mobile and portable devices
(which support applications based on a dynamically reconfigurable communication structure).
Due to the openness of these systems, new critical aspects come into play, such as the
need to deal with malicious components or with a hostile environment. Current research
on network security issues (e.g. secrecy, authentication, etc.) usually focuses on
opening cryptographic point-to-point tunnels. Therefore, the proposed solutions in
this area are not always exploitable to support the end-to-end secure interaction
between entities whose availability or location is not known beforehand.
The aim of the workshop is to cover the gap between the security and the concurrency
communities. In particular, we look for papers dealing with security issues
(such as authentication, integrity, privacy, confidentiality, access control, denial
of service, service availability, safety aspects, fault tolerance, trust, language-based
security) in emerging fields like web services, mobile ad-hoc networks, agent-based infrastructures,
peer-to-peer systems, context-aware computing, global/ubiquitous/pervasive computing.
For more information, please see
http://www.dsi.uniroma1.it/~gorla/SecCo07/.
IAS 2007
3rd International Symposium on Information Assurance and Security,
Manchester, United Kingdom, August 29-31, 2007.
[posted here 12/18/06]
Information assurance and security has become an important research issue
in networked and distributed information sharing environments. Finding effective
ways to protect information systems, networks and sensitive data within the
critical information infrastructure is challenging even with the most advanced
technology and trained professionals. The International Symposium on Information
Assurance and Security aims to bring together researchers, practitioners,
developers, and policy makers involved in multiple disciplines of information
security and assurance to exchange ideas and to learn the latest development in
this important field. Previously unpublished work offering novel research and
application contributions in any aspect of information assurance, security and
privacy are solicited for submission to the IAS'07 symposium. Proposals for
workshops, panels and tutorials are also welcome. Topics of interest include,
but are not limited to, the following:
- Agent and Mobile Code Security
- Anonymity and User Privacy
- Authentication and Identity Management
- Authorization and Access Control
- Biometrics Security and Applications
- Computer Forensics
- Cryptographic Protocols
- Data Integrity and Privacy
- Database Security
- Denial of Service and Intrusion Detection
- Distributed System Security
- E-Commerce and E-Government Security
- Fraud Control
- Information Warfare and Cyber-terrorism
- Intellectual Property Protection
- Internet and Web Services Security
- Key Management and Recovery
- New Ideas and Paradigms for Security
- Operating System Security
- Secure Hardware and Smartcards
- Secure Software Technologies
- Security Education and Training
- Security Management and Strategy
- Security Models and Architectures
- Security Verification, Evaluations and Measurements
- Trust Negotiation, Establishment and Management
- Ubiquitous Computing Security
For more information, please see
http://www.ias07.org/.
WISA 2007
8th International Workshop on Information Security Applications,
Jeju Island, Korea, August 27-29, 2007.
[posted here 12/4/06]
The focus of the 8th International Workshop on Information Security Applications
(WISA 2007) is on all technical and practical aspects of cryptographic and
non-cryptographic security applications. The workshop will serve as a forum for
new results from the academic research community as well as from the industry.
The areas of interest include, but are not limited to:
- Internet & Wireless Security
- E-Commerce Protocols
- Access Control & Database Security
- Biometrics & Human Interface
- Network Security & Intrusion Detection
- Security & Trust Management
- Digital Rights Management
- Secure Software & Systems
- Information Hiding & Watermarking
- Information Security Management
- Computer Forensics & Cyber Indication
- Smart Cards & Secure Hardware
- Mobile & Application Security
- Privacy & Anonymity
- Public Key Crypto Applications
- Threats & Information Warfare
- Virus Protection & Applications
- Ubiquitous Computing Security
- Peer-to-Peer Security & Applications
For more information, please see
http://www.wisa.or.kr/.
WDFIA 2007
2nd Annual Workshop on Digital Forensics and Incident Analysis,
Samos, Greece, August 27-28, 2007.
[posted here 3/14/07]
The field of digital forensics is rapidly evolving and continues to gain significance
in both the law enforcement and the scientific community. The field is intrinsically
interdisciplinary, drawing upon fields such as information & communication technologies,
law, social sciences and business administration. The second workshop on digital
forensics and incident analysis, hosted by the University of the Aegean in the island
of Samos, aims to provide a forum for researchers and practitioners focusing on different
aspects of digital forensics and incident analysis to present original, unpublished
research results and innovative ideas. We welcome the submission of papers from the
full spectrum of issues relating to the theory and practice of digital forensics and
incident analysis. Areas of special interest include, but are not limited to:
- Digital forensics tools
- Forensic procedures
- Network forensics
- Network traffic analysis, traceback and attribution
- Legal, ethical and policy issues related to digital forensics
- Integrity of digital evidence and live investigations
- Multimedia analysis
- Incident response and investigation
- Portable electronic device forensics
- Data hiding and recovery
- Data mining and information discovery
- Digital evidence visualisation and communication
- Digital evidence storage and preservation
- Digital forensics case studies
For more information, please see
http://www.aegean.gr/wdfia07.
CRYPTO 2007
27th Annual International Cryptology Conference,
Santa Barbara, California, USA, August 19-23, 2OO7.
[posted here 1/15/07]
Original research papers on all technical aspects of cryptology are solicited
for submission to CRYPTO 2007, the Twenty-Seventh Annual International Cryptology
Conference. CRYPTO 2007 is sponsored by the International Association for Cryptologic
Research (IACR), in cooperation with the IEEE Computer Society Technical Committee on
Security and Privacy, and the Computer Science Department of the
University of California, Santa Barbara.
For more information, please see
http://www.iacr.org/conferences/crypto2007/.
DFRWS 2007
7th Annual Digital Forensic Research Workshop,
Pittsburgh, PA, USA, August 13-15, 2007.
[posted here 2/28/07]
DFRWS brings together leading researchers, developers, practitioners, and educators
interested in advancing the state of the art in digital forensics from around the world.
As the most established venue in the field, DFRWS is the preferred place to present
both cutting- edge research and perspectives on best practices for all aspects of
digital forensics. As an independent organization, we promote open community discussions
and disseminate the results of our work to the widest audience. We invite original contributions
as research papers (long and short), panel proposals, and demo proposals.
All papers are evaluated through a double-blind peer-review process, and those accepted
will be published in printed proceedings by Elsevier. Topics of Interest are:
- Incident response and live analysis
- Digital evidence storage and preservation
- Event reconstruction methods and tools
- File system and memory analysis
- Application analysis
- Network traffic analysis, traceback and attribution
- Embedded systems
- Mobile devices
- Large-scale investigations
- Data mining and information discovery
- Data hiding and recovery
- Multimedia analysis
- Tool testing and development
- Digital evidence and the law
- Case studies and trend reports
- Non-traditional approaches to forensic analysis
For more information, please see
http://www.dfrws.org/.
CNSS 2007
Computer and Network Security Symposium,
Held in conjunction with the International Wireless Communications & Mobile Computing Conference (IWCMC 2007),
Honolulu, Hawaii, USA, August 12-16, 2007.
[posted here 2/28/07]
The main objective of this symposium is to promote further research interests
and activities on computer and network security. It is also aimed at increasing the
synergy between academic and industrial researchers working in this area. We are
interested in theoretic, experimental, and systems-related papers in all aspects
of computer and network security.
Scope of the Computer and Network Security Symposium includes, but is not limited to:
- Novel and emerging secure architecture
- Cryptographic algorithms and applications
- Study of attack strategies, attack modeling
- Key management
- Intrusion detection techniques
- Intrusion response, alarm management, and correlation analysis
- Study of tradeoffs between security and system performance
- Intrusion tolerance systems
- Denial of service
- Distributed system security
- Wireless network security (WiFi, WiMAX, WiMedia and others)
- Sensor network security
- Mobile ad hoc network security
For more information, please see
http://www.cs.ndsu.nodak.edu/~xdu/CNSS_IWCMC07.htm.
PODC 2007
26th Annual ACM SIGACT-SIGOPS Symposium on the Principles of Distributed Computing,
Portland, Oregon, USA, August 12-15, 2007.
[posted here 1/8/07]
PODC 2007 solicits papers on all areas of distributed systems and networking.
We encourage submissions dealing with any aspect of distributed computing,
including theory and practice. The common goal is to shed light on the principles
of distributed computing. Topics of interest include the following
subjects in distributed systems:
- communication and synchronization protocols
- distributed algorithms, analysis, and complexity
- distributed operating systems, middleware platforms, and databases
- economical aspects of distributed computing and selfish agents
- experiments and performance measurements in distributed systems
- fault-tolerance, reliability, availability, and self organization
- high-performance, cluster, and grid computing
- internet, world wide web, and social networks
- location- and context-aware distributed systems
- mobile computing, mobile networks, and mobile agents
- multiprocessor and multi-core architectures and algorithms
- networking: architectures, services, routing, and applications
- peer-to-peer systems, overlay networks, and distributed data management
- security issues in distributed computing, and cryptographic protocols
- sensor, mesh, and ad hoc networks
- shared and transactional memory, and concurrent programming
- specification, semantics, verification, and testing of distributed systems
For more information, please see
http://www.podc.org/podc2007.
USENIX-SECURITY 2007
16th USENIX Security Symposium,
Boston, MA, USA, August 6–10, 2007.
[posted here 10/2/06]
The USENIX Security Symposium brings together researchers, practitioners,
system administrators, system programmers, and others interested in the
latest advances in the security of computer systems and networks.
All researchers are encouraged to submit papers covering novel and scientifically
significant practical works in security or applied cryptography.
Refereed paper submissions are solicited in all areas relating to systems
and network security, including:
- Adaptive security and system management
- Analysis of network and security protocols
- Applications of cryptographic techniques
- Attacks against networks and machines
- Authentication and authorization of users, systems, and applications
- Automated tools for source code analysis
- Cryptographic implementation analysis and construction
- Denial-of-service attacks and countermeasures
- File and filesystem security
- Firewall technologies
- Forensics and diagnostics for security
- Intrusion and anomaly detection and prevention
- Malicious code analysis
- Network infrastructure security
- Operating system security
- Privacy-preserving (and compromising) systems
- Public key infrastructure
- Rights management and copyright protection
- Security architectures
- Security in heterogeneous and large-scale environments
- Security of agents and mobile code
- Security policy
- Self-protecting and healing systems
- Techniques for developing secure systems
- Technologies for trustworthy computing
- Voting systems analysis and security
- Wireless and pervasive/ubiquitous computing security
- World Wide Web security
For more information, please see
http://www.usenix.org/events/sec07/.
EVT 2007
2007 USENIX/ACCURATE Electronic Voting Technology Workshop,
Held in conjunction with the the 16th USENIX Security Symposium (USENIX-Security 2007),
Boston, Massachusetts, USA, August 6, 2007.
[posted here 3/26/07]
In the United States and many other countries, most votes are counted and transported
electronically, but the practical and policy implications of introducing electronic
machines into the voting process are emerging in this new area. Both voting
technology and its regulations are very much in flux, with open concerns including
reliability, robustness, security, human factors, transparency, equality, privacy,
and accessibility. The USENIX/ACCURATE Electronic Voting Technology (EVT) workshop
seeks to bring together researchers from a variety of disciplines, ranging from
computer science and human factors experts through political scientists, legal experts,
election administrators, and voting equipment vendors. EVT will consider papers covering
the gamut of technology as it is used in elections, ranging from voter registration
and vote collection through tabulation and post-election auditing. We are interested
in both future technologies and systems widely used today around the world.
In particular, we welcome papers considering:
- Design and analysis of electronic voting schemes and protocols
- Deployment and lifecycle concerns
- Mitigating threats (including insider threats)
- Usability and accessibility (both for voters and for administrators)
- Legal issues, including how voting systems must comply with the ADA and HAVA or the
effect of intellectual property rights and nondisclosure agreements on voting system
testing, certification, and deployment
- The technology standards process and how it should evolve
For more information, please see
http://www.usenix.org/evt07/cfpa.
IFIPTM 2007
Joint iTrust and PST Conferences on Privacy, Trust Management and Security,
Moncton, New Brunswick, Canada, July 30 - August 2, 2007.
[posted here 1/18/07]
In 2007, the iTrust and PST conferences will join together to provide a truly global
platform for the reporting of research, development, policy and practice in the
interdependent areas of Privacy, Security, and Trust.
Topics of interest for iTrust-PST 2007 include, but are not limited to:
- Privacy Preserving/Enhancing Technologies
- Critical Infrastructure Protection
- Network and Wireless Security
- Operating Systems Security
- Public Safety and Emergency Management
- Intrusion Detection Systems and Technologies
- Secure Software Development and Architecture
- Representations and formalizations of Trust in electronic and physical social systems
- PST challenges in e-services, e.g. e-Health, e-Government, e-Banking, e-Commerce, and e-Marketing
- Information filtering, recommendation, reputation and delivery technologies, spam handling technologies
- Trust technologies, technologies for building trust in e-Business Strategy
- Observations of PST in practice, society, policy and legislation
- Digital Rights Management
- Human Computer Interaction and PST
- Implications of, and technologies for, Lawful Surveillance
- Biometrics, National ID cards, identity theft
- PST in services computing
- Privacy, traceability, and anonymity
- Obligation Systems
- Trust and reputation in self-organizing environments
- Anonymity and privacy vs. accountability
- Access control and capability delegation
- The legal notion of trust in computer science and engineering
- Requirements and methodologies to ensure that the user can reasonably trust the functioning of software systems
- Trust management frameworks for secure collaborations in dynamic Virtual Organizations
- Design of trust-based architectures and decision-making mechanisms for e-community and e-service interactions
- Trust specification, analysis and reasoning
- Dynamics of trust dispositions and relations
- Realization of prototypes of software architectures and applications
- Trust elements in contract negotiation, execution monitoring, re-negotiation and arbitration
- Trust in interaction and cooperation mediated through computer and network, and the balance of control and intervention
- Research in on-line trust, the trust of the consumer towards the web sites of distribution companies
- Analysis of the relationship between trust and such notions as Confidence, distrust, diffidence, expectation, risk, and reliance
For more information, please see
http://pstnet.unb.ca/itrust-pst2007.
SECRYPT 2007
International Conference on Security and Cryptography,
Barcelona, Spain, July 28-31, 2007.
[posted here 12/18/06]
The purpose of SECRYPT 2007 the International Conference on Security and Cryptography
is to bring together researchers, mathematicians, engineers and practitioners interested
on security aspects related to information and communication. Theoretical and practical
advances in the fields of cryptography and coding are a key factor in the growth of
data communications, data networks and distributed computing. In addition to the
mathematical theory and practice of cryptography and coding, SECRYPT also focus on
other aspects of information systems and network security, including applications
in the scope of the knowledge society in general and information systems development
in particular, especially in the context of e-business, internet and global
enterprises. Papers describing original work are invited in any of
the areas listed below:
- Access Control and Intrusion Detection
- Network Security and Protocols
- Cryptographic Techniques and Key Management
- Information Assurance
- Security in Information Systems
For more information, please see
http://www.secrypt.org.
IWSSE 2007
1st IEEE International Workshop on Security in Software Engineering,
Held in conjunction with the 31st Annual International Computer Software and Applications Conference (COMPSAC 2007),
Beijing, China, July 24-27, 2OO7.
[posted here 1/8/07]
The ever growing demand in software security has made it a well recognized
multi-disciplinary sub-area across software engineering, security engineering,
and programming languages. Software security has thus become a fundamental problem
in software engineering, as it mainly focuses on developing secure software and
understanding the security risks and managing these risks throughout the
lifecycle of software. The purpose of the workshop is to bring together researchers
and practitioners in software and application security in order to create a forum
for discussing recent advances in improving security in software engineering and
inspiring research on new methods and techniques to advance security engineering in
industrial practice. Researchers and practitioners worldwide are invited to present
their research expertise and experience, and discuss the issues and challenges in
security from software engineering perspective. Submissions are invited of quality
papers in the following non-exhaustive list of topics:
- Management of software security in industrial practice
- Security requirements and policies
- Abuse cases and threat modeling
- Architecture and design for security
- Model-based security
- Language-based security
- Malicious code prevention and code safety
- Security risk analysis
- Security taxonomy and metrics
- Testing for security
- Application security: detection and protection
- Software piracy and protection
For more information, please see
http://conferences.computer.org/compsac/2007/workshops/IWSSE.html.
SecPerU 2007
3rd International Workshop on Security, Privacy and Trust in Pervasive and Ubiquitous Computing,
Held in conjunction with the EEE International Conference on Pervasive Services (ICPS 2007),
Istanbul, Turkey, July 20, 2007.
[posted here 2/19/07]
Ambient assisted living concept is envisioned through a new paradigm of
interaction inspired by constant provision to information and computational
resources. This provision will be enabled through invisible devices that offer
distributed computing power and spontaneous connectivity. A nomad traversing
residential, working, and advertising environments will seamlessly and constantly be
served by small mobile devices like portables, handheld, embedded or wearable computers.
This paradigm of leaving and interacting introduces new security, trust and privacy
risks. Thus, methods and technology to support confidence in this concept are revisited.
The objectives of the SecPerU2007 Workshop are to develop new security, privacy and
trust concepts for complex application scenarios based on systems like handhelds, phones,
smart cards, sensors, actuators and RF tags, with the emerging technology of ubiquitous
and pervasive computing. We welcome the submission of papers from the full spectrum of
issues related with security, privacy and trust in pervasive and ubiquitous computing.
Papers may focus on architectures, methods, technologies, protocols, prototype developments,
case studies, applications, practical experiences, simulation results and analysis, theory
and validation on pervasive and ubiquitous computing topics include, but not limited to:
- Reasoning about Security, Privacy and Trust
- Access control and authorization
- Key management and authentication
- Identity management
- Authorization
- Threat and vulnerability
- Denial of service attacks
- Intrusion detection and protection systems
- Malware in pervasive environments ands services
- Privacy, anonymity, pseudonymity, and unlinkability
- Location privacy and secure localization
- Network security issues and protocols
- Information hiding and watermarking
- Trust and reputation management
- Role of RFID, sensors and biometrics to enable security
- Deploying security policies
- Developing secure infrastructures
- Auditing and forensic information management in pervasive settings
- Ethics and law for pervasive services
- Case Studies
For more information, please see
http://www.icsd.aegean.gr/SecPerU2007/.
IPTComm 2007
Principles, Systems and Applications of IP Telecommunications,
Columbia University, New York, NY, USA, July 19-20, 2007.
[posted here 1/8/07]
While standards and products now support PSTN-equivalent services for
voice, video and text over IP, there are significant difficulties in deploying
large-scale, reliable and secure IP telecommunication systems.
Services that go beyond basic call features remain hard to develop and deploy.
The aim of the IPTComm conference is to serve as a platform for researchers from
academia and research labs, industry and government to share their ideas, views,
results and experiences in the field of IP-based telecommunication.
IPTComm will include presentations of theoretical and experimental achievements,
innovative security systems, prototyping efforts, case studies, and advancements
in technology directly affecting IP-based telecommunication in general and
VoIP and IMS services in particular. We invite authors to submit papers in the
following and related areas:
VoIP and IMS Security:
- Denial of Service detection and prevention
- Security models of voice, video and text over IP services
- Detection and prevention of SPIT, Phreaking, Vishing
- Fraud detection and prevention
- Prevention and mitigation of security attacks
- End-to-end security
- Inter-provider trust and verification schemes
Qos and billing:
- QoS for voice and video
- Traffic and QoS measurement of VoIP and IMS traffic
- Billing, AAA
- Management of VoIP infrastructure and services
- VoIP and IMS system performance, reliability and scalability
Convergent Services:
- VoIP emergency services
- Service architectures (e.g. Parlay, SIP Servlets, IMS)
- Service creation environments and languages
- Presence and event notification
- Interactive collaboration beyond voice, video and text
- Feature interaction
For more information, please see
http://iptcomm.org.
SOUPS 2007
Symposium On Usable Privacy and Security,
Carnegie Mellon University, Pittsburgh, PA, USA, July 18-20, 2007.
[posted here 11/6/06]
The 2007 Symposium on Usable Privacy and Security (SOUPS) will bring together
an interdisciplinary group of researchers and practitioners in human computer
interaction, security, and privacy. The program will feature technical papers,
a poster session, panels and invited talks, discussion sessions, and in-depth
sessions (workshops and tutorials). We invite authors to submit original papers
describing research or experience in all areas of usable privacy and security.
Topics include, but are not limited to:
- innovative security or privacy functionality and design,
- new applications of existing models or technology,
- field studies of security or privacy technology,
- usability evaluations of security or privacy features or security
testing of usability features, and
- lessons learned from deploying and using usable privacy and
security features.
For more information, please see
http://cups.cs.cmu.edu/soups/2007/cfp.html.
USM 2007
Workshop on Usable IT Security Management,
Held in conjunction with the 3rd Symposium On Usable Privacy and Security (SOUPS 2007),
Pittsburgh, PA, USA, July 18, 2007.
[posted here 3/12/07]
USM '07 solicits short position papers from academia and industry about all aspects
of IT security management usability. The workshop will provide an opportunity for
interdisciplinary researchers and practitioners to discuss this fascinating and
important topic. Those interested in presenting at the workshop should submit a
position paper of up to four pages along with a cover letter describing their
research interests, experience, and background in the area of usable IT security management.
Workshop papers will be posted on the SOUPS website and distributed to
attendees on the SOUPS 2007 CD. However, workshop papers will not be formally
published, and therefore may include work the authors plan to publish elsewhere.
For more information, please see
http://cups.cs.cmu.edu/soups/2007/usm.html.
ACSF 2007
2nd Conference on Advances in Computer Security and Forensics,
Liverpool, UK, July 12-13, 2007.
[posted here 2/20/07]
Computer security and computer forensics are at the forefront in the fight
against malicious activity facilitated by our increased use of computer and network
technologies. Computer security preserves system integrity whilst computer forensics
aims to explain the cause for an event or set of events. Computer security is an
established field of computer science, whilst computer forensics is receiving an increased
amount of attention amongst the research community. Due to the degree of overlap in the
raw material used by both fields, they have much to learn from one another. The purpose
of this conference is to bring together researchers and practitioners to present and
share the latest developments in research and applications from both fields.
The topics below are for guidance only and not as an exhaustive list:
- Incident Response and Management
- Legal issues in computer forensics
- Mobile device forensics
- Collecting evidence
- Network forensics
- Practitioner case studies
- Storage media and file forensic techniques
- Intrusion Detection Systems
- Wireless and ad hoc network security
- Mobile agents for secure systems
- Web security
- Distributed Denial-of-Service attack countermeasures
- Network Security
- Viruses and hostile code
- Cryptography
- Privacy and anonymity
- Digital Rights Management (DRM) and intellectual property
- Access control, auditing and accountability
For more information, please see
http://www.cms.livjm.ac.uk/acsf2/.
DIMVA 2007
4th GI International Conference on Detection of Intrusions & Malware, and Vulnerability Assessment,
Lucerne, Switzerland, July 12-13, 2007.
[posted here 9/14/06]
The annual DIMVA conference serves as a premier forum for advancing the
state of the art in intrusion detection, malware detection, and
vulnerability assessment. DIMVA particularly encourages papers that
discuss the integration of intrusion, malware, and vulnerability
detection in large-scale operational communication networks.
DIMVA's scope includes, but is not restricted to the following areas:
Intrusion Detection
- Approaches
- Implementations
- Prevention and response
- Result correlation
- Evaluation
- Potentials and limitations
- Operational experiences
- Evasion and other attacks
- Legal and social aspects
Malware
- Techniques
- Detection
- Prevention
- Evaluation
- Trends and upcoming risks
- Forensics and recovery
Vulnerability Assessment
- Vulnerabilities
- Vulnerability detection
- Vulnerability prevention
For more information, please see
http://www.dimva.org/dimva2007.
RFIDSec 2007
International Conference on RFID Security,
Málaga, Spain, July 11-13, 2007.
[posted here 3/26/07]
RFID technology is one of the most promising technologies. Its reduced cost defines a huge
area of potential applications. Some experts even consider it could provide a technological
revolution comparable to that provided by mobile phones or Internet. Security and privacy are
of vital importance to achieve the desired level of real implementations. RFID security issues
are a challenge for researchers due to the implementation constraints imposed by its low
complexity. Conference aims to provide a bridge between academia and industry working on this fast-growing
research area to share their experiences and state-of-the-art works. The topics of
interest include but are not limited to:
- New application for secure RFID
- Privacy-enhancing techniques for RFID
- Cryptographic protocols for RFID (Authentication, Key update, Scalability issues)
- Integration of secure RFID systems (Middleware and security, (Public-key) Infrastructures)
- Resource-efficient implementation of cryptography (Small-footprint hardware, Low-power architectures)
For more information, please see
http://www.rfidsec07.etsit.uma.es.
GOCP 2007
1st International Workshop on Group-Oriented Cryptographic Protocols,
Held in conjunction with the 34th International Colloquium on Automata, Languages and Programming (ICALP 2007),
Wroclaw, Poland, July 9, 2007.
[posted here 1/22/07]
Group-oriented cryptographic protocols are foundational for the security
of various group applications, like digital conferencing, groupware, group
communication systems, computer-supported collaborative work-flow systems,
multi-user information distribution and sharing, data base and server
replication systems, peer-to-peer and ad-hoc groups, group-based admission
and access management, electronic voting and election, applications in
federative or distributed environment, etc. A variety of cryptographic
techniques and assumptions provides a solid basis for the design of provably
secure group-oriented cryptographic protocols, which is an important and
challenging task. Formal security models for group-oriented cryptographic
protocols require consideration of a large number of potential threats
resulting from the attacks on the communication channel and from the
misbehavior of some protocol participants. These challenges and the emerging
development of multi-party and group-oriented applications are just some reasons
for setting up a new cryptographic workshop, solely dedicated to the security
issues of cryptographic protocols used in these scenarios. The GOCP 2007 workshop
encourages submissions concerning cryptographic foundations, formal security models,
and actual design of all kinds of group-oriented cryptographic protocols, schemes,
and applications. Topics of interest include (in alphabetical order):
- Access and admission control in groups
- Anonymity and privacy in group communications
- Broadcast and multicast communication security
- Cryptographic group-oriented protocols
- Electronic election and voting
- Formal security models (proofs) for group-oriented cryptographic protocols
- Group key exchange/distribution
- Group-oriented signatures
- Secure multi-party computation
- Security in distributed group applications
- Security in mobile and ad hoc groups
- Security in peer-to-peer groups
- Trust management in groups
For more information, please see
http://www.hgi.rub.de/gocp07/.
IFIP-DBSEC 2007
21st Annual IFIP WG 11.3 Working Conference on Data and Applications Security,
Redondo Beach, CA, USA, July 8-11, 2007.
[posted here 12/18/06]
The conference provides a forum for presenting original unpublished research results,
practical experiences, and innovative ideas in data and applications security.
The conference is limited to about forty participants so that ample time is
provided for discussion and interaction. Proceedings will be published by Springer
as the next volume in the Research Advances in Database and Information Systems
Security series. Papers may present theory, technique, applications, or
practical experience on topics of interest to IFIP WG 11.3:
- Access Control
- Secure transaction processing
- Applied Cryptography
- Secure information integration
- Identity theft and countermeasures
- Secure sensor monitoring
- Integrity maintenance
- Security assessment methodologies
- Intrusion detection
- Secure Semantic Web
- Knowledge discovery and privacy
- Secure Web Services
- Organization security
- Threats and vulnerabilities
- Privacy
- Trust management
For more information, please see
http://www.dcs.kcl.ac.uk/staff/steve/ifip07/index.html.
WCAN 2007
3rd Workshop on Cryptography for Ad hoc Networks,
Held in conjunction with the 34th International Colloquium on Automata, Languages and Programming (ICALP 2007),
Wroclaw, Poland, July 8, 2007.
[posted here 4/25/07]
Wireless ad hoc networks are today receiving much attention for military, commercial
and civilian applications, thus becoming a challenging area in security research.
The security research community has mainly focused on securing routing and is only
recently widening its scope of analysis. The cryptography research community has mainly
focused on abstract models of networks like the Internet; however, cryptographic protocols
for the Internet face serious challenges to be adapted to the ad-hoc, partial-connectivity,
mobile, resource-constrained and infrastructureless nature of ad-hoc networks.
The aim of this workshop is to help bridging this gap, towards a more comprehensive
investigation of security and cryptographic tools, analysis and modeling methodologies
over ad hoc networks, by bringing together the cryptography, network security,
and wireless networking communities.
We seek submissions containing original research on all aspects of cryptology that
are motivated by their applicability to ad hoc networks, including wireless, cellular,
sensor, mesh, peer-to-peer, vehicular and RFID-based networks.
Areas of special interest include, but are not limited to:
- Modeling of cryptographic tasks
- Solutions to cryptographic tasks under party mobility
- Solutions to cryptographic tasks under resource constraints
- Secure routing
- Bootstrapping of security associations
- Distributed public-key infrastructures
- Key-agreement, key-management and key-(pre)distribution
- Entity authentication
- Trust establishment
- Privacy-enhancing technologies
- Threshold cryptography
- Identity-Based cryptography
- Policy-based cryptography
- Secure multi-party protocols
- Security in distributed algorithms and protocols
For more information, please see
http://www.argreenhouse.com/society/wcan07/wcan07page.html.
CSF-20
20th IEEE Computer Security Foundations Symposium,
Venice, Italy, July 6-8, 2007.
[posted here 10/20/06]
The IEEE Computer Security Foundations Workshop (CSFW) series brings together
researchers in computer science to examine foundational issues in computer
security. Over the past two decades, many seminal papers and techniques have been
presented first at CSFW. New theoretical results in computer security are welcome.
Also welcome are more exploratory presentations, which may examine open questions
and raise fundamental concerns about existing theories. Panel proposals are
welcome as well as papers. Possible topics include, but are not limited to:
- Authentication
- Information flow
- Security protocols
- Anonymity and Privacy
- Electronic voting
- Network security
- Resource usage control
- Access control
- Trust and trust management
- Security models
- Intrusion detection
- Data and system integrity
- Database security
- Distributed systems security
- Security for mobile computing
- Executable content
- Decidability and complexity
- Formal methods for security
- Language-based security
For more information, please see
http://www.cs.chalmers.se/~andrei/CSF07/cfp.html.
FCC 2007
3rd Workshop on Formal and Computational Cryptography,
Venice, Italy, July 4-5, 2007.
[posted here 3/19/07]
Cryptographic protocols are small distributed programs that add security
services, like confidentiality or authentication, to network communication.
Since the 1980s, two approaches have been developed for analyzing security protocols.
One of the approaches relies on a computational model that considers issues of
complexity and probability. The other approach relies on a symbolic model of protocol
executions in which cryptographic primitives are black boxes.
The workshop focuses on the relation between the symbolic (Dolev-Yao) model and
the computational (complexity-theoretic) model. Recent results have shown that in
some cases the symbolic analysis is sound with respect to the computational model.
Recent results have shown that in some cases the symbolic analysis is sound with
respect to the computational model. A more direct approach which is also investigated
considers symbolic proofs in the computational model. The workshop seeks results in any
of these areas, and more generally, in the area of system and program verification for
security and cryptography. The workshop seeks results in any of these areas.
For more information, please see
http://www-verimag.imag.fr/~lakhnech/FCC/.
PAIRING 2007
1st International Conference on Pairing-based Cryptography,
Tokyo, Japan, July 2-4, 2007.
[posted here 7/31/06]
Since the introduction of pairings in constructive cryptographic
applications, an ever increasing number of protocols have appeared in
the literature: identity-based encryption, short signature, and
efficient broadcast encryption to mention but a few.
An appropriate mix of theoretical foundations and practical
considerations is essential to fully exploit the possibilities offered
by pairings: number theory, cryptographic protocols, software and
hardware implementations, new security applications, etc.
Authors are invited to submit papers describing original research on
all aspects of pairing-based cryptography, including, but not limited
to the following topics:
Novel cryptographic protocols
- ID-based cryptosystem
- broadcast encryption
- short signatures
- ring or group signatures
- aggregate or multi signatures
- undeniable signatures
- key agreement protocol
- authenticated encryption
Mathematical foundation
- Weil, Tate, Eta, and Ate pairings
- security consideration of pairing
- generation of pairing friendly curves
- (hyper-) elliptic curve cryptosystem
- number theoretic algorithms
SW/HW implementation
- secure operating system
- efficient software implementation
- FPGA or ASIC implementation
- smartcard implementation
- side channel attack
- fault attack
Applied security
- novel security applications
- secure ubiquitous computing
- security management
- grid computing
- PKI model
- application to network security
For more information, please see
http://www.pairing-conference.org/.
ESAS 2007
4th European Workshop on Security and Privacy in Ad hoc and Sensor Networks,
Sidney Sussex College, Cambridge, England, July 2-3, 2007.
[posted here 11/20/06]
The vision of ubiquitous computing has generated a lot of interest in
wireless ad hoc and sensor networks. However, besides their potential
advantages, these new generations of networks also raise some
challenging problems with respect to security and privacy. The aim of
this workshop is to bring together the network security,
cryptography, and wireless networking communities in order to discuss
these problems and to propose new solutions. The fourth ESAS workshop
seeks submissions that present original research on all aspects of
security and privacy in wireless ad hoc and sensor networks.
Submission of papers based on work-in-progress is encouraged. Topics
of interest include, but are not limited to the following:
- Privacy and anonymity
- Prevention of traffic analysis
- Location privacy
- Secure localization
- Secure MAC protocols
- Secure topology control
- Secure routing
- Secure context aware computing
- Security for embedded systems
- Distributed intrusion detection
- Secure in-network processing
- Secure time synchronization
- Cooperation and fairness
- Key management
- Trust establishment
For more information, please see
http://www.netlab.nec.de/esas/.
CYBER-FRAUD 2007
1st International Workshop on Cyber-Fraud,
Held in conjunction with the International Conference on Internet Monitoring and Protection (ICIMP 2007),
San Jose, California, USA, July 1-6, 2OO7.
[posted here 2/11/07]
Attacks against private and public networks have had a significant spreading
in the last years. With simple or sophisticated behavior, the attacks tend to
damage user confidence, cause huge privacy violations and enormous economic losses.
The International Workshop on Cyber-Fraud, CYBER-FRAUD 2007, focuses on specific
aspects related to attacks and counterattacks, public information, privacy and safety
on cyber-attacks information. It also targets secure mechanisms to record, retrieve,
share, interpret, prevent and post-analyze of cyber-crime attacks.
Topics of interest include, but are not limited to:
- Epidemiological models for warware and cyber-crime propagation
- Record and retrieval of cyber-crimes
- Forensic analysis
- Cyber-crime prevention
- Cyber-crime vulnerabilities
- Cyber-counterattack at source
- Distributed cyber-attacks
- Orchestrated cyber-attacks
- Recursion attacks
- Cyber-storm attacks
- Spyware and malware
- Cyber-pranks, hoaxes
- Phishing/Farming and anti-phishing
- Cyber-terrorism
- Online cyber-crime reporting
- Accuracy and security of cyber-reports
- Fighting cyber-crimes
- Cyber-crime laws
For more information, please see
http://www.iaria.org/conferences2007/CYBERFRAUD.html.
EUROPKI 2007
4th European PKI Workshop: Theory and Practice,
Mallorca, Spain, June 28-30, 2007.
[posted here 12/18/06]
The 4th European PKI Workshop: Theory and Practice is focusing on
all research aspects of Public Key Applications, Services and Infrastructures.
Submitted papers may present theory, applications or practical
experiences on topics including, but not limited to:
- Architecture and Modeling
- Authentication
- Authorization and Delegation
- Bridge CA
- Case Studies
- Certificates Status
- Certification Policy
- Certification Practices
- Cross Certification
- Directories
- eCommerce/eGovernment
- Evaluation
- Fault-Tolerance
- Federations
- ID-based schemes
- Identity Management
- Implementations
- Interoperability
- Key Management
- Legal issues
- Long-time archiving
- Mobile PKI
- Policies & Regulations
- Privacy
- Privilege Management
- Protocols
- Reliability in PKI
- Repositories
- Risk/attacks
- Standards
- Timestamping
- Trust
- Ubiquitous scenarios
- Verification
For more information, please see
http://dmi.uib.es/europki07.
DSN-ACS 2007
Workshop on Assurance Cases for Security - The Metrics Challenge,
Held in conjunction with the 37th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN 2007),
Edinburgh, Scotland - UK, June 27, 2007.
[posted here 1/18/07]
For critical systems it is important to know whether the system is trustworthy and to
be able to communicate, review and debate the level of trust achieved. In the safety domain,
explicit Safety Cases are increasingly required by law, regulations and standards. It has become
common for the case to be made using a goal-based approach, where claims (or goals) are made about
the system and arguments and evidence are presented to support those claims.
Prior workshops, beginning with one held at DSN 2004, have identified a number of technical,
policy and research challenges. This workshop will focus on one of these challenges: metrics for
assurance cases for security. Such metrics can be essential for supporting decisions regarding the
resources provided to develop the assurance case, and the efficacy of the resulting case. However,
there is no commonly accepted approach to this topic.
The purpose of the workshop is to understand these and other questions in the context of
assurance cases for security and to identify viable technical approaches.
For more information, please see
http://www.dsn.org/call/workshops/assurance/.
HotDep 2007
Workshop on Hot Topics in System Dependability,
Held in conjunction with the 37th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN 2007),
Edinburgh, Scotland - UK, June 27, 2007.
[posted here 1/18/07]
The goals of HotDep'07 are to bring forth cutting-edge research ideas spanning the
domains of fault tolerance/reliability and systems, and to build linkages between the
two communities (e.g., between people who attend traditional "dependability" conferences
such as DSN and ISSRE, and those who attend "systems" conferences such as OSDI, SOSP, and EuroSys).
HotDep'07 will center on critical components of the infrastructures touching our everyday lives:
operating systems, networking, security, wide-area and enterprise-scale distributed systems,
mobile computing, compilers, and language design. We seek participation and contributions from
both academic researchers and industry practitioners to achieve a mix of long-range research
vision and technology ideas anchored in immediate reality.
Possible topics include but are not limited to the following:
- automated failure management, enabling systems to adapt on the fly
to changes or exceptional conditions
- techniques for better detection, diagnosis, or recovery from failures
- forensic tools for use by administrators and programmers after a
failure or attack
- techniques and metrics for quantifying aspects of dependability in
specific domains (e.g., measuring the security, scalability,
responsiveness, or other properties of a software service)
- tools/concepts/techniques for optimizing tradeoffs among
availability, performance, correctness, and security
- novel uses of technologies not originally intended for
dependability (e.g., using virtual machines to enhance
dependability)
- advances in the automation of management technologies, such as
better ways to specify management policy, advances on mechanisms
for carrying out policies, or insights into how policies can be
combined or validated
For more information, please see
http://www.hotdep.org/2007.
ICDCS 2007
27th International Conference on Distributed Computing Systems,
Toronto, Canada, June 25-29, 2007.
[posted here 9/3/06]
The conference provides a forum for engineers and scientists in academia,
industry and government to present their latest research findings in any
aspects of distributed and parallel computing. Topics of particular interest
include, but are not limited to:
- Algorithms and Theory
- Autonomic Computing
- Data Management
- Fault-Tolerance and Dependability
- Internet Computing and Applications
- Network Protocols
- Operating Systems and Middleware
- Parallel, cluster and GRID Computing
- Peer to Peer
- Security
- Sensor Networks and Ubiquous Computing
- Wireless and Mobile Computing
For more information, please see
http://www.eecg.utoronto.ca/icdcs07/.
IAW 2007
8th Annual IEEE SMC Information Assurance Workshop,
West Point, New York, USA, June 20-22, 2007.
[posted here 11/27/06]
The workshop is designed to provide a forum for Information Assurance
researchers and practitioners to share their research and experiences.
Attendees hail from industry, government, and academia. The focus of this
workshop is on innovative, new technologies designed to address important
Information Assurance issues. Topics include, but are not limited to:
Technical:
- Privacy (area of emphasis)
- Visualization and data representation (area of emphasis)
- Honeynet technologies
- Innovative intrusion detection and response methodologies
- Information warfare
- Biometrics
- Secure software technologies
- Wireless security
- Computer forensics
- Data Protection
Experience:
- Best practices
- Information assurance education
- Information assurance professional development
For more information, please see
http://www.itoc.usma.edu/workshop/2007/index.htm.
PET 2007
7th workshop on Privacy Enhancing Technologies,
Ottawa, Canada, June 20-22, 2007.
[posted here 9/25/06]
Privacy and anonymity are increasingly important in the online world.
Corporations, governments, and other organizations are realizing and exploiting
their power to track users and their behavior. Approaches to protecting individuals,
groups, but also companies and governments from profiling and censorship include
decentralization, encryption, distributed trust, and automated policy disclosure.
The 7th workshop on Privacy Enhancing Technologies addresses the design and
realization of such privacy services for the Internet and other communication
networks by bringing together anonymity and privacy experts from around the world
to discuss recent advances and new perspectives. The workshop seeks submissions
from academia and industry presenting novel research on all theoretical and practical
aspects of privacy technologies, as well as experimental studies of fielded systems.
We encourage submissions from other communities such as law and business that present
their perspectives on technological issues.
Suggested topics include but are not restricted to:
- Anonymous communications and publishing systems
- Censorship resistance
- Pseudonyms, identity management, linkability, and reputation
- Data protection technologies
- Location privacy
- Privacy in Ubiquitous Computing Environments
- Policy, law, and human rights relating to privacy
- Privacy and anonymity in peer-to-peer architectures
- Economics of privacy
- Fielded systems and techniques for enhancing privacy in existing systems
- Protocols that preserve anonymity/privacy
- Privacy-enhanced access control or authentication/certification
- Privacy threat models
- Models for anonymity and unobservability
- Attacks on anonymity systems
- Traffic analysis
- Profiling and data mining
- Privacy vulnerabilities and their impact on phishing and identity theft
- Deployment models for privacy infrastructures
- Novel relations of payment mechanisms and anonymity
- Usability issues and user interfaces for PETs
- Reliability, robustness and abuse prevention in privacy systems
For more information, please see
http://petworkshop.org/2007/.
FIRST 2007
19th FIRST Global Computer Security Network conference,
Seville, Spain, June 17-22, 2007.
[posted here 9/10/06]
Privacy is the genie in the bottle for all data-holding organizations –
once out, whether through crime or carelessness, private and personal information
is out for ever, and has a power to do harm which is almost incalculable.
In the wake of losses and thefts which have exposed millions of customers to
fraud and identity theft, states in America and governments in many other countries
are legislating or plan to legislate to compel corporate and other data-holders to
report publicly all violations of digital privacy. The impact on reputation for
those “named and shamed” may be catastrophic, and the risk to revenues and even to
survival will be profound. New threats to privacy are emerging every day, and at the
same time, tensions are rising between governments who want to harvest and store data
about individual citizens and use it to oversee and steer behavior, and corporate
who collect data from and about citizens who are also customers. Already, brands
which have been exposed by the media for “shopping” customers or “blocking” behavior
have suffered serious blows to their reputations. Understanding these complex issues
and being adequately prepared in case of exposure will be crucial if organizations
are to navigate successfully all the trials that digital privacy is posing.
The FIRST program committee solicits original contributions on network security for
refereed paper presentations, tutorials, invited talks, and panel discussions.
Past topics have included creating and managing CSIRTs, computer vulnerability,
threat detection, computer forensics, and case studies.
For more information, please see
http://www.first.org/conference/2007/papers/.
PLAS 2007
ACM SIGPLAN Workshop on Programming Languages and Analysis for Security,
San Diego, CA, USA, June 14, 2007.
[posted here 1/9/07]
PLAS aims to provide a forum for exploring and evaluating ideas on the
use of programming language and program analysis techniques to improve the
security of software systems. Strongly encouraged are proposals of new,
speculative ideas; evaluations of new or known techniques in practical settings;
and discussions of emerging threats and important problems.
The scope of PLAS includes, but is not limited to:
- Language-based techniques for security
- Verification of security properties in software
- Automated introduction and/or verification of security enforcement mechanisms
- Program analysis techniques for discovering security vulnerabilities
- Compiler-based security mechanisms, such as host-based intrusion detection and in-line reference monitors
- Specifying and enforcing security policies for information flow and access control
- Model-driven approaches to security
- Applications, examples, and implementations of these security techniques
For more information, please see
http://www.cs.umd.edu/~mwh/PLAS07/.
Policy 2007
8th IEEE International Workshop on Policies for Distributed Systems and Networks,
Bologna, Italy, June 13-15, 2007.
[posted here 10/2/06]
Policy 2007 aims to bring together researchers and practitioners working on
policy-based management across a wide range of application domains including
networks, security and privacy, storage, and databases.
This year, the workshop will have a special focus on the Semantic Web.
The Semantic Web provides promising technologies for policy-based management
both for the Web and other distributed systems such as the pervasive
environments, grid computing, and multi-agent systems.
Submitted papers will be evaluated for technical contribution, originality,
and significance. Topics of interest include, but are not limited to the following:
Policy Models and Languages:
- Abstract models and languages for policy specification
- Policy standards, their extensions and refinements
- Formal semantics of policies
- Relationships between policies, both going vertically from
policies for IT processes to policies for IT devices, and
crossing horizontally through multiple application domains
- Methodologies and tools for discovering, specifying, analyzing,
and refining policy
- Models of policy negotiation
- Representation of belief, trust, and risk in policies
- Systems and tools for the management of policies
Policy Applications:
- Case studies of applying policy-based management in different
application domains
- Application of policies for resource allocation, autonomic
computing, systems management, QoS adaptation, security.
- Application of policies for identity and privacy management
- Policy based networking, including active networks, pervasive
computing, and mobile systems
- Business rules and organizational modeling
- Risk adaptive policy systems
- Database policies
- Policy applications in on-demand, utility based computing
- Resource virtualization and policy-based collaboration
Semantic Web Policies --- special focus track
- Representing policies in XML, RDF, and OWL
- SW rule languages (such as N3Logic, SWRL, Rule-ML, RIF) for policy reasoning
- Policy conflict management
- Case studies for policy management using semantic web technologies
- Network routing
- Storage management
- Grid computing
- Mobile computing
- Information filtering
- Digital rights management
- Collaboration
- Access control models for the Web/Semantic Web
- Privacy and accountability on the Web
- Identity management
- Policy authoring based on SW languages
- Modeling belief and trust using SW technologies
- Web services security
- Analysis of or systems based on proposed policy standards
(such as WS-Policy, WSPL, and XACML)
- Semantic Web and eGovernment management
For more information, please see
http://www.policy-workshop.org/2007.
WEIS 2007
6th Workshop on the Economics of Information Security,
Carnegie Mellon University, Pittsburgh, PA, USA, June 7-8, 2007.
[posted here 11/20/06]
The 2007 Workshop on the Economics of Information Security builds on
the success of the previous five Workshops and invites original research
papers on topics related to the economics of information security and the
economics of privacy. Security and privacy threats rarely have purely
technical causes. Economic, behavioral, and legal factors often contribute
as much as technology to the dependability of information and information
systems. Until recently, research in security and dependability focused
almost exclusively on technical factors, rather than incentives. The
application of economic analysis to these problems has now become an
exciting and fruitful area of research.
We encourage economists, computer scientists, business school researchers,
law scholars, security and privacy specialists, as well as industry experts
to submit their research and attend the Workshop. Suggested topics include
(but are not limited to) empirical and theoretical economic studies of:
- Optimal security investment
- Software and system dependability
- Privacy, confidentiality, and anonymity
- Vulnerabilities, patching, and disclosure
- DRM and trusted computing
- Trust and reputation systems
- Security models and metrics
- Behavioral security and privacy
- Information systems liability and insurance
- Information threat modeling and risk management
- Phishing and spam
For more information, please see
http://weis2007.econinfosec.org/.
ACNS 2007
5th International Conference on Applied Cryptography and Network Security,
Zhuhai, China, June 5-8, 2007.
[posted here 8/27/06]
ACNS'07, the 5th International Conference on Applied Cryptography and Network
Security, brings together industry and academic researchers interested in the
technical aspects of cryptology and the latest advances in the application of
crypto systems. Original papers on all aspects of applied cryptography and network
security are solicited for submission to ACNS '07. Topics of relevance include
but are not limited to:
- Applied cryptography and provably-secure cryptographic protocols
- Design and analysis of efficient cryptographic primitives: public-key and
symmetric-key cryptosystems, block ciphers, and hash functions
- Network security protocols
- Techniques for anonymity; trade-offs between anonymity and utility
- Integrating security into the next-generation Internet: DNS security, routing,
naming, denial-of-service attacks, TCP/IP, secure multicast
- Economic fraud on the Internet: phishing, pharming, spam, and click fraud
- Email and web security
- Public key infrastructure, key management, certification, and revocation
- Security and privacy for emerging technologies: sensor networks,
mobile (ad hoc) networks, peer-to-peer networks, bluetooth, 802.11, RFID
- Trust metrics and robust trust inference in distributed systems
- Security and usability
- Intellectual property protection: metering, watermarking, and digital rights management
- Modeling and protocol design for rational and malicious adversaries
- Automated analysis of protocols
For more information, please see
http://www.i2r.a-star.edu.sg/icsd/acns2007/.
ICITS 2007
International Conference on Information Theoretic Security,
Madrid, Spain, May 25-29, 2007.
[posted here 2/2/07]
The first event was the 2005 IEEE Information Theory Workshop on Theory and Practice
in Information-Theoretic Security (ITW 2005, Japan) October 16-19, 2005.
The goal is to continue this conference on a regular basis. The modern unclassified research
on cryptography started with Shannon's work on cryptography using information theory.
Since then we have seen several research topics studied requiring information theoretical security,
also called unconditional security. Examples are anonymity, authenticity, reliable and private
networks, secure multi-party computation, traitor tracing, etc. Moreover, we have also seen
that coding as well as other aspects of information theory have been used in the design of
cryptographic schemes. Post-conference proceedings will be published by Springer Verlag in the Lecture
Notes in Computer Science. Informal preproceedings will be available at the conference.
The topics of interest are on work on any aspect of information theoretical security, this means
security based on information theory. This includes, but is not limited to the following topics:
- Analysis of Security
- Anonymity
- Authentication Codes
- Conventional Cryptography using Codes
- Fingerprinting
- Ideal Ciphers
- Information Hiding
- Key Distribution
- Oblivious Transfer
- Private and Reliable Networks
- Public Key Cryptosystems using Codes
- Quantum Cryptography
- Quantum Information Theory
- Randomness
- Secret Sharing
- Secure Multiparty Computation
- Traitor Tracing
For more information, please see
http://www.cs.ucl.ac.uk/staff/Y.Desmedt/ICITS/.
AusCERT 2007
Asia Pacific Information Technology Security Conference,
Gold Coast, Queensland, Australia, May 21-25, 2007.
[posted here 12/18/06]
Original papers are solicited for submission to the refereed R&D
stream of AusCERT2007 - the AusCERT Asia Pacific Information Technology
Security Conference. Full papers submitted to this stream will be refereed by
members of the international program committee and published in the conference
proceedings. Topics of interest include, but are not limited to:
- Intrusion Detection
- Critical Infrastructure Protection
- Incident Response
- Network and Wireless Security
- Legal and Regulatory Issues
- Attack Detection / Honeypots
- Intrusion Forensics
For more information, please see
http://www.isi.qut.edu.au/go/.
W2SP 2007
Workshop on Web 2.0 Security and Privacy ,
The Claremont Resort, Oakland, California, USA, May 24, 2007.
[posted here 2/28/07]
The goal of this one day workshop is to bring together researchers and
practitioners from academia and industry to focus on understanding Web 2.0 security and privacy
issues, and establishing new collaborations in these areas. Web 2.0 is about connecting people
and amplifying the power of working together. The goal of connecting people is bringing
together a broad range of technologies and social forces. We have witnessed a rapid
proliferation of social computing web sites and content. This mixing of technology and
social interaction is also occurring in the context of a wave of technologies supporting
rapid development of these interpersonal interactions. Many of these new web technologies
rely on the composition of content and services from multiple sources. On one end of the
technology spectrum we have simple services such as blogs and wikis. However there are
far more complex technology composition (mash-up) examples. The content composition trend
is likely to continue. The lure is the promise of inexpensive and easy ways to compose
software service and content.
However, there are issues with respect to management of identities, reputation, privacy,
anonymity, transient and long term relationships, and composition of function and content,
both on the server side and inside the web browser. While the security and privacy issues
are not new (many of these issues already exist with portal servers and browsers),
the security issue is increasingly becoming acute as the technologies are adopted and
adapted to appeal to a wider developer audience. Some of these technologies deliberately
bypass existing security mechanisms. This workshop is intended to discuss the limitations
of the current technologies and explore alternatives.
The scope of W2SP 2007 includes, but is not limited to:
- Identity, privacy, reputation and anonymity
- End-to-end security architectures
- Security of content composition
- Security and privacy policy definition and modeling of content composition
- Provenance and governance
- Usable security and privacy models
- Static and dynamic analysis for security
- Security as a service
For more information, please see
http://www.ieee-security.org/TC/SP2007/oakland07.html.
Oakland 2007
The 2007 IEEE Symposium on Security and Privacy,
The Claremont Resort, Berkeley/Oakland, California, USA, May 20-23, 2007.
[posted here 9/10/06]
Since 1980, the IEEE Symposium on Security and Privacy has been the premier
forum for the presentation of developments in computer security and electronic
privacy, and for bringing together researchers and practitioners in the field.
Previously unpublished papers offering novel research contributions in any
aspect of computer security or electronic privacy are solicited for submission
to the 2007 symposium. Papers may represent advances in the theory, design,
implementation, analysis, or empirical evaluation of secure systems, either
for general use or for specific application domains. The 2007 Symposium is
open to submissions not only of full-length papers but also short papers
(extended abstracts) describing less mature work. It is also open to the
submission of co-located half-day or one-day workshops. See below for
these and other program elements.
Topics of interest include, but are not limited to, the following:
- Access control and audit
- Anonymity and pseudonymity
- Application-level security
- Biometrics
- Cryptographic protocols
- Database security
- Denial of service
- Distributed systems security
- Formal methods for security
- Information flow
- Intrusion detection and prevention
- Language-based security
- Malicious code prevention
- Network security
- Operating system security
- Peer-to-peer security
- Privacy
- Risk analysis
- Secure hardware and smartcards
- Security engineering
- Security policy
- User authentication
The full call for papers can be found at
http://www.ieee-security.org/TC/SP2007/oakland07.html.
IFIP-SEC 2007
22nd IFIP TC-11 International Information Security Conference,
Theme: New approaches for Security, Privacy and Trust in Complex Environments,
Sandton Convention Centre Sandton, South Africa, May 14-16, 2007.
[posted here 8/21/06]
Information is now the most important commodity in a global market. Individuals,
businesses and governments are dependable on information embedded in secure,
privacy aware and trustworthy IT infrastructures. Classical information security
services such as authentication and authorisation urgently demand a re-design and
improved implementation to ensure security, privacy and trust features in today's
integrated and complex information rich environments. Papers offering research
contributions focusing on security, privacy and trust are solicited for submission
to the 22nd IFIP TC-11 International Information Security Conference.
Papers may present theory, applications or practical experiences including,
but not limited to:
- Applications of cryptography, key management and PKI
- Architectures for Information Security, Privacy and Trust
- New approaches to Fraud Management Systems in Advanced Network Infrastructures
- New approaches to classical Information Security Services such as Identification,
Authentication, Authorization, Integrity and Non-repudiation
- Information Security culture including ethics and social issues
- Change Management Systems for implementing Security, Privacy and Trust in organizational environments
- Information security as part of Corporate Governance
- Digital Forensics and Forensic Auditing
- Security, Privacy and Trust for advanced application infrastructures
- Incorporating Security, Privacy and Trust in educational activities
- New approaches for enhancing security, privacy and trust in E-mail environments
- Firewalls for the next generation networks
- Future visions for Information Security Management
- Designing / re-designing Human Computer Interaction for Security, Privacy and Trust
- Identity theft and management
- New applications for steganography
- Information warfare and critical infrastructure protection
- Security, Privacy and Trust in RFID and Sensor networks
- New approaches for Intrusion detection
- Security, Privacy and Trust for Wireless environments
- New requirements for international Information Security Standards
- Privacy Enhancing Technologies (PETs)
- Risk analysis and risk management for complex environments
- Standards, Certification, Accreditation and Evaluation of Information Security in companies
- Incorporating Security, Privacy and Trust in System development methodologies
- Trust Models and Management
- Information Security Metrics
- Vulnerability Assessments for integrated environments
For more information, please see
http://www.sbs.co.za/ifipsec2007/.
WISTP 2007
Workshop in Information Security Theory and Practices: Smart Cards, Mobile and Ubiquitous Computing Systems,
Heraklion, Crete, Greece, May 9-11, 2007.
[posted here 11/27/06]
With the rapid technological development of information technologies, computer
systems and especially embedded systems are becoming more mobile and ubiquitous,
increasingly interfacing with the physical world. Ensuring the security of these
complex and yet, resource constraint systems has emerged as one of the most
pressing challenges. The aim of this first workshop is to bring together researchers
and practitioners in related areas and to encourage interchange and cooperation
between the research community and the industrial/consumer community.
Topics of interest include, but are not limited to:
Smart Cards and Trusted Devices Security
- Biometrics, National ID cards
- Embedded Systems Security and TPMs
- Interplay of TPMs and Smart Cards
- New Applications for Secure RFID Systems
- RFID Systems Security
- Smart Card Security
- Smart Card Applications
Ad Hoc and Mobile Networks Security
- Ad Hoc Networks Security
- Delay-Tolerant Network Security
- Domestic Network Security
- Mobile Codes Security
- Mobile Devices Security
- Security Issues in Mobile and Ubiquitous Networks
- Security of GSM/GPRS/UMTS Systems
- Sensor Networks Security
- Vehicular Network Security
- Wireless Communication Security (WiFi, WiMAX, WiMedia, others)
Ubiquitous Computing Systems Security
- Distributed Systems Security
- Grid Computing Security
- Intrusion Detection and Information Filtering
- Peer-to-Peer Networks Security
Security Protocols, Policies and Management for Mobility
- Critical Infrastructure (e.g. for Medical or Military Applications) Security
- Digital Rights Management (DRM)
- Industrial and Multimedia Applications
- Information Assurance
- Localization Systems Security (Tracking of People and Goods)
- New Applications of Secure Systems
- Public Administration and Governmental Services
- Security Models and Architecture
- Security Policies (Human-Computer Interaction and Human Behavior Impact)
- Security Protocols (for Identification and Authentication, Confidentiality and Privacy, and Integrity)
- Security Measurements
- Trust Management
For more information, please see
http://wistp2007.xlim.fr/.
WWW-SPRE 2007
16th International World Wide Web Conference,
Security, Privacy, Reliability and Ethics (SPRE) Track,
Banff, Alberta, Canada, May 8-12, 2007.
[posted here 10/20/06]
The flexibility and richness of the Web architecture have come at the price of
increasing complexity and lack of a sound overall security
architecture. The movement toward Web-based services, and the increasing
dependency on the Web, have also made reliability a first-rate security
concern. From malware and spyware, drive-by downloads, typo squatting,
denial of service attacks, to phishing and identity theft, a variety of
threats make the Web an increasingly hostile and dangerous environment.
By undermining user trust, these problems are hampering e-commerce and the
growth of online communities.
This track promotes the view that security, privacy, reliability, and
sound guiding ethics must be part of the texture of a successful World
Wide Web. In addition to devising practical tools and techniques, it is
the duty of the research community to promote and guide business
adoption of security technology for the Web and to help inform related
legislation. We seek novel research (both theoretical and practical) in
security, privacy, reliability, and ethics as they relate to the Web,
including but not limited to the following areas:
- Authentication, authorization, and auditing on the web
- Availability and reliability of web servers and services
- Intrusion detection and honeypots
- The Insider threat
- Privacy-enhancing technologies, including anonymity, pseudonymity and
identity management, specifically for the web
- Phishing and pharming, and countermeasures
- User interfaces and usability as they relate to use of
cryptography and online scams such as phishing and pharming
- Applications of cryptography to the web, including PKI and supporting
concepts like digital signatures, certification, etc.
- Electronic commerce, particularly security mechanisms for e-cash,
auctions, payment, and fraud detection
- Electronic fraud and attack vectors
- Economic / business analysis of Web security and privacy
- Legal and legislative approaches to issues of Web security and privacy
- Secure and robust management of server farms
- Dealing with client-side risks
- Security for new web services (blogs, RSS, wikis, etc.)
- Wireless web security (including RFID, sensors, and mobile phones)
- Content protection and abuse on the web (DRM, web/blog spam, etc.)
For more information, please see
http://www2007.org/cfp-SPaE.php.
SIN 2007
International Conference on Security of Information and Networks,
Gazimagusa (TRNC), North Cyprus, May 8-10, 2007.
[posted here 11/27/06]
The International Conference on Security of Information and Networks
(SIN 2007) provides an international forum for presentation of research
and applications of security in information and networks.
Broad areas of interest in security will include, but are not limited to,
the following:
- Access control and intrusion detection
- Cryptographic techniques and key management
- Information assurance
- Network security and protocols Security in information systems
- Security tools and development platforms
- Security ontology, models, protocols & policies
- Standards, guidelines and certification
For more information, please see
http://www.sinconf.org/.
GPC 2007
Workshop on Grid and Pervasive Computing Security,
Held in conjunction with the 2007 International Conference on Multimedia and Ubiquitous Engineering (MUE 2007),
Seoul, Korea, April 26-28, 2007.
[posted here 11/6/06]
Grid and Pervasive Computing (GPC) are emerging technologies that enable
access to a pervasive flow of information, data and services anytime and
anywhere. As the security is of paramount importance to the design and deployment
of GPC, the benefits of GPC will only be fully realized if security aspects can
be appropriately addressed. The goal of this symposium is to take the grid and
pervasive security significantly forward through analyses of new security and
privacy issues arising from the novel architecture of Grid and pervasive systems
and to propose solutions to safely deploy services and appliances. To this end,
we solicit original high quality submissions on topics in security in
computational/data grids and pervasive computing:
- Novel and emerging secure architectures
- Self-protecting and healing systems
- Analyses of new security and privacy issues
- Study of attack strategies, attack modeling
- Security in sensor networks
- Trust Models and Management
- Implementations and performance analysis
- Privacy-preserving techniques
- Key management
- Malicious code prevention
- Denial-of-service attacks and countermeasures
- Intrusion and anomaly detection and prevention
- Network infrastructure security
- Wireless and pervasive/ubiquitous computing security
- Data protection technologies
For more information, please see
http://www.sersc.org/MUE2007/contents/page/GPCS07.html.
PKI R&D 2007
6th Annual PKI R&D Workshop,
Gaithersburg, Maryland, USA, April 17-19, 2007.
[posted here 9/6/06]
This workshop considers the full range of public key technology used for security
decisions and supporting functionalities, including authentication, authorization,
identity management, federation, and trust. This year's focus is striking the
proper balance to permit users to easily complete tasks requiring security while
exposing the appropriate security details through all layers of software.
We solicit papers, case studies, panel proposals, and participation
from researchers, systems architects, vendor engineers, and users.
Suggested topics include but are not limited to:
- Reports of real-world experience with the use and deployment of
applications that leverage PKI, how best to integrate such usage into legacy
systems, and future research directions
- Federated versus Non-Federated trust models
- Standards related to PKI and security decision systems,
such as X.509, SPKI/SDSI, PGP, XKMS, XACML, XRML, XML signatures, and SAML
- Identity management (Shibboleth, Liberty, Higgins, InfoCard, etc.)
- Cryptographic and alternative methods for supporting security decisions,
including the characterization and encoding of data
- Intersection of policy-based systems and PKI
- Human-Computer Interaction (HCI) advances that improve usability of
PKI for users and administrators
- Privacy protection and implications
- Use of PKI in emerging technologies (e.g., sensor networks)
- Scalability and performance of PKI systems
- Security of the components of PKI systems
- Security infrastructures for constrained environments
- Improved human factor designs for security-related interfaces,
including authorization and policy management, naming, signatures, encryption,
use of multiple private keys, and selective disclosure
- New paradigms in PKI architectures
For more information, please see
http://middleware.internet2.edu/pki07/.
NetCri 2007
1st International Workshop on Research Challenges in Next Generation Networks
for First Responders and Critical Infrastructures,
Held in conjunction with IEEE IPCCC 2007,
New Orleans, Louisiana, USA, April 11-13, 2007.
[posted here 10/20/06]
As advances in pervasive computing, wireless communication and sensor
networks continue, more opportunities are open to first responders and critical
infrastructures to benefit from these technologies. Providing first responders
with the best possible technology, infrastructure and services help save the lives
of the general public and the first responders as well. One of the main challenges
to the operations of first responders and critical infrastructures is to deploy a
communication network that is dependable, secure, and rapidly deployable. In order to
operate effectively, the deployed network supports services such as location
determination, audio and video communication, and in site and remote sensing.
Another key feature for first responders and critical infrastructures networks is
to support interactions among multiple heterogeneous networks.
This workshop provides a forum for researchers, industry, and government agencies
to discuss the challenges facing the design, deployment and operational issues for
next generation network support for first responders and critical infrastructure.
The workshop will identify and define fundamental concepts and techniques, resolve
conflicts between different approaches in the area, and provide a common ground for
an advanced research and development agenda. Topics of interest include,
but are not limited to:
- Smart environments (buildings, roads, vehicles, etc.)
- Fast roaming in heterogonous network environment
- Localization and time synchronization
- Rapidly deployable and self configuring services and networks
- Security, dependability, privacy, and performance trade-offs
- QoS in heterogeneous wireless networks
- Sensor and actuator networks for information gathering and real-time control
- Network and system support for augmented reality and visual analytics
- Simulation studies of first responders and critical infrastructures’ networks
- Novel and adaptive communication protocols to support first responders and
critical infrastructure’ operation
- Resource management and allocation
- Power control management
- Admission, load and flow control
- Performance analysis and experimentation of heterogeneous wireless networks
- Security techniques and methods for heterogeneous wireless networks
- Interoperability among WLANs, Cellular, WSN and wired networks
- Metrics and measurements on heterogeneous networks
- Mobility models and traffic patterns in disaster areas
- Cross-layer design
- Testbeds
For more information, please see
http://www.cs.umd.edu/~sharno/NetCri07.
WIA 2007
3rd International Workshop on Information Assurance,
Held in conjunction with the 26th IEEE International Performance Computing and Communications Conference (IPCCC 2007),
New Orleans, Louisiana, USA, April 11-13, 2007.
[posted here 11/6/06]
Information Assurance (IA) is defined as the operations undertaken to protect and defend
information and information systems by ensuring their availability, integrity,
authentication, confidentiality and non-repudiation. Availability implies that
networks and systems must be survivable and fault tolerant – they should possess
redundancies to operate under failures or security breaches. For example, networks
should be designed with sufficient spare and working capacity, efficient traffic
restoration protocols, alarms and network management. Security encompasses the
other aspects of IA, namely integrity, access-control, authentication,
confidentiality and non-repudiation as they apply to both networks and systems.
The increasing reliance of business-to-business and business-to-consumer applications
on networked information systems dramatically magnifies the consequence of damages
resulting from even simple system faults and intrusions, making the task of assuring
confidentiality, availability and integrity of information difficult. Although several
piecemeal solutions address concerns related to the security and fault tolerance of
various components of such networked information systems, there is a growing need
to leverage the synergy between security and survivability to provide a higher level
of information assurance in the face of faults and attacks. We seek papers that
address theoretical, experimental, systems-related and work in-progress in the
area of Information Assurance at the network and system levels. We expect to have
three types of sessions - the first related to survivability and fault tolerance,
the second related to security, and the third related to the interactions between
security and survivability. Papers should describe original, previously unpublished
work, not currently under review by another conference, workshop, or journal.
Papers accepted for presentation will be published in the IPCCC conference proceedings.
The workshop will also include invited papers. Topics of interest include,
but are not limited to:
- Authorization and access control
- Web services security
- Database and system security
- Risk analysis and security management
- Security verification/validation
- Wireless Security & Survivability
- Network Restoration techniques
- Network Reliability/Availability
- Digital Rights Management
- DoS protection for the Internet
- Cryptographic protocols and Key management
- Intrusion Detection Techniques
- Ad hoc sensor network security
- Models and architectures for systems security and survivability
- Security / survivability in optical networks
- E/M-commerce security and survivability architectures
- Public policy issues for security and survivability
- Botnets detection and response
- Trust negotiation/management
- Privacy models and mechanisms
For more information, please see
http://www.sis.pitt.edu/~lersais/WIA2007/.
ASC 2007
6th Annual Security Conference,
Las Vegas, Nevada, USA, April 11-12, 2007.
[posted here 5/22/06]
With the development of more complex networking systems and the rapid
transition to the e-world, information security has become a real concern for
many individuals and organizations. Advanced safeguards are required to protect
the information assets of not only large but also small and distributed enterprises.
New approaches to information security management, such as policies and certifications,
are now being required. The security of strategic corporate information has become the
foremost concern of many organizations, and in order to assure this security, methods and
techniques must be conceptualized for small enterprises both from a functional and
technical viewpoint. Recommended topics (but not limited to) include:
- E-Commerce security
- Biometrics
- Smart Cards
- Secure small distribution applications
- Security of intelligent tokens
- Methodologies for security of small to medium size enterprises
- Methodologies and techniques for certification and accreditation
- Evaluation of Information Security in companies
- Information security surveys and case studies
- International standards for Information Security Management
For more information, please see
http://www.security-conference.org.
SecSE 2007
1st International Workshop on Secure Software Engineering,
Vienna, Austria, April 10-13, 2007.
[posted here 9/24/06]
In our modern society, software is an integral part of everyday life, and
we expect and depend upon software systems to perform correctly.
Software security is about ensuring that systems continue to function correctly
also under malicious attack. As most systems now are web-enabled, the number
of attackers with access to the system increases dramatically and so the threat
scenario changes. The traditional approach to secure a system includes putting
up defence mechanisms like IDS and firewalls, but this is no longer sufficient.
We need to be able to build better, more robust and more secure systems. Even more
importantly, however, we should strive to achieve these qualities in all software
systems, not just the ones that need special protection.
This workshop will focus on techniques, experiences and lessons learned for
engineering secure software. Suggested topics include, but are not limited to:
- Secure architecture and design
- Security in agile software development
- Security requirements
- Risk management in software projects
- Secure implementation
- Secure deployment
- Testing for security
- Static analysis for security
- Lessons learned
- Security and usability
- Teaching secure software development
- Experience reports on successfully attuning developers to secure
software engineering
For more information, please see
http://www.ares-conference.eu/conf/.
DeSeGov 2007
2nd International Workshop on Dependability and Security in e-Government,
Held in conjunction with the Second International Conference on Availability, Reliability and Security (ARES 2007),
Vienna, Austria, April 10-13, 2007.
[posted here 11/27/06]
Many governments have now significant e-government applications that
offer more and more the day-to-day services to the citizen.
ICT infrastructure has become as important as government offices and its
officials: crucial for the functioning of the state. Modern government is
today dependent on its functioning ICT: the systems must be available,
reliable, safe, confidential, integer and secure.
The aim of this workshop is to foster a forum for discussing and resenting
recent research results on dependability and security in e-Government
applications.
Scientific rigor and discussions of state of the art of dependability
and security in e-Government are strongly encouraged. Besides, innovative
research work in progress and studies of dependability aspects of practical
e-Government projects and systems implementation are also welcome.
Topics of interest include, although not limited to, the following:
- Trust and security: provisions and instruments
- Online availability of public services
- Service survivability and maintainability
- Interoperability of services
- Security in e-democracy (including e-participation and e-voting)
- E-justice (administration and workflow security for legal processes)
- Secure federating information access (from different government and third party agencies)
- Security and reliability in media integration
- Secure e-government and Identity Management
- Security and reliability of Smart Card System
- Availability and reliability of mobile services
- Data protection and data privacy (e.g. e-health and e-education)
- Intrusion detection and prevention
- Anti-spam legislation and solution
- Public-private- partnerships management
- Role-based management and usage restriction
For more information, please see
http://desegov.ares-conference.eu/.
SADFE 2007
2nd International Workshop on Systematic Approaches to Digital Forensic Engineering,
Seattle, Washington, USA, April 10-12, 2007.
[posted here 9/24/06]
SADFE promotes systematic approaches to cyber crime investigation, by
furthering the advancement of digital forensic engineering as a disciplined
practice. Unlike ad-hoc computer forensics, digital forensic engineering is
characterized by the application of scientific and mathematical principles to the
investigation and establishment of facts or evidence, either for use within a
court of law or to aid understanding of cyber crimes or cyber-enabled crimes.
Advancing digital forensics engineering requires the expertise of technologists,
analysts, and legal experts to produce sound computer systems and sound forensic
practices which will meet the needs of courtroom presentation as well as minimizing
negative effects on the cyber-system? original purpose.
This workshop brings together top digital forensic researchers, advanced tool/product
builders, and expert law enforcement representatives from around the world for
information exchange and R&D collaboration. Topics of interest include, but not limited to:
Digital Evidence Management: advanced digital evidence discovery, collection, and storage
- Identification and collection of digital evidence
- Post-collection handling of evidence
- Evidence preservation and storage
- Forensic-enabled architectures and processes
- Managing geographically, politically and/or jurisdictionally dispersed data
Principle-based Digital Forensic Processes: systematic engineering processes
supporting digital evidence management which are sound on both technical and legal grounds
- Legal and technical aspects of admissibility and evidence tests
- Examination environments for digital data
- Courtroom expert witness and case presentation
- Case studies illustrating privacy, legal and legislative issues
- Forensic tool validation: legal implications and issues
Digital Evidence Analytics: advanced digital evidence analysis, correlation, and presentation
- Advanced search, analysis, and presentation of digital evidence
- Progressive cyber crime scenario analysis and reconstruction technology
- Legal case construction & digital evidence support
- Cyber-crime strategy analysis & modeling
- Combining digital and non-digital evidence
- Supporting qualitative or statistical evidence
Forensic-support technologies: forensic-enabled and proactive monitoring/response
- Forensics of embedded or non-traditional devices (e.g. digicams, cell phones, SCADA)
- Innovative forensic engineering tools and applications
- Forensic-enabled support for incident response
- Forensic tool validation: methodologies and principles
- Legal and technical collaboration
- Digital Forensics Surveillance Technology and Procedures
For more information, please see
http://conf.ncku.edu.tw/sadfe.
WRAITS 2007
Workshop on Recent Advances on Intrusion-Tolerant Systems,
Held in conjunction with the European Conference on Computer Systems (EuroSys 2007),
Lisbon, Portugal, March 23, 2007.
[posted here 1/18/07]
The First Workshop on Recent Advances on Intrusion-Tolerant Systems aims to bring together
researchers in the related areas of Intrusion Tolerance, Distributed Trust, Survivability,
Byzantine Fault Tolerance, and Resilience. These areas have the purpose of enhancing the
Dependability and Security of computer systems by tolerating both malicious faults
(attacks, intrusions) and accidental faults. The workshop will be specially interested
in “intrusion-tolerant systems”: how to build them? How to evaluate and test their
dependability and security? What systems need to be intrusion-tolerant? The workshop
will provide a forum for researchers in these areas to present recent results,
discuss open problems that still need research, the steps that need to be taken for
intrusion-tolerant systems to be deployed in practice, and the target application
domains for intrusion tolerance.
Topics of interest related to intrusion tolerance include, but are not limited to:
- innovative system architectures
- wide-area intrusion-tolerant systems
- secure control and embedded systems
- security of critical infrastructures
- practical applications for intrusion tolerance
- state machine replication
- Byzantine quorum systems
- proactive recovery
- Byzantine fault-tolerant algorithms
- diversity and failure independence
- determinism and interoperability issues
- confidentiality and replication
- dependability and security evaluation
- performance evaluation
- risk assessment
- distributed trust
- survivable systems
- cross-organization systems
For more information, please see
http://wraits07.di.fc.ul.pt/.
ASIACCS 2007
ACM Symposium on InformAtion, Computer and Communications Security,
Singapore, March 20-22, 2007.
[posted here 5/29/06]
To build on the success of ACM Conference on Computer and Communications
Security (CCS) and ACM Transactions on Information and System Security
(TISSEC), the ACM Special Interest Group on Security, Audit, and Control
(SIGSAC) formally established the annual ACM Symposium on InformAtion,
Computer and Communications Security (ASIACCS) in 2005.
Papers representing original research in both
the theory and practice concerning information, computer and
communications security are solicited. Topics of interest include, but
are not limited to:
- Access control and authorization
- Applied cryptography
- Authentication, biometrics, smartcards
- Data integrity and audit
- Database security
- Digital Rights Management
- Distributed systems security
- E-commerce and mobile e-commerce
- Electronic privacy, anonymity
- Formal verification and testing
- Hardware design
- High speed networks
- Information flow
- Intrusion detection and survivability
- Mobile code and mobile agent security
- P2P & ad hoc networks
- RFID applications
- Security protocols
- Viruses and other malicious codes
- Watermarking and data hiding
- Wireless communications
- Wireless sensor networks
For more information, please see
http://asiaccs07.i2r.a-star.edu.sg/.
IFIP-CIP 2007
1st Annual IFIP WG 11.10 International Conference on Critical Infrastructure Protection,
Hanover, New Hampshire, USA, March 19-21, 2007.
[posted here 8/20/06]
The IFIP Working Group 11.10 on Critical Infrastructure Protection is an
active international community of researchers, infrastructure operators and
policy-makers dedicated to applying scientific principles, engineering techniques
and public policy to address current and future problems in information
infrastructure protection. Papers are solicited in all areas of critical
infrastructure protection. Areas of special interest include, but are not
limited to:
- Infrastructure vulnerabilities, threats and risks
- Security challenges, solutions and implementation issues
- Infrastructure sector interdependencies and security implications
- Infrastructure protection case studies
- Legal, ethical, economic and policy issues related to critical infrastructure protection
- Distributed control systems/SCADA security
- Telecommunications network security
For more information, please see
http://www.cis.utulsa.edu/ifip1110/Conferences/WG11-10CallForPapers.asp.
SAC-CF 2007
22nd Annual ACM Symposium on Applied Computing,
Computer Forensics Track,
Seoul, Korea, March 11 - 15, 2007.
[posted here 9/3/06]
With the exponential growth of computer users, the number of criminal
activities that involves computers has increased tremendously. The field of
Computer Forensics has gained considerable attention in the past few years.
It is clear that in addition to law enforcement agencies and legal personnel,
the involvement of computer savvy professionals is vital for any digital incident
investigation. Unfortunately, there are not many well-qualified computer crime
investigators available to meet this demand. An approach to solve this problem
is to develop state-of-the-art research and development tools for practitioners
in addition to creating awareness among computer users.
The primary goal of this track will be to provide a forum for researchers, practitioners,
and educators interested in Computer Forensics in order to advance research and
educational methods in this increasingly challenging field. We expect that people
from academia, industry, government, and law enforcement will share their
previously unpublished ideas on research, education, and practice through this
track. We solicit original, previously unpublished papers in the following general
(non-exhaustive) list of topics:
- Incident Response and Live Data Analysis
- Operating System and Application Analysis
- File System Analysis
- Network Evidence Collection
- Forensic Profiles
- Network Forensics
- Data Hiding and Recovery
- Event Reconstruction and Tracking
- Legal, Ethical and Privacy Issues
For more information, please see
http://comp.uark.edu/~bpanda/sac-cf.htm.
SAC-CLAT 2007
22nd Annual ACM Symposium on Applied Computing,
Computer-aided Law and Advanced Technologies Track,
Seoul, Korea, March 11 - 15, 2007.
[posted here 9/3/06]
Advances in computer applications and the social cyberspaces created by computing
networks highlight the need for a revised legal framework to deal with emerging
issues. Similarly, the legal domain can benefit from such technical advances.
On the other hand, dematerialization of documents and documental flows call for
appropriate technical tools that allow to design paradigms meeting the relevant
legal requirements. A combined effort of the computer science and law communities
would have benefical consequences in areas such as e-Business, e-Government,
e-Commerce,... A track that focuses on the intersection of law and technology
represents a broad and diverse forum for the discussion of research in computer-aided
law and can provide synergies when aligned with other areas of SAC.
Topics of interest include, but are not limited to:
TECHNOLOGICAL SUPPORT FOR:
- Agent-treatable legal issues
- Civil liability
- Codes of conduct
- Contracts
- Copyright protection
- Counter-Terrorism Initiatives
- Criminal liability
- e-Business
- e-Governance
- e-Government
- Electronic Court proceedings
- Electronic evidence
- Intellectual property
- Legal publicity
- On-line dispute resolution
- Privacy
- Protection of consumer rights
- Torts
- Trust and reputation
LEGAL ASPECTS OF:
- Agent-based Paradigms
- Artificial Intelligence
- Cybercrime
- Databases
- Dematerialization of Documental Flows
- Digital Signatures
- Electronic Documents
- Electronic Mail
- Network Security
- Online Creative Industries
- Privacy-preserving Data-Mining
- Public Key Infrastructures
- Security Mechanisms (Encryption, Authentication, Access Control, etc.)
- Simulation
- Software protection
- Traffic Monitoring and Logging
- Trust and reputation models
- Virtual Communities
- Watermarking and Fingerprinting Techniques
For more information, please see
http://www.clat.unibo.it/.
SAC-TRECK 2007
22nd Annual ACM Symposium on Applied Computing,
Trust, Recommendations, Evidence and other Collaboration Know-how (TRECK) Track,
Seoul, Korea, March 11 - 15, 2007.
[posted here 7/3/06]
Computational models of trust and online reputation mechanisms have been
gaining momentum. One reason for this is that traditional security
mechanisms are challenged by open, large scale and decentralised
environments. The use of an explicit trust/reputation management component
goes beyond security though.
The goal of the ACM SAC 2007 TRECK track remains to review the set of
applications that benefit from the use of computational trust and online
reputation. Computational trust has been used in reputation systems, risk
management, collaborative filtering, social/business networking services,
dynamic coalitions and virtual organisations. In last year TRECK, a paper
even described how computational trust and reputation could mitigate the
privacy issues of trusted computing hardware modules. The TRECK track covers
all computational trust applications, especially those used in real-world
applications. The topics of interest include, but are not limited to:
- Recommender and reputation systems
- Trust-enhanced collaborative applications
- Trusted computing, trusted platorm modules (TPM, TCG, TCPA, NGSCB...)
- Trading privacy for trust and security
- Tangible guarantees given by formal models of trust and risk
- Trust metrics assessment and threat analysis
- Pervasive computational trust and use of context-aware features
- Trust/risk-based security frameworks
- Automated collaboration and trust negotiation
- Trust in peer-to-peer systems
- Technical trust evaluation
- Impacts of social networks on computational trust
- Evidence gathering and management
- Real-world applications, running prototypes and advanced simulations
- Applicability in large-scale, open and decentralised environments
- Legal and economic aspects related to the use of trust engines
- User-studies and user interfaces of computational trust applications
For more information, please see
http://www.acm.org/conferences/sac/sac2007/.
NDSS 2007
14th Annual Network and Distributed System Security Symposium,
San Diego, California, USA, February 28-March 2, 2007.
[posted here 8/3/06]
The symposium fosters information exchange among research scientists and
practitioners of network and distributed system security services.
The target audience includes those interested in practical aspects of network
and distributed system security, with a focus on actual system design and
implementation (rather than theory). A major goal is to encourage and enable
the Internet community to apply, deploy, and advance the state of available
security technology. Submissions are solicited in, but not limited to,
the following areas:
- Integrating security in Internet protocols: routing, naming, TCP/IP, multicast,
network management, and the Web.
- Intrusion prevention, detection, and response: systems, experiences
and architectures.
- Privacy and anonymity technologies.
- Network perimeter controls: firewalls, packet filters, application gateways.
Virtual private networks.
- Security for emerging technologies: sensor networks, specialized testbeds,
wireless/mobile (and ad hoc) networks, personal communication systems, RFID systems,
peer-to-peer and overlay network systems.
- Secure electronic commerce: e.g., payment, barter, EDI, notarization,
timestamping, endorsement, and licensing.
- Supporting security mechanisms and APIs; audit trails; accountability.
- Implementation, deployment and management of network security policies.
- Intellectual property protection: protocols, implementations, metering,
watermarking, digital rights management.
- Fundamental services on network and distributed systems: authentication,
data integrity, confidentiality, authorization, non-repudiation,
and availability.
- Integrating security services with system and application security facilities
and protocols: e.g., message handling, file transport/access, directories,
time synchronization, data base management, boot services, mobile computing.
- Public key infrastructure, key management, certification, and revocation.
- Special problems and case studies: e.g., tradeoffs between security and efficiency,
usability, reliability and cost.
- Security for collaborative applications: teleconferencing and video-conferencing,
electronic voting, groupwork, etc.
- Software hardening: e.g., detecting and defending against software bugs (overflows, etc.)
- Security for large-scale systems and critical infrastructures.
For more information, please see
http://www.isoc.org/isoc/conferences/ndss/07/cfp.shtml.
USEC 2007
Workshop on Usable Security,
Held in conjunction with the 11th Conference on Financial Cryptography and Data Security (FC 2007),
Lowlands, Scarborough, Trinidad/Tobago, February 15-16, 2007.
[posted here 8/27/06]
Some of the most challenging problems in designing and maintaining secure systems
involve human factors. A great deal remains to be understood about users' capabilities
and motivations to perform security tasks. Usability problems have been at the root
of many widely reported security failures in high-stakes financial, commercial
and voting applications. USEC'07 seeks submissions of novel research from academia
and industry on all theoretical and practical aspects of usable security in the
context of finance and commerce.
For more information, please see
http://www.usablesecurity.org/.
FC 2007
11th International Conference on Financial Cryptography and Data Security,
Scarborough, Trinidad and Tobago, February 11 - 15, 2007.
[posted here 7/15/06]
At its 11th year edition, Financial Cryptography and Data Security
(FC'07) is a well established and major international forum for
research, advanced development, education, exploration, and debate
regarding security in the context of finance and commerce. Original
papers, surveys and presentations on all aspects of financial and
commerce security are invited. Submissions must have a strong and
visible bearing on financial and commerce security issues, but can be
interdisciplinary in nature and need not be exclusively concerned with
cryptography or security. Possible topics for submission to the
various sessions include, but are not limited to:
- Anonymity and Privacy
- Auctions
- Audit and Auditability
- Authentication and Identification, including Biometrics
- Certification and Authorization
- Commercial Cryptographic Applications
- Commercial Transactions and Contracts
- Digital Cash and Payment Systems
- Digital Incentive and Loyalty Systems
- Digital Rights Management
- Financial Regulation and Reporting
- Fraud Detection
- Game Theoretic Approaches to Security
- Identity Theft, Physhing and Social Engineering
- Infrastructure Design
- Legal and Regulatory Issues
- Microfinance and Micropayments
- Monitoring, Management and Operations
- Reputation Systems
- RFID-Based and Contactless Payment Systems
- Risk Assessment and Management
- Secure Banking and Financial Web Services
- Securing Emerging Computational Paradigms
- Security and Risk Perceptions and Judgments
- Security Economics
- Smart Cards and Secure Tokens
- Trust Management
- Trustability and Trustworthiness
- Underground-Market Economics
- Voting system security
For more information, please see
http://fc07.ifca.ai/.
AISW-PET 2007
Australasian Information Security Workshop 2007 (Privacy Enhancing Technologies),
Victoria, Australia, January 30 - February 2, 2007.
[posted here 7/27/06]
AISW-Pet aims at promoting research on privacy enhancing technologies
and increasing the synergy between academic and industrial researchers
working in this area. It is a one-day workshop to be held in conjunction
with the Australasian Computer Science Conference.
We seek submissions from academic and industrial researchers on all
theoretical and practical aspects of privacy enhancing technologies.
Suggested topics include but are not restricted to:
- Anonymity and unobservability modeling
- Attacks on anonymity systems
- Cryptography
- Ethics, policy and law relating to privacy
- Identity management and identity theft
- Privacy and anonymity in peer-to-peer architectures
- Privacy-enhanced data authentication/certification
- Privacy in ubiquitous computing
- Privacy preserving access control
- Privacy preserving data mining
- Protocols that preserve anonymity/privacy
- Security of statistical databases
- Usability issues and user interfaces for PETs
- Traffic analysis
- Trust and privacy
For more information, please see
http://www.newcastle.edu.au/conference/aisw2007/.
IFIP-DF 2007
3rd Annual IFIP WG 11.9 International Conference on Digital Forensics,
Orlando, Florida, USA, January 29-31, 2007.
[posted here 8/20/06]
The IFIP Working Group 11.9 on Digital Forensics is an active international
community of scientists, engineers and practitioners dedicated to advancing the
state of the art of research and practice in the emerging field of digital forensics.
Technical papers are solicited in all areas related to the theory and practice
of digital forensics. Areas of special interest include, but are not limited to:
- Theories, techniques and tools for extracting, analyzing and preserving digital evidence
- Operating system and file system forensics
- Network forensics
- Portable electronic device forensics
- Digital forensic processes and workflow models
- Digital forensic case studies
- Legal, ethical and policy issues related to digital forensics
For more information, please see
http://www.cis.utulsa.edu/ifip119/Conferences/WG11-9CallForPapers.asp.
DIMACS-ISE 2007
DIMACS Workshop on Information Security Economics,
Rutgers University, Piscataway, New Jersey, USA, January 18 - 19, 2007.
[posted here 9/3/06]
The DIMACS Workshop on Information Security Economics aims at enlarging
the interest in this area by bringing together researchers already engaged
in the field with other scientists and investigators in disciplines such as
economics, business, statistics, and computer science. We encourage researchers
and industry experts to submit manuscripts with original work to the workshop;
we especially encourage collaborative and interdisciplinary research from
authors in multiple fields.
Topics of interest include (but are not limited to) empirical and
theoretical works on the economics of:
- vulnerabilities and malicious code
- spam, phishing, and identity theft
- privacy, reputation, and trust
- DRM and trusted computing
- cyber-insurance, returns on security investments, and security risk management
- security risk perception at the firm and individual levels
For more information, please see
http://dimacs.rutgers.edu/Workshops/InformationSecurity/.
IAMCOM 2007
1st Workshop on Information Assurance Middleware for COMmunications,
Bangalore, India, January 12, 2007.
[posted here 8/20/06]
The goal of IAMCOM workshop is to offer a focused forum to discuss the on-going
research in the area of middleware for dependable communications. Middleware for
dependable communications addresses the issues of providing sustainable guarantees on
session-level QoS, performance, integrity, availability and security through a
repertoire of generic software/hardware tools and models. Papers are solicited
on middleware topics pertaining to the communication layers of a distributed network
system. Topics of interest include, but not limited to:
- QoS assurance architectures
- Network state fusion, monitoring
- Tools for detecting DOS attacks
- Utility-based QoS adaptation
- Communication security: authentication, confidentiality
- Adaptive encryption techniques
- Capacity provisioning
- Network survivability
- Dynamic bandwidth allocations
- Traffic engineering
- Distributed consensus/voting
- Self-healing networks
- Topology management
- Failure detectors
- Diversity management and control
For more information, please see
http://www.iamcom.org/.
HICSS-CTER 2007
40th Annual Hawaii International Conference on System Sciences,
Cyber-Threats and Emerging Risks Minitrack,
Waikoloa, Hawaii, USA, January 3-6, 2007.
[posted here 6/10/06]
This mini-track addresses issues related to detecting, mitigating
and preventing the threat of computer-based attacks and operational
failures. Papers that address improving the security of
computer-reliant organizations from these threats through technical
or behavioral change are encouraged. These may include simulation
studies, case-based research, and other applications of quantitative
and qualitative methods. Topics include, but are not limited to::
- Identifying modes of misuse
- Applications of access policies
- Analysis of known and unknown modes of attack
- Separating anomalous from routine behavior
- Adapting outsider-based threat prevention to insider risks
- Modeling risks and approaches to mitigation
- Teaching and training security and business managers about the risks of cyber-attacks
For more information, please see
http://www.hicss.hawaii.edu/hicss_40/fincfp.htm#Cyber-Threats%20and%20Emerging%20Risks.
HICSS-SSADIA 2007
40th Annual Hawaii International Conference on System Sciences,
Secure Software Architecture, Design, Implementation and Assurance (SSADIA) Minitrack,
Waikoloa, Hawaii, USA, January 3-6, 2007.
[posted here 3/27/06]
The Secure Software Architecture, Design, Implementation and
Assurance minitrack focuses on the research and automation
required to develop secure software systems that do not
compromise other system properties such as performance or reliability.
Current security engineering methods are demonstrably inadequate, as
software vulnerabilities are currently being discovered at the rate of
over 4,000 per year. These vulnerabilities are caused by software designs
and implementations that do not adequately protect systems and by
development practices that do not focus sufficiently on eliminating
implementation defects that result in security flaws. An opportunity
exists for systematic improvement that can lead to secure software
architectures, designs, and implementations.
The following topics are appropriate topics for research papers:
- Static analysis tools and techniques for detecting security
flaws and software vulnerabilities in source or binary code
- Dynamic analysis tools for detecting security flaws and
software vulnerabilities in source or binary code
- Model checking tools for detecting security flaws and software
vulnerabilities in software systems
- Software architectures and designs for securing against
denial-of-service attacks and other software exploits
- Coding practices for improved security and secure library
implementations
- Computational security engineering
- Other tools and techniques for reducing or eliminating
vulnerabilities during development and maintenance
For more information, please see
http://www.sei.cmu.edu/community/hicss/.
HICSS-HTC 2007
40th Annual Hawaii International Conference on System Sciences,
Highly Trustworthy computing (HTC) mini-track,
Waikoloa, Hawaii, USA, January 3-6, 2007.
[posted here 5/1/06]
HICSS conferences are devoted to advances in the information, computer,
and system sciences, and encompass developments in both theory and
practice. Starting in HICSS 40, the Software Technology track has a
cluster of complementary mini-tracks in the area of computer security.
The Highly Trustworthy computing (HTC) mini-track focuses on both
applied and fundamental research to support the protection of high
value information, such that both the behavior of the system and the
absence of contrary behavior can be ensured to a high degree. The use of
formal methods, hardware-based security primitives, and rigorous development
processes are some of the significant components in HTC. We are interested
in papers describing new results in the application, theory and
foundations of highly trustworthy computing. We invite papers that
demonstrate results through mathematical techniques as well as those
that provide convincing analysis and/or data regarding new concepts.
The topics covered in this category include, but are not limited to the
support of highly trustworthy computing through:
- System development and verification techniques
- System and network security architectures
- Support for dynamic security policies
- Relationship of dynamic security to multi-level security
- Hardware-software co-design
- System and network evaluation techniques
- Formal models and other theoretical foundations
For more information, please see
http://cisr.nps.edu/HICSS/.
