Contents
ICISS 2010
6th International Conference on Information Systems Security,
Gandhinagar, India, December 15-19, 2010.
[posted here 04/12/10]
The ICISS 2010 encourages submissions addressing theoretical
and practical problems in information and systems security
and related areas. We especially like to encourage papers in
domains that have not been represented
much in the past at the conference, such as database security/privacy,
usability aspects of security, operating systems security, and sensor
networks security. Papers that introduce and address unique security
challenges or present thought-provoking ideas are also welcome.
For more information, please see
http://www.cs.wisc.edu/iciss10/.
ICICS 2010
12th International Conference on Information and
Communications Security,
Barcelona, Spain, December 15-17, 2010.
[posted here 06/14/10]
The 2010 International Conference on Information and Communications
Security will be the 12th event in the ICICS conference series,
started in 1997, which will bring together individuals involved
in multiple disciplines of Information and Communications Security
to foster exchange of ideas. Original papers on all aspects of
Information and Communications Security are solicited for
submission to ICICS 2010. Topics of interest include, but
are not limited to, access control, anonymity and privacy,
applied cryptography, biometric security, data and system
integrity, fraud control, information hiding, intrusion
detection, key management and recovery, risk evaluation,
watermarking and digital fingerprinting, and security
certification. Security applications of interest comprise,
among others, computer networks, databases, distributed
systems and grid computing, e-commerce, e-voting, intellectual
property, mobile computing, and software protection.
For more information, please see
http://www.icics2010.org.
INTRUST 2010
International Conference on Trusted Systems,
Beijing, China, December 13-15, 2010.
[posted here 04/12/10]
INTRUST 2010 conference focuses on the theory, technologies and applications of
trusted systems. It is devoted to all aspects of trusted computing systems,
including trusted modules, platforms, networks, services and applications,
from their fundamental features and functionalities to design principles,
architecture and implementation technologies. The goal of the conference is
to bring academic and industrial researchers, designers, and implementers
together with end-users of trusted systems, in order to foster the exchange
of ideas in this challenging and fruitful area.
INTRUST 2010 solicits original papers on any aspect of the theory, advanced
development and applications of trusted computing, trustworthy systems and
general trust issues in modern computing systems. The conference will have
an academic track and an industrial track. This call for papers is for
contributions to both of the tracks. Submissions to the academic track
should emphasize theoretical and practical research contributions to
general trusted system technologies, while submissions to the industrial
track may focus on experiences in the implementation and deployment of
real-world systems.
For more information, please see
http://www.tcgchina.org.
Pairing 2010
4th International Conference on Pairing-based Cryptography,
Yamanaka Hot Spring, Japan, December 13-15, 2010.
[posted here 03/29/10]
The focus of Pairing 2010 is on all aspects of pairing-based cryptography,
including: cryptographic primitives and protocols, mathematical foundations,
software and hardware implementation, and applied security.
For more information, please see
http://www.thlab.net/pairing2010/.
WIFS 2010
International Workshop on Information Forensics & Security,
Seattle, WA, USA, December 12-15, 2010.
[posted here 05/10/10]
WIFS is an avenue for knowledge exchange that encompasses a broad range of
disciplines and facilitates the flow of ideas between various disparate
communities that constitute information security. With this focus, we
hope that researchers will identify new opportunities for collaboration
across disciplines and gain new perspectives. The conference will feature
prominent keynote speakers, tutorials, and lecture sessions.
Appropriate topics of interest include, but are not limited to:
- Computer Security
- Forensics Analysis
- Biometrics
- Network Security
- Cryptography for Multimedia content
- Usability aspects of security
- Information theory and security
- Privacy
- Data hiding
- Surveillance
- Digital Rights Management
- Secure applications
- Hardware Security
For more information, please see
http://www.wifs10.org.
TrustCom 2010
IEEE/IFIP International Symposium on Trusted Computing and Communications,
Hong Kong SAR, China, December 11-13, 2010.
[posted here 03/29/10]
With the rapid development and the increasing complexity of computer and communications
systems and networks, traditional security technologies and measures can not meet the
demand for integrated and dynamic security solutions. As a challenging and innovative
research field, trusted computing and communications target computer and communications
systems and networks that are available, secure, reliable, controllable, dependable,
and so on. In a word, they must be trustworthy. If we view the traditional security as
identity trust, the broader field of trusted computing and communications also includes
behavior trust of systems and networks. In fact, trusted computing and communications
have become essential components of various distributed services, applications, and
systems, including ad-hoc networks, peer-to-peer networks, social networks, semantic
webs, e-commence, e- government, pervasive, ubiquitous, and cyber-physical systems.
TrustCom-10 is an international forum for presenting and discussing emerging ideas
and trends in trusted computing and communications in computer systems and networks
from both the research community as well as the industry. Topics of interest include,
but are not limited to:
- Trust semantics, metrics, and models
- Trust inference, computation, and
- Trusted computing platform
- Trusted network computing
- Trusted operating systems
- Trusted software
- Trusted database
- Trusted services and applications
- Trusted communications
- Trust in e-commerce and e-government
- Trust in mobile and wireless networks
- Reliable and fault-tolerant computer systems/networks
- Survivable computer systems/networks
- Cryptography and security protocols
- Authentication in computer systems/networks
- Access control in computer systems/networks
- Key management in computer systems/networks
- Anonymity and privacy in computer systems/networks
- Trust in emerging applications
- Miscellaneous trust issues
For more information, please see
http://trust.csu.edu.cn/conference/trustcom2010.
ACSAC 2010
26th Annual Computer Security Applications Conference,
Austin, Texas, USA, December 6-10, 2010.
[posted here 02/22/10]
ACSAC is an internationally recognized forum where practitioners,
researchers, and developers in information system security meet to
learn and to exchange practical ideas and experiences. If you are
developing, researching, or implementing practical solutions for
protecting corporate or government information infrastructures,
consider sharing your experience and expertise at this conference.
We are looking for papers, panels, tutorials, posters, works-in-progress,
case studies, and workshops that address such technologies,
concerns, and issues as:
- Access control and biometrics
- Applied cryptography
- Audit and audit reduction
- Biometrics
- Certification and accreditation
- Cloud security
- Database security
- Denial of service protection
- Digital policy
- Distributed systems security
- Electronic commerce security
- Enterprise security management
- Forensics
- Identification and authentication
- Identity and trust management
- Incident response planning
- Information survivability
- Insider threat protection
- Intellectual property rights
- Intrusion detection
- Mobile and wireless security
- Multimedia security
- Operating systems security
- Peer-to-peer security
- Privacy and data protection
- Product evaluation/compliance
- Risk/vulnerability assessment
- Securing cloud infrastructures
- Security engineering and management
- Security in IT outsourcing
- Service oriented architectures
- Software assurance
- Virtualization security
- Web 2.0/3.0 security
For more information, please see
http://www.acsac.org.
In-Bio-We-Trust 2010
International Workshop on Bio-Inspired Trust Management for Information Systems,
Held in conjunction with the Bionetics 2010,
Boston, MA, USA, December 1-3, 2010.
[posted here 06/21/10]
Traditional security mechanisms fall short of what new information systems
need. To fix this problem, two research communities have recently proposed
new security mechanisms. One of those communities is called "bio-inspired
systems" and is increasingly borrowing ideas from nature to make information
systems more effective and robust. The other is called "trust management systems" and
has been proposing and scrutinizing algorithms for information systems
that mimic how people manage trust in society. Increasingly the two
communities are working on similar research problems but, alas, they
are doing so separately. Although there is an enormous number of
potentially useful bio-inspired mechanisms that can be exploited in
trust management, it comes as a surprise that bio-inspired trust
management has not received any attention at all.
Clearly,the dialog between researchers in bio-inspired systems and in trust
management should widen. The workshop seeks to bring together the
world's experts in both communities, and to stimulate and
disseminate interesting research ideas and results.
Contributions are solicited in all aspects of bio-inspired and
trust management systems, including:
- Bio-inspired models for managing trust in any information systems:
virtual organizations, grid and cloud computing,
mobile-ad-hoc/opportunistic/delay-tolerant networks,
service oriented architectures,
self-organizing networks and communities,
mobile cooperative systems,
mobile platforms, recommender systems.
- Fixed and mobile architectures and protocols for distributed trust management.
- Identity management in trust models.
- Security attacks to trust systems and adaptive bio-inspired defenses.
- Incorporation of bio-inspired algorithms into security communication
protocols and computing architectures.
- Descriptions of pilot programs, case studies, applications,
work-in-progress, surveys, and experiments integrating biological
designs or trust and security aspects into information systems.
For more information, please see
http://inbiowetrust.org.
CPSRT 2010
International Workshop on Cloud Privacy, Security, Risk & Trust,
Held in conjunction with the 2nd IEEE International Conference
on Cloud Computing Technology and Science (CloudCom 2010),
Indianapolis, IN, USA, November 30 - December 3, 2010.
[posted here 06/21/10]
Cloud computing has emerged to address an explosive growth of
web-connected devices, and handle massive amounts of data. It is
defined and characterized by massive scalability and new
Internet-driven economics. Yet, privacy, security, and trust
for cloud computing applications are lacking in many instances
and risks need to be better understood. Privacy in cloud computing
may appear straightforward, since one may conclude that as
long as personal information is protected, it shouldn’t matter
whether the processing is in a cloud or not. However, there may be
hidden obstacles such as conflicting privacy laws between the
location of processing and the location of data origin. Cloud
computing can exacerbate the problem of reconciling these locations
if needed, since the geographic location of processing can be
extremely difficult to find out, due to cloud computing’s dynamic
nature. Another issue is user-centric control, which can be a legal
requirement and also something consumers want. However, in cloud
computing, the consumers' data is processed in the cloud, on machines
they don't own or control, and there is a threat of theft, misuse or
unauthorized resale. Thus, it may even be necessary in some cases to
provide adequate trust for consumers to switch to cloud services.
In the case of security, some cloud computing applications simply
lack adequate security protection such as fine-grained access control
and user authentication (e.g. Hadoop). Since enterprises are attracted
to cloud computing due to potential savings in IT outlay and management,
it is necessary to understand the business risks involved. If cloud
computing is to be successful, it is essential that it is trusted by
its users. Therefore, we also need studies on cloud-related trust
topics, such as what are the components of such trust and how can
trust be achieved, for security as well as for privacy.
The CPSRT workshop will bring together a diverse group of academics
as well as government and industry practitioners in an integrated
state-of-the-art analysis of privacy, security, risk, and
trust in the cloud. The workshop will address cloud issues
specifically related to (but not limited to) the following
topics of interest:
- Access control and key management
- Security and privacy policy management
- Identity management
- Remote data integrity protection
- Secure computation outsourcing
- Secure data management within and across data centers
- Secure distributed data storage
- Secure resource allocation and indexing
- Intrusion detection/prevention
- Denial-of-Service (DoS) attacks and defense
- Web service security, privacy, and trust
- User requirements for privacy
- Legal requirements for privacy
- Privacy enhancing technologies
- Privacy aware map-reduce framework
- Risk or threat identification and analysis
- Risk or threat management
- Trust enhancing technologies
- Trust management
For more information, please see
http://cpsrt.cloudcom.org/.
SecIoT 2010
1st Workshop on the Security of the Internet of Things,
Held in conjunction with the Internet of Things 2010,
Tokyo, Japan, November 29, 2010.
[posted here 07/19/10]
While there are many definitions of the Internet of Things (IoT), all of them
revolve around the same central concept: a world-wide network of interconnected
objects. These objets will make use of multiple technological building blocks,
such as wireless communication, sensors, actuators, and RFID, in order to
allow people and things to be connected anytime anyplace, with anything and
anyone. However, before this new vision takes its first steps, it is essential
to consider the security implications of billions of intelligent things
cooperating with other real and virtual entities over the Internet.
SecIoT'10 wants to bring together researchers and professionals from
universities, private companies and Public Administrations interested or
involved in all security-related heterogeneous aspects of the Internet of
Things. We invite research papers, work-in-progress reports, R&D projects
results, surveying works and industrial experiences describing significant
security advances in the following (non-exclusive) areas of the Internet of Things:
- New security problems in the context of the IoT
- Privacy risks and data management problems
- Identifying, authenticating, and authorizing entities
- Development of trust frameworks for secure collaboration
- New cryptographic primitives for constrained "things"
- Connecting heterogeneous ecosystems and technologies
- Legal Challenges and Governance Issues
- Resilience to external and internal attacks
- Context-Aware security
- Providing protection to an IP-connected IoT
- Web services security and other application-layer issues
For more information, please see
http://www.isac.uma.es/seciot10.
GameSec 2010
The Inaugural Conference on Decision and Game Theory for Security,
Berlin, Germany, November 22-23, 2010.
[posted here 03/29/10]
Securing complex and networked systems and managing associated risks become
increasingly important as they play an indispensible role in modern life at the
turn of the information age. Concurrently, security of ubiquitous communication,
data, and computing pose novel research challenges. Security is a multi-faceted
problem due to the complexity of underlying hardware, software, and network
inter- dependencies as well as human and social factors. It involves decision
making in multiple levels and multiple time scales, given the limited resources
available to both malicious attackers and administrators defending networked
systems. GameSec conference aims to bring together researchers who aim to establish a
theoretical foundation for making resource allocation decisions that balance
available capabilities and perceived security risks in a principled manner. The
conference focuses analytical models based on game, information, communication,
optimization, decision, and control theories that are applied to diverse
security topics. At the same time, the connection between theoretical models and
real world security problems are emphasized to establish the important feedback
loop between theory and practice. Observing the scarcity of venues for
researchers who try to develop a deeper theoretical understanding of the
underlying incentive and resource allocation issues in security, we believe that
GameSec will fill an important void and serve as a distinguished forum of
highest standards for years to come. Topics of interest include
(but are not limited to):
- Security games
- Security and risk management
- Mechanism design and incentives
- Decentralized security algorithms
- Security of networked systems
- Security of Web-based services
- Security of social networks
- Intrusion and anomaly detection
- Resource allocation for security
- Optimized response to malware
- Identity management
- Privacy and security
- Reputation and trust
- Information security and watermarking
- Physical layer security in wireless networks
- Information theoretic aspects of security
- Adversarial machine learning
- Distributed learning for security
- Cross-layer security
- Usability and security
- Human behavior and security
- Dynamic control of security system
- Organizational aspects of risk management
- Cooperation and competition in security
For more information, please see
http://www.gamesec-conf.org/.
IDMAN 2010
2nd IFIP WG 11.6 Working Conference on Policies & Research in Identity Management,
Oslo, Norway, November 18–19, 2010.
[posted here 11/23/09]
Papers offering research contributions focusing on identity management in
general and surveillance and monitoring in particular are solicited for
submission to the 2nd IFIP WG-11.6 International Conference on Identity
Management. Papers may present theory, applications or practical experiences
in the field of national identity management, from both a technical and a
social perspective, including, but not necessarily limited to:
- History
- Law
- Philosophical and ethical aspects
- Economics Impact of surveillance and monitoring in both the physical
world and in cyberspace
- Impact on society and politics
- Impact on e-government and e-government applications
- Consecutive developments in social tracking, -tracing and -sorting
- Quality of identity management in general
- Quality identity data, processes and applications
- Security and identity management
- User centered, usable and inclusive identity management
- Attacks on identity management infrastructure and procedures Central
storage of general and biometric identity data
- Effectiveness of surveillance and monitoring in fighting terrorism,
international crime and human trafficking
- Methods of identification and authentication
- Models of identification procedures
- Models of inclusive identification and authentication procedures
- Government PKI
- (Possible) role of pseudonymous and anonymous identity in identity management
- Electronic Ids European and worldwide policies and cooperation in the field of
identity management and surveillance and monitoring
- (Inter)national policies on unique identifiers /social security numbers / personalisation IDs
- (Inter)national applications of biometrics
- Vulnerabilities of electronic identification protocols
- Federative identity management and de-perimetrization
- Fraud, fraud detection, fraud resistence of technologies
- Biometric verification, assurance, metrics and measurements
- Fraud resistance of biometrics
- Junction between (large scale) applications of identity management and
surveillance and monitoring
- Data Protection
- Privacy and Privacy Enhancing Technologies (PETs) in identity management
- Privacy Intrusion Technologies (PITs) in identity management
- Privacy side-effects and privacy risks assessment of identity management
Intelligence and (inter)national threats
- Impersonation, identity fraud, identity forge and identity theft
- Tracing, monitoring and forensics
For more information, please see
http://ifipidman2010.nr.no/ifipidman2010/index.php5/Main_Page.
HST 2010
10th IEEE International Conference on Technologies for Homeland Security,
Waltham, MA, USA, November 8-10, 2010.
[posted here 11/23/09]
The tenth annual IEEE Conference on Technologies for Homeland Security
will focus on innovative technologies for deterring and preventing attacks,
protecting critical infrastructure and individuals, and mitigating damage
and expediting recovery. Submissions are desired in the broad areas of
critical infrastructure and key resources protection (CIKR),
border protection and monitoring, and disaster recovery and response,
with application within about five years.
For more information, please see
http://ieee-hst.org/.
CWECS 2010
1st International Workshop on Cloud, Wireless and e-Commerce Security,
Fukuoka, Japan, November 4-6, 2010.
[posted here 05/03/10]
In the last few years, due to increase in number of Cloud computing, Wireless
network and E-Commerce (CWEC) applications and studies, the security issues
and pivotal challenges include integrity verification, authentication, access
control, attack prevention, etc., are also increasing. Recently, security
technologies are booming. However, to achieve the whole security target for
Cloud computing, wireless network and e-commerce, it requires much more than
the mere application of current core technologies. The main purpose of this
workshop is to bring together the researchers from academia and industry as
well as practitioners to share ideas, problems and solutions relating to the
multifaceted aspects of Security Technology in Cloud computing, wireless
network and e-commerce, particularly aiming to promote state-of-the-art
research in this area. Topics (included, but are not limited to):
- Handover Security
- Network Mobility Security
- VoIP Security
- Mobile Agent Security
- Wireless Grid Security
- RFID Security
- Cell Phone, PDA and Potable Device Security
- Mobile, Ad Hoc and Sensor Network Security
- 3G ~ 4G Communication Security
- Access Control, Authentication and Authorization for CWEC
- Cryptography, Cryptanalysis and Digital Signatures for CWEC
- Key Management and Recovery for CWEC
- Trust Negotiation, Establishment and Management for CWEC
- Network Management for CWEC
- Performance Evaluation for CWEC
- Privacy, Data Integrity and Data Protection for CWEC
- Computer Forensics for CWEC
- Security Threats and Countermeasures for CWEC
- Cross-layer Design for CWEC
For more information, please see
http://dblab.csie.thu.edu.tw/CWECS.
SIDEUS 2010
1st International Workshop on Securing Information in
Distributed Environments and Ubiquitous Systems,
Fukuoka, Japan, November 4-6, 2010.
[posted here 02/22/10]
At present time, the maturity of research in the field of distributed
systems, such as P2P, Grid, Cloud or Internet computing, has pushed through
new problems such us those related with security. In systems where the information
freely flows across the network, the task of securing it becomes a real
concern, and thus an interesting research challenge. For that reason, security
is becoming one of the key issues when evaluating such systems and it is
important to determine which security mechanisms are available, and how they
fit to every particular scenario. The aim of this workshop is to provide a
forum for the discussion of ideas on regards to the current challenges and solutions
to security in an environment that is rapidly developing such as P2P, Grid, Cloud or
Internet computing. The main topics include (but are not limited to):
- Securing the Internet of Things (IoT)
- Membership and access control
- Identity management in distributed systems
- Security in JXTA-based applications
- Privacy and anonymity technologies
- Secure distributed storage
- Security issues in Vehicular Networks (VANETs)
- Securing P2P networks against third-party attacks
- Security and privacy in Delay-Tolerant Networks (DTN)
- Integrating security in protocols
- Assessment of information security
For more information, please see
http://www.sideus-conf.org.
SRCAC 2010
The MITRE Corporation: Secure and Resilient Cyber Architectures Conference,
McLean, VA, USA, Friday, October 29, 2010.
[posted here 08/30/10]
This one-day conference will bring together researchers, practitioners,
vendors, and architects to discuss and explore issues relating to secure
and resilient architectures in the face of cyber attacks by the advanced
persistent threat. In advance of the event, MITRE has issued a call for papers
inviting interested presenters to submit short abstracts of original work on
architectural strategies and techniques for resiliency against cyber attacks
that address any of the following topics:
- Diversity
- Redundancy
- Virtualization
- Integrity
- Separation and Isolation
- Detection and Monitoring
- Non-persistence
- Distributedness and Moving Target Defense
- Adaptive Management and Responses
- Randomness and Deception
- Graceful Degradation
For more information, please see
https://register.mitre.org/sr/.
EC2ND 2010
6th European Conference on Computer Network Defense,
Berlin, Germany, October 28-29, 2010.
[posted here 05/24/10]
EC2ND 2010 invites submissions presenting novel ideas in the areas of
network defense, intrusion detection and systems security. Topics for
submission include, but are not limited to:
- Intrusion Detection
- Malicious Software
- Web Security
- Machine Learning for Security
- Peer-to-Peer and Grid Security
- Wireless and Mobile Security
- Network Forensics
- Network Discovery and Mapping
- Incident Response and Management
- Privacy Protection
- Cryptography
- Legal and Ethical Issues
For more information, please see
http://2010.ec2nd.org.
ISC 2010
13th Information Security Conference,
Boca Raton, Florida, USA, October 25-28, 2010.
[posted here 01/19/10]
ISC is an annual international conference covering research (both
theory and applications) in Information Security.
The conference seeks submissions from academia, industry, and government that
present novel research on all theoretical and practical aspects of
Information Security. Topics of interest include, but are not limited to:
- access control
- accountability
- anonymity and pseudonymity
- applied cryptography
- authentication
- biometrics
- computer forensics
- cryptographic protocols
- database security
- data protection
- data/system integrity
- digital right management
- economics of security and privacy
- electronic frauds
- formal methods in security
- identity management
- information dissemination control
- information hiding and watermarking
- intrusion detection
- network security
- peer-to-peer security
- privacy
- secure group communications
- security and privacy in pervasive/ubiquitous computing
- security in information flow
- security in IT outsourcing
- security for mobile code
- security of grid computing
- security of eCommerce, eBusiness and eGovernment
- security in location services
- security modeling and architectures
- security models for ambient intelligence environments
- security in social networks
- trust models and trust management policies
- embedded security
For more information, please see
http://math.fau.edu/~isc2010/.
CCW 2010
12th International Conference on Information and
Communications Security,
Lake Arrowhead, CA, USA, October 25-27, 2010.
[posted here 06/21/10]
The IEEE Computer Communications Workshop (CCW) is the annual flagship
meeting of the Communications Society's Technical Committee on Computer
Communications (TCCC). CCW is a panel-based workshop with informal,
interactive sessions exploring emerging issues and trends in networking
and computer communications. We are soliciting proposals for panel
and sessions for this year's workshop. Themes of interest for 2010
include, but are not limited to, the following: network issues
in cloud computing/storage, smart grids, cyber/network
security & privacy, data-centric networking,
network management and green networking.
For more information, please see
http://www.ieee-ccw.org/.
WESS 2010
5th Workshop on Embedded Systems Security,
Scottsdale, AZ, USA, October 24, 2010.
[posted here 06/07/10]
Embedded computing systems are widely found in application areas ranging
from safety-critical systems to vital information management. This
introduces a large number of security issues. Embedded systems are
vulnerable to remote intrusion, local intrusion, fault-based and
power/timing-based attacks, intellectual-property theft, subversion,
hijacking and more. Due to their strong link to software engineering
and hardware engineering, these security issues are different from
the traditional security problems found on personal computers. For
example, embedded devices are resource-constrained in power and
performance, which requires them to use computationally efficient
solutions. They have a very weak physical trust boundary, which
enables many different implementation-oriented attacks. They use
an intimate connection between hardware and software, often
without the shielding of an operating system. This workshop
provides a forum for researchers to present novel ideas on
addressing security issues that arise in the design, the operation,
and the testing of secure embedded systems. Of particular interest
are security topics that are unique to embedded systems.
Topics of Interest:
- Trust models for secure embedded hardware and software
- Isolation techniques for secure embedded hardware,
hyperware, and software
- System architectures for secure embedded systems
- Metrics for secure design of embedded hardware and software
- Security concerns for medical and other applications of
embedded systems
- Support for intellectual property protection and anti-counterfeiting
- Specialized components for authentication, key storage and key generation
- Support for secure debugging and troubleshooting
- Implementation attacks and countermeasures
- Design tools for secure embedded hardware and software
- Hardware/software codesign for secure embedded systems
- Specialized hardware support for security protocols
For more information, please see
http://www.wess-workshop.org/.
Malware 2010
5th IEEE International Conference on Malicious and Unwanted Software,
Nancy, France, October 20-21, 2010.
[posted here 03/29/10]
The conference is designed to bring together experts from industry, academia,
and government to present and discuss, in an open environment, the latest
advances and discoveries in the field of malicious and unwanted software.
Techniques, economics and legal issues surrounding the topic of Malware,
and the methods to detect and control them will be discussed.
This year’s conference will pay particular attention to (and will also be
extensively discussed in a panel session) the pressing topic of “Malware and
Cloud Computing”. As low-cost Netbooks become popular, Google’s Chrome OS enters
the mainstream, and social networks (Facebook, YouTube, Twitter, LinkedIn, and so
forth) become ubiquitous, the security dangers associated with the new computing
paradigm increase exponentially. In effect, “Cloud Computing”, Multi-tenant,
Single Schema, Single Server Platforms (C2S3P) increase vulnerabilities by
providing a single point of failure and attack for organized criminal networks.
Critical/sensitive/private information is at risk, and very much like previous
technology adoption trends, such as wireless networks, the dash for success is
trumping the need for security.
For more information, please see
http://malware10.loria.fr/.
eCRS 2010
eCrime Researchers Summit,
Dallas, Texas, USA, October 18-20, 2010.
[posted here 03/08/10]
eCRS 2010 will bring together academic researchers, security practitioners,
and law enforcement to discuss all aspects of electronic crime and ways to
combat it, Topics of interests include (but are not limited to):
- Phishing, rogue-AV, pharming, click-fraud, crimeware, extortion and
emerging attacks
- Technical, legal, political, social and psychological aspects of
fraud and fraud prevention
- Malware, botnets, ecriminal/phishing gangs and collaboration, or money laundering
- Techniques to assess the risks and yields of attacks and the success rates of
countermeasures
- Delivery techniques, including spam, voice mail and rank manipulation; and countermeasures
- Spoofing of different types, and applications to fraud
- Techniques to avoid detection, tracking and takedown; and ways to block such techniques
- Honeypot design, data mining, and forensic aspects of fraud prevention
- Design and evaluation of user interfaces in the context of fraud and network security
- Best practices related to digital forensics tools and techniques, investigative
procedures, and evidence acquisition, handling and preservation
For more information, please see
http://www.ecrimeresearch.org/2010/cfp.html.
ICTCI 2010
4th International Conference on Trusted Cloud Infrastructure,
Shanghai, China, October 18-20, 2010.
[posted here 02/08/10]
Cloud computing redefines ways for storing and processing information
toward that information is permanently stored and processed in large
data centers of shared server infrastructure, and temporarily cached
on and used by client devices. This fundamental paradigm change in our
IT infrastructure has given rise to many new trust and security
challenges for protecting the user's information which is no longer
under well physical controls of the user. Issues from data availability,
integrity and confidentiality, trustworthiness of shared computing and
storage resources, isolation of the user computing space in a virtualized
data center, to IT regulations such as governance, risk and compliance
(IT GRC), etc., now all have new concerns and face unanticipated
vulnerabilities. These invite not only research for better understanding
these new issues but also innovation for novel solutions to emerging
problems. Topics of interests for ICTCI 2010 include, but not limited to,
the following subject categories:
- Theory and practice in Trusted Computing
- Secure operating systems
- Trusted virtual cloud infrastructure
- Secure management of virtualized cloud resources
- Secure network architecture for cloud computing
- Security and privacy aware cloud protocol design
- Access control for data center applications
- Key management for data center applications
- Trust and policy management in clouds
- Identification and privacy in cloud
- Remote data integrity protection
- Off-premise execution software integrity and privacy
- Secure computation outsourcing
- Dynamic data operation security
- Software and data segregation security
- Failure detection and prediction
- Secure data management within and across data centers
- Availability, recovery and auditing
- Secure wireless and mobile connections to the cloud
For more information, please see
http://ppi.fudan.edu.cn/ictci2010/index.html.
CRISIS 2010
5th International Conference on Risks ans Security of Internet and Systems,
Montréal Québec Canada, October 10-13 2010.
[posted here 04/12/10]
The topics addressed by CRiSIS range from the analysis of risks,
attacks to networks and system survivability, to security models,
security mechanisms and privacy enhancing technologies. The authors
are invited to submit research results as well as practical experiment
or deployment reports. Industrial papers about applications or case studies are
also welcomed in different domains (e.g., telemedicine, banking,
e-government, elearning, e-commerce, critical infrastructures,
mobile networks, embedded applications, etc.). The list of topics
includes but is not limited to:
- Analysis and management of risk
- Attacks and defences
- Attack data acquisition (honeypots) and network monitoring
- Cryptography, Biometrics, Watermarking
- Dependability and fault tolerance of Internet applications
- Distributed systems security
- Embedded system security
- Intrusion detection and Prevention systems
- Hardware-based security and Physical security
- Key management Infrastructure (PKI) and trust management
- Organizational, ethical and legal issues
- Privacy protection, anonymization, PETs
- Security and dependability of operating systems
- Security and safety of critical infrastructures
- Security and privacy of peer-to-peer system
- Security and privacy of wireless networks
- Security models and security policies
- Security of new generation networks, security of VoIP and multimedia
- Security of e-commerce, electronic voting and database systems
- Traceability, metrology and forensics
- Use of smartcards and personal devices for Internet applications
- Web security
For more information, please see
http://www.crisis2010.org/index.htm.
TrustCol 2010
5th International Workshop on Trusted Collaboration,
Held in conjunction with the CollaborateCom 2010,
Chicago, Illinois, USA, October 9, 2010.
[posted here 05/03/10]
The ongoing, rapid developments in information systems technologies
and networking have enabled significant opportunities for streamlining
decision making processes and maximizing productivity through distributed
collaborations that facilitate unprecedented levels of sharing of
information and computational resources. Emerging collaborative
environments need to provide efficient support for seamless integration
of heterogeneous technologies such as mobile devices and infrastructures,
web services, grid computing systems, online social networks, various
operating environments, and diverse COTS products. Such heterogeneity
introduces, however, significant security and privacy challenges for
distributed collaborative applications. Balancing the competing goals of
collaboration and security is difficult because interaction in collaborative
systems is targeted towards making people, information, and resources
available to all who need it whereas information security seeks to ensure
the availability, confidentiality, and integrity of these elements while
providing it only to those with proper trustworthiness. The key goal of
this workshop is to foster active interactions among diverse researchers
and practitioners, and generate added momentum towards research in finding
viable solutions to the security and privacy challenges faced by the
current and future collaborative systems and infrastructures.
We solicit unpublished research papers that address theoretical issues
and practical implementations/experiences related to security and
privacy solutions for collaborative systems.
Topics of interest include, but are not limited to:
- Secure dynamic coalition environments
- Secure distributed multimedia collaboration
- Privacy control in collaborative environments
- Secure workflows for collaborative computing
- Policy-based management of collaborative workspace
- Secure middleware for large scale collaborative infrastructures
- Security and privacy issues in mobile collaborative applications
- Security frameworks and architectures for trusted collaboration
- Secure interoperation in multidomain collaborative environments
- Identity management for large scale collaborative infrastructures
- Semantic web technologies for secure collaborative infrastructure
- Trust models, trust negotiation/management for collaborative systems
- Access control models and mechanisms for collaboration environments
- Protection models and mechanisms for peer-to-peer collaborative environments
- Delegation, accountability, and information flow control in collaborative applications
- Intrusion detection, recovery and survivability of collaborative systems/infrastructures
- Security of web services and grid technologies for supporting multidomain collaborative applications
- Security and privacy challenges in cloud-based collaborative applications
For more information, please see
http://scl.cs.nmt.edu/trustcol10/.
CCSW 2010
ACM Cloud Computing Security Workshop,
Held in conjunction with ACM CCS 2010,
Chicago, Illinois, USA, October 9, 2010.
[posted here 06/07/10]
Notwithstanding the latest buzzword (grid, cloud, utility computing,
SaaS, etc.), large-scale computing and cloud-like infrastructures are
here to stay. How exactly they will look like tomorrow is still for
the markets to decide, yet one thing is certain: clouds bring with
them new untested deployment and associated adversarial models and
vulnerabilities. It is essential that our community becomes involved
at this early stage. The CCSW workshop aims to bring together
researchers and practitioners in all security aspects of cloud-centric
and outsourced computing, including:
- secure cloud resource virtualization mechanisms
- secure data management outsourcing (e.g., database as a service)
- practical privacy and integrity mechanisms for outsourcing
- foundations of cloud-centric threat models
- secure computation outsourcing
- remote attestation mechanisms in clouds
- sandboxing and VM-based enforcements
- trust and policy management in clouds
- secure identity management mechanisms
- new cloud-aware web service security paradigms and mechanisms
- cloud-centric regulatory compliance issues and mechanisms
- business and security risk models and clouds
- cost and usability models and their interaction with security in clouds
- scalability of security in global-size clouds
- trusted computing technology and clouds
- binary analysis of software for remote attestation and cloud protection
- network security (DOS, IDS etc.) mechanisms for cloud contexts
- security for emerging cloud programming models
- energy/cost/efficiency of security in clouds
For more information, please see
http://crypto.cs.stonybrook.edu/ccsw10/.
NPSec 2010
6th Workshop on Secure Network Protocols,
Held in conjunction with ICNP 2010,
Kyoto, Japan, October 5, 2010.
[posted here 03/08/10]
NPSec2010 focuses on two general areas. The first focus is on the development and
analysis of secure or hardened protocols for the operation (establishment and
maintenance) of network infrastructure, including such targets as secure
multidomain, ad hoc, sensor or overlay networks, or other related target areas.
This can include new protocols, enhancements to existing protocols, protocol
analysis, and new attacks on existing protocols. The second focus is on
employing such secure network protocols to create or enhance network applications.
Examples include collaborative firewalls, incentive strategies for multiparty
networks, and deployment strategies to enable secure applications. NPSec 2010
particularly welcomes new ideas on security in the context of future Internet
design, such as architectural considerations for future Internet security and
new primitives for supporting secure network protocol and application design.
Topics of interest include but are not limited to:
- Security in future Internet architectures (role of security in future
architectures, integrating security in future protocols and applications)
- Secure and/or resilient network protocols (e.g., internetworking/routing,
MANETs, LANs and WLANs, mobile/cellular data networks, P2P and other overlay
networks, federated trust systems, sensor networks)
- Vulnerabilities of existing protocols and applications
(both theoretical and case studies), including attacks
- Key distribution/management
- Intrusion detection and response
- Incentive systems for P2P systems and manet routing
- Secure protocol configuration and deployment
- Challenges and security protocols for social networks
For more information, please see
http://webgaki.inf.shizuoka.ac.jp/~npsec2010/.
SafeConfig 2010
2nd Workshop on Assurable & Usable Security Configuration,
Held in conjunction with ACM CCS 2010,
Chicago, Illinois, USA, October 4, 2010.
[posted here 05/03/10]
A typical enterprise network might have hundreds of security appliances
such as firewalls, IPSec gateways, IDS/IPS, authentication servers,
authorization/RBAC servers and crypto systems. An enterprise network
may also have other non-security devices such as routers, name servers,
protocol gateways, etc. These must be logically integrated into a
security architecture satisfying security goals at and across multiple
networks. Logical integration is accomplished by consistently setting
thousands of configuration variables and rules on the devices. The
configuration must be constantly adapted to optimize protection and
block prospective attacks. The configuration must be tuned to balance
security with usability. These challenges are compounded by the deployment
of mobile devices and ad hoc networks. The resulting security configuration
complexity places a heavy burden on both regular users and experienced
administrators and dramatically reduces overall network assurability and
usability. This workshop will bring together academic as well as industry
researchers to exchange experiences, discuss challenges and propose
solutions for offering assurable and usable security.
For more information, please see
http://hci.sis.uncc.edu/safeconfig/.
STC 2010
5th Annual Workshop on Scalable Trusted Computing,
Held in conjunction with ACM CCS 2010,
Chicago, Illinois, USA, October 4, 2010.
[posted here 04/19/10]
Built on the continued success of previous STC workshops (starting from ACM STC'06)
this workshop focuses on fundamental technologies of trusted computing (in a
broad sense, with or without TPMs) and its applications in large-scale systems --
those involving large number of users and parties with varying degrees of trust.
The workshop is intended to serve as a forum for researchers as well as
practitioners to disseminate and discuss recent advances and emerging issues.
Topics of interests include but not limited to:
Enabling scalable trusted computing
- better approaches to measurement management
- better approaches to attestation
- cryptographic support for trusted computing
- architectural support for trusted computing
- security policies and models of trusted computing
- access control for trusted computing
- architecture and implementation technologies for trusted platform
- virtualization technology for trusted computing
- establishing trust on software, users and services
- intrusion tolerance/resilience in trusted computing
- hardware-based approach to trusted computing
- software-based approach to trusted computing
- censorship-freeness in trusted computing
- principles and technologies for handling scales
- tackling complexity introduced by scalability
Applications of trusted computing
- sustainable services based on trusted computing
- trusted cloud computing
- trusted embedded computing
- killer applications of trusted computing
- case study in trusted computing
- scalable trust and services
- large-scale trusted computing
Pushing the limits
- limitations, alternatives and tradeoffs regarding trusted computing
- realizing trustworthy computing via trusted computing
- understanding expectedness of system properties
- understanding system-level trust and trustworthiness
- novel architectures for putting pieces together for STC
For more information, please see
http://stc2010.trust.rub.de/.
ACM-CCS 2010
17th ACM Conference on Computer and Communications Security,
Chicago, IL, USA, October 4-8, 2010.
[posted here 03/01/10]
The annual ACM Computer and Communications Security Conference is a
leading international forum for information security researchers,
practitioners, developers, and users to explore cutting-edge ideas
and results, and to exchange techniques, tools, and experiences.
The conference seeks submissions from academia, government, and
industry presenting novel research on all practical and theoretical
aspects of computer and communications security, as well as case
studies and implementation experiences. Papers should have relevance
to the construction, evaluation, application, or operation of secure
systems. Theoretical papers must make a convincing argument for the
practical significance of the results. All topic areas related to computer
and communications security are of interest and in scope. Accepted papers
will be published by ACM Press in the conference proceedings.
Outstanding papers will be invited for possible publication in a
special issue of the ACM Transactions on Information and System Security.
For more information, please see
http://www.sigsac.org/ccs/CCS2010/cfp.shtml.
PSDML 2010
ECML/PKDD Workshop on Privacy and Security issues in Data Mining and Machine Learning,
Barcelona, Spain, September 24, 2010.
[posted here 05/03/10]
Privacy and security-related aspects of data mining and machine learning have
been the topic of active research during the last few years, due to the
existence of numerous applications with privacy and/or security requirements.
Privacy issues have become a serious concern due to the collection, analysis
and sharing of personal data by privately owned companies and public sector
organizations for various purposes, such as data publishing or data mining.
This has led to the development of privacy-preserving data mining and machine
learning methods. More general security considerations arise in applications
such as biometric authentication, intrusion detection and response, and malware
classification. This has led to the development of adversarial learning
algorithms, while parallel work in multi-agent settings and in low regret
learning algorithms has revealed interesting interplays between learning and
game theory. The aim of this workshop is to bring together scientists and practitioners who
conduct cutting edge research on privacy and security issues in data mining and
machine learning to discuss the most recent advances in these research areas,
identify open problem domains and research directions, and propose possible
solutions. We invite interdisciplinary research on cryptography, data mining,
game theory, machine learning, privacy, security and statistics. Moreover, we
invite mature contributions as well as interesting preliminary results and
descriptions of open problems on emerging research domains and applications of
privacy and security in data mining and machine learning.
For more information, please see
http://fias.uni-frankfurt.de/~dimitrakakis/workshops/psdml-2010/.
STM 2010
6th International Workshop on Security and Trust Management,
Athens, Greece, September 23-24, 2010.
[posted here 04/19/10]
STM (Security and Trust Management) is a working group of ERCIM
(European Research Consortium in Informatics and Mathematics).
Topics of interest include, but are not limited to:
- access control
- cryptography
- digital right management
- economics of security
- key management
- ICT for securing digital as well as physical assets
- identity management
- networked systems security
- privacy and anonymity
- reputation systems and architectures
- security and trust management architectures
- semantics and computational models for security and trust
- trust assessment and negotiation
- trust in mobile code
- trust in pervasive environments
- trust models
- trust management policies
- trusted platforms and trustworthy systems
- trustworthy user devices
For more information, please see
http://www.isac.uma.es/stm10.
DPM 2010
International Workshop on Data Privacy Management,
Held in conjunction with the ESORICS 2010,
Athens, Greece, September 23, 2010.
[posted here 03/29/10]
The aim of this workshop is to discuss and exchange ideas related to privacy
data management. We invite papers from researchers and practitioners working
in privacy, security, trustworthy data systems and related areas to submit their
original papers in this workshop. The main topics, but not limited to, include:
- Privacy Information Administration
- Privacy Policy-based Infrastructures and Architectures
- Privacy-oriented Access Control Language
- Privacy in Trust Management
- Privacy Data Integration
- Privacy Risk Assessment and Assurance
- Privacy Services
- Privacy Policy Analysis
- Query Execution over Privacy Sensitive Data
- Privacy Preserving Data Mining
- Hippocratic and Water-marking Databases
- Privacy for Integrity-based Computing
- Privacy Monitoring and Auditing
- Privacy in Social Networks
- Privacy in Ambient Intelligence (AmI) Applications
- Conciliation of Individual Privacy and Corporate/National Security
- Privacy in computer networks
- Privacy and RFIDs
- Privacy in Sensor Networks
For more information, please see
http://dpm2010.dyndns.org/.
SETOP 2010
3rd International Workshop on Autonomous and Spontaneous Security,
Held in conjunction with ESORICS 2010,
Athens, Greece, September 23, 2010.
[posted here 05/24/10]
Security and reliability have become a major concern for service oriented
applications as well as for communication systems and networks. With the
need for evolution, if not revolution, of current network architectures and
the Internet, autonomous and spontaneous management will be a key feature
of future networks and information systems. In this context, security is an
essential property. It must be thought at the early stage of conception of
these systems and designed to be also autonomous and spontaneous.
Future networks and systems must be able to automatically configure
themselves with respect to their security policies. The security policy
specification must be dynamic and adapt itself to the changing environment.
Those networks and systems should interoperate securely when their
respective security policies are heterogeneous and possibly conflicting.
They must be able to autonomously evaluate the impact of an intrusion in
order to spontaneously select the appropriate and relevant response when a
given intrusion is detected. Autonomous and spontaneous security is a major
requirement of future networks and systems. Of course, it is crucial to
address this issue in different wireless and mobile technologies available
today such as RFID, Wifi, Wimax, 3G, etc. Other technologies such as ad hoc
and sensor networks, which introduce new type of services, also share
similar requirements for an autonomous and spontaneous management of
security. The SETOP Workshop seeks submissions that present research results on all
aspects related to spontaneous and autonomous security.
Topics of interest include, but are not limited to
the following:
- Security policy deployment
- Self evaluation of risk and impact
- Distributed intrusion detection
- Autonomous and spontaneous response
- Trust establishment
- Selfish behaviour and collaboration enforcement
- Security in autonomous networks
- Security in ad hoc networks
- Security in sensor/RFID networks
- Security of Next Generation Networks
- Security in Cloud Computing
- Security of Service Oriented Architecture
- Security of opportunistic networks
- Privacy in self-organized networks
- Secure localization
- Context aware and ubiquitous computing
- Secure interoperability and negotiation
- Self-organization in secure routing
- Identity management
- Modelling and validation of security
For more information, please see
http://www.infres.enst.fr/wp/setop2010/.
CRITIS 2010
5th International Workshop on Critical Information Infrastructure Security,
Athens, Greece, September 22-24, 2010.
[posted here 04/12/10]
Key sectors of modern economies depend highly on ICT. The information
flowing through the resulting technological super-infrastructure as
well as the information being processed by the complex computing systems
that underpin these are critical as their disruption, disturbance or loss
can lead to high economical, material and, sometimes, human loss. As a
consequence, the security and dependability of this infrastructure becomes
critical and its protection a major objective for governments, companies and
the research community. Now in its fifth edition, CRITIS will again bring
together researchers and professionals from academia, industry, and government
interested or involved in all security-related heterogeneous aspects of
Critical Information Infrastructures. We invite research papers,
work-in-progress reports, R&D projects results, surveying works and
industrial experiences describing significant security advances including
but not limited to the following areas:
- Continuity of Services
- Dependable Infrastructure Communications
- Early Warning Systems
- Embedded Technologies Security
- Incident Response
- Infrastructure Interdependencies
- Information Assurance
- Internet-Based Remote Control
- Forensic Techniques
- National and Cross Border Activities
- Network Survivability
- Trust Models in Critical Scenarios
- Policy Management
- Resilient Software
- Secure Information Sharing
- Security Logistics
- Security Modeling and Simulation
- Security Risks
- Threat Analysis
- Vulnerability Assessment
For more information, please see
http://www.critis.net.
NSPW 2010
New Security Paradigms Workshop,
Concord, MA, USA, September 21-23, 2010.
[posted here 04/19/10]
The New Security Paradigms Workshop (NSPW) is seeking papers that
address the current limitations of information security. Today's
security risks are diverse and plentiful -- botnets, database breaches,
phishing attacks, distributed denial-of-service attacks -- and yet
present tools for combating them are insufficient. To address these
limitations, NSPW welcomes unconventional, promising approaches to
important security problems and innovative critiques of current security
theory and practice. We are particularly interested in perspectives
from outside computer security, both from other areas of computer
science (such as operating systems, human-computer interaction, databases,
programming languages, algorithms) and other sciences that study
adversarial relationships such as biology and economics. We discourage
papers that offer incremental improvements to security and mature work
that is appropriate for standard information security venues.
To facilitate research interactions, NSPW features informal paper
presentations, extended discussions in small and large groups, shared
activities, and group meals, all in attractive surroundings. By
encouraging researchers to think "outside the box" and giving them
an opportunity to communicate with open-minded peers, NSPW seeks
to foster paradigm shifts in the field of information security.
For more information, please see
http://www.nspw.org/.
PRITS 2010
Workshop on Pattern Recognition for IT Security,
Held in conjunction with DAGM 2010,
Darmstadt, Germany, September 21, 2010.
[posted here 04/26/10]
Graphical data, such as images or video streams, are of growing
importance in several disciplines of IT security, ranging from
biometric authentication over digital image forensics to visual
passwords and CAPTCHAs. Consequently, methods of image analysis
and pattern recognition are increasingly used in security-critical
applications. The aim of the workshop is to bring together
researchers from the pattern recognition and security communities
in order to exchange latest research results.
Topics of interest include, but are not limited to:
- Novel biometric authentication techniques
- Novel information hiding paradigms
- Image authentication and robust hashing
- Digital Forensics
- Image and video analysis for security
- Visual Passwords
- CAPTCHAs
For more information, please see
http://www.dagm2010.org/ws_prits.html.
ADBIS 2010
14th East-European Conference on Advances in Databases and Information Systems,
Track on Personal Identifiable Information: Privacy, Ethics, and Security,
Novi Sad, September 20-24, 2010.
[posted here 02/15/10]
Breaches of personally identifiable information (PII) have increased
dramatically over the past few years and have resulted in the loss of
millions of records. Breaches of PII are hazardous to both individuals
and organizations. Individual harms may include identity theft,
embarrassment, or blackmail. Organizational harms may include a loss of
public trust, legal liability, or high costs to handle the breach
(USA National Institute of Standards and Technology, 2009). According
to U.S. Department of Health & Human Services, PII is "information in
an IT system or online collection: (1) that directly identifies an
individual…, or (2) by which an agency intends to identify specific
individuals in conjunction with other data elements, i.e., indirect
identification. EU directive 95/46/EC calls it "personal data."
For more information, please see
http://perun.im.ns.ac.yu/adbis2010/organization.php.
IFIP-TC9-HCC9 2010
IFIP TC-9 HCC-9 Stream on Privacy and Surveillance,
Held in conjunction with the IFIP World Computer Congress 2010,
Brisbane, Australia, September 20-23, 2010.
[posted here 12/28/09]
New technical and legal developments pose greater and greater privacy
dilemmas. Governments have in the recent years increasingly established
and legalised surveillance schemes in form of data retention, communication
interception or CCTVs for the reason of fighting terrorism or serious crimes.
Surveillance Monitoring of individuals is also a threat in the private
sector: Private organisations are for instance increasingly using profiling
and data mining techniques for targeted marketing, analysing customer
buying predictions or social sorting. Work place monitoring practices
allow surveillance of employees. Emerging pervasive computing technologies,
where individuals are usually unaware of a constant data collection and
processing in their surroundings, will even heighten the problem that
individuals are effectively losing control over their personal spheres.
At a global scale, Google Earth and other corporate virtual globes may
have dramatic consequences for the tracking and sorting of individuals.
With CCTV, the controlling power of surveillance is in few hands. With
live, high resolution imagery feeds from space in the near future,
massive surveillance may soon be available to everybody, a development
whose consequences we do not yet grasp. New means of surveillance are
also enabled by social networks, in which individuals are publishing
many intimate personal details about themselves and others. Such social
networks are today already frequently analysed by employers, marketing
industry, law enforcement or social engineering. The aim of this conference
stream is to discuss and analyse such privacy risks of surveillance for
humans and society as well as countermeasures for protecting the individuals’
rights to informational self-determination from multi-disciplinary perspectives.
We are therefore especially inviting the submissions of papers addressing privacy
aspects in relation to topics such as (but not limited to):
- Surveillance technologies
- Corporate virtual globes (Google Earth and Microsoft Virtual Earth)
- Profiling & data mining
- Ambient Intelligence, RFID
- GPS, Location-Based Services
- Social Network Analysis
- ID cards
- Biometrics
- Data sharing
- Visual surveillance
- Workplace monitoring
- Communication interception
- Data retention
- Anonymity & Pseudonymity
- Privacy-enhancing technologies
- Privacy-enhancing Identity Management
For more information, please see
http://www.wcc2010.org/migrated/HCC92010/HCC92010_cfp.html.
ESORICS 2010
15th European Symposium on Research in Computer Security,
Athens, Greece, September 20-22, 2010.
[posted here 10/12/09]
ESORICS is the annual European research event in Computer Security. The
Symposium started in 1990 and has been held in several European countries,
attracting a wide international audience from both the academic and industrial communities.
Papers offering novel research contributions in computer security are solicited for
submission to the Symposium. The primary focus is on original, high quality,
unpublished research and implementation experiences. We encourage submissions
of papers discussing industrial research and development.
Papers should focus on topics such as:
- Access Control
- Accountability
- Anonymity
- Applied Cryptography
- Attacks and Viral Software
- Authentication and Delegation
- Data Integrity
- Database Security
- Inference Control
- Identity Management
- Information Flow Control
- Intrusion Tolerance
- Formal Security Methods
- Language-based Security
- Network Security
- Privacy Enhancing Technologies
- Risk Analysis and Management
- Secure Electronic Voting
- Security Architectures
- Security Economics
- Security for Mobile Code
- Security for Dynamic Coalitions
- Security in Location Services
- Security in Social Networks
- Security Models
- Security Verification
- System Security
- Trust Models and Management
- Trust Theories
- Trustworthy User Devices
For more information, please see
http://www.esorics2010.org.
TrustBus 2010
7th International Conference on Trust, Privacy & Security in Digital Business,
Bilbao, Spain, August 30 – September 3, 2010.
[posted here 02/15/10]
The advances in the Information and Communication Technologies (ICT)
have raised new opportunities for the implementation of novel
applications and the provision of high quality services over global
networks. The aim is to utilize this ‘information society era’ for
improving the quality of life for all citizens, disseminating knowledge,
strengthening social cohesion, generating earnings and finally ensuring
that organizations and public bodies remain competitive in the global
electronic marketplace. Unfortunately, such a rapid technological
evolution cannot be problem free. Concerns are raised regarding
the ‘lack of trust’ in electronic procedures and the extent to
which ‘information security’ and ‘user privacy’ can be ensured.
The conference will provide an international forum for
researchers and practitioners to exchange information
regarding advancements in the state of the art and practice
of trust and privacy in digital business. We are interested
in papers, work-in-progress reports, and industrial experiences
describing advances in all areas of digital business applications
related to trust and privacy, including, but not limited to:
- Anonymity and pseudonymity in business transactions
- Business architectures and underlying infrastructures
- Common practice, legal and regulatory issues
- Cryptographic protocols
- Delivery technologies and scheduling protocols
- Design of businesses models with security requirements
- Economics of Information Systems Security
- Electronic cash, wallets and pay-per-view systems
- Enterprise management and consumer protection
- Identity and Trust Management
- Intellectual property and digital rights management
- Intrusion detection and information filtering
- Languages for description of services and contracts
- Management of privacy & confidentiality
- Models for access control and authentication
- Multimedia web services
- New cryptographic building-blocks for e-business applications
- Online transaction processing
- PKI & PMI
- Public administration, governmental services
- P2P transactions and scenarios
- Real-time Internet E-Services
- Reliability and security of content and data
- Reliable auction, e-procurement and negotiation technology
- Reputation in services provision
- Secure process integration and management
- Security and Privacy models for Pervasive Information Systems
- Security Policies
- Shopping, trading, and contract management tools
- Smartcard technology
- Transactional Models
- Trust and privacy issues in social networks environments
- Usability of security technologies and services
For more information, please see
http://www.isac.uma.es/trustbus10.
FAST 2010
7th International Workshop on Formal Aspects of Security & Trust,
Pisa, Italy, September 16-17, 2010.
[posted here 04/19/10]
The seventh International Workshop on Formal Aspects of Security and Trust
(FAST2010) aims at continuing the successful efforts of the previous FAST
workshops, fostering cooperation among researchers in the areas of
security and trust. FAST focuses on the formal models of security and
trust that are needed to state goals and policies for these interactions.
We also seek new and innovative techniques for establishing consequences
of these formal models. Implementation approaches for such techniques are
also welcome. Suggested submission topics include, but are not limited to:
- Formal models for security, trust and reputation
- Security protocol design and analysis
- Logics for security and trust
- Trust-based reasoning
- Distributed trust management systems
- Digital asset protection
- Data protection
- Privacy and ID management issues
- Information flow analysis
- Language-based security
- Security and trust aspects in ubiquitous computing
- Validation/Analysis tools
- Web/Grid services security/trust/privacy
- Security and risk assessment
- Resource and access control
- Case studies
For more information, please see
http://www.iit.cnr.it/FAST2010/.
RAID 2010
13th International Symposium on Recent Advances in Intrusion Detection,
Ottawa, Canada, September 15-17, 2010.
[posted here 2/8/10]
This symposium, the 13th in an annual series, brings together leading
researchers and practitioners from academia, government, and industry
to discuss issues and technologies related to intrusion detection and
defense. The Recent Advances in Intrusion Detection (RAID) International
Symposium series furthers advances in intrusion defense by promoting the
exchange of ideas in a broad range of topics. As in previous years, all
topics related to intrusion detection, prevention and defense systems
and technologies are within scope, including but not limited to the following:
- Network and host intrusion detection and prevention
- Anomaly and specification-based approaches
- IDS cooperation and event correlation
- Malware prevention, detection, analysis and containment
- Web application security
- Insider attack detection
- Intrusion response, tolerance, and self protection
- Operational experience and limitations of current approaches
- Intrusion detection assessment and benchmarking
- Attacks against IDS including DoS, evasion, and IDS discovery
- Formal models, analysis, and standards
- Deception systems and honeypots
- Vulnerability analysis, risk assessment, and forensics
- Adversarial machine learning for security
- Visualization techniques
- Special environments, including mobile and sensor networks
- High-performance intrusion detection
- Legal, social, and privacy issues
- Network exfiltration detection
- Botnet analysis, detection, and mitigation
For more information, please see
http://www.RAID2010.org.
MetriSec 2010
6th International Workshop on Security Measurements and Metrics,
Held in conjunction with the International Symposium on Empirical
Software Engineering and Measurement (ESEM 2010),
Bolzano-Bozen, Italy, September 15, 2010.
[posted here 02/15/10]
Quantitative assessment is a major stumbling block for software and
system security. Although some security metrics exist, they are rarely
adequate. The engineering importance of metrics is intuitive: you cannot
consistently improve what you cannot measure. Economics is an additional
driver for security metrics: customers are unlikely to pay a premium for
security if they are unable to quantify what they receive.
The goal of the workshop is to foster research into security measurements
and metrics and to continue building the community of individuals interested
in this field. This year, MetriSec continues its co-location with ESEM,
which offers an opportunity for the security metrics folks to meet the
metrics community at large. The organizers solicit original submissions
from industry and academic experts on the development and application of
repeatable, meaningful measurements in the fields of software and system
security. The topics of interest include, but are not limited to:
- Security metrics
- Security measurement and monitoring
- Development of predictive models
- Experimental validation of models
- Formal theories of security metrics
- Security quality assurance
- Empirical assessment of security architectures and solutions
- Mining data from attack and vulnerability repositories: e.g. CVE, CVSS
- Static analysis metrics
- Simulation and statistical analysis
- Security risk analysis
- Industrial experience
For more information, please see
http://www.cs.kuleuven.be/conference/MetriSec2010/.
VizSec 2010
7th International Symposium on Visualization for Cyber Security,
Ottawa, Ontario, Canada, September 14, 2010.
[posted here 03/01/10]
This symposium brings together researchers and practitioners in information
visualization and security to address the specific needs of the cyber security
community through new and insightful visualization techniques. VizSec will be
held in conjunction with the 13th International Symposium on Recent Advances
in Intrusion Detection (RAID) September 15 - 17, 2010. VizSec will continue to
provide opportunities for the two communities to collaborate and share insights
into providing solutions for security needs through visualization approaches.
For more information, please see
http://www.vizsec2010.org.
SCC 2010
2nd International Workshop on Security in Cloud Computing,
Held in Conjunction with ICPP 2010,
San Diego, California, USA, September 13–16, 2010.
[posted here 01/25/10]
Cloud Computing has generated interest from both industry and academia
since 2007. As an extension of Grid Computing and Distributed Computing,
Cloud Computing aims to provide users with flexible services in a
transparent manner. Services are allocated in a “cloud”, which is a
collection of devices and resources connected through the Internet.
Before this paradigm can be widely accepted, the security, privacy and
reliability provided by the services in the cloud must be well established.
SCC’2010 will bring researchers and experts together to present and discuss
the latest developments and technical solutions concerning various aspects
of security issues in Cloud Computing. SCC’2010 seeks original unpublished
papers focusing on theoretical analysis, emerging applications, novel
system architecture construction and design, experimental studies, and
social impacts of Cloud Computing. Both review/survey papers and technical
papers are expected. Topics of the conference include but
are not limited to:
- Emerging threats to cloud-based services
- Security models for new services
- Cloud-aware web service security
- Information hiding in Cloud Computing
- Securing distributed data storage in the cloud
- Privacy and security in Cloud Computing
- Forensics
- Robust network architecture
- Cloud Infrastructure Security
- Job deployment in the Cloud
- Intrusion detection/prevention
- Denial-of-Service (DoS) attacks and defense
- Robust job scheduling
- Secure resource allocation and indexing
- Secure payment for cloud-aware services
- User authentication in cloud-aware services
- Security for emerging cloud programming models
For more information, please see
http://bingweb.binghamton.edu/~ychen/SCC2010.htm.
SCN 2010
7th Conference on Security and Cryptography for Networks,
Amalfi, Italy, September 13-15, 2010.
[posted here 02/15/10]
Security and privacy are increasing concerns in computer networks such
as the Internet. The availability of fast, reliable, and cheap electronic
communication offers the opportunity to perform electronically and in a
distributed way a wide range of transactions of a most diverse nature.
The Seventh Conference on Security and Cryptography for Networks (SCN 2010)
aims at bringing together researchers in the field of cryptography and
security in communication networks to foster cooperation and exchange of ideas.
Original papers on all technical aspects of cryptography and security are
solicited for submission to SCN 2010.
Topics of interest are (but not limited to):
- Anonymity
- Implementations
- Authentication
- Symmetric-Key Cryptography
- Complexity-based Cryptography
- Privacy
- Cryptanalysis
- Cryptographic Protocols
- Digital Signatures
- Public-Key Cryptography
- Hash Functions
- Survey and State of the Art
- Identification
- Formal Methods in Security
- Information-Theoretic Security
For more information, please see
http://scn.dia.unisa.it/.
NeFX 2010
2nd Annual ACM Northeast Digital Forensics Exchange,
Washington, DC, USA, September 13-14, 2010.
[posted here 05/03/10]
Practitioners in digital forensics face many challenges and problems,
be they from law enforcement, the intelligence or government community,
or private practice. Criminal activity, system intrusions, and computer
misuse are endemic in today's networked world. Today's state-of-art digital
forensic technology on correlating large amount of often distributed digital
evidence, crime scene reconstruction, and eventually mapping them to physical
criminal scenario can only be best described as ad hoc and fragmented. We
have also seen that most criminal investigations have involved crime scenes
that co-exist in both cyberspace and physical worlds. There is an urgent
need to move the capabilities and foundation of digital forensics from an
ad hoc basis to one of science.
Digital forensics is an inherently complex cross-disciplinary field that
deals with complicated and potentially inconsistent issues/goals cutting
across technical, legal, and law enforcement domains. The ACM Northeast
Digital Forensics Exchange (NeFX), sponsored in part by the National
Science Foundation and the Army Research Office, is designed to foster
collaboration on digital forensics and information assurance between
federal and state law enforcement, academia, and industry. Our goal
is to bring together leading practitioners and academics in order to
yield partnerships that advance research on digital forensic science
through mutual sharing of the problems of practice and research. All
topic areas related to digital forensics are of interest and in scope,
which include, but are not limited to:
- Imaging/Monitoring
- Network Forensics
- Small-scale and Mobile Device Forensics
- Data Processing and Analytics
- Software Forensics and Malware Analysis
- File Carving and File System Analysis
- Anti-forensics Techniques
- Digital Forensics (from signal processing perspective)
- Evidence Modeling and Principles
- Live and Memory Analysis
- Multimedia Forensics
- Database, Web, and Cloud Computing System Forensics
- Digital Evidence Storage and Preservation
- Forensic tool Validation: Methodologies and Principles
- Cyber-crime Strategy Analysis & Modeling
- Advanced search, analysis, and presentation of digital evidence
- Courtroom expert witness and case presentation
- Case studies
- Legal and Sociological Issues
- Intelligence Issues in Forensics
For more information, please see
http://nefx.cs.georgetown.edu/.
SA&PS4CS 2010
1st International Workshop on Scientific Analysis and Policy Support
for Cyber Security,
Held in conjunction with the 5th International Conference on Mathematical
Methods, Models, and Architectures for Computer Networks Security (MMM-ACNS 2010),
St. Petersburg, Russia, September 9, 2010.
[posted here 01/12/10]
The workshop is dedicated to the methods of scientific analysis and
policy support for response to cyber intrusions and attacks.
The main topics of the SA&PS4CS’2010 are detection, discrimination, and
attribution of various activities of malefactors and response to cyber
intrusions and attacks including national level information operations
as well as identifying emergent cyber technologies supporting social
and political activity management and trans-national distributed
computing management.
For more information, please see
http://www.comsec.spb.ru/saps4cs10/.
SIN 2010
3rd International Conference on Security of Information and Networks,
Taganrog, Rostov-on-Don, Russia, September 7-11, 2010.
[posted here 01/11/10]
Papers addressing all aspects of security in information and networks are being sought.
Researchers working on the following and related subjects are especially encouraged:
realization of security schemes, new algorithms, experimenting with existing approaches;
secure information systems, especially distributed control and processing applications,
and security in networks; interoperability, service levels and quality issues in such
systems; information assurance, security, and public policy.
Topics of the conference include but are not limited to:
- Access control and intrusion detection
- Autonomous and adaptive security
- Cryptographic techniques and key management
- Information assurance
- Network security and protocols
- Security in information systems
- Security tools and development platforms
- Security ontology, models, protocols & policies
- Secure ontology-based systems
- Standards, guidelines and certification
- Security-aware software engineering
- Trust and privacy
For more information, please see
http://www.sinconf.org/sin2010/.
SECURECOMM 2010
6th International Conference on Security and Privacy in Communication Networks,
Singapore, September 7-10, 2010.
[posted here 10/26/09]
SecureComm’10 seeks high-quality research contributions in the form of well
developed papers. Topics of interest encompass research advances in
ALL areas of secure communications and networking. Topics in other
areas (e.g., formal methods, database security, secure software,
applied cryptography) will also be considered if a clear connection
to private or secure communications/networking is demonstrated.
For more information, please see
http://www.securecomm.org/.
MMM-ACNS 2010
5th International Conference on Mathematical Methods, Models, and
Architectures for Computer Networks Security,
St. Petersburg, Russia, September 6-9, 2010.
[posted here 01/12/10]
MMM-ACNS-2010 aims at bringing together leading researchers from academia and
governmental organizations as well as practitioners to advance the states
of the art and practice in the area of computer networks and information
security with a focus on novel theoretical aspects of computer network
security, facilitate personal interactions and discussions on various
aspects of information technologies in conjunction with computer network
and information security problems arising in large-scale computer networks.
MMM-ACNS-2010’s scope includes, but is not restricted to the
following areas:
- Adaptive security
- Anti-malware techniques: detection, analysis, prevention
- Anti-phishing, anti-spam, anti-fraud, anti-botnet techniques
- Authentication, Authorization and Access Control
- Computer and network forensics
- Covert channels
- Critical infrastructure protection
- Data and application security
- Data mining, machine learning, and bio-inspired approaches for security
- Deception systems and honeypots
- Denial-of-service attacks and countermeasures
- Digital Rights Management
- eCommerce, eBusiness and eGovernment security
- Formal analysis of security properties
- Information warfare
- Internet and web security
- Intrusion prevention, detection, and response
- Language-based security
- Network survivability
- New ideas and paradigms for security
- Operating system security
- Security and privacy in pervasive and ubiquitous computing
- Security event processing and predictive security monitoring
- Security for cloud computing
- Security for large-scale systems and critical infrastructures
- Security of emerging technologies: sensor, wireless/mobile,
peer-to-peer and overlay networks
- Security of autonomous agents and multi-agent systems
- Security modeling and simulation
- Security policies
- Security protocols
- Security verification
- Self-protecting and healing
- Software protection
- Trusted computing
- Trust and reputation management
- Vulnerability assessment, risk analysis and risk management
For more information, please see
http://comsec.spb.ru/mmm-acns10/.
NSS 2010
4th International Conference on Network and System Security,
Melbourne, Australia, September 1-3, 2010.
[posted here 03/29/10]
While the attack systems have become more easy-to-use, sophisticated, and powerful,
interest has greatly increased in the field of building more effective, intelligent,
adaptive, active and high performance defense systems which are distributed and
networked. We will focus our program on issues related to Network and System
Security, such as authentication, access control, availability, integrity,
privacy, confidentiality, dependability and sustainability of computer networks
and systems. The aim of this conference is to provide a leading edge forum to
foster interaction between researchers and developers with the network and
system security communities, and to give attendees an opportunity to interact
with experts in academia, industry and governments.
Topics of interest include, but are not limited to:
- Active Defense Systems
- Adaptive Defense Systems
- Benchmark, Analysis and Evaluation of Security Systems
- Biometric Security
- Distributed Access Control and Trust Management
- Distributed Attack Systems and Mechanisms
- Distributed Intrusion Detection/Prevention Systems
- Denial-of-Service Attacks and Countermeasures
- High Performance Security Systems
- Identity Management and Authentication
- Implementation, Deployment and Management of Security Systems
- Intelligent Defense Systems
- Internet and Network Forensics
- Key Distribution and Management
- Large-scale Attacks and Defense
- RFID Security and Privacy
- Security Architectures in Distributed Network Systems
- Security for Critical Infrastructures
- Security in P2P systems
- Security in Cloud and Grid Systems
- Security in E-Commerce
- Security and Privacy in Wireless Networks
- Secure Mobile Agents and Mobile Code
- Security Protocols
- Security Simulation and Tools
- Security Theory and Tools
- Standards and Assurance Methods
- Trusted Computing
- Viruses, Worms, and Other Malicious Code
- World Wide Web Security
For more information, please see
http://www.anss.org.au/nss2010.
FTDC 2010
7th Workshop on Fault Diagnosis and Tolerance in Cryptography,
Held in conjunction with the CHES 2010,
Santa Barbara, CA, USA, August 21, 2010.
[posted here 2/8/10]
In recent years applied cryptography has developed considerably, to
satisfy the increasing security requirements of various information
technology disciplines, e.g., telecommunications, networking, data
base systems and mobile applications. Cryptosystems are inherently
computationally complex and in order to satisfy the high throughput
requirements of many applications, they are often implemented by means
of either VLSI devices (crypto-accelerators) or highly optimised
software routines (crypto-libraries) and are used via suitable
(network) protocols. The high complexity of such implementations
raises concerns regarding
their reliability. Research is therefore needed to develop
methodologies and techniques for designing robust cryptographic
systems (both hardware and software), and to protect them against both
accidental faults and intentional intrusions and attacks, in
particular those based on the malicious injection of faults into the
device for the purpose of extracting the secret key. Contributions to
the workshop describing theoretical studies and
practical case studies of fault diagnosis and tolerance in
cryptographic systems (HW and SW) and protocols are solicited. Topics
of interest include, but are not limited to:
- modeling the reliability of cryptographic systems and protocols
- inherently reliable cryptographic systems and algorithms
- faults and fault models for cryptographic devices (HW and SW)
- reliability-based attack procedures on cryptographic systems
(fault-injection attacks) and protocols
- adapting classical fault diagnosis and tolerance techniques to
cryptographic systems
- novel fault diagnosis and tolerance techniques for cryptographic systems
- attacks exploiting micro-architecture components (cache, branch
predictor, etc.)
- physical protection against attacks
- fault injection based attacks using FIB laser and chemistry
- case studies of attacks, reliability and fault diagnosis and
tolerance techniques in cryptographic systems.
For more information, please see
http://conferenze.dei.polimi.it/FDTC10/.
PST 2010
8th International Conference on Privacy, Security and Trust,
Ottawa, Canada, August 17-19, 2010.
[posted here 12/14/09]
PST2010 provides a forum for researchers world-wide to unveil
their latest work in privacy, security and trust and to show how
this research can be used to enable innovation. This year’s theme is
“Privacy, Security and Trust by Design: PbD - The Gold Standard.”
With the growth and ubiquity of data in today’s hyper-networked world,
the need for trust has become more critical than ever. We need new
paradigms that seek to integrate and build privacy, security and
trustworthiness directly into technologies and systems from the
outset and by default. PST2010 will include an Industry Day followed
by two days of high-quality research papers whose topics include,
but are NOT limited to, the following:
- Privacy Preserving / Enhancing Technologies
- Trust Technologies, Technologies for Building Trust in e-Business Strategy
- Critical Infrastructure Protection
- Observations of PST in Practice, Society, Policy and Legislation
- Network and Wireless Security
- Digital Rights Management
- Operating Systems Security
- Identity and Trust management
- Intrusion Detection Technologies
- PST and Cloud Computing
- Secure Software Development and Architecture
- Human Computer Interaction and PST
- PST Challenges in e-Services
- Implications of, and Technologies for, Lawful Surveillance
- Network Enabled Operations
- Biometrics, National ID Cards, Identity Theft
- Advanced Training Tools - PST and Web Services / SOA
- Information Filtering, Data Mining & Knowledge from Data
- Privacy, Traceability, and Anonymity
- National Security and Public Safety
- Trust and Reputation in Self-Organizing Environments
- Security Metrics
- Anonymity and Privacy vs. Accountability
- Recommendation, Reputation and Delivery Technologies -
Access Control and Capability Delegation
- Continuous Authentication
- Representations and Formalizations of Trust in
Electronic and Physical Social Systems
For more information, please see
http://pstnet.unb.ca/pst2010.
USENIX-Security 2010
19th USENIX Security Symposium,
Washington, DC, USA, August 11–13, 2010.
[posted here 12/7/09]
The USENIX Security Symposium brings together researchers, practitioners,
system administrators, system programmers, and others interested in
the latest advances in the security of computer systems
and networks. All researchers are encouraged to submit papers covering
novel and scientifically significant practical works in security
or applied cryptography.
For more information, please see
http://www.usenix.org/events/sec10/cfp/.
HotSec 2010
5th USENIX Workshop on Hot Topics in Security,
Washington DC, USA, August 10, 2010.
[posted here 03/08/10]
While pragmatic and systems-oriented, HotSec takes a broad view of security
and privacy and encompasses research on topics including, but not limited to,
large-scale threats, network security, hardware security, software security,
programming languages, applied cryptography, anonymity, human-computer
interaction, sociology, and economics. We favor papers that propose new directions
of research, advocate non-traditional approaches, report on noteworthy experience
in an emerging area, or generate lively discussion around an important topic.
Papers in well-explored research areas are discouraged.
We expect that most accepted position papers will fall into one or more of the
following categories:
- Fundamentally new techniques, approaches, or perspectives for
dealing with current security problems
- New, major problems arising from new technologies that are
now being developed or deployed
- Truly surprising results that cause rethinking of previous approaches
For more information, please see
http://www.usenix.org/events/hotsec10/cfp/.
HealthSec 2010
1st USENIX Workshop on Health Security and Privacy,
Washington, DC, USA, August 10, 2010.
[posted here 12/7/09]
HealthSec '10 is intended as a forum for lively discussion of aggressively
innovative and potentially disruptive ideas on all aspects of medical
and health security and privacy. A fundamental goal of the workshop is
to promote cross-disciplinary interactions between fields, including,
but not limited to, technology, medicine, and policy. Surprising results
and thought-provoking ideas will be strongly favored; complete papers
with polished results in well-explored research areas are comparatively
discouraged. Workshop topics are solicited in all areas relating to
healthcare information security and privacy, including:
- Security and privacy models for healthcare information systems
- Industrial experiences in healthcare information systems
- Deployment of open systems for secure and private use of healthcare
information technology
- Security and privacy threats against and countermeasures for
existing and future medical devices
- Regulatory and policy issues of healthcare information systems
- Privacy of medical records
- Usability issues in healthcare information systems
- Threat models for healthcare information systems
For more information, please see
http://www.usenix.org/healthsec10/cfpa/.
LIS 2010
Workshop on Logics in Security,
Copenhagen, Denmark, August 9-13, 2010.
[posted here 03/15/10]
In the past two decades, a number of logics and formal frameworks have
been proposed to model and analyse interconnected systems from the
security point of view. Recently, the increasing need to cope with
distributed and complex scenarios forced researchers in formal security
to employ non-classical logics to reason about these systems.
The aim of this workshop is to bring together logicians and formal
security researchers to foster the cross-fertilization between these
two areas. Logicians have a lot to benefit from specifying and reasoning
about real-world scenarios as well as researchers in security can apply
recent advances in non-classical logics to improve their formalisms.
We are interested in logical and formal foundations of security to
the following topics:
- Language-based security
- Judgmental Analysis
- Automated Theorem Proving
- Term-Rewriting Systems
- Logical Programming
- Modal Logic
- Dynamic Logic
- Belief Revision
Applies to
- Access Control
- Privacy
- Protocol Verification
- Security Architectures
- Trust and Reputation Management
- Static Analysis of Programs
- Risk Management
- Policy Compliance
- Security in Multi-Agent System
- Formal Cryptography
For more information, please see
http://lis.gforge.uni.lu/index.html.
WOOT 2010
4th USENIX Workshop on Offensive Technologies,
Washington, DC, USA, August 9, 2010.
[posted here 05/24/10]
Computer security is unique among systems disciplines in that practical details
matter and concrete case studies keep the field grounded in practice.
WOOT provides a forum for high-quality, peer-reviewed papers discussing
tools and techniques for attack. Submission topics include:
- Vulnerability research (software auditing, reverse engineering)
- Penetration testing
- Exploit techniques and automation
- Network-based attacks (routing, DNS, IDS/IPS/firewall evasion)
- Reconnaissance (scanning, software, and hardware fingerprinting)
- Malware design and implementation (rootkits, viruses, bots, worms)
- Denial-of-service attacks
- Web and database security
- Weaknesses in deployed systems (VoIP, telephony, wireless, games)
- Practical cryptanalysis (hardware, DRM, etc.)
For more information, please see
http://www.usenix.org/woot10/cfpa/.
CSET 2010
3rd Workshop on Cyber Security Experimentation and Test,
Washington, DC, USA, August 9, 2010.
[posted here 03/29/10]
The workshop invites you to submit papers on the science, design, architecture,
construction, operation, and use of cyber security experiments in network
testbeds and infrastructures. Topics of interest include but are not limited to:
- Science of security/testbed experimentation
(Data and tools to achieve realistic experiment setup/scenarios,
Diagnosis of and methodologies for dealing with experimental artifacts,
Support for experimentation on a large scale (virtualization, federation, high fidelity scale-down),
Tools and methodologies to achieve, and metrics to measure,
correctness, repeatability, and sharing of experiments
- Testbeds and methodologies (Tools, methodologies, and infrastructure that support risky experimentation,
Support for experimentation in emerging security topics (cyber-physical systems, wireless, botnets, etc.),
Novel experimentation approaches (e.g., coupling of emulation and simulation),
Experience in designing or deploying secure testbeds,
Instrumentation and automation of experiments; their archiving, preservation, and visualization,
Fair sharing of testbed resources)
- Hands-on security education (Experiences teaching security classes that
use hands-on security experiments for homework, in-class demonstrations, or class projects,
Experiences from red team/blue team exercises)
For more information, please see
http://www.usenix.org/cset10/cfpa/.
SECRYPT 2010
5th International Conference on Security and Cryptography,
Athens, Greece, July 26-28, 2010.
[posted here 01/12/10]
SECRYPT is an annual international conference covering research in information
and communication security. The 5th International Conference on Security
and Cryptography will be held in Athens, Greece.
The conference seeks submissions from academia, industry, and government presenting
novel research on all theoretical and practical aspects of data protection,
privacy, applications security, and cryptography. Papers describing the
application of security technology, the implementation of systems, and
lessons learned are also encouraged. Areas of interest include, but are not limited to:
- Data and Application Security and Privacy
- Access Control and Intrusion Detection
- Network Security and Protocols
- Cryptographic Techniques and Key Management
- Information Assurance
- Security in Information Systems and Software Engineering
For more information, please see
http://www.secrypt.icete.org.
POLICY 2010
IEEE International Symposium on Policies for Distributed Systems and Networks,
Fairfax, Virginia, USA, July 21-23, 2010.
[posted here 01/11/10]
The symposium brings together researchers and practitioners working on policy-based
systems across a range of application areas including policy-based networking,
privacy and security management, storage area networking, and enterprise systems.
POLICY 2010 has grown out of a highly successful series of workshops and this is
recognized by the elevation of the event to an IEEE symposium.
POLICY 2010 invites novel contributions on all aspects of policy-based management.
Topics of interest include (but are not limited to):
- Privacy and Security
- Policy Models and Languages
- Policy Applications
For more information, please see
http://www.ieee-policy.org.
FCC 2010
6th Workshop on Formal and Computational Cryptography,
Edinburgh, UK, July 20, 2010.
[posted here 03/01/10]
Since the 1980s, two approaches have been developed for analyzing security protocols.
One of the approaches is based on a computational model that considers issues of
complexity and probability. Messages are modelled as bitstrings and security properties
are defined in a strong form, in essence guaranteeing security with high probability
against all polynomial time attacks. However, it is difficult to prove security of
large, complex protocols in this model. The other approach relies on a symbolic model of
protocol execution in which messages are modelled using a term algebra and cryptographic
primitives are treated as perfect black-boxes, e.g. the only way to decrypt a ciphertext
is to use the corresponding decryption key. This abstraction enables simpler and often
automated analyses of complex protocols. Since this model places strong constraints on
the attacker, a fundamental question is whether such an analysis implies the strong
security properties defined in the computational model. This workshop focuses on approaches
that combine and relate symbolic and computational protocol analysis. Over the last few years,
there has been a spate of research results in this area. One set of results establish
correspondence theorems between the two models, in effect showing that for a certain
class of protocols and properties, security in the symbolic model implies security in
the computational model. In other work, researchers use language-based techniques such as
process calculi, types, and logics to reason directly about the computational model.
Several projects also investigate ways of mechanizing computationally sound proofs of protocols.
The workshop seeks results in this area of computationally sound protocol analysis:
foundations and tools.
For more information, please see
http://research.microsoft.com/~fournet/fcc2010/.
SOUPS 2010
Symposium On Usable Privacy and Security,
Redmond, WA, USA, July 14-16, 2010.
[posted here 10/12/09]
The 2010 Symposium on Usable Privacy and Security (SOUPS) will bring
together an interdisciplinary group of researchers and practitioners
in human computer interaction, security, and privacy. We invite authors
to submit original papers describing research or experience in all
areas of usable privacy and security.
Topics include, but are not limited to:
- innovative security or privacy functionality and design
- new applications of existing models or technology
- field studies of security or privacy technology
- usability evaluations of new or existing security or privacy features
- security testing of new or existing usability features
- longitudinal studies of deployed security or privacy features
- the impact of organizational policy or procurement decisions
- lessons learned from the deployment and use of usable privacy and security features
For more information, please see
http://cups.cs.cmu.edu/SOUPS/.
FCS-PrivMod 2010
Workshop on Foundations of Security and Privacy,
Edinburgh, UK, July 14-15, 2010.
[posted here 03/29/10]
Formal foundations for computer security have emerged in recent years, including
the formal specification and analysis of security protocols, programming languages,
access control systems, and their applications. A particular aspect of security is
personal privacy, which may be threatened whenever users interact with services
and devices which are not directly under their control. From a user's point of
view, privacy is often seen as a part of security; but from a service provider's
point of view, privacy and security are often opposites that have to be balanced
with each other. FCS-PrivMod aims to bring together international researchers from
industry and academia in formal methods, computer security, and privacy, to develop
advances and new perspectives in security and privacy models and analysis.
Topics of interest include, but are not limited to:
- Automated reasoning
- Decidability & complexity
- Formal methods
- Foundations of verification
- Information flow analysis
- Language-based security
- Linkability & traceability
- Logic-based design
- Program transformation
- Security models
- Static analysis
- Statistical methods
- Tools
- Trust management
- Verification
For more information, please see
http://www.loria.fr/~cortier/FCS-PrivMod10/.
DIMVA 2010
7th Conference on Detection of Intrusions and Malware & Vulnerability Assessment,
Bonn, Germany, July 8-9, 2010.
[posted here 11/30/09]
The annual DIMVA conference serves as a premier forum for advancing
the state of the art in intrusion detection, malware detection, and
vulnerability assessment. DIMVA’s scope includes, but is not restricted
to the following areas:
Intrusion Detection
- Novel approaches & new environments
- Insider detection
- Prevention and response
- Data leakage
- Result correlation & cooperation
- Evasion attacks
- Potentials & limitations
- Operational experiences
- Privacy, legal & social aspects
Malware
- Automated analysis, reversing & execution tracing
- Containment & sandboxed operation
- Acquisition of specimen
- Infiltration
- Behavioral models
- Prevention & containment
- Trends & upcoming risks
- Forensics & recovery
- Economic aspects
Vulnerability Assessment
- Vulnerability detection & analysis
- Vulnerability prevention
- Web application security
- Fuzzing techniques
- Classification & evaluation
- Situational awareness
For more information, please see
http://www.dimva.org/dimva2010.
TSP 2010
3rd IEEE International Symposium on Trust, Security and Privacy for Emerging Applications,
Bradford, UK, June 29-July 1, 2010.
[posted here 11/23/09]
Satisfying user requirements for trust, security and privacy in an efficient
way is one of the first considerations for almost all emerging applications,
using emerging technologies such as pervasive computing, peer to peer
computing, grid computing, cloud computing, virtualization and, mobile
and wireless technologies. Challenges arise as emerging applications
evolve to provide more scalable and comprehensive services. One of
the biggest challenges is that traditional security technologies and
measures may not meet user requirements in open, dynamic, heterogeneous,
and distributed computing environments. Therefore, we need to build
networks and systems in which emerging applications allow users to enjoy
more scalable and comprehensive services while preserving trust, security
and privacy at the same time. TSP-10 aims at bringing together researchers and
practitioners in the world working on trust, security, privacy, and related
issues such as technical, social, and cultural implications for all emerging
devices, services, applications, networks, and systems, and providing a
forum for them to present and discuss emerging ideas and trends in this
highly challenging research area.
For more information, please see
http://trust.csu.edu.cn/conference/tsp2010/Call_for_Papers.htm.
SHPCS 2010
5th Workshop on Security and High Performance Computing Systems,
Held in conjunction with the 6th International Wireless Communications
and Mobile Computing Conference (IWCMC 2010),
Caen, Normandy, France, June 28 - July 2, 2010.
[posted here 12/28/09]
Providing high performance computing and security is a challenging task.
Internet, operating systems and distributed environments currently suffer
from poor security support and cannot resist common attacks. Adding
security measures typically degrade performance. This workshop addresses
relationships between security and high performance computing systems
in three directions. First, it considers how to add security properties
(authentication, confidentiality, integrity, non-repudiation, access
control) to high performance computing systems. In this case, safety properties can
also be addressed, such as availability and fault tolerance for high performance
computing systems. Second, it covers how to use high performance computing systems to solve
security problems. For instance, a grid computation can break an encryption code,
or a cluster can support high performance intrusion detection.
More generally, this topic addresses every efficient use of a high performance
computing systems to improve security. Third, it investigates the tradeoffs
between maintaining high performance and achieving security in computing systems
and solutions to balance the two objectives. In all these directions, various
performance analyses or monitoring techniques can be conducted to show the
efficiency of a security infrastructure. The workshop seeks submissions from academia
and industry presenting novel research on all theoretical and practical aspects of
computer and network security, as well as case studies and implementation experiences.
Papers should have practical relevance to the construction, evaluation, application,
or operation of secure systems. The Workshop topics include (but are not limited to)
the following:
- Access Control
- Accounting and Audit
- Anonymity
- Applied Cryptography
- Authentication
- Cloud Security
- Commercial and Industry Security
- Cryptographic Protocols
- Data and Application Security
- Data/System Integrity
- Database Security
- Digital Rights Management
- Formal Verification of Secure Systems
- Identity Management
- Inference/Controlled Disclosure
- Information Warfare
- Intellectual Property Protection
- Intrusion and Attack Detection
- Intrusion and Attack Response
- Key Management
- Privacy-Enhancing Technology
- Secure Networking
- Secure System Design
- Security Monitoring & Management
- Security for Mobile Code
- Security for Specific Domains (e.g., E-Government, E-Business, P2P)
- Security in IT Outsourcing
- Security in Mobile and Wireless Networks
- Security in Untrusted & Adversarial Environments and Systems
- Security in Operating Systems
- Security Location Services
- Security of Grid and Cluster Architectures
- Security Visualization
- Smartcards
- Trust Management Policies
- Trust Models
- Web Security
- Web Services Security
For more information, please see
http://leibniz.diiga.univpm.it/~spalazzi/caen/.
IH 2010
12th Information Hiding Conference,
Calgary, Alberta, Canada, June 28 - 30, 2010.
[posted here 01/11/10]
For many years, Information Hiding has captured the imagination of
researchers. Digital watermarking and steganography protect information, conceal
secrets or are used as core primitives in digital rights management schemes.
Steganalysis and forensics pose important challenges to investigators; and privacy
techniques try to hide relational information such as the actors' identities in anonymous
communication systems. These and other topic share the notion that security is defined
by the difficulty to make (or avoid) inference on certain properties of host data,
which therefore has to be well understood and modeled.
Current research themes include:
- Anonymity and privacy
- Covert/subliminal channels
- Digital rights management
- Fingerprinting and embedding codes
- Multimedia and document security
- Multimedia forensics and counter forensics
- Novel applications of information hiding
- Other data hiding domains (e.g. text, software, etc.)
- Security metrics for information hiding
- Steganography and steganalysis
- Theoretical aspects of information hiding and detection
- Watermarking (algorithms, security, attacks)
For more information, please see
http://ih2010.cpsc.ucalgary.ca.
ICDCS-SPCC 2010
1st International Workshop on Security and Privacy in Cloud Computing,
Held in conjunction with the IEEE International Conference on Distributed
Computing Systems (ICDCS 2010),
Genoa, Italy, June 25, 2010.
[posted here 01/12/10]
Cloud computing has recently emerged as a new information technology infrastructure.
In cloud computing, information is permanently stored in large data centers on
the Internet and temporarily accessed and cached on clients that include
desktops and portable PCs, sensors, etc. With the "cloud" as a metaphor for
the Internet, cloud computing promises to deliver massively scalable IT-enabled
data, software, and hardware capabilities as a service to external clients using
Internet technologies. Cloud computing has been envisioned as the key technology
to achieve economies of scale in the deployment and operation of IT solutions.
Cloud computing has unique attributes that raise many security and privacy
challenges in areas such as data security, recovery, and privacy, as well as
legal issues in areas such as regulatory compliance and auditing. In contrast
to traditional enterprise IT solutions, where the IT services are under proper
physical, logical and personnel controls, cloud computing moves the application
software and databases to the servers in large data centers on the Internet,
where the management of the data and services are not fully trustworthy. When
clients store their data on the server without themselves possessing a copy of it,
how the integrity of the data can be ensured if the server is not fully trustworthy?
Will encryption solve the data confidentiality problem of sensitive data? How
will encryption affect dynamic data operations such as query, insertion,
modification, and deletion? Data in the cloud is typically in a shared environment
alongside data from other clients. How the data segregation should be done, while
data are stored, executed, and transmitted? How the virtulized resources is
being managed and secured in the cloud? Due to the fundamental paradigm shift
in cloud computing, many security concerns have to be better understood,
unanticipated vulnerabilities identified, and viable solutions to critical
threats devised, before the wide deployment of cloud computing techniques
can take place. Topics of interests include (but are not limited to) the
following subject categories:
- Secure management of virtualized cloud resources
- Secure network architecture for cloud computing
- Joint security and privacy aware cloud protocol design
- Access control and key management
- Trust and policy management in clouds
- Identification and privacy in cloud
- Remote data integrity protection
- Secure computation outsourcing
- Dynamic data operation security
- Software and data segregation security
- Failure detection and prediction
- Secure data management within and across data centers
- Availability, recovery and auditing
- Secure wireless cloud
For more information, please see
http://www.ece.iit.edu/~ubisec/workshop.htm.
ACNS 2010
8th International Conference on Applied Cryptography and Network Security,
Beijing, China, June 22-25, 2010.
[posted here 9/13/09]
Original papers on all aspects of applied cryptography and network security
are solicited for submission to ACNS '10. Topics of relevance include but are
not limited to:
- Applied cryptography and provably-secure cryptographic protocols
- Design and analysis of efficient cryptographic primitives: public-key
and symmetric-key cryptosystems, block ciphers, and hash functions
- Network security protocols
- Techniques for anonymity; trade-offs between anonymity and utility
- Integrating security into the next-generation Internet: DNS security,
routing, naming, denial-of-service attacks, TCP/IP, secure multicast
- Economic fraud on the Internet: phishing, pharming, spam, and click fraud
- Email and web security
- Public key infrastructure, key management, certification, and revocation
- Security and privacy for emerging technologies: sensor networks, mobile
(ad hoc) networks, peer-to-peer networks, bluetooth, 802.11, RFID
- Trust metrics and robust trust inference in distributed systems
- Security and usability
- Intellectual property protection and digital rights management
- Modeling and protocol design for rational and malicious adversaries
- Automated analysis of protocols
For more information, please see
http://www.tcgchina.org/acns2010/.
OWASP-AppSec-Research 2010
OWASP AppSec Research 2010,
Stockholm, Sweden, June 21-24, 2010.
[posted here 12/14/09]
OWASP AppSec Research focuses on web application security and invites
both academia and industry. The conference features a full-paper research
track published by Springer-Verlag (LNCS) as well as industry talks and
demos. OWASP (the Open Web Application Security Project) is an open community
dedicated to enabling organizations to develop, purchase, and maintain
applications that can be trusted. We encourage the publication and presentation
of new tools, new methods, empirical data, novel ideas, and lessons
learned in the following areas:
- Web application security
- Security aspects of new/emerging web technologies/paradigms
(mashups, web 2.0, offline support, etc)
- Security in web services, REST, and service oriented architectures
- Security in cloud-based services
- Security of frameworks (Struts, Spring, ASP.Net MVC etc)
- New security features in platforms or languages
- Next-generation browser security
- Security for the mobile web
- Secure application development (methods, processes etc)
- Threat modeling of applications
- Vulnerability analysis (code review, pentest, static analysis etc)
- Countermeasures for application vulnerabilities
- Metrics for application security
- Application security awareness and education
For more information, please see
http://www.owasp.org/index.php/OWASP_AppSec_Research_2010_-_Stockholm,_Sweden.
Trust 2010
3rd International Conference on Trust and Trustworthy Computing,
Berlin, Germany, June 21-23, 2010.
[posted here 11/23/09]
Building on the success of Trust 2009 (held at Oxford, UK) and
Trust 2008 (Villach, Austria), this conference focuses on
trusted and trustworthy computing, both from the technical and
social perspectives. The conference itself will have two main strands,
one devoted to technical aspects and one devoted to the socio-economic
aspects of trusted computing. This call for papers is for contributions
to the technical strand - a separate call is issued for contributions
to the socio-economic strand of the conference.
The conference solicits original papers on any aspect of the design and
application of trusted and trustworthy computing, which concerns a broad
range of concepts including trustworthy infrastructures, services,
hardware, software and protocols. Topics of interest include, but
are not limited to:
- Architecture and implementation technologies for trusted
platforms and trustworthy infrastructures
- Mobile trusted computing
- Implementations of trusted computing (covering both hardware
and software)
- Applications of trusted computing
- Trustworthy infrastructures and services for cloud computing
- Attestation and possible variants (e.g., property-based
attestation, runtime attestation)
- Cryptographic aspects of trusted computing
- Security hardware, i.e., hardware with cryptographic and
security functions, including physically unclonable functions (PUFs)
- Hardware Trojans (detection, prevention)
- Intrusion resilience in trusted computing
- Virtualisation for trusted platforms
- Security policy and management of trusted computing
- Access control for trusted platforms
- Privacy aspects of trusted computing
- Verification of trusted computing architectures
- End-user interactions with trusted platforms
- Limitations of trusted computing
For more information, please see
http://www.trust2010.org/.
DBSec 2010
24th Annual IFIP WG 11.3 Working Conference on Data and Applications Security,
Rome, Italy, June 21-23, 2010.
[posted here 11/30/09]
DBSec is an annual international conference covering research in data and
applications security and privacy. The 24th Annual IFIP WG 11.3 Working
Conference on Data and Applications Security (DBSec 2010) will be held
in Rome, Italy. The conference seeks submissions from academia, industry,
and government presenting novel research on all theoretical and practical
aspects of data protection, privacy, and applications security. Topics of
interest include, but are not limited to:
- access control
- anonymity
- applied cryptography in data security
- authentication
- data and system integrity
- data protection
- database security
- digital rights management
- identity management
- intrusion detection
- knowledge discovery and privacy
- methodologies for data and application security
- network security
- organizational security
- privacy
- secure cloud computing
- secure distributed systems
- secure information integration
- secure Web services
- security and privacy in IT outsourcing
- security and privacy in location-based services
- security and privacy in P2P scenarios and social networks
- security and privacy in pervasive/ubiquitous computing
- security and privacy policies
- security management
- security metrics
- threats, vulnerabilities, and risk management
- trust and reputation systems
- trust management
- wireless and mobile security
For more information, please see
http://dbsec2010.dti.unimi.it.
IFIP-TM 2010
4th IFIP International Conference on Trust Management,
Morioka, Japan, June 16-18, 2010.
[posted here 7/27/09]
The mission of the IFIPTM 2010 Conference is to share research solutions
to problems of Trust and Trust management, including related Security and
Privacy issues, and to identify new issues and directions for future
research and development work. IFIPTM 2010 invites submissions presenting
novel research on all topics related to Trust, Security and Privacy, including
but not limited to those listed below:
- Trust models, formalization, specification, analysis and reasoning
- Reputation systems and architectures
- Engineering of trustworthy and secure software
- Ethics, sociology and psychology of trust
- Security management and usability issues including security configuration
- Trust management frameworks for secure collaborations
- Language security
- Security, trust and privacy for service oriented architectures and
composite applications
- Security, trust and privacy for software as a service (SaaS)
- Security, trust and privacy for Web 2.0 Mashups
- Security, privacy, and trust as a service
- Legal issues related to the management of trust
- Semantically-aware security management
- Adaptive security policy management
- Mobile security
- Anonymity and privacy vs. accountability
- Critical infrastructure protection, public safety and emergency management
- Privacy and identity management in e-services
- Biometrics, national ID cards, identity theft
- Robustness of trust and reputation systems
- Distributed trust and reputation management systems
- Human computer interaction aspects of privacy, security & trust
- Applications of trust and reputation management in e-services
- Trusted platforms and trustworthy systems
For more information, please see
http://www.ifip-tm2010.org/.
MIST 2010
2nd International Workshop on Managing Insider Security Threats,
Held in conjunction with IFIPTM 2010,
Morioka, Iwate, Japan, June 14-15, 2010.
[posted here 03/08/10]
During the past decades, information security developments have been mainly concerned
with preventing illegal attacks by outsiders, such as hacking, virus propagation, and
spyware. However, according to a recent Gartner Research Report, information leakage
caused by insiders who are legally authorized to have access to some corporate
information is increasing dramatically.
These leakages can cause significant damages such as weakening the competitiveness of
companies (and even countries). Information leakage caused by insiders occurs less
frequently than information leakage caused by outsiders, but the financial damage is
much greater. Countermeasures in terms of physical, managerial, and technical aspects
are necessary to construct an integral security management system to protect
companies' major information assets from unauthorized internal attackers.
The objective of this workshop is to showcase the most recent challenges and advances
in security technologies and management systems to prevent leakage of organizations'
information caused by insiders.
It may also include state-of-the-art surveys and case analyses of practical significance.
We expect that the workshop will be a trigger for further research and technology
improvements related to this important subject. Topics (include but are not limited to):
- Theoretical foundations and algorithms for addressing insider threats
- Insider threat assessment and modeling
- Security technologies to prevent, detect and avoid insider threats
- Validating the trustworthiness of staff
- Post-insider threat incident analysis
- Data breach modeling and mitigation techniques
- Registration, authentication and identification
- Certification and authorization
- Database security
- Device control system
- Digital forensic system
- Digital right management system
- Fraud detection
- Network access control system
- Intrusion detection
- Keyboard information security
- Information security governance
- Information security management systems
- Risk assessment and management
- Log collection and analysis
- Trust management
- IT compliance (audit)
- Continuous auditing
For more information, please see
http://isyou.hosting.paran.com/mist10/.
D-SPAN 2010
1st International Workshop on Data Security and PrivAcy in wireless Networks,
Held in conjunction with WoWMoM 2010, Montreal, QC, Canada, June 14, 2010.
[posted here 12/21/09]
This workshop is focused on defining new problems and developing novel techniques
for data security and privacy issues in wireless and mobile networks. With the
emergence of data-intensive wireless networks such as wireless sensor networks
and data-centric mobile applications such as location-based services, the
traditional boundaries between these three disciplines are blurring. This
workshop solicits papers from two main categories: (1) papers that consider
the security and privacy of data collection, transmission, storage, publishing,
and sharing in wireless networks broadly defined, e.g., MANET, cellular, vehicular,
ad hoc, cognitive, as well as sensor networks, and (2) papers that use data
analytics techniques to address security and privacy problems in wireless
networks. The workshop provides a venue for researchers to present new ideas
with impact on three communities – wireless networks, databases, and security.
The list of topics includes, but not limited to:
- Fundamental theory of a security network science
- Key exchange, distribution and management in wireless networks
- Location privacy in wireless networks
- Secure data collection and aggregation for wireless sensor networks
- Secure data collection in body-area networks
- Secure data processing in mobile ad-hoc networks (MANET)
- Secure query processing over wireless sensor networks
- Security and privacy of RFID systems
- Security and privacy for data streaming
- Security for cognitive radio networks
- Tradeoffs between Security and Communication Performance
For more information, please see
http://home.gwu.edu/~nzhang10/DSPAN2010/.
HOST 2010
IEEE International Symposium on Hardware-Oriented Security and Trust,
Anaheim, California, USA, June 13-14, 2010.
[posted here 12/7/09]
HOST covers security and trust issues in all types of electronic
devices and systems such as ASICs, COTS, FPGAs, microprocessors/DSPs,
and embedded systems. The mission of HOST is to provide a forum
for the presentation and discussion of research that is of critical
significance to the security of, and trust in, modern society's
microelectronic-supported infrastructures.
Papers and presentations that address any of the following "hot topics" are
of high interest to the symposium. Papers addressing HOST issues outside
of these areas will be considered equally relevant in the review process:
- Trojan Detection and Isolation
- Authenticating Foundry of Origin
- Side Channel Analysis/Attacks
- Watermarking
- FPGA Design Security
- Hardware focused Cryptography
- IC Metering
- Physical Unclonable Functions
- Embedded and Distributed Systems Security
- Hardware Intrusion Detection and Prevention
- Security Engineering
- Scan chain Encryption
For more information, please see
http://www.engr.uconn.edu/HOST/.
SACMAT 2010
15th ACM Symposium on Access Control Models and Technologies,
Pittsburgh, PA, USA, June 9-11, 2010.
[posted here 10/5/09]
Papers offering novel research contributions in all aspects of access
control are solicited for submission to the ACM Symposium on
Access Control Models and Technologies (SACMAT). The missions of the
symposium are to share novel access control solutions that fulfill
the needs of heterogeneous applications and environments and to
identify new directions for future research and development. SACMAT
gives researchers and practitioners a unique opportunity to share
their perspectives with others interested in the various aspects
of access control. Topic of Interest include:
- Access control models and extensions
- Access control requirements
- Access control design methodology
- Access control mechanisms, systems, and tools
- Access control in distributed and mobile systems
- Access control for innovative applications
- Administration of access control policies
- Delegation
- Identity management
- Policy/Role Engineering
- Safety analysis and enforcement
- Standards for access control
- Trust management
- Trust models
- Theoretical foundations for access control models
- Usage control
For more information, please see
http://www.sacmat.org/.
RFIDSec 2010
6th Workshop on RFID Security,
Istanbul, Turkey, June 8-10, 2010.
[posted here 11/23/09]
The workshop focuses on approaches to solve security and data-protection
issues in advanced contactless technologies like RFID. It stresses implementation
aspects imposed by resource constraints.
Topics of the conference include but are not limited to:
- New applications for secure RFID systems
- Data protection and privacy-enhancing techniques for RFID
- Cryptographic protocols for RFID (Authentication protocols, Key update mechanisms, Scalability issues)
- Integration of secure RFID systems (Middleware and security, Public-key infrastructures, Case studies)
- Resource-efficient implementation of cryptography (Small-footprint hardware, Low-power architectures)
- Attacks on RFID systems
- RFID security hardware e.g. RFID with PUF, RFID Trojans, …
For more information, please see
http://www.projectice.eu/rfidsec10/index.html.
CISSE 2010
14th Colloquium for Information Systems Security Education,
Baltimore, MD, USA, June 7-9, 2010.
[posted here 10/12/09]
This Colloquium, the fourteenth in an ongoing annual series, brings together leading
figures from academia, government, and industry to address the national need for
security and assurance of our information and communications infrastructure.
The Colloquium solicits participation from practitioners, students, educators,
and researchers. The topics areas should discuss course or lab development,
Information Assurance (IA) curricula, standards, best practices, existing or
emerging programs, trends, and future vision, as well as related issues.
This includes the following general topics:
- Assessment of need (e.g. how many information security workers/
researchers/ faculty are needed?)
- Integrating information assurance topics in existing graduate or
undergraduate curricula
- Experiences with course or laboratory development
- Alignment of curriculum with existing information assurance education
standards
- Emerging programs or centers in information assurance
- Best practices
- Vision for the future
- Tools, demonstrations, case studies, course modules, shareware, and worked
examples that participants (and others) can use to help educate
people in computer security.
For more information, please see
http://www.cisse.info.
WEIS 2010
9th Workshop on the Economics of Information Security,
Harvard University, Cambridge, MA, USA, June 7-8, 2010.
[posted here 11/9/09]
The Workshop on the Economics of Information Security (WEIS) is the leading
forum for interdisciplinary scholarship on information security, combining
expertise from the fields of economics, social science, business, law, policy
and computer science. Prior workshops have explored the role of incentives between
attackers and defenders, identified market failures dogging Internet security, and
assessed investments in cyber-defense. This workshop will build on past efforts using
empirical and analytic tools to not only understand threats, but also strengthen
security through novel evaluations of available solutions. How should information
risk be modeled given the constraints of rare incidence and high interdependence?
How do individuals’ and organizations’ perceptions of privacy and security color
their decision making? How can we move towards a more secure information
infrastructure and code base while accounting for the incentives of stakeholders?
We encourage economists, computer scientists, business school researchers, legal
scholars, security and privacy specialists, as well as industry experts to submit
their research and attend the workshop.
Suggested topics include (but are not limited to) empirical and theoretical studies of:
- Optimal investment in information security
- Online crime (including botnets, phishing and spam)
- Models and analysis of online crime
- Risk management and cyberinsurance
- Security standards and regulation
- Cybersecurity policy
- Privacy, confidentiality and anonymity
- Behavioral security and privacy
- Security models and metrics
- Psychology of risk and security
- Vulnerability discovery, disclosure, and patching
- Cyberwar strategy and game theory
- Incentives for information sharing and cooperation
For more information, please see
http://weis2010.econinfosec.org/cfp.html.
MOBISEC 2010
2nd International ICST Conference on Security and Privacy in
Mobile Information and Communication Systems,
Catania, Sicily, May 26-28, 2010.
[posted here 10/26/09]
The focus of MOBISEC 2010 is the convergence of information and
communication technology in mobile scenarios. This convergence
is realised in intelligent mobile devices, accompanied by the
advent of converged, and next-generation, communication networks.
As mobile communication and information processing becomes a
commodity, economy and society require protection of this precious
resource. Mobility and trust in networking go hand in hand for future
generations of users, who need privacy and security at all layers of technology.
MobiSec strives to bring together the leading-edge of academia and industry in
mobile systems security, as well as practitioners, standards developers
and policymakers. Topics of interest include, but are not limited to the
following focus areas, as applied to mobile ICT:
- Security architectures for next-generation, new-generation and
converged communication networks
- Trusted mobile devices, hardware security
- Network resilience
- Threat analyses for mobile systems
- Multi-hop authentication and trust
- Non-repudiation of communication
- Context-aware and data-centric security
- Protection and safety of distributed mobile data
- Mobile application security
- Security for voice and multimedia communication
- Machine-to-machine communication security
- Trust in autonomic and opportunistic communication
- Location based applications security and privacy
- Security for the networked home environment
- Security and privacy for mobile communities
- Mobile emergency communication, public safety
- Lawful interception and mandatory data retention
- Security of mobile agents and code
- Identity management
- Embedded security
For more information, please see
http://mobisec.org/.
SADFE 2010
5th International Workshop on Systematic Approaches to Digital Forensic Engineering,
Held in conjunction with the IEEE Symposium on Security and Privacy (SP 2010),
Oakland, CA, USA, May 20, 2010.
[posted here 11/23/09]
The SADFE (Systematic Approaches to Digital Forensic Engineering) Workshop
promotes systematic approaches to computer investigations, by furthering
the advancement of digital forensic engineering as a disciplined
science and practice. Most previous SADFE papers have emphasized cyber
crime investigations and digital forensics tools. While these
are still key topics of the meeting, we also welcome digital
forensics papers that do not necessarily involve either crime
or digital forensics tools. General attack analysis, the insider
threat, insurance and compliance investigations, similar forms
of retrospective analysis, and digital discovery are all viable
topics. Digital forensic engineering is the application of
scientific principles to the collection and analysis of digital
artifacts, either for use within the legal system or to aid in
understanding past events with the goal of improving computer
system security.
For more information, please see
http://conf.ncku.edu.tw/sadfe/sadfe10/.
SP 2010
31st IEEE Symposium on Security and Privacy,
The Claremont Resort, Oakland, CA, USA, May 16–19, 2010.
[posted here 7/13/09]
Since 1980, the IEEE Symposium on Security and Privacy has been the premier forum
for computer security research, presenting the latest developments and bringing
together researchers and practitioners. We solicit previously unpublished papers
offering novel research contributions in any aspect of computer security or privacy.
Papers may present advances in the theory, design, implementation, analysis, verification,
or empirical evaluation of secure systems. S&P is interested in all aspects of
computer security and privacy. Papers without a clear application to security
or privacy, however, will be considered out of scope and may be rejected without
full review.
*Systematization of Knowledge Papers*: In addition to the standard research papers,
we are also soliciting papers focused on systematization of knowledge. The goal of
this call is to encourage work that evaluates, systematizes, and contextualizes
existing knowledge. These papers will provide a high value to our community but
would otherwise not be accepted because they lack novel research contributions.
Suitable papers include survey papers that provide useful perspectives on major
research areas, papers that support or challenge long-held beliefs with compelling
evidence, or papers that provide an extensive and realistic evaluation of competing
approaches to solving specific problems. Submissions will be distinguished by a
checkbox on the submission form. They will be reviewed by the full PC and held
to the same standards as traditional research papers, except instead of emphasizing
novel research contributions the emphasis will be on value to the community.
Accepted papers will be presented at the symposium and included in the proceedings.
*Workshops*: The Symposium is also soliciting submissions for colocated workshops.
Workshop proposals should be sent by Friday, 21 August 2009 by email to
Carrie Gates (carrie.gates@ca.com). Workshops may be half-day or full-day in length.
Submissions should include the workshop title, a short description of the
topic of the workshop, and biographies of the organizers.
For more information, please see
http://oakland10.cs.virginia.edu/cfp.html.
LEET 2010
3rd USENIX Workshop on Large-Scale Exploits and Emergent Threats: Botnets, Spyware, Worms, and More,
Held in conjunction with the 7th USENIX Symposium on Networked Systems Design and Implementation (NSDI 2010),
San Jose, CA, USA, April 27, 2010.
[posted here 9/21/09]
LEET aims to provide a unique forum for the discussion of threats to the confidentiality
of our data, the integrity of digital transactions, and the dependability of the
technologies we increasingly rely on. We encourage submissions of papers that focus
on the malicious activities themselves (e.g., reconnaissance, exploitation, privilege
escalation, rootkit installation, attack), our responses as defenders (e.g., prevention,
detection, and mitigation), or the social, political, and economic goals driving these
malicious activities and the legal and ethical codes guiding our defensive responses.
Topics of interest include but are not limited to:
- Infection vectors for malware (worms, viruses, etc.)
- Botnets, command, and control channels
- Spyware
- Operational experience
- Forensics
- Click fraud
- Measurement studies
- New threats and related challenges
- Boutique and targeted malware
- Phishing
- Spam
- Underground markets
- Carding and identity theft
- Miscreant counterintelligence
- Denial-of-service attacks
- Hardware vulnerabilities
- Legal issues
- The arms race (rootkits, anti–anti-virus, etc.)
- New platforms (cellular networks, wireless networks, mobile devices)
- Camouflage and detection
- Reverse engineering
- Vulnerability markets and zero-day economics
- Online money laundering
- Understanding the enemy
- Data collection challenges
For more information, please see
http://www.usenix.org/events/leet10/cfp/.
CSIIRW 2010
Cyber Security and Information Intelligence Research Workshop,
Oak Ridge National Laboratory, Oak Ridge, Tennessee, USA, April 21-23, 2010.
[posted here 2/8/10]
Despite ubiquitous dependence on electronic information and on the
networked computing infrastructure, cyber security practice and policy
is largely heuristic, reactive, and increasingly cumbersome, struggling
to keep pace with rapidly evolving threats. Advancing beyond this
reactive posture will require a transformation in computing and
communication systems architecture and new capabilities that do not
merely solve today’s security problems, but render them obsolete.
The aim of this workshop is to discuss (and publish) novel theoretical
and empirical research focused on the many different aspects of
cyber security and information intelligence. The scope will vary
from methodologies and tools to systems and applications to more
precise definition of the various problems and impacts.
For more information, please see
http://www.csiir.ornl.gov/csiirw.
ICISA-Security 2010
International Conference on Information Science and Applications,
Security & Privacy Track,
Seoul, Korea, April 21-23, 2010.
[posted here 11/23/09]
The goal of this conference is to bring together researchers from academia and
practitioners from industry who are involved in Information Science and
Applications Issues as well as share ideas, problems, and solutions
related to those issues. This conference will provide a forum where
researchers will present recent research results, describe emerging
technologies and new research problems and directions related to
Information Science and Applications Issues. The conference seeks
contributions presenting novel research results in all aspects of
information and security and applications. Topics of interest may include
one or more of the following (but are not limited to) themes in the
Security and Privacy track are:
- Infrastructure Security
- Multimedia Security
- Software Security
- Privacy Masking
For more information, please see
http://global.kcis.kr/icisa2010/.
SMPE 2010
4th International Symposium on Security and Multimodality in Pervasive Environments,
Perth, Australia, April 20-23, 2010.
[posted here 10/26/09]
Pervasive computing environments (PE) present specific peculiarities with
respect to aspects like security and multimodality. As a matter of fact,
the accessibility level of a virtual environment can definitively be
improved by natural interfaces and multimodal interaction systems, which
offer users the freedom to select from multiple modes of interaction with
services and permit to break down barriers about human-computer interaction
making communication intuitive and spontaneous. On the other hand, while
enlarging and easing the ways to access to the environment, security threads
arise and the environment must be properly equipped in order to protect
itself from malicious attacks and/or from wrong actions performed by
inexpert users. Topics of Interest include:
- Trust and reputation management in PE
- Security applications and services in pervasive computing
- Security model for pervasive computing
- Intelligent multimedia security services in pervasive computing
- Key management and authentication in pervasive computing
- Network security issues and protocols in pervasive computing
- Access control and privacy protection in pervasive computing
- Security Standard for next pervasive computing
- Security in Human Centred Environments
- Natural interfaces security issues
- Advanced multimodal interfaces
- Human oriented interfaces
- Multimodal mobile and ubiquitous services
- Methods for multimodal integration
- Middleware services for multimodal and pervasive applications
- Context-Awareness in multimodal applications
- Multimodal analysis and recognition of contex
- Next ubiquitous and immersive environments
- Virtual reality and ubiquitous computing
- Usability and accessibility in ubiquitous applications
- Applications and scenarios
- Others: Commercial or Industrial Issue in pervasive computing
For more information, please see
http://www.ftrg.org/smpe2010.
ASIACCS 2010
5th ACM Symposium on Information, Computer and Communications Security,
Beijing, China, April 13-16, 2010.
[posted here 6/29/09]
ASIACCS is a major international forum for information security researchers,
practitioners, developers, and users to explore and exchange the latest cyber-security
ideas, breakthroughs, findings, techniques, tools, and experiences. We invite submissions
from academia, government, and industry presenting novel research on all theoretical and
practical aspects of computer and network security.
Topics of interest include, but are not limited to:
- anonymity
- access control
- secure networking
- accounting and audit
- key management
- intrusion detection
- authentication
- smartcards
- data and application security
- Malware and botnets
- privacy-enhancing technology
- software security
- inference/controlled disclosure
- intellectual-property protection
- digital-rights management
- trusted computing
- phishing and countermeasures
- commercial and industry security
- security management
- web security
- applied cryptography
- mobile-computing security
- cryptographic protocols
- data/system integrity
- information warfare
- formal methods for security
- identity management
- security in ubiquitous computing, e.g., RFIDs
- security and privacy for emerging technologies, e.g., VoIP,
peer-to-peer and overlay network systems, Web 2.0
For more information, please see
http://www.dacas.cn/asiaccs2010.
IDtrust 2010
9th Symposium on Identity and Trust on the Internet,
Gaithersburg, Maryland, USA, April 13-15, 2010.
[posted here 11/2/09]
IDtrust is looking for papers related to all parts of the public-key
mediated authentication and access control problem.
All software systems, from enterprise data centers to small businesses and
consumer-facing applications, must make access control decisions for protected
data. IDtrust is a venue for the discussion of the complete access control process
(authentication, authorization, provisioning and security decision workflow),
addressing questions such as: "What are the authorization strategies that
will succeed in the next decade?" "What technologies exist to address
complex requirements today?" "What research is academia and industry
pursuing to solve the problems likely to show up in the next few years?"
Identity as used here refers to not just the principal identifier,
but also to attributes and claims. Topics of interest include, but are not limited to:
- Analysis of existing identity management protocols and ceremonies
(SAML, Liberty, CardSpace, OpenID, and PKI-related protocols)
- Analysis or extension of identity metasystems, frameworks, and systems
(Shibboleth, Higgins, etc.)
- Design and analysis of new access control protocols and ceremonies
- Cloud/grid computing implications on authorization and authentication
- Assembly of requirements for access control protocols and ceremonies
involving strong identity establishment
- Reports of real-world experience with the use and deployment of identity and
trust applications for broad use on the Internet (where the population of
users is diverse) and within enterprises who use the Internet (where the
population of users may be more limited), how best to integrate such
usage into legacy systems, and future research directions. Reports
may include use cases, business case scenarios, requirements, best
practices, implementation and interoperability reports, usage experience, etc.
- User-centric identity, delegation, reputation
- Identity and Web 2.0, secure mash-ups, social networking, trust fabric
and mechanisms of “invited networks”
- Identity management of devices from RFID tags to cell phones;
Host Identity Protocol (HIP)
- Federated approaches to trust
- Standards related to identity and trust, including X.509,
S/MIME, PGP, SPKI/SDSI, XKMS, XACML, XRML, and XML signatures
- Intersection of policy-based systems, identity, and trust;
identity and trust policy enforcement, policy and attribute
mapping and standardization
- Attribute management, attribute-based access control
- Trust path building and certificate validation in open and closed environments
- Analysis and improvements to the usability of identity and trust
systems for users and administrators, including usability design for
authorization and policy management, naming, signing,
verification, encryption, use of multiple private keys, and selective disclosure
- Identity and privacy
- Levels of trust and assurance
- Trust infrastructure issues of scalability, performance,
adoption, discovery, and interoperability
- Use of PKI in emerging technologies (e.g., sensor networks,
disaggregated computers, etc.)
- Application domain requirements: web services, grid technologies,
document signatures, (including signature validity over time), data privacy, etc.
For more information, please see
http://middleware.internet2.edu/idtrust/2010/.
WISTP 2010
4th Workshop on Information Security Theory and Practice,
Passau, Germany, April 13-14, 2010.
[posted here 10/5/09]
The impact of pervasive and smart devices on our daily lives is ever
increasing, and the rapid technological development of information
technologies ensures that this impact is constantly changing. It is
imperative that these complex and resource constrained technologies
are not vulnerable to attack. This workshop will consider the full
impact of the use of pervasive and smart technologies on individuals,
and society at large, with regard to the security and privacy of the
systems that make use of them. The workshop seeks submissions from
academia and industry presenting
novel research on all theoretical and practical aspects of security
and privacy of pervasive systems and smart devices, as well as
experimental studies of fielded systems.
We encourage submissions that address the application of security
technology, the implementation of systems, and lessons learned. We
encourage submissions from other communities such as law and business
that present these communities' perspectives on technological issues.
Topics of interest include, but are not limited to:
- Access control
- Ad hoc networks security
- Anonymity
- Biometrics, national ID cards
- Data and application security and privacy
- Data protection
- Delay-tolerant network security
- Digital rights management (DRM) in pervasive environments
- Domestic network security
- Embedded systems security and TPMs
- Human and psychological aspects of security
- Human-computer interaction and human behavior impact for security
- Identity management
- Information assurance and trust management
- Interplay of TPMs and smart cards
- Intrusion detection and information filtering
- Mobile codes security
- Mobile commerce security
- Mobile devices security
- New applications for secure RFID systems
- Peer-to-peer security
- Privacy enhancing technologies
- RFID and NFC systems security
- Secure self-organization and self-configuration
- Security in location services
- Security issues in mobile and ubiquitous networks
- Security metrics
- Security models and architecture
- Security of GSM/GPRS/UMTS systems
- Security policies
- Security protocols
- Sensor networks security
- Smart card security
- Smart devices applications
- Vehicular network security
- Wireless communication security
- Wireless sensor node security
For more information, please see
http://www.wistp.org/.
EuroSec 2010
European Workshop on System Security,
Held in conjunction with the Annual ACM SIGOPS EuroSys conference,
Paris, France, April 13, 2010.
[posted here 11/30/09]
The workshop aims to bring together researchers, practitioners, system
administrators, system programmers, and others interested in the
latest advances in the security of computer systems and networks.
The focus of the workshop is on novel, practical, systems-oriented
work. EuroSec seeks contributions on all aspects of systems security.
Topics of interest include (but are not limited to):
- Operating systems security
- Web/network/distributed systems security
- New attacks and evasion techniques
- Hardware architectures
- Trusted computing and its applications
- Identity management, anonymity
- Small trusted computing bases
- Mobile systems security
- Measuring security
- Malicious code analysis and detection
- Systems-based forensics
- Systems work on fighting spam/phishing
For more information, please see
http://www.iseclab.org/eurosec-2010/.
AH 2010
1st ACM Augmented Human International Conference,
Megève ski resort, France, April 2-4, 2010.
[posted here 10/5/09]
The AH international conference focuses on scientific contributions towards
augmenting humans capabilities through technology for increased well-being
and enjoyable human experience. The topics of interest include, but are
not limited to:
- Augmented and Mixed Reality
- Internet of Things
- Augmented Sport
- Sensors and Hardware
- Wearable Computing
- Augmented Health
- Augmented Well-being
- Smart artifacts & Smart Textiles
- Augmented Tourism and Games
- Ubiquitous Computing
- Bionics and Biomechanics
- Training/Rehabilitation Technology
- Exoskeletons
- Brain Computer Interface
- Augmented Context-Awareness
- Augmented Fashion
- Safety, Ethics and Legal Aspects
- Security and Privacy Aspects
For more information, please see
http://www.augmented-human.com/.
SESOC 2010
International Workshop on SECurity and SOCial Networking,
Mannheim, Germany, March 29 - April 2 2010.
[posted here 7/27/09]
Future pervasive communication systems aim at supporting social and
collaborative communications: the evolving topologies are expected to
resemble the actual social networks of the communicating users and
information on their characteristics can be a powerful aid for any
network operation. New emerging technologies that use information on the
social characteristics of their participants raise entirely new privacy
concerns and require new reflections on security problems such as trust
establishment, cooperation enforcement or key management.
The aim of this workshop is to encompass research advances in all areas
of security, trust and privacy in pervasive communication systems,
integrating the social structure of the network as well.
Topics of interest include:
- new aspects of trust
- privacy concerns
- availability and resilience
- community based secure communication
- data confidentiality, data integrity
- anonymity, pseudonymity
- key management
- secure bootstrapping
- security issues in forwarding, routing
- security aspects regarding cooperation
- new reputation systems
- new attack paradigms
- new requirements for software security
- malware
For more information, please see
http://www.sesoc.org.
SAC-ISRA 2010
25th ACM Symposium on Applied Computing,
Information Security Research and Applications Track,
Sierre, Switzerland, March 22-26, 2010.
[posted here 6/8/09]
As society becomes more reliant on information systems, networks, and
mobile communication, we become more vulnerable to security incidents.
Our critical infrastructures for energy, communication, and transportation
are interconnected via the Internet, bringing with this the efficiencies and
economies of scale and the risk associated with open networks. It has turned out
that economic and societal interests go beyond technical security, as they also
relate to organizational and behavioral security facets. This track provides a
venue for holistic security issues related to detecting, mitigating and
preventing the threat of attacks against information and communication systems.
It brings together security researchers from the areas of computer science,
information systems and systems science who are otherwise spread over
multiple conferences. Papers that address improving the security of information
system- reliant organizations from threats through technical, organizational,
or behavioral change are encouraged. These may include simulation studies,
case-based research, empirical studies, and other applications of quantitative
and qualitative methods. Topics include, but are not limited to:
- Internet security
- Economics of information security
- Identifying modes of misuse
- Applications of access policies
- Analysis of known and unknown modes of attack
- Detecting and mitigating insider threats
- Modeling risks and approaches to mitigation
- Teaching and training security and business managers about information security
- Creating channels and techniques to share confidential information
- Modeling and theory building of security issues
- Insider threats
- Social and business security policy
- Intrusion detection/prevention
- Electronic commerce security and privacy
- Secure software development
- Electronic voting
- Security metrics
- Risk and fraud assessment
- Trust
- Process Control Systems / SCADA security
For more information, please see
http://www.albany.edu/~er945/CfP_SAC2010_ISRA.html.
SAC-SEC 2010
25th ACM Symposium on Applied Computing,
Computer Security Track,
Sierre, Switzerland, March 22-26, 2010.
[posted here 8/24/09]
The Security Track reaches its ninth edition this year, thus appearing among the
most established tracks in the Symposium. The list of issues remains vast, ranging
from protocols to workflows. Topics of interest include but are not limited to:
- software security (protocols, operating systems, etc.)
- hardware security (smartcards, biometric technologies, etc.)
- mobile security (properties for/from mobile agents, etc.)
- network security (anti-virus, anti-hacker, anti-DoS tools, firewalls,
real-time monitoring, etc.)
- alternatives to cryptography (steganography, etc.)
- security-specific software development practices (vulnerability testing,
fault-injection resilience, etc.)
- privacy and anonimity (trust management, pseudonimity, identity management, etc.)
- safety and dependability issues (reliability, survivability, etc.)
- cyberlaw and cybercrime (copyrights, trademarks, defamation, intellectual property, etc.)
- security management and usability issues (security configuration, policy management,
usability trials etc.)
- workflow and service security (business processes, web services, etc.)
For more information, please see
http://www.dmi.unict.it/~giamp/sac/10cfp.html.
SAC-TRECK 2010
25th ACM Symposium on Applied Computing,
Trust, Reputation, Evidence and other Collaboration Know-how Track (TRECK),
Sierre, Switzerland, March 22-26, 2010.
[posted here 5/25/09]
Computational models of trust and online reputation mechanisms have been gaining momentum.
The goal of the ACM SAC 2010 TRECK track remains to review the set of applications that
benefit from the use of computational trust and online reputation. Computational trust
has been used in reputation systems, risk management, collaborative filtering,
social/business networking services, dynamic coalitions, virtual organisations
and even combined with trusted computing hardware modules. The TRECK track
covers all computational trust/reputation applications, especially those
used in real-world applications. The topics of interest include,
but are not limited to:
- Recommender and reputation systems
- Trust management, reputation management and identity management
- Pervasive computational trust and use of context-awareness
- Mobile trust, context-aware trust
- Web 2.0 reputation and trust
- Trust-based collaborative applications
- Automated collaboration and trust negotiation
- Trade-off between privacy and trust
- Trust/risk-based security frameworks
- Combined computational trust and trusted computing
- Tangible guarantees given by formal models of trust and risk
- Trust metrics assessment and threat analysis
- Trust in peer-to-peer and open source systems
- Technical trust evaluation and certification
- Impacts of social networks on computational trust
- Evidence gathering and management
- Real-world applications, running prototypes and advanced simulations
- Applicability in large-scale, open and decentralised environments
- Legal and economic aspects related to the use of trust and reputation engines
- User-studies and user interfaces of computational trust and online reputation applications
For more information, please see
http://www.trustcomp.org/treck/.
SAC-CF 2010
25th ACM Symposium on Applied Computing,
Computer Forensics Track,
Sierre, Switzerland, March 22-26, 2010.
[posted here 5/25/09]
With the exponential growth of computer users, the number of criminal
activities that involves computers has increased tremendously. The
field of Computer Forensics has gained considerable attention in the
past few years. It is clear that in addition to law enforcement
agencies and legal personnel, the involvement of computer savvy
professionals is vital for any digital incident investigation.
Unfortunately, there are not many well-qualified computer crime
investigators available to meet this demand. An approach to solve this
problem is to develop state-of-the-art research and development tools for
practitioners in addition to creating awareness among computer users.
The primary goal of this track will be to provide a forum for researchers,
practitioners, and educators interested in Computer Forensics in order to
advance research and educational methods in this increasingly challenging
field. We expect that people from academia, industry, government, and
law enforcement will share their previously unpublished ideas on research,
education, and practice through this track. We solicit original, previously
unpublished papers in the following general (non-exhaustive) list of topics:
- Incident Response and Live Data Analysis
- Operating System and Application Analysis
- File System Analysis
- Network Evidence Collection
- Network Forensics
- Data Hiding and Recovery
- Digital Image Forensics
- Event Reconstruction and Tracking
- Forensics in Untrusted Environments
- Hardware Assisted Forensics
- Legal, Ethical and Privacy Issues
- Attributing Malicious Cyber Activity
- Design for Forensic Evaluation
- Visualization for Forensics
For more information, please see
http://comp.uark.edu/~bpanda/sac2010cfp.pdf.
WiSec 2010
3rd ACM Conference on Wireless Network Security,
Stevens Institute of Technology, Hoboken, NJ, USA, March 22-24, 2010.
[posted here 6/8/09]
As wireless networks become ubiquitous, their security gains in importance. The ACM Conference
on Wireless Network Security (WiSec) aims at exploring attacks on wireless networks as
well as techniques to thwart them. The considered networks encompass cellular,
metropolitan, local area, vehicular, ad hoc, satellite, underwater, cognitive radio,
and sensor networks, as well as RFID. Topics of interest include, but are not limited to:
- Naming and addressing vulnerabilities
- Key management in wireless/mobile environments
- Secure neighbor discovery / Secure localization
- Secure PHY and MAC protocols
- Trust establishment
- Intrusion detection, detection of malicious behavior
- Revocation of malicious parties
- Denial of service
- User privacy, location privacy
- Anonymity, prevention of traffic analysis
- Identity theft and phishing in mobile networks
- Charging
- Cooperation and prevention of non-cooperative behavior
- Economics of wireless security
- Vulnerability and attack modeling
- Incentive-aware secure protocol design
- Jamming/Anti-jamming communication
- Cross-layer design for security
- Monitoring and surveillance
- Cryptographic primitives for wireless communication
- Formal methods for wireless security
- Mobile platform and systems (OS and application) security
For more information, please see
http://www.sigsac.org/wisec/WiSec2010.
IFIP-CIP 2010
4th Annual IFIP WG 11.10 International Conference on
Critical Infrastructure Protection,
Fort McNair, Washington, DC, USA, March 14–17, 2010.
[posted here 7/13/09]
The IFIP Working Group 11.10 on Critical Infrastructure Protection is
an active international community of researchers, infrastructure operators and
policy-makers dedicated to applying scientific principles, engineering techniques and public policy
to address current and future problems in information infrastructure protection.
Following the success of the first three conferences, the Fourth Annual IFIP WG 11.10
International Conference on Critical Infrastructure Protection will again
provide a forum for presenting original, unpublished research results and innovative
ideas related to all aspects of critical infrastructure protection.
Papers are solicited in all areas of critical infrastructure protection.
Areas of interest include, but are not limited to:
- Infrastructure vulnerabilities, threats and risks
- Security challenges, solutions and implementation issues
- Infrastructure sector interdependencies and security implications
- Risk analysis and risk assessment methodologies
- Modeling and simulation of critical infrastructures
- Legal, economic and policy issues
- Secure information sharing
- Infrastructure protection case studies
- Distributed control systems/SCADA security
- Telecommunications network security
For more information, please see
http://www.ifip1110.org.
NDSS 2010
17th Annual Network & Distributed System Security Symposium,
San Diego, CA, USA, February 28 - March 3, 2010.
[posted here 5/4/09]
The Network and Distributed System Security Symposium fosters information exchange
among research scientists and practitioners of network and distributed system security
services. The target audience includes those interested in practical aspects of network
and distributed system security, with a focus on actual system design and implementation
(rather than theory). A major goal is to encourage and enable the Internet community to
apply, deploy, and advance the state of available security technology.
Submissions are solicited in, but not limited to, the following areas:
- Security of Web-based applications and services
- Anti-malware techniques: detection, analysis, and prevention
- Intrusion prevention, detection, and response
- Security for electronic voting
- Combating cyber-crime: anti-phishing, anti-spam, anti-fraud techniques
- Privacy and anonymity technologies
- Network perimeter controls: firewalls, packet filters, and application gateways
- Security for emerging technologies: sensor networks, wireless/mobile (and ad hoc)
networks, and personal communication systems
- Security for Vehicular Ad-hoc Networks (VANETs)
- Security for peer-to-peer and overlay network systems
- Security for electronic commerce: e.g., payment, barter, EDI,
notarization, timestamping, endorsement, and licensing
- Implementation, deployment and management of network security policies
- Intellectual property protection: protocols, implementations, metering,
watermarking, digital rights management
- Integrating security services with system and application security
facilities and protocols
- Public key infrastructures, key management, certification, and revocation
- Special problems and case studies: e.g., tradeoffs between security and efficiency,
usability, reliability and cost
- Security for collaborative applications: teleconferencing and video-conferencing
- Software hardening: e.g., detecting and defending against software bugs (overflows, etc.)
- Security for large-scale systems and critical infrastructures
- Integrating security in Internet protocols: routing, naming, network management
For more information, please see
http://www.isoc.org/isoc/conferences/ndss/10/cfp.shtml.
RFIDsec 2010
The 2010 Workshop on RFID Security,
Singapore, February 22-23, 2010.
[posted here 7/20/09]
RFIDSec aims to provide a major forum to address the fundamental
issues in theory and practice related to security and privacy issues, designs,
standards, and case studies in the development of RFID systems and
EPCglobal network. Papers representing original research in both the
theory and practice concerning RFID security are solicited.
Topics of interest include, but are not limited to:
- New applications for secure RFID systems
- Data protection and privacy-enhancing techniques for RFID
- Cryptographic protocols for RFID
- Authentication protocols
- Key update mechanisms
- Scalability issues
- Integration of secure RFID systems
- Middleware and security
- Public-key infrastructures
- Resource-efficient implementation of cryptography
- Small-footprint hardware
- Low-power architectures
- Attacks on RFID systems such as RFID malwares
- RFID security hardware such as RFID with PUF
- Trust model, data protection and sharing for EPCglobal Network
For more information, please see
http://rfidsec2010.i2r.a-star.edu.sg/.
TaPP 2010
2nd Workshop on the Theory and Practice of Provenance,
Held in conjunction with the 8th USENIX Conference on File and Storage Technologies (FAST 2010),
San Jose, CA, USA, February 22, 2010.
[posted here 9/13/09]
Provenance, or meta-information about computations, computer systems,
database queries, scientific workflows, and so on, is emerging as a
central issue in a number of disciplines. The TaPP workshop series
builds upon a set of workshops on Principles of Provenance organized in
2007-2009, which helped raise the profile of this area within
diverse research communities, such as databases, security, and
programming languages. We hope to attract serious cross-disciplinary,
foundational, and highly speculative research and to facilitate needed
interaction with the broader systems community and with industry.
We invite submissions addressing research problems involving provenance
in any area of computer science, including but not limited to:
- Databases (Data provenance and lineage, Uncertainty/probabilistic databases,
Curated databases, Data quality/integration/cleaning, Privacy/anonymity,
Data forensics)
- Programming languages and software engineering (Bi-directional,
adaptive, and self-adjusting computation, Traceability, Source code
management/version control/configuration management, Model-driven design and analysis)
- Systems and security (Provenance aware/versioned file systems,
Provenance and audit/integrity/information flow security,
Trusted computing,
Traces and reflective/adaptive/self-adjusting systems,
Digital libraries)
- Workflows/scientific computation (Efficient/incremental
recomputation, Scientific data exploration and visualization,
Workflow provenance querying, User interfaces)
For more information, please see
http://www.usenix.org/events/tapp10/cfp/.
SNDS 2010
18th Euromicro International Conference on Parallel, Distributed and network-based Processing,
Special Session on Security in Networked and Distributed Systems,
Pisa, Italy, February 17-19, 2010.
[posted here 8/3/09]
SNDS 2010 aims to bring together researchers and practitioners involved in
multiple disciplines concerning security in distributed systems to exchange
ideas and to learn the latest developments in this important field. We will
focus on issues related to network and distributed system security.
Previously unpublished papers offering novel research contributions to the theoretical
and practical aspects of security in distributed systems are solicited for submission.
Topics of interest include, but are not limited to:
- Adaptive security
- Applied cryptography
- Authentication, authorization and access control
- Computer and network forensics
- Data mining, machine learning, and bio-inspired approaches for security
- Deception systems and honeypots
- Denial-of-service attacks and countermeasures
- Digital rights management
- Embedded System Security
- Internet and web security
- Intrusion detection and prevention
- Malware
- Reputation based security
- Risk analysis and risk management
- Security and privacy in pervasive and ubiquitous computing
- Security evaluation
- Security for grid computing
- Security of emerging technologies (sensor, wireless, peer-to-peer
networks)
- Security modeling and simulation
- Security policies
- Security protocols
- Software security
- Survivability
- Tamper resistance
- Trust management
- Trusted computing
For more information, please see
http://www.comsec.spb.ru/SNDS10/.
SPattern 2010
4th International Workshop on Secure systems methodologies using patterns,
Held in conjunction with the 5th International Conference on
Availability, Reliability and Security (ARES 2010),
Krakow, Poland, February 15-18, 2010.
[posted here 8/24/09]
Security patterns have arrived to a stage where there are a significant
number of them, two books about them have been published, and industry is
starting to accept and use them. Analysis and design patterns have been around
for about ten years and have found practical use in many projects. They have been
incorporated into several software development methodologies where less
experienced developers can use them to receive the advice and knowledge of experts.
The situation is not so clear for security patterns because no accepted methodology
exists for their use.
Catalogs of security patterns are a good step, but they are not enough.
Building secure systems is a difficult process where security aspects are
interlaced with the satisfaction of functional requirements.
Developers are typically experts on a language or a development methodology but know
little about security, which results in them not knowing what security mechanisms make
sense at which moments. We need methodologies that guide a designer at each stage of
the development cycle. A few of them have appeared, but none of them has been tested
in production applications.
This workshop focuses on secure software methodologies. We seek papers describing individual
security patterns, new methodologies, new aspects of existing methodologies, pattern
languages to use in the methodologies, reference architectures, blueprints, and related aspects.
Experiences in applying the methodologies to real situations are especially welcome.
For more information, please see
http://www-ifs.uni-regensburg.de/spattern10/.
SecSE 2010
4th International Workshop on Secure Software Engineering,
Held in conjunction with the 5th International Conference on
Availability, Reliability and Security (ARES 2010),
Krakow, Poland, February 15-18, 2010.
[posted here 8/24/09]
Software is an integral part of everyday life, and we expect and depend upon
software systems to perform correctly. Software security is about ensuring that
systems continue to function correctly also under malicious attack. As most systems
now are web-enabled, the number of attackers with access to the system increases
dramatically and thus the threat scenario changes. The traditional approach to
secure a system includes putting up defence mechanisms like IDS and firewalls,
but such measures are no longer sufficient by themselves. We need to be able to
build better, more robust and more secure systems. Even more importantly, however,
we should strive to achieve these qualities in all software systems, not just the
ones that need special protection. This workshop will focus on techniques, experiences
and lessons learned for building secure and dependable software.
Suggested topics include, but are not limited to:
- Secure architecture and design
- Security in agile software development
- Aspect-oriented software development for secure software
- Security requirements
- Risk management in software projects
- Secure implementation
- Secure deployment
- Testing for security
- Quantitative measurement of security properties
- Static and dynamic analysis for security
- Verification and assurance techniques for security properties
- Lessons learned
- Security and usability
- Teaching secure software development
- Experience reports on successfully attuning developers to secure
software engineering
For more information, please see
http://www.sintef.org/secse.
COSADE 2010
1st Workshop on Constructive Side-channel analysis and Secure Design,
Darmstadt, Germany, February 4-5, 2010.
[posted here 10/12/09]
Side-channel analysis (SCA) has become an important field of research
at universities and in the industry. Of particular interest is constructive
side-channel analysis, as successful attacks support a target-oriented
associated design process. In order to enhance the side-channel resistance
of cryptographic implementations within the design phase, constructive SCA
may serve as a quality metric to optimize the design- and development
process. This workshop provides an international platform for researchers,
academics, and industry participants to present their work and their current
research topics. It is an excellent opportunity to meet experts and to initiate
new collaborations and information exchange at a professional level. The
workshop will feature both invited presentations and contributing talks.
The topics of COSADE 2010 include but are not limited to:
- Constructive side-channel attacks in general
- Stochastic approach in power analysis
- Interaction between side-channel analysis and design
- Advanced stochastic methods in side-channel analysis, especially
in power analysis and EM analysis
- Leakage models and security models for side-channel analysis in
the presence and absence of countermeasures
- Side-channel analysis under black-box assumption
- Evaluation methodologies for side-channel resistant designs,
acquisition and analysis
- Side-channel leakage assessment methodologies, models, and metrics
- SCA-aware design criteria and design techniques
- Verification methods and models for side-channel leakages within the design phase
- Methods, tools, and platforms for evaluation of side-channel characteristics of a design
- Criteria for the design flow of countermeasures
- HW / SW-acceleration for (constructive) SCA
- Leakage-resilient designs
- Countermeasures for HW / SW-Co-Design architectures
- Countermeasures against implementation attacks at algorithmic-,
logic-, register transfer- and physical level
- Countermeasures against side-channel attacks on FPGAs, HW / SW
Co-design architectures, SoC
- Countermeasures against attacks at the algorithmic-, logic-, register
transfer-, and physical levels
For more information, please see
http://cosade2010.cased.de/.
ESSoS 2010
2nd International Symposium on Engineering Secure Software and Systems,
Pisa, Italy, February 3-4, 2010.
[posted here 6/29/09]
The goal of this symposium is to bring together researchers and practitioners to advance
the states of the art and practice in secure software engineering. Being one of the
few conference-level events dedicated to this topic, it explicitly aims to bridge
the software engineering and security engineering communities, and promote cross-fertilization.
The symposium will feature two days of technical program as well as one day of tutorials.
The technical program includes an experience track for which the submission of highly
informative case studies describing (un)successful secure software project experiences
and lessons learned is explicitly encouraged.
Topics of interest include, but are not limited to:
- scalable techniques for threat modeling and analysis of vulnerabilities
- specification and management of security requirements and policies
- security architecture and design for software and systems
- model checking for security
- specification formalisms for security artifacts
- verification techniques for security properties
- systematic support for security best practices
- security testing
- security assurance cases
- programming paradigms, models and DLS's for security
- program rewriting techniques
- processes for the development of secure software and systems
- security-oriented software reconfiguration and evolution
- security measurement
- automated development
- trade-off between security and other non-functional requirements
- support for assurance, certification and accreditation
For more information, please see
http://distrinet.cs.kuleuven.be/events/essos2010.
WECSR 2010
Workshop on Ethics in Computer Security Research,
Held in conjunction with the 14th International Conference on Financial Cryptography and Data Security (FC 2010),
Tenerife, Canary Islands, Spain, January 28-29, 2010.
[posted here 8/24/09]
Computer security often leads to discovering interesting new problems and challenges. The challenge
still remains to follow a path acceptable for Institutional Review Boards at academic institutions,
as well as compatible with ethical guidelines for professional societies or government institutions.
However, no exact guidelines exist for computer security research yet. This workshop will bring
together computer security researchers, practitioners, policy makers, and legal experts.
This workshop solicits submissions describing or suggesting ethical and responsible conduct in
computer security research. While we focus on setting standards and sharing prior experiences
and experiments in computer security research, successful or not, we tap into research behavior
in network security, computer security, applied cryptography, privacy, anonymity, and
security economics. This workshop will favor discussions among participants, in order to
shape the future of ethical standards in the field.
For more information, please see
http://www.cs.stevens.edu/~spock/wecsr2010/.
RLCPS 2010
1st Workshop on Real-Life Cryptographic Protocols and Standardization,
Held in conjunction with the Financial Cryptography and Data Security (FC 2010),
Tenerife, Canary Islands, Spain, January 25-28, 2010.
[posted here 9/21/09]
As a fruit of modern cryptographic research, we have seen many cryptographic
primitives such as public-key encryption and digital signature algorithms
deployed in real life systems, and standardized in many international
organizations such as ISO, ITUT, IEEE, IETF, and many others. We have
also seen some cryptographic protocols as well, such as key distribution
and entity authentication, and some dedicated protocols for limited
purpose systems. This workshop aims to bring researchers and engineers
together to share their experiments regarding the design of cryptographic
primitives and protocols deployed in real life systems. These schemes may not
be published in current conferences due to the perceived lack of novelty of
their core design components. However, the process of designing the best
suitable protocol in the presence of hardware and software limitations in a
real life system is worth sharing. This workshop also aims to stimulate
discussions on standardizing cryptographic protocols.
For more information, please see
https://www.nec.co.jp/rd/en/event/RLCPS10.html.
WLC 2010
1st International Workshop on Lightweight Cryptography for Resource-Constrained Devices,
Held in conjunction with the Financial Cryptography and Data Security (FC 2010),
Tenerife, Canary Islands, Spain, January 25-28, 2010.
[posted here 9/21/09]
Lightweight devices like smart cards and RFID tags are at the core of novel
emerging technologies in the information society. These devices must be
cheap so as to permit their cost-effective massive manufacturing and deployment.
Unfortunately, their low-cost limits their computational power. Other devices, like
nodes of sensor networks suffer from an additional constraint, namely, their limited
battery life. Secure applications designed for these devices can not make use of
classical cryptographic primitives designed for full-fledged computers. In this
sense, research on low-cost cryptography is fundamental. This workshop aims to be a
forum for the presentation and discussion of current research on different topics
related to low-cost cryptography, from cipher design to implementation details.
This workshop focuses on (but is not limited to) the following topics:
- Smart cards
- RFID tags
- Sensor networks
- Lightweight public key cryptography
- Elliptic and hyperelliptic curves
- Lightweight block ciphers
- Stream ciphers
- Lightweight authentication protocols
- Business models requiring low-cost cryptography
For more information, please see
http://www.wlc2010.udl.cat/.
FC 2010
Financial Cryptography and Data Security,
Tenerife, Canary Islands, Spain, January 25-28, 2010.
[posted here 7/6/09]
Financial Cryptography and Data Security is a major international forum for
research, advanced development, education, exploration, and debate regarding
information assurance, with a specific focus on commercial contexts. The
conference covers all aspects of securing transactions and systems. Original
works focusing on both fundamental and applied real-world deployments
on all aspects surrounding commerce security are solicited.
Submissions need not be exclusively concerned with cryptography. Systems
security and inter-disciplinary efforts are particularly encouraged.
For more information, please see
http://fc10.ifca.ai/.
HICSS-DF 2010
43rd Hawaii International Conference on System Sciences,
Digital Forensics Minitrack,
Koloa, Kauai, Hawaii, January 5-8, 2010.
[posted here 5/11/09]
This is a call for "original" papers addressing the area of digital
forensics - to include research endeavors, industrial experiences and
pedagogy . This minitrack is attempting to bring together an international
collection of papers from academia, industry and law enforcement which
address current directions in digital forensics. Digital forensics
includes the use of software, computer science, software engineering,
and criminal justice procedures to explore and or investigate digital
media with the objective of finding evidence to support a criminal or
administrative case. It involves the preservation, identification,
extraction, and documentation of computer or network evidence. This
minitrack is interested in a wide variety of papers which address the
following areas as well as others:
- Pedagogical papers that describe digital forensics degree programs or
the teaching of digital forensics within other programs internationally.
- Papers that address a research agenda that considers practitioner requirements,
multiple investigative environments and emphasizes real world usability.
- Papers that present an experience report involving the discovery, explanation
and presentation of conclusive, persuasive evidence from digital forensics investigation.
- Papers that combine research and practice.
- Processes for the incorporation of rigorous scientific methods as a
fundamental tenant of the evolving science of Digital Forensics.
- Tools and techniques being developed through research activity.
For more information, please see
http://www.hicss.hawaii.edu/hicss_43/apahome43.html.
IFIP-DF 2010
6th Annual IFIP WG 11.9 International Conference on Digital Forensics,
University of Hong Kong, Hong Kong, January 3-6, 2010.
[posted here 2/2/09]
The IFIP Working Group 11.9 on Digital Forensics (www.ifip119.org) is an
active international community of scientists, engineers and practitioners dedicated
to advancing the state of the art of research and practice in the emerging field of
digital forensics. The Sixth Annual IFIP WG 11.9 International Conference on Digital
Forensics will provide a forum for presenting original, unpublished research results
and innovative ideas related to the extraction, analysis and preservation of
all forms of electronic evidence. Technical papers are solicited in all areas
related to the theory and practice of digital forensics. Areas of special interest
include, but are not limited to:
- Theories, techniques and tools for extracting, analyzing and preserving
digital evidence
- Network forensics
- Portable electronic device forensics
- Digital forensic processes and workflow models
- Digital forensic case studies
- Legal, ethical and policy issues related to digital forensics
For more information, please see
http://www.ifip119.org/Conferences/WG11-9-CFP-2010.pdf.
