Contents
CoSec 2011
3rd IEEE Workshop on Collaborative Security Technologies,
Bangalore, India, December 12, 2011.
[posted here 09/12/11]
The severity of attacks on networks and critical infrastructures are on
the rise over recent years and seem to continue to do so. Surprisingly
at times, many of the attacks can be individually simple yet highly
damaging due to their large-scale co-ordination and polymorphic replication
with continuous self-upgradation using a mix of peer-to-peer and
command-and-control architectures. Conventional approaches of
single-hosted security defensives are becoming increasingly less
effective in the face of such sophisticated and co-ordinated
multi-front attacks using bot-nets of compromised always-on,
always-connected computers. In contrast, a distributed defense
pattern shows promise both in terms of manageability, reduced
operating costs and architectural simplicity. This broad area of
defense using Collaborative Security technologies works on the
principles of sharing (1) information and knowledge for
accelerating detection of and response to new attacks and threats;
and (2) resources for increasing the efficiency and reducing resource
consumption. The 3rd International workshop on Collaborative Security
Technologies aims to bring to the forefront innovative approaches that
involve the use of collaborative methods for security and privacy.
The central theme of this workshop is to focus attention on the
collaborative and intelligent approaches towards design of security
systems so as to make them more robust and reliable.
For more information, please see
http://www.imsaa.org/.
WICT-NDF 2011
World Congress on Information and Communication Technologies,
Intrusion Detection and Forensics,
Mumbai, India, December 11-14, 2011.
[posted here 05/30/11]
Authors are invited to submit original papers containing cutting edge research, novel
research vision or work-in-progress in any area of intrusion detection and forensics.
All accepted papers will be published in the conference proceedings by IEEE.
The track will cover a wide range of topics. Topics of interest include but are not
limited to:
- Host and Network based approaches
- Anomaly and specification-based approaches
- Lightweight, data mining and soft computing approaches
- Hybrid Approaches to information discovery and intrusion detection
- Formal Models, Framework and Architectures
- Botnets and vulnerabilities
- Malware, Worm, Virus and Spyware
- Insider attack detection and investigation
- High Performance and Real-Time Environments, including
large-scale, high data volume/ high-Speed networks.
- Highly distributed and heterogeneous environments
- Embedded system and small scale environments
- Special environments, including wireless, mobile, sensor networks
and smart grid
- Virtual and Cloud Environments
- Social network analysis
- Deception systems and honeypots
- Incident response and live analysis
- Traceback and attribution
- Event reconstruction methods and tools
- Attacks against IDS, IDS protection and tolerance
- Anti-forensics and anti-anti-forensics
- Visualization Techniques
- Performance evaluation, metrics and benchmarking
- Commercial products and their directions
- Test Beds and Datasets
For more information, please see
http://www.mirlabs.org/wict11/index.php-c=main&a=show&id=34.htm.
CANS 2011
10th International Conference on Cryptology and Network Security,
Sanya, China, December 10-12, 2011.
[posted here 06/20/11]
TCANS 2011 welcomes research results on all aspects of applied cryptography
and network security. Although papers that blend these two areas are preferred,
results within applied cryptography or network security are also of interest.
Topics of interest include but are not limited to:
- Access Control
- Anonymity and Pseudonymity and Untraceability
- Authentication and Identification
- Biometrics
- Block and Stream Ciphers
- Cryptographic Algorithms, Protocols and Schemes
- Denial of Service: Attacks and Countermeasures
- Digital Rights Management
- Hash Functions
- Information Hiding and Watermarking
- Internet Security
- Intrusion Detection and Prevention
- Key management
- Peer-to-Peer Security
- Phishing, Spam and Fraud Countermeasures
- PKI-s, Identity and Trust Management
- Public-Key Cryptography
- Secure Hardware
- Security Modeling and Architectures
- Spyware Analysis and Detection
- Wireless, Ad Hoc, Mobile, Cellular and Sensor Network Security
For more information, please see
http://www.infosec.sdu.edu.cn/cans2011/cfp.html.
WPLS 2011
Workshop on Physical Layer Security,
Held in conjunction with the IEEE Globecom Conference 2011,
Houston, Texas, USA, December 9, 2011.
[posted here 06/07/11]
There has been a growing interest in recent times in using resources at the
Physical Layer for designing novel security techniques that compliment
existing cryptographic methods. Such solutions often exploit the unique
characteristics of wireless channels in defeating both active and passive
adversaries. The Physical–Layer Security Workshop aims to bring together
researchers working on various aspects of Physical layer security to
present their latest research activity.
Prospective Authors are encouraged to submit unpublished contributions in
physical-layer security including (but not limited to) the
following topics:
- Code design for wiretap channels
- Alignment and structured codes for wiretap channels
- Secrecy capacity of multipath, fading, MIMO channels
- Effects of channel state information on secure communications
- Cooperative secure communications
- Secret key agreement and distillation
- Secret key capacity of wireless channels
- Integration of physical-layer security into wireless systems
- Practical and implementation issues
- Game theoretic Models for PHY-Security
For more information, please see
http://www.comm.utoronto.ca/~akhisti/GlobecomWorkshop/.
ACSAC 2011
27th Annual Computer Security Applications Conference,
Orlando, Florida, USA, December 5-9, 2011.
[posted here 04/25/11]
ACSAC is an internationally recognized forum where practitioners,
researchers, and developers in information system security meet to learn
and to exchange practical ideas and experiences. If you are developing
practical solutions to problems relating to protecting commercial
enterprises' or countries' information infrastructures, consider
submitting your work to the Annual Computer Security Applications
Conference. We are especially interested in submissions that
address the application of security technology, the implementation
of systems, and lessons learned. Some example topics are:
- Access control
- Assurance
- Audit and audit reduction
- Biometrics
- Boundary control devices
- Certification and accreditation
- Database security
- Denial of service protection
- Distributed systems security
- Electronic commerce security
- Enterprise security management
- Forensics
- Identity management
- Incident response planning
- Insider threat protection
- Integrity
- Intellectual property rights protection
- Intrusion detection and prevention
- Malware
- Mobile and wireless security
- Multimedia security
- Network resiliency
- Operating systems security
- Peer-to-peer security
- Privacy and data protection
- Privilege management
- Product evaluation criteria and compliance
- Risk/vulnerability assessment
- Securing cloud infrastructures
- Security engineering and management
- Security in service oriented architectures
- Security usability
- Software security
- Supply chain risk management
- Trust management
- Virtualization security
- VoIP security
- Web 2.0/3.0 security
For more information, please see
http://www.acsac.org/.
WIFS 2011
IEEE Workshop on Information Forensics and Security,
Foz do Iguaçu, Brazil, November 29 – December 2, 2011.
[posted here 04/11/11]
The IEEE International Workshop on Information Forensics and Security
(WIFS) is the primary annual event organized by the IEEE’s Information
Forensics and Security Technical Committee (IEEE IFS TC). WIFS is a
venue for knowledge exchange that encompasses a broad range of
disciplines and facilitates the exchange of ideas between various
disparate communities that constitute information security. With
this focus, we hope that researchers will identify new opportunities
for collaboration across disciplines and gain new perspectives.
The conference will feature prominent keynote speakers, tutorials,
and lecture sessions. Appropriate topics of interest include,
but are not limited to:
- Computer security: intrusion detection, vulnerability analysis, cloud security
- Biometrics: emerging modalities, fuzzy extractors, attacks and countermeasures
- Cryptography for multimedia content: multimedia encryption, signal processing
in the encrypted domain, traitor tracing codes
- Data hiding: watermarking, steganography and steganalysis
- Content Protection: conditional access, digital rights management
(secure clocks, proximity detection, DRM architectures,
DRM interoperability)
- Hardware Security: Identification, PUFS, Anti-counterfeiting
- Forensics Analysis: device identification, data recovery, processing
history recovery, validation of forensic evidence
- Network Security: traffic monitoring, intrusion detection, incident
response, network tomography, surveillance and traceback
- Usable Security, and usability aspects of security
- Information Theoretical Security
- Privacy: legal, ethical, social, and economical issues, anonymity,
social network obfuscation
- (Video) Surveillance: arrays of sensors design and analysis, content
tracking, events recognition, large crowd behavior analysis
- Secure Applications: e-Voting, e-Commerce, IPTV, VOD, VoIP, Medical
For more information, please see
http://www.wifs11.org.
INTRUST 2011
International Conference on Trusted Systems,
Beijing, China, November 27-29, 2011.
[posted here 06/20/11]
Building on the success of INTRUST 2009 and INTRUST 2010 (both were held in
Beijing, P. R. China), this conference focuses on the theory, technologies
and applications of trusted systems. It is devoted to all aspects of trusted
computing systems, including trusted modules, platforms, networks, services
and applications, from their fundamental features and functionalities to
design principles, architecture and implementation technologies. The goal
of the conference is to bring academic and industrial researchers,
designers, and implementers together with end-users of trusted systems,
in order to foster the exchange of ideas in this challenging and fruitful
area. INTRUST 2011 solicits original papers on any aspect of the theory,
advanced development and applications of trusted computing, trustworthy
systems and general trust issues in modern computing systems. The
conference will have an academic track and an industrial track. This
call for papers is for contributions to both of the tracks. Submissions
to the academic track should emphasize theoretical and practical
research contributions to general trusted system technologies, while
submissions to the industrial track may focus on experiences in the
implementation and deployment of real-world systems.
Topics of relevance include but are not limited to:
- Fundamental features and functionalities of trusted systems
- Primitives and mechanisms for building a chain of trust
- Design principles and architectures of trusted modules and platforms
- Implementation technologies for trusted modules and platforms
- Cryptographic aspects of trusted systems, including cryptographic
algorithms and protocols, and their implementation and application in
trusted systems
- Scalable safe network operation in trusted systems
- Mobile trusted systems, such as trusted mobile platforms, sensor
networks, mobile (ad hoc) networks, peer-to-peer networks, Bluetooth, etc.
- Storage aspects for trusted systems
- Applications of trusted systems, e.g. trusted email, web services
and various e-commerce services
- Trustworthy infrastructures and services for cloud computing
- Trusted intellectual property protection: metering, watermarking,
digital rights management and enterprise rights management
- Software protection for trusted systems
- Hardware security for trusted systems
- Authentication and access control for trusted systems
- Key, identity and certificate management for trusted systems
- Privacy aspects for trusted systems
- Attestation aspects for trusted systems, including the measurement
and verification of the behaviour of trusted systems
- Standards organizations and their contributions to trusted
systems, such as TCG, ISO/IEC, IEEE 802.11, etc.
- Emerging technologies for trusted systems, such as RFID,
memory spots, smart cards, etc.
- Trust metrics and robust trust inference in distributed systems
- Usability and reliability aspects for trusted systems
- Trust modeling, economic analysis and protocol design for
rational and malicious adversaries
- Virtualisation for trusted systems
- Limitations of trusted systems
- Security analysis of trusted systems, including formal method
proofs, provable security and automated analysis
- Security policies for, and management of, trusted systems
- Intrusion resilience and revocation aspects for trusted systems
- Scalability aspects of trusted systems
- Compatibility aspects of trusted systems
- Experiences in building real-world trusted systems
- Socio-economic aspects of trusted systems
For more information, please see
http://www.onets.com.cn/intrust11.
TrustCom 2011
10th IEEE International Conference on
Trust, Security and Privacy in Computing and Communications,
Changsha, China, November 16-18, 2011.
[posted here 03/07/11]
With rapid development and increasing complexity of computer and
communications systems and networks, user requirements for trust,
security and privacy are becoming more and more demanding. However,
there is a grand challenge that traditional security technologies and
measures may not meet user requirements in open, dynamic,
heterogeneous, mobile, wireless, and distributed computing
environments. Therefore, we need to build systems and networks in
which various applications allow users to enjoy more comprehensive
services while preserving trust, security and privacy at the same
time. As useful and innovative technologies, trusted computing and
communications are attracting researchers with more and more attention.
IEEE TrustCom-11 is an international conference for presenting and
discussing emerging ideas and trends in trusted computing and
communications in computer systems and networks from both the
research community as well as the industry.
For more information, please see
http://trust.csu.edu.cn/conference/trustcom2011.
TSCloud 2011
1st IEEE International Workshop on Trust and Security in Cloud Computing,
Changsha, China, November 16, 2011.
[posted here 05/23/11]
The TSCloud workshop tries to bring together researchers with an interest in
theoretical foundations and practical approaches to trust and security in
cloud computing. The emphasis is on high-impact, novel/adopted theories
and paradigms that address mathematical and logical underpinnings in trust
and security in cloud computing, e.g. encryption, obfuscation,
virtualisation security, governance, accountability, etc. Topics of
interest include, but are not limited to:
- Malware detection in cloud computing
- Cryptography and encryption techniques for cloud computing
- Data obfuscation for cloud computing
- Accountability in cloud computing
- Security in virtualised environments
- Governance, regulation and compliance in cloud computing
- Data analytics for security in cloud computing
- Visualization for security in cloud computing
- Cloud computing threat detection techniques
- Trust in cloud services
- Trust reputation systems for cloud computing
- Reports on critical, real-life security and trust use cases in cloud computing
- Secure and trusted workflows in cloud computing
- Position papers on issues in security and trust in cloud computing
For more information, please see
http://tscloud.org.
IWSEC 2011
6th International Workshop on Security,
Tokyo, Japan, November 8-10, 2011.
[posted here 02/07/11]
Original papers on the research and development of various security topics
are solicited for submission to IWSEC 2011. Topics of interest for
IWSEC 2011 include but are not limited to:
- Foundations of Security
- Security in Networks and Ubiquitous Computing Systems
- Security in Real Life Applications
For more information, please see
http://www.iwsec.org/2011/index.html.
eCrime Researchers Summit 2011
6th IEEE eCrime Researchers Summit,
Held in conjunction with the 2011 APWG General Meeting,
San Diego, CA, USA, November 7-9, 2011.
[posted here 05/23/11]
eCRS 2011 will bring together academic researchers, security practitioners,
and law enforcement to discuss all aspects of electronic crime and ways to
combat it, Topics of interests include (but are not limited to):
- Phishing, rogue-AV, pharming, click-fraud, crimeware, extortion and
emerging attacks
- Technical, legal, political, social and psychological aspects of
fraud and fraud prevention
- Malware, botnets, ecriminal/phishing gangs and collaboration, or
money laundering
- Techniques to assess the risks and yields of attacks and the success
rates of countermeasures
- Delivery techniques, including spam, voice mail and rank
manipulation; and countermeasures
- Spoofing of different types, and applications to fraud
- Techniques to avoid detection, tracking and takedown; and ways to
block such techniques
- Honeypot design, data mining, and forensic aspects of fraud prevention
- Design and evaluation of user interfaces in the context of fraud and
network security
- Best practices related to digital forensics tools and techniques,
investigative procedures, and evidence acquisition, handling and
preservation
For more information, please see
http://ecrimeresearch.org.
Q2SWinet 2011
7th Symposium on QoS and Security for Wireless Mobile Networks,
Miami Beach, Florida, USA, October 31- November 4, 2011.
[posted here 04/11/11]
In recent years, wireless and mobile communication systems have become
increasingly popular as an inexpensive and promising means for ubiquitous
communications. In this scenario, the QoS provisioning and the management
of network security have become crucial tasks to determine the success of
future generation wireless mobile networks. Q2SWinet 2011 calls for
cutting-edge research achievements on the provisioning of QoS and Security
in wireless and mobile networks. Authors are encouraged to submit full papers
presenting new research related to theory or practice of all aspects of
Quality of Service and Security issues in mobile and wireless systems.
Topics include:
- Security in Wireless MANETs, VANETs, Sensor, Mesh and PCS Networks
- Secure PHY, MAC and Routing Protocols
- Secure Cooperation-Based Systems and Services
- Security for Cognitive Radio Networks
- Intrusion Detection in Wireless Ad hoc and Sensor Networks
- Privacy, anonymity and authentication
- Trust Establishment
- Cooperation and Prevention of Non-cooperative Behavior
- Incentive Aware Secure Protocol Design
- QoS for Wireless Multimedia Networks and Systems
- QoS for Wireless/Wired Hybrid Systems
- QoS support and Mobility Management in Wireless Internet
- QoS-Aware Routing for Wireless Networks
- QoS Metrics
- Wireless Network Survivability
- Wireless Systems Reliability
- Field operating tests, Performance Modeling and Simulation Techniques
- Real-time and QoS-aware Wireless Networks
For more information, please see
http://q2swinet2011.prism.uvsq.fr/.
SAFECONFIG 2011
4th Symposium on Configuration Analytics and Automation,
Arlington, VA, USA, October 31 - November 1, 2011.
[posted here 09/12/11]
A typical enterprise network might have hundreds of security appliances
such as firewalls, IPSec gateways, IDS/IPS, authentication servers,
authorization/RBAC servers and crypto systems. An enterprise network may
also have other non-security devices such as routers, name servers,
protocol gateways, etc. These must be logically integrated into a security
architecture satisfying security goals at and across multiple networks.
Logical integration is accomplished by consistently setting thousands
of configuration variables and rules on the devices. The configuration
must be constantly adapted to optimize protection and block prospective
attacks. The configuration must be tuned to balance security with
usability. These challenges are compounded by the deployment of mobile
devices and ad hoc networks. The resulting security configuration
complexity places a heavy burden on both regular users and experienced
administrators and dramatically reduces overall network assurability
and usability. This workshop will bring together academic as well as
industry researchers to exchange experiences, discuss challenges and
propose solutions for offering assurable and usable security.
For more information, please see
http://www.safeconfig.org/.
Nordsec 2011
16th Nordic Workshop on Secure IT-Systems,
Tallinn, Estonia, October 26-28, 2011.
[posted here 06/07/11]
The conference welcomes contributions in the form of papers, short papers,
and posters. Since 1996, the NordSec conferences have brought together
computer security researchers and practitioners from around the world, and
particularly from the Nordic countries and Northern Europe. The conference
focuses on applied IT security and is intended to encourage interaction
between academic and industrial research. Student papers and posters are
particularly encouraged. Submissions reporting industrial or governmental
experiences are also encouraged and will be given special consideration.
Contributions should reflect original research, developments, studies and
practical experience within all areas of IT security. With the theme "IT
Security in Governance", this year's conference will emphasize policies,
strategies and technologies related to the security and sustainability of
processes executed by heterogeneous organizations, departments or
organizational clusters of all sizes. NordSec 2011 also welcomes contributions
over a broad range of topics in IT security, including, but not limited to,
the following areas:
- Applied cryptography
- Commercial security policies and their enforcement
- Communication and network security
- Computer crime and information warfare
- Hardware and smart card applications
- Internet and web security
- Intrusion detection
- Language-based techniques for security
- New ideas and paradigms in security
- Operating system security
- Privacy and anonymity
- Security education and training
- Security evaluation and measurement
- Security management and audit
- Security modeling and metrics
- Access control and security models
- Security protocols
- Social engineering and phishing
- Security usability
- Economics, law and social aspects of security
- Software security and malware
- Trust and identity management
For more information, please see
http://nordsec2011.cyber.ee.
DSPSR 2011
1st IEEE/IFIP EUC Workshop on Data Management, Security and Privacy in
Sensor Networks and RFID,
Held in conjunction with the 9th IEEE/IFIP International Conference on
Embedded and Ubiquitous Computing (EUC 2011),
Melbourne, Australia, October 24-26, 2011.
[posted here 05/23/11]
As the real world deployment of wireless sensor networks and RFID systems becomes
increasingly common place, the issues of data management, security and privacy of
these systems need to be addressed. Sensor networks and RFID make possible innovative
applications in important areas such as healthcare, homeland security, early
warning systems, emergency response and other time and/or life critical situations.
These applications demand that the management of data, the security of these
systems from a network and application perspective as well as the privacy of
these systems from a user and data perspective are efficient and can be guaranteed.
Hence the main motivation for this workshop is to bring together researchers and
practitioners working on related areas in wireless sensor networks and RFID to
present current research advances. The aim of the workshop is to provide a
platform for the discussion of the major research challenges and achievements
on the following topics of interest but not limited to:
- Data Fusion and Aggregation
- Information discovery and query processing
- Network Scheduling
- Distributed Information Processing
- Remote reprogramming
- Intrusion detection and response
- Privacy preserving techniques
- Network Resilience and Recovery
- Vulnerability and Cryptanalysis
- Lightweight Cryptography for sensors and RFID
- Security Standards, Frameworks and Protocols
- Security in mobile sensor and RFID systems
- Trust management and related frameworks
- Security policy and management
- Key management techniques
- Security Issues in specific application contexts (e.g.,
healthcare, military, supply chains)
For more information, please see
http://www.deakin.edu.au/~rchell/DSPSR2011.html.
DRM 2011
11th ACM Workshop on Digital Rights Management,
Held in conjunction with the ACM CCS 2011,
Chicago, IL, USA, October 21, 2011.
[posted here 06/06/11]
The ACM Workshop on Digital Rights Management is an international
forum that serves as an interdisplinary bridge between areas that
can be applied to solving the problem of Intellectual Property
protection of digital content. These include: cryptography, software
and computer systems design, trusted computing, information and signal
processing, intellectual property law, policy-making, as well as
business analysis and economics. Its purpose is to bring together
researchers from the above fields for a full day of formal talks and
informal discussions, covering new results that will spur new
investigations regarding the foundations and practices of DRM.
Topics of interest include but are not limited to:
- Content identification including digital watermarking and fingerprinting
- Anonymous publishing
- Privacy and DRM
- Architectures for DRM systems
- Security issues, including authorization
- Supporting cryptographic technology including traitor tracing, broadcast
encryption
- Software tamper resistance, obfuscation, plagiarism detection
- Trusted computing, attestation, hardware support for DRM
- Usability aspects of DRM systems
- Attacks against DRM systems
- Web services related to DRM systems
- Implementations and case studies
- Regulatory authority for DRM, interoperability
- IP protection
- Business models for online content distribution, risk management
- Copyright-law issues, including but not limited to fair use
- Digital policy management
- DRM and consumer rights, labeling and competition law
For more information, please see
http://drm11.cased.de/.
CCSW 2011
ACM Cloud Computing Security Workshop,
Held in conjunction with the ACM CCS 2011,
Chicago, IL, USA, October 21, 2011.
[posted here 04/25/11]
Notwithstanding the latest buzzword (grid, cloud, utility computing,
SaaS, etc.), large-scale computing and cloud-like infrastructures are here
to stay. How exactly they will look like tomorrow is still for the
markets to decide, yet one thing is certain: clouds bring with them new
untested deployment and associated adversarial models and vulnerabilities.
CCSW aims to bring together researchers and practitioners in all security
aspects of cloud-centric and outsourced computing, including (but not
limited to):
- practical cryptographic protocols for cloud security
- secure cloud resource virtualization mechanisms
- secure data management outsourcing (e.g., database as a service)
- practical privacy and integrity mechanisms for outsourcing
- foundations of cloud-centric threat models
- secure computation outsourcing
- remote attestation mechanisms in clouds
- sandboxing and VM-based enforcements
- trust and policy management in clouds
- secure identity management mechanisms
- new cloud-aware web service security paradigms and mechanisms
- cloud-centric regulatory compliance issues and mechanisms
- business and security risk models and clouds
- cost and usability models and their interaction with security in clouds
- scalability of security in global-size clouds
- trusted computing technology and clouds
- binary analysis of software for remote attestation and cloud protection
- network security (DOS, IDS etc.) mechanisms for cloud contexts
- security for emerging cloud programming models
- energy/cost/efficiency of security in clouds
For more information, please see
http://crypto.cs.stonybrook.edu/ccsw11.
AISec 2011
4th Workshop on Artificial Intelligence and Security,
Held in conjunction with ACM CCS 2011,
Chicago, IL, USA, October 21, 2011.
[posted here 05/09/11]
We invite original research papers describing the use of AI or Machine
Learning in security and privacy problems. We also invite position
papers discussing the role of AI or Machine Learning in security
and privacy. Submitted papers may not substantially overlap papers
that have been published or that are simultaneously submitted to a
journal or conference with proceedings. Topics of interest include,
but are not limited to:
- Adversarial Learning
- Robust Statistics
- Online Learning
- Spam detection
- Botnet detection
- Intrusion detection
- Malware identification
- Privacy-preserving data mining
- Design and analysis of CAPTCHAs
- Phishing detection and prevention
- AI approaches to trust and reputation
- Vulnerability testing through intelligent probing (e.g. fuzzing)
- Content-driven security policy management & access control
- Techniques and methods for generating training and test sets
- Anomalous behavior detection (e.g. for the purposes of fraud
prevention, authentication)
For more information, please see
http://tsig.fujitsulabs.com/~aisec2011/.
InfoSecHiComNet 2011
International Conference on Security Aspects in Information Technology,
High-Performance Computing and Networking,
Haldia, Purba Medinipur, West Bengal, India, October 19-22, 2011.
[posted here 06/06/11]
The International Conference on Security Aspects in Information Technology,
High-Performance Computing and Networking (InfoSecHiComNet 2011) focuses
in disseminating the latest research results in all technical and practical
aspects of cryptography and security and the impact on security in the
developments of the related areas of high performance computing and
networks. It consists of the following three tracks: Cryptography,
Security Aspects in High-Performance Computing, and
Security Aspects in Networks. The conference solicits original technical
papers, not previously published and not currently under review for
publication elsewhere.
For more information, please see
http://infosechicomnet2011.hithaldia.in.
SecIoT 2011
2nd Workshop on the Security of the Internet of Things,
Held in conjunction with IEEE iThings 2011,
Dalian, China, October 19, 2011.
[posted here 05/23/11]
While there are many definitions of the Internet of Things (IoT), all of
them revolve around the same central concept: a world-wide network of
interconnected objects. These objects will make use of multiple
technological building blocks, such as wireless communication, sensors,
actuators, and RFID, in order to allow people and things to be connected
anytime anyplace, with anything and anyone. However, mainly due to the
inherent heterogeneity of this vision and its broad scope, there will not
be a single silver bullet security solution that will fulfill all the
security requirements of the IoT. Therefore: How we can include security
as a core element of the IoT? How the IoT will interact with other
security mechanisms of the Future Internet? What security requirements
will be truly challenged by the ultimate vision of the IoT? It is precisely
the goal of this workshop to bring together researchers and industry
experts in areas relevant to the security of the Internet of Things to
discuss these and other significant issues. Moreover, this workshop also
has the objective to serve as a forum for not only presenting cutting-edge
research, but also for debating the role of security and its practical
implications in the development of the IoT.
Topics of interest for the workshop include the following:
- New security problems in the context of the IoT
- Privacy risks and data management problems
- Identifying, authenticating, and authorizing entities
- Development of trust frameworks for secure collaboration
- New cryptographic primitives for constrained "things"
- Connecting heterogeneous ecosystems and technologies
- Legal Challenges and Governance Issues
- Resilience to external and internal attacks
- Context-Aware Security
- Providing protection to an IP-connected IoT
- Web services security and other application-layer issues
- Distributed policy enforcement and rights management
- Usability of Security and Privacy Technologies in the context of the IoT
For more information, please see
http://www.isac.uma.es/seciot11.
STC 2011
6th ACM Workshop on Scalable Trusted Computing,
Held in conjunction with the ACM CCS 2011,
Chicago, IL, USA, October 17, 2011.
[posted here 04/11/11]
Built on the continuous success of ACM STC 2006-2010, this workshop
focuses on fundamental technologies of trusted and high assurance
computing and its applications in large-scale systems with varying
degrees of trust. The workshop is intended to serve as a forum for
researchers as well as practitioners to disseminate and discuss
recent advances and emerging issues. The workshop
solicits two types of original papers that are single-column using
at least 11pt fonts. The length of the full-paper submissions is
at most 15 pages excluding bibliography, appendix etc. The total number
of pages should not be more than 20, whereas the reviewers are not
required to read the appendix. The length of
short/work-in-progress/position-paper submissions is at most 8 pages
excluding bibliography. A paper submitted to this workshop must
not be in parallel submission to any other journal, magazine,
conference or workshop with proceedings. It is up to the
authors to decide whether a submission should be anonymous.
Topics of interests include but not limited to:
- security policies and models of trusted computing
- architecture and implementation technologies for trusted platform
- limitations, alternatives and tradeoffs regarding trusted computing
- trusted computing in cloud and data center
- cloud-based attestation services
- trusted smartphone devices and systems
- trust in smart grid, energy, and Internet of Things
- trusted emerging and future Internet infrastructure
- trusted online social network
- trust in authentications, users and computing services
- hardware based trusted computing
- software based trusted computing
- pros and cons of hardware based approach
- remote attestation of trusted devices
- censorship-freeness in trusted computing
- cryptographic support in trusted computing
- case study in trusted computing
- principles for handling scales
- scalable trust supports and services in cloud
- trusted embedded computing and systems
- virtualization and trusted computing
For more information, please see
http://www.cs.utsa.edu/~acmstc/stc2011/.
WPES 2011
10th ACM Workshop on Privacy in the Electronic Society,
Held in conjunction with the ACM CCS 2011,
Chicago, IL, USA, October 17, 2011.
[posted here 05/23/11]
The need for privacy-aware policies, regulations, and techniques has been
widely recognized. This workshop discusses the problems of privacy in the
global interconnected societies and possible solutions.
The workshop seeks submissions from academia and industry presenting novel
research on all theoretical and practical aspects of electronic privacy,
as well as experimental studies of fielded systems.
We encourage submissions from other communities such as law and business
that present these communities' perspectives on technological issues.
Topics of interest include, but are not limited to:
- anonymity, pseudonymity, and unlinkability
- data correlation and leakage attacks
- data security and privacy
- electronic communication privacy
- economics of privacy
- information dissemination control
- personally identifiable information
- privacy-aware access control
- privacy and anonymity in the Web
- privacy in cloud and grid systems
- privacy and confidentiality management
- privacy and data mining
- privacy in the digital business
- privacy in the electronic records
- privacy enhancing technologies
- privacy in health care and public administration
- privacy and human rights
- privacy metrics
- privacy in mobile systems
- privacy in outsourced scenarios
- privacy policies
- privacy vs. security
- privacy in social networks
- privacy threats
- privacy and virtual identity
- public records and personal privacy
- user profiling
- wireless privacy
For more information, please see
http://wpes11.rutgers.edu/.
ACM-CCS 2011
18th ACM Conference on Computer and Communications Security,
Chicago, IL, USA, October 17-21, 2011.
[posted here 02/07/11]
The annual ACM Computer and Communications Security Conference is a
leading international forum for information security researchers,
practitioners, developers, and users to explore cutting-edge ideas
and results, and to exchange techniques, tools, and experiences.
The conference seeks submissions from academia, government, and
industry presenting novel research on all practical and theoretical
aspects of computer and communications security. Papers should
have relevance to the construction, evaluation, application, or
operation of secure systems. Theoretical papers must make a
convincing argument for the practical significance of the results.
All topic areas related to computer and communications security
are of interest and in scope. Accepted papers will be published by
ACM Press in the conference proceedings. Outstanding papers will
be invited for possible publication in a special issue of the
ACM Transactions on Information and System Security.
For more information, please see
http://www.sigsac.org/ccs/CCS2011/.
CRiSIS 2011
6th International Conference on Risks and Security of Internet and Systems,
Timisoara, Romania, September 26-28, 2011.
[posted here 02/07/11]
The topics addressed by CRiSIS range from the analysis of risks, attacks
to networks and system survivability, passing through security models,
security mechanisms and privacy enhancing technologies. Prospective
authors are invited to submit research results as well as practical
experiment or deployment reports. Industrial papers about
applications and case studies, such as telemedicine, banking,
e-government and critical infrastructure, are also welcome. The
list of topics includes but is not limited to:
- Analysis and management of risks
- Attacks and defences
- Attack data acquisition and network monitoring
- Cryptography, Biometrics, Watermarking
- Dependability and fault tolerance of Internet applications
- Distributed systems security
- Embedded system security
- Intrusion detection and Prevention systems
- Hardware-based security and Physical security
- Trust management
- Organizational, ethical and legal issues
- Privacy protection and anonymization
- Security and dependability of operating systems
- Security and safety of critical infrastructures
- Security and privacy of peer-to-peer system
- Security and privacy of wireless networks
- Security models and security policies
- Security of new generation networks, security of VoIP and multimedia
- Security of e-commerce, electronic voting and database systems
- Traceability, metrology and forensics
- Use of smartcards and personal devices for Internet applications
- Web security
For more information, please see
http://www.crisis-conference.org/.
MetriSec 2011
7th International Workshop on Security Measurements and Metrics,
Held in conjunction with the International Symposium on Empirical
Software Engineering and Measurement (ESEM 2011),
Banff, Alberta, Canada, September 21, 2011.
[posted here 03/07/11]
Quantitative assessment is a major stumbling block for software and system
security. Although some security metrics exist, they are rarely adequate.
The engineering importance of metrics is intuitive: you cannot consistently
improve what you cannot measure. Economics is an additional driver for
security metrics: customers are unlikely to pay a premium for security if they
are unable to quantify what they receive. The goal of the workshop is to foster
research into security measurements and metrics and to continue building the
community of individuals interested in this field. This year, MetriSec
continues its co-location with ESEM, which offers an opportunity for the
security metrics folks to meet the metrics community at large.
The organizers solicit original submissions from industry and academic experts
on the development and application of repeatable, meaningful measurements in
the fields of software and system security. The topics of interest include,
but are not limited to:
- Security metrics
- Security measurement and monitoring
- Development of predictive models
- Experimental validation of models
- Formal theories of security metrics
- Security quality assurance
- Empirical assessment of security architectures and solutions
- Mining data from attack and vulnerability repositories: e.g. CVE, CVSS
- Software security metrics
- Static analysis metrics
- Simulation and statistical analysis
- Security risk analysis
- Industrial experience
For more information, please see
http://metrisec2011.cs.nku.edu/.
RAID 2011
14th International Symposium on Recent Advances in Intrusion Detection,
Menlo Park, CA, USA, September 20-21, 2011.
[posted here 01/17/11]
This symposium, the 14th in an annual series, brings together leading
researchers and practitioners from academia, government, and industry to
discuss issues and technologies related to intrusion detection and defense.
The Recent Advances in Intrusion Detection (RAID) International Symposium
series furthers advances in intrusion defense by promoting the exchange of
ideas in a broad range of topics. As in previous years, all topics related
to intrusion detection, prevention and defense systems and technologies are
within scope, including but not limited to the following:
- Network and host intrusion detection and prevention
- Anomaly and specification-based approaches
- IDS cooperation and event correlation
- Malware prevention, detection, analysis, containment
- Web application security
- Insider attack detection
- Intrusion response, tolerance, and self-protection
- Operational experiences with current approaches
- Intrusion detection assessment and benchmarking
- Attacks against intrusion detection systems
- Formal models, analysis, and standards
- Deception systems and honeypots
- Vulnerability analysis and forensics
- Adversarial machine learning for security
- Visualization techniques
- High-performance intrusion detection
- Legal, social, and privacy issues
- Network exfiltration detection
- Botnet analysis, detection, and mitigation
- Cyber-physical systems
For more information, please see
http://raid2011.org.
SAFECOMP 2011
30th International Conference on Computer Safety, Reliability and Security,
Naples, Italy, September 19-21, 2011.
[posted here 11/8/10]
SAFECOMP is an annual event covering the state-of-the-art,
experience and trends in the areas of safety, security and
reliability of critical computer applications.
The 2011 Key theme is "Safety and security of computer-based systems and
infrastructures: from risk assessment to threat mitigation".
Papers are invited in application and industrial sectors as well as
research areas. Especially papers on industrial experience and practice are encouraged.
For more information, please see
http://www.safecomp2011.unina.it/.
DPM 2011
6th International Workshop on Data Privacy Management,
Held in conjunction with the European Symposium on Research in Computer
Security (ESORICS 2011),
Leuven, Belgium, September 15-16, 2011.
[posted here 05/23/11]
The aim of this workshop is to discuss and exchange the ideas related to
privacy data management. We invite papers from researchers and
practitioners working in privacy, security, trustworthy data systems
and related areas to submit their original papers in this workshop.
Topics of interest include, but are not limited to the following:
- Privacy Information Management
- Privacy Policy-based Infrastructures and Architectures
- Privacy-oriented Access Control Languages and Models
- Privacy in Trust Management
- Privacy Data Integration
- Privacy Risk Assessment and Assurance
- Privacy Services
- Privacy Policy Analysis
- Lightweight cryptography & Cryptanalysis
- Query Execution over Privacy Sensitive Data
- Privacy Preserving Data Mining
- Hippocratic and Water-marking Databases
- Privacy for Integrity-based Computing
- Privacy Monitoring and Auditing
- Privacy in Social Networks
- Privacy in Ambient Intelligence (AmI) Applications
- Individual Privacy vs. Corporate/National Security
- Code-based Cryptology
- Privacy in computer networks
- Privacy and RFIDs
- Privacy in sensor networks
For more information, please see
http://dpm2011.dyndns.org/.
TrustED 2011
1st International Workshop on Trustworthy Embedded Devices,
Leuven, Belgium, September 15-16, 2011.
[posted here 08/01/11]
This workshop targets selected aspects of cyber-physical systems. Of
particular interests are security aspects of smartphones and their
interfaces to other embedded devices. We aim at bringing together experts
from academia and research institutes, industry and government for discussing
and investigating problems, challenges and some recent scientific and
technological developments in this field. This includes (but is not
limited to) the following topics:
- Smartphone Security (e.g., OS, middleware, hardware)
- Physical Cryptographic and Security Primitives (e.g., PUFs, Signal Fingerprints)
- Hardware Entangled Security
- Embedded System Security (e.g., OS security, Attestation, Control Flow Integrity)
- IP Protection for Embedded Systems
- Distance Bounding
- Privacy Aspects of Embedded Systems (e.g., medical devices, electronic IDs)
- Attacks on Embedded Systems and Reverse Engineering
- Physical and logical convergence (e.g., secure and
privacy-preserving facility management
For more information, please see
http://trusted.trust.cased.de.
FAST 2011
8th International Workshop on Formal Aspects of Security & Trust,
Held in conjunction with the European Symposium on Research in Computer
Security (ESORICS 2011),
Leuven, Belgium, September 15-16, 2011.
[posted here 04/11/11]
The eighth International Workshop on Formal Aspects of Security and Trust
aims at continuing the successful efforts of the previous FAST workshops,
fostering cooperation among researchers in the areas of security and trust.
Computing and network infrastructures have become pervasive, and now support
a great deal of economic activity. Thus, society needs suitable security
and trust mechanisms. Interactions increasingly span several enterprises
and involve loosely structured communities of individuals. Participants in
these activities must control interactions with their partners based on
trust policies and business logic. Trust-based decisions effectively
determine the security goals for shared information and for access to
sensitive or valuable resources. FAST focuses on the formal models of
security and trust that are needed to state goals and policies for these
interactions. We also seek new and innovative techniques for establishing
consequences of these formal models. Implementation approaches for such
techniques are also welcome.
For more information, please see
http://www.iit.cnr.it/FAST2011/Unico.htm.
SETOP 2011
4th International Workshop on Autonomous and Spontaneous Security,
Held in conjunction with the European Symposium on Research in Computer
Security (ESORICS 2011),
Leuven, Belgium, September 15-16, 2011.
[posted here 05/23/11]
The SETOP Workshop seeks submissions that present research results on all
aspects related to spontaneous and autonomous security.
Topics of interest include, but are not limited to the following:
- Security policy deployment
- Self evaluation of risk and impact
- Distributed intrusion detection
- Cryptography & Cryptanalysis
- Autonomous and spontaneous response
- Trust establishment
- Lightweight cryptography
- Selfish behaviour and collaboration enforcement
- Security in autonomous networks
- Security in ad hoc networks
- Security in sensor/RFID networks
- Security of Next Generation Networks
- Security in Cloud Computing
- Security of Service Oriented Architecture
- Security of opportunistic networks
- Privacy in self-organized networks
- Secure localization
- Context aware and ubiquitous computing
- Secure interoperability and negotiation
- Self-organization in secure routing
- Identity management
- Modelling and validation of security
For more information, please see
http://setop2011.dyndns.org/.
EuroPKI 2011
8th European Workshop on Public Key Services, Applications and Infrastructures,
Held in conjunction with the European Symposium on Research in Computer Security (ESORICS 2011),
Leuven, Belgium, September 15-16, 2011.
[posted here 03/21/11]
EuroPKI is a successful series of workshops that started in 2004. For the
2011 edition, the scope will cover all research aspects of Public Key Services,
Applications and Infrastructures. In particular, we encourage also submissions
dealing with any innovative applications of public key cryptography. Submitted
papers may present theory, applications or practical experiences on topics
including, but not limited to:
- Anonymity and Privacy
- Architecture and Modeling
- Authentication
- Authorization and Delegation
- Case Studies
- Certificates Status
- Certification Policy and Practices
- Credentials
- Cross Certification
- Directories
- eCommerce/eGovernment
- Evaluation
- Fault-Tolerance and reliability
- Federations
- Group signatures
- ID-based schemes
- Identity Management and eID
- Implementations
- Interoperability
- Key Management
- Legal issues
- Long-time archiving
- Mobile PKI
- Multi-signatures
- Policies & Regulations
- Privacy
- Privilege Management
- Protocols
- Repositories
- Risk/attacks
- Standards
- Timestamping
- Trust management
- Trusted Computing
- Ubiquitous scenarios
- Usage Control
- Web services security
For more information, please see
http://www.cosic.esat.kuleuven.be/europki2011/.
NSPW 2011
New Security Paradigms Workshop,
Marin County, CA, USA, September 12-15, 2011.
[posted here 02/21/11]
The New Security Paradigms Workshop (NSPW) is seeking papers that address the
current limitations of information security. Today's security risks are
diverse and plentiful - botnets, database breaches, phishing attacks,
targeted cyber attacks - and yet present tools for combating them are
insufficient. To address these limitations, NSPW welcomes unconventional,
promising approaches to important security problems and innovative critiques
of current security theory and practice. We are particularly interested in
perspectives from outside computer security, both from other areas of computer
science (such as operating systems, human-computer interaction, databases,
programming languages, algorithms) and other sciences that study adversarial
relationships such as biology and economics. We discourage papers that offer
incremental improvements to security and mature work that is appropriate for
standard information security venues.
For more information, please see
http://www.nspw.org.
ESORICS 2011
16th European Symposium on Research in Computer Security,
Leuven, Belgium, September 12-14, 2011.
[posted here 01/17/11]
ESORICS is the annual European research event in Computer Security.
The Symposium started in 1990 and has been held in several European countries,
attracting a wide international audience from both the academic and
industrial communities. Papers offering novel research contributions
in computer security are solicited for submission to the Symposium. The
primary focus is on original, high quality, unpublished research and
implementation experiences. Submitted papers must not substantially overlap
with papers that have been published or that are simultaneously submitted to
a journal or a conference with proceedings. We encourage submissions of
papers discussing industrial research and development.
Suggested topics include but are not restricted to:
- Access Control
- Accountability
- Ad hoc Networks
- Anonymity
- Applied Cryptography
- Attacks and Viral Software
- Authentication and Delegation
- Biometrics
- Database Security
- Digital Content Protection
- Distributed Systems Security
- Electronic Payments
- Embedded Systems Security
- Inference Control
- Information Hiding
- Identity Management
- Information Flow Control
- Integrity
- Intrusion Detection
- Formal Security Methods
- Language-Based Security
- Network Security
- Phishing and Spam Prevention
- Privacy
- Risk Analysis and Management
- Secure Electronic Voting
- Security Architectures
- Security Economics
- Security and Privacy Policies
- Security for Mobile Code
- Security in Location Services
- Security in Social Networks
- Security Models
- Security Verification
- Software Security
- Steganography
- Systems Security
- Trust Models and Management
- Trustworthy User Devices
- Web Security
- Wireless Security
For more information, please see
https://www.cosic.esat.kuleuven.be/esorics2011/.
SecureComm 2011
7th International Conference on Network Security & Privacy,
London, United Kingdom, September 7-9, 2011.
[posted here 03/07/11]
SecureComm’11 seeks high-quality research contributions in the form of
well developed papers. Topics of interest encompass research advances
in ALL areas of secure communications and networking. Topics in
other areas (e.g., formal methods, database security, secure software,
applied cryptography) will also be considered if a clear connection to
private or secure communications/networking is demonstrated.
The aim of SecureComm is to bring together security and privacy experts
in academia, industry and government as well as practitioners,
standards developers and policy makers, in order to engage in a
discussion about common goals and explore important research directions
in the field. SecureComm also serves as a venue for learning about
state-of-the-art in security and privacy research, giving attendees the
opportunity to network with experts in the field. Topics include:
- Network Intrusion Detection and Prevention, Firewalls, Packet Filters
- Malware and botnets
- Communication Privacy and Anonymity
- Distributed denial of service
- Public Key Infrastructures, key management, credentials
- Web security
- Secure Routing, Naming/Addressing, Network Management
- Security & Privacy in Pervasive and Ubiquitous Computing, e.g., RFIDs
- Security & Privacy for emerging technologies: VoIP, peer-to-peer and overlay
network systems, Web 2.0
For more information, please see
http://www.securecomm.org.
IWSSC 2011
1st International Workshop on Securing Services on the Cloud,
Held in conjunction with the 5th International Conference on Network and
System Security (NSS 2011),
Milan, Italy, September 6-8, 2011.
[posted here 04/25/11]
The ongoing merge between Service-Oriented Architectures (SOAs) and the
Cloud computation paradigm provides a new environment fostering the
integration of services located within company boundaries with those
on the Cloud. An increasing number of organizations implement their
business processes and applications via runtime composition of services
made available on the Cloud by external suppliers. This scenario is
changing the traditional view of security introducing new service
security risks and threats, and requires re-thinking of current development,
testing, and verification methodologies. IWSSC 2011 aims to address the
security issues related to the deployment of services on the Cloud,
along with evaluating their impact on traditional security solutions
for software and network systems. The workshop seeks submissions from
academia and industry presenting novel research on all theoretical
and practical aspects of security of services implemented on the
Cloud, as well as experimental studies in Cloud infrastructures,
the implementation of services, and lessons learned. Topics of
interest include, but are not limited to:
- Security in Cloud services
- Software verification in critical services
- Static code analysis of software services
- Test-based verification of services
- Authentication and access control on the Cloud
- Challenges in moving critical systems to the Cloud
- Cybercrime and cyberterrorism on the Cloud
- Communication confidentiality and integrity
- Data security and privacy on the Cloud
- Formal methods for the Cloud
- Homeland security
- Information assurance and trust management
- Intrusion detection on the Cloud
- Model-based validation of services
- Orchestration and choreography
- RESTful service security
- SOAP security
- Security certification of services
- Security metrics on the Cloud
- Security models and architectures
- Security patterns for the Cloud
- Security protocols on the Cloud
For more information, please see
http://sesar.dti.unimi.it/iwssc2011.
NSS 2011
5th International Conference on Network and System Security,
Milan, Italy, September 6-8, 2011.
[posted here 02/21/11]
NSS is an annual international conference covering research in
network and system security. The 5th International Conference on
Network and System Security (NSS 2011) will be held in Milan, Italy.
The conference seeks submissions from academia, industry, and government
presenting novel research on all theoretical and practical aspects of
network security, privacy, applications security, and system security.
Papers describing case studies, implementation experiences, and lessons
learned are also encouraged. Topics of interest include, but are not
limited to:
- Active Defense Systems
- Adaptive Defense Systems
- Analysis, Benchmark of Security Systems
- Authentication
- Biometric Security
- Complex Systems Security
- Database and System Security
- Data Protection
- Data/System Integrity
- Distributed Access Control
- Distributed Attack Systems
- Denial-of-Service
- Electronic Communication Privacy
- High Performance Network Virtualization
- High Performance Security Systems
- Hardware Security
- Identity Management
- Intelligent Defense Systems
- Insider Threats
- Intellectual Property Rights Protection
- Internet and Network Forensics
- Intrusion Detection and Prevention
- Key Distribution and Management
- Large-Scale Attacks and Defense
- Malware
- Network Resiliency
- Network Security
- RFID Security and Privacy
- Security Architectures
- Security for Critical Infrastructures
- Security in P2P Systems
- Security in Cloud and Grid Systems
- Security in E-Commerce
- Security in Pervasive/Ubiquitous Computing
- Security and Privacy in Smart Grid
- Security and Privacy in Wireless Networks
- Secure Mobile Agents and Mobile Code
- Security Policy
- Security Protocols
- Security Simulation and Tools
- Security Theory and Tools
- Standards and Assurance Methods
- Trusted Computing
- Trust Management
- World Wide Web Security
For more information, please see
http://anss.org.au/nss2011.
EC2ND 2011
7th European Conference on Computer Network Defense,
Gothenburg, Sweden, September 6-7, 2011.
[posted here 04/11/11]
EC2ND invites submissions presenting novel ideas at an early stage
with the intention to act as a discussion forum and feedback channel
for promising, innovative security research. While our goal is to solicit
ideas that are not completely worked out, and might have challenging
and interesting open questions, we expect submissions to be supported
by some evidence of feasibility or preliminary quantitative results.
This year we are especially interested in papers concerning the
protection against attacks in "special environments" (such as the ICT
component of the smart grid) or protection against attacks that
could cause a large societal impact. Topics include but are
not limited to:
- Intrusion Detection
- Denial-of-Service
- Privacy Protection
- Security Policy
- Peer-to-Peer and Grid Security
- Network Monitoring
- Web Security
- Vulnerability Management and Tracking
- Network Forensics
- Wireless and Mobile Security
- Cryptography
- Network Discovery and Mapping
- Incident Response and Management
- Malicious Software
- Web Services Security
- Legal and Ethical Issues
For more information, please see
http://2011.ec2nd.org/.
PBD 2011
1st International Workshop on Privacy by Design,
Held in conjunction with the Sixth International Conference on Availability,
Reliability and Security (ARES 2011),
Vienna, Austria, August 22-26, 2011.
[posted here 02/21/11]
While data privacy was in the past mainly assured through procedures,
laws or static access control policies, these protection mechanisms
tend to be ineffective once data is ubiquitously available, outsourced
to partially untrusted servers or processed by third parties. In
addition, most current approaches towards achieving privacy - such as
anonymisation and aggregation - are either incompatible with the
increasing complexity of data usage or easy to compromise due to
advances in statistical analysis and availability of side-information.
Recent research tries to provide technical solutions in order to
minimize the exposure of sensitive data while still allowing data-driven
business models. For example, cryptographic schemes such as Secure
Multiparty Computation, data-centric protection schemes such as
Enterprise Rights Management or trusted virtualization technologies may
be used to make IT systems intrinsically privacy friendly, finally
contributing to the vision of "privacy by design". The aim of the
workshop is to bring together researchers, systems engineers and
privacy professionals in order to drive the concept of Privacy by
Design and discuss implementation aspects as well as the surrounding
legal and economic issues. The main topics of interest comprise
but are not limited to:
- design issues of privacy-enhanced systems
- cryptographic approaches for privacy
- practical aspects of Secure Multiparty Computation
- data centric security
- Information/Enterprise Rights Management
- privacy-enhanced system architectures
- privacy and biometrics
- privacy in the cloud
- Privacy Enhancing Technologies
- censorship resistance
- economic and legal aspects of privacy
- usability of Privacy Enhancing Technologies
For more information, please see
http://www.ares-conference.eu/conf/index.php?option=com_content&view=article&id=53 .
SecSE 2011
5th International Workshop on Secure Software Engineering,
Held in conjunction with the ARES 2011,
Vienna, Austria, August 22-26, 2011.
[posted here 1/31/11]
Software security is about protecting information and ensuring that systems
continue to function correctly even when under malicious attack. The
traditional approach of securing a system has been to create defensive
walls such as intrusion detection systems and firewalls around it, but
there are always cracks in these walls, and thus such measures are no
longer sufficient by themselves. We need to be able to build better,
more robust and more _inherently secure_ systems, and we should strive
to achieve these qualities in all software systems, not just in the
ones that _obviously_ need special protection. This workshop will focus
on techniques, experiences and lessons learned for building secure and
dependable software. Suggested topics include, but are not limited to:
- Secure architecture and design
- Security in agile software development
- Aspect-oriented software development for secure software
- Security requirements
- Risk management in software projects
- Secure implementation
- Secure deployment
- Testing for security
- Quantitative measurement of security properties
- Static and dynamic analysis for security
- Verification and assurance techniques for security properties
- Security and usability
- Design and deployment of secure services
- Secure composition and adaptation of services
- Teaching secure software development
- Experience reports on successfully attuning developers to
secure software engineering
- Lessons learned
For more information, please see
http://www.sintef.org/secse.
WISA 2011
12th International Workshop on Information Security Applications,
Jeju Island, Korea, August 22-24, 2011.
[posted here 04/11/11]
The focus of this workshop is on all technical and practical aspects of
cryptographic and non-cryptographic security applications. The
workshop will serve as a forum for new results from the academic
research community as well as from the industry.
The areas of interest include, but are not limited to:
- Internet & Wireless Security
- E-Commerce Protocols
- Access Control & Database Security
- Biometrics & Human Interface
- Network Security & Intrusion Detection
- Security & Trust Management
- IPTV Security
- Content Protection & Service Security
- Digital Rights Management
- Secure Software & Systems
- Information Hiding
- Digital Forensics
- Secure Hardware
- Cyber Indication & Intrusion Detection
- Multicast & Group Security
- Secure Application Protocols
- Secure Coding
- Smart Cards & Applications
- Mobile Security
- Privacy & Anonymity
- Public Key Crypto Applications
- Threats & Information Warfare
- Virus Protection & Applications
- Ubiquitous Computing Security
- Combating SPAM
- ID Management
- Peer-to-Peer Security
- Information Assurance
- RFID Security & Applications
- Sensor Network Security & Applications
- Common Criteria
- Critical Information Infrastructure Protection
- Video Surveillance Systems
- Smartphone Security
For more information, please see
http://www.wisa.or.kr.
SAC 2011
18th International Workshop on Selected Areas in Cryptography,
Toronto, Ontario, Canada, August 11-12, 2011.
[posted here 02/21/11]
The Workshop on Selected Areas in Cryptography (SAC) is an annual conference
dedicated to specific themes in the area of cryptographic system design and
analysis. Authors are encouraged to submit original papers related to the
themes for the SAC 2011 workshop:
- Design and analysis of symmetric key primitives and cryptosystems,
including block and stream ciphers, hash functions, and MAC algorithms.
- Efficient implementations of symmetric and public key algorithms.
- Mathematical and algorithmic aspects of applied cryptology.
- Cryptographic tools and methods for securing clouds.
For more information, please see
http://sac2011.ryerson.ca/SAC11_poster.pdf.
USENIX Security 2011
20th USENIX Security Symposium ,
San Francisco, CA, USA, August 10–12, 2011.
[posted here 11/8/10]
The USENIX Security Symposium brings together researchers, practitioners,
system administrators, system programmers, and others interested in the
latest advances in the security of computer systems and networks.
Refereed paper submissions are solicited in all areas relating to
systems and network security, including:
- Adaptive security and system management
- Analysis of network and security protocols
- Applications of cryptographic techniques
- Attacks against networks and machines
- Authentication and authorization of users, systems, and applications
- Automated tools for source code analysis
- Botnets
- Cryptographic implementation analysis and construction
- Denial-of-service attacks and countermeasures
- File and filesystem security
- Firewall technologies
- Forensics and diagnostics for security
- Hardware security
- Intrusion and anomaly detection and prevention
- Malicious code analysis, anti-virus, anti-spyware
- Network infrastructure security
- Operating system security
- Privacy-preserving (and compromising) systems
- Public key infrastructure
- Rights management and copyright protection
- Security architectures
- Security in heterogeneous and large-scale environments
- Security policy
- Self-protecting and -healing systems
- Techniques for developing secure systems
- Technologies for trustworthy computing
- Usability and security
- Voting systems analysis and security
- Wireless and pervasive/ubiquitous computing security
- Web security, including client-side and server-side security
For more information, please see
https://db.usenix.org/events/sec11/cfp/.
HotSec 2011
6th USENIX Workshop on Hot Topics in Security,
Held in conjunction with the 20th USENIX Security Symposium,
San Francisco, CA, USA, August 9, 2011.
[posted here 02/21/11]
HotSec is renewing its focus by placing singular emphasis on new security
ideas and problems. Works reflecting incremental ideas or well understood
problems will not be accepted. Cross-discipline papers identifying new
security problems or exploring approaches not previously applied to security
will be given special consideration. All submissions should propose new
directions of research, advocate non-traditional approaches, report on
noteworthy experience in an emerging area, or generate lively discussion
around an important topic. HotSec takes a broad view of security and
privacy and encompasses research on topics including but not limited to:
- Large-scale threats
- Network security
- Hardware security
- Software security
- Physical security
- Programming languages
- Applied cryptography
- Privacy
- Human-computer interaction
- Emerging computing environment
- Sociology
- Economics
For more information, please see
http://www.usenix.org/hotsec11/cfpa.
HealthSec 2011
2nd USENIX Workshop on Health Security and Privacy,
Held in conjunction with the 20th USENIX Security Symposium,
San Francisco, CA, USA, August 9, 2011.
[posted here 02/21/11]
The focus of HealthSec '11 is the exploration of security and privacy issues
that arise from the exploding quantity of digital personal health
information, in both the provider and the patient settings. The Program
Committee strongly encourages cross-disciplinary interactions between fields,
including, but not limited to, technology, medicine, and policy. Surprising
results and thought-provoking ideas will be strongly favored; complete papers
with polished results in well-explored research areas are comparatively
discouraged. We will select position papers that show potential to stimulate
or catalyze further research and explorations of new directions, as well as
extended abstracts that explore a specific issue a little more deeply,
including preliminary results. Position papers are solicited on topics in all
areas relating to healthcare information security and privacy, including:
- Security and privacy models for healthcare information systems
- Industry experience in securing healthcare information systems
- Design and deployment of patient-oriented systems for securely accessing
and managing personal health data
- Security and privacy threats against existing and future medical
devices--and countermeasures
- Regulatory and policy issues of healthcare information systems
- Privacy of medical information
- Usability issues, especially combined with security constraints
- Threat models for healthcare information systems
For more information, please see
http://www.usenix.org/healthsec11/cfpa/.
EVT/WOTE 2011
Electronic Voting Technology Workshop/ Workshop on Trustworthy Elections,
Held in conjunction with the 20th USENIX Security Symposium,
San Francisco, CA, USA, August 8-9, 2011.
[posted here 02/21/11]
USENIX, ACCURATE, and IAVoSS are sponsoring the 2011 Electronic Voting Technology
Workshop/Workshop on Trustworthy Elections (EVT/WOTE '11). EVT/WOTE brings
together researchers from a variety of disciplines, ranging from computer
science and human-computer interaction experts through political scientists,
legal experts, election administrators, and voting equipment vendors.
Papers should contain original research in any area related to electronic
voting technologies and verifiable elections. Example applications include
but are not limited to:
- Ballot-box electronic voting systems
- Remote electronic voting systems
- Voter registration systems
- Procedures for ballot auditing
- Cryptographic (or non-cryptographic) verifiable election schemes
For more information, please see
http://www.usenix.org/evtwote11/cfpa.
WOOT 2011
5th USENIX Workshop on Offensive Technologies,
Held in conjunction with the 20th USENIX Security Symposium,
San Francisco, CA, USA, August 8, 2011.
[posted here 03/07/11]
Computer security is unique among systems disciplines in that practical details
matter and concrete case studies keep the field grounded in practice. WOOT
provides a forum for high-quality, peer-reviewed papers discussing tools and
techniques for attack. Submissions should reflect the state of the art in
offensive computer security technology, either surveying previously poorly
known areas or presenting entirely new attacks.
Submission topics include but are not limited to:
- Vulnerability research (software auditing, reverse engineering)
- Penetration testing
- Exploit techniques and automation
- Network-based attacks (routing, DNS, IDS/IPS/firewall evasion)
- Reconnaissance (scanning, software, and hardware fingerprinting)
- Malware design and implementation (rootkits, viruses, bots, worms)
- Denial-of-service attacks
- Web and database security
- Weaknesses in deployed systems (VoIP, telephony, wireless, games)
- Practical cryptanalysis (hardware, DRM, etc.)
For more information, please see
http://www.usenix.org/woot11/cfpa/.
FOCI 2011
1st Workshop on Free and Open Communications on the Internet,
Held in conjunction with the 20th USENIX Security Symposium,
San Francisco, CA, USA, August 8, 2011.
[posted here 04/25/11]
The first USENIX Workshop on Free and Open Communications on the
Internet (FOCI) seeks to bring together researchers and practitioners
from both technology and policy who are working on policies or technologies
to detect or circumvent practices that inhibit free and open
communications on the Internet. The growth of the Internet offers great
promise for improving the communication capabilities of many users, but
our increasing dependence on networked communications also makes it easier
for organizations to control, monitor, or block user communications. ISPs
and governments routinely restrict access to Internet content and services,
either by censoring access to the information or by degrading the
performance of various services (e.g., violating network neutrality).
Indeed, although we think of the Internet as enabling the "democratization"
of communications, free and open access is at risk: the Open Net Initiative
reports that nearly 60 countries censor some access to information on the
Internet. Similarly, ISPs can degrade network performance for certain
subsets of users for some or all services. For example, some ISPs have been
found to routinely block or throttle certain application traffic (e.g.,
BitTorrent). This growing trend towards blocking, tampering with, or
otherwise restricting communications on the Internet calls for better
techniques for both monitoring the state of restrictions on Internet
content and communications (i.e., improving "transparency") and circumventing
attempts to censor, degrade, or or otherwise tamper with Internet
communications. In many cases, this technology must be both deniable
(i.e., it must allow the user to deny knowledge about using the technology)
and robust to blocking.
For more information, please see
http://www.usenix.org/events/foci11/cfp/.
CSET 2011
4th Workshop on Cyber Security Experimentation and Test,
Held in conjunction with the 20th USENIX Security Symposium,
San Francisco, CA, USA, August 8, 2011.
[posted here 01/31/11]
The focus of CSET is on the science of cyber security evaluation, as well as
experimentation, measurement, metrics, data, and simulations as those subjects
relate to computer and network security. The science of cyber security is
challenging for a number of reasons:
- Data: There is an absence of data usable by the community. Moreover,
there is no clear understanding of what good data would look like if it
was obtained, and how the value of data changes over time.
- Realism: Experiments must faithfully recreate the relevant features of
the phenomena they investigate in order to obtain correct results, yet
data about threats and the Internet landscape is sparse, modeling humans
is hard, and issues of scaling (up or down) are not well understood.
Hence careful reasoning about "realism" is required.
- Rigor: Repeatability and correctness must be ensured in any scientific
experimentation. These can be extremely hard to achieve.
- Risk: Cyber security experiments naturally carry significant risk if
not properly contained and controlled. At the same time, these experiments
may well require some degree of interaction with the larger world to be
useful.
Meeting these challenges requires transformational advance in understanding
of the relationship between scientific method and cyber security evaluation,
as well as transformational advance in capability of the underlying resources
and infrastructure and usability of the data. The 4th Workshop on Cyber
Security Experimentation and Test (CSET '11) invites submissions on the
science, design, architecture, construction, operation, and use of cyber
security data and experiments.
For more information, please see
http://www.usenix.org/events/cset11/cfp/.
DFRWS 2011
11th Digital Forensics Research Conference,
New Orleans, LA, USA, August 1-3, 2011.
[posted here 09/20/10]
DFRWS brings together leading researchers, developers, practitioners,
and educators interested in advancing the state of the art in digital
forensics from around the world. As the most established venue in the
field, DFRWS is the preferred place to present both cutting-edge
research and perspectives on best practices for all aspects of digital
forensics. As an independent organization, we promote open community
discussions and disseminate the results of our work to the widest
audience. We invite original contributions as research papers,
panel proposals, Work-in-Progress talks, workshop proposals,
and demo proposals. Topics of Interest:
- Forensic analysis
- Incident response and live analysis
- Network-based forensics, including network traffic analysis,
traceback and attribution
- Event reconstruction methods and tools
- File system and memory analysis
- Application analysis
- Embedded systems
- Small scale and mobile devices
- Large-scale investigations
- Digital evidence storage and preservation
- Data mining and information discovery
- Data hiding and recovery
- Data extraction and reconstruction
- Multimedia analysis
- Database forensics
- Tool testing and development
- Digital evidence and the law
- Anti-forensics and anti-anti-forensics
- Case studies and trend reports
- Malware forensics
- Data visualization in forensic analysis
- Forensics of virtual and cloud environments
- Investigation of insider attacks
- Error rates of forensic methods
- Interpersonal communications and social network analysis
- Non-traditional approaches to forensic analysis
For more information, please see
http://www.dfrws.org/.
MobiPST 2011
1st International Workshop on Privacy, Security and Trust in Mobile and Wireless Systems,
Held in conjunction with the ICCCN 2011,
Maui, Hawaii, July 31, 2011.
[posted here 03/21/11]
This workshop aims to bring together the technologists and researchers who share
interest in the area of security, privacy and trust in mobile and wireless
systems, as well as explore new venues of collaboration. The main purpose is
to promote discussions of research and relevant activities in the models and
designs of secure, privacy-preserving, or trust architectures, protocols,
algorithms, services, and applications, as well as analysis on cyber threat
in mobile and wireless systems. It also aims at increasing the synergy
between academic and industry professionals working in this area. We plan
to seek papers that address theoretical, experimental research, and work
in-progress for security, privacy and trust related issues in the context
of mobile and wireless systems.
For more information, please see
http://ocu-stars.okcu.edu/ksha/mobipst2011.html.
PETS 2011
11th Privacy Enhancing Technologies Symposium,
Waterloo, ON, Canada, July 27-29, 2011.
[posted here 11/29/10]
Privacy and anonymity are increasingly important in the online world.
Corporations, governments, and other organizations are realizing and
exploiting their power to track users and their behavior. Approaches
to protecting individuals, groups, but also companies and governments,
from profiling and censorship include decentralization, encryption,
distributed trust, and automated policy disclosure. The 11th Privacy
Enhancing Technologies Symposium addresses the design and realization
of such privacy services for the Internet and other data systems and
communication networks by bringing together anonymity and privacy
experts from around the world to discuss recent advances and new
perspectives. The symposium seeks submissions from academia and
industry presenting novel research on all theoretical and practical
aspects of privacy technologies, as well as experimental studies of
fielded systems. We encourage submissions with novel technical
contributions from other communities such as law, business, and
data protection authorities, that present their perspectives on
technological issues. Suggested topics include but are not
restricted to:
- Anonymous communications and publishing systems
- Attacks on privacy and privacy technologies
- Censorship resistance
- Data protection technologies
- Economics of privacy and PETs
- Fielded systems and techniques for enhancing privacy in existing systems
- Location privacy
- Privacy and anonymity in Peer-to-Peer, Cloud, and Ubiquitous Computing Environments
- Privacy and inference control in databases
- Privacy-enhanced access control or authentication/certification
- Privacy-friendly payment mechanisms for PETs and other services
- Privacy in Online Social Networks
- Privacy policy languages and tools
- Privacy threat models
- Profiling and data mining
- Pseudonyms, identity management, linkability, and reputation
- Reliability, robustness and abuse prevention in privacy systems
- Traffic analysis
- Transparency enhancing tools
- Usability issues and user interfaces for PETs
For more information, please see
http://petsymposium.org/2011/.
ID 2011
ACM/Springer International Workshop on Identity: Security, Management
& Applications, Kochi, Kerala, India, July 22-24, 2011.
[posted here 01/10/11]
2011 ACM/Springer International Workshop on Identity ID 2011: Security,
Management & Applications, is designated to meet with researchers, engineers
and practitioners from academia, service providers, industry and government
working on Identity-based Internet & infrastructure systems. ID 2011 aims
to bring to forefront the recent trends in most significant technology
topics such as Identity Management (IdM), Cloud Computing, Internet of
Things (IoT), Service Oriented Architecture (SoA), Security & Privacy
Systems, Access Management, Risk Management, and Role and Policy
Management, etc in software, hardware and firmware applications
running on private and public networks.
For more information, please see
http://www.acc-rajagiri.org/ID2011.html.
VizSec 2011
8th International Symposium on Visualization for Cyber Security,
Held in conjunction with the Symposium on Usable Privacy and Security (SOUPS 2011),
Pittsburgh, PA, USA, July 20, 2011.
[posted here 03/07/11]
The annual symposium joins academic, government, and industry leaders from
around the globe to share the latest developments and applications of
visualization techniques to address current cyber security challenges.
Researchers and practitioners are invited to submit technical papers
and panel session proposals that offer a novel contribution to security
visualization. Papers are encouraged on new visualization technologies
and methods that have been applied and demonstrated to be useful in a
range of security domains including, but not limited to, computer
forensics, risk assessment, cryptography, malware analysis, and
situational awareness.
For more information, please see
http://www.vizsec2011.org/.
PST 2011
9th International Conference on Privacy, Security and Trust,
Montreal, Quebec, Canada, July 19-21, 2011.
[posted here 10/11/10]
PST2011 provides a forum for researchers world-wide to unveil their
latest work in privacy, security and trust and to show how this research
can be used to enable innovation. PST2011 will include an Innovation Day
featuring workshops and tutorials followed by two days of high-quality
research papers whose topics include, but are NOT limited to, the following:
- Privacy Preserving / Enhancing Technologies
- Critical Infrastructure Protection
- Network and Wireless Security
- Operating Systems Security
- Intrusion Detection Technologies
- Secure Software Development and Architecture
- PST Challenges in e-Services, e.g. e-Health, e-Government, e Commerce
- Network Enabled Operations
- Digital forensics
- Information Filtering, Data Mining and Knowledge from Data
- National Security and Public Safety
- Security Metrics
- Recommendation, Reputation and Delivery Technologies
- Continuous Authentication
- Trust Technologies, Technologies for Building Trust in e-Business Strategy
- Observations of PST in Practice, Society, Policy and Legislation
- Digital Rights Management
- Identity and Trust management
- PST and Cloud Computing
- Human Computer Interaction and PST
- Implications of, and Technologies for, Lawful Surveillance
- Biometrics, National ID Cards, Identity Theft
- PST and Web Services / SOA
- Privacy, Traceability, and Anonymity
- Trust and Reputation in Self-Organizing Environments
- Anonymity and Privacy vs. Accountability
- Access Control and Capability Delegation
- Representations and Formalizations of Trust in Electronic and
Physical Social Systems
For more information, please see
http://pstnet.unb.ca/pst2011.
ESAS 2011
6th IEEE International Workshop on Engineering Semantic Agent Systems,
Held in conjunction with IEEE COMPSAC 2011,
Munich, Germany, July 18-22, 2011.
[posted here 02/07/11]
Semantic web technologies render dynamic, heterogeneous, distributed, shared
semantic content equally accessible to human reader and software agents.
ESAS Workshops Series focuses on concepts, foundations and applications of
semantic agent systems and bringing forward better practices of engineering
them. Research and technologies related to Semantic Web and agent systems
are very much in focus at ESAS. Topics of interest span a wide spectrum
of both theory and practice of semantics and agent architectures, including
software agents, mobile agents, autonomous semantic agents, context-aware
intelligent agents, agents as semantic web services, multi-agent systems,
agent communities, cooperation and goal seeking through shared policy
and ontology, safety & security in semantic multi-agent information
systems, and other QoS issues.
For more information, please see
http://compsac.cs.iastate.edu/workshop_details.php?id=32&y.
DBSec 2011
25th Annual WG 11.3 Conference on Data and Applications Security
and Privacy,
Richmond, Virginia, USA, July 11-13, 2011.
[posted here 12/6/10]
The 25th Annual WG 11.3 Conference on Data and Applications Security and
Privacy provides a forum for presenting original unpublished research
results, practical experiences, and innovative ideas in data and
applications security. Both research papers and panel proposals
are solicited. Papers may present theory, techniques, applications,
or practical experience on topics of relevance to IFIP WG 11.3:
- Access control
- Applied cryptography in data security and privacy
- Identity theft and countermeasures
- Integrity maintenance
- Intrusion detection
- Knowledge discovery and privacy
- Organizational security
- Privacy and privacy-preserving data management
- Secure transaction processing
- Secure information integration
- Secure semantic web
- Secure sensor monitoring
- Secure web services
- Threats, vulnerabilities, and risk management
- Trust management
For more information, please see
http://www.egr.vcu.edu/dbsec2011/.
HAISA 2011
International Conference on Human Aspects of Information Security & Assurance,
London, United Kingdom, July 7-8, 2011.
[posted here 06/06/11]
It is commonly acknowledged that security requirements cannot be addressed by
technical means alone, and that a significant aspect of protection comes down
to the attitudes, awareness, behaviour and capabilities of the people involved.
Indeed, people can potentially represent a key asset in achieving security,
but at present, factors such as lack of awareness and understanding,
combined with unreasonable demands from security technologies, can
dramatically impede their ability to do so. Ensuring appropriate attention
and support for the needs of users should therefore be seen as a vital
element of a successful security strategy. People at all levels (i.e.
from organisations to domestic environments; from system administrators
to end-users) need to understand security concepts, how the issues may
apply to them, and how to use the available technology to protect their
systems. In addition, the technology itself can make a contribution by
reducing the demands upon users, simplifying protection measures, and
automating a variety of safeguards. With the above in mind, this conference
specifically addresses information security issues that relate to people.
It concerns the methods that inform and guide users' understanding of
security, and the technologies that can benefit and support them in
achieving protection. The conference welcomes papers addressing research and
case studies in relation to any aspect of information security that pertains to
the attitudes, perceptions and behaviour of people, and how human characteristics
or technologies may be positively modified to improve the level of protection.
Indicative themes include:
- Information security culture
- Awareness and education methods
- Enhancing risk perception
- Public understanding of security
- Usable security
- Psychological models of security software usage
- User acceptance of security policies and technologies
- User-friendly authentication methods
- Biometric technologies and impacts
- Automating security functionality
- Non-intrusive security
- Assisting security administration
- Impacts of standards, policies, compliance requirements
- Organizational governance for information assurance
- Simplifying risk and threat assessment
- Understanding motivations for misuse
- Social engineering and other human-related risks
- Privacy attitudes and practices
- Computer ethics and security
For more information, please see
http://www.haisa.org.
DIMVA 2011
8th International Conference on Detection of Intrusions and
Malware & Vulnerability Assessment,
Amsterdam, The Netherlands, July 7-8, 2011.
[posted here 11/8/10]
The annual DIMVA conference serves as a premier forum for advancing the state
of the art in intrusion detection, malware detection, and vulnerability
assessment. DIMVA's scope includes, but is not restricted to the
following areas:
Intrusion Detection
- Novel approaches & new environments
- Insider detection
- Prevention & response
- Data leakage
- Result correlation & cooperation
- Evasion attacks
- Potentials & limitations
- Operational experiences
- Privacy, legal & social aspects
Malware Detection
- Automated analysis, reversing & execution tracing
- Containment & sandboxed operation
- Acquisition of specimen
- Infiltration
- Behavioral models
- Prevention & containment
- Trends & upcoming risks
- Forensics & recovery
- Economic aspects
Vulnerability Assessment
- Vulnerability detection & analysis
- Vulnerability prevention
- Web application security
- Fuzzing techniques
- Classification & evaluation
- Situational awareness
For more information, please see
http://www.dimva.org/dimva2011.
ASA 2011
5th International Workshop on Analysis of Security APIs,
Paris, France, June 30, 2011.
[posted here 02/21/11]
Security APIs allow untrusted code to access sensitive resources in a secure way.
Security API analysis is an emerging field of computer security research.
The aim of the ASA workshop is to bring together researchers working in
security API analysis for a day of presentations and discussions.
Since the field is relatively young, polished research papers will not be
solicited. Instead, the workshop will follow the format that was highly
successful at ASA in 2007-10: prospective participants are invited to
submit a short (1-4 page) abstract describing their current work and/or
interests in the area. We plan to have two sessions of 20-minute talks
by participants, with each session followed by informal discussion. There
will also be a workshop dinner in the evening, and subject to confirmation,
an invited speaker. The scope of ASA runs from theoretical results and
formalisms for API analysis right through to applications and empirical
results with security APIs deployed `in the field'. Applications of
interest include (but are not limited to) financial applications
(e.g. APIs of Hardware Security Modules), smartcard APIs, the Trusted
Computing Architecture, and security APIs for web based systems.
For more information, please see
http://www.lsv.ens-cachan.fr/~steel/asa5/.
IFIPTM 2011
5th IFIP International Conference on Trust Management,
Copenhagen, Denmark, June 29 - July 1, 2011.
[posted here 10/12/10]
The mission of the IFIPTM 2011 Conference is to share research
solutions to problems of Trust and Trust management, including related
Security and Privacy issues, and to identify new issues and directions
for future research and development work. IFIPTM 2011 invites
submissions presenting novel research on all topics related to Trust,
Security and Privacy, including but not limited to those listed below:
Security, trust and privacy
- formal aspects (specification, reasoning and analysis)
- applications and services
- policy management
- in social networks and emerging contexts
- in collaborative applications, crowdsourcing and wiki systems
- ethical, sociological, psychological and legal aspects
- human-computer interaction and usable systems
Trust and reputation management systems
- architectures and models
- metrics and computation
- applications
Identity management and trust
- anonymity, privacy and accountability
- legal aspects
Trustworthy systems
- platforms & Standards
- software and services
- applications
For more information, please see
http://www.ifiptm.org/.
CSF 2011
24th IEEE Computer Security Foundations Symposium,
Domaine de l'Abbaye des Vaux-de-Cernay, France, June 27-29, 2011.
[posted here 12/6/10]
New theoretical results in computer security are welcome. Also welcome
are more exploratory presentations, which may examine open questions
and raise fundamental concerns about existing theories. Panel proposals
are sought as well as papers. Possible topics include, but are
not limited to:
- Access control
- Distributed systems security
- Language-based security
- Anonymity and Privacy
- Electronic voting
- Network security
- Authentication
- Executable content
- Resource usage control
- Data and system integrity
- Formal methods for security
- Security for mobile computing
- Database security
- Information flow
- Security models
- Data provenance
- Intrusion detection
- Security protocols
- Decidability and complexity
- Hardware-based security
- Trust and trust management
For more information, please see
http://csf2011.inria.fr/.
STM 2011
7th International Workshop on Security and Trust Management,
Held in conjunction with IFIPTM 2011,
Copenhagen, Denamrk, June 27-28, 2011.
[posted here 02/21/11]
STM (Security and Trust Management) is a working group of ERCIM
(European Research Consortium in Informatics and Mathematics).
STM'11 is the seventh workshop in this series and will be held in
Copenhagen, Denmark in conjunction with IFIPTM 2011.
Topics of interest include, but are not limited to:
- access control
- cryptography
- digital right management
- economics of security
- key management
- ICT for securing digital as well as physical assets
- identity management
- networked systems security
- privacy and anonymity
- reputation systems and architectures
- security and trust management architectures
- semantics and computational models for security and trust
- trust assessment and negotiation
- trust in mobile code
- trust in pervasive environments
- trust models
- trust management policies
- trusted platforms and trustworthy systems
- trustworthy user devices
For more information, please see
http://www.isac.uma.es/stm11.
RFIDsec 2011
7th Workshop on RFID Security ,
Amherst, MA, USA, June 26-28, 2011.
[posted here 02/07/11]
The RFIDSec workshop focuses on security and data-protection issues
in advanced contactless technologies like RFID. It stresses
implementation aspects imposed by resource constraints.
Topics of the workshop include but are not limited to:
- New applications for secure RFID systems
- Data protection and privacy-enhancing techniques for RFID
- Cryptographic protocols for RFID
- Integration of secure RFID systems
- Data mining and other systemic approaches to RFID security
- Resource-efficient implementation of cryptography
- Attacks on RFID systems
- RFID security hardware e.g. RFID with PUF, RFID Trojans, ...
For more information, please see
http://rfid-cusp.org/rfidsec/.
TRUST 2011
4th International Conference on Trust and Trustworthy Computing,
Pittsburgh, PA, USA, June 22-24, 2011.
[posted here 11/8/10]
This conference focuses on trusted and trustworthy computing, both
from the technical and social perspectives. The conference itself has two
main strands, one devoted to technical aspects and one devoted to socio-economic
aspects of trusted computing. The conference solicits original papers on
any aspect (technical or social and economic) of the design, application and
usage of trusted and trustworthy computing, which concerns a broad range of
concepts including trustworthy infrastructures, cloud computing, services, hardware,
software and protocols. Topics of interest include, but are not limited to:
Technical Strand
- Architecture and implementation technologies for trusted platforms
and trustworthy infrastructures
- Trust, Security and Privacy in embedded systems
- Trust, Security and Privacy in social networks
- Trusted mobile platforms and mobile phone security
- Implementations of trusted computing (hardware and software)
- Applications of trusted computing
- Trustworthy infrastructures and services for cloud computing
(including resilience)
- Attestation and integrity verification
- Cryptographic aspects of trusted and trustworthy computing
- Design, implementation and analysis of security hardware, i.e.,
hardware with cryptographic and security functions, physically
unclonable functions (PUFs)
- Intrusion resilience in trusted computing
- Virtualization for trusted platforms
- Secure storage
- Security policy and management of trusted computing
- Access control for trusted platforms
- Privacy aspects of trusted computing
- Verification of trusted computing architectures
- Usability and end-user interactions with trusted platforms
- Limitations of trusted computing
Socio-economic Strand
- Usability and user perceptions of trustworthy systems and risks
- Effects of trustworthy systems upon user, corporate, and
governmental behavior
- Economic drivers for trustworthy systems in corporate environment
- The impact of trustworthy systems in enhancing trust in cloud-like
infrastructures
- The adequacy of guarantees provided by trustworthy systems for
systems critically dependent upon trust, such as elections and
government oversight
- The impact of trustworthy systems upon digital forensics, police
investigations and court proceedings
- Game theoretical approaches to modeling or designing trustworthy
systems
- Approaches to model and simulate scenarios of how trustworthy systems
would be used in corporate environments and in personal space
- Experimental economics studies of trustworthiness
- The interplay between privacy, privacy enhancing technologies and
trustworthy systems
- Critiques of trustworthy systems
For more information, please see
http://www.trust2011.org.
FCS 2011
Workshop on Foundations of Computer Security,
Held in conjunction with LICS 2011,
Toronto, Ontario, Canada, June 20, 2011.
[posted here 01/17/11]
Computer security is an established field of computer science of both
theoretical and practical significance. In recent years, there has been
increasing interest in logic-based foundations for various methods in
computer security, including the formal specification, analysis and design
of security protocols and their applications, the formal definition of
various aspects of security such as access control mechanisms, mobile
code security and denial-of-service attacks, and the modeling of information
flow and its application to confidentiality policies, system composition,
and covert channel analysis. The aim of the workshop FCS'11 is to provide
a forum for continued activity in different areas of computer security,
bringing computer security researchers in closer contact with the LICS
community and giving LICS attendees an opportunity to talk to experts in
computer security, on the one hand, and contribute to bridging the gap
between logical methods and computer security foundations, on the other.
We are interested both in new results in theories of computer security and
also in more exploratory presentations that examine open questions and
raise fundamental concerns about existing theories, as well as in new
results on developing and applying automated reasoning techniques and
tools for the formal specification and analysis of security protocols.
For more information, please see
http://www.di.ens.fr/~blanchet/fcs11/.
D-SPAN 2011
2nd IEEE International Workshop on Data Security and PrivAcy in wireless Networks,
Held in conjunction with IEEE WoWMoM 2011,
Lucca, Italy, June 20, 2011.
[posted here 01/17/11]
D-SPAN 2011, the Second International Workshop on Data Security and PrivAcy in
wireless Networks (D-SPAN), is focused on defining new problems and developing novel
techniques for data security and privacy issues in wireless and mobile networks.
With the emergence of data-intensive wireless networks such as wireless sensor
networks and data-centric mobile applications such as location-based services, the
traditional boundaries between these three disciplines are blurring. This workshop
solicits papers from two main categories: (1) papers that consider the security
and privacy of data collection, transmission, storage, publishing, and sharing
in wireless networks broadly defined, e.g., MANET, cellular, vehicular, ad hoc,
cognitive, as well as sensor networks, and (2) papers that use data analytics
techniques to address security and privacy problems in wireless networks. The
workshop provides a venue for researchers to present new ideas with impact on
three communities: wireless networks, databases, and security. The list of topics
includes, but not limited to:
- Foundations in wireless security & privacy (game theory, information theory,
belief models, etc)
- Location privacy in wireless networks
- Secure data collection and aggregation for wireless sensor networks
- Secure data collection in body-area networks
- Secure data processing in mobile ad-hoc networks (MANET)
- Secure query processing over wireless sensor networks
- Security and privacy of RFID systems
- Security and privacy for data streaming
- Security for cognitive radio networks
- Tradeoffs between Security and Communication Performance
For more information, please see
http://home.gwu.edu/~nzhang10/DSPAN2011/.
USENIX-ATC 2011
2011 USENIX Annual Technical Conference,
Portland, Oregon, USA, June 15–17, 2011.
[posted here 11/22/10]
Authors are invited to submit original and innovative papers to the Refereed
Papers Track of the 2011 USENIX Annual Technical Conference. We seek high-quality
submissions that further the knowledge and understanding of modern computing
systems, with an emphasis on implementations and experimental results. We encourage
papers that break new ground or present insightful results based on practical
experience with computer systems. USENIX ATC has a broad scope, and specific
topics of interest include but are not limited to:
- Architectural interaction
- Cloud computing
- Deployment experience
- Distributed and parallel systems
- Embedded systems
- Energy/power management
- File and storage systems
- Mobile, wireless, and sensor systems
- Networking and network services
- Operating systems
- Reliability, availability, and scalability
- Security, privacy, and trust
- System and network management and troubleshooting
- Usage studies and workload characterization
- Virtualization
For more information, please see
http://www.usenix.org/events/atc11/cfp/.
SACMAT 2011
16th ACM Symposium on Access Control Models and Technologies,
Innsbruck, Austria, June 15-17, 2011.
[posted here 09/20/10]
ACM SACMAT is the premier forum for the presentation of research results and
experience reports on leading edge issues of access control, including models,
systems, applications, and theory. The aims of the symposium are to share
novel access control solutions that fulfil the needs of heterogeneous
applications and environments, and to identify new directions for future
research and development. SACMAT provides researchers and practitioners
with a unique opportunity to share their perspectives with others interested
in the various aspects of access control. Papers offering novel
research contributions in all aspects of access control are solicited.
We solicit proposals for panels and systems demonstrations as well.
Topics of Interest:
- Access control models and extensions
- Access control requirements
- Access control design methodology
- Access control mechanisms, systems, and tools
- Access control in distributed and mobile systems
- Access control for innovative applications
- Administration of access control policies
- Delegation
- Identity management
- Policy/Role engineering
- Safety analysis and enforcement
- Standards for access control
- Trust management
- Trust and risk models in access control
- Theoretical foundations for access control models
- Usability in access control systems
- Usage control
For more information, please see
http://sacmat.org/.
WiSec 2011
4th ACM Conference on Wireless Network Security,
Hamburg, Germany, June 14-17, 2011.
[posted here 08/30/10]
As wireless and mobile networking becomes ubiquitous, security and privacy
gains in importance. The focus of ACM Conference on Wireless Network Security
(ACM WiSec) is on exploring attacks on (and threats facing) wireless
communication as well as techniques to address them. Settings of interest
include: cellular, metropolitan, mesh, local-area, personal-area, home,
vehicular, sensor, ad hoc, satellite, and underwater networks as well
as cognitive radio and RFID. Topics of interest include,
but are not limited to:
- Naming and addressing vulnerabilities
- Key management in wireless/mobile environments
- Secure neighbor discovery / Secure localization
- Secure PHY and MAC protocols
- Trust establishment
- Intrusion detection, detection of malicious behavior
- Revocation of malicious parties
- Denial of service
- User privacy, location privacy
- Anonymity, unobservability, prevention of traffic analysis
- Identity theft and phishing in mobile networks
- Charging & secure payment
- Cooperation and prevention of non-cooperative behavior
- Economics of wireless security
- Vulnerability and attack modeling
- Incentive-aware secure protocol design
- Jamming/Anti-jamming communication
- Cross-layer design for security
- Monitoring and surveillance
- Cryptographic primitives for wireless communication
- Formal methods for wireless security
- Mobile/wireless platform and systems (OS and application) security
For more information, please see
http://www.sigsac.org/wisec/WiSec2011.
ACNS 2011
9th International Conference on Applied Cryptography and Network Security,
Nerja, Malaga, Spain, June 7-10, 2011.
[posted here 10/18/10]
Original papers on all aspects of applied cryptography as well as computer/network
security and privacy are solicited. Topics of interest include, but are not
limited, to:
- Applied cryptography and cryptographic protocols
- Cryptographic primitives, e.g., cryptosystems, ciphers and hash functions
- Network security protocols
- Privacy, anonymity and untraceability
- Security for the next-generation Internet
- Internet fraud, e.g., phishing, pharming, spam, and click fraud
- Email and web security
- Public key infrastructures, key management, certification and revocation
- Trust and its metrics
- Usable security and cryptography
- Intellectual property protection and digital rights management
- Modeling and protocol design
- Automated protocols analysis
- Secure virtualization and security in cloud computing
- Security and privacy in sensor, mobile, ad hoc and delay-tolerant
networks, p2p systems, as well as wireless (e.g., RFID, Bluetooth) communications
For more information, please see
http://www.isac.uma.es/acns2011/.
IFIP-SEC 2011
26th IFIP TC-11 International Information Security Conference,
Luzern, Switzerland, June 7-9, 2011.
[posted here 09/20/10]
The SEC conferences are in a series of well-established international conferences
on Security and Privacy organized annually by the Technical Committee 11 (TC-11)
of IFIP (International Federation for Information Processing). IFIP SEC 2011
aims at bringing together primarily researchers, but also practitioners from
academia, industry and governmental institutions for elaborating and discussing
IT Security and Privacy Challenges that we are facing today and in the future.
Papers offering novel and mature research contributions, in any aspect of
information security and privacy are solicited for submission to the 26th
IFIP TC-11 International Information Security Conference. Papers may
present theory, applications, or practical experiences on security and
privacy topics including but not limited to:
- Access Control
- Anonymity
- Applications of Cryptography
- Attacks and Malicious Software
- Authentication and Authorization
- Biometrics and Applications
- Critical ICT Resources Protection
- Data and Systems Integrity
- Data Protection
- ECommerce Privacy & Security
- Enterprise Security
- Identity Management
- Information Hiding
- Information Warfare
- Internet and Web Security
- Intrusion Detection
- IT-Forensics
- Mobile Computing Security
- Mobile Networks Security
- Network Security Protocols
- Multilateral Security
- Peer-to-Peer Security
- Privacy Enhancing Technologies
- RFID Privacy & Security
- Risk Analysis and Management
- Secure Electronic Voting
- Secure Sensor Networks
- Secure Systems Development
- Security Architectures
- Security Economics
- Security Education
- Security Management
- Security Metrics
- Semantic Web Privacy & Security
- Smart Cards
- Software Security
- Spam, SPIT, SPIM
- Transparency Enhancing Tools
- Trust Management and Models
- Trusted Computing
- Ubiquitous Privacy & Security
- Usability of Security and Privacy
For more information, please see
http://www.sec2011.org/.
POLICY 2011
12th IEEE International Symposium on Policies for Distributed
Systems and Networks,
Pisa, Italy, June 6-8, 2011.
[posted here 11/8/10]
The symposium brings together researchers and practitioners working on
policy-based systems across a wide range of application domains including
policy-based networking, privacy, trust and security management, autonomic
computing, pervasive systems and enterprise systems. POLICY 2011 is the 12th
in a series of successful events, which have provided a forum for discussion
and collaboration between researchers, developers and users of policy-based
systems. In addition to the areas mentioned above, we specifically
encourage this year contributions on policy-based techniques in support
of Cloud computing and Enterprise Service Oriented applications as well
as the use of reasoning, verification and learning techniques in
policy-based systems
For more information, please see
http://ieee-policy.org.
ICC-CISS 2011
IEEE ICC 2011, Communication and Information Systems Security Symposium,
Kyoto, Japan, June 5-9, 2011.
[posted here 08/30/10]
With the advent of pervasive computer applications and due to the
proliferation of heterogeneous wired and wireless computer and communication
networks, security, privacy and trust issues have become paramount. This
Symposium will address all aspects of the modeling, design, implementation,
deployment, and management of security algorithms, protocols,
architectures, and systems. Furthermore, contributions devoted to the
evaluation, optimization, or enhancement of security and privacy mechanisms
for current technologies, as well as devising efficient security and
privacy solutions for emerging areas from physical layer technology
to the application layer, are solicited.
Topics of interest include, but are not limited to, the following:
- Authentication protocols and message authentication
- Biometric security: technologies, risks, vulnerabilities, bio-cryptography,
mobile template protection
- Computer and network forensics
- Cryptanalysis
- DDOS attacks, DNS spoofing, intrusion, localization and countermeasures
- Digital right management: information hiding, watermarking, fingerprinting,
and traitor tracing scheme
- Formal trust models, security modeling and protocol design
- Information systems security and security management
- Mobile and Wireless network security, including ad hoc networks,
P2P networks, 3G, 4G, sensor networks, Bluetooth, 802.11 family and WiMAX
- Network security metrics and performance
- Operating systems and application security and analysis tools
- Optical network security
- Physical security and hardware/software security
- Privacy and privacy enhancing technologies
- Public-key, symmetric-key, applied crypto, coding-based cryptography
- Quantum cryptography
- Virtual private networks and group security
- VoIP, IPTV, DAB, and other multimedia security
- Vulnerability, exploitation tools and virus analysis
- Web, Cloud, eBusiness, eCommerce, eGovernment security
For more information, please see
http://www.ieee-icc.org/2011/.
HOST 2011
4th IEEE International Sympoium on Hardware-Oriented Security and Trust,
San Diego, CA, June 5-6, 2011.
[posted here 11/8/10]
A wide range of applications, from secure RFID tagging to high-end trusted
computing, relies on dedicated and trusted hardware platforms.
The security and trustworthiness of such hardware designs are critical to their
successful deployment and operation. Recent advances in tampering and reverse
engineering show that important challenges lie ahead. For example, secure electronic
designs may be affected by malicious circuits, Trojans that alter system operation.
Furthermore, dedicated secure hardware implementations are susceptible to novel
forms of attack that exploit side-channel leakage and faults. Third, the globalized,
horizontal semiconductor business model raises concerns of trust and
intellectual-property protection. HOST 2011 is a forum for novel solutions to
address these challenges. Innovative test mechanisms may reveal Trojans in a
design before they are able to do harm. Implementation attacks may be thwarted
using side-channel resistant design or fault-tolerant designs. New
security-aware design tools can assist a designer in implementing critical
and trusted functionality, quickly and efficiently.
HOST 2011 seeks contributions based on, but not limited to, the following topics:
- Trojan detection and isolation
- Implementation Attacks and Countermeasures
- Side channel Analysis and Fault Analysis
- Intellectual Property Protection and Metering
- Tools and Methodologies for Secure Hardware Design
- Hardware Architectures for Cryptography
- Hardware Security Primitives: PUFs and TRNGs
- Applications of Secure Hardware
- Interaction of Secure Hardware and Software
For more information, please see
http://www.engr.uconn.edu/HOST/.
WISTP 2011
5th Workshop in Information Security Theory and Practice,
Heraklion, Crete, Greece, June 1-3, 2011.
[posted here 08/30/10]
Technical enhancements of mobile network infrastructures and the
availability of powerful mobile devices are rapidly changing the way
in which users interact and communicate in everyday life. These
devices include but not limited to PDAs, mobile phones, smart cards,
wireless sensors, and RFID tags. Among the main common features of
these devices include constraint resources and wireless communications.
WISTP 2011 aims to address the security and privacy issues that are
increasingly exposed by mobile communications and related services,
along with evaluating their impact on individuals, and the society at large.
The workshop seeks submissions from academia and industry presenting novel
research on all theoretical and practical aspects of security and privacy
of mobile and smart devices, as well as experimental studies of fielded
systems based on wireless communication, the application of security
technology, the implementation of systems, and lessons learned. We
encourage submissions from other communities such as law and business
that present these communities' perspectives on technological issues.
Topics of interest include, but are not limited to:
- Authentication and access control
- Ad hoc networks security and privacy
- Biometrics, national ID cards
- Data security and privacy
- Digital rights management
- Embedded systems security
- Human and psychological aspects of security
- Identity management
- Information assurance and trust management
- Intrusion detection and information filtering
- Lightweight cryptography
- Mobile and ubiquitous network security
- Mobile codes security
- Mobile commerce security
- Mobile devices security
- Privacy enhancing technologies
- RFID systems security
- Secure self-organization and self-configuration
- Security in location services
- Security metrics
- Security models and architectures
- Security of GSM/GPRS/UMTS systems
- Security and privacy policies
- Security protocols
- Smart card security
- Vehicular network security and privacy
- Wireless communication security and privacy
- Wireless sensor network security and privacy
For more information, please see
http://www.wistp.org/.
ISPEC 2011
7th Information Security Practice and Experience Conference,
Guangzhou, China, May 30 - June 1, 2011.
[posted here 10/11/10]
ISPEC is an annual conference that brings together researchers and
practitioners to provide a confluence of new information security
technologies, their applications and their integration with IT
systems in various vertical sectors. Authors are invited to submit
full papers presenting new research results related to information
security technologies and applications. All submissions must describe
original research that is not published or currently under review
by another conference or journal. Areas of interest include, but
are not limited to:
- Applied cryptography
- Access control
- Digital rights management
- Economic incentives for deployment of information security systems
- Information security in vertical applications
- Network security
- Privacy and anonymity
- Risk evaluation and security certification
- Resilience and availability
- Secure system architectures
- Security policy
- Security protocols
- Trust model and management
- Usability aspects of information security systems
For more information, please see
http://ispec2011.jnu.edu.cn/.
PETSE 2011
3rd International Workshop on Privacy Enhanced Technology and
Security Engineering,
Busan, Korea, May 26-28, 2011.
[posted here 01/10/11]
The integration of the advanced wireless technology and Internet tends to
increase connections of computing devices. However, in order to
achieve such integration, security problems and privacy concerns
such as personal information outflows should be considered. Privacy
enhanced technology and security engineering are required for technical
security and personal information protection. The aim of this workshop
is to bring together the researchers from academia and industry as well
as practitioners to share ideas, problems and solutions relating to the
multifaceted aspects of Privacy Enhanced Technology and Security
Engineering.
For more information, please see
http://www.ftrai.org/petse2011/.
SGSC 2011
IEEE International Workshop on Smart Grid Security and Communications,
Held in conjunction with the 2011 IEEE International Symposium on
Parallel and Distributed Processing and Application (ISPA2011),
Busan, Korea, May 26-28, 2011.
[posted here 11/29/10]
IThe Smart Grid concept arose in response to a combination of external factors
that are economic, political, environmental, societal and technical in nature.
At the power distribution system level, this concept has motivated the
coordination and integration of modern energy, communications, control,
and information technologies. However, the downside is that as the grid
provides mission-critical services, which need to be secure and reliable.
Hence, there is a need for security strategies to protect core infrastructures
when transforming conventional power networks to smart grids, for instance,
from malicious code and cascading errors. The underlying requirements for a
reliable and secure Smart Grid pertain to an adherence to standards, best
practices, as well as a high degree of architectural discipline. This
workshop serves to unite common research interests in Smart Grid
technologies to discuss and address related security issues, and
share novel security solutions. Topics of interest include, but
are not limited to:
- Security standard for Smart Grid
- Privacy protection in Smart Grid
- Vulnerability analysis & risk management
- Secure key management and access control in Smart Grid
- Power distribution with full cyber security
- Software security relevant to Smart Grid
- Communication security in Smart Grid
- Security of Advanced Metering Infrastructure (AMI)
- Killer applications for Smart Grid
- Reliable self-healing for Smart Grid
- Information communication and control technology for Smart Grid
- Secure routing and interconnectivity for Smart Grid
- Scheduling, resource allocation and optimization methodology
- Power distribution under computation and communication constraints
- Incorporation of demand response, smart appliance and consumer devices
- Consumer-to-consumer power re-distribution and networking
For more information, please see
http://sgsc.ee.ccu.edu.tw/.
W2SP 2011
Web 2.0 Security and Privacy 2011 Workshop,
Held in conjunction with IEEE Symposium on Security and Privacy (SP 2011),
Berkeley, CA, USA, May 26, 2011.
[posted here 01/18/11]
W2SP brings together researchers, practitioners, web programmers,
policy makers, and others interested in the latest understanding
and advances in the security and privacy of the web, browsers
and their eco-system. We have had four years of successful W2SP
workshops. This year, we will additionally invite selected
papers to a special issue of the journal. We are seeking
both short position papers (2-4 pages) and longer papers
(a maximum of 10 pages). The scope of W2SP 2011 includes,
but is not limited to:
- Trustworthy cloud-based services
- Privacy and reputation in social networks
- Security and privacy as a service
- Usable security and privacy
- Security for the mobile web
- Identity management and psuedonymity
- Web services/feeds/mashups
- Provenance and governance
- Security and privacy policies for composible content
- Next-generation browser technology
- Secure extensions and plug-ins
- Advertisement and affiliate fraud
- Measurement study for understanding web security and privacy
For more information, please see
http://w2spconf.com/2011/cfp.html.
SADFE 2011
International Workshop on Systematic Approaches to Digital
Forensic Engineering,
Held in conjunction with the IEEE Symposium on Security and Privacy (SP 2011),
Berkeley, CA, USA, May 26, 2011.
[posted here 01/10/11]
The SADFE (Systematic Approaches to Digital Forensic Engineering) International
Workshop promotes systematic approaches to cyber crime investigations, by
furthering the advancement of digital forensic engineering as a disciplined
science and practice. Today's digital artifacts permeate our lives and are
part of every crime and every case of digital discovery. The field of digital
forensics faces many challenges, including scale, scope and presentation of
highly technical information in legal venues to nontechnical audiences.
Digital evidence may be extant for only nanoseconds or for years; they
may consist of a single modified bit, or huge volumes of data; they may
be found locally or spread globally throughout a complex digital
infrastructure on public or private systems. Following the success of
previous SADFE workshops, cyber crime investigations and digital forensics
tools will continue to be the key topics of the meeting. We also welcome a
broader range of digital forensics papers that do not necessarily involve
either crime or digital forensics tools. General attack analysis, the
insider threat, insurance and compliance investigations, similar forms of
retrospective analysis, and digital discovery are all viable topics.
Past speakers and attendees of SADFE have included computer and information
scientists, social scientists, digital forensic practitioners,
IT professionals, law enforcement, lawyers, and judges. The synthesis of
science with practice and the law with technology form the foundation of
this conference. SADFE addresses the gap between today's practice and
the establishment of digital forensics as a science. To advance the field,
SADFE-2011 solicits broad-based, innovative approaches to digital
forensic engineering in the following four areas:
- Digital Data and Evidence Management: advanced digital evidence discovery,
collection, and storage
- Scientific Principle-based Digital Forensic Processes: systematic engineering
processes supporting digital evidence management which are sound on
scientific, technical and legal grounds
- Digital Evidence Analytics: advanced digital evidence analysis, correlation,
and presentation
- Forensic-support technologies: forensic-enabled and proactive
monitoring/response
To honor the outstanding work in digital forensics, the SADFE will provide
awards for the highest overall quality papers and posters from the accepted
program, as measured by scientific contribution, depth, and impact. A student
must be the first author to be eligible for the best student paper award.
For more information, please see
http://conf.ncku.edu.tw/sadfe/sadfe11/.
SP 2011
32nd IEEE Symposium on Security & Privacy,
The Claremont Resort, Berkeley/Oakland, California, USA, May 22-25, 2011.
[posted here 08/16/10]
Since 1980, the IEEE Symposium on Security and Privacy (S&P) has been the premier
forum for computer security research, presenting the latest developments and
bringing together researchers and practitioners. We solicit previously
unpublished papers offering novel research contributions in any aspect of
computer security or privacy. Papers may present advances in the theory,
design, implementation, analysis, verification, or empirical evaluation of
secure systems. Topics of interest include:
- Access control
- Accountability
- Anonymity
- Application security
- Attacks and defenses
- Authentication
- Censorship and censorship-resistance
- Distributed systems security
- Embedded systems security
- Forensics
- Hardware security
- Intrusion detection
- Language-based security
- Malware
- Metrics
- Network security
- Privacy-preserving systems
- Protocol security
- Secure information flow
- Security and privacy policies
- Security architectures
- System security
- Usability and security
- Web security
For more information, please see
http://oakland32-submit.cs.ucsb.edu/.
SAR/SSI 2011
International Conference on Network and Information Systems Security,
La Rochelle, France, May 18-21, 2011.
[posted here 11/8/10]
The SAR-SSI conference series provides a forum for presenting novel
research results, practical experiences and
innovative ideas in network and information systems security.
The goal of SAR-SSI-2011 is fostering exchanges among academic researchers,
industry and a wider audience interested in network and information
system security. The conference will offer a broad area of events, ranging from
panels, tutorials, technical presentations and informal meetings. Prospective
authors are encouraged to submit papers describing novel research
contributions as well as proposals for tutorials and panels.
For more information, please see
http://sarssi-conf.org.
IH 2011
13th Information Hiding Conference,
Prague, Czech Republic, May 18-20, 2011.
[posted here 12/13/10]
For many years, Information Hiding has captured the imagination of
researchers. Digital watermarking and steganography protect information,
conceal secrets or are used as core primitives in digital rights
management schemes. Steganalysis and forensics pose important challenges
to investigators; and privacy techniques try to hide relational
information such as the actors' identities in anonymous communication
systems. These and other topic share the notion that security is
defined by the difficulty to make (or avoid) inference on certain
properties of host data, which therefore has to be well understood
and modeled. Current research themes include:
- Anonymity and privacy
- Covert/subliminal channels
- Digital rights management
- Fingerprinting and embedding codes
- Multimedia and document security
- Multimedia forensics and counter forensics
- Novel applications of information hiding
- Other data hiding domains (e.g. text, software, etc.)
- Security metrics for information hiding
- Steganography and steganalysis
- Theoretical aspects of information hiding and detection
- Watermarking (algorithms, security, attacks)
For more information, please see
http://www.ihconference.org/.
RFIDsec-Asia 2011
Workshop on RFID Security,
Wuxi, China, April 6-8, 2011.
[posted here 08/30/10]
RFIDsec aims to bridge the gap between cryptographic & security researchers and RFID
developers through invited talks and contributed presentations.
The RFIDsec Asia workshop is aligned with RFIDSec. RFIDsec’11 Asia provides a forum
to address the fundamental issues in theory and practice related to security and
privacy issues, designs, standards, and case studies in the development of RFID
systems, EPCglobal network, and Internet of Things (IoT). Submissions and
interactions from academia, government and industry are welcome and appreciated.
Moreover, the workshop plans to organize summit and exhibition for Internet
of Things and RFID. Topics of the conference include but not limited to:
- Cryptographic protocols for RFID/IoT: Authentication protocols,
Key update mechanisms, Scalability issues
- Integration of secure RFID/IoT systems: RFID security hardware,
Middleware and security, (Public-key) Infrastructures, Case studies
- Resource-efficient implementation of cryptography: Small-footprint hardware,
Low-power architectures
- Attacks & Countermeasures on RFID/IoT systems
- New applications for secure RFID/IoT systems
- Data protection for RFID/IoT
- Trust Model, data protection and sharing for EPCglobal network
- RFID sensor security
- Context based RFID/IoT security and privacy
- Privacy-enhancing techniques for RFID/IoT
- Privacy-preserving techniques for RFID/IoT
- Legal aspects of RFID/IoT security and privacy
- Risk assessment & management of RFID/IoT security
- Privacy and security challenges for sensor networks/IoT
For more information, please see
http://wuxi.ss.pku.edu.cn/~RFIDSec2011/.
LEET 2011
4th USENIX Workshop on Large-Scale Exploits and Emergent Threats,
Boston, MA, USA, March 29, 2011.
[posted here 12/6/10]
Now in its fourth year, LEET continues to provide a unique forum for the
discussion of threats to the confidentiality of our data, the
integrity of digital transactions, and the dependability of the
technologies we increasingly rely on. We encourage submissions of
papers that focus on the malicious activities themselves (e.g.,
reconnaissance, exploitation, privilege escalation, rootkit installation,
attack), our responses as defenders (e.g., prevention, detection, and
mitigation), or the social, political, and economic goals driving
these malicious activities and the legal and ethical codes guiding
our defensive responses.
Topics of interest include but are not limited to:
- Infection vectors for malware (worms, viruses, etc.)
- Botnets, command and control channels
- Spyware
- Operational experience
- Forensics
- Click fraud
- Measurement studies
- New threats and related challenges
- Boutique and targeted malware
- Phishing
- Spam
- Underground economy
- Miscreant counterintelligence
- Carding and identity theft
- Denial-of-service attacks
- Hardware vulnerabilities
- Legal issues
- The arms race (rootkits, anti-anti-virus, etc.)
- New platforms (cellular networks, wireless networks, mobile devices)
- Camouflage and detection
- Reverse engineering
- Vulnerability markets and zero-day economics
- Online money laundering
- Understanding the enemy
- Data collection challenges
For more information, please see
http://www.usenix.org/events/leet11/cfp/.
IFIP-CIP 2011
5th Annual IFIP WG 11.10 International Conference on Critical
Infrastructure Protection,
Hanover, New Hampshire, USA, March 23-25, 2011.
[posted here 07/30/10]
The IFIP Working Group 11.10 on Critical Infrastructure Protection is an
active international community of researchers, infrastructure operators and
policy-makers dedicated to applying scientific principles, engineering
techniques and public policy to address current and future problems in
information infrastructure protection. Following the success of the first
four conferences, the Fifth Annual IFIP WG 11.10 International Conference
on Critical Infrastructure Protection will again provide a forum for
presenting original, unpublished research results and innovative ideas
related to all aspects of critical infrastructure protection. Papers
and panel proposals are solicited. Submissions will be refereed by
members of Working Group 11.10 and other internationally-recognized experts
in critical infrastructure protection. Papers and panel submissions will
be selected based on their technical merit and relevance to IFIP WG 11.10.
The conference will be limited to seventy participants to facilitate
interactions among researchers and intense discussions of research and
implementation issues. Papers are solicited in all areas of critical
infrastructure protection. Areas of interest include, but are not limited to:
- Infrastructure vulnerabilities, threats and risks
- Security challenges, solutions and implementation issues
- Infrastructure sector interdependencies and security implications
- Risk analysis and risk assessment methodologies
- Modeling and simulation of critical infrastructures
- Legal, economic and policy issues related to critical infrastructure protection
- Secure information sharing
- Infrastructure protection case studies
- Distributed control systems/SCADA security
- Telecommunications network security
For more information, please see
http://www.ifip1110.org.
SAC-TRECK 2011
26th ACM Symposium on Applied Computing,
Track: Trust, Reputation, Evidence and other Collaboration Know-how (TRECK),
TaiChung, Taiwan, March 21-25, 2011.
[posted here 07/12/10]
The goal of the ACM SAC 2011 TRECK track remains to review the set of
applications that benefit from the use of computational trust and online
reputation. Computational trust has been used in reputation systems,
risk management, collaborative filtering, social/business networking
services, dynamic coalitions, virtual organisations and even combined
with trusted computing hardware modules. The TRECK track covers all
computational trust/reputation applications, especially those
used in real-world applications.
The topics of interest include, but are not limited to:
- Trust management, reputation management and identity management
- Pervasive computational trust and use of context-awareness
- Mobile trust, context-aware trust
- Web 2.0 reputation and trust
- Trust-based collaborative applications
- Automated collaboration and trust negotiation
- Trade-off between privacy and trust
- Trust/risk-based security frameworks
- Combined computational trust and trusted computing
- Tangible guarantees given by formal models of trust and risk
- Trust metrics assessment and threat analysis
- Trust in peer-to-peer and open source systems
- Technical trust evaluation and certification
- Impacts of social networks on computational trust
- Evidence gathering and management
- Real-world applications, running prototypes and advanced simulations
- Applicability in large-scale, open and decentralised environments
- Legal and economic aspects related to the use of trust and reputation engines
- User-studies and user interfaces of computational trust and online
reputation applications
For more information, please see
http://www.trustcomp.org/treck/.
SESOC 2011
3rd International Workshop on Security and Social Networking,
Held in conjunction with the PerCom 2011,
Seattle, WA, USA, March 21, 2011.
[posted here 07/26/10]
Future pervasive communication systems aim at supporting social and
collaborative communications: the evolving topologies are expected
to resemble the actual social networks of the communicating users
and information on their characteristics can be a powerful aid for
any network operation. New emerging technologies that use
information on the social characteristics of their participants
raise entirely new privacy concerns and require new reflections
on security problems such as trust establishment, cooperation
enforcement or key management. The aim of this workshop is to
encompass research advances in all areas of security, trust
and privacy in pervasive communication systems, integrating
the social structure of the network as well.
Topics of Interest include:
- all types of emerging privacy concerns
- new aspects of trust
- decentralized social networking services
- availability and resilience
- community based secure communication
- data confidentiality, data integrity
- anonymity, pseudonymity
- new key management approaches
- secure bootstrapping
- security issues in forwarding, routing
- security aspects regarding cooperation
- new approaches to reputation
- new attack paradigms
- social engineering, and phishing
- new requirements for software security
- malware
For more information, please see
http://www.sesoc.org.
CSC 2011
Workshop on Cryptography and Security in Clouds,
Zurich, Switzerland, March 15-16, 2011.
[posted here 12/6/10]
The cloud computing model offers cheap access to a variety of standardized
services, but comes with concerns about the correctness, privacy,
and integrity of remote data and computations. Cryptographic mechanisms
can reduce such trust by allowing the user to protect its data and
computations, as well as to verify aspects of remote computation.
The aim of this workshop is to bring together researchers and practitioners
working in cryptography and security, from academia and industry, who
are interested in the security of current and future cloud computing
technology. The workshop considers the viewpoint of cloud-service providers
as well as the concerns of cloud users. The goal is to create a dialogue
about common goals and to discuss solutions for security problems in
cloud computing, with emphasis on cryptographic methods.
Topics of interest include:
- Data privacy and integrity
- Proofs of storage
- Remote attestation and verification
- Secure outsourcing of computation
- Verification of outsourced computation
- Storage integrity
- Private remote storage
- Obfuscation of programs and data
- Identity management in cloud computing
- Robust generation of cryptographic random bits
- Cryptosystems with conditional decryption (such as searchable
encryption or functional encryption)
- Trusted computing
- Virtualization security
For more information, please see
http://www.zurich.ibm.com/~cca/csc2011/.
LightSec 2011
Workshop on Lightweight Security & Privacy: Devices, Protocols, and Applications,
Istanbul, Turkey, March 14-15, 2011.
[posted here 09/20/10]
The main goal of this workshop is to promote and initiate novel research on
the security & privacy issues for applications that can be termed as
lightweight security, due to the associated constraints on metrics
such as available power, energy, computing ability, area, execution
time, and memory requirements. Topics of interest include, but are not limited to:
- Design, analysis and implementation of lightweight cryptographic
protocols & applications
- Cryptographic hardware development for constrained domains
- Design, analysis and implementation of security & privacy solutions
for wireless embedded systems
- Design, analysis and implementation of lightweight privacy-preserving
protocols & systems
- Design and analysis of fast and compact cryptographic algorithms
- Wireless network security for low-resource devices
- Low-power crypto architectures
- Fast and compact biometric-based algorithms for authentication
and identification
- Scalable protocols and architectures for security and privacy
- Formal methods for analysis of lightweight cryptographic protocols
For more information, please see
http://www.light-sec.org.
WECSR 2011
2nd Workshop on Ethics in Computer Security Research,
Bay Gardens Beach Resort, St. Lucia, March 4, 2011.
[posted here 09/10/10]
Computer security often leads to discovering interesting new problems and
challenges. The challenge still remains to follow a path acceptable for
Institutional Review Boards at academic institutions, as well as compatible
with ethical guidelines for professional societies or government institutions.
However, no exact guidelines exist for computer security research yet. This
workshop will bring together computer security researchers, practitioners,
policy makers, and legal experts. This workshop solicits submissions
describing or suggesting ethical and responsible conduct in computer
security research. While we focus on setting standards and sharing
prior experiences and experiments in computer security research,
successful or not, we tap into research behavior in network security,
computer security, applied cryptography, privacy, anonymity, and
security economics. This workshop will favor discussions among
participants, in order to shape the future of ethical standards
in the field.
For more information, please see
http://www.cs.stevens.edu/~spock/wecsr2011/.
FC 2011
15th International Conference on Financial Cryptography and Data Security,
Bay Gardens Beach Resort, St. Lucia, February 28 - March 4, 2011.
[posted here 07/19/10]
Financial Cryptography and Data Security is a major international forum for
research, advanced development, education, exploration, and debate regarding
information assurance, with a specific focus on commercial contexts. The
conference covers all aspects of securing transactions and systems. Original
works focusing on both fundamental and applied real-world deployments on all
aspects surrounding commerce security are solicited. Submissions need not be
exclusively concerned with cryptography. Systems security and
inter-disciplinary efforts are particularly encouraged.
For more information, please see
http://ifca.ai/fc11/.
CODASPY 2011
1st ACM Conference on Data and Application Security and Privacy,
San Antonio, TX, USA, February 21-23, 2011.
[posted here 05/10/10]
Data and the applications that manipulate data are the crucial assets
in today's information age. With the increasing drive towards availability
of data and services anytime anywhere, security and privacy risks
have increased. New applications such as social networking and social
computing provide value by aggregating input from numerous individual
users and/or the mobile devices they carry with them and computing new
information of value to society and individuals. Data and applications
security and privacy has rapidly expanded as a research field with many
important challenges to be addressed. The goal of the conference is to
discuss novel exciting research topics in data and application security
and privacy and to lay out directions for further research and
development in this area. The conference seeks submissions from diverse
communities, including corporate and academic researchers, open-source
projects, standardization bodies, governments, system and security
administrators, software engineers and application domain experts.
For more information, please see
http://www.codaspy.org/.
CT-RSA 2011
RSA Conference, The Cryptographers' Track,
San Francisco, CA, USA, February 14-18, 2011.
[posted here 07/19/10]
The RSA Conference is the largest annual computer security event,
with over 350 vendors, and thousands of attendees. The Cryptographers'
Track (CT-RSA) is a research conference within the RSA Conference.
CT- RSA has begun in 2002, and has become an established venue for
presenting cryptographic research papers. Original research papers
pertaining to all aspects of cryptography are solicited. Submissions
may present applications, techniques, theory, and practical experience
on topics including, but not limited to:
- public-key encryption
- symmetric-key encryption
- cryptanalysis
- digital signatures
- hash functions
- cryptographic protocols
- tamper-resistance
- fast implementations
- elliptic-curve cryptography
- lattice-based cryptography
- quantum cryptography
- formal security models
- network security
- hardware security
- e-commerce
For more information, please see
http://ct-rsa2011.di.uoa.gr.
FSE 2011
18th International Workshop on Fast Software Encryption,
Lyngby, Denmark, February 14-16, 2011.
[posted here 09/20/10]
FSE 2011 is the 18th annual Fast Software Encryption workshop, for the tenth
year sponsored by the International Association for Cryptologic Research (IACR).
Original research papers on symmetric cryptology are invited for submission to FSE 2011.
The workshop concentrates on fast and secure primitives for symmetric cryptography,
including the design and analysis of block ciphers, stream ciphers, encryption schemes,
analysis and evaluation tools, hash functions, and message authentication
codes (MACs).
For more information, please see
http://fse2011.mat.dtu.dk/.
ESSoS 2011
International Symposium on Engineering Secure Software and Systems,
Madrid, Spain, February 9-10, 2011.
[posted here 03/29/10]
Trustworthy, secure software is a core ingredient of the modern world.
Unfortunately, the Internet is too. Hostile, networked environments, like the Internet,
can allow vulnerabilities in software to be exploited from anywhere. To address this,
high-quality security building blocks (e.g., cryptographic components) are necessary,
but insufficient. Indeed, the construction of secure software is challenging because of
the complexity of modern applications, the growing sophistication of security requirements,
the multitude of available software technologies and the progress of attack vectors.
Clearly, a strong need exists for engineering techniques that scale well and that
demonstrably improve the software's security properties.
The Symposium seeks submissions on subjects related to its goals. This includes
a diversity of topics including (but not limited to):
- scalable techniques for threat modeling and analysis of vulnerabilities
- specification and management of security requirements and policies
- security architecture and design for software and systems
- model checking for security
- specification formalisms for security artifacts
- verification techniques for security properties
- systematic support for security best practices
- security testing
- security assurance cases
- programming paradigms, models and DLS's for security
- program rewriting techniques
- processes for the development of secure software and systems
- security-oriented software reconfiguration and evolution
- security measurement
- automated development
- trade-off between security and other non-functional requirements
- support for assurance, certification and accreditation
For more information, please see
http://distrinet.cs.kuleuven.be/events/essos2011/.
NDSS 2011
Network & Distributed System Security Symposium,
San Diego, California, USA, February 6-9, 2011.
[posted here 06/07/10]
The Network and Distributed System Security Symposium fosters information
exchange among researchers and practitioners of network and distributed
system security. The target audience includes those interested in
practical aspects of network and distributed system security, with
a focus on actual system design and implementation. A major goal is
to encourage and enable the Internet community to apply, deploy,
and advance the state of available network and distributed systems
security technology. Special emphasis will be made to accept papers
in the core theme of network and distributed systems security.
Consequently, papers that cover networking protocols and distributed
systems algorithms are especially invited to be submitted. Moreover,
practical papers in these areas are also very welcome.
Submissions are solicited in, but not limited to, the following areas:
- Integrating security in Internet protocols: routing, naming, network management
- High-availability wired and wireless networks
- Security for Cloud Computing
- Future Internet architecture and design
- Security of Web-based applications and services
- Anti-malware techniques: detection, analysis, and prevention
- Security for future home networks, Internet of Things, body-area networks
- Intrusion prevention, detection, and response
- Combating cyber-crime: anti-phishing, anti-spam, anti-fraud techniques
- Privacy and anonymity technologies
- Security for emerging technologies: sensor networks, wireless/mobile
(and ad hoc) networks, and personal communication systems
- Security for Vehicular Ad-hoc Networks (VANETs)
- Security for peer-to-peer and overlay network systems
- Security for electronic commerce: e.g., payment, barter, EDI,
notarization, timestamping, endorsement, and licensing
- Implementation, deployment and management of network security policies
- Intellectual property protection: protocols, implementations,
metering, watermarking, digital rights management
- Public key infrastructures, key management, certification, and revocation
- Special problems and case studies: e.g., tradeoffs between security
and efficiency, usability, reliability and cost
- Security for collaborative applications: teleconferencing and video-conferencing
- Security for large-scale systems and critical infrastructures
(e.g., electronic voting, smart grid)
- Applying Trustworthy Computing mechanisms to secure
network protocols and distributed systems
For more information, please see
http://hotcrp.cylab.cmu.edu/ndss11/.
IFIP-DF 2011
7th Annual IFIP WG 11.9 International Conference on Digital Forensics,
Orlando, Florida, USA, January 30 – February 2, 2011.
[posted here 05/10/10]
The IFIP Working Group 11.9 on Digital Forensics (www.ifip119.org) is
an active international community of scientists, engineers and practitioners
dedicated to advancing the state of the art of research and practice
in the emerging field of digital forensics. The Seventh Annual
IFIP WG 11.9 International Conference on Digital Forensics will
provide a forum for presenting original, unpublished research
results and innovative ideas related to the extraction, analysis
and preservation of all forms of electronic evidence. Papers and
panel proposals are solicited. All submissions will be refereed
by a program committee comprising members of the Working Group.
Papers and panel submissions will be selected based on their
technical merit and relevance to IFIP WG 11.9. The conference
will be limited to approximately sixty participants to
facilitate interactions between researchers and intense
discussions of critical research issues. Keynote presentations,
revised papers and details of panel discussions will be published
as an edited volume – the seventh in the series entitled Research
Advances in Digital Forensics (Springer) in the summer of 2011.
Revised and/or extended versions of selected papers from the
conference will be published in special issues of one or more
international journals. Technical papers are solicited in all
areas related to the theory and practice of digital forensics.
Areas of special interest include, but are not limited to:
- Theories, techniques and tools for extracting, analyzing
and preserving digital evidence
- Network forensics
- Portable electronic device forensics
- Digital forensic processes and workflow models
- Digital forensic case studies
- Legal, ethical and policy issues related to digital forensics
For more information, please see
http://www.ifip119.org.
CCNC-Secuity 2011
8th IEEE Consumer Communications and Networking Conference,
Security and Content Protection Track,
Las Vegas, NV, USA, January 8-11, 2011.
[posted here 06/07/10]
The Security and Content Protection Track focuses on security and privacy
issues in all areas of consumer communications and networking.
The topics include, but are not limited to:
- Security for Home Networks, PANs & BANS
- Firewalls and Intrusion Detection
- Worm and Malware Defences
- Combating Phishing and Spam
- Secure Configuration
- Consumer-friendly Security Models & Tools
- Portable Devices Disinfection
- Control of Personal Data
- Reputation and Trust Mechanisms
- Authentication, Authority and Auditing for CE
- Copyright and Privacy Protection
- Digital Rights Management
- Streaming and Network Anonymity
For more information, please see
http://icsd.i2r.a-star.edu.sg/staff/jianying/ccnc2011-scp.html.
