http://www.voteid13.org/.
DBSEC 2013
27th Annual IFIP WG 11.3 Working Conference on Data and Applications Security
and Privacy,
Rutgers University, Newark, NJ, USA, July 15-17, 2013.
[posted here 12/24/12]
The 27th Annual IFIP WG 11.3 Working Conference on Data and Applications
Security and Privacy provides a forum for presenting original unpublished
research results, practical experiences, and innovative ideas in data and
applications security. Both papers and panel proposals are also solicited.
Papers may present theory, techniques, applications, or practical
experience on topics of relevance to IFIP WG 11.3:
- Access Control
- Applied cryptography in data security
- Identity theft and countermeasures
- Integrity maintenance
- Intrusion detection
- Knowledge discovery and privacy
- Logics for security and privacy
- Organizational security
- Privacy-preserving data management
- Secure transaction processing
- Secure information integration
- Secure Semantic Web
- Secure sensor monitoring
- Secure Web Services
- Threats, vulnerabilities, and risk management
- Trust management
Additional topics of interest include (but are not limited to):
Critical Infrastructure Protection, Cyber Terrorism, Information
Warfare, Database Forensics, Electronic Commerce Security, and Security
in Digital Health Care
For more information, please see
http://dbsec2013.business.rutgers.edu/.
PST 2013
11th International Conference on Privacy, Security and Trust,
Tarragona, Catalonia, July 10-12, 2013.
[posted here 12/24/12]
PST2013 provides a forum for researchers world-wide to unveil their latest work
in privacy, security and trust and to show how this research can be used to enable
innovation. PST2013 will include one day of tutorials followed by two days of
high-quality research papers whose topics include, but are NOT limited to, the following:
- Privacy Preserving / Enhancing Technologies
- Critical Infrastructure Protection
- Network and Wireless Security
- Operating Systems Security
- Intrusion Detection Technologies
- Secure Software Development and Architecture
- PST Challenges in e-Services, e.g. e-Health, e-Government, e-Commerce
- Network Enabled Operations
- Digital forensics
- Information Filtering, Data Mining and Knowledge from Data
- National Security and Public Safety
- Cryptographic techniques for privacy preservation
- Security Metrics
- Recommendation, Reputation and Delivery Technologies
- Continuous Authentication
- Trust Technologies, Technologies for Building Trust in e-Business Strategy
- Observations of PST in Practice, Society, Policy and Legislation
- Digital Rights Management
- Identity and Trust management
- PST and Cloud Computing
- Human Computer Interaction and PST
- Implications of, and Technologies for, Lawful Surveillance
- Biometrics, National ID Cards, Identity Theft
- PST and Web Services / SOA
- Privacy, Traceability, and Anonymity
- Trust and Reputation in Self-Organizing Environments
- Anonymity and Privacy vs. Accountability
- Access Control and Capability Delegation
- Representations and Formalizations of Trust in Electronic and Physical
Social Systems
For more information, please see
http://unescoprivacychair.urv.cat/pst2013/index.php?m=cfp.
RFIDSEC 2013
9th Workshop on RFID Security,
Graz, Austria, July 9-11, 2013.
[posted here 12/24/12]
RFIDsec is the premier workshop devoted to security and privacy in Radio Frequency
Identification (RFID) with participants throughout the world. RFIDsec brings together
researchers from academia and industry for topics of importance to improving the security
and privacy of RFID, NFC, contactless technologies, and the Internet of Things. RFIDsec
bridges the gap between cryptographic researchers and RFID developers through invited
talks and contributed presentations. Topics of the workshop include but are not limited to:
- New applications for secure RFID, NFC, and other constrained systems
- Resource-efficient implementations of cryptography o Small-footprint hardware
and/or software o Low-power and/or low energy implementations
- Attacks on RFID systems: Side-channel attacks, Fault attacks, Hardware tampering
- Data protection and privacy-enhancing techniques
- Cryptographic protocols: Authentication protocols, Key distribution, Scalability issues
- Integration of secure RFID systems: Infrastructures, Middleware and security,
Data mining and other systemic approaches to RFID security
- RFID hardware security: Physical Unclonable Functions (PUFs), RFID Trojans
- Case studies
For more information, please see
http://rfidsec2013.iaik.tugraz.at/.
NFSP 2013
2nd International Workshop on Network Forensics, Security and Privacy,
Held in conjunction with the 33rd International Conference on Distributed Computing Systems (ICDCS 2013),
Philadelphia, PA, USA, July 8, 2013.
[posted here 12/24/12]
Cyberspace has been reshaped as an integration of businesses, governments and individuals,
such as e-business, communication and social life. At the same time, it has also been
providing convenient platforms for crimes, such as financial fraud, information phishing,
distributed denial of service attacks, and fake message propagation. Especially, the
emergence of social networks has raised significant security and privacy issues to the
public. We have seen news of various network related security attacks from time to time,
and defenders are usually vulnerable to detect, mitigate and traceback to the source of
attacks. It is a new research challenge of fighting against criminals in the cyber space.
The potential solutions involve various disciplines, such as networking, watermarking,
information theory, game theory, mathematical and statistical modelling, data mining,
artificial intelligence, multimedia processing, neural network, pattern recognition,
cryptography and forensic criminology, etc.
For more information, please see
http://www.faculty.umassd.edu/honggang.wang/nfsp2013/.
FCS 2013
Workshop on Foundations of Computer Security,
Tulane University, New Orleans, Louisiana, USA, June 29, 2013.
[posted here 03/04/13]
The aim of the workshop FCS'13 is to provide a forum for continued activity in
different areas of computer security, bringing computer security researchers in
closer contact with the LICS community and giving LICS attendees an opportunity
to talk to experts in computer security, on the one hand, and contribute to bridging
the gap between logical methods and computer security foundations, on the other.
We are interested both in new results in theories of computer security and also in more
exploratory presentations that examine open questions and raise fundamental concerns
about existing theories, as well as in new results on developing and applying automated
reasoning techniques and tools for the formal specification and analysis of security
protocols. We thus solicit submissions of papers both on mature work and on work in
progress. Possible topics include, but are not limited to:
- Automated reasoning techniques
- Composition issues
- Formal specification
- Foundations of verification
- Information flow analysis
- Language-based security
- Logic-based design
- Program transformation
- Security models
- Static analysis
- Statistical methods
- Tools
- Trust management
For more information, please see
http://prosecco.inria.fr/personal/bblanche/fcs13/.
CSAW 2013
Cloud Security Auditing Workshop,
Held in conjunction with the IEEE 9th World Congress on Services,
Santa Clara, CA, USA, June 27 - July 2, 2013.
[posted here 03/04/13]
Security concerns are a major impediment to the widespread adoption of cloud
services. Cloud services often deal with sensitive information and operations.
Thus, cloud service providers must provision services to rapidly identify security
threats for increased information assurance. In addition, when a threat is identified
or an attack is detected, incident reporting should be timely and precise to allow
cloud tenants and users to respond appropriately. Detection and reporting require
meta-information to be captured across the cloud in order to audit and monitor it for
potential threats that may lead to attacks and to discern when and where an attack
has already occurred. Capturing security relevant information and auditing the results
to determine the existence of security threats in the cloud is challenging for multiple
reasons. Cloud tenants rely on the cloud for diverse tasks and have services and data
that may require isolation or be provisioned for composition with other services in
cloud applications. Organizations may not have the logging capabilities in place for
their services or may not be predisposed to share the information. Cloud management
services are needed to log relevant events at their endpoints, including user
interactions and interactions within the cloud federation. Consistent formats for
capturing events and generating logs to be hosted within the cloud are not specified
as part of current service level agreements (SLAs). Near real-time analysis is needed
for prediction of potential threats in order to respond quickly to prevent an attack.
Centralized analysis of information captured may present too much overhead for timely
alerts and incident reporting. But distributed analysis must guarantee that the partial
information it uses is sufficient to determine a threat. All analyses must consider the
configuration of the cloud and its tenant services and resources.
The goal of this one day workshop is to bring together researchers and practitioners to
explore and assess varied and viable technologies for capturing security relevant events
throughout the cloud and performing monitoring and analyses on the captured information
to detect, prevent, and mitigate security threats. List of topics include:
- Languages and protocols for specifying, composing, and analyzing security-relevant,
distributed logs of audit data from a cloud-wide perspective
- Cloud security, threat modeling, and analysis, including centralized/distributed attack
detection and prediction/prevention algorithms based on audited information, and
automated tools for capturing, integrating, and analyzing cloud audit data
- Algorithms and protocols for audit data stream delivery, manipulation, and analysis for
big cloud audit data
- Access control and information flow control models for disclosure and modification of
sensitive cloud audit data
- Methods for expressing and representing the cloud infrastructure and configuration
to influence logging and monitoring processes
- Information assurance (authenticity, integrity, confidentiality and availability) of cloud
audit data, including security and privacy policies and compliance with security controls
such as NIST sp800-53 and Cloud Security Alliance guidance 3.0
- Service-level agreements that formalize and guarantee logging and analysis capabilities
For more information, please see
http://www.csaw2013.org.
CSF 2013
26th IEEE Computer Security Foundations Symposium,
Tulane University, New Orleans, Louisiana, USA, June 26 - 28, 2013.
[posted here 11/19/12]
The Computer Security Foundations Symposium is an annual conference for researchers
in computer security. CSF seeks papers on foundational aspects of computer security,
e.g., formal security models, relationships between security properties and defenses,
principled techniques and tools for design and analysis of security mechanisms as well as
their application to practice. While CSF welcomes submissions beyond the topics listed
below, the main focus of CSF is foundational security: submissions that lack foundational
aspects risk rejection. New theoretical results in computer security are welcome.
Possible topics include, but are not limited to:
- Access control
- Accountability
- Anonymity and Privacy
- Authentication
- Cryptographic protocols
- Data and system integrity
- Database security
- Data provenance
- Decidability and complexity
- Distributed systems security
- Electronic voting
- Executable content
- Formal methods for security
- Game Theory and Decision Theory
- Hardware-based security
- Information flow
- Intrusion detection
- Language-based security
- Network security
- Resource usage control
- Security for mobile computing
- Security models
- Socio-technical security
- Trust and trust management
For more information, please see
http://csf2013.seas.harvard.edu/.
ACNS 2013
11th International Conference on Applied Cryptography and Network Security,
Banff, Alberta, Canada, June 25-28, 2013.
[posted here 10/15/12]
The 11th International Conference on Applied Cryptography and Network Security
seeks submissions from academia, industry, and government presenting novel research on all
aspects of applied cryptography as well as network security and privacy. Papers describing
novel paradigms, original directions, or non-traditional perspectives are also encouraged. The
conference has two tracks: a research track and an industry track.
Topics of interest include, but are not limited to:
- Access control
- Applied cryptography
- Automated protocols analysis
- Biometric security and privacy
- Complex systems security
- Critical infrastructure protection
- Cryptographic primitives and protocols
- Database and system security
- Data protection
- Digital rights management
- Email and web security
- Identity management
- Intellectual property protection
- Internet fraud
- Intrusion detection and prevention
- Key management
- Malware
- Network security protocols
- Privacy, anonymity, and untraceability
- Privacy-enhancing technology
- Protection for the future Internet
- Secure mobile agents and mobile code
- Security in e-commerce
- Security in P2P systems
- Security in pervasive/ubiquitous computing
- Security and privacy in cloud and grid systems
- Security and privacy in distributed systems
- Security and privacy in smart grids
- Security and privacy in wireless networks
- Security and privacy metrics
- Trust management
- Usability and security
For more information, please see
http://acns2013.cpsc.ucalgary.ca/.
PRISMS 2013
International Conference on Privacy and Security in Mobile Systems,
Atlantic City, NJ, USA, June 24 - 27, 2013.
[posted here 03/18/13]
PRISMS is the successor of MobiSec (International Conference on Security and Privacy
in Mobile Information and Communication Systems). The conference under a new name
(PRISMS) is organized this year with the co-sponsorship of IEEE. Its focus is the convergence
of information and communication technology in mobile scenarios. This convergence is realised
in intelligent mobile devices, accompanied by the advent of next-generation communication
networks. Privacy and security aspects need to be covered at all layers of mobile networks,
from mobile devices, to privacy respecting credentials and mobile identity management, up
to machine-to-machine communications.
In particular, mobile devices such as Smartphones and Internet Tablets have been very successful
in commercialization. However, their security mechanisms are not always able to deal with the
growing trend of information-stealing attacks. As mobile communication and information
processing becomes a commodity, economy and society require protection of this precious
resource. Mobility and trust in networking go hand in hand for future generations of users,
who need privacy and security at all layers of technology. In addition, the introduction of
new data collection practices and data-flows (e.g. sensing data) from the mobile device
makes it more difficult to understand the new security and privacy threats introduced.
PRISMS strives to bring together the leading-edge of academia and industry in mobile systems
security, as well as practitioners, standards developers and policymakers. Contributions may
range from architecture designs and implementations to cryptographic solutions for mobile
and resource-constrained devices.
For more information, please see
http://www.gws2013.org/prisms/.
SOUPS 2013
Symposium On Usable Privacy and Security,
Northumbria University, Newcastle, UK, July 24-26, 2013.
[posted here 11/19/12]
The 2013 Symposium on Usable Privacy and Security (SOUPS) will bring together an
interdisciplinary group of researchers and practitioners in human computer interaction,
security, and privacy. The program will feature technical papers, a poster session,
panels and invited talks, lightning talks and demos, and workshops and tutorials.
We invite authors to submit original papers describing research or experience in all
areas of usable privacy and security. Topics include, but are not limited to:
- innovative security or privacy functionality and design
- new applications of existing models or technology
- field studies of security or privacy technology
- usability evaluations of new or existing security or privacy features
- security testing of new or existing usability features
- longitudinal studies of deployed security or privacy features
- the impact of organizational policy or procurement decisions
- lessons learned from the deployment and use of usable privacy and
security features
- reports of replicating previously published studies and experiments
- reports of failed usable security studies or experiments, with the
focus on the lessons learned from such experience
For more information, please see
http://cups.cs.cmu.edu/soups/.
MWSN 2013
IEEE International Workshop on Security and Privacy of Mobile, Wireless and Sensor Networks,
New Orleans, LA, USA, June 23, 2013.
[posted here 02/11/13]
To cope with the rapid increase in mobile users and the increasing demand for mobile, wireless
and sensor networks (MWSNs), it is becoming imperative to provide the necessary security
protocols and privacy guarantees to users of MWSNs. In turn, these specific demands in
security and privacy require new methodologies that are specifically designed to cope with
the strict requirements of the networks. In general, the real-world performance of MWSNs
crucially depends on the selected protocols, and their suitability and efficiency for the layers
of the implementation. A satisfactory security design and protocol are therefore crucial for
the performance of MWSNs. It is a great challenge to achieve efficient and robust realizations
of such highly dynamic and secure MWSNs. Moreover, the study of security and privacy in the
context of MWSNs provides insights into problems and solutions that are orthogonal to
programming languages, programming paradigms, computer hardware, and other aspects of
the implementation. The objective for this workshop is to address those topics, which we
believe will play an important role in current and future research on and education of MWSNs.
For more information, please see
http://www2.cs.uh.edu/mwsn/.
SPH 2013
26th International Symposium on Computer-Based Medical System,
Security and Privacy in Healthcare IT Special track,
Porto, Portugal, June 20-22, 2013.
[posted here 02/05/13]
We are currently witnessing a rapidly moving transition trend towards electronic
healthcare information systems. They have already proved to be essential tools in
order to improve the management and quality of healthcare services. More recently,
these systems have also started to promote great results on the improvement of patients’
health by enabling the creation of much more flexible, efficient and interoperable means
by which practitioners and even patients can have access and manage healthcare data.
However very complex technical challenges resulting from strict but necessary highly regulated
environments, threats to patient safety, privacy, and security must be tackled and solved
before we can safely have valuable and sensitive patient’s data being securely managed
and used in much more flexible and potentially useful ways. Towards this end it is thus
imperative to develop innovative methods and policies that ensure the secure acquisition
and management of healthcare data, at the same time promoting its interoperability, it’s
sharing, and its integrity and confidentiality in highly effective and secure ways.
This special track focuses on original unpublished research on innovative methods, policies
and concerns that can constitute the right building blocks for a new generation of electronic
healthcare information systems that are at the same time more efficient, empowering and
secure. So, it is expected novel articles about privacy, security, accountability and auditing
for the healthcare sector. This special track also pretends to encourage the research
dissemination to the stakeholders involved in healthcare information technologies, promoting
the discussion on issues, challenges and solutions that are currently being developed all
around the world.
For more information, please see
http://www.dcc.fc.up.pt/sph.cbms2013/.
CLHS 2013
Workshop on Changing Landscapes in HPC Security,
Held in conjunction with ACM HPDC,
New York, NY, USA, June 18, 2013.
[posted here 02/05/13]
Providing effective and non-intrusive security within a HPC environment provides a
number of challenges for both researchers and operational personnel. What constitutes
HPC has expanded to include cloud computing, 100G networking, cross-site integration,
and web 2.0 based interfaces for job submission and reporting, increasing the complexity
of the aggregate system dramatically. This growing complexity and it's new issues is set
against a backdrop of routine user and application attacks, which remain surprisingly
effective over time. The CLHS workshop will focus on the problems inherent in securing
contemporary large-scale compute and storage systems. To provide some clarification
we have broken this out into four general areas or questions. First is Attribution: who is
doing what in terms of process activity and/or network traffic? Second is looking beyond
the interactive nodes: what is going on in the computing pool? Third involves job scheduler
activity and usage: what is being run, how has it is been submitted and is this activity
abnormal? Finally a more philosophical topic of why securing complex systems is so difficult
and what can be done about it. While these specific areas are interesting starting points for
papers and presentations, any original and interesting topic will be considered.
For more information, please see
https://commons.lbl.gov/display/CLHS.
TRUST 2013
6th International Conference on Trust and Trustworthy Computing,
London, UK, June 17-19, 2013.
[posted here 11/19/12]
TRUST 2013 is an international conference on the technical and socio-economic
aspects of trustworthy infrastructures. It provides an excellent interdisciplinary
forum for researchers, practitioners, and decision makers to explore new ideas
and discuss experiences in building, designing, using and understanding trustworthy
computing systems. The conference solicits original papers on any aspect
(technical, social or socio-economic) of the design, application and usage
of trusted and trustworthy computing. Papers can address design, application
and usage of trusted and trustworthy computing in a broad range of concepts
including, but not limited to, trustworthy infrastructures, cloud computing,
services, hardware, software and protocols.
For more information, please see
http://trust2013.sba-research.org.
SACMAT 2013
18th ACM Symposium on Access Control Models and Technologies,
Amsterdam, The Netherlands, June 12-14, 2013.
[posted here 10/08/12]
The ACM Symposium on Access Control Models and Technologies (SACMAT)
continues the tradition, first established by the ACM Workshop on Role-Based
Access Control, of being the premier forum for the presentation of research results
and experience reports on leading edge issues of access control, including models,
systems, applications, and theory. The missions of the symposium are to share
novel access control solutions that fulfil the needs of heterogeneous applications
and environments, and to identify new directions for future research and development.
SACMAT provides researchers and practitioners with a unique opportunity to share
their perspectives with others interested in the various aspects of access control.
Papers offering novel research contributions in all aspects of access control are solicited
for submission to the 18th ACM Symposium on Access Control Models and Technologies
(SACMAT 2013). Topics of interest include but are not limited to:
- Access control models and extensions
- Access control requirements
- Access control design methodology
- Access control mechanisms, systems, and tools
- Access control in distributed and mobile systems
- Access control for innovative applications
- Administration of access control policies
- Economic models for access Control
- Hardware enhanced access Control
- Identity management
- Policy/Role engineering
- Safety analysis and enforcement
- Standards for access control
- Trust management
- Trust and risk models in access control
- Theoretical foundations for access control models
- Usability in access control systems
- Usage control
For more information, please see
http://www.sacmat.org/.
D-SPAN 2013
4th IEEE Workshop on Data Security and Privacy in Wireless Networks,
Co-located with the 14th International Symposium on a World of Wireless, Mobile and
Multimedia Networks (WoWMoM 2013),
Madrid, Spain, June 4, 2013.
[posted here 01/21/13]
The workshop focuses on research developments related to data security and privacy in
wireless and mobile networks. This workshop solicits papers from two main categories: (1) papers that
consider the security and privacy of data collection, transmission, storage, publishing, and sharing in
wireless networks broadly defined, e.g., MANET, cellular, vehicular, ad hoc, cognitive, and sensor
networks; and (2) papers that use data analytics to address security and privacy problems in
wireless networks. The workshop provides a venue for researchers to present new ideas
with impact on three communities - wireless networks, databases, and security.
Topics of interest include, but are not limited to:
- Secure Localization and location privacy
- Privacy and anonymity in wireless and mobile networks
- Secure query processing, data collection, and aggregation for wireless sensor networks
- Secure and private data streaming
- Key extraction, distribution, and management in wireless networks
- Secure data processing in mobile ad-hoc networks (MANET)
- Secure data collection in body-area networks
- Throughput-security tradeoffs in wireless networks
- Wireless and mobile security for health and smart grid applications
For more information, please see
http://www.ee.washington.edu/research/nsl/DSPAN_2013/.
IFIP-TM 2013
7th IFIP International Conference on Trust Management,
Málaga, Spain, June 3-7, 2013.
[posted here 10/08/12]
IFIPTM 2013 will be the 7th International Conference on Trust Management under the auspices of IFIP.
The mission of the IFIPTM 2013 Conference is to share research solutions to problems of Trust and
Trust management, and to identify new issues and directions for future research and
development work. IFIPTM 2013 invites submissions presenting novel research on all topics
related to Trust, Security and Privacy.
For more information, please see
http://conf2013.ifiptm.org/.
NSS 2013
7th International Conference on Network and System Security,
Madrid, Spain, June 3-4, 2013.
[posted here 10/15/12]
NSS is an annual international conference covering research in network and
system security. The conference seeks submissions from academia, industry, and
government presenting novel research on all theoretical and practical aspects of network
security, privacy, applications security, and system security. Papers describing case
studies, implementation experiences, and lessons learned are also encouraged. Topics
of interest include but are not limited to:
- Active Defense Systems
- Adaptive Defense Systems
- Analysis, Benchmark of Security Systems
- Applied Cryptography
- Authentication
- Biometric Security
- Complex Systems Security
- Database and System Security
- Data Protection
- Data/System Integrity
- Distributed Access Control
- Distributed Attack Systems
- Denial-of-Service
- High Performance Network Virtualization
- High Performance Security Systems
- Hardware Security
- Identity Management
- Intelligent Defense Systems
- Insider Threats
- Intellectual Property Rights Protection
- Internet and Network Forensics
- Intrusion Detection and Prevention
- Key Distribution and Management
- Large-scale Attacks and Defense
- Malware
- Network Resiliency
- Network Security
- RFID Security and Privacy
- Security Architectures
- Security for Critical Infrastructures
- Security in P2P systems
- Security in Cloud and Grid Systems
- Security in E-Commerce
- Security in Pervasive/Ubiquitous Computing
- Security and Privacy in Smart Grid
- Security and Privacy in Wireless Networks
- Secure Mobile Agents and Mobile Code
- Security Policy
- Security Protocols
- Security Simulation and Tools
- Security Theory and Tools
- Standards and Assurance Methods
- Trusted Computing
- Trust Management
- World Wide Web Security
For more information, please see
http://anss.org.au/nss2013/index.htm.
HOST 2013
IEEE International Symposium on Hardware-oriented Security and Trust,
Austin Convention Center, Austin, TX, USA, June 2-3, 2013.
[posted here 10/08/12]
Pervasive computing is now penetrating a wider range of domains and applications,
including many safety-critical cyber-physical systems that we increasingly depend on.
Trusted hardware platforms make up the backbone for successful deployment and
operation of these systems. However, recent advances in tampering and reverse
engineering show that important challenges in guaranteeing the trust of these
components await us. For example, malicious alterations inserted into electronic designs
can allow for backdoors into the system. Furthermore, new forms of attacks that exploit
side-channel signals are being developed. Third, intellectual-property protection is
becoming a major concern in the globalized, horizontal semiconductor business model.
HOST 2013 is a forum for novel solutions to address these challenges. Innovative test
mechanisms may reveal Trojans in a design before they are able to do harm.
Implementation attacks may be thwarted using side-channel resistant design or fault-tolerant
designs. New security-aware design tools can assist a designer in implementing
critical and trusted functionality, quickly and efficiently.
The IEEE International Symposium on Hardware Oriented Security and Trust seeks
original contributions in the area of hardware-oriented security. This includes tools,
design methods, architectures, circuits, and novel applications of secure hardware.
HOST 2013 seeks contributions based on, but not limited to, the following topics:
- Counterfeit detection and avoidance
- Cyber-physical security and trust
- Trojan detection and isolation
- Implementation attacks and countermeasures
- Side channel analysis and fault analysis
- Intellectual property protection and metering
- Hardware architectures for cryptography
- Hardware security primitives: PUFs and TRNGs
- Reliability-security optimization and tradeoffs
- Applications of secure hardware
- Tools and methodologies for secure hardware design
For more information, please see
http://www.hostsymposium.org/.
WISTP 2013
7th Workshop in Information Security Theory and Practice,
Heraklion, Greece, May 28-30, 2013.
[posted here 01/31/13]
Current developments in IT are characterized by an increasing use of personal mobile
devices and an increasing reliance on IT for supporting industrial applications in the
physical world. A new persepctive on socio-technical and cyber-physical systems is
required that sees in IT more than just an infrastructure but focuses on the ever
closer integration between social and technical processes as well.
Application markets, such as Google Play and Apple App Store drive a mobile ecosystem,
offering new business models with high turnovers and new opportunities, which however,
also attract cybercriminals and raise new privacy concerns. In the area of cyber-physical
systems, research has to go beyond securing the IT infrastructure and to consider
attacks launched by combining manipulations in physical space and cyber space.
The workshop seeks submissions from academia and industry presenting novel research
on all aspects of security and privacy of mobile devices, such as Android and iOS platforms,
as well as studies on securing cyber-physical systems.
For more information, please see
http://www.wistp.org.
W2SP 2013
Web 2.0 Security & Privacy Workshop,
Co-located with the 34th IEEE Symposium on Security and Privacy (IEEE S&P 2013)
and an event of the IEEE Computer Society's Security and Privacy Workshops (SPW 2013),
San Francisco, CA, USA, May 24, 2013.
[posted here 12/24/12]
W2SP brings together researchers, practitioners, web programmers, policy makers, and
others interested in the latest understanding and advances in the security and privacy
of the web, browsers and their eco-system.
We are seeking both short position papers (2–4 pages) and longer papers (a maximum of 10 pages).
The scope of W2SP 2013 includes, but is not limited to:
- Trustworthy cloud-based services
- Privacy and reputation in social networks
- Security and privacy as a service
- Usable security and privacy
- Security for the mobile web
- Identity management and psuedonymity
- Web services/feeds/mashups
- Provenance and governance
- Security and privacy policies for composible content
- Next-generation browser technology
- Secure extensions and plug-ins
- Advertisement and affiliate fraud
- Measurement study for understanding web security and privacy
For more information, please see
http://www.w2spconf.com/2013/.
MoST 2013
Mobile Security Technologies Workshop,
Co-located with the 34th IEEE Symposium on Security and Privacy (IEEE S&P 2013)
and an event of the IEEE Computer Society's Security and Privacy Workshops (SPW 2013),
San Francisco, CA, USA, May 23, 2013.
[posted here 12/24/12]
Mobile Security Technologies (MoST) brings together researchers, practitioners, policy makers,
and hardware and software developers of mobile systems to explore the latest understanding
and advances in the security and privacy for mobile devices, applications, and systems.
We are seeking both short position papers (2-4 pages) and longer papers (a maximum of 10 pages).
The scope of MoST 2013 includes, but is not limited to, security and privacy specifically
for mobile devices and services related to:
- Device hardware
- Operating systems
- Middleware
- Mobile web
- Secure and efficient communication
- Secure application development tools and practices
- Privacy
- Vulnerabilities and remediation techniques
- Usable security
- Identity and access control
- Risks in putting trust in the device vs. in the network/cloud
- Special applications, such as medical monitoring and records
- Mobile advertisement
- Secure applications and application markets
- Economic impact of security and privacy technologies
For more information, please see
http://mostconf.org/2013/.
SPW 2013
IEEE Computer Society Technical Committee on Security and Privacy Workshops,
Co-located with the IEEE Symposium on Security and Privacy 2013,
San Francisco, California, USA, May 19-22 2013.
[posted here 07/23/12]
Since 1980, the IEEE Symposium on Security and Privacy (SP) has been the premier forum for the
presentation of developments in computer security and electronic privacy, and for bringing together
researchers and practitioners in the field. In order to further expand the opportunities for scientific
exchanges, we created a new venue within the IEEE CS Technical Committee on Security and Privacy called
Security and Privacy Workshops (SPW). The typical purpose of such a workshop is to cover a specific aspect
of security and privacy in more detail, making it easy for the participants to attend IEEE SP and a specialized
workshop at IEEE SPW with just one trip. Furthermore, the colocation offers synergies for the organizers.
Historically, we have had some workshops (e.g. W2SP, SADFE) colocated with IEEE SP the last few years;
the success and popularity of these workshops has led to us formalizing the process and expanding
our scope. There will be some interaction in deciding upon and setting up a workshop, but the initial proposal
should already contain as much as possible of the following information:
- Contact information of the workshop organizer.
- Date (Thursday, May 23, or Friday, May 24) and expected length of the workshop (up to 2 days).
- Technical proposal (1 to 2 pages): Topics to be addressed, importance of these topics, fit for the S&P audience.
- Publication policy: with or without official proceedings; potential publication via web, technical report, or electronic
media. Note that IEEE is explicitly not responsible for the publication of proceedings; nor are workshops
required to use IEEE.
- Expected number of participants and other local meeting issues, such as any special requirements/equipment
for the meeting room.
- Biographies of workshop organizer(s), including workshop organization experience; particularly SPW organization.
- Program committee: who has committed; who has been invited; who will be invited.
- Preliminary call for papers/posters/contributions.
- Commitment to use EsyCHair or reason for choosing otherwise.
All workshops associated with IEEE SPW will be under the financial and legal responsibility of the IEEE Computer Society.
This has great advantages for organizers, e.g., with respect to risk coverage and insurance, but also brings some
requirements. The SPW organizing committee can assist you with the following: meeting rooms at the conference
hotel, collection of advance workshop registration fees, budgeting assistance, interaction with the IEEE, and linking
to the workshop web pages from the main SPW web pages. All the actual running of the workshop remains the
responsibility of the workshop organizers. If you proposal is selected, we will send you a more detailed list of the
responsibilities, meeting room options, etc., and would work to jointly set up a successful workshop.
For more information, please see
http://www.ieee-security.org/TC/SPW2013/cfw.php.
SP 2013
34th IEEE Symposium on Security and Privacy,
San Francisco, California, USA, May 19-22 2013.
[posted here 08/20/12]
Since 1980, the IEEE Symposium on Security and Privacy has been the premier forum
for computer security research, presenting the latest developments and bringing
together researchers and practitioners. We solicit previously unpublished papers offering
novel research contributions in any aspect of computer security or privacy. Papers may
present advances in the theory, design, implementation, analysis, verification, or
empirical evaluation of secure systems. Topics of interest include:
- Access control
- Accountability
- Anonymity
- Application security
- Attacks and defenses
- Authentication
- Censorship and censorship-resistance
- Distributed systems security
- Embedded systems security
- Forensics
- Hardware security
- Intrusion detection
- Malware
- Metrics
- Language-based security
- Network security
- Privacy-preserving systems
- Protocol security
- Secure information flow
- Security and privacy policies
- Security architectures
- System security
- Usability and security
- Web security
This topic list is not meant to be exhaustive; S&P is interested in all aspects of computer
security and privacy. Papers without a clear application to security or privacy, however,
will be considered out of scope and may be rejected without full review.
Systematization of Knowledge Papers
Following the success of the previous years' conferences, we are also soliciting papers
focused on systematization of knowledge (SoK). The goal of this call is to encourage work
that evaluates, systematizes, and contextualizes existing knowledge. These papers can
provide a high value to our community but may not be accepted because of a lack of novel
research contributions. Suitable papers include survey papers that provide useful perspectives
on major research areas, papers that support or challenge long-held beliefs with compelling
evidence, or papers that provide an extensive and realistic evaluation of competing approaches
to solving specific problems. Submissions are encouraged to analyze the current research
landscape: identify areas that have enjoyed much research attention, point out open areas
with unsolved challenges, and present a prioritization that can guide researchers to make
progress on solving important challenges. Submissions must be distinguished by a checkbox on
the submission form. In addition, the paper title must have the prefix "SoK:". They will be
reviewed by the full PC and held to the same standards as traditional research papers, except
instead of emphasizing novel research contributions the emphasis will be on value to the community.
Accepted papers will be presented at the symposium and included in the proceedings.
For more information, please see
http://www.ieee-security.org/TC/SP2013/.
ISPEC 2013
9th Information Security Practice and Experience Conference,
Lanzhou, China, May 12-14, 2013.
[posted here 10/08/12]
ISPEC is an annual conference that brings together researchers and practitioners to
provide a confluence of new information security technologies, their applications and
their integration with IT systems in various vertical sectors.
Authors are invited to submit full papers presenting new research results related to
information security technologies and applications. Areas of interest include, but are
not limited to:
- Access control
- Applied cryptography
- Availability, resilience, and usability
- Cryptanalysis
- Database Security
- Digital rights management
- Information security in vertical applications
- Multimedia security
- Network security
- Privacy and anonymity
- Risk evaluation and security certification
- Security of smart cards and RFID systems
- Security policies
- Security protocols
- Security systems
- Trust model and management
- Trusted computing
For more information, please see
http://icsd.i2r.a-star.edu.sg/ispec2013/.
ASIACCS 2013
8th ACM Symposium on Information, Computer and Communications Security,
Hangzhou, China, May 8-10, 2013.
[posted here 10/08/12]
ASIACCS is a major international forum for information security researchers,
practitioners, developers, and users to explore and exchange the newest cyber
security ideas, breakthroughs, findings, techniques, tools, and experiences. We
invite submissions from academia, government, and industry presenting novel
research on all theoretical and practical aspects of computer and network security.
Areas of interest for ASIACCS 2013 include, but are not limited to:
- access control
- accounting and audit
- applied cryptography
- authentication
- cloud computing security
- data/system integrity
- data and application security
- digital rights management
- formal methods for security
- hardware-based security
- identity management
- inference control and disclosure
- intrusion detection
- key management
- malware and botnets
- mobile computing security
- operating system security
- phishing and countermeasures
- privacy-enhancing technology
- security architecture
- security in ubiquitous computing
- security management
- security verification
- smartcards
- software security
- trusted computing
- usable security and privacy
- wireless security
- web security
For more information, please see
http://hise.hznu.edu.cn/asiaccs/index.html.
SCC 2013
International Workshop on Security in Cloud Computing,
Held in conjunction with the the 8th ACM Symposium on Information, Computer and
Communications Security (ASIACCS 2013),
Hangzhou, China, May 7, 2013.
[posted here 01/21/13]
Cloud computing has emerged as today's most exciting computing paradigm shift in
information technology. With the efficient sharing of abundant computing resources
in the cloud, users can economically enjoy the on-demand high quality cloud
applications and services without committing large capital outlays locally. While the
cloud benefits are compelling, its unique attributes also raise many security and privacy
challenges in areas such as data security, recovery, privacy, access control, trusted
computing, as well as legal issues in areas such as regulatory compliance, auditing, and
many others. This workshop aims to bring together the research efforts from both the
academia and industry in all security aspects related to cloud computing. We encourage
submissions on all theoretical and practical aspects, as well as experimental studies of
deployed systems. Topics of interests include (but are not limited to) the following
subject categories:
- Secure cloud architecture
- Cloud access control and key management
- Identification and privacy in cloud
- Integrity assurance for data outsourcing
- Integrity and verifiable computation
- Computation over encrypted data
- Software and data segregation security
- Secure management of virtualized resources
- Trusted computing technology
- Joint security and privacy aware protocol design
- Failure detection and prediction
- Secure data management within and across data centers
- Availability, recovery and auditing
- Secure computation outsourcing
- Secure mobile cloud
For more information, please see
http://www.cs.cityu.edu.hk/~congwang/asiaccs-scc/.
SESP 2013
1st International Workshop on Security in Embedded Systems and Smartphones,
Held in conjunction with the the 8th ACM Symposium on Information, Computer and
Communications Security (ASIACCS 2013),
Hangzhou, China, May 7, 2013.
[posted here 01/21/13]
Embedded computing has recently become more and more present in devices used in
everyday life. A wide variety of applications, from consumer electronics to biomedical
systems, require building up powerful yet cheap embedded devices. In this context,
embedded software has turned out to be more and more complex, posing new
security challenging issues. We broadly view that smartphones as mobile embedded
systems. This workshop aims to bring together the research efforts from both the
academia and industry in all security and privacy aspects related to embedded
systems and smart phones. We encourage submissions on all theoretical and practical
aspects, as well as experimental studies of deployed systems. Topics of interests
include (but are not limited to) the following subject categories related to embedded
systems and smart phone:
- Secure embedded system architecture
- System-level security design and simulation techniques for Embedded Systems
- Verification and validation of Embedded Systems
- Security and privacy for Cyber physical systems (Internet of Things) and networked
sensor devices
- Security implications for multicore, SoC-based, and heterogeneous Embedded
Systems and applications
- Secure data management in Embedded Systems
- Middleware and virtual machines security in Embedded Systems
- Secure management of virtualized resources
- Authenticating users to devices and services
- Mobile Web Browsers
- Usability
- Rogue application detection and recovery
- Vulnerability detection and remediation
- Secure application development
- Cloud support for mobile and embedded system security
For more information, please see
http://doe.cs.northwestern.edu/SESP/.
AsiaPKC 2013
ACM Asia Public-Key Cryptography Workshop,
Held in conjunction with the the 8th ACM Symposium on Information, Computer and
Communications Security (ASIACCS 2013),
Hangzhou, China, May 7, 2013.
[posted here 01/21/13]
Public-key cryptography plays an essential role in processing various kinds of data while
assuring different flavors of cryptographic properties. The theme of this workshop is focused on
novel public-key cryptosystems and techniques that can be used to solve a wide range of real-life
application problems. This workshop solicits original contributions on both applied and theoretic
aspects of public-key cryptography.
Topics of interest to the workshop include, but at not limited to:
- Applied public-key cryptography for solving emerging application problems
- Provably-secure public-key primitives and protocols
- Key management for, and by, public-key cryptosystems
- Privacy-preserving cryptographic computations
- Two-party and multi-party computations
- Homomorphic public-key cryptosystems
- Attributed-based and functional public-key cryptography
- Digital signatures with special properties
- System security properties of public-key cryptography
- Post-quantum public-key cryptography
- Fast implementation of public-key cryptosystems
For more information, please see
http://www.cs.utsa.edu/~shxu/acm-asiapkc13/.
WISEC 2013
ACM Conference on Security and Privacy in Wireless and Mobile Networks,
Budapest, Hungary, April 17-19, 2013.
[posted here 10/08/12]
WiSec has been broadening its scope and seeks to present high quality
research papers exploring security and privacy aspects of wireless
communications, mobile networks, and their applications. Beyond the
traditional Wisec staples of physical, link, and network layer security, we
also welcome papers focusing on the security and privacy of mobile software
platforms and the increasingly diverse range of mobile or wireless
applications. The conference welcomes both theoretical as well as systems
contributions.
For more information, please see
http://www.sigsac.org/wisec/WiSec2013/.
IDMAN 2013
3rd IFIP WG 11.6 Working Conference on Policies & Research
in Identity Management,
London, UK, April 8-9, 2013.
[posted here 07/23/12]
IDMAN conference focuses on the theory, technologies and applications
of identity management. The world of the 21st century is, more than ever,
global and impersonal. As a result of increasing cyber fraud and cyber
terrorism, the demand for better technical methods of identification
is growing, not only in companies and organisations but also in the
world at large. Moreover, in our society digital identities increasingly
play a role in the provision of eGovernment and eCommerce services. For
practical reasons, Identity Management Systems are needed that are
usable and interoperable. At the same time, individuals increasingly
leave trails of personal data when using the Internet, which allows them
to be profiled and which may be stored for many years to come. Technical
trends such as Cloud Computing and pervasive computing make personal data
processing non-transparent, and make it increasingly difficult for users
to control their personal spheres. As part of this tendency, surveillance
and monitoring are increasingly present in society, both in the public and
private domains. Whilst the original intention is to contribute to security
and safety, surveillance and monitoring might, in some cases, have unintended
or even contradictory effects. Moreover, the omnipresence of surveillance and
monitoring systems might directly conflict with public and democratic liberties.
These developments raise substantial new challenges for privacy and identity
management at the technical, social, ethical, regulatory, and legal levels.
Identity management challenges the information security research community
to focus on interdisciplinary and holistic approaches, while retaining the
benefits of previous research efforts. Papers offering research contributions
to the area of identity management are solicited for submission to the
3rd IFIP WG-11.6 IDMAN conference. Papers may present theory, applications
or practical experience in the field of identity management, from a technical,
legal or socio-economic perspective, including, but not necessarily limited to:
- Novel identity management technologies and approaches
- Interoperable identity management solutions
- Privacy-enhancing technologies
- Identity management for mobile and ubiquitous computing
- Identity management solutions for eHealth, eGovernmeant and eCommerce
- Privacy and Identity (Management) in and for cloud computing
- Privacy and Identity in social networks
- Risk analysis techniques for privacy risk and privacy impact assessment
- Privacy management of identity management
- Identity theft prevention
- Attribute based authentication and access control
- User-centric identity management
- Legal, socio-economic, philosophical and ethical aspects
- Impact on society and politics
- Related developments in social tracking, tracing and sorting
- Quality of identity data, processes and applications
- User centered, usable and inclusive identity management
- Attacks on identity management infrastructures
- Methods of identification and authentication
- Identification and authentication procedures
- Applications of anonymous credentials
- (Privacy-preserving) identity profiling and fraud detection
- Government PKIs
- (Possible) role of pseudonymous and anonymous identity in identity management
- Electronic IDs: European and worldwide policies and cooperation in
the field of identity management
- Surveillance and monitoring
- (Inter)national policies on unique identifiers /social security
numbers / personalisation IDs
- Vulnerabilities in electronic identification protocols
- Federative identity management and de-perimeterisation
- Biometric verification
- (Inter)national applications of biometrics
- Impersonation, identity fraud, identity forge and identity theft
- Tracing, monitoring and forensics
- Proliferation/omnipresence of identification
- Threats to democracy and political control
For more information, please see
http://www.idman2013.com.
WACCC 2013
1st Workshop on Adversarial Cryptography, Communications and Control,
Co-located with the 7th Conference on Financial Cryptography and Data Security (FC 2013),
Bankoku Shinryokan, Busena Terrace Beach Resort, Okinawa, Japan, April 1, 2013.
[posted here 11/26/12]
The research community's understanding of attacker methodology is poor, and we are
forced to rely on newspaper articles or hypotheticals in order to discuss defenses. Recent
botnets and advanced persistent threats have posed serious challenges to the research community
from both the reverse engineering and applied cryptography perspectives. Conversely, there is
strong evidence that the hypotheticals we discuss are too complex, unreliable or arcane for
attacker purposes. This workshop is focused on studying attacker behavior as it takes place now,
through examining malware, occupied systems or by logs of actual attacks. This is a complex
multidisciplinary task involving studying executable code, network communications and
deceiving tools that actively try to thwart analysis. This workshop will focus on understanding
the methods and tools used by current adversaries to author, distribute, and control malware.
Relevant topics include communications techniques, cryptography, defeating reverse engineering
and any other approach used by attackers here and now to evade defenders and analysts. Submissions
must address current malware and attack experiences, hypothetical designs or future developments
are not in scope. While we focus on sharing prior experiences and experiments in malware research,
successful or not, we tap into topics in network security, computer security, and applied
cryptography. This workshop will favor discussions among participants, in order to advance
the field for both cryptographers, network analysts, and security practitioners.
For more information, please see
http://www.cs.stevens.edu/~spock/waccc2013/cfp.html.
FC 2013
17th International Conference on Financial Cryptography and Data Security,
Bankoku Shinryokan, Busena Terrace Beach Resort, Okinawa, Japan, April 1–5, 2013.
[posted here 05/28/12]
Financial Cryptography and Data Security is a major international forum for research, advanced
development, education, exploration, and debate regarding information assurance, with a specific
focus on commercial contexts. The conference covers all aspects of securing transactions and
systems. Original works focusing on both fundamental and applied real-world deployments on
all aspects surrounding commerce security are solicited. Submissions need not be exclusively
concerned with cryptography. Systems security and inter-disciplinary efforts are particularly
encouraged. Topics include:
- Anonymity and Privacy
- Auctions and Audits
- Authentication and Identification
- Biometrics
- Certification and Authorization
- Cloud Computing Security
- Commercial Cryptographic Applications
- Data Outsourcing Security
- Information Security
- Game Theoretic Security
- Securing Emerging Computational Paradigms
- Identity Theft
- Fraud Detection
- Phishing and Social Engineering
- Digital Rights Management
- Digital Cash and Payment Systems
- Digital Incentive and Loyalty Systems
- Microfinance and Micropayments
- Contactless Payment and Ticketing Systems
- Secure Banking and Financial Web Services
- Security and Privacy in Mobile Devices and Applications
- Security and Privacy in Automotive and Transport Systems and Applications
- Smartcards, Secure Tokens and Secure Hardware
- Privacy-enhancing Systems
- Reputation Systems
- Security and Privacy in Social Networks
- Security and Privacy in Sound and Secure Financial Systems Based on Social Networks
- Risk Assessment and Management
- Risk Perceptions and Judgments
- Legal and Regulatory Issues
- Security Economics
- Spam
- Transactions and Contracts
- Trust Management
- Underground-Market Economics
- Usable Security
- Virtual Economies
- Voting Systems
For more information, please see
http://fc13.ifca.ai/cfp.html.
SAC-CF 2013
28th Annual ACM Symposium on Applied Computing (SAC 2013),
Computer Forensics Track,
Coimbra, Portugal, March 18-22, 2013.
[posted here 09/17/12]
With the exponential growth of computer users, the number of criminal activities
that involves computers has increased tremendously. The field of Computer
Forensics has gained considerable attention in the past few years. It is clear
that in addition to law enforcement agencies and legal personnel, the involvement
of computer savvy professionals is vital for any digital incident investigation.
Unfortunately, there are not many well-qualified computer crime investigators
available to meet this demand. An approach to solve this problem is to develop
state-of-the-art research and development tools for practitioners in addition to
creating awareness among computer users. The primary goal of this track will
be to provide a forum for researchers, practitioners, and educators interested
in Computer Forensics in order to advance research and education in this
increasingly challenging field. We expect that through this forum people from
academia, industry, government, and law enforcement will share their ideas
on research, education, and practical aspects of Computer Forensics. We
solicit original, previously unpublished papers in the following general
(non-exhaustive) list of topics.
- Incident Response and Live Data Analysis
- Operating System and Application Analysis
- Forensics Education, Training, & Standards
- File System Analysis
- Network Evidence Collection
- Network Forensics
- Data Hiding and Recovery
- Digital Image Forensics
- Event Reconstruction and Tracking
- Forensics in Untrusted Environments
- Hardware Assisted Forensics
- Legal, Ethical and Privacy Issues
- Methods for Attributing Malicious Cyber Activity
- Design for Forensic Evaluation
- Visualization for Forensics
- SCADA Forensics
For more information, please see
http://comp.uark.edu/~bpanda/sac2013cfp.pdf.
SPW 2013
21st International Workshop on Security Protocols,
Sidney Sussex College, Cambridge, England, March 18-20, 2013.
[posted here 11/19/12]
The theme of this year's workshop is "What's Happening on the Other Channel?"
Many protocols use a secondary channel, either explicitly (as in multichannel protocols)
but more usually implicitly, for example to exchange master keys, or their hashes. The role of
the Other Channel is fundamental, and often problematic, and yet protocol composers typically
take them as a given. Sometimes the Other Channel really is completely covert, but sometimes
it just has properties that are different. And it's not only security properties that are relevant
here: bandwidth, latency and error rate are often important considerations too. Even a line-of-sight
channel usually doesn't quite have the properties that we unthinkingly attributed to it.
Moriarty has been subscribing to the Other Channel for years: perhaps it's time for Alice
and Bob to tune in too. This theme is not intended to restrict the topic of your paper,
but to help provide a particular perspective and to focus the discussions. Our intention is to stimulate
discussion likely to lead to conceptual advances, or to promising new lines of investigation,
rather than merely to consider finished work.
For more information, please see
http://spw.stca.herts.ac.uk/.
IFIP1110-CIP 2013
7th Annual IFIP WG 11.10 International Conference on Critical Infrastructure Protection,
Washington, DC, USA, March 18–20, 2013.
[posted here 09/04/12]
The IFIP Working Group 11.10 on Critical Infrastructure Protection is an active international community of researchers,
infrastructure operators and policy-makers dedicated to applying scientific principles, engineering techniques and public policy
to address current and future problems in information infrastructure protection. Following the success of the first six
conferences, the Seventh Annual IFIP WG 11.10 International Conference on Critical Infrastructure Protection will again
provide a forum for presenting original, unpublished research results and innovative ideas related to all aspects of critical
infrastructure protection. Papers and panel proposals are solicited. Submissions will be refereed by members of Working
Group 11.10 and other internationally-recognized experts in critical infrastructure protection. Papers and panel submissions
will be selected based on their technical merit and relevance to IFIP WG 11.10. The conference will be limited to seventy
participants to facilitate interactions among researchers and intense discussions of research and implementation issues.
A selection of papers from the conference will be published in an edited volume – the seventh in the series entitled Critical
Infrastructure Protection (Springer) – in the fall of 2013. Revised and/or extended versions of outstanding papers from the
conference will be published in the International Journal of Critical Infrastructure Protection (Elsevier).
Papers are solicited in all areas of critical infrastructure protection. Areas of interest include, but are not limited to:
- Infrastructure vulnerabilities, threats and risks
- Security challenges, solutions and implementation issues
- Infrastructure sector interdependencies and security implications
- Risk analysis and risk assessment methodologies
- Modeling and simulation of critical infrastructures
- Legal, economic and policy issues related to critical infrastructure protection
- Secure information sharing
- Infrastructure protection case studies
- Distributed control systems/SCADA security
- Telecommunications network security
For more information, please see
http://www.ifip1110.org/Conferences/WG11-10CallForPapers2013.pdf.
IMF 2013
7th International Conference on IT Security Incident Management & IT Forensics,
Nuremberg, Germany, March 12-14, 2013.
[posted here 10/08/12]
Today IT security is an integral aspect in operating IT-Systems. Yet,
despite high-end precautionary measures taken, not every attack or
security mishap can be prevented and hence incidents will go on
happening. In such cases forensic capabilities in investigating
incidents in both technical and legal aspects are paramount. Thus,
capable incident response and forensic procedures have gained essential
relevance in IT infrastructure operations and there is ample need for
research and standardization in this area.
In law enforcement IT forensics is an important branch and its
significance constantly increases since IT has become an essential part
in almost every aspect of daily life. IT systems produce traces and
evidence in many ways that play a more and more relevant role in
resolving cases. The IMF conference provides a platform for experts from throughout the
world to present and discuss recent technical and methodical advances in
the fields of IT security incident response and management and IT
forensics. It shall enable collaboration and exchange of ideas between
industry (both as users and solution providers), academia,
law-enforcement and other government bodies.
For more information, please see
http://www.imf-conference.org/imf2013/.
ESSoS 2013
5th International Symposium on Engineering Secure Software and Systems,
Paris, France, February 27 - March 1, 2013.
[posted here 05/14/12]
Trustworthy, secure software is a core ingredient of the modern world. Hostile, networked environments,
like the Internet, can allow vulnerabilities in software to be exploited from anywhere. To address
this, high-quality security building blocks (e.g., cryptographic components) are necessary, but insufficient.
Indeed, the construction of secure software is challenging because of the complexity of modern applications,
the growing sophistication of security requirements, the multitude of available software technologies
and the progress of attack vectors. Clearly, a strong need exists for engineering techniques
that scale well and that demonstrably improve the software's security properties.
The goal of this symposium is to bring together researchers and practitioners to advance the states of
the art and practice in secure software engineering. Being one of the few conference-level events
dedicated to this topic, it explicitly aims to bridge the software engineering and security engineering
communities, and promote cross-fertilization. The Symposium seeks submissions on subjects
related to its goals. This includes a diversity of topics including (but not limited to):
- scalable techniques for threat modeling and analysis of vulnerabilities
- specification and management of security requirements and policies
- security architecture and design for software and systems
- model checking for security
- specification formalisms for security artifacts
- verification techniques for security properties
- systematic support for security best practices
- security testing
- security assurance cases
- programming paradigms, models and DLS's for security
- program rewriting techniques
- processes for the development of secure software and systems
- security-oriented software reconfiguration and evolution
- security measurement
- automated development
- trade-off between security and other non-functional requirements (in particular economic considerations)
- support for assurance, certification and accreditation
- empirical secure software engineering
For more information, please see
http://distrinet.cs.kuleuven.be/events/essos2013/.
NDSS 2013
20th Annual Network and Distributed System Security Symposium,
Catamaran Resort Hotel and Spa San Diego, California, USA, February 24-27, 2013.
[posted here 05/21/12]
The Network and Distributed System Security Symposium fosters information exchange among
researchers and practitioners of network and distributed system security. The target audience
includes those interested in practical aspects of network and distributed system security, with
a focus on actual system design and implementation. A major goal is to encourage and enable
the Internet community to apply, deploy, and advance the state of available network and
distributed systems security technologies.
Special emphasis will be made to accept papers in the core theme of network and distributed
systems security. Consequently, papers that cover networking protocols and distributed systems
algorithms are especially invited to be submitted. Moreover, practical papers in these areas
are also very welcome. Submissions are solicited in, but not limited to, the following areas:
- Anti-malware techniques: detection, analysis, and prevention
- Combating cyber-crime: anti-phishing, anti-spam, anti-fraud techniques
- Future Internet architecture and design
- High-availability wired and wireless networks
- Implementation, deployment and management of network security policies
- Integrating security in Internet protocols: routing, naming, network management
- Intellectual property protection: protocols, implementations, metering, watermarking,
digital rights management
- Intrusion prevention, detection, and response
- Privacy and anonymity technologies
- Public key infrastructures, key management, certification, and revocation
- Special problems and case studies: e.g., tradeoffs between security and efficiency,
usability, reliability and cost
- Security for collaborative applications: teleconferencing and video-conferencing
- Security for Cloud Computing
- Security for electronic commerce: e.g., payment, barter, EDI, notarization,
timestamping, endorsement, & licensing
- Security for emerging technologies: sensor networks, wireless/mobile (and ad hoc)
networks, and personal communication systems
- Security for future home networks, Internet of Things, body-area networks
- Security for large-scale systems and critical infrastructures (e.g., electronic
voting, smart grid)
- Security for peer-to-peer and overlay network systems
- Security for Vehicular Ad-hoc Networks (VANETs)
- Security of Web-based applications and services
- Trustworthy Computing mechanisms to secure network protocols and distributed systems
For more information, please see
http://www.internetsociety.org/events/ndss-symposium-2013.
CODASPY 2013
3nd ACM Conference on Data and Application Security and Privacy,
San Antonio, Texas, USA, February 18-20, 2013.
[posted here 07/23/12]
Data and applications security and privacy has rapidly expanded as a
research field with many important challenges to be addressed. The
goal of the ACM Conference on Data and Applications Security (CODASPY)
is to discuss novel, exciting research topics in data and application
security and privacy and to lay out directions for further research
and development in this area. The conference seeks paper and poster
submissions from diverse communities, including corporate and academic
researchers, open-source projects, standardization bodies, governments,
system and security administrators, software engineers and application
domain experts. Topics of interest include, but are not limited to:
- Application-layer security policies
- Access control for applications
- Access control for databases
- Data-dissemination controls
- Data forensics
- Enforcement-layer security policies
- Privacy-preserving techniques
- Private information retrieval
- Search on protected/encrypted data
- Secure auditing
- Secure collaboration
- Secure data provenance
- Secure electronic commerce
- Secure information sharing
- Secure knowledge management
- Secure multiparty computations
- Secure software development
- Securing data/apps on untrusted platforms
- Securing the semantic web
- Security and privacy in GIS/spatial data
- Security and privacy for mobile apps and devices
- Security and privacy in healthcare
- Security policies for databases
- Social computing security and privacy
- Social networking security and privacy
- Trust metrics for applications, data, and users
- Usable security and privacy
- Web application security
For more information, please see
http://www.codaspy.org.
IFIP119-DF 2013
9th Annual IFIP WG 11.9 International Conference on Digital Forensics,
Orlando, Florida, USA, January 28-30, 2013.
[posted here 09/04/12]
The IFIP Working Group 11.9 on Digital Forensics (www.ifip119.org) is an active international community of scientists,
engineers and practitioners dedicated to advancing the state of the art of research and practice in digital forensics. The
Ninth Annual IFIP WG 11.9 International Conference on Digital Forensics will provide a forum for presenting original,
unpublished research results and innovative ideas related to the extraction, analysis and preservation of all forms of
electronic evidence. Papers and panel proposals are solicited. All submissions will be refereed by a program committee
comprising members of the Working Group. Papers and panel submissions will be selected based on their technical merit
and relevance to IFIP WG 11.9. The conference will be limited to approximately sixty participants to facilitate interactions
between researchers and intense discussions of critical research issues. Keynote presentations, revised papers and details of
panel discussions will be published as an edited volume – the ninth in the series entitled Research Advances in Digital
Forensics (Springer) in the summer of 2013. Revised and/or extended versions of selected papers from the conference will
be published in special issues of one or more international journals.
Technical papers are solicited in all areas related to the theory and practice of digital forensics. Areas of special interest
include, but are not limited to:
- Theories, techniques and tools for extracting, analyzing and preserving digital evidence
- Network and cloud forensics
- Embedded device forensics
- Digital forensic processes and workflow models
- Digital forensic case studies
- Legal, ethical and policy issues related to digital forensics
For more information, please see
http://www.ifip119.org/Conferences/WG11-9-CFP-2013.pdf.
FloCon 2013
FloCon Network Security Conference,
Albuquerque, New Mexico, USA, January 7–10, 2013.
[posted here 08/13/12]
This open conference provides a forum for operational network analysts, tool developers,
researchers, and other parties interested in the analysis of large volumes of traffic to
showcase the next generation of flow-based analysis techniques. Flow is an abstraction of
network traffic in which packets are aggregated by common attributes over time. This year's
conference will focus on the challenges of "Analysis at Scale." In large network environments,
flow data helps to provide a scalable way of seeing the big picture, as well as a streamlined
platform for highlighting patterns of malicious behavior over time.
More and more commercial tools and platforms are available for collecting and storing not only
flow data, but large volumes of other data such as DNS information, packet capture, security logs,
and incident reports. How do we refine this "Big Data" into knowledge? How do we design methods
for aggregated analyses at the network edge? How do we build systems for monitoring thousands
or millions of assets at once?
The era of Big Data has brought with it the need to integrate cross-disciplinary expertise—in numerical
methods, system design, software engineering, visualization, and analytical thinking—with the goal of
gaining awareness and insight from raw records. Analysis of Big Data at the ISP and carrier-class
network level adds challenges of data abstraction, context, and scope that must be addressed with
the implementation of any system designed to help operational analysts use this data to learn
about network threats.
For more information, please see
http://www.cert.org/flocon/.
HICSS-CSS 2013
46th HAWAII International Conference on System Sciences,
Internet and the Digital Economy Track,
Cybercrime and Security Strategy Mini-track,
Grand Wailea, Maui, Hawaii, USA, January 7 - 10, 2013.
[posted here 04/30/2012]
We invite you to submit a paper for mini-track "Cybercrime and Security Strategy"
scheduled for the 46th Hawaii International Conference on System Sciences (HICSS).
The diffusion of computer technologies worldwide has resulted in an unprecedented global expansion
of computer-based criminal activity. There appears to be a need for research into cybercrime activities,
and their causes. At the same time, it has become imperative to effectively protect information assets.
The endeavor of this mini-track is to also enhance understanding about the issues associated with
information security strategy. Few topics of interest include (but not limited to):
- Cyber crime activities, and their motivations
- Cyber security policy
- Cyber-infrastructure protection
- Legal and ethical challenges to cyber crime
- Digital forensics
- Cyber crime and societal implications
- Information security strategy
- Planning for information security
- Organizational barriers to security
- Understanding security culture
For more information, please see
http://www.hicss.hawaii.edu/hicss_46/apahome46.htm.
