Contents
ICISS 2015
11th International Conference on Information Systems Security,
Kolkata, India, December 16-20, 2015.
[posted here 02/02/15]
The conference series ICISS (International Conference on Information Systems Security),
held annually, provides a forum for disseminating latest research results in information and
systems security. ICISS 2015, the eleventh conference in this series, will be held under
the aegis of the Society for Research in Information Security and Privacy (SRISP).
Submissions are encouraged from academia, industry and government, addressing theoretical
and practical problems in information and systems security and related areas.
Topics of interest include but are not limited to:
- Access and Usage Control
- Application Security
- Authentication and Audit
- Biometric Security
- Cloud Security
- Cryptographic Protocols
- Cyber-physical Systems Security
- Data Security and Privacy
- Digital Forensics
- Digital Rights Management
- Distributed Systems Security
- Formal Models in Security
- Identity Management
- Intrusion Detection and Prevention
- Intrusion Tolerance and Recovery
- Key Management
- Language-based Security
- Malware Analysis and Mitigation
- Network Security
- Operating Systems Security
- Privacy and Anonymity
- Secure Data Streams
- Security and Usability
- Security Testing
- Sensor and Ad Hoc Network Security
- Smartphone Security
- Software Security
- Usable Security
- Vulnerability Detection and Mitigation
- Web Security
For more information, please see
http://www.iciss.org.in.
CANS 2015
14th International Conference on Cryptology and Network Security,
Morocco, Marrakesh, December 8-12, 2015.
[posted here 03/30/15]
Papers offering novel research contributions are solicited. The conference
focus is on original, high-quality, unpublished research and implementation
results. Especially encouraged are submissions of papers suggesting novel
paradigms, original directions, or non-traditional perspectives. Also of particular
interest this year are papers on network security, from modeling, measurement,
engineering, and attack perspectives. Submitted papers must not substantially
overlap with papers that have been published or that are submitted in parallel
to a journal or a conference with formally published proceedings.
Topics of Interest:
- Access Control for Networks
- Adware, Malware, and Spyware
- Anonymity & Pseudonymity
- Authentication, Identification
- Cloud Security
- Cryptographic Algorithms & Protocols
- Denial of Service Protection
- Embedded System Security
- Identity & Trust Management
- Internet Security
- Key Management
- Mobile Code Security
- Multicast Security
- Network Security
- Peer-to-Peer Security
- Security Architectures
- Security in Social Networks
- Sensor Network Security
- Virtual Private Networks
- Wireless and Mobile Security
For more information, please see
http://www.cans2015.org/.
ICSS 2015
Industrial Control System Security Workshop,
Held in conjunction with 31st Annual Computer Security Applications Conference (ACSAC),
Los Angeles, California, USA, December 7-11, 2015.
[posted here 08/03/15]
Supervisory control and data acquisition (SCADA) and industrial control systems monitor
and control a wide range of industrial and infrastructure processes such as water treatment,
power generation and transmission, oil and gas refining and steal manufacturing. Such
systems are usually built using a variety of commodity computer and networking components,
and are becoming increasingly interconnected with corporate and other Internet-visible
networks. As a result, they face significant threats from internal and external actors.
For example, Stuxnet malware was specifically written to attack SCADA systems that
alone caused multi-million dollars damages in 2010. The critical requirement for high
availability in SCADA and industrial control systems, along with the use of resource
constrained computing devices, legacy operating systems and proprietary software
applications limits the applicability of traditional information security solutions. The goal
of this workshop is to explore new security techniques that are applicable in the control
systems context. Papers of interest including (but not limited to) the following subject
categories are solicited:
- Intrusion detection and prevention
- Malware
- Vulnerability analysis of control systems protocols
- Digital forensics
- Virtualization
- Application security
- Performance impact of security methods and tools in control systems
For more information, please see
http://acsac.org/2015/workshops/icss/.
Globecom-CISS 2015
IEEE Globecom 2015,
Communication & Information System Security Symposium,
San Diego, CA, USA, December 6-10, 2015.
[posted here 02/09/15]
As communication and information systems become more indispensable to the society,
their security has also become extremely critical. This symposium welcomes manuscripts
on all aspects of the modeling, design, implementation, deployment, and management
of security algorithms, protocols, architectures, and systems. Furthermore, contributions
devoted to the evaluation, optimization, or enhancement of security and privacy
mechanisms for current technologies, as well as devising efficient security and privacy
solutions for emerging areas, from physical-layer technology up to cyber security,
are solicited. The Communication & Information Systems Security Symposium seeks
original contributions in the following topical areas, plus others that are not explicitly
listed but are closely related:
- Anonymous communication, metrics and performance
- Attack, detection and prevention
- Authentication protocols and key management
- Availability and survivability of secure services and systems
- Biometric security: technologies, risks, vulnerabilities, bio-cryptography,
mobile template protection
- Cloud, data center and distributed systems security
- Computer and network forensics
- Cryptography for network security
- Cyber security
- Digital rights management
- Firewall technologies
- Formal trust models, security modeling, and design of secure protocols
- Information systems security and security management
- Internet security and privacy
- Malware detection and damage recovery
- Network security metrics and performance
- Operating systems and application security
- Physical security and hardware/software security
- Post-quantum network security
- Privacy and privacy-enhancing technologies
- Security and privacy for mobile and wireless networks
- Security for cloud computing and networking
- Security for mobile and wireless networks
- Security for next-generation networks
- Security in virtual machine environments
- Security tools for communication and information systems
- Trustworthy computing
- Wired systems and optical network security
For more information, please see
http://globecom2015.ieee-globecom.org/sites/globecom2015.ieee-globecom.org/files/u42/GC15_TPC_CFP_CISS_-_Communication_&_Information_System_Security.pdf.
ProvSec 2015
9th International Conference on Provable Security,
Kanazawa, Japan, November 24-26, 2015.
[posted here 06/08/15]
All aspects of provable security for cryptographic primitives or protocols,
include but are not limited to the following areas:
- Asymmetric provably secure cryptography
- Cryptographic primitives
- Lattice-based cryptography and security reductions
- Leakage-resilient cryptography
- Pairing-based provably secure cryptography
- Privacy and anonymity technologies
- Provable secure block ciphers and hash functions
- Secure cryptographic protocols and applications
- Security notions, approaches, and paradigms
- Steganography and steganalysis
For more information, please see
https://security-lab.jaist.ac.jp/provsec2015/.
NSS 2015
9th International Conference on Network and System Security,
New York City, NY, USA, November 3-5, 2015.
[posted here 01/05/15]
NSS is an annual international conference covering research in network and
system security. The conference seeks submissions from academia, industry,
and government presenting novel research on all theoretical and practical
aspects of network security, privacy, applications security, and system
security. Papers describing case studies, implementation experiences, and
lessons learned are also encouraged. Topics of interest include but are
not limited to:
- Active Defense Systems
- Adaptive Defense Systems
- Applied Cryptography
- Analysis, Benchmark of Security Systems
- Authentication
- Biometric Security
- Complex Systems Security
- Database and System Security
- Data Protection
- Data/System Integrity
- Distributed Access Control
- Distributed Attack Systems
- Denial-of-Service
- High Performance Network Virtualization
- Hardware Security
- High Performance Security Systems
- Identity Management
- Intelligent Defense Systems
- Insider Threats
- Intellectual Property Rights Protection
- Internet and Network Forensics
- Intrusion Detection and Prevention
- Key Distribution and Management
- Large-scale Attacks and Defense
- Malware
- Network Resiliency
- Network Security
- RFID Security and Privacy
- Security Architectures
- Security for Critical Infrastructures
- Security in P2P systems
- Security in Cloud and Grid Systems
- Security in E-Commerce
- Security in Pervasive/Ubiquitous Computing
- Security and Privacy in Smart Grid
- Security and Privacy in Wireless Networks
- Security Policy
- Secure Mobile Agents and Mobile Code
- Security Theory and Tools
- Standards and Assurance Methods
- Trusted Computing
- Trust Management
- World Wide Web Security
For more information, please see
http://anss.org.au/nss2015/index.htm.
SPeH 2015
IEEE International Workshop on Security and Privacy in eHealthcare,
Held in conjunction with the 40th IEEE Conference on Local Networks (LCN),
Clearwater, Florida, USA, October 26-29, 2015.
[posted here 03/23/15]
The First IEEE International Workshop on Security and Privacy in eHealthcare
(SPeH 2015) will address research in security and privacy of applications and
tools in eHealthcare and provide a unique forum to present and discuss the key
issues and innovative solutions to address the security and privacy concerns in
eHealthcare. The major focus of the workshop will include, but not limited to
the following:
- Authentication in wireless body networks
- Secure wireless network communication
- Data security and privacy in eHealthcare
- Secure connectivity in wearable devices
- eHealthcare security challenges in cloud
- Trustworthy wearable sensing devices
For more information, please see
http://csusap.csu.edu.au/~tzia/SPeH.htm.
C&TC 2015
5th International Symposium on Cloud Computing, Trusted Computing and
Secure Virtual Infrastructures - Cloud and Trusted Computing,
Rhodes, Greece, October 26-28, 2015.
[posted here 03/30/15]
Current and future software needs to remain focused towards the development
and deployment of large and complex intelligent and networked information systems,
required for internet-based and intranet-based systems in organizations. Today
software covers a very wide range of application domains as well as technology
and research issues. This has found realization through Cloud Computing. Vital
element in such networked information systems are the notions of trust, security,
privacy and risk management. The conference solicits submissions from both academia
and industry presenting novel research in the context of Cloud Computing, presenting
theoretical and practical approaches to cloud trust, security, privacy and risk
management. The conference will provide a special focus on the intersection
between cloud and trust bringing together experts from the two communities to
discuss on the vital issues of trust, security, privacy and risk management in Cloud
Computing. Potential contributions could cover new approaches, methodologies,
protocols, tools, or verification and validation techniques. We also welcome review
papers that analyze critically the current status of trust, security, privacy and risk
management in the cloud. Papers from practitioners who encounter trust, security,
privacy and risk management problems and seek understanding are also welcome.
For more information, please see
http://www.onthemove-conferences.org/index.php/cloud-trust-15.
FPS 2015
8th International Symposium on Foundations & Practice of Security,
Clermont-Ferrand, France, October 26-28, 2015.
[posted here 03/23/15]
This conference, the 8th in an annual series, provides a forum for researchers
world-wide working in security, privacy, trustworthy data systems and related areas.
The aim of FPS is to discuss and exchange theoretical and practical ideas that address
security issues in inter-connected systems. It aims to provide scientific presentations
as well as to establish links, promote scientific collaboration, joint research programs,
and student exchanges between institutions involved in this important and fast
moving research field. We also invite papers from researchers and practitioners working
in security, privacy, trustworthy data systems and related areas to submit their original
papers. The main topics, but not limited to, include:
- Computer and Network Security
- Formal foundations in Information or Operational Security
- Security of Service Oriented Architectures
- Information Theoretic Security
- Security of Cloud Computing
- Security Management and Security Policies
- Policy-based Security Architectures
- Security of P2P systems
- Security & Privacy on Social Networks
- Access Control Languages
- Data Mining & Watermarking
- Cryptography & Cryptanalysis
- Threat Analysis and Trust Management
- Privacy & Sensitive Data Management
- Policy-based Distributed Information Systems
- Security in Sensor Networks and RFIDs
- Security of Cloud Computing, Grid Computing
- Security of Distributed Embedded Middleware
- Distributed Security Protocols & Policies
- Security and Privacy in Digital Currencies
- Malware, Botnet and Advanced Persistent Threats
- Code Reverse Engineering and Vulnerability Exploitation
- Side Channel & Physical Attacks
- Social Engineering
For more information, please see
http://confiance-numerique.clermont-universite.fr/fps2015/.
CPS-SPC 2015
1st ACM Cyber-Physical Systems Security and PrivaCy Workshop,
Held in conjunction with the 22nd ACM Conference on Computer
and Communications Security (ACM CCS 2015),
Denver, Colorado, USA, October 16, 2015.
[posted here 05/11/15]
Cyber-physical systems (CPS) integrate computing and communication
capabilities with monitoring and control of entities in the physical world.
These systems are usually composed by a set of networked agents, including sensors,
actuators, control processing units, and communication devices. While some forms
of CPS are already in use, the widespread growth of wireless embedded sensors
and actuators is creating several new applications — in areas such as medical
devices, automotive, and smart infrastructure — and increasing the role that
the information infrastructure plays in existing control systems — such as
in the process control industry or the power grid. Many CPS applications are
safety-critical: their failure can cause irreparable harm to the physical
system under control and to the people who depend on it. In particular,
the protection of our critical infrastructures that rely on CPS, such as
the electric power transmission and distribution, industrial control systems,
oil and natural gas systems, water and waste-water treatment plants,
healthcare devices, and transportation networks play a fundamental and
large-scale role in our society — and their disruption can have a
significant impact to individuals, and nations at large.
Similarly, because many CPS systems collect sensor data non-intrusively,
users of these systems are often unaware of their exposure. Therefore in
addition to security, CPS systems must be designed with privacy considerations.
To address some of these issues, we invite original research papers on the
security and/or privacy of cyber-physical systems. We seek submissions from
multiple interdisciplinary backgrounds representative of CPS, including but
not limited to the following:
- intrusion detection for CPS
- privacy in CPS
- network security for CPS
- control theory and mathematical foundations for secure CPS
- embedded systems and IoT security and privacy
- real-time systems
- game theory applied to CPS
- human factors and humans in the loop
- reliability and safety
- economics of security and privacy in CPS
CPS domains of interest include:
- manufacturing
- industrial control systems
- Supervisory Control and Data Acquisition (SCADA) systems
- power grid and smart grid
- robotics
- unmanned aerial vehicles
- transportation systems
- healthcare and medical devices
- automotive
- abstract theoretical CPS domains that involve sensing and actuation
For more information, please see
https://sites.google.com/site/2015cpsspc/.
CCSW 2015
ACM Cloud Computing Security Workshop,
Held in conjunction with the 22nd ACM Conference on Computer
and Communications Security (ACM CCS 2015),
Denver, Colorado, USA, October 16, 2015.
[posted here 05/11/15]
The CCSW workshop brings together researchers and practitioners
in all security and privacy aspects of cloud-centric and
outsourced computing, including:
- practical cryptographic protocols for cloud security
- outsourced privacy-preserving computation
- secure cloud resource virtualization mechanisms
- secure data management outsourcing (e.g., database as a service)
- practical privacy and integrity mechanisms for outsourcing
- privacy-enhancing technologies for the cloud
- foundations of cloud-centric threat models
- secure computation outsourcing
- remote attestation mechanisms in clouds
- sandboxing and VM-based enforcements
- trust and policy management in clouds
- secure identity management mechanisms
- new cloud-aware web service security paradigms and mechanisms
- cloud-centric regulatory compliance issues and mechanisms
- business and security risk models and clouds
- cost and usability models and their interaction with security in clouds
- scalability of security in global-size clouds
- trusted computing technology and clouds
- binary analysis of software for remote attestation and cloud protection
- network security (DOS, IDS etc.) mechanisms for cloud contexts
- security for emerging cloud programming models
- energy/cost/efficiency of security in clouds
- security for software defined networking
For more information, please see
http://ccsw.ics.uci.edu/15/.
ACM-CCS 2015
22nd ACM Conference on Computer and Communications Security,
Denver, Colorado, USA, October 12-16, 2015.
[posted here 02/02/15]
The ACM Conference on Computer and Communications Security (CCS) is the flagship annual
conference of the Special Interest Group on Security, Audit and Control (SIGSAC) of the
Association for Computing Machinery (ACM). The conference brings together information
security researchers, practitioners, developers, and users from all over the world to explore
cutting-edge ideas and results. It provides an environment to conduct intellectual
discussions. From its inception, CCS has established itself as a high standard research
conference in its area.
For more information, please see
http://www.sigsac.org/ccs/CCS2015.
SafeConfig 2015
8th Workshop on Automated Decision Making for Active Cyber Defense,
Collocated with ACM CCS 2015,
Denver, Colorado, USA, October 12, 2015.
[posted here 04/27/15]
The high growth of cyber connectivity significantly increases the potential
and sophistication of cyber-attacks. The new capabilities based on active
cyber defense (ACD) are required to offer automated, intelligently-driven,
agile, and resilient cyber defense. Both accurate "sense-making" based
security analytics of the system artifacts (e.g., traces, configurations,
logs, incident reports, alarms and network traffic), and provably-effective
"decision-making" based on robust reasoning are required to enable ACD for
cyber security and resiliency. Cyber security requires automated and
scalable analytics in order to normalize, model, integrate, and analyze
large and complex data to make correct decisions on time about security
measures against threats. The automated decision making goals is to
determine and improve the security and resiliency of cyber systems
and services. As the current technology moves toward ‘smart’ cyber-physical
infrastructures as well as open networking platforms (e.g., software
defined networking and virtual/cloud computing), the need for large-scale
security analytics and automation for decision making significantly increases.
This workshop offers a unique opportunity by bringing together researchers
from academia, industry as well as government agencies to discuss the challenges
listed above, to exchange experiences, and to propose joint plans for
promoting research and development in this area. SafeConfig is a one day
forum that includes invited talks, technical presentations of peer-reviewed
papers, poster/demo sessions, and joint panels on research collaboration.
SafeConfig was started in 2009 and has been continuously running since then.
It provides a distinct forum to explore theoretical foundations, algorithmic
advances, modeling, and evaluation of configuration related challenges for
large scale cyber and cyberphysical systems.
For more information, please see
http://www.cyberdna.uncc.edu/safeconfig/2015/cfp.html.
WISCS 2015
2nd ACM Workshop on Information Sharing and Collaborative Security,
Held in conjunction with 22nd ACM Conference on Computer and Communications Security (CCS 2015),
Denver, Colorado, USA, October 12, 2015.
[posted here 06/08/15]
Sharing of cyber-security related information is believed to greatly enhance the
ability of organizations to defend themselves against sophisticated attacks. If one
organization detects a breach sharing associated security indicators (such as attacker IP
addresses, domain names, file hashes etc.) provides valuable, actionable information to
other organizations. The analysis of shared security data promises novel insights into emerging
attacks. Sharing higher level intelligence about threat actors, the tools they use and
mitigations provides defenders with much needed context for better preparing and responding
to attacks. In the US and the EU major efforts are underway to strengthen information sharing.
Yet, there are a number of technical and policy challenges to realizing this vision. Which
information exactly should be shared? How can privacy and confidentiality be protected? How
can we create high-fidelity intelligence from shared data that minimizes false positives?
The 2nd Workshop on Information Sharing and Collaborative Security (WISCS 2015) aims to
bring together experts and practitioners from academia, industry and government to present
innovative research, case studies, and legal and policy issues. The workshop solicits original
research papers in these areas, both full and short papers. Workshop proceedings will be
published in the ACM Digital Library. Topics of interest for the workshop include, but are not
limited to:
- Collaborative intrusion detection
- Case studies of information sharing
- Domain name and IP address blacklists
- Collaborative approaches to spear?phishing, DDoS and other attacks
- Privacy and confidentiality
- Data deidentification
- Cryptographic protocols for collaborative security
- Scalable security analysis on shared data
- Ontologies and standards for sharing security data
- UX and behavioral aspects of collaborating
- Policy and legal issues
- Surveillance issues
- Trust models
- Attacks on information sharing
- Economics of security collaboration
For more information, please see
https://sites.google.com/site/wiscs2015/.
WPES 2015
Workshop on Privacy in the Electronic Society,
Held in conjunction with the 22nd ACM Conference on Computer
and Communications Security (ACM CCS 2015),
Denver, Colorado, USA, October 12, 2015.
(Submission Due 10 June 2015) [posted here 05/25/15]
The increased power and interconnectivity of computer systems available
today create the ability to store and process large amounts of data,
resulting in networked information accessible from anywhere at any time.
It is becoming easier to collect, exchange, access, process, and link
information. This global scenario has inevitably resulted in an
increasing degree of awareness with respect to privacy. Privacy issues
have been the subject of public debates, and the need for privacy-aware
policies, regulations, and techniques has been widely recognized. The
goal of this workshop is to discuss the problems of privacy in the
global interconnected societies and possible solutions to them.
The workshop seeks submissions from academia and industry presenting
novel research on all theoretical and practical aspects of electronic
privacy, as well as experimental studies of fielded systems. We
encourage submissions from other communities such as law and business
that present these communities' perspectives on technological issues.
For more information, please see
https://wpes15.cs.umn.edu/.
WISCS 2015
2nd Workshop on Information Sharing and Collaborative Security,
Held in conjunction with the 22nd ACM Conference on Computer
and Communications Security (ACM CCS 2015),
Denver, Colorado, USA, October 12, 2015.
[posted here 04/20/15]
Sharing of cyber-security related information is believed to greatly
enhance the ability of organizations to defend themselves against
sophisticated attacks. If one organization detects a breach sharing
associated security indicators (such as attacker IP addresses, domain names,
file hashes etc.) provides valuable, actionable information to other
organizations. The analysis of shared security data promises novel
insights into emerging attacks. Sharing higher level intelligence
about threat actors, the tools they use and mitigations provides
defenders with much needed context for better preparing and responding
to attacks. In the US and the EU major efforts are underway to strengthen
information sharing. Yet, there are a number of technical and policy challenges
to realizing this vision. Which information exactly should be shared? How
can privacy and confidentiality be protected? How can we create high-fidelity
intelligence from shared data that minimizes false positives?
The 2nd Workshop on Information Sharing and Collaborative Security (WISCS 2015)
aims to bring together experts and practitioners from academia, industry and
government to present innovative research, case studies, and legal and policy
issues. Topics of interest for the workshop include, but are not limited to:
- Collaborative intrusion detection
- Case studies of information sharing
- Domain name and IP address blacklists
- Collaborative approaches to spear-phishing, DDoS and other attacks
- Privacy and confidentiality
- Data deidentification
- Cryptographic protocols for collaborative security
- Access control for shared information
- Scalable security analysis on shared data
- Ontologies and standards for sharing security data
- UX and behavioral aspects of collaboration
- Policy and legal issues
- Surveillance issues
- Trust models
- Attacks on information sharing
- Economics of security collaboration
For more information, please see
https://sites.google.com/site/wiscs2015/.
IWDW 2015
14th International Workshop on Digital Forensics and Watermarking,
Tokyo, Japan, October 7-10, 2015.
[posted here 05/18/15]
The 14th IWDW, International Workshop on Digital-forensics and
Watermarking (IWDW 2015) is a premier forum for researchers and
practitioners working on novel research, development and applications
of digital watermarking and forensics techniques for multimedia
security. We invite submissions of high-quality original research
papers. The topics include, but are not limited to:
- Mathematical modeling of embedding and detection
- Information theoretic, stochastic aspects of data hiding
- Security issues, including attacks and counter-attacks
- Combination of data hiding and cryptography
- Optimum watermark detection and reliable recovery
- Copyright protection, DRM, and forensic watermarking
- Large-scale experimental tests and benchmarking
- New statistical and perceptual models of multimedia content
- Estimation of watermark capacity
- Reversible data hiding
- Data hiding in special media
- Data hiding and authentication
- Steganography and steganalysis
- Channel coding techniques for watermarking
- Digital multimedia forensics and anti-forensics
- Visual cryptography and secret image sharing
For more information, please see
http://iwdw2015.tokyo/.
CRITIS 2015
10th International Conference on Critical Information Infrastructures Security,
Berlin, Germany, October 5-7, 2015.
[posted here 03/09/15]
CRITIS 2015 has four foci. Topic category 1, Resilience and protection of cyber-physical
systems, covers advances in the classical CIIP sectors telecommunication,
cyber systems and electricity infrastructures. Topic category 2 focuses on advances
in C(I)IP policies and best practices in C(I)IP specifically from stakeholders' perspectives.
In topic category 3, general advances in C(I)IP, we are explicitly inviting
contributions from additional infrastructure sectors like energy, transport, and
smart built infrastructure) and cover also cross-sector CI(I)P aspects.
In 2013, the CRITIS series of conferences has started to foster contributions from young
experts and researchers ("Young CRITIS"), and in 2014 this has been reinforced by the
first edition of the CIPRNet Young CRITIS Award (CYCA). We will continue both
activities at CRITIS 2015, since our demanding multi-disciplinary field of
research requires open-minded talents.
For more information, please see
http://www.critis2015.org.
SPC 2015
1st Workshop on Security and Privacy in the Cloud,
Held in conjunction with the IEEE Conference on Communications
and Network Security (CNS 2015),
Florence, Italy, September 30, 2015.
[posted here 05/11/15]
The workshop seeks submissions from academia, industry, and government
presenting novel research, as well as experimental studies, on all
theoretical and practical aspects of security, privacy, and data
protection in cloud scenarios. Topics of interest include, but are not
limited to:
- Anonymity in cloud scenarios
- Applied cryptography in cloud scenarios
- Data and application security
- Data and system integrity
- Data availability in outsourcing scenarios
- Data protection
- Efficient access to outsourced data
- Key management in cloud scenarios
- Privacy
- Privacy of accesses
- Secure computation over encrypted data
- Security and trust metrics
- Security and privacy in crowdsourcing
- Security and privacy in multi-clouds and federated clouds
- Security and privacy in data outsourcing
- Security and privacy in the Internet of Things
- Security and privacy of big data
- Security and privacy of distributed computations
- Security and privacy policies
- Selective information sharing
- Threats, vulnerabilities, and risk management
For more information, please see
http://www.zurich.ibm.com/spc2015/.
SPiCy 2015
1st Workshop on Security and Privacy in Cybermatics,
Held in conjuction with IEEE Conference on Communications and Networks Security (IEEE-CNS 2015),
Florence, Italy, September 30, 2015.
[posted here 05/25/15]
In the modern age Cybermatics is differentiating itself by designing the physical and social
places into the cyber space to accomplish the union of three spaces: (i) Physical Cyberworld,
(ii) Social Cyberworld, and (iii) Thinking Cyberworld. In the cyber space, everywhere
cyber-nodes are significantly independent from the space-time limitations that exist in the
physical space. Along with the development of intelligent systems, Cybermatics has brought a
wide area of open issues during the cyber interaction, physical perception, social correlation,
and cognitive thinking. Currently, Cybermatics is still in its initial stage, and it is expected
that Cybermatics will lead industrialization and IT applications to a new level and will
significantly change the way of producing, living, and even thinking of the mankind.
Cybermatics will transform how we interact with and control the physical world around us, just
in the same way as the Internet transformed how we interact and communicate with one another
and revolutionized how and where we access information.
Cyber-physical systems are subject to threats stemming from increasing dependence on computer
and communication technologies. Cyber security threats exploit the increased complexity and
connectivity of critical infrastructure systems, placing the Nation's security, economy, public
safety, and health at risk. This workshop aims to represent an opportunity for cyber security
researchers, practitioners, policy makers, and users to exchange ideas, research findings,
techniques and tools, raise awareness, and share experiences related to all practical and
theoretical aspects of Cybermatics security issues.
Capturing security and privacy requirements in the early stages of system development is
essential for creating sufficient public confidence in order to facilitate the adoption of novel
systems of Cybermatics such as cyber-physical-social (CPS) systems,
cyber-physical-social-thinking (CPST) systems, and cyber-physical-thinking (CPT) systems.
However, security and privacy requirements are often not handled properly due to their wide
variety of facets and aspects which make them difficult to formulate.
The workshop seeks submissions from academia, industry, and government presenting novel research
on all theoretical and as well as practical aspects of Cybermatics.
For more information, please see
http://spicy2015.di.unimi.it.
CNS 2015
3rd IEEE Conference on Communications and Network Security,
Florence, Italy, September 28-30, 2015.
[posted here 01/19/15]
IEEE Conference on Communications and Network Security (CNS) is a
new conference series in IEEE Communications Society (ComSoc)
core conference portfolio and the only ComSoc conference focusing
solely on cyber security. IEEE CNS is also a spin-off of IEEE INFOCOM,
the premier ComSoc conference on networking. The goal of CNS is to
provide an outstanding forum for cyber security researchers,
practitioners, policy makers, and users to exchange ideas, techniques
and tools, raise awareness, and share experience related to all
practical and theoretical aspects of communications and network
security. Building on the success of the past two years' conferences,
IEEE CNS 2015 seeks original high-quality technical papers from academia,
government, and industry. Topics of interest encompass all practical
and theoretical aspects of communications and network security, all
the way from the physical layer to the various network layers to the
variety of applications reliant on a secure communication substrate.
Submissions with main contribution in other areas, such as information
security, software security, system security, or applied cryptography,
will also be considered if a clear connection to secure
communications/networking is demonstrated. Particular topics of interest
include, but are not limited to:
- Anonymization and privacy in communication systems
- Biometric authentication and identity management
- Computer and network forensics
- Data and application security
- Data protection and integrity
- Availability of communications, survivability of networks in the
presence of attacks
- Key management and PKI for networks
- Information-theoretic security
- Intrusion detection and prevention
- Location privacy
- Mobile security
- Outsourcing of network and data communication services
- Physical layer security methods, cross-layer methods for
enhancing security
- Secure routing, network management
- Security for critical infrastructures
- Security metrics and performance evaluation
- Security and privacy for big data
- Security and privacy in body area networks
- Security and privacy in content delivery network
- Security and privacy in cloud computing and federated cloud
- Security and privacy in crowdsourcing
- Security and privacy in the Internet of Things
- Security and privacy in multihop wireless networks: ad hoc,
mesh, sensor, vehicular and RFID networks
- Security and privacy in peer-to-peer networks and overlay networks
- Security and privacy in single-hop wireless networks: Wi-Fi, Wi-Max
- Security and privacy in smart grid, cognitive radio networks,
and disruption/delay tolerant networks
- Security and privacy in social networks
- Security and privacy in pervasive and ubiquitous computing
- Social, economic and policy issues of trust, security and privacy
- Traffic analysis
- Usable security for networked computer systems
- Vulnerability, exploitation tools, malware, botnet, DDoS attacks
- Web, e-commerce, m-commerce, and e-mail security
For more information, please see
http://cns2015.ieee-cns.org/.
ESORICS 2015
20th European Symposium on Research in Computer Security,
Vienna, Austria, September 23-25, 2015.
[posted here 01/12/15]
ESORICS is the annual European research event in Computer Security.
The Symposium started in 1990 and has been held in several European countries,
attracting a wide international audience from both the academic and industrial
communities. Papers offering novel research contributions in computer security
are solicited for submission to the Symposium. The primary focus is on
original, high quality, unpublished research and implementation experiences.
We encourage submissions of papers discussing industrial research and
development. Topics of interest include, but are not limited to:
- access control
- accountability
- ad hoc networks
- anonymity
- applied cryptography
- authentication
- biometrics
- database security
- data protection
- digital content protection
- digital forensic
- distributed systems security
- electronic payments
- embedded systems security
- inference control
- information hiding
- identity management
- information flow control
- integrity
- intrusion detection
- formal security methods
- language-based security
- network security
- phishing and spam prevention
- privacy
- risk analysis and management
- secure electronic voting
- security architectures
- security economics
- security metrics
- security models
- security and privacy in cloud scenarios
- security and privacy in complex systems
- security and privacy in location services
- security and privacy for mobile code
- security and privacy in pervasive/ubiquitous computing
- security and privacy policies
- security and privacy in social networks
- security and privacy in web services
- security verification
- software security
- steganography
- systems security
- trust models and management
- trustworthy user devices
- web security
- wireless security
For more information, please see
http://www.esorics2015.sba-research.org.
DPM 2015
10th International Workshop on Data Privacy Management,
Co-located with ESORICS 2015,
Vienna, Austria, September 21-22, 2015.
[posted here 04/06/15]
Organizations are increasingly concerned about the privacy of information
that they manage (several people have filed lawsuits against organizations
violating the privacy of customer's data). Thus, the management of
privacy-sensitive information is very critical and important for every organization.
This poses several challenging problems, such as how to translate the high-level
business goals into system-level privacy policies, administration of privacy-sensitive
data, privacy data integration and engineering, privacy access control mechanisms,
information-oriented security, and query execution on privacy-sensitive data for
partial answers. The aim of this workshop is to discuss and exchange the ideas
related to privacy data management. We invite papers from researchers and
practitioners working in privacy, security, trustworthy data systems and related
areas to submit their original papers in this workshop.
For more information, please see
http://deic.uab.cat/conferences/dpm/dpm2015/.
ISC 2015
18th Information Security Conference,
Trondheim, Norway, September 9-11, 2015.
[posted here 03/23/15]
The Information Security Conference (ISC), which started as a workshop
(ISW) in 1997,is a well-established and highly reputable international conference
that is held yearly. It has been held in five different continents. The conference
seeks submissions on novel theoretical and practical results in:
- access control
- accountability
- anonymity and pseudonymity
- applied cryptography
- authentication
- biometrics
- computer forensics
- critical infrastructure security
- cryptographic protocols
- database security
- data protection
- data/system integrity
- digital right management
- economics of security and privacy
- electronic frauds
- embedded security
- formal methods in security
- identity management
- information dissemination control
- information hiding & watermarking
- intrusion detection
- network security
- peer-to-peer security
- privacy
- secure group communications
- security in information flow
- security for Internet of Things
- security for mobile code
- secure cloud computing
- security in location services
- security modelling & architectures
- security and privacy in social networks
- security and privacy in pervasive and ubiquitous computing
- security of eCommerce, eBusiness and eGovernment
- security models for ambient intelligence environments
- trust models and trust policies
For more information, please see
http://isc2015.item.ntnu.no.
NSPW 2015
New Security Paradigms Workshop () ,
Twente, The Netherlands, September 8-11, 2015.
[posted here 03/23/15]
Since 1992, the New Security Paradigms Workshop (NSPW) has offered a unique forum
for computer security/information security research involving high-risk, high-opportunity
paradigms, perspectives and positions. NSPW seeks embryonic, disruptive, and
unconventional ideas that bene?t from early feedback. The ideas are almost always
not yet proven, and sometimes infeasible to validate to the extent expected in
traditional forums. Submissions typically address current limitations of computer/information
security, directly challenge long-held beliefs or the very foundations of security, or view
problems from an entirely novel angle leading to new solution paradigms. NSPW seeks
ideas pushing the boundaries of science and engineering beyond what would typically
be considered mainstream; papers that would be strong candidates in "conventional"
computer/information security venues are, as a rule of thumb, a poor ?t for NSPW.
We welcome papers with perspectives that augment traditional computer/information
security, both from other computer science disciplines and other sciences that study
adversarial relationships (e.g., biology, economics, the social sciences).
For NSPW 2015, we especially welcome papers from ?rst-time NSPW authors.
The workshop itself is highly interactive with presentations by authors prepared
for in-depth discussions, and ample opportunity to exchange views with
open-minded peers. NSPW is also distinguished by its deep-rooted tradition
of positive feedback, collegiality, and encouragement.
For more information, please see
http://www.nspw.org/2015/cfp.
TrustBus 2015
12th International Conference on Trust, Privacy, and Security in Digital Business,
Valencia, Spain, September 1-2, 2015.
[posted here 02/16/15]
TrustBus'2015 will bring together researchers from different disciplines,
developers, and users all interested in the critical success factors of
digital business systems. We are interested in papers, work-in-progress reports,
and industrial experiences describing advances in all areas of digital business
applications related to trust and privacy, including, but not limited to:
- Anonymity and pseudonymity in business transactions
- Business architectures and underlying infrastructures
- Common practice, legal and regulatory issues
- Cryptographic protocols
- Delivery technologies and scheduling protocols
- Design of businesses models with security requirements
- Economics of Information Systems Security
- Electronic cash, wallets and pay-per-view systems
- Enterprise management and consumer protection
- Identity and Trust Management
- Intellectual property and digital rights management
- Intrusion detection and information filtering
- Languages for description of services and contracts
- Management of privacy & confidentiality
- Models for access control and authentication
- Multimedia web services
- New cryptographic building-blocks for e-business applications
- Online transaction processing
- PKI & PMI
- Public administration, governmental services
- P2P transactions and scenarios
- Real-time Internet E-Services
- Reliability and security of content and data
- Reliable auction, e-procurement and negotiation technology
- Reputation in services provision
- Secure process integration and management
- Security and Privacy models for Pervasive Information Systems
- Security Policies
- Shopping, trading, and contract management tools
- Smartcard technology
- Transactional Models
- Trust and privacy issues in mobile commerce environments
- Usability of security technologies and services
For more information, please see
http://www.ds.unipi.gr/trustbus15/.
EUSIPCO 2015
23rd European Signal Processing Conference,
Information Forensics and Security Track,
Nice, Cote d' Azur, France, August 31 - September 4, 2015.
[posted here 12/15/14]
EUSIPCO is the flagship conference of the European Association for Signal Processing
(EURASIP). EUSIPCO 2015 will feature world-class speakers, oral and poster sessions,
keynotes, exhibitions, demonstrations and tutorials and is expected to attract in
the order of 600 leading researchers and industry figures from all over the world.
The Information Forensics and Security Track addresses all works whereby security
is achieved through a combination of techniques from cryptography, computer
security, machine learning and multimedia signal processing.
For more information, please see
http://www.eusipco2015.org.
WSDF 2015
8th International Workshop on Digital Forensics,
Held in conjunction with the 10th International Conference on Availability, Reliability and Security (ARES 2015),
Toulouse, France, August 24-28, 2015.
[posted here 02/09/15]
Digital forensics is a rapidly evolving field primarily focused on the extraction, preservation
and analysis of digital evidence obtained from electronic devices in a manner that is
legally acceptable. Research into new methodologies tools and techniques within this
domain is necessitated by an ever-increasing dependency on tightly interconnected,
complex and pervasive computer systems and networks. The ubiquitous nature of our
digital lifestyle presents many avenues for the potential misuse of electronic devices
in crimes that directly involve, or are facilitated by, these technologies. The aim of
digital forensics is to produce outputs that can help investigators ascertain the overall
state of a system. This includes any events that have occurred within the system and
entities that have interacted with that system. Due care has to be taken in the
identification, collection, archiving, maintenance, handling and analysis of digital
evidence in order to prevent damage to data integrity. Such issues combined with
the constant evolution of technology provide a large scope of digital forensic research.
WSDF aims to bring together experts from academia, industry, government and law
enforcement who are interested in advancing the state of the art in digital forensics
by exchanging their knowledge, results, ideas and experiences.
The aim of the workshop is to provide a relaxed atmosphere that promotes discussion
and free exchange of ideas while providing a sound academic backing. The focus of
this workshop is not only restricted to digital forensics in the investigation of crime.
It also addresses security applications such as automated log analysis, forensic
aspects of fraud prevention and investigation, policy and governance.
For more information, please see
http://www.ares-conference.eu/conference/workshops/wsdf-2015/.
RT2ND 2015
International Workshop on Risk and Trust in New Network Developments,
Held in conjunction with the 10th International Conference on Availability, Reliability and Security (ARES 2015),
Toulouse, France, August 24-28, 2015.
[posted here 02/09/15]
The drive of being connected anywhere and anytime, the convenience of smart services,
and advances in embedded computing have recently pushed new network developments.
Several factors have contributed to this development, e.g., hardware advances (devices
are smaller, more powerful, and batteries last longer), the heterogeneity of end-points
(a range of devices and “intelligent things”), different architectures (networks of
networks, self-configuring, opportunistic and ad-hoc networks), enhancements in
technology (mobile, wireless, Bluetooth, RFID, NFC) and the ever more networked
society (devices are increasingly affordable and ubiquitous). Such developments
have created new network paradigms such as Vehicular Networks, Body Area Networks,
Personal Area Networks, Smart Camera Networks, Virtualized Networks,
Service-oriented Networks, Home Area Networks, and Named Data Networks.
Novelties in network architectures, technologies and applications raise numerous
challenges in terms of risk and trust, and in the trade-off between them. This workshop
aims to bring together researchers and practitioners, and foment discussion on risk and
trust in emerging networks and how to best defend against their misuse. We encourage
different types of contributions – surveys, technical and empirical contributions.
For more information, please see
http://www.ares-conference.eu/conference/workshops/rt2nd-2015/.
ECTCM 2015
3rd International Workshop on Emerging Cyberthreats and Countermeasures,
Held in conjunction with the 10th International Conference on Availability, Reliability and Security (ARES 2015),
Toulouse, France, August 24-28, 2015.
[posted here 02/16/15]
The 3rd International Workshop on Emerging Cyberthreats and Countermeasures aims at
bringing together researchers and practitioners working in different areas related to
cybersecurity. In the elapsed year 2014 bleeding hearts, shocked shells, poodles and
several more shocking vulnerabilities in essential parts of our IT (security) infrastructure
emerged. We want to contribute to all technical, organizational and social facets of this
problem. Contributions demonstrating current vulnerabilities and threats as well as new
countermeasures are warmly welcome.
For more information, please see
http://www.ares-conference.eu/conference/workshops/wsdf-2015/.
TRUST 2015
8th International Conference on Trust & Trustworthy Computing,
Heraklion, Crete, Greece, August 24-26, 2015.
[posted here 03/30/15]
TRUST 2015 is an international conference on the technical and
socio-economic aspects of trustworthy infrastructures. It provides
an excellent interdisciplinary forum for researchers, practitioners,
and decision makers to explore new ideas and discuss experiences in
building, designing, using and understanding trustworthy computing
systems.TRUST 2015 solicits original papers on any aspect (technical,
social or socio-economic) of the design, application and usage
of trusted and trustworthy computing. Papers can address design,
application and usage of trusted and trustworthy computing in a
broad range of concepts including, but not limited to, trustworthy
infrastructures, cloud computing, services, hardware, software and
protocols.
For more information, please see
http://www.ics.forth.gr/trust2015/.
WISTP 2015
9th WISTP International Conference on Information Security Theory and Practice,
Crete, Greece, August 24-25, 2015.
[posted here 02/23/15]
Future ICT technologies, such as the concepts of Ambient Intelligence, Cyber-physical
Systems, and Internet of Things provide a vision of the Information Society in which: a)
people and physical systems are surrounded with intelligent interactive interfaces and objects,
and b) environments are capable of recognising and reacting to the presence of different
individuals or events in a seamless, unobtrusive, and invisible manner. The success of
future ICT technologies will depend on how secure these systems are and to what extent
they protect the privacy of individuals and individuals trust them.
In 2007, Workshop in Information Security Theory and Practice (WISTP) was created as a
forum for bringing together researchers and practitioners in related areas and to encourage
interchange and cooperation between the research community and the industrial/consumer
community. Based on the growing interest of the participants, 2015 edition is becoming a
conference - The 9th WISTP International Conference on Information Security Theory and
Practice (WISTP'2015). WISTP 2015 seeks original submissions from academia and industry
presenting novel research on all theoretical and practical aspects of security and privacy,
as well as experimental studies of fielded systems, the application of security technology,
the implementation of systems, and lessons learned. We encourage submissions from
other communities such as law, business, and policy that present these communities'
perspectives on technological issues. Topics of interest include, but are not limited to:
- Security and Privacy in Smart Devices
- Security and Privacy in Networks
- Security and Privacy in Architectures, Protocols, Policies, Systems and Applications
For more information, please see
http://www.wistp.org.
WISA 2015
16th International Workshop on Information Security Applications,
Jeju Island, Korea, August 20-22, 2015.
[posted here 04/06/15]
The primary focus of WISA 2015 is on systems and network security, and the
secondary focus is on all other technical and practical aspects of security
applications. The workshop will serve as a forum for new results from the
academic research community as well as from the industry.
The areas of interest include, but are not limited to:
- Analysis of network and security protocols
- Applications of cryptographic techniques
- Automated tools for source code/binary analysis
- Critical infrastructure security
- Digital Forensics
- Exploit techniques and automation
- HCI security and privacy
- Malware analysis
- Network-based attacks
- Operating system security
- Security policy
- Storage and file system security
- Trustworthy computing
- Web security
- Anonymity and censorship-resistant technologies
- Authentication and authorization
- Botnet defense
- Denial-of-service attacks and countermeasures
- Embedded systems security
- Hardware and physical security
- Intrusion detection and prevention
- Mobile/wireless/cellular system security
- Network infrastructure security
- Practical cryptanalysis (hardware, DRM, etc.)
- Side channel attacks and countermeasures
- Techniques for developing secure systems
- Vulnerability research
For more information, please see
http://www.wisa.or.kr.
IFIP-Summer School on Privacy and Identity Management 2015
10th IFIP Summer School on Privacy and Identity Management - Time for a Revolution?,
Edinburgh, Scotland, August 16-21, 2015.
[posted here 02/16/15]
The Summer School takes a holistic approach to society and technology and
supports interdisciplinary exchange through keynote and plenary lectures, tutorials,
workshops, and research paper presentations. In particular, participants' contributions
that combine technical, legal, regulatory, socio-economic, social or societal, political,
ethical, anthropological, philosophical, or psychological perspectives are welcome.
The school seeks contributions in the form of research papers, tutorials, and workshop
proposals from all disciplines (e.g., computer science, informatics, economics, ethics,
law, psychology, sociology, political and other social sciences, surveillance studies,
business and public management), and is especially inviting contributions from students
who are at the stage of preparing either a master's or a PhD thesis.
Topics of interest include, but are not limited to:
- big data analysis, biometrics, cloud computing, virtuality, data and visual analytics
- concepts of anonymity, pseudonymity, identity in different disciplines or cultures
- cybercrime and cybersecurity
- data breaches, data retention and law enforcement
- digital rights and net neutrality
- digital participation, participatory design, ethically-informed design, co-creation
and co-ollaboration, ecosystems, and social actors' engagement in design
- health informatics, informed consent, and data-sharing
- impact of legislative or regulatory initiatives on privacy
- impact of technology on social exclusion/digital divide/social and cultural aspects
- privacy and identity management (services, technologies, infrastructures,
usability aspects, legal and socio-economic aspects)
- privacy-by-design, privacy-by-default, and privacy impact assessment
- privacy-enhancing technologies (PETs), privacy standardisation, and
privacy issues relating to eIDs
- profiling and tracking technologies
- public attitudes to (national) security and privacy
- roadmap towards increased privacy protection, use of PETs and privacy
by design as a standard procedure
- semantics, web security, and privacy
- social accountability, social, legal and ethical aspects of technology
and the Internet specifically
- social care, community care, integrated care and opportunities for as
well as threats to individual and community privacy
- social networks, social computing, crowdsourcing and social movements
- surveillance, video surveillance, sensor networks, and the Internet of Things
- transparency-enhancing technologies (TETs)
- trust management and reputation systems
- ubiquitous and usable privacy and identity management
For more information, please see
http://www.ifip-summerschool.org/.
WPES 2015
Workshop on Privacy-Preserving Information Retrieval,
Held in conjunction with the ACM SIGIR conference,
Santiago de Chile, August 13, 2015.
[posted here 05/25/15]
We look forward to your ideas and solutions to the cross-discipline
research on privacy and information retrieval. The submissions should be
about but not limited to the following research areas:
- Privacy-related information retrieval models
- Privacy in social media, micro blog, and people search
- Evaluation for privacy-preserving IR
- Leak of sensitive information in natural languages
- Privacy in location-based services, recommender systems, and
other IR works on mobile app
- Privacy preserving IR work for healthcare and other domains
For more information, please see
http://privacypreservingir.org.
USENIX-Security 2015
24th USENIX Security Symposium,
Washington, D.C., USA, August 12-14, 2015.
[posted here 11/17/14]
The USENIX Security Symposium brings together researchers, practitioners, system
administrators, system programmers, and others interested in the latest advances in the
security and privacy of computer systems and networks.
All researchers are encouraged to submit papers covering novel and scientifically
significant practical works in computer security. Refereed paper submissions are
solicited in all areas relating to systems research in security and privacy,
including but not limited to:
- Systems security
- Cryptographic implementation analysis and construction, applied cryptography
- Programming language security
- Web security
- Hardware security
- Network security
- Privacy-enhancing technologies, anonymity
- Human-computer interaction, security, and privacy
- Social issues and security
- Security analysis
- Security measurement studies
For more information, please see
https://www.usenix.org/conference/usenixsecurity15.
SOUPS 2015
Symposium On Usable Privacy and Security,
Ottawa, Canada, July 22-24, 2015.
[posted here 12/01/14]
The 2015 Symposium on Usable Privacy and Security (SOUPS) will bring
together an interdisciplinary group of researchers and practitioners in
human computer interaction, security, and privacy.
We invite authors to submit original papers describing research or experience in
all areas of usable privacy and security. We welcome a variety of research
methods, including both qualitative and quantitative approaches. Topics
include, but are not limited to:
- innovative security or privacy functionality and design
- new applications of existing models or technology
- field studies of security or privacy technology
- usability evaluations of new or existing security or privacy features
- security testing of new or existing usability features
- longitudinal studies of deployed security or privacy features
- studies of administrators or developers and support for security and privacy
- the impact of organizational policy or procurement decisions, and
- lessons learned from the deployment and use of usable privacy and
security features
- reports of replicating previously published studies and experiments
- reports of failed usable security studies or experiments, with the focus
on the lessons learned from such experience
For more information, please see
http://cups.cs.cmu.edu/soups/.
PST 2015
International Conference on Privacy, Security and Trust,
Izmir, Turkey, July 21-23, 2015.
[posted here 02/16/15]
This conference, the thirteenth in an annual series, provides a forum for researchers
world-wide to unveil their latest work in privacy, security and trust and to show how
this research can be used to enable innovation. High-quality papers in all PST related
areas that, at the time of submission, are not under review and have not already
been published or accepted for publications elsewhere are solicited.
PST2015 topics include, but are NOT limited to, the following:
- Privacy Preserving / Enhancing Technologies
- Critical Infrastructure Protection
- Network and Wireless Security
- Operating Systems Security
- Intrusion Detection Technologies
- Secure Software Development and Architecture
- PST Challenges in e-Services, e.g. e-Health, e-Government, e-Commerce
- Network Enabled Operations
- Digital forensics
- Information Filtering, Data Mining and Knowledge from Data
- National Security and Public Safety
- Cryptographic Techniques for Privacy Preservation
- Security Metrics
- Recommendation, Reputation and Delivery Technologies
- Privacy, Traceability, and Anonymity
- Trust and Reputation in Self-Organizing Environments
- Anonymity and Privacy vs. Accountability
- Access Control and Capability Delegation
For more information, please see
http://pst2015.yasar.edu.tr/.
SECRYPT 2015
12th International Conference on Security and Cryptography,
Colmar, Alsace, France, July 20 - 22, 2015.
[posted here 11/17/14]
SECRYPT is an annual international conference covering research in information and communication
security. The conference seeks submissions from academia, industry, and government
presenting novel research on all theoretical and practical aspects of data protection,
privacy, security, and cryptography. Papers describing the application of security technology,
the implementation of systems, and lessons learned are also encouraged. Papers describing
new methods or technologies, advanced prototypes, systems, tools and techniques and
general survey papers indicating future directions are also encouraged.
Topics of interest include:
- Access Control
- Applied Cryptography
- Biometrics Security and Privacy
- Critical Infrastructure Protection
- Data Integrity
- Data Protection
- Database Security and Privacy
- Digital Forensics
- Digital Rights Management
- Ethical and Legal Implications of Security and Privacy
- Formal Methods for Security
- Human Factors and Human Behavior Recognition Techniques
- Identification, Authentication and Non-repudiation
- Identity Management
- Information Hiding
- Information Systems Auditing
- Insider Threats and Countermeasures
- Intellectual Property Protection
- Intrusion Detection & Prevention
- Management of Computing Security
- Network Security
- Organizational Security Policies
- Peer-to-Peer Security
- Personal Data Protection for Information Systems
- Privacy
- Privacy Enhancing Technologies
- Reliability and Dependability
- Risk Assessment
- Secure Software Development Methodologies
- Security and Privacy for Big Data
- Security and privacy in Complex Systems
- Security and Privacy in Crowdsourcing
- Security and Privacy in IT Outsourcing
- Security and Privacy in Location-based Services
- Security and Privacy in Mobile Systems
- Security and Privacy in Pervasive/Ubiquitous Computing
- Security and Privacy in Smart Grids
- Security and Privacy in Social Networks
- Security and Privacy in the Cloud
- Security and Privacy in Web Services
- Security and Privacy Policies
- Security Area Control
- Security Deployment
- Security Engineering
- Security in Distributed Systems
- Security Information Systems Architecture
- Security Management
- Security Metrics and Measurement
- Security Protocols
- Security requirements
- Security Verification and Validation
- Sensor and Mobile Ad Hoc Network Security
- Service and Systems Design and QoS Network Security
- Software Security
- Trust management and Reputation Systems
- Ubiquitous Computing Security
- Wireless Network Security
For more information, please see
http://www.secrypt.icete.org.
CAV 2015
27th International Conference on Computer Aided Verification,
San Francisco, California, USA, July 18-24 2015.
[posted here 10/06/14]
CAV 2015 is the 27th in a series dedicated to the advancement of the theory and practice
of computer-aided formal analysis methods for hardware and software systems. CAV
considers it vital to continue spurring advances in hardware and software verification
while expanding to new domains such as biological systems and computer security. The
conference covers the spectrum from theoretical results to concrete applications, with
an emphasis on practical verification tools and the algorithms and techniques that are
needed for their implementation. The proceedings of the conference will be published in
the Springer LNCS series. A selection of papers will be invited to a special issue of Formal
Methods in System Design and the Journal of the ACM.
Topics of interest include but are not limited to:
- Algorithms and tools for verifying models and implementations
- Hardware verification techniques
- Deductive, compositional, and abstraction techniques for verification
- Program analysis and software verification
- Verification methods for parallel and concurrent hardware/software systems
- Testing and run-time analysis based on verification technology
- Applications and case studies in verification
- Decision procedures and solvers for verification
- Mathematical and logical foundations of practical verification tools
- Verification in industrial practice
- Algorithms and tools for system synthesis
- Hybrid systems and embedded systems verification
- Verification techniques for security
- Formal models and methods for biological systems
For more information, please see
http://i-cav.org/2015/.
FCS 2015
Workshop on Foundations of Computer Security,
Held in conjunction with IEEE CSF 2015,
Verona, Italy, July 13, 2015.
[posted here 03/02/15]
Computer security is an established field of both theoretical and practical significance.
In recent years, there has been sustained interest in the formal foundations of methods
used in computer security. The aim of the FCS 2015 workshop is to provide a forum for
continued activity in this area. The scope of FCS 2015 includes, but is not limited to,
the formal specification, analysis, and design of cryptographic protocols and their
applications; the formal definition of various aspects of security such as access
control mechanisms, mobile code security and denial-of-service attacks; the modelling
of information flow and its application to confidentiality policies, system composition,
and covert channel analysis. We are interested both in new theoretical results in
computer security and also in more exploratory presentations that examine open
questions and raise fundamental concerns about existing theories, as well as in
new results on developing and applying automated reasoning techniques and tools
for the formal specification and analysis of security protocols. We thus solicit
submission of papers both on mature work and on work in progress. Please note that
FCS has no published proceedings. Presenting a paper at the workshop should not
preclude submission to or publication in other venues. Papers presented at the
workshop will be made publicly available, but this will not constitute an
official proceedings.
For more information, please see
http://software.imdea.org/~bkoepf/FCS15/.
DIMVA 2015
12th International Conference on Detection of Intrusions and
Malware & Vulnerability Assessment,
Milano, Italy, July 9-10, 2015.
[posted here 12/15/14]
The annual DIMVA conference serves as a premier forum for advancing the
state of the art in intrusion detection, malware detection, and vulnerability
assessment. Each year, DIMVA brings together international experts from academia,
industry, and government to present and discuss novel research in these areas.
This year, due to the increased threats against critical infrastructures and
industrial control systems, we encourage submissions in these areas.
Specifically, we welcome strong technical contributions that consider
the cross-area obstacles (e.g., privacy, societal and legal aspects)
that arise when deploying protection measures in the real world.
For more information, please see
http://www.dimva2015.it.
HAISA 2015
International Symposium on Human Aspects of Information Security & Assurance,
Lesvos, Greece, July 1-3, 2015.
[posted here 01/12/15]
It is commonly acknowledged that security requirements cannot be addressed
by technical means alone, and that a significant aspect of protection
comes down to the attitudes, awareness, behaviour and capabilities of the
people involved. Indeed, people can potentially represent a key asset in
achieving security, but at present, factors such as lack of awareness
and understanding, combined with unreasonable demands from security
technologies, can dramatically impede their ability to do so. Ensuring
appropriate attention and support for the needs of users should
therefore be seen as a vital element of a successful security strategy.
People at all levels (i.e. from organisations to domestic environments;
from system administrators to end-users) need to understand security
concepts, how the issues may apply to them, and how to use the
available technology to protect their systems. In addition, the
technology itself can make a contribution by reducing the demands upon
users, simplifying protection measures, and automating a variety of
safeguards. With the above in mind, this symposium specifically
addresses information security issues that relate to people. It
concerns the methods that inform and guide users' understanding
of security, and the technologies that can benefit and support
them in achieving protection. The symposium welcomes papers addressing
research and case studies in relation to any aspect of information
security that pertains to the attitudes, perceptions and behaviour of
people, and how human characteristics or technologies may be positively
modified to improve the level of protection. Indicative themes include:
- Information security culture
- Awareness and education methods
- Enhancing risk perception
- Public understanding of security
- Usable security
- Psychological models of security software usage
- User acceptance of security policies and technologies
- User-friendly authentication methods
- Biometric technologies and impacts
- Automating security functionality
- Non-intrusive security
- Assisting security administration
- Impacts of standards, policies, compliance requirements
- Organizational governance for information assurance
- Simplifying risk and threat assessment
- Understanding motivations for misuse
- Social engineering and other human-related risks
- Privacy attitudes and practices
- Computer ethics and security
For more information, please see
http://haisa.org/.
PETS 2015
15th Privacy Enhancing Technologies Symposium,
Philadelphia, PA, USA, June 30 - July 2, 2015.
[posted here 09/22/14]
The annual Privacy Enhancing Technologies Symposium (PETS) brings together
privacy and anonymity experts from around the world to discuss recent advances
and new perspectives. PETS addresses the design and realization of privacy services
for the Internet and other data systems and communication networks.
Papers should present novel practical and/or theoretical research into the design, analysis,
experimentation, or fielding of privacy-enhancing technologies. While PETS has traditionally been home
to research on anonymity systems and privacy-oriented cryptography, we strongly encourage
submissions in a number of both well-established and some emerging privacy-related topics.
*** New starting this year ***: Papers will undergo a journal-style reviewing process and be
published in the Proceedings on Privacy Enhancing Technologies (PoPETs). PoPETs, a scholarly
journal for timely research papers on privacy, has been established as a way to improve reviewing
and publication quality while retaining the highly successful PETS community event. PoPETs will be
published by De Gruyter Open (http://degruyteropen.com/), the world's second largest publisher
of Open Access academic content, and part of the De Gruyter group (http://www.degruyter.com/),
which has over 260 years of publishing history.
Authors can submit papers to one of several submission deadlines during the year. Papers are
provided with major/minor revision decisions on a predictable schedule, where we endeavor to assign
the same reviewers to major revisions. Authors can address the concerns of reviewers in their revision
and rebut reviewer comments before a final decision on acceptance is made. Papers accepted for
publication by May 15th will be presented at that year's symposium. Note that accepted papers
must be presented at PETS. Suggested topics include but are not restricted to:
- Behavioural targeting
- Building and deploying privacy-enhancing systems
- Crowdsourcing for privacy
- Cryptographic tools for privacy
- Data protection technologies
- Differential privacy
- Economics of privacy and game-theoretical approaches to privacy
- Forensics and privacy
- Human factors, usability and user-centered design for PETs
- Information leakage, data correlation and generic attacks to privacy
- Interdisciplinary research connecting privacy to economics, law,
ethnography, psychology, medicine, biotechnology
- Location and mobility privacy
- Measuring and quantifying privacy
- Obfuscation-based privacy
- Policy languages and tools for privacy
- Privacy and human rights
- Privacy in ubiquitous computing and mobile devices
- Privacy in cloud and big-data applications
- Privacy in social networks and microblogging systems
- Privacy-enhanced access control, authentication, and identity management
- Profiling and data mining
- Reliability, robustness, and abuse prevention in privacy systems
- Surveillance
- Systems for anonymous communications and censorship resistance
- Traffic analysis
- Transparency enhancing tools
For more information, please see
https://www.petsymposium.org/2015/.
SPE 2015
IEEE 5th International Workshop on Security and Privacy Engineering,
Co-located with 11th IEEE World Congress on Services (SERVICES 2015),
New York, NY, USA, June 27 - July 2, 2015.
[posted here 02/23/15]
Built upon the success of spectrum of conferences within the IEEE World Congress
on Services and the Security and Privacy Engineering workshop, IEEE Security and
Privacy Engineering (SPE 2015) theme is a unique place to exchange ideas of
engineering secure systems in the context of service computing, cloud computing,
and big data analytics. The emphasis on engineering in security and privacy of
services differentiates the theme from other traditional prestigious security and
privacy workshops, symposiums, and conferences. The practicality and value
realization are examined by practitioners from leading industries as well as
scientists from academia. In line with the engineering spirit, we solicit original
papers presenting real solutions and visions on building secure service systems
that can be applied to government procurement, digital medical records, cloud
environments, social networking for business purposes, multimedia application,
mobile commerce, education, and the like. Potential contributions could cover,
but are not limited to, methodologies, protocols, tools, or verification and
validation techniques. We also welcome review papers that analyze critically
the status of current Security and Privacy (S&P) in a specific area. Papers
from practitioners who encounter security and privacy problems and seek
understanding are also welcome. Topics of interests of SPE 2015 include,
but are not limited to:
- S&P Engineering of Service-Based Applications
- Security Engineering of Service Compositions
- Practical Approaches to Security Engineering of Services
- Privacy-Aware Service Engineering
- Industrial and Real Use Cases in S&P Engineering of (Cloud) Services
- S&P Engineering of Cloud Services
- Auditing and Assessment
- Assurance and Certification
- Cloud Transparency
- Security Management and Governance
- Privacy Enforcement in Clouds and Services
- Cybersecurity Issues of Clouds and Services
- Validation and Verification of S&P in Clouds and Services
- Applied Cryptography for S&P in Clouds and Services
- S&P Testing in Clouds and Services
- Security and Privacy Modeling
- Socio-Economics and Compliance
- Education and Awareness
- Big Data S&P Engineering
- Mobile Cloud S&P Engineering
- S&P Engineering into futuristic blue skies
For more information, please see
http://sesar.di.unimi.it/SPE2015/.
PTDCS 2015
Workshop on Privacy by Transparency in Data-Centric Services,
Held in conjunction with the 18th International Conference on Business Information Systems (BIS 2015),
Poznan, Poland, June 24-26, 2015.
[posted here 02/02/15]
Big Data has developed into a key factor of the economy that benefits users and
providers of data-centric services. However, the analysis of growing volumes of
users data in data-centric services also presents significant privacy challenges. The
objective of this workshop is to bring researchers and practitioners together to
explore transparency-based mechanisms, such as dashboards, economic explanations
of the use of privacy and value of data, as well as user behavior. In particular, the
goal of this workshop is to set thematic milestones for the technical development
of transparency mechanisms on the one hand, and on the other, trace ways in which
technical progress, users and industry could profit from transparency. A major focus
will be set on Transparency-Enhancing Technologies (TET) and, in particular,
Privacy Dashboards. Topics of interest include, but are not limited to:
- Accountability in Data-Centric Services
- Economics of TET
- Privacy Dashboards
- Privacy Economics
- Privacy Policy Specification and Negotiation
- Privacy in Socio-Technical Systems
- Privacy-Enabled Business Models
- Requirements for TET
- Transparent Behavioral Targeting
- Transparent Usage Control
For more information, please see
http://bis.kie.ue.poznan.pl/bis2015/workshops/ptdcs-2015/.
WiSec 2015
8th ACM Conference on Security and Privacy in Wireless and Mobile Networks,
New York City, NY, USA, June 22-26, 2015.
[posted here 11/17/14]
ACM WiSec is the leading ACM and SIGSAC conference dedicated to all aspects of
security and privacy in wireless and mobile and mobile networks and their applications.
In addition to the traditional ACM WiSec topics of physical, link, and network layer
security, we welcome papers focusing on the security and privacy of mobile software
platforms, usable security and privacy, biometrics, cryptography, and the increasingly
diverse range of mobile or wireless applications such as Internet of Things, and
Cyber-Physical Systems. The conference welcomes both theoretical as well as
systems contributions. Topics of interest include, but are not limited to:
- Mobile malware and platform security
- Security & Privacy for Smart Devices (e.g., Smartphones)
- Wireless and mobile privacy and anonymity
- Secure localization and location privacy
- Cellular network fraud and security
- Jamming attacks and defenses
- Key extraction, agreement, or distribution
- Theoretical foundations, cryptographic primitives, and formal methods
- NFC and smart payment applications
- Security and privacy for mobile sensing systems
- Wireless or mobile security and privacy in health, automotive,
avionics, or smart grid applications
- Self-tracking/Quantified Self Security and Privacy
- Physical Tracking Security and Privacy
- Usable Mobile Security and Privacy
- Economics of Mobile Security and Privacy
- Bring Your Own Device (BYOD) Security
For more information, please see
http://www.sigsac.org/wisec/WiSec2015/.
WEIS 2015
14th Annual Workshop on the Economic of Information Security,
Delft University of Technology, The Netherlands, June 22-23, 2015.
[posted here 01/05/15]
The Workshop on the Economics of Information Security (WEIS) is the leading
forum for interdisciplinary scholarship on information security and privacy,
combining expertise from the fields of economics, social science, business,
law, policy, and computer science. Prior workshops have explored the role of
incentives between attackers and defenders of information systems, identified
market failures surrounding Internet security, quantified risks of personal
data disclosure, and assessed investments in cyber-defense. WEIS 2015 will
build on past efforts using empirical and analytic tools not only to understand
threats, but also to strengthen security and privacy through novel evaluations
of available solutions. We encourage economists, computer scientists,
legal scholars, business school researchers, security and privacy specialists,
as well as industry experts to submit their research and participate by
attending the workshop. Suggested topics include (but are not limited to)
empirical and theoretical studies of:
- Optimal investment in information security
- Models and analysis of online crime
- Risk management and cyber-insurance
- Security standards and regulation
- Cyber-security and privacy policy
- Cyber-defense strategy and game theory
- Security and privacy models and metrics
- Economics of privacy and anonymity
- Behavioral security and privacy
- Vulnerability discovery, disclosure, and patching
- Incentives for information sharing and cooperation
- Incentives regarding pervasive monitoring threats
For more information, please see
http://weis2015.econinfosec.org/.
RFIDSec 2015
11th Workshop on RFID Security,
Co-located with ACM WiSec 2015,
New York City, NY, USA, June 22-23, 2015.
[posted here 11/17/14]
The RFIDSec workshop is the premier international venue on the latest
technological advances in security and privacy in Radio Frequency Identification
(RFID). The 11th edition of RFIDSec continues the effort to broaden the scope
towards solutions for security and privacy in related constrained environments:
Internet of Things, NFC devices, Wireless Tags, and more.
Attendees from academia, industry and government can network with a broad range
of international experts. The workshop will include both invited and contributed talks.
We invite researchers to submit their latest results in Security and Privacy for
RFID as well as for associated technologies. Topics of interest include:
- Implementations of cryptography and protocols with constrained resources in
terms of energy, power, computation resources and memory footprint
- Lightweight cryptography and cryptographic protocols
- Efficient and secure processor architectures for constrained environments
- Tamper and reverse-engineering resistant designs for constrained platforms
- Side-channel and fault attacks as well as countermeasures
- Novel implementations of cryptography to support privacy and untraceability
- Cross-layer engineering of constrained secure implementations within secure systems
- Novel technologies and applications such as NFC, IC anti-counterfeiting, and
Internet of Things
- Design issues related to scalability, large-scale deployment and
management of secure tags
For more information, please see
http://rfidsec2015.iaik.tugraz.at/.
MSPN 2015
International Conference on Mobile, Secure and Programmable Networking,
Paris, France, June 15-17, 2015.
[posted here 02/23/15]
The rapid deployment of new infrastructures based on network virtualization
and Cloud computing triggers new applications and services that in turn generate
new constraints such as security and/or mobility. The International Conference
on Mobile, Secure and Programmable Networking aims at providing a top forum
for researchers and practitioners to present and discuss new trends in networking
infrastructures, security, services and applications while focusing on virtualization
and Cloud computing for networks, network programming, Software Defined
Networks (SDN) and their security. Position papers are also welcome and
should be clearly marked as such. Authors are invited to submit complete
unpublished papers, which are not under review in any other conference or journal,
including, but not limited to, the following topic areas:
- Software Defined Networks (tools, software, concepts)
- Virtualization and Cloud computing
- Networks and Cloud computing
- Mobile computing and Mobile Cloud computing
- Security, Privacy and Trust in Networks, Services and Applications
- Green computing and networking
- Ubiquitous Computing and Sensor Networks
- System design and testbeds
- Cross-Layer Design and Optimization
- Quality of service
- Modeling and performance evaluation
- 4G and 5G networks
- Social networks
- Cooperative networking and Self-Organizing networks
- Distributed sensing, actuation, and control in cyber-physical systems
- Internet of Things
- Vehicular networks and Connected Car
- Crowdsourcing
- Datacenter networking
- Location-based Services
- Web-services and SOA
For more information, please see
http://cedric.cnam.fr/workshops/mspn2015/.
DAC-Security Track 2015
Design Automation Conference,
San Francisco, CA, USA, June 7-11, 2015.
[posted here 10/13/14]
Security primitives and protocols are typically built upon the notion of a "secret" key
or code stored in a protected place. A common presumption in software, data, and
systems security is that as long as the secret is in the hardware, their method is invulnerable
to attacks and exploits. However this is not true.
These systems are vulnerable to a variety of hardware-centric attacks: side channel analysis, reverse
engineering, IP piracy, hardware Trojans and counterfeiting. Furthermore, a host of hardware-based
threats are emerging due to the globalization of Integrated Circuit (IC) and embedded system design.
Consequently, designers and users of ICs, Intellectual Property (IP) and embedded systems are
beginning to re-assess their trust in these systems.
Overall, there is an urgent need to create, analyze, evaluate, and improve the hardware base of
the contemporary security solutions. The Security Track at DAC seeks to highlight and celebrate
the emergence of security and trust as an important dimension of Hardware and Embedded
Systems Design (side-by-side with power, performance, and reliability).
For more information, please see
https://dac.com/submission-categories/hardware-and-software-security.
ACNS 2015
13th International Conference on Applied Cryptography and Network Security,
New York, NY, USA, June 2-5, 2015.
[posted here 11/03/14]
The 13th International Conference on Applied Cryptography and Network Security (ACNS 2015)
seeks submissions presenting novel research on all technical aspects of applied cryptography, network
and computer security, and privacy. This includes submissions on traditional cryptography and
security areas (e.g., symmetric or public key cryptography, network security, privacy and anonymity),
emerging areas (e.g., security and privacy for big data, outsourced computation, or digital currency),
and new paradigms or non-traditional perspectives. Submissions may focus on new visions,
definitions, security and privacy metrics, provably secure protocols, impossibility results, attacks,
industrial challenges, case studies, experimental reports related to implementation and
deployment of real-world systems or policies, or any other original research advancing
the state of the art.
For more information, please see
http://acns2015.cs.columbia.edu/.
SACMAT 2015
20th ACM Symposium on Access Control Models and Technologies,
Vienna, Austria, June 1-3, 2015.
[posted here 01/05/15]
The ACM Symposium on Access Control Models and Technologies (SACMAT) is the premier
forum for the presentation of research results and experience reports on leading
edge issues of access control, including models, systems, applications, and theory.
The aims of the symposium are to share novel access control solutions that
fulfil the needs of heterogeneous applications and environments, and to identify
new directions for future research and development. SACMAT provides researchers
and practitioners with a unique opportunity to share their perspectives with
others interested in the various aspects of access control.
Papers offering novel research contributions in all aspects of access control
are solicited for submission to the 20th ACM Symposium on Access Control Models
and Technologies (SACMAT 2015). Accepted papers will be presented at the
symposium and published by the ACM in the symposium proceedings. Topics
of interest include but are not limited to:
- Access Intelligence
- Administration
- Applications
- Attribute-based systems
- Authentication
- Big data
- Biometrics
- Cloud computing
- Cryptographic approaches
- Cyber-physical systems
- Databases and data management
- Design methodology
- Distributed and mobile systems
- Economic models and game theory
- Enforcement
- Hardware enhanced
- Identity management
- Mechanisms, systems, and tools
- Models and extensions
- Obligations
- Policy engineering and analysis
- Requirements
- Risk
- Safety analysis
- Standards
- Theoretical foundations
- Trust management
- Usability
For more information, please see
http://www.sacmat.org/.
eCrime 2015
10th Symposium on Electronic Crime Research,
Held in conjunction with the 2015 APWG General Meeting and the fifth eCrime Sync-up,
Barcelona, Spain, May 26-29, 2015.
[posted here 12/22/14]
eCrime 2015 consists of 4 days of keynote presentations, technical and practical
sessions and interactive panels, which will allow academic researchers, security practitioners,
and law enforcement to discuss and exchange ideas, experiences and lessons learnt in
all aspects of electronic crime and ways to combat it.
This time the main topic of the conference will be "Mobile Devices Security", since
Barcelona is the Mobile World Capital. Topics of interests include (but are not limited to):
- Case studies of current attack methods, including intrusion, phishing, smishing,
malware, rogue antivirus, pharming, crimeware, botnets, and emerging threats to
mobile devices.
- Case studies of online advertising fraud, including click fraud, malvertising, cookie
stuffing, and affiliate fraud, as well as mobile App privacy risks prevention.
- Case studies of large-scale take-downs, such as coordinated botnet disruption
- Technical, legal, political, social and psychological aspects of fraud and fraud prevention
- Economics of online crime, including measurement studies of underground
economies and models of e-crime, social engineering linked to use of mobile devices as
first or second authentication factor.
- Applied Innovations in the use of authentication systems in eBanking and other sectors:
biometry, soft and hard-token devices as mobile phones, tablets and others. Privacy aware
mobile authentication and mobile identity management, BYOD security, mobile device
management, encryption, etc.
- Uncovering and disrupting online criminal collaboration and gangs
- Financial infrastructure of e-crime, including payment processing and money laundering,
and the impact of increasing success of mobile payment methods.
- Techniques to assess the risks and yields of attacks and the effectiveness of
countermeasures. Metrics standards and conventions in the establishment of tests of efficacy.
- Delivery techniques, including DNS manipulation, mobile App, spam, voice mail, social
network and web browser search manipulation, specific mobile devices security hardening;
and countermeasures
- Techniques to avoid detection, tracking and take-down; and ways to block such techniques
- Mobile malware and mobile infrastructure security configuration and best practices
to improve security and prevent infection.
- Mobile devices forensic analysis tools.
- Best practices for detecting and avoiding damages to critical internet infrastructure,
such as DNS and SCADA, from electronic crime activities, including mobile phone infrastructure.
For more information, please see
https://apwg.org/apwg-events/ecrime2015/cfp.
MoST 2015
Mobile Security Technologies Workshop,
an event of the IEEE Computer Society's Security and Privacy Workshops (SPW 2015),
Held in conjunction with the 34th IEEE Symposium on Security and Privacy (IEEE SP 2015),
The Fairmont Hotel, San Jose, CA, USA, May 21, 2015.
[posted here 01/12/15]
Mobile Security Technologies (MoST) brings together researchers, practitioners,
policy makers, and hardware and software developers of mobile systems to explore
the latest understanding and advances in the security and privacy for
mobile devices, applications, and systems. The scope of MoST 2015 includes,
but is not limited to, security and privacy specifically for mobile
devices and services related to:
- Device hardware
- Operating systems
- Middleware
- Mobile web
- Secure and efficient communication
- Secure application development tools and practices
- Privacy
- Vulnerabilities and remediation techniques
- Usable security
- Identity and access control
- Risks in putting trust in the device vs. in the network/cloud
- Special applications, such as medical monitoring and records
- Mobile advertisement
- Secure applications and application markets
- Economic impact of security and privacy technologies
For more information, please see
http://ieee-security.org/TC/SPW2015/MoST/.
LangSec 2015
2nd Workshop on Language-Theoretic Security,
Held in conjunction with IEEE Symposium on Security and Privacy (SP 2015),
San Jose, CA, USA, May 21, 2015.
[posted here 10/06/14]
LangSec workshop solicits contributions related to the growing area of language-theoretic
security. LangSec offers a coherent explanation for the "science of insecurity" as more
than an ad hoc collection of software mistakes or design flaws. This explanation is
predicated on the connection between fundamental computability principles and the
continued existence of software flaws. LangSec posits that the only path to trustworthy
software that takes untrusted inputs is treating all valid or expected inputs as a formal
language and treating the respective input-handling routines as a recognizer for that
language. The LangSec approach to system design is primarily concerned with achieving
practical assurance: development that is rooted in fundamentally sound computability
theory, but is expressed as efficient and practical systems components. One major
objective of the workshop is to develop and share this viewpoint with attendees
and the broader systems security community to help establish a foundation for
research based on LangSec principles.
The overall goal of the workshop is to bring more clarity and focus to two complementary
areas: (1) practical software assurance and (2) vulnerability analysis (identification,
characterization, and exploit development). The LangSec community views these
activities as related and highly structured engineering disciplines and seeks to
provide a forum to explore and develop this relationship.
For more information, please see
http://spw15.langsec.org/index.html.
IWPE 2015
1st International Workshop on Privacy Engineering,
Held in conjunction with IEEE Symposium on Security and Privacy (SP 2015),
San Jose, CA, USA, May 21, 2015.
[posted here 10/06/14]
Ongoing news reports regarding global surveillance programs, massive personal data
breaches in corporate databases, and notorious examples of personal tragedies due to
privacy violations have intensified societal demands for privacy-friendly systems. In response,
current legislative and standardization processes worldwide aim to strengthen individual’s
privacy by introducing legal and organizational frameworks that personal data collectors
and processors must follow. However, in practice, these initiatives alone are not enough to
guarantee that organizations and software developers will be able to identify and adopt appropriate
privacy engineering techniques in their daily practices. Even if so, it is difficult to systematically
evaluate whether the systems they develop using such techniques comply with legal frameworks,
provide necessary technical assurances, and fulfill users’ privacy requirements. It is evident
that research is needed in developing techniques that can aid the translation of legal and
normative concepts, as well as user expectations into systems requirements. Furthermore,
methods that can support organizations and engineers in developing (socio-)technical systems
that address these requirements is of increasing value to respond to the existing societal
challenges associated with privacy. While there is a consensus on the benefits of an engineering
approach to privacy, concrete proposals for processes, models, methodologies, techniques
and tools that support engineers and organizations in this endeavor are few and in need of
immediate attention. To cover this gap, the topics of the International Workshop on Privacy
Engineering (IWPE'15) focus on all the aspects surrounding privacy engineering, ranging from
its theoretical foundations, engineering approaches, and support infrastructures, to its
practical application in projects of different scale.
IWPE’15 welcomes papers that focus on novel solutions on the recent developments
in the general area of privacy engineering. Topics of interests include,
but are not limited to:
- Integration of law and policy compliance into the development process
- Privacy impact assessment
- Privacy risk management models
- Privacy breach recovery Methods
- Technical standards, heuristics and best practices for privacy engineering
- Privacy engineering in technical standards
- Privacy requirements elicitation and analysis methods
- User privacy and data protection requirements
- Management of privacy requirements with other system requirements
- Privacy requirements operationalization
- Privacy engineering strategies and design patterns
- Privacy architectures
- Privacy engineering and databases
- Privacy engineering in the context of interaction design and usability
- Privacy testing and evaluation methods
- Validation and verification of privacy requirements
- Engineering Privacy Enhancing Technologies
- Models and approaches for the verification of privacy properties
- Tools supporting privacy engineering
- Teaching and training privacy engineering
- Adaptations of privacy engineering into specific software development processes
- Pilots and real-world applications
- Privacy engineering and accountability
- Organizational, legal, political and economic aspects of privacy engineering
For more information, please see
http://ieee-security.org/TC/SPW2015/IWPE/.
GenoPri 2015
2nd International Workshop on Genome Privacy and Security,
Held in conjunction with IEEE Symposium on Security and Privacy (SP 2015),
San Jose, CA, USA, May 21, 2015.
[posted here 10/06/14]
Over the past several decades, genome sequencing technologies have evolved from
slow and expensive systems that were limited in access to a select few scientists and
forensics investigators to high-throughput, relatively low-cost tools that are available
to consumers. A consequence of such technical progress is that genomics has become
one of the next major challenges for privacy and security because (1) genetic diseases
can be unveiled, (2) the propensity to develop specific diseases (such as Alzheimer’s)
can be revealed, (3) a volunteer, accepting to have his genomic code made public, can
leak substantial information about his ethnic heritage and the genomic data of his
relatives (possibly against their will), and (4) complex privacy issues can arise if DNA
analysis is used for criminal investigations and medical purposes.
As genomics is increasingly integrated into healthcare and "recreational" services (e.g., ancestry
testing), the risk of DNA data leakage is serious for both individuals and their relatives. Failure
to adequately protect such information could lead to a serious backlash, impeding genomic
research, that could affect the well-being of our society as a whole. This prompts the need
for research and innovation in all aspects of genome privacy and security, as suggested by
the non-exhaustive list of topics below:
- Privacy-preserving analysis of and computation on genomic data
- Security and privacy metrics for the leakage of genomic data
- Cross-layer attacks to genome privacy
- Access control for genomic data
- Differentiated access rights for medical professionals
- Quantification of genome privacy
- De-anonymization attacks against genomic databases
- Efficient cryptographic techniques for enhancing security/privacy of genomic data
- Privacy enhancing technologies for genomic data
- Implications of synthetic DNA for privacy
- Applications of differential privacy to the protection of genomic data
- Storage and long-term safety of genomic data
- Secure sharing of genomic data between different entities
- Trust in genomic research and applications
- Social and economic issues for genome privacy and security
- Ethical and legal issues in genomics
- Studies of policy efforts in genomics
- User studies and perceptions
- Social and economic issues for genome privacy
- Studies of issues and challenges with informed consent
- Privacy issues in transcriptomics and proteomics
- Systematization-of-knowledge of genome privacy and security research
For more information, please see
http://www.genopri.org/.
W2SP 2015
Web 2.0 Security and Privacy Workshop,
Held in conjunction with IEEE Symposium on Security and Privacy (SP 2015),
San Jose, CA, USA, May 21, 2015.
[posted here 10/06/14]
W2SP brings together researchers, practitioners, web programmers, policy makers,
and others interested in the latest understanding and advances in the security and
privacy of the web, browsers, cloud, mobile and their eco-system. We have had
eight years of successful W2SP workshops.
The scope of W2SP 2015 includes, but is not limited to:
- Analysis of Web, Cloud and Mobile Vulnerabilities
- Forensic Analysis of Web, Cloud and Mobile Systems
- Security Analysis of Web, Cloud and Mobile Systems
- Advances in Penetration Testing
- Advances in (SQL/code) Injection Attacks
- Trustworthy Cloud-based, Web and Mobile services
- Privacy and Reputation in Web (e.g. Social Networks), Cloud, Mobile Systems
- Security and Privacy as a Service
- Usable Security and Privacy
- Security and Privacy Solutions for the Web, Cloud and Mobile
- Identity Management, Pseudonymity and Anonymity
- Security/Privacy Web Services/Feeds/Mashups
- Provenance and Governance
- Security and Privacy Policy Management for the Web, Cloud and Mobile
- Next-Generation Web/Mobile Browser Technology
- Security/Privacy Extensions and Plug-ins
- Online Privacy and Security frameworks
- Advertisement and Affiliate fraud
- Studies on Understanding Web/Cloud/Mobile Security and Privacy
- Technical Solutions for Security and Privacy legislation
- Solutions for connecting the Business, Legal, Technical and Social aspects on
Web/Cloud/Mobile Security and Privacy
- Technologies merging Economics with Security/Privacy
- Innovative Security/Privacy Solutions for Industry Verticals
- Formal methods in Security
For more information, please see
http://ieee-security.org/TC/SPW2015/W2SP/cfp.html.
SP 2015
36th IEEE Symposium on Security and Privacy,
San Jose, CA, USA, May 18-20, 2015.
[posted here 09/22/14]
Since 1980, the IEEE Symposium on Security and Privacy has been the premier forum
for computer security research, presenting the latest developments and bringing together
researchers and practitioners. We solicit previously unpublished papers offering novel
research contributions in any aspect of security or privacy. Papers may present advances
in the theory, design, implementation, analysis, verification, or empirical evaluation and
measurement of secure systems. Topics of interest include:
- Access control
- Accountability
- Anonymity
- Application security
- Attacks and defenses
- Authentication
- Censorship and censorship-resistance
- Cloud security
- Distributed systems security
- Embedded systems security
- Forensics
- Hardware security
- Intrusion detection
- Malware
- Metrics
- Mobile security and privacy
- Language-based security
- Network security
- Privacy-preserving systems
- Protocol security
- Secure information flow
- Security and privacy policies
- Security architectures
- System security
- Usable security and privacy
- Web security and privacy
This topic list is not meant to be exhaustive; S&P is interested in all aspects of computer
security and privacy. Papers without a clear application to security or privacy, however,
will be considered out of scope and may be rejected without full review.
Given the rapidly expanding and maturing security and privacy community, we hope to
increase the acceptance rate of papers that are more far-reaching and risky, as long as
those papers also show sufficient promise for creating interesting discussions and
questioning widely-held beliefs.
Systematization of Knowledge Papers: Following the success of recent years’ conferences,
we are also soliciting papers focused on systematization of knowledge (SoK). The goal of this
call is to encourage work that evaluates, systematizes, and contextualizes existing knowledge.
Such work can provide a high value to our community but may not be accepted because of a
lack of novel research contributions. Suitable papers are those that provide important new
insights on established, major research areas or support or challenge long-held beliefs with
compelling evidence. Papers that survey research areas without providing such insights are
not appropriate. Submissions will be distinguished by the prefix “SoK:” in the title and a
checkbox on the submission form. They will be reviewed by the full PC and held to the
same standards as traditional research papers, except instead of emphasizing novel research
contributions the emphasis will be on value to the community. Accepted papers will be
presented at the symposium and included in the proceedings.
For more information, please see
http://www.ieee-security.org/TC/SP2015/.
TELERISE 2015
1st International Workshop on TEchnical and LEgal aspects of data pRIvacy and SEcurity,
Co-located with ICSE 2015,
Florence, Italy, May 18, 2015.
[posted here 12/15/14]
Information sharing is essential for today's business and societal transactions.
Nevertheless, such a sharing should not violate the security and privacy requirements
dictated by Law, by internal regulations of organisations, and by data subjects.
An effectual, rapid, and unfailing electronic data sharing among different parties,
while protecting legitimate rights on these data, is a key issue with several shades.
Among them, how to translate the high-level law obligations, business constraints,
and users' requirements into system-level privacy policies, providing efficient and
practical solutions for policy definition and enforcement. TELERISE aims at providing
a forum for researchers and engineers, in academia and industry, to foster an
exchange of research results, experiences, and products in the area of privacy
preserving and secure data management, from a technical and legal perspective.
The ultimate goal is to conceive new trends and ideas on designing, implementing,
and evaluating solutions for privacy-preserving information sharing, with an eye to
cross-relations between ICT and regulatory aspects of data management.
Topics of interest are (but not limited to):
- Model-based and experimental assessment of data protection
- Privacy in identity management and authentication
- Modelling and analysis languages for representation, visualization,
specification of legal regulations
- Technical, legal and user requirements for data protection
- User-friendly authoring tools to edit privacy preferences
- IT infrastructures for privacy and security policies management
- IT infrastructure for supporting privacy and security policies evolution
- Privacy and security policies conflict analysis and resolution strategies
- Electronic Data Sharing Agreements Representation: Languages
and Management Infrastructure
- Cross-relations between privacy-preserving technical solutions and
legal regulations
- Privacy aware access and usage control
- Privacy and security policies enforcement mechanisms
- Privacy preserving data allocation and storage
- Software systems compliance with applicable laws and regulations
- Heuristic for pattern identification in law text
- Empirical analysis of consumer's awareness of privacy and security policies
For more information, please see
http://www.iit.cnr.it/telerise2015/.
EDFC 2015
National Conference on Ethics and Digital Forensics,
Arlington, VA, USA, May 13-15, 2015.
[posted here 12/01/14]
The National Science Foundation (NSF) and Alabama Cyber Research Consortium (ALCRC)
are hosting the first interdisciplinary conference on professional ethics and digital forensics:
Professional Ethics and Digital Forensics: An Interdisciplinary Conference.
This conference will provide opportunities for both academics and practitioners to address a
pressing issue in digital forensics: the lack of unifying ethical standards, procedures and guidelines
for routine activities, such as digital forensic analysis, cybercrime case processing, and data
mining/surveillance. This conference will also explore cyber ethics from the following
interdisciplinary perspectives: Digital Forensic Investigations, Social and Behavioral Sciences,
Jurisprudence, and Cyber Education and Awareness.
For more information, please see
http://edfc.thecenter.uab.edu.
ISPEC 2015
11th International Conference on Information Security Practice and Experience,
Beijing, China, May 5-8, 2014.
[posted here 10/13/14]
ISPEC is an annual conference that brings together researchers and practitioners to
provide a confluence of new information security technologies, their applications and
their integration with IT systems in various vertical sectors.
Conference Topics include:
- Access control
- Network security
- Applied cryptography
- Privacy and anonymity
- Availability, resilience, and usability
- Risk evaluation and security certification
- Big data and Cloud security
- Security for cyber-physical systems
- Cryptanalysis
- Security of smart cards and RFID systems
- Embedded system security
- Security policy
- Database security
- Security protocols
- Digital Forensics
- Security systems
- Digital rights management
- Smart Grid Security
- Information security in vertical applications
- Smartphone Security
- Intrusion detection
- Trust model and management
- Multimedia security
- Trusted computing
For more information, please see
http://icsd.i2r.a-star.edu.sg/ispec2015/.
HOST 2015
IEEE International Symposium on Hardware Oriented Security and Trust,
Washington DC Metro Area, USA, May 5-7, 2015.
[posted here 08/25/14]
The focus of modern computational and communication systems has been shifting
from effective sharing of well-protected, scarce, and expensive resources to large-scale
information exchange among a plurality of users that communicate using protected mobile
devices and sensors, which can be placed in potentially hostile environments. Additionally,
integrated circuit synthesis and manufacturing techniques are now complex and distributed
with a number of potential security vulnerabilities. Security has emerged as a metric of
paramount importance. The scope of system security now includes, in addition to encrypted
communication, properties such as privacy, anonymity, and trust. The starting and ending
points for all system and application vulnerabilities and defense mechanisms are hardware.
The initial impetus was provided by government agencies and individual efforts, but recently
a number of coordinated research projects have been undertaken by essentially all hardware
and system companies. The IEEE International Symposium on Hardware Oriented Security and
Trust (HOST) aims to facilitate the rapid growth of hardware-based security research and
development. HOST seeks original contributions in the area of hardware and system security.
Relevant research topics include techniques, tools, design/test methods, architectures, circuits,
and applications of secure hardware. HOST 2015 invites contributions that are related to, but
not limited by, the following topics:
- Hardware Trojan attacks and detection techniques
- Hardware-based security primitives (PUFs, PPUFs, HRNG)
- Security, privacy, and trust protocols using hardware security primitives
- Trusted information flow
- Trusted design using untrusted tools
- Trusted manufacturing including split manufacturing
- Remote integrated circuits enabling and disabling and IP watermarking
- Undeniable hardware metering techniques
- Techniques and metrics for hardware system data confidentiality and hardware design
confidentiality, integrity, and authenticity
- Reverse engineering and hardware obfuscation
- Side-channel attacks and techniques for their prevention
- Supply chain risks mitigation including counterfeit detection & avoidance
- Hardware tampering attacks
- Hardware authentication techniques
- Hardware techniques that ensure software and/or system security
- Trusted remote sensing and computing
- Hardware attestation techniques
For more information, please see
http://www.hostsymposium.org.
HotSpot 2015
3rd Workshop on Hot Issues in Security Principles and Trust,
London, UK, April 18, 2015.
[posted here 12/01/14]
This workshop is intended to be a less formal counterpart to the
Principles of Security and Trust (POST) conference at ETAPS, and with
an emphasis on "hot topics", both of security and of its theoretical
foundations and analysis. Like POST, the themes are:
- theory of computer security
- formal specification, analysis and design of security systems
- automated reasoning for security analysis
For more information, please see
http://www.lucavigano.com/HotSpot2015/.
ASIACCS 2015
10th ACM Symposium on Information, Computer and Communications Security,
Singapore, April 14-17, 2015.
[posted here 06/21/14]
ASIACCS is a major international forum for information security researchers, practitioners,
developers, and users to explore and exchange the newest cyber security ideas,
breakthroughs, findings, techniques, tools, and experiences. We invite submissions from
academia, government, and industry presenting novel research on all theoretical and
practical aspects of computer and network security. Areas of interest for ASIACCS 2015
include, but are not limited to:
- Access control
- Accounting and audit
- Applied cryptography
- Authentication
- Cloud computing security
- Cyber-physical security
- Data and application security
- Digital forensics
- Embedded systems security
- Formal methods for security
- Hardware-based security
- Intrusion detection
- Key management
- Malware and botnets
- Mobile computing security
- Network security
- Operating system security
- Privacy-enhancing technology
- Security architectures
- Security metrics
- Software security
- Smart grid security
- Threat modelling
- Trusted computing
- Usable security and privacy
- Web security
- Wireless security
For more information, please see
http://icsd.i2r.a-star.edu.sg/asiaccs15.
HST 2015
14th annual IEEE Symposium on Technologies for Homeland Security,
Boston, Massachusetts, USA, April 14-16, 2015.
[posted here 05/26/14]
This symposium brings together innovators from leading academic, industry,
business, Homeland Security Centers of Excellence, and government programs
to provide a forum to discuss ideas, concepts, and experimental results.
This year’s event will once again showcase selected technical paper and
posters highlighting emerging technologies in the areas of:
- Cyber Security
- Biometrics & Forensics
- Land and Maritime Border Security
- Attack and Disaster Preparation, Recovery, and Response
For more information, please see
http://ieee-hst.org/.
IoTPTS 2015
Workshop on IoT Privacy, Trust, and Security,
Held in conjunction with ASIACCS 2015,
Singapore, April 14, 2015.
[posted here 09/22/14]
The Internet of Things (IoT) is the next great technology frontier. At a basic level,
IoT refers simply to networked devices, but the IoT vision is a complex ecosystem that
ranges from cloud backend services and big-data analytics to home, public, industrial,
and wearable sensor devices and appliances. Architectures for these systems are in the
formative stages, and now is the time to ensure privacy, trust, and security are
designed into these systems from the beginning. We encourage submissions on all
aspects of IoT privacy, trust, and security. Topic of interest include (but are not
limited) to the following areas:
- Privacy and IoT data
- Privacy attacks for IoT
- Trust management and device discoverability for IoT
- Usability of privacy and security systems in IoT
- User risk perceptions and modeling for IoT
- Policy Management and enforcement for IoT
- Authentication and access control for users for IoT
- Cryptography for IoT
- Attack detection and remediation for IoT
- Security architectures for IoT systems and applications
For more information, please see
https://sites.google.com/site/iotpts/.
CPSS 2015
1st Cyber-Physical System Security Workshop,
Held in conjunction with ACM AsiaCCS 2015,
Singapore, April 14, 2015.
[posted here 10/13/14]
Cyber-Physical Systems (CPS) consist of large-scale interconnected systems of
heterogeneous components interacting with their physical environments. There are
a multitude of CPS devices and applications being deployed to serve critical functions
in our lives. The security of CPS becomes extremely important. This workshop will provide
a platform for professionals from academia, government, and industry to discuss how to
address the increasing security challenges facing CPS. Besides invited talks, we also
seek novel submissions describing theoretical and practical security solutions to CPS.
Papers that are pertinent to the security of embedded systems, SCADA, smart grid, and
critical infrastructure networks are all welcome, especially in the domains of energy and
transportation. Topics of interest include, but are not limited to:
- Adaptive attack mitigation for CPS
- Authentication and access control for CPS
- Availability, recovery and auditing for CPS
- Data security and privacy for CPS
- Embedded systems security
- EV charging system security
- Intrusion detection for CPS
- Key management in CPS
- Legacy CPS system protection
- Lightweight crypto and security
- SCADA security
- Security of industrial control systems
- Smart grid security
- Threat modeling for CPS
- Urban transportation system security
- Vulnerability analysis for CPS
- Wireless sensor network security
For more information, please see
http://icsd.i2r.a-star.edu.sg/cpss15.
AsiaCCS-SCC 2015
3rd International Workshop on Security in Cloud Computing,
Held in conjunction with ACM AsiaCCS 2015,
Singapore, April 14, 2015.
[posted here 12/18/14]
Cloud computing has emerged as today's most exciting computing paradigm
shift in information technology. With the efficient sharing of abundant
computing resources in the cloud, users can economically enjoy the
on-demand high quality cloud applications and services without committing
large capital outlays locally. While the cloud benefits are compelling,
its unique attributes also raise many security and privacy challenges in
areas such as data security, recovery, privacy, access control, trusted
computing, as well as legal issues in areas such as regulatory compliance,
auditing, and many others. This workshop aims to bring together the
research efforts from both the academia and industry in all security
aspects related to cloud computing. We encourage submissions on all
theoretical and practical aspects, as well as experimental studies of
deployed systems. Topics of interests include (but are not limited to) the
following subject categories:
- Secure cloud architecture
- Cloud Cryptography
- Cloud access control and key management
- Identification and privacy in cloud
- Integrity assurance for data outsourcing
- Integrity and verifiable computation
- Computation over encrypted data
- Software and data segregation security
- Secure management of virtualized resources
- Trusted computing technology
- Joint security and privacy aware protocol design
- Failure detection and prediction
- Secure data management within and across data centers
- Availability, recovery and auditing
- Secure computation outsourcing
- Secure mobile cloud
For more information, please see
http://conference.cs.cityu.edu.hk/asiaccsscc.
ESSoS 2015
6th International Symposium on Engineering Secure Software and Systems,
Milan, Italy, March 4-6, 2015.
[posted here 06/23/14]
Trustworthy, secure software is a core ingredient of the modern world. So is the Internet.
Hostile, networked environments, like the Internet, can allow vulnerabilities in software to be
exploited from anywhere. To address this, high-quality security building blocks (e.g., cryptographic
components) are necessary, but insufficient. Indeed, the construction of secure software is
challenging because of the complexity of modern applications, the growing sophistication of
security requirements, the multitude of available software technologies and the progress of
attack vectors. Clearly, a strong need exists for engineering techniques that scale well and
that demonstrably improve the software's security properties.
The goal of this symposium, which will be the sixth in the series, is to bring together
researchers and practitioners to advance the states of the art and practice in secure
software engineering. Being one of the few conference-level events dedicated to this topic,
it explicitly aims to bridge the software engineering and security engineering communities,
and promote cross-fertilization. The symposium will feature two days of technical program.
In addition to academic papers, the symposium encourages submission of high-quality,
informative industrial experience papers about successes and failures in security software
engineering and the lessons learned. Furthermore, the symposium also accepts short idea
papers that crisply describe a promising direction, approach, or insight.
Paper submissions are solicited in all areas relating to secure software and secure
systems research, including but not limited to:
- Cloud security, virtualization for security
- Mobile devices security
- Automated techniques for vulnerability discovery and analysis
- Model checking for security
- Binary code analysis, reverse-engineering
- Programming paradigms, models, and domain-specific languages for security
- Operating system security
- Verification techniques for security properties
- Malware: detection, analysis, mitigation
- Security in critical infrastructures
- Security economics
- Security by design
- Static and dynamic code analysis for security
- Web applications security
- Program rewriting techniques for security
- Security measurements
- Empirical secure software engineering
- Security-oriented software reconfiguration and evolution
- Computer forensics
- Processes for the development of secure software and systems
- Human-computer interaction for security
- Security testing
- Embedded software security
For more information, please see
https://distrinet.cs.kuleuven.be/events/essos/2015/calls-papers.html.
SPA 2015
International Workshop on Security and Privacy Analytics,
Co-located with ACM CODASPY 2015,
San Antonio, TX, USA, March 2-4, 2015.
[posted here 10/13/14]
Increasingly, sophisticated techniques from machine learning, data mining, statistics and
natural language processing are being applied to challenges in security and privacy fields.
However, experts from these areas have no medium where they can meet and exchange
ideas so that strong collaborations can emerge, and cross-fertilization of these areas can
occur. Moreover, current courses and curricula in security do not sufficiently emphasize
background in these areas and students in security and privacy are not emerging with
deep knowledge of these topics. Hence, we propose a workshop that will address the
research and development efforts in which analytical techniques from machine learning,
data mining, natural language processing and statistics are applied to solve security and
privacy challenges ("security analytics"). Submissions of papers related to methodology,
design, techniques and new directions for security and privacy that make significant use
of machine learning, data mining, statistics or natural language processing are welcome.
Furthermore, submissions on educational topics and systems in the field of security
analytics are also highly encouraged.
The workshop will focus on, but not limited to, the following areas:
- Natural Language Processing for security/privacy
- Data Mining techniques for security/privacy
- Machine learning for security/privacy
- Statistics for security/privacy
- Inference Control
- Privacy-preserving data mining
- Security of machine learning
- Security of data mining
- Security of natural language processing
- Case studies
- Educational topics and courses
For more information, please see
http://capex.cs.uh.edu/?q=secanalysis2015.
CODASPY 2015
5th ACM Conference on Data and Application Security and Privacy,
San Antonio, Texas, USA, March 2-4 2015.
[posted here 07/21/14]
Data and applications security and privacy has rapidly expanded as a
research field with many important challenges to be addressed. The goal of
the ACM Conference on Data and Applications Security (CODASPY) is to discuss
novel, exciting research topics in data and application security and privacy and
to lay out directions for further research and development in this area.
The conference seeks submissions from diverse communities, including corporate
and academic researchers, open-source projects, standardization bodies, governments,
system and security administrators, software engineers and application domain experts.
Topics of interest include, but are not limited to:
- Application-layer security policies
- Access control for applications
- Access control for databases
- Data-dissemination controls
- Data forensics
- Enforcement-layer security policies
- Privacy-preserving techniques
- Private information retrieval
- Search on protected/encrypted data
- Secure auditing
- Secure collaboration
- Secure data provenance
- Secure electronic commerce
- Secure information sharing
- Secure knowledge management
- Secure multiparty computations
- Secure software development
- Securing data/apps on untrusted platforms
- Securing the semantic web
- Security and privacy in GIS/spatial data
- Security and privacy in healthcare
- Security policies for databases
- Social computing security and privacy
- Social networking security and privacy
- Trust metrics for applications, data, and users
- Usable security and privacy
- Web application security
For more information, please see
http://www.codaspy.org/.
ICISSP 2015
1st International Conference on Information Systems Security and Privacy,
ESEO, Angers, Loire Valley, France, February 9-11, 2015.
[posted here 06/30/14]
The International Conference on Information Systems Security and Privacy aims at
creating a meeting point of researchers and practitioners that address security and privacy
challenges that concern information systems, especially in organizations, including not only
technological issues but also social issues. The conference welcomes papers of either practical
or theoretical nature, presenting research or applications addressing all aspects of security
and privacy, such as methods to improve the accuracy of data, encryption techniques to
conceal information in transit and avoid data breaches, identity protection, biometrics, access
control policies, location information and mobile systems privacy, transactional security, social
media privacy control, web and email vulnerabilities, trust management, compliance violations
in organizations, security auditing, and so on. Cloud computing, big data, and other IT advances
raise added security and privacy concerns to organizations and individuals, thus creating new
research opportunities. Each of these topic areas is expanded below but the sub-topics
list is not exhaustive. Papers may address one or more of the listed sub-topics, although authors
should not feel limited by them. Unlisted but related sub-topics are also acceptable,
provided they fit in one of the following main topic areas:
- Data and Software Security
- Trust
- Privacy and Confidentiality
- Mobile Systems Security
- Biometric Authentication
For more information, please see
http://www.icissp.org/.
NDSS 2015
Network and Distributed System Security Symposium,
San Diego, California, USA, February 8-11, 2015.
[posted here 07/21/14]
The Network and Distributed System Security Symposium fosters information exchange
among researchers and practitioners of network and distributed system security. The target
audience includes those interested in practical aspects of network and distributed system security,
with a focus on actual system design and implementation. A major goal is to encourage and enable
the Internet community to apply, deploy, and advance the state of available network and
distributed systems security technologies. The Proceedings are published by the Internet
Society. Submissions are solicited in, but not limited to, the following areas:
- Anti-malware techniques: detection, analysis, and prevention
- Combating cyber-crime: anti-phishing, anti-spam, anti-fraud techniques
- Future Internet architecture and design
- High-availability wired and wireless networks
- Implementation, deployment and management of network security policies
- Integrating security in Internet protocols: routing, naming, network management
- Intellectual property protection: protocols, implementations, metering,
watermarking, digital rights management
- Intrusion prevention, detection, and response
- Privacy and anonymity technologies
- Public key infrastructures, key management, certification, and revocation
- Special problems and case studies: e.g., tradeoffs between security and efficiency,
usability, reliability and cost
- Security for collaborative applications: teleconferencing and video-conferencing
- Security for cloud computing
- Security for emerging technologies: sensor/wireless/mobile/personal networks
and systems
- Security for future home networks, Internet of Things, body-area networks
- Security for large-scale systems and critical infrastructures (e.g., electronic voting,
smart grid)
- Security for peer-to-peer and overlay network systems
- Security for Vehicular Ad-hoc Networks (VANETs)
- Security of Web-based applications and services
- Trustworthy Computing mechanisms to secure network protocols and distributed systems
- Usable security and privacy
For more information, please see
http://www.internetsociety.org/events/ndss-symposium-2015.
NDSS-USEC 2015
NDSS Workshop on Usable Security,
San Diego, California, USA, February 8, 2015.
[posted here 10/27/14]
The Workshop on Usable Security invites submissions on all aspects of human factors and
usability in the context of security and privacy. USEC 2015 aims to bring together researchers
already engaged in this interdisciplinary effort with other computer science researchers in
areas such as visualization, artificial intelligence and theoretical computer science as well
as researchers from other domains such as economics or psychology. We particularly
encourage collaborative research from authors in multiple fields.
Topics include, but are not limited to:
- Evaluation of usability issues of existing security and privacy models or technology
- Design and evaluation of new security and privacy models or technology
- Impact of organizational policy or procurement decisions
- Lessons learned from designing, deploying, managing or evaluating security and
privacy technologies
- Foundations of usable security and privacy
- Methodology for usable security and privacy research
- Ethical, psychological, sociological and economic aspects of security and privacy technologies
For more information, please see
http://www.internetsociety.org/events/ndss-symposium-2015/usec-workshop-call-papers.
SENT 2015
NDSS Workshop on Security of Emerging Networking Technologies,
San Diego, California, USA, February 8, 2015.
[posted here 10/20/14]
The NDSS Workshop on Security of Emerging Networking Technologies is
an annual workshop for researchers in security and networking. SENT seeks both
technical and position papers on the various aspects of secure networking with a
"transformational" aspect: if deployed, the system would dramatically transform the
way current networks operate. Topics include future internet architectures, cellular
networks, smart user devices, software-defined networks, and cyber-physical systems
as well as the corresponding challenges in terms of security and privacy, incremental
deployment, and any legal and public-policy concerns.
The goal of the workshop is to bring together academic and industry researchers to
discuss emerging problems, challenges, and potential solutions. Early work that aims
to stimulate the discussions is strongly encouraged.
For more information, please see
http://sent2015.inf.ethz.ch.
WEARABLE-S&P 2015
1st Workshop on Wearable Security and Privacy,
Held in conjunction with Financial Crypto (FC 2015),
Isla Verde, Puerto Rico, January 30, 2015.
[posted here 09/22/14]
This workshop focuses on the unique challenges of security and privacy for
wearable devices. The demand for a variety of technologies in wearable devices
has increased in recent years. Products ranging from Google glass, to EEG brainwave
signal readers, to heart rate monitors, have opened up many new applications, but also
give rise to concerns involving security and privacy. This workshop seeks papers addressing
the unique challenges of security and privacy for wearable computing devices. Suggested
topics include (but are not limited to) empirical and theoretical studies of:
- Novel biometrics
- Behavioral biometrics
- Multi-factor authentication with wearable sensors
- Usability of wearable authentication
- Robustness of wearable authentication systems
- Wearable payment systems
- Bio-cryptographic security protocols
- Attacks against wearable systems
- User impact of attacks on wearable systems
- Access control for wearable data sharing
- User testing of wearable security features
- Economics of security for wearable technologies
- Body worn cameras and sousveillance
- Augmented reality security and privacy
- Privacy of pervasive eye-tracking
- Understanding user privacy concerns for wearable technologies
- User testing of privacy features for wearable technologies
- Privacy notifications for wearable recording devices
- Economics of privacy for wearable technologies
For more information, please see
http://sensible.berkeley.edu/WEARABLE-S&P15/.
ACSW-AISC 2015
Australasian Information Security Conference,
Held as part of Australasian Computer Science Week,
Sydney, Australia, January 27-30, 2015.
[posted here 04/28/14]
AISC aims at promoting research on all aspects of information security and increasing
communication between academic and industrial researchers working in this area.
We seek submissions from academic and industrial researchers on all theoretical and
practical aspects of information security. Suggested topics include, but are not
restricted to: access control; anonymity and pseudonymity; cryptography and
cryptographic protocols; database security; identity management and identity
theft; intrusion detection and prevention; malicious software; network security;
privacy enhancing technologies; and trust and risk.
For more information, please see
http://homepages.ecs.vuw.ac.nz/Users/Ian/ACSW_AISC2015.
FC 2015
19th International Conference on Financial Cryptography and Data Security,
San Juan, Puerto Rico, January 26-30, 2015.
[posted here 08/18/14]
Financial Cryptography and Data Security is a major international forum for research,
advanced development, education, exploration, and debate regarding information
assurance, with a specific focus on financial, economic and commercial transaction
security. Original works focusing on securing commercial transactions and systems
are solicited; fundamental as well as applied real-world deployments on all aspects
surrounding commerce security are of interest. Submissions need not be exclusively
concerned with cryptography. Systems security, economic or behavioral perspectives,
and, more generally, inter-disciplinary efforts are particularly encouraged.
Topics of interests include, but are not limited to:
- Access Control
- Anonymity and Privacy
- Applied Cryptography
- Auctions and Mechanisms
- Authentication and Identification
- Behavioral Aspects of Security and Privacy
- Biometrics
- Certification and Audits
- Cloud Computing and Data Outsourcing Security
- Commercial Cryptographic Applications
- Contactless Payment and Ticketing Systems
- Cryptographic Currencies
- Digital Cash and Payment Systems
- Digital Rights Management
- Economics of Security and Privacy
- Electronic Commerce Security
- Electronic Crime and Underground Markets
- Fraud Detection and Forensics
- Game Theory for Security and Privacy
- Identity Theft
- Insider Threats
- Legal and Regulatory Issues
- Microfinance and Micropayments
- Mobile Systems Security and Privacy
- Phishing and Social Engineering
- Reputation Systems
- Risk Assessment and Management
- Secure Banking and Financial Services
- Smart Contracts and Financial Instruments
- Smartcards, Secure Tokens and Secure Hardware
- Social Networks Security and Privacy
- Trust Management
- Usability and Security
- Virtual Goods and Virtual Economies
- Voting Systems
- Web Security
For more information, please see
http://fc15.ifca.ai/.
IFIP119-DF 2015
11th Annual IFIP WG 11.9 International Conference on Digital Forensics,
Orlando, Florida, USA, January 26-28, 2015.
[posted here 06/16/14]
The IFIP Working Group 11.9 on Digital Forensics (www.ifip119.org) is an
active international community of scientists, engineers and practitioners
dedicated to advancing the state of the art of research and practice in digital forensics.
The Eleventh Annual IFIP WG 11.9 International Conference on Digital Forensics will
provide a forum for presenting original, unpublished research results and innovative
ideas related to the extraction, analysis and preservation of all forms of electronic
evidence. Papers and panel proposals are solicited. All submissions will be refereed
by a program committee comprising members of the Working Group. Papers and panel
submissions will be selected based on their technical merit and relevance to IFIP WG 11.9.
The conference will be limited to approximately sixty participants to facilitate interactions
between researchers and intense discussions of critical research issues. Keynote
presentations, revised papers and details of panel discussions will be published as an
edited volume - the eleventh volume in the well-known Research Advances in Digital
Forensics book series (Springer, Heidelberg, Germany) during the summer of 2015.
Technical papers are solicited in all areas related to the theory and practice of digital forensics.
Areas of special interest include, but are not limited to:
- Theories, techniques and tools for extracting, analyzing and preserving digital evidence
- Network and cloud forensics
- Embedded device forensics
- Digital forensic processes and workflow models
- Digital forensic case studies
- Legal, ethical and policy issues related to digital forensics
For more information, please see
http://www.ifip119.org.
CS2 2015
2nd Workshop on Cryptography and Security in Computing Systems,
Co-located with HiPEAC 2015 Conference,
Amsterdam, The Netherlands, January 19-21, 2015.
[posted here 08/18/14]
The wide diffusion of embedded systems, including multi-core, many-core, and
reconfigurable platforms, poses a number of challenges related to the security of the
operation of such systems, as well as of the information stored in them. Malicious
adversaries can leverage unprotected communication to hijack cyber-physical systems,
resulting in incorrect and potentially highly dangerous behaviours, or can exploit side channel
information leakage to recover secret information from a computing system. Untrustworthy
third party software and hardware can create openings for such attacks, which must be
detected and removed or countered. The prevalence of multi/many core systems opens
additional issues such as NoC security. Finally, the complexity on modern and future embedded
and mobile systems leads to the need to depart from manual planning and deployment of
security features. Thus, design automation tools will be needed to design and verify the
security features of new hardware/software systems. The workshop is a venue for security
and cryptography experts to interact with the computer architecture and compilers
community, aiming at cross-fertilization and multi-disciplinary approaches to security
in computing systems. Topics of interest include, but are not limited to:
- Compiler and Runtime Support for Security
- Cryptography in Embedded and Reconfigurable Systems
- Design Automation and Verification of Security
- Efficient Cryptography through Multi/Many core Systems
- Fault Attacks and Countermeasures, including interaction with Fault Tolerance
- Passive Side Channel Attacks and Countermeasures
- Hardware Architecture and Extensions for Cryptography
- Hardware/Software Security Techniques
- Hardware Trojans and Reverse Engineering
- Physical Unclonable Functions
- Privacy in Embedded Systems
- Security of Embedded and Cyber-Physical Systems
- Security of Networks-on-Chips and Multi-core Architectures
- Trusted computing
For more information, please see
http://www.cs2.deib.polimi.it.
