Contents
ICISS 2016
12th International Conference on Information Systems Security,
Jaipur, India, December 16-20, 2016.
[posted here 4/4/16]
The ICISS Conference held annually, provides a forum for disseminating
latest research results in information and systems security.
Like previous years, proceedings of the conference will be published as part of the
Springer Verlag series of Lecture Notes in Computer Science.
Submissions are encouraged from academia, industry and government,
addressing theoretical and practical problems in information and
systems security and related areas. Topics of interest include but are
not limited to:
- Access and Usage Control
- Authentication and Audit
- Cloud Security
- Cyber-physical Systems Security
- Digital Forensics
- Distributed Systems Security
- Identity Management
- Intrusion Tolerance and Recovery
- Language-based Security
- Network Security
- Privacy and Anonymity
- Security and Usability
- Sensor and Ad Hoc Network Security
- Software Security
- Vulnerability Detection and Mitigation
- Application Security
- Biometric Security
- Cryptographic Protocols
- Data Security and Privacy
- Digital Rights Management
- Formal Models in Security
- Intrusion Detection and Prevention
- Key Management
- Malware Analysis and Mitigation
- Operating Systems Security
- Secure Data Streams
- Security Testing
- Smartphone Security
- Usable Security
- Web Security
For more information, please see
http://www.iciss.org.in.
SPACE 2016
6th International Conference on Security, Privacy and Applied Cryptography Engineering,
Hyderabad, India, December 16-18, 2016.
[posted here 3/28/16]
SPACE 2016 is the sixth in this series of conferences which started in
2011. This annual event is devoted to various aspects of security,
privacy, applied cryptography, and cryptographic engineering. SPACE 2016
is being organized by C.R.Rao Advanced Institute of Mathematics,
Statistics and Computer Science, Hyderabad-India (AIMSCS). The conference
will include invited tutorials and keynote talks from world-renowned
experts. The conference will be accompanied by two days of tutorials
aiming at Master's and Ph.D. students featuring lectures in the mornings
and practical sessions in the afternoon.
Original papers are invited on all aspects of security, privacy, and cryptography engineering.
For more information, please see
http://www.math.umn.edu/~math-sa-sara0050/space16/.
BigTrust 2016
1st International Workshop on Trust, Security and Privacy for Big Data,
Granada, Spain, December 14-16, 2016.
[posted here 5/16/16]
Big Data has the potential for enabling new insights to change science, engineering,
medicine, healthcare, finance, business, and ultimately society itself. Current work
on Big Data focuses on information processing such as data mining and analysis. However,
trust, security and privacy of Big Data are vital concerns that have received less research
focus. Regarding the above context, this workshop proposal is aimed at bringing together
people from both academia and industry to present their most recent work related to
trust, security and privacy issues in Big Data, and exchange ideas and thoughts in
order to identify emerging research topics and define the future of Big Data.
BigTrust 2016 is a part of ICA3PP 2016 16th International Conference on Algorithms
and Architectures for Parallel Processing. The scope and interests for the special
issue include but are not limited to the following list:
- Big Data Science, Foundations, and applications
- Trust in Big Data
- Security & Privacy in Big Data
For more information, please see
http://csee.hnu.edu.cn/hbs/.
ICSS 2016
Industrial Control System Security Workshop,
Held in conjunction with 32nd Annual Computer Security Applications Conference (ACSAC 2016),
Los Angeles, CA, USA, December 6, 2016.
[posted here 07/18/16]
Supervisory control and data acquisition (SCADA) and industrial control systems
monitor and control a wide range of industrial and infrastructure processes such
as water treatment, power generation and transmission, oil and gas refining and
steal manufacturing. Such systems are usually built using a variety of commodity
computer and networking components, and are becoming increasingly interconnected
with corporate and other Internet-visible networks. As a result, they face significant
threats from internal and external actors. For example, in 2010 the Stuxnet malware
was specifically written to attack SCADA systems and caused millions of dollars in
damages.The critical requirement for high availability in SCADA and industrial control
systems, along with the use of resource constrained computing devices, legacy operating
systems and proprietary software applications limits the applicability of traditional information
security solutions. The goal of this workshop is to explore new security techniques that
are applicable in the control systems context. Papers of interest including (but not limited to)
the following subject categories are solicited:
- Intrusion detection and prevention
- Malware
- Vulnerability analysis and risk management
- Digital forensics
- Virtualization
- Application security
- Performance evaluation of security methods and tools in control systems
- Cybersecurity Education
For more information, please see
https://www.acsac.org/2016/workshops/icss/.
SSR 2016
3rd International conference on Security Standardization Research,
Gaithersburg, MD, USA, December 5-6, 2016.
[posted here 2/29/16]
Over the last two decades a huge range of standards have been
developed covering many different aspects of cyber security.
These documents have been published by national and
international formal standardization bodies, as well as by
industry consortia. Many of these standards have become very
widely used - to take just one example, the ISO/IEC 27000
series have become a commonly used basis for managing corporate information security.
Despite their wide use, there will always be a need to revise
existing security standards and to add new standards to cover
new domains. The purpose of this conference is to discuss the
many research problems deriving from studies of existing
standards, the development of revisions to existing standards,
and the exploration of completely new areas of standardization.
Indeed, many security standards bodies are only beginning to
address the issue of transparency, so that the process of
selecting security techniques for standardization can be seen
to be as scientific and unbiased as possible. This conference is intended to cover the full spectrum of
research on security standardization, including, but not
restricted to, work on cryptographic techniques (including
ANSI, IEEE, IETF, ISO/IEC JTC 1/SC 27, ITU-T and NIST),
security management, security evaluation criteria, network
security, privacy and identity management, smart cards and RFID
tags, biometrics, security modules, and industry-specific
security standards (e.g. those produced by the payments,
telecommunications and computing industries for such things as
payment protocols, mobile telephony and trusted computing).
Papers offering research contributions to the area of security
standardization are solicited for submission to the SSR 2016
conference. Papers may present theory, applications or
practical experience in the field of security standardization,
including, but not necessarily limited to:
- access control
- biometrics
- cloud computing
- critical national infrastructure (CNI) protection
- consistency and comparison of multiple standards
- critiques of standards
- cryptanalysis
- cryptographic protocols
- cryptographic techniques
- evaluation criteria
- formal analysis of standards
- history of standardization
- identity management
- industrial control systems security
- internet security
- interoperability of standards
- intrusion detection
- key management and PKIs
- management of the standardization process
- mobile security
- network security
- open standards and open source
- payment system security
- privacy
- regional and international standards
- RFID tag security
- risk analysis
- security controls
- security management
- security protocols
- security services
- security tokens
- smart cards
- telecommunications security
- trusted computing
- web security
For more information, please see
http://csrc.nist.gov/groups/ST/ssr2016/.
WIFS 2016
8th IEEE International Workshop on Information Forensics and Security,
Abu Dhabi, UAE, December 4-7, 2016.
[posted here 7/4/16]
WIFS is the flagship workshop on information forensics and security organised
by IEEE signal processing society. Its major objective is to bring together researchers
from relevant disciplines to exchange latest results and to discuss emerging challenges
in different areas of information security. Topics of interest include, but are not limited to:
- Forensics
- Information and system security
- Biometrics
- Multimedia content security
- Steganography and covert communications
- Hardware security
- Network traffic analysis
- Surveillance
- Sousvelliance and anti-surveillance
- Privacy in data analytics
- Privacy in the Internet of everything
For more information, please see
http://www.wifs2016.org.
Mycrypt 2016
2nd International Conference on Cryptology & Malicious Security,
Kuala Lumpur, Malaysia, December 1-2, 2016.
[posted here 3/7/16]
Original papers of substantial technical contribution in the areas of cryptology
and malicious security are solicited for submission to the International Conference on Cryptology & Malicious Security.
Submissions to Mycrypt 2016 should be aimed towards the following topic categories:
- paradigm-shifting, unconventional cryptology (e.g. malicious crypto, unconventional formulations
of underlying problems, or new hard problems)
- position papers on breakthrough cryptologic/security research
- revisits/critiques/analysis of long-standing crypto paradigms/approaches/models/formulations (in fact, we
also encourage paired submissions by crypto factions of opposing views, where each
paper in the pair argues for/against a paradigm)
- approaches/solutions to long-standing open problems; or formulations of long-standing/thus-far
adhoc security approaches
- analysis of crypto/security standardization processes & how they may be subverted
- cryptofications of the real world (e.g. new types of adversarial models and/or notions inspired by
real world incidences/problems, modelling humans-in-the-security-loop)
- crypto & beyond: cryptologic techniques in union with techniques from other disciplines
For more information, please see
https://foe.mmu.edu.my/mycrypt2016.
FNSS 2016
2nd International Conference on Future Networks Systems and Security,
Paris, France, November 23 - 25, 2016.
[posted here 5/2/16]
The network of the future is envisioned as an effective, intelligent,
adaptive, active and high performance Internet that can enable
applications ranging from smart cities to tsunami monitoring. The network
of the future will be a network of billions or trillions of entities
(devices, machines, things, vehicles) communicating seamlessly with one
another and is rapidly gaining global attention from academia, industry,
and government. The International Conference on Future Networks Systems and Security aims
to provide a forum that brings together researchers from academia,
practitioners from industry, standardization bodies, and government to
meet and exchange ideas on recent research and future directions for the
evolution of the future Internet. The technical discussion will be focused
on the technology, communications, systems and security aspects of
relevance to the network of the future.
For more information, please see
http://fnss.org.
GenoPri 2016
3rd International Workshop on Genome Privacy and Security,
Held in conjunction with the AMIA 2016 Annual Symposium,
Chicago, IL, USA, November 12, 2016.
[posted here 3/7/16]
Over the past several decades, genome sequencing technologies have evolved from
slow and expensive systems that were limited in access to a select few scientists and
forensics investigators to high-throughput, relatively low-cost tools that are available
to consumers. A consequence of such technical progress is that genomics has become
one of the next major challenges for privacy and security because (1) genetic diseases
can be unveiled, (2) the propensity to develop specific diseases (such as Alzheimer’s)
can be revealed, (3) a volunteer, accepting to have his genomic code made public, can
leak substantial information about his ethnic heritage and the genomic data of his
relatives (possibly against their will), and (4) complex privacy issues can arise if DNA
analysis is used for criminal investigations and medical purposes.
As genomics is increasingly integrated into healthcare and "recreational" services
(e.g., ancestry testing), the risk of DNA data leakage is serious for both individuals
and their relatives. Failure to adequately protect such information could lead to a serious
backlash, impeding genomic research, that could affect the well-being of our society
as a whole. This prompts the need for research and innovation in all aspects of genome
privacy and security, as suggested by the non-exhaustive list of topics on the workshop
website.
For more information, please see
http://www.genopri.org/.
SecDev 2016
1st IEEE Cybersecurity Development,
Boston, MA, USA, November 3-4, 2016.
[posted here 6/6/16]
In this first year, IEEE Cybersecurity Development (SecDev) 2016 is soliciting short
papers that present innovations, experience-based insights, or a vision. The goal is to share useful
and thought provoking ideas, to push forward the art and science of secure development.
In future years, the academic portion of SecDev will expand to include more complete articles.
SecDev is a new venue for presenting ideas, research, and experience about how to develop
secure systems. SecDev is distinguished by its focus on how to “build security in”
(and not simply discover the absence of security). Its goal is to encourage and disseminate
ideas for secure system development among both academia and industry. Developers have
valuable experiences and ideas that can inform academic research, and researchers have
concepts, studies, and even code and tools that could benefit developers. We anticipate
that attendees from academic conferences like IEEE S&P, USENIX Security, PLDI, FSE, ISSTA,
SOUPS, and many others could contribute ideas to SecDev, as could attendees of industrial
conferences like AppSec, RSA, Black Hat, and Shmoocon. Papers have the option of appearing
in the conference’s formal proceedings, or not. SecDev is also interested in tutorials on
processes, frameworks, languages, and tools. The goal is to propose useful and thought
provoking ideas, and to share knowledge on the art and science of secure system development.
Areas of interest include (but are not limited to):
- Security engineering processes, from requirements to maintenance
- Dynamic/static analysis and runtime approaches towards application security
- Programming languages and frameworks supporting security
- Testing strategies to ensure security
- Explorations of formal verification and other high-assurance methods for security
- Code reviews, red teams, and other human-centered assurance
- Security-focused system (HW/SW/architecture) designs
- Human-centered design for systems security
- Distributed systems design and implementation for security
For more information, please see
http://secdev.ieee.org/calls-for/papers/.
NordSec 2016
21st Nordic Conference on Secure IT Systems,
Oulu, Finland, November 2-4, 2016.
[posted here 3/28/16]
NordSec addresses a broad range of topics within IT security with the aim of bringing
together computer security researchers and encouraging interaction between academia
and industry. NordSec 2016 is co-located with the 10th International Crisis Management
Workshop and Oulu Winter School. NordSec welcomes contributions within, but not limited
to, the following areas:
- Access control and security models
- Applied cryptography
- Cloud security
- Commercial security policies and enforcement
- Cyber crime, warfare, and forensics
- Economic, legal, and social aspects of security
- Enterprise security
- Hardware and smart card security
- Mobile and embedded security
- Internet of Things and M2M security
- Internet, communication, and network security
- Intrusion detection
- Language-based techniques for security
- New ideas and paradigms in security
- Operating system security
- Privacy and anonymity
- Security education and training
- Security evaluation and measurement
- Security management and audit
- Security protocols
- Security usability
- Social engineering and phishing
- Software security and malware
- Trust and identity management
- Trusted computing
- Vulnerability testing
For more information, please see
http://nordsec.oulu.fi.
TrustED 2016
6th International Workshop on Trustworthy Embedded Devices,
Held in conjunction with 23rd ACM Conference on Computer and
Communications Security (CCS 2016),
Hofburg Palace, Vienna, Austria, October 28, 2016.
[posted here 4/25/16]
TrustED considers selected security and privacy (S&P) aspects of cyber physical systems
and their environments, which influence trust and trust establishment in such environments.
A major theme of TrustED 2016 will be security and privacy aspects of the Internet of Things
Paradigm. The IoTs promises to make reality Mark Weisser's vision of ubiquitous computation
set out in his 1991 influential paper. Yet to make such vision successful, it is widely
acknowledged that security of super large distributed systems has to be guaranteed and
the privacy of the collected data protected. Submissions exploring new paradigms to assure
security and privacy in the IoTs are thus strongly encouraged.
The workshop topics include but are not limited to:
- Trustworthy and secure embedded systems
- Novel constructions, implementations and applications with physical security
primitives (e.g., PUFs, PhySec)
- Hardware entangled cryptography
- Novel security architectures for the IoTs
- Frameworks and tools to design, validate and test trustworthy embedded
systems
- Secure execution environments (e.g., TrustZone, TPMs) on mobile devices
- Remote attestation and integrity validation
- Privacy aspects of embedded systems (e.g., medical devices, electronic IDs)
- Physical and logical convergence (e.g., secure and privacy-preserving facility
management)
- Novel paradigms to established trust in large distributed environments
For more information, please see
http://www.trusted-workshop.de.
CCSW 2016
8th ACM Cloud Computing Security Workshop,
Held in conjunction with 23rd ACM Conference on Computer and Communications Security (CCS 2016),
Hofburg Palace, Vienna, Austria, October 28, 2016.
[posted here 7/4/16]
Cloud computing is a dominant trend in computing for the foreseeable future; e.g., major
cloud operators are now estimated to house over a million machines each and to host
substantial (and growing) fractions of our IT and web infrastructure. CCSW is a forum
for bringing together researchers and practitioners to discuss the implications of this
trend to the security of cloud operators, tenants, and the larger Internet community.
We invite submissions on new threats, countermeasures, and opportunities brought
about by the move to cloud computing, with a preference for unconventional
approaches, as well as measurement studies and case studies that shed light
on the security implications of clouds.
For more information, please see
https://www.zurich.ibm.com/ccsw16/index.html.
CPS-SPC 2016
2nd ACM Workshop on Cyber-Physical Systems Security & Privacy,
Held in conjunction with 23rd ACM Conference on Computer and Communications Security (CCS 2016),
Hofburg Palace, Vienna, Austria, October 28, 2016.
[posted here 7/4/16]
Cyber-Physical Systems (CPS) integrate computing and communication capabilities
with monitoring and control of entities in the physical world. These systems are usually
composed of a set of networked agents, including sensors, actuators, control processing
units, and communication devices. While some forms of CPS are already in use, the
widespread growth of wireless embedded sensors and actuators is creating several new
applications in areas such as medical devices, autonomous vehicles, and smart
infrastructure, and is increasing the role that the information infrastructure plays in
existing control systems such as in the process control industry or the power grid.
Many CPS applications are safety-critical: their failure can cause irreparable harm to the
physical system under control, and to the people who depend, use or operate it. In
particular, critical cyber-physical infrastructures such as the electric power generation,
transmission and distribution grids, oil and natural gas systems, water and waste-water
treatment plants, and transportation networks play a fundamental and large-scale role
in our society and their disruption can have a significant impact to individuals, and
nations at large. Securing these CPS infrastructures is therefore vitally important.
Similarly because many CPS systems collect sensor data non-intrusively, users of these
systems are often unaware of their exposure. Therefore in addition to security, CPS
systems must be designed with privacy considerations.
To address some of these issues, we invite original research papers on the security
and/or privacy of Cyber-Physical Systems. We seek submissions from multiple interdisciplinary
backgrounds tackling security and privacy issues in CPS.
For more information, please see
http://eecs.oregonstate.edu/cps-spc/index.html.
ACM CCS 2016
23rd ACM Conference on Computer and Communications Security,
Vienna, Austria, October 24-28, 2016.
[posted here 2/15/16]
The conference seeks submissions from academia, government, and industry presenting novel
research results in all practical and theoretical aspects of computer and communications security.
Papers should be related to the construction, evaluation, application, or operation of secure systems.
Theoretical papers must make a convincing argument for the relevance of the results to secure
systems. All topic areas related to computer and communications security are of interest and in
scope. Accepted papers will be published by ACM Press in the conference proceedings.
For more information, please see
http://www.sigsac.org/ccs/CCS2016/call-for-papers/.
WISCS 2016
3rd ACM Workshop on Information Sharing and Collaborative Security,
Held in conjunction with 23rd ACM Conference on Computer and Communications Security (CCS 2016),
Hofburg Palace, Vienna, Austria, October 24, 2016.
[posted here 5/9/16]
Sharing of cyber-security related information is believed to greatly enhance the ability
of organizations to defend themselves against sophisticated attacks. If one organization
detects a breach sharing associated security indicators (such as attacker IP addresses,
domain names, file hashes etc.) provides valuable, actionable information to other organizations.
The analysis of shared security data promises novel insights into emerging attacks. Sharing
higher level intelligence about threat actors, the tools they use and mitigations provides
defenders with much needed context for better preparing and responding to attacks. In
the US and the EU major efforts are underway to strengthen information sharing.
Yet, there are a number of technical and policy challenges to realizing this vision.
Which information exactly should be shared? How can privacy and confidentiality be
protected? How can we create high-fidelity intelligence from shared data without
getting overwhelmed by false positives?
The 3rd Workshop on Information Sharing and Collaborative Security (WISCS 2016) aims
to bring together experts and practitioners from academia, industry and government
to present innovative research, case studies, and legal and policy issues. The
workshop solicits original research papers in these areas, both full and short papers.
For more information, please see
https://sites.google.com/site/wiscs2016/.
SPC 2016
2nd IEEE Workshop on Security and Privacy in the Cloud,
Philadelphia, PA, USA, October 19, 2016.
[posted here 6/6/16]
Cloud computing is today the reference paradigm for large-scale data storage and
processing due to the convenient and efficient network access to configurable resources
that can be easily adjusted according to the users' needs. Although the benefits of
cloud computing are tremendous, security and privacy concerns have still a detrimental
impact on the adoption and acceptability of cloud services. In fact, users as well as
companies that rely on cloud storage and computation services lose the direct
control over the systems managing their data and applications, thus putting the
confidentiality, integrity and availability of the data at risk. The goal of this workshop is to
bring together researchers and practitioners who are interested in discussing the security,
privacy, and data protection issues emerging in cloud scenarios, and possible solutions to them.
The workshop seeks submissions from academia, industry, and government presenting
novel research, as well as experimental studies, on all theoretical and practical aspects
of security, privacy, and data protection in cloud scenarios.
Topics of interest include, but are not limited to:
- Anonymity in cloud scenarios
- Applied cryptography in cloud scenarios
- Cloud-based biometric systems
- Data and application security
- Data and system integrity
- Data availability in outsourcing scenarios
- Data protection
- Efficient access to outsourced data
- Key management in cloud scenarios
- Privacy
- Privacy of accesses
- Secure computation over encrypted data
- Security and trust metrics
- Security and privacy in crowdsourcing
- Security and privacy in multi-clouds and federated clouds
- Security and privacy in data outsourcing
- Security and privacy in the Internet of Things
- Security and privacy of big data
- Security and privacy of distributed computations
- Security and privacy of fog computing
- Security and privacy policies
- Selective information sharing
- Threats, vulnerabilities, and risk management
For more information, please see
http://cns2016.ieee-cns.org/workshop/2nd-workshop-security-and-privacy-cloud-spc.
CNS 2016
4th IEEE Conference on Communications and Network Security,
Philadelphia, PA, USA, October 17-19, 2016.
[posted here 2/29/16]
IEEE Conference on Communications and Network Security (CNS) is a conference
series in IEEE Communications Society (ComSoc) core conference portfolio and the
only ComSoc conference focusing solely on cyber security. IEEE CNS is also a spin-off
of IEEE INFOCOM, the premier ComSoc conference on networking. The goal of CNS is
to provide an outstanding forum for cyber security researchers, practitioners, policy
makers, and users to exchange ideas, techniques and tools, raise awareness, and share
experience related to all practical and theoretical aspects of communications and
network security. Building on the success of the past three years’ conferences,
IEEE CNS 2016 seeks original high-quality technical papers from academia, government,
and industry. Topics of interest encompass all practical and theoretical aspects of
communications and network security, all the way from the physical layer to the various
network layers to the variety of applications reliant on a secure communication substrate.
For more information, please see
http://cns2016.ieee-cns.org/.
SecureComm 2016
12th EAI International Conference on Security and Privacy in Communication Networks,
Guangzhou, China, October 10-12, 2016.
[posted here 2/22/16]
SecureComm seeks high-quality research contributions in the form of well-developed
papers. Topics of interest encompass research advances in ALL areas of secure
communications and networking. Topics in other areas (e.g., formal methods,
database security, secure software, theoretical cryptography) will be considered only
if a clear connection to private or secure communication/networking is demonstrated.
Topics of interest include, but are not limited to the following:
- Security & Privacy in Wired, Wireless, Mobile, Hybrid, Sensor, Ad Hoc networks
- Network Intrusion Detection and Prevention, Firewalls, Packet Filters
- Malware Analysis and Detection including Botnets, Trojans and APTs
- Web and Systems Security
- Distributed Denial of Service Attacks and Defenses
- Communication Privacy and Anonymity
- Circumvention and Anti-Censorship Technologies
- Network and Internet Forensics Techniques
- Authentication Systems: Public Key Infrastructures, Key Management,
Credential Management
- Secure Routing, Naming/Addressing, Network Management
- Security & Privacy in Pervasive and Ubiquitous Computing, e.g., RFIDs
- Security & Privacy in Peer-to-Peer and Overlay Networks
- Security & Privacy for Emerging Technologies: VoIP, Internet-of-Things, Social Networks
- Security & Isolation in Cloud, Data Center and Software-Defined Networks
For more information, please see
http://securecomm.org.
ESORICS 2016
21st European Symposium on Research in Computer Security,
Heraklion, Crete, September 26-30, 2016.
[posted here 1/25/16]
ESORICS is the annual European research event in Computer Security.
The Symposium started in 1990 and has been held in several European
countries, attracting a wide international audience from both the
academic and industrial communities. Papers offering novel research
contributions in computer security are solicited for submission to the
Symposium. The primary focus is on original, high quality, unpublished
research and implementation experiences. We encourage submissions of
papers discussing industrial research and development.
Topics of interest include, but are not limited to:
- access control
- accountability
- ad hoc networks
- anonymity
- applied cryptography
- authentication
- biometrics
- data and computation integrity
- database security
- data protection
- digital content protection
- digital forensics
- distributed systems security
- embedded systems security
- inference control
- information hiding
- identity management
- information flow control
- information security governance and management
- intrusion detection
- formal security methods
- language-based security
- network security
- phishing and spam prevention
- privacy
- privacy preserving data mining
- risk analysis and management
- secure electronic voting
- security architectures
- security economics
- security metrics
- security models
- security and privacy for big data
- security and privacy in cloud scenarios
- security and privacy in complex systems
- security and privacy in content centric networking
- security and privacy in crowdsourcing
- security and privacy in the IoT
- security and privacy in location services
- security and privacy for mobile code
- security and privacy in pervasive / ubiquitous computing
- security and privacy policies
- security and privacy in social networks
- security and privacy in web services
- security and privacy in cyber-physical systems
- security, privacy and resilience in critical infrastructures
- security verification
- software security
- systems security
- trust models and management
- trustworthy user devices
- usable security and privacy
- web security
- wireless security
For more information, please see
http://www.ics.forth.gr/esorics2016/.
WISTP 2016
10th WISTP International Conference on Information Security Theory and Practice,
Heraklion, Crete, Greece, September 26-27, 2016.
[posted here 2/29/16]
The 10th WISTP International Conference on Information Security Theory and Practice
(WISTP 2016) seeks original submissions from academia and industry presenting novel
research on all theoretical and practical aspects of security and privacy, as well as
experimental studies of fielded systems, the application of security technology, the
implementation of systems, and lessons learned. We encourage submissions from
other communities such as law, business, and policy that present these communities'
perspectives on technological issues.
For more information, please see
http://www.wistp.org/.
SADFE 2016
11th International Conference on Systematic Approaches to Digital Forensics Engineering,
Kyoto, Japan, September 20-22, 2016.
[posted here 2/15/16]
SADFE-2016 is concerned with the generation, analysis and sustainability of digital
evidence and evolving t tools and techniques that are used in this effort. Advancement in
this field requires innovative methods, systems, and practices, which are grounded in
solid research coupled with an understanding of user needs. Digital forensics at SADFE
focuses on the issues introduced by the coupling of rapidly advancing technologies and
increased globalization. We believe digital forensic engineering is vital to security, the
administration of justice and the evolution of culture.
Potential topics include, but are not limited to:
Digital Data and Evidence Collection:
- Identification, authentication and collection of digital evidence
- Extraction and management of forensic artifacts
- Identification and redaction of personally identifying/sensitive information
- Evidence and digital memory preservation, curation and storage
- Compliance of architectures and processes (including network processes) with forensic requirements
- Data, digital knowledge, and web mining systems for identification and authentication of data
- Honeynets and other deception technologies that collect data for forensic analysis
- Innovative forensic techniques for new technologies
Digital Evidence Management, Integrity and Analytics:
- Advanced search, analysis, and presentation of digital evidence
- Cybercrime analysis, modeling and reconstruction technologies
- Tools and techniques for combining digital and non-digital evidence
- Supporting both qualitative and quantitative evidence
- Handling of evidence and the preservation of data integrity and admissibility
- Digital evidence in the face of encryption
- Forensic-support technologies: forensic-enabled and proactive monitoring/response
Scientific Principle-Based Digital Forensic Processes
- Examination environments for digital data
- Legal/technical aspects of admissibility and evidence tests
- Forensic tool validation: legal implications and issues
- Handling increasing volumes of digital discovery
- Computational Forensics and Validation Issues in Forensic Authentication and Validation.
- Forensic Readiness by Design
- Forensics tool validation
- Computational systems and computational forensic analysis
Legal, Ethical and Technical Challenges
- Forensics, policy and ethical implications new and evolving technologies
- Legal and privacy implications for digital and computational forensic analysis
- New Evidence Decisions
- Legal case construction and digital evidence support
- Transnational Investigations/Case Integration
- Managing geographically, politically and/or jurisdictionally dispersed data artifacts
- Case studies illustrating privacy, legal and legislative issues
- Courtroom expert witness and case presentation
The Impacts of the following on any of the above
- Technological challenges
- Legal and ethical challenges
- Economic challenges
- Political challenges
- Cultural and professional challenges
- New Trends (Internet of Things, Cloud Computing, Smart City, Big Data, etc.)
For more information, please see
http://sadfe.org.
RAID 2016
19th International Symposium on Research in Attacks, Intrusions and Defenses,
Paris, France, September 19-21, 2016.
[posted here 2/15/16]
The 19th International Symposium on Research in Attacks,
Intrusions and Defenses (RAID 2016) aims at bringing together
leading researchers and practitioners from academia, government,
and industry to discuss novel research contributions related to
computer and information security.
Research papers on all topics related to cyber attacks, intrusions or
defenses are within scope, including papers on:
- Malware and unwanted software
- Mobile and Web security and privacy
- Cloud computing security
- Computer and network security
- Denial-of-Service attacks
- Formal models, analysis, and standards
- Vulnerability analysis
- Secure software development
- Machine learning for security
- Computer security visualization techniques
- Cyber crime and underground economies
- Hardware security
- Program analysis and reverse engineering
- Digital forensics
- Usable security and privacy
- Intrusion detection and prevention
- Cyber physical systems
- Security measurement studies
- Security and privacy of the Internet of Things
- Threats against critical infrastructures and mitigation thereof
- Cyber intelligence techniques and threats intel sharing
For more information, please see
http://www.raid2016.org/.
IWDW 2016
15th International Workshop on Digital-forensics and Watermarking,
Beijing, China, September 17-19, 2016.
[posted here 2/29/16]
The 15th International Workshop on Digital-forensics and Watermarking (IWDW 2016) is
a premier forum for researchers and practitioners working on novel research, development
and applications of digital watermarking and forensics techniques for multimedia security.
We invite submissions of high-quality original research papers.
Areas of interest include, but are not limited to:
- Mathematical modeling of embedding and detection
- Information theoretic, stochastic aspects of data hiding
- Security issues, including attacks and counter-attacks
- Combination of data hiding and cryptography
- Optimum watermark detection and reliable recovery
- Estimation of watermark capacity
- Channel coding techniques for watermarking
- Large-scale experimental tests and benchmarking
- New statistical and perceptual models of multimedia content
- Reversible data hiding
- Data hiding in special media
- Data hiding and authentication
- Steganography and steganalysis
- Digital multimedia forensics & anti-forensics
- Copyright protection, DRM, forensic watermarking
- Visual cryptography & secret image sharing
- Security based on human vision system
For more information, please see
http://www.iwdw.net/.
IWSEC 2016
11th International Workshop on Security,
Tokyo, Japan, September 12-14, 2016.
[posted here 11/23/15]
Original papers on the research and development of various security topics,
as well as case studies and implementation experiences, are solicited for submission to IWSEC 2016.
Topics of interest for IWSEC 2016 include all theory and practice of cryptography, information
security, and network security, as in previous IWSEC workshops. In particular, we encourage
the following topics in this year:
- Big Data Analysis for Security
- Critical Infrastructure Security
- Cryptanalysis
- Cryptographic Protocols
- Cybersecurity Economics
- Digital Forensics
- Enriched Cryptography
- Formal Methods
- IoT security
- Machine Learning for Security
- Malware Countermeasures
- Measurements for Cybersecurity
- Multiparty Computation
- Post Quantum Cryptography
- Privacy Preserving
- Real World Cryptography
- Visualization for Security
For more information, please see
http://www.iwsec.org/2016/.
ISC 2016
19th Information Security Conference,
Honolulu, Hawaii, USA, September 7-9, 2016.
[posted here 1/25/16]
The Information Security Conference (ISC) is an annual international conference covering research in
theory and applications of Information Security. ISC aims to attract high quality papers in all technical
aspects of information security. ISC has been held in five continents. Papers on all technical aspects
of these topics are solicited for submission. Areas of interest include, but are not restricted to:
- access control
- accountability
- anonymity and pseudonymity
- applied cryptography
- authentication
- biometrics
- computer forensics
- critical infrastructure security
- cryptographic protocols
- database security
- data protection
- data/system integrity
- digital right management
- economics of security and privacy
- electronic frauds
- embedded security
- formal methods in security
- identity management
- information hiding & watermarking
- intrusion detection
- network security
- peer-to-peer security
- privacy
- secure group communications
- security in information flow
- security for Internet of Things
- security for mobile code
- secure cloud computing
- security in location services
- security modeling & architectures
- security and privacy in social networks
- security and privacy in pervasive and ubiquitous computing
- security of eCommerce, eBusiness and eGovernment
- security models for ambient intelligence environments
- trust models and trust policies
- economics of security and privacy
- information dissemination control
For more information, please see
http://manoa.hawaii.edu/isc2016.
APF 2016
Annual Privacy Forum,
Frankfurt am Main, Germany, September 7-8, 2016.
[posted here 2/1/16]
Nowadays electronic communication networks and digital services are an essential
part of an increasing number of everyday commodities. In the era of automated
profiling and electronic surveillance, citizens face a serious threat against their right
to privacy and informational self-determination, especially when using the internet
and mobile services. The lack of transparency regarding the functionality and
interconnection of such services increases the risk of uncontrollable processing of
personal data. In this regard, the upcoming Data Protection Regulation will be a useful
instrument to protect the privacy of individuals. However, for its successful implementation,
this new framework needs to be enforced by proper technologies and encompassed with
sustainable business models along with mechanisms to promote privacy awareness and
help users to understand the value of their data.
In the light of the upcoming data protection regulation and the European digital
agenda, DG CONNECT, ENISA and, Goethe University Frankfurt is organizing APF 2016.
For more information, please see
http://privacyforum.eu/.
ARES 2016
11th International Conference on Availability, Reliability and Security,
Salzburg, Austria, August 31 - September 2, 2016.
[posted here 2/1/16]
The 11th International Conference on Availability, Reliability and Security ("ARES") will
bring together researchers and practitioners in the area of dependability. ARES will highlight
the various aspects of security - with special focus on the crucial linkage between
availability, reliability and security.
ARES aims at a full and detailed discussion of the research issues of security as an integrative
concept that covers amongst others availability, safety, confidentiality, integrity,
maintainability and security in the different fields of applications.
ARES will emphasize the interplay between foundations and practical issues of security in
emerging areas such as e-government, m-government, location-based applications, ubiquitous
computing, autonomous computing, chances of grid computing etc. ARES is devoted to the
critical examination and research challenges of the various aspects of Secure and Dependable
Computing and the definition of a future road map.
For more information, please see
http://www.ares-conference.eu.
IWCC 2016
5th International Workshop on Cyber Crime,
Co-located with the 11th International Conference on Availability, Reliability and Security (ARES 2016),
Salzburg, Austria, August 29 - September 2, 2016.
[posted here 2/15/16]
Today's world's societies are becoming more and more dependent on open networks such as the Internet -
where commercial activities, business transactions and government services are realized. This has led to
the fast development of new cyber threats and numerous information security issues which are exploited
by cyber criminals. The inability to provide trusted secure services in contemporary computer network
technologies has a tremendous socio-economic impact on global enterprises as well as individuals.
Moreover, the frequently occurring international frauds impose the necessity to conduct the investigation
of facts spanning across multiple international borders. Such examination is often subject to different
jurisdictions and legal systems. A good illustration of the above being the Internet, which has made it
easier to perpetrate traditional crimes. It has acted as an alternate avenue for the criminals to conduct
their activities, and launch attacks with relative anonymity. The increased complexity of the
communications and the networking infrastructure is making investigation of the crimes difficult.
Traces of illegal digital activities are often buried in large volumes of data, which are hard to inspect
with the aim of detecting offences and collecting evidence. Nowadays, the digital crime scene functions
like any other network, with dedicated administrators functioning as the first responders.
This poses new challenges for law enforcement policies and forces the computer societies to utilize
digital forensics to combat the increasing number of cybercrimes. Forensic professionals must be fully
prepared in order to be able to provide court admissible evidence. To make these goals achievable,
forensic techniques should keep pace with new technologies.
The aim of 5th International Workshop on Cyber Crime is to bring together the research accomplishments
provided by the researchers from academia and the industry. The other goal is to show the latest
research results in the field of digital forensics and to present the development of tools and techniques
which assist the investigation process of potentially illegal cyber activity. We encourage prospective
authors to submit related distinguished research papers on the subject of both: theoretical approaches
and practical case reviews.
The workshop will be accessible to both non-experts interested in learning about this area and experts
interesting in hearing about new research and approaches.
Topics of interest include, but are not limited to:
- Cyber crimes: evolution, new trends and detection
- Cyber crime related investigations
- Computer and network forensics
- Digital forensics tools and applications
- Digital forensics case studies and best practices
- Privacy issues in digital forensics
- Network traffic analysis, traceback and attribution
- Incident response, investigation and evidence handling
- Integrity of digital evidence and live investigations
- Identification, authentication and collection of digital evidence
- Anti-forensic techniques and methods
- Watermarking and intellectual property theft
- Social networking forensics
- Steganography/steganalysis and covert/subliminal channels
- Network anomalies detection
- Novel applications of information hiding in networks
- Political and business issues related to digital forensics and anti-forensic techniques
For more information, please see
http://stegano.net/IWCC2016/.
TRUST 2016
9th International Conference on Trust & Trustworthy Computing,
Vienna, Austria, August 29-30, 2016.
[posted here 3/14/16]
TRUST 2016 is an international conference that explores new ideas and
experiences in building, designing, using and understanding trustworthy
computing systems. We are now calling for papers. Interested authors are
invited to submit papers describing novel and previously unpublished results
in building, designing, using and understanding trustworthy computing systems.
Paper topics include, but are not limited to:
- Architectures for trustworthy infrastructures
- Emerging applications and technologies, including recent industrial research
and development on trusted/trustworthy computing
- Hardware security, including secure storage, cryptographic coprocessors,
smartcards, and physically unclonable functions (PUFs)
- Trustworthy applications, including webbased systems
- Trusted mobile computing platforms
- Trustworthy embedded, CyberPhysical, and Internet of Things systems
- Security analysis and formal techniques for trusted/trustworthy computing
- Verification of trusted/trustworthy computing (architectures, platforms, software,
protocols)
- Usability of trusted/trustworthy computing solutions and humancomputer interactions
- Cloud security and trustworthy services
- Trust management
- Software engineering techniques for trustworthiness
- Operating system security, including virtualization and monitoring
- Cryptography for trusted computing and related applications
- Intrusion detection and resilience leveraging trusted computing
- Security policies and management of trusted/trustworthy systems
- Experimental, userbased or testbed studies
For more information, please see
http://trust2016.sba-esearch.org/.
TrustCom 2016
15th IEEE International Conference on Trust, Security and
Privacy in Computing and Communications,
Tianjin, China, August 23-26, 2016.
[posted here 12/7/15]
With the rapid development and increasing complexity of computer systems and
communication networks, user requirements for trust, security and privacy are
becoming more and more demanding. Therefore, there is a grand challenge that
traditional security technologies and measures may not meet user requirements in
open, dynamic, heterogeneous, mobile, wireless, and distributed computing environments.
As a result, we need to build systems and networks in which various applications allow
users to enjoy more comprehensive services while preserving trust, security and privacy
at the same time. As useful and innovative technologies, trusted computing and
communications are attracting researchers with more and more attention.
The conference aims at bringing together researchers and practitioners in the world working on trusted
computing and communications, with regard to trust, security, privacy, reliability, dependability,
survivability, availability, and fault tolerance aspects of computer systems and networks, and
providing a forum to present and discuss emerging ideas and trends in this highly
challenging research field. Topics of interest include, but not limited to:
Trust Track
- Trust semantics, metrics and models
- Trusted computing platform
- Trusted network computing
- Trusted operating systems
- Trusted software and applications
- Trust in social networks
- Trust in e-commerce and e-government
- Trust in mobile and wireless communications
- Risk and reputation management
- Survivable computer systems/networks
- Trust of 5G
- Miscellaneous trust issues
Security Track
- Network security
- Computer security
- Database security
- Web applications security
- Security policy, model and architecture
- Security in social networks
- Security in parallel and distributed systems
- Security in mobile and wireless communications
- Security in grid/cloud/pervasive computing
- Authentication, authorization and accounting
- Security of 5G
- Miscellaneous security issues
Privacy Track
- Privacy in Web-based applications and services
- Privacy in database systems
- Privacy in parallel and distributed systems
- Privacy in grid/cloud/pervasive computing
- Privacy in mobile and wireless communications
- Privacy in e-commerce and e-government
- Privacy in network deployment and management
- Privacy and trust
- Privacy and security
- Privacy and anonymity
- Privacy preservation in 5G
- Miscellaneous privacy issues
Forensics Track
- Anti-forensics
- Biometrics
- Cryptanalysis
- Big data forensics
- CCTV forensics
- Cloud forensics
- Computational forensics
- Cyber-physical system forensics
- Datamining for forensics
- Facial recognition
- Fingerprint forensics
- Image forensics
- Malware forensics
- Mobile app forensics (e.g. Skype, WeChat and Facebook)
- Mobile device forensics
- Multimedia forensics
- Network forensics
- Steganography and steganalysis
- System reverse engineering
- Watermarking
For more information, please see
http://adnet.tju.edu.cn/TrustCom2016/.
PROOFS 2016
5th International Workshop on Security Proofs for Embedded Systems,
Santa Barbara, California, USA, August 20, 2016.
[posted here 3/21/16]
This workshop, the fifth in an annual series, brings together leading researchers and practitioners
from academia, government, and industry to discuss the application
of formal methods to the field of embedded systems security.
PROOFS seeks contributions about methodologies that increase the confidence
level in the security of embedded systems, especially those which contain
cryptographic algorithms. Exploratory works and use-cases are especially
welcomed.
For more information, please see
http://www.proofs-workshop.org/.
USENIX-Security 2016
25th USENIX Security Symposium,
Austin, TX, USA, August 10–12, 2016.
[posted here 2/15/16]
The USENIX Security Symposium brings together researchers, practitioners, system
administrators, system programmers, and others interested in the latest advances in
the security and privacy of computer systems and networks.
Refereed paper submissions are solicited in all areas relating to systems
research in security and privacy, including but not limited to:
- System security (Operating systems security, Web security, Mobile systems security,
Distributed systems security, Cloud computing security)
- Network security (Intrusion and anomaly detection and prevention,
Network infrastructure security, Denial-of-service attacks and countermeasures,
Wireless security)
- Cryptographic implementation analysis and construction
- Applied cryptography
- Security analysis (Malware analysis, Analysis of network and security protocols,
Attacks with novel insights, techniques, or results,
Forensics and diagnostics for security,
Automated security analysis of hardware designs and implementation,
Automated security analysis of source code and binaries, Program analysis)
- Security measurement studies (Measurements of fraud, malware, spam,
Measurements of human behavior and security,
Privacy-enhancing technologies and anonymity)
- Usable security and privacy
- Language-based security
- Hardware security (Secure computer architectures, Embedded systems security,
Methods for detection of malicious or counterfeit hardware, Side channels)
- Research on surveillance and censorship
- Social issues and security (Research on computer security law and policy,
Ethics of computer security research,
Research on security education and training)
For more information, please see
https://www.usenix.org/conference/usenixsecurity16/call-for-papers.
CSET 2016
9th Workshop on Cyber Security Experimentation and Test,
Austin, TX, USA, August 8, 2016.
[posted here 4/11/16]
The science of cyber security poses significant challenges. For example, experiments
must recreate relevant, realistic features in order to be meaningful, yet identifying
those features and modeling them is very difficult. Repeatability and measurement
accuracy are essential in any scientific experiment, yet hard to achieve in practice.
Few security-relevant datasets are publicly available for research use and little is
understood about what "good datasets" look like. Finally, cyber security experiments
carry significant risks if not properly contained and controlled, yet often require some
degree of interaction with the larger world in order to be useful.
Meeting these challenges requires transformational advances, including understanding
the relationship between scientific method and cyber security evaluation, advancing
capabilities of underlying experimental infrastructure, and improving data usability.
Topics of interest include but are not limited to:
- Science of cyber security: e.g., experiences with and discussions of
experimental methodologies; experiment design and conduct addressing
cyber security challenges.
- Measurement and metrics: e.g., what are useful or valid metrics,
test cases, and benchmarks? How do we know? How does measurement
interact with (or interfere with) evaluation?
- Testbeds and experimental infrastructure: e.g., tools for improving
speed and fidelity of testbed configuration; sensors for robust data
collection with minimal testbed artifacts; support for
interconnected non-IT systems such as telecommunications or industrial control.
- Simulations and emulations: e.g., what makes good ones? How do they scale (up or down)?
- Data sets: e.g., what makes good data sets? How do we know? How do
we compare data sets? How do we collect new ones or generate
derived ones? How do they hold up over time?
- Ethics of cyber security research: e.g., experiences balancing
stakeholder considerations; frameworks for evaluating the ethics of
cyber security experiments.
For more information, please see
https://www.usenix.org/conference/cset16/.
NSAA 2016
Workshop on Network Security Analytics and Automation,
Held in conjunction with the 25th International Conference on Computer
Communication and Networks (ICCCN 2016),
Waikoloa, Hawaii, USA, August 1-4, 2016.
[posted here 3/14/16]
This workshop provides a forum for researchers to explore promising new approaches
to enable enterprises to quickly determine courses of action in response to ever
changing computer network threats. Emphasis will be focused on building a sustained
ecosystem for network security and using big data analytics techniques to determine
appropriate responses to prevent massive attack events by neutralizing threats before
they have a chance to gather momentum. To this end effective and safe automation
and integration of security tools are critical. Topics of interest include, but not
limited to:
- Cyber threat information sharing standards, ontologies, and infrastructure
- Assessing the reputation of cyber threat intelligence sources
- Course of action planning based on shared information
- Enrichment of shared threat information
- Application of big data analytics to identify threats
- Visualization of logs and attack information
- Integration of network security responses
- Orchestration of responses to threats
- Curriculum development related to network security analytics and automation
- Automation of responses
- Safety controls for automation
- Network resiliency
For more information, please see
http://icccn.org/icccn16/.
SECRYPT 2016
13th International Conference on Security and Cryptography,
Lisbon, Portugal, July 26 - 28, 2016.
[posted here 11/23/15]
SECRYPT is an annual international conference covering research in information and communication security.
The conference seeks submissions from academia, industry, and government presenting novel research on
all theoretical and practical aspects of data protection, privacy, security, and cryptography.
Papers describing the application of security technology, the implementation of systems, and lessons
learned are also encouraged. Papers describing new methods or technologies, advanced prototypes,
systems, tools and techniques and vision papers indicating future directions are also encouraged.
Conference topics:
- Access Control
- Applied Cryptography
- Biometrics Security and Privacy
- Critical Infrastructure Protection
- Data Integrity
- Data Protection
- Database Security and Privacy
- Digital Forensics
- Digital Rights Management
- Ethical and Legal Implications of Security and Privacy
- Formal Methods for Security
- Human Factors and Human Behavior Recognition Techniques
- Identification, Authentication and Non-repudiation
- Identity Management
- Information Hiding
- Information Systems Auditing
- Insider Threats and Countermeasures
- Intellectual Property Protection
- Intrusion Detection & Prevention
- Management of Computing Security
- Network Security
- Organizational Security Policies
- Peer-to-Peer Security
- Personal Data Protection for Information Systems
- Privacy
- Privacy Enhancing Technologies
- Reliability and Dependability
- Risk Assessment
- Secure Software Development Methodologies
- Security and Privacy for Big Data
- Security and privacy in Complex Systems
- Security and Privacy in Crowdsourcing
- Security and Privacy in IT Outsourcing
- Security and Privacy in Location-based Services
- Security and Privacy in Mobile Systems
- Security and Privacy in Pervasive/Ubiquitous Computing
- Security and Privacy in Smart Grids
- Security and Privacy in Social Networks
- Security and Privacy in the Cloud
- Security and Privacy in Web Services
- Security and Privacy Policies
- Security Area Control
- Security Deployment
- Security Engineering
- Security in Distributed Systems
- Security Information Systems Architecture
- Security Management
- Security Metrics and Measurement
- Security Protocols
- Security requirements
- Security Verification and Validation
- Sensor and Mobile Ad Hoc Network Security
- Service and Systems Design and QoS Network Security
- Software Security
- Trust management and Reputation Systems
- Ubiquitous Computing Security
- Wireless Network Security
For more information, please see
http://www.secrypt.icete.org.
DCCL 2016
Workshop on Distributed Cryptocurrencies and Consensus Ledgers,
Co-located with PODC 2016,
Chicago, IL, USA, July 25, 2016.
[posted here 5/9/16]
The recent global interest in cryptocurrencies was triggered by the rise of Bitcoin,
which introduced a public ledger called the blockchain to record the history of its transactions.
Bitcoin maintains its blockchain through a decentralized peer-to-peer cryptographic protocol that
works without any trusted central authority, but it assumes (at least) that a majority of the
computing power in the system is held by honest nodes. Cryptographic techniques ensure the
integrity of all transactions in the distributed ledger and new entries are appended through a
consensus protocol. Many alternative cryptocurrencies have introduced variations of Bitcoin and
proposed alternative designs for consensus ledgers. Novel protocols, known as "smart contracts",
are constructed on top of the blockchain, achieving guarantees that were not possible before.
Today many financial institutions see the disruptive power of this technology and regard it as a
promising alternative to their established business practices, not depending on centralized control,
eliminating intermediaries, and enabling new businesses.
Several consensus mechanisms are currently under investigation: On the one hand,
Bitcoin's consensus protocol, called "Nakamoto consensus", allows anonymous nodes
to participate based on a "proof-of-work". On the other hand, traditional Byzantine
consensus and BFT protocols play a role in settings where all nodes are known to each
other. Many other systems have been proposed and lie somewhere between these extremes.
Distributed knowledge, consistency, and reaching consensus among selfish and mutually
distrusting nodes are core topics in the theory and practice of distributed computing. Hence,
the popularity of decentralized cryptocurrencies and consensus ledgers creates a unique
opportunity for the field to explore this nascent domain and to influence it.
This workshop aims at discussing questions of consistency, concurrency, distributed knowledge,
integrity, and reaching consensus in the context of cryptocurrencies and consensus ledgers.
The workshop solicits submissions describing current work addressing decentralized cryptocurrencies
and consensus ledgers, including analytical results, work on systems, and/or position papers.
For more information, please see
http://www.zurich.ibm.com/dccl/.
SIN 2016
9th International Conference on Security of Information and Networks,
Rutgers University, New Jersey, NJ, USA, July 20-22, 2016.
[posted here 2/8/16]
Papers, special sessions, tutorials, and workshops addressing all aspects of security in
information and networks are being sought. Researchers and industrial practitioners
working on the following and related subjects are especially encouraged: development
and realization of cryptographic solutions, security schemes, new algorithms; critical
analysis of existing approaches; secure information systems, especially distributed
control and processing applications, and security in networks; interoperability, service
levels and quality issues in such systems; information assurance, security, and public
policy; detection and prevention of cybercrimes such as fraud and phishing; next
generation network architectures, protocols, systems and applications; security
education curriculum; industrial experiences and challenges of the above. Doctoral
students are encouraged to propose papers on ongoing research.
Original papers will be considered; submissions must not substantially duplicate work that any of
the authors has published elsewhere or has submitted in parallel to any other conference or
workshop that has proceedings. All submitted papers will be reviewed by at least three members
of the program committee judging its originality, significance, correctness, presentation and relevance.
Authors are also encouraged to propose position papers on practical studies and experiments,
critique of existing work, emerging issues, and novel ideas under development.
Enterprises and research centers developing, implementing, or using security tools and
frameworks are encouraged to propose application / tool demo.
Proposals of half-day tutorials on fundamental to advanced subjects covering practical
implementation aspects of security are welcome.
Proposals of special session(s) to be held in the main conference are welcome.
Proposals are invited for workshops to be held in conjunction with SIN 2016 Conference.
The workshop proposal theme should be closely related to the conference topics. Broad areas of
interest include theory, tools, and applications of security for information, computer, network,
and cloud but are not limited to, the following:
- Access control and intrusion detection
- Security of cyber-physical systems
- Autonomous and adaptive security
- Security tools and development platforms
- Computational intelligence techniques in security
- Security ontology, models, protocols & policies
- Computer network defense
- Standards, guidelines and certification
- Cryptographic techniques and key management
- Security-aware software engineering
- Trust and privacy
- Information assurance
- Malware analysis
- Network security and protocols
- Security in Mobile/Embedded Systems
- Cloud security
- Security education and innovative curriculum
For more information, please see
http://www.sinconf.org.
PETS 2016
16th Privacy Enhancing Technologies Symposium,
Darmstadt, Germany, July 19-22, 2016.
[posted here 08/03/15]
The annual Privacy Enhancing Technologies Symposium (PETS) brings together privacy experts from
around the world to discuss recent advances and new perspectives on research in privacy technologies.
New model as of PETS 2015: Papers undergo a journal-style reviewing process and accepted papers are
published in the journal Proceedings on Privacy Enhancing Technologies (PoPETs). PoPETs, a scholarly,
open access journal for timely research papers on privacy, has been established as a way to improve
reviewing and publication quality while retaining the highly successful PETS community event. Authors
can submit papers to PoPETs four times a year, every three months on a predictable schedule. Authors
are notified of the decisions about two months after submission. In addition to accept and reject
decisions, papers may be provided with 'major revision' decisions, in which case authors are invited
to revise and resubmit their article to one of the following two submission deadlines.
NEW as of PETS 2016: PETS 2016 also solicits submissions for Systematization of Knowledge (SoK) papers.
These are papers that critically review, evaluate, and contextualize work in areas for which a body of
prior literature exists, and whose contribution lies in systematizing the existing knowledge in that area.
Authors are encouraged to view our FAQ about the submission process.
Suggested topics include but are not restricted to:
- Behavioural targeting
- Building and deploying privacy-enhancing systems
- Crowdsourcing for privacy
- Cryptographic tools for privacy
- Data protection technologies
- Differential privacy
- Economics of privacy and game-theoretical approaches to privacy
- Forensics and privacy
- Human factors, usability and user-centered design for PETs
- Information leakage, data correlation and generic attacks to privacy
- Interdisciplinary research connecting privacy to economics, law, ethnography,
psychology, medicine, biotechnology
- Location and mobility privacy
- Measuring and quantifying privacy
- Obfuscation-based privacy
- Policy languages and tools for privacy
- Privacy and human rights
- Privacy in ubiquitous computing and mobile devices
- Privacy in cloud and big-data applications
- Privacy in social networks and microblogging systems
- Privacy-enhanced access control, authentication, and identity management
- Profiling and data mining
- Reliability, robustness, and abuse prevention in privacy systems
- Surveillance
- Systems for anonymous communications and censorship resistance
- Traffic analysis
- Transparency enhancing tools
For more information, please see
http://petsymposium.org/.
HAISA 2016
International Symposium on Human Aspects of Information Security & Assurance,
Frankfurt Germany, July 19 - 21, 2016.
[posted here 1/18/16]
It is commonly acknowledged that security requirements cannot be addressed by technical means alone,
and that a significant aspect of protection comes down to the attitudes, awareness, behaviour and
capabilities of the people involved. Indeed, people can potentially represent a key asset in achieving
security, but at present, factors such as lack of awareness and understanding, combined with unreasonable
demands from security technologies, can dramatically impede their ability to do so. Ensuring appropriate
attention and support for the needs of users should therefore be seen as a vital element of a successful
security strategy.
People at all levels (i.e. from organisations to domestic environments; from system administrators to
end-users) need to understand security concepts, how the issues may apply to them, and how to use the
available technology to protect their systems. In addition, the technology itself can make a contribution
by reducing the demands upon users, simplifying protection measures, and automating a variety of
safeguards.
With the above in mind, this symposium specifically addresses information security issues that relate to
people. It concerns the methods that inform and guide users' understanding of security, and the technologies
that can benefit and support them in achieving protection.
The symposium welcomes papers addressing research and case studies in relation to any aspect of information
security that pertains to the attitudes, perceptions and behaviour of people, and how human characteristics
or technologies may be positively modified to improve the level of protection. Indicative themes include:
- Information security culture
- Awareness and education methods
- Enhancing risk perception
- Public understanding of security
- Usable security
- Psychological models of security software usage
- User acceptance of security policies and technologies
- User-friendly authentication methods
- Biometric technologies and impacts
- Automating security functionality
- Non-intrusive security
- Assisting security administration
- Impacts of standards, policies, compliance requirements
- Organizational governance for information assurance
- Simplifying risk and threat assessment
- Understanding motivations for misuse
- Social engineering and other human-related risks
- Privacy attitudes and practices
- Computer ethics and security
For more information, please see
http://haisa.org/.
DBSec 2016
30th Annual IFIP WG 11.3 Working Conference on Data and Applications Security and Privacy,
Trento, Italy, July 18-21, 2016.
[posted here 1/4/16]
DBSec is an annual international conference covering research
in data and applications security and privacy.
The conference seeks submissions from academia, industry, and
government presenting novel research on all theoretical and practical
aspects of data protection, privacy, and applications security.
Topics of interest include (but are not limited to):
- access control
- anonymity
- applied cryptography in data security
- authentication
- big data security
- data and system integrity
- data protection
- database security
- digital rights management
- identity management
- intrusion detection
- knowledge discovery and privacy
- methodologies for data and application security
- network security
- organizational security
- privacy
- secure distributed systems
- secure information integration
- secure Web services
- security and privacy in crowdsourcing
- security and privacy in IT outsourcing
- security and privacy in the Internet of Things
- security and privacy in location-based services
- security and privacy in P2P scenarios and social networks
- security and privacy in pervasive/ubiquitous computing
- security and privacy in cloud scenarios
- security and privacy policies
- security management
- security metrics
- threats, vulnerabilities, and risk management
- trust and reputation systems
- trust management
- wireless and mobile security
- biometrics
For more information, please see
http://dbsec2016.fbk.eu.
SHPCS 2016
11th International Workshop on Security and High Performance Computing Systems,
Held in conjunction with the 2016 International Conference on High Performance Computing & Simulation (HPCS 2016),
Innsbruck, Austria, July 18 - 22, 2016.
[posted here 1/18/16]
Providing high performance computing and security is a challenging task. Internet, operating systems
and distributed environments currently suffer from poor security support and cannot resist common
attacks. Adding security measures typically degrade performance. This workshop addresses relationships
between security, high performance and distributed computing systems in four directions. First, it
considers how to add security properties (authentication, confidentiality, integrity, non-repudiation,
access control) to high performance computing systems and how they can be formally verified both
at design-time (formal verification) and at run-time (run-time verification). In this case, safety
properties can also be addressed, such as availability and fault tolerance for high performance
computing systems. Second, it addresses vulnerabilities and security threats (and remediation)
targeting HPC, grid, cloud and mobile environments. Third, it covers how to use HPC systems to
solve security problems. For instance, a grid computation can break an encryption code, a cluster
can support high performance intrusion detection or a distributed formal verification system. More
generally, this topic addresses every efficient use of a high performance computing systems to
improve security. Fourth, it investigates the tradeoffs between maintaining high performance and
achieving security in computing systems and solutions to balance the two objectives. In all these
directions, various formal analyses, as well as performance analyses or monitoring techniques can
be conducted to show the efficiency of a security infrastructure.
The workshop seeks submissions from academia and industry presenting novel research on all
theoretical and practical aspects of security related to HPC, distributed, network and mobile
environments, as well as case studies and implementation experiences. Papers should have practical
relevance to the construction, evaluation, application, or operation of secure systems.
For more information, please see
http://hpcs2016.cisedu.info/2-conference/workshops---hpcs2016/workshop09-shpcs.
WiSec 2016
9th ACM Conference on Security and Privacy in Wireless and Mobile Networks,
Darmstadt, Germany, July 18-20, 2016.
[posted here 1/25/16]
ACM WiSec is the leading ACM conference dedicated to all aspects of security and privacy
in wireless and mobile networks and systems and their applications. In addition to the
traditional ACM WiSec topics of physical, link, and network layer security, we welcome papers
focusing on the security and privacy of mobile software platforms, usable security and privacy,
biometrics, cryptography, and the increasingly diverse range of mobile or wireless applications
such as Internet of Things, and Cyber-Physical Systems. The conference welcomes both theoretical
as well as systems contributions.
Topics of interest include:
- Security & privacy for smart devices (e.g., smartphones)
- Wireless and mobile privacy and anonymity
- Secure localization and location privacy
- Cellular network fraud and security
- Jamming attacks and defenses
- Key management (agreement or distribution) for wireless or mobile systems
- Information-theoretic security schemes for wireless systems
- Theoretical and formal approaches for wireless and mobile security
- Cryptographic primitives for wireless and mobile security
- NFC and smart payment applications
- Security and privacy for mobile sensing systems
- Wireless or mobile security for emerging applications (e.g, privacy in health, automotive,
avionics, smart grid, or IoT applications)
- Physical tracking security and privacy
- Usable mobile security and privacy
- Economics of mobile security and privacy
- Bring Your Own Device (BYOD) security
- Mobile malware and platform security
- Security for cognitive radio and dynamic spectrum access systems
- Security protocols for wireless networking
For more information, please see
http://www.sigsac.org/wisec/WiSec2016/.
Infer 2016
International Workshop on Inference and Privacy in a Hyperconnected World,
Darmstadt, Germany, July 18, 2016.
[posted here 4/18/16]
The fields of embedded computing, wireless communication, data mining and artificial
intelligence are exhibiting impressive improvements. Their combination fosters the
emergence of "smart environments": Systems made of networked physical objects
embedded in public places and private spheres of everyday individuals. This trend is
supporting the rise of a broad variety of data-driven services that are highly customized
to various aspect of our life, and hold great social and economic potential. Examples
include wearable computing systems and applications for monitoring of personal health
and physical/social activities; Intelligent Transport Systems (ITS) relying on cars that
are becoming increasingly aware of their environment and drivers; and home automation
systems that even support face and emotion recognition applications and provide web
access to entirely novel types of content.
Such disruptive technologies are expected to increasingly rely on sophisticated machine
learning and statistical inference techniques to obtain a much clearer semantic understanding
of people' states, activities, environments, contexts and goals. However, these
developments also raise new technical, social, ethical and legal privacy challenges
which, if left unaddressed, will jeopardize the wider deployment and thus undermine
potential social and economic benefits of the aforementioned emerging technologies.
Indeed, algorithms increasingly used for complex information processing in today's
hyperconnected society are rarely designed with privacy and data protection in mind.
On the other hand, privacy researchers are increasingly interested in leveraging machine
learning and inference models when designing both attacks and innovative
privacy-enhancing tools.
Aiming to foster an exchange of ideas and an interdisciplinary discussion on both theoretical
and practical issues that applying inference models to jeopardize/enhance data protection
and privacy may entail, this workshop provides researchers and practitioners with a unique
opportunity to share their perspectives with others interested in the various aspects of
privacy and inference.
For more information, please see
https://www.sit.fraunhofer.de/en/infer2016/.
EuroUSEC 2016
1st European Workshop on Usable Security,
Affiliated with PETS 2016,
Darmstadt, Germany, July 18, 2016.
[posted here 1/18/16]
The aim of this workshop is to bring together researchers from different areas of computer
science such as security, visualisation, artificial intelligence and machine learning as well as
researchers from other domains such as psychology, social science and economics. We
encourage submissions from collaborative research by authors of multiple fields.
Topics of interest include:
- Usability evaluation of existing security and privacy paradigms or technologies
- Design and evaluation of novel security and privacy paradigms or technologies
- Evaluation of existing security and privacy awareness and education tools
- Design and evaluation of novel security and privacy awareness and education tools
- Lessons learned from the design, deployment, management or the evaluation of security
and privacy paradigms or technologies
- Foundations of usable security and privacy
- Psychological, sociological and economic aspects of security and privacy
- Methodology for usable security and privacy research
For more information, please see
https://eurousec.secuso.org/2016/.
DIMVA 2016
13th International Conference on Detection of Intrusions and Malware & Vulnerability Assessment,
San Sebastian, Spain, July 7-8, 2016.
[posted here 12/7/15]
The annual DIMVA conference serves as a premier forum for advancing the state of the
art in intrusion detection, malware detection, and vulnerability assessment. Each year,
DIMVA brings together international experts from academia, industry, and government to
present and discuss novel research in these areas.
DIMVA solicits submission of high-quality, original scientific papers presenting novel research on
malware analysis, intrusion detection, and related systems security topics.
As per our tradition, DIMVA encourages submissions from the following broad areas:
INTRUSION DETECTION
- Novel approaches and domains
- Insider detection
- Prevention and response
- Data leakage and exfiltration
- Result correlation and cooperation
- Evasion and other attacks
- Potentials and limitations
- Operational experiences
- Privacy, legal and social aspects
- Targeted attacks
MALWARE DETECTION
- Automated analyses
- Behavioral models
- Prevention and containment
- Classification
- Lineage
- Forensics and recovery
- Underground economy
VULNERABILITY ASSESSMENT
- Vulnerability detection
- Vulnerability prevention
- Vulnerability analysis
- Exploitation prevention
- Situational awareness
- Active probing
For more information, please see
http://dimva2016.mondragon.edu.
PMSPCR 2016
Workshop on Process Mining for Security, Privacy, Compliance & Resilience,
Held in conjunction with the 19th International Conference on Business Information Systems (BIS 2016),
Leipzig, Germany, July 6-8, 2016.
[posted here 1/25/16]
Security in Business Processes (BP) is an extension to well-known security analysis.
Security rules are either defined by regulation, e.g. data protection law, or as guidelines for
good conducts, e.g. Basel III or SOX. Business guidelines, e.g. ITIL and COBIT, form a
specification of regulation and business conduct, but there are almost no satisfying approaches
as far as computer science is concerned. This workshop deals with process mining as a means for
security analysis.
Three phases may be identified: process analysis before execution, monitoring, or after execution
of the BP. With regard to the latter, logs recording the events executed in BP build the basis for
Process Mining (PM), which provides methods and tools to ensure compliance to regulations and
guidelines.
This workshop aims to explore the potentials of process mining to bridge the gap between an analysis
of workflows and a certification of compliance and security. We invite innovative and previously
undisclosed contributions, but also case studies and best practices, which present the analysis of
business processes related to security, resilience and privacy aspects "by design", during runtime,
and forensically, based on the analysis of process logs. In this regard, we explicitly invite submission
of practical contributions.
For more information, please see
http://bis.kie.ue.poznan.pl/bis2016/workshops/pmspcr-2016/.
CSF 2016
29th IEEE Computer Security Foundations Symposium,
Lisbon, Portugal, June 28 - July 1, 2016.
[posted here 1/25/16]
The Computer Security Foundations Symposium is an annual conference for researchers in
computer security. CSF seeks papers on foundational aspects of computer security,
such as formal security models, relationships between security properties and defenses,
principled techniques and tools for design and analysis of security mechanisms, as well as
their application to practice. While CSF welcomes submissions beyond the topics listed below,
the main focus of CSF is foundational security: submissions that lack foundational aspects
risk rejection. This year, CSF will use a light form of double blind reviewing (see the conference website).
New results in computer security are welcome. We also encourage challenge/vision papers,
which may describe open questions and raise fundamental concerns about security. Possible
topics for all papers include, but are not limited to: access control, accountability, anonymity
and privacy, authentication, computer-aided cryptography, data and system integrity,
database security, decidability and complexity, distributed systems security, electronic voting,
formal methods and verification, decision theory, hardware-based security, information flow,
intrusion detection, language-based security, network security, data provenance, mobile
security, security metrics, security protocols, software security, socio-technical security,
trust management, usable security, web security.
SPECIAL SESSIONS: This year, we strongly encourage papers in two foundational areas of research we would
like to promote at CSF:
- PRIVACY (Chair: Daniel Kifer). CSF 2015 will include a special
session on privacy foundations and invites submissions on
innovations in practice, as well as definitions, models, and
frameworks for communication and data privacy, principled analysis
of deployed or proposed privacy protection mechanisms, and
foundational aspects of practical privacy technologies. We
especially encourage submissions aiming at connecting the computer
science point of view on privacy with that of other disciplines
(law, economics, sociology, statistics...)
- SECURITY ECONOMICS (Chair: Jens Grossklags). There is an interplay
between important system properties including privacy, security,
efficiency, flexibility, and usability. Diverse systems balance
these properties differently, and as such provide varied benefits
(for users) for different costs (for builders and attackers). In
short, securing systems is ultimately an economic question. CSF 2016
will include a special session on security economics, where we
invite submissions on foundational work in this area. Topics
include, but are not limited to, risk management and
cyber-insurance, investments in information security, security
metrics, decision and game theory for security, and cryptocurrencies.
These papers will be reviewed under the supervision of the special session chairs.
They will be presented at the conference, and will appear in the CSF proceedings,
without any distinction from the other papers.
For more information, please see
http://csf2016.tecnico.ulisboa.pt/.
MedSPT 2016
1st International Workshop on Security, Privacy, and Trustworthiness in Medical Cyber Physical System
Held in conjunction with IEEE Conference on Connected Health: Applications, Systems
and Engineering Technologies (CHASE 2016),
Washington DC, USA, June 27-29, 2016.
[posted here 2/15/16]
Medical Cyber Physical Systems (MCPS) are life-critical, context-aware, and networked systems
of medical devices that provide tight integration and coordination between the cyber world of
computing and communications and the physical world. Recent advances in mobile and wearable
healthcare, communication, and Cloud computing technologies are making MCPS a promising platform
for scientific advancement and development of new tools that may improve patients' health and
wellbeing. Coming along with the potential social economic and personal healthcare benefits are significant
security, privacy, and trustworthiness challenges in MCPS, due to unreliable embedded software controlling
medical devices, weak computing and networking capabilities of medical devices, and adaptive privacy
requirements introduced by complicated physiological dynamics of patient bodies. So far, the security,
privacy, and trustworthiness initiatives for MCPS are still at an early stage. On one hand, more and more
concerns have been raised in the fields and many security, privacy, and trustworthiness-enhancing
techniques have been proposed to resolve these concerns. On the other hand, the emerging mobile and
wearable technologies revolutionize the entire MCPS as well as its models of security, privacy, and
trustworthiness. It is still not clear that these proposed techniques are useful and effective in practice
and how quickly or even possibly they are going to be adopted. This workshop aims to bring together
the technologists and researchers who share interest in the area of security, privacy and trustworthiness
in medical cyber physical systems, as well as explore new venues of collaboration. The main purpose
is to promote discussions of research and relevant activities in the design of secure, privacy, or
trustworthiness architectures, protocols, algorithms, services, and applications on medical cyber
physical systems. It also aims at increasing the synergy between academic and industry professionals
working in this area. We plan to seek papers that address theoretical, experimental research, and
work in-progress for security, privacy and trustworthiness related issues in the context of medical
cyber physical system.
To ensure complete coverage of the advances in this field, the 2016 MedSPT workshop
solicits original contributions in, but not limited to, the following topic areas:
- Mobile Healthcare Security
- Smartphone Security for Healthcare
- Wearable Device Security
- Medical Device Security
- Security and Privacy on Implantable Medical Sensors
- Biometrics
- Wireless Communication Security
- Security and Privacy for Wireless Body Area Networks
- Secure RFID technology in MCPS
- Secure Cloud Health System
- Big Health Data Security
- Differential Privacy on Health Data
- Secure Machine Learning on Health Data
- Privacy Preserving Big Health Data Analysis
- Novel Threats and Attack Models
- Novel Trust Models
- Security Detection and Evaluation
- Key Management
- Cryptography for Health Systems
- Security Management (administration and training) in Health Systems
- Security in Virtualized Health Systems
- Security Risk Assessment
- Security and Privacy Policies in Health Systems
- Security in Electronic Health Record Systems
For more information, please see
http://faculty.umb.edu/xiaohui.liang/MedSPT16/.
GraMSec 2016
3rd International Workshop on Graphical Models for Security,
Co-located with CSF 2016,
Lisbon, Portugal, June 27, 2016.
[posted here 3/7/16]
Graphical security models provide an intuitive but systematic approach to analyze security
weaknesses of systems and to evaluate potential protection measures. Formal methods and
cyber security researchers, as well as security professionals from industry and government,
have proposed various graphical security modeling schemes. Such models are used to capture
different security facets (digital, physical, and social) and address a range of challenges
including vulnerability assessment, risk analysis, defense analysis, automated defensing,
secure services composition, policy validation and verification. The objective of the GraMSec
workshop is to contribute to the development of well-founded graphical security models,
efficient algorithms for their analysis, as well as methodologies for their practical usage.
The workshop seeks submissions from academia, industry, and government presenting
novel research on all theoretical and practical aspects of graphical models for security.
The topics of the workshop include, but are not limited to:
- Graphical models for threat modeling and analysis
- Graphical models for risk analysis and management
- Graphical models for requirements analysis and management
- Textual and graphical representation for system, organizational, and business security
- Visual security modeling and analysis of socio-technical and cyber-physical systems
- Graphical security modeling for cyber situational awareness
- Graphical models supporting the security by design paradigm
- Methods for quantitative and qualitative analysis of graphical security models
- Formal semantics and verification of graphical security models
- Methods for (semi-)automatic generation of graphical security models
- Enhancement and/or optimization of existing graphical security models
- Scalable evaluation of graphical security models
- Evaluation algorithms for graphical security models
- Dynamic update of graphical security models
- Game theoretical approaches to graphical security modeling
- Attack trees, attack graphs and their variants
- Stochastic Petri nets, Markov chains, and Bayesian networks for security
- UML-based models and other graphical modeling approaches for security
- Software tools for graphical security modeling and analysis
- Case studies and experience reports on the use of graphical security modeling paradigm
For more information, please see
http://gramsec.uni.lu/.
ACNS 2016
14th International Conference on Applied Cryptography and Network Security,
London, United Kingdom, June 19-22, 2016.
[posted here 08/24/15]
The conference seeks submissions presenting novel research on all technical aspects of
applied cryptography, cyber security (incl. network and computer security) and privacy.
This includes submissions from academia/industry on traditional and emerging topics and
new paradigms in these areas, with a clear connection to real-world problems, systems or
applications. Submissions may focus on the modelling, design, analysis (incl. security proofs
and attacks), development (e.g. implementations), deployment (e.g. system integration),
and maintenance (e.g. performance measurements, usability studies) of
algorithms/protocols/standards/implementations/technologies/devices/systems standing
in relation with applied cryptography, cyber security and privacy, while advancing or
bringing new insights to the state of the art. Some topics of interest include but not
limited to:
- Access control
- Applied cryptography
- Automated security analysis
- Biometric security/privacy
- Complex systems security
- Critical infrastructures
- Cryptographic primitives
- Cryptographic protocols
- Data protection
- Database/system security
- Digital rights management
- Email and web security
- Future Internet security
- Identity management
- IP protection
- Internet fraud, cybercrime
- Internet-of-Things security
- Intrusion detection
- Key management
- Malware
- Mobile/wireless/5G security
- Network security protocols
- Privacy/anonymity, PETs
- Pervasive security
- Security in e-commerce
- Security in P2P systems
- Security in grid systems
- Cloud security/privacy
- Security/privacy metrics
- Trust management
- Ubiquitous security/privacy
- Human factors in security
- Usability in security/privacy
For more information, please see
http://acns2016.sccs.surrey.ac.uk/.
I-SAT 2016
International Workshop on Information Security, Assurance, and Trust,
Vancouver, BC, Canada, June 16-18, 2016.
[posted here 1/18/16]
The goal of this workshop is to provide a forum for researchers, scientists and engineers working
in academia and industry to share their experiences, new ideas and research results in the areas of
information and system security, assurance, and trust. I-SAT2016 will address novel research
targeting technical aspects of protecting information security and establishing trust in the digital
space. New paradigms and solutions targeting emerging topics in such fields will be presented and
discussed by researchers and industrial experts. The main focus of the workshop will include, but
not limited to the following:
- Application Security and Threat Management
- Cyber Security, Privacy and Trust
- Modern Authentication Paradigms
- Big data security
- Database security
- Digital Fraud detection
- Social engineering and insider threats
- Cyber threat intelligence
- Cloud, Mobile, and Internet-of-Things security
- Digital forensics
- Intrusion Detection
- Biometrics
- Botnet and DDoS detection and control
For more information, please see
http://i-sat.ca.
LACI 2016
1st IEEE International Workshop on Log Analytics for Cyber Intelligence,
Held in conjunction with the IEEE Signature Conference on Computers, Software,
& Applications (COMPSAC 2016),
Atlanta, Georgia, USA, June 10-14, 2016.
[posted here 2/8/16]
This workshop will bring researchers from academia and industry to discuss platforms,
tools, and techniques to store, process and analyze large amount of log data with the
intent to gather meaningful information for practical purposes such as monitoring of data
security breaches, conducting of forensic investigation, auditing of policies for compliance,
and debugging and testing of applications. This workshop will focus on challenges,
experiences and lessons learned on various aspects of log data analysis-based intelligence
gathering for various embedded, decentralized, and distributed systems, including but not
limited to web, mobile, cloud, and Internet of Things (IoT).
Topics of interest include, but are not limited to, the following:
- Platforms, tools, language supports for storing, processing, and querying
log data to gather intelligence
- Log analytics and intelligence gathering for various types of applications (web, mobile,
cloud, IoT) and environments (wired network, wireless network)
- Information visualization support for log analytics
- Requirement and design of software and applications to store adequate log
data to support analytics and gathering of intelligence
- Analysis and gathering of intelligence from log data under anonymized, obfuscated,
and encrypted state
- Analysis and gathering of intelligence from log data obtained from firewall, intrusion
detection systems, operating systems, embedded systems, hand held devices, and cyber
physical systems
- Threat intelligence from large volumes of cyber threat log data like STIX and CybOX feeds
- Analyzing multiple and dissimilar log data sources to gather intelligence
- Disaster recovery through offline log analytics and intelligence gathering
- Integration of log analytics-based intelligence gathering research into teaching and hands on labs
- Application of log data analysis to provide intelligence support for forensics and criminal investigation
- Impact or need for laws and policies to support intelligence gathering through log analytics
- Experience and lessons learned from log data analytics-based intelligence gathering
- Standardization of new log data format for intelligence gathering
For more information, please see
http://www.computer.org/web/compsac2016/laci.
STPSA 2016
11th IEEE International Workshop on Security, Trust, and Privacy for Software Applications,
Held in conjunction with COMPSAC 2016,
Atlanta, GA, USA, June 10-14, 2016.
[posted here 1/25/16]
Information security has become a major concern for both pervasive and non-pervasive software
applications. Software systems must be engineered with reliable protection mechanisms with respect
to security, privacy, and trust, while still delivering the expected value of the software to their customers.
The traditional approaches to secure a system (e.g., IDS, firewalls) are no longer sufficient to address
many security, trust, and privacy (STP) issues. These issues should be addressed by building more
effective STP-aware software applications. The principal obstacle in developing STP-aware software
is that current software specification, design, implementation, and testing practices do not include
adequate methods and tools to achieve security, trust, and privacy goals.
As most systems now are Internet-based, the number of attackers is increased dramatically
and threat scenarios have changed. Traditional security measures do not fit well for the software
of pervasive applications. Since location and contexts are key attributes of pervasive applications,
the privacy issues need to be handled in a novel manner than traditional software applications.
The devices in pervasive computing leave and join in ad hoc manner in the pervasive network.
These create a need for new trust models for pervasive computing applications. In this workshop,
we will also welcome papers on the challenges and requirements of security, privacy, and trust
for pervasive software applications.
This workshop will bring researchers from academia and industry to discuss methods and tools
to achieve security, trust, and privacy goals of both pervasive and pervasive software applications.
This workshop will focus on techniques, experiences and lessons learned with respect to the
state of art for the security, trust, and privacy aspects of both pervasive and non-pervasive
software applications along with some open issues.
For more information, please see
http://staging.computer.org/web/compsac2016/stpsa.
TELERISE 2016
2nd International Workshop on TEchnical and LEgal aspects of data pRIvacy and SEcurity,
Co-located with ICWE 2016,
Università della Svizzera Italiana (USI) Lugano, Switzerland, June 9, 2016.
[posted here 2/1/16]
Information sharing on the Web is essential for today's business and societal transactions.
Nevertheless, such a sharing should not violate the security and privacy requirements either
dictated by Law to protect data subjects or by internal regulations provided both at organisation
and individual level. An effectual, rapid, and unfailing electronic data sharing among different parties,
while protecting legitimate rights on these data, is a key issue with several shades. Among them, how
to translate the high-level law obligations, business constraints, and users' requirements into
system-level privacy policies, as well as engineering efficient and practical Web applications-based
solutions for policy definition and enforcement. TELERISE aims at providing a forum for researchers
and engineers, in academia as well as in industry, to foster an exchange of research results,
experiences, and products in the area of privacy preserving, secure data management, and
engineering on the Web, from a technical and legal perspective. The ultimate goal is to conceive
new trends and ideas on designing, implementing, and evaluating solutions for privacy-preserving
information sharing, with an eye to the cross-relations between ICT and regulatory aspects of
data management and engineering. Topics of interest are (but not limited to):
- Model-based and experimental assessment of data protection
- Privacy in identity management and authentication
- Modeling and analysis languages for representation, visualization, specification of
legal regulations
- Technical, legal, and user requirements for data protection
- User-friendly authoring tools to edit privacy preferences
- IT infrastructures for privacy and security policies management
- IT infrastructure for supporting privacy and security policies evolution
- Privacy and security policies conflict analysis and resolution strategies
- Electronic Data Sharing Agreements representation: languages and
management infrastructure
- Cross-relations between privacy-preserving technical solutions and legal regulations
- Privacy aware access and usage control
- Privacy and security policies enforcement mechanisms
- Privacy preserving data allocation and storage
- Software systems compliance with applicable laws and regulations
- Heuristic for pattern identification in law text
- Empirical analysis of consumer's awareness of privacy and security policies
For more information, please see
http://www.iit.cnr.it/telerise2016/.
MSPN 2016
International Conference on Mobile, Secure and Programmable Networking,
Paris, France, June 1-3, 2016.
[posted here 2/15/16]
The rapid deployment of new infrastructures based on network virtualization and
Cloud computing triggers new applications and services that in turn generate new
constraints such as security and/or mobility. The International Conference on Mobile,
Secure and Programmable Networking aims at providing a top forum for researchers and
practitioners to present and discuss new trends in networking infrastructures, security,
services and applications while focusing on virtualization and Cloud computing, network
programming, Internet of things and Cloud computing convergence, Software Defined
Networks (SDN) and their security. Position papers are also welcome and should be
clearly marked as such. The accepted papers wil be published as a post-proceedings
in Springer's LNCS. Authors are invited to submit complete unpublished papers, which
are not under review in any other conference or journal, including, but not limited to,
the following topic areas:
- Software Defined Networks (tools, software, concepts)
- Virtualization and Cloud computing
- Networks and Cloud computing
- Mobile computing and Mobile Cloud computing
- Security, Privacy and Trust in Networks, Services and Applications
- Green computing and networking
- Ubiquitous Computing and Sensor Networks
- System design and testbeds
- Cross-Layer Design and Optimization
- Modeling and performance evaluation
- 4G and 5G networks
- Social networks
- Cooperative networking and Self-Organizing networks
- Distributed sensing, actuation, and control in cyber-physical systems
- Internet of Things
- Vehicular networks and Connected Cars
- Crowdsourcing
- Datacenter networking
- Location-based Services
- Smart cities
For more information, please see
http://cedric.cnam.fr/workshops/mspn2016/.
CPSS 2016
2nd ACM Cyber-Physical System Security Workshop,
Held in conjunction with ACM AsiaCCS 2016 Conference,
Xi'an, China, May 31, 2016.
[posted here 08/17/15]
Cyber-Physical Systems (CPS) consist of large-scale interconnected systems of heterogeneous
components interacting with their physical environments. There are a multitude of CPS devices
and applications being deployed to serve critical functions in our lives. The security of CPS
becomes extremely important. This workshop will provide a platform for professionals from
academia, government, and industry to discuss how to address the increasing security
challenges facing CPS. Besides invited talks, we also seek novel submissions describing
theoretical and practical security solutions to CPS. Papers that are pertinent to the security
of embedded systems, SCADA, smart grid, and critical infrastructure networks are all welcome,
especially in the domains of energy and transportation. Topics of interest include,
but are not limited to:
- Adaptive attack mitigation for CPS
- Authentication and access control for CPS
- Availability, recovery and auditing for CPS
- Data security and privacy for CPS
- Embedded systems security
- EV charging system security
- Intrusion detection for CPS
- IoT security
- Key management in CPS
- Legacy CPS system protection
- Lightweight crypto and security
- SCADA security
- Security of industrial control systems
- Smart grid security
- Threat modeling for CPS
- Urban transportation system security
- Vulnerability analysis for CPS
- Wireless sensor network security
For more information, please see
http://icsd.i2r.a-star.edu.sg/cpss16/.
ASIACCS 2016
11th ACM Asia Conference on Computer and Communications Security,
Xi'an, China, May 31 - June 3, 2016.
[posted here 08/03/15]
Building on the success of ACM Conference on Computer and Communications Security (CCS) and ACM
Transactions on Information and System Security (TISSEC), the ACM Special Interest Group on
Security, Audit, and Control (SIGSAC) formally established the annual ACM Symposium on InformAtion,
Computer and Communications Security (ASIACCS). The inaugural ASIACCS was held in Taipei (2006).
Since then ASIACCS has been held in Singapore (2007), Tokyo (2008), Sydney (2009), Beijing (2010),
Hong Kong (2011), Seoul (2012), Hangzhou (2013), Kyoto (2014), and Singapore (2015).
Considering that this series of meetings has moved beyond a symposium and it is now widely regarded
as the Asia version of CCS, the full name of AsiaCCS is officially changed to ACM Asia Conference on
Computer and Communications Security starting in June 2015. The 11th ACM Asia Conference on
Computer and Communications Security (ASIACCS 2016) will be held in 31 May - 3 June, 2016
in Xi'an, China. We invite submissions from academia, government, and industry presenting novel
research on all theoretical and practical aspects of computer and network security. Areas of
interest for ASIACCS 2016 include, but are not limited to:
- Access control
- Accounting and audit
- Applied cryptography
- Authentication
- Cloud computing security
- Cyber-physical security
- Data and application security
- Digital forensics
- Embedded systems security
- Formal methods for security
- Hardware-based security
- Intrusion detection
- Key management
- Malware and botnets
- Mobile computing security
- Network security
- Operating system security
- Privacy-enhancing technology
- Security architectures
- Security metrics
- Software security
- Smart grid security
- Threat modeling
- Trusted computing
- Usable security and privacy
- Web security
- Wireless security
For more information, please see
http://meeting.xidian.edu.cn/conference/AsiaCCS2016/home.html.
IFIP SEC 2016
31th IFIP TC-11 SEC 2016 International Information Security and Privacy Conference,
Ghent, Belgium, May 30 - June 1, 2016.
[posted here 07/27/15]
The IFIP SEC conference is the flagship event of the International Federation for Information
Processing (IFIP) Technical Committee 11 on Security and Privacy Protection in Information
Processing Systems (TC-11, www.ifiptc11.org).
We seek submissions from academia, industry, and government presenting novel research
on all theoretical and practical aspects of security and privacy protection in ICT Systems.
Topics of interest:
- Access control and authentication
- Applied cryptography
- Audit and risk analysis
- Big data security and privacy
- Cloud security and privacy
- Critical infrastructure protection
- Cyber-physical systems security
- Data and applications security
- Digital forensics
- Human aspects of security and privacy
- Identity management
- Information security education
- Information security management
- Information technology misuse and the law
- Managing information security functions
- Mobile security
- Multilateral security
- Network & distributed systems security
- Pervasive systems security
- Privacy protection and Privacy-by-design
- privacy enhancing technologies
- Surveillance and counter-surveillance
- Trust management
For more information, please see
http://ifipsec.org/2016/.
IoTPTS 2016
2nd ACM International Workshop on IoT Privacy, Trust, and Security,
Held in conjunction with the 11th ACM Symposium on Information, Computer and Communications Security (ASIACCS 2016),
Xian, China, May 30, 2016.
[posted here 11/2/15]
The Internet of Things (IoT) is the next great technology frontier. At a basic level, IoT refers
simply to networked devices, but the IoT vision is a complex ecosystem that ranges from cloud
backend services and big-data analytics to home, public, industrial, and wearable sensor devices
and appliances. Architectures for these systems are in the formative stages, and now is the
time to ensure privacy, trust, and security are designed into these systems from the beginning.
We encourage submissions on all aspects of IoT privacy, trust, and security.
Topics of interest include (but are not limited) to the following areas:
- Privacy and IoT data
- Privacy attacks for IoT
- Trust management and device discoverability for IoT
- Usability of privacy and security systems in IoT
- User risk perceptions and modeling for IoT
- Policy Management and enforcement for IoT
- Authentication and access control for users for IoT
- Cryptography for IoT
- Attack detection and remediation for IoT
- Security architectures for IoT systems and applications
For more information, please see
https://sites.google.com/site/iotpts2016/.
WTMC 2016
International Workshop on Traffic Measurements for Cybersecurity,
Co-located with 11th ACM Asia Conference on Computer and Communications Security (AsiaCCS 2016),
Xi'an, China, May 30, 2016 .
[posted here 11/16/15]
Today's world's societies are becoming more and more dependent on open networks such as the
Internet - where commercial activities, business transactions and government services are realized.
This has led to the fast development of new cyber threats and numerous information security
issues which are exploited by cyber criminals. The inability to provide trusted secure services in
contemporary computer network technologies has a tremendous socio-economic impact on global
enterprises as well as individuals. Current communication networks are increasingly becoming
pervasive, complex, and ever-evolving due to factors like enormous growth in the number of
network users, continuous appearance of network applications, increasing amount of data
transferred, and diversity of user behaviors. Understanding and measuring traffic in such
networks is a difficult yet vital task for network management but recently also for cybersecurity
purposes. Network traffic measuring and monitoring can, for example, enable the analysis of
the spreading of malicious software and its capabilities or can help to understand the nature
of various network threats including those that exploit users' behavior and other user's sensitive
information. On the other hand network traffic investigation can also help to assess the
effectiveness of the existing countermeasures or contribute to building new, better ones.
Recently, traffic measurements have been utilized in the area of economics of cybersecurity
e.g. to assess ISP "badness" or to estimate the revenue of cyber criminals.
Topics of interest include, but are not limited to:
- Measurements for network incidents response, investigation and
evidence handling
- Measurements for network anomalies detection
- Measurements for economics of cybersecurity
- Network traffic analysis to discover the nature and evolution of
the cybersecurity threats
- Measurements for assessing the effectiveness of the threats
detection/prevention methods and countermeasures
- Novel passive, active and hybrid measurements techniques for
cybersecurity purposes
- Traffic classification and topology discovery tools for monitoring
the evolving status of the network from the cybersecurity perspective
- Correlation of measurements across multiple layers, protocols or
networks for cybersecurity purposes
- Novel visualization approaches to detect network attacks and other threats
- Analysis of network traffic to provide new insights about network
structure and behavior from the security perspective
- Measurements of network protocol and applications behavior and its
impact on cybersecurity and users' privacy
- Measurements related to network security and privacy
For more information, please see
http://wtmc.info.
MOST 2016
Workshop on Mobile Security Technologies,
Co-located with 37th IEEE Symposium on Security and Privacy (IEEE S&P 2016),
San Jose, CA, USA, May 26, 2016.
[posted here 11/9/15]
Mobile Security Technologies (MoST) brings together researchers, practitioners, policy makers,
and hardware and software developers of mobile systems to explore the latest understanding
and advances in the security and privacy for mobile devices, applications, and systems.
With the development of new mobile platforms, such as Android and iOS, mobile computing has
shown exponential growth in popularity in recent years. To benefit from the availability of constantly-growing
consumer base, new services and applications are being built from the composition of existing ones at
breakneck speed. This rapid growth has also been coupled with new security and privacy concerns and
challenges. For instance, more and more sensitive content is being collected and shared by third-party
applications that, if misused, can have serious security and privacy repercussions. Consequently, there
is a growing need to study and address these new challenges.
We are seeking both short position papers (2-4 pages) and longer papers (a maximum of 10 pages).
The topics of interest include, but are not limited to:
- Identity and access control for mobile platforms
- Mobile app security
- Mobile cloud security
- Mobile hardware security
- Mobile middleware and OS security
- Mobile web and advertisement security
- Protecting security-critical applications of mobile platforms
- Secure application development tools and practices
- Security study of mobile ecosystems
- Unmanned aerial vehicles (UAVs) security
- Wearable and IoT security
For more information, please see
http://ieee-security.org/TC/SPW2016/MoST/cfp.html.
LASER 2016
4th Workshop on Learning from Authoritative Security Experiment Results,
Co-located with 37th IEEE Symposium on Security and Privacy (IEEE S&P 2016),
San Jose, CA, USA, May 26, 2016.
[posted here 11/16/15]
The Learning from Authoritative Security Experiment Results (LASER) workshop series focuses
on learning from and improving cyber security experimental results. LASER explores both
positive and negative results, the latter of which are not often published. LASER's overarching
goal is to foster a dramatic change in the paradigm of cyber security research and
experimentation, improving the overall quality of practiced science.
This year, LASER will focus on cyber security experimentation methods and results
that demonstrate approaches to increasing the repeatability and archiving of experiments, methods,
results, and data. Participants will find LASER to be a constructive and highly interactive venue
featuring informal paper presentations and extended discussions. To promote a high level of
interaction, attendance will be limited, with first preference given to participating authors.
Additional seats will be available on a first-come first-served basis.
LASER also seeks to foster good science in the next generation of cyber security
researchers. As such, LASER offers a limited number of student scholarships for participation.
For more information, please see
http://2016.laser-workshop.org/.
BioSTAR 2016
International Workshop on Bio-inspired Security, Trust, Assurance and Resilience,
Co-located with 37th IEEE Symposium on Security and Privacy (IEEE S&P 2016),
San Jose, CA, USA, May 26, 2016.
[posted here 10/26/15]
As computing and communication systems continue to expand and offer new services,
these advancements require more dynamic, diverse, and interconnected computing infrastructures.
Unfortunately, defending and maintaining resilient and trustworthy operation of these complex
systems are increasingly difficult challenges. Conventional approaches to Security, Trust,
Assurance and Resilience (STAR for short) are often too narrowly focused and cannot easily
scale to manage large, coordinated and persistent attacks in these environments. Designs
found in nature are increasingly used as a source of inspiration for STAR and related networking
and intelligence solutions for complex computing and communication environments.
Nature's footprint is present in the world of Information Technology, where there are an astounding
number of computational bio-inspired techniques. These well-regarded approaches include genetic
algorithms, neural networks, ant algorithms, immune systems just to name a few. For example
several networking management and security technologies have successfully adopted some of
nature's approaches, such as swarm intelligence, artificial immune systems, sensor networks,
moving target defense, diversity-based software design, etc.
Nature has also developed an outstanding ability to recognize individuals or foreign objects
and adapt/evolve to protect a group or a single organism. Solutions that incorporate these
nature-inspired characteristics often have improved performance and/or provided new
capabilities beyond more traditional methods.
The aim of this workshop is to bring together the research accomplishments provided by the
researchers from academia and the industry. The other goal is to show the latest research
results in the field of nature-inspired STAR aspects in computing and communications.
Topics of interests include, but are not limited to:
- Nature-inspired anomaly and intrusion detection
- Adaptation algorithms
- Biometrics
- Nature-inspired algorithms and technologies for STAR
- Biomimetics
- Artificial Immune Systems
- Adaptive and Evolvable Systems
- Machine Learning, neural networks, genetic algorithms for STAR
- Nature-inspired analytics and prediction
- Cognitive systems
- Sensor and actuator networks and systems
- Information hiding solutions (steganography, watermarking) for network traffic
- Cooperative defense systems
- Cloud-supported matire-inspired STAR
- Theoretical development in heuristics
- Management of decentralized networks
- Nature-inspired algorithms for dependable networks
- Platforms for STAR services
- Diversity in computing and communications
- Survivable and sustainable systems
- STAR management systems
- Autonomic cyber defenses
For more information, please see
http://biostar.cybersecurity.bio/.
SPW 2016
Security and Privacy Workshops,
Held in conjunction with the 37th IEEE Symposium on Security and Privacy (SP 2016),
San Jose, CA, USA, May 26, 2016.
[posted here 08/03/15]
Since 1980, the IEEE Symposium on Security and Privacy (SP) has been the
premier forum for the presentation of developments in computer security
and electronic privacy, and for bringing together researchers and
practitioners in the field. To expand opportunities for scientific
exchanges, the IEEE CS Technical Committee on Security and Privacy
created the Security and Privacy Workshops (SPW). The typical
purpose of such a workshop is to cover a specific aspect of
security and privacy in more detail, making it easy for the
participants to attend IEEE SP and a specialized workshop at SPW
with just one trip. Furthermore, the co-location offers synergies
for the organizers. The number of workshops and attendees has grown
steadily during recent years. Workshops can be annual events,
one time events, or aperiodic. The Security and Privacy Workshops
in 2016 will be held on Thursday, May 26. All workshops
will occur on that day. Up to six workshops will be hosted by SPW.
For more information, please see
http://www.ieee-security.org/TC/SP2016/cfworkshops.html.
ICC-CISS 2016
IEEE International Conference on Communications (ICC 2016),
Communication & Information System Security Symposium (CISS 2016),
Kuala Lumpur, Malaysia, May 23-27, 2016.
[posted here 10/5/15]
Over the past few decades, we have witnessed that the security issues are becoming
more and more important in communication and information systems. Recent analysis
shows that the global market for cyber security is about 100 billion US dollars in 2014
and it could expand to a few hundred billion US dollars in the next five years.
To address the concerns from both academia and industry, this symposium is calling for
original manuscripts that address any security aspects in communication and information
systems, from the fundamental algorithm and protocol, to complex cyber system. For
these systems, various criteria can be focused on, such as confidentiality, integrity,
availability, privacy, etc., and different steps in the whole design, deployment and
operation process can be considered, including the modeling, optimization, implementation,
evaluation, management, etc. The Communication & Information Systems Security Symposium
seeks original contributions in the following topical areas, and any other closely
related areas:
- Anonymous communication, metrics and performance
- Attack, detection and prevention
- Authentication protocols and key management
- Availability and survivability of secure services and systems
- Biometric security: technologies, risks, vulnerabilities, bio-cryptography,
mobile template protection
- Cloud, data center and distributed systems security
- Computer and network forensics
- Cryptography for network security
- Cyber security
- Digital rights management
- Firewall technologies
- Formal trust models, security modeling, and design of secure protocols
- Information systems security and security management
- Internet security and privacy
- Malware detection and damage recovery
- Network security metrics and performance
- Operating systems and application security
- Physical security and hardware/software security
- Privacy and privacy-enhancing technologies
- Security and privacy for mobile and wireless networks
- Security for cloud computing and networking
- Security for mobile and wireless networks
- Security for next-generation networks
- Security in virtual machine environments
- Security tools for communication and information systems
- Trustworthy computing
- Wired systems and optical network security
For more information, please see
http://icc2016.ieee-icc.org/sites/icc2016.ieee-icc.org/files/u44/ICC16_CISS_CFP.pdf.
ICIMP 2016
11th International Conference on Internet Monitoring and Protection,
Valencia, Spain, May 22-26, 2016.
[posted here 12/7/15]
The International Conference on Internet Monitoring and Protection (ICIMP 2016) continues a
series of special events targeting security, performance, vulnerabilities in Internet, as well as
disaster prevention and recovery. Dedicated events focus on measurement, monitoring and lessons
learnt in protecting the user.
The design, implementation and deployment of large distributed systems are subject to conflicting
or missing requirements leading to visible and/or hidden vulnerabilities. Vulnerability specification
patterns and vulnerability assessment tools are used for discovering, predicting and/or bypassing
known vulnerabilities.
Vulnerability self-assessment software tools have been developed to capture and report critical
vulnerabilities. Some of vulnerabilities are fixed via patches, other are simply reported, while
others are self-fixed by the system itself. Despite the advances in the last years, protocol
vulnerabilities, domain-specific vulnerabilities and detection of critical vulnerabilities rely on the
art and experience of the operators; sometimes this is fruit of hazard discovery and difficult to
be reproduced and repaired.
System diagnosis represent a series of pre-deployment or post-deployment activities to identify
feature interactions, service interactions, behavior that is not captured by the specifications, or
abnormal behavior with respect to system specification. As systems grow in complexity, the need
for reliable testing and diagnosis grows accordingly. The design of complex systems has been
facilitated by CAD/CAE tools. Unfortunately, test engineering tools have not kept pace with design
tools, and test engineers are having difficulty developing reliable procedures to satisfy the test
requirements of modern systems. Therefore, rather than maintaining a single candidate system
diagnosis, or a small set of possible diagnoses, anticipative and proactive mechanisms have been
developed and experimented. In dealing with system diagnosis data overload is a generic and tremendously
difficult problem that has only grown. Cognitive system diagnosis methods have been proposed to cope
with volume and complexity.
For more information, please see
http://www.iaria.org/conferences2016/ICIMP16.html.
SP 2016
37th IEEE Symposium on Security and Privacy,
San Jose, CA, USA, May 23-25, 2016.
[posted here 08/03/15]
Since 1980 in Oakland, the IEEE Symposium on Security and Privacy
has been the premier forum for computer security research,
presenting the latest developments and bringing together
researchers and practitioners. We solicit previously unpublished
papers offering novel research contributions in any aspect of security
or privacy. Papers may present advances in the theory, design,
implementation, analysis, verification, or empirical evaluation
and measurement of secure systems. Topics of interest include:
- Access control and authorization
- Accountability
- Anonymity
- Application security
- Attacks and defenses
- Authentication
- Censorship resistance
- Cloud security
- Distributed systems security
- Economics of security and privacy
- Embedded systems security
- Forensics
- Hardware security
- Intrusion detection
- Malware and unwanted software
- Mobile and Web security and privacy
- Language-based security
- Network and systems security
- Privacy technologies and mechanisms
- Protocol security
- Secure information flow
- Security and privacy for the Internet of Things
- Security and privacy metrics
- Security and privacy policies
- Security architectures
- System security
- Usable security and privacy
For more information, please see
http://www.ieee-security.org/TC/SP2016/.
HST 2016
15th IEEE International Symposium on Technologies for Homeland Security,
Waltham, MA, USA, May 10-12, 2016.
[posted here 10/5/15]
The 15th annual IEEE Symposium on Technologies for Homeland Security brings together
innovators from leading academic, industry, business, Homeland Security Centers of Excellence,
and government programs to provide a forum to discuss ideas, concepts, and experimental results.
Produced by IEEE with technical support from DHS S&T, IEEE, IEEE Boston Section, and IEEE-USA
and organizational support from MIT Lincoln Laboratory, Raytheon, Battelle, and MITRE, this year's
event will once again showcase selected technical paper and posters highlighting emerging
technologies in the areas of:
- Cyber Security
- Land and Maritime Border Security
- Biometrics & Forensics
- Attack and Disaster Preparation, Recovery and Response
For more information, please see
http://ieee-hst.org.
HOST 2016
IEEE International Symposium on Hardware Oriented Security and Trust,
Washington DC, USA, May 5-7, 2016.
[posted here 09/14/15]
Rapid proliferation of computing and communication systems with increasing
computational power and connectivity into every sphere of modern life has brought
security to the forefront of system design, test, and validation processes. The emergence
of new application spaces for these systems in the internet-of-things (IoT) regime is
creating new attack surfaces as well as new requirements for secure and trusted system
operation. Additionally, the design, manufacturing and the distribution of microchip, PCB,
as well as other electronic components are becoming more sophisticated and globally distributed
with a number of potential security vulnerabilities. Therefore, hardware plays an increasingly
important and integral role in system security with many emerging system and application
vulnerabilities and defense mechanisms relating to hardware. IEEE International Symposium on
Hardware Oriented Security and Trust (HOST) aims to facilitate the rapid growth of
hardware-based security research and development. HOST highlights new results in the area
of hardware and system security. Relevant research topics include techniques, tools,
design/test methods, architectures, circuits, and applications of secure hardware.
HOST 2016 invites original contributions related to, but not limited by, the following topics:
- Hardware Trojan attacks and detection techniques
- Hardware-based security primitives (PUFs, RNGs)
- Side-channel attacks and protection
- Security, privacy, and trust protocols
- Metrics, policies, and standards related to hardware security
- Security of biomedical systems, e-health, and medicine
- Secure system-on-chip (SoC) architecture
- Hardware IP trust (watermarking, metering, trust verification)
- Trusted manufacturing including split manufacturing and 3D ICs
- Security analysis and protection of Internet of Things (IoT)
- Secure and efficient implementation of crypto algorithms
- Reverse engineering and hardware obfuscation
- Supply chain risks mitigation including counterfeit detection & avoidance
- Hardware tampering attacks and protection
- Hardware techniques that ensure software and/or system security
For more information, please see
http://www.hostsymposium.org.
Cybersecurity 2016
Cybersecurity Symposium,
Coeur d'Alene, Idaho, U.S.A, April 19-20, 2016.
[posted here 11/2/15]
The 2016 Cybersecurity Symposium is an opportunity for academic researchers from all
disciplines, and stakeholders from industry and government to meet and discuss state-of-the-art
techniques and processes, with the purpose of improving the cybersecurity of today's critical systems.
This symposium seeks submissions from academia, industry, and government describing innovative
research, case studies, and best practices on all practical and theoretical aspects of cybersecurity.
We are interested in extended abstracts on topics including, but not limited to:
- Network Security
- Secure Coding Practices
- Software Analysis
- Security Policies
- Economic Impacts of Security
- Privacy
- Socialogical and Behavioral Aspects of Security and Privacy
- Critical Infrastructure Security
- Transportation System Security
- Power grid/Smart Grid Security
- System Security Case Studies
For more information, please see
http://www.cybersecuritysymposium.com.
ESSoS 2016
International Symposium on Engineering Secure Software and Systems,
University of London, London, UK, April 6 - 8, 2016.
[posted here 07/13/15]
Trustworthy, secure software is a core ingredient of the modern world.
So is the Internet. Hostile, networked environments, like the Internet, can allow
vulnerabilities in software to be exploited from anywhere. High-quality security
building blocks (e.g., cryptographic components) are necessary but insufficient to
address these concerns. Indeed, the construction of secure software is challenging
because of the complexity of modern applications, the growing sophistication of security
requirements, the multitude of available software technologies and the progress of
attack vectors. Clearly, a strong need exists for engineering techniques that scale
well and that demonstrably improve the software's security properties.
The goal of this symposium, which will be the eighth in the series, is to bring together
researchers and practitioners to advance the states of the art and practice in secure
software engineering. Being one of the few conference-level events dedicated to this
topic, it explicitly aims to bridge the software engineering and security engineering
communities, and promote cross-fertilization. The symposium will feature two days of
technical program including two keynote presentations. In addition to academic papers,
the symposium encourages submission of high-quality, informative industrial experience
papers about successes and failures in security software engineering and the lessons learned.
Furthermore, the symposium also accepts short idea papers that crisply describe a
promising direction, approach, or insight. The Symposium seeks submissions on subjects
related to its goals. This includes a diversity of topics including (but not limited to):
- Cloud security, virtualization for security
- Mobile devices security
- Automated techniques for vulnerability discovery and analysis
- Model checking for security
- Binary code analysis, reverse-engineering
- Programming paradigms, models, and domain-specific languages for security
- Operating system security
- Verification techniques for security properties
- Malware: detection, analysis, mitigation
- Security in critical infrastructures
- Security by design
- Static and dynamic code analysis for security
- Web applications security
- Program rewriting techniques for security
- Security measurements
- Empirical secure software engineering
- Security-oriented software reconfiguration and evolution
- Computer forensics
- Processes for the development of secure software and systems
- Security testing
- Embedded software security
For more information, please see
https://distrinet.cs.kuleuven.be/events/essos/2016/calls-papers.html.
IMPS 2016
Workshop on Innovations in Mobile Privacy and Security,
Held in conjunction with ESSoS 2016,
London, UK, April 6, 2016.
[posted here 12/14/15]
IMPS aims to bring together researchers working on challenges in security and
privacy for mobile platforms, broadly considered. We are interested in investigations
into existing security platforms, their users, applications and app store ecosystems,
and research into novel security or privacy mechanisms, tools and analysis.
Areas of interest include but are not restricted to:
- Secure application development tools and practices
- Privacy enhancing techniques for devices and connected services
- Secure or trusted computing mechanisms
- Static and dynamic analysis for security
- Formal methods for mobile security
- Vulnerability detection and prevention
- Mobile operating system security features
- Security and privacy for IoT and other constrained devices
- Usable security and privacy on small or mobile devices
For more information, please see
http://groups.inf.ed.ac.uk/security/IMPS/.
INTRICATE-SEC 2016
4th International Workshop on Security Intricacies in Cyber-Physical Systems and Services,
Held in conjunction with the 30th International Conference on Advanced Information
Networking and Applications (AINA-2016),
Crans-Montana, Switzerland, March 23-25, 2016.
[posted here 07/06/15]
For INTRICATE-SEC 2016 we are expanding our scope from a focus on security
intricacies in designing/modelling service oriented architectures to the
broader field of secure cyber physical systems (CPS) and services. Of particular
interest are ideas and solutions on provisioning secure CPS
and services over resource constrained and low power lossy networks. In addition
to invited talks, we welcome papers with novel theoretical and
application-centered contributions focused on (but not restricted to) the following topics:
- Security and Privacy for CPS, including: Anonymity and Pseudonymity,
Authentication and Authorization, Trust & Identity Management, Privacy, and Malware.
- Secure Service Platforms for CPS, including: Smart Grids, Demand Management,
Scheduling, Energy Management Models, and Mobile Web Services and Middleware.
- Secure Architectures for CPS, including: Data Modeling, Home Energy Management,
Scalability, Reliability, and Safety, Resource Constrained and Low Power Lossy Networks,
and Unconventional/Biologically Inspired Models
For more information, please see
http://infosec.cs.uct.ac.za/INTRICATE-SEC/.
EuroSP 2016
1st IEEE European Symposium on Security and Privacy,
Congress Center Saar, Saarbrücken, Germany, March 21-24, 2016.
[posted here 07/13/15]
The IEEE European Symposium on Security and Privacy (EuroS&P) has been
founded as the European sister conference of the established IEEE S&P
symposium, and thus as a premier forum for computer security research,
presenting the latest developments and bringing together researchers
and practitioners. We solicit previously unpublished papers offering
novel research contributions in any aspect of security or privacy.
Papers may present advances in the theory, design, implementation,
analysis, verification, or empirical evaluation and measurement
of secure systems. Topics of interest include:
- Access control
- Accountability
- Anonymity
- Application security
- Attacks and defenses
- Authentication
- Censorship and censorship-resistance
- Cloud security
- Distributed systems security
- Embedded systems security
- Forensics
- Formal methods for security
- Hardware security
- Intrusion detection
- Malware
- Metrics
- Mobile security and privacy
- Language-based security
- Network security
- Privacy-preserving systems
- Protocol security
- Secure information flow
- Security and privacy policies
- Security architectures
- System security
- Usable security and privacy
- Web security and privacy
For more information, please see
http://www.ieee-security.org/TC/EuroSP2016/.
SPT-IOT 2016
1st IEEE PERCOM Workshop on Security, Privacy and Trust in the Internet of Things,
Held in conjunction with IEEE PERCOM 2016,
Sydney, Australia, March 14-18, 2016.
[posted here 11/16/15]
The Internet of Things (IoT) is a novel design paradigm, envisioned as a network of billions or trillions
of machines communicating with one another and rapidly gaining global attention from academia,
industry, and government. Pervasive computing is at the heart of IoT and forms a fundamental building
block necessary to realize the IoT. Equipped with pervasive technologies such as RFID and smart dust
in addition to sensors, actuators and machine-to-machine (M2M) devices, IoT has the potential to
offer innovative solutions to global challenges faced by ageing populations, climate change, growing
cost of healthcare as well as how we manage our environment and natural resources.. The
heterogeneous nature of the IoT as well as the computational constraints of many of the building
blocks of the IoT make security, privacy and trust a challenging problem to solve on the one hand,
while security, privacy and trust play a critical role for most if not all applications of IoT in domains
such as surveillance, healthcare, security, transport, food safety, manufacturing, logistics and
supply chain management. Without effective solutions for security, privacy and trust reliable data
fusion and mining, qualified services with context-aware intelligence and enhanced user acceptance
and experience cannot be achieved.
The proposed IEEE Percom workshop on Security, Privacy and Trust for IoT aims to provide a
forum that brings together researchers from academia as well as practitioners from industry,
standardization bodies, and government to meet and exchange ideas on recent research and
future directions for the IoT with a specific focus on IoT security, privacy and trust. The technical
discussion will be focused on the communications and network security aspects of IoT and the
key enabling technologies for IoT, especially M2M communications and networking, RFID technology
and Near Field Communications (NFC), the challenges to security, privacy and trust presented and
novel approaches to solving these challenges. The technical topics of interest to the workshop
include, but are not limited to:
- IoT secure access network technologies and capillary networks
- secure channel and traffic models
- secure spectrum management for M2M/IoT radio communications
- security of RFID, sensors, actuator technologies
- IoT secure network infrastructure
- IoT security protocols
- privacy in applications of the IoT
- IoT networking and communication security
- circuit and system design for secure smart objects in the IoT
- security, trust, and privacy issues for devices and services
- naming, address management and end-to-end addressability
- methods for secure by design IoT
- methods for IoT security analysis and audit
- privacy and anonymization techniques in IoT
- secure cloud of things
- trust management architectures
- lightweight security solutions
- authentication and access control in IoT
- identification and biometrics in IoT
- liability and policy enforcement in IoT
- security of Big data in IoT
- cyber physical systems security
- cyber attacks detection and prevention
- embedded platforms for cryptography (implementations for
performance-optimized, resource constrained, energy-efficient platforms)
- hardware security primitives
- secure pervasive/Ubiquitous Computing Software and Systems
- new Privacy and Security Techniques for Embedded Software and Systems
- ethics and legal considerations in IoT
For more information, please see
https://sites.google.com/site/sptiot2016/home.
SDN-NFV Security 2016
ACM International Workshop on Security in Software Defined Networks & Network Function Virtualization,
Co-located with ACM CODASPY 2016,
New Orleans, LA, USA, March 11, 2016.
[posted here 11/9/15]
Software-Defined Networking (SDN) and Network Function Virtualization (NFV) are two emerging
networking paradigms, which introduce significant granularity, visibility, flexibility and elasticity
to networking, but at the same time bring forth new security challenges. The ACM International
Workshop on Security in Software Defined Networks & Network Function Virtualization
(SDN-NFV Security 2016) will take place in New Orleans, LA, USA, on March 11, 2016. The
target audience will be university researchers, scientists, and industry professionals who need
to become acquainted with new theories and technologies related to security challenges in SDN and NFV.
We solicit unpublished research papers, both regular (6 pages max) and short (4 pages max) papers,
that address the latest practices, experiences, and lessons learned on SDN and NFV security.
Topics of interest include, but are not limited to:
- SDN/NFV-enabled security architecture
- SDN/NFV-based automated network security
- SDN/NFV-based mitigation for attacks
- Authentication/confidentiality in SDN/NFV-based networks
- Proofs of security in SDN/NFV-based networks
- Logic flaws in SDN/NFV implementations
- Attacks/defense to SDN controllers, protocols, and APIs
- SDN-oriented security policy enforcement
- Trust management of SDN applications and controllers
- Development and deployment of NFV-based security functions
(virtual firewalls, virtual IDSs, virtual DDoS mitigation, etc.)
- Safe state migration in NFV
- Network Security as a Service
For more information, please see
http://honeynet.asu.edu/sdnnfvsec2016/.
IWSPA 2016
International Workshop on Security And Privacy Analytics,
Co-located with ACM CODASPY 2016,
New Orleans, LA, USA, March 11, 2016.
[posted here 10/19/15]
Increasingly, sophisticated techniques from machine learning, data mining, statistics and natural language
processing are being applied to challenges in security and privacy fields. However, experts from these areas
have no medium where they can meet and exchange ideas so that strong collaborations can emerge,
and cross-fertilization of these areas can occur. Moreover, current courses and curricula in security
do not sufficiently emphasize background in these areas and students in security and privacy are not
emerging with deep knowledge of these topics. Hence, we propose a workshop that will address the
research and development efforts in which analytical techniques from machine learning, data mining,
natural language processing and statistics are applied to solve security and privacy challenges
(“security analytics”). Submissions of papers related to methodology, design, techniques and new
directions for security and privacy that make significant use of machine learning, data mining,
statistics or natural language processing are welcome. Furthermore, submissions on educational
topics and systems in the field of security analytics are also highly encouraged.
For more information, please see
http://capex.cs.uh.edu/?q=content/international-workshop-security-and-privacy-analytics-2016.
CODASPY 2016
6TH ACM Conference on Data and Application Security and Privacy,
New Orleans, LA, USA, March 9-11, 2016.
[posted here 07/13/15]
Data and applications security and privacy has rapidly expanded as a
research field with many important challenges to be addressed. The goal of
the ACM Conference on Data and Applications Security (CODASPY) is to discuss
novel, exciting research topics in data and application security and privacy
and to lay out directions for further research and development in this area.
The conference seeks submissions from diverse communities, including corporate
and academic researchers, open-source projects, standardization bodies,
governments, system and security administrators, software engineers and
application domain experts. Topics of interest include, but are not limited to:
- Application-layer security policies
- Access control for applications
- Access control for databases
- Data-dissemination controls
- Data forensics
- Enforcement-layer security policies
- Privacy-preserving techniques
- Private information retrieval
- Search on protected/encrypted data
- Secure auditing
- Secure collaboration
- Secure data provenance
- Secure electronic commerce
- Secure information sharing
- Secure knowledge management
- Secure multiparty computations
- Secure software development
- Securing data/apps on untrusted platforms
- Securing the semantic web
- Security and privacy in GIS/spatial data
- Security and privacy in healthcare
- Security policies for databases
- Social computing security and privacy
- Social networking security and privacy
- Trust metrics for applications, data, and users
- Usable security and privacy
- Usage Control
- Web application security
For more information, please see
http://www.codaspy.org.
PQCrypto 2016
7th International Conference on Post-Quantum Cryptography,
Fukuoka, Japan, February 24-26, 2016.
[posted here 03/23/15]
The aim of PQCrypto is to serve as a forum for
researchers to present results and exchange ideas
on the topic of cryptography in an era with large-scale quantum
computers. The conference will be preceded by a winter school
on February 22-23, 2016. Original research papers on all technical aspects
of cryptographic research related to post-quantum
cryptography are solicited. The topics include
(but are not restricted to):
- Cryptosystems that have the potential to be safe against quantum
computers such as: hash-based signature schemes, lattice-based
cryptosystems, code-based cryptosystems, multivariate cryptosystems
and quantum cryptographic schemes;
- Classical and quantum attacks including side-channel attacks
on post-quantum cryptosystems;
- Security models for the post-quantum era.
For more information, please see
https://pqcrypto2016.jp/.
FC 2016
20th International Conference on Financial Cryptography and Data Security,
Accra Beach Hotel & Spa, Barbados, February 22–26, 2016.
[posted here 10/5/15]
Financial Cryptography and Data Security is a major international forum for
research, advanced development, education, exploration, and debate regarding
information assurance, with a specific focus on financial, economic and commercial
transaction security. Original works focusing on securing commercial transactions
and systems are solicited; fundamental as well as applied real-world deployments
on all aspects surrounding commerce security are of interest. Submissions need
not be exclusively concerned with cryptography. Systems security, economic or
behavioral perspectives, and interdisciplinary efforts are particularly encouraged.
Topics of interest include, but are not limited to:
- Access Control
- Anonymity and Privacy
- Applied Cryptography
- Auctions and Mechanisms
- Authentication and Identification
- Behavioral Aspects of Security and Privacy
- Biometrics
- Certification and Audits
- Cloud Computing and Data Outsourcing Security
- Commercial Cryptographic Applications
- Contactless Payment and Ticketing Systems
- Cryptographic Currencies
- Digital Cash and Payment Systems
- Digital Rights Management
- Economics of Security and Privacy
- Electronic Commerce Security
- Electronic Crime and Underground Markets
- Fraud Detection and Forensics
- Game Theory for Security and Privacy
- Identity Theft
- Insider Threats
- Legal and Regulatory Issues
- Microfinance and Micropayments
- Mobile Systems Security and Privacy
- Phishing and Social Engineering
- Reputation Systems
- Risk Assessment and Management
- Secure Banking and Financial Services
- Smart Contracts and Financial Instruments
- Smartcards, Secure Tokens and Secure Hardware
- Social Networks Security and Privacy
- Trust Management
- Usability and Security
- Virtual Goods and Virtual Economies
- Voting Systems
- Web Security
For more information, please see
http://fc16.ifca.ai/.
UEOP 2016
1st Workshop on Understanding and Enhancing Online Privacy,
Co-located with NDSS 2016,
San Diego, CA, USA, February 21, 2016.
[posted here 06/22/15]
The mainstream focus in privacy research has long been on designing software
from the ground up, providing firm guarantees on the provided privacy properties.
Such a "bottom-up" approach is undoubtedly crucial for achieving better online
privacy in the long term. Nevertheless, there is also a clear need for "top-down" research,
understanding online privacy in the present online digital user habitats and proposing
solutions that are easily deployable in existing infrastructures.
Understanding privacy in online user habitats necessarily has to cope with
highly incomplete information. While top-down methods for understanding some
privacy-relevant open-world phenomena in the Internet have been researched
(most prominently, information spreading in the context of social networks,
recommendation systems, and marketing), and many basic technologies relevant to
such understanding are well-investigated (e.g., large-scale information retrieval, image analysis,
software analysis, record linkage), their application to the understanding and enhancing of
online privacy remains under-explored, and has partly not yet been considered at all. Pursuing
such an approach poses major technical challenges, which only an collaboration across several
sub-areas of computer science can solve.
The goal of the workshop is to foster interdisciplinary research on the understanding of privacy
issues in present online user habitats, and the development of practical solutions. The workshop
is directed at researchers from privacy and adjacent research areas. Topics of interest include,
but are not limited to:
- data and action linkability
- privacy metrics
- data dissemination and information spreading
- what-if-analysis and privacy threat prediction
- privacy in social networks and microblogging systems
- privacy in cloud and big data applications
- location privacy
- privacy in mobile and portable devices
- behavioral targeting
- data analytics
- user profiling and data mining
- economics of privacy and game-theoretical approaches to privacy
- human factors and usability
- privacy in electronic currencies
For more information, please see
http://sps.cs.uni-saarland.de/ueop/index.html.
NDSS 2016
Network and Distributed System Security Symposium,
San Diego, California, USA, February 21-24, 2016.
[posted here 06/22/15]
ISOC NDSS fosters information exchange among researchers and practitioners of network and
distributed system security. The target audience includes those interested in practical aspects
of network and distributed system security, with a focus on actual system design and implementation.
A major goal is to encourage and enable the Internet community to apply, deploy, and advance the
state of available security technologies. Technical papers and panel proposals are solicited. All
submissions will be reviewed by the Program Committee and accepted submissions will be published
by the Internet Society in the Proceedings of NDSS 2016. The Proceedings will be made freely
accessible from the Internet Society webpages. Furthermore, permission to freely reproduce all
or parts of papers for noncommercial purposes is granted provided that copies bear the Internet
Society notice included in the first page of the paper. The authors are therefore free to post the
camera-ready versions of their papers on their personal pages and within their institutional
repositories. Reproduction for commercial purposes is strictly prohibited and requires prior consent.
Topics include:
- Anti-malware techniques: detection, analysis, and prevention
- Combating cyber-crime: anti-phishing, anti-spam, anti-fraud techniques
- Security for future Internet architectures and designs (e.g., Software-Defined Networking)
- High-availability wired and wireless networks
- Implementation, deployment and management of network security policies
- Integrating security in Internet protocols: routing, naming, network management
- Intellectual property protection: protocols, implementations, metering,
watermarking, digital rights management
- Intrusion prevention, detection, and response
- Privacy and anonymity technologies
- Security and privacy for distributed cryptocurrencies
- Security and privacy in Social Networks
- Public key infrastructures, key management, certification, and revocation
- Special problems and case studies: e.g., tradeoffs between security and
efficiency, usability, reliability and cost
- Security for collaborative applications: teleconferencing and video-conferencing
- Security for cloud computing
- Security for emerging technologies: sensor/wireless/mobile/personal networks and systems
- Security for future home networks, Internet of Things, body-area networks
- Security for large-scale systems and critical infrastructures (e.g., electronic voting, smart grid)
- Security for peer-to-peer and overlay network systems
- Security for Vehicular Ad-hoc Networks (VANETs)
- Security of Web-based applications and services
- Trustworthy Computing mechanisms to secure network protocols and distributed systems
- Usable security and privacy
For more information, please see
http://www.internetsociety.org/events/ndss-symposium-2016.
ICISSP 2016
2nd International Conference on Information Systems Security and Privacy,
Rome, Italy, February 19-21, 2016.
[posted here 06/08/15]
The International Conference on Information Systems Security and Privacy aims at creating
a meeting point for researchers and practitioners that address security and privacy
challenges that concern information systems, especially in organizations, including not
only technological issues but also social issues. The conference welcomes papers of either
practical or theoretical nature, presenting research or applications addressing all aspects
of security and privacy, that concerns to organizations and individuals, thus creating
new research opportunities. Topics include:
- Security Frameworks, Architectures and Protocols
- Cryptographic Algorithms
- Information Hiding and Anonymity
- Vulnerability Analysis and Countermeasures
- Database Security
- Content Protection and Digital Rights Management
- Software Security Assurance
- Security Architecture and Design Analysis
- Security Testing
- Risk and Reputation Management
- Phishing
- Security and Trust in Pervasive Information Systems
- Legal and Regulatory Issues
- Security Professionalism and Practice
- Trust in Social Networks
- Identity and Trust Management
- Intrusion Detection and Response
- Smartcard Technology
- Privacy-Enhancing Models and Technologies
- Privacy In Cloud and Pervasive Computing
- Authentication, Privacy and Security Models
- Social Media Privacy
- E-Voting and Privacy
- Privacy Metrics and Control
- Malware Detection
- Vehicular Systems and Networks
- Threat Awareness
- Identification and Access Control
- Mobile Systems Security
- Biometric Technologies and Applications
- Security Awareness and Education
- Data and Software Security
- Data Mining and Knowledge Discovery
- Web Applications and Services
For more information, please see
http://www.icissp.org/.
CS2 2016
Workshop on Cryptography and Security in Computing Systems,
Co-located with HiPEAC 2016 Conference,
Prague, Czech Republic, January 20, 2016.
[posted here 10/26/15]
The wide diffusion of embedded systems, including multi-core,
many-core, and reconfigurable platforms, poses a number of challenges
related to the security of the operation of such systems, as well as
of the information stored in them.
Malicious adversaries can leverage unprotected communication to hijack
cyber-physical systems, resulting in incorrect and potentially highly
dangerous behaviours, or can exploit side channel information leakage
to recover secret information from a computing system. Untrustworthy
third party software and hardware can create openings for such
attacks, which must be detected and removed or countered.
The prevalence of multi/many core systems opens additional issues such
as NoC security. Finally, the complexity on modern and future embedded
and mobile systems leads to the need to depart from manual planning
and deployment of security features. Thus, design automation tools
will be needed to design and verify the security features of new
hardware/software systems.
The CS2 workshop is a venue for security and cryptography experts to
interact with the computer architecture and compilers community,
aiming at cross-fertilization and multi-disciplinary approaches to
security in computing systems. Topics of interest include, but are not limited to:
- Compiler and Runtime Support for Security
- Cryptography in Embedded and Reconfigurable Systems
- Design Automation and Verification of Security
- Efficient Cryptography through Multi/Many core Systems
- Fault Attacks and Countermeasures, including interaction with Fault Tolerance
- Hardware Architecture and Extensions for Cryptography
- Hardware/Software Security Techniques
- Hardware Trojans and Reverse Engineering
- Physical Unclonable Functions
- Reliability and Privacy in Embedded Systems
- Security of Cyber-Physical Systems
- Security of Embedded and Cyberphysical Systems (Medical, Automotive,
Smartgrid, Industrial Control)
- Side Channel Attacks and Countermeasures
- Trusted computing
For more information, please see
http://www.cs2.deib.polimi.it/.
SFCS 2016
4th International Workshop on Security and Forensics in Cyber Space,
Held in conjunction with the 17th International Conference on Distributed Computing
and Networking (ICDCN 2016),
Singapore, January 4-6, 2016 .
[posted here 10/5/15]
With the continuous growth of cyber connectivity and the ever increasing number of applications,
remotely delivered services, and networked systems have required the need for digital security. Today,
more and more government agencies, financial institutions, and business enterprises are experiencing
security incidents and cyber-crimes, by which attackers could generate fraudulent financial transactions,
commit crimes, perform an industrial espionage, and disrupt the business processes.
The sophistication and the borderless nature of the intrusion techniques used during a cyber security
incident, have triggered the need for designing new active cyber defense solutions, and developing
efficient incident response plans. In this context, digital forensics has emerged as a disciplined science
allowing to note and collect evidences left on the compromised system prior to the incident occurrence,
and carry out an analysis to: (a) understand what occurred; (b) determine the set of exploited security
weaknesses; (c) trace attackers to their source; (d) study the attackers trends and motives; and (e)
propose a set of optimal countermeasures to stop and mitigate the effect of the attacks.
The workshop promotes research and innovative ideas in the realm of cyber security and digital forensics.
It provides a prominent venue for researchers, scientists, engineers and practitioners to share their
thoughts, exchange ideas, and prospect future and potential axes of collaboration. Papers focusing on
any aspect of the theory and practice of cyber security, defense, and digital forensics are solicited. A
large spectrum of advanced topics are covered, ranging from anti-forensics detection and recovery,
cyber security and forensic in wireless and mobile communication systems, multimedia security and
forensic content processing, development of novel theories and techniques of cyber security and
forensics analysis and validation, and forensics in cloud computing and social networks.
The workshop will act as a forum for discussing open issues, and presenting original and unpublished
research results and innovative ideas in the realm of security and digital forensics. We encourage
contributions describing innovative work in the realm of security and digital forensics. Topics of
interest include, but are not limited to:
- Formal and theoretical techniques of cyber security and forensics
- Legal and policy issues in cyber security and defense
- Availability, privacy, authentication, trust, access control, and key management
- Social networks security
- Incident response techniques in networked and distributed systems
- Security and privacy in wireless and mobile systems
- Cyber security engineering
- Risk analysis and management in cyber security
- Critical infrastructures security
- Storage systems protection and forensics
- Economic and management aspects of cyber security and privacy
- Automated reasoning techniques of incidents and evidence analysis
- Evidentiary aspects and forensics of digital crimes
- Cybercrime scenarios modeling, analysis, and investigation
- Hypothetical reasoning in forensics and incident response
- Collaborative and distributed techniques for cyber defense and cyber investigation
- Active, adaptive, and intelligent defense systems
- Embedded devices forensics
- Evidence preservation, management, storage and reassembly
- Anti-forensics and anti-anti forensics prevention, detection, and analysis
- Multimedia security and forensics
- Lightweight forensic techniques
- Large-scale investigations in large networks and Big Data
- Innovative forensic services
- Data visualization in forensic analysis
- Vulnerability analysis and assessment of cloud services
- Techniques for tracking and trace-back of attacks in networked and distributed systems
- Data hiding, extraction, and recovery technique
- Security and forensics in distributed, virtual, and cloud environments
- Cyber security and forensic architectures
- Defense in depth
- Cybersecurity of Industrial Control Systems
- Cyber physical systems security
- Bio-inspired security
For more information, please see
https://sites.google.com/site/sfcs2016/.
IFIP119-DF 2016
12th IFIP WG 11.9 International Conference on Digital Forensics,
New Delhi, India, January 4-6, 2016.
[posted here 07/20/15]
The IFIP Working Group 11.9 on Digital Forensics (www.ifip119.org) is
an active international community of scientists, engineers and practitioners
dedicated to advancing the state of the art of research and practice in
digital forensics. The Twelfth Annual IFIP WG 11.9 International Conference on
Digital Forensics will provide a forum for presenting original, unpublished research
results and innovative ideas related to the extraction, analysis and preservation
of all forms of electronic evidence. Papers and panel proposals are solicited.
All submissions will be refereed by a program committee comprising members
of the Working Group. Papers and panel submissions will be selected based on
their technical merit and relevance to IFIP WG 11.9. The conference will be
limited to approximately 100 participants to facilitate interactions between
researchers and intense discussions of critical research issues. Keynote
presentations, revised papers and details of panel discussions will be published
as an edited volume - the twelfth volume in the well-known Advances in
Digital Forensics book series (Springer, Heidelberg, Germany) during the
summer of 2016.
Technical papers and posters are solicited in all areas related to the theory
and practice of digital forensics. Areas of special interest include, but are not limited to:
- Theories, techniques and tools for extracting, analyzing and preserving digital evidence
- Network and cloud forensics
- Embedded device forensics
- Digital forensic processes and workflow models
- Digital forensic case studies
- Legal, ethical and policy issues related to digital forensics
For more information, please see
http://www.ifip119.org.
