Contents
ICSS 2017
Industrial Control System Security Workshop,
Held in conjunction with the 33rd Annual Computer Security Applications Conference (ACSAC),
San Juan, Puerto Rico, December 5, 2017.
[posted here 09/12/17]
Supervisory control and data acquisition (SCADA) and industrial control
systems monitor and control a wide range of industrial and infrastructure
processes such as water treatment, power generation and transmission,
oil and gas refining and steel manufacturing. Such systems are usually built
using a variety of commodity computer and networking components and are
becoming increasingly interconnected with corporate and other Internet-visible
networks. As a result, they face significant threats from internal and external
actors. For example, in 2010 the Stuxnet malware was specifically written to attack
SCADA systems and caused millions of dollars in damages.
The critical requirement for high availability in SCADA and industrial
control systems, along with the use of resource constrained computing
devices, legacy operating systems, and proprietary software applications
limit the applicability of traditional information security solutions. The goal of
this workshop is to explore new security techniques that are applicable in the
control systems context. Papers of interest including (but not limited to) the
following subject categories are solicited:
- Intrusion detection and prevention
- Malware
- Vulnerability analysis and risk management
- Digital forensics
- Virtualization
- Application Security
- Performance evaluation of security methods and tools in control systems
- Cybersecurity Education
For more information, please see
https://www.acsac.org/2017/workshops/icss/.
ACSAC 2017
33rd Annual Computer Security Applications Conference,
San Juan, Puerto Rico, December 4-8, 2017.
[posted here 01/23/17]
The Annual Computer Security Applications Conference (ACSAC) is an
internationally recognized forum where practitioners, researchers, and
developers in information and system security meet to learn and to
exchange practical ideas and experiences. If you are developing,
researching, or implementing practical security solutions, consider
sharing your experience and expertise at ACSAC.
We are especially interested in submissions that address the
application of security technology, the implementation of systems, and
lessons learned. Some example topics are:
- Access Control
- Anonymity
- Applied Cryptography
- Assurance
- Audit
- Biometrics
- Security case studies
- Cloud Security
- Cyber-Physical Systems
- Denial of Service Protection
- Distributed Systems Security
- Embedded Systems Security
- Enterprise Security Management
- Evaluation and Compliance
- Digital Forensics
- Identity Management
- Incident Response
- Insider Threat Protection
- Integrity
- Intrusion Detection
- Intellectual Property
- Malware
- Mobile/Wireless Security
- Multimedia Security
- Network Security
- OS Security
- P2P Security
- Privacy & Data Protection
- Privilege Management
- Resilience
- Security and Privacy of the Internet of Things
- Security Engineering
- Software Security
- Supply Chain Security
- Trust Management
- Trustworthy Computing
- Usability and Human-centric Aspects of Security
- Virtualization Security
- Web Security
For more information, please see
http://www.acsac.org.
CECC 2017
Central European Cybersecurity Conference,
Ljubljana, Slovenia, November 16-17, 2017.
[posted here 05/29/17]
The Central European Cybersecurity Conference – CECC 2017 aims at
establishing a venue for the exchange of information on cybersecurity
and its many aspects in central Europe. CECC 2017 encourages the
dialogue between researchers of technical and social aspects of
cybersecurity, both crucial in attaining adequate levels of
cybersecurity. Complementary contributions dealing with its
economic aspects as well as any legal, investigation or other
issues related to cybersecurity are welcome, too.
All accepted and presented research papers will be available in
Open Access conference proceedings published by the University of
Maribor Press and submitted for indexing by DBLP, Elsevier SCOPUS
and Thomson Reuters Web of Science™ Core Collection.
For more information, please see
https://www.fvv.um.si/cecc2017/.
NordSec 2017
22nd Nordic Conference on Secure IT Systems,
Tartu, Estonia, November 8-10, 2017.
[posted here 06/19/17]
NordSec addresses a broad range of topics within IT security with the aim of bringing together
computer security researchers and encouraging interaction between academia and industry.
We invite participants to present their ideas in poster sessions during lunches and coffee
breaks. NordSec 2017 welcomes contributions within, but not limited to, the following areas:
- Access control and security models
- Applied cryptography
- Blockchains
- Cloud security
- Commercial security policies and enforcement
- Cryptanalysis
- Cryptographic protocols
- Cyber crime, warfare, and forensics
- Economic, legal, and social aspects of security
- Enterprise security
- Hardware and smart card security
- Mobile and embedded security
- Internet of Things and M2M security
- Internet, communication, and network security
- Intrusion detection
- Language-based techniques for security
- New ideas and paradigms in security
- Operating system security
- Privacy and anonymity
- Public-key cryptography
- Security and machine learning
- Security education and training
- Security evaluation and measurement
- Security management and audit
- Security protocols
- Security usability
- Social engineering and phishing
- Software security and malware
- Symmetric cryptography
- Trust and identity management
- Trusted computing
- Vulnerability testing
- Web application security
For more information, please see
http://nordsec2017.cs.ut.ee.
SSS 2017
19th Annual International Symposium on Stabilization, Safety, and Security of Distributed Systems,
Boston, Massachusetts, USA, November 5-8, 2017.
[posted here 05/01/17]
SSS is an international forum for researchers and practitioners in the design and development
of distributed systems with a focus on systems that are able to provide guarantees on their
structure, performance, and/or security in the face of an adverse operational environment.
Research in distributed systems is now at a crucial point in its evolution, marked by the
importance and variety of dynamic distributed systems such as peer-to-peer networks,
large-scale sensor networks, mobile ad-hoc networks, and cloud computing. Moreover,
new applications such as grid and web services, distributed command and control, and
a vast array of decentralized computations in a variety of disciplines has driven the
need to ensure that distributed computations are self-stabilizing, performant, safe
and secure. The symposium takes a broad view of the self-managed distributed systems
area and encourages the submission of original contributions spanning fundamental
research and practical applications within its scope, covered by the three symposium
tracks: (i) Stabilizing Systems: Theory and Practice, (ii) Distributed Computing and
Communication Networks, as well as (iii) Computer Security and Information Privacy.
For more information, please see
http://bitly.com/SSS-2017.
MIST 2017
9th ACM CCS International Workshop on Managing Insider Security Threats,
Dallas, USA, October 30 - November 3, 2017.
[posted here 05/15/17]
During the past two decades, information security technology developments
have been mainly concerned with intrusion detection to prevent unauthorized
attacks from outside the network.
This includes hacking, virus propagation, spyware and more. However, according
to a recent Gartner Research Report, information leaks have
drastically increased from insiders who are legally authorized to access corporate information.
The unauthorized leak of critical or proprietary information can cause significant damage
to corporate image and reputation, perhaps even weakening its competitiveness in the
marketplace. On a larger scale, government and public sectors may suffer competitive
loss to other nations due to an internal intelligence breach. While the leaking of critical
information by insiders has a lower public profile than that of viruses and hacker attacks,
the financial impact and loss can be just as devastating. The objective of this workshop
is to showcase the most recent challenges and advances in security and cryptography
technologies and management systems for preventing information breaches by insiders.
The workshop promotes state-of-the-art research, surveys and case analyses of
practical significance. Physical, managerial, and technical countermeasures will be
covered in the context of an integrated security management system that protects
critical cyber-infrastructure against unauthorized internal attack. We expect that this
workshop will be a trigger for further research and technology improvements related
to this important subject.
For more information, please see
http://isyou.info/conf/mist17.
WPES 2017
Workshop on Privacy in the Electronic Society,
Dallas, Texas, USA, October 30, 2017.
[posted here 05/22/17]
The need for privacy-aware policies, regulations, and techniques has
been widely recognized. This workshop discusses the problems of
privacy in the global interconnected societies and possible solutions.
The 2017 Workshop, held in conjunction with the ACM CCS conference, is
the sixteenth in a yearly forum for papers on all the different
aspects of privacy in today's electronic society.
The workshop seeks submissions from academia and industry presenting
novel research on all theoretical and practical aspects of electronic
privacy, as well as experimental studies of fielded systems. We
encourage submissions from other communities such as law and business
that present these communities' perspectives on technological issues.
Topics of interest include, but are not limited to, anonymization and
trasparency, crowdsourcing for privacy and security, data correlation
and leakage attacks, data security and privacy, data and computations
integrity in emerging scenarios, electronic communication privacy,
economics of privacy, information dissemination control, models,
languages, and techniques for big data protection, personally
identifiable information, privacy-aware access control, privacy and
anonymity on the web, privacy in biometric systems, privacy in cloud
and grid systems, privacy and confidentiality management, privacy and
data mining, privacy in the Internet of Things, privacy in the digital
business, privacy in the electronic records, privacy enhancing
technologies, privacy and human rights, privacy in health care and
public administration, privacy metrics, privacy in mobile systems,
privacy in outsourced scenarios, privacy policies, privacy vs.
security, privacy of provenance data, privacy in social networks,
privacy threats, privacy and virtual identity, user profiling, and
wireless privacy.
For more information, please see
https://cs.pitt.edu/wpes2017.
ISDDC 2017
International Conference on Intelligent, Secure and Dependable Systems in Distributed
and Cloud Environments,
Vancouver, BC, Canada, October 25-27, 2017.
[posted here 03/13/17]
The integration of network computing and mobile systems offers new challenges with respect
to the dependability of integrated applications. At the same time, new threat vectors have
emerged that leverage and magnify traditional hacking methods, enabling large scale and
intelligence-driven attacks against a variety of platforms, including mobile, cloud,
Internet-of-things (IoT), as well as conventional networks. The consequence of such fast
evolving environment is the pressing need for effective and efficient paradigms, approaches,
and tools for building, maintaining, and managing secure and dependable systems.
This conference solicits papers addressing issues related to the design, analysis, and
implementation, of dependable and secure infrastructures, systems, architectures,
algorithms, and protocols that deal with network computing, mobile/ubiquitous systems,
cloud systems, and IoT systems.
The goal of the ISDDC 2017 conference is to provide a forum for researchers, students,
scientists and engineers working in academia and industry to share their experiences, new
ideas and research results in the above-mentioned areas.
For more information, please see
http://www.scs.ryerson.ca/iwoungan/ISDDC17/.
FPS 2017
10th International Symposium on Foundations & Practice of Security,
Nancy, France, October 23-25, 2017.
[posted here 05/22/17]
Protecting the communication and data infrastructure of an increasingly
inter-connected world has become vital to the normal functioning of all
aspects of our world. Security has emerged as an important scientific discipline whose
many multifaceted complexities
deserve the attention and synergy of the mathematical, computer science and engineering
communities.
The aim of FPS is to discuss and exchange theoretical and practical ideas that address
security issues in inter-connected systems. It aims to provide scientific presentations
as well as to establish links, promote scientific collaboration, joint research programs,
and student exchanges between institutions involved in this important and fast moving
research field. We also invite papers from researchers and practitioners working in security, privacy,
trustworthy data systems and related areas to submit their original papers.
For more information, please see
http://fps2017.loria.fr/.
GameSec 2017
8th Conference on Decision and Game Theory for Security,
Vienna, Austria, October 23-25, 2017.
[posted here 02/20/17]
The goal of GameSec is to bring together academic and industrial researchers in an effort to
identify and discuss the major technical challenges and recent results that highlight the
connection between game theory, control, distributed optimization, economic incentives
and real world security, reputation, trust and privacy problems in a variety of technological
systems. Submissions should solely be original research papers that have neither been
published nor submitted for publication elsewhere.
- Game theory and mechanism design for security and privacy
- Pricing and economic incentives for building dependable and secure systems
- Dynamic control, learning, and optimization and approximation techniques
- Decision making and decision theory for cybersecurity and security requirements engineering
- Socio-technological and behavioral approaches to security
- Risk assessment and risk management
- Security investment and cyber insurance
- Security and privacy for the Internet-of-Things (IoT), cyber-physical systems,
resilient control systems
- New approaches for security and privacy in cloud computing and for critical infrastructure
- Security and privacy of wireless and mobile communications, including user location privacy
- Game theory for intrusion detection
- Empirical and experimental studies with game-theoretic or optimization analysis for security and privacy
For more information, please see
http://www.gamesec-conf.org/cfp.php.
CTC 2017
7th International Symposium on Secure Virtual Infrastructures - Cloud and Trusted Computing,
Rhodes, Greece, October 23-24, 2017.
[posted here 03/27/17]
Current and future service-based software needs to remain focused towards the development and
deployment of large and complex intelligent and networked information systems, required for
internet-based and intranet-based systems in organizations, as well to move to IoT integration and
big data analytics. Today, service-based software covers a very wide range of application domains
as well as technologies and research issues. This has found realization through Cloud Computing,
Big Data, and IoT. Vital element in such networked, virtualized, and sensor-based information
systems are the notions of trust, security, privacy and risk management.
The conference solicits submissions from both academia and industry presenting novel research in
the context of Cloud Computing, Big Data, and IoT, presenting theoretical and practical approaches
to cloud, big data, and IoT trust, security, privacy and risk management. The conference will provide
a special focus on the intersection between cloud paradigm, big data analytics, and IoT integration,
bringing together experts from the three communities to discuss on the vital issues of trust, security,
privacy and risk management in Cloud Computing, shedding the light on novel issues and requirements
in big data and IoT domains. Potential contributions could cover new approaches, methodologies,
protocols, tools, or verification and validation techniques. We also welcome review papers that
analyze critically the current status of trust, security, privacy and risk management in the cloud,
big data, and IoT. Papers from practitioners who encounter trust, security, privacy, and risk
management problems, and seek understanding are finally welcome.
For 2017, a special emphasis will be put on "Secure and Trustworthy Big Data Analytics
and IoT Integration: From the Periphery to the Cloud".
For more information, please see
http://www.otmconferences.org/index.php/conferences/ctc-2017.
AsianHOST 2017
IEEE Asian Hardware-Oriented Security and Trust Symposium,
Beijing, China, October 19-20, 2017.
[posted here 04/03/17]
IEEE Asian Hardware Oriented Security and Trust Symposium (AsianHOST) aims to facilitate
the rapid growth of hardware security research and development in Asia and South Pacific
areas. AsianHOST highlights new results in the area of hardware and system security. Relevant
research topics include techniques, tools, design/test methods, architectures, circuits, and
applications of secure hardware. AsianHOST 2017 invites original contributions related to,
but not limited by, the following topics:
- Hardware Trojan attacks and detection techniques
- Side-channel attacks and countermeasures
- Metrics, policies, and standards related to hardware security
- Secure system-on-chip (SoC) architecture
- Security rule checks at IP, IC, and System levels
- Hardware IP trust (watermarking, metering, trust verification)
- FPGA security
- Trusted manufacturing including split manufacturing, 2.5D, and 3D ICs
- Emerging nanoscale technologies in hardware security applications
- Security analysis and protection of Internet of Things (IoT)
- Cyber-physical system (CPS) security and resilience
- Reverse engineering and hardware obfuscation at all levels of abstraction
- Supply chain risks mitigation including counterfeit detection & avoidance
- Hardware techniques that ensure software and/or system security
- Analysis of real attacks and threat evaluation
For more information, please see
http://asianhost.org/2017/.
LASER 2017
Workshop on Learning from Authoritative Security Experiment Results,
Arlington, VA, USA, October 18-19, 2017.
[posted here 06/12/17]
The LASER workshop series focuses on learning from and improving cybersecurity
experimental results. It explores both positive and negative results, the latter of which
are not often published. LASER's overarching goal is to foster a dramatic change in the
paradigm of cyber security research and experimentation, improving the overall quality
of practiced science. This year, LASER's goal will be to improve the rigor and quality of
security experimentation by providing a venue where cybersecurity researchers can
discuss experimental methods and present research that exemplifies sound scientific
practice. We particularly encourage papers in three areas:
- Well-designed security experiments, with positive or negative results.
- Experimental techniques that help address common sources of error.
- Replications (successful or failed) of previously published experiments.
For more information, please see
http://2017.laser-workshop.org/submissions/call-papers.
CPS-Sec 2017
IEEE International Workshop on Cyber-Physical Systems Security,
Held in Conjunction with the IEEE Conference on Communications and Network Security (CNS 2017),
Las Vegas, NV, USA, October 9-11, 2017.
[posted here 06/19/17]
The CPS-Sec Workshop will primarily focus on the security and privacy
aspects of Cyber-Physical Systems and Internet of Things. The workshop will
include papers (both novel and work-in-progress submissions), invited
talks, panels, and discussions to facilitate the exchange of research ideas
in a community environment. We are sure that the CPS-Sec workshop will
greatly benefit from your contributions.
For more information, please see
http://cns2017.ieee-cns.org/workshop/cps-sec-international-workshop-cyber-physical-systems-security.
WISTP 2017
11th International Conference on Information Security Theoryand Practice,
Crete, Greece, September 28-29, 2017.
[posted here 05/29/17]
The 11th WISTP International Conference on Information Security Theory
and Practice (WISTP'2017) seeks original submissions from academia and
industry presenting novel research on all theoretical and practical
aspects of security and privacy, as well as experimental studies of
fielded systems, the application of security technology, the
implementation of systems, and lessons learned. We encourage
interdisciplinary contributions bringing law, business, and policy
perspectives on security issues. Submissions with regards to the
security of future ICT technologies, such as cyber-physical systems,
cloud services, data science and the Internet of Things are
particularly welcome.
For more information, please see
http://www.wistp.org.
FDTC 2017
14th Workshop on Fault Diagnosis and Tolerance in Cryptography,
Taipei, Taiwan, September 25, 2017.
[posted here 04/17/17]
Fault injection is one of the most exploited means for extracting confidential information from
embedded devices and for compromising their intended operation. Therefore, research on
developing methodologies, techniques, architectures and design tools for robust cryptographic
systems (both hardware and software), and on protecting them against both accidental faults
and intentional attacks is essential. Of particular interest are models and metrics for quantifying
the protection of systems and protocols against malicious injection of faults and to estimate the
leaked confidential information. FDTC is the reference event in the field of fault analysis,
attacks and countermeasures. Topics of interest include but are not limited to:
- Fault injection and exploitation: mechanisms (e.g., using lasers, electromagnetic induction,
or clock / power supply manipulation),
attacks on cryptographic devices (HW and SW) or protocols,
combined implementation attacks
- Countermeasures: Fault resistant hardware / implementations of
cryptographic algorithms, countermeasures to detect fault injections,
techniques providing fault tolerance (inherent reliability),
fault resistant protocols,
measures to prevent fault injection (e.g., physical protection, fault diagnosis)
- Models and metrics for fault attack analysis: metrics for fault attacks robustness
and the leaked information, models of fault injection,
modeling and analysis (e.g., modeling the reliability of systems or protocols)
- Fault attack resistant architectures: fault attack resistant processor designs,
fault attack resistant hardware, fault attack resistant software
- Design tools supporting analysis of fault attacks and countermeasures:
early estimation of fault attack robustness, automatic applications of fault countermeasures,
fault attacks and reliability
- Case studies of attacks, fault diagnosis, and tolerance techniques
For more information, please see
http://conferenze.dei.polimi.it/FDTC17/index.html.
STM 2017
13th International Workshop on Security and Trust Management,
Co-located with with ESORICS 2017,
Oslo, Norway, September 14-15, 2017.
[posted here 05/22/17]
STM (Security and Trust Management) is a working group of ERCIM (European
Research Consortium in Informatics and Mathematics).
The workshop seeks submissions from academia, industry, and government presenting
novel research on all theoretical and practical aspects of security and trust in ICT.
Topics of interest include, but are not limited to:
- Access control
- Anonymity
- Applied cryptography
- Authentication
- Complex systems security
- Data and application security
- Data protection
- Data/system integrity
- Digital rights management
- Economics of security and privacy
- Formal methods for security and trust
- Identity management
- Legal and ethical issues
- Mobile security
- Networked systems security
- Operating systems security
- Privacy
- Security and trust metrics
- Security and trust policies
- Security and trust management architectures
- Security and trust for big data
- Security and trust in cloud environments
- Security and trust in content delivery networks
- Security and trust in crowdsourcing
- Security and trust in grid computing
- Security and trust in the Internet of Things
- Security and trust in pervasive computing
- Security and trust in services
- Security and trust in social networks
- Social implications of security and trust
- Trust assessment and negotiation
- Trust in mobile code
- Trust models
- Trust management policies
- Trust and reputation systems
- Trusted platforms
- Trustworthy systems and user devices
For more information, please see
http://stm2017.di.unimi.it.
SPIFEC 2017
1st European Workshop on Security and Privacy in Fog and Edge Computing,
Held In conjunction with ESORICS 2017,
Oslo, Norway, September 14-15, 2017.
[posted here 05/08/17]
The main goal of Fog Computing and other related Edge paradigms, such as Multi-Access Edge
Computing, is to decentralize the Cloud and bring some of its services closer to the edge of
the network, where data are generated and decisions are made. Cloud-enabled edge platforms
will be able to cooperate not only with each other but with the cloud, effectively creating a
collaborative and federated environment. This paradigm shift will fulfill the needs of novel services,
such as augmented reality, that have particularly stringent requirements like extremely low
latency. It will also help improve the vision of the Internet of Things by improving its scalability
and overall functionality, among other benefits.
To enable this vision, a number of platforms and technologies need to securely coexist, including
sensors and actuators, edge-deployed systems, software-defined networks, hardware
virtualization, data mining mechanisms, etc. However, this paradigm shift calls for new
security challenges and opportunities to leverage services for new scenarios and applications.
The field of edge computing security is almost unexplored, and demands further attention
from the research community and industry in order to unleash the full potential of this paradigm.
For more information, please see
https://www.nics.uma.es/pub/spifec.
DPM 2017
12th Workshop on Data Privacy Management,
Co-located with ESORICS 2017,
Oslo, Norway, September 14-15, 2017.
[posted here 04/24/17]
Organizations are increasingly concerned about the privacy of information that they
manage (several people have filed lawsuits against organizations violating the privacy
of customer's data). Thus, the management of privacy-sensitive information is very critical
and important for every organization. This poses several challenging problems, such as how
to translate the high-level business goals into system-level privacy policies, administration
of privacy-sensitive data, privacy data integration and engineering, privacy access control
mechanisms, information-oriented security, and query execution on privacy-sensitive
data for partial answers.
The aim of this workshop is to discuss and exchange the ideas related to privacy data
management. We invite papers from researchers and practitioners working in privacy, security,
trustworthy data systems and related areas to submit their original papers in this workshop.
The main topics, but not limited to, include:
- Privacy Information Management
- Privacy Policy-based Infrastructures and Architectures
- Privacy-oriented Access Control Languages and Models
- Privacy in Trust Management
- Privacy in Digital Currencies
- Privacy Data Integration
- Privacy Risk Assessment and Assurance
- Privacy Services
- Privacy Policy Analysis
- Cryptography
- Cryptanalysis
- Query Execution over Privacy Sensitive Data
- Privacy Preserving Data Mining
- Hippocratic and Water-marking Databases
- Privacy for Integrity-based Computing
- Privacy Monitoring and Auditing
- Privacy in Social Networks
- Privacy in Ambient Intelligence (AmI) Applications
- Individual Privacy vs. Corporate/National Security
- Code-based Cryptology
- Privacy in computer networks
- Privacy and RFIDs
- Privacy and Big Data
- Privacy in sensor networks
For more information, please see
http://deic.uab.cat/conferences/dpm/dpm2017/.
NuTMiC 2017
Number Theory Methods in Cryptology,
Warsaw, Poland, September 11-13, 2017.
[posted here 06/19/17]
The aim of the conference is to cross-pollinate Number Theory and Cryptology.
On the one hand, help the conference is going to explore Number Theory challenges
that flow from rapidly evolving fields of the modern Cryptology. On the other hand,
sick it is going to investigate Number Theory methods in the design and analysis of
cryptologic systems and protocols. Besides the well-established connections
between the two domains such as primality testing, factorisation, elliptic curves,
lattices (to mention a few), the conference endeavours to forge new ones that
would encompass Number Theory structures and algorithms that have never been
used in Cryptology before. It is expected that these new connections would lead
to novel, more efficient and secure cryptographic systems and protocols (such as
one-way functions, pseudorandom number generators, encryption algorithms,
digital signatures, etc.).
For more information, please see
https://www.nics.uma.es/pub/spifec.
GraMSec 2017
4th International Workshop on Graphical Models for Security,
Co-located with CSF 2017,
Santa Barbara, California, USA, August 21, 2017.
[posted here 3/27/17]
Graphical security models provide an intuitive but systematic approach to analyze security weaknesses
of systems and to evaluate potential protection measures. Cyber security researchers, as well as
security professionals from industry and government, have proposed various graphical security
modeling schemes. Such models are used to capture different security facets (digital, physical, and
social) and address a range of challenges including vulnerability assessment, risk analysis, defense
analysis, automated defensing, secure services composition, policy validation and verification. The
objective of the GraMSec workshop is to contribute to the development of well-founded graphical
security models, efficient algorithms for their analysis, as well as methodologies for their practical
usage.
The workshop seeks submissions from academia, industry, and government presenting novel research
on all theoretical and practical aspects of graphical models for security.
For more information, please see
http://gramsec.uni.lu.
CSF 2017
30th IEEE Computer Security Foundations Symposium,
Co-located with CRYPTO 2017,
Santa Barbara, California, USA, August 22-25, 2017.
[posted here 12/12/16]
The Computer Security Foundations Symposium is an annual conference for researchers
in computer security. CSF seeks papers on foundational aspects of computer
security, such as formal security models, relationships between security
properties and defenses, principled techniques and tools for design and
analysis of security mechanisms, as well as their application to practice.
While CSF welcomes submissions beyond the topics listed below, the main
focus of CSF is foundational security: submissions that lack foundational
aspects risk rejection.
This year, CSF will use a light form of double-blind reviewing.
New results in computer security are welcome. We also encourage
challenge/vision papers, which may describe open questions and raise
fundamental concerns about security.
For more information, please see
http://csf2017.tecnico.ulisboa.pt/.
USENIX Security 2017
26th USENIX Security Symposium,
Vancouver, Canada, August 16–18, 2017.
[posted here 1/23/17]
The USENIX Security Symposium brings together researchers, practitioners, system
administrators, system programmers, and others interested in the latest advances
in the security and privacy of computer systems and networks.
All researchers are encouraged to submit papers covering novel and
scientifically significant practical works in computer security.
USENIX Security is interested in all aspects of computing systems
security and privacy. Papers without a clear application to security or privacy,
however, will be considered out of scope and may be rejected without full review.
For more information, please see
https://www.usenix.org/conference/usenixsecurity17/call-for-papers.
DSC 2017
IEEE Conference on Dependable and Secure Computing,
Taipei, Taiwan, August 7-10, 2017.
[posted here 10/24/16]
The IEEE Conference on Dependable and Secure Computing solicits papers, posters, practices, and
experiences for presenting innovative research results, problem solutions, and new challenges in the
field of dependable and secure computing. The whole spectrum of IT systems and application areas,
including hardware design and software systems, with stringent relevant to dependability and
security concerns are of interest to DSC. Authors are invited to submit original works on research
and practice of creating, validating, deploying, and maintaining dependable and secure systems.
The conference has two tracks for research papers, the "Computer Systems, Networks, and Software"
track and the "System Electronics, VLSI, and CAD" track. In addition to research papers, the DSC
conference will also include a submission category for experience and practice papers on new
findings in the two aforementioned categories. The PC will evaluate a submission to the experience
and practice track with the understanding that it predominantly contributes to the VLSI/CAD design
knowhow or the extension of the community's knowledge about how the security protection of
known techniques fares in real-world operations. Authors have to submit a short paper along with
slides and an optional supplemental video to demonstrate the implementation and/or the
practicability of the work.
For more information, please see
http://dsc17.cs.nctu.edu.tw/.
PETS 2017
17th Privacy Enhancing Technologies Symposium,
Minneapolis, MN, USA, July 18 – 21, 2017.
[posted here 8/8/16]
The annual Privacy Enhancing Technologies Symposium (PETS) brings
together privacy experts from around the world to present and discuss
recent advances and new perspectives on research in privacy
technologies.
Papers undergo a journal-style reviewing process and accepted papers are
published in Proceedings on Privacy Enhancing Technologies
(PoPETs), a scholarly, open access journal. Submitted papers should
present novel practical and/or theoretical research into the design,
analysis, experimentation, or fielding of privacy-enhancing
technologies. While PETS/PoPETs has traditionally been home to research
on anonymity systems and privacy-oriented cryptography, we strongly
encourage submissions on a number of both well-established and emerging
privacy-related topics, for which examples are provided below.
PoPETs also solicits submissions for Systematization of Knowledge (SoK)
papers. These are papers that critically review, evaluate, and
contextualize work in areas for which a body of prior literature exists,
and whose contribution lies in systematizing the existing knowledge in
that area.
For more information, please see
https://petsymposium.org/.
WiSec 2017
10th ACM Conference on Security and Privacy in Wireless and Mobile Networks,
Boston, MA, USA, July 18-20, 2017.
[posted here 12/19/16]
ACM WiSec is the leading ACM and SIGSAC conference dedicated to all aspects of
security and privacy in wireless and mobile networks and their applications. In
addition to the traditional ACM WiSec topics of physical, link, and network layer
security, we welcome papers focusing on the security and privacy of mobile
software platforms, usable security and privacy, biometrics, cryptography, and
the increasingly diverse range of mobile or wireless applications such as
Internet of Things, and Cyber-Physical Systems. The conference welcomes both
theoretical as well as systems contributions.
Topics of interest include, but are not limited to:
- Security & privacy for smart devices (e.g., smartphones)
- Wireless and mobile privacy and anonymity
- Secure localization and location privacy
- Cellular network fraud and security
- Jamming attacks and defenses
- Key management (agreement or distribution) for wireless or mobile systems
- Information-theoretic security schemes for wireless systems
- Theoretical and formal approaches for wireless and mobile security
- Cryptographic primitives for wireless and mobile security
- NFC and smart payment applications
- Security and privacy for mobile sensing systems
- Wireless or mobile security for emerging applications (e.g,
privacy in health, automotive, avionics, smart grid, or IoT applications)
- Physical tracking security and privacy
- Usable mobile security and privacy
- Economics of mobile security and privacy
- Bring Your Own Device (BYOD) security
- Mobile malware and platform security
- Security for cognitive radio and dynamic spectrum access systems
- Security protocols for wireless networking
For more information, please see
http://wisec2017.ccs.neu.edu/.
DBSec 2017
31st Annual IFIP WG 11.3 Conference on Data and Applications Security and Privacy,
Philadelphia, PA, USA, July 17-19, 2017.
[posted here 1/2/17]
DBSec is an annual international conference covering research in data and
applications security and privacy. The 31st Annual IFIP WG 11.3 Conference
on Data and Applications Security and Privacy (DBSec 2017) will be held in
Philadelphia, PA, USA. The conference seeks submissions from academia,
industry, and government presenting novel research on all theoretical and
practical aspects of data protection, privacy, and applications security.
Topics of interest include, but are not limited to:
- access control
- anonymity
- applied cryptography in data security
- authentication
- big data security
- data and system integrity
- data protection
- database security
- digital rights management
- identity management
- intrusion detection
- knowledge discovery and privacy
- methodologies for data and application security
- network security
- organizational security
- privacy
- secure cloud computing
- secure distributed systems
- secure information integration
- secure Web services
- security and privacy in crowdsourcing
- security and privacy in IT outsourcing
- security and privacy in the Internet of Things
- security and privacy in location-based services
- security and privacy in P2P scenarios and social networks
- security and privacy in pervasive/ubiquitous computing
- security and privacy policies
- security management
- security metrics
- threats, vulnerabilities, and risk management
- trust and reputation systems
- trust management
- wireless and mobile security
For more information, please see
https://dbsec2017.ittc.ku.edu/.
SOUPS 2017
13th Symposium on Usable Privacy and Security,
Santa Clara, CA, USA, July 12–14, 2017.
[posted here 11/21/16]
The 2017 Symposium on Usable Privacy and Security (SOUPS) will bring together an
interdisciplinary group of researchers and practitioners in human computer
interaction, security, and privacy.
We invite authors to submit previously unpublished papers describing research
or experience in all areas of usable privacy and security. We welcome a
variety of research methods, including both qualitative and quantitative
approaches. Topics include, but are not limited to:
- Innovative security or privacy functionality and design
- Field studies of security or privacy technology
- Usability evaluations of new or existing security or privacy features
- Security testing of new or existing usability features
- Longitudinal studies of deployed security or privacy features
- Studies of administrators or developers and support for security and privacy
- The impact of organizational policy or procurement decisions
- Lessons learned from the deployment and use of usable privacy and security features
For more information, please see
https://www.usenix.org/conference/soups2017/call-for-papers.
ACNS 2017
15th International Conference on Applied Cryptography and Network Security,
Kanazawa, Japan, July 10-12, 2017.
[posted here 12/12/16]
ACNS is an annual conference focusing on innovative research and current
developments that advance the areas of applied cryptography, cyber
security and privacy. Both academic research works with high relevance
to real-world problems as well as developments in industrial and
technical frontiers fall within the scope of the conference.
Submissions may focus on the modelling, design, analysis (including
security proofs and attacks), development (e.g. implementations),
deployment (e.g. system integration), and maintenance (including
performance measurements, usability studies) of algorithms / protocols /
standards / implementations / technologies / devices / systems, standing
in close relation with applied cryptography, cyber security and privacy,
while advancing or bringing new insights to the state of the art.
For more information, please see
https://cy2sec.comm.eng.osaka-u.ac.jp/acns2017/.
IVSW 2017
2nd International Verification and Security Workshop,
Thessaloniki, Greece, July 3-5, 2017.
[posted here 1/23/17]
Issues related to verification and security are increasingly important in
modern electronic systems. In particular, the huge complexity of electronic
systems has led to growth in quality, reliability and security needs in
several application domains as well as pressure for low cost products.
There is a corresponding increasing demand for cost-effective verification
techniques and security solutions. These needs have increased dramatically
with the increased complexity of electronic systems and the fast adoption
of these systems in all aspects of our daily lives. The goal of IVSW is
to bring industry practitioners and researchers from the fields of
verification, validation, test, reliability and security to exchange
innovative ideas and to develop new methodologies for solving the
difficult challenges facing us today in various SoC design environments.
The workshop seeks submissions from academia and industry presenting
novel research results on the following topics of interest:
- Verification challenges of IoT
- High-level test generation for functional verification
- Emulation techniques and FPGA prototyping
- Triage and debug methodologies
- Silicon debugging
- Low-power verification
- Formal techniques and their applications
- Verification coverage
- Performance validation and characterization
- Design for Verifiability (DFV)
- Memory and coherency verification
- ESL design and Virtual Platforms
- Security verification
- Design for security
- Hardware Security IP
- Secure circuit design
- Fault-based attacks and counter measures
- Security solutions for analog/mixed signal circuits
- Security Applications in automotive, railway, avionics and space
- Internet of Things (IoT) security considerations
- Data analytics in verification and security
- Security EDA tools
- Hardware/software security and verification
For more information, please see
http://tima.imag.fr/conferences/ivsw/ivsw17/.
IFIPSEC 2017
32nd IFIP TC-11 SEC 2017 International Information Security and Privacy Conference,
Rome, Italy, May 29-31, 2017.
[posted here 10/24/16]
The IFIP SEC conference is the flagship event of the International Federation for Information
Processing (IFIP) Technical Committee 11 on Security and Privacy Protection in Information
Processing Systems (TC-11, www.ifiptc11.org). Previous SEC conferences were held in Ghent
(Belgium) 2016, Hamburg (Germany) 2015, Marrakech (Morroco) 2014, Auckland (New Zealand)
2013, Heraklion (Greece) 2012, Lucerne (Switzerland) 2011, and Brisbane (Australia) 2010.
We seek submissions from academia, industry, and government presenting novel research on all
theoretical and practical aspects of security and privacy protection in ICT Systems. Topics of
interest include, but are not limited to:
- Access control and authentication
- Applied cryptography
- Audit and risk analysis
- Biometrics
- Big data security and privacy
- Cloud security and privacy
- Critical infrastructure protection
- Cyber-physical systems security
- Data protection
- Data and applications security
- Digital forensics
- Human aspects of security and privacy
- Identity management
- Information security education
- Information security management
- Information technology mis-use and the law
- Managing information security functions
- Mobile security
- Multilateral security
- Network & distributed systems security
- Privacy protection and Privacy-by-design
- Privacy enhancing technologies
- Security and privacy in crowdsourcing
- Security and privacy in pervasive systems
- Security and privacy in the Internet of Things
- Security and privacy policies
- Surveillance and counter-surveillance
- Trust management
- Usable security
For more information, please see
http://ifipsec.org/2017/.
SPW-Workshop 2016
SPW 2017 Security and Privacy Workshops,
Held in conjunction with the 38th IEEE Symposium on Security and Privacy (SP 2017),
San Jose, CA, USA, May 25, 2017.
[posted here 08/22/16]
Since 1980, the IEEE Symposium on Security and Privacy (SP) has been the premier
forum for the presentation of developments in computer security and electronic
privacy, and for bringing together researchers and practitioners in the field.
To expand opportunities for scientific exchanges, the IEEE CS Technical
Committee on Security and Privacy created the Security and Privacy Workshops
(SPW). The typical purpose of such a workshop is to cover a specific aspect
of security and privacy in more detail, making it easy for the participants
to attend IEEE SP and a specialized workshop at SPW with just one trip.
Furthermore, the co-location offers synergies for the organizers. The
number of workshops and attendees has grown steadily during recent years.
Workshops can be annual events, one time events, or aperiodic. The
Security and Privacy Workshops in 2017 will be held on Thursday, May 25.
All workshops will occur on that day. Up to six workshops will be hosted
by SPW.
For more information, please see
http://www.ieee-security.org/TC/SP2017/cfworkshops.html.
MOST 2017
Mobile Security Technologies Workshop,
Co-located with the 38th IEEE Symposium on Security and Privacy (IEEE S&P 2017),
San Jose, CA, USA, May 25, 2017.
[posted here 12/5/16]
The ACM TURC 2017 (Security and Privacy Track) conference is a new leading international
forum for academia, government, and industry to present novel research results in all practical
and theoretical aspects of computer and communications security. Papers should be related to
the construction, evaluation, application, or operation of secure systems. All topic areas related
to computer and communications security are of interest and in scope. The ACM TURC 2017
(Security and Privacy Track) is technically supported by ACM SIGSAC in China
(Pending Approval). Topics of interest include but are not limited to the following:
- Access control
- Accounting and audit
- Applied cryptography
- Authentication
- Big data security and privacy
- Biometrics
- Blockchain and alternatives
- Cloud computing security
- Computer forensics
- Cyber-physical security
- Data and application security
- Embedded systems security
- Formal methods for security
- Hardware-based security and applications
- IoT security and privacy
- Key management
- Malware and botnets
- Mobile computing security
- Network security
- Operating system security
- Practical post-quantum security
- Privacy-enhancing technology
- Runtime attacks and defenses
- Secure computation
- Security architectures
- Security of critical infrastructures
- Security metrics
- Software security
- Trusted computing
- Usable security and privacy
- Web security
- Wireless security and privacy
For more information, please see
http://ieee-security.org/TC/SPW2017/MoST/.
BioSTAR 2017
International Workshop on Bio-inspired Security, Trust, Assurance and Resilience,
Co-located with the 38th IEEE Symposium on Security and Privacy (IEEE S&P 2017),
San Jose, CA, USA, May 25, 2017.
[posted here 10/24/16]
As computing and communication systems continue to expand and offer new services, these
advancements require more dynamic, diverse, and interconnected computing infrastructures.
Unfortunately, defending and maintaining resilient and trustworthy operation of these complex systems
are increasingly difficult challenges. Conventional approaches to Security, Trust, Assurance and
Resilience (STAR for short) are often too narrowly focused and cannot easily scale to manage large,
coordinated and persistent attacks in these environments. Designs found in nature are increasingly used
as a source of inspiration for STAR and related networking and intelligence solutions for complex computing
and communication environments. Nature's footprint is present in the world of Information Technology,
where there are an astounding number of computational bio-inspired techniques. These well-regarded
approaches include genetic algorithms, neural networks, ant algorithms, immune systems just to name
a few. For example several networking management and security technologies have successfully adopted
some of nature's approaches, such as swarm intelligence, artificial immune systems, sensor networks,
moving target defense, diversity-based software design, etc.
Nature has also developed an outstanding ability to recognize individuals or foreign objects and adapt/evolve
to protect a group or a single organism. Solutions that incorporate these nature-inspired characteristics often
have improved performance and/or provided new capabilities beyond more traditional methods.
The aim of this workshop is to bring together the research accomplishments provided by the researchers
from academia and the industry. The other goal is to show the latest research results in the field of
nature-inspired STAR aspects in computing and communications.
Topics of interests include, but are not limited to:
- Nature-inspired anomaly and intrusion detection
- Adaptation algorithms
- Biometrics
- Nature-inspired algorithms and technologies for STAR
- Biomimetics
- Artificial Immune Systems
- Adaptive and Evolvable Systems
- Machine Learning, neural networks, genetic algorithms for STAR
- Nature-inspired analytics and prediction
- Cognitive systems
- Sensor and actuator networks and systems
- Information hiding solutions (steganography, watermarking) for network traffic
- Cooperative defense systems
- Cloud-supported nature-inspired STAR
- Theoretical development in heuristics
- Management of decentralized networks
- Nature-inspired algorithms for dependable networks
- Platforms for STAR services
- Diversity in computing and communications
- Survivable and sustainable systems
- STAR management systems
- Autonomic cyber defenses
For more information, please see
http://biostar.cybersecurity.bio/.
WTMC 2017
2nd International Workshop on Traffic Measurements for Cybersecurity,
Co-located with the 38th IEEE Symposium on Security and Privacy (IEEE S&P 2017),
San Jose, CA, USA, May 25, 2017.
[posted here 10/24/16]
Current communication networks are increasingly becoming pervasive, complex,
and ever-evolving due to factors like enormous growth in the number of network users,
continuous appearance of network applications, increasing amount of data transferred,
and diversity of user behaviors. Understanding and measuring traffic in such networks is
a difficult yet vital task for network management but recently also for cybersecurity purposes.
Network traffic measuring and monitoring can, for example, enable the analysis of the spreading
of malicious software and its capabilities or can help to understand the nature of various
network threats including those that exploit users’ behavior and other user’s sensitive
information. On the other hand network traffic investigation can also help to assess the effectiveness
of the existing countermeasures or contribute to building new, better ones. Recently, traffic
measurements have been utilized in the area of economics of cybersecurity e.g. to assess ISP or to
estimate the revenue of cyber criminals. The aim of this workshop is to bring together the research
accomplishments provided by the researchers from academia and the industry. The other goal is to
show the latest research results in the field of cybersecurity and understand how traffic
measurements can influence it. We encourage prospective authors to submit related distinguished
research papers on the subject of both: theoretical approaches and practical case reviews. This
workshop presents some of the most relevant ongoing research in cybersecurity seen from the
traffic measurements perspective. The workshop will be accessible to both non-experts interested
in learning about this area and experts interesting in hearing about new research and approaches.
Topics of interest include, but are not limited to:
- Measurements for network incidents response, investigation and evidence handling
- Measurements for network anomalies detection
- Measurements for economics of cybersecurity
- Network traffic analysis to discover the nature and evolution of the cybersecurity threats
- Measurements for assessing the effectiveness of the threats detection/prevention methods
and countermeasures
- Novel passive, active and hybrid measurements techniques for cybersecurity purposes
- Traffic classification and topology discovery tools for monitoring the evolving status of the network
from the cybersecurity perspective
- Correlation of measurements across multiple layers, protocols or networks
for cybersecurity purposes
- Novel visualization approaches to detect network attacks and other threats
- Analysis of network traffic to provide new insights about network structure and behavior
from the security perspective
- Measurements of network protocol and applications behavior and its impact on
cybersecurity and users' privacy
- Measurements related to network security and privacy
For more information, please see
http://wtmc.info.
IWPE 2017
3rd International Workshop on Privacy Engineering,
Co-located with IEEE Symposium on Security and Privacy (SP 2017),
San Jose, CA, USA, May 25, 2017.
[posted here 11/7/16]
Ongoing news reports regarding global surveillance programs, massive personal data breaches in
corporate databases, and notorious examples of personal tragedies due to privacy violations have
intensified societal demands for privacy-friendly systems. In response, current legislative and standardization
processes worldwide aim to strengthen individual’s privacy by introducing legal, organizational and
technical frameworks that personal data collectors and processors must follow.
However, in practice, these initiatives alone are not enough to guarantee that organizations and
software developers will be able to identify and adopt appropriate privacy engineering techniques in
their daily practices. Even if so, it is difficult to systematically evaluate whether the systems they
develop using such techniques comply with legal frameworks, provide necessary technical assurances,
and fulfill users’ privacy requirements. It is evident that research is needed in developing techniques
and tools that can aid the translation of legal and normative concepts, as well as user expectations
into systems requirements. Furthermore, methods that can support organizations and engineers in
developing (socio-)technical systems that address these requirements is of increasing value to respond
to the existing societal challenges associated with privacy.
In this context, privacy engineering research is emerging as an important topic. Engineers are
increasingly expected to build and maintain privacy-preserving and data-protection compliant
systems in different ICT domains such as health, energy, transportation, social computing, law
enforcement, public services; based on different infrastructures such as cloud, grid, or mobile
computing and architectures. While there is a consensus on the benefits of an engineering approach
to privacy, concrete proposals for models, methods, techniques and tools that support engineers
and organizations in this endeavor are few and in need of immediate attention.
To cover this gap, the topics of the International Workshop on Privacy Engineering (IWPE'17) focus
on all the aspects surrounding privacy engineering, ranging from its theoretical foundations, engineering
approaches, and support infrastructures, to its practical application in projects of different scale.
Specifically, we are seeking the following kinds of papers: (1) technical papers that illustrate the
engineering or application of a novel formalism, method or other research finding (e.g., a privacy
enhancing protocol) with preliminary evaluation; (2) experience and practice papers that describe
a case study, challenge or lessons learned from in a specific domain; (3) early evaluations of tools
and other infrastructure that support engineering tasks in privacy requirements, design, implementation,
testing, etc.; (4) interdisciplinary studies or critical reviews of existing privacy engineering concepts,
methods, tools and frameworks; or (5) vision papers that take a clear position informed by evidence
based on a thorough literature review.
IWPE’17 welcomes papers that focus on novel solutions on the recent developments in the
general area of privacy engineering. Topics of interests include, but are not limited to:
- Integrating law and policy compliance into the development process
- Privacy impact assessment during software development
- Privacy risk management models
- Privacy breach recovery Methods
- Technical standards, heuristics and best practices for privacy engineering
- Privacy engineering in technical standards
- Privacy requirements elicitation and analysis methods
- User privacy and data protection requirements
- Management of privacy requirements with other system requirements
- Privacy requirements elicitation and analysis techniques
- Privacy engineering strategies and design patterns
- Privacy-preserving architectures
- Privacy engineering and databases, services, and the cloud
- Privacy engineering in networks
- Engineering techniques for fairness, transparency, and privacy in databases
- Privacy engineering in the context of interaction design and usability
- Privacy testing and evaluation methods
- Validation and verification of privacy requirements
- Privacy Engineering and design
- Engineering Privacy Enhancing Technologies (PETs)
- Integration of PETs into systems
- Models and approaches for the verification of privacy properties
- Tools and formal languages supporting privacy engineering
- Teaching and training privacy engineering
- Adaptations of privacy engineering into specific software development processes
- Pilots and real-world applications
- Evaluation of privacy engineering methods, technologies and tools
- Privacy engineering and accountability
- Privacy engineering and business processes
- Privacy engineering and manageability of data in (large) enterprises
- Organizational, legal, political and economic aspects of privacy engineering
For more information, please see
http://ieee-security.org/TC/SPW2017/IWPE/.
SP 2017
38th IEEE Symposium on Security and Privacy,
San Jose, CA, USA, May 22-24, 2017.
[posted here 9/5/16]
Since 1980 in Oakland, the IEEE Symposium on Security and Privacy
has been the premier forum for computer security research,
presenting the latest developments and bringing together researchers
and practitioners. We solicit previously unpublished papers offering
novel research contributions in any aspect of security or privacy.
Papers may present advances in the theory, design, implementation,
analysis, verification, or empirical evaluation and measurement
of secure systems.
Topics of interest include:
- Access control and authorization
- Accountability
- Anonymity
- Application security
- Attacks and defenses
- Authentication
- Censorship resistance
- Cloud security
- Distributed systems security
- Economics of security and privacy
- Embedded systems security
- Forensics
- Hardware security
- Intrusion detection and prevention
- Malware and unwanted software
- Mobile and Web security and privacy
- Language-based security
- Network and systems security
- Privacy technologies and mechanisms
- Protocol security
- Secure information flow
- Security and privacy for the Internet of Things
- Security and privacy metrics
- Security and privacy policies
- Security architectures
- Usable security and privacy
This topic list is not meant to be exhaustive; S&P is interested in all
aspects of computer security and privacy. Papers without a clear application
to security or privacy, however, will be considered out of scope
and may be rejected without full review.
Systematization of Knowledge Papers: As in past years, we solicit
systematization of knowledge (SoK) papers that evaluate, systematize,
and contextualize existing knowledge, as such papers can provide a
high value to our community. Suitable papers are those that provide an
important new viewpoint on an established, major research area, support
or challenge long-held beliefs in such an area with compelling evidence,
or present a convincing, comprehensive new taxonomy of such an area.
Survey papers without such insights are not appropriate. Submissions
will be distinguished by the prefix “SoK:” in the title and a checkbox
on the submission form. They will be reviewed by the full PC and held to
the same standards as traditional research papers, but they will be accepted
based on their treatment of existing work and value to the community, and not
based on any new research results they may contain. Accepted papers will be
presented at the symposium and included in the proceedings.
For more information, please see
http://www.ieee-security.org/TC/SP2017/.
WACC 2017
International Workshop on Assured Cloud Computing and QoS aware Big Data,
Held in conjunction with 17th IEEE/ACM International Symposium on Cluster, Cloud and Grid
Computing (CCGRID 2017),
Madrid, Spain, May 14-17, 2017.
[posted here 11/14/16]
WACC draws together researchers, practitioners, and thought leaders from
government, industry, and academia. The workshop provides a forum of dialogue
centered upon the development and advancement of an effort to design,
implement, and evaluate dependable cloud architectures that can provide
assurances with respect to security, reliability, and timeliness of
computations (or services). Some new “assured” target applications include, but
are not limited to, dependable Big Data applications and streaming, data
analytics and its tools, real-time computations for monitoring, control of
cyber-physical systems such as power systems, and mission critical computations
for rescue and recovery.
The technical emphasis of WACC is design, implementation, and evaluation of
cloud services, data analytics tools, and security solutions to enable
dependable Big Data applications. Research on cloud services, ICT-skilled data
scientists and application developers can find complementary solutions and
partnerships to evaluate and integrate additional solutions. Data scientists
can find new tools that could address existing needs.
For more information, please see
http://www.eubra-bigsea.eu/WACC_2017.
HOST 2017
IEEE International Symposium on Hardware Oriented Security and Trust,
McLean, VA, USA, May 1-5, 2017.
[posted here 8/15/16]
IEEE International Symposium on Hardware Oriented Security and Trust
(HOST) aims to facilitate the rapid growth of hardware-based security
research and development. HOST highlights new results in the area of
hardware and system security. Relevant research topics include techniques,
tools, design/test methods, architectures, circuits, and applications of
secure hardware. HOST 2017 invites original contributions related to, but
not limited by, the following topics:
- Hardware Trojan attacks and detection techniques
- Hardware techniques to facilitate software and/or system security
- Hardware-based security primitives (PUFs, RNGs)
- System-on-chip (SoC) security
- Side-channel attacks and protection
- Security, privacy, and trust protocols
- Metrics, policies, and standards related to hardware security
- Hardware IP trust (watermarking, metering, trust verification)
- Trusted manufacturing including split manufacturing and 3D ICs
- Security analysis and protection of Internet of Things (IoT)
- Secure and efficient implementation of crypto algorithms
- Reverse engineering and hardware obfuscation
- Supply chain risks mitigation (e.g., counterfeit detection & avoidance)
- Hardware tampering attacks and protection
- Applications of hardware security to secure system development
For more information, please see
http://www.hostsymposium.org.
SEMS 2017
IEEE Workshop on Security for Embedded and Mobile Systems,
Held in conjunction with IEEE Euro S&P 2017 and EUROCRYPT 2017,
Paris, France, April 30, 2017.
[posted here 12/5/16]
Embedded and mobile devices that provide security and crypto functionalities and manage private
and confidential data are omnipresent in our daily lives. Examples of such devices range from smart
cards and RFID tags, to mobile phones, tablets, and IoT devices.
Ensuring the security and privacy of these devices is a challenging problem, as witnessed by
recent breaking of crypto and security systems used in mobile phones, car keys, and
RFID-enabled cards. Typical threats to extract the keys include side-channel and fault analysis.
Additionally, the vulnerabilities of the devices imply also privacy concerns. The operating systems
supporting some of those devices, particularly mobile phones and tablets, but also IoT ones, have
become very complex. Various sorts of malware present a constant threat for users. Although
measures like application sandboxing take place, they also open the court for new attacks by
constantly collecting and organizing sensitive information about the user. We especially encourage
novel ideas exploiting architecture-specific or novel "out of the box" attacks combining ideas from
different communities, e.g., malware detection or privacy violation using side-channels.
The workshop seeks
submissions from academia and industry presenting novel research results on the following
topics of interest:
- Security architectures for embedded and mobile systems
- Physical (side-channel and fault) attacks on embedded and mobile systems
- Hardware security of mobile devices
- (mobile) Malware detection and prevention
- Machine learning applications to highlight possible threats to user privacy
- Privacy-preserving issues for mobile devices
- Secure localization and location privacy for mobile devices
- Security and privacy in the Internet of Things
- Secure execution environments (e.g., TrustZone, TPMs) on mobile devices
- Sensor spoofing attacks
For more information, please see
http://sems2017.cs.ru.nl/index.shtml.
S&B 2017
IEEE Security and Privacy on the Blockchain,
Held in conjunction with the IEEE EuroS&P and EuroCrypt 2017 Conferences,
Paris, France, April 29, 2017.
[posted here 11/28/16]
The Security and Privacy on the Blockchain Workshop is the first IEEE forum for research on
the security and privacy properties of blockchains as a solution for transactional systems,
co-located with EuroCrypt and EuroS&P. We solicit previously unpublished papers offering
novel contributions in both Bitcoin and wider blockchain research. Papers may present advances
in the theory, design, implementation, analysis, verification, or empirical evaluation and
measurement of existing systems. Papers that shed new light on past or informally known
results by means of sound formal theory or thorough empirical analysis are welcome.
Topics of Interest include:
- Novel attacks on blockchain technologies
- Improvements to core blockchain cryptographic primitives
- Compact ring signatures
- Compact range proofs
- Privacy-Preserving Signature Aggregation
- (De) anonymization of blockchain records
- Improvements of SNARKs for blockchain technologies
- Formal verification of smart contracts
- The security of SPV models
- Game theoretic analysis of proof-of-work
- Relevant Systematization of Knowledge papers
- Security and privacy trade-offs related to scalability and decentralization
For more information, please see
http://prosecco.gforge.inria.fr/ieee-blockchain2016.
IEEE EuroSP 2017
2nd IEEE European Symposium on Security and Privacy,
Paris, France, April 26-28, 2017.
[posted here 7/4/16]
The IEEE European Symposium on Security and Privacy (EuroS&P) is the European
sister conference of the established IEEE S&P symposium. It is a premier forum for
computer security research, presenting the latest developments and bringing together
researchers and practitioners. We solicit previously unpublished papers offering novel
research contributions in any aspect of security or privacy. Papers may present advances
in the theory, design, implementation, analysis, verification, or empirical evaluation and
measurement of secure systems. Papers that shed new light on past results by means
of sound of theory or thorough experimentation are also welcome.
Topics of interest include:
- Access control
- Accountability
- Anonymity
- Application security
- Cryptography with applied relevance to security and privacy
- Attacks and defenses
- Authentication
- Censorship and censorship-resistance
- Cloud security
- Distributed systems security
- Embedded systems security
- Forensics
- Formal methods for security
- Hardware security
- Human aspects of security and privacy
- Intrusion detection
- Malware
- Metrics
- Mobile security and privacy
- Language-based security
- Network security
- Privacy-preserving systems
- Protocol security
- Secure information flow
- Security and privacy policies
- Security architectures
- System security
- Web security and privacy
For more information, please see
http://www.ieee-security.org/TC/EuroSP2017/cfp.php.
WICSPIT 2017
Workshop on Innovative CyberSecurity and Privacy for Internet of Things:
Strategies, Technologies, and Implementations,
Held in conjunction with the International Conference on Internet of Things,
Big Data and Security (IoTBDS 2017),
Porto, Portugal, April 24 - 26, 2017.
[posted here 1/23/17]
Cyber-attackers are steadily getting more creative and ambitious in their
exploits and causing real-world damage (e.g., the German steel mill hack in
2014, the Ukrainian Power Grid hack in 2015). Proprietary and personally
identifiable information are vulnerable to leakage as well (e.g., the Sony
hack in 2014, the US Office of Personnel Management in 2014). The Internet
of Things (IoT), a platform which allows everything to process information,
communicate data, and analyze context opens up new vulnerabilities for both
security and privacy. Smart buildings and smart cities, for example, will
collect and process data for millions of individuals. Industrial systems,
which were never intended to be linked via common protocols, are recognized
as suddenly being open to security threats that can limit service availability
and possibly cause considerable damage. Autonomous systems allowed to operate
with minimal oversight are ripe targets for cyber-attacks. Data stored and
processed in confidence in the cloud may be subject to exfiltration, leading
to public embarrassment or the exposure of proprietary information.
As cyber-events increase in number and severity, security engineers must incorporate
innovative cybersecurity strategies and technologies to safeguard their systems and
confidential information. A strategy to address a cybersecurity vulnerability, once
identified, must understand the nature of the vulnerability and how to mitigate it.
The “security tax” or “privacy tax” (system and service degradation) caused by the
implementation of the mitigating security technologies may be so great that the end
user bypasses the technologies and processes meant to ensure the system’s security
and privacy. A practical reality of the adoption of IoT is that it will require
integration of new technologies with existing systems and infrastructure, which
will continue to expose new security and privacy vulnerabilities; re-engineering
may be required. The human element of IoT, the user, must be considered, and how
the user and the IoT system interact to optimize system security and user privacy
must be defined. Cyber-attackers and cyber victims are often in different countries,
the transnational nature of many cyber-events necessitate the consideration of
public policy and legal concerns as well.
This workshop aims to showcase new and emerging strategies and technologies for
forecasting, mitigating, countering, and attributing cyber-events that threaten
security and privacy within the realm of IoT. The institutional benefits of IoT
adoption are clear, however security and privacy concerns are constantly coming to
light. As organizations—both public and private, large and small—adopt new IoT
technologies, we hope that this workshop can serve as an opening conversation
between government, industry, and academia for the purpose of addressing those
concerns.
For more information, please see
http://iotbds.org/WICSPIT.aspx.
HotSpot 2017
5th Workshop on Hot Issues in Security Principles and Trust,
Affiliated with ETAPS 2017,
Uppsala, Sweden, April 23, 2017.
[posted here 12/5/16]
This workshop is intended to be a less formal counterpart to the Principles of Security
and Trust (POST) conference at ETAPS with an emphasis on “hot topics”, both of security
and of its theoretical foundations and analysis.
Submissions about new and emerging topics (for example, those that have not appeared
prominently in conferences and workshops until now) are particularly encouraged.
Submissions of preliminary, tentative work are also encouraged.
This workshop is organized by IFIP WG 1.7: Theoretical Foundations of Security
Analysis and Design.
For more information, please see
https://infsec.uni-trier.de/events/hotspot2017.
WAHC 2017
5th Workshop on Encrypted Computing and Applied Homomorphic Cryptography,
Held in conjunction with Financial Cryptography & Data Security (FC 2017,
Sliema, Malta, April 7, 2017.
[posted here 12/5/16]
Secure computation is becoming a key feature of future information systems.
Distributed network applications and cloud architectures are at danger because
lots of personal consumer data is aggregated in all kinds of formats and for
various purposes. Industry and consumer electronics companies are facing massive
threats like theft of intellectual property and industrial espionage. Public
infrastructure has to be secured against sabotage and manipulation. A
possible solution is encrypted computing: Data can be processed on remote,
possibly insecure resources, while program code and data is encrypted all
the time. This allows to outsource the computation of confidential information
independently from the trustworthiness or the security level of the remote
system. The technologies and techniques discussed in this workshop are a key
to extend the range of applications that can be securely outsourced.
The goal of the workshop is to bring together researchers with practitioners
and industry to present, discuss and to share the latest progress in the field.
We want to exchange ideas that address real-world problems with practical
approaches and solutions.
For more information, please see
https://www.dcsec.uni-hannover.de/wahc17.html.
WoC 2017
3rd IEEE International Workshop on Container Technologies and Container Clouds,
Held in conjunction with IEEE International Conference on Cloud Engineering (IC2E 2017),
Vancouver, Canada, April 4-7, 2017.
[posted here 10/31/16]
Containers are a lightweight OS-level virtualization abstraction primarily based on namespace
isolation and control groups. In the recent years, container-based virtualization for applications
has gained immense popularity thanks to the success of technologies like Docker. Container packaging
mechanisms like Docker, LXD and Rkt, as well as management frameworks like Kubernetes, Mesos, etc.,
are witnessing widespread adoption in the industry today. Container technologies have eliminated the
feature parity between development and production environment by enabling developers to package
applications and their dependencies as a single unit that can be run across diverse operating environments.
Though containers provide a great amount of flexibility and portability from a developer's perspective,
there are several important challenges that need to be addressed by the infrastructure provider,
in order to run these virtualized applications in a cloud environment. The second workshop on
container technologies and container clouds solicits contributions in this area from researchers
and practitioners in both the academia and industry. The workshop welcomes submissions
describing unpublished research, position papers as well as deployment experiences on various
topics related to containers as outlined below:
- Security, isolation and performance of containers
- Network architectures for multi-host container deployments
- Orchestration models for cloud scale deployments
- High availability systems for containerized workloads
- Leveraging hardware support for containers and containerized workloads
- Migrating and optimizing traditional workloads for containers
- Operational issues surrounding management of large clusters of containers
- Container use cases and challenges for HPC, Big Data and IoT applications
- Other topics relevant to containers
For more information, please see
http://researcher.watson.ibm.com/researcher/view_group.php?id=7476.
WWW 2017
WWW Security and Privacy Track,
Perth, Australia, April 3-7, 2017.
[posted here 9/5/16]
The Security and Privacy track at the International World Wide Web
Conference offers researchers working on security, privacy, trust,
and abuse of trust to present their work to the broad community
of researchers, with myriad backgrounds and interests, who will
be attending the 2017 World Wide Web Conference.
Relevant topics include:
- Human and usability factors in Web security & privacy
- Measurement of online crime/underground economics
- Tracking, profiling, and countermeasures against them
- Measurement, analysis, and circumvention of Web censorship
- Browser security
- Authentication and authorization for Web-based services
- Social network security and privacy
- Security and privacy of web protocols
- Abusive content such as online harassments, spam, and fake reviews
- Privacy-enhancing technologies for the Web
- Legal, ethical, policy issues of Web security and privacy
- Security for Web services (e.g., blogs, Web feed, wikis, social networks)
- Applications of cryptography to the web
- Security in Web-based electronic commerce (e-cash, auctions, etc.)
- Security and privacy for intelligent assistants
For more information, please see
http://www.www2017.com.au/call-for-papers/security-and-privacy.php.
ASIACCS 2017
ACM Symposium on Information, Computer and Communications Security,
Abu Dhabi, United Arab Emirates, April 2-6, 2017.
[posted here 8/22/16]
Building on the success of ACM Conference on Computer and Communications
Security (CCS), the ACM Special Interest Group on Security, Audit, and
Control (SIGSAC) formally established the annual ACM Asia Conference on
Computer and Communications Security (ASIACCS). Topics of interest
include but are not limited to:
- Access control
- Accounting and audit
- Applied cryptography
- Authentication
- Big data security and privacy
- Biometrics
- Blockchain and alternatives
- Cloud computing security
- Computer forensics
- Cyber-physical security
- Data and application security
- Embedded systems security
- Formal methods for security
- Hardware-based security & applications
- IoT security & privacy
- Key management
- Malware and botnets
- Mobile computing security
- Network security
- Operating system security
- Practical post-quantum security
- Privacy-enhancing technology
- Runtime attacks and defenses
- Secure computation
- Security architectures
- Security of critical infrastructures
- Security metrics
- Software security
- Threat modeling
- Trusted computing
- Usable security and privacy
- Web security
- Wireless security and privacy
For more information, please see
http://asiaccs2017.com/.
SCC 2017
5th International Workshop on Security in Cloud Computing,
Held in conjunction with the 12th ACM Symposium on Information, Computer
and Communications Security (ASIACCS 2017),
Abu Dhabi, UAE, April 2, 2017.
[posted here 12/5/16]
Cloud computing has emerged as today's most exciting computing paradigm
shift in information technology. With the efficient sharing of abundant
computing resources in the cloud, users can economically enjoy the on-demand
high quality cloud applications and services without committing large capital
outlays locally. While the cloud benefits are compelling, its unique attributes
also raise many security and privacy challenges in areas such as data security,
recovery, privacy, access control, trusted computing, as well as legal issues
in areas such as regulatory compliance, auditing, and many others. To implement
secure and privacy-aware environments which can provide on-demand computing and
high-quality service for cloud users is extremely urgent. This workshop is
intended to bring together researchers, developers, and practitioners in security,
privacy and mobile computing communities. We encourage submissions on all
theoretical and practical aspects, as well as experimental studies of deployed
systems. Topics of interests include (but are not limited to) the following
subject categories:
- Secure cloud architecture
- Cloud Cryptography
- Cloud access control and key management
- Identification and privacy in cloud
- Integrity assurance for data outsourcing
- Integrity and verifiable computation
- Computation over encrypted data
- Software and data segregation security
- Secure management of virtualized resources
- Trusted computing technology
- Joint security and privacy aware protocol design
- Failure detection and prediction
- Secure data management within and across data centers
- Availability, recovery and auditing
- Secure computation outsourcing
- Secure mobile cloud
For more information, please see
https://conference.cs.cityu.edu.hk/asiaccsscc/.
IoTPTS 2017
3rd International Workshop on IoT Privacy, Trust, and Security,
Held in conjunction with the 12th ACM Symposium on Information, Computer
and Communications Security (ASIACCS 2017),
Abu Dhabi, UAE, April 2, 2017.
[posted here 11/21/16]
The Internet of Things (IoT) is the next great technology frontier.
At a basic level, IoT refers simply to networked devices, but the IoT
vision is a complex ecosystem that ranges from cloud backend services
and big-data analytics to home, public, industrial, and wearable sensor
devices and appliances. Architectures for these systems are in the formative
stages, and now is the time to ensure privacy, trust, and security are
designed into these systems from the beginning.
We encourage submissions on all aspects of IoT privacy, trust, and
security. Topics of interest include (but are not limited) to the following areas:
- Privacy and IoT data
- Privacy attacks for IoT
- Trust management and device discoverability for IoT
- Usability of privacy and security systems in IoT
- User risk perceptions and modeling for IoT
- Policy Management and enforcement for IoT
- Authentication and access control for users for IoT
- Cryptography for IoT
- Attack detection and remediation for IoT
- Security architectures for IoT systems and applications
For more information, please see
https://sites.google.com/site/iotpts2017/.
CPSS 2017
3rd ACM Cyber-Physical System Security Workshop,
Abu Dhabi, UAE, April 2, 2017.
[posted here 10/10/16]
Cyber-Physical Systems (CPS) consist of large?scale interconnected systems of heterogeneous
components interacting with their physical environments. There are a multitude of CPS devices
and applications being deployed to serve critical functions in our lives. The security of CPS becomes
extremely important. This workshop will provide a platform for professionals from academia, government,
and industry to discuss how to address the increasing security challenges facing CPS. Besides invited
talks, we also seek novel submissions describing theoretical and practical security solutions to CPS.
Papers that are pertinent to the security of embedded systems, SCADA, smart grid, and critical
infrastructure networks are all welcome, especially in the domains of energy and transportation.
Topics of interest include, but are not limited to:
- Authentication and access control for CPS
- Autonomous vehicle security
- Availability, recovery and auditing for CPS
- Data security and privacy for CPS
- Embedded systems security
- EV charging system security
- Industrial control system security
- Intrusion detection for CPS
- IoT security
- Key management in CPS
- Legacy CPS system protection
- Lightweight crypto and security
- Risk assessment for CPS
- SCADA security
- Security architectures for CPS
- Smart grid security
- Threat modeling for CPS
- Urban transportation system security
- Vulnerability analysis for CPS
- Wireless sensor network security
For more information, please see
http://icsd.i2r.a-star.edu.sg/cpss17/.
INTRICATE-SEC 2017
5th International Workshop on Security Intricacies in Cyber-Physical Systems and Services,
Taipei, Taiwan, March 27-29, 2017.
[posted here 5/16/16]
Cyber-physical systems (CPS) are ubiquitous in critical infrastructures such as electrical
power generation, transmission, and distribution networks, water management, and
transportation, but also in both industrial and home automation. For flexibility, convenience,
and efficiency, CPS are increasingly supported by commodity hardware and software
components that are deliberately interconnected using open standard general purpose
information and communication technology (ICT). The long life-cycles of CPS and
increasingly incremental changes to these systems require novel approaches to the
composition and inter-operability of services provided. The paradigm of service-oriented
architectures (SoA) has successfully been used in similar long-lived and heterogeneous
software systems. However, adapting the SoA paradigm to the CPS domain requires
maintaining the security, reliability and privacy properties not only of the individual
components but also, for complex interactions and service orchestrations that may
not even exist during the initial design and deployment of an architecture. An
important consideration therefore is the design and analysis of security mechanisms
and architectures able to handle cross domain inter-operability over multiple domains
involving components with highly heterogeneous capabilities. The INTRICATE-SEC
workshop aims to provide a platform for academics, industry, and government
professionals to communicate and exchange ideas on provisioning secure CPS
and Services.
For more information, please see
https://goo.gl/562zhD.
IWSPA 2017
3rd ACM International Workshop on Security and Privacy Analytics,
Co-located with ACM CODASPY 2017,
Scottsdale, Arizona, USA, March 24, 2017.
[posted here 10/17/16]
Increasingly, sophisticated techniques from machine learning, data mining, statistics and natural
language processing are being applied to challenges in security and privacy fields. However,
experts from these areas have no medium where they can meet and exchange ideas so that
strong collaborations can emerge, and cross-fertilization of these areas can occur. Moreover,
current courses and curricula in security do not sufficiently emphasize background in these areas
and students in security and privacy are not emerging with deep knowledge of these topics. Hence,
we propose a workshop that will address the research and development efforts in which analytical
techniques from machine learning, data mining, natural language processing and statistics are applied
to solve security and privacy challenges (“security analytics”). Submissions of papers related to
methodology, design, techniques and new directions for security and privacy that make significant
use of machine learning, data mining, statistics or natural language processing are welcome. Furthermore,
submissions on educational topics and systems in the field of security analytics are also highly
encouraged.
For more information, please see
http://capex.cs.uh.edu/?q=content/international-workshop-security-and-privacy-analytics-2017.
CODASPY 2017
7th ACM Conference on Data and Application Security and Privacy
Scottsdale, Arizona, USA, March 22-24 2017.
[posted here 9/5/16]
Data and applications security and privacy has rapidly expanded as a
research field with many important challenges to be addressed.
The goal ofthe ACM Conference on Data and Applications Security (CODASPY) is to
discuss novel, exciting research topics in data and application security
and privacy, and to lay out directions for further research and development
in this area. The conference seeks submissions from diverse communities,
including corporate and academic researchers, open-source projects,
standardization bodies, governments, system and security administrators,
software engineers and application domain experts. Topics of interest
include, but are not limited to:
- Application-layer security policies
- Access control for applications
- Access control for databases
- Data-dissemination controls
- Data forensics
- Enforcement-layer security policies
- Privacy-preserving techniques
- Private information retrieval
- Search on protected/encrypted data
- Secure auditing
- Secure collaboration
- Secure data provenance
- Secure electronic commerce
- Secure information sharing
- Secure knowledge management
- Secure multiparty computation
- Secure software development
- Securing data/apps on untrusted platforms
- Securing the semantic web
- Security and privacy in GIS/spatial data
- Security and privacy in healthcare
- Security and privacy in the Internet of Things
- Security policies for databases
- Social computing security and privacy
- Social networking security and privacy
- Trust metrics for applications, data, and users
- Usable security and privacy
- Web application security
For more information, please see
http://www.codaspy.org/.
DFRWS-EU 2017
DFRWS digital forensics EU conference,
Lake Constance, Germany, March 21-23, 2017.
[posted here 7/25/16]
This year two premier research conferences in Europe, the DFRWS digital
forensics conference (DFRWS EU 2017) and the International Conference on
IT Security Incident Management & IT Forensics (IMF 2017) are brought together.
Established in 2001, DFRWS has become the premier digital forensics conference,
dedicated to solving real world challenges, and pushing the envelope of what
is currently possible in digital forensics.
Since 2003, IMF has established itself as one of the premier venues for
presenting research on IT security incident response and management and IT
forensics. While the first IMF conference was organized to establish a
research forum for German speaking researchers and practitioners from the
field, it soon became an International conference attracting many experts
across Europe. IMF 2017, being the 10th Conference, is also an important mile
stone in bringing the two worlds of IT security incident response and management
and forensics together.
Both DFRWS and IMF organise informal collaborative environments each year
that bring together leading researchers, practitioners, industry, tool
developers, academics, law enforcement, and other government bodies from
around the globe to tackle current and emerging challenges in their fields.
The co-hosting of the two events will help generate new discussions and ideas
by bringing together two strong research communities: DFRWS’s community
encompassing a broad range of topics in digital forensics, and IMF’s community
focusing on IT security incident response and management.
For more information, please see
http://www.dfrws.org/conferences/dfrws-eu-2017.
NDSS 2017
Network and Distributed System Security Symposium,
San Diego, California, USA, February 26 - March 1, 2017.
[posted here 6/13/16]
The Network and Distributed System Security Symposium fosters information
exchange among researchers and practitioners of network and distributed system security.
The target audience includes those interested in practical aspects of network and
distributed system security, with a focus on actual system design and implementation.
A major goal is to encourage and enable the Internet community to apply, deploy, and
advance the state of available security technologies.
Technical papers and panel proposals are solicited. All submissions will be reviewed by the
Program Committee and accepted submissions will be published by the Internet Society in
the Proceedings of NDSS 2017. The Proceedings will be made freely accessible from the
Internet Society webpages. Furthermore, permission to freely reproduce all or parts of
papers for noncommercial purposes is granted provided that copies bear the Internet Society
notice included in the first page of the paper. The authors are therefore free to post the
camera-ready versions of their papers on their personal pages and within their institutional
repositories. Reproduction for commercial purposes is strictly prohibited and requires prior
consent. Submissions are solicited in, but not limited to, the following areas:
- Anti-malware techniques: detection, analysis, and prevention
- Combating cyber-crime: anti-phishing, anti-spam, anti-fraud techniques
- Security for future Internet architectures and designs (e.g., Software-Defined Networking)
- High-availability wired and wireless networks
- Implementation, deployment and management of network security policies
- Integrating security in Internet protocols: routing, naming, network management
- Intellectual property protection: protocols, implementations, metering,
watermarking, digital rights management
- Intrusion prevention, detection, and response
- Privacy and anonymity technologies
- Security and privacy for distributed cryptocurrencies
- Security and privacy in social networks
- Public key infrastructures, key management, certification, and revocation
- Special problems and case studies: e.g., tradeoffs between security and efficiency,
usability, reliability and cost
- Security for collaborative applications: teleconferencing and video-conferencing
- Security for cloud computing
- Security for emerging technologies: sensor/wireless/mobile/personal networks and systems
- Security for future home networks, Internet of Things, body-area networks
- Security for large-scale systems and critical infrastructures (e.g., electronic voting, smart grid)
- Security for peer-to-peer and overlay network systems
- Security for Vehicular Ad-hoc Networks (VANETs)
- Security of Web-based applications and services
- Trustworthy Computing mechanisms to secure network protocols and distributed systems
- Usable security and privacy
For more information, please see
https://www.internetsociety.org/events/ndss-symposium/ndss-symposium-2017/ndss-2017-call-papers.
USEC 2017
Usable Security Mini Conference,
Co-located with NDSS 2017,
San Diego, California, USA, February 26, 2017.
[posted here 10/31/16]
One cannot have security and privacy without considering both the technical and human aspects
thereof. If the user is not given due consideration in the development process, the system is likely to
enable users to protect their privacy and security in the Internet.
Usable security and security is more complicated than traditional usability. This is because
traditional usability principles cannot always be applied. For example, one of the cornerstones of
usability is that people are given feedback on their actions, and are helped to recover from errors.
In authentication, we obfuscate password entry (a usability fail) and we give people no assistance
to recover from errors. Moreover, security is often not related to the actual functionality of the
system, so people often see it as a bolt-on, and an annoying hurdle. These and other usability
challenges of security are the focus of this workshop.
We invite submissions on all aspects of human factors including mental models, adoption, and
usability in the context of security and privacy. USEC 2017 aims to bring together researchers
already engaged in this interdisciplinary effort with other computer science researchers in areas
such as visualization, artificial intelligence, machine learning and theoretical computer science
as well as researchers from other domains such as economics, legal scientists, social scientists,
and psychology. We particularly encourage collaborative research from authors in multiple
disciplines. It is the aim of USEC to contribute to an increase of the scientific quality of research in
human factors in security and privacy. To this end, we encourage the use of replication studies to
validate research findings. This important and often very insightful branch of research is sorely under-represented
in human factors in security and privacy research to date. Papers in these categories should be clearly
marked as such and will not be judged against regular submissions on novelty. Rather, they will be judged
based on scientific quality and value to the community. We also encourage reports of failed experiments,
since their publication will serve to prevent others falling into the same traps.
Topics include, but are not limited to:
- Human factors related to the deployment of the Internet of Things (New topic for 2017)
- Usable security / privacy evaluation of existing and/or proposed solutions
- Mental models that contribute to, or complicate, security or privacy
- Lessons learned from designing, deploying, managing or evaluating security and privacy technologies
- Foundations of usable security and privacy incl. usable security and privacy patterns
- Ethical, psychological, sociological, economic, and legal aspects of security and privacy technologies
For more information, please see
http://www.dcs.gla.ac.uk/~karen/usec/.
SG-CRC 2017
2nd Singapore Cyber Security R&D Conference,
Singapore, February 21-22, 2017.
[posted here 9/5/16]
This conference will bring together academics and practitioners from across
the world to participate in a vibrant programme consisting of research papers,
industrial best practices, and tools exhibition. This conference focus on
techniques and methodologies oriented to construct resilient systems against
cyber-attacks that will helps to construct safe execution environments,
improving security of both hardware and software by means of using mathematical
tools and engineering approaches for designing, verifying, and monitoring cyber
physical systems.
Authors are invited to submit original work on the topics that fall in the
general area of cyber security. Submissions may focus on theoretical
results, experiments, or a mix of both.
For more information, please see
http://www.comp.nus.edu.sg/~tsunami/sg-crc17/.
IFIP 119 DF 2017
13th Annual IFIP WG 11.9 International Conference on Digital Forensics,
Orlando, Florida, USA, January 30-February 1, 2017.
[posted here 7/4/16]
The IFIP Working Group 11.9 on Digital Forensics (www.ifip119.org) is an active international
community of scientists, engineers and practitioners dedicated to advancing the state of
the art of research and practice in digital forensics. The Thirteenth Annual IFIP WG 11.9
International Conference on Digital Forensics will provide a forum for presenting original,
unpublished research results and innovative ideas related to the extraction, analysis and
preservation of all forms of electronic evidence. Papers and panel proposals are solicited.
All submissions will be refereed by a program committee comprising members of the Working
Group. Papers and panel submissions will be selected based on their technical merit and
relevance to IFIP WG 11.9. The conference will be limited to approximately sixty
participants to facilitate interactions between researchers and intense discussions of
critical research issues. Keynote presentations, revised papers and details of panel
discussions will be published as an edited volume - the eleventh volume in the well-known
Research Advances in Digital Forensics book series (Springer, Heidelberg, Germany)
during the summer of 2017.
Technical papers are solicited in all areas related to the theory and practice of digital
forensics. Areas of special interest include, but are not limited to:
- Theories, techniques and tools for extracting, analyzing and preserving digital evidence
- Network and cloud forensics
- Embedded device forensics
- Digital forensic processes and workflow models
- Digital forensic case studies
- Legal, ethical and policy issues related to digital forensics
For more information, please see
http://www.ifip119.org/.
