Cipher
Calls for Papers



IEEE Computer Society's Technical Committee on Security and Privacy


 

Past Conferences and Journal Special Issues

Last Modified:09/18/17

Note: Please contact cipher-cfp@ieee-security.org by email if you have any questions..

Contents

 

Past Conferences and Other Announcements - 2017

ICSS 2017 Industrial Control System Security Workshop, Held in conjunction with the 33rd Annual Computer Security Applications Conference (ACSAC), San Juan, Puerto Rico, December 5, 2017. [posted here 09/12/17]
Supervisory control and data acquisition (SCADA) and industrial control systems monitor and control a wide range of industrial and infrastructure processes such as water treatment, power generation and transmission, oil and gas refining and steel manufacturing. Such systems are usually built using a variety of commodity computer and networking components and are becoming increasingly interconnected with corporate and other Internet-visible networks. As a result, they face significant threats from internal and external actors. For example, in 2010 the Stuxnet malware was specifically written to attack SCADA systems and caused millions of dollars in damages. The critical requirement for high availability in SCADA and industrial control systems, along with the use of resource constrained computing devices, legacy operating systems, and proprietary software applications limit the applicability of traditional information security solutions. The goal of this workshop is to explore new security techniques that are applicable in the control systems context. Papers of interest including (but not limited to) the following subject categories are solicited:
- Intrusion detection and prevention
- Malware
- Vulnerability analysis and risk management
- Digital forensics
- Virtualization
- Application Security
- Performance evaluation of security methods and tools in control systems
- Cybersecurity Education

For more information, please see https://www.acsac.org/2017/workshops/icss/.

ACSAC 2017 33rd Annual Computer Security Applications Conference, San Juan, Puerto Rico, December 4-8, 2017. [posted here 01/23/17]
The Annual Computer Security Applications Conference (ACSAC) is an internationally recognized forum where practitioners, researchers, and developers in information and system security meet to learn and to exchange practical ideas and experiences. If you are developing, researching, or implementing practical security solutions, consider sharing your experience and expertise at ACSAC. We are especially interested in submissions that address the application of security technology, the implementation of systems, and lessons learned. Some example topics are:
- Access Control
- Anonymity
- Applied Cryptography
- Assurance
- Audit
- Biometrics
- Security case studies
- Cloud Security
- Cyber-Physical Systems
- Denial of Service Protection
- Distributed Systems Security
- Embedded Systems Security
- Enterprise Security Management
- Evaluation and Compliance
- Digital Forensics
- Identity Management
- Incident Response
- Insider Threat Protection
- Integrity
- Intrusion Detection
- Intellectual Property
- Malware
- Mobile/Wireless Security
- Multimedia Security
- Network Security
- OS Security
- P2P Security
- Privacy & Data Protection
- Privilege Management
- Resilience
- Security and Privacy of the Internet of Things
- Security Engineering
- Software Security
- Supply Chain Security
- Trust Management
- Trustworthy Computing
- Usability and Human-centric Aspects of Security
- Virtualization Security
- Web Security

For more information, please see http://www.acsac.org.

CECC 2017 Central European Cybersecurity Conference, Ljubljana, Slovenia, November 16-17, 2017. [posted here 05/29/17]
The Central European Cybersecurity Conference – CECC 2017 aims at establishing a venue for the exchange of information on cybersecurity and its many aspects in central Europe. CECC 2017 encourages the dialogue between researchers of technical and social aspects of cybersecurity, both crucial in attaining adequate levels of cybersecurity. Complementary contributions dealing with its economic aspects as well as any legal, investigation or other issues related to cybersecurity are welcome, too. All accepted and presented research papers will be available in Open Access conference proceedings published by the University of Maribor Press and submitted for indexing by DBLP, Elsevier SCOPUS and Thomson Reuters Web of Science™ Core Collection.

For more information, please see https://www.fvv.um.si/cecc2017/.

NordSec 2017 22nd Nordic Conference on Secure IT Systems, Tartu, Estonia, November 8-10, 2017. [posted here 06/19/17]
NordSec addresses a broad range of topics within IT security with the aim of bringing together computer security researchers and encouraging interaction between academia and industry. We invite participants to present their ideas in poster sessions during lunches and coffee breaks. NordSec 2017 welcomes contributions within, but not limited to, the following areas:
- Access control and security models
- Applied cryptography
- Blockchains
- Cloud security
- Commercial security policies and enforcement
- Cryptanalysis
- Cryptographic protocols
- Cyber crime, warfare, and forensics
- Economic, legal, and social aspects of security
- Enterprise security
- Hardware and smart card security
- Mobile and embedded security
- Internet of Things and M2M security
- Internet, communication, and network security
- Intrusion detection
- Language-based techniques for security
- New ideas and paradigms in security
- Operating system security
- Privacy and anonymity
- Public-key cryptography
- Security and machine learning
- Security education and training
- Security evaluation and measurement
- Security management and audit
- Security protocols
- Security usability
- Social engineering and phishing
- Software security and malware
- Symmetric cryptography
- Trust and identity management
- Trusted computing
- Vulnerability testing
- Web application security

For more information, please see http://nordsec2017.cs.ut.ee.

SSS 2017 19th Annual International Symposium on Stabilization, Safety, and Security of Distributed Systems, Boston, Massachusetts, USA, November 5-8, 2017. [posted here 05/01/17]
SSS is an international forum for researchers and practitioners in the design and development of distributed systems with a focus on systems that are able to provide guarantees on their structure, performance, and/or security in the face of an adverse operational environment. Research in distributed systems is now at a crucial point in its evolution, marked by the importance and variety of dynamic distributed systems such as peer-to-peer networks, large-scale sensor networks, mobile ad-hoc networks, and cloud computing. Moreover, new applications such as grid and web services, distributed command and control, and a vast array of decentralized computations in a variety of disciplines has driven the need to ensure that distributed computations are self-stabilizing, performant, safe and secure. The symposium takes a broad view of the self-managed distributed systems area and encourages the submission of original contributions spanning fundamental research and practical applications within its scope, covered by the three symposium tracks: (i) Stabilizing Systems: Theory and Practice, (ii) Distributed Computing and Communication Networks, as well as (iii) Computer Security and Information Privacy.

For more information, please see http://bitly.com/SSS-2017.

MIST 2017 9th ACM CCS International Workshop on Managing Insider Security Threats, Dallas, USA, October 30 - November 3, 2017. [posted here 05/15/17]
During the past two decades, information security technology developments have been mainly concerned with intrusion detection to prevent unauthorized attacks from outside the network. This includes hacking, virus propagation, spyware and more. However, according to a recent Gartner Research Report, information leaks have drastically increased from insiders who are legally authorized to access corporate information. The unauthorized leak of critical or proprietary information can cause significant damage to corporate image and reputation, perhaps even weakening its competitiveness in the marketplace. On a larger scale, government and public sectors may suffer competitive loss to other nations due to an internal intelligence breach. While the leaking of critical information by insiders has a lower public profile than that of viruses and hacker attacks, the financial impact and loss can be just as devastating. The objective of this workshop is to showcase the most recent challenges and advances in security and cryptography technologies and management systems for preventing information breaches by insiders. The workshop promotes state-of-the-art research, surveys and case analyses of practical significance. Physical, managerial, and technical countermeasures will be covered in the context of an integrated security management system that protects critical cyber-infrastructure against unauthorized internal attack. We expect that this workshop will be a trigger for further research and technology improvements related to this important subject.

For more information, please see http://isyou.info/conf/mist17.

WPES 2017 Workshop on Privacy in the Electronic Society, Dallas, Texas, USA, October 30, 2017. [posted here 05/22/17]
The need for privacy-aware policies, regulations, and techniques has been widely recognized. This workshop discusses the problems of privacy in the global interconnected societies and possible solutions. The 2017 Workshop, held in conjunction with the ACM CCS conference, is the sixteenth in a yearly forum for papers on all the different aspects of privacy in today's electronic society. The workshop seeks submissions from academia and industry presenting novel research on all theoretical and practical aspects of electronic privacy, as well as experimental studies of fielded systems. We encourage submissions from other communities such as law and business that present these communities' perspectives on technological issues. Topics of interest include, but are not limited to, anonymization and trasparency, crowdsourcing for privacy and security, data correlation and leakage attacks, data security and privacy, data and computations integrity in emerging scenarios, electronic communication privacy, economics of privacy, information dissemination control, models, languages, and techniques for big data protection, personally identifiable information, privacy-aware access control, privacy and anonymity on the web, privacy in biometric systems, privacy in cloud and grid systems, privacy and confidentiality management, privacy and data mining, privacy in the Internet of Things, privacy in the digital business, privacy in the electronic records, privacy enhancing technologies, privacy and human rights, privacy in health care and public administration, privacy metrics, privacy in mobile systems, privacy in outsourced scenarios, privacy policies, privacy vs. security, privacy of provenance data, privacy in social networks, privacy threats, privacy and virtual identity, user profiling, and wireless privacy.

For more information, please see https://cs.pitt.edu/wpes2017.

ISDDC 2017 International Conference on Intelligent, Secure and Dependable Systems in Distributed and Cloud Environments, Vancouver, BC, Canada, October 25-27, 2017. [posted here 03/13/17]
The integration of network computing and mobile systems offers new challenges with respect to the dependability of integrated applications. At the same time, new threat vectors have emerged that leverage and magnify traditional hacking methods, enabling large scale and intelligence-driven attacks against a variety of platforms, including mobile, cloud, Internet-of-things (IoT), as well as conventional networks. The consequence of such fast evolving environment is the pressing need for effective and efficient paradigms, approaches, and tools for building, maintaining, and managing secure and dependable systems. This conference solicits papers addressing issues related to the design, analysis, and implementation, of dependable and secure infrastructures, systems, architectures, algorithms, and protocols that deal with network computing, mobile/ubiquitous systems, cloud systems, and IoT systems. The goal of the ISDDC 2017 conference is to provide a forum for researchers, students, scientists and engineers working in academia and industry to share their experiences, new ideas and research results in the above-mentioned areas.

For more information, please see http://www.scs.ryerson.ca/iwoungan/ISDDC17/.

FPS 2017 10th International Symposium on Foundations & Practice of Security, Nancy, France, October 23-25, 2017. [posted here 05/22/17]
Protecting the communication and data infrastructure of an increasingly inter-connected world has become vital to the normal functioning of all aspects of our world. Security has emerged as an important scientific discipline whose many multifaceted complexities deserve the attention and synergy of the mathematical, computer science and engineering communities. The aim of FPS is to discuss and exchange theoretical and practical ideas that address security issues in inter-connected systems. It aims to provide scientific presentations as well as to establish links, promote scientific collaboration, joint research programs, and student exchanges between institutions involved in this important and fast moving research field. We also invite papers from researchers and practitioners working in security, privacy, trustworthy data systems and related areas to submit their original papers.

For more information, please see http://fps2017.loria.fr/.

GameSec 2017 8th Conference on Decision and Game Theory for Security, Vienna, Austria, October 23-25, 2017. [posted here 02/20/17]
The goal of GameSec is to bring together academic and industrial researchers in an effort to identify and discuss the major technical challenges and recent results that highlight the connection between game theory, control, distributed optimization, economic incentives and real world security, reputation, trust and privacy problems in a variety of technological systems. Submissions should solely be original research papers that have neither been published nor submitted for publication elsewhere.
- Game theory and mechanism design for security and privacy
- Pricing and economic incentives for building dependable and secure systems
- Dynamic control, learning, and optimization and approximation techniques
- Decision making and decision theory for cybersecurity and security requirements engineering
- Socio-technological and behavioral approaches to security
- Risk assessment and risk management
- Security investment and cyber insurance
- Security and privacy for the Internet-of-Things (IoT), cyber-physical systems, resilient control systems
- New approaches for security and privacy in cloud computing and for critical infrastructure
- Security and privacy of wireless and mobile communications, including user location privacy
- Game theory for intrusion detection
- Empirical and experimental studies with game-theoretic or optimization analysis for security and privacy

For more information, please see http://www.gamesec-conf.org/cfp.php.

CTC 2017 7th International Symposium on Secure Virtual Infrastructures - Cloud and Trusted Computing, Rhodes, Greece, October 23-24, 2017. [posted here 03/27/17]
Current and future service-based software needs to remain focused towards the development and deployment of large and complex intelligent and networked information systems, required for internet-based and intranet-based systems in organizations, as well to move to IoT integration and big data analytics. Today, service-based software covers a very wide range of application domains as well as technologies and research issues. This has found realization through Cloud Computing, Big Data, and IoT. Vital element in such networked, virtualized, and sensor-based information systems are the notions of trust, security, privacy and risk management. The conference solicits submissions from both academia and industry presenting novel research in the context of Cloud Computing, Big Data, and IoT, presenting theoretical and practical approaches to cloud, big data, and IoT trust, security, privacy and risk management. The conference will provide a special focus on the intersection between cloud paradigm, big data analytics, and IoT integration, bringing together experts from the three communities to discuss on the vital issues of trust, security, privacy and risk management in Cloud Computing, shedding the light on novel issues and requirements in big data and IoT domains. Potential contributions could cover new approaches, methodologies, protocols, tools, or verification and validation techniques. We also welcome review papers that analyze critically the current status of trust, security, privacy and risk management in the cloud, big data, and IoT. Papers from practitioners who encounter trust, security, privacy, and risk management problems, and seek understanding are finally welcome. For 2017, a special emphasis will be put on "Secure and Trustworthy Big Data Analytics and IoT Integration: From the Periphery to the Cloud".

For more information, please see http://www.otmconferences.org/index.php/conferences/ctc-2017.

AsianHOST 2017 IEEE Asian Hardware-Oriented Security and Trust Symposium, Beijing, China, October 19-20, 2017. [posted here 04/03/17]
IEEE Asian Hardware Oriented Security and Trust Symposium (AsianHOST) aims to facilitate the rapid growth of hardware security research and development in Asia and South Pacific areas. AsianHOST highlights new results in the area of hardware and system security. Relevant research topics include techniques, tools, design/test methods, architectures, circuits, and applications of secure hardware. AsianHOST 2017 invites original contributions related to, but not limited by, the following topics:
- Hardware Trojan attacks and detection techniques
- Side-channel attacks and countermeasures
- Metrics, policies, and standards related to hardware security
- Secure system-on-chip (SoC) architecture
- Security rule checks at IP, IC, and System levels
- Hardware IP trust (watermarking, metering, trust verification)
- FPGA security
- Trusted manufacturing including split manufacturing, 2.5D, and 3D ICs
- Emerging nanoscale technologies in hardware security applications
- Security analysis and protection of Internet of Things (IoT)
- Cyber-physical system (CPS) security and resilience
- Reverse engineering and hardware obfuscation at all levels of abstraction
- Supply chain risks mitigation including counterfeit detection & avoidance
- Hardware techniques that ensure software and/or system security
- Analysis of real attacks and threat evaluation

For more information, please see http://asianhost.org/2017/.

LASER 2017 Workshop on Learning from Authoritative Security Experiment Results, Arlington, VA, USA, October 18-19, 2017. [posted here 06/12/17]
The LASER workshop series focuses on learning from and improving cybersecurity experimental results. It explores both positive and negative results, the latter of which are not often published. LASER's overarching goal is to foster a dramatic change in the paradigm of cyber security research and experimentation, improving the overall quality of practiced science. This year, LASER's goal will be to improve the rigor and quality of security experimentation by providing a venue where cybersecurity researchers can discuss experimental methods and present research that exemplifies sound scientific practice. We particularly encourage papers in three areas:
- Well-designed security experiments, with positive or negative results.
- Experimental techniques that help address common sources of error.
- Replications (successful or failed) of previously published experiments.

For more information, please see http://2017.laser-workshop.org/submissions/call-papers.

CPS-Sec 2017 IEEE International Workshop on Cyber-Physical Systems Security, Held in Conjunction with the IEEE Conference on Communications and Network Security (CNS 2017), Las Vegas, NV, USA, October 9-11, 2017. [posted here 06/19/17]
The CPS-Sec Workshop will primarily focus on the security and privacy aspects of Cyber-Physical Systems and Internet of Things. The workshop will include papers (both novel and work-in-progress submissions), invited talks, panels, and discussions to facilitate the exchange of research ideas in a community environment. We are sure that the CPS-Sec workshop will greatly benefit from your contributions.

For more information, please see http://cns2017.ieee-cns.org/workshop/cps-sec-international-workshop-cyber-physical-systems-security.

WISTP 2017 11th International Conference on Information Security Theoryand Practice, Crete, Greece, September 28-29, 2017. [posted here 05/29/17]
The 11th WISTP International Conference on Information Security Theory and Practice (WISTP'2017) seeks original submissions from academia and industry presenting novel research on all theoretical and practical aspects of security and privacy, as well as experimental studies of fielded systems, the application of security technology, the implementation of systems, and lessons learned. We encourage interdisciplinary contributions bringing law, business, and policy perspectives on security issues. Submissions with regards to the security of future ICT technologies, such as cyber-physical systems, cloud services, data science and the Internet of Things are particularly welcome.

For more information, please see http://www.wistp.org.

FDTC 2017 14th Workshop on Fault Diagnosis and Tolerance in Cryptography, Taipei, Taiwan, September 25, 2017. [posted here 04/17/17]
Fault injection is one of the most exploited means for extracting confidential information from embedded devices and for compromising their intended operation. Therefore, research on developing methodologies, techniques, architectures and design tools for robust cryptographic systems (both hardware and software), and on protecting them against both accidental faults and intentional attacks is essential. Of particular interest are models and metrics for quantifying the protection of systems and protocols against malicious injection of faults and to estimate the leaked confidential information. FDTC is the reference event in the field of fault analysis, attacks and countermeasures. Topics of interest include but are not limited to:
- Fault injection and exploitation: mechanisms (e.g., using lasers, electromagnetic induction, or clock / power supply manipulation), attacks on cryptographic devices (HW and SW) or protocols, combined implementation attacks
- Countermeasures: Fault resistant hardware / implementations of cryptographic algorithms, countermeasures to detect fault injections, techniques providing fault tolerance (inherent reliability), fault resistant protocols, measures to prevent fault injection (e.g., physical protection, fault diagnosis)
- Models and metrics for fault attack analysis: metrics for fault attacks robustness and the leaked information, models of fault injection, modeling and analysis (e.g., modeling the reliability of systems or protocols)
- Fault attack resistant architectures: fault attack resistant processor designs, fault attack resistant hardware, fault attack resistant software
- Design tools supporting analysis of fault attacks and countermeasures: early estimation of fault attack robustness, automatic applications of fault countermeasures, fault attacks and reliability
- Case studies of attacks, fault diagnosis, and tolerance techniques

For more information, please see http://conferenze.dei.polimi.it/FDTC17/index.html.

STM 2017 13th International Workshop on Security and Trust Management, Co-located with with ESORICS 2017, Oslo, Norway, September 14-15, 2017. [posted here 05/22/17]
STM (Security and Trust Management) is a working group of ERCIM (European Research Consortium in Informatics and Mathematics). The workshop seeks submissions from academia, industry, and government presenting novel research on all theoretical and practical aspects of security and trust in ICT. Topics of interest include, but are not limited to:
- Access control
- Anonymity
- Applied cryptography
- Authentication
- Complex systems security
- Data and application security
- Data protection
- Data/system integrity
- Digital rights management
- Economics of security and privacy
- Formal methods for security and trust
- Identity management
- Legal and ethical issues
- Mobile security
- Networked systems security
- Operating systems security
- Privacy
- Security and trust metrics
- Security and trust policies
- Security and trust management architectures
- Security and trust for big data
- Security and trust in cloud environments
- Security and trust in content delivery networks
- Security and trust in crowdsourcing
- Security and trust in grid computing
- Security and trust in the Internet of Things
- Security and trust in pervasive computing
- Security and trust in services
- Security and trust in social networks
- Social implications of security and trust
- Trust assessment and negotiation
- Trust in mobile code
- Trust models
- Trust management policies
- Trust and reputation systems
- Trusted platforms
- Trustworthy systems and user devices

For more information, please see http://stm2017.di.unimi.it.

SPIFEC 2017 1st European Workshop on Security and Privacy in Fog and Edge Computing, Held In conjunction with ESORICS 2017, Oslo, Norway, September 14-15, 2017. [posted here 05/08/17]
The main goal of Fog Computing and other related Edge paradigms, such as Multi-Access Edge Computing, is to decentralize the Cloud and bring some of its services closer to the edge of the network, where data are generated and decisions are made. Cloud-enabled edge platforms will be able to cooperate not only with each other but with the cloud, effectively creating a collaborative and federated environment. This paradigm shift will fulfill the needs of novel services, such as augmented reality, that have particularly stringent requirements like extremely low latency. It will also help improve the vision of the Internet of Things by improving its scalability and overall functionality, among other benefits. To enable this vision, a number of platforms and technologies need to securely coexist, including sensors and actuators, edge-deployed systems, software-defined networks, hardware virtualization, data mining mechanisms, etc. However, this paradigm shift calls for new security challenges and opportunities to leverage services for new scenarios and applications. The field of edge computing security is almost unexplored, and demands further attention from the research community and industry in order to unleash the full potential of this paradigm.

For more information, please see https://www.nics.uma.es/pub/spifec.

DPM 2017 12th Workshop on Data Privacy Management, Co-located with ESORICS 2017, Oslo, Norway, September 14-15, 2017. [posted here 04/24/17]
Organizations are increasingly concerned about the privacy of information that they manage (several people have filed lawsuits against organizations violating the privacy of customer's data). Thus, the management of privacy-sensitive information is very critical and important for every organization. This poses several challenging problems, such as how to translate the high-level business goals into system-level privacy policies, administration of privacy-sensitive data, privacy data integration and engineering, privacy access control mechanisms, information-oriented security, and query execution on privacy-sensitive data for partial answers. The aim of this workshop is to discuss and exchange the ideas related to privacy data management. We invite papers from researchers and practitioners working in privacy, security, trustworthy data systems and related areas to submit their original papers in this workshop. The main topics, but not limited to, include:
- Privacy Information Management
- Privacy Policy-based Infrastructures and Architectures
- Privacy-oriented Access Control Languages and Models
- Privacy in Trust Management
- Privacy in Digital Currencies
- Privacy Data Integration
- Privacy Risk Assessment and Assurance
- Privacy Services
- Privacy Policy Analysis
- Cryptography
- Cryptanalysis
- Query Execution over Privacy Sensitive Data
- Privacy Preserving Data Mining
- Hippocratic and Water-marking Databases
- Privacy for Integrity-based Computing
- Privacy Monitoring and Auditing
- Privacy in Social Networks
- Privacy in Ambient Intelligence (AmI) Applications
- Individual Privacy vs. Corporate/National Security
- Code-based Cryptology
- Privacy in computer networks
- Privacy and RFIDs
- Privacy and Big Data
- Privacy in sensor networks

For more information, please see http://deic.uab.cat/conferences/dpm/dpm2017/.

NuTMiC 2017 Number Theory Methods in Cryptology, Warsaw, Poland, September 11-13, 2017. [posted here 06/19/17]
The aim of the conference is to cross-pollinate Number Theory and Cryptology. On the one hand, help the conference is going to explore Number Theory challenges that flow from rapidly evolving fields of the modern Cryptology. On the other hand, sick it is going to investigate Number Theory methods in the design and analysis of cryptologic systems and protocols. Besides the well-established connections between the two domains such as primality testing, factorisation, elliptic curves, lattices (to mention a few), the conference endeavours to forge new ones that would encompass Number Theory structures and algorithms that have never been used in Cryptology before. It is expected that these new connections would lead to novel, more efficient and secure cryptographic systems and protocols (such as one-way functions, pseudorandom number generators, encryption algorithms, digital signatures, etc.).

For more information, please see https://www.nics.uma.es/pub/spifec.

GraMSec 2017 4th International Workshop on Graphical Models for Security, Co-located with CSF 2017, Santa Barbara, California, USA, August 21, 2017. [posted here 3/27/17]
Graphical security models provide an intuitive but systematic approach to analyze security weaknesses of systems and to evaluate potential protection measures. Cyber security researchers, as well as security professionals from industry and government, have proposed various graphical security modeling schemes. Such models are used to capture different security facets (digital, physical, and social) and address a range of challenges including vulnerability assessment, risk analysis, defense analysis, automated defensing, secure services composition, policy validation and verification. The objective of the GraMSec workshop is to contribute to the development of well-founded graphical security models, efficient algorithms for their analysis, as well as methodologies for their practical usage. The workshop seeks submissions from academia, industry, and government presenting novel research on all theoretical and practical aspects of graphical models for security.

For more information, please see http://gramsec.uni.lu.

CSF 2017 30th IEEE Computer Security Foundations Symposium, Co-located with CRYPTO 2017, Santa Barbara, California, USA, August 22-25, 2017. [posted here 12/12/16]
The Computer Security Foundations Symposium is an annual conference for researchers in computer security. CSF seeks papers on foundational aspects of computer security, such as formal security models, relationships between security properties and defenses, principled techniques and tools for design and analysis of security mechanisms, as well as their application to practice. While CSF welcomes submissions beyond the topics listed below, the main focus of CSF is foundational security: submissions that lack foundational aspects risk rejection. This year, CSF will use a light form of double-blind reviewing. New results in computer security are welcome. We also encourage challenge/vision papers, which may describe open questions and raise fundamental concerns about security.

For more information, please see http://csf2017.tecnico.ulisboa.pt/.

USENIX Security 2017 26th USENIX Security Symposium, Vancouver, Canada, August 16–18, 2017. [posted here 1/23/17]
The USENIX Security Symposium brings together researchers, practitioners, system administrators, system programmers, and others interested in the latest advances in the security and privacy of computer systems and networks. All researchers are encouraged to submit papers covering novel and scientifically significant practical works in computer security. USENIX Security is interested in all aspects of computing systems security and privacy. Papers without a clear application to security or privacy, however, will be considered out of scope and may be rejected without full review.

For more information, please see https://www.usenix.org/conference/usenixsecurity17/call-for-papers.

DSC 2017 IEEE Conference on Dependable and Secure Computing, Taipei, Taiwan, August 7-10, 2017. [posted here 10/24/16]
The IEEE Conference on Dependable and Secure Computing solicits papers, posters, practices, and experiences for presenting innovative research results, problem solutions, and new challenges in the field of dependable and secure computing. The whole spectrum of IT systems and application areas, including hardware design and software systems, with stringent relevant to dependability and security concerns are of interest to DSC. Authors are invited to submit original works on research and practice of creating, validating, deploying, and maintaining dependable and secure systems. The conference has two tracks for research papers, the "Computer Systems, Networks, and Software" track and the "System Electronics, VLSI, and CAD" track. In addition to research papers, the DSC conference will also include a submission category for experience and practice papers on new findings in the two aforementioned categories. The PC will evaluate a submission to the experience and practice track with the understanding that it predominantly contributes to the VLSI/CAD design knowhow or the extension of the community's knowledge about how the security protection of known techniques fares in real-world operations. Authors have to submit a short paper along with slides and an optional supplemental video to demonstrate the implementation and/or the practicability of the work.

For more information, please see http://dsc17.cs.nctu.edu.tw/.

PETS 2017 17th Privacy Enhancing Technologies Symposium, Minneapolis, MN, USA, July 18 – 21, 2017. [posted here 8/8/16]
The annual Privacy Enhancing Technologies Symposium (PETS) brings together privacy experts from around the world to present and discuss recent advances and new perspectives on research in privacy technologies. Papers undergo a journal-style reviewing process and accepted papers are published in Proceedings on Privacy Enhancing Technologies (PoPETs), a scholarly, open access journal. Submitted papers should present novel practical and/or theoretical research into the design, analysis, experimentation, or fielding of privacy-enhancing technologies. While PETS/PoPETs has traditionally been home to research on anonymity systems and privacy-oriented cryptography, we strongly encourage submissions on a number of both well-established and emerging privacy-related topics, for which examples are provided below. PoPETs also solicits submissions for Systematization of Knowledge (SoK) papers. These are papers that critically review, evaluate, and contextualize work in areas for which a body of prior literature exists, and whose contribution lies in systematizing the existing knowledge in that area.

For more information, please see https://petsymposium.org/.

WiSec 2017 10th ACM Conference on Security and Privacy in Wireless and Mobile Networks, Boston, MA, USA, July 18-20, 2017. [posted here 12/19/16]
ACM WiSec is the leading ACM and SIGSAC conference dedicated to all aspects of security and privacy in wireless and mobile networks and their applications. In addition to the traditional ACM WiSec topics of physical, link, and network layer security, we welcome papers focusing on the security and privacy of mobile software platforms, usable security and privacy, biometrics, cryptography, and the increasingly diverse range of mobile or wireless applications such as Internet of Things, and Cyber-Physical Systems. The conference welcomes both theoretical as well as systems contributions. Topics of interest include, but are not limited to:
- Security & privacy for smart devices (e.g., smartphones)
- Wireless and mobile privacy and anonymity
- Secure localization and location privacy
- Cellular network fraud and security
- Jamming attacks and defenses
- Key management (agreement or distribution) for wireless or mobile systems
- Information-theoretic security schemes for wireless systems
- Theoretical and formal approaches for wireless and mobile security
- Cryptographic primitives for wireless and mobile security
- NFC and smart payment applications
- Security and privacy for mobile sensing systems
- Wireless or mobile security for emerging applications (e.g, privacy in health, automotive, avionics, smart grid, or IoT applications)
- Physical tracking security and privacy
- Usable mobile security and privacy
- Economics of mobile security and privacy
- Bring Your Own Device (BYOD) security
- Mobile malware and platform security
- Security for cognitive radio and dynamic spectrum access systems
- Security protocols for wireless networking

For more information, please see http://wisec2017.ccs.neu.edu/.

DBSec 2017 31st Annual IFIP WG 11.3 Conference on Data and Applications Security and Privacy, Philadelphia, PA, USA, July 17-19, 2017. [posted here 1/2/17]
DBSec is an annual international conference covering research in data and applications security and privacy. The 31st Annual IFIP WG 11.3 Conference on Data and Applications Security and Privacy (DBSec 2017) will be held in Philadelphia, PA, USA. The conference seeks submissions from academia, industry, and government presenting novel research on all theoretical and practical aspects of data protection, privacy, and applications security. Topics of interest include, but are not limited to:
- access control 
- anonymity
- applied cryptography in data security 
- authentication
- big data security 
- data and system integrity
- data protection 
- database security 
- digital rights management 
- identity management  
- intrusion detection
- knowledge discovery and privacy
- methodologies for data and application security 
- network security 
- organizational security 
- privacy  
- secure cloud computing
- secure distributed systems 
- secure information integration 
- secure Web services  
- security and privacy in crowdsourcing
- security and privacy in IT outsourcing 
- security and privacy in the Internet of Things 
- security and privacy in location-based services
- security and privacy in P2P scenarios and social networks
- security and privacy in pervasive/ubiquitous computing
- security and privacy policies
- security management
- security metrics
- threats, vulnerabilities, and risk management
- trust and reputation systems
- trust management
- wireless and mobile security

For more information, please see https://dbsec2017.ittc.ku.edu/.

SOUPS 2017 13th Symposium on Usable Privacy and Security, Santa Clara, CA, USA, July 12–14, 2017. [posted here 11/21/16]
The 2017 Symposium on Usable Privacy and Security (SOUPS) will bring together an interdisciplinary group of researchers and practitioners in human computer interaction, security, and privacy. We invite authors to submit previously unpublished papers describing research or experience in all areas of usable privacy and security. We welcome a variety of research methods, including both qualitative and quantitative approaches. Topics include, but are not limited to:
- Innovative security or privacy functionality and design
- Field studies of security or privacy technology
- Usability evaluations of new or existing security or privacy features
- Security testing of new or existing usability features
- Longitudinal studies of deployed security or privacy features
- Studies of administrators or developers and support for security and privacy
- The impact of organizational policy or procurement decisions
- Lessons learned from the deployment and use of usable privacy and security features

For more information, please see https://www.usenix.org/conference/soups2017/call-for-papers.

ACNS 2017 15th International Conference on Applied Cryptography and Network Security, Kanazawa, Japan, July 10-12, 2017. [posted here 12/12/16]
ACNS is an annual conference focusing on innovative research and current developments that advance the areas of applied cryptography, cyber security and privacy. Both academic research works with high relevance to real-world problems as well as developments in industrial and technical frontiers fall within the scope of the conference. Submissions may focus on the modelling, design, analysis (including security proofs and attacks), development (e.g. implementations), deployment (e.g. system integration), and maintenance (including performance measurements, usability studies) of algorithms / protocols / standards / implementations / technologies / devices / systems, standing in close relation with applied cryptography, cyber security and privacy, while advancing or bringing new insights to the state of the art.

For more information, please see https://cy2sec.comm.eng.osaka-u.ac.jp/acns2017/.

IVSW 2017 2nd International Verification and Security Workshop, Thessaloniki, Greece, July 3-5, 2017. [posted here 1/23/17]
Issues related to verification and security are increasingly important in modern electronic systems. In particular, the huge complexity of electronic systems has led to growth in quality, reliability and security needs in several application domains as well as pressure for low cost products. There is a corresponding increasing demand for cost-effective verification techniques and security solutions. These needs have increased dramatically with the increased complexity of electronic systems and the fast adoption of these systems in all aspects of our daily lives. The goal of IVSW is to bring industry practitioners and researchers from the fields of verification, validation, test, reliability and security to exchange innovative ideas and to develop new methodologies for solving the difficult challenges facing us today in various SoC design environments.   The workshop seeks submissions from academia and industry presenting novel research results on the following topics of interest:
- Verification challenges of IoT
- High-level test generation for functional verification
- Emulation techniques and FPGA prototyping
- Triage and debug methodologies
- Silicon debugging
- Low-power verification
- Formal techniques and their applications
- Verification coverage
- Performance validation and characterization
- Design for Verifiability (DFV)
- Memory and coherency verification
- ESL design and Virtual Platforms
- Security verification
- Design for security
- Hardware Security IP
- Secure circuit design
- Fault-based attacks and counter measures
- Security solutions for analog/mixed signal circuits
- Security Applications in automotive, railway, avionics and space
- Internet of Things (IoT) security considerations
- Data analytics in verification and security
- Security EDA tools
- Hardware/software security and verification

For more information, please see http://tima.imag.fr/conferences/ivsw/ivsw17/.

IFIPSEC 2017 32nd IFIP TC-11 SEC 2017 International Information Security and Privacy Conference, Rome, Italy, May 29-31, 2017. [posted here 10/24/16]
The IFIP SEC conference is the flagship event of the International Federation for Information Processing (IFIP) Technical Committee 11 on Security and Privacy Protection in Information Processing Systems (TC-11, www.ifiptc11.org). Previous SEC conferences were held in Ghent (Belgium) 2016, Hamburg (Germany) 2015, Marrakech (Morroco) 2014, Auckland (New Zealand) 2013, Heraklion (Greece) 2012, Lucerne (Switzerland) 2011, and Brisbane (Australia) 2010. We seek submissions from academia, industry, and government presenting novel research on all theoretical and practical aspects of security and privacy protection in ICT Systems. Topics of interest include, but are not limited to:
- Access control and authentication
- Applied cryptography
- Audit and risk analysis
- Biometrics
- Big data security and privacy
- Cloud security and privacy
- Critical infrastructure protection
- Cyber-physical systems security
- Data protection
- Data and applications security
- Digital forensics
- Human aspects of security and privacy
- Identity management
- Information security education
- Information security management
- Information technology mis-use and the law
- Managing information security functions
- Mobile security
- Multilateral security
- Network & distributed systems security
- Privacy protection and Privacy-by-design
- Privacy enhancing technologies
- Security and privacy in crowdsourcing
- Security and privacy in pervasive systems
- Security and privacy in the Internet of Things
- Security and privacy policies
- Surveillance and counter-surveillance
- Trust management
- Usable security

For more information, please see http://ifipsec.org/2017/.

SPW-Workshop 2016 SPW 2017 Security and Privacy Workshops, Held in conjunction with the 38th IEEE Symposium on Security and Privacy (SP 2017), San Jose, CA, USA, May 25, 2017. [posted here 08/22/16]
Since 1980, the IEEE Symposium on Security and Privacy (SP) has been the premier forum for the presentation of developments in computer security and electronic privacy, and for bringing together researchers and practitioners in the field. To expand opportunities for scientific exchanges, the IEEE CS Technical Committee on Security and Privacy created the Security and Privacy Workshops (SPW). The typical purpose of such a workshop is to cover a specific aspect of security and privacy in more detail, making it easy for the participants to attend IEEE SP and a specialized workshop at SPW with just one trip. Furthermore, the co-location offers synergies for the organizers. The number of workshops and attendees has grown steadily during recent years. Workshops can be annual events, one time events, or aperiodic. The Security and Privacy Workshops in 2017 will be held on Thursday, May 25. All workshops will occur on that day. Up to six workshops will be hosted by SPW.

For more information, please see http://www.ieee-security.org/TC/SP2017/cfworkshops.html.

MOST 2017 Mobile Security Technologies Workshop, Co-located with the 38th IEEE Symposium on Security and Privacy (IEEE S&P 2017), San Jose, CA, USA, May 25, 2017. [posted here 12/5/16]
The ACM TURC 2017 (Security and Privacy Track) conference is a new leading international forum for academia, government, and industry to present novel research results in all practical and theoretical aspects of computer and communications security. Papers should be related to the construction, evaluation, application, or operation of secure systems. All topic areas related to computer and communications security are of interest and in scope. The ACM TURC 2017 (Security and Privacy Track) is technically supported by ACM SIGSAC in China (Pending Approval). Topics of interest include but are not limited to the following:
- Access control
- Accounting and audit
- Applied cryptography
- Authentication
- Big data security and privacy
- Biometrics
- Blockchain and alternatives
- Cloud computing security
- Computer forensics
- Cyber-physical security
- Data and application security
- Embedded systems security
- Formal methods for security
- Hardware-based security and applications
- IoT security and privacy
- Key management
- Malware and botnets
- Mobile computing security
- Network security
- Operating system security
- Practical post-quantum security
- Privacy-enhancing technology
- Runtime attacks and defenses
- Secure computation
- Security architectures
- Security of critical infrastructures
- Security metrics
- Software security
- Trusted computing
- Usable security and privacy
- Web security
- Wireless security and privacy

For more information, please see http://ieee-security.org/TC/SPW2017/MoST/.

BioSTAR 2017 International Workshop on Bio-inspired Security, Trust, Assurance and Resilience, Co-located with the 38th IEEE Symposium on Security and Privacy (IEEE S&P 2017), San Jose, CA, USA, May 25, 2017. [posted here 10/24/16]
As computing and communication systems continue to expand and offer new services, these advancements require more dynamic, diverse, and interconnected computing infrastructures. Unfortunately, defending and maintaining resilient and trustworthy operation of these complex systems are increasingly difficult challenges. Conventional approaches to Security, Trust, Assurance and Resilience (STAR for short) are often too narrowly focused and cannot easily scale to manage large, coordinated and persistent attacks in these environments. Designs found in nature are increasingly used as a source of inspiration for STAR and related networking and intelligence solutions for complex computing and communication environments. Nature's footprint is present in the world of Information Technology, where there are an astounding number of computational bio-inspired techniques. These well-regarded approaches include genetic algorithms, neural networks, ant algorithms, immune systems just to name a few. For example several networking management and security technologies have successfully adopted some of nature's approaches, such as swarm intelligence, artificial immune systems, sensor networks, moving target defense, diversity-based software design, etc. Nature has also developed an outstanding ability to recognize individuals or foreign objects and adapt/evolve to protect a group or a single organism. Solutions that incorporate these nature-inspired characteristics often have improved performance and/or provided new capabilities beyond more traditional methods. The aim of this workshop is to bring together the research accomplishments provided by the researchers from academia and the industry. The other goal is to show the latest research results in the field of nature-inspired STAR aspects in computing and communications. Topics of interests include, but are not limited to:
- Nature-inspired anomaly and intrusion detection
- Adaptation algorithms
- Biometrics
- Nature-inspired algorithms and technologies for STAR
- Biomimetics
- Artificial Immune Systems
- Adaptive and Evolvable Systems
- Machine Learning, neural networks, genetic algorithms for STAR
- Nature-inspired analytics and prediction
- Cognitive systems
- Sensor and actuator networks and systems
- Information hiding solutions (steganography, watermarking) for network traffic
- Cooperative defense systems
- Cloud-supported nature-inspired STAR
- Theoretical development in heuristics
- Management of decentralized networks
- Nature-inspired algorithms for dependable networks
- Platforms for STAR services
- Diversity in computing and communications
- Survivable and sustainable systems
- STAR management systems
- Autonomic cyber defenses

For more information, please see http://biostar.cybersecurity.bio/.

WTMC 2017 2nd International Workshop on Traffic Measurements for Cybersecurity, Co-located with the 38th IEEE Symposium on Security and Privacy (IEEE S&P 2017), San Jose, CA, USA, May 25, 2017. [posted here 10/24/16]
Current communication networks are increasingly becoming pervasive, complex, and ever-evolving due to factors like enormous growth in the number of network users, continuous appearance of network applications, increasing amount of data transferred, and diversity of user behaviors. Understanding and measuring traffic in such networks is a difficult yet vital task for network management but recently also for cybersecurity purposes. Network traffic measuring and monitoring can, for example, enable the analysis of the spreading of malicious software and its capabilities or can help to understand the nature of various network threats including those that exploit users’ behavior and other user’s sensitive information. On the other hand network traffic investigation can also help to assess the effectiveness of the existing countermeasures or contribute to building new, better ones. Recently, traffic measurements have been utilized in the area of economics of cybersecurity e.g. to assess ISP or to estimate the revenue of cyber criminals. The aim of this workshop is to bring together the research accomplishments provided by the researchers from academia and the industry. The other goal is to show the latest research results in the field of cybersecurity and understand how traffic measurements can influence it. We encourage prospective authors to submit related distinguished research papers on the subject of both: theoretical approaches and practical case reviews. This workshop presents some of the most relevant ongoing research in cybersecurity seen from the traffic measurements perspective. The workshop will be accessible to both non-experts interested in learning about this area and experts interesting in hearing about new research and approaches. Topics of interest include, but are not limited to:
- Measurements for network incidents response, investigation and evidence handling
- Measurements for network anomalies detection
- Measurements for economics of cybersecurity
- Network traffic analysis to discover the nature and evolution of the cybersecurity threats
- Measurements for assessing the effectiveness of the threats detection/prevention methods and countermeasures
- Novel passive, active and hybrid measurements techniques for cybersecurity purposes
- Traffic classification and topology discovery tools for monitoring the evolving status of the network from the cybersecurity perspective
- Correlation of measurements across multiple layers, protocols or networks for cybersecurity purposes
- Novel visualization approaches to detect network attacks and other threats
- Analysis of network traffic to provide new insights about network structure and behavior from the security perspective
- Measurements of network protocol and applications behavior and its impact on cybersecurity and users' privacy
- Measurements related to network security and privacy

For more information, please see http://wtmc.info.

IWPE 2017 3rd International Workshop on Privacy Engineering, Co-located with IEEE Symposium on Security and Privacy (SP 2017), San Jose, CA, USA, May 25, 2017. [posted here 11/7/16]
Ongoing news reports regarding global surveillance programs, massive personal data breaches in corporate databases, and notorious examples of personal tragedies due to privacy violations have intensified societal demands for privacy-friendly systems. In response, current legislative and standardization processes worldwide aim to strengthen individual’s privacy by introducing legal, organizational and technical frameworks that personal data collectors and processors must follow. However, in practice, these initiatives alone are not enough to guarantee that organizations and software developers will be able to identify and adopt appropriate privacy engineering techniques in their daily practices. Even if so, it is difficult to systematically evaluate whether the systems they develop using such techniques comply with legal frameworks, provide necessary technical assurances, and fulfill users’ privacy requirements. It is evident that research is needed in developing techniques and tools that can aid the translation of legal and normative concepts, as well as user expectations into systems requirements. Furthermore, methods that can support organizations and engineers in developing (socio-)technical systems that address these requirements is of increasing value to respond to the existing societal challenges associated with privacy. In this context, privacy engineering research is emerging as an important topic. Engineers are increasingly expected to build and maintain privacy-preserving and data-protection compliant systems in different ICT domains such as health, energy, transportation, social computing, law enforcement, public services; based on different infrastructures such as cloud, grid, or mobile computing and architectures. While there is a consensus on the benefits of an engineering approach to privacy, concrete proposals for models, methods, techniques and tools that support engineers and organizations in this endeavor are few and in need of immediate attention. To cover this gap, the topics of the International Workshop on Privacy Engineering (IWPE'17) focus on all the aspects surrounding privacy engineering, ranging from its theoretical foundations, engineering approaches, and support infrastructures, to its practical application in projects of different scale. Specifically, we are seeking the following kinds of papers: (1) technical papers that illustrate the engineering or application of a novel formalism, method or other research finding (e.g., a privacy enhancing protocol) with preliminary evaluation; (2) experience and practice papers that describe a case study, challenge or lessons learned from in a specific domain; (3) early evaluations of tools and other infrastructure that support engineering tasks in privacy requirements, design, implementation, testing, etc.; (4) interdisciplinary studies or critical reviews of existing privacy engineering concepts, methods, tools and frameworks; or (5) vision papers that take a clear position informed by evidence based on a thorough literature review. IWPE’17 welcomes papers that focus on novel solutions on the recent developments in the general area of privacy engineering. Topics of interests include, but are not limited to:
- Integrating law and policy compliance into the development process
- Privacy impact assessment during software development
- Privacy risk management models
- Privacy breach recovery Methods
- Technical standards, heuristics and best practices for privacy engineering
- Privacy engineering in technical standards
- Privacy requirements elicitation and analysis methods
- User privacy and data protection requirements
- Management of privacy requirements with other system requirements
- Privacy requirements elicitation and analysis techniques
- Privacy engineering strategies and design patterns
- Privacy-preserving architectures
- Privacy engineering and databases, services, and the cloud
- Privacy engineering in networks
- Engineering techniques for fairness, transparency, and privacy in databases
- Privacy engineering in the context of interaction design and usability
- Privacy testing and evaluation methods
- Validation and verification of privacy requirements
- Privacy Engineering and design
- Engineering Privacy Enhancing Technologies (PETs)
- Integration of PETs into systems
- Models and approaches for the verification of privacy properties
- Tools and formal languages supporting privacy engineering
- Teaching and training privacy engineering
- Adaptations of privacy engineering into specific software development processes
- Pilots and real-world applications
- Evaluation of privacy engineering methods, technologies and tools
- Privacy engineering and accountability
- Privacy engineering and business processes
- Privacy engineering and manageability of data in (large) enterprises
- Organizational, legal, political and economic aspects of privacy engineering

For more information, please see http://ieee-security.org/TC/SPW2017/IWPE/.

SP 2017 38th IEEE Symposium on Security and Privacy, San Jose, CA, USA, May 22-24, 2017. [posted here 9/5/16]
Since 1980 in Oakland, the IEEE Symposium on Security and Privacy has been the premier forum for computer security research, presenting the latest developments and bringing together researchers and practitioners. We solicit previously unpublished papers offering novel research contributions in any aspect of security or privacy. Papers may present advances in the theory, design, implementation, analysis, verification, or empirical evaluation and measurement of secure systems. Topics of interest include:
- Access control and authorization
- Accountability
- Anonymity
- Application security
- Attacks and defenses
- Authentication
- Censorship resistance
- Cloud security
- Distributed systems security
- Economics of security and privacy
- Embedded systems security
- Forensics
- Hardware security
- Intrusion detection and prevention
- Malware and unwanted software
- Mobile and Web security and privacy
- Language-based security
- Network and systems security
- Privacy technologies and mechanisms
- Protocol security
- Secure information flow
- Security and privacy for the Internet of Things
- Security and privacy metrics
- Security and privacy policies
- Security architectures
- Usable security and privacy

This topic list is not meant to be exhaustive; S&P is interested in all aspects of computer security and privacy. Papers without a clear application to security or privacy, however, will be considered out of scope and may be rejected without full review.

Systematization of Knowledge Papers: As in past years, we solicit systematization of knowledge (SoK) papers that evaluate, systematize, and contextualize existing knowledge, as such papers can provide a high value to our community. Suitable papers are those that provide an important new viewpoint on an established, major research area, support or challenge long-held beliefs in such an area with compelling evidence, or present a convincing, comprehensive new taxonomy of such an area. Survey papers without such insights are not appropriate. Submissions will be distinguished by the prefix “SoK:” in the title and a checkbox on the submission form. They will be reviewed by the full PC and held to the same standards as traditional research papers, but they will be accepted based on their treatment of existing work and value to the community, and not based on any new research results they may contain. Accepted papers will be presented at the symposium and included in the proceedings.

For more information, please see http://www.ieee-security.org/TC/SP2017/.

WACC 2017 International Workshop on Assured Cloud Computing and QoS aware Big Data, Held in conjunction with 17th IEEE/ACM International Symposium on Cluster, Cloud and Grid Computing (CCGRID 2017), Madrid, Spain, May 14-17, 2017. [posted here 11/14/16]
WACC draws together researchers, practitioners, and thought leaders from government, industry, and academia. The workshop provides a forum of dialogue centered upon the development and advancement of an effort to design, implement, and evaluate dependable cloud architectures that can provide assurances with respect to security, reliability, and timeliness of computations (or services). Some new “assured” target applications include, but are not limited to, dependable Big Data applications and streaming, data analytics and its tools, real-time computations for monitoring, control of cyber-physical systems such as power systems, and mission critical computations for rescue and recovery. The technical emphasis of WACC is design, implementation, and evaluation of cloud services, data analytics tools, and security solutions to enable dependable Big Data applications. Research on cloud services, ICT-skilled data scientists and application developers can find complementary solutions and partnerships to evaluate and integrate additional solutions. Data scientists can find new tools that could address existing needs.

For more information, please see http://www.eubra-bigsea.eu/WACC_2017.

HOST 2017 IEEE International Symposium on Hardware Oriented Security and Trust, McLean, VA, USA, May 1-5, 2017. [posted here 8/15/16]
IEEE International Symposium on Hardware Oriented Security and Trust (HOST) aims to facilitate the rapid growth of hardware-based security research and development. HOST highlights new results in the area of hardware and system security. Relevant research topics include techniques, tools, design/test methods, architectures, circuits, and applications of secure hardware. HOST 2017 invites original contributions related to, but not limited by, the following topics:
- Hardware Trojan attacks and detection techniques
- Hardware techniques to facilitate software and/or system security
- Hardware-based security primitives (PUFs, RNGs)
- System-on-chip (SoC) security
- Side-channel attacks and protection
- Security, privacy, and trust protocols
- Metrics, policies, and standards related to hardware security
- Hardware IP trust (watermarking, metering, trust verification)
- Trusted manufacturing including split manufacturing and 3D ICs
- Security analysis and protection of Internet of Things (IoT)
- Secure and efficient implementation of crypto algorithms
- Reverse engineering and hardware obfuscation
- Supply chain risks mitigation (e.g., counterfeit detection & avoidance)
- Hardware tampering attacks and protection
- Applications of hardware security to secure system development

For more information, please see http://www.hostsymposium.org.

SEMS 2017 IEEE Workshop on Security for Embedded and Mobile Systems, Held in conjunction with IEEE Euro S&P 2017 and EUROCRYPT 2017, Paris, France, April 30, 2017. [posted here 12/5/16]
Embedded and mobile devices that provide security and crypto functionalities and manage private and confidential data are omnipresent in our daily lives. Examples of such devices range from smart cards and RFID tags, to mobile phones, tablets, and IoT devices. Ensuring the security and privacy of these devices is a challenging problem, as witnessed by recent breaking of crypto and security systems used in mobile phones, car keys, and RFID-enabled cards. Typical threats to extract the keys include side-channel and fault analysis. Additionally, the vulnerabilities of the devices imply also privacy concerns. The operating systems supporting some of those devices, particularly mobile phones and tablets, but also IoT ones, have become very complex. Various sorts of malware present a constant threat for users. Although measures like application sandboxing take place, they also open the court for new attacks by constantly collecting and organizing sensitive information about the user. We especially encourage novel ideas exploiting architecture-specific or novel "out of the box" attacks combining ideas from different communities, e.g., malware detection or privacy violation using side-channels. The workshop seeks submissions from academia and industry presenting novel research results on the following topics of interest:
- Security architectures for embedded and mobile systems
- Physical (side-channel and fault) attacks on embedded and mobile systems
- Hardware security of mobile devices
- (mobile) Malware detection and prevention
- Machine learning applications to highlight possible threats to user privacy
- Privacy-preserving issues for mobile devices
- Secure localization and location privacy for mobile devices
- Security and privacy in the Internet of Things
- Secure execution environments (e.g., TrustZone, TPMs) on mobile devices
- Sensor spoofing attacks

For more information, please see http://sems2017.cs.ru.nl/index.shtml.

S&B 2017 IEEE Security and Privacy on the Blockchain, Held in conjunction with the IEEE EuroS&P and EuroCrypt 2017 Conferences, Paris, France, April 29, 2017. [posted here 11/28/16]
The Security and Privacy on the Blockchain Workshop is the first IEEE forum for research on the security and privacy properties of blockchains as a solution for transactional systems, co-located with EuroCrypt and EuroS&P. We solicit previously unpublished papers offering novel contributions in both Bitcoin and wider blockchain research. Papers may present advances in the theory, design, implementation, analysis, verification, or empirical evaluation and measurement of existing systems. Papers that shed new light on past or informally known results by means of sound formal theory or thorough empirical analysis are welcome. Topics of Interest include:
- Novel attacks on blockchain technologies
- Improvements to core blockchain cryptographic primitives
- Compact ring signatures
- Compact range proofs
- Privacy-Preserving Signature Aggregation
- (De) anonymization of blockchain records
- Improvements of SNARKs for blockchain technologies
- Formal verification of smart contracts
- The security of SPV models
- Game theoretic analysis of proof-of-work
- Relevant Systematization of Knowledge papers
- Security and privacy trade-offs related to scalability and decentralization

For more information, please see http://prosecco.gforge.inria.fr/ieee-blockchain2016.

IEEE EuroSP 2017 2nd IEEE European Symposium on Security and Privacy, Paris, France, April 26-28, 2017. [posted here 7/4/16]
The IEEE European Symposium on Security and Privacy (EuroS&P) is the European sister conference of the established IEEE S&P symposium. It is a premier forum for computer security research, presenting the latest developments and bringing together researchers and practitioners. We solicit previously unpublished papers offering novel research contributions in any aspect of security or privacy. Papers may present advances in the theory, design, implementation, analysis, verification, or empirical evaluation and measurement of secure systems. Papers that shed new light on past results by means of sound of theory or thorough experimentation are also welcome. Topics of interest include:
- Access control
- Accountability
- Anonymity
- Application security
- Cryptography with applied relevance to security and privacy
- Attacks and defenses
- Authentication
- Censorship and censorship-resistance
- Cloud security
- Distributed systems security
- Embedded systems security
- Forensics
- Formal methods for security
- Hardware security
- Human aspects of security and privacy
- Intrusion detection
- Malware
- Metrics
- Mobile security and privacy
- Language-based security
- Network security
- Privacy-preserving systems
- Protocol security
- Secure information flow
- Security and privacy policies
- Security architectures
- System security
- Web security and privacy

For more information, please see http://www.ieee-security.org/TC/EuroSP2017/cfp.php.

WICSPIT 2017 Workshop on Innovative CyberSecurity and Privacy for Internet of Things: Strategies, Technologies, and Implementations, Held in conjunction with the International Conference on Internet of Things, Big Data and Security (IoTBDS 2017), Porto, Portugal, April 24 - 26, 2017. [posted here 1/23/17]
Cyber-attackers are steadily getting more creative and ambitious in their exploits and causing real-world damage (e.g., the German steel mill hack in 2014, the Ukrainian Power Grid hack in 2015). Proprietary and personally identifiable information are vulnerable to leakage as well (e.g., the Sony hack in 2014, the US Office of Personnel Management in 2014). The Internet of Things (IoT), a platform which allows everything to process information, communicate data, and analyze context opens up new vulnerabilities for both security and privacy. Smart buildings and smart cities, for example, will collect and process data for millions of individuals. Industrial systems, which were never intended to be linked via common protocols, are recognized as suddenly being open to security threats that can limit service availability and possibly cause considerable damage. Autonomous systems allowed to operate with minimal oversight are ripe targets for cyber-attacks. Data stored and processed in confidence in the cloud may be subject to exfiltration, leading to public embarrassment or the exposure of proprietary information. As cyber-events increase in number and severity, security engineers must incorporate innovative cybersecurity strategies and technologies to safeguard their systems and confidential information. A strategy to address a cybersecurity vulnerability, once identified, must understand the nature of the vulnerability and how to mitigate it. The “security tax” or “privacy tax” (system and service degradation) caused by the implementation of the mitigating security technologies may be so great that the end user bypasses the technologies and processes meant to ensure the system’s security and privacy. A practical reality of the adoption of IoT is that it will require integration of new technologies with existing systems and infrastructure, which will continue to expose new security and privacy vulnerabilities; re-engineering may be required. The human element of IoT, the user, must be considered, and how the user and the IoT system interact to optimize system security and user privacy must be defined. Cyber-attackers and cyber victims are often in different countries, the transnational nature of many cyber-events necessitate the consideration of public policy and legal concerns as well. This workshop aims to showcase new and emerging strategies and technologies for forecasting, mitigating, countering, and attributing cyber-events that threaten security and privacy within the realm of IoT. The institutional benefits of IoT adoption are clear, however security and privacy concerns are constantly coming to light. As organizations—both public and private, large and small—adopt new IoT technologies, we hope that this workshop can serve as an opening conversation between government, industry, and academia for the purpose of addressing those concerns.

For more information, please see http://iotbds.org/WICSPIT.aspx.

HotSpot 2017 5th Workshop on Hot Issues in Security Principles and Trust, Affiliated with ETAPS 2017, Uppsala, Sweden, April 23, 2017. [posted here 12/5/16]
This workshop is intended to be a less formal counterpart to the Principles of Security and Trust (POST) conference at ETAPS with an emphasis on “hot topics”, both of security and of its theoretical foundations and analysis. Submissions about new and emerging topics (for example, those that have not appeared prominently in conferences and workshops until now) are particularly encouraged. Submissions of preliminary, tentative work are also encouraged. This workshop is organized by IFIP WG 1.7: Theoretical Foundations of Security Analysis and Design.

For more information, please see https://infsec.uni-trier.de/events/hotspot2017.

WAHC 2017 5th Workshop on Encrypted Computing and Applied Homomorphic Cryptography, Held in conjunction with Financial Cryptography & Data Security (FC 2017, Sliema, Malta, April 7, 2017. [posted here 12/5/16]
Secure computation is becoming a key feature of future information systems. Distributed network applications and cloud architectures are at danger because lots of personal consumer data is aggregated in all kinds of formats and for various purposes. Industry and consumer electronics companies are facing massive threats like theft of intellectual property and industrial espionage. Public infrastructure has to be secured against  sabotage and manipulation. A possible solution is encrypted computing: Data can be processed on remote, possibly insecure resources, while program code and data is encrypted all the time. This allows to outsource the computation of confidential information independently from the trustworthiness or the security level of the remote system. The technologies and techniques discussed in this workshop are a key to extend the range of applications that can be securely outsourced. The goal of the workshop is to bring together researchers with practitioners and industry to present, discuss and to share the latest progress in the field. We want to exchange ideas that address real-world problems with practical approaches and solutions.

For more information, please see https://www.dcsec.uni-hannover.de/wahc17.html.

WoC 2017 3rd IEEE International Workshop on Container Technologies and Container Clouds, Held in conjunction with IEEE International Conference on Cloud Engineering (IC2E 2017), Vancouver, Canada, April 4-7, 2017. [posted here 10/31/16]
Containers are a lightweight OS-level virtualization abstraction primarily based on namespace isolation and control groups. In the recent years, container-based virtualization for applications has gained immense popularity thanks to the success of technologies like Docker. Container packaging mechanisms like Docker, LXD and Rkt, as well as management frameworks like Kubernetes, Mesos, etc., are witnessing widespread adoption in the industry today. Container technologies have eliminated the feature parity between development and production environment by enabling developers to package applications and their dependencies as a single unit that can be run across diverse operating environments. Though containers provide a great amount of flexibility and portability from a developer's perspective, there are several important challenges that need to be addressed by the infrastructure provider, in order to run these virtualized applications in a cloud environment. The second workshop on container technologies and container clouds solicits contributions in this area from researchers and practitioners in both the academia and industry. The workshop welcomes submissions describing unpublished research, position papers as well as deployment experiences on various topics related to containers as outlined below:
- Security, isolation and performance of containers
- Network architectures for multi-host container deployments
- Orchestration models for cloud scale deployments
- High availability systems for containerized workloads
- Leveraging hardware support for containers and containerized workloads
- Migrating and optimizing traditional workloads for containers
- Operational issues surrounding management of large clusters of containers
- Container use cases and challenges for HPC, Big Data and IoT applications
- Other topics relevant to containers

For more information, please see http://researcher.watson.ibm.com/researcher/view_group.php?id=7476.

WWW 2017 WWW Security and Privacy Track, Perth, Australia, April 3-7, 2017. [posted here 9/5/16]
The Security and Privacy track at the International World Wide Web Conference offers researchers working on security, privacy, trust, and abuse of trust to present their work to the broad community of researchers, with myriad backgrounds and interests, who will be attending the 2017 World Wide Web Conference. Relevant topics include:
- Human and usability factors in Web security & privacy
- Measurement of online crime/underground economics
- Tracking, profiling, and countermeasures against them
- Measurement, analysis, and circumvention of Web censorship
- Browser security
- Authentication and authorization for Web-based services
- Social network security and privacy
- Security and privacy of web protocols
- Abusive content such as online harassments, spam, and fake reviews
- Privacy-enhancing technologies for the Web
- Legal, ethical, policy issues of Web security and privacy
- Security for Web services (e.g., blogs, Web feed, wikis, social networks)
- Applications of cryptography to the web
- Security in Web-based electronic commerce (e-cash, auctions, etc.)
- Security and privacy for intelligent assistants

For more information, please see http://www.www2017.com.au/call-for-papers/security-and-privacy.php.

ASIACCS 2017 ACM Symposium on Information, Computer and Communications Security, Abu Dhabi, United Arab Emirates, April 2-6, 2017. [posted here 8/22/16]
Building on the success of ACM Conference on Computer and Communications Security (CCS), the ACM Special Interest Group on Security, Audit, and Control (SIGSAC) formally established the annual ACM Asia Conference on Computer and Communications Security (ASIACCS). Topics of interest include but are not limited to:
- Access control
- Accounting and audit
- Applied cryptography
- Authentication
- Big data security and privacy
- Biometrics
- Blockchain and alternatives
- Cloud computing security
- Computer forensics
- Cyber-physical security
- Data and application security
- Embedded systems security
- Formal methods for security
- Hardware-based security & applications
- IoT security & privacy
- Key management
- Malware and botnets
- Mobile computing security
- Network security
- Operating system security
- Practical post-quantum security
- Privacy-enhancing technology
- Runtime attacks and defenses
- Secure computation
- Security architectures
- Security of critical infrastructures
- Security metrics
- Software security
- Threat modeling
- Trusted computing
- Usable security and privacy
- Web security
- Wireless security and privacy

For more information, please see http://asiaccs2017.com/.

SCC 2017 5th International Workshop on Security in Cloud Computing, Held in conjunction with the 12th ACM Symposium on Information, Computer and Communications Security (ASIACCS 2017), Abu Dhabi, UAE, April 2, 2017. [posted here 12/5/16]
Cloud computing has emerged as today's most exciting computing paradigm shift in information technology. With the efficient sharing of abundant computing resources in the cloud, users can economically enjoy the on-demand high quality cloud applications and services without committing large capital outlays locally. While the cloud benefits are compelling, its unique attributes also raise many security and privacy challenges in areas such as data security, recovery, privacy, access control, trusted computing, as well as legal issues in areas such as regulatory compliance, auditing, and many others. To implement secure and privacy-aware environments which can provide on-demand computing and high-quality service for cloud users is extremely urgent. This workshop is intended to bring together researchers, developers, and practitioners in security, privacy and mobile computing communities. We encourage submissions on all theoretical and practical aspects, as well as experimental studies of deployed systems. Topics of interests include (but are not limited to) the following subject categories:
- Secure cloud architecture
- Cloud Cryptography
- Cloud access control and key management
- Identification and privacy in cloud
- Integrity assurance for data outsourcing
- Integrity and verifiable computation
- Computation over encrypted data
- Software and data segregation security
- Secure management of virtualized resources
- Trusted computing technology
- Joint security and privacy aware protocol design
- Failure detection and prediction
- Secure data management within and across data centers
- Availability, recovery and auditing
- Secure computation outsourcing
- Secure mobile cloud

For more information, please see https://conference.cs.cityu.edu.hk/asiaccsscc/.

IoTPTS 2017 3rd International Workshop on IoT Privacy, Trust, and Security, Held in conjunction with the 12th ACM Symposium on Information, Computer and Communications Security (ASIACCS 2017), Abu Dhabi, UAE, April 2, 2017. [posted here 11/21/16]
The Internet of Things (IoT) is the next great technology frontier. At a basic level, IoT refers simply to networked devices, but the IoT vision is a complex ecosystem that ranges from cloud backend services and big-data analytics to home, public, industrial, and wearable sensor devices and appliances. Architectures for these systems are in the formative stages, and now is the time to ensure privacy, trust, and security are designed into these systems from the beginning. We encourage submissions on all aspects of IoT privacy, trust, and security. Topics of interest include (but are not limited) to the following areas:
- Privacy and IoT data
- Privacy attacks for IoT
- Trust management and device discoverability for IoT
- Usability of privacy and security systems in IoT
- User risk perceptions and modeling for IoT
- Policy Management and enforcement for IoT
- Authentication and access control for users for IoT
- Cryptography for IoT
- Attack detection and remediation for IoT
- Security architectures for IoT systems and applications

For more information, please see https://sites.google.com/site/iotpts2017/.

CPSS 2017 3rd ACM Cyber-Physical System Security Workshop, Abu Dhabi, UAE, April 2, 2017. [posted here 10/10/16]
Cyber-Physical Systems (CPS) consist of large?scale interconnected systems of heterogeneous components interacting with their physical environments. There are a multitude of CPS devices and applications being deployed to serve critical functions in our lives. The security of CPS becomes extremely important. This workshop will provide a platform for professionals from academia, government, and industry to discuss how to address the increasing security challenges facing CPS. Besides invited talks, we also seek novel submissions describing theoretical and practical security solutions to CPS. Papers that are pertinent to the security of embedded systems, SCADA, smart grid, and critical infrastructure networks are all welcome, especially in the domains of energy and transportation. Topics of interest include, but are not limited to:
- Authentication and access control for CPS
- Autonomous vehicle security
- Availability, recovery and auditing for CPS
- Data security and privacy for CPS
- Embedded systems security
- EV charging system security
- Industrial control system security
- Intrusion detection for CPS
- IoT security
- Key management in CPS
- Legacy CPS system protection
- Lightweight crypto and security
- Risk assessment for CPS
- SCADA security
- Security architectures for CPS
- Smart grid security
- Threat modeling for CPS
- Urban transportation system security
- Vulnerability analysis for CPS
- Wireless sensor network security

For more information, please see http://icsd.i2r.a-star.edu.sg/cpss17/.

INTRICATE-SEC 2017 5th International Workshop on Security Intricacies in Cyber-Physical Systems and Services, Taipei, Taiwan, March 27-29, 2017. [posted here 5/16/16]
Cyber-physical systems (CPS) are ubiquitous in critical infrastructures such as electrical power generation, transmission, and distribution networks, water management, and transportation, but also in both industrial and home automation. For flexibility, convenience, and efficiency, CPS are increasingly supported by commodity hardware and software components that are deliberately interconnected using open standard general purpose information and communication technology (ICT). The long life-cycles of CPS and increasingly incremental changes to these systems require novel approaches to the composition and inter-operability of services provided. The paradigm of service-oriented architectures (SoA) has successfully been used in similar long-lived and heterogeneous software systems. However, adapting the SoA paradigm to the CPS domain requires maintaining the security, reliability and privacy properties not only of the individual components but also, for complex interactions and service orchestrations that may not even exist during the initial design and deployment of an architecture. An important consideration therefore is the design and analysis of security mechanisms and architectures able to handle cross domain inter-operability over multiple domains involving components with highly heterogeneous capabilities. The INTRICATE-SEC workshop aims to provide a platform for academics, industry, and government professionals to communicate and exchange ideas on provisioning secure CPS and Services.

For more information, please see https://goo.gl/562zhD.

IWSPA 2017 3rd ACM International Workshop on Security and Privacy Analytics, Co-located with ACM CODASPY 2017, Scottsdale, Arizona, USA, March 24, 2017. [posted here 10/17/16]
Increasingly, sophisticated techniques from machine learning, data mining, statistics and natural language processing are being applied to challenges in security and privacy fields. However, experts from these areas have no medium where they can meet and exchange ideas so that strong collaborations can emerge, and cross-fertilization of these areas can occur. Moreover, current courses and curricula in security do not sufficiently emphasize background in these areas and students in security and privacy are not emerging with deep knowledge of these topics. Hence, we propose a workshop that will address the research and development efforts in which analytical techniques from machine learning, data mining, natural language processing and statistics are applied to solve security and privacy challenges (“security analytics”). Submissions of papers related to methodology, design, techniques and new directions for security and privacy that make significant use of machine learning, data mining, statistics or natural language processing are welcome. Furthermore, submissions on educational topics and systems in the field of security analytics are also highly encouraged.

For more information, please see http://capex.cs.uh.edu/?q=content/international-workshop-security-and-privacy-analytics-2017.

CODASPY 2017 7th ACM Conference on Data and Application Security and Privacy Scottsdale, Arizona, USA, March 22-24 2017. [posted here 9/5/16]
Data and applications security and privacy has rapidly expanded as a research field with many important challenges to be addressed. The goal ofthe ACM Conference on Data and Applications Security (CODASPY) is to discuss novel, exciting research topics in data and application security and privacy, and to lay out directions for further research and development in this area. The conference seeks submissions from diverse communities, including corporate and academic researchers, open-source projects, standardization bodies, governments, system and security administrators, software engineers and application domain experts. Topics of interest include, but are not limited to:
- Application-layer security policies
- Access control for applications
- Access control for databases
- Data-dissemination controls
- Data forensics
- Enforcement-layer security policies
- Privacy-preserving techniques
- Private information retrieval
- Search on protected/encrypted data
- Secure auditing
- Secure collaboration
- Secure data provenance
- Secure electronic commerce
- Secure information sharing
- Secure knowledge management
- Secure multiparty computation
- Secure software development
- Securing data/apps on untrusted platforms
- Securing the semantic web
- Security and privacy in GIS/spatial data
- Security and privacy in healthcare
- Security and privacy in the Internet of Things
- Security policies for databases
- Social computing security and privacy
- Social networking security and privacy
- Trust metrics for applications, data, and users
- Usable security and privacy
- Web application security

For more information, please see http://www.codaspy.org/.

DFRWS-EU 2017 DFRWS digital forensics EU conference, Lake Constance, Germany, March 21-23, 2017. [posted here 7/25/16]
This year two premier research conferences in Europe, the DFRWS digital forensics conference (DFRWS EU 2017) and the International Conference on IT Security Incident Management & IT Forensics (IMF 2017) are brought together. Established in 2001, DFRWS has become the premier digital forensics conference, dedicated to solving real world challenges, and pushing the envelope of what is currently possible in digital forensics. Since 2003, IMF has established itself as one of the premier venues for presenting research on IT security incident response and management and IT forensics. While the first IMF conference was organized to establish a research forum for German speaking researchers and practitioners from the field, it soon became an International conference attracting many experts across Europe. IMF 2017, being the 10th Conference, is also an important mile stone in bringing the two worlds of IT security incident response and management and forensics together. Both DFRWS and IMF organise informal collaborative environments each year that bring together leading researchers, practitioners, industry, tool developers, academics, law enforcement, and other government bodies from around the globe to tackle current and emerging challenges in their fields. The co-hosting of the two events will help generate new discussions and ideas by bringing together two strong research communities: DFRWS’s community encompassing a broad range of topics in digital forensics, and IMF’s community focusing on IT security incident response and management.

For more information, please see http://www.dfrws.org/conferences/dfrws-eu-2017.

NDSS 2017 Network and Distributed System Security Symposium, San Diego, California, USA, February 26 - March 1, 2017. [posted here 6/13/16]
The Network and Distributed System Security Symposium fosters information exchange among researchers and practitioners of network and distributed system security. The target audience includes those interested in practical aspects of network and distributed system security, with a focus on actual system design and implementation. A major goal is to encourage and enable the Internet community to apply, deploy, and advance the state of available security technologies. Technical papers and panel proposals are solicited. All submissions will be reviewed by the Program Committee and accepted submissions will be published by the Internet Society in the Proceedings of NDSS 2017. The Proceedings will be made freely accessible from the Internet Society webpages. Furthermore, permission to freely reproduce all or parts of papers for noncommercial purposes is granted provided that copies bear the Internet Society notice included in the first page of the paper. The authors are therefore free to post the camera-ready versions of their papers on their personal pages and within their institutional repositories. Reproduction for commercial purposes is strictly prohibited and requires prior consent. Submissions are solicited in, but not limited to, the following areas:
- Anti-malware techniques: detection, analysis, and prevention
- Combating cyber-crime: anti-phishing, anti-spam, anti-fraud techniques
- Security for future Internet architectures and designs (e.g., Software-Defined Networking)
- High-availability wired and wireless networks
- Implementation, deployment and management of network security policies
- Integrating security in Internet protocols: routing, naming, network management
- Intellectual property protection: protocols, implementations, metering, watermarking, digital rights management
- Intrusion prevention, detection, and response
- Privacy and anonymity technologies
- Security and privacy for distributed cryptocurrencies
- Security and privacy in social networks
- Public key infrastructures, key management, certification, and revocation
- Special problems and case studies: e.g., tradeoffs between security and efficiency, usability, reliability and cost
- Security for collaborative applications: teleconferencing and video-conferencing
- Security for cloud computing
- Security for emerging technologies: sensor/wireless/mobile/personal networks and systems
- Security for future home networks, Internet of Things, body-area networks
- Security for large-scale systems and critical infrastructures (e.g., electronic voting, smart grid)
- Security for peer-to-peer and overlay network systems
- Security for Vehicular Ad-hoc Networks (VANETs)
- Security of Web-based applications and services
- Trustworthy Computing mechanisms to secure network protocols and distributed systems
- Usable security and privacy

For more information, please see https://www.internetsociety.org/events/ndss-symposium/ndss-symposium-2017/ndss-2017-call-papers.

USEC 2017 Usable Security Mini Conference, Co-located with NDSS 2017, San Diego, California, USA, February 26, 2017. [posted here 10/31/16]
One cannot have security and privacy without considering both the technical and human aspects thereof. If the user is not given due consideration in the development process, the system is likely to enable users to protect their privacy and security in the Internet. Usable security and security is more complicated than traditional usability. This is because traditional usability principles cannot always be applied. For example, one of the cornerstones of usability is that people are given feedback on their actions, and are helped to recover from errors. In authentication, we obfuscate password entry (a usability fail) and we give people no assistance to recover from errors. Moreover, security is often not related to the actual functionality of the system, so people often see it as a bolt-on, and an annoying hurdle. These and other usability challenges of security are the focus of this workshop. We invite submissions on all aspects of human factors including mental models, adoption, and usability in the context of security and privacy. USEC 2017 aims to bring together researchers already engaged in this interdisciplinary effort with other computer science researchers in areas such as visualization, artificial intelligence, machine learning and theoretical computer science as well as researchers from other domains such as economics, legal scientists, social scientists, and psychology. We particularly encourage collaborative research from authors in multiple disciplines. It is the aim of USEC to contribute to an increase of the scientific quality of research in human factors in security and privacy. To this end, we encourage the use of replication studies to validate research findings. This important and often very insightful branch of research is sorely under-represented in human factors in security and privacy research to date. Papers in these categories should be clearly marked as such and will not be judged against regular submissions on novelty. Rather, they will be judged based on scientific quality and value to the community. We also encourage reports of failed experiments, since their publication will serve to prevent others falling into the same traps. Topics include, but are not limited to:
- Human factors related to the deployment of the Internet of Things (New topic for 2017)
- Usable security / privacy evaluation of existing and/or proposed solutions
- Mental models that contribute to, or complicate, security or privacy
- Lessons learned from designing, deploying, managing or evaluating security and privacy technologies
- Foundations of usable security and privacy incl. usable security and privacy patterns
- Ethical, psychological, sociological, economic, and legal aspects of security and privacy technologies

For more information, please see http://www.dcs.gla.ac.uk/~karen/usec/.

SG-CRC 2017 2nd Singapore Cyber Security R&D Conference, Singapore, February 21-22, 2017. [posted here 9/5/16]
This conference will bring together academics and practitioners from across the world to participate in a vibrant programme consisting of research papers, industrial best practices, and tools exhibition. This conference focus on techniques and methodologies oriented to construct resilient systems against cyber-attacks that will helps to construct safe execution environments, improving security of both hardware and software by means of using mathematical tools and engineering approaches for designing, verifying, and monitoring cyber physical systems. Authors are invited to submit original work on the topics that fall in the general area of cyber security. Submissions may focus on theoretical results, experiments, or a mix of both.

For more information, please see http://www.comp.nus.edu.sg/~tsunami/sg-crc17/.

IFIP 119 DF 2017 13th Annual IFIP WG 11.9 International Conference on Digital Forensics, Orlando, Florida, USA, January 30-February 1, 2017. [posted here 7/4/16]
The IFIP Working Group 11.9 on Digital Forensics (www.ifip119.org) is an active international community of scientists, engineers and practitioners dedicated to advancing the state of the art of research and practice in digital forensics. The Thirteenth Annual IFIP WG 11.9 International Conference on Digital Forensics will provide a forum for presenting original, unpublished research results and innovative ideas related to the extraction, analysis and preservation of all forms of electronic evidence. Papers and panel proposals are solicited. All submissions will be refereed by a program committee comprising members of the Working Group. Papers and panel submissions will be selected based on their technical merit and relevance to IFIP WG 11.9. The conference will be limited to approximately sixty participants to facilitate interactions between researchers and intense discussions of critical research issues. Keynote presentations, revised papers and details of panel discussions will be published as an edited volume - the eleventh volume in the well-known Research Advances in Digital Forensics book series (Springer, Heidelberg, Germany) during the summer of 2017. Technical papers are solicited in all areas related to the theory and practice of digital forensics. Areas of special interest include, but are not limited to:
- Theories, techniques and tools for extracting, analyzing and preserving digital evidence
- Network and cloud forensics
- Embedded device forensics
- Digital forensic processes and workflow models
- Digital forensic case studies
- Legal, ethical and policy issues related to digital forensics

For more information, please see http://www.ifip119.org/.