Electronic Issue (EI) #59,  March 15, 2004

Contents:

• Letter from the Editor 
   

• Conference and Workshop Announcements

  • Preliminary program for the Security and Privacy Symposium, May 9-12, 2004

  • Cipher calls-for-papers and calendar
      new calls or announcements added since Cipher E58 (the calls-for-papers and the calendar announcements may differ slightly in content or time of update): 

  • April 2004

    IEEE Internet Computing Special Homeland Security Issue
    November/December 2004. (submissions due April 1, 2004) [posted 02/18/04]

    Guest Editors
    Michael Reiter - Carnegie Mellon University
    Pankaj Rohatgi - IBM T.J. Watson Research Center
    

    "Homeland security" is a major concern for governments worldwide, which must protect their populations and the critical infrastructures that support them, including power systems, communications, government and military functions, and food and water supplies. In this special issue, we seek contributions describing the role of Internet and information technologies in homeland security, both as an infrastructure to be protected and as a tool for enabling the defense of other critical infrastructures.

    On one hand, information technology can be used for mitigating risk and enabling effective responses to disasters of natural or human origin. However, its suitability for this role is plagued by questions ranging from dependability concerns to the risks that some technologies -- surveillance, profiling, information aggregation, and so on -- pose to privacy and civil liberties.

    On the other hand, information technology is itself an infrastructure to be protected. This includes not only the Internet infrastructure but also the complex systems that control critical infrastructure such as energy, transportation, and manufacturing. While control systems have traditionally been proprietary and closed, the trend toward the use of standard computer and networking technologies coupled with the use of more open networks for communication makes these systems increasingly vulnerable to catastrophic attacks and failures.

    We invite researchers and information technologists to submit original articles on the use of Internet and information technologies for homeland security and on the protection of critical technology assets. Of particular interest are articles that describe technology within the context of an actual deployment or initiative in homeland security. Indeed, articles focusing on these larger initiatives or the policy debates surrounding them are also welcome, provided that they offer a strong technology component. Articles detailing technology without a compelling application to homeland security are discouraged. Commercial advertisements will be rejected.

    Relevant topics include, but are not limited to:

    • Identification, authentication, biometrics, and access Control;
    • Survivable/rapidly deployable emergency command and control infrastructure;
    • Risk assessment and recovery planning;
    • Sensor network based early-warning systems;
    • Surveillance, data aggregation, and mining technologies and associated privacy issues;
    • Controlled sharing of sensitive information among organizations;
    • Information and cybersecurity;
    • High-availability, resilient, and survivable infrastructure design; and
    • Detection and response to vulnerabilities and attacks on the Internet and on IT components in critical infrastructure.

    For more information, please see http://www.computer.org/internet/call4ppr.htm

  • FCS 2004 Foundations of Computer Security Workshop, Turku, Finland, July 12-13, 2004. (submissions due April 2, 2004) [posted 1/25/04]

    The aim of this workshop is to provide a forum for continued activity in this area, to bring computer security researchers in contact with the LICS'04 and ICALP'04 communities, and to give LICS and ICALP attendees an opportunity to talk to experts in computer security. We are interested both in new results in theories of computer security and also in more exploratory presentations that examine open questions and raise fundamental concerns about existing theories.

    Topics include, but are not limited to:

    Composition issues              authentication
    Formal specification            availability and denial of service
    Foundations of verification     covert channels
    Information flow analysis       cryptographic protocols
    Language-based security         confidentiality
    Logic-based design for integrity and privacy
    Program transformation          intrusion detection
    Security models                 malicious code
    Static analysis                 mobile code
    Statistical methods             mutual distrust
    Trust management                security policies
    

    For more details, see: http://www.cs.chalmers.se/~andrei/FCS04/.
  • ICICS 2004 Sixth International Conference on Information and Communications Security, Malaga, Spain, October 27-29, 2004. (submissions due May 31, 2004) [posted 2/18/04]

    The 2004 International Conference on Information and Communications Security will be the sixth event in the ICICS conference series, started in 1997, that brings together individuals involved in multiple disciplines of Information and Communications Security in order to foster exchange of ideas. Original papers are solicited for submission.

    Areas of interest include but are not limited to:

    • Anonymity
    • Authentication and Authorization
    • Biometrics
    • Computer Forensics
    • Critical Infrastructures Protection
    • Cryptography and its Applications
    • Data and Systems Integrity
    • Design and Analysis of Cryptosystems
    • Electronic Commerce Security
    • Fraud Control and Information Hiding
    • Information and Security Assurance
    • Intellectual Property Protection
    • Intrusion Detection and Response
    • Key Management and Key Recovery
    • Mobile Communications Security
    • Network Security
    • Privacy Protection
    • Risk Evaluation and Security Certification
    • Security Models
    • Security Protocols
    • Software Protection
    • Smart Cards
    • Trust Management
    • Watermarking
    For more information, see http://icics04.lcc.uma.es for details.
  • WiSe 2004 Workshop on Wireless Security (in conjunction with MobiCom 2004), Philadelphia, PA, USA, October 1, 2004. (submissions due 14 June 2004) [posted 1/19/04]

    The objective of this workshop is to bring together researchers from research communities in wireless networking, security, applied cryptography, and dependability; with the goal of fostering interaction. With the proliferation of wireless networks, issues related to secure and dependable operation of such networks are gaining importance. Topics of interest include, but are not limited to:

    • Trust establishment
    • Key management in wireless/mobile environments
    • Economic incentives for collaboration
    • Security modeling and protocol design in the context of rational/malicious adversaries
    • Light-weight cryptography, efficient protocols and implementations
    • Intrusion detection, detection of malicious behaviour
    • Revocation of malicious parties
    • Secure PHY/MAC/routing protocols
    • Secure location determination
    • Denial of service
    • Privacy (location, contents, actions)
    • Anonymity, prevention of traffic analysis
    • Dependable wireless networking
    • Monitoring and surveillance
    More information can be found at http://www.ece.cmu.edu/~adrian/wise2004
• Upcoming conferences and paper submission dates
  • 3/ 1/04- 3/ 4/04: PKC, Public Key Cryptography '04, Singapore, http://www.i2r.a-star.edu.sg/pkc2004/
  • 3/ 1/04: WEIS, Workshop on Economics and Information Security, Minneapolis, MN; ; Submissions are due; weissub@dtc.umn.edu; http://www.dtc.umn.edu/weis2004/
  • 3/ 3/04- 3/ 5/04: PRDC, Pacific Rim International Symposium on Dependable Computing, Papeete, Tahiti; http://www.laas.fr/PRCD10
  • 3/11/04: WSEG, Brazilian Workshop On Security Of Computing Systems, Gramado, Brazil; ; Submissions are due; paschoal@exatas.unisinos.br; http://www.sbrc2004.ufrgs.br/
  • 3/14/04: PerSec, Workshop on Pervasive Computing and Communication Security, Orlando, Florida; http://www.list.gmu.edu/persec
  • 3/15/04: TheSecConf, The Security Conference, Las Vegas, NV ; Submissions of abstracts are due; gdhillon@vcu.edu; http://www.isy.vcu.edu/~gdhillon/security/
  • 3/26/04: ESORICS, European Symposium on Research in Computer Security, French Riviera, France; ; Submissions are due; Refik.Molva@eurecom.fr; http://esorics04.eurecom.fr
  • 3/29/04- 3/31/04: AINA, International Conference on Advanced Information Networking and Applications, Fukuoka, Japan; http://www.takilab.k.dendai.ac.jp/conf/aina/2004/
  • 3/31/04: RAID, Recent Advances in Intrusion Detection, French Riviera, France; ; Submissions are due; molva@eurecom.fr; http://raid04.eurecom.fr
  • 4/ 1/04: IEEE Internet Computing, Special Issue on Homeland Security, submissions are due; http://www.computer.org/internet/call4ppr.htm
  • 4/ 2/04: ISC, Information Security Conference, Palo Alto, CA, Submissions are due; isc04inquiry@uncc.edu; http://isc04.uncc.edu
  • 4/ 2/04: FCS, Foundations of Computer Security, Turku, Finland; submissions are due; http://www.cs.chalmers.se/~andrei/FCS04/
  • 4/ 2/04: WOLFASI, Workshop on Logical Foundations of an Adaptive Security Infrastructure, Turku, Finland; ; Submissions are due; marcus@aero.org; http://www.dcs.ed.ac.uk/home/als/lics/lics04/
  • 4/ 2/04: WISP, Security Issues with Petri Nets and other Computational Models, Bologna, Italy; ; Submissions are due; busi@cs.unibo.it; http://www.iit.cnr.it/staff/fabio.martinelli/WISP2004cfp.htm
  • 4/ 5/04- 4/ 7/04: IAS, Information Assurance and Security, Las Vegas, Nevada; http://www.cs.okstate.edu/~aa/itcc04/itcc04.html
  • 4/ 5/04- 4/ 7/04: ITCC International Conference on Information Technology Coding and Computing, Las Vegas, NV; http://www.isebis.eng.uerj.br/crypto2004.html
  • 4/ 8/04- 4/ 9/04: IAIW, IEEE International Workshop on Information Assurance, Charlotte, NC; http://iwia.org/2004
  • 4/10/04: NSPW, New Security Paradigms Workshop, Nova Scotia, Canada; Submissions are due; carla@atc-nycorp.com; http://www.nspw.org
  • 4/14/04- 4/17/04: IAWS, Workshop on Information Assurance, Phoenix, Arizona; http://www.tele.pitt.edu/~sais/iaws04
  • 4/14/04- 4/15/04: TheSecConf,The Security Conference, Las Vegas, NV; http://www.isy.vcu.edu/~gdhillon/security/
  • 4/15/04: ARSPA, Automated Reasoning for Security Protocols Analysis, Cork, Ireland; ; Submissions are due; arspa@avispa-project.org; http://www.avispa-project.org/arspa
  • 4/16/04: CEAS, Conference on Email and Anti-spam, Mountain View, CA; Submissions are due; information@ceas.cc; http://www.ceas.cc
  • 5/ 3/04: CCS-11, ACM Conference On Computer And Communications Security, Washington DC, ; Submissions are due; http://www.acm.org/sigsac/ccs/CCS2004
  • 5/ 9/04- 5/12/04: IEEE Security and Privacy Symposium, Oakland, CA; http://www.ieee-security.org/TC/SP2004/oakland04.html
  • 5/10/04: WSEG, Brazilian Workshop On Security Of Computing Systems, Gramado, Brazil; http://www.sbrc2004.ufrgs.br
  • 5/13/04- 5/14/04: WEIS, Workshop on Economics and Information Security, Minneapolis, MN; http://www.dtc.umn.edu/weis2004/
  • 5/14/04- 5/17/04: ICCSA, International Conference On Computational Science And Its Applications, S. Maria degli Angeli, Assisi(PG), Italy;
  • 5/17/04- 5/22/04: WWW, World Wide Web Conference, New York City, NY; http://www2004.org/
  • 5/21/04: LCN, Conference on Local Computer Networks, Tampa, Florida; ; Submissions are due; sjha@cse.unsw.edu.au; http://www.ieeelcn.org
  • 5/23/04- 5/25/04: IH, Information Hiding Workshop, Toronto, Canada; http://msrcmt.research.microsoft.com/IH2004/CallForPapers.aspx
  • 5/26/04- 5/28/04: WPET, Workshop on Privacy Enhancing Technologies, Toronto, Canada; http://petworkshop.org/
  • 5/31/04: ICICS, International Conference on Information and Communications Security, Malaga, Spain; submissions are due; http://icics04.lcc.uma.es
  • 5/31/04: FOSAD, School on Foundations of Security Analysis and Design, Bertinoro, Italy ; applications are due; gorrieri@cs.unibo.it; http://www.sti.uniurb.it/events/fosad

• Commentary and Opinion

  • Robert Bruen's review of Security Warrior by Peikari, Cyrus and Anton Chuvakin

  • Robert Bruen's review of Hacking. The Art of Exploitation by Jon Erikson

  • Robert Bruen's review of Security Assessment Case Studies for Implementing the NSA IAM by Miles, Greg, Russ Rogers, Ed Fuller, Matthew Hoagberg and Ted Dykstra

• NewsBits:  Announcements and correspondence from readers (please contribute!)

  • TISSEC Editor-in-Chief Position
    Nominations are invited for the next Editor-in-Chief of ACM Transactions on Information and System Security. Self-nominations are welcome. Candidates should be well-established researchers in Computer Security who have sufficient experience serving on program committees and journal editorial boards. Candidates are asked to send a current curriculum vita and a brief (one to three pages) statement of vision for TISSEC to: Gul Agha, Chair, ACM TISSEC EIC Search Committee, agha@cs.uiuc.edu, by April 20, 2004. Nominations received after April 20 will be considered up until the position has been filled.
  • NSF's Cyber Trust Program will make awards for research towards making networked computers more secure. The deadline for proposals is March 31, 2004.

    "Networked computers reside at the heart of systems on which people now rely, both in critical national infrastructures and in their homes, cars, and offices. Today, many of these systems are far too vulnerable to cyber attacks that can inhibit their function, corrupt important data, or expose private information."

  • News Items
    • FreeS/WAN project concludes, via Michael Richardson
    • News from CERT and CyLab, from Sven Dietrich
    • NIST Announcements, SHS and RNG, from Elaine Barker
    • Indiana Information Security Week, by Gene Spafford
    • Voice-over-IP Vulnerabilities, contributed by Richard Schroeppel
    • Scattered Glitches as E-Voting Gets Biggest Test
    • IETF Conference Debates Antispam Proposals
    • Did Your Vote Count? New Coded Ballots May Prove It Did
    • Passing Packets Under Ever More Scrutiny

  • Book reviews from past Cipher issues

  • Conference Reports and Commentary from past Cipher issues

  • News items from past Cipher issues

 

• Reader's guide to recent security and privacy literature
  (last updated March 15, 2002)

 

• Listing of academic positions available  by Cynthia Irvine
  

 

• Staying in touch....

  • New address:
       Charles N. Payne, Jr.
       Member, Technical Staff
       Adventium Labs
       100 Mill Place
       111 Third Avenue South
       Minneapolis, MN 55401 USA
       http://www.adventiumlabs.org
       EMAIL: charles.payne@adventiumlabs.org
    
    

  • Information for Subscribers and Contributors

  • Who's where: recent address changes

  • Changing your email address?  Please send updates to cipher@ieee-security.org

   
• Interesting links  and reports available via FTP and WWW