 |
|
Commentary and Opinion
At the 2005 IEEE SRSP conference, Li and Tripunitara presented a
refutation of 2004 IEEE SRSP paper by Sloan and Solworth.
During the question period, a representative of Sloan and Solworth
read a statement objecting to some claims in the 2005 paper.
Both sides were invited to submit an informative statement to
Cipher, as a way of motivating wider community scrutiny
of the formal aspects of discretionary access control.
The statements of the two sides.
Review of the Financial Cryptography Conference (Roseau, Dominica, February 28-March 3, 2005) by Allan Friedman
Robert Bruen's review of Silence on the Wire. A Field Guide to Passive Reconnaissance and Indirect Attacks by Michal Zalewski
Robert Bruen's review of Darknet: Hollywood's War Against the Digital Generation by J. D. Lasica
Robert Bruen's review of Secrets of Reverse Engineering by Eldad Eilam
Announcements, correspondence, and news items from readers (please contribute!)
Conference and Workshop Announcements
See also the complete online Cipher
calls-for-papers
and
calendar
International Journal of Wireless and Mobile Computing (IJWMC), Special Issue on Security of Computer Network and Mobile Systems, Issue 1, 2006. (Submission due 1 June 2005)
Guest editors: Feng Bao (Institute for Infocomm Research, Singapore), Colin Boyd (QUT, Australia), Dieter Gollmann (TU Hamburg, Germany), Kwangjo Kim (ICU, Korea), Kaoru Kurosawa (Ibaraki Univ., Japan), Masahiro Mambo (Tsukuba Univ., Japan), Chris Mitchell (RHUL, UK), Yi Mu (Univ. of Wollongong, Australia), Phillip Rogaway (UC Davis, USA), Willy Susilo(Univ. of Wollongong, Australia), Vijay Varadharajan (Macquarie Univ., Australia), Moti Yung (Columbia Univ., USA), and Fangguo Zhang (Sun Yat-Sen Univ., China)
Computer networks play an important role on connecting resources and people. Advances of computer technology have been pushing forward computer networks for high speed and broad bandwidth. Security must be enforced to suit the emerging technologies. With the emergence of wireless technologies, such as IEEE 802.11 and Bluetooth, mobile users are enabled to connect to each other wirelessly. It can be realized with or without any networking infrastructure (ad-hoc mode). Wireless access networks are rapidly becoming a part of our everyday life. However, the security concerns remain a serious impediment to widespread adoption. The underlying radio communication medium for wireless network provides serious exposure to attacks against wireless networks. Research on security in computer networks and mobile systems covers many issues. There are many open issues to be solved. Areas of interest for this special journal issue include, but are not limited to, the following topics:
AMESP 2005 Workshop on Appropriate Methodology for Empirical Studies of Privacy, Rome, Italy, September 12, 2005. (Submissions due 23 May 2005)
The workshop aims to reflect on appropriate methodology to empirically study privacy issues related to technology by drawing upon both theoretical perspectives as well as practical experiences. Successful as well as failed empirical investigations could prove quite illuminating for this purpose. Some of the questions the workshop plans to address include:
CNFR 2005 Computer Network Forensics Research Workshop, Held in conjunction with the 1st International Conference on Security and Privacy for Emerging Areas in Communication Networks(SECURECOMM 2005), Athens, Greece, September 5-9, 2005. (Submissions due 25 May 2005)
The First Computer Network Forensics Research Workshop will bring together researchers and practitioners of computer network forensics to further define and refine field while sharing their research results. Goals of CNFR '05 are (a)disseminate New and in-progress research in network forensics, (b) define Network Forensics as an area, how it relates to other areas and what new problems are to be faced, and (c) build a community of those interested in network forensics. Topics of interest to the workshop include, but are not limited to:
WMASH 2005 3rd ACM International Workshop on Wireless Mobile Applications and Services on WLAN Hotspots, Held in conjunction with ACM MOBICOM 2005, Cologne, Germany, September 2, 2005. (Submission due 30 May 2005)
The goal of the workshop is to address and discuss the technical and business challenges, ideas, views, and research results in providing public wireless Internet services and applications for nomadic users in small, highly-populated, public spaces (wireless LANs and "hotspots"). We are specifically interested in work dealing with network layer and above (layers 3-7). However, cross-layer solutions including MAC interaction as well as ESS management via IAPP are welcome. Within the context of interest to this workshop, a list of topics includes, but is not limited to:
LBFCM 2005 Workshop on the Link Between Formal and Computational Models, Paris, France, June 23-24, 2005. (Submissions (abstracts only) due 31 May 2005)
LBFCM workshop will focus on the relations between the symbolic (Dolev-Yao) model and the computational(complexity-theoretic) model, and more broadly on new advances and research directions in protocol verification. We wish to invite you to participate in this informal workshop on the verification of security protocols.
SecCo 2005 3rd International Workshop on Security Issues in Concurrency, San Francisco, CA, USA, August 21-22, 2005. (Submissions due 1 June 2005)
The 3rd International Workshop on Security Issues in Concurrency (SecCo'05) follows the success of SecCo'03 (held in conjunction with ICALP'03) and SecCo'04 (held in conjunction with CONCUR'04). New networking technologies require the definition of models and languages adequate for the design and management of new classes of applications. Innovations are moving in two directions: on the one hand, the Internet which supports wide area applications, on the other hand, smaller networks of mobile and portable devices which support applications based on a dynamically reconfigurable communication structure. In both cases, the challenge is to develop applications while at design time there is no knowledge of the availability and/or location of the involved entities. Coordination models, languages and middlewares, which advocate a distinct separation between the internal behaviour of the entities and their interaction, represent a promising approach. However, due to the openness of these systems, new critical aspects come into play, such as the need to deal with malicious components or with a hostile environment. Current research on network security issues (e.g. secrecy, authentication, etc.) usually focuses on opening cryptographic point-to-point tunnels. Therefore, the proposed solutions in this area are not always exploitable to support the end-to-end secure interaction between entities whose availability or location is not known beforehand. Topics of interest include, but are not limited to:
DFRWS 2005 5th Annual Digital Forensics Research Workshop, New Orleans, LA, USA, August 17-19, 2005. (Submissions due 1 June 2005)
The purpose of this workshop is to bring together researchers, practitioners, and educators interested in digital forensics. We welcome the participation of people in industry, government, law enforcement, and academia who are interested in advancing the state of the art in digital forensics by sharing their results, knowledge, and experiences. We are looking for research papers, demo proposals, and panel proposals. Major areas of interest include, but are not limited to, the following topics:
FMSE 2005 3nd ACM Workshop on Formal Methods in Security Engineering From Specifications to Code, Held in conjunction with the 12th ACM Conference on Computer and Communications Security (CCS 2005), Fairfax, VA, USA, November 11, 2005. (Submissions due 3 June 2005)
Information security has become a crucial concern for the commercial deployment of almost all applications and middleware. Despite this commonly recognized fact, the incorporation of security requirements in the software development process is not yet well understood. The deployment of security mechanisms is often done in an ad-hoc manner only, without a formal security specification, often without a thorough security analysis and almost necessarily without a formal security validation of the final product. That is, a process is lacking for making the transition from high-level security models and policies through development to code. We aim to bring together researchers and practitioners from both the security and the software engineering communities, from academia and industry, who are working on applying formal methods to designing and validating large-scale systems. We are seeking submissions addressing foundational issues in:
FloCon 2005 2nd Annual FloCon 2005 Analysis Workshop, New Orleans, Louisiana, USA, September 20-22, 2005. (Submissions due 6 June 2005)
FloCon is an open workshop that provides a forum for researchers, operational analysts, and other parties interested in the security analysis of large volumes of traffic to develop the next generation of flow-based analysis. Flow is an abstraction of network traffic in which packets are grouped together by common attributes over time. In security, flow has been used to survey and analyze large networks and long periods of time, but the field is still in its infancy. FloCon 2005 will have an active workshop structure: our goal is to have presentations coupled with working breakout sessions on specific topics. Based on submissions and suggestions, we will develop a three-day track. Appropriate topics include, but are not limited to, the following:
WiSe 2005 ACM Workshop on Wireless Security, Held in conjunction with ACM MobiCom 2005, Cologne, Germany, August 28 - September 2, 2005. (Submissions due 10 June 2005)
The objective of this workshop is to bring together researchers from research communities in wireless networking, security, applied cryptography, and dependability; with the goal of fostering interaction. With the proliferation of wireless networks, issues related to secure and dependable operation of such networks are gaining importance. Topics of interest include, but are not limited to:
QoP 2005 1st Workshop on Quality of Protection, Held in conjunction with ESORICS 2005 and METRICS 2005, Milano, Italy, September 15, 2005. (Submissions due 10 June 2005)
Information Security in Industry has matured in the last few decades. Standards such as ISO17799, the Common Criteria (ISO15408), a number of industrial certification and risk analysis methodologies have raised the bar on what is considered a good security solution from a business perspective. However, even a fairly sophisticated standard such as ISO17799 has an intrinsically qualitative nature. Notions such as Security Metrics, Quality of Protection (QoP) or Protection Level Agreement (PLA) have surfaced in the literature but still have a qualitative flavour. The QoP Workshop intends to discuss how security research can progress towards a notion of Quality of Protection in Security comparable to the notion of Quality of Service in Networking, Software Reliability, or Software Measurements and Metrics in Empirical Software Engineering. Topics of interest include, but are not limited to:
STM 2005 1st International Workshop on Security and Trust Management, Held in conjunction with ESORICS 2005, Milano, Italy, September 15, 2005. (Submissions due 13 June 2005)
STM (Security and Trust Management) is a recently established working group of ERCIM (European Research Consortium in Informatics and Mathematics). The focus of this first workshop will coincide with the research topics of the STM working group. These comprise: (a) to investigate the foundations and applications of security and trust in ICT, (b) to study the deep interplay between trust management and common security issues such as confidentiality, integrity and availability, (c) to identify and promote new areas of research connected with security management, e.g. dynamic and mobile coalition management (e.g., P2P, MANETs, Web/GRID services); (d) to identify and promote new areas of research connected with trust management, e.g. reputation, recommendation, collaboration etc. and (e) to provide a platform for presenting and discussing emerging ideas and trends. The topics of interest of this workshop include but are not limited to:
HICSS-39 Security Minitrack 2005 Security and Survivability in Unbounded Networked Systems Minitrack, Part of the Software Technology Track, 39th Hawai'i International Conference on System Sciences (HICSS-39), Kauai, Hawaii, USA, January 4-7, 2006. (Submissions due 15 June 2005)
This minitrack addresses issues of security and survivability in large, non-trivial, unbounded networked computer systems, with an emphasis on recovery and adaptation. It considers systems and networks, including dynamic paradigms based on migratory agents, ad-hoc networks or grid computing. Papers on resistance and recognition that address the need or capability for safety critical software systems to "fail-safe" and "fail-secure" are also desired. Submissions will be sought from researchers in the area of system survivability, software dependability, computer and network security, fault-tolerance and intrusion tolerance, and economic or statistical modeling of secure/survivable systems. Topics include, but are not limited to::
DRM 2005 2nd Workshop on Digital Rights Management Impact on Consumer Communications, Held in conjunction with IEEE Consumer Communications and Networking Conference (CCNC 2006), Las Vegas, Nevada, USA, January 10, 2006. (Submissions due 15 June 2005)
Consumers and consumer electronics are increasingly using the Internet for distribution of digital goods, including digital versions of books, articles, music, and images. The ease with which digital goods can be copied and redistributed makes the Internet well suited for unauthorized copying, modification and redistribution. The rapid adoption of new technologies such as high-bandwidth connections, wireless networks, and peer-to-peer networks is accelerating this process. This half-day workshop on Digital Rights Management Impact on Consumer Communications addresses problems faced by rights holders (who seek to protect their intellectual property rights) and by end consumers (who seek to protect their privacy and to preserve access they now enjoy in traditional media under). The workshop seeks submissions on all theoretical and practical aspects of DRM, as well as experimental studies of fielded systems on topics including, but not limited to, those shown below:
SADFE 2005 1st International Workshop on Systematic Approaches to Digital Forensic Engineering, Taipei, Taiwan, November 7-10, 2005. (Submissions due 15 June 2005)
The SADFE (Systematic Approaches to Digital Forensic Engineering) International Workshop is intended to further the advancement of computer forensic engineering by promoting innovative & leading-edge systematic approaches to cyber crime investigation. The workshop brings together top digital forensic researchers, advanced tool/product builders, and expert law enforcement from around the world for information exchange and R&D collaboration. SADFE 2005 solicits broad-based, innovative digital forensic engineering technology, practical experience & process related submissions in the following areas:
CANS 2005 4th International Conference on Cryptography and Network Security, Xiamen, Fujian Province, China, December 14-16, 2006. (Submissions due 16 June 2005)
The main goals of this conference are to promote research on all aspects of network security and to build a bridge between research on cryptography and network security. So, we welcome scientific and academic papers that focus on this multidisciplinary area. Topics of interest include:
PBA 2005 International Workshop on Protection by Adaptation, Held in conjunction with the 7th International Conference on Information Integration and Web Based Applications & Services (iiWAS2005), Kuala Lumpur, Malaysia, September 19-21, 2005. (Submissions due 20 June 2005)
For most people, security refers to cryptographic algorithms, biometric authentication techniques, passwords, etc. Beyond these intuitive notions, security is rather a very broad topic and may be viewed from a variety of other perspectives, including new access control models, software architectures for security systems, and security policies specifications. Emerging applications are subject to a high number of attacks due to the distributed nature of these new environments, mobility of users and devices, services heterogeneity and the different capabilities of devices used to access these services. The aim of this workshop is to encourage the research community to better consider context-based security as a new trend that may face future more subtle security attacks. We believe that the force of a good security system should not rely only on the force of security protocols but also on the way it copes with new and completely unpredictable situations or at least learn from new situations and updates its behavior accordingly. This goal can be reached by making future security solutions freely adaptive. We look for original submissions on the following topics (but not limited to):
CoALa 2005 Workshop on Contract Architectures and Languages , Held in conjunction with the 9th International IEEE Enterprise Distributed Object Computing Conference (EDOC 2005), Fairfax, VA, USA, September 20, 2005. (Submissions due 20 June 2005)
This Workshop will provide a collaborative forum for the participants to exchange recent or preliminary results, to conduct intensive discussions on a particular topic, or to coordinate efforts between representatives of a technical community in the area of Contract Architectures and Languages. The program committee seeks papers and proposals that address various aspects of contracts, including enterprise modeling, e-business, formal and legal aspects with the aim of providing a balanced mix of presentations from these different perspectives. Topics of interest include, but are not limited to:
WORM 2005 3rd Workshop on Rapid Malcode (WORM), Held in conjunction with the 12th ACM Conference on Computer and Communications Security (CCS 2005), Fairfax, VA, USA, November 11, 2005. (Submissions due 23 June 2005)
In the last several years, Internet-wide infectious epidemics have emerged as one of the leading threats to information security and service availability. The vehicles for these outbreaks, malicious codes called "worms", take advantage of the combination of software monocultures and the uncontrolled Internet communication model to quickly compromise large numbers of hosts. Such worms are increasingly being used as delivery mechanisms for various types of malicious payloads, including remote-controlled "zombies", spyware and botnets. Recent incidents have also reveals the use of new propagation techniques as well as the use of worms to target small user communities or specific applications. Current operational practices have not been able to manage these threats effectively. This workshop continues the efforts of the previous years to provide a forum to bring together ideas, understanding and experiences bearing on the worm problem from a wide range of communities, including academia, industry and the government. We are soliciting papers from researchers and practitioners on subjects including, but not limited to:
WSNS 2005 2005 International Workshop on Wireless and Sensor Networks Security, Held in conjunction with the 2nd IEEE International Conference on Mobile Ad-hoc and Sensor Systems (MASS 2005), Washington DC, USA, November 7-10, 2005. (Submissions due 24 June 2005)
Wireless networks have experienced an explosive growth during the last few years. Nowadays, there is a large variety of networks spanning from the well-known cellular networks to non-infrastructure wireless networks such as mobile ad hoc networks and sensor networks. This workshops aims to bring together researchers and practitioners from wireless and sensor networking, security, cryptography, and distributed computing communities, with the goals of promoting discussions and collaborations. We are interested in novel research on all aspects of security in wireless and sensor networks and tradeoff between security and performance such as QoS, dependability, scalability, etc. We are seeking papers that describe original and unpublished contributions addressing various aspects of secured wireless/sensor networks. Topics of interest include, but are not limited to:
ICDCIT 2005 2nd International Conference on Distributed Computing & Internet Technology, Bhubaneswar, India, December 22-24, 2005. (Submissions due 30 June 2005)
Mobile communication and Internet technology together have played key role in connecting people across the globe for sharing and trading information. This information globalization has forced us to think about the integration of applications running at geographically dispersed locations. The spin off of these developments have led to some interesting and serious research on issues pertaining to distributed computing, web services, system security and software engineering. ICDCIT series is a forum for interactions of researchers working in the above mentioned areas.
SASN 2005 3rd ACM Workshop on Security of Ad Hoc and Sensor Networks, Held in conjunction with the 12th ACM Conference on Computer and Communications Security (CCS 2005), Fairfax, VA, USA, November 7, 2005. (Submissions due 1 July 2005)
Ad hoc and sensor networks are expected to become an integral part of the future computing landscape. However, these networks introduce new security challenges due to their dynamic topology, severe resource-constraints, and absence of a trusted infrastructure. SASN 2005 seeks submissions from academia and industry presenting novel research on all aspects of security for ad hoc and sensor networks, as well as experimental studies of fielded systems. Topics of interest include, but are not limited to, the following as they relate to mobile ad hoc networks or sensor networks:
StorageSS 2005 The Storage Security and Survivability Workshop, Held in conjunction with the 12th ACM Conference on Computer and Communications Security (CCS 2005), Fairfax, VA, USA, November 11, 2005. (Submissions due 11 July 2005)
There has been an evolution of protection solutions mirrored in both the security and survivability research communities: (1) from physical protection solutions targeting people, (2) to system protection solutions targeting networked-systems, (3) and now the new emerging paradigm of information-centric solutions targetting the data itself. This workshop focuses on stimulating new ideas in order to reshape storage protection strategies. Clearly storage security and survivability is a complex, multi-dimensional problem with dynamics over time so a large variety of approaches may be appropriate including prevention, monitoring, measurements, mitigation, and recovery. We bring Storage-SS to the ACM CCS 2005 Conference to foster a greater exchange between computer protection researchers/professionals and computer storage researchers/professionals. In this vein, we seek submissions from both research and industry presenting novel ideas on all theoretical and practical aspects of protecting storage systems. Specifically we seek submissions in two types distinct paper categories: Regular Paper (12 page maximum) and Work-In-Progress/Short Paper (6 page maximum). A list of potential topics includes but is not limited to the following:
HASH WORKSHOP 2005 Cryptographic Hash Workshop, Gaithersburg, Maryland, USA, October 31 - November 1, 2005. (Submissions due 15 July 2005)
Recently a team of researchers reported that the SHA-1 function offers significantly less collision resistance than could be expected from a cryptographic hash function of its output size. NIST plans to host a Cryptographic Hash Workshop on Oct. 31-Nov. 1, 2005 to solicit public input in how best to respond to the current state of research in this area. The workshop has the following goals:
CISC 2005 SKLOIS Conference on Information Security and Cryptology, Beijing, China, December 15-17, 2005. (Submissions due 1 August 2005)
The SKLOIS conference on information security and cryptology seeks full papers presenting new research results related to cryptology, information security and their applications. Areas of interest include, but are not limited to:
SPC 2005 3rd International Conference on Security in Pervasive Computing, York, UK, April 18-21, 2006. (Submissions due 15 October 2005)
The security of pervasive computing is a critically important area for commerce, the public sector, academia and the individual citizen. Although pervasive computing presents exciting enabling opportunities, the benefits will only be reaped if security aspects can be appropriately addressed. Threats exploiting vulnerabilities of new kinds of user interfaces, displays, operating systems, networks, and wireless communications give rise to new concerns about loss of confidentiality, integrity, privacy, and availability. How can these risks be reduced to an acceptable level? Original research contributions are sought in all areas relating to the security of pervasive computing. Topic include (but are not restricted to):
Cipher Calendar entries
Listing of academic positions available by
Cynthia Irvine
Staying in touch....
Who's where: recent address changes
Changing your email address? Please send updates to cipher@ieee-security.org
IEEE Computer Society's Technical Committee on Security and Privacy
| TC home page | TC Officers | |
| How to join the TC | TC publications available online | |
| TC Publications for sale | Cipher past issues archive | |
| IEEE Computer Society | Cipher Privacy Policy |