Cipher Electronic Newsletter of the Technical Committe on    Security & Privacy A Technical Committee of the Computer Society of the IEEE  Electronic Issue (EI) 67,  July 18, 2005 Hilarie Orman,  Editor Robert Bruen, Book Review Editor Sven Dietrich, Associate Editor Yong Guan, Calendar Editor

Contents:

• Letter from the Editor 
   

• Commentary and Opinion

  • Jason Holt's article about the popularity of Tor, the freeware Onion Routing System

  • Gene Spafford's article about the release of CERIAS archives on CD

  • Robert Bruen's review of Sockets, Shellcode, Porting and Coding by James Foster with Mike Price

  • Robert Bruen's review of Windows Server 2003 Security A Technical Reference by Roberta Bragg

  • Robert Bruen's review of Apache Security by Ivan Ristic

  • Review of DIMVA, Detection of Intrusions, Malware, and Vulnerability Assessment (Vienna, Austria, July 7-8, 2005) by Sven Dietrich

  • Special event, Upcoming NSF CyberTrust PI Meeting, September 26, 2005, by Carl Landwehr

  • Book reviews from past Cipher issues

  • Conference Reports and Commentary from past Cipher issues

  • News items from past Cipher issues

• Listing of academic positions available  by Cynthia Irvine
  

  • Gjovik University College
    Gjovik, Norway
    PhD studentship
    Position available until filled
  • Radboud University Nijmegen
    Nijmegen, the Netherlands
    2 PhD positions
    Positions available until filled.

• Events

  • Event Calendar

    • 7/18/05- 7/19/05: FAST, Formal Aspects in Security and Trust, Newcastle, UK
    • 7/18/05: WEC, Workshop on Electronic Contracting, Munich, Germany,
    • 7/21/05- 7/22/05: CEAS, Conference on Email and Anti-spam, Palo Alto, CA; information@ceas.cc
    • 7/25/05: PEP, Workshop on Privacy-enhanced Personalization, Edinburgh, Scotland
    • 7/31/05- 8/ 5/05: USENIX Security; Baltimore, MD
    • 8/ 1/05: SKLOIS, Conference on Information Security and Cryptology ; Beijing, China;
    • 8/ 2/05: SAC TRECK, ACM Symposium on Applied Computing, Track: Trust, Recommendations, Evidence and other Collaboration Know-how; Dijon, France; Submissions are due; info Seigneur@trustcomp.org
    • 8/11/05- 8/12/05: SAC, Selected Areas in Cryptography Ontario, Canada
    • 8/17/05- 8/19/05: DFRWS, Digital Forensics Research Workshop; New Orleans, LA;
    • 8/21/05- 8/22/05: SecCo,Workshop on Security Issues in Concurrency, San Francisco, CA
    • 8/22/05: NDSS, Network and Distributed System Security Symposium San Diego, California
    • 8/28/05- 9/ 2/05: WiSE, Workshop on Wireless Security, Cologne, Germany
    • 9/ 1/05: JHSN-SpecialIssue-Policy. Journal of High Speed Networking, Special issue on Managing Security Polices: Verification and Configuration ; submissions deadline; info ehab@cs.depaul.edu
    • 9/ 1/05: SISW, Security in Storage Workshop, San Francisco, California; Submissions are due; info James_Hughes@StorageTek.com
    • 9/ 2/05- 9/ 3/05: SDM, VLDB Workshop on Secure Data Management; Trondheim, Norway
    • 9/ 5/05- 9/ 9/05: Securecomm, Conference on Security and Privacy for Emerging Areas in Communication Networks; Athens, Greece;
    • 9/ 5/05- 9/ 9/05: SECOVAL, The Value of Security through Collaboration Athens, Greece (with Securecomm)
    • 9/ 6/05: ISSSE, Internation Symposium on Secure Software Engineering Washington DC; Submissions are due; info redwinst@jmu.edu
    • 9/ 7/05- 9/ 9/05: RAID, Symposium on Recent Advances in Intrusion Detection Seattle, Washington;
    • 9/11/05: UbiComp, Privacy in Context; Tokyo, Japan;
    • 9/12/05- 9/16/05: AMESP, Appropriate Methodology for Empirical Studies of Privacy ; Rome, Italy
    • 9/14/05- 9/16/05: ESORICS, European Symposium on Research in Computer Security; Milan, Italy; esorics05.dti.unimi.it/
    • 9/15/05: QoP, Quality of Protection Workshop; Milano, Italy;
    • 9/19/05- 9/24/05: FOSAD; School in Foundations of Security Analysis and Design; Bertinoro, Italy;
    • 9/19/05- 9/21/05: ECC, Workshop on Elliptic Curve Cryptography; Essen, Germany
    • 9/19/05- 9/21/05: PBA, Workshop on Protection by Adaptation ; Kuala Lumpur, Malaysia;
    • 9/20/05- 9/23/05: NSPW, New Security Paradigms Workshop ; Lake Arrowhead, California
    • 9/20/05- 9/22/05: FloCon; New Orleans, Louisiana;
    • 9/20/05: CoALa, Workshop on Contract Architectures and Languages; Enschede, The Netherlands;
    • 9/24/05- 9/28/05: MMM_ACNS, Mathematical Methods, Models and Architectures for Computer Network Security ; St. Petersburg, Russia;
    • 9/29/05-10/ 1/05: Mycrypt, International Conference on Cryptology in Malaysia; Kuala Lumpur, Malaysia; info rphan@swinburne.edu.my
    • 9/30/05: IJICS-Special-Nature-Computation, Special Issue of the International Journal on Information and Computer Security; submissions are due; info jac@cs.york.ac.uk
    • 10/ 1/05: AsiaCCS, ACM Symposium on Information, Computer and Communications Security; Taipei, Taiwan; submissions are due
    • 10/ 1/05: SI-Eurasip-WirelesSec, Journal on Wireless Communications and Networking, special issue on Wireless Network Security ; submissions are due
    • 10/ 3/05-10/ 4/05: WSStandz, Workshop on Security Standardization; Geneva, Switzerland
    • 10/13/05: WSSEET, Workshop on Secure Software Engineering Education and Training , Turtle Bay, Oahu, HI; Submissions are due; info redwinst@jmu.edu
    • 10/16/05-10/19/05: ITW, Information Theory Workshop On Theory and Practice in Information-theoretic Security ; Awaji Island, Japan;
    • 10/17/05-10/19/05: ICCCN, International Conference on Computer Communications and Networks; San Diego, California
    • 10/26/05: VizSEC, Workshop on Visualization for Computer Security; Minneapolis, Minnesota
    • 10/31/05-11/ 1/05: NIST-CHW, NIST Cryptographic Hash Workshop; Gaithersburg, MD
    • 10/31/05-11/ 2/05: DRMTICS, Digital Rights Management: Technologies, Issues, Challenges and Systems; Sydney, Australia
    • 11/ 1/05: SEC, IFIP TC-11 International Information Security Conference; Karlstad University, Sweden; submissions are due
    • 11/ 7/05: SASN, Security of Ad Hoc and Sensor Networks; Alexandria, VA
    • 11/11/05: WORM, Workshop on Rapid Malcode; Fairfax, VA
    • 11/11/05: FMSE, Workshop on Formal Methods in Security Engineering ; Alexandria, VA
    • 11/11/05: StorageSS, Storage Security and Survivability Workshop; Fairfax, VA
    • 11/28/05: IWIA, Information Assurance Workshop Royal Holloway, UK; Submissions are due; info SWOLTHUSEN@IEEE.ORG
    • 12/10/05-12/13/05: ICICS,International Conference on Information and Communications Security; Beijing, China
    • 12/13/05: SISW, Security in Storage Workshop; San Francisco, California
    • 12/14/05-12/16/05: CANS, Conference on Cryptology and Network Security; Xiamen, Fujian Province, China
    • 12/15/05-12/17/05: SKLOIS, Conference on Information Security and Cryptology; Beijing, China
    • 1/10/06: DRM-ICC, Workshop on Digital Rights Management Impact on Consumer Communications, Las Vegas, NV
    • 2/ 2/06- 2/ 3/06: NDSS, Network and Distributed System Security Symposium; San Diego, California
    • 3/13/06- 3/15/06: ISSSE, International Symposium on Secure Software Engineering ; Washington DC
    • 3/21/06- 3/23/06: AsiaCCS, ACM Symposium on Information, Computer and Communications Security; Taipei, Taiwan
    • 4/13/06- 4/14/06: IWIA, Information Assurance Workshop; Royal Holloway, UK
    • 4/18/06: WSSEET, Workshop on Secure Software Engineering Education and Training; Turtle Bay, Oahu, HI
    • 4/23/06- 4/27/06: SAC-TRECK, ACM Symposium on Applied Computing, Track: Trust, Recommendations, Evidence and other Collaboration Know-how; Dijon, France
    • 5/26/06- 5/24/06: SEC, IFIP TC-11 International Information Security Conference; Karlstad University, Sweden

  •   new calls or announcements added since Cipher E66 (the calls-for-papers and the calendar announcements may differ slightly in content or time of update): 

    • IEEE Journal on Selected Areas in Communications, High-speed Network Security -- Architecture, Algorithms, and Implementation, 4th Quarter 2006. (Submission due 1 September 2005)

      Guest editors: H. Jonathan Chao (Polytechnic University), Wing Cheong Lau (Qualcomm), Bin Liu (Tsinghua University), Peter Reiher (University of California at Los Angeles), and Rajesh Talpade (Telcordia Technologies)

      While the recent proliferation of broadband wireline and wireless networking technologies have substantially increased the available network capacity and enabled a wide-range of feature-rich high-speed communication services, security remains a major concern. Large-scale, high-profile system exploits and network attacks have become common recurring events that increasingly threaten the proper functioning and continual success of the communication infrastructure and services. One key aspect of mitigating such increasing threats is to develop new security/defense architectures, systems, methodologies and algorithms which can scale together with the communications infrastructure in terms of operating speed, operational simplicity and manageability, etc. The aim of this issue is to bring together the work done by researchers and practitioners in understanding the theoretical, architectural, system, and implementation issues related to all aspects of security in high-speed networks. We seek original, previously unpublished and completed contributions not currently under review by another journal. Areas of interest include but are not limited to the following topics related to high-speed network security:

      • High-speed Intrusion Detection, Prevention (IDS/IPS) Systems, and malicious behavior detection
      • High-speed Distributed Denial of Service (DDoS) attacks, prevention and defense systems
      • High-speed network monitoring, metering, traceback and pushback mechanisms
      • High-speed firewall, packet filtering and cross-layer defense coordination
      • Support of authentication, confidentiality, authorization, non-repudiation in high-speed networks
      • Security group communications/multicast
      • Secure and scalable content-delivery networks
      • Support for automated security policy configuration and realization
      • Forensic methodologies for high-speed networks
      • Automated attack characterization and containment in high-speed networks
      • Testbeds for high-speed network security

    • Journal of High Speed Networking, Special issue on Managing Security Polices: Modeling, Verification and Configuration, February/March 2006. (Submission due 1 September 2005)

      Guest editors: Ehab Al-Shaer (DePaul University), Clifford Neuman (University of Southern California), Dinesh C Verma (IBM Watson Research Center), Hong Li (Intel IT Research), and Anthony Chung (DePaul University)

      The importance of effective network security policy management has been significantly increasing in the past few years. Network security perimeter devices such as Firewalls, IPSec gateways, Intrusion Detection and Prevention Systems operate based on locally configured policies. However, the complexity of managing security polices, particularly in enterprise networks that usually have heterogeneous devices and polices, has become a main challenge for deploying effective security. Yet these policies are not necessarily independent as they interact with each other to form the global security policy. It is a common practice to configure security policies on each of the perimeter devices manually and in isolation from each other due to different administrative domains, roles and personnel, among other reasons. As a result, rule conflicts and policy inconsistencies may be introduced in the system, leading to serious security breach and network vulnerability. Moreover, enterprise networks continuously grow in size and complexity, and they are in a constant state of change (in topologies, devices, protocols, and vulnerabilities), resulting in frequent changes in security policies. All these make policy enforcement, modification, verification, and evaluation intractable tasks.

      This special issue is seeking solutions that offer seamless policy management with provable security in heterogeneous multi-vender network security environments. This special issue solicits original and unpublished contributions addressing security policy management issues. Topics of particular interest are automated policy management, dynamic policy-based security, security policy verification and distribution, and policy unification that improve the state-of-the-art in this area. Examples of selected topics include but are not limited to:

      • Policy modeling and verification using formal methods Conflict discovery and resolution
      • High-speed security policy analysis
      • Frameworks for policy testing, assessment, comparison and evaluation.
      • Dynamic policy-based security management
      • Adaptive security polices
      • Policy visualization
      • Distributed policy editing, delegation and distribution
      • Policy translation: from high-to-low level and vice versa
      • Data mining for policy inspection, evaluation and enhancement
      • Policy-management for wireless and mobile networks
      • Novel policy management architectures
      • Automatic security policy management in heterogonous network environment
      • Implementation and Case Studies of Security Policy Management System
      • Management of Interactions between Security Policies and other policies.
      • Security policy languages and management for multi-device, multi-protocol and multi-vendor
      • System intelligence to enable automated policy management: monitoring, event/data correlation and root-cause analysis

    • International Journal on Information and Computer Security (IJICS), Special Issue on Nature-Inspired Computation in Cryptology and Computer Security, October 2006. (Submission due 30 September 2005)

      Guest editors: John A. Clark (York University, UK) and Julio Cesar Hernandez (Universidad Carlos III de Madrid, Spain)

      Techniques taken from the field of nature-inspired computation (e.g. Genetic Algorithms, Genetic Programming, Simulated Annealing, and Artificial Immune Systems) are steadily gaining ground in the area of cryptology and computer security. In recent years, nature inspired algorithms have been proposed, for example, for the design and analysis of a number of new cryptographic primitives, ranging from pseudorandom number generators to block ciphers, in the cryptanalysis of state-of-the-art cryptosystems, in the design of security protocols and in the detection of network attack patterns, to name but a few. There is a growing interest from the cryptographic and computer security communities towards nature-inspired techniques. This has occurred partly as a result of these recent successes, but also because the nature of systems is changing in a way which means traditional computer security techniques will not meet the full range of tasks at hand. The increasing distribution, scale, autonomy and mobility of emerging systems is forcing us to seek inspiration from nature to help deal with the challenges ahead. There is a general feeling that the area is ripe for further research, with dedicated conference sessions only beginning to emerge (e.g. the Conference on Evolutionary Computation special sessions in 2003, 2004 and 2005). This special issue of the IJICS solicits the submission of research papers in this general area. Suitable topics include (but are not limited to) the use of nature-inspired techniques for:

      • Intrusion detection
      • System security management
      • Security authentication technologies
      • The design of cryptographic primitives
      • The cryptanalysis of stream, block and public key encryption algorithms (and other security-related algorithms, e.g. watermarking algorithms)
      • The design or analysis of security protocols

    • EURASIP Journal on Wireless Communications and Networking, Special Issue on Wireless Network Security, 3rd Quarter, 2006. (Submission due 1 October 2005)

      Guest editors: Yang Xiao (University of Memphis), Yi-Bing Lin (National Chiao Tung University, Taiwan), and Ding-Zhu Du (University of Minnesota)

      Recent advances in wireless network technologies have rapidly developed in recent years, as evidenced by wireless location area networks (WLANs), wireless personal area networks (WPANs), wireless metropolitan area networks (WMANs), and wireless wide area networks (WWANs), that is, cellular networks. A major impediment to their deployment, however, is wireless network security. For example, the lack of data confidentiality in wired equivalent privacy (WEP) protocol has been proven, and newly adopted standards such as IEEE 802.11i robust secruity network (RSN) and IEEE 802.15.3a ultra-wideband (UWB) are not fully tested and, as such, may expose unforeseen security vulnerabilities. The effort to improve wireless network security is linked with many technical challenges including compatibility with legacy wireless networks, complexity in implementation, and cost/performance trade-offs. The need to address wireless network security and to provide timely, solid technical contributions establishes the motivation behind this special issue. This special issue will focus on novel and functional ways to improve wireless network security. Papers that do not focus on wireless network security will not be reviewed. Specific areas of interest in WLANs, WPANs, WMANs, and WWANs include, but are not limited to:

      • Attacks, security mechanisms, and security services
      • Authentication
      • Access control
      • Data confidentiality
      • Data integrity
      • Nonrepudiation
      • Encryption and decryption
      • Key management
      • Fraudulent usage
      • Wireless network security performance evaluation
      • Wireless link layer security
      • Tradeoff analysis between performance and security
      • Authentication and authorization for mobile service network
      • Wireless security standards (IEEE 802.11, IEEE 802.15, IEEE 802.16, 3GPP, and 3GPP2)

    • International Journal of Security and Networks (IJSN), Special Issue on Security Issues in Sensor Networks, Middle 2006. (Submission due 15 October 2005)

      Guest editors: Yang Xiao (University of Memphis), Xiaohua Jia (City University of Hong Kong, Hong Kong), Bo Sun (Lamar University), and Xiaojiang Du (North Dakota State University)

      Security in Sensor networks differ from those in other traditional networks with many aspects such as limited memory space, limited computation capability, etc. Therefore, sensor network security has some unique features which do not exist in other networks. The need to address security issues, and provide timely, solid technical contributions of security solutions in sensor networks establishes the motivation behind this special issue. This special issue is dedicated to sensor network security. A paper should have security in sensor networks as the focus. Specific areas of interest include, but not limit to:

      • Key Managements in sensor networks
      • Secure Routing in secure networks
      • Light weight Encryption and authentication in Sensor networks
      • Attacks and solutions in Sensor networks
      • Other areas which are related to both security and sensor networks

    • DRM 2005 Workshop on Digital Rights Management, Held in conjunction with the 12th ACM Conference on Computer and Communications Security (CCS 2005), Alexandria, VA, USA, November 7, 2005. (Submissions due 18 July 2005)

      Digital Rights Management (DRM) is an area of pressing interest, as the Internet has become the center of distribution for digital goods of all sorts. The business potential of digital content distribution is huge, as are its economic, legal and social implications. DRM, as a technical interdisciplinary field, is at the heart of controlling the digital content and assuring authorized, user friendly, safe, well-managed, automated, and fraud-free distribution. The field of DRM combines cryptographic technology, software and systems research, information and signal processing methods, legal, social and policy aspects, as well as business analysis and economics. Original papers on all aspects of Digital Rights Management are solicited for submission to DRM 2005, the Fifth ACM Workshop on Digital Rights Management. Topics of interest include but are not limited to:

      • anonymous publishing
      • architectures for DRM systems auditing
      • business models for online content distribution
      • computing environments and platforms for DRM systems
      • copyright-law issues, including but not limited to fair use
      • digital policy management
      • implementations and case studies
      • privacy and anonymity
      • risk management
      • robust identification of digital content
      • security issues, including but not limited to authorization, encryption, tamper resistance, and watermarking.
      • software related issues.
      • supporting cryptographic technology including but not limited to traitor tracing, broadcast encryption, obfuscation.
      • threat and vulnerability assessment.
      • concrete software patent cases
      • usability aspects of DRM systems.
      • web services related to DRM systems

    • SWS 2005 Workshop on Secure Web Services, Held in conjunction with the 12th ACM Conference on Computer and Communications Security (CCS 2005), Fairfax, VA, USA, November 11, 2005. (Submissions due 18 July 2005)

      Basic security protocols for Web Services, such as XML Security, the WS-* series of proposals, SAML, and XACML are the basic set of building blocks enabling Web Services and the nodes of GRID architectures to interoperate securely. While these building blocks are now firmly in place, a number of challenges are still to be met for Web services and GRID nodes to be fully secured and trusted, providing for secure communications between cross-platform and cross-language Web services. Also, the current trend toward representing Web services orchestration and choreography via advanced business process metadata is fostering a further evolution of current security models and languages, whose key issues include setting and managing security policies, inter-organizational (trusted partner) security issues and the implementation of high level business policies in a Web services environment. The SWS workshop explores these challenges, ranging from the advancement and best practices of building block technologies such as XML and Web services security protocols to higher level issues such as advanced metadata, general security policies, trust establishment, risk management, and service assurance. Topics of interest include, but are not limited to, the following:

      • Web services and GRID computing security
      • Authentication and authorization
      • Frameworks for managing, establishing and assessing inter-organizational trust relationships
      • Web services exploitation of Trusted Computing
      • Semantics-aware Web service security and Semantic Web Secure orchestration of Web services
      • Privacy and digital identities support

    • CISC 2005 SKLOIS Conference on Information Security and Cryptology, Beijing, China, December 15-17, 2005. (Submissions due 1 August 2005)

      The SKLOIS conference on information security and cryptology seeks full papers presenting new research results related to cryptology, information security and their applications. Areas of interest include, but are not limited to:

      • Access Control
      • Authentication and Authorization
      • Biometric Security
      • Distributed System Security
      • Database Security
      • Electronic Commerce Security
      • Intrusion Detection
      • Information Hiding and Watermarking
      • Key Management and Key Recovery
      • Network Security
      • Security Protocols and Their Analysis
      • Security Modeling and Architecture
      • Provable Security
      • Multiparty Security Computation
      • Foundations of Cryptography
      • Secret Key and Public Key Cryptosystems
      • Implementation of Cryptosystems
      • Hash Functions and MAC
      • Modes of Operation
      • Intellectual Property Protection
      • Mobile System Security
      • Operating System Security
      • Risk Evaluation and Security Certification
      • Malicious Codes and Prevention

    • TRECK 2005 21st ACM Symposium on Applied Computing: Trust, Recommendations, Evidence and other Collaboration Know-how Track(TRECK), Dijon, France, April 23-27, 2006. (Submissions due 2 August 2005)

      Computational models of trust and mechanisms based on the human notion of trust have been gaining momentum. One reason for this is that traditional security mechanisms are challenged by open, large scale and decentralised environments. The use of an explicit trust management component goes beyond security though. The goal of the ACM SAC 2006 TRECK track remains to review the set of applications that benefit from the use of computational trust. Computational trust has been used in reputation systems, risk management, collaborative filtering, social/business networking services, dynamic coalitions and virtual organisations. The TRECK track covers all computational trust applications, especially those used in the real world. The topics of interest include, but are not limited to:

      • Recommender and reputation systems
      • Trust-enhanced collaborative applications
      • Tangible guarantees given by formal models of trust and risk
      • Trust metrics assessment and threat analysis
      • Pervasive computational trust and use of context-aware features
      • Trade-off between privacy and trust
      • Trust/risk-based security frameworks
      • Automated collaboration and trust negotiation
      • Trust in peer-to-peer systems
      • Technical trust evaluation, especially at the identity level
      • Impacts of social networks on computational trust
      • Evidence gathering and management
      • Real-world applications, running prototypes and advanced simulations
      • Applicability in large-scale, open and decentralised environments
      • Legal and economic aspects related to the use of trust engines
      • User-studies and user interfaces of computational trust applications

    • SISW 2005 3rd International IEEE Security in Storage Workshop, Held in conjunction with the 4th USENIX Conference on File and Storage Technologies (FAST 2005), San Francisco, CA, USA, December 14-16, 2005. (Submissions due 1 September 2005)

      The workshop seeks submissions from academia and industry presenting novel research on all theoretical and practical aspects of designing, building and managing secure storage systems; possible topics include, but are not limited to the following:

      • Cryptographic Algorithms for Storage
      • Cryptanalysis of Systems and Protocols
      • Key Management for Sector and File based Storage Systems
      • Balancing Usability, Performance and Security concerns
      • Unintended Data Recovery
      • Attacks on Storage Area Networks and Storage
      • Insider Attack Countermeasures
      • Security for Mobile Storage
      • Defining and Defending Trust Boundaries in Storage
      • Relating Storage Security to Network Security
      • Database Encryption
      • Search on Encrypted Information

    • ISSSE 2006 IEEE International Symposium on Secure Software Engineering, Washington DC, USA, March 13-15, 2006. (Submissions due 6 September 2005)

      Today, security problems involving computers and software are frequent, widespread, and serious. The number and variety of attacks by persons and malicious software from outside organizations, particularly via the Internet, are increasing rapidly, and the amount and consequences of insider attacks remains serious. Over 90% of security incidents reported to the CERT Coordination Center result from defects in software requirements, design, or code. The Symposium covers all aspects of the processes, techniques, technology, people, and knowledgebase that have or need the capability to contribute to producing (more) secure software including their characteristics, interrelationships, creation, sources, transfer, introduction, use, and improvement. Potential topics include:

      • Threat modeling and analysis of vulnerabilities
      • Secure architectures & design
      • Formal specification, designs, policies, and proofs
      • Model checking for security
      • Coding practices
      • Static analysis and other automated support
      • Processes for producing secure software
      • Testing of security in software
      • Certification and accreditation
      • Relationships among software correctness, reliability, safety, and security
      • Market and legal forces
      • Lessons learned
      • Ethics and human factors
      • Technology transfer

    • ISPEC 2006 2nd Information Security Practice and Experience Conference, Hangzhou, China, April 11-14, 2006. (Submissions due 15 October 2005)

      As applications of information security technologies become pervasive, issues pertaining to their deployment and operation are becoming increasingly important. ISPEC is an annual conference that brings together researchers and practitioners to provide a confluence of new information security technologies, their applications and their integration with IT systems in various vertical sectors. Authors are invited to submit full papers presenting new research results related to information security technologies and applications. Areas of interest include, but are not limited to:

      • Applications of cryptography
      • Critical infrastructure protection
      • Digital rights management
      • Economic incentives for deployment of information security systems
      • Information security in vertical applications
      • Legal and regulatory issues
      • Privacy and anonymity
      • Risk evaluation and security certification
      • Resilience and availability
      • Secure system architectures
      • Security policy
      • Security standards activities
      • Trust model and management
      • Usability aspects of information security systems

    • SPC 2006 3rd International Conference on Security in Pervasive Computing, York, UK, April 18-21, 2006. (Submissions due 15 October 2005)

      The security of pervasive computing is a critically important area for commerce, the public sector, academia and the individual citizen. Although pervasive computing presents exciting enabling opportunities, the benefits will only be reaped if security aspects can be appropriately addressed. Threats exploiting vulnerabilities of new kinds of user interfaces, displays, operating systems, networks, and wireless communications give rise to new concerns about loss of confidentiality, integrity, privacy, and availability. How can these risks be reduced to an acceptable level? Original research contributions are sought in all areas relating to the security of pervasive computing. Topic include (but are not restricted to):

      • Models for access control, authentication and privacy management
      • Biometric methods in pervasive computing systems
      • Tradeoffs between security and other criteria (e.g. due to deployment on resource constrained devices)
      • Protocols for trust management in pervasive computing networks
      • Analysis of protocols for pervasive computing
      • Hardware security issues for pervasive computing
      • Audit and accountability in pervasive systems
      • Non-technical implications of pervasive computing

    • SEC 2006 21st IFIP TC-11 International Information Security Conference, Karlstad, Sweden, May 22-24, 2006. (Submissions due 1 November 2005)

      The IT environment now includes novel, dynamic approaches such as: mobility, wearability, ubiquity, ad hoc use, mind/body orientation, and business/market orientation. This modern environment challenges the whole information security research community to focus on interdisciplinary and holistic disciplines whilst retaining the benefit of previous research efforts. Papers offering research contributions focusing on dynamic environments in addition to other aspects of computer security and privacy are solicited for submission to the 21st IFIP International Information Security Conference. Papers may present theory, applications or practical experiences on security and privacy topics including, but not limited to:

      • Mobile or Ubiquitous technologies
      • Wireless or Ad-hoc systems
      • Changing organizational environments
      • Implications for virtual organizations
      • Crossing organizational/national boundaries
      • Process orientation
      • New business models
      • Offshoring/Nearshoring and outsourcing
      • New markets
      • Marketing and awareness
      • Biometrics
      • E-applications
      • DRM & content security
      • Applications of cryptography
      • Authentication, Authorization, and Access Control
      • Data Protection
      • Multilateral security
      • Identity management
      • Privacy and Privacy Enhancing Technologies (PETs)
      • Computer forensics
      • Internet and web security
      • Information hiding
      • Sensor networks
      • Intrusion detection
      • Attacks and malware
      • Systems development
      • Architectures
      • Security management
      • Verification, Assurance, Metrics, and Measurements
      • Data and system integrity
      • Information warfare and Critical infrastructure protection
      • Risk analysis and risk management
      • Law and ethics
      • Education

    • FSE 2006 13th annual Fast Software Encryption workshop, Graz, Austria, March 15-17, 2006. (Submissions due 25 November 2005)

      FSE 2006 is the 13th annual Fast Software Encryption workshop, for the fifth year sponsored by the International Association for Cryptologic Research(IACR). Original research papers on symmetric cryptology are invited for submission to FSE 2006. The workshop concentrates on fast and secure primitives for symmetric cryptography, including the design and analysis of block ciphers, stream ciphers, encryption schemes, analysis and evaluation tools, hash functions, and message authentication codes (MACs).

    • IWIA 2006 4th IEEE International Information Assurance Workshop, Royal Holloway, UK, April 13-14, 2006. (Submissions due 28 November 2005)

      The IEEE Task Force on Information Assurance is sponsoring a workshop on information assurance in cooperation with the ACM SIGSAC on research and experience in information assurance. The workshop seeks submissions from academia, government, and industry presenting novel research, applications and experience, and policy on all theoretical and practical aspects of IA. Possible topics include, but are not limited to the following:

      • Operating System IA & S
      • Storage IA & S
      • Network IA & S
      • IA Standardization Approaches
      • Information Sharing in Coalition Settings
      • Security Models
      • Survivability and Resilient Systems
      • Formal Methods and Software Engineering for IA
      • Proactive Approaches to IA
      • CCITSE Experience and Methodology
      • Intrusion Detection, Prediction, and Countermeasures
      • Insider Attack Countermeasures
      • Specification, Design, Development, and Deployment of IA Mechanisms
      • Policy Issues in Information Assurance

  • Cipher's complete calls-for-papers and calendar

   

• Staying in touch....

  • Information for Subscribers and Contributors

  • Who's where: recent address changes

  • Changing your email address?  Please send updates to cipher@ieee-security.org

• Interesting links  and reports available via FTP and WWW