 |
|
Commentary and Opinion
Review of SOUPS, Symposium on Usable Privacy and Security (CMU, Pittsburgh, PA, July 6-8, 2005) by Fahd Arshad and Rob Reeder
Bob Bruen's review of Rootkits: Subverting the Windows Kernel by Greg Hoglund and James Butler
Bob Bruen's review of Host Integrity Monitoring Using Osiris and Samhain by Wotring, Brian and Potter, Bruce
Bob Bruen's review of Network Security Tools. Writing, Hacking and Modifying Security Tools by Nitesh Dhanjani and Justin Clarke
ACM SIGSAC Awards Nomination Deadline Extension: contributed by Pierangela Samarati
Listing of academic positions available by Cynthia Irvine
Changing your email address? Please send updates to cipher@ieee-security.org
Cipher
calls-for-papers
and
calendar
(the calls-for-papers and the calendar announcements may differ
slightly in content or time of update):
new calls or announcements added since Cipher E66
IEEE Journal on Selected Areas in Communications, High-speed Network Security -- Architecture, Algorithms, and Implementation, 4th Quarter 2006. (Submission due 1 September 2005)
Guest editors: H. Jonathan Chao (Polytechnic University), Wing Cheong Lau (Qualcomm), Bin Liu (Tsinghua University), Peter Reiher (University of California at Los Angeles), and Rajesh Talpade (Telcordia Technologies)
While the recent proliferation of broadband wireline and wireless networking technologies have substantially increased the available network capacity and enabled a wide-range of feature-rich high-speed communication services, security remains a major concern. Large-scale, high-profile system exploits and network attacks have become common recurring events that increasingly threaten the proper functioning and continual success of the communication infrastructure and services. One key aspect of mitigating such increasing threats is to develop new security/defense architectures, systems, methodologies and algorithms which can scale together with the communications infrastructure in terms of operating speed, operational simplicity and manageability, etc. The aim of this issue is to bring together the work done by researchers and practitioners in understanding the theoretical, architectural, system, and implementation issues related to all aspects of security in high-speed networks. We seek original, previously unpublished and completed contributions not currently under review by another journal. Areas of interest include but are not limited to the following topics related to high-speed network security:
Journal of High Speed Networking, Special issue on Managing Security Polices: Modeling, Verification and Configuration, February/March 2006. (Submission due 1 September 2005)
Guest editors: Ehab Al-Shaer (DePaul University), Clifford Neuman (University of Southern California), Dinesh C Verma (IBM Watson Research Center), Hong Li (Intel IT Research), and Anthony Chung (DePaul University)
The importance of effective network security policy management has been significantly increasing in the past few years. Network security perimeter devices such as Firewalls, IPSec gateways, Intrusion Detection and Prevention Systems operate based on locally configured policies. However, the complexity of managing security polices, particularly in enterprise networks that usually have heterogeneous devices and polices, has become a main challenge for deploying effective security. Yet these policies are not necessarily independent as they interact with each other to form the global security policy. It is a common practice to configure security policies on each of the perimeter devices manually and in isolation from each other due to different administrative domains, roles and personnel, among other reasons. As a result, rule conflicts and policy inconsistencies may be introduced in the system, leading to serious security breach and network vulnerability. Moreover, enterprise networks continuously grow in size and complexity, and they are in a constant state of change (in topologies, devices, protocols, and vulnerabilities), resulting in frequent changes in security policies. All these make policy enforcement, modification, verification, and evaluation intractable tasks.
This special issue is seeking solutions that offer seamless policy management with provable security in heterogeneous multi-vender network security environments. This special issue solicits original and unpublished contributions addressing security policy management issues. Topics of particular interest are automated policy management, dynamic policy-based security, security policy verification and distribution, and policy unification that improve the state-of-the-art in this area. Examples of selected topics include but are not limited to:
International Journal on Information and Computer Security (IJICS), Special Issue on Nature-Inspired Computation in Cryptology and Computer Security, October 2006. (Submission due 30 September 2005)
Guest editors: John A. Clark (York University, UK) and Julio Cesar Hernandez (Universidad Carlos III de Madrid, Spain)
Techniques taken from the field of nature-inspired computation (e.g. Genetic Algorithms, Genetic Programming, Simulated Annealing, and Artificial Immune Systems) are steadily gaining ground in the area of cryptology and computer security. In recent years, nature inspired algorithms have been proposed, for example, for the design and analysis of a number of new cryptographic primitives, ranging from pseudorandom number generators to block ciphers, in the cryptanalysis of state-of-the-art cryptosystems, in the design of security protocols and in the detection of network attack patterns, to name but a few. There is a growing interest from the cryptographic and computer security communities towards nature-inspired techniques. This has occurred partly as a result of these recent successes, but also because the nature of systems is changing in a way which means traditional computer security techniques will not meet the full range of tasks at hand. The increasing distribution, scale, autonomy and mobility of emerging systems is forcing us to seek inspiration from nature to help deal with the challenges ahead. There is a general feeling that the area is ripe for further research, with dedicated conference sessions only beginning to emerge (e.g. the Conference on Evolutionary Computation special sessions in 2003, 2004 and 2005). This special issue of the IJICS solicits the submission of research papers in this general area. Suitable topics include (but are not limited to) the use of nature-inspired techniques for:
EURASIP Journal on Wireless Communications and Networking, Special Issue on Wireless Network Security, 3rd Quarter, 2006. (Submission due 1 October 2005)
Guest editors: Yang Xiao (University of Memphis), Yi-Bing Lin (National Chiao Tung University, Taiwan), and Ding-Zhu Du (University of Minnesota)
Recent advances in wireless network technologies have rapidly developed in recent years, as evidenced by wireless location area networks (WLANs), wireless personal area networks (WPANs), wireless metropolitan area networks (WMANs), and wireless wide area networks (WWANs), that is, cellular networks. A major impediment to their deployment, however, is wireless network security. For example, the lack of data confidentiality in wired equivalent privacy (WEP) protocol has been proven, and newly adopted standards such as IEEE 802.11i robust secruity network (RSN) and IEEE 802.15.3a ultra-wideband (UWB) are not fully tested and, as such, may expose unforeseen security vulnerabilities. The effort to improve wireless network security is linked with many technical challenges including compatibility with legacy wireless networks, complexity in implementation, and cost/performance trade-offs. The need to address wireless network security and to provide timely, solid technical contributions establishes the motivation behind this special issue. This special issue will focus on novel and functional ways to improve wireless network security. Papers that do not focus on wireless network security will not be reviewed. Specific areas of interest in WLANs, WPANs, WMANs, and WWANs include, but are not limited to:
International Journal of Security and Networks (IJSN), Special Issue on Security Issues in Sensor Networks, Middle 2006. (Submission due 15 October 2005)
Guest editors: Yang Xiao (University of Memphis), Xiaohua Jia (City University of Hong Kong, Hong Kong), Bo Sun (Lamar University), and Xiaojiang Du (North Dakota State University)
Security in Sensor networks differ from those in other traditional networks with many aspects such as limited memory space, limited computation capability, etc. Therefore, sensor network security has some unique features which do not exist in other networks. The need to address security issues, and provide timely, solid technical contributions of security solutions in sensor networks establishes the motivation behind this special issue. This special issue is dedicated to sensor network security. A paper should have security in sensor networks as the focus. Specific areas of interest include, but not limit to:
Theoretical Computer Science (TCS), Special Issue of on Automated Reasoning for Security Protocol Analysis, 4th quarter, 2006. (Submission due 13 November 2005)
Guest editors: Pierpaolo Degano (Universita` di Pisa, Italy) and Luca Vigano` (ETH Zurich, Switzerland)
In connection with The Second Workshop on Automated Reasoning for Security Protocol Analysis (ARSPA'05), which took place as a satellite event of ICALP'05, we are guest-editing a Special Issue of Theoretical Computer Science devoted to original papers on formal security protocol specification, analysis and verification. Contributions are welcomed on the following topics and related ones:
DRM 2005 Workshop on Digital Rights Management, Held in conjunction with the 12th ACM Conference on Computer and Communications Security (CCS 2005), Alexandria, VA, USA, November 7, 2005. (Submissions due 18 July 2005)
Digital Rights Management (DRM) is an area of pressing interest, as the Internet has become the center of distribution for digital goods of all sorts. The business potential of digital content distribution is huge, as are its economic, legal and social implications. DRM, as a technical interdisciplinary field, is at the heart of controlling the digital content and assuring authorized, user friendly, safe, well-managed, automated, and fraud-free distribution. The field of DRM combines cryptographic technology, software and systems research, information and signal processing methods, legal, social and policy aspects, as well as business analysis and economics. Original papers on all aspects of Digital Rights Management are solicited for submission to DRM 2005, the Fifth ACM Workshop on Digital Rights Management. Topics of interest include but are not limited to:
SWS 2005 Workshop on Secure Web Services, Held in conjunction with the 12th ACM Conference on Computer and Communications Security (CCS 2005), Fairfax, VA, USA, November 11, 2005. (Submissions due 18 July 2005)
Basic security protocols for Web Services, such as XML Security, the WS-* series of proposals, SAML, and XACML are the basic set of building blocks enabling Web Services and the nodes of GRID architectures to interoperate securely. While these building blocks are now firmly in place, a number of challenges are still to be met for Web services and GRID nodes to be fully secured and trusted, providing for secure communications between cross-platform and cross-language Web services. Also, the current trend toward representing Web services orchestration and choreography via advanced business process metadata is fostering a further evolution of current security models and languages, whose key issues include setting and managing security policies, inter-organizational (trusted partner) security issues and the implementation of high level business policies in a Web services environment. The SWS workshop explores these challenges, ranging from the advancement and best practices of building block technologies such as XML and Web services security protocols to higher level issues such as advanced metadata, general security policies, trust establishment, risk management, and service assurance. Topics of interest include, but are not limited to, the following:
PSDM 2005 Privacy and Security Aspects of Data Mining, Held in Conjunction with 2005 IEEE International Conference on Data Mining, New Orleans, Louisiana, USA, November 27, 2005. (Submissions due 12 September 2005)
The aim of this workshop is to address issues of privacy and security in data mining, synergize different views of techniques and policies, and brainstorm future research directions. Although techniques, such as random perturbation techniques, secure multiparty computation based approaches, cryptographic-based methods, and database inference control have been developed, many of the key problems still remain open in this area. Especially, new privacy and security issues have been identified, and the scope of this problem has been expanded. How does the privacy and security issue affect the design of data mining algorithm? What impacts will this research impose on diverse areas of counter-terrorism, distributed computation, and privacy law legislation? We encourage researchers with interest in the areas of privacy and security as well as data mining and machine learning to attend the workshop.
AsiaCCS 2006 ACM Symposium on Information, Computer and Communications Security, Taipei, Taiwan, March 21-23, 2006. (Submissions due 1 October 2005)
Papers representing original results in both theory and practice concerning computer and communications security are solicited. Topics of interest include, but are not limited to:
CISC 2005 SKLOIS Conference on Information Security and Cryptology, Beijing, China, December 15-17, 2005. (Submissions due 1 August 2005)
The SKLOIS conference on information security and cryptology seeks full papers presenting new research results related to cryptology, information security and their applications. Areas of interest include, but are not limited to:
TRECK 2005 21st ACM Symposium on Applied Computing: Trust, Recommendations, Evidence and other Collaboration Know-how Track(TRECK), Dijon, France, April 23-27, 2006. (Submissions due 2 August 2005)
Computational models of trust and mechanisms based on the human notion of trust have been gaining momentum. One reason for this is that traditional security mechanisms are challenged by open, large scale and decentralised environments. The use of an explicit trust management component goes beyond security though. The goal of the ACM SAC 2006 TRECK track remains to review the set of applications that benefit from the use of computational trust. Computational trust has been used in reputation systems, risk management, collaborative filtering, social/business networking services, dynamic coalitions and virtual organisations. The TRECK track covers all computational trust applications, especially those used in the real world. The topics of interest include, but are not limited to:
SISW 2005 3rd International IEEE Security in Storage Workshop, Held in conjunction with the 4th USENIX Conference on File and Storage Technologies (FAST 2005), San Francisco, CA, USA, December 14-16, 2005. (Submissions due 1 September 2005)
The workshop seeks submissions from academia and industry presenting novel research on all theoretical and practical aspects of designing, building and managing secure storage systems; possible topics include, but are not limited to the following:
ISSSE 2006 IEEE International Symposium on Secure Software Engineering, Washington DC, USA, March 13-15, 2006. (Submissions due 6 September 2005)
Today, security problems involving computers and software are frequent, widespread, and serious. The number and variety of attacks by persons and malicious software from outside organizations, particularly via the Internet, are increasing rapidly, and the amount and consequences of insider attacks remains serious. Over 90% of security incidents reported to the CERT Coordination Center result from defects in software requirements, design, or code. The Symposium covers all aspects of the processes, techniques, technology, people, and knowledgebase that have or need the capability to contribute to producing (more) secure software including their characteristics, interrelationships, creation, sources, transfer, introduction, use, and improvement. Potential topics include:
ISPEC 2006 2nd Information Security Practice and Experience Conference, Hangzhou, China, April 11-14, 2006. (Submissions due 15 October 2005)
As applications of information security technologies become pervasive, issues pertaining to their deployment and operation are becoming increasingly important. ISPEC is an annual conference that brings together researchers and practitioners to provide a confluence of new information security technologies, their applications and their integration with IT systems in various vertical sectors. Authors are invited to submit full papers presenting new research results related to information security technologies and applications. Areas of interest include, but are not limited to:
PKI R&D Workshop 2006 5th Annual PKI R&D Workshop: Making PKI Easy to Use, Gaithersburg, MD, USA, April 4-6, 2006. (Submissions due 14 October 2005)
This workshop considers the full range of public key technology used for security decisions and supporting functionalities, including authentication, authorization, identity (syndication, federation, and aggregation), and trust. This year, the workshop has a particular interest in novel approaches to simplifying the use and management of X.509 digital certificates, both within and across enterprises. This workshop has three goals: (1)Explore the current state of public key technology and emerging trust mechanisms in different domains including web services; grid technologies; encryption functionality; authentication systems, et al., in academia, government and the private sector; (2) Share \amp; discuss lessons learned and scenarios from vendors and practitioners on current deployments; (3) Provide a forum for leading security researchers to explore the issues relevant to the PKI space in areas of security management, identity, trust, policy, authentication, authorization and encryption (e.g., supporting privacy requirements). Topics include (but are not limited to):
TRIDENTCOM 2006 2nd International IEEE/Create-Net Conference on Testbeds and Research Infrastructures for the Development of Networks and Communities, Barcelona, Spain, March 1-3, 2006. (Submissions due 15 October 2005)
Telecommunication infrastructures play a vital role in modern society. The advancements in the range of network service offerings, their performance, quality of service, security, and ubiquity are relentless, despite global economy fluctuations. The demand for high bandwidth network infrastructures is continuously growing within both academic and industrial sectors. To meet these challenges, experimental activities on infrastructures, such as testing, verification, deployment, are pivotal for academic researchers, developers, service managers and providers, as well as for end users. The management of research infrastructures is increasingly dependent on a business model that optimizes their operational price/performance ratio. For example, access to experimental infrastructures for real-life applications by specific user communities would benefit all the stakeholders involved: the end users, because of the experimental evaluation of the provided services, the researchers and infrastructure experimenters, because of the knowledge gained from case-study analysis, and the infrastructure managers, because of the business exploitation of the network. Research on all aspects of testbed and research infrastructure operation and management will find in Tridentcom its primary forum for focused discussion. High quality papers reporting on original research and on experiment results addressing the above areas are solicited for submission. The main topics of the conference are:
SPC 2006 3rd International Conference on Security in Pervasive Computing, York, UK, April 18-21, 2006. (Submissions due 15 October 2005)
The security of pervasive computing is a critically important area for commerce, the public sector, academia and the individual citizen. Although pervasive computing presents exciting enabling opportunities, the benefits will only be reaped if security aspects can be appropriately addressed. Threats exploiting vulnerabilities of new kinds of user interfaces, displays, operating systems, networks, and wireless communications give rise to new concerns about loss of confidentiality, integrity, privacy, and availability. How can these risks be reduced to an acceptable level? Original research contributions are sought in all areas relating to the security of pervasive computing. Topic include (but are not restricted to):
FC 2006 10th International Conference on Financial Cryptography and Data Security, Anguilla, British West Indies, February 27 - March 2, 2006. (Submissions due 17 October 2005)
At its 10th year edition, Financial Cryptography and Data Security (FC'06) is a well established and major international forum for research, advanced development, education, exploration, and debate regarding security in the context of finance and commerce. Original papers, surveys and presentations on all aspects of financial and commerce security are invited. Submissions must have a visible bearing on financial and commerce security issues, but can be interdisciplinary in nature and need not be exclusively concerned with cryptography or security. Possible topics for submission to the various sessions include, but are not limited to:
SEC 2006 21st IFIP TC-11 International Information Security Conference, Karlstad, Sweden, May 22-24, 2006. (Submissions due 1 November 2005)
The IT environment now includes novel, dynamic approaches such as: mobility, wearability, ubiquity, ad hoc use, mind/body orientation, and business/market orientation. This modern environment challenges the whole information security research community to focus on interdisciplinary and holistic disciplines whilst retaining the benefit of previous research efforts. Papers offering research contributions focusing on dynamic environments in addition to other aspects of computer security and privacy are solicited for submission to the 21st IFIP International Information Security Conference. Papers may present theory, applications or practical experiences on security and privacy topics including, but not limited to:
I-NetSec 2006 4th Working Conference on Privacy and Anonymity in Networked and Distributed Systems, Held in conjunction with the 21st IFIP TC-11 International Information Security Conference, Karlstad, Sweden, May 22-24, 2006. (Submissions due 1 November 2005)
Privacy and anonymity are increasingly important aspects in electronic services. The workshop will focus on these aspects in advanced distributed applications, such as m-commerce, agent-based systems, P2P, ... Suggested topics include, but are not restricted to:
Oakland 2005 The 2006 IEEE Symposium on Security and Privacy, The Claremont Resort, Berkeley/Oakland, California, USA, May 21-24, 2006. (Submissions due 4 November 2005)
Since 1980, the IEEE Symposium on Security and Privacy has been the premier forum for the presentation of developments in computer security and electronic privacy, and for bringing together researchers and practitioners in the field. Previously unpublished papers offering novel research contributions in any aspect of computer security or electronic privacy are solicited for submission to the 2005 symposium. Papers may represent advances in the theory, design, implementation, analysis, or empirical evaluation of secure systems, either for general use or for specific application domains. Topics of interest include, but are not limited to, the following:
IFMIP 2006 5th International Forum on Multimedia and Image Processing, Special Sessions on Information Security and Hardware Implementations, Budapest, Hungary, July 25-28, 2006. (Submissions due 15 November 2005)
This special session is within the Multimedia and Image Processing Track (5th International Forum on Multimedia and Image Processing, IFMIP 2006). The IFMIP is going to take place in the World Automation Congress. The scope of this special session is on all views of communication security, and cryptography implementations. The call is addressed to scientists and engineers, who design, develop, and implement information security and cryptography subsystems. We encourage scientists and engineers from both academic and industrial environments to submit their works in order to enhance the knowledge, expertise, and experience of the whole community in information security, cryptography and hardware implementations. The subject areas include, but are not limited to, the following:
iTrust 2006 4th International Conference on Trust Management, Pisa, Tuscany, Italy, May 16-19, 2006. (Submissions due 18 November 2005)
The iTrust international Conference looks at trust from multidisciplinary perspectives: economic, legal, psychology, philosophy, sociology, as well as information technology. Building upon the work of the IST iTrust working group (http://www.itrust.uoc.gr) and the success of the three previous iTrust International conferences, the aims of iTrust'2006 are to attract a critical mass of experts from industry, government, and academia with a keen interest in the area of trust management. Full technical papers contributing to the issue of trust management are solicited in relevant areas, including but not limited to:
FSE 2006 13th annual Fast Software Encryption workshop, Graz, Austria, March 15-17, 2006. (Submissions due 25 November 2005)
FSE 2006 is the 13th annual Fast Software Encryption workshop, for the fifth year sponsored by the International Association for Cryptologic Research(IACR). Original research papers on symmetric cryptology are invited for submission to FSE 2006. The workshop concentrates on fast and secure primitives for symmetric cryptography, including the design and analysis of block ciphers, stream ciphers, encryption schemes, analysis and evaluation tools, hash functions, and message authentication codes (MACs).
IWIA 2006 4th IEEE International Information Assurance Workshop, Royal Holloway, UK, April 13-14, 2006. (Submissions due 28 November 2005)
The IEEE Task Force on Information Assurance is sponsoring a workshop on information assurance in cooperation with the ACM SIGSAC on research and experience in information assurance. The workshop seeks submissions from academia, government, and industry presenting novel research, applications and experience, and policy on all theoretical and practical aspects of IA. Possible topics include, but are not limited to the following:
WEBIST 2006 2nd International Conference on Web Information Systems and Technologies, Setual, Portugal, April 10-13, 2006. (Submissions due 29 November 2005)
The purpose of the 2nd International Conference on Web Information Systems and Technologies (WEBIST-2006) is to bring together researchers, engineers and practitioners interested in the technological advances and business applications of web-based information systems. The conference has four main track, covering different aspects of Web Information Systems, including Internet Technology, Web Interfaces and Applications, Society, e-Communities, e-Business and, last but not least, e-Learning. WEBIST focuses on real world applications; therefore authors should highlight the benefits of Web Information Systems and Technologies for industry and services, in addition to academic applications.
Possible topics include, but are not limited to the following:
AREA 1 - INTERNET TECHNOLOGY
AREA 2 - WEB INTERFACES AND APPLICATIONS
AREA 3: SOCIETY, e-COMMUNITIES and e-BUSINESS
AREA 4: e-LEARNING
ACNS 2006 4th International Conference on Applied Cryptography and Network Security , Singapore, June 6-9, 2006. (Submissions due 15 January 2006)
Original papers on all technical aspects of cryptology and network security are solicited for submission to ACNS'06, the 4th annual conference on Applied Cryptography and Network Security. There are two tracks for ACNS: an academic track and an industrial track. The latter has an emphasis on practical applications. The PC will consider moving submissions between tracks if the PC feels that a submission is more appropriate for that track (with author permission). Topics of relevance include but are not limited to:
USENIX 2006 USENIX Annual Technical Conference, Boston, MA, USA, May 30-June 3, 2006. (Submissions due 17 January 2006)
The 2005 USENIX Annual Technical Conference General Session Program Committee seeks original and innovative papers that further the knowledge and understanding of modern computing systems, with an emphasis on practical implementations and experimental results. We encourage papers that break new ground or present insightful results based on experience with computer systems. The USENIX conference has a broad scope, and we encourage papers in a wide range of topics in systems, including:
IEEE Computer Society's Technical Committee on Security and Privacy
| TC home page | TC Officers | |
| How to join the TC | TC publications available online | |
| TC Publications for sale | Cipher past issues archive | |
| IEEE Computer Society | Cipher Privacy Policy |