|
|
Commentary and Opinion
Bob Bruen's review of Real Digital Forensics. Computer Security and Incident Response by Jones, Keith, Richard Bejtlich and Curtis Rose
Bob Bruen's review of Security and Usability. Designing Secure Systems That People Can Use. by Cranor, Laurie Faith and Simson Garfinkel
Sven Dietrich's review of Secure Coding in C and C++ by Robert C. Seacord
IETF Revises Transport Layer Security by Eric Resorla and Russ Housley
Elisa Bertino Receives Computer Society's Tsutomu Kanai Award
Homeland Security's ARPA Stretches Budget, article from Information Week by J. Nicolas Hoover
ThePrivacyPlace.Org, 2005 Privacy Survey is Underway, by Annie Anton
NIST Hash Workshop, October 31, 2005 - November 1, 2005
Conference and Workshop Announcements
Cipher
calls-for-papers
and
calendar
new calls or announcements added since Cipher E68
(the calls-for-papers and the calendar announcements may differ
slightly in content or time of update):
International Journal of Networks and Security (IJSN), Special Issue on Cryptography in Networks, December 2006. (Submission due 1 March 2006)
Guest editors: Liqun Chen (Hewlett-Packard Labs, UK), Guang Gong (University of Waterloo, Canada), Atsuko Miyaji (JAIST, Japan), Phi Joong Lee (Pohang Univ. of Science & Technology, Korea), Yi Mu (Univ. of Wollongong, Australia), David Pointcheval (Ecole Normale Sup?ieure, France), Josef Pieprzyk (Macquarie Univ., Australia), Tsuyoshi Takagi (Future Univ. - Hakodate, Japan), Jennifer Seberry (Univ. of Wollongong, Australia), Willy Susilo (Univ. of Wollongong, Australia), and Huaxiong Wang (Macquarie Uni., Australia)
Cryptography plays a key role in network security. Advances of cryptography can make computer networks more secure. Computer technologies have been pushing forward computer networks for high speed and broad bandwidth. Therefore, new cryptographic methods and tools must follow up in order to adapt to these new technologies. Recent attacks on computer networks, especially on IEEE 802.11 and IEEE 802.15, are increasing, since underlying radio communication medium for wireless network provides serious exposure to attacks against wireless networks. Security must be enforced to suit the emerging technologies. This Special Issue aims to provide a platform for security researchers to present their newly developed cryptographic technologies in network security. Areas of interest for this special journal issue include, but are not limited to, the following topics:
Journal of Machine Learning Research, Special Issue on Machine Learning for Computer Security,, 2006. (Submission due 15 March 2006)
Guest editors: Philip Chan (Florida Tech) and Richard Lippmann (MIT Lincoln Lab)
As computers have become more ubiquitous and connected, their security has become a major concern. Of interest to this special issue is research that demonstrates how machine learning (or data mining) techniques can be used to improve computer security. This includes efforts directed at improving security of networks, hosts, and individual applications or computer programs. Research can have many goals including, but not limited to, authenticating users, characterizing the system being protected, detecting known or unknown vulnerabilities that could be exploited, using software repositories as training data to find software bugs, preventing attacks, detecting known and novel attacks when they occur, analyzing recently detected attacks, responding to attacks, predicting attacker actions and goals, performing forensic analysis of compromised systems, and analyzing activities seen in honey pots and network "telescopes" or "black holes."
Of special interest are studies that use machine learning techniques, carefully describe their approach, evaluate performance in a realistic environment, and compare performance to existing accepted approaches. Studies that use machine learning techniques or extend current techniques to address difficult security-related problems are of most interest.
It is expected that studies will have to address many classic machine learning issues including feature selection, feature construction, incremental/online learning, noise in the data, skewed data distributions, distributed learning, correlating multiple models, and efficient processing of large amounts of data.
IFMIP 2006 5th International Forum on Multimedia and Image Processing, Special Sessions on Information Security and Hardware Implementations, Budapest, Hungary, July 25-28, 2006. (Submissions due 15 November 2005)
This special session is within the Multimedia and Image Processing Track (5th International Forum on Multimedia and Image Processing, IFMIP 2006). The IFMIP is going to take place in the World Automation Congress. The scope of this special session is on all views of communication security, and cryptography implementations. The call is addressed to scientists and engineers, who design, develop, and implement information security and cryptography subsystems. We encourage scientists and engineers from both academic and industrial environments to submit their works in order to enhance the knowledge, expertise, and experience of the whole community in information security, cryptography and hardware implementations. The subject areas include, but are not limited to, the following:
iTrust 2006 4th International Conference on Trust Management, Pisa, Tuscany, Italy, May 16-19, 2006. (Submissions due 18 November 2005)
The iTrust international Conference looks at trust from multidisciplinary perspectives: economic, legal, psychology, philosophy, sociology, as well as information technology. Building upon the work of the IST iTrust working group (http://www.itrust.uoc.gr) and the success of the three previous iTrust International conferences, the aims of iTrust'2006 are to attract a critical mass of experts from industry, government, and academia with a keen interest in the area of trust management. Full technical papers contributing to the issue of trust management are solicited in relevant areas, including but not limited to:
SUTC 2006 IEEE International Conference on Sensor Networks, Ubiquitous, and Trustworthy Computing, Taichung, Taiwan, June 5-7, 2006. (Submissions due 20 November 2005)
The IEEE International Conference on Sensor Networks, Ubiquitous, and Trustworthy Computing (SUTC2006) is an international forum for researchers to exchange information regarding advancements in the state of the art and practice of sensor networks, ubiquitous and trustworthy computing, as well as to identify the emerging research topics and define the future of sensor networks, ubiquitous and trustworthy computing. The technical program of SUTC2006 will consist of invited talks, paper presentations, and panel discussions. Submissions of high quality papers describing mature results or on-going work are invited. Topics for submission include but are not limited to:
WIA 2006 Workshop on Information Assurance, Held in conjunction with the 25th IEEE International Performance Computing and Communications Conference (IPCCC), Phoenix, Arizona, April 10-12, 2006. (Submissions due 22 November 2005)
We seek papers that address theoretical, experimental, systems-related and work in-progress in the area of Information Assurance at the network and system levels. We expect to have three types of sessions - the first related to survivability and fault tolerance, the second related to security, and the third related to the interactions between security and survivability. Papers should describe original, previously unpublished work, not currently under review by another conference, workshop, or journal. Papers accepted for presentation will be published in the IPCCC conference proceedings. The workshop will also include invited papers. Topics of interest include, but are not limited to:
FSE 2006 13th annual Fast Software Encryption workshop, Graz, Austria, March 15-17, 2006. (Submissions due 25 November 2005)
FSE 2006 is the 13th annual Fast Software Encryption workshop, for the fifth year sponsored by the International Association for Cryptologic Research(IACR). Original research papers on symmetric cryptology are invited for submission to FSE 2006. The workshop concentrates on fast and secure primitives for symmetric cryptography, including the design and analysis of block ciphers, stream ciphers, encryption schemes, analysis and evaluation tools, hash functions, and message authentication codes (MACs).
IWIA 2006 4th IEEE International Information Assurance Workshop, Royal Holloway, UK, April 13-14, 2006. (Submissions due 28 November 2005)
The IEEE Task Force on Information Assurance is sponsoring a workshop on information assurance in cooperation with the ACM SIGSAC on research and experience in information assurance. The workshop seeks submissions from academia, government, and industry presenting novel research, applications and experience, and policy on all theoretical and practical aspects of IA. Possible topics include, but are not limited to the following:
WEBIST 2006 2nd International Conference on Web Information Systems and Technologies, Setual, Portugal, April 10-13, 2006. (Submissions due 29 November 2005)
The purpose of the 2nd International Conference on Web Information Systems and Technologies (WEBIST-2006) is to bring together researchers, engineers and practitioners interested in the technological advances and business applications of web-based information systems. The conference has four main track, covering different aspects of Web Information Systems, including Internet Technology, Web Interfaces and Applications, Society, e-Communities, e-Business and, last but not least, e-Learning. WEBIST focuses on real world applications; therefore authors should highlight the benefits of Web Information Systems and Technologies for industry and services, in addition to academic applications.
Possible topics include, but are not limited to the following:
AREA 1 - INTERNET TECHNOLOGY
AREA 2 - WEB INTERFACES AND APPLICATIONS
AREA 3: SOCIETY, e-COMMUNITIES and e-BUSINESS
AREA 4: e-LEARNING
Nano-Security 2006 INano-Security Workshop, Gaithersburg, MD, USA, February 22-23, 2006. (Submissions due 30 November 2005)
As the promise of nanotechnology is realized, researchers at the National Institute of Standards and Technology (NIST) and Southern Methodist University (SMU) recognize the importance of understanding the security issues associated with fabrication and deployment of nano-devices. The focus of the workshop is to: (1) identify new security applications enabled with the availability of nanotechnology components and (2) characterize special security threats and requirements at the nanoscale. The workshop? main goals include: (1) Characterizing the role of nanoscale components in securing IT systems, (2) Formulating security threats and requirements for nanoscale devices and their applications, and (3) Defining nanosecurity metrology to enable fabrication of secure reliable devices. NIST solicits papers, presentations, case studies, panel proposals, and participation from any interested parties, including researchers, systems architects, vendors, and users. General topics for submissions include, but are not limited to, the following:
ARES 2006 1st International Conference on Availability, Reliability and Security, Vienna, Austria, April 20-22, 2006. (Submissions due 4 December 2005)
ARES 2006 aims at a full and detailed discussion of the research issues of dependability as an integrative concept that covers amongst others availability, safety, confidentiality, integrity, maintainability and security in the different fields of applications. Topics of interest include, but are not limited to:
ACIS 2006 Applied Cryptography and Information Security Workshop, Held in conjunction with International Conference on Computational Science and its Applications (ICCSA 2006) Glasgow, UK, May 8-11, 2006. (Submissions due 15 December 2005)
Applied Cryptography and Information Security are essential elements in this digital era. Commerce activities, business transactions and government services have been, and more and more of them will be, conducted and offered over open computer and communication networks such as Internet. The role of applied cryptography and information security thus becomes more and more important in computer science. Academic research in these two areas often draws the interest from various industries since it carries over the confidence found in the physical world to the electronic world. ACIS '06 provides a platform for researchers, scholars and practitioners to exchange new ideas for solving various open problems in this area. Topics of relevance include but are not limited to the following areas:
WITS 2006 6th International Workshop on Issues in the Theory of Security, Vienna, Austria, March 25-26, 2006. (Submissions due 23 December 2005)
WITS is the official workshop organised by the IFIP WG 1.7 on "Theoretical Foundations of Security Analysis and Design", established to promote the investigation on the theoretical foundations of security, discovering and promoting new areas of application of theoretical techniques in computer security and supporting the systematic use of formal techniques in the development of security related applications. The members of the WG hold their annual workshop as an open event to which all researchers working on the theory of computer security are invited. This is the sixth meeting of the series, and is organized in cooperation with ACM SIGPLAN and the German Computer Society (GI) working group FoMSESS. Suggested submission topics include:
Cluster-Sec 2006 2nd International Workshop on Cluster Security, Held in conjunction with the Sixth IEEE/ACM International Symposium on Cluster Computing and the Grid (CCGrid), Singapore, May 16-19, 2006. (Submissions due 28 December 2005)
After successful Internet attacks on HPC centers worldwide, there has been a paradigm shift in cluster security strategies. Clusters are no longer thought of as just a collection of individual computers but rather as an integrated single unit in which any breach may result in a "class break" compromise of the entire cluster. Furthermore, it has also been shown that clusters communicating via grids create dependent risks between clusters such that any cluster compromise may cascade to effect an entire grid. This workshop focuses on stimulating new ideas in order to reshape cluster protection strategies. Papers with demonstrated results will be given priority. A list of potential topics includes but is not limited to the following:
ETRICS 2006 International Conference on Emerging Trends in Information and Communication Security, Freiburg, Germany, June 6-9, 2006. (Submissions due 6 January 2006)
Protecting information and communication systems and services from malicious use is essential for their deployment and acceptance. In addition to applying techniques from traditional security research and security engineering, it is necessary to take into account the vulnerabilities originating from increased mobility at application level and the integration of security requirements into business processes. ETRICS solicits research contributions focusing on emerging trends in security and privacy. Submissions may present foundational research in security and privacy, report experiences from novel applications of security technologies, as well as discuss their changing impact on society and economy. Topics of interest include but are not limited to:
DIMVA 2006 3rd GI SIG SIDAR Conference on Detection of Intrusions & Malware, and Vulnerability Assessment, Berlin, Germany, July 13-14, 2006. (Submissions due 13 January 2006)
The special interest group Security - Intrusion Detection and Response
(SIDAR) of the German Informatics Society (GI) organizes DIMVA as an annual
conference that brings together experts from throughout and outside of
Europe to discuss the state of the art in the areas of intrusion detection,
malware detection, and vulnerability assessment. The scope of DIMVA is broad
and includes, but is not restricted to the following areas:
Vulnerability Assessment:
ACNS 2006 4th International Conference on Applied Cryptography and Network Security , Singapore, June 6-9, 2006. (Submissions due 15 January 2006)
Original papers on all technical aspects of cryptology and network security are solicited for submission to ACNS'06, the 4th annual conference on Applied Cryptography and Network Security. There are two tracks for ACNS: an academic track and an industrial track. The latter has an emphasis on practical applications. The PC will consider moving submissions between tracks if the PC feels that a submission is more appropriate for that track (with author permission). Topics of relevance include but are not limited to:
USENIX 2006 USENIX Annual Technical Conference, Boston, MA, USA, May 30-June 3, 2006. (Submissions due 17 January 2006)
The 2005 USENIX Annual Technical Conference General Session Program Committee seeks original and innovative papers that further the knowledge and understanding of modern computing systems, with an emphasis on practical implementations and experimental results. We encourage papers that break new ground or present insightful results based on experience with computer systems. The USENIX conference has a broad scope, and we encourage papers in a wide range of topics in systems, including:
TSPUC 2006 2nd International Workshop on Trust, Security and Privacy for Ubiquitous Computing , Buffalo, NY, USA, June 26, 2006. (Submissions due 17 January 2006)
This workshop aims at focussing the attention of the research community on the increasing complexity and relevance of trust, privacy and security issues in ubiquitous computing. Papers may present theory, applications or practical experiences on topics including, but not limited to:
CEC 2006 IEEE CEC 2006 Special Session on Evolutionary Computation in Cryptology and Computer Security, Vancouver, BC, Canada, July 16-21, 2006. (Submissions due 31 January 2006)
Techniques taken from the field of Evolutionary Computation (especially Genetic Algorithms, Genetic Programming, Artificial Immune Systems, but also others) are steadily gaining ground in the area of cryptology and computer security. The special session encourages the submission of novel research at all levels of abstraction (from the design of cryptographic primitives through to the analysis of security aspects of "systems of systems").
USENIX Security 2006 15th USENIX Security Symposium, Vancouver, B.C., Canada, July 31-August 4, 2006. (Submissions due 1 February 2006)
The USENIX Security Symposium brings together researchers, practitioners,
system administrators, system programmers, and others interested in the
latest advances in the security of computer systems and networks.
All researchers are encouraged to submit papers covering novel and
scientifically significant practical works in security or applied
cryptography. The Symposium will span five days: a training program
will be followed by a two and one-half day technical program, which will
include refereed papers, invited talks, Work-in-Progress reports, panel
discussions, and Birds-of-a-Feather sessions. New in 2006, a workshop,
titled Hot Topics in Security (HotSec '06), will be held in conjunction
with the main conference. More details will be announced soon on the
USENIX Web site.
PET 2006 6th Workshop on Privacy Enhancing Technologies, Robinson College, Cambridge, United Kingdom, June 28 - June 30, 2006. (Submissions due 3 March 2006)
Privacy and anonymity are increasingly important in the online world. Corporations, governments, and other organizations are realizing and exploiting their power to track users and their behavior. Approaches to protecting individuals, groups, but also companies and governments from profiling and censorship include decentralization, encryption, distributed trust, and automated policy disclosure. This 6th workshop addresses the design and realization of such privacy services for the Internet and other communication networks by bringing together anonymity and privacy experts from around the world to discuss recent advances and new perspectives. Suggested topics include but are not restricted to:
WEIS 2006 5th Workshop on the Economics of Information Security, University of Cambridge, England, June 26-28, 2006. (Submissions due 20 March 2006)
One of the most exciting and rapidly-growing fields at the boundary between technology and the social sciences is the economics of information security. Many security and privacy failures are not purely technical: for example, the person best placed to protect a system may be poorly motivated if the costs of system failure fall on others. Many pressing problems, such as spam, are unlikely to be solved by purely technical means, as they have economic and policy aspects too. Building dependable systems also raises questions such as open versus closed systems, the pricing of vulnerabilities and the frequency of patching. The `economics of bugs' are of growing importance to both vendors and users. Original research papers are sought for the Fifth Workshop on the Economics of Information Security. Topics of interest include the dependability of open source and free software, the interaction of networks with crime and conflict, the economics of digital rights management and trusted computing, liability and insurance, reputation, privacy, risk perception, the economics of trust, the return on security investment, and economic perspectives on spam.
Listing of academic positions available by
Cynthia Irvine
Staying in touch....
Changing your email address? Please send updates to cipher@ieee-security.org
IEEE Computer Society's Technical Committee on Security and Privacy
TC home page | TC Officers | |
How to join the TC | TC publications available online | |
TC Publications for sale | Cipher past issues archive | |
IEEE Computer Society | Cipher Privacy Policy |