Cipher Electronic Newsletter of the Technical Committe on    Security & Privacy A Technical Committee of the Computer Society of the IEEE  Electronic Issue (EI) 70,  January 16, 2006 Hilarie Orman,  Editor Robert Bruen, Book Review Editor Sven Dietrich, Associate Editor Yong Guan, Calendar Editor

Contents:

• Letter from the Editor 
   

• Commentary and Opinion

  • Robert Bruen's review of File System Forensic Analysis by Brian Carrier

  • Robert Bruen's review of Software Security. Building Security In by Gary McGraw

  • Announcements and correspondence from readers (please contribute!)

    • NDSS program; Feb 2-3, 2006, San Diego
    • The Cassandra Vulnerability Notification System
    • Institute for Information Infrastructure Protection announces fellowships

  • Book reviews from past Cipher issues

  • Conference Reports and Commentary from past Cipher issues

  • News items from past Cipher issues

 

• Listing of academic positions available  by Cynthia Irvine
  

 

• Conference and Workshop Announcements

  • Cipher calls-for-papers and calendar
      new calls or announcements added since Cipher E69 (the calls-for-papers and the calendar announcements may differ slightly in content or time of update): 

    • International Journal of Networks and Security (IJSN), Special Issue on Cryptography in Networks, December 2006. (Submission due 1 March 2006)

      Guest editors: Liqun Chen (Hewlett-Packard Labs, UK), Guang Gong (University of Waterloo, Canada), Atsuko Miyaji (JAIST, Japan), Phi Joong Lee (Pohang Univ. of Science & Technology, Korea), Yi Mu (Univ. of Wollongong, Australia), David Pointcheval (Ecole Normale Sup?ieure, France), Josef Pieprzyk (Macquarie Univ., Australia), Tsuyoshi Takagi (Future Univ. - Hakodate, Japan), Jennifer Seberry (Univ. of Wollongong, Australia), Willy Susilo (Univ. of Wollongong, Australia), and Huaxiong Wang (Macquarie Uni., Australia)

      Cryptography plays a key role in network security. Advances of cryptography can make computer networks more secure. Computer technologies have been pushing forward computer networks for high speed and broad bandwidth. Therefore, new cryptographic methods and tools must follow up in order to adapt to these new technologies. Recent attacks on computer networks, especially on IEEE 802.11 and IEEE 802.15, are increasing, since underlying radio communication medium for wireless network provides serious exposure to attacks against wireless networks. Security must be enforced to suit the emerging technologies. This Special Issue aims to provide a platform for security researchers to present their newly developed cryptographic technologies in network security. Areas of interest for this special journal issue include, but are not limited to, the following topics:

      • High-speed Intrusion Detection, Prevention (IDS/IPS) Systems, and malicious behavior detection
      Ad hoc network security
      • Anonymity in networks
      • Authentication in network and wireless systems
      • Cryptographic algorithms and their applications to network security
      • Cryptanalysis of network security schemes
      • Encryption in network and wireless systems
      • Email security
      • Data integrity
      • Fast cryptographic algorithms and their applications
      • Identity-based cryptography in network and mobile applications
      • IP security
      • Key management
      • Multicast security
      • Mobile and wireless system security
      • Privacy protection
      • Security group communications
      • Security in internet and WWW
      • Security in Peer-to-Peer networks
      • Secure routing protocols
      • Security in sensor networks

    • Journal of Machine Learning Research, Special Issue on Machine Learning for Computer Security,, 2006. (Submission due 15 March 2006)

      Guest editors: Philip Chan (Florida Tech) and Richard Lippmann (MIT Lincoln Lab)

      As computers have become more ubiquitous and connected, their security has become a major concern. Of interest to this special issue is research that demonstrates how machine learning (or data mining) techniques can be used to improve computer security. This includes efforts directed at improving security of networks, hosts, and individual applications or computer programs. Research can have many goals including, but not limited to, authenticating users, characterizing the system being protected, detecting known or unknown vulnerabilities that could be exploited, using software repositories as training data to find software bugs, preventing attacks, detecting known and novel attacks when they occur, analyzing recently detected attacks, responding to attacks, predicting attacker actions and goals, performing forensic analysis of compromised systems, and analyzing activities seen in honey pots and network "telescopes" or "black holes."

      Of special interest are studies that use machine learning techniques, carefully describe their approach, evaluate performance in a realistic environment, and compare performance to existing accepted approaches. Studies that use machine learning techniques or extend current techniques to address difficult security-related problems are of most interest.

      It is expected that studies will have to address many classic machine learning issues including feature selection, feature construction, incremental/online learning, noise in the data, skewed data distributions, distributed learning, correlating multiple models, and efficient processing of large amounts of data.

    • ACNS 2006 4th International Conference on Applied Cryptography and Network Security , Singapore, June 6-9, 2006. (Submissions due 15 January 2006)

      Original papers on all technical aspects of cryptology and network security are solicited for submission to ACNS'06, the 4th annual conference on Applied Cryptography and Network Security. There are two tracks for ACNS: an academic track and an industrial track. The latter has an emphasis on practical applications. The PC will consider moving submissions between tracks if the PC feels that a submission is more appropriate for that track (with author permission). Topics of relevance include but are not limited to:

      • Applied cryptography, cryptographic constructions
      • Cryptographic applications: payments, fair exchange, time-stamping, auction, voting, polling
      • Denial of service: attacks and countermeasures
      • Email security, spam prevention
      • Fundamental services on network and distributed systems: authentication, data integrity, confidentiality, authorization, non-repudiation, and availability
      • Implementation, deployment and management of network security policies
      • Integrating security in Internet protocols: routing, naming, TCP/IP, multicast, network management
      • Integrating security services with system and application security facilities and protocols: message handling, file transport/access, directories, time synchronization, database management, boot services, mobile computing
      • Intellectual property protection: protocols, implementations, metering, watermarking, digital rights management
      • Intrusion avoidance, detection, and response: systems, experiences and architectures
      • Network perimeter controls: firewalls, packet filters, application gateways
      • Public key infrastructure, key management, certification, and revocation
      • Securing critical infrastructure: routing protocols, and emergency communication
      • Security and privacy for emerging technologies: sensor networks, wireless/mobile (and ad hoc) networks, bluetooth, 802.11, and peer-to-peer systems
      • Security of limited devices: light-weight cryptography, efficient protocols and implementations
      • Security modeling and protocol design in the context of rational and malicious adversaries
      • Usable security and deployment incentives for security technology
      • Virtual private networks
      • Web security and supporting systems security, such as databases, operating systems, etc.

    • IHW 2006 8th Information Hiding Workshop, Alexandria, VA, USA, July 10-12, 2006. (Submissions due 15 January 2006)

      For many years Information Hiding has captured the imagination of researchers. Tools such as digital watermarking and steganography are used to protect information, conceal secrets, and protecting intellectual property. From an investigators perspective, information hiding provides an interesting challenge for digital forensic investigations and steganalysis techniques allows hidden information to be discovered. These are but a small number of related topics and issues. Current research themes include:

      • anonymous communications
      • covert channels in computer systems
      • detection of hidden information (steganalysis)
      • digital forensics
      • information hiding aspects of privacy
      • steganography
      • subliminal channels in cryptographic protocols
      • watermarking for protection of intellectual property
      • other applications of watermarking

    • USENIX 2006 USENIX Annual Technical Conference, Boston, MA, USA, May 30-June 3, 2006. (Submissions due 17 January 2006)

      The 2005 USENIX Annual Technical Conference General Session Program Committee seeks original and innovative papers that further the knowledge and understanding of modern computing systems, with an emphasis on practical implementations and experimental results. We encourage papers that break new ground or present insightful results based on experience with computer systems. The USENIX conference has a broad scope, and we encourage papers in a wide range of topics in systems, including:

      • Architectural interaction
      • Benchmarking
      • Deployment experience
      • Distributed and parallel systems
      • Embedded systems
      • Energy/power management
      • File and storage systems
      • Networking and network services
      • Operating systems
      • Reliability, availability, and scalability
      • Security, privacy, and trust
      • Self-managing systems
      • Usage studies and workload characterization
      • Virtualization
      • Web technology
      • Wireless and mobile systems

    • TSPUC 2006 2nd International Workshop on Trust, Security and Privacy for Ubiquitous Computing , Buffalo, NY, USA, June 26, 2006. (Submissions due 17 January 2006)

      This workshop aims at focussing the attention of the research community on the increasing complexity and relevance of trust, privacy and security issues in ubiquitous computing. Papers may present theory, applications or practical experiences on topics including, but not limited to:

      • key establishment and key distribution
      • access control models, policies and mechanisms
      • trust and reputation management
      • privacy and identity management
      • digital assets management
      • context/location aware computation
      • self-organizing networks and communities
      • intrusion and anomaly detection
      • secure user-device interfaces
      • distributed consensus in the presence of active adversaries
      • analysis/simulation/validation techniques
      • handling emergent properties
      • phishing - attacks and countermeasures
      • case studies

    • DeSeGov 2006 Workshop on Dependability and Security in e-Government, Held in conjunction with the 1st International Conference on Availability, Reliability and Security (ARES 2006), Vienna, Austria, April 20-22, 2006. (Submissions due 20 January 2006)

      The aim of this workshop is to foster a forum for discussing and presenting recent research results on dependability and security in e-Government applications. Scientific rigor and discussions of state of the art of dependability and security in e-Government are strongly encouraged. Besides, innovative research work in progress and studies of dependability aspects of practical e-Government projects and systems implementation are also welcome. Topics of interest include, although not limited to, the following:

      • Trust and security: provisions and instruments
      • Online availability of public services
      • Service survivability and maintainability
      • Interoperability of services
      • Security in e-democracy (including e-participation and e-voting)
      • E-justice (administration and workflow security for legal processes)
      • Secure federating information access (from different government and third party agencies)
      • Security and reliability in media integration
      • Secure e-government and Identity Management
      • Security and reliability of Smart Card System
      • Availability and reliability of mobile services
      • Data protection and data privacy (e.g. e-health and e-education)
      • Intrusion detection and prevention
      • Anti-spam legislation and solution
      • Public-private- partnerships management
      • Role-based management and usage restriction

    • CSFW 2006 19th IEEE Computer Security Foundations Workshop, Venice, Italy, July 5-7, 2006. (Submissions due 30 January 2006)

      For nearly two decades, CSFW has brought together a small group of researchers to examine foundational issues in information security. Many seminal papers and techniques were first presented at CSFW. We are interested in new theoretical results in computer security, but also in more exploratory presentations. Exploratory work may examine open questions and raise fundamental concerns about existing theories. Panel proposals are welcome as well as papers. Possible topics include, but are not limited to:

      • Authentication
      • Information flow
      • Security protocols
      • Anonymity and Privacy
      • Electronic voting
      • Network security
      • Resource usage control
      • Access control
      • Trust and trust management
      • Security models
      • Intrusion detection
      • Data and system integrity
      • Database security
      • Distributed systems security
      • Security for mobile computing
      • Executable content
      • Decidability and complexity
      • Formal methods for security
      • Language-based security

    • CEC 2006 IEEE CEC 2006 Special Session on Evolutionary Computation in Cryptology and Computer Security, Vancouver, BC, Canada, July 16-21, 2006. (Submissions due 31 January 2006)

      Techniques taken from the field of Evolutionary Computation (especially Genetic Algorithms, Genetic Programming, Artificial Immune Systems, but also others) are steadily gaining ground in the area of cryptology and computer security. The special session encourages the submission of novel research at all levels of abstraction (from the design of cryptographic primitives through to the analysis of security aspects of "systems of systems").

    • EUROPKI 2006 3rd European PKI workshop: theory and practice, Turin, Italy, June 19-20, 2006. (Submissions due 31 January 2006)

      The 3rd European PKI workshop: theory and practice is focusing on research and applications on all aspects of public-key certificates and Public Key Infrastructures. Submitted papers may present theory, applications or practical experiences on topics including, but not limited to:

      • Modelling and Architecture
      • Bridge CA
      • Cross Certification
      • Directories
      • Mobile PKI
      • Authentication
      • Reliability in PKI
      • Certificate Policy
      • Privacy
      • Fault-Tolerance in PKI
      • Privilege Management and PMI
      • PKI Performance Evaluation
      • eCommerce, eBusiness, eGovernment applications
      • Key Management and Recovery
      • Certificate Status Information
      • Interoperability
      • Repository Protocols
      • Timestamping
      • Verification
      • Standards
      • Certification Practice Statements
      • Legal issues, Policies & Regulations
      • Case Studies
      • Trust

    • USENIX Security 2006 15th USENIX Security Symposium, Vancouver, B.C., Canada, July 31-August 4, 2006. (Submissions due 1 February 2006)

      The USENIX Security Symposium brings together researchers, practitioners, system administrators, system programmers, and others interested in the latest advances in the security of computer systems and networks.
      
      All researchers are encouraged to submit papers covering novel and scientifically significant practical works in security or applied cryptography. The Symposium will span five days: a training program will be followed by a two and one-half day technical program, which will include refereed papers, invited talks, Work-in-Progress reports, panel discussions, and Birds-of-a-Feather sessions. New in 2006, a workshop, titled Hot Topics in Security (HotSec '06), will be held in conjunction with the main conference. More details will be announced soon on the USENIX Web site.

    • ACISP 2006 11th Australasian Conference on Information Security and Privacy, Melbourne, Australia, July 3 - 5, 2006. (Submissions due 13 February 2006)

      Original papers pertaining to all aspects of information security and privacy are solicited for submission to the 11th Australasian Conference on Information Security and Privacy (ACISP 2006). Papers may present theory, techniques, applications and practical experiences on a variety of topics. Topics of interest include, but are not limited to:

      • Cryptology
      • Mobile communications security
      • Database security
      • Authentication and authorization
      • Secure operating systems
      • Intrusion detection
      • Access control
      • Security management
      • Security protocols
      • Network security
      • Secure commercial applications
      • Privacy Technologies
      • Smart cards
      • Key management and auditing
      • Mobile agent security
      • Risk assessment
      • Secure electronic commerce
      • Privacy and policy issues
      • Copyright protection
      • Security architectures and models
      • Evaluation and certification
      • Software protection and viruses
      • Computer forensics
      • Distributed system security
      • Phishing attacks and countermeasures

    • TrustBus 2006 3rd International Conference on Trust, Privacy and Security of Digital Business, Held in conjunction with the 17th International Conference on Database and Expert Systems Applications (DEXA 2006), Krakow, Poland, September 4-8, 2006. (Submissions due 22 February 2006)

      TrustBus06 will bring together researchers from different disciplines, developers, and users all interested in the critical success factors of digital business systems. We are interested in papers, work-in-progress reports, and industrial experiences describing advances in all areas of digital business applications related to trust and privacy, including, but not limited to:

      • Anonymity and pseudonymity in business transactions
      • Business architectures and underlying infrastructures
      • Common practice, legal and regulatory issues
      • Cryptographic protocols
      • Delivery technologies and scheduling protocols
      • Design of businesses models with security requirements
      • Economics of Information Systems Security
      • Electronic cash, wallets and pay-per-view systems
      • Enterprise management and consumer protection
      • Identity and Trust Management
      • Intellectual property and digital rights management
      • Intrusion detection and information filtering
      • Languages for description of services and contracts
      • Management of privacy & confidentiality
      • Models for access control and authentication
      • Multimedia web services
      • New cryptographic building-blocks for e-business applications
      • Online transaction processing
      • PKI & PMI
      • Public administration, governmental services
      • P2P transactions and scenarios
      • Real-time Internet E-Services
      • Reliability and security of content and data
      • Reliable auction, e-procurement and negotiation technology
      • Reputation in services provision
      • Secure process integration and management
      • Security and Privacy models for Pervasive Information Systems
      • Security Policies
      • Shopping, trading, and contract management tools
      • Smartcard technology
      • Transactional Models
      • Trust and privacy issues in mobile commerce environments
      • Usability of security technologies and services

    • SecUbiq 2006 2nd International Workshop on Security in Ubiquitous Computing Systems, Seoul, Korea, August 1-4, 2006. (Submissions due 22 February 2006)

      Ubiquitous computing technology provides an environment where users expect to access resources and services anytime and anywhere. The serious security risks and problems arise because resources can now be accessed by almost anyone with a mobile device in such an open model. The security threats exploited the weakness of protocols as well as operating systems, and also extended to attack ubiquitous applications. The security issues, such as authentication, access control, trust management, privacy and anonymity, etc., should be fully addressed. This workshop provides a forum for academic and industry professionals to discuss recent progress in the area of ubiquitous computing system security, and includes studies on analyses, models and systems, new directions, and novel applications of established mechanisms approaching the risks and concerns associated with the utilization and acceptance of ubiquitous computing devices and systems. Topics: Topics of interest include, but are not limited to:

      • Access control
      • Ad hoc and sensor network security
      • Buffer overflows
      • Commercial and industrial security
      • Cryptographic algorithms and protocols
      • Data privacy and trustiness
      • Digital signatures
      • Distributed denial of service attacks
      • Information hiding and multimedia watermarking in distributed systems
      • Internet and web security
      • Intrusion detection and protection systems
      • Key management and authentication
      • Mobile codes security
      • Network security issues and protocols
      • Privacy and anonymity
      • Privacy issues in the use of smart cards and RFID systems
      • Security in e-commerce and e-business and other applications
      • Security in P2P networks and Grid computing
      • Security in distributed and parallel systems
      • Software security
      • Trust management

    • ISC 2006 9th Information Security Conference, Pythagoras, Greece, August 30 - September 2, 2006. (Submissions due 1 March 2006)

      ISC is an annual international conference covering research in and applications of Information Security. ISC aims to attract high quality papers in all technical aspects of information security. Topics of interest include, but are not limited to, the following:

      • Access Control
      • Accounting and Audit
      • Anonymity and Pseudonymity
      • Applied Cryptography
      • Authentication and Non-repudiation
      • Biometrics
      • Cryptographic Protocols
      • Database and System Security
      • Design and Analysis of Cryptographic Algorithms
      • Digital Rights Management
      • eCommerce, eBusiness and eGovernment Security
      • Foundations of Computer Security
      • Grid Security
      • Identity and Trust Management
      • Information Flow
      • Information Hiding and Watermarking
      • Infrastructure Security
      • Intrusion Detection and Prevention
      • Mobile, Ad Hoc and Sensor Network Security
      • Network and Wireless Network Security
      • Peer-to-Peer Network Security
      • PKI and PMI
      • Privacy
      • Security and Privacy Economics
      • Security and Privacy in IT Outsourcing
      • Security and Privacy in Pervasive and Ubiquitous Computing
      • Security Verification
      • Security for Mobile Code
      • Security Modeling and Architecture
      • Trusted Computing
      • Security Models for Ambient Intelligence environments
      • Usable Security

    • DBSEC 2006 20th Annual IFIP WG 11.3 Working Conference on Data and Applications Security, Sophia Antipolis, France, July 31-August 2, 2006. (Submissions due 1 March 2006)

      The conference provides a forum for presenting original unpublished research results, practical experiences, and innovative ideas in data and applications security. Papers and panel proposals are solicited. The conference is limited to about forty participants so that ample time for discussion and interaction may occur. Proceedings will be published by Springer as the next volume in the Research Advances in Database and Information Systems Security series. Papers may present theory, techniques, applications, or practical experience on topics of interest of IFIP WG11.3:

      • Access Control
      • Application level attacks and intrusion detection
      • Applied cryptography in data security
      • Identity theft and countermeasures
      • Integrity maintenance
      • Intrusion tolerance and trusted recovery
      • Knowledge discovery and privacy
      • Organizational security
      • Privacy and privacy-preserving data management
      • Secure transaction processing
      • Security assessment, planning and administration
      • Secure information integration
      • Secure sensor information processing
      • Threats, vulnerabilities, and risk management
      • Trust management
      • Web services/application security
      • Secure Semantic Web

    • PET 2006 6th Workshop on Privacy Enhancing Technologies, Robinson College, Cambridge, United Kingdom, June 28 - June 30, 2006. (Submissions due 3 March 2006)

      Privacy and anonymity are increasingly important in the online world. Corporations, governments, and other organizations are realizing and exploiting their power to track users and their behavior. Approaches to protecting individuals, groups, but also companies and governments from profiling and censorship include decentralization, encryption, distributed trust, and automated policy disclosure. This 6th workshop addresses the design and realization of such privacy services for the Internet and other communication networks by bringing together anonymity and privacy experts from around the world to discuss recent advances and new perspectives. Suggested topics include but are not restricted to:

      • Anonymous communications and publishing systems
      • Censorship resistance
      • Pseudonyms, identity management, linkability, and reputation
      • Data protection technologies
      • Location privacy
      • Privacy in Ubiquitous Computing Environments
      • Policy, law, and human rights relating to privacy
      • Privacy and anonymity in peer-to-peer architectures
      • Economics of privacy
      • Fielded systems and techniques for enhancing privacy in existing systems
      • Protocols that preserve anonymity/privacy
      • Privacy-enhanced access control or authentication/certification
      • Privacy threat models
      • Models for anonymity and unobservability
      • Attacks on anonymity systems
      • Traffic analysis
      • Profiling and data mining
      • Privacy vulnerabilities and their impact on phishing and identity theft
      • Deployment models for privacy infrastructures
      • Novel relations of payment mechanisms and anonymity
      • Usability issues and user interfaces for PETs
      • Reliability, robustness and abuse prevention in privacy systems

    • PLAS 2006 ACM SIGPLAN Workshop on Programming Languages and Analysis for Security, Ottawa, Canada, June 10, 2006. (Submissions due 3 March 2006)

      The goal of PLAS 2006 is to provide a forum for researchers and practitioners to exchange and understand ideas and to seed new collaboration on the use of programming language and program analysis techniques that improve the security of software systems. The scope of PLAS includes, but is not limited to:

      • Language-based techniques for security
      • Program analysis and verification (including type systems and model checking) for security properties
      • Compiler-based and program rewriting security enforcement mechanisms
      • Security policies for information flow and access control
      • High-level specification languages for security properties
      • Model-driven approaches to security
      • Applications, examples, and implementations of these security techniques

    • WEIS 2006 5th Workshop on the Economics of Information Security, University of Cambridge, England, June 26-28, 2006. (Submissions due 20 March 2006)

      One of the most exciting and rapidly-growing fields at the boundary between technology and the social sciences is the economics of information security. Many security and privacy failures are not purely technical: for example, the person best placed to protect a system may be poorly motivated if the costs of system failure fall on others. Many pressing problems, such as spam, are unlikely to be solved by purely technical means, as they have economic and policy aspects too. Building dependable systems also raises questions such as open versus closed systems, the pricing of vulnerabilities and the frequency of patching. The `economics of bugs' are of growing importance to both vendors and users. Original research papers are sought for the Fifth Workshop on the Economics of Information Security. Topics of interest include the dependability of open source and free software, the interaction of networks with crime and conflict, the economics of digital rights management and trusted computing, liability and insurance, reputation, privacy, risk perception, the economics of trust, the return on security investment, and economic perspectives on spam.

    • CEAS 2006 3rd Conference on Email and Anti-Spam, Mountain View, CA, USA, July 27-28, 2006. (Submissions due 23 March 2006)

      The Conference on Email and Anti-Spam (CEAS) invites short and long paper submissions on research results pertaining to a broad range of issues in email and Internet communication. Submissions may address issues relating to any form of electronic messaging, including traditional email, instant messaging, mobile telephone text messaging, and voice over IP. Issues of interest include the analysis and abatement of abuses (such as spam, phishing, identity theft, and privacy invasion) as well as enhancements to and novel applications of electronic messaging.

  • Calendar items
    • 1/15/06: ACNS, 4th International Conference on Applied Cryptography and Network Security, Singapore; Submissions are due
    • 1/16/06- 1/19/06: AISW-NetSec, Australasian Information Security Workshop, Hobart, Tasmania, Australia
    • 1/17/06: USENIX, USENIX Annual Technical Conference, Boston, MA; Submissions are due
    • 1/17/06: TSPUC, 2nd International Workshop on Trust, Security and Privacy for Ubiquitous Computing, Buffalo, NY; Submissions are due
    • 1/20/06: DeSeGov, Workshop on Dependability and Security in e-Government, Vienna, Austria; Submissions are due
    • 1/30/06: CSFW, 19th IEEE Computer Security Foundations Workshop, Venice, Italy; Submissions are due
    • 1/31/06: CEC, IEEE CEC 2006 Special Session on Evolutionary Computation in Cryptology and Computer Security, Vancouver, BC, Canada; Submissions are due
    • 1/31/06: EUROPKI, 3rd European PKI workshop: theory and practice, Turin, Italy; Submissions are due
    • 2/ 1/06: USENIX Security, 15th USENIX Security Symposium, Vancouver, B.C., Canada; Submissions are due
    • 2/ 2/06- 2/ 3/06: NDSS, Network and Distributed System Security Symposium, San Diego, California
    • 2/13/06: ACISP, 11th Australasian Conference on Information Security and Privacy, Melbourne, Australia; Submissions are due
    • 2/22/06: TrustBus, 3rd International Conference on Trust, Privacy and Security of Digital Business, Krakow, Poland; Submissions are due
    • 2/22/06: SecUbiq, 2nd International Workshop on Security in Ubiquitous Computing Systems, Seoul, Korea; Submissions are due
    • 2/22/06- 2/23/06: Nano-Security, Nano-Security Workshop, Gaithersburg, MD;
    • 2/27/06-3/ 2/06: FC, 10th International Conference on Financial Cryptography and Data Security, Anguilla, British West Indies;
    • 3/ 1/06: International Journal of Networks and Security (IJSN), Special Issue on Cryptography in Networks; Submissions are due
    • 3/ 1/06: ISC, 9th Information Security Conference, Pythagoras, Greece; Submissions are due
    • 3/ 1/06: DBSEC, 20th Annual IFIP WG 11.3 Working Conference on Data and Applications Security, Sophia Antipolis, France; Submissions are due
    • 3/ 1/06- 3/ 3/06: TRIDENTCOM, 2nd International IEEE/Create-Net Conference on Testbeds and Research Infrastructures for the Development of Networks and Communities, Barcelona, Spain;
    • 3/ 3/06: PET, 6th Workshop on Privacy Enhancing Technologies, Robinson College, Cambridge, UK; Submissions are due
    • 3/ 3/06: PLAS, ACM SIGPLAN Workshop on Programming Languages and Analysis for Security, Ottawa, Canada; Submissions are due
    • 3/13/06- 3/15/06: ISSSE, International Symposium on Secure Software Engineering, Washington DC
    • 3/15/06: Journal of Machine Learning Research, Special Issue on Machine Learning for Computer Security; Submissions are due
    • 3/15/06- 3/17/06: FSE, 13th annual Fast Software Encryption workshop, Graz, Austria;
    • 3/20/06: WEIS, 5th Workshop on the Economics of Information Security, University of Cambridge, UK; Submissions are due
    • 3/21/06- 3/23/06: AsiaCCS, ACM Symposium on Information, Computer and Communications Security, Taipei, Taiwan
    • 3/23/06: CEAS, 3rd Conference on Email and Anti-Spam, Mountain View, CA; Submissions are due
    • 3/25/06- 3/26/06: WITS, 6th International Workshop on Issues in the Theory of Security, Vienna, Austria
    • 4/ 4/06- 4/ 6/06: PKI R&D Workshop, 5th Annual PKI R&D Workshop: Making PKI Easy to Use, Gaithersburg, MD
    • 4/10/06- 4/12/06: WIA, Workshop on Information Assurance, Phoenix, Arizona
    • 4/10/06- 4/13/06: WEBIST, 2nd International Conference on Web Information Systems and Technologies, Setubal, Portugal
    • 4/11/06- 4/14/06: ISPEC 2006 2nd Information Security Practice and Experience Conference, Hangzhou, China
    • 4/13/06- 4/14/06: IWIA, Information Assurance Workshop, Royal Holloway, UK
    • 4/18/06: WSSEET, Workshop on Secure Software Engineering Education and Training, Turtle Bay, Oahu, HI
    • 4/18/06- 4/20/06: SNDS, 2nd International Workshop on Security in Networks and Distributed Systems, Vienna, Austria
    • 4/18/06- 4/21/06: SPC, 3rd International Conference on Security in Pervasive Computing, York, UK
    • 4/20/06- 4/22/06: ARES, 1st International Conference on Availability, Reliability and Security, Vienna, Austria
    • 4/20/06- 4/22/06: DeSeGov, Workshop on Dependability and Security in e-Government, Vienna, Austria
    • 4/23/06- 4/27/06: SAC-TRECK, ACM Symposium on Applied Computing, Track: Trust, Recommendations, Evidence and other Collaboration Know-how, Dijon, France
    • 5/ 8/06- 5/11/06: ACIS, Applied Cryptography and Information Security Workshop, Glasgow, UK
    • 5/16/06: iTrust, 4th International Conference on Trust Management, Pisa, Tuscany, Italy
    • 5/16/06- 5/19/06: Cluster-Sec, 2nd International Workshop on Cluster Security, Singapore
    • 5/21/06- 5/24/06: Oakland, the 2006 IEEE Symposium on Security and Privacy, The Claremont Resort, Berkeley/Oakland, CA
    • 5/22/06- 5/24/06: SEC, IFIP TC-11 International Information Security Conference, Karlstad University, Sweden
    • 5/22/06- 5/24/06: I-NetSec, 4th Working Conference on Privacy and Anonymity in Networked and Distributed Systems, Karlstad, Sweden
    • 5/30/06- 6/ 3/06: USENIX, USENIX Annual Technical Conference, Boston, MA
    • 6/ 5/06- 6/ 7/06: SUTC, IEEE International Conference on Sensor Networks, Ubiquitous, and Trustworthy Computing, Taichung, Taiwan
    • 6/ 6/06- 6/ 9/06: ETRICS, International Conference on Emerging Trends in Information and Communication Security, Freiburg, Germany
    • 6/ 6/06- 6/ 9/06: ACNS, 4th International Conference on Applied Cryptography and Network Security, Singapore
    • 6/10/06: PLAS, ACM SIGPLAN Workshop on Programming Languages and Analysis for Security, Ottawa, Canada
    • 6/19/06- 6/20/06: EUROPKI, 3rd European PKI workshop: theory and practice, Turin, Italy
    • 6/26/06: TSPUC, 2nd International Workshop on Trust, Security and Privacy for Ubiquitous Computing, Buffalo, NY
    • 6/26/06- 6/28/06: WEIS, 5th Workshop on the Economics of Information Security, University of Cambridge, UK
    • 6/28/06- 6/30/06: PET, 6th Workshop on Privacy Enhancing Technologies, Robinson College, Cambridge, UK
    • 7/ 3/06- 7/ 5/06: ACISP, 11th Australasian Conference on Information Security and Privacy, Melbourne, Australia
    • 7/ 5/06- 7/ 7/06: CSFW, 19th IEEE Computer Security Foundations Workshop, Venice, Italy
    • 7/10/06- 7/12/06: IHW, 8th Information Hiding Workshop, Alexandria, VA
    • 7/13/06- 7/14/06: DIMVA, 3rd GI SIG SIDAR Conference on Detection of Intrusions & Malware, and Vulnerability Assessment, Berlin, Germany
    • 7/16/06- 7/21/06: CEC, IEEE CEC 2006 Special Session on Evolutionary Computation in Cryptology and Computer Security, Vancouver, BC, Canada
    • 7/25/06- 7/28/06: IFMIP, 5th International Forum on Multimedia and Image Processing, Special Sessions on Information Security and Hardware Implementations, Budapest, Hungary
    • 7/27/06- 7/28/06: CEAS, 3rd Conference on Email and Anti-Spam, Mountain View, CA
    • 7/31/06- 8/ 2/06: DBSEC, 20th Annual IFIP WG 11.3 Working Conference on Data and Applications Security, Sophia Antipolis, France
    • 7/31/06- 8/ 4/06: USENIX Security, 15th USENIX Security Symposium, Vancouver, B.C., Canada
    • 8/ 1/06- 8/ 4/06: SecUbiq, 2nd International Workshop on Security in Ubiquitous Computing Systems, Seoul, Korea
    • 8/30/06- 9/ 2/06: ISC, 9th Information Security Conference, Pythagoras, Greece
    • 9/ 4/06- 9/ 8/06: TrustBus, 3rd International Conference on Trust, Privacy and Security of Digital Business, Krakow, Poland