 |
|
Commentary and Opinion
Richard Austin's review of The Art of Software Security Assessment: Identifying and Preventing Software Vulnerabilities by Mark Dowd, John McDonald and Justin Schuh
NewsBits:
Announcements and correspondence from readers (please contribute!)
IETF Domain Keys Identified Email Standardization Status:
Cipher
calls-for-papers
and
calendar
Calendar
(the calls-for-papers and the calendar announcements may differ
slightly in content or time of update):
IWSSE 2007 1st IEEE International Workshop on Security in Software Engineering, Held in conjunction with the 31st Annual International Computer Software and Applications Conference (COMPSAC 2007), Beijing, China, July 24-27, 2OO7. (Submissions due 20 March 2007)
The ever growing demand in software security has made it a well recognized multi-disciplinary sub-area across software engineering, security engineering, and programming languages. Software security has thus become a fundamental problem in software engineering, as it mainly focuses on developing secure software and understanding the security risks and managing these risks throughout the lifecycle of software. The purpose of the workshop is to bring together researchers and practitioners in software and application security in order to create a forum for discussing recent advances in improving security in software engineering and inspiring research on new methods and techniques to advance security engineering in industrial practice. Researchers and practitioners worldwide are invited to present their research expertise and experience, and discuss the issues and challenges in security from software engineering perspective. Submissions are invited of quality papers in the following non-exhaustive list of topics:
IAS 2007 3rd International Symposium on Information Assurance and Security, Manchester, United Kingdom, August 29-31, 2007. (Submissions due 20 March 2007)
Information assurance and security has become an important research issue in networked and distributed information sharing environments. Finding effective ways to protect information systems, networks and sensitive data within the critical information infrastructure is challenging even with the most advanced technology and trained professionals. The International Symposium on Information Assurance and Security aims to bring together researchers, practitioners, developers, and policy makers involved in multiple disciplines of information security and assurance to exchange ideas and to learn the latest development in this important field. Previously unpublished work offering novel research and application contributions in any aspect of information assurance, security and privacy are solicited for submission to the IAS'07 symposium. Proposals for workshops, panels and tutorials are also welcome. Topics of interest include, but are not limited to, the following:
W2SP 2007 Workshop on Web 2.0 Security and Privacy , The Claremont Resort, Oakland, California, USA, May 24, 2007. (Submissions due 23 March 2007)
The goal of this one day workshop is to bring together researchers and practitioners from academia and industry to focus on understanding Web 2.0 security and privacy issues, and establishing new collaborations in these areas. Web 2.0 is about connecting people and amplifying the power of working together. The goal of connecting people is bringing together a broad range of technologies and social forces. We have witnessed a rapid proliferation of social computing web sites and content. This mixing of technology and social interaction is also occurring in the context of a wave of technologies supporting rapid development of these interpersonal interactions. Many of these new web technologies rely on the composition of content and services from multiple sources. On one end of the technology spectrum we have simple services such as blogs and wikis. However there are far more complex technology composition (mash-up) examples. The content composition trend is likely to continue. The lure is the promise of inexpensive and easy ways to compose software service and content. However, there are issues with respect to management of identities, reputation, privacy, anonymity, transient and long term relationships, and composition of function and content, both on the server side and inside the web browser. While the security and privacy issues are not new (many of these issues already exist with portal servers and browsers), the security issue is increasingly becoming acute as the technologies are adopted and adapted to appeal to a wider developer audience. Some of these technologies deliberately bypass existing security mechanisms. This workshop is intended to discuss the limitations of the current technologies and explore alternatives. The scope of W2SP 2007 includes, but is not limited to:
SECRYPT 2007 International Conference on Security and Cryptography, Barcelona, Spain, July 28-31, 2007. (Submissions due 26 March 2007)
The purpose of SECRYPT 2007 the International Conference on Security and Cryptography is to bring together researchers, mathematicians, engineers and practitioners interested on security aspects related to information and communication. Theoretical and practical advances in the fields of cryptography and coding are a key factor in the growth of data communications, data networks and distributed computing. In addition to the mathematical theory and practice of cryptography and coding, SECRYPT also focus on other aspects of information systems and network security, including applications in the scope of the knowledge society in general and information systems development in particular, especially in the context of e-business, internet and global enterprises. Papers describing original work are invited in any of the areas listed below:
SecPerU 2007 3rd International Workshop on Security, Privacy and Trust in Pervasive and Ubiquitous Computing, Held in conjunction with the EEE International Conference on Pervasive Services (ICPS 2007), Istanbul, Turkey, July 20, 2007. (Submissions due 29 March 2007)
Ambient assisted living concept is envisioned through a new paradigm of interaction inspired by constant provision to information and computational resources. This provision will be enabled through invisible devices that offer distributed computing power and spontaneous connectivity. A nomad traversing residential, working, and advertising environments will seamlessly and constantly be served by small mobile devices like portables, handheld, embedded or wearable computers. This paradigm of leaving and interacting introduces new security, trust and privacy risks. Thus, methods and technology to support confidence in this concept are revisited. The objectives of the SecPerU2007 Workshop are to develop new security, privacy and trust concepts for complex application scenarios based on systems like handhelds, phones, smart cards, sensors, actuators and RF tags, with the emerging technology of ubiquitous and pervasive computing. We welcome the submission of papers from the full spectrum of issues related with security, privacy and trust in pervasive and ubiquitous computing. Papers may focus on architectures, methods, technologies, protocols, prototype developments, case studies, applications, practical experiences, simulation results and analysis, theory and validation on pervasive and ubiquitous computing topics include, but not limited to:
CNSS 2007 Computer and Network Security Symposium, Held in conjunction with the International Wireless Communications & Mobile Computing Conference (IWCMC 2007), Honolulu, Hawaii, USA, August 12-16, 2007. (Submissions due 30 March 2007)
The main objective of this symposium is to promote further research interests and activities on computer and network security. It is also aimed at increasing the synergy between academic and industrial researchers working in this area. We are interested in theoretic, experimental, and systems-related papers in all aspects of computer and network security. Scope of the Computer and Network Security Symposium includes, but is not limited to:
ESORICS 2007 12th European Symposium on Research in Computer Security, Dresden, Germany, September 24-26, 2007. (Submissions due 30 March 2007)
Papers offering novel research contributions on any aspect of computer security are solicited for submission to the Twelfth European Symposium on Research in Computer Security (ESORICS 2007). Organized in a series of European countries, ESORICS is confirmed as the European research event in computer security. Papers may present theory, mechanisms, applications, or practical experience on all traditional or emerging topics relevant for security in computing systems. For example, the submissions might treat any innovative aspects of one or several topics listed in the following:
RAID 2007 10th International Symposium on Recent Advances in Intrusion Detection, Gold Coast, Queensland, Australia, September 5-7, 2007. (Submissions due 31 March 2007)
This symposium, the 10th in an annual series, brings together leading researchers and practitioners from academia, government, and industry to discuss issues and technologies related to intrusion detection and defense. The Recent Advances in Intrusion Detection (RAID) International Symposium series is intended to further advances in intrusion defense by promoting the exchange of ideas in a broad range of topics. As in previous years, all topics related to intrusion detection, prevention and defense systems and technologies are within scope, including but not limited to the following:
PLAS 2007 ACM SIGPLAN Workshop on Programming Languages and Analysis for Security, San Diego, CA, USA, June 14, 2007. (Submissions due 1 April 2007)
PLAS aims to provide a forum for exploring and evaluating ideas on the use of programming language and program analysis techniques to improve the security of software systems. Strongly encouraged are proposals of new, speculative ideas; evaluations of new or known techniques in practical settings; and discussions of emerging threats and important problems. The scope of PLAS includes, but is not limited to:
DFRWS 2007 7th Annual Digital Forensic Research Workshop, Pittsburgh, PA, USA, August 13-15, 2007. (Submissions due 2 April 2007)
DFRWS brings together leading researchers, developers, practitioners, and educators interested in advancing the state of the art in digital forensics from around the world. As the most established venue in the field, DFRWS is the preferred place to present both cutting- edge research and perspectives on best practices for all aspects of digital forensics. As an independent organization, we promote open community discussions and disseminate the results of our work to the widest audience. We invite original contributions as research papers (long and short), panel proposals, and demo proposals. All papers are evaluated through a double-blind peer-review process, and those accepted will be published in printed proceedings by Elsevier. Topics of Interest are:
GOCP 2007 1st International Workshop on Group-Oriented Cryptographic Protocols, Held in conjunction with the 34th International Colloquium on Automata, Languages and Programming (ICALP 2007), Wroclaw, Poland, July 9, 2007. (Submissions due 2 April 2007)
Group-oriented cryptographic protocols are foundational for the security of various group applications, like digital conferencing, groupware, group communication systems, computer-supported collaborative work-flow systems, multi-user information distribution and sharing, data base and server replication systems, peer-to-peer and ad-hoc groups, group-based admission and access management, electronic voting and election, applications in federative or distributed environment, etc. A variety of cryptographic techniques and assumptions provides a solid basis for the design of provably secure group-oriented cryptographic protocols, which is an important and challenging task. Formal security models for group-oriented cryptographic protocols require consideration of a large number of potential threats resulting from the attacks on the communication channel and from the misbehavior of some protocol participants. These challenges and the emerging development of multi-party and group-oriented applications are just some reasons for setting up a new cryptographic workshop, solely dedicated to the security issues of cryptographic protocols used in these scenarios. The GOCP 2007 workshop encourages submissions concerning cryptographic foundations, formal security models, and actual design of all kinds of group-oriented cryptographic protocols, schemes, and applications. Topics of interest include (in alphabetical order):
IWSEC 2007 2nd International Workshop on Security, Nara, Japan, October 29-31, 2007. (Submissions due 13 April 2007)
The complex structure of networks, middleware, agents, P2P applications and ubiquitous computing for commercial, personal, communal and public use, brought forth the advent of information society in the cyberspace. However the system poses new and diverse threats to the world. It is imperative for the security researchers to look into the issues from an interdisciplinary perspective. Papers may present theory, applications or practical experiences on topics including, but not limited to:
USM 2007 Workshop on Usable IT Security Management, Held in conjunction with the 3rd Symposium On Usable Privacy and Security (SOUPS 2007), Pittsburgh, PA, USA, July 18, 2007. (Submissions due 13 April 2007)
USM '07 solicits short position papers from academia and industry about all aspects of IT security management usability. The workshop will provide an opportunity for interdisciplinary researchers and practitioners to discuss this fascinating and important topic. Those interested in presenting at the workshop should submit a position paper of up to four pages along with a cover letter describing their research interests, experience, and background in the area of usable IT security management. Workshop papers will be posted on the SOUPS website and distributed to attendees on the SOUPS 2007 CD. However, workshop papers will not be formally published, and therefore may include work the authors plan to publish elsewhere.
NSS 2007 IFIP International Workshop on Network and System Security, Dalian, China, September 20, 2007. (Submissions due 14 April 2007)
In recent years, there has been significant increase in Internet attacks, such as DDoS, viruses, worms, spyware, and malware, etc, causing huge economical and social damage. While the attack systems have become more easy-to-use, sophisticated, and powerful, interest has greatly increased in the field of building more effective, intelligent, and active defense systems which are distributed and networked. We will focus our program on issues related to Network and System Security, such as authentication, access control, availability, integrity, privacy, confidentiality, dependability and sustainability of network defense systems. We also welcome research reports on network attack systems; because we believe only by fully understanding the attack mechanisms can we perform effective and comprehensive defense. The aim of this workshop is to provide a leading edge forum to foster interaction between researchers and developers with the network and system security communities, and to give attendees an opportunity to network with experts in network and system security. Topics include, but not limited to:
ACSF 2007 2nd Conference on Advances in Computer Security and Forensics, Liverpool, UK, July 12-13, 2007. (Submissions due 30 April 2007)
Computer security and computer forensics are at the forefront in the fight against malicious activity facilitated by our increased use of computer and network technologies. Computer security preserves system integrity whilst computer forensics aims to explain the cause for an event or set of events. Computer security is an established field of computer science, whilst computer forensics is receiving an increased amount of attention amongst the research community. Due to the degree of overlap in the raw material used by both fields, they have much to learn from one another. The purpose of this conference is to bring together researchers and practitioners to present and share the latest developments in research and applications from both fields. The topics below are for guidance only and not as an exhaustive list:
WSNS 2007 3rd IEEE International Workshop on Wireless and Sensor Networks Security, Held in conjunction with the 4th IEEE Intl. Conf. on Mobile Ad-hoc and Sensor Systems (MASS 2007), Pisa, Italy, October 8, 2007. (Submissions due 30 April 2007)
Wireless networks have experienced an explosive growth during the last few years. Nowadays, there is a large variety of networks spanning from the well-known cellular networks to non-infrastructure wireless networks such as mobile ad hoc networks and sensor networks. Security issue is a central concern for achieving secured communication in these networks. This one day workshop aims to bring together researchers and practitioners from wireless and sensor networking, security, cryptography, and distributed computing communities, with the goals of promoting discussions and collaborations. We are interested in novel research on all aspects of security in wireless and sensor networks and tradeoff between security and performance such as QoS, dependability, scalability, etc. Topics include, but not limited to:
WDFIA 2007 2nd Annual Workshop on Digital Forensics and Incident Analysis, Samos, Greece, August 27-28, 2007. (Submissions due 30 April 2007)
The field of digital forensics is rapidly evolving and continues to gain significance in both the law enforcement and the scientific community. The field is intrinsically interdisciplinary, drawing upon fields such as information & communication technologies, law, social sciences and business administration. The second workshop on digital forensics and incident analysis, hosted by the University of the Aegean in the island of Samos, aims to provide a forum for researchers and practitioners focusing on different aspects of digital forensics and incident analysis to present original, unpublished research results and innovative ideas. We welcome the submission of papers from the full spectrum of issues relating to the theory and practice of digital forensics and incident analysis. Areas of special interest include, but are not limited to:
Security Journal of Universal Computer Science (JUCS), Special Issue on Cryptography in Computer System February 2008. (Submission Due 1 May 2007)
Guest editors: Liqun Chen (Hewlett-Packard Labs, UK), Ed Dawson (Queensland University of Technology, Australia), Xuejie Lai (Shanghai Jiao Tong University, China), Masahiro Mambo (Tsukuba University, Japan), Atsuko Miyaji (JAIST, Japan), Yi Mu (University of Wollongong, Australia), David Pointcheval (Ecole Normale Sup?ieure, France), Bart Preneel (Katholieke Universiteit Leuven, Belgium), Nigel Smart (Bristol University, UK), Willy Susilo (University of Wollongong, Australia), Huaxiong Wang (Macquarie University, Australia), and Duncan Wong (City University of Hong Kong, China)
Cryptography has been playing an important role to ensure the security and reliability of modern computer systems. Since high speed and broad bandwidth have been becoming the keywords for modern computer systems, new cryptographic methods and tools must follow up in order to adapt to these new and emerging technologies. This Special Issue aims to provide a platform for security researchers to present their newly developed cryptographic technologies in computer systems. Areas of interest for this special journal issue include, but are not limited to, the following topics:
CCS 2007 14th ACM Conference on Computer and Communications Security, Alexandria, VA, USA, October 29 - November 2, 2007. (Submissions due 8 May 2007)
The conference seeks submissions from academia and industry presenting novel research on all theoretical and practical aspects of computer security, as well as case studies and implementation experiences. Papers should have practical relevance to the construction, evaluation, application, or operation of secure systems. Theoretical papers must make convincing argument for the practical significance of the results. Topics of interest include, but are not limited to:
ICISS 2007 3rd International Conference on Information Systems Security, Delhi, India, December 16-20, 2007. (Submissions due 11 May 2007)
After the successful organization of ICISS 2006 at the Indian Statistical Institute, Kolkata, India, the 3nd conference will be organized by the University of Delhi. ICISS presents a forum for disseminating the latest research results in Information Systems Security and related areas. Topics of interest include but are not limited to:
eCrime 2007 2nd APWG eCrime Researchers Summit, Pittsburgh, PA, USA, October 4-5, 2007. (Submissions due 15 May 2007)
The second Anti-Phishing Working Group (APWG) eCrime Researchers Summit will be hosted by Carnegie Mellon CyLab, October 4-5, 2007, in Pittsburgh, PA. Original papers on all aspects of electronic crime are solicited for submission to eCrime '07. Topics of relevance include but are not limited to:
WISA 2007 8th International Workshop on Information Security Applications, Jeju Island, Korea, August 27-29, 2007. (Submissions due 19 May 2007)
The focus of the 8th International Workshop on Information Security Applications (WISA 2007) is on all technical and practical aspects of cryptographic and non-cryptographic security applications. The workshop will serve as a forum for new results from the academic research community as well as from the industry. The areas of interest include, but are not limited to:
SISW 2007 4th International IEEE Security in Storage Workshop, San Diego, California, USA, September 27, 2007. (Submissions due 1 June 2007)
Stored information critical to individuals, corporations and governments must be protected, but the continually changing uses of storage and the exposure of storage media to adverse conditions make meeting that challenge increasingly difficult. Example uses include employment of large shared storage systems for cost reduction and, for convenience, wide use of transiently-connected storage devices offering significant capacities and manifested in many forms, often embedded in mobile devices. Protecting intellectual property, personal records, health records, and military secrets when media or devices are lost, stolen, or captured is critical to information owners. To remain or become viable, activities that rely on storage technology require a comprehensive systems approach to storage security. This workshop serves as an open forum to discuss storage threats and the technology and deployment of countermeasures. The workshop seeks submissions from academia and industry presenting novel research on all theoretical and practical aspects of designing, building and managing secure storage systems; possible topics include, but are not limited to the following:
SECOVAL 2007 3rd Annual Workshop on the Value of Security through Collaboration in cooperation, Held in conjunction with the 3rd International Conference on Security and Privacy in Communication Networks (SecureComm 2007), Nice, France, September 17-21, 2007. (Submissions due 3 June 2007)
This year SECOVAL is focusing upon a special research subtopic within the scope of collaborative security, namely, Privacy and Data Sanitization. Any useful collaboration is at some point sharing data. Unfortunately, data sharing is one of the greatest hurdles getting in the way of otherwise beneficial collaborations. Data regarding one's security stance is particularly sensitive, often indicating ones own security weaknesses. This data could include computer or network logs of security incidents, architecture documents, or sensitive organizational information. Even when the data may not compromise the data owner's security stance, sharing may violate a customer's privacy. Data sanitization techniques such as anonymization and other mechanisms such as privacy-preserving data mining and statistical data mining try to address this tension between the need to share information and protect sensitive information and user privacy. Topics of interest to the workshop include, but are not limited to:
DIM 2007 3rd ACM Workshop on Digital Identity Management, Held in conjunction with the 14th ACM Conference on Computer and Communications Security (CCS 2007), Fairfax, VA, USA, November 2, 2007. (Submissions due 15 June 2007)
To ensure that the emerging identity management technologies are accepted by end-users, we must reconcile (or strike the right balance between) two goals that are generally thought to be contradictory: the usability of the systems on one hand and their security and privacy on the other. The aim of this workshop is to gather vendors, users, and researchers, in the areas of identity management, to discuss and provide recommendations for the best approaches for making implementable and deployable improvements to the usability of identity management. Topics of particular interest include (but are not limited to):
IEEE Software, Special Issue on Security for the Rest of Us: An Industry Perspective on the Secure Software Challenge January/February 2008. (Submission Due 1 July 2007)
Guest editors: Konstantin Beznosov (University of British Columbia, Canada) and Brian Chess (Fortify Software)
The public need for good software security becomes more acute every day. Typical activities - including selecting, purchasing, and consuming services and products, conducting business, and holding national elections - increasingly depend on secure software. While security was once a specialty of interest to only a small number of developers, it's now a critical topic for almost all software developers, project managers, and decision makers. The world's software industry includes thousands of software vendors from humongous enterprises to one-person shops, and the industry as a whole must face the software security challenge. This special issue will report on the state of practice and recent advances related to software security in a wide range of industrial application domains. It will explore practical and pragmatic ways of engineering secure software that can be applied by a wide range of development teams. The issue will report on:
NordSec 2007 12th Nordic Workshop on Secure IT Systems, Reykjavik, Iceland, October 11-12, 2007. (Submissions due 23 July 2007)
Since 1996, the NordSec workshops have brought together computer security researchers and practitioners from the Nordic countries, Northern Europe, and elsewhere. The workshop is focused on applied computer security and is intended to encourage interchange and cooperation between research and industry. Topics include, but are not limited to, the following areas of computer security:
Listing of academic positions available by
Cynthia Irvine
Staying in touch....
Changing your email address? Please send updates to cipher@ieee-security.org
IEEE Computer Society's Technical Committee on Security and Privacy
| TC home page | TC Officers | |
| How to join the TC | TC publications available online | |
| TC Publications for sale | Cipher past issues archive | |
| IEEE Computer Society | Cipher Privacy Policy |