 |
|
Commentary and Opinion
News Briefs: Announcements and correspondence from readers (please contribute!)
Listing of academic positions available by
Cynthia Irvine
Conference and Workshop Announcements
Cipher
calls-for-papers
and
calendar
new calls or announcements added since Cipher E80
(the calls-for-papers and the calendar announcements may differ
slightly in content or time of update):
Wiley InterScience Security and Communication Networks Journal,
Special Issue on Clinical Information Systems (CIS) Security,
July/August 2008.
(Submission Due 10 February 2008) [posted here 11/5/07]
Guest editors: Theodore Stergiou (KPMG Kyriacou Advisors AE, Greece),
Dimitrios Delivasilis (Incrypto Ltd., Greece),
Mark S Leeson (University of Warwick, UK), and
Ray Yueh-Min Huang (National Cheng-Kung University, Taiwan, R.O.C.)
Managing records of patient care has become an increasingly complex issue with
the widespread use of advanced technologies. The vast amount of information for
every routine care must be securely processed over different data bases. Clinical
Information Systems (CIS) address the need for a computerized approach in managing
personal health information. Hospitals and public or private health insurance
organizations are continuously upgrading their database and data management systems
to more sophisticated architectures. The possible support of the large patient archives
and the flexibility of a CIS in providing up-to-date patient information and worldwide
doctors' collaboration, have leveraged the research on CIS both in academic and
government domains. At the same time, it has become apparent that patients require
more control over their clinical data, either being results of clinical examinations
or medical history. Due to the large amount of information that can be found on the
Internet and the free access to medical practitioners and hospitals worldwide,
patients may choose to communicate their information so as to obtain several
expert opinions regarding their conditions. Given the sensitive nature of the
information stored and inevitably in transit, security has become an issue of outmost
necessity. Numerous EU and US research projects have been launched to address security
in CIS (e.g. EUROMED, ISHTAR, RESHEN), whereas regulatory compliance to acts such as
the HIPAA has become an obligation for centers moving to CIS.
This Special Issue will serve as a venue for both academia and industry individuals and
groups working in this fast-growing research area to share their experiences and
state-of-the-art work with the readers.
The topics of interest in this Special Issue include, but are not limited to:
- Authentication techniques for CIS
- Authorization mechanisms and approaches for patient-centric data
- Public Key Infrastructures to support diverse clinical information environments
and networks
- Cryptographic protocols for use to secure patient-centric data
- Secure communication protocols for the communication of clinical data
- Wireless sensor networks security
- Body sensor networks security
- CIS Database security
- Interoperability across diverse CIS environments (national and multilateral)
- Government and international regulatory and compliance requirements
For more information, please see
http://www3.interscience.wiley.com/cgi-bin/jtoc/114299116/.
APE 2008
1st International Workshop on Advances in Policy Enforcement,
Held in conjunction with the 3rd International Conference on Availability, Reliability and Security (ARES 2008),
Barcelona, Catalonia, Spain, March 4-7, 2008.
(Submissions due 20 November 2007) [posted here 10/8/07]
The problem of complying with increasingly complex requirements is gaining importance
in organizations of all sizes. Such requirements stipulate how organizations must
perform a number of accountable actions with regard to, e.g., accounting -- Basel II
and SOX -- and the treatment of personal information -- HIPAA, Fair Information
Practices and negotiated privacy preferences. From a technical standpoint, these
requirements are mere policies whose modeling (expression), adherence (enforcement),
and verification (audit) dictate the workflow of organizations. The goal of this workshop
is to bring together researchers and practitioners working on innovative methods for
policy enforcement and its a posteriori audit. The focus of the workshop is primarily
technological, yet it encourages papers with a multidisciplinary character, encompassing
for instance economic, legal, and sociological aspects, as well as papers more purely
focused on information technology. Submission topics include, but are not limited to:
- A posteriori policy enforcement
- Complementing a priori and a posteriori approaches to enforcement
- Usage control
- Audit strategies
- Forensics and legal issues
- Provable enforcement
- Accountability and liability
- Secure logging mechanisms
- Expression of security and privacy requirements
- Monitoring techniques
- Implementation experiences
For more information, please see
http://www.telematik.uni-freiburg.de/ape/.
IFIP-CIP 2008
2nd Annual IFIP WG 11.10 International Conference on Critical Infrastructure Protection,
Arlington, Virginia, USA, March 16-19, 2008.
(Submissions due 31 December 2007) [posted here 10/9/07]
The IFIP Working Group 11.10 on Critical Infrastructure Protection is an active
international community of researchers, infrastructure operators and policy-makers
dedicated to applying scientific principles, engineering techniques and public policy
to address current and future problems in information infrastructure protection.
Following the success of the inaugural conference in March 2007, the Second Annual
IFIP WG 11.10 International Conference on Critical Infrastructure Protection
will again provide a forum for presenting original, unpublished research results
and innovative ideas related to all aspects of critical infrastructure protection.
The conference will be limited to eighty participants to facilitate interactions
among researchers and intense discussions of research and implementation issues.
Areas of interest include, but are not limited to:
- Infrastructure vulnerabilities, threats and risks
- Security challenges, solutions and implementation issues
- Infrastructure sector interdependencies and security implications
- Risk analysis and risk assessment methodologies
- Modeling and simulation of critical infrastructures
- Legal, economic and policy issues related to critical infrastructure protection
- Secure information sharing
- Infrastructure protection case studies
- Distributed control systems/SCADA security
- Telecommunications network security
For more information, please see
http://www.ifip1110.org/.
ATC 2008
5th International Conference on Autonomic and Trusted Computing,
Oslo, Norway, June 23-25, 2008.
(Submissions due 5 January 2008) [posted here 10/29/07]
Computing systems including hardware, software, communication and networks are
growing dramatically in both scale and heterogeneity, becoming overly complex.
Such complexity is getting even more critical with the ubiquitous permeation of
embedded devices and other pervasive systems. To cope with the growing and
ubiquitous complexity, Autonomic Computing (AC) focuses on self-manageable
computing and communication systems that exhibit self-awareness, self-configuration,
self-optimization, self-healing, self-protection and other self-x operations to
the maximum extent possible without human intervention or guidance.
Organic Computing (OC) additionally emphasizes natural-analogue concepts like
self-organization and controlled emergence.
Trusted/Trustworthy Computing (TC) aims at making computing and communication
systems as well as services available, predictable, traceable, controllable,
assessable, sustainable, dependable, persist-able, security/privacy protect-able,
etc. ATC-08 addresses the most innovative research and development in these
challenging areas and includes all technical aspects related to
autonomic/organic computing (AC/OC) and trusted computing (TC).
Topics of interest include, but are not limited to:
- AC/OC Theory and Models (
Nervous/organic models, negotiation, cooperation, competition,
self-organization, emergence, etc.)
- AC/OC Architectures and Systems (Autonomic elements & their relationship,
frameworks, middleware, observer/controller architectures, etc.)
- AC/OC Components and Modules (Memory, storage, database, device, server,
proxy, software, OS, I/O, etc.)
- AC/OC Communication and Services (Networks, self-organized net, web service,
grid, P2P, semantics, agent, transaction, etc.)
- AC/OC Tools and Interfaces (Tools/interfaces for AC/OC system development,
test, monitoring, assessment, supervision, etc.)
- Trust Models and Specifications (Models and semantics of trust,
distrust, mistrust, over-trust, cheat, risk, reputation, reliability, etc.)
- Trust-related Security and Privacy (Trust-related secure architecture,
framework, policy, intrusion detection/awareness, protocols, etc.)
- Trusted Reliable and Dependable Systems (Fault-tolerant systems,
hardware redundancy, robustness, survivable systems, failure recovery, etc.)
- Trustworthy Services and Applications (Trustworthy Internet/web/grid/P2P
e-services, secured mobile services, novel applications, etc.)
- Trust Standards and Non-Technical Issues (Trust standards and issues related
to personality, ethics, sociology, culture, psychology, economy, etc.)
For more information, please see
http://www.ux.uis.no/atc08/.
SEC 2008
23rd International Information Security Conference,
Co-located with IFIP World Computer Congress 2008,
Milan, Italy, September 8-10, 2008.
(Submissions due 10 January 2008) [posted here 9/27/07]
The conference seeks submissions from academia and industry presenting
novel research on all theoretical and practical aspects of computer security,
as well as case studies and implementation experiences. Papers should have
practical relevance to the construction, evaluation, application, or operation
of secure systems. Theoretical papers must make convincing argument for the
practical significance of the results.
Topics of interest include, but are not limited to:
- access control
- accounting and audit
- anonymity
- applied cryptography
- authentication
- computer forensics
- cryptographic protocols
- database security
- data protection
- data/system integrity
- digital rights management
- electronic frauds
- identity management
- information warfare
- intrusion detection
- key management
- law and ethics
- peer-to-peer security
- privacy-enhancing technology
- secure location services
- secure networking
- security education
- security management
- smartcards
- commercial and industry security
- data and application security
- inference/controlled disclosure
- risk analysis and risk management
- intellectual property protection
- security in IT outsourcing
- security for mobile code
- trust management
- trust models
For more information, please see
http://sec2008.dti.unimi.it.
IFIP-TM 2008
Joint iTrust and PST conferences on Privacy, Trust Management and Security,
Trondheim, Norway, June 18-20, 2008.
(Submissions due 11 January 2008) [posted here 10/15/07]
The mission of the IFIPTM 2008 conference is to share research solutions to
problems of Trust, Security and Privacy and to identify new issues and
directions for future research and development work. IFIPTM 2008 invites
research submissions on all topics related to Trust, Security and Privacy,
including but not limited to those listed below:
- Security and trust for composite applications
- Trust models, formalization, specification, analysis and reasoning
- Engineering of trustworthy and secure software
- The ethics, sociology and psychology of trust
- Security management and usability issues including security configuration
- Trust management frameworks for secure collaborations
- Language security
- Security and privacy for software as a service (SaaS)
- Security and trust for Web 2.0 mashups
- Legal issues related to the management of trust
- Semantically-aware security management
- Adaptive security policy management
- Security, trust and privacy for service oriented architectures
- Mobile security
- Anonymity and privacy vs. accountability
- Critical infrastructure protection, public safety and emergency management
- Intrusion detection systems and technologies
- Operating systems security
- Network security (anti-virus, anti-DoS-tools, firewalls etc.)
- Privacy and identity management in e-services
- Biometrics, national ID cards, identity theft
- Distributed trust and reputation management systems
- Human computer interaction and privacy, security & trust
- Applications of trust and reputation management in e-services
For more information, please see
http://www.ntnu.no/videre/konferanse/IFIPTM08/.
CSF 2008
21st IEEE Computer Security Foundations Symposium,
Pittsburgh, PA, USA, June 23-25, 2008.
(Submissions due 29 January 2008) [posted here 10/22/07]
The IEEE Computer Security Foundations (CSF) series brings together researchers in
computer science to examine foundational issues in computer security. Over the
past two decades, many seminal papers and techniques have been presented first at
CSF. The CiteSeer Impact page (http://citeseer.ist.psu.edu/impact.html ) lists CSF
as 38th out of more than 1200 computer science venues, top 3.11% in impact based
on citation frequency. New theoretical results in computer security are welcome.
Also welcome are more exploratory presentations, which may examine open questions
and raise fundamental concerns about existing theories. Panel proposals are sought
as well as papers. Possible topics include, but are not limited to:
- Access control
- Anonymity and Privacy
- Authentication
- Data and system integrity
- Database security
- Decidability and complexity
- Distributed systems security
- Electronic voting
- Executable content
- Formal methods for security
- Information flow
- Intrusion detection
- Language-based security
- Network security
- Resource usage control
- Security for mobile computing
- Security models
- Security protocols
- Trust and trust management
For more information, please see
http://www.cylab.cmu.edu/CSF2008/.
USENIX-Security 2008
17th USENIX Security Symposium,
San Jose, California, USA, July 28-August 1, 2008.
(Submissions due 30 January 2008) [posted here 10/1/07]
On behalf of the 17th USENIX Security Symposium (USENIX Security '08) program committee, we are inviting you to
submit high-quality papers in all areas relating to systems and network security.
Please note that the USENIX Security Symposium is primarily a systems security conference.
Papers whose contributions are primarily new cryptographic algorithms or protocols,
cryptanalysis, electronic commerce primitives, etc., may not be appropriate for this
conference. Refereed paper submissions are solicited in all areas relating to systems
and network security, including:
- Adaptive security and system management
- Analysis of network and security protocols
- Applications of cryptographic techniques
- Attacks against networks and machines
- Authentication and authorization of users, systems, and applications
- Automated tools for source code analysis
- Botnets
- Cryptographic implementation analysis and construction
- Denial-of-service attacks and countermeasures
- File and filesystem security
- Firewall technologies
- Forensics and diagnostics for security
- Intrusion and anomaly detection and prevention
- Malicious code analysis, anti-virus, anti-spyware
- Network infrastructure security
- Operating system security
- Privacy-preserving (and -compromising) systems
- Public key infrastructure
- Rights management and copyright protection
- Security architectures
- Security in heterogeneous and large-scale environments
- Security policy
- Self-protecting and healing systems
- Techniques for developing secure systems
- Technologies for trustworthy computing
- Usability and security
- Voting systems analysis and security
- Wireless and pervasive/ubiquitous computing security
- Web security
For more information, please see
http://www.usenix.org/sec08/cfpa/.
SOUPS 2008
Symposium On Usable Privacy and Security,
Carnegie Mellon University, Pittsburgh, PA, USA, July 23-25, 2008.
(Submissions due 29 February 2008) [posted here 10/15/07]
The 2008 Symposium on Usable Privacy and Security (SOUPS) will bring
together an interdisciplinary group of researchers and practitioners in
human computer interaction, security, and privacy. The program will feature
technical papers, a poster session, panels and invited talks, discussion
sessions, and in-depth sessions (workshops and tutorials).
We invite authors to submit original papers describing research or experience
in all areas of usable privacy and security. Topics include, but are not
limited to:
- innovative security or privacy functionality and design
- new applications of existing models or technology
- field studies of security or privacy technology
- usability evaluations of security or privacy features or security
testing of usability features
- lessons learned from deploying and using usable privacy
and security features
For more information, please see
http://cups.cs.cmu.edu/SOUPS/.
Pairing 2008
2nd International Conference on Pairing-based Cryptography,
Egham, UK, September 1-3, 2008.
(Submissions due 16 March 2008) [posted here 11/12/07]
Pairing-based cryptography is an extremely active area of research which
has allowed elegant solutions to a number of long-standing open problems
in cryptography (such as efficient identity-based encryption).
New developments continue to be made at a rapid pace. The aim of "Pairing"
conference is thus to bring together leading researchers and practitioners
from academia and industry, all concerned with problems related to
pairing-based cryptography. Authors are invited to submit papers describing
their original research on all aspects of pairing-based cryptography,
including, but not limited to the following topics:
Area I: Novel cryptographic protocols
- ID-based and certificateless cryptosystems
- Broadcast encryption, signcryption etc
- Short/multi/aggregate/group/ring/threshold/blind signatures
- Designed confirmer or undeniable signatures
- Identification/authentication schemes
- Key agreement
Area II: Mathematical foundations
- Weil, Tate, Eta, and Ate pairings
- Security consideration of pairings
- Other pairings and applications of pairings in mathematics
- Generation of pairing friendly curves
- (Hyper-) Elliptic curve cryptosystems
- Number theoretic algorithms
- Addition algorithms in divisor groups
Area III: SW/HW implementation
- Secure operating systems
- Efficient software implementation
- FPGA or ASIC implementation
- Smart card implementation
- RFID security
- Middleware security
- Side channel and fault attacks
Area IV: Applied security
- Novel security applications
- Secure ubiquitous computing
- Security management
- PKI models
- Application to network security
- Grid computing
- Internet and web security
- E-business or E-commerce security
For more information, please see
http://www.pairing-conference.org/.
Staying in touch....
Changing your email address? Please send updates to cipher@ieee-security.org
IEEE Computer Society's Technical Committee on Security and Privacy
| TC home page | TC Officers | |
| How to join the TC | TC publications available online | |
| TC Publications for sale | Cipher past issues archive | |
| IEEE Computer Society | Cipher Privacy Policy |