IEEE Cipher: Newsletter of the IEEE Computer Society Technical Committee on Security and Privacy, Issue 85 July 19, 2008

Cipher
Electronic Newsletter of the Technical Committe on
Security & Privacy
A Technical Committee of the Computer Society of the IEEE

Electronic Issue (EI) 85, July 19, 2008

Hilarie Orman, Editor	Book Reviews
Sven Dietrich, Associate Editor	Yong Guan, Calendar Editor

Letter from the Editor
Commentary and Opinion
- Richard Austin's review of Crimeware: Understanding New Attacks and Defenses by M. Jakobsson and Z. Ramzan
- Review of the Computer Security Foundations Symposium (CMU, Pittsburgh, Pennsylvania, USA, June 23-25, 2008) by Kumar Avijit
- NewsBits: Announcements and correspondence from readers (please contribute!)
- Book reviews from past Cipher issues
- Conference Reports and Commentary from past Cipher issues
- News items from past Cipher issues
The Technical Committee on Security and Privacy
Conference and Workshop Announcements
- Cipher calls-for-papers and calendar
- new calls or announcements added since Cipher E84 (the calls-for-papers and the calendar announcements may differ slightly in content or time of update):
  - IWDW 2008 7th International Workshop on Digital Watermarking, Busan, Korea, November 10-12, 2008. (Submissions due 15 July 2008)
    IWDW 2008 is the seventh of a series of international work-shops focusing on digital watermarking and relevant techniques. It will provide an excellent opportunity for researchers and practitioners to present as well as to keep abreast with the latest developments in watermarking technologies. IWDW 2008 aims to provide a high quality forum for dissemination of research results. Areas of interest include, but are not limited to:
    - Mathematical modeling of embedding and detection
    - Information theoretic, stochastic aspects of data hiding
    - Security issues, including attacks and counter-attacks
    - Combination of data hiding and cryptography
    - Optimum watermark detection and reliable recovery
    - Estimation of watermark capacity
    - Channel coding techniques for watermarking
    - Large-scale experimental tests and benchmarking
    - New statistical and perceptual models of content
    - Reversible data hiding
    - Data hiding in special media
    - Data hiding and authentication
    - Steganography and steganalysis
    - Data forensics
    - Copyright protection, DRM, and forensic watermarking
    - Visual cryptography
  - DSSC 2008 1st International Workshop on Dependable and Secure Services Computing, Held in conjunction with IEEE APSCC 2008, Yilan, Taiwan, December 9-12, 2008. (Submissions due 15 July 2008)
    Service-Oriented Computing (SOC) is an emerging paradigm that puts Technology, Business, and People altogether. Since SOC is reshaping the modern business model and services industry, security and dependability are becoming crucial issues. The prime goal of DSSC lies in associating Services Computing with higher level of dependability and security. More specifically, we aim to provide a platform for researchers in the dependability and security communities to interact with researchers in the SOC community, so that efficacious cross pollination of ideas could occur between these areas. We encourage submissions from both industry and academia. The topics of interest of ISC include, but are not limited to, the following:
    System and Service Dependability
    - Architectural and Operating System Support for Services Computing
    - Self-Reconfiguration Systems for Services Computing
    - Architectural and System-Level Synthesis
    - System Dependability Modeling and Prediction
    - Scalable Techniques for Providing High Availability and Reliability
    - Verification and Validation Methodology for Services Computing
    - Time-Critical Services
    - Safety-Critical Services
    - Resource Management for Services Computing
    - Automated Failure Management
    - Middleware for Services Computing
    Security Issues and Concerns
    - Service Authentication
    - Service Authorization
    - Privacy And Anonymity in Services Computing
    - Intrusion Detection in Services Computing
    - Specification And Querying of Security Constraints
    - Cryptographic Protocols for Services Computing
    - Role Based Access Control for Services Computing
    - Identity Assertion and Service Auditing
    - Services and XML Based Security Standards
    - Access Control for Services Computing
    - Formal Methods for Security Deployment
    - Secure Service Deployment
    - Credential and Role Mapping for Services Computing
    Quality of Service
    - Performance Analysis, Evaluation, and Prediction
    - Benchmarking of Management Technologies
    - Service Auditing
    - Service Resource Provisioning
    - QoS Negotiation and Cost of Services (CoS)
    - Empirical Studies and Benchmarking of QoS
    - Autonomic Management of Service Levels
    - Monitoring for (Composed) Services
    - Return on Investment (ROI) Analysis
    - Validation of Service and Quality Claims
    - SLA and Policy Specification and Enactment
    - QoS-Aware Selection Model for Semantic Web Services
    - Real-Time Supply Chain Integration Applications of Dependable and Secure Services
    - E-Commerce Dependability
    - Firewall Technologies
    - Open/Dynamic Grid Service Architectures
    - Grid Service Deployment and Service Registries
    - Grid Computing and Services On-Demand
    - Peer-to-Peer Virtual Repository
    - Mobile, Ad-Hoc, and Peer-To-Peer Services
    - Secure Web Services
  - SKM 2008 Workshop on Secure Knowledge Management, Richardson, Texas, USA, November 3-4, 2008. (Submissions due 18 July 2008)
    Knowledge management is the methodology for systematically gathering, organizing, and disseminating information. It essentially consists of processes and tools to effectively capture and share data as well as use the knowledge of individuals within an organization. Knowledge Management Systems (KMS) promote sharing information among employees and should contain security features to prevent any unauthorized access. Security is becoming a major issue revolving around KMS. Security methods may include authentication or passwords, cryptography programs, intrusion detection systems or access control systems. Issues include insider threat (protecting from malicious insiders), infrastructure protection (securing against subversion attacks) and establishing correct policies and refinement and enforcement. Furthermore KMS content is much more sensitive than raw data stored in databases and issues of privacy also become important. Since the attacks in 2001, many organizations, especially the US government, have increased their concern about KMS. With the advent of intranets and web-access, it is even more crucial to protect corporate knowledge as numerous individuals now have access to the assets of a corporation. Therefore, we need effective mechanisms for securing data, information, and knowledge as well as the applications. The proposed workshop in Secure Knowledge Management will help in raising the awareness of academics and practitioners in this critical area of research and develop important questions that need to be tackled by the research community. Topics of interest include, and are not limited to:
    - Secure Languages (Secure Knowledge Query Manipulation Language, Security Assertion Markup Language, B2B Circles of Trust)
    - Return of Investment on Secure Knowledge Systems
    - Digital Rights Management (Digital Policy Management)
    - Secure Content Management (Secure Content Management in Authorized Domains, Secure Content Delivery, Content Trust Index)
    - Knowledge Management for National Security (Securing and Sharing What We Know: Privacy, Trust and Knowledge Management, Identity Security Guarantee, Building Trust and Security in the B2B Marketplace)
    - Security and Privacy in Knowledge Management
    - Wireless security in the context of Knowledge Management
  - ICISS 2008 4th International Conference on Information Systems Security, Hyderabad, India, December 16-20, 2008. (Submissions due 19 July 2008)
    The ICISS 2008 encourages submissions from academia, industry and government addressing theoretical and practical problems in information and systems security and related areas. Topics of interest include but are not limited to:
    - Application Security
    - Authentication and Access Control
    - Biometric Security
    - Data Security
    - Digital Forensics and Diagnostics
    - Digital Rights Management
    - Distributed System Security
    - Formal Methods in Security
    - Intrusion Detection, Prevention and Response
    - Intrusion Tolerance and Recovery
    - Key Management and Cryptographic Protocols
    - Language-based Security
    - Malware Analysis and Mitigation
    - Network Security
    - Operating System Security
    - Privacy and Anonymity
    - Security in P2P, Sensor and Ad Hoc Networks
    - Software Security
    - Vulnerability Detection and Mitigation
    - Web Security
  - NordSec 2008 13th Nordic Workshop on Secure IT Systems, Copenhagen, Denmark, October 9-10, 2008. (Submissions due 23 July 2008)
    The NordSec workshops are focused on applied computer security and are intended to encourage interchange and cooperation between research and industry. NordSec 2008 is organized by the Technical University of Denmark. NordSec 2008 has a special focus on "Security for the Citizens"; papers and extended abstracts on this topic are especially welcome. Topics include, but are not limited to, the following areas of computer security:
    - Applied Cryptography
    - Commercial Security Policies and Enforcement
    - Communication and Network Security
    - Computer Crime and Information Warfare
    - Hardware and Smart Card Applications
    - Internet and Web Security
    - Intrusion Detection
    - Language-based Techniques for Security
    - New Ideas and Paradigms in Security
    - Operating System Security
    - PKI Systems and Key Escrow
    - Privacy and Anonymity
    - Security Education and Training
    - Security Evaluations and Measurements
    - Security Management and Audit
    - Security Models
    - Security Protocols
    - Social-Engineering and Phishing
    - Software Security, Attacks, and Defenses
    - Trust and Trust Management
  - IEEE Network Magazine, Special Issue on Recent Developments in Network Intrusion Detection, 1st quarter of 2009. (Submission Due 1 August 2008)
    Guest editors: Thomas M. Chen (Swansea University, UK), Judy Fu (Motorola Labs, USA), Liwen He (BT Group, Chief Technology Office, UK), and Tim Strayer (BBN Technologies, USA)
    Internet-connected computers are constantly exposed to a variety of possible attacks through exploits, social engineering, password cracking, and malicious software. Networks allow intruders to reach a large number of potential targets quickly and remotely with relatively low risk of traceability. Public attention on cyber attacks has grown with post-9/11 concerns over vulnerabilities of critical infrastructures and new regulations increasing accountability of organizations for loss of private data. Concerns have also been heightened by the prevalence of hidden spyware and bots among PC users.
    Existing network-based intrusion detection methods depend on monitoring traffic and detecting evidence of attacks through known signatures or anomalous traffic behavior. However, intruders are continually changing their techniques to try new attack vectors and new ways to evade defenses. Network intrusion detection is challenged to adapt with new capabilities to recognize and respond to current attack methods.
    The goal of this special issue of IEEE Network is to share new research developments in network intrusion detection. Papers should add to current understanding of new attack vectors, advances in packet collection and analysis, and state-of-the-art techniques for recognizing, tracing, and responding to attacks. Papers should contain substantial tutorial content and be understandable to a broad general audience, not only security experts. Topics of interest include:
    - novel attacks and exploits
    - novel methods for traffic data collection and anomaly detection
    - network forensic techniques and best practices
    - intrusion prevention systems
    - deep packet inspection and classification at very high speeds/throughputs
    - event correlation
    - attack traceback and router support
    - automatic signature generation
    - detection of low intensity stealthy intrusions
  - MidSec 2008 1st International Workshop on Middleware Security, Held in conjunction with the 9th ACM International Middleware Conference (MIDDLEWARE 2008), Leuven, Belgium, December 2, 2008. (Submissions due 1 August 2008)
    Modern applications are more and more predominantly built around distributed programming paradigms. Event-based systems, mobile agent frameworks, peer-to-peer networks, grid computing, and Web service applications are examples of architectures that are used by a large share of the present software base. These paradigms expose applications to new, ever-growing security threats. For this reason, middleware platforms have always been mindful about offering out-of-the-box security services like communication encryption, user authentication, and access control. Such features are now considered commodities in many middleware platforms, e.g., CORBA, Java EE, and .NET. However, focused research is still necessary to address advanced areas of security. Examples are identity management, privacy and anonymity, accountability, application protection, and so on. The goal of this workshop is to provide a venue for the security and the middleware communities to collaborate and create new momentum for the topic area. Original submissions are welcome from both academic and industry experts. The topics of interest include, but are not limited to:
    - Middleware security: middleware software is an asset on its own and has to be protected.
    - Security co-design: trade-off and co-design between application-based and middleware-based security.
    - Context-sensitive security middleware: advanced security services and features offered by the middleware layer to pervasive and situated systems.
    - Policy-based management: innovative support for policy-based definition and enforcement of security concerns.
    - Security features: interaction between security-specific and other middleware features, e.g., context-awareness.
    - Advanced identification and authentication mechanisms: e.g., means to capture application-specific constraints in defining and enforcing access control rules.
    - Availability: protection of availability of middleware services.
    - Security in agent-based platforms: protection for mobile code and platforms.
    - Security in aspect-based middleware: mechanisms for isolating and enforcing security aspects.
    - Middleware-oriented security patterns: identification of patterns for sound, reusable security.
    - Middleware-level security monitoring and measurement: metrics and mechanisms for quantification and evaluation of security enforced by the middleware.
  - SAC-TREK 2009 24th ACM Symposium on Applied Computing (SAC 2009), Trust, Reputation, Evidence and other Collaboration Know-how (TRECK) Track, Honolulu, Hawaii, USA, March 8-12, 2009. (Submissions due 16 August 2008)
    The goal of the ACM SAC 2009 TRECK track remains to review the set of applications that benefit from the use of computational trust and online reputation. Computational trust has been used in reputation systems, risk management, collaborative filtering, social/business networking services, dynamic coalitions, virtual organisations and even combined with trusted computing hardware modules. The TRECK track covers all computational trust/reputation applications, especially those used in real-world applications. The topics of interest include, but are not limited to:
    - Recommender and reputation systems
    - Trust management, reputation management and identity management
    - Pervasive computational trust and use of context-awareness
    - Mobile trust, context-aware trust
    - Web 2.0 reputation and trust
    - Trust-based collaborative applications
    - Automated collaboration and trust negotiation
    - Trade-off between privacy and trust
    - Trust/risk-based security frameworks
    - Combined computational trust and trusted computing
    - Tangible guarantees given by formal models of trust and risk
    - Trust metrics assessment and threat analysis
    - Trust in peer-to-peer and open source systems
    - Technical trust evaluation and certification
    - Impacts of social networks on computational trust
    - Evidence gathering and management
    - Real-world applications, running prototypes and advanced simulations
    - Applicability in large-scale, open and decentralised environments
    - Legal and economic aspects related to the use of trust and reputation engines
    - User-studies and user interfaces of computational trust and online reputation applications
  - SAC-SEC 2009 24th ACM Symposium on Applied Computing (SAC 2009), Computer Security Track, Honolulu, Hawaii, USA, March 8-12, 2009. (Submissions due 16 August 2008)
    Security is nowadays mandatory. However, it remains a tricky process including a variety of properties. The eigth edition of the Security Track strengthens its aims at bringing together researchers in any applied issues of computer and information security. The list of issues is vast, ranging from protocols to work-flows. Topics of interest include but are not limited to:
    - software security (protocols, operating systems, etc.)
    - hardware security (smartcards, biometric technologies, etc.)
    - mobile security (properties for/from mobile agents, etc.)
    - network security (anti-virus, anti-hacker, anti-DoS tools, firewalls, real-time monitoring, etc.)
    - alternatives to cryptography (steganography, etc.)
    - security-specific software development practices (vulnerability testing, fault-injection resilience, etc.)
    - privacy and anonimity (trust management, pseudonimity, identity management, etc.)
    - safety and dependability issues (reliability, survivability, etc.)
    - cyberlaw and cybercrime (copyrights, trademarks, defamation, intellectual property, etc.)
    - security management and usability issues (security configuration, policy management, usability trials etc.)
    - workflow and service security (business processes, web services, etc.)
  - Inscrypt 2008 4th International Conferences on Information Security and Cryptology, Beijing, China, December 14-17, 2008. (Submissions due 20 August 2008)
    Authors are invited to submit full papers presenting new research results related to cryptology, information security and their applications. All submissions must describe original research that is not published or currently under review by another conference or journal. Areas of interest include, but are not limited to:
    - Access Control
    - Authentication and Authorization
    - Biometric Security
    - Distributed System Security
    - Database Security
    - Electronic Commerce Security
    - Intrusion Detection
    - Information Hiding and Watermarking
    - Key Management and Key Recovery
    - Network Security
    - Security Protocols and Their Analysis
    - Security Modeling and Architectures
    - Provable Security
    - Secure Multiparty Computation
    - Foundations of Cryptography
    - Secret Key and Public Key Cryptosystems
    - Implementation of Cryptosystems
    - Hash Functions and MACs
    - Block Cipher Modes of Operation
    - Intellectual Property Protection
    - Mobile System Security
    - Operating System Security
    - Risk Evaluation and Security Certification
    - Prevention and Detection of Malicious Codes
  - ICIT 2009 IEEE International Conference on Industrial Technology (ICIT 2009), Special Session on Wireless Bluetooth Technologies and Cyber Security, Churchill, Victoria, Australia, February 10-13, 2009. (Submissions due 25 August 2008)
    Nowadays communication, entertainment, transportation, shopping and medicine have more and more relied on computers and the Internet. The widespread use of wireless computing, mobile devices and networks has raised security concerns. Cyber security aims at protection against unauthorized disclosure, transfer, modification, or destruction, whether accidental or intentional. We invite researchers, practitioners and others interested in wireless Bluetooth technologies and cyber security to submit original research paper or technical report to this Special Session on Wireless Bluetooth Technologies and Cyber Security conjunction with IEEE ICIT 2008. Topics are list as follows but are not limited to:
    - Bluetooth Enterprise Systems
    - Cellular Systems
    - Digital Pens
    - Multimedia communications over Wireless
    - Location Management
    - Wireless Networks Standards and Protocols
    - RFID Systems
    - Protocols for Mobile Networks
    - Security, Privacy and Authentication in Mobile Environments
    - Wireless Sensor Networks
    - Key Management in Wireless Networks
    - Key Distribution in Wireless Sensor Networks
    - Cross-layer Design and Optimization
    - Ad-hoc Wireless Networks
    - Mobile Internet
    - Bluetooth Internet
    - Ubiquitous Networks
    - Smart Sensors and Sensor Networks
    - Bluetooth Home Networks
    - 3G and 4G Wireless Networks
  - ICIW 2009 4th International Conference on Information Warfare and Security, Breakwater Lodge, Cape Town, South Africa, March 26-27, 2009. (Submissions due 4 September 2008)
    Information warfare and security are at the forefront of modern defence strategies. Strong strands of research and interest are developing in the area, including the understanding of threats and risks to information systems, the development of a strong security culture, as well as incident detection and post incident investigation. The International Conference on Information Warfare and Security (ICIW) offers an opportunity for academics, practitioners and consultants from the US, North America and elsewhere who are involved in the study, management, development and implementation of systems and concepts related to information warfare or are interested in ways to improve information systems security, to come together and exchange ideas. This conference is continuing to establish itself as a key event for individuals working in the field from around the world.
  - ESSoS 2009 International Symposium on Engineering Secure Software and Systems, Leuven, Belgium, February 4-6, 2009. (Submissions due 8 September 2008)
    The goal of this symposium is to bring together researchers and practitioners to advance the states of the art and practice in secure software engineering. Being one of the few conference-level events dedicated to this topic, it explicitly aims to bridge the software engineering and security engineering communities, and promote cross-fertilization. The technical program includes an experience track for which the submission of highly informative case studies describing (un)successful secure software project experiences and lessons learned is explicitly encouraged. The Symposium seeks submissions on subjects related to its goals. This includes a diversity of topics including (but not limited to):
    - scalable techniques for threat modeling and analysis of vulnerabilities
    - specification and management of security requirements and policies
    - security architecture and design for software and systems
    - model checking for security
    - specification formalisms for security artifacts
    - verification techniques for security properties
    - systematic support for security best practices
    - security testing
    - security assurance cases
    - programming paradigms, models and DLS's for security
    - program rewriting techniques
    - processes for the development of secure software and systems
    - security-oriented software reconfiguration and evolution
    - security measurement
    - automated development
    - trade-off between security and other non-functional requirements
    - support for assurance, certification and accreditation
  - NDSS 2009 16th Annual Network and Distributed System Security Symposium, San Diego, California USA, February 8-11, 2009. (Submissions due 12 September 2008)
    NDSS fosters information exchange among research scientists and practitioners of network and distributed system security services. The target audience includes those interested in practical aspects of network and distributed system security, with a focus on actual system design and implementation (rather than theory). A major goal is to encourage and enable the Internet community to apply, deploy, and advance the state of available security technology. The proceedings are published by the Internet Society. Submissions are solicited in, but not limited to, the following areas:
    - Security of Web-based applications and services.
    - Anti-malware techniques: detection, analysis, prevention.
    - Intrusion prevention, detection, and response.
    - Security for electronic voting.
    - Combating cyber-crime: anti-phishing, anti-spam, anti-fraud techniques.
    - Privacy and anonymity technologies.
    - Network perimeter controls: firewalls, packet filters, application gateways.
    - Security for emerging technologies: sensor networks, wireless/mobile (and ad hoc) networks, personal communication systems.
    - Security for peer-to-peer and overlay network systems.
    - Security for electronic commerce: e.g., payment, barter, EDI, notarization, timestamping, endorsement, and licensing.
    - Implementation, deployment and management of network security policies.
    - Intellectual property protection: protocols, implementations, metering, watermarking, digital rights management.
    - Integrating security services with system and application security facilities and protocols.
    - Public key infrastructures, key management, certification, and revocation.
    - Special problems and case studies: e.g., tradeoffs between security and efficiency, usability, reliability and cost.
    - Security for collaborative applications: teleconferencing and video-conferencing.
    - Software hardening: e.g., detecting and defending against software bugs (overflows, etc.)
    - Security for large-scale systems and critical infrastructures.
    - Integrating security in Internet protocols: routing, naming, network management.
  - Wiley's Security and Communication Networks Journal, Special Issue on Security in Mobile Wireless Networks, 4th quarter of 2009. (Submission Due 30 September 2008)
    Guest editors: Abderrahim Benslimane (University of Avignon, France), Chadi Assi (Concordia University, Montreal, Canada), Stamatios V. Kartalopoulos (University of Oklahoma, USA), and Fred Nen-Fu Huang (National Tsing Hua University, Taiwan)
    Security has become a primary concern in order to provide protected communication in mobile networks. Unlike the wired networks, the unique characteristics of mobile networks pose a number of nontrivial challenges to security design, such as open peer-to-peer network architecture, shared wireless medium, stringent resource constraints, highly dynamic network topology and absence of a trusted infrastructure. Ubiquitous roaming impacts on a radio access system by requiring that it supports handover between neighbouring cells and different networks. Also, mobile networks are more exposed to interferences than wired networks. There are several components that contribute to this: adjacent channels, co-channels, Doppler shifts, multipath, and fading. This SI aims to identify and explore the different issues and challenges related to security aspects in mobile networks. What are the impacts (benefits or inconvenience) of mobility on security? What are the appropriate mobility models to have a good level of security? Are Classical IDS approaches appropriate for mobile environments? How can be managed security when Mobility pattern and/or behaviour prediction? The complete security solution should span both layers, and encompass all three security components of prevention, detection, and reaction. Topics of interest include, but are not limited to, the following as they relate to mobile networks:
    - Secure mobile PHY/MAC protocols
    - Secure mobile routing protocols
    - Security under resource constraints (e.g., energy, bandwidth, memory, and computation constraints)
    - Performance and security tradeoffs in mobile networks
    - Secure roaming across administrative domains
    - Key management in mobile scenarios
    - Cryptographic Protocols
    - Authentication and access control in mobile networks
    - Intrusion detection and tolerance in mobile network
    - Trust establishment, negotiation, and management
    - Secure mobile location services
    - Secure clock distribution
    - Privacy and anonymity
    - Denial of service in mobile networks
    - Prevention of traffic analysis
  - EURASIP Journal on Wireless Communications and Networking, Special Issue on Wireless Physical Layer Security, April 1, 2009. (Submission Due 1 October 2008)
    Guest editors: Mérouane Debbah (Supélec, France), Hesham El-Gamal (Ohio State University, USA), H. Vincent Poor (Princeton University, USA), and Shlomo Shamai (Technion, Israel)
    Security is a critical issue in multiuser wireless networks in which secure transmissions are becoming increasingly difficult to obtain in highly mobile and distributed environments. In his seminal works of the late 1940s, Shannon formalized the concepts of capacity (as a transmission efficiency measure) and equivocation (as a measure of secrecy). Together with Wyner's fundamental formulation of the wiretap channel in the 1970s, this work laid the groundwork for the area of wireless physical area security. Interest in this area has exploded in recent years, motivated by the rise of wireless networking in general and by the increasing interest in large mobile networks with light infrastructure, which are extremely difficult to secure by traditional methods.
    The objective of this special issue (whose preparation is carried out under the auspices of the EC Network of Excellence in Wireless Communications NEWCOM++) is to gather recent advances in the area of wireless physical layer security from the theoretical, such as the analysis of the secrecy capacity of various channel models, to more practical interests such as the development of codes and other communication schemes that can provide security in real networks. Suitable topics for this special issue dedicated to physical layer security include but are not limited to:
    - Opportunistic secrecy
    - The wiretap channel with feedback
    - Authentication over the wiretap channel
    - Information theoretic secrecy of fading channels
    - Secrecy through public discussion
    - Wireless key distribution
    - Multiuser channels with secrecy constraints
    - MIMO wiretap channels
    - Relay-eavesdropper channel
    - Scheduling for secure communications
    - Secure communication with jamming
    - Game theoretic approaches for secrecy
    - Codes for secure transmission
    - Secure compression
    - Cognitive approaches for secrecy
    - Physical Secrecy and Common Randomness
    - Secrecy with channel uncertainty
  - IFIP-DF 2009 5th Annual IFIP WG 11.9 International Conference on Digital Forensics, Orlando, Florida, USA, January 25-28, 2009. (Submissions due 15 October 2008)
    The IFIP Working Group 11.9 on Digital Forensics (www.ifip119.org) is an active international community of scientists, engineers and practitioners dedicated to advancing the state of the art of research and practice in the emerging field of digital forensics. The Fifth Annual IFIP WG 11.9 International Conference on Digital Forensics will provide a forum for presenting original, unpublished research results and innovative ideas related to the extraction, analysis and preservation of all forms of electronic evidence. Keynote presentations, revised papers and details of panel discussions will be published as an edited volume - the fifth in the series entitled Research Advances in Digital Forensics (Springer) in the summer of 2009. Technical papers are solicited in all areas related to the theory and practice of digital forensics. Areas of special interest include, but are not limited to:
    - Theories, techniques and tools for extracting, analyzing and preserving digital evidence
    - Network forensics
    - Portable electronic device forensics
    - Digital forensic processes and workflow models
    - Digital forensic case studies
    - Legal, ethical and policy issues related to digital forensics
  - FC 2009 13th International Conference on Financial Cryptography and Data Security, Accra Beach, Barbados, February 23-26, 2009. (Submissions due 17 October 2008)
    At its 13th year edition, Financial Cryptography and Data Security (FC'09) is a well established and major international forum for research, advanced development, education, exploration, and debate regarding security in the context of finance and commerce. Original papers, surveys and presentations on all aspects of financial and commerce security are invited. Submissions must have a strong and visible bearing on financial and commerce security issues, but can be interdisciplinary in nature and need not be exclusively concerned with cryptography or security. Possible topics for submission to the various sessions include, but are not limited to:
    - Anonymity and Privacy
    - Auctions and Audits
    - Authentication and Identification
    - Biometrics
    - Certification and Authorization
    - Commercial Cryptographic Applications
    - Digital Cash and Payment Systems
    - Digital Incentive and Loyalty Systems
    - Digital Rights Management
    - Economics of Information Security
    - Financial Regulation and Reporting
    - Fraud Detection
    - Game Theoretic Approaches to Security
    - Identity Theft, Spam, Phishing and Social Engineering
    - Infrastructure Design
    - Legal and Regulatory Issues
    - Microfinance and Micropayments
    - Monitoring, Management and Operations
    - Reputation Systems
    - RFID-Based and Contactless Payment Systems
    - Risk Assessment and Management
    - Secure Banking and Financial Web Services
    - Securing Emerging Computational Paradigms
    - Security and Risk Perceptions and Judgments
    - Smart Cards and Secure Tokens
    - Transactions and Contracts
    - Trust Management
    - Underground-Market Economics
    - Virtual Economies
    - Voting Systems
Listing of academic positions available by Cynthia Irvine
(Nothing new since May and Cipher E84)
Staying in touch....

IEEE Computer Society's Technical Committee on Security and Privacy

	TC home page	TC Officers
	How to join the TC	TC publications available online
	TC Publications for sale	Cipher past issues archive
	IEEE Computer Society	Cipher Privacy Policy

Contents: