Cipher Electronic Newsletter of the Technical Committe on    Security & Privacy A Technical Committee of the Computer Society of the IEEE  Electronic Issue (EI) 87,  November 17, 2008 Hilarie Orman,  Editor Book Reviews Sven Dietrich, Associate Editor Yong Guan, Calendar Editor

Contents:

• Letter from the Editor 
   

• Commentary, Opinion, News

  • Richard Austin's review of Fuzzing for Security Testing and Quality Assurance by Ari Takanen, Jared D. Demott and Charles Miller

  • NewsBits:  Announcements and correspondence from readers (please contribute!)

    • Essay Contest announced by Lawrence Gordon, University of Maryland.
    • NIST Recommendations for Key Derivation request for comments
    • NIST Revisions for Digital Signature Standard request for comments

  • Book reviews from past Cipher issues

  • Conference Reports and Commentary from past Cipher issues

  • News items from past Cipher issues

 

• Conference and Workshop Announcements

  • Cipher calls-for-papers and calendar
    

  • 11/18/08-11/20/08: Symposium on Trusted Computing (TrustCom), Zhang Jia Jie, China; info: csgjwang AT gmail.com
  • 11/20/08: Security Practice and Experience Conference, (ISPEC), Xian, China; Submissions are due;
  • 11/22/08: Applications of Logic in Computer Security (ALICS), Doha, Qatar;
  • 11/22/08: Symposium on Identity and Trust on the Internet (IDtrust), Gaithersburg, MD; Submissions are due;
  • 11/25/08-11/27/08: Workshop on Security (IWSEC), Kagawa, Japan;
  • 11/30/08-12/ 4/08: IEEE Computer and Communications Network Security Symposium (Globecom), New Orleans, LA; info: abderrahim.benslimane@univ-avignon.fr;
  • 11/30/08: Service, Security and its Data management technologiesin Ubi-comp (SSDU) Geneva, Switzerland; ; Submissions are due; info: robertchh@gmail.com;
  • 12/ 9/08-12/12/08: Workshop on Dependable and Secure Services Computing (DSSC), Yilan, Taiwan;
  • 12/ 8/08-12/12/08: Annual Computer Security Applications Conference (ACSAC), Anaheim, CA;
  • 12/14/08-12/17/08: Information Security and Cryptology (Inscrypt), Beijing China;
  • 12/15/08: Mobile and Wireless Networks Security (MWNS), Aachen, Germany; Submissions are due; info: MWNS2009@gmail.com;
  • 12/16/08-12/20/08: Information Systems Security (ICISS), Hyderabad, India;
  • 1/09/09: Automated Reasoning for Security Protocol Analysis and Issues in the Theory of Security (ARSPA-WITS), York, UK; Submissions are due;
  • 1/12/09: Applied Cryptography and Network Security (ACNS), Paris, France; Submissions are due;
  • 1/15/09: IEEE Security and Privacy Magazine, Issue on Securing the Domain Name System (SI-SPMag-DNS), Magazine site; submissions are due
  • 2/ 1/09: Information Hiding (IH), Darmstadt, Germany; Submissions are due;
  • 2/ 2/09: Information Security and Privacy (ISP) Orlando, FL; Submissions are due; (NP);
  • 2/ 4/09: USENIX-SECURITY, 18th USENIX Security Symposium, Montreal, Canada, submissions are due
  • 2/ 6/09: Computer Security Foundations Symposium (CSF), Port Jefferson, NY; Submissions are due;
  • 2/ 8/09- 2/11/09: Network and Distributed System Security Symposium (NDSS), San Diego, CA;
  • 2/15/09: IEEE Transactions on Information Forensics and Security: Special Issue (SI-IEEE-TransIFS-Voting)
  • 2/23/09- 2/26/09: Financial Cryptography and Data Security (FC), Barbados;
  • 3/ 1/09: IEEE Transactions on Instrumentation and Measurement, Special Issue on Biometric Instrumentation and Measurement (SI-IEEE-TIM-Biometrics); Submissions are due; info: fabio.scotti@unimi.it
  • 3/02/09: Policies for Distributed Systems and Networks (POLICY), Imperial College, London, UK; Submissions are due;
  • 3/16/09- 3/19/09: Availability, Reliability and Security (ARES), Fukuoka, Japan;
  • 3/16/09- 3/19/09: Secure Software Engineering (SecSE), Fukuoka, Japan;
  • 3/18/09- 3/20/09: Practice and Theory in Public Key Cryptography (PKC), Irvine, CA;
  • 3/26/09- 3/27/09: Information Warfare and Security (ICIW), Cape Town, South Africa; ; BP
  • 3/28/09- 3/29/09: Automated Reasoning for Security Protocol Analysis and Issues in the Theory of Security (ARSPA-WITS), York, UK;
  • 4/13/09- 4/15/09: Security Practice and Experience Conference, (ISPEC), Xian, China;
  • 4/14/09- 4/16/09: Symposium on Identity and Trust on the Internet (IDtrust), Gaithersburg, MD;
  • 5/ 4/09- 5/ 8/09: Service, Security and its Data management technologiesin Ubi-comp (SSDU), Geneva, Switzerland; info: robertchh@gmail.com;
  • 5/15/09: Mobile and Wireless Networks Security (MWNS), Aachen, Germany; info: MWNS2009@gmail.com;
  • 5/17/09- 5/20/09: Symposium on Security and Privacy (IEEE S&P), Berkeley California; info: oakland09-pcchairs@cs.virginia.edu.;
  • 6/ 2/09- 6/ 5/09: Applied Cryptography and Network Security (ACNS), Paris, France;
  • 6/ 7/09- 6/10/09: Information Hiding (IH), Darmstadt, Germany;
  • 7/ 8/09- 7/10/09: Computer Security Foundations Symposium (CSF), Port Jefferson, NY;
  • 7/13/09- 7/16/09: Information Security and Privacy (ISP), Orlando, FL; (NP)
  • 7/20/09- 7/22/09: Policies for Distributed Systems and Networks (POLICY), Imperial College, London, UK;
  • 8/12/09- 8/14/09: USENIX-SECURITY 18th USENIX Security Symposium, Montreal, Canada,
  • 5/16/10- 5/19/10: Security and Privacy, Berkeley/Oakland, CA
  • 5/22/11- 5/25/11: Security and Privacy, Berkeley/Oakland, CA
  •   new calls or announcements added since Cipher E86 (the calls-for-papers and the calendar announcements may differ slightly in content or time of update): 

    • IDtrust 2009 8th Symposium on Identity and Trust on the Internet, Gaithersburg, Maryalnd, USA, April 14-16, 2009. (Submissions due 17 November 2008)

      IDtrust is devoted to research and deployment experience related to making good security decisions based on identity information, especially when public key cryptography is used and the human elements of usability are considered. The success of any business strategy depends on having the right people gain access to the right information at the right time. This implies that an IT infrastructure has - among other things - an authorization framework in place that can respond to dynamic security conditions and regulatory requirements quickly, flexibly and securely. What are the authorization strategies that will succeed in the next decade? What technologies exist to address complex requirements today? What research is academia and industry pursuing to solve the problems likely to show up in the next few years? We solicit technical papers and panel proposals from researchers, systems architects, vendor engineers, and users. Suggested topics include but are not limited to:

      • Reports of real-world experience with the use and deployment of identity and trust applications for broad use on the Internet (where the population of users is diverse) and within enterprises who use the Internet (where the population of users may be more limited), how best to integrate such usage into legacy systems, and future research directions. Reports may include use cases, business case scenarios, requirements, best practices, implementation and interoperability reports, usage experience, etc.
      • Identity management protocols (SAML, Liberty, CardSpace, OpenID, and PKI-related protocols)
      • Identity metasystems, frameworks, and systems (Shibboleth, Higgins, etc.)
      • User-centric identity, delegation, reputation
      • Identity and Web 2.0, secure mash-ups, social networking, trust fabric and mechanisms of “invited networks”
      • Identity management of devices from RFID tags to cell phones; Host Identity Protocol (HIP)
      • Federated approaches to trust
      • Trust management across security domains
      • Standards related to identity and trust, including X.509, SPKI/SDSI, PGP, S/MIME, XKMS, XACML, XRML, and XML signatures
      • Intersection of policy-based systems, identity, and trust; identity and trust policy enforcement, policy and attribute mapping and standardization
      • Attribute management, attribute-based access control
      • Trust path building and certificate validation in open and closed environments
      • Improved usability of identity and trust systems for users and administrators, including usability design for authorization and policy management, naming, signing, verification, encryption, use of multiple private keys, and selective disclosure
      • Identity and privacy
      • Levels of trust and assurance
      • Trust infrastructure issues of scalability, performance, adoption, discovery, and interoperability
      • Use of PKI in emerging technologies (e.g., sensor networks)
      • Application domain requirements: web services, grid technologies, document signatures, (including signature validity over time), data privacy, etc.

    • ISPEC 2009 5th Information Security Practice and Experience Conference, Xi'an, China, April 13-15, 2009. (Submissions due 20 November 2008)

      As applications of information security technologies become pervasive, issues pertaining to their deployment and operation are becoming increasingly important. ISPEC is an annual conference that brings together researchers and practitioners to provide a confluence of new information security technologies, their applications and their integration with IT systems in various vertical sectors. Topics of interest include, but are not limited to:

      • Applications of cryptography
      • Critical infrastructure protection
      • Digital rights management
      • Information security in vertical applications
      • Legal and regulatory issues
      • Network security
      • Privacy and anonymity
      • Privacy issues in the use of smart cards and RFID systems
      • Risk evaluation and security certification
      • Resilience and availability
      • Secure system architectures
      • Security in e-commerce and e-business and other applications
      • Security policy
      • Security standards activities
      • Trusted Computing
      • Trust model and management
      • Usability aspects of information security systems

    • SSN 2009 5th International Workshop on Security in Systems and Networks, Held in conjunction with the International Parallel and Distributed Processing Symposium (IPDPS 2009), Rome, Italy, May 29, 2009. (Submissions due 28 November 2008)

      This workshop aims to bring together the technologies and researchers who share interest in the area of network and distributed system security. The main purpose is to promote discussions of research and relevant activities in security-related subjects. It also aims at increasing the synergy between academic and industry professionals working in this area. The workshop seeks papers that address theoretical, experimental, and work in-progress in the area of cybersecurity at the system and network levels. Topics covered by the workshop will include, but are not limited to, the following:

      • Ad hoc and sensor network security
      • Cryptographic algorithms and distributed digital signatures
      • Distributed denial of service attacks
      • Distributed intrusion detection and protection systems
      • Firewall and distributed access control
      • Grid computing security
      • Key management
      • Network security issues and protocols
      • Mobile codes security and Internet Worms
      • Security in e-commerce
      • Security in peer-to-peer and overlay networks
      • Security in mobile and pervasive computing
      • Security architectures in distributed and parallel systems
      • Security theory and tools in distributed and parallel systems
      • Video surveillance and monitoring systems
      • Information hiding and multimedia watermarking in distributed systems
      • Web content secrecy and integrity

    • SSDU 2009 3rd International Symposium on Service, Security and its Data management technologies in Ubi-comp, Geneva, Switzerland, May 4-8, 2009. (Submissions due 30 November 2008)

      Ubiquitous Computing (Ubi-comp) is emerging rapidly as an exciting new paradigm with user-centric environment to provide computing and communication services at any time and anywhere. In order to realize their advantages, it requires integrating security, services and data management to be suitable for Ubi-com. However, there are still many problems and major challenges awaiting for us to solve such as the security risks in ubiquitous resource sharing, which could be occurred when data resources are connected and accessed by anyone in Ubi-com. Therefore, it will be needed to explore more secure and intelligent mechanism in Ubi-com. SSDU-09 is intended to foster the dissemination of state-of-the-art research in the area of security and intelligence integrating into Ubi-com and data management technology. The main topics include but will not be limited to:

      • Context-Awareness and its Data mining for Ubi-com service
      • Human-Computer Interface and Interaction for Ubi-com
      • Smart Homes and its business model for Ubi-com service
      • Intelligent Multimedia Service and its Data management for Ubi-com
      • USN / RFID for Ubi-com service
      • Network security issues, protocols, data security in Ubi-com
      • Database protection for Ubi-com
      • Privacy Protection and Forensic in Ubi-com
      • Multimedia Security in Ubi-com
      • Authentication and Access control for data protection in Ubi-com
      • Service, Security and its Data management for U-commerce
      • New novel mechanism and Applications for Ubi-com

    • Security and Communication Networks Journal, Special Issue on Security and Trust Management for Dynamic Coalitions Submission Due 30 November 2008)

      Guest editor: Theo Dimitrakos (British Telecommunications plc, UK), Fabio Martinelli (Institute of Informatics and Telematics, National Research Council, Italy), and Bruce Schneier (British Telecommunications plc, USA)
      
      There is an increasing interest and deployment of technologies that allow cooperation among entities that may act collectively. These entities may form dynamic coalitions where entities may leave and join, may show mobility aspects (either logical or physical), and may act in a collective manner. Examples of these coalitions can be found in the digital world, including: a) Crowds of users walking on the streets with advanced context aware converged telecommunication devices; b) A group of robots, manned and unmanned vehicles equipped with processors, sensors, smartphones, etc. interacting with each other, with their environment, and with a command or a control node, such as the command and control site of a defence coalition or a civil traffic control; c) A set of organizations (possibly virtual) sharing some resource for service provisions, or so called Virtual Organisations; d) Collaborative processes that use resources and services offered by partners in a Virtual Organisation; and e) Web 2.0 mash-ups and composite Web Services that are composed of services and applications offered by different service providers over a public network. These dynamic coalitions involve several technologies as peer to peer systems (P2P), mobile ad hoc networks (MANETs), and service oriented architectures such as those realised in GRID computing and Web Services Frameworks. There are several research areas identified as follows: a) Security in dynamic coalitions; b) trust in dynamic coalitions; c) security and trust interplay; and d) secure processes and service composition. This special issue is proposed to cover research results and innovation case studies on security and trust management on dynamic coalitions. Topics of interest include but are not limited to:

      • Semantics and computational models for security and trust in dynamic coalitions
      • Context-based security and trust management architectures, mechanisms and policies
      • Privacy and anonymity issues in trust negotiation
      • Enforcing cooperation in dynamic coalitions
      • Reputation and recommendation models and architectures for dynamic coalitions
      • Usage control models, languages and architectures in dynamic coalitions
      • Cryptographic models and mechanisms for dynamic coalitions
      • Security protocols for group management
      • Security for Service Oriented Architectures and Infrastructures
      • Collaboration and Virtual Organization life-cycle management in dynamic coalitions
      • Federated Identity Management in dynamic coalitions
      • Distributed Access Control and administrative delegation in dynamic coalitions
      • Policy verification and validation in order to predict the impact of changes to an infrastructure in order to support the life-cycle of a dynamic coalition
      • QoS monitoring, evaluation and reporting in dynamic coalitions
      • Auditing in dynamic coalitions
      • Trust and security in ICT Governance and service management for dynamic coalitions
      • Security frameworks for dynamic service composition
      • Security frameworks for Web 2.0 service and application mash-ups
      • Security and trust adaptation in dynamic coalitions
      • Information management in dynamic coalitions including research in techniques for self-protecting information sets
      • Trust and security aspects of Operational Support Systems (OSS) for the converged telecommunications infrastructure that underpins dynamic coalitions

    • IFIP-CIP 2009 Annual IFIP WG 11.10 International Conference on Critical Infrastructure Protection, Hanover, New Hampshire, USA, March 22-25, 2009. (Submissions due 31 December 2008)

      The IFIP Working Group 11.10 on Critical Infrastructure Protection is an active international community of researchers, infrastructure operators and policy-makers dedicated to applying scientific principles, engineering techniques and public policy to address current and future problems in information infrastructure protection. Papers are solicited in all areas of critical infrastructure protection. Areas of interest include, but are not limited to:

      • Infrastructure vulnerabilities, threats and risks
      • Security challenges, solutions and implementation issues
      • Infrastructure sector interdependencies and security implications
      • Risk analysis and risk assessment methodologies
      • Modeling and simulation of critical infrastructures
      • Legal, economic and policy issues related to critical infrastructure protection
      • Secure information sharing
      • Infrastructure protection case studies
      • Distributed control systems/SCADA security
      • Telecommunications network security

    • ACNS 2009 7th International Conference on Applied Cryptography and Network Security, Paris, France, June 2-5, 2009. (Submissions due 12 January 2009)

      ACNS is an annual conference concentrating on current developments that advance the areas of applied cryptography and its application to systems and network security. The goal is to represent both academic research works as well as developments in industrial and technical frontiers. Original research papers pertaining to all aspects of cryptography and network security are solicited for submission to ACNS'09. Relevant topics include but are not limited to:

      • Applied Cryptography and provably-secure cryptographic protocols
      • Design and analysis of efficient cryptographic primitives: public-key and symmetric-key cryptosystems, block ciphers, and hash functions
      • Network security protocols
      • Techniques for anonymity; trade-offs between anonymity and utility
      • Integrating security into the next-generation Internet: DNS security, routing, naming, denial-of-service attacks, TCP/IP, secure multicast
      • Economic fraud on the Internet: phishing, pharming, spam, and click fraud
      • Email and web security
      • Public key infrastructure, key management, certification, and revocation
      • Security and privacy for emerging technologies: sensor networks, mobile (ad hoc) networks, peer-to-peer networks, bluetooth, 802.11, RFID
      • Trust metrics and robust trust inference in distributed systems
      • Security and usability
      • Intellectual property protection: metering, watermarking, and digital rights management
      • Modeling and protocol design for rational and malicious adversaries
      • Automated analysis of protocols

    • SECURWARE 2009 3rd International Conference on Emerging Security Information, Systems and Technologies, Athens, Greece, June 14-19, 2009. (Submissions due 20 January 2009)

      The SECURWARE 2009 is an event covering related topics on theory and practice on security, cryptography, secure protocols, trust, privacy, confidentiality, vulnerability, intrusion detection and other areas related to low enforcement, security data mining, malware models, etc. SECURWARE 2009 Special Areas (details in the CfP on site) are:

      • ARCH: Security frameworks, architectures and protocols
      • SECMAN: Security management
      • SECTECH: Security technologies
      • SYSSEC: System security
      • INFOSEC: Information security
      • MALWA: Malware and Anti-malware
      • ANTIFO: Anti-forensics
      • PRODAM: Profiling data mining
      • SECHOME: Smart home security
      • SECDYN: Security and privacy in dynamic environments
      • ECOSEC: Ecosystem security and trust
      • CRYPTO: Cryptography
      • CYBER-Threat

    • IH 2009 11th Information Hiding Workshop, Darmstadt, Germany, June 7-10, 2009. (Submissions due 1 February 2009)

      For many years, Information Hiding has captured the imagination of researchers: Digital watermarking and steganography protect information, conceal secrets or are used as core primitives in Digital Rights Management schemes; steganalysis and digital forensics pose important challenges to investigators; and information hiding plays an important role in anonymous communication systems. These are but a small number of related topics and issues. Current research themes include:

      • Anonymous communication and privacy
      • Low probability of intercept communications
      • Digital forensics
      • Covert/subliminal channels
      • Steganography and steganalysis
      • Watermarking algorithms and applications
      • Security aspects of watermarking
      • Novel data hiding domains
      • Multimedia and document security
      • Novel applications of information hiding

    • MobiSec 2009 1st International Conference on Security and Privacy in Mobile Information and Communication Systems, Turin, Italy, June 3-5, 2009. (Submissions due 2 February 2009)

      The convergence of information and communication technology is most palpable in the form of intelligent mobile devices, accompanied by the advent of converged, and next-generation, communication networks. As mobile communication and information processing becomes a commodity, economy and society require protection of this precious resource. MobiSec brings together leading-edge researchers from academia and industry in the field of mobile systems security and privacy, as well as practitioners, standards developers and policymakers. Topics of interest include, but are not limited to the following focus areas:

      • Security architectures for next-generation, new-generation, and converged communication networks
      • Trusted mobile devices, hardware security
      • Network resilience
      • Threat analyses for mobile systems
      • Multi-hop authentication and trust
      • Non-repudiation of communication
      • Context-aware and data-centric security
      • Protection and safety of distributed mobile data
      • Mobile application security
      • Security for voice and multimedia communication
      • Machine-to-machine communication security
      • Trust in autonomic and opportunistic communication
      • Location based applications security and privacy
      • Security for the networked home environment
      • Security and privacy for mobile communities
      • Mobile emergency communication, public safety
      • Lawful interception and mandatory data retention
      • Security of mobile agents and code
      • Idenity management
      • Embedded security

    • USENIX-SECURITY 2009 18th USENIX Security Symposium, Montreal, Canada, August 12–14, 2009. (Submissions due 4 February 2009)

      The USENIX Security Symposium brings together researchers, practitioners, system administrators, system programmers, and others interested in the latest advances in the security of computer systems and networks. Refereed paper submissions are solicited in all areas relating to systems and network security, including:

      • Adaptive security and system management
      • Analysis of network and security protocols
      • Applications of cryptographic techniques
      • Attacks against networks and machines
      • Authentication and authorization of users, systems, and applications
      • Automated tools for source code analysis
      • Botnets
      • Cryptographic implementation analysis and construction
      • Denial-of-service attacks and countermeasures
      • File and filesystem security
      • Firewall technologies
      • Forensics and diagnostics for security
      • Hardware security
      • Intrusion and anomaly detection and prevention
      • Malicious code analysis, anti-virus, anti-spyware
      • Network infrastructure security
      • Operating system security
      • Privacy-preserving (and compromising) systems
      • Public key infrastructure
      • Rights management and copyright protection
      • Security architectures
      • Security in heterogeneous and large-scale environments
      • Security policy
      • Self-protecting and healing systems
      • Techniques for developing secure systems
      • Technologies for trustworthy computing
      • Usability and security
      • Virtualization security
      • Voting systems analysis and security
      • Web security
      • Wireless and pervasive/ubiquitous computing security

    • ACSISP 2009 14th Australasian Conference on Information Security and Privacy, Brisbane, Australia, July 1-3, 2009. (Submissions due 9 February 2009)

      Original papers pertaining to all aspects of information security and privacy are solicited for submission to the 14th Australasian Conference on Information Security and Privacy (ACISP 2009). Papers may present theory, techniques, applications and practical experiences on a variety of topics including:

      • Cryptology
      • Mobile communications security
      • Database security
      • Authentication and authorization
      • Secure operating systems
      • Intrusion detection
      • Access control
      • Security management
      • Security protocols
      • Network security
      • Secure commercial applications
      • Privacy Technologies
      • Smart cards
      • Key management and auditing
      • Mobile agent security
      • Risk assessment
      • Secure electronic commerce
      • Privacy and policy issues
      • Copyright protection
      • Security architectures and models
      • Evaluation and certification
      • Software protection and viruses
      • Computer forensics
      • Distributed system security
      • Identity management
      • Biometrics

    • IEEE Transactions on Information Forensics and Security, Special Issue on Electronic Voting December 2009. (Submission Due 15 February 2009)

      Guest editor: Ronald L. Rivest (MIT, USA, Lead Guest Editor), David Chaum (Voting Systems Institute, USA), Bart Preneel (Katholieke Universiteit Leuven, Belgium), Aviel D. Rubin (Johns Hopkins University, USA), Donald G. Saari (University of California at Irvine, USA), and Poorvi L. Vora (The George Washington University, USA)
      
      Following the discovery of a wide variety of flaws in electronic voting technology used in the US and other parts of the world, there has recently been a spurt of research activity related to electronic voting. The activity has been broad, ranging from the design of voting systems that specify what information is collected from voters and how it is used to determine one or many winners, through the development of cryptographic vote counting systems and the experimental security analysis of deployed voting systems, the experimental study of the usability of voting systems, to the development of methods for identifying election fraud. Most of the work has of necessity been interdisciplinary, involving contributions from experts in the areas of cryptography, computer security, information theory, political science, statistics, usability, game theory, mathematical modeling, etc. This special issue aims to provide an overview of the research area of electronic voting, with a focus on original results. The scope includes both remote and polling-place voting, and the areas of interest include, but are not limited to, the following:

      • Voting theory, including voting models
      • Cryptographic voting systems
      • Formal security analysis of voting systems
      • Experimental security analysis of voting systems
      • Evaluations and ratings of voting systems
      • Usability and accessibility of voting systems
      • History of voting technology
      • Components building-blocks of voting systems, such as anonymous voting channels and secure bulletin boards
      • Fraud/anomaly detection in elections
      • Political districting and the allocation of voting technology

    • SECRYPT 2009 International Conference on Security and Cryptography, Milan, Italy, July 7-10, 2009. (Submissions due 17 February 2009)

      The purpose of SECRYPT 2009 is to bring together researchers, engineers and practitioners interested on information systems and applications in the context of wireless networks and mobile technologies. Topics of interest include, but are not limited to, provided they fit in one of the following main topic areas:
      Area 1: Access Control and Intrusion Detection
      

      • Intrusion Detection and Vulnerability Assessment
      • Authentication and Non-repudiation
      • Identification and Authentication
      • Insider Threats and Countermeasures
      • Intrusion Detection & Prevention
      • Identity and Trust Management
      • Biometric Security
      • Trust models and metrics
      • Regulation and Trust Mechanisms
      • Data Integrity
      • Models for Authentication, Trust and Authorization
      • Access Control in Computing Environments
      • Multiuser Information
      Area 2: Network Security and Protocols
      
      • IPsec, VPNs and Encryption Modes
      • Service and Systems Design and QoS Network Security
      • Fairness Scheduling and QoS Guarantee
      • Reliability and Dependability
      • Web Performance and Reliability
      • Denial of Service and Other Attacks
      • Data and Systems Security
      • Data Access & Synchronization
      • GPRS and CDMA Security
      • Mobile System Security
      • Ubiquitous Computing Security
      • Security in Localization Systems
      • Sensor and Mobile Ad Hoc Network Security
      • Wireless Network Security (WiFi, WiMAX, WiMedia and Others)
      • Security of GSM/GPRS/UMTS Systems
      • Peer-to-Peer Security
      • e-Commerce Protocols and Micropayment Schemes
      Area 3: Cryptographic Techniques and Key Management
      
      • Smart Card Security
      • Public Key Crypto Applications
      • Coding Theory and Practice
      • Spread Spectrum Systems
      • Speech/Image Coding
      • Shannon Theory
      • Stochastic Processes
      • Quantum Information Processing
      • Mobile Code & Agent Security
      • Digital Rights Management
      Area 4: Information Assurance
      
      • Planning Security
      • Risk Assessment
      • Security Area Control
      • Organizational Security Policies and Responsibility
      • Security Through Collaboration
      • Human Factors and Human Behaviour Recognition Techniques
      • Ethical and Legal Implications
      • Intrusive, Explicit Security vs. Invisible, Implicit Computing
      • Information Hiding
      • Information Systems Auditing
      • Management of Computing Security
      Area 5: Security in Information Systems
      
      • Security for Grid Computing
      • Secure Software Development Methodologies
      • Security for Web Services
      • Security for Databases and Data Warehouses
      • e-Health
      • Security Engineering
      • Security Information Systems Architectures
      • Security Requirements
      • Security Metrics
      • Personal Data Protection
      • XML Security
      • Workflow and Business Process Security

    • DBSEC 2009 23rd Annual IFIP WG 11.3 Working Conference on Data and Applications Security, Montreal, Canada, July 12-15, 2009. (Submissions due 20 February 2009)

      The 23rd Annual IFIP WG 11.3 Working Conference on Data and Applications Security provides a forum for presenting original unpublished research results, practical experiences, and innovative ideas in data and applications security. Papers and panel proposals are also solicited. Papers may present theory, techniques, applications, or practical experience on topics of relevance to IFIP WG 11.3:

      • Access Control
      • Applied cryptography in data security
      • Identity theft and countermeasures
      • Integrity maintenance
      • Intrusion detection
      • Knowledge discovery and privacy
      • Organizational security
      • Privacy and privacy-preserving data management
      • Secure transaction processing
      • Secure information integration
      • Secure Semantic Web
      • Secure sensor monitoring
      • Secure Web Services
      • Threats, vulnerabilities, and risk management
      • Trust management

    • ACM Transactions on Autonomous and Adaptive Systems (TAAS), Special Issue on Adaptive Security Systems 2010. (Submission Due 15 March 2009)

      Guest editor: Yang Xiang (Central Queensland University, Australia) and Wanlei Zhou (Deakin University, Australia)
      
      This special issue on Adaptive Security Systems in ACM TAAS focuses on autonomous and adaptive security system theories, technologies, and reallife applications. Original papers are solicited for this special issue. Suggested topics include, but are not limited to:
      Adaptive Security System Theories
      

      • Adaptive security architectures, algorithms, and protocols
      • Autonomic learning mechanisms in security systems
      • Intelligent attack systems and mechanisms
      • Interactions between autonomic nodes of security systems
      • Modeling of adaptive attack and defense mechanisms
      • Theories in adaptive security systems
      Adaptive Security System Technologies
      
      • Adaptive security architectures, algorithms, and protocols
      • Adaptive security systems design
      • Adaptive security systems implementation
      • Adaptive intrusion detection/prevention systems
      • Self-organizing identity management and authentication
      • Adaptive defense against large-scale attacks
      • Simulation and tools for adaptive security systems
      Adaptive Security System Applications
      
      • Adaptive security architectures, algorithms, and protocols
      • Benchmark, analysis and evaluation of adaptive security systems
      • Distributed autonomous access control and trust management
      • Autonomous denial-of-service attacks and countermeasures
      • Autonomous wireless security systems
      • Autonomous secure mobile agents and middleware
      • Adaptive defense against viruses, worms, and other malicious codes

• The Technical Committee on Security and Privacy

 

• Listing of academic positions available  by Cynthia Irvine
  

 

• Staying in touch....

  • Information for Subscribers and Contributors

  • Who's where: recent address changes

  • Changing your email address?  Please send updates to cipher@ieee-security.org