Cipher Electronic Newsletter of the Technical Committe on    Security & Privacy A Technical Committee of the Computer Society of the IEEE  Electronic Issue (EI) 88,  January 19, 2009 Hilarie Orman,  Editor Book Reviews Sven Dietrich, Associate Editor Yong Guan, Calendar Editor

Contents:

• Letter from the Editor 
   

• Commentary and Opinion

  • Richard Austin's review of Applied Security Visualization by Raffael Marty

  • NewsBits:  Announcements and correspondence from readers (please contribute!)

    • NIST requests comments on key derivation for EAP authentication
    • IEEE Dependable and Secure Computing Magazine Seeks Editor-in-Chief
    • MD5 collisions exploited to demonstrate "Rogue Certificate Authority"

  • Book reviews from past Cipher issues

  • Conference Reports and Commentary from past Cipher issues

  • News items from past Cipher issues

 

• Conference and Workshop Announcements

  • Cipher calls-for-papers and calendar
      Calendar (the calls-for-papers and the calendar announcements may differ slightly in content or time of update): 

  • 1/16/09: WNGS, 4th International Workshop on Security, Korea University, Seoul, Korea; Submissions are due
  • 1/17/09: SADFE, 4th International Workshop on Systematic Approaches to Digital Forensic Engineering, Held in conjunction with the 2009 IEEE Symposium on Security and Privacy (SP 2009), Oakland, CA, USA; Submissions are due
  • 1/19/09: ATC, 6th International Conference on Autonomic and Trusted Computing, Brisbane, Australia; Submissions are due
  • 1/20/09: SECURWARE, 3rd International Conference on Emerging Security Information, Systems and Technologies, Athens, Greece; Submissions are due
  • 1/23/09: SACMAT, 14th ACM Symposium on Access Control Models and Technologies, Hotel La Palma, Stresa, Italy; Submissions are due
  • 1/25/09- 1/28/09: IFIP-DF, 5th Annual IFIP WG 11.9 International Conference on Digital Forensics, Orlando, Florida, USA
  • 2/ 1/09: IH, 11th Information Hiding Workshop, Darmstadt, Germany; Submissions are due
  • 2/ 2/09: MobiSec, 1st International Conference on Security and Privacy in Mobile Information and Communication Systems, Turin, Italy; Submissions are due
  • 2/ 4/09: USENIX-SECURITY, 18th USENIX Security Symposium, Montreal, Canada; Submissions are due
  • 2/ 4/09- 2/ 6/09: ESSoS, International Symposium on Engineering Secure Software and Systems, Leuven, Belgium
  • 2/ 6/09: CSF, 22nd IEEE Computer Security Foundations Symposium, Port Jefferson, New York, USA; Submissions are due
  • 2/ 6/09: DIMVA, 6th International Conference on Detection of Intrusions and Malware & Vulnerability Assessment, Milan, Italy; Submissions are due
  • 2/ 8/09- 2/11/09: NDSS, 16th Annual Network and Distributed System Security Symposium, San Diego, California, USA
  • 2/ 9/09: ACSISP, 14th Australasian Conference on Information Security and Privacy, Brisbane, Australia; Submissions are due
  • 2/10/09- 2/13/09: ICIT, IEEE International Conference on Industrial Technology, Special Session on Wireless Bluetooth Technologies and Cyber Security, Churchill, Victoria, Australia
  • 2/15/09: CTC, Cybercrime and Trustworthy Computing Workshop, Held in conjunction with the 6th International Conference on Autonomic and Trusted Computing (ATC 2009), Brisbane, Australia; Submissions are due
  • 2/15/09: IEEE Transactions on Information Forensics and Security, Special Issue on Electronic Voting; Submissions are due
  • 2/17/09: SECRYPT, International Conference on Security and Cryptography, Milan, Italy; Submissions are due
  • 2/20/09: DBSEC, 23rd Annual IFIP WG 11.3 Working Conference on Data and Applications Security, Montreal, Canada; Submissions are due
  • 2/20/09: TrustBus, 6th International Conference on Trust, Privacy, and Security in Digital Business, Held in conjunction with the 20th International Conference on Database and Expert Systems Applications (DEXA 2009), Linz, Austria; Submissions are due
  • 2/23/09- 2/26/09: FC, 13th International Conference on Financial Cryptography and Data Security, Accra Beach, Barbados;
  • 2/25/09- 2/28/09: SHA-3, 1st SHA-3 Candidate Conference, ALeuven, Belgium;
  • 3/ 2/09: POLICY, IEEE International Symposium on Policies for Distributed Systems and Networks, Imperial College London, UK; Submissions are due
  • 3/ 8/09- 3/12/09: SAC-TREK, 24th ACM Symposium on Applied Computing (SAC 2009), Trust, Reputation, Evidence and other Collaboration Know-how (TRECK) Track, Honolulu, Hawaii, USA;
  • 3/ 8/09- 3/12/09: SAC-SEC, 24th ACM Symposium on Applied Computing (SAC 2009), Computer Security Track, Honolulu, Hawaii, USA;
  • 3/15/09: ACM Transactions on Autonomous and Adaptive Systems, Special Issue on Adaptive Security Systems; Submissions are due
  • 3/16/09- 3/19/09: PSAI, 2nd Workshop on Privacy and Security by means of Artificial Intelligence, Held in conjunction with ARES 2009, Fukoka, Japan;
  • 3/18/09- 3/19/09: SecSE, 3rd Workshop on Secure Software Engineering, Held in conjunction with conjunction with ARES 2009, Fukuoka, Japan;
  • 2/27/09: Elsevier Journal on Computer Networks, Special Issue on Performance Sensitive Security for Very Large Scale Collaboration; Submissions are due
  • 3/18/09- 3/20/09: PKC, 12th IACR International Workshop on Practice and Theory in Public Key Cryptography, Irvine, California, USA
  • 3/22/09- 3/25/09: IFIP-CIP, Annual IFIP WG 11.10 International Conference on Critical Infrastructure Protection, Hanover, New Hampshire, USA;
  • 3/26/09- 3/27/09: ICIW, 4th International Conference on Information Warfare and Security, Breakwater Lodge, Cape Town, South Africa;
  • 3/31/09: SECURECOMM, 5th International ICST Conference on Security and Privacy for Communication Networks, Athens, Greece; Submissions are due
  • 4/ 3/09: IWSEC, 4th International Workshop on Security, Toyama, Japan; Submissions are due
  • 4/ 6/09- 4/ 8/09: Trust, 2nd International Conference on Trusted Computing, St. Hugh's College, University of Oxford, UK;
  • 4/13/09: SIN, 2nd ACM International Conference on Security of Information and Networks, Eastern Mediterranean University, Gazimagusa, TRNC, North Cyprus; Submissions are due
  • 4/13/09- 4/15/09: ISPEC, 5th Information Security Practice and Experience Conference, Xi'an, China;
  • 4/14/09- 4/16/09: IDtrust, 8th Symposium on Identity and Trust on the Internet, Gaithersburg, Maryalnd, USA;
  • 4/30/09: LISA, 23rd USENIX Large Installation System Administration Conference, Baltimore, MD, USA; Submissions are due
  • 5/ 1/09: IEEE Transactions on Software Engineering, Special Issue on Exception Handling: From Requirements to Software Maintenance, Submissions are due
  • 5/ 4/09- 5/ 8/09: SSDU, 3rd International Symposium on Service, Security and its Data management technologies in Ubi-comp, Geneva, Switzerland;
  • 5/17/09- 5/20/09: SP, 30th IEEE Symposium on Security and Privacy, Oakland/Berkeley, California, USA;
  • 5/21/09: SADFE, 4th International Workshop on Systematic Approaches to Digital Forensic Engineering, Held in conjunction with the 2009 IEEE Symposium on Security and Privacy (SP 2009), Oakland, CA, USA;
  • 5/17/09- 5/20/09: SP, 30th IEEE Symposium on Security and Privacy, Oakland/Berkeley, California, USA;
  • 5/24/09- 5/28/09: CIMP, 4th International Conference on Internet Monitoring and Protection, Venice, Italy;
  • 5/29/09: SSN, 5th International Workshop on Security in Systems and Networks, Held in conjunction with the International Parallel and Distributed Processing Symposium (IPDPS 2009), Rome, Italy;
  • 6/ 2/09- 6/ 5/09: ACNS, 7th International Conference on Applied Cryptography and Network Security, Paris, France;
  • 6/ 3/09- 6/ 5/09: MobiSec, 1st International Conference on Security and Privacy in Mobile Information and Communication Systems, Turin, Italy;
  • 6/ 3/09- 6/ 5/09: SACMAT, 14th ACM Symposium on Access Control Models and Technologies, Hotel La Palma, Stresa, Italy;
  • 6/ 7/09- 6/ 9/09: IH, 11th Information Hiding Workshop, Darmstadt, Germany;
  • 6/14/09- 6/18/09: CISS, Communication and Information Systems Security Symposium, Held in conjunction with the IEEE International Conference on Communications (ICC 2009), Dresden, Germany
  • 6/14/09- 6/19/09: SECURWARE, 3rd International Conference on Emerging Security Information, Systems and Technologies, Athens, Greece
  • 6/25/09- 6/27/09: WNGS, 4th International Workshop on Security, Korea University, Seoul, Korea;
  • 7/ 1/09- 7/ 3/09: ACSISP, 14th Australasian Conference on Information Security and Privacy, Brisbane, Australia;
  • 7/ 7/09- 7/10/09: SECRYPT, International Conference on Security and Cryptography, Milan, Italy;
  • 7/ 7/09- 7/10/09: ATC, 6th International Conference on Autonomic and Trusted Computing, Brisbane, Australia;
  • 7/ 7/09- 7/10/09: CTC, Cybercrime and Trustworthy Computing Workshop, Held in conjunction with the 6th International Conference on Autonomic and Trusted Computing (ATC 2009), Brisbane, Australia;
  • 7/ 8/09- 7/10/09: CSF, 22nd IEEE Computer Security Foundations Symposium, Port Jefferson, New York, USA;
  • 7/12/09- 7/15/09: DBSEC, 23rd Annual IFIP WG 11.3 Working Conference on Data and Applications Security, Montreal, Canada;
  • 7/20/09- 7/22/09: POLICY, IEEE International Symposium on Policies for Distributed Systems and Networks, Imperial College London, UK;
  • 8/12/09- 8/14/09: USENIX-SECURITY, 18th USENIX Security Symposium, Montreal, Canada;
  • 8/31/09- 9/ 4/09: TrustBus, 6th International Conference on Trust, Privacy, and Security in Digital Business, Held in conjunction with the 20th International Conference on Database and Expert Systems Applications (DEXA 2009), Linz, Austria;
  • 9/14/09- 9/18/09: SECURECOMM, 5th International ICST Conference on Security and Privacy for Communication Networks, Athens, Greece;
  • 10/ 6/09-10/10/09: SIN, 2nd ACM International Conference on Security of Information and Networks, Eastern Mediterranean University, Gazimagusa, TRNC, North Cyprus;
  • 10/28/09-10/30/09: IWSEC, 4th International Workshop on Security, Toyama, Japan;
  • 11/ 1/09-11/ 6/09: LISA, 23rd USENIX Large Installation System Administration Conference, Baltimore, MD, USA;
  • new calls or announcements added since Cipher E87

  • WNGS 2009 4th International Workshop on Security, Korea University, Seoul, Korea, June 25-27, 2009. (Submissions due 16 January 2009)

    The workshop will provide an opportunity for academic and industry professionals to discuss the latest issues and progress in the area of NGS. The workshop will publish high quality papers which are closely related to the various theories and practical applications in NGS. In addition, we expect that the workshop and its publications will be a trigger for further related research and technology improvements in this important subject. Topics (included, but are not limited to):

    • Cryptographic Protocol & Application In NGS
    • Peer-to-Peer Security & Application
    • Privacy & Anonymity in NGS
    • Access Control in NGS
    • Biometrics in NGS
    • Key/Identity Management in NGS
    • Smart & Java Cards in NGS
    • Mobile Communication in NGS
    • Future Aviation in NGS
    • Computer Forensics in NGS
    • Efficient Implementations in NGS

  • SADFE 2009 4th International Workshop on Systematic Approaches to Digital Forensic Engineering, Held in conjunction with the 2009 IEEE Symposium on Security and Privacy (SP 2009), Oakland, CA, USA, May 21, 2009. (Submissions due 17 January 2009)

    The SADFE (Systematic Approaches to Digital Forensic Engineering) International Workshop promotes systematic approaches to computer investigations, by furthering the advancement of digital forensic engineering as a disciplined practice. Most previous SADFE papers have emphasized cyber crime investigations, and this is still a key focus of the meeting. However, we also welcome papers on forensics that do not necessarily involve a crime: general attack analysis, insider threat, insurance and compliance investigations, and similar forms of retrospective analysis are all viable topics. Digital forensic engineering is characterized by the application of scientific and mathematical principles to the investigation and establishment of facts or evidence, either for use within a court of law or to aid in understanding past events on a computer system. Past speakers and attendees of SADFE have included computer scientists, social scientists, forensic practitioners, law enforcement, lawyers, and judges. The synthesis of hard technology and science with social science and practice forms the foundation of this conference. To advance the state of the art, SADFE-2009 solicits broad-based, innovative digital forensic engineering technology, techno-legal and practice-related submissions in the following four areas:
    Digital Data and Evidence Management: advanced digital evidence discovery, collection, and storage
    

    • Identification, authentication and collection of digital evidence
    • Post-collection handling of evidence and the preservation of data integrity
    • Evidence preservation and storage
    • Forensic-enabled architectures and processes, including network processes
    • Managing geographically, politically and/or jurisdictionally dispersed data
    • Data and web mining systems for identification and authentication of relevant data
    Principle-based Digital Forensic Processes: systematic engineering processes supporting digital evidence management which are sound on scientific, technical and legal grounds
    
    • Legal and technical aspects of admissibility and evidence tests
    • Examination environments for digital data
    • Courtroom expert witness and case presentation
    • Case studies illustrating privacy, legal and legislative issues
    • Forensic tool validation: legal implications and issues
    • Legal and privacy implications for digital and computational forensic analysis
    Digital Evidence Analytics: advanced digital evidence analysis, correlation, and presentation
    
    • Advanced search, analysis, and presentation of digital evidence
    • Progressive cyber crime scenario analysis and reconstruction technology
    • Legal case construction & digital evidence support
    • Cyber-crime strategy analysis & modeling
    • Combining digital and non-digital evidence
    • Supporting qualitative or statistical evidence
    • Computational systems and computational forensic analysis
    Forensic-support technologies: forensic-enabled and proactive monitoring/response
    
    • Forensics of embedded or non-traditional devices (e.g. digicams, cell phones, SCADA)
    • Innovative forensic engineering tools and applications
    • Forensic-enabled support for incident response
    • Forensic tool validation: methodologies and principles
    • Legal and technical collaboration
    • Digital Forensics Surveillance Technology and Procedures
    • "Honeypot" and other target systems for data collection and monitoring

  • ATC 2009 6th International Conference on Autonomic and Trusted Computing, Brisbane, Australia, July 7-10, 2009. (Submissions due 19 January 2009)

    ATC-09 will offer a forum for researchers to exchange ideas and experiences in the most innovative research and development in these challenging areas and includes all technical aspects related to autonomic/organic computing (AC/OC) and trusted computing (TC). Topics include but are not limited to the following:

    • AC/OC Theory and Model: Models, negotiation, cooperation, competition, self-organization, emergence, verification etc.
    • AC/OC Architectures and Systems: Autonomic elements & their relationship, frameworks, middleware, observer/controller architectures, etc.
    • AC/OC Components and Modules: Memory, storage, database, device, server, proxy, software, OS, I/O, etc.
    • AC/OC Communication and Services: Networks, self-organized net, web service, grid, P2P, semantics, agent, transaction, etc.
    • AC/OC Tools and Interfaces: Tools/interfaces for AC/OC system development, test, monitoring, assessment, supervision, etc.
    • Trust Models and Specifications: Models and semantics of trust, distrust, mistrust, over-trust, cheat, risk, reputation, reliability, etc.
    • Trust-related Security and Privacy: Trust-related secure architecture, framework, policy, intrusion detection/awareness, protocols, etc.
    • Trusted Reliable and Dependable Systems: Fault-tolerant systems, hardware redundancy, robustness, survivable systems, failure recovery, etc.
    • Trustworthy Services and Applications: Trustworthy Internet/web/grid/P2P e-services, secured mobile services, novel applications, etc.
    • Trust Standards and Non-Technical Issues: Trust standards and issues related to personality, ethics, sociology, culture, psychology, economy, etc.

  • SECURWARE 2009 3rd International Conference on Emerging Security Information, Systems and Technologies, Athens, Greece, June 14-19, 2009. (Submissions due 20 January 2009)

    The SECURWARE 2009 is an event covering related topics on theory and practice on security, cryptography, secure protocols, trust, privacy, confidentiality, vulnerability, intrusion detection and other areas related to low enforcement, security data mining, malware models, etc. SECURWARE 2009 Special Areas (details in the CfP on site) are:

    • ARCH: Security frameworks, architectures and protocols
    • SECMAN: Security management
    • SECTECH: Security technologies
    • SYSSEC: System security
    • INFOSEC: Information security
    • MALWA: Malware and Anti-malware
    • ANTIFO: Anti-forensics
    • PRODAM: Profiling data mining
    • SECHOME: Smart home security
    • SECDYN: Security and privacy in dynamic environments
    • ECOSEC: Ecosystem security and trust
    • CRYPTO: Cryptography
    • CYBER-Threat

  • SACMAT 2009 14th ACM Symposium on Access Control Models and Technologies, Hotel La Palma, Stresa, Italy, June 3-5, 2009. (Submissions due 23 January 2009)

    Papers offering novel research contributions in all aspects of access control are solicited for submission to the ACM Symposium on Access Control Models and Technologies (SACMAT). SACMAT 2009 is the fourteenth of a successful series of symposiums that continue the tradition, first established by the ACM Workshop on Role-Based Access Control, of being the premier forum for presentation of research results and experience reports on leading edge issues of access control, including models, systems, applications, and theory. The missions of the symposium are to share novel access control solutions that fulfill the needs of heterogeneous applications and environments and to identify new directions for future research and development. SACMAT gives researchers and practitioners a unique opportunity to share their perspectives with others interested in the various aspects of access control. Accepted papers will be presented at the symposium and published by the ACM in the symposium proceedings. Outstanding papers will be invited for possible publication in a prestigious journal in information assurance area. Topics of interest include but are not limited to:

    • Access control models and extensions
    • Access control requirements
    • Access control design methodology
    • Access control mechanisms, systems, and tools
    • Access control in distributed and mobile systems
    • Access control for innovative applications
    • Administration of access control policies
    • Delegation
    • Identity management
    • Policy/Role Engineering
    • Safety analysis and enforcement
    • Standards for access control
    • Trust management
    • Trust models
    • Theoretical foundations for access control
    • Usage control

  • IH 2009 11th Information Hiding Workshop, Darmstadt, Germany, June 7-10, 2009. (Submissions due 1 February 2009)

    For many years, Information Hiding has captured the imagination of researchers: Digital watermarking and steganography protect information, conceal secrets or are used as core primitives in Digital Rights Management schemes; steganalysis and digital forensics pose important challenges to investigators; and information hiding plays an important role in anonymous communication systems. These are but a small number of related topics and issues. Current research themes include:

    • Anonymous communication and privacy
    • Low probability of intercept communications
    • Digital forensics
    • Covert/subliminal channels
    • Steganography and steganalysis
    • Watermarking algorithms and applications
    • Security aspects of watermarking
    • Novel data hiding domains
    • Multimedia and document security
    • Novel applications of information hiding

  • MobiSec 2009 1st International Conference on Security and Privacy in Mobile Information and Communication Systems, Turin, Italy, June 3-5, 2009. (Submissions due 2 February 2009)

    The convergence of information and communication technology is most palpable in the form of intelligent mobile devices, accompanied by the advent of converged, and next-generation, communication networks. As mobile communication and information processing becomes a commodity, economy and society require protection of this precious resource. MobiSec brings together leading-edge researchers from academia and industry in the field of mobile systems security and privacy, as well as practitioners, standards developers and policymakers. Topics of interest include, but are not limited to the following focus areas:

    • Security architectures for next-generation, new-generation, and converged communication networks
    • Trusted mobile devices, hardware security
    • Network resilience
    • Threat analyses for mobile systems
    • Multi-hop authentication and trust
    • Non-repudiation of communication
    • Context-aware and data-centric security
    • Protection and safety of distributed mobile data
    • Mobile application security
    • Security for voice and multimedia communication
    • Machine-to-machine communication security
    • Trust in autonomic and opportunistic communication
    • Location based applications security and privacy
    • Security for the networked home environment
    • Security and privacy for mobile communities
    • Mobile emergency communication, public safety
    • Lawful interception and mandatory data retention
    • Security of mobile agents and code
    • Idenity management
    • Embedded security

  • USENIX-SECURITY 2009 18th USENIX Security Symposium, Montreal, Canada, August 12-14, 2009. (Submissions due 4 February 2009)

    The USENIX Security Symposium brings together researchers, practitioners, system administrators, system programmers, and others interested in the latest advances in the security of computer systems and networks. Refereed paper submissions are solicited in all areas relating to systems and network security, including:

    • Adaptive security and system management
    • Analysis of network and security protocols
    • Applications of cryptographic techniques
    • Attacks against networks and machines
    • Authentication and authorization of users, systems, and applications
    • Automated tools for source code analysis
    • Botnets
    • Cryptographic implementation analysis and construction
    • Denial-of-service attacks and countermeasures
    • File and filesystem security
    • Firewall technologies
    • Forensics and diagnostics for security
    • Hardware security
    • Intrusion and anomaly detection and prevention
    • Malicious code analysis, anti-virus, anti-spyware
    • Network infrastructure security
    • Operating system security
    • Privacy-preserving (and compromising) systems
    • Public key infrastructure
    • Rights management and copyright protection
    • Security architectures
    • Security in heterogeneous and large-scale environments
    • Security policy
    • Self-protecting and healing systems
    • Techniques for developing secure systems
    • Technologies for trustworthy computing
    • Usability and security
    • Virtualization security
    • Voting systems analysis and security
    • Web security
    • Wireless and pervasive/ubiquitous computing security

  • CSF 2009 22nd IEEE Computer Security Foundations Symposium, Port Jefferson, New York, USA, July 8-10, 2009. (Submissions due 6 February 2009)

    The IEEE Computer Security Foundations (CSF) series brings together researchers in computer science to examine foundational issues in computer security. Over the past two decades, many seminal papers and techniques have been presented first at CSF. CiteSeer lists CSF as 38th out of more than 1200 computer science venues (top 3.11%) in impact based on citation frequency. CiteSeerX lists CSF 2007 as 7th out of 581 computer science venues (top 1.2%) in impact based on citation frequency. New theoretical results in computer security are welcome. Also welcome are more exploratory presentations, which may examine open questions and raise fundamental concerns about existing theories. Panel proposals are sought as well as papers. Possible topics include, but are not limited to:

    • Access control
    • Anonymity and Privacy
    • Authentication
    • Data and system integrity
    • Database security
    • Decidability and complexity
    • Distributed systems security
    • Electronic voting
    • Executable content
    • Formal methods for security
    • Information flow
    • Intrusion detection
    • Language-based security
    • Network security
    • Resource usage control
    • Security for mobile computing
    • Security models
    • Security protocols
    • Trust and trust management

  • DIMVA 2009 6th International Conference on Detection of Intrusions and Malware & Vulnerability Assessment, Milan, Italy, June/July, 2009. (Submissions due 6 February 2009)

    The annual DIMVA conference serves as a premier forum for advancing the state of the art in intrusion detection, malware detection, and vulnerability assessment. DIMVA's scope includes, but is not restricted to the following areas:

    • Intrusion Detection: Approaches, Insider detection, Applications to business level fraud, Implementations, Prevention and response, Result correlation and cooperation, Evaluation, Potentials and limitations, Operational experiences, Legal and social aspects
    • Malware Detection: Techniques, Acquisition of specimen, Detection and analysis, Automated behavior model generation, Early warning, Prevention and containment, Trends and upcoming risks, Forensics and recovery, Economic aspects
    • Vulnerability Assessment: Vulnerabilities, Vulnerability detection and analysis, Vulnerability prevention, Classification and evaluation, Situational awareness

  • ACSISP 2009 14th Australasian Conference on Information Security and Privacy, Brisbane, Australia, July 1-3, 2009. (Submissions due 9 February 2009)

    Original papers pertaining to all aspects of information security and privacy are solicited for submission to the 14th Australasian Conference on Information Security and Privacy (ACISP 2009). Papers may present theory, techniques, applications and practical experiences on a variety of topics including:

    • Cryptology
    • Mobile communications security
    • Database security
    • Authentication and authorization
    • Secure operating systems
    • Intrusion detection
    • Access control
    • Security management
    • Security protocols
    • Network security
    • Secure commercial applications
    • Privacy Technologies
    • Smart cards
    • Key management and auditing
    • Mobile agent security
    • Risk assessment
    • Secure electronic commerce
    • Privacy and policy issues
    • Copyright protection
    • Security architectures and models
    • Evaluation and certification
    • Software protection and viruses
    • Computer forensics
    • Distributed system security
    • Identity management
    • Biometrics

  • IEEE Transactions on Information Forensics and Security, Special Issue on Electronic Voting December 2009. (Submission Due 15 February 2009)

    Guest editor: Ronald L. Rivest (MIT, USA, Lead Guest Editor), David Chaum (Voting Systems Institute, USA), Bart Preneel (Katholieke Universiteit Leuven, Belgium), Aviel D. Rubin (Johns Hopkins University, USA), Donald G. Saari (University of California at Irvine, USA), and Poorvi L. Vora (The George Washington University, USA)
    
    Following the discovery of a wide variety of flaws in electronic voting technology used in the US and other parts of the world, there has recently been a spurt of research activity related to electronic voting. The activity has been broad, ranging from the design of voting systems that specify what information is collected from voters and how it is used to determine one or many winners, through the development of cryptographic vote counting systems and the experimental security analysis of deployed voting systems, the experimental study of the usability of voting systems, to the development of methods for identifying election fraud. Most of the work has of necessity been interdisciplinary, involving contributions from experts in the areas of cryptography, computer security, information theory, political science, statistics, usability, game theory, mathematical modeling, etc. This special issue aims to provide an overview of the research area of electronic voting, with a focus on original results. The scope includes both remote and polling-place voting, and the areas of interest include, but are not limited to, the following:

    • Voting theory, including voting models
    • Cryptographic voting systems
    • Formal security analysis of voting systems
    • Experimental security analysis of voting systems
    • Evaluations and ratings of voting systems
    • Usability and accessibility of voting systems
    • History of voting technology
    • Components building-blocks of voting systems, such as anonymous voting channels and secure bulletin boards
    • Fraud/anomaly detection in elections
    • Political districting and the allocation of voting technology

  • CTC 2009 Cybercrime and Trustworthy Computing Workshop, Held in conjunction with the 6th International Conference on Autonomic and Trusted Computing (ATC 2009), Brisbane, Australia, July 7-10, 2009. (Submissions due 15 February 2009)

    Cybercrime continues to be a growth industry, assisted by a combination of technical factors, such as insecure hardware and software platforms, and psychological factors, such as user error or naivety. The objective of this workshop is to bring together two distinct groups to encourage further collaboration - those who are working on researching cybercrime activity, such as phishing and malware, and those who are working on technical countermeasures. Example topic areas on the cybercrime theme might include:

    • Phishing, SPAM
    • Malware, Botnets
    • Scams, including advance fee fraud, romance scams, etc.
    • Forensic means to classify e-mail messages or web pages soliciting cybercrime or providing a vector for attack
    • Forensic means to cluster and identify different groups or modus operandi arising from distinct "kits"
    • For the countermeasures side, topic areas might include Anti-phishing, Anti-virus, Anti-rootkit, Anti-botnet
    • User education and/or psychological operations

  • SECRYPT 2009 International Conference on Security and Cryptography, Milan, Italy, July 7-10, 2009. (Submissions due 17 February 2009)

    The purpose of SECRYPT 2009 is to bring together researchers, engineers and practitioners interested on information systems and applications in the context of wireless networks and mobile technologies. Topics of interest include, but are not limited to, provided they fit in one of the following main topic areas:
    Area 1: Access Control and Intrusion Detection
    

    • Intrusion Detection and Vulnerability Assessment
    • Authentication and Non-repudiation
    • Identification and Authentication
    • Insider Threats and Countermeasures
    • Intrusion Detection & Prevention
    • Identity and Trust Management
    • Biometric Security
    • Trust models and metrics
    • Regulation and Trust Mechanisms
    • Data Integrity
    • Models for Authentication, Trust and Authorization
    • Access Control in Computing Environments
    • Multiuser Information
    Area 2: Network Security and Protocols
    
    • IPsec, VPNs and Encryption Modes
    • Service and Systems Design and QoS Network Security
    • Fairness Scheduling and QoS Guarantee
    • Reliability and Dependability
    • Web Performance and Reliability
    • Denial of Service and Other Attacks
    • Data and Systems Security
    • Data Access & Synchronization
    • GPRS and CDMA Security
    • Mobile System Security
    • Ubiquitous Computing Security
    • Security in Localization Systems
    • Sensor and Mobile Ad Hoc Network Security
    • Wireless Network Security (WiFi, WiMAX, WiMedia and Others)
    • Security of GSM/GPRS/UMTS Systems
    • Peer-to-Peer Security
    • e-Commerce Protocols and Micropayment Schemes
    Area 3: Cryptographic Techniques and Key Management
    
    • Smart Card Security
    • Public Key Crypto Applications
    • Coding Theory and Practice
    • Spread Spectrum Systems
    • Speech/Image Coding
    • Shannon Theory
    • Stochastic Processes
    • Quantum Information Processing
    • Mobile Code & Agent Security
    • Digital Rights Management
    Area 4: Information Assurance
    
    • Planning Security
    • Risk Assessment
    • Security Area Control
    • Organizational Security Policies and Responsibility
    • Security Through Collaboration
    • Human Factors and Human Behaviour Recognition Techniques
    • Ethical and Legal Implications
    • Intrusive, Explicit Security vs. Invisible, Implicit Computing
    • Information Hiding
    • Information Systems Auditing
    • Management of Computing Security
    Area 5: Security in Information Systems
    
    • Security for Grid Computing
    • Secure Software Development Methodologies
    • Security for Web Services
    • Security for Databases and Data Warehouses
    • e-Health
    • Security Engineering
    • Security Information Systems Architectures
    • Security Requirements
    • Security Metrics
    • Personal Data Protection
    • XML Security
    • Workflow and Business Process Security

  • DBSEC 2009 23rd Annual IFIP WG 11.3 Working Conference on Data and Applications Security, Montreal, Canada, July 12-15, 2009. (Submissions due 20 February 2009)

    The 23rd Annual IFIP WG 11.3 Working Conference on Data and Applications Security provides a forum for presenting original unpublished research results, practical experiences, and innovative ideas in data and applications security. Papers and panel proposals are also solicited. Papers may present theory, techniques, applications, or practical experience on topics of relevance to IFIP WG 11.3:

    • Access Control
    • Applied cryptography in data security
    • Identity theft and countermeasures
    • Integrity maintenance
    • Intrusion detection
    • Knowledge discovery and privacy
    • Organizational security
    • Privacy and privacy-preserving data management
    • Secure transaction processing
    • Secure information integration
    • Secure Semantic Web
    • Secure sensor monitoring
    • Secure Web Services
    • Threats, vulnerabilities, and risk management
    • Trust management

  • TrustBus 2009 6th International Conference on Trust, Privacy, and Security in Digital Business, Held in conjunction with the 20th International Conference on Database and Expert Systems Applications (DEXA 2009), Linz, Austria, August 31 - September 4, 2009. (Submissions due 20 February 2009)

    TrustBus'09 will bring together researchers from different disciplines, developers, and users all interested in the critical success factors of digital business systems. We are interested in papers, work-in-progress reports, and industrial experiences describing advances in all areas of digital business applications related to trust and privacy, including, but not limited to:

    • Anonymity and pseudonymity in business transactions
    • Business architectures and underlying infrastructures
    • Common practice, legal and regulatory issues
    • Cryptographic protocols
    • Delivery technologies and scheduling protocols
    • Design of businesses models with security requirements
    • Economics of Information Systems Security
    • Electronic cash, wallets and pay-per-view systems
    • Enterprise management and consumer protection
    • Identity and Trust Management
    • Intellectual property and digital rights management
    • Intrusion detection and information filtering
    • Languages for description of services and contracts
    • Management of privacy & confidentiality
    • Models for access control and authentication
    • Multimedia web services
    • New cryptographic building-blocks for e-business applications
    • Online transaction processing
    • PKI & PMI
    • Public administration, governmental services
    • P2P transactions and scenarios
    • Real-time Internet E-Services
    • Reliability and security of content and data
    • Reliable auction, e-procurement and negotiation technology
    • Reputation in services provision
    • Secure process integration and management
    • Security and Privacy models for Pervasive Information Systems
    • Security Policies
    • Shopping, trading, and contract management tools
    • Smartcard technology
    • Transactional Models
    • Trust and privacy issues in mobile commerce environments
    • Usability of security technologies and services

  • POLICY 2009 IEEE International Symposium on Policies for Distributed Systems and Networks, Imperial College London, UK, July 20-22, 2009. (Submissions due 2 March 2009)

    The symposium brings together researchers and practitioners working on policy-based systems across a range of application areas including policy-based networking, privacy and security management, storage area networking, and enterprise systems. POLICY 2009 has grown out of a highly successful series of workshops and this is recognized by the elevation of the event to an IEEE symposium. This year, in addition to the latest research results from the communities working in any area of policy-based management and computing, we encourage contributions on policy-based techniques in support of privacy and security management, including the policy life-cycle, detection and resolution of inconsistency, refining policies from users' requirements, and usability issues. Topics of interest include, but are not limited to the following:

    • Privacy and Security
    • Policy Models and Languages
    • Policy Applications

  • ACM Transactions on Autonomous and Adaptive Systems (TAAS), Special Issue on Adaptive Security Systems 2010. (Submission Due 15 March 2009)

    Guest editor: Yang Xiang (Central Queensland University, Australia) and Wanlei Zhou (Deakin University, Australia)
    
    This special issue on Adaptive Security Systems in ACM TAAS focuses on autonomous and adaptive security system theories, technologies, and reallife applications. Original papers are solicited for this special issue. Suggested topics include, but are not limited to:
    Adaptive Security System Theories
    

    • Adaptive security architectures, algorithms, and protocols
    • Autonomic learning mechanisms in security systems
    • Intelligent attack systems and mechanisms
    • Interactions between autonomic nodes of security systems
    • Modeling of adaptive attack and defense mechanisms
    • Theories in adaptive security systems
    Adaptive Security System Technologies
    
    • Adaptive security architectures, algorithms, and protocols
    • Adaptive security systems design
    • Adaptive security systems implementation
    • Adaptive intrusion detection/prevention systems
    • Self-organizing identity management and authentication
    • Adaptive defense against large-scale attacks
    • Simulation and tools for adaptive security systems
    Adaptive Security System Applications
    
    • Adaptive security architectures, algorithms, and protocols
    • Benchmark, analysis and evaluation of adaptive security systems
    • Distributed autonomous access control and trust management
    • Autonomous denial-of-service attacks and countermeasures
    • Autonomous wireless security systems
    • Autonomous secure mobile agents and middleware
    • Adaptive defense against viruses, worms, and other malicious codes

  • Elsevier Journal on Computer Networks, Special Issue on Performance Sensitive Security for Very Large Scale Collaboration December 2009. (Submission Due 18 March 2009)

    Guest editor: Deborah A. Frincke (PNNL, University of Washington, USA), Frank Siebenlist (Argonne National Laboratory, University of Chicago, USA), and Mine Altunay (Fermi National Laboratory, USA)
    
    It is anticipated that this trend towards very large-scale collaboration will continue and that these virtual organizations will become increasingly complex and diverse. Exascale computing is predicted by some to be a necessity to support scientific as well as business activities by 2018. It will be important for security solutions to scale equally well, so that the collaboration is enriched by usable, management-friendly, performance-sensitive security solutions, rather than hindered by them. In this special issue, we emphasize research approaches that show promise in providing performance sensitive security for very large scale collaboration. Performance sensitivity here refers both to traditional computer performance measures as well as the usability of the security solution being proposed - collaboration should be supported, rather than hindered, by the security solutions. Topics of interest include, but are not limited to:

    • Security for very large datasets (petascale through exascale), where very large scale data sets can be shared without loss of important security properties, such as integrity, confidentiality.
    • Secure remote access to unique instrumentation; e.g., where scientists and the computer-based instrumentation they use are geographically and organizationally dispersed.
    • Security validation techniques that can provide some measure of assurance that a shared infrastructure meets the collaboration's and the individual organization's security requirements.
    • New architectures and methods supporting shared intrusion detection/prevention, situational awareness, threat containment and/or response needed to defend geographically and organizationally dispersed shared computational resources, including shared code.
      
    • User privilege and user trust negotiation within very large federated environments, both for brief access (minutes) and for long term access (years)

  • SECURECOMM 2009 5th International ICST Conference on Security and Privacy for Communication Networks, Athens, Greece, September 14-18, 2009. (Submissions due 31 March 2009)

    Securecomm seeks high-quality research contributions in the form of well developed papers. Topics of interest encompass research advances in ALL areas of secure communications and networking. However, topics in other areas (e.g., formal methods, database security, secure software, foundations of cryptography) will be considered only if a clear connection to private or secure communications/networking is demonstrated. The aim of Securecomm is to bring together security and privacy experts in academia, industry and government as well as practitioners, standards developers and policy makers, in order to engage in a discussion about common goals and explore important research directions in the field. TOPICS of interest include, but are not limited to, the following:

    • Security & Privacy in Wired, Wireless, Mobile, Hybrid, Sensor, Ad Hoc networks
    • Network Intrusion Detection and Prevention, Firewalls, Packet Filters
    • Malware and botnets
    • Communication Privacy and Anonymity
    • Distributed denial of service
    • Public Key Infrastructures, key management, credentials
    • Web security
    • Secure Routing, Naming/Addressing, Network Management
    • Security & Privacy in Pervasive and Ubiquitous Computing, e.g., RFIDs
    • Security & Privacy for emerging technologies: VoIP, peer-to-peer and overlay network systems, Web 2.0

  • IWSEC 2009 4th International Workshop on Security, Toyama, Japan, October 28-30, 2009. (Submissions due 3 April 2009)

    The aim of IWSEC2009 is to contribute to research and development of various security topics: theory and applications of traditional and up-to-date security issues. Topics include but are not limited to:

    • Network and Distributed Systems Security
    • Security Issues in Ubiquitous/Pervasive Computing
    • Authorization and Access Control
    • Software and System Security
    • Usable Security
    • Privacy Enhancing Technology
    • Digital Identity Management
    • Digital Forensics
    • Biometrics
    • Cryptography
    • Information Hiding
    • Quantum Security
    • Secure and Efficient Implementation
    • Other Scientific Approaches for Security

  • SIN 2009 2nd ACM International Conference on Security of Information and Networks, Eastern Mediterranean University, Gazimagusa, TRNC, North Cyprus, October 6-10, 2009. (Submissions due 13 April 2009)

    The 2nd International Conference on Security of Information and Networks (SIN 2009) provides an international forum for presentation of research and applications of security in information and networks. SIN 2009 conference features contributed as well as invited papers, special sessions, workshops, and tutorials on theory and practice. Its drive is to convene a high quality, well-attended, and up-to-date conference on scientific and technical issues of security in information, networks, and systems. The main theme of SIN 2009 is Intelligent Systems for Information Assurance, Security, and Public Policy in the Age of e-Euphoria.

  • LISA 2009 23rd USENIX Large Installation System Administration Conference, Baltimore, MD, USA, November 1-6, 2009. (Submissions due 30 April 2009)

    Effective administration of a large site requires a good understanding of modern tools and techniques, together with their underlying principles but the human factors involved in managing and applying these technologies in a production environment are equally important. Bringing together theory and practice is an important goal of the LISA conference, and practicing system administrators as well as academic researchers all have valuable contributions to make. Topics of interest include, but are not limited to the following:

    • Authentication and authorization: "Single sign-on" technologies, identity management
    • Autonomic computing: Self-repairing systems, zero administration systems, fail-safe design
    • Configuration management: Specification languages, configuration deployment
    • Data center design: Modern methods, upgrading old centers
    • Data management: DBMS management systems, deployment architectures and methods, real world performance
    • Email: Mail infrastructures, spam prevention
    • Grid computing: Management of grid fabrics and infrastructure
    • Hardware: Multicore processor ramifications
    • Mobile computing: Supporting and managing laptops and remote communications
    • Multiple platforms: Integrating and supporting multiple platforms (e.g., Linux, Windows, Macintosh)
    • Networking: New technologies, network management
    • Security: Malware and virus prevention, security technologies and procedures, response to cyber attacks targeting individuals
    • Standards: Enabling interoperability of local and remote services and applications
    • Storage: New storage technologies, remote filesystems, backups, scaling
    • Web 2.0 technologies: Using, supporting, and managing wikis, blogs, and other Web 2.0 applications
    • Virtualization: Managing and configuring virtualized resources

  • IEEE Transactions on Software Engineering (TSE), Special Issue on Exception Handling: From Requirements to Software Maintenance November 2009. (Submission Due 1 May 2009)

    Guest editor: Alessandro Garcia (Lancaster University, UK), Valerie Issarny (INRIA, France), and Alexander Romanovsky (Newcastle University, UK)
    
    With the complexity of contemporary software systems increasingly growing, we still have much to learn on how software engineering practice can contribute to improving specification, design, testing, and evolution of exception handling. Our body of knowledge on effective exception handling in software projects is still limited and fragmented. It is not surprising that recent field studies have identified that error handling design in industrial applications typically exhibits poor quality independently of the underlying programming language and application domain. A holistic application of software engineering principles and techniques can certainly improve the treatment of exception handling across the software lifecycle. In this context, one of the underlying motivations of this special issue is to revisit the research directions involving exception handling in software engineering after one decade the first successful issue on this topic has appeared in IEEE TSE. This special issue will serve as a key reference for researchers, practitioners and educators to understand the most recent innovations, trends, experiences and concerns involving exception handling aspects in software engineering. We invite submissions approaching exception handling on all areas of software development and maintenance, such as model-driven development, requirements engineering, refactoring, software evolution, reverse engineering, contemporary modularity techniques (e.g., aspect-oriented programming and feature-oriented programming), and formal methods. The special issue is intended to cover a wide range of topics, from theoretical foundations to empirical studies, with all of them presenting innovative ideas on the interplay of exception handling and software engineering. Topics of interest include (but are not limited to) the following:

    • Exceptions in software processes
    • Empirical studies of exception handling
    • Exception documentation
    • Exception handling and requirements engineering
    • Exception handling and architectural design
    • Design patterns and anti-patterns, architectural styles, and good programming practice cookbooks
    • Static analysis and testing of exception handling
    • Refactoring and evolution of exception handling code
    • Exceptions and variability management
    • Comparative studies of innovative exception handling techniques and conventional ones
    • Exception handling and contemporary modularization techniques (e.g., aspect-oriented programming and feature-oriented programming)
    • Exception handling and variability mechanisms
    • Metrics and quality models for abnormal behaviour
    • Exception handling and middleware design
    • Model-driven engineering for exception handling
    • Exception handling in multi-agent systems
    • Development of predictive models of defect rates
    • Checked versus unchecked exceptions

• The Technical Committee on Security and Privacy

 

• Listing of academic positions available  by Cynthia Irvine
  

 

• Staying in touch....

  • Information for Subscribers and Contributors

  • Who's where: recent address changes

  • Changing your email address?  Please send updates to cipher@ieee-security.org