Cipher Electronic Newsletter of the Technical Committe on    Security & Privacy A Technical Committee of the Computer Society of the IEEE  Electronic Issue (EI) 89,  March 16, 2009 Hilarie Orman,  Editor Book Reviews Sven Dietrich, Associate Editor Yong Guan, Calendar Editor

Contents:

• Letter from the Editor 
   

• Commentary and Opinion

  • Richard Austin's review of Googling Security: How Much Does Google Know About You? by Greg Conti

  • Review of the NIST SHA-3 Round One Conference (KU, Leuven, Belguim, 2/25/09-2/28/09) by Hilarie Orman and Richard Schroeppel

  • NewsBits:  Announcements and correspondence from readers (please contribute!)

  • Book reviews from past Cipher issues

  • Conference Reports and Commentary from past Cipher issues

  • News items from past Cipher issues

• Conference and Workshop Announcements

  • Calendar of Events
    • 3/15/09: ACM Transactions on Autonomous and Adaptive Systems, Special Issue on Adaptive Security Systems; Submissions are due
    • 3/16/09: DFRWS, 9th Digital Forensics Research Workshop, Montreal, Canada; Submissions are due
    • 3/16/09- 3/19/09: PSAI, 2nd Workshop on Privacy and Security by means of Artificial Intelligence, Held in conjunction with ARES 2009, Fukoka, Japan
    • 3/18/09- 3/19/09: SecSE, 3rd Workshop on Secure Software Engineering, Held in conjunction with conjunction with ARES 2009, Fukuoka, Japan
    • 3/18/09: Elsevier Journal on Computer Networks, Special Issue on Performance Sensitive Security for Very Large Scale Collaboration; Submissions are due
    • 3/18/09- 3/20/09: PKC, 12th IACR International Workshop on Practice and Theory in Public Key Cryptography, Irvine, California, USA
    • 3/22/09: MIST, International Workshop on Managing Insider Security Threats, Held in conjunction with the 3rd IFIP International Conference on Trust Management (IFIPTM 2009), West Lafayette, IN, USA; Submissions are due
    • 3/22/09- 3/25/09: IFIP-CIP, Annual IFIP WG 11.10 International Conference on Critical Infrastructure Protection, Hanover, New Hampshire, USA
    • 3/25/09: SADFE, 4th International Workshop on Systematic Approaches to Digital Forensic Engineering, Held in conjunction with the 2009 IEEE Symposium on Security and Privacy (SP 2009), Oakland, CA, USA; Submissions are due
    • 3/26/09- 3/27/09: ICIW, 4th International Conference on Information Warfare and Security, Breakwater Lodge, Cape Town, South Africa
    • 3/30/09: DaSECo, 1st International Workshop on Defence against Spam in Electronic Communication, Held in conjunction with the 20th International Conference on Database and Expert Systems Applications (DEXA 2009), Linz, Austria; Submissions are due
    • 3/31/09: SECURECOMM, 5th International ICST Conference on Security and Privacy for Communication Networks, Athens, Greece; Submissions are due
    • 3/31/09: ISC, 12th Information Security Conference, Pisa, Italy; Submissions are due
    • 4/ 3/09: IWSEC, 4th International Workshop on Security, Toyama, Japan; Submissions are due
    • 4/ 3/09: SRDS, 28th International Symposium on Reliable Distributed Systems, Niagara Falls, New York, USA; Submissions are due
    • 4/ 6/09- 4/ 8/09: Trust, 2nd International Conference on Trusted Computing, St. Hugh's College, University of Oxford, UK
    • 4/13/09: SIN, 2nd ACM International Conference on Security of Information and Networks, Eastern Mediterranean University, Gazimagusa, TRNC, North Cyprus; Submissions are due
    • 4/13/09- 4/15/09: ISPEC, 5th Information Security Practice and Experience Conference, Xi'an, China
    • 4/14/09- 4/16/09: IDtrust, 8th Symposium on Identity and Trust on the Internet, Gaithersburg, Maryalnd, USA
    • 4/15/09: NSS, 3rd International Conference on Network & System Security, Gold Coast, Australia; Submissions are due
    • 4/17/09: ESORICS, 14th European Symposium on Research in Computer Security, Saint Malo, France; Submissions are due
    • 4/17/09: NSPW, New Security Paradigms Workshop, The Queen's College, University of Oxford, UK; Submissions are due
    • 4/17/09: HOST, 2nd IEEE International Workshop on Hardware-Oriented Security and Trust, San Francisco, CA, USA; Submissions are due
    • 4/19/09: WISTP, Workshop on Information Security Theory and Practices (Smart Devices, Pervasive Systems, and Ubiquitous Networks), Bruxelles, Belgium; Submissions are due
    • 4/20/09: CCS, 16th ACM Conference on Computer and Communications Security, Chicago, IL, USA; Submissions are due
    • 4/20/09: DMM, 1st International Workshop on Denial of service Modelling and Mitigation, Held in conjunction with 3rd International Conference on Network & System Security (NSS 2009), Gold Coast, Australia; Submissions are due
    • 4/24/09: VizSec, Workshop on Visualization for Cyber Security, Atlantic City, NJ, USA; Submissions are due
    • 4/30/09: LISA, 23rd USENIX Large Installation System Administration Conference, Baltimore, MD, USA; Submissions are due
    • 4/30/09: ICDF2C, International Conference on Digital Forensics & Cyber Crime, Albany, NY, USA; Submissions are due
    • 5/ 1/09: IEEE Transactions on Software Engineering, Special Issue on Exception Handling: From Requirements to Software Maintenance, Submissions are due
    • 5/ 4/09: HotSec, 4th USENIX Workshop on Hot Topics in Security, Held in conjunction with the 18th USENIX Security Symposium (USENIX-Security 2009), Montreal, Canada; Submissions are due
    • 5/ 4/09- 5/ 8/09: SSDU, 3rd International Symposium on Service, Security and its Data management technologies in Ubi-comp, Geneva, Switzerland
    • 5/17/09- 5/20/09: SP, 30th IEEE Symposium on Security and Privacy, Oakland/Berkeley, California, USA
    • 5/21/09: SADFE, 4th International Workshop on Systematic Approaches to Digital Forensic Engineering, Held in conjunction with the 2009 IEEE Symposium on Security and Privacy (SP 2009), Oakland, CA, USA
    • 5/22/09: WIFS, 1st IEEE International Workshop on Information Forensics and Security, London, UK; Submissions are due
    • 5/24/09- 5/28/09: ICIMP, 4th International Conference on Internet Monitoring and Protection, Venice, Italy
    • 5/28/09: MetriSec, 5th International Workshop on Security Measurements and Metrics, Held in conjunction with the International Symposium on Empirical Software Engineering and Measurement (ESEM 2009), Lake Buena Vista, Florida, USA; Submissions are due
    • 5/29/09: SSN, 5th International Workshop on Security in Systems and Networks, Held in conjunction with the International Parallel and Distributed Processing Symposium (IPDPS 2009), Rome, Italy
    • 5/31/09: InSPEC, 2nd International Workshop on Security and Privacy in Enterprise Computing, Held in conjunction with the 13th IEEE International Enterprise Distributed Object Computing Conference (EDOC 2009), Auckland, New Zealand; Submissions are due
    • 6/ 1/09: CANS, 8th International Conference on Cryptography and Network Security, Kanazawa, Ishikawa, Japan; Submissions are due
    • 6/ 1/09: ACSAC, 25th Annual Computer Security Applications Conference, Honolulu, Hawaii, USA; Submissions are due
    • 6/ 2/09- 6/ 5/09: ACNS, 7th International Conference on Applied Cryptography and Network Security, Paris, France
    • 6/ 3/09- 6/ 5/09: MobiSec, 1st International Conference on Security and Privacy in Mobile Information and Communication Systems, Turin, Italy
    • 6/ 3/09- 6/ 5/09: SACMAT, 14th ACM Symposium on Access Control Models and Technologies, Hotel La Palma, Stresa, Italy
    • 6/ 7/09- 6/ 9/09: IH, 11th Information Hiding Workshop, Darmstadt, Germany
    • 6/14/09- 6/18/09: CISS, Communication and Information Systems Security Symposium, Held in conjunction with the IEEE International Conference on Communications (ICC 2009), Dresden, Germany
    • 6/14/09- 6/19/09: SECURWARE, 3rd International Conference on Emerging Security Information, Systems and Technologies, Athens, Greece
    • 6/15/09- 6/19/09: MIST, International Workshop on Managing Insider Security Threats, Held in conjunction with the 3rd IFIP International Conference on Trust Management (IFIPTM 2009), West Lafayette, IN, USA
    • 6/25/09- 6/27/09: WNGS, 4th International Workshop on Security, Korea University, Seoul, Korea
    • 7/ 1/09- 7/ 3/09: ACSISP, 14th Australasian Conference on Information Security and Privacy, Brisbane, Australia
    • 7/ 7/09- 7/10/09: SECRYPT, International Conference on Security and Cryptography, Milan, Italy
    • 7/ 7/09- 7/10/09: ATC, 6th International Conference on Autonomic and Trusted Computing, Brisbane, Australia
    • 7/ 7/09- 7/10/09: CTC, Cybercrime and Trustworthy Computing Workshop, Held in conjunction with the 6th International Conference on Autonomic and Trusted Computing (ATC 2009), Brisbane, Australia
    • 7/ 8/09- 7/10/09: CSF, 22nd IEEE Computer Security Foundations Symposium, Port Jefferson, New York, USA
    • 7/12/09- 7/15/09: DBSEC, 23rd Annual IFIP WG 11.3 Working Conference on Data and Applications Security, Montreal, Canada
    • 7/20/09- 7/22/09: POLICY, IEEE International Symposium on Policies for Distributed Systems and Networks, Imperial College London, UK
    • 7/27/09: HOST, 2nd IEEE International Workshop on Hardware-Oriented Security and Trust, San Francisco, CA, USA
    • 8/11/09: HotSec, 4th USENIX Workshop on Hot Topics in Security, Held in conjunction with the 18th USENIX Security Symposium (USENIX-Security 2009), Montreal, Canada
    • 8/12/09- 8/14/09: USENIX-SECURITY, 18th USENIX Security Symposium, Montreal, Canada
    • 8/14/09: Information Systems Frontiers, Special Issue on Security Management and Technologies for Protecting Against Internal Data Leakages; Submissions are due
    • 8/15/09: IFIP-DF, 6th Annual IFIP WG 11.9 International Conference on Digital Forensics, University of Hong Kong, Hong Kong; Submissions are due
    • 8/17/09- 8/19/09: DFRWS, 9th Digital Forensics Research Workshop, Montreal, Canada
    • 8/31/09- 9/ 4/09: TrustBus, 6th International Conference on Trust, Privacy, and Security in Digital Business, Held in conjunction with the 20th International Conference on Database and Expert Systems Applications (DEXA 2009), Linz, Austria
    • 8/31/09- 9/ 4/09: DaSECo, 1st International Workshop on Defence against Spam in Electronic Communication, Held in conjunction with the 20th International Conference on Database and Expert Systems Applications (DEXA 2009), Linz, Austria
    • 8/31/09- 9/ 4/09: InSPEC, 2nd International Workshop on Security and Privacy in Enterprise Computing, Held in conjunction with the 13th IEEE International Enterprise Distributed Object Computing Conference (EDOC 2009), Auckland, New Zealand
    • 9/ 2/09- 9/ 4/09: WISTP, Workshop on Information Security Theory and Practices (Smart Devices, Pervasive Systems, and Ubiquitous Networks), Bruxelles, Belgium
    • 9/ 7/09- 9/ 9/09: ISC, 12th Information Security Conference, Pisa, Italy
    • 9/ 8/09- 9/11/09: NSPW, New Security Paradigms Workshop, The Queen's College, University of Oxford, UK
    • 9/14/09- 9/18/09: SECURECOMM, 5th International ICST Conference on Security and Privacy for Communication Networks, Athens, Greece
    • 9/21/09- 9/25/09: ESORICS, 14th European Symposium on Research in Computer Security, Saint Malo, France
    • 9/27/09- 9/30/09: SRDS, 28th International Symposium on Reliable Distributed Systems, Niagara Falls, New York, USA
    • 9/30/09-10/ 2/09: ICDF2C, International Conference on Digital Forensics & Cyber Crime, Albany, NY, USA
    • 10/ 6/09-10/10/09: SIN, 2nd ACM International Conference on Security of Information and Networks, Eastern Mediterranean University, Gazimagusa, TRNC, North Cyprus
    • 10/11/09: VizSec, Workshop on Visualization for Cyber Security, Atlantic City, NJ, USA
    • 10/14/09: MetriSec, 5th International Workshop on Security Measurements and Metrics, Held in conjunction with the International Symposium on Empirical Software Engineering and Measurement (ESEM 2009), Lake Buena Vista, Florida, USA
    • 10/19/09-10/21/09: NSS, 3rd International Conference on Network & System Security, Gold Coast, Australia
    • 10/19/09-10/21/09: DMM, 1st International Workshop on Denial of service Modelling and Mitigation, Held in conjunction with 3rd International Conference on Network & System Security (NSS 2009), Gold Coast, Australia
    • 10/28/09-10/30/09: IWSEC, 4th International Workshop on Security, Toyama, Japan
    • 11/ 1/09-11/ 6/09: LISA, 23rd USENIX Large Installation System Administration Conference, Baltimore, MD, USA
    • 11/ 9/09-11/13/09: CCS, 16th ACM Conference on Computer and Communications Security, Chicago, IL, USA
    • 12/ 6/09-12/ 9/09: WIFS, 1st IEEE International Workshop on Information Forensics and Security, London, UK
    • 12/ 7/09-12/11/09: ACSAC, 25th Annual Computer Security Applications Conference, Honolulu, Hawaii, USA
    • 12/12/09-12/14/09: CANS, 8th International Conference on Cryptography and Network Security, Kanazawa, Ishikawa, Japan
    • 1/ 3/10- 1/ 6/10: IFIP-DF, 6th Annual IFIP WG 11.9 International Conference on Digital Forensics, University of Hong Kong, Hong Kong

  • Cipher calls-for-papers
      new calls or announcements added since Cipher E88 (the calls-for-papers and the calendar announcements may differ slightly in content or time of update): 

  • ACM Transactions on Autonomous and Adaptive Systems (TAAS), Special Issue on Adaptive Security Systems 2010. (Submission Due 15 March 2009)

    Guest editor: Yang Xiang (Central Queensland University, Australia) and Wanlei Zhou (Deakin University, Australia)
    
    This special issue on Adaptive Security Systems in ACM TAAS focuses on autonomous and adaptive security system theories, technologies, and reallife applications. Original papers are solicited for this special issue. Suggested topics include, but are not limited to:
    Adaptive Security System Theories
    

    • Adaptive security architectures, algorithms, and protocols
    • Autonomic learning mechanisms in security systems
    • Intelligent attack systems and mechanisms
    • Interactions between autonomic nodes of security systems
    • Modeling of adaptive attack and defense mechanisms
    • Theories in adaptive security systems
    Adaptive Security System Technologies
    
    • Adaptive security architectures, algorithms, and protocols
    • Adaptive security systems design
    • Adaptive security systems implementation
    • Adaptive intrusion detection/prevention systems
    • Self-organizing identity management and authentication
    • Adaptive defense against large-scale attacks
    • Simulation and tools for adaptive security systems
    Adaptive Security System Applications
    
    • Adaptive security architectures, algorithms, and protocols
    • Benchmark, analysis and evaluation of adaptive security systems
    • Distributed autonomous access control and trust management
    • Autonomous denial-of-service attacks and countermeasures
    • Autonomous wireless security systems
    • Autonomous secure mobile agents and middleware
    • Adaptive defense against viruses, worms, and other malicious codes

  • DFRWS 2009 9th Digital Forensics Research Workshop, Montreal, Canada, August 17-19, 2009. (Submissions due 16 March 2009)

    DFRWS brings together leading researchers, developers, practitioners, and educators interested in advancing the state of the art in digital forensics from around the world. As the most established venue in the field, DFRWS is the preferred place to present both cutting-edge research and perspectives on best practices for all aspects of digital forensics. As an independent organization, we promote open community discussions and disseminate the results of our work to the widest audience. Topics of interest include, but are not limited to the following:

    • Incident response and live analysis
    • Network-based forensics, including network traffic analysis, traceback and attribution
    • Event reconstruction methods and tools
    • File system and memory analysis
    • Application analysis
    • Embedded systems
    • Small scale and mobile devices
    • Large-scale investigations
    • Digital evidence storage and preservation
    • Data mining and information discovery
    • Data hiding and recovery
    • File extraction from data blocks ("file carving")
    • Multimedia analysis
    • Tool testing and development
    • Digital evidence and the law
    • Anti-forensics and anti-anti-forensics
    • Case studies and trend reports
    • Non-traditional approaches to forensic analysis

  • Elsevier Journal on Computer Networks, Special Issue on Performance Sensitive Security for Very Large Scale Collaboration December 2009. (Submission Due 18 March 2009)

    Guest editor: Deborah A. Frincke (PNNL, University of Washington, USA), Frank Siebenlist (Argonne National Laboratory, University of Chicago, USA), and Mine Altunay (Fermi National Laboratory, USA)
    
    It is anticipated that this trend towards very large-scale collaboration will continue and that these virtual organizations will become increasingly complex and diverse. Exascale computing is predicted by some to be a necessity to support scientific as well as business activities by 2018. It will be important for security solutions to scale equally well, so that the collaboration is enriched by usable, management-friendly, performance-sensitive security solutions, rather than hindered by them. In this special issue, we emphasize research approaches that show promise in providing performance sensitive security for very large scale collaboration. Performance sensitivity here refers both to traditional computer performance measures as well as the usability of the security solution being proposed - collaboration should be supported, rather than hindered, by the security solutions. Topics of interest include, but are not limited to:

    • Security for very large datasets (petascale through exascale), where very large scale data sets can be shared without loss of important security properties, such as integrity, confidentiality.
    • Secure remote access to unique instrumentation; e.g., where scientists and the computer-based instrumentation they use are geographically and organizationally dispersed.
    • Security validation techniques that can provide some measure of assurance that a shared infrastructure meets the collaboration's and the individual organization's security requirements.
    • New architectures and methods supporting shared intrusion detection/prevention, situational awareness, threat containment and/or response needed to defend geographically and organizationally dispersed shared computational resources, including shared code.
      
    • User privilege and user trust negotiation within very large federated environments, both for brief access (minutes) and for long term access (years)

  • MIST 2009 International Workshop on Managing Insider Security Threats, Held in conjunction with the 3rd IFIP International Conference on Trust Management (IFIPTM 2009), West Lafayette, IN, USA, June 15-19, 2009. (Submissions due 22 March 2009)

    The objective of this workshop is to showcase the most recent challenges and advances in security technologies and management systems to address insider security threats. It may also include state-of-the-art surveys and case analyses of practical significance. Topics of interest include, but are not limited to the following:

    • Theoretical foundations and algorithms for addressing insider threats
    • Insider threat assessment and modeling
    • Security technologies to prevent, detect and avoid insider threats
    • Validating the trustworthiness of staff
    • Post-insider threat incident analysis
    • Data breach modeling and mitigation techniques
    • Registration, authentication and identification
    • Certification and authorization
    • Database security
    • Device control system
    • Digital forensic system
    • Digital right management system
    • Fraud detection
    • Network access control system
    • Intrusion detection
    • Keyboard information security
    • Information security governance
    • Information security management systems
    • Risk assessment and management
    • Log collection and analysis
    • Trust management
    • IT compliance (audit) and continuous auditing

  • SADFE 2009 4th International Workshop on Systematic Approaches to Digital Forensic Engineering, Held in conjunction with the 2009 IEEE Symposium on Security and Privacy (SP 2009), Oakland, CA, USA, May 21, 2009. (Submissions due 25 March 2009)

    The SADFE (Systematic Approaches to Digital Forensic Engineering) International Workshop promotes systematic approaches to computer investigations, by furthering the advancement of digital forensic engineering as a disciplined practice. Most previous SADFE papers have emphasized cyber crime investigations, and this is still a key focus of the meeting. However, we also welcome papers on forensics that do not necessarily involve a crime: general attack analysis, insider threat, insurance and compliance investigations, and similar forms of retrospective analysis are all viable topics. Digital forensic engineering is characterized by the application of scientific and mathematical principles to the investigation and establishment of facts or evidence, either for use within a court of law or to aid in understanding past events on a computer system. Past speakers and attendees of SADFE have included computer scientists, social scientists, forensic practitioners, law enforcement, lawyers, and judges. The synthesis of hard technology and science with social science and practice forms the foundation of this conference. To advance the state of the art, SADFE-2009 solicits broad-based, innovative digital forensic engineering technology, techno-legal and practice-related submissions in the following four areas:
    
    Digital Data and Evidence Management: advanced digital evidence discovery, collection, and storage
    

    • Identification, authentication and collection of digital evidence
    • Post-collection handling of evidence and the preservation of data integrity
    • Evidence preservation and storage
    • Forensic-enabled architectures and processes, including network processes
    • Managing geographically, politically and/or jurisdictionally dispersed data
    • Data and web mining systems for identification and authentication of relevant data
    Principle-based Digital Forensic Processes: systematic engineering processes supporting digital evidence management which are sound on scientific, technical and legal grounds
    
    • Legal and technical aspects of admissibility and evidence tests
    • Examination environments for digital data
    • Courtroom expert witness and case presentation
    • Case studies illustrating privacy, legal and legislative issues
    • Forensic tool validation: legal implications and issues
    • Legal and privacy implications for digital and computational forensic analysis
    Digital Evidence Analytics: advanced digital evidence analysis, correlation, and presentation
    
    • Advanced search, analysis, and presentation of digital evidence
    • Progressive cyber crime scenario analysis and reconstruction technology
    • Legal case construction & digital evidence support
    • Cyber-crime strategy analysis & modeling
    • Combining digital and non-digital evidence
    • Supporting qualitative or statistical evidence
    • Computational systems and computational forensic analysis
    Forensic-support technologies: forensic-enabled and proactive monitoring/response
    
    • Forensics of embedded or non-traditional devices (e.g. digicams, cell phones, SCADA)
    • Innovative forensic engineering tools and applications
    • Forensic-enabled support for incident response
    • Forensic tool validation: methodologies and principles
    • Legal and technical collaboration
    • Digital Forensics Surveillance Technology and Procedures
    • "Honeypot" and other target systems for data collection and monitoring

  • DaSECo 2009 1st International Workshop on Defence against Spam in Electronic Communication, Held in conjunction with the 20th International Conference on Database and Expert Systems Applications (DEXA 2009), Linz, Austria, August 31 - September 4, 2009. (Submissions due 30 March 2009)

    The workshop on Defence against Spam in Electronic Communication invites the submission of papers. Researchers and practitioners are encouraged to submit papers on all aspects of misuse and protection concerning electronic communication including email, instant messaging, text messaging, and voice over internet protocol. Topics of interest include novel applications of electronic messaging, abatement of abuses of electronic messaging, spam, spit (spam over internet telephony), spim (spam over instant messenger), spom (spam over mobile phone), phishing, identify theft via messaging, viruses, and spyware.

  • SECURECOMM 2009 5th International ICST Conference on Security and Privacy for Communication Networks, Athens, Greece, September 14-18, 2009. (Submissions due 31 March 2009)

    Securecomm seeks high-quality research contributions in the form of well developed papers. Topics of interest encompass research advances in ALL areas of secure communications and networking. However, topics in other areas (e.g., formal methods, database security, secure software, foundations of cryptography) will be considered only if a clear connection to private or secure communications/networking is demonstrated. The aim of Securecomm is to bring together security and privacy experts in academia, industry and government as well as practitioners, standards developers and policy makers, in order to engage in a discussion about common goals and explore important research directions in the field. TOPICS of interest include, but are not limited to, the following:

    • Security & Privacy in Wired, Wireless, Mobile, Hybrid, Sensor, Ad Hoc networks
    • Network Intrusion Detection and Prevention, Firewalls, Packet Filters
    • Malware and botnets
    • Communication Privacy and Anonymity
    • Distributed denial of service
    • Public Key Infrastructures, key management, credentials
    • Web security
    • Secure Routing, Naming/Addressing, Network Management
    • Security & Privacy in Pervasive and Ubiquitous Computing, e.g., RFIDs
    • Security & Privacy for emerging technologies: VoIP, peer-to-peer and overlay network systems, Web 2.0

  • ISC 2009 12th Information Security Conference, Pisa, Italy, September 7-9, 2009. (Submissions due 31 March 2009)

    ISC is an annual international conference covering research in and applications of information security. The twelfth Information Security Conference (ISC 2009) will be held in Pisa, Italy. The conference seeks submissions from academia, industry, and government presenting novel research on all theoretical and practical aspects of information security. Topics of interest include, but are not limited to:

    • access control
    • accountability
    • anonymity and pseudonymity
    • applied cryptography
    • authentication
    • biometrics
    • computer forensics
    • cryptographic protocols
    • database security
    • data protection
    • data/system integrity
    • digital right management
    • economics of security and privacy
    • electronic frauds
    • formal methods in security
    • identity management
    • information dissemination control
    • information hiding and watermarking
    • intrusion detection
    • network security
    • peer-to-peer security
    • privacy
    • security and privacy in pervasive/ubiquitous computing
    • security in information flow
    • security in IT outsourcing
    • security for mobile code
    • security of grid computing
    • security of eCommerce, eBusiness and eGovernment
    • security in location services
    • security modeling and architectures
    • security models for ambient intelligence environments
    • security in social networks
    • trust models and trust management policies

  • IWSEC 2009 4th International Workshop on Security, Toyama, Japan, October 28-30, 2009. (Submissions due 3 April 2009)

    The aim of IWSEC2009 is to contribute to research and development of various security topics: theory and applications of traditional and up-to-date security issues. Topics include but are not limited to:

    • Network and Distributed Systems Security
    • Security Issues in Ubiquitous/Pervasive Computing
    • Authorization and Access Control
    • Software and System Security
    • Usable Security
    • Privacy Enhancing Technology
    • Digital Identity Management
    • Digital Forensics
    • Biometrics
    • Cryptography
    • Information Hiding
    • Quantum Security
    • Secure and Efficient Implementation
    • Other Scientific Approaches for Security

  • SRDS 2009 28th International Symposium on Reliable Distributed Systems, Niagara Falls, New York, USA, September 27-30, 2009. (Submissions due 3 April 2009)

    For 28 years, the Symposium on Reliable Distributed Systems has been a traditional forum for researchers and practitioners who are interested in distributed systems design and development, particularly with properties such as reliability, availability, safety, security, and real time. We welcome original research papers as well as papers that deal with design, development and experimental results of operational systems. We are also soliciting papers for an experience track that presents on-going industrial projects, prototype systems and exploratory or emerging applications. The major areas of interest include, but are not limited to, dependability, security and/or real-time aspects within the following topics:

    • Security and privacy issues in wireless ad hoc and sensor networks
    • Dependability in autonomic, pervasive and ubiquitous computing
    • Security and high-confidence systems
    • Resilient ad hoc and sensor networks
    • Internet dependability and Quality of Service
    • Safety-critical systems and critical infrastructures
    • Dependability of high-speed networks and protocols
    • Fault-tolerance in embedded systems, mobile systems and multimedia systems
    • Dependable wireless networks and peer-to-peer networks
    • Intrusion-tolerant, survivable, and self-stabilizing systems
    • Dependability in Grid-, Cluster-, and Cloud-Computing
    • Measurement, monitoring and prediction in distributed systems
    • Analytical or experimental evaluations of dependable distributed systems
    • Formal methods and foundations for dependable distributed computing
    • Performance and dependability assessing techniques, tools and results

  • SIN 2009 2nd ACM International Conference on Security of Information and Networks, Eastern Mediterranean University, Gazimagusa, TRNC, North Cyprus, October 6-10, 2009. (Submissions due 13 April 2009)

    The 2nd International Conference on Security of Information and Networks (SIN 2009) provides an international forum for presentation of research and applications of security in information and networks. SIN 2009 conference features contributed as well as invited papers, special sessions, workshops, and tutorials on theory and practice. Its drive is to convene a high quality, well-attended, and up-to-date conference on scientific and technical issues of security in information, networks, and systems. The main theme of SIN 2009 is Intelligent Systems for Information Assurance, Security, and Public Policy in the Age of e-Euphoria.

  • NSS 2009 3rd International Conference on Network & System Security, Gold Coast, Australia, October 19-21, 2009. (Submissions due 15 April 2009)

    While the attack systems have become more easy-to-use, sophisticated, and powerful, interest has greatly increased in the field of building more effective, intelligent, adaptive, active and high performance defense systems which are distributed and networked. We will focus our program on issues related to Network and System Security, such as authentication, access control, availability, integrity, privacy, confidentiality, dependability and sustainability of computer networks and systems. The aim of this conference is to provide a leading edge forum to foster interaction between researchers and developers with the network and system security communities, and to give attendees an opportunity to interact with experts in academia, industry and governments. Topics of interest include, but not limited to:

    • Active Defense Systems
    • Adaptive Defense Systems
    • Benchmark, Analysis and Evaluation of Security Systems
    • Distributed Access Control and Trust Management
    • Distributed Attack Systems and Mechanisms
    • Distributed Intrusion Detection/Prevention Systems
    • Denial-of-Service Attacks and Countermeasures
    • High Performance Security Systems
    • Identity Management and Authentication
    • Implementation, Deployment and Management of Security Systems
    • Intelligent Defense Systems
    • Internet and Network Forensics
    • Large-scale Attacks and Defense
    • RFID Security and Privacy
    • Security Architectures in Distributed Network Systems
    • Security for Critical Infrastructures
    • Security for P2P systems and Grid Systems
    • Security in E-Commerce
    • Security and Privacy in Wireless Networks
    • Secure Mobile Agents and Mobile Code
    • Security Protocols
    • Security Simulation and Tools
    • Security Theory and Tools
    • Standards and Assurance Methods
    • Trusted Computing
    • Viruses, Worms, and Other Malicious Code
    • World Wide Web Security

  • ESORICS 2009 14th European Symposium on Research in Computer Security, Saint Malo, France, September 21-25, 2009. (Submissions due 17 April 2009)

    Papers offering novel research contributions in any aspect of computer security are solicited for submission to the Fourteenth European Symposium on Research in Computer Security (ESORICS 2009). The Symposium has established itself as one of the premiere, international gatherings on Information Assurance. Papers may present theory, technique, applications, or practical experience on topics including, but not limited to:

    • access control
    • anonymity
    • authentication
    • authorization and delegation
    • cryptographic protocols
    • data integrity
    • dependability
    • information flow control
    • smartcards
    • systems security
    • digital right management
    • accountability
    • applied cryptography
    • covert channels
    • cybercrime
    • denial of service attacks
    • formal methods in security
    • inference control
    • information warfare
    • steganography
    • transaction management
    • data and application security
    • intellectual property protection
    • intrusion tolerance
    • peer-to-peer security
    • language-based security
    • network security
    • non-interference
    • privacy-enhancing technology
    • pseudonymity
    • subliminal channels
    • trustworthy user devices
    • identity management
    • security as quality of service
    • secure electronic commerce
    • security administration
    • security evaluation
    • security management
    • security models
    • security requirements engineering
    • security verification
    • survivability
    • information dissemination control
    • trust models and trust management policies

  • NSPW 2009 New Security Paradigms Workshop, The Queen's College, University of Oxford, UK, September 8-11, 2009. (Submissions due 17 April 2009)

    The New Security Paradigms Workshop (NSPW) is seeking papers that address the current limitations of information security. Today's security risks are diverse and plentiful--botnets, database breaches, phishing attacks, distributed denial-of-service attacks--and yet present tools for combatting them are insufficient. To address these limitations, NSPW welcomes unconventional, promising approaches to important security problems and innovative critiques of current security practice. We are particularly interested in perspectives from outside computer security, both from other areas of computer science (such as operating systems, human-computer interaction, databases, programming languages, algorithms) and other sciences that study adversarial relationships such as biology and economics. We discourage papers that offer incremental improvements to security and mature work that is appropriate for standard information security venues. By encouraging researchers to think ``outside the box'' and giving them an opportunity to communicate with open-minded peers, NSPW seeks to foster paradigm shifts in the field of information security.

  • HOST 2009 2nd IEEE International Workshop on Hardware-Oriented Security and Trust, San Francisco, CA, USA, July 27, 2009. (Submissions due 17 April 2009)

    The emergence of a globalized, horizontal semiconductor business model raises a set of concerns involving the security and trust of the information systems on which modern society is increasingly reliant for mission-critical functionality. Hardware-oriented security and trust (HOST) issues span a broad range including threats related to the malicious insertion of Trojan circuits designed, e.g., to act as a `kill switch' to disable a chip, to integrated circuit (IC) piracy, to attacks designed to extract encryption keys and IP from a chip, and to malicious system disruption and diversion. HOST covers security and trust issues in all types of electronic devices and systems such as ASICs, COTS, FPGAs, microprocessors/DSPs, and embedded systems. The mission of HOST is to provide a forum for the presentation and discussion of research that is of critical significance to the security of, and trust in, modern society's microelectronic-supported infrastructures. The IEEE International Workshop on Hardware-Oriented Security and Trust (HOST 2009) is an open forum for discussions and innovations on all issues related to hardware security and trust. Paper presentations on topics given below will highlight the challenges faced with authenticating hardware for security and trust.

    • Trojan detection and isolation
    • Authenticating foundry of origin
    • Side channel analysis/attacks
    • Watermarking
    • IP security/FPGA design security
    • Cryptographic techniques for hardware security
    • IC Metering
    • Physical unclonable functions (PUFs)
    • Embedded and distributed systems security
    • Hardware intrusion detection and prevention
    • Security engineering
    • Scan-chain encryption
    • IP trust

  • WISTP 2009 Workshop on Information Security Theory and Practices (Smart Devices, Pervasive Systems, and Ubiquitous Networks), Bruxelles, Belgium, September 2-4, 2009. (Submissions due 19 April 2009)

    With the rapid technological development of information technologies and with the transition from the common to the next generation networks, computer systems and especially embedded systems are becoming more mobile and ubiquitous, increasingly interfacing with the physical world. Ensuring the security of these complex and yet, resource constraint systems has emerged as one of the most pressing challenges. Protecting the privacy of the user immersed in such systems is a similarly pressing concern. The aim of this third workshop is to bring together researchers and practitioners in related areas and to encourage interchange and cooperation between the research community and the industrial/consumer community. The workshop will consist of technical paper presentations, one special session for student papers and several invited talks.

  • ACM-CCS 2009 16th ACM Conference on Computer and Communications Security, Chicago, IL, USA, November 9-13, 2009. (Submissions due 20 April 2009)

    The annual ACM Computer and Communications Security Conference is a leading international forum for information security researchers, practitioners, developers, and users to explore cutting-edge ideas and results, and to exchange techniques, tools, and experiences. The conference seeks submissions from academia, government, and industry presenting novel research on all practical and theoretical aspects of computer and communications security, as well as case studies and implementation experiences. Papers should have relevance to the construction, evaluation, application, or operation of secure systems. Theoretical papers must make a convincing argument for the practical significance of the results. All topic areas related to computer and communications security are of interest and in scope.

  • DMM 2009 1st International Workshop on Denial of service Modelling and Mitigation, Held in conjunction with 3rd International Conference on Network & System Security (NSS 2009), Gold Coast, Australia, October 19-21, 2009. (Submissions due 20 April 2009)

    Denial of service attacks represent an increasing threat to the security of networks and systems critical to commercial, industrial and government enterprises. Addressing the denial-of-service problem is proving to be an ongoing challenge and further advances are needed in: the design and analysis of denial of service resistant protocols and architectures; effective tools and techniques for detecting and responding to attacks; forensic attribution of attacks; and the application of trust and reputation schemes in formulating attack responses. This workshop actively solicits recent advances from industrial, academic and government researchers and engineers in the areas of:

    • Denial of service attacks and countermeasures
    • Detection and mitigation of high-rate flooding attacks
    • Design and analysis of denial of service resistant architectures
    • Design and analysis of denial of service resistant protocols
    • Distributed trust and reputation systems
    • Intrusion detection and response systems
    • Intelligent defence systems
    • Network and computer forensics
    • Emerging vulnerabilities
    • Security in Web services and service-oriented architectures
    • Simulation and analysis of attacks
    • Honeypots
    • Reverse engineering of malware
    • Disruption of botnet command and control
    • Wireless network denial of service attacks and defences
    • Next generation threats and responses
    • Legal and policy responses to denial of service
    • Threat intelligence

  • VizSec 2009 Workshop on Visualization for Cyber Security, Atlantic City, NJ, USA, October 11, 2009. (Submissions due 24 April 2009)

    The 6th International Workshop on Visualization for Cyber Security is a forum that brings together researchers and practitioners in information visualization and security to address the specific needs of the cyber security community through new and insightful visualization techniques. Co-located this year with IEEE InfoVis/Vis/VAST, VizSec will continue to provide opportunities for the two communities to collaborate and share insights into providing solutions for security needs through visualization approaches. This year our focus is on advancing Visualization for Cyber Security as a scientific discipline. While art, engineering, and intuitions regarding the human element will always remain important if we are to obtain useful cyber security visualizations, advances in the scientific practice of research are needed. The scientific aspects of visualization for cyber security draw both on empirical observation (similar to many natural and social sciences) and formal science (such as the formal derivations in mathematics). Barriers confronting current researchers include concerns about available data, lack of a common agreement about what constitutes sound experimental design, the difficulties of measuring the relative effectiveness of security visualizations in practice, and the lack of a common understanding of user requirements. While many researchers are making progress in these and other critical areas, much work yet remains. Papers offering novel contributions in security visualization are solicited. Papers may present technique, applications, practical experience, theory, or experiments and evaluations. Papers are encouraged on technologies and methods that have been demonstrated to be useful for improving information systems security and that address lessons from actual application. We encourage papers that report results on visualization techniques and systems in solving all aspects of cyber security problems, including how visualization applies to:

    • Different aspects of security: software, networks and log files (e.g., Internet routing, packet traces and network flows, intrusion detection alerts, attack graphs, application security, etc.)
    • Application of visualization techniques in formalizing, defining and analyzing security policies
    • Forensic analysis, correlating events, cyber-defense task analysis
    • Computer network defense training and offensive information operations
    • Building rules, feature selection, and detecting anomalous activity
    • Software, software security, and viruses
    • Deployment and field testing of VizSec systems
    • Evaluation and user testing of VizSec systems
    • User and design requirements for VizSec systems
    • Lessons learned from development and deployment of VizSec systems
    • "Field Research" Best Practices
    • Interaction with domain experts - best practices, lessons learned
    • Differentiating the needs of different domains and time frames
    • Best practices for obtaining and sharing potentially sensitive data for purposes of visualization and assessment, including how to approach personal privacy, regulatory, and organizational issues
    • Metrics and measurements (e.g., criteria for the relative effectiveness of cyber visualizations)
    • Handling large datasets, scalability issues, and providing real time or near-real time visualizations

  • LISA 2009 23rd USENIX Large Installation System Administration Conference, Baltimore, MD, USA, November 1-6, 2009. (Submissions due 30 April 2009)

    Effective administration of a large site requires a good understanding of modern tools and techniques, together with their underlying principles but the human factors involved in managing and applying these technologies in a production environment are equally important. Bringing together theory and practice is an important goal of the LISA conference, and practicing system administrators as well as academic researchers all have valuable contributions to make. Topics of interest include, but are not limited to the following:

    • Authentication and authorization: "Single sign-on" technologies, identity management
    • Autonomic computing: Self-repairing systems, zero administration systems, fail-safe design
    • Configuration management: Specification languages, configuration deployment
    • Data center design: Modern methods, upgrading old centers
    • Data management: DBMS management systems, deployment architectures and methods, real world performance
    • Email: Mail infrastructures, spam prevention
    • Grid computing: Management of grid fabrics and infrastructure
    • Hardware: Multicore processor ramifications
    • Mobile computing: Supporting and managing laptops and remote communications
    • Multiple platforms: Integrating and supporting multiple platforms (e.g., Linux, Windows, Macintosh)
    • Networking: New technologies, network management
    • Security: Malware and virus prevention, security technologies and procedures, response to cyber attacks targeting individuals
    • Standards: Enabling interoperability of local and remote services and applications
    • Storage: New storage technologies, remote filesystems, backups, scaling
    • Web 2.0 technologies: Using, supporting, and managing wikis, blogs, and other Web 2.0 applications
    • Virtualization: Managing and configuring virtualized resources

  • ICDF2C 2009 International Conference on Digital Forensics & Cyber Crime, Albany, NY, USA, September 30 - October 2, 2009. (Submissions due 30 April 2009)

    The Internet has made it easier to perpetrate traditional crimes by providing criminals an alternate avenue for launching attacks with relative anonymity. The increased complexity of the communication and networking infrastructure is making investigation of the crimes difficult. Clues of illegal activities are often buried in large volumes of data that needs to be sifted through in order to detect crimes and collect evidence. The field of digital forensics is becoming very important for law enforcement, network security, and information assurance. This is a multidisciplinary area that encompasses multiple fields, including: law, computer science, finance, networking, data mining, and criminal justice. The applications of this technology are far reaching including: law enforcement, disaster recovery, accounting frauds, homeland security, and information warfare. This conference brings together practitioners and researchers from diverse fields providing opportunities for business and intellectual engagement among attendees. Suggested topics for submission of papers are (but not limited to):

    • Computer Forensics Electronic Money Laundering
    • Forensic Accounting Watermarking & Intellectual Property Theft
    • Incident Response & Evidence Handling Network Data Analysis
    • Data Analytics, Mining & Visualization Identity Theft & Online Fraud
    • Mobile Device Forensics Digital Forensics and the Law
    • Data Log Analysis (Computer, Network, Devices, etc) Forensics Training & Education
    • Natural Language Processing Cyber Crime Investigations
    • Continuous Assurance Internet Crime Against Children Investigation
    • Data Recovery & Business Continuity Standardization & Accreditation
    • Multimedia Forensics Digital Signatures and Certificates

  • IEEE Transactions on Software Engineering (TSE), Special Issue on Exception Handling: From Requirements to Software Maintenance November 2009. (Submission Due 1 May 2009)

    Guest editor: Alessandro Garcia (Lancaster University, UK), Valerie Issarny (INRIA, France), and Alexander Romanovsky (Newcastle University, UK)
    
    With the complexity of contemporary software systems increasingly growing, we still have much to learn on how software engineering practice can contribute to improving specification, design, testing, and evolution of exception handling. Our body of knowledge on effective exception handling in software projects is still limited and fragmented. It is not surprising that recent field studies have identified that error handling design in industrial applications typically exhibits poor quality independently of the underlying programming language and application domain. A holistic application of software engineering principles and techniques can certainly improve the treatment of exception handling across the software lifecycle. In this context, one of the underlying motivations of this special issue is to revisit the research directions involving exception handling in software engineering after one decade the first successful issue on this topic has appeared in IEEE TSE. This special issue will serve as a key reference for researchers, practitioners and educators to understand the most recent innovations, trends, experiences and concerns involving exception handling aspects in software engineering. We invite submissions approaching exception handling on all areas of software development and maintenance, such as model-driven development, requirements engineering, refactoring, software evolution, reverse engineering, contemporary modularity techniques (e.g., aspect-oriented programming and feature-oriented programming), and formal methods. The special issue is intended to cover a wide range of topics, from theoretical foundations to empirical studies, with all of them presenting innovative ideas on the interplay of exception handling and software engineering. Topics of interest include (but are not limited to) the following:

    • Exceptions in software processes
    • Empirical studies of exception handling
    • Exception documentation
    • Exception handling and requirements engineering
    • Exception handling and architectural design
    • Design patterns and anti-patterns, architectural styles, and good programming practice cookbooks
    • Static analysis and testing of exception handling
    • Refactoring and evolution of exception handling code
    • Exceptions and variability management
    • Comparative studies of innovative exception handling techniques and conventional ones
    • Exception handling and contemporary modularization techniques (e.g., aspect-oriented programming and feature-oriented programming)
    • Exception handling and variability mechanisms
    • Metrics and quality models for abnormal behaviour
    • Exception handling and middleware design
    • Model-driven engineering for exception handling
    • Exception handling in multi-agent systems
    • Development of predictive models of defect rates
    • Checked versus unchecked exceptions

  • HotSec 2009 4th USENIX Workshop on Hot Topics in Security, Held in conjunction with the 18th USENIX Security Symposium (USENIX-Security 2009), Montreal, Canada, August 11, 2009. (Submissions due 4 May 2009)

    HotSec '09 will bring together innovative practitioners and researchers in computer security and privacy, broadly defined, to tackle the challenging problems in this space. While pragmatic and systems-oriented, HotSec takes a broad view of security and privacy and encompasses research on topics including but not limited to large-scale threats, network security, hardware security, software security, programming languages, applied cryptography, anonymity, human-computer interaction, sociology, economics, and law. To ensure a vigorous workshop environment, attendance will be by invitation only. Participants will be invited based on their submissions' originality, technical merit, topical relevance, and likelihood of leading to insightful technical discussions that will influence future security research. Submissions may not be under consideration for publication at any other venue.

  • WIFS 2009 1st IEEE International Workshop on Information Forensics and Security, London, UK, December 6-9, 2009. (Submissions due 22 May 2009)

    The IEEE International Workshop on Information Forensics and Security (WIFS) is the first workshop to be organized by the IEEE's Information Forensics and Security Technical Committee. Our aspiration is to create a venue for knowledge exchange that encompasses a broad range of disciplines and facilitates the exchange of ideas between various disparate communities that constitute information security. By so doing, we hope that researchers will identify new opportunities for collaboration across disciplines and gain new perspectives. Appropriate topics of interest include, but are not limited to:

    • Biometrics: emerging modalities, recognition techniques, multimodal decision, attacks and countermeasures
    • Computer security: intrusion detection, vulnerability analysis, system security
    • Cryptography for multimedia content: perceptual hash function, multimedia encryption, signal processing in the encrypted domain, traitor tracing codes, key distribution
    • Data hiding: watermarking, steganography and steganalysis, legacy system enhancement
    • Digital Rights Management (DRM): DRM primitives (secure clocks, proximity detection, etc), DRM architectures, DRM interoperability
    • Forensic analysis: device identification, data recovery, validation of forensic evidence
    • Network security: privacy protection, network tomography and surveillance, system recovery from security/privacy failure
    • Non technical aspects of security: legal, ethical, social and economical issues
    • (Video) surveillance: arrays of sensors design and analysis, content tracking, events recognition, large crowd behaviour analysis
    • Secure Applications: e-voting, e-commerce

  • MetriSec 2009 5th International Workshop on Security Measurements and Metrics, Held in conjunction with the International Symposium on Empirical Software Engineering and Measurement (ESEM 2009), Lake Buena Vista, Florida, USA, October 14, 2009. (Submissions due 28 May 2009)

    Quantitative assessment is a major stumbling blocks for software and system security. Although some security metrics exist, they are rarely adequate. The engineering importance of metrics is intuitive: you cannot consistently improve what you cannot measure. Economics is an additional drive for security metrics: customers should be enabled to quantify which of two IT products is more appropriate. The goals of this workshop are to showcase and foster research into security measurements and metrics and to keep building the community of individuals interested in this area. MetriSec continues the tradition started by the Quality of Protection (QoP) workshop series. This year, the new co-location with ESEM is an opportunity for the security metrics folks to meet the metrics community at large. The organizers solicit original submissions from industry and academic experts on the development and application of repeatable, meaningful measurements in the fields of software and system security. The topics of interest include, but are not limited to:

    • Security metrics
    • Security measurement and monitoring
    • Development of predictive models
    • Experimental validation of models
    • Formal theories of security metrics
    • Security quality assurance
    • Empirical assessment of security architectures and solutions
    • Mining data from attack and vulnerability repositories, CVE, CVSS
    • Static analysis metrics
    • Simulation and statistical analysis
    • Stochastic modeling
    • Security risk analysis
    • Industrial experience

  • InSPEC 2009 2nd International Workshop on Security and Privacy in Enterprise Computing, Held in conjunction with the 13th IEEE International Enterprise Distributed Object Computing Conference (EDOC 2009), Auckland, New Zealand, August 31 - September 4, 2009. (Submissions due 31 May 2009)

    In recent years several technologies have emerged for enterprise computing. Workflows are now widely adopted by industry and distributed workflows have been a topic of research for many years. Today, services are becoming the new building blocks of enterprise systems and service-oriented architectures are combining them in a flexible and novel way. In addition, with wide adoption of e-commerce, business analytics that exploits multiple, heterogeneous data sources have become an important field. Ubiquitous computing technologies, such as RFID or sensor networks change the way business systems interact with their physical environment, such as goods in a supply chain or machines on the shop floor. All these technological trends are accompanied also by new business trends due to globalization that involve innovative forms of collaborations such as virtual organizations. Further, the increased speed of business requires IT systems to become more flexible and highly dynamic. All of these trends bring with them new challenges to the security and privacy of enterprise computing. New concepts for solving these challenges require the combination of many disciplines from computer science and information systems, such as cryptography, networking, distributed systems, process modeling and design, access control, privacy etc. The goal of this workshop is to provide a forum for exchange of novel research in these areas among the experts from academia and industry. Completed work as well as research in progress is welcome, as we want to foster the exchange of novel ideas and approaches.

  • CANS 2009 8th International Conference on Cryptography and Network Security, Kanazawa, Ishikawa, Japan, December 12-14, 2009. (Submissions due 1 June 2009)

    The main goal of this conference is to promote research on all aspects of network security, as well as to build a bridge between research on cryptography and on network security. We therefore welcome scientific and academic papers with this focus. Areas of interest for CANS 2009 include, but are not limited to:

    • Ad Hoc and Sensor Network Security
    • Access Control for Networks
    • Anonymity and Pseudonymity
    • Authentication Services
    • Cryptographic Protocols and Schemes
    • Denial of Service Protection
    • Digital Rights Management
    • Fast Cryptographic Algorithms
    • Identity and Trust Management
    • Information Hiding and Watermarking
    • Internet and Router Security
    • Intrusion Detection and Prevention
    • Mobile and Wireless Network Security
    • Multicast Security
    • Phishing and Online Fraud Prevention
    • Peer-to-Peer Network Security
    • PKI
    • Security Modeling and Architectures
    • Secure Protocols (SSH, SSL, ...) and Applications
    • Spam Protection
    • Spyware Analysis and Detection
    • Virtual Private Networks

  • ACSAC 2009 25th Annual Computer Security Applications Conference, Honolulu, Hawaii, USA, December 7-11, 2009. (Submissions due 1 June 2009)

    We solicit papers offering novel contributions in computer and application security. Papers should present techniques or applications with practical experience. Papers are encouraged on technologies and methods that have been demonstrated to improve information systems security and that address lessons from actual application. We are especially interested in papers that address the application of security technology, the implementation of systems, and lessons learned. Suggested topics:

    • access control
    • applied cryptography
    • audit and audit reduction
    • biometrics
    • certification and accreditation
    • cybersecurity
    • database security
    • denial of service protection
    • distributed systems security
    • electronic commerce security
    • enterprise security management
    • forensics
    • identification & authentication
    • identify management
    • incident response planning
    • information survivability
    • insider threat protection
    • integrity
    • intellectual property rights
    • intrusion detection
    • mobile and wireless security
    • multimedia security
    • operating systems security
    • peer-to-peer security
    • privacy and data protection
    • product evaluation/compliance
    • risk/vulnerability assessment
    • securing cloud infrastructures
    • security engineering and management
    • security in IT outsourcing
    • service oriented architectures
    • software assurance
    • trust management
    • virtualization security
    • VOIP security
    • Web 2.0/3.0 security

  • Information Systems Frontiers, Special Issue on Security Management and Technologies for Protecting Against Internal Data Leakages Spring or Summer 2010. (Submission Due 14 August 2009)

    Guest editor: David Chadwick (University of Kent, UK), Hang Bae Chang (Daejin University, South Korea), Ilsun You (Korean Bible University, South Korea), and Seong-Moo Yoo (University of Alabama in Huntsville, USA)
    
    During the past decades, information security developments have been mainly concerned with preventing illegal attacks by outsiders, such as hacking, virus propagation, and spyware. However, according to a recent Gartner Research Report, information leakage caused by insiders who are legally authorized to have access to some corporate information is increasing dramatically. These leakages can cause significant damages such as weakening the competitiveness of companies (and even countries). Information leakage caused by insiders occurs less frequently than information leakage caused by outsiders, but the financial damage is much greater. Countermeasures in terms of physical, managerial, and technical aspects are necessary to construct an integral security management system to protect companies' major information assets from unauthorized internal attackers. The objective of this special issue is to showcases the most recent challenges and advances in security technologies and management systems to prevent leakage of organizations' information caused by insiders. It may also include state-of-the-art surveys and case analyses of practical significance. We expect that the special issue will be a trigger for further research and technology improvements related to this important subject. Topics(include but are not limited to):

    • Theoretical foundations and algorithms for addressing insider threats
    • Insider threat assessment and modeling
    • Security technologies to prevent, detect and avoid insider threats
    • Validating the trustworthiness of staff
    • Post-insider threat incident analysis
    • Data breach modeling and mitigation techniques
    • Registration, authentication and identification
    • Certification and authorization
    • Database security
    • Device control system
    • Digital forensic system
    • -Digital right management system
    • Fraud detection
    • Network access control system
    • Intrusion detection
    • Keyboard information security
    • Information security governance
    • Information security management systems
    • Risk assessment and management
    • Log collection and analysis
    • Trust management
    • IT compliance (audit) and continuous auditing

  • IFIP-DF 2010 6th Annual IFIP WG 11.9 International Conference on Digital Forensics, University of Hong Kong, Hong Kong, January 3-6, 2010. (Submissions due 15 August 2009)

    The IFIP Working Group 11.9 on Digital Forensics (www.ifip119.org) is an active international community of scientists, engineers and practitioners dedicated to advancing the state of the art of research and practice in the emerging field of digital forensics. The Sixth Annual IFIP WG 11.9 International Conference on Digital Forensics will provide a forum for presenting original, unpublished research results and innovative ideas related to the extraction, analysis and preservation of all forms of electronic evidence. Technical papers are solicited in all areas related to the theory and practice of digital forensics. Areas of special interest include, but are not limited to:

    • Theories, techniques and tools for extracting, analyzing and preserving digital evidence
    • Network forensics
    • Portable electronic device forensics
    • Digital forensic processes and workflow models
    • Digital forensic case studies
    • Legal, ethical and policy issues related to digital forensics

 

• The Technical Committee on Security and Privacy

 

• Listing of academic positions available  by Cynthia Irvine
  

 

• Staying in touch....

  • Information for Subscribers and Contributors

  • Who's where: recent address changes

  • Changing your email address?  Please send updates to cipher@ieee-security.org