Cipher Electronic Newsletter of the Technical Committe on    Security & Privacy A Technical Committee of the Computer Society of the IEEE  Electronic Issue (EI) 90,  May 30, 2009 Hilarie Orman,  Editor Book Reviews Sven Dietrich, Associate Editor Yong Guan, Calendar Editor

Contents:

• Letter from the Editor 
   

• Commentary and Opinion

  • Review of the Symposium on Security & Privacy (Claremont Hotel Resort and Spa, Berkeley, CA, May 17-20, 2009) by Martin Szydlowski

  • Richard Austin's review of Chained Exploits: Advanced Hacking Attacks from Start to Finish by A. Whitaker, K. Evans and J. Voth

  • NewsBits:  Announcements and correspondence from readers (please contribute!)

  • Book reviews from past Cipher issues

  • Conference Reports and Commentary from past Cipher issues

  • News items from past Cipher issues

 
• Cipher calls-for-papers and calendar

  • (the calls-for-papers and the calendar announcements may differ slightly in content or time of update): 

  • Calendar of Events
    • 5/29/09: ASIACRYPT, 15th Annual International Conference on the Theory and Application of Cryptology and Information Security, Tokyo, Japan; Submissions are due
    • 5/29/09: SSN, 5th International Workshop on Security in Systems and Networks, Held in conjunction with the International Parallel and Distributed Processing Symposium (IPDPS 2009), Rome, Italy
    • 5/30/09: STC, 4th Annual Workshop on Scalable Trusted Computing, Held in conjunction with the 16th ACM Conference on Computer and Communications Security (CCS 2009), Chicago, IL, USA; Submissions are due
    • 5/31/09: InSPEC, 2nd International Workshop on Security and Privacy in Enterprise Computing, Held in conjunction with the 13th IEEE International Enterprise Distributed Object Computing Conference (EDOC 2009), Auckland, New Zealand; Submissions are due
    • 5/31/09: TSP, IEEE International Symposium on Trust, Security and Privacy for Pervasive Applications, Held in conjunction with the IEEE International Conference on Mobile Ad-hoc and Sensor Systems (MASS 2009), Macau SAR, China; Submissions are due
    • 6/ 1/09: CANS, 8th International Conference on Cryptography and Network Security, Kanazawa, Ishikawa, Japan; Submissions are due
    • 6/ 1/09: ACSAC, 25th Annual Computer Security Applications Conference, Honolulu, Hawaii, USA; Submissions are due
    • 6/ 1/09: EuroPKI, 6th European Workshop on Public Key Services, Applications and Infrastructures, Pisa, Tuscany, Italy; Submissions are due
    • 6/ 1/09: SETOP, International Workshop on Autonomous and Spontaneous Security, Held in conjunction with ESORICS 2009, Saint Malo, Britany, France; Submissions are due
    • 6/ 1/09: IWNS, International Workshop on Network Steganography, Held in conjunction with the International Conference on Multimedia Information Networking and Security (MINES 2009), Wuhan, Hubei, China; Submissions are due
    • 6/ 1/09: CSET, Workshop on Cyber Security Experimentation and Test, Held in conjunction with the USENIX Security Symposium (USENIX-Security 2009), Montreal, Canada; Submissions are due
    • 6/ 2/09- 6/ 5/09: ACNS, 7th International Conference on Applied Cryptography and Network Security, Paris, France
    • 6/ 3/09- 6/ 5/09: MobiSec, 1st International Conference on Security and Privacy in Mobile Information and Communication Systems, Turin, Italy
    • 6/ 3/09- 6/ 5/09: SACMAT, 14th ACM Symposium on Access Control Models and Technologies, Hotel La Palma, Stresa, Italy
    • 6/ 7/09- 6/ 9/09: IH, 11th Information Hiding Workshop, Darmstadt, Germany
    • 6/ 7/09: SecPri-WiMob, International Workshop on Security and Privacy in Wireless and Mobile Computing, Networking and Communications, Held in the 5th IEEE International Conference on Wireless and Mobile Computing, Networking and Communications (WiMob 2009), Marrakech, Morocco; Submissions are due
    • 6/10/09: DPM, 4th International Workshop on Data Privacy Management, Saint Malo, Britany, France; Submissions are due
    • 6/12/09: SWS, ACM Workshop on Secure Web Services, Held in conjunction with the 16th ACM Conference on Computer and Communications Security (CCS 2009), Chicago, IL, USA; Submissions are due
    • 6/12/09: SPIMACS, ACM Workshop on Security and Privacy in Medical and Home-Care Systems, Held in conjunction with the 16th ACM Conference on Computer and Communications Security (CCS 2009), Chicago, IL, USA; Submissions are due
    • 6/14/09- 6/18/09: CISS, Communication and Information Systems Security Symposium, Held in conjunction with the IEEE International Conference on Communications (ICC 2009), Dresden, Germany
    • 6/14/09- 6/19/09: SECURWARE, 3rd International Conference on Emerging Security Information, Systems and Technologies, Athens, Greece
    • 6/15/09: ARO-DF, ARO Workshop on Digital Forensics, Washington DC., USA; Submissions are due
    • 6/15/09: ICPADS, 15th IEEE International Conference on Parallel and Distributed Systems, Shenzhen, China; Submissions are due
    • 6/15/09: SECMCS, Workshop on Secure Multimedia Communication and Services, Held in conjunction with the 2009 International Conference on Multimedia Information Networking and Security (MINES 2009), Wuhan, China; Submissions are due
    • 6/15/09: IS, 4th International Symposium on Information Security, Vilamoura, Algarve-Portugal; Submissions are due
    • 6/15/09: HICSS-DF, 43rd Hawaii International Conference on System Sciences, Digital Forensics Minitrack, Koloa, Kauai, Hawaii; Submissions are due
    • 6/15/09- 6/19/09: MIST, International Workshop on Managing Insider Security Threats, Held in conjunction with the 3rd IFIP International Conference on Trust Management (IFIPTM 2009), West Lafayette, IN, USA
    • 6/19/09: CCSW, ACM Cloud Computing Security Workshop, Held in conjunction with the 16th ACM Conference on Computer and Communications Security (CCS 2009), Chicago, IL, USA; Submissions are due
    • 6/21/09: STM, 5th International Workshop on Security and Trust Management, Held in conjunction with ESORICS 2009, Saint Malo, France; Submissions are due
    • 6/25/09- 6/27/09: WNGS, 4th International Workshop on Security, Korea University, Seoul, Korea
    • 7/ 1/09- 7/ 3/09: ACSISP, 14th Australasian Conference on Information Security and Privacy, Brisbane, Australia
    • 7/ 7/09- 7/10/09: SECRYPT, International Conference on Security and Cryptography, Milan, Italy
    • 7/ 7/09- 7/10/09: ATC, 6th International Conference on Autonomic and Trusted Computing, Brisbane, Australia
    • 7/ 7/09- 7/10/09: CTC, Cybercrime and Trustworthy Computing Workshop, Held in conjunction with the 6th International Conference on Autonomic and Trusted Computing (ATC 2009), Brisbane, Australia
    • 7/ 8/09- 7/10/09: CSF, 22nd IEEE Computer Security Foundations Symposium, Port Jefferson, New York, USA
    • 7/12/09- 7/15/09: DBSEC, 23rd Annual IFIP WG 11.3 Working Conference on Data and Applications Security, Montreal, Canada
    • 7/15/09: ICISS, 5th International Conference on Information Systems Security, Kolkata, India; Submissions are due
    • 7/20/09- 7/22/09: POLICY, IEEE International Symposium on Policies for Distributed Systems and Networks, Imperial College London, UK
    • 7/27/09: HOST, 2nd IEEE International Workshop on Hardware-Oriented Security and Trust, San Francisco, CA, USA
    • 8/ 1/09: INTRUST, The International Conference on Trusted Systems, Beijing, P. R. China; Submissions are due
    • 8/10/09: CSET, Workshop on Cyber Security Experimentation and Test, Held in conjunction with the USENIX Security Symposium (USENIX-Security 2009), Montreal, Canada
    • 8/11/09: HotSec, 4th USENIX Workshop on Hot Topics in Security, Held in conjunction with the 18th USENIX Security Symposium (USENIX-Security 2009), Montreal, Canada
    • 8/12/09- 8/14/09: USENIX-SECURITY, 18th USENIX Security Symposium, Montreal, Canada
    • 8/14/09: Information Systems Frontiers, Special Issue on Security Management and Technologies for Protecting Against Internal Data Leakages; Submissions are due
    • 8/15/09: IFIP-DF, 6th Annual IFIP WG 11.9 International Conference on Digital Forensics, University of Hong Kong, Hong Kong; Submissions are due
    • 8/17/09- 8/19/09: DFRWS, 9th Digital Forensics Research Workshop, Montreal, Canada
    • 8/31/09- 9/ 4/09: TrustBus, 6th International Conference on Trust, Privacy, and Security in Digital Business, Held in conjunction with the 20th International Conference on Database and Expert Systems Applications (DEXA 2009), Linz, Austria
    • 8/31/09- 9/ 4/09: DaSECo, 1st International Workshop on Defence against Spam in Electronic Communication, Held in conjunction with the 20th International Conference on Database and Expert Systems Applications (DEXA 2009), Linz, Austria
    • 8/31/09- 9/ 4/09: InSPEC, 2nd International Workshop on Security and Privacy in Enterprise Computing, Held in conjunction with the 13th IEEE International Enterprise Distributed Object Computing Conference (EDOC 2009), Auckland, New Zealand
    • 9/ 1/09: International Journal of Communication Networks and Information Security, Special Issue on Composite and Integrated Security Solutions for Wireless Sensor Networks; Submissions are due
    • 9/ 2/09- 9/ 4/09: WISTP, Workshop on Information Security Theory and Practices (Smart Devices, Pervasive Systems, and Ubiquitous Networks), Bruxelles, Belgium
    • 9/ 7/09- 9/ 9/09: ISC, 12th Information Security Conference, Pisa, Italy
    • 9/ 8/09: SAC-CF, 25th ACM Symposium on Applied Computing, Computer Forensics Track, Sierre, Switzerland; Submissions are due
    • 9/ 8/09: SAC-TRECK, 25th ACM Symposium on Applied Computing, Trust, Reputation, Evidence and other Collaboration Know-how Track, Sierre, Switzerland; Submissions are due
    • 9/ 8/09- 9/11/09: NSPW, New Security Paradigms Workshop, The Queen's College, University of Oxford, UK
    • 9/ 9/09- 9/11/09: EuroPKI, 6th European Workshop on Public Key Services, Applications and Infrastructures, Pisa, Tuscany, Italy;
    • 9/10/09- 9/11/09: ARO-DF, ARO Workshop on Digital Forensics, Washington DC., USA
    • 9/11/09: NDSS, 17th Annual Network & Distributed System Security Symposium, San Diego, CA, USA; Submissions are due
    • 9/14/09- 9/18/09: SECURECOMM, 5th International ICST Conference on Security and Privacy for Communication Networks, Athens, Greece
    • 9/21/09- 9/25/09: ESORICS, 14th European Symposium on Research in Computer Security, Saint Malo, France
    • 9/24/09: DPM, 4th International Workshop on Data Privacy Management, Saint Malo, Britany, France
    • 9/24/09- 9/25/09: SETOP, International Workshop on Autonomous and Spontaneous Security, Held in conjunction with ESORICS 2009, Saint Malo, Britany, France
    • 9/24/09- 9/25/09: STM, 5th International Workshop on Security and Trust Management, Held in conjunction with ESORICS 2009, Saint Malo, France
    • 9/27/09- 9/30/09: SRDS, 28th International Symposium on Reliable Distributed Systems, Niagara Falls, New York, USA
    • 9/30/09-10/ 2/09: ICDF2C, International Conference on Digital Forensics & Cyber Crime, Albany, NY, USA
    • 10/ 6/09-10/10/09: SIN, 2nd ACM International Conference on Security of Information and Networks, Eastern Mediterranean University, Gazimagusa, TRNC, North Cyprus
    • 10/11/09: VizSec, Workshop on Visualization for Cyber Security, Atlantic City, NJ, USA
    • 10/12/09: SecPri-WiMob, International Workshop on Security and Privacy in Wireless and Mobile Computing, Networking and Communications, Held in the 5th IEEE International Conference on Wireless and Mobile Computing, Networking and Communications (WiMob 2009), Marrakech, Morocco
    • 10/12/09-10/14/09: TSP, IEEE International Symposium on Trust, Security and Privacy for Pervasive Applications, Held in conjunction with the IEEE International Conference on Mobile Ad-hoc and Sensor Systems (MASS 2009), Macau SAR, China
    • 10/14/09: MetriSec, 5th International Workshop on Security Measurements and Metrics, Held in conjunction with the International Symposium on Empirical Software Engineering and Measurement (ESEM 2009), Lake Buena Vista, Florida, USA
    • 10/19/09-10/21/09: NSS, 3rd International Conference on Network & System Security, Gold Coast, Australia
    • 10/19/09-10/21/09: DMM, 1st International Workshop on Denial of service Modelling and Mitigation, Held in conjunction with 3rd International Conference on Network & System Security (NSS 2009), Gold Coast, Australia
    • 10/28/09-10/30/09: IWSEC, 4th International Workshop on Security, Toyama, Japan
    • 11/ 1/09-11/ 6/09: LISA, 23rd USENIX Large Installation System Administration Conference, Baltimore, MD, USA
    • 11/ 1/09-11/ 6/09: IS, 4th International Symposium on Information Security, Vilamoura, Algarve-Portugal
    • 11/ 9/09-11/13/09: CCS, 16th ACM Conference on Computer and Communications Security, Chicago, IL, USA
    • 11/13/09: STC, 4th Annual Workshop on Scalable Trusted Computing, Held in conjunction with the 16th ACM Conference on Computer and Communications Security (CCS 2009), Chicago, IL, USA
    • 11/13/09: SWS, ACM Workshop on Secure Web Services, Held in conjunction with the 16th ACM Conference on Computer and Communications Security (CCS 2009), Chicago, IL, USA
    • 11/13/09: SPIMACS, ACM Workshop on Security and Privacy in Medical and Home-Care Systems, Held in conjunction with the 16th ACM Conference on Computer and Communications Security (CCS 2009), Chicago, IL, USA
    • 11/13/09: CCSW, ACM Cloud Computing Security Workshop, Held in conjunction with the 16th ACM Conference on Computer and Communications Security (CCS 2009), Chicago, IL, USA
    • 11/18/09-11/20/09: IWNS, International Workshop on Network Steganography, Held in conjunction with the International Conference on Multimedia Information Networking and Security (MINES 2009), Wuhan, Hubei, China
    • 11/18/09-11/20/099: SECMCS, Workshop on Secure Multimedia Communication and Services, Held in conjunction with the 2009 International Conference on Multimedia Information Networking and Security (MINES 2009), Wuhan, China
    • 12/ 6/09-12/ 9/09: WIFS, 1st IEEE International Workshop on Information Forensics and Security, London, UK
    • 12/ 6/09-12/10/09: ASIACRYPT, 15th Annual International Conference on the Theory and Application of Cryptology and Information Security, Tokyo, Japan
    • 12/ 7/09-12/11/09: ACSAC, 25th Annual Computer Security Applications Conference, Honolulu, Hawaii, USA
    • 12/ 8/09-12/11/09: ICPADS, 15th IEEE International Conference on Parallel and Distributed Systems, Shenzhen, China
    • 12/12/09-12/14/09: CANS, 8th International Conference on Cryptography and Network Security, Kanazawa, Ishikawa, Japan
    • 12/14/09-12/18/09: ICISS, 5th International Conference on Information Systems Security, Kolkata, India
    • 12/17/09-12/19/09: INTRUST, The International Conference on Trusted Systems, Beijing, P. R. China
    • 1/ 3/10- 1/ 6/10: IFIP-DF, 6th Annual IFIP WG 11.9 International Conference on Digital Forensics, University of Hong Kong, Hong Kong
    • 1/ 5/10- 1/ 8/10: HICSS-DF, 43rd Hawaii International Conference on System Sciences, Digital Forensics Minitrack, Koloa, Kauai, Hawaii
    • 2/28/10- 3/ 3/10: NDSS, 17th Annual Network & Distributed System Security Symposium, San Diego, CA, USA
    • 3/22/10- 3/26/10: SAC-CF, 25th ACM Symposium on Applied Computing, Computer Forensics Track, Sierre, Switzerland
    • 3/22/10- 3/26/10: SAC-TRECK, 25th ACM Symposium on Applied Computing, Trust, Reputation, Evidence and other Collaboration Know-how Track, Sierre, Switzerland
  • new calls or announcements added since Cipher E89

  • ASIACRYPT 2009 15th Annual International Conference on the Theory and Application of Cryptology and Information Security, Tokyo, Japan, December 6-10, 2009. (Submissions due 29 May 2009)

    Original research papers on all technical aspects of cryptology are solicited for submission to ASIACRYPT 2009, the annual International Conference on Theory and Application of Cryptology and Information Security. The conference is sponsored by the International Association for Cryptologic Research (IACR) in cooperation with Technical Group on Information Security (ISEC) of the Institute of Electronics, Information and Communication Engineers (IEICE).

  • STC 2009 4th Annual Workshop on Scalable Trusted Computing, Held in conjunction with the 16th ACM Conference on Computer and Communications Security (CCS 2009), Chicago, IL, USA, November 13, 2009. (Submissions due 30 May 2009)

    The workshop focuses on fundamental technologies of trusted computing (in a broad sense, with or without TPMs) and its applications in large-scale systems -- those involving large number of users and parties with varying degrees of trust. The workshop is intended to serve as a forum for researchers as well as practitioners to disseminate and discuss recent advances and emerging issues. Topics of interest include, but not limited to:

    • Enabling scalable trusted computing
    • Applications of trusted computing
    • Pushing the limits

  • InSPEC 2009 2nd International Workshop on Security and Privacy in Enterprise Computing, Held in conjunction with the 13th IEEE International Enterprise Distributed Object Computing Conference (EDOC 2009), Auckland, New Zealand, August 31 - September 4, 2009. (Submissions due 31 May 2009)

    In recent years several technologies have emerged for enterprise computing. Workflows are now widely adopted by industry and distributed workflows have been a topic of research for many years. Today, services are becoming the new building blocks of enterprise systems and service-oriented architectures are combining them in a flexible and novel way. In addition, with wide adoption of e-commerce, business analytics that exploits multiple, heterogeneous data sources have become an important field. Ubiquitous computing technologies, such as RFID or sensor networks change the way business systems interact with their physical environment, such as goods in a supply chain or machines on the shop floor. All these technological trends are accompanied also by new business trends due to globalization that involve innovative forms of collaborations such as virtual organizations. Further, the increased speed of business requires IT systems to become more flexible and highly dynamic. All of these trends bring with them new challenges to the security and privacy of enterprise computing. New concepts for solving these challenges require the combination of many disciplines from computer science and information systems, such as cryptography, networking, distributed systems, process modeling and design, access control, privacy etc. The goal of this workshop is to provide a forum for exchange of novel research in these areas among the experts from academia and industry. Completed work as well as research in progress is welcome, as we want to foster the exchange of novel ideas and approaches.

  • TSP 2009 IEEE International Symposium on Trust, Security and Privacy for Pervasive Applications, Held in conjunction with the IEEE International Conference on Mobile Ad-hoc and Sensor Systems (MASS 2009), Macau SAR, China, October 12-14, 2009. (Submissions due 31 May 2009)

    TSP 2009 aims at bringing together researchers and practitioners in the world working on trust, security, privacy, and related issues such as technical, social and cultural implications for pervasive devices, services, networks, applications and systems, and providing a forum for them to present and discuss emerging ideas and trends in this highly challenging research area. Topics of interest include, but are not limited to:

    • Trust, Security and Privacy (TSP) metrics and architectures for pervasive computing
    • Trust management in pervasive environment
    • Risk management in pervasive environment
    • Security and privacy protection in pervasive environment
    • Security and privacy in mobile and wireless communications
    • Security and privacy for databases in pervasive environment
    • Safety and user experiences in pervasive environment
    • TSP-aware social and cultural implications in pervasive environment
    • Cryptographic devices for pervasive computing
    • Biometric authentication for pervasive devices
    • Security for embedded software and systems
    • TSP-aware middleware design for pervasive services
    • TSP-aware case studies on pervasive applications/systems
    • Key management in pervasive applications/systems
    • Authentication in pervasive applications/systems
    • Audit and accountability in pervasive applications/systems
    • Access control in pervasive applications/systems
    • Anonymity in pervasive applications/systems
    • Reliability and fault tolerance in pervasive applications/systems
    • Miscellaneous issues in pervasive devices, services, applications, and systems

  • CANS 2009 8th International Conference on Cryptography and Network Security, Kanazawa, Ishikawa, Japan, December 12-14, 2009. (Submissions due 1 June 2009)

    The main goal of this conference is to promote research on all aspects of network security, as well as to build a bridge between research on cryptography and on network security. We therefore welcome scientific and academic papers with this focus. Areas of interest for CANS 2009 include, but are not limited to:

    • Ad Hoc and Sensor Network Security
    • Access Control for Networks
    • Anonymity and Pseudonymity
    • Authentication Services
    • Cryptographic Protocols and Schemes
    • Denial of Service Protection
    • Digital Rights Management
    • Fast Cryptographic Algorithms
    • Identity and Trust Management
    • Information Hiding and Watermarking
    • Internet and Router Security
    • Intrusion Detection and Prevention
    • Mobile and Wireless Network Security
    • Multicast Security
    • Phishing and Online Fraud Prevention
    • Peer-to-Peer Network Security
    • PKI
    • Security Modeling and Architectures
    • Secure Protocols (SSH, SSL, ...) and Applications
    • Spam Protection
    • Spyware Analysis and Detection
    • Virtual Private Networks

  • ACSAC 2009 25th Annual Computer Security Applications Conference, Honolulu, Hawaii, USA, December 7-11, 2009. (Submissions due 1 June 2009)

    We solicit papers offering novel contributions in computer and application security. Papers should present techniques or applications with practical experience. Papers are encouraged on technologies and methods that have been demonstrated to improve information systems security and that address lessons from actual application. We are especially interested in papers that address the application of security technology, the implementation of systems, and lessons learned. Suggested topics:

    • access control
    • applied cryptography
    • audit and audit reduction
    • biometrics
    • certification and accreditation
    • cybersecurity
    • database security
    • denial of service protection
    • distributed systems security
    • electronic commerce security
    • enterprise security management
    • forensics
    • identification & authentication
    • identify management
    • incident response planning
    • information survivability
    • insider threat protection
    • integrity
    • intellectual property rights
    • intrusion detection
    • mobile and wireless security
    • multimedia security
    • operating systems security
    • peer-to-peer security
    • privacy and data protection
    • product evaluation/compliance
    • risk/vulnerability assessment
    • securing cloud infrastructures
    • security engineering and management
    • security in IT outsourcing
    • service oriented architectures
    • software assurance
    • trust management
    • virtualization security
    • VOIP security
    • Web 2.0/3.0 security

  • EUROPKI 2009 6th European Workshop on Public Key Services, Applications and Infrastructures, Pisa, Tuscany, Italy, September 9-11, 2009. (Submissions due 1 June 2009)

    EuroPKI aims at covering all research aspects of Public Key Services, Applications and Infrastructures. In particular, we want to encourage also submissions dealing with any innovative applications of public key cryptography. Submitted papers may present theory, applications or practical experiences on topics including, but not limited to:

    • Anonymity and privacy
    • Architecture and Modeling
    • Authentication
    • Authorization and Delegation
    • Case Studies
    • Certificates Status
    • Certification Policy and Practices
    • Credentials
    • Cross Certification
    • Directories
    • eCommerce/eGovernment
    • Evaluation
    • Fault-Tolerance and reliability
    • Federations
    • Group signatures
    • ID-based schemes
    • Identity Management and eID
    • Implementations
    • Interoperability
    • Key Management
    • Legal issues
    • Long-time archiving
    • Mobile PKI
    • Multi-signatures
    • Policies & Regulations
    • Privacy
    • Privilege Management
    • Protocols
    • Repositories
    • Risk/attacks
    • Standards
    • Timestamping
    • Trust management
    • Trusted Computing
    • Ubiquitous scenarios
    • Usage Control
    • Web services security

  • SETOP 2009 International Workshop on Autonomous and Spontaneous Security, Held in conjunction with ESORICS 2009, Saint Malo, Britany, France, September 24-25, 2009. (Submissions due 1 June 2009)

    With the need for evolution, if not revolution, of current network architectures and the Internet, autonomous and spontaneous management will be a key feature of future networks and information systems. In this context, security is an essential property. It must be thought at the early stage of conception of these systems and designed to be also autonomous and spontaneous. Future networks and systems must be able to automatically configure themselves with respect to their security policies. The security policy specification must be dynamic and adapt itself to the changing environment. Those networks and systems should interoperate securely when their respective security policies are heterogeneous and possibly conflicting. They must be able to autonomously evaluate the impact of an intrusion in order to spontaneously select the appropriate and relevant response when a given intrusion is detected. Autonomous and spontaneous security is a major requirement of future networks and systems. Of course, it is crucial to address this issue in different wireless and mobile technologies available today such as RFID, Wifi, Wimax, 3G, etc. Other technologies such as ad hoc and sensor networks, which introduce new type of services, also share similar requirements for an autonomous and spontaneous management of security. The SETOP Workshop seeks submissions that present research results on all aspects related to spontaneous and autonomous security. Submissions by PhD students are encouraged. Topics of interest include, but are not limited to the following:

    • Security policy deployment
    • Self evaluation of risk and impact
    • Distributed intrusion detection
    • Autonomous and spontaneous response
    • Trust establishment
    • Security in ad hoc networks
    • Security in sensor/RFID networks
    • Security of Next Generation Networks
    • Security of Service Oriented Architecture
    • Security of opportunistic networks
    • Privacy in self-organized networks
    • Secure localization
    • Context aware and ubiquitous computing
    • Secure inter-operability and negotiation
    • Self-organization in secure routing
    • Identity management

  • IWNS 2009 International Workshop on Network Steganography, Held in conjunction with the International Conference on Multimedia Information Networking and Security (MINES 2009), Wuhan, Hubei, China, November 18-20, 2009. (Submissions due 1 June 2009)

    Network steganography is part of information hiding focused on modern networks and is a method of hiding secret data in users' normal data transmissions, ideally, so it cannot be detected by third parties. Steganographic techniques arise and evolve with the development of network protocols and mechanisms, and are expected to used in secret communication or information sharing. Now, it becomes a hot topic due to the wide spread of information networks, e.g., multimedia service networks and social networks. The workshop is dedicated to capture such areas of research as steganography, steganalysis, and digital forensics in the meaning of network covert channels, investigate the potential applications, and discuss the future research topics. Research themes of workshop will include:

    • Steganography and steganalysis
    • Covert/subliminal channels
    • Novel applications of information hiding in networks
    • Political and business issues in network steganography
    • Information hiding in multimedia services
    • Digital forensics
    • Network communication modelling from the viewpoint of steganography and steganalysis
    • New methods for eliminating network steganography

  • CSET 2009 Workshop on Cyber Security Experimentation and Test, Held in conjunction with the USENIX Security Symposium (USENIX-Security 2009), Montreal, Canada, August 10, 2009. (Submissions due 1 June 2009)

    CSET '09 is bringing together researchers and testbed developers to share their experiences and define a forward-looking agenda for the development of scientific, realistic evaluation approaches for security threats and defenses; it provides an important community forum for the exploration of transformational advances in the field of cyber security experimentation and test. While we particularly invite papers that deal with security experimentation, we are also interested in papers that address general testbed/ experiment issues that have implications on security experimentation such as: traffic and topology generation, large-scale experiment support, experiment automation, etc. We are further interested in educational efforts that involve security experimentation.

  • SecPri-WiMob 2009 International Workshop on Security and Privacy in Wireless and Mobile Computing, Networking and Communications, Held in the 5th IEEE International Conference on Wireless and Mobile Computing, Networking and Communications (WiMob 2009), Marrakech, Morocco, October 12, 2009. (Submissions due 7 June 2009)

    The objectives of the SecPri_WiMob 2009 Workshop are to bring together researchers from research communities in Wireless and Mobile Computing, Networking and Communications, Security and Privacy, with the goal of fostering interaction. Topics of interest may include one or more of the following (but are not limited to) themes:

    • Cryptographic Protocols for Mobile and Wireless Networks
    • Key Management in Mobile and Wireless Computing
    • Reasoning about Security and Privacy
    • Privacy and Anonymity in Mobile and Wireless Computing
    • Public Key Infrastructure in Mobile and Wireless Environments
    • Economics of Security and Privacy in Wireless and Mobile environments
    • Security Architectures and Protocols in Wireless LANs
    • Security Architectures and Protocols in B3G/4G Mobile Networks
    • Security and Privacy features into Mobile and Wearable devices
    • Location Privacy
    • Ad hoc Networks Security
    • Sensor Networks Security
    • Wireless Ad Hoc Networks Security
    • Role of Sensors to Enable Security
    • Security and Privacy in Pervasive Computing
    • Trust Establishment, Negotiation, and Management
    • Secure PHY/MAC/routing protocols
    • Security under Resource Constraints (bandwidth, computation constraints, energy)

  • DPM 2009 4th International Workshop on Data Privacy Management, Saint Malo, Britany, France, September 24, 2009. (Submissions due 10 June 2009)

    DPM 2009 Workshop aims at discussing and exchanging ideas related to privacy data management. We invite papers from researchers and practitioners working in privacy, security, trustworthy data systems and related areas to submit their original papers in this workshop. The main topics, but not limited to, include:

    • Privacy Information Administration
    • Privacy Policy-based Infrastructures and Architectures
    • Privacy-oriented Access Control Language
    • Privacy in Trust Management
    • Privacy Data Integration
    • Privacy Risk Assessment and Assurance
    • Privacy Services
    • Privacy Policy Analysis
    • Query Execution over Privacy Sensitive Data
    • Privacy Preserving Data Mining
    • Hippocratic and Water-marking Databases
    • Privacy for Integrity-based Computing
    • Privacy Monitoring and Auditing
    • Privacy in Social Networks
    • Privacy in Ambient Intelligence (AmI) Applications
    • Conciliation of Individual Privacy and Corporate/National Security
    • Privacy in computer networks
    • Privacy and RFIDs
    • Privacy in Sensor Networks

  • SWS 2009 ACM Workshop on Secure Web Services, Held in conjunction with the 16th ACM Conference on Computer and Communications Security (CCS 2009), Chicago, IL, USA, November 13, 2009. (Submissions due 12 June 2009)

    Basic security protocols for Web Services, such as XML Security, the WS-* series of proposals, SAML, and XACML are the basic set of building blocks enabling Web Services and the nodes of GRID architectures to interoperate securely. While these building blocks are now firmly in place, a number of challenges are still to be met for Web services and GRID nodes to be fully secured and trusted, providing for secure communications between cross-platform and cross-language Web services. Also, the current trend toward representing Web services orchestration and choreography via advanced business process metadata is fostering a further evolution of current security models and languages, whose key issues include setting and managing security policies, inter-organizational (trusted partner) security issues and the implementation of high level business policies in a Web services environment. The SWS workshop explores these challenges, ranging from the advancement and best practices of building block technologies such as XML and Web services security protocols to higher level issues such as advanced metadata, general security policies, trust establishment, risk management, and service assurance. The workshop provides a forum for presenting research results, practical experiences, and innovative ideas in web services security. Topics of interest include, but are not limited to, the following:

    • Web services and GRID computing security
    • Authentication and authorization
    • Frameworks for managing, establishing and assessing inter-organizational trust relationships
    • Web services exploitation of Trusted Computing
    • Semantics-aware Web service security and Semantic Web Secure orchestration of Web services
    • Privacy and digital identities support

  • SPIMACS 2009 ACM Workshop on Security and Privacy in Medical and Home-Care Systems, Held in conjunction with the 16th ACM Conference on Computer and Communications Security (CCS 2009), Chicago, IL, USA, November 13, 2009. (Submissions due 12 June 2009)

    The goal of the proposed workshop is to bring together a range of computer and social scientists to develop a more complete understanding of the interaction of individuals and computer security technologies as they are associated with critical care, continuing care and monitoring of the frail. The goals include but go beyond traditional vulnerability and usability critiques to include evaluations of use of security technologies in homes and in health care. The Health Information Technology for Economic Clinical Health Act, signed on 2/17/09, brings this issue strongly to the fore. SPIMACS (pronounced spy-max) seeks to bring together the people and expertise that will be required to address the challenges of securing the intimate digital spaces of the most vulnerable. Therefore the scope of this workshop includes but is not uniquely limited to:

    • usable security
    • usable privacy technologies, particularly for the physically or cognitively impaired
    • home-based wireless network security
    • security in specialized application for the home, e.g. medical or physical security monitoring
    • authentication in the home environment
    • security and anonymization of home-centric data on the network
    • usable security for unique populations, e.g. elders, children, or the ill
    • privacy and security evaluation mechanisms for home environments
    • security in home-based sensor networks
    • medical and spatial privacy
    • privacy-aware medical devices
    • privacy-enhanced medical search
    • analyses of in-home and medical systems
    • attacks on medical devices
    • threat analyses or attacks on medical or home data
    • novel applications of cryptography to medical or intimate data

  • ARO-DF 2009 ARO Workshop on Digital Forensics, Washington DC., USA, September 10-11, 2009. (Submissions due 15 June 2009)

    The possibility of becoming a victim of cyber crime is the number one fear of billions of people online. In the years of fighting against cyber-crimes and cyber-enabled crimes, we have seen that digital evidence may often be available for a very short period of time and/or involve huge volumes of data that are found locally on a single digital device or spread globally across dispersed public and proprietary platforms. The field of Digital Forensics faces many challenges and difficult problems. The goal of this workshop is to identify important and hard digital forensic challenges and problems, and to stimulate community efforts on the development of scientific foundation for digital forensics and new theories and practical techniques towards addressing these problems. We invite one-page short statement of ideas addressing the problems and topics of interest for the workshop. The workshop discussions will be initiated by presentations from invited speakers, each representing a different perspective related to digital forensics and views from law enforcement, military, industry, and academia. These presentations will be used to form the basis of the workshop discussions to follow. The remainder of the workshop will be devoted to group discussions led by group coordinators on a selected list of important topics in digital forensics. Topics of relevance include, but are not limited to:

    • Scientific Foundation and Models, and the Law
    • Digital Evidence Discovery, Collection, Recovery, and Storage
    • Digital Evidence Analysis
    • Network Forensics
    • Digital Forensics Tool Validation
    • Anti-forensics Techniques

  • ICPADS 2009 15th IEEE International Conference on Parallel and Distributed Systems, Shenzhen, China, December 8-11, 2009. (Submissions due 15 June 2009)

    Following the previous successful events, ICPADS 2009 will be held in Shenzhen, China. The conference provides an international forum for scientists, engineers, and users to exchange and share their experiences, new ideas, and latest research results on all aspects of parallel and distributed systems. Topics of particular interest include, but are not limited to:

    • High Performance Computational Biology and Bioinformatics
    • Parallel and Distributed Applications and Algorithms
    • High Performance Computational Biology and Bioinformatics
    • Multi-core and Multithreaded Architectures
    • Power-aware Computing
    • Distributed and Parallel Operating Systems
    • Resource Management and Scheduling
    • Peer-to-Peer Computing
    • Cluster and Grid Computing
    • Web-based Computing and Service-Oriented Architecture
    • Communication and Networking Systems
    • Wireless and Mobile Computing
    • Ad Hoc and Sensor Networks
    • Security and Privacy
    • Dependable and Trustworthy Computing and Systems
    • Real-Time and Multimedia Systems
    • Performance Modeling and Evaluation

  • SECMCS 2009 Workshop on Secure Multimedia Communication and Services, Held in conjunction with the 2009 International Conference on Multimedia Information Networking and Security (MINES 2009), Wuhan, China, November 18–20, 2009. (Submissions due 15 June 2009)

    This workshop covers various aspects of secure multimedia communication in emerging services. The services may work in the following environment: Internet, mobile TV, IPTV, IMS, VoIP, P2P, sensor network, network convergence, etc. The paper may focus on architecture construction, algorithm designing or hardware implementation. Both review paper and technical paper are expected. The topics include but are not limited to:

    • Lightweight multimedia encryption
    • Secure multimedia adaptation
    • Multimedia content authentication
    • Sensitive content detection/filtering based on multimedia analysis
    • Security threats or model for multimedia services
    • Conditional Access and Digital Rights Management
    • Key management/distribution in multimedia services
    • Secure payment for multimedia services
    • Secure user interface in multimedia services
    • Secure telecom/broadcast convergence
    • Secure mobile/Internet convergence
    • Security in 3G/4G multimedia communication networks
    • Security and privacy in multimedia sensor networks
    • Security protocols or standards for multimedia communication
    • Secure devices (set-top box, Smart Cards, SIM card, MID, etc.)
    • Intrusion detection/prevention in multimedia systems
    • Denial-of-Service (DoS) attacks in multimedia applications

  • IS 2009 4th International Symposium on Information Security, Vilamoura, Algarve-Portugal, November 1-6, 2009. (Submissions due 15 June 2009)

    The goal of this symposium is to bring together researchers from the academia and practitioners from the industry in order to address information security issues. The symposium will provide a forum where researchers shall be able to present recent research results and describe emerging technologies and new research problems and directions related to them. The symposium seeks contributions presenting novel research in all aspects of information security. Topics of interest may include one or more of the following (but are not limited to) themes:

    • Access Control and Authentication
    • Accounting and Audit
    • Biometrics for Security
    • Buffer Overflows
    • Computer Forensics
    • Cryptographic Algorithms and Protocols
    • Databases and Data Warehouses Security
    • Honey Nets
    • Identity and Trust Management
    • Intrusion Detection and Prevention
    • Information Filtering and Content Management
    • Information Hiding and Watermarking
    • Mobile Code Security
    • Multimedia Security
    • Network Security
    • Privacy and Confidentiality
    • Public-Key Infrastructure
    • Privilege Management Infrastructure
    • Risk Assessment
    • Security Issues in E-Activities
    • Security and Privacy Economics
    • Security in RFID Systems
    • Security and Trustiness in P2P Systems and Grid Computing
    • Security in Web Services
    • Smart Card Technology
    • Software Security
    • Usability of Security Systems and Services
    • Vulnerability Assessment

  • HICSS-DF 2010 43rd Hawaii International Conference on System Sciences, Digital Forensics Minitrack, Koloa, Kauai, Hawaii, January 5-8, 2010. (Submissions due 15 June 2009)

    This is a call for "original" papers addressing the area of digital forensics - to include research endeavors, industrial experiences and pedagogy . This minitrack is attempting to bring together an international collection of papers from academia, industry and law enforcement which address current directions in digital forensics. Digital forensics includes the use of software, computer science, software engineering, and criminal justice procedures to explore and or investigate digital media with the objective of finding evidence to support a criminal or administrative case. It involves the preservation, identification, extraction, and documentation of computer or network evidence. This minitrack is interested in a wide variety of papers which address the following areas as well as others:

    • Pedagogical papers that describe digital forensics degree programs or the teaching of digital forensics within other programs internationally.
    • Papers that address a research agenda that considers practitioner requirements, multiple investigative environments and emphasizes real world usability.
    • Papers that present an experience report involving the discovery, explanation and presentation of conclusive, persuasive evidence from digital forensics investigation.
    • Papers that combine research and practice.
    • Processes for the incorporation of rigorous scientific methods as a fundamental tenant of the evolving science of Digital Forensics.
    • Tools and techniques being developed through research activity.

  • CCSW 2009 ACM Cloud Computing Security Workshop, Held in conjunction with the 16th ACM Conference on Computer and Communications Security (CCS 2009), Chicago, IL, USA, November 13, 2009. (Submissions due 19 June 2009)

    Notwithstanding the latest buzzword (grid, cloud, utility computing, SaaS, etc.), large-scale computing and cloud-like infrastructures are here to stay. How exactly they will look like tomorrow is still for the markets to decide, yet one thing is certain: clouds bring with them new untested deployment and associated adversarial models and vulnerabilities. It is essential that our community becomes involved at this early stage. The CCSW workshop aims to bring together researchers and practitioners in all security aspects of cloud-centric and outsourced computing, including:

    • secure cloud resource virtualization mechanisms
    • secure data management outsourcing
    • practical privacy and integrity mechanisms for outsourcing
    • foundations of cloud-centric threat models
    • secure computation outsourcing
    • remote attestation mechanisms in clouds
    • sandboxing and VM-based enforcements
    • trust and policy management in clouds
    • secure identity management mechanisms
    • new cloud-aware web service security paradigms and mechanisms
    • cloud-centric regulatory compliance issues and mechanisms
    • business and security risk models and clouds
    • cost and usability models and their interaction with security in clouds
    • scalability of security in global-size clouds
    • trusted computing technology and clouds
    • binary analysis of software for remote attestation and cloud protection
    • network security (DOS, IDS etc.) mechanisms for cloud contexts
    • security for emerging cloud programming models
    • energy/cost/efficiency of security in clouds

  • STM 2009 5th International Workshop on Security and Trust Management, Held in conjunction with ESORICS 2009, Saint Malo, France, September 24-25, 2009. (Submissions due 21 June 2009)

    STM (Security and Trust Management) is a established working group of ERCIM (European Research Consortium in Informatics and Mathematics). Topics of interest include, but are not limited to:

    • access control
    • cryptography
    • data protection
    • digital right management
    • economics of security and privacy
    • key management
    • ICT for securing digital as well as physical assets
    • identity management
    • networked systems security
    • privacy and anonymity
    • reputation systems and architectures
    • security and trust management architectures
    • semantics and computational models for security and trust
    • trust assessment and negotiation
    • trust in mobile code
    • trust in pervasive environments
    • trust models
    • trust management policies
    • trusted platforms and trustworthy systems
    • trustworthy user devices

  • ICISS 2009 5th International Conference on Information Systems Security, Kolkata, India, December 14-18, 2009. (Submissions due 15 July 2009)

    The conference series ICISS (International Conference on Information Systems Security), held annually, provides a forum for disseminating the latest research results in information and systems security. The ICISS 2009 encourages submissions addressing theoretical and practical problems in information and systems security and related areas. We especially like to encourage papers in domains that have not been represented much in the past at the conference, such as database security/privacy, usability aspects of security, operating systems security, and sensor networks security. Papers that introduce and address unique security challenges or present thought-provoking ideas are also welcome.

  • INTRUST 2009 The International Conference on Trusted Systems, Beijing, P. R. China, December 17-19, 2009. (Submissions due 1 August 2009)

    INTRUST 2009 is the first International Conference on the theory, technologies and applications of trusted systems. It is devoted to all aspects of trusted computing systems, including trusted modules, platforms, networks, services and applications, from their fundamental features and functionalities to design principles, architecture and implementation technologies. The goal of the conference is to bring academic and industrial researchers, designers, and implementers together with end-users of trusted systems, in order to foster the exchange of ideas in this challenging and fruitful area. INTRUST 2009 solicits original papers on any aspect of the theory, advanced development and applications of trusted computing, trustworthy systems and general trust issues in modern computing systems. The conference will have an academic track and an industrial track. This call for papers is for contributions to both of the tracks. Submissions to the academic track should emphasize theoretical and practical research contributions to general trusted system technologies, while submissions to the industrial track may focus on experiences on the implementation and deployment of real-world systems. Topics of relevance include but are not limited to:

    • Fundamental features and functionalities of trusted systems
    • Primitives and mechanisms for building a chain of trust
    • Design principles and architectures of trusted modules and platforms
    • Implementation technologies for trusted modules and platforms
    • Cryptographic aspects of trusted systems, including cryptographic algorithms and protocols, and their implementation and application in trusted systems
    • Scalable safe network operation in trusted systems
    • Mobile trusted systems, such as trusted mobile platforms, sensor networks, mobile (ad hoc) networks, peer-to-peer networks, Bluetooth, etc.
    • Storage aspects for trusted systems
    • Applications of trusted systems, e.g. trusted email, web services and various e-commerce services
    • Trusted intellectual property protection: metering, watermarking and digital rights management
    • Software protection for trusted systems
    • Authentication and access control for trusted systems
    • Key, identity and certificate management for trusted systems
    • Privacy aspects for trusted systems
    • Attestation aspects for trusted systems, such as measurement and verification of the behavior of trusted systems
    • Standards organizations and their contributions to trusted systems, such as TCG, ISO/IEC, IEEE 802.11, etc.
    • Emerging technologies for trusted systems, such as RFID, memory spots, etc.
    • Trust metrics and robust trust inference in distributed systems
    • Usability and reliability aspects for trusted systems
    • Trust modeling, economic analysis and protocol design for rational and malicious adversaries
    • Virtualisation for trusted systems
    • Limitations of trusted systems
    • Security analysis of trusted systems, including formal method proofs, provable security and automated analysis
    • Security policies for, and management of, trusted systems
    • Intrusion resilience and revocation aspects for trusted systems
    • Scalability aspects of trusted systems
    • Compatibility aspects of trusted systems
    • Experiences in building real-world trusted systems
    • Socio-economic aspects of trusted systems

  • Information Systems Frontiers, Special Issue on Security Management and Technologies for Protecting Against Internal Data Leakages Spring or Summer 2010. (Submission Due 14 August 2009)

    Guest editor: David Chadwick (University of Kent, UK), Hang Bae Chang (Daejin University, South Korea), Ilsun You (Korean Bible University, South Korea), and Seong-Moo Yoo (University of Alabama in Huntsville, USA)
    
    During the past decades, information security developments have been mainly concerned with preventing illegal attacks by outsiders, such as hacking, virus propagation, and spyware. However, according to a recent Gartner Research Report, information leakage caused by insiders who are legally authorized to have access to some corporate information is increasing dramatically. These leakages can cause significant damages such as weakening the competitiveness of companies (and even countries). Information leakage caused by insiders occurs less frequently than information leakage caused by outsiders, but the financial damage is much greater. Countermeasures in terms of physical, managerial, and technical aspects are necessary to construct an integral security management system to protect companies' major information assets from unauthorized internal attackers. The objective of this special issue is to showcases the most recent challenges and advances in security technologies and management systems to prevent leakage of organizations' information caused by insiders. It may also include state-of-the-art surveys and case analyses of practical significance. We expect that the special issue will be a trigger for further research and technology improvements related to this important subject. Topics(include but are not limited to):

    • Theoretical foundations and algorithms for addressing insider threats
    • Insider threat assessment and modeling
    • Security technologies to prevent, detect and avoid insider threats
    • Validating the trustworthiness of staff
    • Post-insider threat incident analysis
    • Data breach modeling and mitigation techniques
    • Registration, authentication and identification
    • Certification and authorization
    • Database security
    • Device control system
    • Digital forensic system
    • -Digital right management system
    • Fraud detection
    • Network access control system
    • Intrusion detection
    • Keyboard information security
    • Information security governance
    • Information security management systems
    • Risk assessment and management
    • Log collection and analysis
    • Trust management
    • IT compliance (audit) and continuous auditing

  • IFIP-DF 2010 6th Annual IFIP WG 11.9 International Conference on Digital Forensics, University of Hong Kong, Hong Kong, January 3-6, 2010. (Submissions due 15 August 2009)

    The IFIP Working Group 11.9 on Digital Forensics (www.ifip119.org) is an active international community of scientists, engineers and practitioners dedicated to advancing the state of the art of research and practice in the emerging field of digital forensics. The Sixth Annual IFIP WG 11.9 International Conference on Digital Forensics will provide a forum for presenting original, unpublished research results and innovative ideas related to the extraction, analysis and preservation of all forms of electronic evidence. Technical papers are solicited in all areas related to the theory and practice of digital forensics. Areas of special interest include, but are not limited to:

    • Theories, techniques and tools for extracting, analyzing and preserving digital evidence
    • Network forensics
    • Portable electronic device forensics
    • Digital forensic processes and workflow models
    • Digital forensic case studies
    • Legal, ethical and policy issues related to digital forensics

  • International Journal of Communication Networks and Information Security, Special Issue on Composite and Integrated Security Solutions for Wireless Sensor Networks Spring 2010. (Submission Due 1 September 2009)

    Guest editor: Riaz Ahmed Shaikh (Kyung Hee University, Korea), Al-Sakib Khan Pathan (Kyung Hee University, Korea), and Jaime Lloret (Polytechnic University of Valencia, Spain)
    
    This special issue is devoted to composite and integrated security solutions for Wireless Sensor Networks (WSNs). In WSNs, researchers have so far focused on the individual aspects (cryptography, privacy or trust) of security that are capable of providing protection against specific types of attacks. However, efforts on achieving completeness via a composite and integrated solution are lacking. That is ultimately necessary to attain because of its wide applicability in various sensitive applications, such as health-care, military, habitat monitoring, etc. The objective of this special issue is to gather recent advances in the area of composite and integrated security solutions of wireless sensor networks. This special issue covers topics that include, but are not limited to:

    • Adaptive and Intelligent Defense Systems
    • Authentication and Access control
    • Data security and privacy
    • Denial of service attacks and countermeasures
    • Identity, Route and Location Anonymity schemes
    • Intrusion detection and prevention techniques
    • Cryptography, encryption algorithms and Key management schemes
    • Secure routing schemes
    • Secure neighbor discovery and localization
    • Trust establishment and maintenance
    • Confidentiality and data integrity
    • Security architectures, deployments and solutions

  • SAC-DF 2010 25th ACM Symposium on Applied Computing, Computer Forensics Track, Sierre, Switzerland, March 22-26, 2010. (Submissions due 8 September 2009)

    With the exponential growth of computer users, the number of criminal activities that involves computers has increased tremendously. The field of Computer Forensics has gained considerable attention in the past few years. It is clear that in addition to law enforcement agencies and legal personnel, the involvement of computer savvy professionals is vital for any digital incident investigation. Unfortunately, there are not many well-qualified computer crime investigators available to meet this demand. An approach to solve this problem is to develop state-of-the-art research and development tools for practitioners in addition to creating awareness among computer users. The primary goal of this track will be to provide a forum for researchers, practitioners, and educators interested in Computer Forensics in order to advance research and educational methods in this increasingly challenging field. We expect that people from academia, industry, government, and law enforcement will share their previously unpublished ideas on research, education, and practice through this track. We solicit original, previously unpublished papers in the following general (non-exhaustive) list of topics:

    • Incident Response and Live Data Analysis
    • Operating System and Application Analysis
    • File System Analysis
    • Network Evidence Collection
    • Network Forensics
    • Data Hiding and Recovery
    • Digital Image Forensics
    • Event Reconstruction and Tracking
    • Forensics in Untrusted Environments
    • Hardware Assisted Forensics
    • Legal, Ethical and Privacy Issues
    • Attributing Malicious Cyber Activity
    • Design for Forensic Evaluation
    • Visualization for Forensics

  • SAC-TRECK 2010 25th ACM Symposium on Applied Computing, Trust, Reputation, Evidence and other Collaboration Know-how Track (TRECK), Sierre, Switzerland, March 22-26, 2010. (Submissions due 8 September 2009)

    Computational models of trust and online reputation mechanisms have been gaining momentum. The goal of the ACM SAC 2010 TRECK track remains to review the set of applications that benefit from the use of computational trust and online reputation. Computational trust has been used in reputation systems, risk management, collaborative filtering, social/business networking services, dynamic coalitions, virtual organisations and even combined with trusted computing hardware modules. The TRECK track covers all computational trust/reputation applications, especially those used in real-world applications. The topics of interest include, but are not limited to:

    • Recommender and reputation systems
    • Trust management, reputation management and identity management
    • Pervasive computational trust and use of context-awareness
    • Mobile trust, context-aware trust
    • Web 2.0 reputation and trust
    • Trust-based collaborative applications
    • Automated collaboration and trust negotiation
    • Trade-off between privacy and trust
    • Trust/risk-based security frameworks
    • Combined computational trust and trusted computing
    • Tangible guarantees given by formal models of trust and risk
    • Trust metrics assessment and threat analysis
    • Trust in peer-to-peer and open source systems
    • Technical trust evaluation and certification
    • Impacts of social networks on computational trust
    • Evidence gathering and management
    • Real-world applications, running prototypes and advanced simulations
    • Applicability in large-scale, open and decentralised environments
    • Legal and economic aspects related to the use of trust and reputation engines
    • User-studies and user interfaces of computational trust and online reputation applications

  • NDSS 2010 17th Annual Network & Distributed System Security Symposium, San Diego, CA, USA, February 28 - March 3, 2010. (Submissions due 11 September 2009)

    The Network and Distributed System Security Symposium fosters information exchange among research scientists and practitioners of network and distributed system security services. The target audience includes those interested in practical aspects of network and distributed system security, with a focus on actual system design and implementation (rather than theory). A major goal is to encourage and enable the Internet community to apply, deploy, and advance the state of available security technology. Submissions are solicited in, but not limited to, the following areas:

    • Security of Web-based applications and services
    • Anti-malware techniques: detection, analysis, and prevention
    • Intrusion prevention, detection, and response
    • Security for electronic voting
    • Combating cyber-crime: anti-phishing, anti-spam, anti-fraud techniques
    • Privacy and anonymity technologies
    • Network perimeter controls: firewalls, packet filters, and application gateways
    • Security for emerging technologies: sensor networks, wireless/mobile (and ad hoc) networks, and personal communication systems
    • Security for Vehicular Ad-hoc Networks (VANETs)
    • Security for peer-to-peer and overlay network systems
    • Security for electronic commerce: e.g., payment, barter, EDI, notarization, timestamping, endorsement, and licensing
    • Implementation, deployment and management of network security policies
    • Intellectual property protection: protocols, implementations, metering, watermarking, digital rights management
    • Integrating security services with system and application security facilities and protocols
    • Public key infrastructures, key management, certification, and revocation
    • Special problems and case studies: e.g., tradeoffs between security and efficiency, usability, reliability and cost
    • Security for collaborative applications: teleconferencing and video-conferencing
    • Software hardening: e.g., detecting and defending against software bugs (overflows, etc.)
    • Security for large-scale systems and critical infrastructures
    • Integrating security in Internet protocols: routing, naming, network management

 


• The Technical Committee on Security and Privacy

 

• Listing of academic positions available  by Cynthia Irvine
  

  Posted April 2009 Technische Universität Darmstadt
  Computer Science Department
  Darmstadt, Germany
  PostDocs and PhD students
  Open until filled
  http://www.mais.informatik.tu-darmstadt.de/Positions.html

 

• Staying in touch....

  • Information for Subscribers and Contributors

  • Who's where: recent address changes

  • Changing your email address?  Please send updates to cipher@ieee-security.org