Cipher Electronic Newsletter of the Technical Committe on    Security & Privacy A Technical Committee of the Computer Society of the IEEE  Electronic Issue (EI) 91,  July 20, 2009 Hilarie Orman,  Editor Book Reviews Sven Dietrich, Associate Editor Yong Guan, Calendar Editor

Contents:

• Letter from the Editor 
   

• Commentary and Opinion

  • Review of the Detection of Intrusions and Malware & Vulnerability Assessment (Como, Italy, July 9-10, 2009) by Martin Apel and Michael Meier

  • Richard Austin's review of Windows Forensic Analysis DVD Toolkit (2ed) by H. Carvey

  • Technical Committee on Security and Privacy Names Officers for 2010-2012

  • "Oakland" (Security and Privacy Symposium) Plans 30th Anniversary Gala

  • ACM SIGSAC award nominations now open

  • NIST Announces Digital Signature Standard

  • NIST Requests Comments on Key Size Transitions

  • Book reviews from past Cipher issues

  • Conference Reports and Commentary from past Cipher issues

  • News items from past Cipher issues

 
• Conference and Workshop Announcements

  • Cipher calls-for-papers and calendar
      Calendar (the calls-for-papers and the calendar announcements may differ slightly in content or time of update): 

  • 7/17/09: F2GC, 2nd International Workshop on Forensics for Future Generation Communication environments, Jeju, Korea; Submissions are due
  • 7/20/09: MPIS, 2nd International Workshop on Multimedia, Information Privacy and Intelligent Computing Systems, Jeju, Korea; Submissions are due
  • 7/20/09- 7/22/09: POLICY, IEEE International Symposium on Policies for Distributed Systems and Networks, Imperial College London, UK
  • 7/24/09: FAST, 6th International Workshop on Formal Aspects in Security and Trust, Eindhoven, the Netherlands; Submissions are due
  • 7/27/09: HOST, 2nd IEEE International Workshop on Hardware-Oriented Security and Trust, San Francisco, CA, USA
  • 7/31/09: ReConFig, International Conference on ReConFigurable Computing and FPGAs, Special Track on Reconfigurable Computing for Security and Cryptography, Cancun, Mexico; Submissions are due
  • 8/ 1/09: MidSec, 2nd Workshop on Middleware Security, Held in conjunction with the 10th ACM/IFIP/USENIX International Middleware Conference (MIDDLEWARE 2009), Urbana Champaign, Illinois, USA; Submissions are due
  • 8/ 1/09: IEEE Design and Test of Computers, Special Issue on Verifying Physical Trustworthiness of Integrated Circuits and Systems; Submissions are due
  • 8/10/09: CSET, Workshop on Cyber Security Experimentation and Test, Held in conjunction with the USENIX Security Symposium (USENIX-Security 2009), Montreal, Canada
  • 8/11/09: HotSec, 4th USENIX Workshop on Hot Topics in Security, Held in conjunction with the 18th USENIX Security Symposium (USENIX-Security 2009), Montreal, Canada
  • 8/12/09- 8/14/09: USENIX-SECURITY, 18th USENIX Security Symposium, Montreal, Canada
  • 8/14/09: Information Systems Frontiers, Special Issue on Security Management and Technologies for Protecting Against Internal Data Leakages; Submissions are due
  • 8/15/09: IFIP-DF, 6th Annual IFIP WG 11.9 International Conference on Digital Forensics, University of Hong Kong, Hong Kong; Submissions are due
  • 8/15/09: UbiSafe, 2nd IEEE International Symposium on Ubisafe Computing, Chengdu, China; Submissions are due
  • 8/17/09: INTRUST, The International Conference on Trusted Systems, Beijing, P. R. China; Submissions are due
  • 8/17/09- 8/19/09: DFRWS, 9th Digital Forensics Research Workshop, Montreal, Canada
  • 8/25/09: Inscrypt, 5th China International Conference on Information Security and Cryptology, Beijing, P. R. China; Submissions are due
  • 8/31/09- 9/ 4/09: TrustBus, 6th International Conference on Trust, Privacy, and Security in Digital Business, Held in conjunction with the 20th International Conference on Database and Expert Systems Applications (DEXA 2009), Linz, Austria
  • 8/31/09- 9/ 4/09: DaSECo, 1st International Workshop on Defence against Spam in Electronic Communication, Held in conjunction with the 20th International Conference on Database and Expert Systems Applications (DEXA 2009), Linz, Austria
  • 8/31/09- 9/ 4/09: InSPEC, 2nd International Workshop on Security and Privacy in Enterprise Computing, Held in conjunction with the 13th IEEE International Enterprise Distributed Object Computing Conference (EDOC 2009), Auckland, New Zealand
  • 9/ 1/09: International Journal of Communication Networks and Information Security, Special Issue on Composite and Integrated Security Solutions for Wireless Sensor Networks; Submissions are due
  • 9/ 1/09: Journal of System Architecture, Special Issue on Security and Dependability Assurance of Software Architectures; Submissions are due
  • 9/ 2/09- 9/ 4/09: WISTP, Workshop on Information Security Theory and Practices (Smart Devices, Pervasive Systems, and Ubiquitous Networks), Bruxelles, Belgium
  • 9/ 7/09- 9/ 9/09: ISC, 12th Information Security Conference, Pisa, Italy
  • 9/ 8/09: SAC-CF, 25th ACM Symposium on Applied Computing, Computer Forensics Track, Sierre, Switzerland; Submissions are due
  • 9/ 8/09: SAC-TRECK, 25th ACM Symposium on Applied Computing, Trust, Reputation, Evidence and other Collaboration Know-how Track, Sierre, Switzerland; Submissions are due
  • 9/ 8/09: SAC-ISRA, 25th ACM Symposium on Applied Computing, Information Security Research and Applications Track, Sierre, Switzerland; Submissions are due
  • 9/ 8/09- 9/11/09: NSPW, New Security Paradigms Workshop, The Queen's College, University of Oxford, UK
  • 9/ 9/09- 9/11/09: EuroPKI, 6th European Workshop on Public Key Services, Applications and Infrastructures, Pisa, Tuscany, Italy;
  • 9/10/09- 9/11/09: ARO-DF, ARO Workshop on Digital Forensics, Washington DC., USA
  • 9/11/09: NDSS, 17th Annual Network & Distributed System Security Symposium, San Diego, CA, USA; Submissions are due
  • 9/14/09- 9/18/09: SECURECOMM, 5th International ICST Conference on Security and Privacy for Communication Networks, Athens, Greece
  • 9/15/09: EC2ND, 5th European Conference on Computer Network Defence, Politecnico di Milano, Milano, Italy; Submissions are due
  • 9/15/09: FC, Financial Cryptography and Data Security, Tenerife, Canary Islands, Spain; Submissions are due
  • 9/21/09: WiSec, 3rd ACM Conference on Wireless Network Security, Stevens Institute of Technology, Hoboken, NJ, USA; Submissions are due
  • 9/21/09- 9/25/09: ESORICS, 14th European Symposium on Research in Computer Security, Saint Malo, France
  • 9/24/09: DPM, 4th International Workshop on Data Privacy Management, Saint Malo, Britany, France
  • 9/24/09- 9/25/09: SETOP, International Workshop on Autonomous and Spontaneous Security, Held in conjunction with ESORICS 2009, Saint Malo, Britany, France
  • 9/24/09- 9/25/09: STM, 5th International Workshop on Security and Trust Management, Held in conjunction with ESORICS 2009, Saint Malo, France
  • 9/27/09- 9/30/09: SRDS, 28th International Symposium on Reliable Distributed Systems, Niagara Falls, New York, USA
  • 9/28/09: ASIACCS, 5th ACM Symposium on Information, Computer and Communications Security, Beijing, China; Submissions are due
  • 9/30/09: ESSoS, 2nd International Symposium on Engineering Secure Software and Systems, Pisa, Italy; Submissions are due
  • 9/30/09-10/ 2/09: ICDF2C, International Conference on Digital Forensics & Cyber Crime, Albany, NY, USA
  • 10/ 6/09-10/10/09: SIN, 2nd ACM International Conference on Security of Information and Networks, Eastern Mediterranean University, Gazimagusa, TRNC, North Cyprus
  • 10/11/09: VizSec, Workshop on Visualization for Cyber Security, Atlantic City, NJ, USA
  • 10/12/09: SecPri-WiMob, International Workshop on Security and Privacy in Wireless and Mobile Computing, Networking and Communications, Held in the 5th IEEE International Conference on Wireless and Mobile Computing, Networking and Communications (WiMob 2009), Marrakech, Morocco
  • 10/12/09-10/14/09: TSP, IEEE International Symposium on Trust, Security and Privacy for Pervasive Applications, Held in conjunction with the IEEE International Conference on Mobile Ad-hoc and Sensor Systems (MASS 2009), Macau SAR, China
  • 10/14/09: MetriSec, 5th International Workshop on Security Measurements and Metrics, Held in conjunction with the International Symposium on Empirical Software Engineering and Measurement (ESEM 2009), Lake Buena Vista, Florida, USA
  • 10/19/09-10/21/09: NSS, 3rd International Conference on Network & System Security, Gold Coast, Australia
  • 10/19/09-10/21/09: DMM, 1st International Workshop on Denial of service Modelling and Mitigation, Held in conjunction with 3rd International Conference on Network & System Security (NSS 2009), Gold Coast, Australia
  • 10/28/09-10/30/09: IWSEC, 4th International Workshop on Security, Toyama, Japan
  • 11/ 1/09: Elsevier Computer Communications, Special Issue on Multimedia Networking and Security in Convergent Networks; Submissions are due
  • 11/ 1/09-11/ 6/09: LISA, 23rd USENIX Large Installation System Administration Conference, Baltimore, MD, USA
  • 11/ 1/09-11/ 6/09: IS, 4th International Symposium on Information Security, Vilamoura, Algarve-Portugal
  • 11/ 5/09-11/ 6/09: FAST, 6th International Workshop on Formal Aspects in Security and Trust, Eindhoven, the Netherlands
  • 11/ 9/09-11/13/09: CCS, 16th ACM Conference on Computer and Communications Security, Chicago, IL, USA
  • 11/12/09-11/13/09: EC2ND, 5th European Conference on Computer Network Defence, Politecnico di Milano, Milano, Italy
  • 11/13/09: STC, 4th Annual Workshop on Scalable Trusted Computing, Held in conjunction with the 16th ACM Conference on Computer and Communications Security (CCS 2009), Chicago, IL, USA
  • 11/13/09: SWS, ACM Workshop on Secure Web Services, Held in conjunction with the 16th ACM Conference on Computer and Communications Security (CCS 2009), Chicago, IL, USA
  • 11/13/09: SPIMACS, ACM Workshop on Security and Privacy in Medical and Home-Care Systems, Held in conjunction with the 16th ACM Conference on Computer and Communications Security (CCS 2009), Chicago, IL, USA
  • 11/13/09: CCSW, ACM Cloud Computing Security Workshop, Held in conjunction with the 16th ACM Conference on Computer and Communications Security (CCS 2009), Chicago, IL, USA
  • 11/15/09: IEEE Security & Privacy, Special Issue on Privacy-Preserving Sharing of Sensitive Information; Submissions are due
  • 11/18/09: SP, 31st IEEE Symposium on Security and Privacy, The Claremont Resort, Oakland, CA, USA; Submissions are due
  • 11/18/09-11/20/09: IWNS, International Workshop on Network Steganography, Held in conjunction with the International Conference on Multimedia Information Networking and Security (MINES 2009), Wuhan, Hubei, China
  • 11/18/09-11/20/099: SECMCS, Workshop on Secure Multimedia Communication and Services, Held in conjunction with the 2009 International Conference on Multimedia Information Networking and Security (MINES 2009), Wuhan, China
  • 11/30/09: MidSec, 2nd Workshop on Middleware Security, Held in conjunction with the 10th ACM/IFIP/USENIX International Middleware Conference (MIDDLEWARE 2009), Urbana Champaign, Illinois, USA
  • 12/ 6/09-12/ 9/09: WIFS, 1st IEEE International Workshop on Information Forensics and Security, London, UK
  • 12/ 6/09-12/10/09: ASIACRYPT, 15th Annual International Conference on the Theory and Application of Cryptology and Information Security, Tokyo, Japan
  • 12/ 7/09-12/11/09: ACSAC, 25th Annual Computer Security Applications Conference, Honolulu, Hawaii, USA
  • 12/ 8/09-12/11/09: ICPADS, 15th IEEE International Conference on Parallel and Distributed Systems, Shenzhen, China
  • 12/ 9/09-12/11/09: ReConFig, International Conference on ReConFigurable Computing and FPGAs, Special Track on Reconfigurable Computing for Security and Cryptography, Cancun, Mexico
  • 12/10/09-12/12/09: F2GC, 2nd International Workshop on Forensics for Future Generation Communication environments, Jeju, Korea
  • 12/10/09-12/12/09: MPIS, 2nd International Workshop on Multimedia, Information Privacy and Intelligent Computing Systems, Jeju, Korea
  • 12/12/09-12/14/09: CANS, 8th International Conference on Cryptography and Network Security, Kanazawa, Ishikawa, Japan
  • 12/12/09-12/14/09: UbiSafe, 2nd IEEE International Symposium on Ubisafe Computing, Chengdu, China
  • 12/12/09-12/15/09: Inscrypt, 5th China International Conference on Information Security and Cryptology, Beijing China
  • 12/14/09-12/18/09: ICISS, 5th International Conference on Information Systems Security, Kolkata, India
  • 12/17/09-12/19/09: INTRUST, The International Conference on Trusted Systems, Beijing, P. R. China
  • 12/31/09: IFIP-CIP, 4th Annual IFIP WG 11.10 International Conference on Critical Infrastructure Protection, Fort McNair, Washington, DC, USA; Submissions are due
  • 1/ 3/10- 1/ 6/10: IFIP-DF, 6th Annual IFIP WG 11.9 International Conference on Digital Forensics, University of Hong Kong, Hong Kong
  • 1/ 5/10- 1/ 8/10: HICSS-DF, 43rd Hawaii International Conference on System Sciences, Digital Forensics Minitrack, Koloa, Kauai, Hawaii
  • 1/25/10- 1/28/10: FC, Financial Cryptography and Data Security, Tenerife, Canary Islands, Spain
  • 2/ 3/10- 2/4/10: ESSoS, 2nd International Symposium on Engineering Secure Software and Systems, Pisa, Italy
  • 2/28/10- 3/ 3/10: NDSS, 17th Annual Network & Distributed System Security Symposium, San Diego, CA, USA
  • 3/14/10- 3/17/10: IFIP-CIP, 4th Annual IFIP WG 11.10 International Conference on Critical Infrastructure Protection, Fort McNair, Washington, DC, USA
  • 3/22/10- 3/24/10: WiSec, 3rd ACM Conference on Wireless Network Security, Stevens Institute of Technology, Hoboken, NJ, USA
  • 3/22/10- 3/26/10: SAC-CF, 25th ACM Symposium on Applied Computing, Computer Forensics Track, Sierre, Switzerland
  • 3/22/10- 3/26/10: SAC-TRECK, 25th ACM Symposium on Applied Computing, Trust, Reputation, Evidence and other Collaboration Know-how Track, Sierre, Switzerland
  • 3/22/10- 3/26/10: SAC-ISRA, 25th ACM Symposium on Applied Computing, Information Security Research and Applications Track, Sierre, Switzerland
  • 4/13/10- 4/16/10: ASIACCS, 5th ACM Symposium on Information, Computer and Communications Security, Beijing, China
  • 5/16/10- 5/19/10: SP, 31st IEEE Symposium on Security and Privacy, The Claremont Resort, Oakland, CA, USA
  • new calls or announcements added since Cipher E90

  • F2GC 2009
    2nd International Workshop on Forensics for Future Generation Communication environments, Jeju, Korea, December 10-12, 2009. (Submissions due 17 July 2009)

    Future Generation Communication environments (FGC) are advanced communication and networking environments where all applications and services are focused on users. In addition, the FGC has emerged rapidly an exciting new paradigm to provide reliable and comfortable life services. Furthermore, the benefits of FGC will only be realized if security issues can be appropriately addressed. Specially, forensics for FGC is very important in the security fields. This workshop is intended to foster state-of-the-art research forensics in the area of FGC including information and communication technologies, law, social sciences and business administration. Topics of interest include but are not limited to following:

    • Digital forensics tools in FGC
    • Digital Evidence Management in FGC
    • Digital Evidence Analytics in FGC
    • Digital Forensics Surveillance Technology and Procedures in FGC
    • Digital evidence visualisation and communication for FGC
    • Digital evidence storage and preservation in FGC
    • Incident response and investigation in FGC
    • Forensic procedures in FGC
    • Portable electronic device forensics for FGC
    • Network forensics in FGC
    • Data hiding and recovery in FGC
    • Network traffic analysis, traceback and attribution in FGC
    • Legal, ethical and policy issues related to digital forensics in FGC
    • Integrity of digital evidence and live investigations
    • Multimedia analysis in FGC
    • Trends and Challenges for FGC
    • Evidence Protection in FGC
    • Forensics case studies in FGC

  • MPIS 2009
    2nd International Workshop on Multimedia, Information Privacy and Intelligent Computing Systems, Jeju, Korea, December 10-12, 2009. (Submissions due 20 July 2009)

    This workshop on Multimedia, Information Privacy and Intelligent Computing Systems is intended to foster the dissemination of state-of-the-art research in the area of multimedia and intelligent computing including multimedia signal processing, information security, soft computing such as neural network, fuzzy theory and genetic algorithm, and novel applications of intelligent computing in multimedia. As a follow-up to the workshop, we plan to publish high quality papers, covering the various theories and practical applications related to multimedia and intelligent computing. We invite new and original submissions addressing theoretical and practical topics in information technology and intelligent computing fields.

  • IFAST 2009
    6th International Workshop on Formal Aspects in Security and Trust, Eindhoven, the Netherlands, November 5-6, 2009. (Submissions due 24 July 2009)

    The FAST2009 workshop aims at continuing the successful efforts of the previous workshops, fostering the cooperation among researchers in the areas of security and trust. As computing and network infrastructures become increasingly pervasive, and as they carry increasing economic activity, society needs well matched security and trust mechanisms. These interactions increasingly span several enterprises and involve loosely structured communities of individuals. Participants in these activities must control interactions with their partners based on trust policies and business logic. Trust-based decisions effectively determine the security goals for shared information and for access to sensitive or valuable resources. FAST focuses on the formal models of security and trust that are needed to state goals and policies for these interactions. We also seek new and innovative techniques for establishing consequences of these formal models. Implementation approaches for such techniques are also welcome.

  • ReConFig 2009
    International Conference on ReConFigurable Computing and FPGAs, Special Track on Reconfigurable Computing for Security and Cryptography, Cancun, Mexico, December 9-11, 2009. (Submissions due 31 July 2009))

    Reconfigurable hardware offers unique opportunities for the design and implementation of secure applications in embedded and high-end computing platforms. High performance, carefully-controlled execution, and physical isolation are just a few of the advantages that hardware brings over software. At the same time, new challenges appear, such as the protection of intellectual property in a reconfigurable fabric, and the protection of soft-hardware against malicious tampering. This special track seeks the latest innovations in reconfigurable computing for security and cryptography. Topics of interest include the following:

    • Hardware Implementation of Novel Cryptographic Algorithms and Protocols
    • Reconfigurable Cryptographic Primitives
    • Special-Purpose Hardware for Cryptanalysis
    • Hardware Support for Trustworthy Software Execution
    • True and Pseudo Random Generators
    • Circuit Identification and Physical Unclonable Functions
    • Efficient Methods for Protection of Hardware IPs
    • FPGA Design Security
    • Fault Attacks and Side-channel Attacks
    • Hardware Tamper Resistance and Tamper Evidence
    • Hardware Trojan Detection and Resistance
    • Design Flows for Hardware-based Secure Systems
    • Performance Evaluation of Secure Reconfigurable Hardware

  • IEEE Design and Test of Computers, Special Issue on Verifying Physical Trustworthiness of Integrated Circuits and Systems
    , January/February 2010. (Submission Due 1 August 2009)

    Guest editor: Mohammad Tehranipoor (University of Connecticut, USA) and Farinaz Koushanfar (Rice University, USA)
    
    The emergence of a globalized, horizontal semiconductor business model raises a set of concerns involving the security and trust of the information systems on which modern society is increasingly reliant for mission-critical functionality. Hardware security and trust issues span a broad range including threats related to the malicious insertion of Trojan circuits designed, e.g., to act as a silicon time bomb to disable a chip, to intellectual property (IP) and integrated circuit (IC) piracy, to untrusted 3rd party IPs, to attacks designed to extract encryption keys and IP from a chip, and to malicious system disruption and diversion. Trojans can be inserted into a circuit or system developed by 3rd party IP vendor, system integrator, or foundry. Topics of interest include (but are not limited to):

    • Trojan detection and isolation
    • Authenticating foundry of origin
    • Watermarking
    • IC Metering
    • FPGA design security
    • Physical unclonable functions (PUFs)
    • Hardware intrusion detection and prevention
    • Scan-chain encryption

  • MidSec 2009
    2nd Workshop on Middleware Security, Held in conjunction with the 10th ACM/IFIP/USENIX International Middleware Conference (MIDDLEWARE 2009), Urbana Champaign, Illinois, USA, November 30, 2009. (Submissions due 1 August 2009)

    Modern applications are predominantly built around the distributed programming paradigm. Client-server applications, grids, peer-to-peer networks and event-based systems are examples of architectures that are used by a large share of the present software base. These paradigms expose applications to numerous, ever-growing security threats. However, many areas of security are still only partially addressed w.r.t. middleware. Examples are identity management, privacy and anonymity, accountability, application protection, and so on. While more conventional research results in the above-mentioned areas of middleware security are appreciated, this year the MidSec workshop will particularly welcome papers in the area of security measures for lightweight composition. Papers are sought after from two complementary angles: middleware platforms and software architectures. Mashup editors provide an easy-to-use facility that brings the power of software composition at the fingertips of any Internet-connected user. The mashup model is catching the enterprise world as well; it all started with situational applications and it is currently spreading further. Ready or not, here it comes. We are about to face times where application composition will be less and less rigid and hence will more and more resemble organized chaos. Enforcing sound security principles in such a muddled environment is an interesting research challenge for both the middleware and the software architecture communities. On one hand, software architectures modeling techniques must provide suitable abstractions to represent and address the above (and many other) security concerns. On the other hand, middleware platforms should support such abstractions in a natural, usable way. The topics of interest for papers include, but are not limited to:

    • Middleware security and privacy
    • Security and privacy in agent-based platforms
    • Context-sensitive security middleware
    • Security and privacy in aspect-based middleware
    • Security and privacy in service-oriented architectures
    • Middleware-level security monitoring and measurement
    • Middleware-driven lightweight secure composition
    • Architecture-driven lightweight secure composition
    • Security and privacy in enterprise mashups
    • Usability and security in lightweight composition

  • Information Systems Frontiers, Special Issue on Security Management and Technologies for Protecting Against Internal Data Leakages
    Spring or Summer 2010. (Submission Due 14 August 2009)

    Guest editor: David Chadwick (University of Kent, UK), Hang Bae Chang (Daejin University, South Korea), Ilsun You (Korean Bible University, South Korea), and Seong-Moo Yoo (University of Alabama in Huntsville, USA)
    
    During the past decades, information security developments have been mainly concerned with preventing illegal attacks by outsiders, such as hacking, virus propagation, and spyware. However, according to a recent Gartner Research Report, information leakage caused by insiders who are legally authorized to have access to some corporate information is increasing dramatically. These leakages can cause significant damages such as weakening the competitiveness of companies (and even countries). Information leakage caused by insiders occurs less frequently than information leakage caused by outsiders, but the financial damage is much greater. Countermeasures in terms of physical, managerial, and technical aspects are necessary to construct an integral security management system to protect companies' major information assets from unauthorized internal attackers. The objective of this special issue is to showcases the most recent challenges and advances in security technologies and management systems to prevent leakage of organizations' information caused by insiders. It may also include state-of-the-art surveys and case analyses of practical significance. We expect that the special issue will be a trigger for further research and technology improvements related to this important subject. Topics(include but are not limited to):

    • Theoretical foundations and algorithms for addressing insider threats
    • Insider threat assessment and modeling
    • Security technologies to prevent, detect and avoid insider threats
    • Validating the trustworthiness of staff
    • Post-insider threat incident analysis
    • Data breach modeling and mitigation techniques
    • Registration, authentication and identification
    • Certification and authorization
    • Database security
    • Device control system
    • Digital forensic system
    • -Digital right management system
    • Fraud detection
    • Network access control system
    • Intrusion detection
    • Keyboard information security
    • Information security governance
    • Information security management systems
    • Risk assessment and management
    • Log collection and analysis
    • Trust management
    • IT compliance (audit) and continuous auditing

  • IFIP-DF 2010
    6th Annual IFIP WG 11.9 International Conference on Digital Forensics, University of Hong Kong, Hong Kong, January 3-6, 2010. (Submissions due 15 August 2009)

    The IFIP Working Group 11.9 on Digital Forensics (www.ifip119.org) is an active international community of scientists, engineers and practitioners dedicated to advancing the state of the art of research and practice in the emerging field of digital forensics. The Sixth Annual IFIP WG 11.9 International Conference on Digital Forensics will provide a forum for presenting original, unpublished research results and innovative ideas related to the extraction, analysis and preservation of all forms of electronic evidence. Technical papers are solicited in all areas related to the theory and practice of digital forensics. Areas of special interest include, but are not limited to:

    • Theories, techniques and tools for extracting, analyzing and preserving digital evidence
    • Network forensics
    • Portable electronic device forensics
    • Digital forensic processes and workflow models
    • Digital forensic case studies
    • Legal, ethical and policy issues related to digital forensics

  • UbiSafe 2009
    2nd IEEE International Symposium on Ubisafe Computing, Chengdu, China, December 12-14, 2009. (Submissions due 15 August 2009)

    The UbiSafe-09 Symposium provides a forum for engineers and scientists in academia, industry, and government to address all safety related profound challenges including technical, social, legal and ethical issues, and to present and discuss their ideas, theories, technologies, systems, tools, applications, work in progress and experience on all aspects of UbiSafe computing. UbiSafe emphasizes the SAFE aspects for ubiquitous, pervasive, AmI, mobile, universal, embedded, wearable, augmented, invisible, hidden, context-aware, sentient, proactive, autonomic, or whatever it is called, computing. UbiSafe computing is focused on theories and technologies for ubiquitous artifacts to function safely for different purposes; for ubiquitous systems to work safely in various situations; and for ubiquitous environments to behave safely with all people. A series of challenges exist to let people benefit from ubiquitous services, and simultaneously guarantee their safety in making ubiquitous safe artifacts, systems, and environments.

  • INTRUST 2009
    The International Conference on Trusted Systems, Beijing, P. R. China, December 17-19, 2009. (Submissions due 17 August 2009)

    INTRUST 2009 is the first International Conference on the theory, technologies and applications of trusted systems. It is devoted to all aspects of trusted computing systems, including trusted modules, platforms, networks, services and applications, from their fundamental features and functionalities to design principles, architecture and implementation technologies. The goal of the conference is to bring academic and industrial researchers, designers, and implementers together with end-users of trusted systems, in order to foster the exchange of ideas in this challenging and fruitful area. INTRUST 2009 solicits original papers on any aspect of the theory, advanced development and applications of trusted computing, trustworthy systems and general trust issues in modern computing systems. The conference will have an academic track and an industrial track. This call for papers is for contributions to both of the tracks. Submissions to the academic track should emphasize theoretical and practical research contributions to general trusted system technologies, while submissions to the industrial track may focus on experiences on the implementation and deployment of real-world systems. Topics of relevance include but are not limited to:

    • Fundamental features and functionalities of trusted systems
    • Primitives and mechanisms for building a chain of trust
    • Design principles and architectures of trusted modules and platforms
    • Implementation technologies for trusted modules and platforms
    • Cryptographic aspects of trusted systems, including cryptographic algorithms and protocols, and their implementation and application in trusted systems
    • Scalable safe network operation in trusted systems
    • Mobile trusted systems, such as trusted mobile platforms, sensor networks, mobile (ad hoc) networks, peer-to-peer networks, Bluetooth, etc.
    • Storage aspects for trusted systems
    • Applications of trusted systems, e.g. trusted email, web services and various e-commerce services
    • Trusted intellectual property protection: metering, watermarking and digital rights management
    • Software protection for trusted systems
    • Authentication and access control for trusted systems
    • Key, identity and certificate management for trusted systems
    • Privacy aspects for trusted systems
    • Attestation aspects for trusted systems, such as measurement and verification of the behavior of trusted systems
    • Standards organizations and their contributions to trusted systems, such as TCG, ISO/IEC, IEEE 802.11, etc.
    • Emerging technologies for trusted systems, such as RFID, memory spots, etc.
    • Trust metrics and robust trust inference in distributed systems
    • Usability and reliability aspects for trusted systems
    • Trust modeling, economic analysis and protocol design for rational and malicious adversaries
    • Virtualisation for trusted systems
    • Limitations of trusted systems
    • Security analysis of trusted systems, including formal method proofs, provable security and automated analysis
    • Security policies for, and management of, trusted systems
    • Intrusion resilience and revocation aspects for trusted systems
    • Scalability aspects of trusted systems
    • Compatibility aspects of trusted systems
    • Experiences in building real-world trusted systems
    • Socio-economic aspects of trusted systems

  • Inscrypt 2009
    5th China International Conference on Information Security and Cryptology, Beijing China, December 12 - 15, 2009. (Submissions due 25 August 2009)

    Inscrypt 2009 seeks high-quality research contributions in the form of well developed papers. Topics of interest encompass research advances in ALL areas of cryptology, information security and their applications, include:

    • Access Control
    • Authentication and Authorization
    • Biometric Security
    • Distributed System Security
    • Database Security
    • Electronic Commerce Security
    • Intrusion Detection
    • Information Hiding and Watermarking
    • Key Management and Key Recovery
    • Network Security
    • Security Protocols and Their Analysis
    • Security Modeling and Architectures
    • Provable Security
    • Secure Multiparty Computation
    • Foundations of Cryptography
    • Secret Key and Public Key Cryptosystems
    • Implementation of Cryptosystems
    • Hash Functions and MACs
    • Block Cipher Modes of Operation
    • Intellectual Property Protection
    • Mobile System Security
    • Operating System Security
    • Risk Evaluation and Security Certification
    • Prevention and Detection of Malicious Codes

  • International Journal of Communication Networks and Information Security, Special Issue on Composite and Integrated Security Solutions for Wireless Sensor Networks
    Spring 2010. (Submission Due 1 September 2009)

    Guest editor: Riaz Ahmed Shaikh (Kyung Hee University, Korea), Al-Sakib Khan Pathan (Kyung Hee University, Korea), and Jaime Lloret (Polytechnic University of Valencia, Spain)
    
    This special issue is devoted to composite and integrated security solutions for Wireless Sensor Networks (WSNs). In WSNs, researchers have so far focused on the individual aspects (cryptography, privacy or trust) of security that are capable of providing protection against specific types of attacks. However, efforts on achieving completeness via a composite and integrated solution are lacking. That is ultimately necessary to attain because of its wide applicability in various sensitive applications, such as health-care, military, habitat monitoring, etc. The objective of this special issue is to gather recent advances in the area of composite and integrated security solutions of wireless sensor networks. This special issue covers topics that include, but are not limited to:

    • Adaptive and Intelligent Defense Systems
    • Authentication and Access control
    • Data security and privacy
    • Denial of service attacks and countermeasures
    • Identity, Route and Location Anonymity schemes
    • Intrusion detection and prevention techniques
    • Cryptography, encryption algorithms and Key management schemes
    • Secure routing schemes
    • Secure neighbor discovery and localization
    • Trust establishment and maintenance
    • Confidentiality and data integrity
    • Security architectures, deployments and solutions

  • Journal of System Architecture, Special Issue on Security and Dependability Assurance of Software Architectures
    , Spring 2010. (Submission Due 1 September 2009)

    Guest editor: Ernesto Damiani (Università degli Studi di Milano, Italy), Sigrid Gürgens (Fraunhofer Institute for Secure Information Technology, Germany), Antonio Maña (Universidad de Málaga, Spain), George Spanoudakis (City University, London, UK), and Claudio A. Ardagna (Università degli Studi di Milano, Italy)
    
    The JSA special issue will focus in particular on context, methodologies, techniques, and tools for V&V of software architectures, with particular focus on supporting assurance and compliance, as well as security and dependability certification, for evolving and long-lived systems. Authors are invited to submit papers on a variety of topics, including but not limited to:

    • foundations and new perspectives of V&V mechanisms and security certifications
    • solutions, tools, frameworks for S&D assurance and certification
    • new and/or existing certification processes and tools suitable for challenging contexts (e.g., telecommunications, mobile, real time, process control, and embedded systems), and/or experience with them
    • new and/or existing modelling techniques which are particularly suited to evolving systems, and/or experience with them
    • tools and case studies that integrate techniques from different areas, such as V&V mechanisms, including static verification, dynamic verification, testing, product and process certification, empirical software engineering, modeling of evolving and distributed systems

  • SAC-DF 2010
    25th ACM Symposium on Applied Computing, Computer Forensics Track, Sierre, Switzerland, March 22-26, 2010. (Submissions due 8 September 2009)

    With the exponential growth of computer users, the number of criminal activities that involves computers has increased tremendously. The field of Computer Forensics has gained considerable attention in the past few years. It is clear that in addition to law enforcement agencies and legal personnel, the involvement of computer savvy professionals is vital for any digital incident investigation. Unfortunately, there are not many well-qualified computer crime investigators available to meet this demand. An approach to solve this problem is to develop state-of-the-art research and development tools for practitioners in addition to creating awareness among computer users. The primary goal of this track will be to provide a forum for researchers, practitioners, and educators interested in Computer Forensics in order to advance research and educational methods in this increasingly challenging field. We expect that people from academia, industry, government, and law enforcement will share their previously unpublished ideas on research, education, and practice through this track. We solicit original, previously unpublished papers in the following general (non-exhaustive) list of topics:

    • Incident Response and Live Data Analysis
    • Operating System and Application Analysis
    • File System Analysis
    • Network Evidence Collection
    • Network Forensics
    • Data Hiding and Recovery
    • Digital Image Forensics
    • Event Reconstruction and Tracking
    • Forensics in Untrusted Environments
    • Hardware Assisted Forensics
    • Legal, Ethical and Privacy Issues
    • Attributing Malicious Cyber Activity
    • Design for Forensic Evaluation
    • Visualization for Forensics

  • SAC-TRECK 2010
    25th ACM Symposium on Applied Computing, Trust, Reputation, Evidence and other Collaboration Know-how Track (TRECK), Sierre, Switzerland, March 22-26, 2010. (Submissions due 8 September 2009)

    Computational models of trust and online reputation mechanisms have been gaining momentum. The goal of the ACM SAC 2010 TRECK track remains to review the set of applications that benefit from the use of computational trust and online reputation. Computational trust has been used in reputation systems, risk management, collaborative filtering, social/business networking services, dynamic coalitions, virtual organisations and even combined with trusted computing hardware modules. The TRECK track covers all computational trust/reputation applications, especially those used in real-world applications. The topics of interest include, but are not limited to:

    • Recommender and reputation systems
    • Trust management, reputation management and identity management
    • Pervasive computational trust and use of context-awareness
    • Mobile trust, context-aware trust
    • Web 2.0 reputation and trust
    • Trust-based collaborative applications
    • Automated collaboration and trust negotiation
    • Trade-off between privacy and trust
    • Trust/risk-based security frameworks
    • Combined computational trust and trusted computing
    • Tangible guarantees given by formal models of trust and risk
    • Trust metrics assessment and threat analysis
    • Trust in peer-to-peer and open source systems
    • Technical trust evaluation and certification
    • Impacts of social networks on computational trust
    • Evidence gathering and management
    • Real-world applications, running prototypes and advanced simulations
    • Applicability in large-scale, open and decentralised environments
    • Legal and economic aspects related to the use of trust and reputation engines
    • User-studies and user interfaces of computational trust and online reputation applications

  • SAC-ISRA 2010
    25th ACM Symposium on Applied Computing, Information Security Research and Applications Track, Sierre, Switzerland, March 22-26, 2010. (Submissions due 8 September 2009)

    As society becomes more reliant on information systems, networks, and mobile communication, we become more vulnerable to security incidents. Our critical infrastructures for energy, communication, and transportation are interconnected via the Internet, bringing with this the efficiencies and economies of scale and the risk associated with open networks. It has turned out that economic and societal interests go beyond technical security, as they also relate to organizational and behavioral security facets. This track provides a venue for holistic security issues related to detecting, mitigating and preventing the threat of attacks against information and communication systems. It brings together security researchers from the areas of computer science, information systems and systems science who are otherwise spread over multiple conferences. Papers that address improving the security of information system- reliant organizations from threats through technical, organizational, or behavioral change are encouraged. These may include simulation studies, case-based research, empirical studies, and other applications of quantitative and qualitative methods. Topics include, but are not limited to:

    • Internet security
    • Economics of information security
    • Identifying modes of misuse
    • Applications of access policies
    • Analysis of known and unknown modes of attack
    • Detecting and mitigating insider threats
    • Modeling risks and approaches to mitigation
    • Teaching and training security and business managers about information security
    • Creating channels and techniques to share confidential information
    • Modeling and theory building of security issues
    • Insider threats
    • Social and business security policy
    • Intrusion detection/prevention
    • Electronic commerce security and privacy
    • Secure software development
    • Electronic voting
    • Security metrics
    • Risk and fraud assessment
    • Trust
    • Process Control Systems / SCADA security

  • NDSS 2010
    17th Annual Network & Distributed System Security Symposium, San Diego, CA, USA, February 28 - March 3, 2010. (Submissions due 11 September 2009)

    The Network and Distributed System Security Symposium fosters information exchange among research scientists and practitioners of network and distributed system security services. The target audience includes those interested in practical aspects of network and distributed system security, with a focus on actual system design and implementation (rather than theory). A major goal is to encourage and enable the Internet community to apply, deploy, and advance the state of available security technology. Submissions are solicited in, but not limited to, the following areas:

    • Security of Web-based applications and services
    • Anti-malware techniques: detection, analysis, and prevention
    • Intrusion prevention, detection, and response
    • Security for electronic voting
    • Combating cyber-crime: anti-phishing, anti-spam, anti-fraud techniques
    • Privacy and anonymity technologies
    • Network perimeter controls: firewalls, packet filters, and application gateways
    • Security for emerging technologies: sensor networks, wireless/mobile (and ad hoc) networks, and personal communication systems
    • Security for Vehicular Ad-hoc Networks (VANETs)
    • Security for peer-to-peer and overlay network systems
    • Security for electronic commerce: e.g., payment, barter, EDI, notarization, timestamping, endorsement, and licensing
    • Implementation, deployment and management of network security policies
    • Intellectual property protection: protocols, implementations, metering, watermarking, digital rights management
    • Integrating security services with system and application security facilities and protocols
    • Public key infrastructures, key management, certification, and revocation
    • Special problems and case studies: e.g., tradeoffs between security and efficiency, usability, reliability and cost
    • Security for collaborative applications: teleconferencing and video-conferencing
    • Software hardening: e.g., detecting and defending against software bugs (overflows, etc.)
    • Security for large-scale systems and critical infrastructures
    • Integrating security in Internet protocols: routing, naming, network management

  • EC2ND 2009
    5th European Conference on Computer Network Defence, Politecnico di Milano, Milano, Italy, November 12-13, 2009. (Submissions due 15 September 2009)

    The theme of the conference is the protection of computer networks. The conference will draw participants from academia and industry in Europe and beyond to discuss hot topics in applied network and systems security. EC2ND invites submissions presenting novel ideas at an early stage with the intention to act as a discussion forum and feedback channel for promising, innovative security research. While our goal is to solicit ideas that are not completely worked out, and might have challenging and interesting open questions, we expect submissions to be supported by some evidence of feasibility or preliminary quantitative results. Topics include but are not limited to:

    • Intrusion Detection
    • Denial-of-Service
    • Privacy Protection
    • Security Policy
    • Peer-to-Peer and Grid Security
    • Network Monitoring
    • Web Security
    • Vulnerability Management and Tracking
    • Network Forensics
    • Wireless and Mobile Security
    • Cryptography
    • Network Discovery and Mapping
    • Incident Response and Management
    • Malicious Software
    • Web Services Security
    • Legal and Ethical Issues

  • FC 2010
    Financial Cryptography and Data Security, Tenerife, Canary Islands, Spain, January 25-28, 2010. (Submissions due 15 September 2009) )

    Financial Cryptography and Data Security is a major international forum for research, advanced development, education, exploration, and debate regarding information assurance, with a specific focus on commercial contexts. The conference covers all aspects of securing transactions and systems. Original works focusing on both fundamental and applied real-world deployments on all aspects surrounding commerce security are solicited. Submissions need not be exclusively concerned with cryptography. Systems security and inter-disciplinary efforts are particularly encouraged.

  • WiSec 2010
    3rd ACM Conference on Wireless Network Security, Stevens Institute of Technology, Hoboken, NJ, USA, March 22-24, 2010. (Submissions due 21 September 2009)

    As wireless networks become ubiquitous, their security gains in importance. The ACM Conference on Wireless Network Security (WiSec) aims at exploring attacks on wireless networks as well as techniques to thwart them. The considered networks encompass cellular, metropolitan, local area, vehicular, ad hoc, satellite, underwater, cognitive radio, and sensor networks, as well as RFID. Topics of interest include, but are not limited to:

    • Naming and addressing vulnerabilities
    • Key management in wireless/mobile environments
    • Secure neighbor discovery / Secure localization
    • Secure PHY and MAC protocols
    • Trust establishment
    • Intrusion detection, detection of malicious behavior
    • Revocation of malicious parties
    • Denial of service
    • User privacy, location privacy
    • Anonymity, prevention of traffic analysis
    • Identity theft and phishing in mobile networks
    • Charging
    • Cooperation and prevention of non-cooperative behavior
    • Economics of wireless security
    • Vulnerability and attack modeling
    • Incentive-aware secure protocol design
    • Jamming/Anti-jamming communication
    • Cross-layer design for security
    • Monitoring and surveillance
    • Cryptographic primitives for wireless communication
    • Formal methods for wireless security
    • Mobile platform and systems (OS and application) security

  • ASIACCS 2010
    5th ACM Symposium on Information, Computer and Communications Security, Beijing, China, April 13-16, 2010. (Submissions due 28 September 2009)

    ASIACCS is a major international forum for information security researchers, practitioners, developers, and users to explore and exchange the latest cyber-security ideas, breakthroughs, findings, techniques, tools, and experiences. We invite submissions from academia, government, and industry presenting novel research on all theoretical and practical aspects of computer and network security. Topics of interest include, but are not limited to:

    • anonymity
    • access control
    • secure networking
    • accounting and audit
    • key management
    • intrusion detection
    • authentication
    • smartcards
    • data and application security
    • Malware and botnets
    • privacy-enhancing technology
    • software security
    • inference/controlled disclosure
    • intellectual-property protection
    • digital-rights management
    • trusted computing
    • phishing and countermeasures
    • commercial and industry security
    • security management
    • web security
    • applied cryptography
    • mobile-computing security
    • cryptographic protocols
    • data/system integrity
    • information warfare
    • formal methods for security
    • identity management
    • security in ubiquitous computing, e.g., RFIDs
    • security and privacy for emerging technologies, e.g., VoIP, peer-to-peer and overlay network systems, Web 2.0

  • ESSoS 2010
    2nd International Symposium on Engineering Secure Software and Systems, Pisa, Italy, February 3-4, 2010. (Submissions due 30 September 2009)

    The goal of this symposium is to bring together researchers and practitioners to advance the states of the art and practice in secure software engineering. Being one of the few conference-level events dedicated to this topic, it explicitly aims to bridge the software engineering and security engineering communities, and promote cross-fertilization. The symposium will feature two days of technical program as well as one day of tutorials. The technical program includes an experience track for which the submission of highly informative case studies describing (un)successful secure software project experiences and lessons learned is explicitly encouraged. Topics of interest include, but are not limited to:

    • scalable techniques for threat modeling and analysis of vulnerabilities
    • specification and management of security requirements and policies
    • security architecture and design for software and systems
    • model checking for security
    • specification formalisms for security artifacts
    • verification techniques for security properties
    • systematic support for security best practices
    • security testing
    • security assurance cases
    • programming paradigms, models and DLS's for security
    • program rewriting techniques
    • processes for the development of secure software and systems
    • security-oriented software reconfiguration and evolution
    • security measurement
    • automated development
    • trade-off between security and other non-functional requirements
    • support for assurance, certification and accreditation

  • Elsevier Computer Communications, Special Issue on Multimedia Networking and Security in Convergent Networks
    , Summer 2010. (Submission Due 1 November 2009)

    Guest editor: Chang Wen Chen (University at Buffalo, USA), Stefanos Gritzalis (University of the Aegean, Greece), Pascal Lorenz (University of Haute Alsace, France), and Shiguo Lian (France Telecom R&D Beijing, China)
    
    Authors are invited to submit detailed technical manuscripts reporting recent developments in the topics related to the special issue. Note the special emphasis on convergent and heterogeneous networks - this special issue is devoted to exploring the challenges and solutions for multimedia communication and security in convergent network environments. The new challenge in network management is to deal with heterogeneous client capabilities as well as dynamic end-to-end resources availability, and to ensure satisfactory service quality for every client. The new challenge in secure communication is to solve the privacy and security issues becoming increasingly important topics in network convergence. Some suggested topics include but are not limited to:

    • Heterogeneous multimedia networking
    • Cross-layer multimedia adaptation
    • Inter-network multimedia adaptation
    • QoS control in network convergence
    • Interactive Mobile TV based on network convergence
    • Mobile community based on network convergence
    • Smart home networks based on network convergence
    • Telematics systems based on network convergence
    • E-healthcare systems based on network convergence
    • Privacy preserving in network convergence
    • Multimedia content security in network convergence
    • Digital rights management in network convergence
    • Content tracking and filtering in network convergence
    • Intrusion detection and prevention in network convergence
    • Other networking or security issues in network convergence

  • IEEE Security & Privacy, Special Issue on Privacy-Preserving Sharing of Sensitive Information
    , July/August 2010. (Submission Due 15 November 2009)

    Guest editor: Sal Stolfo (Columbia University, USA) and Gene Tsudik (UC Irvine, USA)
    
    Privacy-Preserving Sharing of Sensitive Information (PPSSI) is motivated by the increasing need for organizations or people who don't fully trust each other to share sensitive information. Many types of organizations must often collect, analyze, and disseminate data rapidly and accurately without exposing sensitive information to wrong or untrusted parties. For example, census-takers collect private data with the understanding that it won't be released in a form traceable to the individual who provided it. Companies might be willing to divulge sensitive financial data to organizations that release only aggregate data for an industry sector. A hospital might share patient information with a state health agency but only to allow the latter to determine the number (and not the identities) of uninsured patients. While statistical methods for protecting data have been in use for decades, they're not foolproof and they generally involve a trusted third party to produce privacy-preserving statistical digests. More recently, techniques employing secure multi-party function evaluation, encrypted keywords, and private information retrieval have been studied and, in a few cases, deployed, However there are no practical tools and technologies to guarantee data privacy, especially, whenever organizations have certain common goals and require exchanges of data. To this end, the objective of PPSSI technology is to enable multiple entities to cooperate and share information without exposing more than what is necessary to complete a common task. Potential submission topics include (but are not limited to) the following:

    • PPSSI requirements and policy enforcement; prospective policies governing PPSSI, including formal models and policy languages as well as trust models.
    • Data "cleaning" and obfuscation techniques.
    • Cryptographic protocols; innovative constructs, their performance and implementation issues, for example, private information retrieval, searching over encrypted data and private set operations.
    • Data management; storage and data management issues arising in PPSSI settings.
    • Secure hardware; architectures and technologies in support of PPSSI

  • SP 2010
    31st IEEE Symposium on Security and Privacy, The Claremont Resort, Oakland, CA, USA, May 16-19, 2010. (Submissions due 18 November 2009)

    Since 1980, the IEEE Symposium on Security and Privacy has been the premier forum for computer security research, presenting the latest developments and bringing together researchers and practitioners. We solicit previously unpublished papers offering novel research contributions in any aspect of computer security or privacy. Papers may present advances in the theory, design, implementation, analysis, verification, or empirical evaluation of secure systems. S&P is interested in all aspects of computer security and privacy. P apers without a clear application to security or privacy, however, will be considered out of scope and may be rejected without full review.
    
    *Systematization of Knowledge Papers*: In addition to the standard research papers, we are also soliciting papers focused on systematization of knowledge. The goal of this call is to encourage work that evaluates, systematizes, and contextualizes existing knowledge. These papers will provide a high value to our community but would otherwise not be accepted because they lack novel research contributions. Suitable papers include survey papers that provide useful perspectives on major research areas, papers that support or challenge long-held beliefs with compelling evidence, or papers that provide an extensive and realistic evaluation of competing approaches to solving specific problems. Submissions will be distinguished by a checkbox on the submission form. They will be reviewed by the full PC and held to the same standards as traditional research papers, except instead of emphasizing novel research contributions the emphasis will be on value to the community. Accepted papers will be presented at the symposium and included in the proceedings.
    
    *Workshops*: The Symposium is also soliciting submissions for colocated workshops. Workshop proposals should be sent by Friday, 21 August 2009 by email to Carrie Gates (carrie.gates@ca.com). Workshops may be half-day or full-day in length. Submissions should include the workshop title, a short description of the topic of the workshop, and biographies of the organizers.

  • IFIP-CIP 2010
    4th Annual IFIP WG 11.10 International Conference on Critical Infrastructure Protection, Fort McNair, Washington, DC, USA, March 14-17, 2010. (Submissions due 31 December 2009)

    The IFIP Working Group 11.10 on Critical Infrastructure Protection is an active international community of researchers, infrastructure operators and policy-makers dedicated to applying scientific principles, engineering techniques and public policy to address current and future problems in information infrastructure protection. Following the success of the first three conferences, the Fourth Annual IFIP WG 11.10 International Conference on Critical Infrastructure Protection will again provide a forum for presenting original, unpublished research results and innovative ideas related to all aspects of critical infrastructure protection. Papers are solicited in all areas of critical infrastructure protection. Areas of interest include, but are not limited to:

    • Infrastructure vulnerabilities, threats and risks
    • Security challenges, solutions and implementation issues
    • Infrastructure sector interdependencies and security implications
    • Risk analysis and risk assessment methodologies
    • Modeling and simulation of critical infrastructures
    • Legal, economic and policy issues
    • Secure information sharing
    • Infrastructure protection case studies
    • Distributed control systems/SCADA security
    • Telecommunications network security

• The Technical Committee on Security and Privacy

 

• Listing of academic positions available  by Cynthia Irvine
  

 

• Staying in touch....

  • Information for Subscribers and Contributors

  • Who's where: recent address changes

  • Changing your email address?  Please send updates to cipher@ieee-security.org