Cipher Electronic Newsletter of the Technical Committe on    Security & Privacy A Technical Committee of the Computer Society of the IEEE  Electronic Issue (EI) 93,  November 17, 2009 Hilarie Orman,  Editor Book Reviews Sven Dietrich, Associate Editor Yong Guan, Calendar Editor

Contents:

• Letter from the Editor 
   

• Conference and Workshop Announcements

  • Commentary and Opinion

    • Richard Austin's review of Cloud Security and Privacy: An Enterprise Perspective on Risks and Compliance by Tim Mather, Subra Kumaraswamy and Shahed Latif

    • NewsBits:  Announcements and correspondence from readers (please contribute!)
      

      • NIST releases Special Publications on Pair-Wise Key Establishment Schemes and Digital Signature Timeliness
      • TLS Allows Man-in-the-Middle Attacks

    • Book reviews from past Cipher issues

    • Conference Reports and Commentary from past Cipher issues

    • News items from past Cipher issues

  • Conference and Workshop Announcements

    • Cipher calls-for-papers and calendar
        Calendar (the calls-for-papers and the calendar announcements may differ slightly in content or time of update): 

    • 11/15/09: IEEE Security & Privacy, Special Issue on Privacy-Preserving Sharing of Sensitive Information; Submissions are due
    • 11/18/09: SP, 31st IEEE Symposium on Security and Privacy, The Claremont Resort, Oakland, CA, USA; Submissions are due
    • 11/18/09-11/20/09: IWNS, International Workshop on Network Steganography, Held in conjunction with the International Conference on Multimedia Information Networking and Security (MINES 2009), Wuhan, Hubei, China
    • 11/18/09-11/20/099: SECMCS, Workshop on Secure Multimedia Communication and Services, Held in conjunction with the 2009 International Conference on Multimedia Information Networking and Security (MINES 2009), Wuhan, China
    • 11/20/09: WISTP, 4th Workshop on Information Security Theory and Practice, Passau, Germany; Submissions are due
    • 11/22/09: IDtrust, 9th Symposium on Identity and Trust on the Internet, Gaithersburg, Maryland, USA; Submissions are due
    • 11/30/09: MidSec, 2nd Workshop on Middleware Security, Held in conjunction with the 10th ACM/IFIP/USENIX International Middleware Conference (MIDDLEWARE 2009), Urbana Champaign, Illinois, USA
    • 12/ 6/09: COSADE, 1st Workshop on Constructive Side-channel analysis and Secure Design, Darmstadt, Germany; Submissions are due
    • 12/ 6/09-12/ 9/09: WIFS, 1st IEEE International Workshop on Information Forensics and Security, London, UK
    • 12/ 6/09-12/10/09: ASIACRYPT, 15th Annual International Conference on the Theory and Application of Cryptology and Information Security, Tokyo, Japan
    • 12/ 7/09-12/11/09: ACSAC, 25th Annual Computer Security Applications Conference, Honolulu, Hawaii, USA
    • 12/ 8/09-12/11/09: ICPADS, 15th IEEE International Conference on Parallel and Distributed Systems, Shenzhen, China
    • 12/ 9/09-12/11/09: ReConFig, International Conference on ReConFigurable Computing and FPGAs, Special Track on Reconfigurable Computing for Security and Cryptography, Cancun, Mexico
    • 12/10/09-12/12/09: F2GC, 2nd International Workshop on Forensics for Future Generation Communication environments, Jeju, Korea
    • 12/10/09-12/12/09: MPIS, 2nd International Workshop on Multimedia, Information Privacy and Intelligent Computing Systems, Jeju, Korea
    • 12/12/09-12/14/09: CANS, 8th International Conference on Cryptography and Network Security, Kanazawa, Ishikawa, Japan
    • 12/12/09-12/14/09: UbiSafe, 2nd IEEE International Symposium on Ubisafe Computing, Chengdu, China
    • 12/12/09-12/14/09: SCC, Workshop on Security in Cloud Computing, Chengdu, China
    • 12/12/09-12/15/09: Inscrypt, 5th China International Conference on Information Security and Cryptology, Beijing China
    • 12/14/09: TaPP, 2nd Workshop on the Theory and Practice of Provenance, Held in conjunction with the 8th USENIX Conference on File and Storage Technologies (FAST 2010), San Jose, CA, USA; Submissions are due
    • 12/14/09-12/18/09: ICISS, 5th International Conference on Information Systems Security, Kolkata, India
    • 12/17/09-12/19/09: INTRUST, The International Conference on Trusted Systems, Beijing, P. R. China
    • 12/19/09: IFIP-TM, 4th IFIP International Conference on Trust Management, Morioka, Japan; Submissions are due
    • 12/31/09: IFIP-CIP, 4th Annual IFIP WG 11.10 International Conference on Critical Infrastructure Protection, Fort McNair, Washington, DC, USA; Submissions are due
    • 1/ 3/10- 1/ 6/10: IFIP-DF, 6th Annual IFIP WG 11.9 International Conference on Digital Forensics, University of Hong Kong, Hong Kong
    • 1/ 5/10- 1/ 8/10: HICSS-DF, 43rd Hawaii International Conference on System Sciences, Digital Forensics Minitrack, Koloa, Kauai, Hawaii
    • 1/ 8/10: SACMAT, 15th ACM Symposium on Access Control Models and Technologies, Pittsburgh, PA, USA; Submissions are due
    • 1/10/10: AH, 1st ACM Augmented Human International Conference, Megève ski resort, France; Submissions are due
    • 1/11/10: MOBISEC, 2nd International ICST Conference on Security and Privacy in Mobile Information and Communication Systems, Catania, Sicily; Submissions are due
    • 1/25/10- 1/28/10: FC, Financial Cryptography and Data Security, Tenerife, Canary Islands, Spain
    • 1/28/10- 1/29/10: WECSR, Workshop on Ethics in Computer Security Research, Held in conjunction with the 14th International Conference on Financial Cryptography and Data Security (FC 2010), Tenerife, Canary Islands, Spain
    • 2/ 1/10: International Journal of Secure Software Engineering (IJSSE), Special Issue on Software Safety & Dependability - the Art of Engineering Trustworthy Software; Submissions are due
    • 2/ 3/10- 2/ 4/10: ESSoS, 2nd International Symposium on Engineering Secure Software and Systems, Pisa, Italy
    • 2/ 4/10- 2/ 5/10: COSADE, 1st Workshop on Constructive Side-channel analysis and Secure Design, Darmstadt, Germany
    • 2/ 5/10: ACNS, 8th International Conference on Applied Cryptography and Network Security, Beijing, China; Submissions are due
    • 2/15/10- 2/18/10: SecSE, 4th International Workshop on Secure Software Engineering, Held in conjunction with the 5th International Conference on Availability, Reliability and Security (ARES 2010), Krakow, Poland
    • 2/15/10- 2/18/10: SPattern, 4th International Workshop on Secure systems methodologies using patterns, Held in conjunction with the 5th International Conference on Availability, Reliability and Security (ARES 2010), Krakow, Poland
    • 2/17/10- 2/19/10: SNDS, 18th Euromicro International Conference on Parallel, Distributed and network-based Processing, Special Session on Security in Networked and Distributed Systems, Pisa, Italy
    • 2/22/10: WEIS, 9th Workshop on the Economics of Information Security, Harvard University, Cambridge, MA, USA; Submissions are due
    • 2/22/10- 2/23/10: RFIDsec, The 2010 Workshop on RFID Security, Singapore
    • 2/22/10: TaPP, 2nd Workshop on the Theory and Practice of Provenance, Held in conjunction with the 8th USENIX Conference on File and Storage Technologies (FAST 2010), San Jose, CA, USA
    • 2/25/10: LEET, 3rd USENIX Workshop on Large-Scale Exploits and Emergent Threats: Botnets, Spyware, Worms, and More, Held in conjunction with the 7th USENIX Symposium on Networked Systems Design and Implementation (NSDI 2010), San Jose, CA, USA; Submissions are due
    • 2/28/10- 3/ 3/10: NDSS, 17th Annual Network & Distributed System Security Symposium, San Diego, CA, USA
    • 3/ 5/10: SOUPS, Symposium On Usable Privacy and Security, Redmond, WA, USA; Submissions are due
    • 3/14/10- 3/17/10: IFIP-CIP, 4th Annual IFIP WG 11.10 International Conference on Critical Infrastructure Protection, Fort McNair, Washington, DC, USA
    • 3/22/10- 3/24/10: WiSec, 3rd ACM Conference on Wireless Network Security, Stevens Institute of Technology, Hoboken, NJ, USA
    • 3/22/10- 3/26/10: SAC-CF, 25th ACM Symposium on Applied Computing, Computer Forensics Track, Sierre, Switzerland
    • 3/22/10- 3/26/10: SAC-TRECK, 25th ACM Symposium on Applied Computing, Trust, Reputation, Evidence and other Collaboration Know-how Track, Sierre, Switzerland
    • 3/22/10- 3/26/10: SAC-ISRA, 25th ACM Symposium on Applied Computing, Information Security Research and Applications Track, Sierre, Switzerland
    • 3/22/10- 3/26/10: SAC-SEC, 25th ACM Symposium on Applied Computing, Computer Security Track, Sierre, Switzerland
    • 3/29/10- 4/ 2/10: SESOC, International Workshop on SECurity and SOCial Networking, Mannheim, Germany
    • 4/ 1/10: ESORICS, 15th European Symposium on Research in Computer Security, Athens, Greece; Submissions are due
    • 4/ 2/10- 4/ 4/10: AH, 1st ACM Augmented Human International Conference, Megève ski resort, France
    • 4/ 5/10: SECURECOMM, 6th International Conference on Security and Privacy in Communication Networks, Singapore; Submissions are due
    • 4/13/10- 4/14/10: WISTP, 4th Workshop on Information Security Theory and Practice, Passau, Germany;
    • 4/13/10- 4/15/10: IDtrust, 9th Symposium on Identity and Trust on the Internet, Gaithersburg, Maryland, USA
    • 4/13/10- 4/16/10: ASIACCS, 5th ACM Symposium on Information, Computer and Communications Security, Beijing, China
    • 4/27/10: LEET, 3rd USENIX Workshop on Large-Scale Exploits and Emergent Threats: Botnets, Spyware, Worms, and More, Held in conjunction with the 7th USENIX Symposium on Networked Systems Design and Implementation (NSDI 2010), San Jose, CA, USA
    • 5/16/10- 5/19/10: SP, 31st IEEE Symposium on Security and Privacy, The Claremont Resort, Oakland, CA, USA
    • 5/26/10- 5/28/10: MOBISEC, 2nd International ICST Conference on Security and Privacy in Mobile Information and Communication Systems, Catania, Sicily
    • 6/ 7/10- 6/ 8/10: WEIS, 9th Workshop on the Economics of Information Security, Harvard University, Cambridge, MA, USA
    • 6/ 9/10- 6/11/10: SACMAT, 15th ACM Symposium on Access Control Models and Technologies, Pittsburgh, PA, USA
    • 6/16/10- 6/18/10: IFIP-TM, 4th IFIP International Conference on Trust Management, Morioka, Japan
    • 6/22/10- 6/25/10: ACNS, 8th International Conference on Applied Cryptography and Network Security, Beijing, China
    • 7/14/10- 7/16/10: SOUPS, Symposium On Usable Privacy and Security, Redmond, WA, USA
    • 9/ 7/10- 9/10/10: SECURECOMM, 6th International Conference on Security and Privacy in Communication Networks, Singapore
    • 9/20/10- 9/22/10: ESORICS, 15th European Symposium on Research in Computer Security, Athens, Greece
    • new calls or announcements added since Cipher E92

    • SP 2010 31st IEEE Symposium on Security and Privacy, The Claremont Resort, Oakland, CA, USA, May 16-19, 2010. (Submissions due 18 November 2009)

      Since 1980, the IEEE Symposium on Security and Privacy has been the premier forum for computer security research, presenting the latest developments and bringing together researchers and practitioners. We solicit previously unpublished papers offering novel research contributions in any aspect of computer security or privacy. Papers may present advances in the theory, design, implementation, analysis, verification, or empirical evaluation of secure systems. S&P is interested in all aspects of computer security and privacy. P apers without a clear application to security or privacy, however, will be considered out of scope and may be rejected without full review.
      
      *Systematization of Knowledge Papers*: In addition to the standard research papers, we are also soliciting papers focused on systematization of knowledge. The goal of this call is to encourage work that evaluates, systematizes, and contextualizes existing knowledge. These papers will provide a high value to our community but would otherwise not be accepted because they lack novel research contributions. Suitable papers include survey papers that provide useful perspectives on major research areas, papers that support or challenge long-held beliefs with compelling evidence, or papers that provide an extensive and realistic evaluation of competing approaches to solving specific problems. Submissions will be distinguished by a checkbox on the submission form. They will be reviewed by the full PC and held to the same standards as traditional research papers, except instead of emphasizing novel research contributions the emphasis will be on value to the community. Accepted papers will be presented at the symposium and included in the proceedings.
      
      *Workshops*: The Symposium is also soliciting submissions for colocated workshops. Workshop proposals should be sent by Friday, 21 August 2009 by email to Carrie Gates (carrie.gates@ca.com). Workshops may be half-day or full-day in length. Submissions should include the workshop title, a short description of the topic of the workshop, and biographies of the organizers.

    • WISTP 2010 4th Workshop on Information Security Theory and Practice, Passau, Germany, April 13-14, 2010. (Submissions due 20 November 2009)

      The impact of pervasive and smart devices on our daily lives is ever increasing, and the rapid technological development of information technologies ensures that this impact is constantly changing. It is imperative that these complex and resource constrained technologies are not vulnerable to attack. This workshop will consider the full impact of the use of pervasive and smart technologies on individuals, and society at large, with regard to the security and privacy of the systems that make use of them. The workshop seeks submissions from academia and industry presenting novel research on all theoretical and practical aspects of security and privacy of pervasive systems and smart devices, as well as experimental studies of fielded systems. We encourage submissions that address the application of security technology, the implementation of systems, and lessons learned. We encourage submissions from other communities such as law and business that present these communities' perspectives on technological issues. Topics of interest include, but are not limited to:

      • Access control
      • Ad hoc networks security
      • Anonymity
      • Biometrics, national ID cards
      • Data and application security and privacy
      • Data protection
      • Delay-tolerant network security
      • Digital rights management (DRM) in pervasive environments
      • Domestic network security
      • Embedded systems security and TPMs
      • Human and psychological aspects of security
      • Human-computer interaction and human behavior impact for security
      • Identity management
      • Information assurance and trust management
      • Interplay of TPMs and smart cards
      • Intrusion detection and information filtering
      • Mobile codes security
      • Mobile commerce security
      • Mobile devices security
      • New applications for secure RFID systems
      • Peer-to-peer security
      • Privacy enhancing technologies
      • RFID and NFC systems security
      • Secure self-organization and self-configuration
      • Security in location services
      • Security issues in mobile and ubiquitous networks
      • Security metrics
      • Security models and architecture
      • Security of GSM/GPRS/UMTS systems
      • Security policies
      • Security protocols
      • Sensor networks security
      • Smart card security
      • Smart devices applications
      • Vehicular network security
      • Wireless communication security
      • Wireless sensor node security

    • IDtrust 2010 9th Symposium on Identity and Trust on the Internet, Gaithersburg, Maryland, USA, April 13-15, 2010. (Submissions due 22 November 2009)

      IDtrust is looking for papers related to all parts of the public-key mediated authentication and access control problem. All software systems, from enterprise data centers to small businesses and consumer-facing applications, must make access control decisions for protected data. IDtrust is a venue for the discussion of the complete access control process (authentication, authorization, provisioning and security decision workflow), addressing questions such as: "What are the authorization strategies that will succeed in the next decade?" "What technologies exist to address complex requirements today?" "What research is academia and industry pursuing to solve the problems likely to show up in the next few years?" Identity as used here refers to not just the principal identifier, but also to attributes and claims. Topics of interest include, but are not limited to:

      • Analysis of existing identity management protocols and ceremonies (SAML, Liberty, CardSpace, OpenID, and PKI-related protocols)
      • Analysis or extension of identity metasystems, frameworks, and systems (Shibboleth, Higgins, etc.)
      • Design and analysis of new access control protocols and ceremonies
      • Cloud/grid computing implications on authorization and authentication
      • Assembly of requirements for access control protocols and ceremonies involving strong identity establishment
      • Reports of real-world experience with the use and deployment of identity and trust applications for broad use on the Internet (where the population of users is diverse) and within enterprises who use the Internet (where the population of users may be more limited), how best to integrate such usage into legacy systems, and future research directions. Reports may include use cases, business case scenarios, requirements, best practices, implementation and interoperability reports, usage experience, etc.
      • User-centric identity, delegation, reputation
      • Identity and Web 2.0, secure mash-ups, social networking, trust fabric and mechanisms of "invited networks"
      • Identity management of devices from RFID tags to cell phones; Host Identity Protocol (HIP)
      • Federated approaches to trust
      • Standards related to identity and trust, including X.509, S/MIME, PGP, SPKI/SDSI, XKMS, XACML, XRML, and XML signatures
      • Intersection of policy-based systems, identity, and trust; identity and trust policy enforcement, policy and attribute mapping and standardization
      • Attribute management, attribute-based access control
      • Trust path building and certificate validation in open and closed environments
      • Analysis and improvements to the usability of identity and trust systems for users and administrators, including usability design for authorization and policy management, naming, signing, verification, encryption, use of multiple private keys, and selective disclosure
      • Identity and privacy
      • Levels of trust and assurance
      • Trust infrastructure issues of scalability, performance, adoption, discovery, and interoperability
      • Use of PKI in emerging technologies (e.g., sensor networks, disaggregated computers, etc.)
      • Application domain requirements: web services, grid technologies, document signatures, (including signature validity over time), data privacy, etc.

    • COSADE 2010 1st Workshop on Constructive Side-channel analysis and Secure Design, Darmstadt, Germany, February 4-5, 2010. (Submissions due 6 December 2009)

      Side-channel analysis (SCA) has become an important field of research at universities and in the industry. Of particular interest is constructive side-channel analysis, as successful attacks support a target-oriented associated design process. In order to enhance the side-channel resistance of cryptographic implementations within the design phase, constructive SCA may serve as a quality metric to optimize the design- and development process. This workshop provides an international platform for researchers, academics, and industry participants to present their work and their current research topics. It is an excellent opportunity to meet experts and to initiate new collaborations and information exchange at a professional level. The workshop will feature both invited presentations and contributing talks. The topics of COSADE 2010 include but are not limited to:

      • Constructive side-channel attacks in general
      • Stochastic approach in power analysis
      • Interaction between side-channel analysis and design
      • Advanced stochastic methods in side-channel analysis, especially in power analysis and EM analysis
      • Leakage models and security models for side-channel analysis in the presence and absence of countermeasures
      • Side-channel analysis under black-box assumption
      • Evaluation methodologies for side-channel resistant designs, acquisition and analysis
      • Side-channel leakage assessment methodologies, models, and metrics
      • SCA-aware design criteria and design techniques
      • Verification methods and models for side-channel leakages within the design phase
      • Methods, tools, and platforms for evaluation of side-channel characteristics of a design
      • Criteria for the design flow of countermeasures
      • HW / SW-acceleration for (constructive) SCA
      • Leakage-resilient designs
      • Countermeasures for HW / SW-Co-Design architectures
      • Countermeasures against implementation attacks at algorithmic-, logic-, register transfer- and physical level
      • Countermeasures against side-channel attacks on FPGAs, HW / SW Co-design architectures, SoC
      • Countermeasures against attacks at the algorithmic-, logic-, register transfer-, and physical levels

    • TaPP 2010 2nd Workshop on the Theory and Practice of Provenance, Held in conjunction with the 8th USENIX Conference on File and Storage Technologies (FAST 2010), San Jose, CA, USA, February 22, 2010. (Submissions due 14 December 2009)

      Provenance, or meta-information about computations, computer systems, database queries, scientific workflows, and so on, is emerging as a central issue in a number of disciplines. The TaPP workshop series builds upon a set of workshops on Principles of Provenance organized in 2007-2009, which helped raise the profile of this area within diverse research communities, such as databases, security, and programming languages. We hope to attract serious cross-disciplinary, foundational, and highly speculative research and to facilitate needed interaction with the broader systems community and with industry. We invite submissions addressing research problems involving provenance in any area of computer science, including but not limited to:

      • Databases (Data provenance and lineage, Uncertainty/probabilistic databases, Curated databases, Data quality/integration/cleaning, Privacy/anonymity, Data forensics)
      • Programming languages and software engineering (Bi-directional, adaptive, and self-adjusting computation, Traceability, Source code management/version control/configuration management, Model-driven design and analysis)
      • Systems and security (Provenance aware/versioned file systems, Provenance and audit/integrity/information flow security, Trusted computing, Traces and reflective/adaptive/self-adjusting systems, Digital libraries)
      • Workflows/scientific computation (Efficient/incremental recomputation, Scientific data exploration and visualization, Workflow provenance querying, User interfaces)

    • IFIP-TM 2010 4th IFIP International Conference on Trust Management, Morioka, Japan, June 16-18, 2010. (Submissions due 19 December 2009)

      The mission of the IFIPTM 2010 Conference is to share research solutions to problems of Trust and Trust management, including related Security and Privacy issues, and to identify new issues and directions for future research and development work. IFIPTM 2010 invites submissions presenting novel research on all topics related to Trust, Security and Privacy, including but not limited to those listed below:

      • Trust models, formalization, specification, analysis and reasoning
      • Reputation systems and architectures
      • Engineering of trustworthy and secure software
      • Ethics, sociology and psychology of trust
      • Security management and usability issues including security configuration
      • Trust management frameworks for secure collaborations
      • Language security
      • Security, trust and privacy for service oriented architectures and composite applications
      • Security, trust and privacy for software as a service (SaaS)
      • Security, trust and privacy for Web 2.0 Mashups
      • Security, privacy, and trust as a service
      • Legal issues related to the management of trust
      • Semantically-aware security management
      • Adaptive security policy management
      • Mobile security
      • Anonymity and privacy vs. accountability
      • Critical infrastructure protection, public safety and emergency management
      • Privacy and identity management in e-services
      • Biometrics, national ID cards, identity theft
      • Robustness of trust and reputation systems
      • Distributed trust and reputation management systems
      • Human computer interaction aspects of privacy, security & trust
      • Applications of trust and reputation management in e-services
      • Trusted platforms and trustworthy systems

    • IFIP-CIP 2010 4th Annual IFIP WG 11.10 International Conference on Critical Infrastructure Protection, Fort McNair, Washington, DC, USA, March 14-17, 2010. (Submissions due 31 December 2009)

      The IFIP Working Group 11.10 on Critical Infrastructure Protection is an active international community of researchers, infrastructure operators and policy-makers dedicated to applying scientific principles, engineering techniques and public policy to address current and future problems in information infrastructure protection. Following the success of the first three conferences, the Fourth Annual IFIP WG 11.10 International Conference on Critical Infrastructure Protection will again provide a forum for presenting original, unpublished research results and innovative ideas related to all aspects of critical infrastructure protection. Papers are solicited in all areas of critical infrastructure protection. Areas of interest include, but are not limited to:

      • Infrastructure vulnerabilities, threats and risks
      • Security challenges, solutions and implementation issues
      • Infrastructure sector interdependencies and security implications
      • Risk analysis and risk assessment methodologies
      • Modeling and simulation of critical infrastructures
      • Legal, economic and policy issues
      • Secure information sharing
      • Infrastructure protection case studies
      • Distributed control systems/SCADA security
      • Telecommunications network security

    • SACMAT 2010 15th ACM Symposium on Access Control Models and Technologies, Pittsburgh, PA, USA, June 9-11, 2010. (Submissions due 8 January 2010)

      Papers offering novel research contributions in all aspects of access control are solicited for submission to the ACM Symposium on Access Control Models and Technologies (SACMAT). The missions of the symposium are to share novel access control solutions that fulfill the needs of heterogeneous applications and environments and to identify new directions for future research and development. SACMAT gives researchers and practitioners a unique opportunity to share their perspectives with others interested in the various aspects of access control. Topic of Interest include:

      • Access control models and extensions
      • Access control requirements
      • Access control design methodology
      • Access control mechanisms, systems, and tools
      • Access control in distributed and mobile systems
      • Access control for innovative applications
      • Administration of access control policies
      • Delegation
      • Identity management
      • Policy/Role Engineering
      • Safety analysis and enforcement
      • Standards for access control
      • Trust management
      • Trust models
      • Theoretical foundations for access control models
      • Usage control

    • AH 2010 1st ACM Augmented Human International Conference, Megève ski resort, France, April 2-4, 2010. (Submissions due 10 January 2010)

      The AH international conference focuses on scientific contributions towards augmenting humans capabilities through technology for increased well-being and enjoyable human experience. The topics of interest include, but are not limited to:

      • Augmented and Mixed Reality
      • Internet of Things
      • Augmented Sport
      • Sensors and Hardware
      • Wearable Computing
      • Augmented Health
      • Augmented Well-being
      • Smart artifacts & Smart Textiles
      • Augmented Tourism and Games
      • Ubiquitous Computing
      • Bionics and Biomechanics
      • Training/Rehabilitation Technology
      • Exoskeletons
      • Brain Computer Interface
      • Augmented Context-Awareness
      • Augmented Fashion
      • Safety, Ethics and Legal Aspects
      • Security and Privacy Aspects

    • MOBISEC 2010 2nd International ICST Conference on Security and Privacy in Mobile Information and Communication Systems, Catania, Sicily, May 26-28, 2010. (Submissions due 11 January 2010)

      The focus of MOBISEC 2010 is the convergence of information and communication technology in mobile scenarios. This convergence is realised in intelligent mobile devices, accompanied by the advent of converged, and next-generation, communication networks. As mobile communication and information processing becomes a commodity, economy and society require protection of this precious resource. Mobility and trust in networking go hand in hand for future generations of users, who need privacy and security at all layers of technology. MobiSec strives to bring together the leading-edge of academia and industry in mobile systems security, as well as practitioners, standards developers and policymakers. Topics of interest include, but are not limited to the following focus areas, as applied to mobile ICT:

      • Security architectures for next-generation, new-generation and converged communication networks
      • Trusted mobile devices, hardware security
      • Network resilience
      • Threat analyses for mobile systems
      • Multi-hop authentication and trust
      • Non-repudiation of communication
      • Context-aware and data-centric security
      • Protection and safety of distributed mobile data
      • Mobile application security
      • Security for voice and multimedia communication
      • Machine-to-machine communication security
      • Trust in autonomic and opportunistic communication
      • Location based applications security and privacy
      • Security for the networked home environment
      • Security and privacy for mobile communities
      • Mobile emergency communication, public safety
      • Lawful interception and mandatory data retention
      • Security of mobile agents and code
      • Identity management
      • Embedded security

    • International Journal of Secure Software Engineering (IJSSE), Special Issue on Software Safety & Dependability - the Art of Engineering Trustworthy Software, January 2011. (Submission Due 1 February 2010)

      Guest editor: Lei Wu (University of Houston-Clear Lake, Houston, Texas, U.S.A) and Yi Feng (Algoma University, Sault Ste. Marie, Ontario, Canada)
      
      Software Safety is an element of the total safety program. It optimizes system safety & dependability in the design, development, use, and maintenance of software systems and their integration with safety critical application systems in an operational environment. Increasing size and complexity of software systems makes it harder to ensure their dependability. At the same time, the issues of safety become more critical as we more and more rely on software systems in our daily life. These trends make it necessary to support software engineers with a set of techniques and tools for developing dependable, trustworthy software. Software safety cannot be allowed to function independently of the total effort. Both simple and highly integrated multiple systems are experiencing an extraordinary growth in the use of software to monitor and/or control safety-critical subsystems or functions. A software specification error, design flaw, or the lack of generic safety-critical requirements can contribute to or cause a system failure or erroneous human decision. To achieve an acceptable level of dependability goals for software used in critical applications, software safety engineering must be given primary emphasis early in the requirements definition and system conceptual design process. Safety-critical software must then receive continuous management emphasis and engineering analysis throughout the development and operational lifecycles of the system. In this special issue, we are seeking insights in how we can confront the challenges of software safety & dependability issues in developing dependable, trustworthy software systems. Some suggested areas include, but not limited to:

      • Safety consistent with mission requirements
      • Secure software engineering with software security & trustworthy software development
      • State-of-arts literature review of technology dealing with software system security
      • Identify and analysis of safety-critical functionality of complex systems
      • Intrusion detection, security management , applied cryptography
      • Derive hazards and design safeguards for mitigations
      • Safety-Critical functions design and preliminary hazards analysis
      • Identification, evaluation, and elimination techniques for hazards associated with the system and its software, throughout the lifecycle
      • Complexity of safety critical interfaces, software components
      • Sound secure software engineering principles that apply to the design of the software-user interface to minimize the probability of human error
      • Failure & hazard models, including hardware, software, human and system are addressed in the design of the software
      • Software testing techniques targeting at software safety issues at different levels of testing

    • ACNS 2010 8th International Conference on Applied Cryptography and Network Security, Beijing, China, June 22-25, 2010. (Submissions due 5 February 2010)

      Original papers on all aspects of applied cryptography and network security are solicited for submission to ACNS '10. Topics of relevance include but are not limited to:

      • Applied cryptography and provably-secure cryptographic protocols
      • Design and analysis of efficient cryptographic primitives: public-key and symmetric-key cryptosystems, block ciphers, and hash functions
      • Network security protocols
      • Techniques for anonymity; trade-offs between anonymity and utility
      • Integrating security into the next-generation Internet: DNS security, routing, naming, denial-of-service attacks, TCP/IP, secure multicast
      • Economic fraud on the Internet: phishing, pharming, spam, and click fraud
      • Email and web security
      • Public key infrastructure, key management, certification, and revocation
      • Security and privacy for emerging technologies: sensor networks, mobile (ad hoc) networks, peer-to-peer networks, bluetooth, 802.11, RFID
      • Trust metrics and robust trust inference in distributed systems
      • Security and usability
      • Intellectual property protection and digital rights management
      • Modeling and protocol design for rational and malicious adversaries
      • Automated analysis of protocols

    • WEIS 2010 9th Workshop on the Economics of Information Security, Harvard University, Cambridge, MA, USA, June 7-8, 2010. (Submissions due 22 February 2010)

      The Workshop on the Economics of Information Security (WEIS) is the leading forum for interdisciplinary scholarship on information security, combining expertise from the fields of economics, social science, business, law, policy and computer science. Prior workshops have explored the role of incentives between attackers and defenders, identified market failures dogging Internet security, and assessed investments in cyber-defense. This workshop will build on past efforts using empirical and analytic tools to not only understand threats, but also strengthen security through novel evaluations of available solutions. How should information risk be modeled given the constraints of rare incidence and high interdependence? How do individuals' and organizations' perceptions of privacy and security color their decision making? How can we move towards a more secure information infrastructure and code base while accounting for the incentives of stakeholders? We encourage economists, computer scientists, business school researchers, legal scholars, security and privacy specialists, as well as industry experts to submit their research and attend the workshop. Suggested topics include (but are not limited to) empirical and theoretical studies of:

      • Optimal investment in information security
      • Online crime (including botnets, phishing and spam)
      • Models and analysis of online crime
      • Risk management and cyberinsurance
      • Security standards and regulation
      • Cybersecurity policy
      • Privacy, confidentiality and anonymity
      • Behavioral security and privacy
      • Security models and metrics
      • Psychology of risk and security
      • Vulnerability discovery, disclosure, and patching
      • Cyberwar strategy and game theory
      • Incentives for information sharing and cooperation

    • LEET 2010 3rd USENIX Workshop on Large-Scale Exploits and Emergent Threats: Botnets, Spyware, Worms, and More, Held in conjunction with the 7th USENIX Symposium on Networked Systems Design and Implementation (NSDI 2010), San Jose, CA, USA, April 27, 2010. (Submissions due 25 February 2010)

      LEET aims to provide a unique forum for the discussion of threats to the confidentiality of our data, the integrity of digital transactions, and the dependability of the technologies we increasingly rely on. We encourage submissions of papers that focus on the malicious activities themselves (e.g., reconnaissance, exploitation, privilege escalation, rootkit installation, attack), our responses as defenders (e.g., prevention, detection, and mitigation), or the social, political, and economic goals driving these malicious activities and the legal and ethical codes guiding our defensive responses. Topics of interest include but are not limited to:

      • Infection vectors for malware (worms, viruses, etc.)
      • Botnets, command, and control channels
      • Spyware
      • Operational experience
      • Forensics
      • Click fraud
      • Measurement studies
      • New threats and related challenges
      • Boutique and targeted malware
      • Phishing
      • Spam
      • Underground markets
      • Carding and identity theft
      • Miscreant counterintelligence
      • Denial-of-service attacks
      • Hardware vulnerabilities
      • Legal issues
      • The arms race (rootkits, anti-anti-virus, etc.)
      • New platforms (cellular networks, wireless networks, mobile devices)
      • Camouflage and detection
      • Reverse engineering
      • Vulnerability markets and zero-day economics
      • Online money laundering
      • Understanding the enemy
      • Data collection challenges

    • SOUPS 2010 Symposium On Usable Privacy and Security, Redmond, WA, USA, July 14-16, 2010. (Submissions due 5 March 2010)

      The 2010 Symposium on Usable Privacy and Security (SOUPS) will bring together an interdisciplinary group of researchers and practitioners in human computer interaction, security, and privacy. We invite authors to submit original papers describing research or experience in all areas of usable privacy and security. Topics include, but are not limited to:

      • innovative security or privacy functionality and design
      • new applications of existing models or technology
      • field studies of security or privacy technology
      • usability evaluations of new or existing security or privacy features
      • security testing of new or existing usability features
      • longitudinal studies of deployed security or privacy features
      • the impact of organizational policy or procurement decisions
      • lessons learned from the deployment and use of usable privacy and security features

    • ESORICS 2010 15th European Symposium on Research in Computer Security, Athens, Greece, September 20-22, 2010. (Submissions due 1 April 2010)

      ESORICS is the annual European research event in Computer Security. The Symposium started in 1990 and has been held in several European countries, attracting a wide international audience from both the academic and industrial communities. Papers offering novel research contributions in computer security are solicited for submission to the Symposium. The primary focus is on original, high quality, unpublished research and implementation experiences. We encourage submissions of papers discussing industrial research and development. Papers should focus on topics such as:

      • Access Control
      • Accountability
      • Anonymity
      • Applied Cryptography
      • Attacks and Viral Software
      • Authentication and Delegation
      • Data Integrity
      • Database Security
      • Inference Control
      • Identity Management
      • Information Flow Control
      • Intrusion Tolerance
      • Formal Security Methods
      • Language-based Security
      • Network Security
      • Privacy Enhancing Technologies
      • Risk Analysis and Management
      • Secure Electronic Voting
      • Security Architectures
      • Security Economics
      • Security for Mobile Code
      • Security for Dynamic Coalitions
      • Security in Location Services
      • Security in Social Networks
      • Security Models
      • Security Verification
      • System Security
      • Trust Models and Management
      • Trust Theories
      • Trustworthy User Devices

    • SECURECOMM 2010 6th International Conference on Security and Privacy in Communication Networks, Singapore, September 7-10, 2010. (Submissions due 5 April 2010)

      SecureComm'10 seeks high-quality research contributions in the form of well developed papers. Topics of interest encompass research advances in ALL areas of secure communications and networking. Topics in other areas (e.g., formal methods, database security, secure software, applied cryptography) will also be considered if a clear connection to private or secure communications/networking is demonstrated.

   

  • The Technical Committee on Security and Privacy

   

  • Listing of academic positions available  by Cynthia Irvine
    (Nothing new since Cipher E92)

   

  • Staying in touch....

    • Information for Subscribers and Contributors

    • Who's where: recent address changes

    • Changing your email address?  Please send updates to cipher@ieee-security.org

   

  ---

  IEEE Computer Society's Technical Committee on Security and Privacy

  	TC home page	TC Officers
  	How to join the TC	TC publications available online
  	TC Publications for sale	Cipher past issues archive
  	IEEE Computer Society	Cipher Privacy Policy

  
  

  ---