Cipher Electronic Newsletter of the Technical Committe on    Security & Privacy A Technical Committee of the Computer Society of the IEEE  Electronic Issue (EI) 94,  January 19, 2010 Hilarie Orman,  Editor Book Reviews Sven Dietrich, Associate Editor Yong Guan, Calendar Editor

Contents:

• Letter from the Editor 
   

• Commentary and Opinion

  • Richard Austin's review of 24 Deadly Sins of Software Security: Programming Flaws and How to Fix Them by Michael Howard, David Leblanc and John Viega

  • Book reviews from past Cipher issues

  • News Items

    • NIST Key Management Publication

    • How you can build an eavesdropper for a quantum cryptosystem

    • RSA 768-bit Challenge Number Factored

    • German government warns against using Microsoft Internet Explorer

    • Announcements and correspondence from readers are always welcome

  • Conference Reports and Commentary from past Cipher issues

  • News items from past Cipher issues

 

• Conference and Workshop Announcements

  • Cipher calls-for-papers and calendar

  • Calendar
    (the calls-for-papers and the calendar announcements may differ slightly in content or time of update): 
  • 1/15/10: SACMAT, 15th ACM Symposium on Access Control Models and Technologies, Pittsburgh, PA, USA; Submissions are due
  • 1/16/10: SADFE, 5th International Workshop on Systematic Approaches to Digital Forensic Engineering, Held in conjunction with the IEEE Symposium on Security and Privacy (SP 2010), Oakland/Berkeley, CA, USA; Submissions are due
  • 1/20/10: Trust, 3rd International Conference on Trust and Trustworthy Computing, Berlin, Germany; Submissions are due
  • 1/22/10: ICDCS-SPCC, 1st International Workshop on Security and Privacy in Cloud Computing, Held in conjunction with the IEEE International Conference on Distributed Computing Systems (ICDCS 2010), Genoa, Italy; Submissions are due
  • 1/25/10- 1/28/10: FC, Financial Cryptography and Data Security, Tenerife, Canary Islands, Spain
  • 1/28/10- 1/29/10: WECSR, Workshop on Ethics in Computer Security Research, Held in conjunction with the 14th International Conference on Financial Cryptography and Data Security (FC 2010), Tenerife, Canary Islands, Spain
  • 1/31/10: IFIP-TC9-HCC9, IFIP TC-9 HCC-9 Stream on Privacy and Surveillance, Held in conjunction with the IFIP World Computer Congress 2010, Brisbane, Australia; Submissions are due
  • 2/ 1/10: International Journal of Secure Software Engineering (IJSSE), Special Issue on Software Safety & Dependability - the Art of Engineering Trustworthy Software; Submissions are due
  • 2/ 3/10: SECRYPT, 5th International Conference on Security and Cryptography, Athens, Greece; Submissions are due
  • 2/ 3/10- 2/ 4/10: ESSoS, 2nd International Symposium on Engineering Secure Software and Systems, Pisa, Italy
  • 2/ 4/10: D-SPAN, 1st International Workshop on Data Security and PrivAcy in wireless Networks, Held in conjunction with WoWMoM 2010, Montreal, QC, Canada; Submissions are due
  • 2/ 4/10- 2/ 5/10: COSADE, 1st Workshop on Constructive Side-channel analysis and Secure Design, Darmstadt, Germany
  • 2/ 5/10: ACNS, 8th International Conference on Applied Cryptography and Network Security, Beijing, China; Submissions are due
  • 2/ 5/10: DBSec, 24th Annual IFIP WG 11.3 Working Conference on Data and Applications Security, Rome, Italy; Submissions are due
  • 2/ 5/10: DIMVA, 7th Conference on Detection of Intrusions and Malware & Vulnerability Assessment, Bonn, Germany; Submissions are due
  • 2/ 5/10: USENIX-Security, 19th USENIX Security Symposium, Washington, DC, USA; Submissions are due
  • 2/ 7/10: EuroSec, European Workshop on System Security, Held in conjunction with the Annual ACM SIGOPS EuroSys conference, Paris, France; Submissions are due
  • 2/ 7/10: OWASP-AppSec-Research, OWASP AppSec Research 2010, Stockholm, Sweden; Submissions are due
  • 2/ 8/10: POLICY, IEEE International Symposium on Policies for Distributed Systems and Networks, Fairfax, Virginia, USA; Submissions are due
  • 2/15/10: SHPCS, 5th Workshop on Security and High Performance Computing Systems, Held in conjunction with the 6th International Wireless Communications and Mobile Computing Conference (IWCMC 2010), Caen, Normandy, France; Submissions are due
  • 2/15/10- 2/18/10: SecSE, 4th International Workshop on Secure Software Engineering, Held in conjunction with the 5th International Conference on Availability, Reliability and Security (ARES 2010), Krakow, Poland
  • 2/15/10- 2/18/10: SPattern, 4th International Workshop on Secure systems methodologies using patterns, Held in conjunction with the 5th International Conference on Availability, Reliability and Security (ARES 2010), Krakow, Poland
  • 2/17/10- 2/19/10: SNDS, 18th Euromicro International Conference on Parallel, Distributed and network-based Processing, Special Session on Security in Networked and Distributed Systems, Pisa, Italy
  • 2/22/10: Journal of Computer Security, Special Issue on RFID System Security; Submissions are due
  • 2/22/10: WEIS, 9th Workshop on the Economics of Information Security, Harvard University, Cambridge, MA, USA; Submissions are due
  • 2/22/10- 2/23/10: RFIDsec, The 2010 Workshop on RFID Security, Singapore
  • 2/22/10: TaPP, 2nd Workshop on the Theory and Practice of Provenance, Held in conjunction with the 8th USENIX Conference on File and Storage Technologies (FAST 2010), San Jose, CA, USA
  • 2/25/10: LEET, 3rd USENIX Workshop on Large-Scale Exploits and Emergent Threats: Botnets, Spyware, Worms, and More, Held in conjunction with the 7th USENIX Symposium on Networked Systems Design and Implementation (NSDI 2010), San Jose, CA, USA; Submissions are due
  • 2/26/10: TSP, 3rd IEEE International Symposium on Trust, Security and Privacy for Emerging Applications, Bradford, UK; Submissions are due
  • 2/28/10- 3/ 3/10: NDSS, 17th Annual Network & Distributed System Security Symposium, San Diego, CA, USA
  • 3/ 5/10: SOUPS, Symposium On Usable Privacy and Security, Redmond, WA, USA; Submissions are due
  • 3/ 7/10: MMM-ACNS, 5th International Conference on Mathematical Methods, Models, and Architectures for Computer Networks Security, St. Petersburg, Russia; Submissions are due
  • 3/13/10: IH, 12th Information Hiding Conference, Calgary, Alberta, Canada; Submissions are due
  • 3/14/10- 3/17/10: IFIP-CIP, 4th Annual IFIP WG 11.10 International Conference on Critical Infrastructure Protection, Fort McNair, Washington, DC, USA
  • 3/19/10: HOST, IEEE International Symposium on Hardware-Oriented Security and Trust, Anaheim, California, USA; Submissions are due
  • 3/22/10- 3/24/10: WiSec, 3rd ACM Conference on Wireless Network Security, Stevens Institute of Technology, Hoboken, NJ, USA
  • 3/22/10- 3/26/10: SAC-CF, 25th ACM Symposium on Applied Computing, Computer Forensics Track, Sierre, Switzerland
  • 3/22/10- 3/26/10: SAC-TRECK, 25th ACM Symposium on Applied Computing, Trust, Reputation, Evidence and other Collaboration Know-how Track, Sierre, Switzerland
  • 3/22/10- 3/26/10: SAC-ISRA, 25th ACM Symposium on Applied Computing, Information Security Research and Applications Track, Sierre, Switzerland
  • 3/22/10- 3/26/10: SAC-SEC, 25th ACM Symposium on Applied Computing, Computer Security Track, Sierre, Switzerland
  • 3/29/10- 4/ 2/10: SESOC, International Workshop on SECurity and SOCial Networking, Mannheim, Germany
  • 4/ 1/10: ESORICS, 15th European Symposium on Research in Computer Security, Athens, Greece; Submissions are due
  • 4/ 1/10: IDMAN, 2nd IFIP WG 11.6 Working Conference on Policies & Research in Identity Management, Oslo, Norway; Submissions are due
  • 4/ 2/10- 4/ 4/10: AH, 1st ACM Augmented Human International Conference, Megève ski resort, France
  • 4/ 3/10: PST, 8th International Conference on Privacy, Security and Trust, Ottawa, Canada; Submissions are due
  • 4/ 5/10: SECURECOMM, 6th International Conference on Security and Privacy in Communication Networks, Singapore; Submissions are due
  • 4/ 9/10: HealthSec, 1st USENIX Workshop on Health Security and Privacy, Washington, DC, USA; Submissions are due
  • 4/13/10: EuroSec, European Workshop on System Security, Held in conjunction with the Annual ACM SIGOPS EuroSys conference, Paris, France
  • 4/13/10- 4/14/10: WISTP, 4th Workshop on Information Security Theory and Practice, Passau, Germany;
  • 4/13/10- 4/15/10: IDtrust, 9th Symposium on Identity and Trust on the Internet, Gaithersburg, Maryland, USA
  • 4/13/10- 4/16/10: ASIACCS, 5th ACM Symposium on Information, Computer and Communications Security, Beijing, China
  • 4/20/10: RFIDSec, 6th Workshop on RFID Security, Istanbul, Turkey; Submissions are due
  • 4/20/10: SIN, 3rd International Conference on Security of Information and Networks, Taganrog, Rostov-on-Don, Russia; Submissions are due
  • 4/27/10: LEET, 3rd USENIX Workshop on Large-Scale Exploits and Emergent Threats: Botnets, Spyware, Worms, and More, Held in conjunction with the 7th USENIX Symposium on Networked Systems Design and Implementation (NSDI 2010), San Jose, CA, USA
  • 5/16/10- 5/19/10: SP, 31st IEEE Symposium on Security and Privacy, The Claremont Resort, Oakland/Berkeley, CA, USA
  • 5/20/10: SADFE 2010 5th International Workshop on Systematic Approaches to Digital Forensic Engineering, Held in conjunction with the IEEE Symposium on Security and Privacy (SP 2010), Oakland/Berkeley, CA, USA
  • 5/26/10- 5/28/10: MOBISEC, 2nd International ICST Conference on Security and Privacy in Mobile Information and Communication Systems, Catania, Sicily
  • 6/ 7/10- 6/ 8/10: WEIS, 9th Workshop on the Economics of Information Security, Harvard University, Cambridge, MA, USA
  • 6/ 8/10- 6/10/10: RFIDSec, 6th Workshop on RFID Security, Istanbul, Turkey; Submissions are due
  • 6/ 9/10- 6/11/10: SACMAT, 15th ACM Symposium on Access Control Models and Technologies, Pittsburgh, PA, USA
  • 6/13/10: SA&PS4CS, 1st International Workshop on Scientific Analysis and Policy Support for Cyber Security, Held in conjunction with the 5th International Conference on Mathematical Methods, Models, and Architectures for Computer Networks Security (MMM-ACNS 2010), St. Petersburg, Russia; Submissions are due
  • 6/13/10- 6/14/10: HOST, IEEE International Symposium on Hardware-Oriented Security and Trust, Anaheim, California, USA
  • 6/14/10: D-SPAN, 1st International Workshop on Data Security and PrivAcy in wireless Networks, Held in conjunction with WoWMoM 2010, Montreal, QC, Canada
  • 6/16/10- 6/18/10: IFIP-TM, 4th IFIP International Conference on Trust Management, Morioka, Japan
  • 6/21/10- 6/23/10: Trust, 3rd International Conference on Trust and Trustworthy Computing, Berlin, Germany
  • 6/21/10- 6/23/10: DBSec 2010 24th Annual IFIP WG 11.3 Working Conference on Data and Applications Security, Rome, Italy
  • 6/21/10- 6/24/10: OWASP-AppSec-Research, OWASP AppSec Research 2010, Stockholm, Sweden
  • 6/22/10- 6/25/10: ACNS, 8th International Conference on Applied Cryptography and Network Security, Beijing, China
  • 6/25/10: HST, 10th IEEE International Conference on Technologies for Homeland Security, Waltham, MA, USA; Submissions are due
  • 6/25/10: ICDCS-SPCC, 1st International Workshop on Security and Privacy in Cloud Computing, Held in conjunction with the IEEE International Conference on Distributed Computing Systems (ICDCS 2010), Genoa, Italy
  • 6/28/10- 6/20/10: IH, 12th Information Hiding Conference, Calgary, Alberta, Canada
  • 6/28/10- 7/ 2/10: SHPCS, 5th Workshop on Security and High Performance Computing Systems, Held in conjunction with the 6th International Wireless Communications and Mobile Computing Conference (IWCMC 2010), Caen, Normandy, France
  • 6/29/10- 7/ 1/10: TSP, 3rd IEEE International Symposium on Trust, Security and Privacy for Emerging Applications, Bradford, UK
  • 7/ 8/10- 7/ 9/10: DIMVA, 7th Conference on Detection of Intrusions and Malware & Vulnerability Assessment, Bonn, Germany
  • 7/14/10- 7/16/10: SOUPS, Symposium On Usable Privacy and Security, Redmond, WA, USA
  • 7/21/10- 7/23/10: POLICY, IEEE International Symposium on Policies for Distributed Systems and Networks, Fairfax, Virginia, USA
  • 7/26/10- 7/28/10: SECRYPT, 5th International Conference on Security and Cryptography, Athens, Greece
  • 8/10/10: HealthSec, 1st USENIX Workshop on Health Security and Privacy, Washington, DC, USA
  • 8/11/10- 8/13/10: USENIX-Security, 19th USENIX Security Symposium, Washington, DC, USA
  • 8/17/10- 8/19/10: PST, 8th International Conference on Privacy, Security and Trust, Ottawa, Canada
  • 9/ 6/10- 9/ 9/10: MMM-ACNS, 5th International Conference on Mathematical Methods, Models, and Architectures for Computer Networks Security, St. Petersburg, Russia
  • 9/ 7/10- 9/10/10: SECURECOMM, 6th International Conference on Security and Privacy in Communication Networks, Singapore
  • 9/ 7/10- 9/11/10: SIN, 3rd International Conference on Security of Information and Networks, Taganrog, Rostov-on-Don, Russia;
  • 9/ 9/10: SA&PS4CS, 1st International Workshop on Scientific Analysis and Policy Support for Cyber Security, Held in conjunction with the 5th International Conference on Mathematical Methods, Models, and Architectures for Computer Networks Security (MMM-ACNS 2010), St. Petersburg, Russia
  • 9/20/10- 9/22/10: ESORICS, 15th European Symposium on Research in Computer Security, Athens, Greece
  • 9/20/10- 9/23/10: IFIP-TC9-HCC9, IFIP TC-9 HCC-9 Stream on Privacy and Surveillance, Held in conjunction with the IFIP World Computer Congress 2010, Brisbane, Australia
  • 11/ 8/10-/11/10/10: HST, 10th IEEE International Conference on Technologies for Homeland Security, Waltham, MA, USA
  • 11/19/10-/11/19/10: IDMAN, 2nd IFIP WG 11.6 Working Conference on Policies & Research in Identity Management, Oslo, Norway
  • new calls or announcements added since Cipher E93

  • SACMAT 2010 15th ACM Symposium on Access Control Models and Technologies, Pittsburgh, PA, USA, June 9-11, 2010. (Submissions due 15 January 2010)

    Papers offering novel research contributions in all aspects of access control are solicited for submission to the ACM Symposium on Access Control Models and Technologies (SACMAT). The missions of the symposium are to share novel access control solutions that fulfill the needs of heterogeneous applications and environments and to identify new directions for future research and development. SACMAT gives researchers and practitioners a unique opportunity to share their perspectives with others interested in the various aspects of access control. Topic of Interest include:

    • Access control models and extensions
    • Access control requirements
    • Access control design methodology
    • Access control mechanisms, systems, and tools
    • Access control in distributed and mobile systems
    • Access control for innovative applications
    • Administration of access control policies
    • Delegation
    • Identity management
    • Policy/Role Engineering
    • Safety analysis and enforcement
    • Standards for access control
    • Trust management
    • Trust models
    • Theoretical foundations for access control models
    • Usage control

  • SADFE 2010 5th International Workshop on Systematic Approaches to Digital Forensic Engineering, Held in conjunction with the IEEE Symposium on Security and Privacy (SP 2010), Oakland/Berkeley, CA, USA, May 20, 2010. (Submissions due 16 January 2010)

    The SADFE (Systematic Approaches to Digital Forensic Engineering) Workshop promotes systematic approaches to computer investigations, by furthering the advancement of digital forensic engineering as a disciplined science and practice. Most previous SADFE papers have emphasized cyber crime investigations and digital forensics tools. While these are still key topics of the meeting, we also welcome digital forensics papers that do not necessarily involve either crime or digital forensics tools. General attack analysis, the insider threat, insurance and compliance investigations, similar forms of retrospective analysis, and digital discovery are all viable topics. Digital forensic engineering is the application of scientific principles to the collection and analysis of digital artifacts, either for use within the legal system or to aid in understanding past events with the goal of improving computer system security.

  • TRUST 2010 3rd International Conference on Trust and Trustworthy Computing, Berlin, Germany June 21-23, 2010. (Submissions due 20 January 2010)

    Building on the success of Trust 2009 (held at Oxford, UK) and Trust 2008 ( Villach, Austria), this conference focuses on trusted and trustworthy computing, both from the technical and social perspectives. The conference itself will have two main strands, one devoted to technical aspects and one devoted to the socio-economic aspects of trusted computing. This call for papers is for contributions to the technical strand - a separate call is issued for contributions to the socio-economic strand of the conference. The conference solicits original papers on any aspect of the design and application of trusted and trustworthy computing, which concerns a broad range of concepts including trustworthy infrastructures, services, hardware, software and protocols. Topics of interest include, but are not limited to:

    • Architecture and implementation technologies for trusted platforms and trustworthy infrastructures
    • Mobile trusted computing
    • Implementations of trusted computing (covering both hardware and software)
    • Applications of trusted computing
    • Trustworthy infrastructures and services for cloud computing
    • Attestation and possible variants (e.g., property-based attestation, runtime attestation)
    • Cryptographic aspects of trusted computing
    • Security hardware, i.e., hardware with cryptographic and security functions, including physically unclonable functions (PUFs)
    • Hardware Trojans (detection, prevention)
    • Intrusion resilience in trusted computing
    • Virtualisation for trusted platforms
    • Security policy and management of trusted computing
    • Access control for trusted platforms
    • Privacy aspects of trusted computing
    • Verification of trusted computing architectures
    • End-user interactions with trusted platforms
    • Limitations of trusted computing

  • ICDCS-SPCC 2010 1st International Workshop on Security and Privacy in Cloud Computing, Held in conjunction with the IEEE International Conference on Distributed Computing Systems (ICDCS 2010), Genoa, Italy, June 25, 2010. (Submissions due 22 January 2010)

    Cloud computing has recently emerged as a new information technology infrastructure. In cloud computing, information is permanently stored in large data centers on the Internet and temporarily accessed and cached on clients that include desktops and portable PCs, sensors, etc. With the "cloud" as a metaphor for the Internet, cloud computing promises to deliver massively scalable IT-enabled data, software, and hardware capabilities as a service to external clients using Internet technologies. Cloud computing has been envisioned as the key technology to achieve economies of scale in the deployment and operation of IT solutions. Cloud computing has unique attributes that raise many security and privacy challenges in areas such as data security, recovery, and privacy, as well as legal issues in areas such as regulatory compliance and auditing. In contrast to traditional enterprise IT solutions, where the IT services are under proper physical, logical and personnel controls, cloud computing moves the application software and databases to the servers in large data centers on the Internet, where the management of the data and services are not fully trustworthy. When clients store their data on the server without themselves possessing a copy of it, how the integrity of the data can be ensured if the server is not fully trustworthy? Will encryption solve the data confidentiality problem of sensitive data? How will encryption affect dynamic data operations such as query, insertion, modification, and deletion? Data in the cloud is typically in a shared environment alongside data from other clients. How the data segregation should be done, while data are stored, executed, and transmitted? How the virtulized resources is being managed and secured in the cloud? Due to the fundamental paradigm shift in cloud computing, many security concerns have to be better understood, unanticipated vulnerabilities identified, and viable solutions to critical threats devised, before the wide deployment of cloud computing techniques can take place. Topics of interests include (but are not limited to) the following subject categories:

    • Secure management of virtualized cloud resources
    • Secure network architecture for cloud computing
    • Joint security and privacy aware cloud protocol design
    • Access control and key management
    • Trust and policy management in clouds
    • Identification and privacy in cloud
    • Remote data integrity protection
    • Secure computation outsourcing
    • Dynamic data operation security
    • Software and data segregation security
    • Failure detection and prediction
    • Secure data management within and across data centers
    • Availability, recovery and auditing
    • Secure wireless cloud

  • IFIP-TC9-HCC9 2010 IFIP TC-9 HCC-9 Stream on Privacy and Surveillance, Held in conjunction with the IFIP World Computer Congress 2010, Brisbane, Australia, September 20-23, 2010. (Submissions due 31 January 2010)

    New technical and legal developments pose greater and greater privacy dilemmas. Governments have in the recent years increasingly established and legalised surveillance schemes in form of data retention, communication interception or CCTVs for the reason of fighting terrorism or serious crimes. Surveillance Monitoring of individuals is also a threat in the private sector: Private organisations are for instance increasingly using profiling and data mining techniques for targeted marketing, analysing customer buying predictions or social sorting. Work place monitoring practices allow surveillance of employees. Emerging pervasive computing technologies, where individuals are usually unaware of a constant data collection and processing in their surroundings, will even heighten the problem that individuals are effectively losing control over their personal spheres. At a global scale, Google Earth and other corporate virtual globes may have dramatic consequences for the tracking and sorting of individuals. With CCTV, the controlling power of surveillance is in few hands. With live, high resolution imagery feeds from space in the near future, massive surveillance may soon be available to everybody, a development whose consequences we do not yet grasp. New means of surveillance are also enabled by social networks, in which individuals are publishing many intimate personal details about themselves and others. Such social networks are today already frequently analysed by employers, marketing industry, law enforcement or social engineering. The aim of this conference stream is to discuss and analyse such privacy risks of surveillance for humans and society as well as countermeasures for protecting the individuals' rights to informational self-determination from multi-disciplinary perspectives. We are therefore especially inviting the submissions of papers addressing privacy aspects in relation to topics such as (but not limited to):

    • Surveillance technologies
    • Corporate virtual globes (Google Earth and Microsoft Virtual Earth)
    • Profiling & data mining
    • Ambient Intelligence, RFID
    • GPS, Location-Based Services
    • Social Network Analysis
    • ID cards
    • Biometrics
    • Data sharing
    • Visual surveillance
    • Workplace monitoring
    • Communication interception
    • Data retention
    • Anonymity & Pseudonymity
    • Privacy-enhancing technologies
    • Privacy-enhancing Identity Management

  • International Journal of Secure Software Engineering (IJSSE), Special Issue on Software Safety & Dependability - the Art of Engineering Trustworthy Software, January 2011. (Submission Due 1 February 2010)

    Guest editor: Lei Wu (University of Houston-Clear Lake, Houston, Texas, U.S.A) and Yi Feng (Algoma University, Sault Ste. Marie, Ontario, Canada)
    
    Software Safety is an element of the total safety program. It optimizes system safety & dependability in the design, development, use, and maintenance of software systems and their integration with safety critical application systems in an operational environment. Increasing size and complexity of software systems makes it harder to ensure their dependability. At the same time, the issues of safety become more critical as we more and more rely on software systems in our daily life. These trends make it necessary to support software engineers with a set of techniques and tools for developing dependable, trustworthy software. Software safety cannot be allowed to function independently of the total effort. Both simple and highly integrated multiple systems are experiencing an extraordinary growth in the use of software to monitor and/or control safety-critical subsystems or functions. A software specification error, design flaw, or the lack of generic safety-critical requirements can contribute to or cause a system failure or erroneous human decision. To achieve an acceptable level of dependability goals for software used in critical applications, software safety engineering must be given primary emphasis early in the requirements definition and system conceptual design process. Safety-critical software must then receive continuous management emphasis and engineering analysis throughout the development and operational lifecycles of the system. In this special issue, we are seeking insights in how we can confront the challenges of software safety & dependability issues in developing dependable, trustworthy software systems. Some suggested areas include, but not limited to:

    • Safety consistent with mission requirements
    • Secure software engineering with software security & trustworthy software development
    • State-of-arts literature review of technology dealing with software system security
    • Identify and analysis of safety-critical functionality of complex systems
    • Intrusion detection, security management , applied cryptography
    • Derive hazards and design safeguards for mitigations
    • Safety-Critical functions design and preliminary hazards analysis
    • Identification, evaluation, and elimination techniques for hazards associated with the system and its software, throughout the lifecycle
    • Complexity of safety critical interfaces, software components
    • Sound secure software engineering principles that apply to the design of the software-user interface to minimize the probability of human error
    • Failure & hazard models, including hardware, software, human and system are addressed in the design of the software
    • Software testing techniques targeting at software safety issues at different levels of testing

  • SECRYPT 2010 5th International Conference on Security and Cryptography, Athens, Greece, July 26-28, 2010. (Submissions due 3 February 2010)

    SECRYPT is an annual international conference covering research in information and communication security. The 5th International Conference on Security and Cryptography will be held in Athens, Greece. The conference seeks submissions from academia, industry, and government presenting novel research on all theoretical and practical aspects of data protection, privacy, applications security, and cryptography. Papers describing the application of security technology, the implementation of systems, and lessons learned are also encouraged. Areas of interest include, but are not limited to:

    • Data and Application Security and Privacy
    • Access Control and Intrusion Detection
    • Network Security and Protocols
    • Cryptographic Techniques and Key Management
    • Information Assurance
    • Security in Information Systems and Software Engineering

  • D-SPAN 2010 1st International Workshop on Data Security and PrivAcy in wireless Networks, Held in conjunction with WoWMoM 2010, Montreal, QC, Canada, June 14, 2010. (Submissions due 4 February 2010)

    This workshop is focused on defining new problems and developing novel techniques for data security and privacy issues in wireless and mobile networks. With the emergence of data-intensive wireless networks such as wireless sensor networks and data-centric mobile applications such as location-based services, the traditional boundaries between these three disciplines are blurring. This workshop solicits papers from two main categories: (1) papers that consider the security and privacy of data collection, transmission, storage, publishing, and sharing in wireless networks broadly defined, e.g., MANET, cellular, vehicular, ad hoc, cognitive, as well as sensor networks, and (2) papers that use data analytics techniques to address security and privacy problems in wireless networks. The workshop provides a venue for researchers to present new ideas with impact on three communities - wireless networks, databases, and security. The list of topics includes, but not limited to:

    • Fundamental theory of a security network science
    • Key exchange, distribution and management in wireless networks
    • Location privacy in wireless networks
    • Secure data collection and aggregation for wireless sensor networks
    • Secure data collection in body-area networks
    • Secure data processing in mobile ad-hoc networks (MANET)
    • Secure query processing over wireless sensor networks
    • Security and privacy of RFID systems
    • Security and privacy for data streaming
    • Security for cognitive radio networks
    • Tradeoffs between Security and Communication Performance

  • ACNS 2010 8th International Conference on Applied Cryptography and Network Security, Beijing, China, June 22-25, 2010. (Submissions due 5 February 2010)

    Original papers on all aspects of applied cryptography and network security are solicited for submission to ACNS '10. Topics of relevance include but are not limited to:

    • Applied cryptography and provably-secure cryptographic protocols
    • Design and analysis of efficient cryptographic primitives: public-key and symmetric-key cryptosystems, block ciphers, and hash functions
    • Network security protocols
    • Techniques for anonymity; trade-offs between anonymity and utility
    • Integrating security into the next-generation Internet: DNS security, routing, naming, denial-of-service attacks, TCP/IP, secure multicast
    • Economic fraud on the Internet: phishing, pharming, spam, and click fraud
    • Email and web security
    • Public key infrastructure, key management, certification, and revocation
    • Security and privacy for emerging technologies: sensor networks, mobile (ad hoc) networks, peer-to-peer networks, bluetooth, 802.11, RFID
    • Trust metrics and robust trust inference in distributed systems
    • Security and usability
    • Intellectual property protection and digital rights management
    • Modeling and protocol design for rational and malicious adversaries
    • Automated analysis of protocols

  • DBSec 2010 24th Annual IFIP WG 11.3 Working Conference on Data and Applications Security, Rome, Italy, June 21-23, 2010. (Submissions due 5 February 2010)

    DBSec is an annual international conference covering research in data and applications security and privacy. The 24th Annual IFIP WG 11.3 Working Conference on Data and Applications Security (DBSec 2010) will be held in Rome, Italy. The conference seeks submissions from academia, industry, and government presenting novel research on all theoretical and practical aspects of data protection, privacy, and applications security. Topics of interest include, but are not limited to:

    • access control
    • anonymity
    • applied cryptography in data security
    • authentication
    • data and system integrity
    • data protection
    • database security
    • digital rights management
    • identity management
    • intrusion detection
    • knowledge discovery and privacy
    • methodologies for data and application security
    • network security
    • organizational security
    • privacy
    • secure cloud computing
    • secure distributed systems
    • secure information integration
    • secure Web services
    • security and privacy in IT outsourcing
    • security and privacy in location-based services
    • security and privacy in P2P scenarios and social networks
    • security and privacy in pervasive/ubiquitous computing
    • security and privacy policies
    • security management
    • security metrics
    • threats, vulnerabilities, and risk management
    • trust and reputation systems
    • trust management
    • wireless and mobile security

  • DIMVA 2010 7th Conference on Detection of Intrusions and Malware & Vulnerability Assessment, Bonn, Germany, July 8-9, 2010. (Submissions due 5 February 2010)

    The annual DIMVA conference serves as a premier forum for advancing the state of the art in intrusion detection, malware detection, and vulnerability assessment. DIMVA's scope includes, but is not restricted to the following areas:
    Intrusion Detection
    

    • Novel approaches & new environments
    • Insider detection
    • Prevention and response
    • Data leakage
    • Result correlation & cooperation
    • Evasion attacks
    • Potentials & limitations
    • Operational experiences
    • Privacy, legal & social aspects
    Malware
    
    • Automated analysis, reversing & execution tracing
    • Containment & sandboxed operation
    • Acquisition of specimen
    • Infiltration
    • Behavioral models
    • Prevention & containment
    • Trends & upcoming risks
    • Forensics & recovery
    • Economic aspects
    Vulnerability Assessment
    
    • Vulnerability detection & analysis
    • Vulnerability prevention
    • Web application security
    • Fuzzing techniques
    • Classification & evaluation
    • Situational awareness

  • USENIX-Security 2010 19th USENIX Security Symposium, Washington, DC, USA, August 11-13, 2010. (Submissions due 5 February 2010)

    The USENIX Security Symposium brings together researchers, practitioners, system administrators, system programmers, and others interested in the latest advances in the security of computer systems and networks. All researchers are encouraged to submit papers covering novel and scientifically significant practical works in security or applied cryptography.

  • EuroSec 2010 European Workshop on System Security, Held in conjunction with the Annual ACM SIGOPS EuroSys conference, Paris, France, April 13, 2010. (Submissions due 7 February 2010)

    The workshop aims to bring together researchers, practitioners, system administrators, system programmers, and others interested in the latest advances in the security of computer systems and networks. The focus of the workshop is on novel, practical, systems-oriented work. EuroSec seeks contributions on all aspects of systems security. Topics of interest include (but are not limited to):

    • Operating systems security
    • Web/network/distributed systems security
    • New attacks and evasion techniques
    • Hardware architectures
    • Trusted computing and its applications
    • Identity management, anonymity
    • Small trusted computing bases
    • Mobile systems security
    • Measuring security
    • Malicious code analysis and detection
    • Systems-based forensics
    • Systems work on fighting spam/phishing

  • OWASP-AppSec-Research 2010 OWASP AppSec Research 2010, Stockholm, Sweden, June 21-24, 2010. (Submissions due 7 February 2010)

    OWASP AppSec Research focuses on web application security and invites both academia and industry. The conference features a full-paper research track published by Springer-Verlag (LNCS) as well as industry talks and demos. OWASP (the Open Web Application Security Project) is an open community dedicated to enabling organizations to develop, purchase, and maintain applications that can be trusted. We encourage the publication and presentation of new tools, new methods, empirical data, novel ideas, and lessons learned in the following areas:

    • Web application security
    • Security aspects of new/emerging web technologies/paradigms (mashups, web 2.0, offline support, etc)
    • Security in web services, REST, and service oriented architectures
    • Security in cloud-based services
    • Security of frameworks (Struts, Spring, ASP.Net MVC etc)
    • New security features in platforms or languages
    • Next-generation browser security
    • Security for the mobile web
    • Secure application development (methods, processes etc)
    • Threat modeling of applications
    • Vulnerability analysis (code review, pentest, static analysis etc)
    • Countermeasures for application vulnerabilities
    • Metrics for application security
    • Application security awareness and education

  • POLICY 2010 IEEE International Symposium on Policies for Distributed Systems and Networks, Fairfax, Virginia, USA, July 21-23, 2010. (Submissions due 8 February 2010)

    The symposium brings together researchers and practitioners working on policy-based systems across a range of application areas including policy-based networking, privacy and security management, storage area networking, and enterprise systems. POLICY 2010 has grown out of a highly successful series of workshops and this is recognized by the elevation of the event to an IEEE symposium. POLICY 2010 invites novel contributions on all aspects of policy-based management. Topics of interest include (but are not limited to):

    • Privacy and Security
    • Policy Models and Languages
    • Policy Applications

  • SHPCS 2010 5th Workshop on Security and High Performance Computing Systems, Held in conjunction with the 6th International Wireless Communications and Mobile Computing Conference (IWCMC 2010), Caen, Normandy, France, June 28 - July 2, 2010. (Submissions due 15 February 2010)

    Providing high performance computing and security is a challenging task. Internet, operating systems and distributed environments currently suffer from poor security support and cannot resist common attacks. Adding security measures typically degrade performance. This workshop addresses relationships between security and high performance computing systems in three directions. First, it considers how to add security properties (authentication, confidentiality, integrity, non-repudiation, access control) to high performance computing systems. In this case, safety properties can also be addressed, such as availability and fault tolerance for high performance computing systems. Second, it covers how to use high performance computing systems to solve security problems. For instance, a grid computation can break an encryption code, or a cluster can support high performance intrusion detection. More generally, this topic addresses every efficient use of a high performance computing systems to improve security. Third, it investigates the tradeoffs between maintaining high performance and achieving security in computing systems and solutions to balance the two objectives. In all these directions, various performance analyses or monitoring techniques can be conducted to show the efficiency of a security infrastructure. The workshop seeks submissions from academia and industry presenting novel research on all theoretical and practical aspects of computer and network security, as well as case studies and implementation experiences. Papers should have practical relevance to the construction, evaluation, application, or operation of secure systems. The Workshop topics include (but are not limited to) the following:

    • Access Control
    • Accounting and Audit
    • Anonymity
    • Applied Cryptography
    • Authentication
    • Cloud Security
    • Commercial and Industry Security
    • Cryptographic Protocols
    • Data and Application Security
    • Data/System Integrity
    • Database Security
    • Digital Rights Management
    • Formal Verification of Secure Systems
    • Identity Management
    • Inference/Controlled Disclosure
    • Information Warfare
    • Intellectual Property Protection
    • Intrusion and Attack Detection
    • Intrusion and Attack Response
    • Key Management
    • Privacy-Enhancing Technology
    • Secure Networking
    • Secure System Design
    • Security Monitoring & Management
    • Security for Mobile Code
    • Security for Specific Domains (e.g., E-Government, E-Business, P2P)
    • Security in IT Outsourcing
    • Security in Mobile and Wireless Networks
    • Security in Untrusted & Adversarial Environments and Systems
    • Security in Operating Systems
    • Security Location Services
    • Security of Grid and Cluster Architectures
    • Security Visualization
    • Smartcards
    • Trust Management Policies
    • Trust Models
    • Web Security
    • Web Services Security

  • Journal of Computer Security, Special Issue on RFID System Security, 4th Quarter, 2010. (Submission Due 22 February 2010)

    Guest editor: Yingjiu Li (Singapore Management University, Singapore) and Jianying Zhou (Institute for Infocomm Research, Singapore) Besides selected papers (after significant extensions) from the 2010 Workshop on RFID Security (RFIDsec'10 Asia), other papers representing original research in the theory and practice concerning RFID system security are solicited for this special issue in Journal of Computer Security (IOS Press). Topics of interest include, but are not limited to:

    • New applications for secure RFID systems
    • Data protection and privacy-enhancing techniques for RFID
    • Cryptographic protocols for RFID (Authentication protocols, Key update mechanisms, Scalability issues)
    • Integration of secure RFID systems (Middleware and security, Public-key infrastructures)
    • Resource-efficient implementation of cryptography (Small-footprint hardware, Low-power architectures)
    • Attacks on RFID systems such as RFID malwares
    • RFID security hardware such as RFID with PUF
    • Trust model, data protection and sharing for EPCglobal Network

  • WEIS 2010 9th Workshop on the Economics of Information Security, Harvard University, Cambridge, MA, USA, June 7-8, 2010. (Submissions due 22 February 2010)

    The Workshop on the Economics of Information Security (WEIS) is the leading forum for interdisciplinary scholarship on information security, combining expertise from the fields of economics, social science, business, law, policy and computer science. Prior workshops have explored the role of incentives between attackers and defenders, identified market failures dogging Internet security, and assessed investments in cyber-defense. This workshop will build on past efforts using empirical and analytic tools to not only understand threats, but also strengthen security through novel evaluations of available solutions. How should information risk be modeled given the constraints of rare incidence and high interdependence? How do individuals' and organizations' perceptions of privacy and security color their decision making? How can we move towards a more secure information infrastructure and code base while accounting for the incentives of stakeholders? We encourage economists, computer scientists, business school researchers, legal scholars, security and privacy specialists, as well as industry experts to submit their research and attend the workshop. Suggested topics include (but are not limited to) empirical and theoretical studies of:

    • Optimal investment in information security
    • Online crime (including botnets, phishing and spam)
    • Models and analysis of online crime
    • Risk management and cyberinsurance
    • Security standards and regulation
    • Cybersecurity policy
    • Privacy, confidentiality and anonymity
    • Behavioral security and privacy
    • Security models and metrics
    • Psychology of risk and security
    • Vulnerability discovery, disclosure, and patching
    • Cyberwar strategy and game theory
    • Incentives for information sharing and cooperation

  • LEET 2010 3rd USENIX Workshop on Large-Scale Exploits and Emergent Threats: Botnets, Spyware, Worms, and More, Held in conjunction with the 7th USENIX Symposium on Networked Systems Design and Implementation (NSDI 2010), San Jose, CA, USA, April 27, 2010. (Submissions due 25 February 2010)

    LEET aims to provide a unique forum for the discussion of threats to the confidentiality of our data, the integrity of digital transactions, and the dependability of the technologies we increasingly rely on. We encourage submissions of papers that focus on the malicious activities themselves (e.g., reconnaissance, exploitation, privilege escalation, rootkit installation, attack), our responses as defenders (e.g., prevention, detection, and mitigation), or the social, political, and economic goals driving these malicious activities and the legal and ethical codes guiding our defensive responses. Topics of interest include but are not limited to:

    • Infection vectors for malware (worms, viruses, etc.)
    • Botnets, command, and control channels
    • Spyware
    • Operational experience
    • Forensics
    • Click fraud
    • Measurement studies
    • New threats and related challenges
    • Boutique and targeted malware
    • Phishing
    • Spam
    • Underground markets
    • Carding and identity theft
    • Miscreant counterintelligence
    • Denial-of-service attacks
    • Hardware vulnerabilities
    • Legal issues
    • The arms race (rootkits, anti-anti-virus, etc.)
    • New platforms (cellular networks, wireless networks, mobile devices)
    • Camouflage and detection
    • Reverse engineering
    • Vulnerability markets and zero-day economics
    • Online money laundering
    • Understanding the enemy
    • Data collection challenges

  • TSP 2010 3rd IEEE International Symposium on Trust, Security and Privacy for Emerging Applications, Bradford, UK, June 29-July 1, 2010. (Submissions due 26 February 2010)

    Satisfying user requirements for trust, security and privacy in an efficient way is one of the first considerations for almost all emerging applications, using emerging technologies such as pervasive computing, peer to peer computing, grid computing, cloud computing, virtualization and, mobile and wireless technologies. Challenges arise as emerging applications evolve to provide more scalable and comprehensive services. One of the biggest challenges is that traditional security technologies and measures may not meet user requirements in open, dynamic, heterogeneous, and distributed computing environments. Therefore, we need to build networks and systems in which emerging applications allow users to enjoy more scalable and comprehensive services while preserving trust, security and privacy at the same time. TSP-10 aims at bringing together researchers and practitioners in the world working on trust, security, privacy, and related issues such as technical, social, and cultural implications for all emerging devices, services, applications, networks, and systems, and providing a forum for them to present and discuss emerging ideas and trends in this highly challenging research area.

  • SOUPS 2010 Symposium On Usable Privacy and Security, Redmond, WA, USA, July 14-16, 2010. (Submissions due 5 March 2010)

    The 2010 Symposium on Usable Privacy and Security (SOUPS) will bring together an interdisciplinary group of researchers and practitioners in human computer interaction, security, and privacy. We invite authors to submit original papers describing research or experience in all areas of usable privacy and security. Topics include, but are not limited to:

    • innovative security or privacy functionality and design
    • new applications of existing models or technology
    • field studies of security or privacy technology
    • usability evaluations of new or existing security or privacy features
    • security testing of new or existing usability features
    • longitudinal studies of deployed security or privacy features
    • the impact of organizational policy or procurement decisions
    • lessons learned from the deployment and use of usable privacy and security features

  • MMM-ACNS 2010 5th International Conference on Mathematical Methods, Models, and Architectures for Computer Networks Security, St. Petersburg, Russia, September 6-9, 2010. (Submissions due 7 March 2010)

    MMM-ACNS-2010 aims at bringing together leading researchers from academia and governmental organizations as well as practitioners to advance the states of the art and practice in the area of computer networks and information security with a focus on novel theoretical aspects of computer network security, facilitate personal interactions and discussions on various aspects of information technologies in conjunction with computer network and information security problems arising in large-scale computer networks. MMM-ACNS-2010's scope includes, but is not restricted to the following areas:

    • Adaptive security
    • Anti-malware techniques: detection, analysis, prevention
    • Anti-phishing, anti-spam, anti-fraud, anti-botnet techniques
    • Authentication, Authorization and Access Control
    • Computer and network forensics
    • Covert channels
    • Critical infrastructure protection
    • Data and application security
    • Data mining, machine learning, and bio-inspired approaches for security
    • Deception systems and honeypots
    • Denial-of-service attacks and countermeasures
    • Digital Rights Management
    • eCommerce, eBusiness and eGovernment security
    • Formal analysis of security properties
    • Information warfare
    • Internet and web security
    • Intrusion prevention, detection, and response
    • Language-based security
    • Network survivability
    • New ideas and paradigms for security
    • Operating system security
    • Security and privacy in pervasive and ubiquitous computing
    • Security event processing and predictive security monitoring
    • Security for cloud computing
    • Security for large-scale systems and critical infrastructures
    • Security of emerging technologies: sensor, wireless/mobile, peer-to-peer and overlay networks
    • Security of autonomous agents and multi-agent systems
    • Security modeling and simulation
    • Security policies
    • Security protocols
    • Security verification
    • Self-protecting and healing
    • Software protection
    • Trusted computing
    • Trust and reputation management
    • Vulnerability assessment, risk analysis and risk management

  • IH 2010 12th Information Hiding Conference, Calgary, Alberta, Canada, June 28 - 30, 2010. (Submissions due 13 March 2010)

    For many years, Information Hiding has captured the imagination of researchers. Digital watermarking and steganography protect information, conceal secrets or are used as core primitives in digital rights management schemes. Steganalysis and forensics pose important challenges to investigators; and privacy techniques try to hide relational information such as the actors' identities in anonymous communication systems. These and other topic share the notion that security is defined by the difficulty to make (or avoid) inference on certain properties of host data, which therefore has to be well understood and modeled. Current research themes include:

    • Anonymity and privacy
    • Covert/subliminal channels
    • Digital rights management
    • Fingerprinting and embedding codes
    • Multimedia and document security
    • Multimedia forensics and counter forensics
    • Novel applications of information hiding
    • Other data hiding domains (e.g. text, software, etc.)
    • Security metrics for information hiding
    • Steganography and steganalysis
    • Theoretical aspects of information hiding and detection
    • Watermarking (algorithms, security, attacks)

  • HOST 2010 IEEE International Symposium on Hardware-Oriented Security and Trust, Anaheim, California, USA, June 13-14, 2010. (Submissions due 19 March 2010)

    HOST covers security and trust issues in all types of electronic devices and systems such as ASICs, COTS, FPGAs, microprocessors/DSPs, and embedded systems. The mission of HOST is to provide a forum for the presentation and discussion of research that is of critical significance to the security of, and trust in, modern society's microelectronic-supported infrastructures. Papers and presentations that address any of the following "hot topics" are of high interest to the symposium. Papers addressing HOST issues outside of these areas will be considered equally relevant in the review process:

    • Trojan Detection and Isolation
    • Authenticating Foundry of Origin
    • Side Channel Analysis/Attacks
    • Watermarking
    • FPGA Design Security
    • Hardware focused Cryptography
    • IC Metering
    • Physical Unclonable Functions
    • Embedded and Distributed Systems Security
    • Hardware Intrusion Detection and Prevention
    • Security Engineering
    • Scan chain Encryption

  • ESORICS 2010 15th European Symposium on Research in Computer Security, Athens, Greece, September 20-22, 2010. (Submissions due 1 April 2010)

    ESORICS is the annual European research event in Computer Security. The Symposium started in 1990 and has been held in several European countries, attracting a wide international audience from both the academic and industrial communities. Papers offering novel research contributions in computer security are solicited for submission to the Symposium. The primary focus is on original, high quality, unpublished research and implementation experiences. We encourage submissions of papers discussing industrial research and development. Papers should focus on topics such as:

    • Access Control
    • Accountability
    • Anonymity
    • Applied Cryptography
    • Attacks and Viral Software
    • Authentication and Delegation
    • Data Integrity
    • Database Security
    • Inference Control
    • Identity Management
    • Information Flow Control
    • Intrusion Tolerance
    • Formal Security Methods
    • Language-based Security
    • Network Security
    • Privacy Enhancing Technologies
    • Risk Analysis and Management
    • Secure Electronic Voting
    • Security Architectures
    • Security Economics
    • Security for Mobile Code
    • Security for Dynamic Coalitions
    • Security in Location Services
    • Security in Social Networks
    • Security Models
    • Security Verification
    • System Security
    • Trust Models and Management
    • Trust Theories
    • Trustworthy User Devices

  • IDMAN 2010 2nd IFIP WG 11.6 Working Conference on Policies & Research in Identity Management, Oslo, Norway, November 18-19, 2010. (Submissions due 1 April 2010)

    Papers offering research contributions focusing on identity management in general and surveillance and monitoring in particular are solicited for submission to the 2nd IFIP WG-11.6 International Conference on Identity Management. Papers may present theory, applications or practical experiences in the field of national identity management, from both a technical and a social perspective, including, but not necessarily limited to:

    • History
    • Law
    • Philosophical and ethical aspects
    • Economics Impact of surveillance and monitoring in both the physical world and in cyberspace
    • Impact on society and politics
    • Impact on e-government and e-government applications
    • Consecutive developments in social tracking, -tracing and -sorting
    • Quality of identity management in general
    • Quality identity data, processes and applications
    • Security and identity management
    • User centered, usable and inclusive identity management
    • Attacks on identity management infrastructure and procedures Central storage of general and biometric identity data
    • Effectiveness of surveillance and monitoring in fighting terrorism, international crime and human trafficking
    • Methods of identification and authentication
    • Models of identification procedures
    • Models of inclusive identification and authentication procedures
    • Government PKI
    • (Possible) role of pseudonymous and anonymous identity in identity management
    • Electronic Ids European and worldwide policies and cooperation in the field of identity management and surveillance and monitoring
    • (Inter)national policies on unique identifiers /social security numbers / personalisation IDs
    • (Inter)national applications of biometrics
    • Vulnerabilities of electronic identification protocols
    • Federative identity management and de-perimetrization
    • Fraud, fraud detection, fraud resistence of technologies
    • Biometric verification, assurance, metrics and measurements
    • Fraud resistance of biometrics
    • Junction between (large scale) applications of identity management and surveillance and monitoring
    • Data Protection
    • Privacy and Privacy Enhancing Technologies (PETs) in identity management
    • Privacy Intrusion Technologies (PITs) in identity management
    • Privacy side-effects and privacy risks assessment of identity management Intelligence and (inter)national threats
    • Impersonation, identity fraud, identity forge and identity theft
    • Tracing, monitoring and forensics

  • PST 2010 8th International Conference on Privacy, Security and Trust, Ottawa, Canada, August 17-19, 2010. (Submissions due 3 April 2010)

    PST2010 provides a forum for researchers world-wide to unveil their latest work in privacy, security and trust and to show how this research can be used to enable innovation. This year's theme is "Privacy, Security and Trust by Design: PbD - The Gold Standard." With the growth and ubiquity of data in today's hyper-networked world, the need for trust has become more critical than ever. We need new paradigms that seek to integrate and build privacy, security and trustworthiness directly into technologies and systems from the outset and by default. PST2010 will include an Industry Day followed by two days of high-quality research papers whose topics include, but are NOT limited to, the following:

    • Privacy Preserving / Enhancing Technologies
    • Trust Technologies, Technologies for Building Trust in e-Business Strategy
    • Critical Infrastructure Protection
    • Observations of PST in Practice, Society, Policy and Legislation
    • Network and Wireless Security
    • Digital Rights Management
    • Operating Systems Security
    • Identity and Trust management
    • Intrusion Detection Technologies
    • PST and Cloud Computing
    • Secure Software Development and Architecture
    • Human Computer Interaction and PST
    • PST Challenges in e-Services
    • Implications of, and Technologies for, Lawful Surveillance
    • Network Enabled Operations
    • Biometrics, National ID Cards, Identity Theft
    • Advanced Training Tools - PST and Web Services / SOA
    • Information Filtering, Data Mining & Knowledge from Data
    • Privacy, Traceability, and Anonymity
    • National Security and Public Safety
    • Trust and Reputation in Self-Organizing Environments
    • Security Metrics
    • Anonymity and Privacy vs. Accountability
    • Recommendation, Reputation and Delivery Technologies - Access Control and Capability Delegation
    • Continuous Authentication
    • Representations and Formalizations of Trust in Electronic and Physical Social Systems

  • SECURECOMM 2010 6th International Conference on Security and Privacy in Communication Networks, Singapore, September 7-10, 2010. (Submissions due 5 April 2010)

    SecureComm'10 seeks high-quality research contributions in the form of well developed papers. Topics of interest encompass research advances in ALL areas of secure communications and networking. Topics in other areas (e.g., formal methods, database security, secure software, applied cryptography) will also be considered if a clear connection to private or secure communications/networking is demonstrated.

  • HealthSec 2010 1st USENIX Workshop on Health Security and Privacy, Washington, DC, USA, August 10, 2010. (Submissions due 9 April 2010)

    HealthSec '10 is intended as a forum for lively discussion of aggressively innovative and potentially disruptive ideas on all aspects of medical and health security and privacy. A fundamental goal of the workshop is to promote cross-disciplinary interactions between fields, including, but not limited to, technology, medicine, and policy. Surprising results and thought-provoking ideas will be strongly favored; complete papers with polished results in well-explored research areas are comparatively discouraged. Workshop topics are solicited in all areas relating to healthcare information security and privacy, including:

    • Security and privacy models for healthcare information systems
    • Industrial experiences in healthcare information systems
    • Deployment of open systems for secure and private use of healthcare information technology
    • Security and privacy threats against and countermeasures for existing and future medical devices
    • Regulatory and policy issues of healthcare information systems
    • Privacy of medical records
    • Usability issues in healthcare information systems
    • Threat models for healthcare information systems

  • RFIDSec 2010 6th Workshop on RFID Security, Istanbul, Turkey, June 8-10, 2010. (Submissions due 20 April 2010)

    The workshop focuses on approaches to solve security and data-protection issues in advanced contactless technologies like RFID. It stresses implementation aspects imposed by resource constraints. Topics of the conference include but are not limited to:

    • New applications for secure RFID systems
    • Data protection and privacy-enhancing techniques for RFID
    • Cryptographic protocols for RFID (Authentication protocols, Key update mechanisms, Scalability issues)
    • Integration of secure RFID systems (Middleware and security, Public-key infrastructures, Case studies)
    • Resource-efficient implementation of cryptography (Small-footprint hardware, Low-power architectures)
    • Attacks on RFID systems
    • RFID security hardware e.g. RFID with PUF, RFID Trojans, …

  • SIN 2010 3rd International Conference on Security of Information and Networks, Taganrog, Rostov-on-Don, Russia, September 7-11, 2010. (Submissions due 20 April 2010)

    Papers addressing all aspects of security in information and networks are being sought. Researchers working on the following and related subjects are especially encouraged: realization of security schemes, new algorithms, experimenting with existing approaches; secure information systems, especially distributed control and processing applications, and security in networks; interoperability, service levels and quality issues in such systems; information assurance, security, and public policy. Topics of the conference include but are not limited to:

    • Access control and intrusion detection
    • Autonomous and adaptive security
    • Cryptographic techniques and key management
    • Information assurance
    • Network security and protocols
    • Security in information systems
    • Security tools and development platforms
    • Security ontology, models, protocols & policies
    • Secure ontology-based systems
    • Standards, guidelines and certification
    • Security-aware software engineering
    • Trust and privacy

  • SA&PS4CS 2010 1st International Workshop on Scientific Analysis and Policy Support for Cyber Security, Held in conjunction with the 5th International Conference on Mathematical Methods, Models, and Architectures for Computer Networks Security (MMM-ACNS 2010), St. Petersburg, Russia, September 9, 2010. (Submissions due 13 June 2010)

    The workshop is dedicated to the methods of scientific analysis and policy support for response to cyber intrusions and attacks. The main topics of the SA&PS4CS'2010 are detection, discrimination, and attribution of various activities of malefactors and response to cyber intrusions and attacks including national level information operations as well as identifying emergent cyber technologies supporting social and political activity management and trans-national distributed computing management.

  • HST 2010 10th IEEE International Conference on Technologies for Homeland Security, Waltham, MA, USA, November 8-10, 2010. (Submissions due 25 June 2010)

    The tenth annual IEEE Conference on Technologies for Homeland Security will focus on innovative technologies for deterring and preventing attacks, protecting critical infrastructure and individuals, and mitigating damage and expediting recovery. Submissions are desired in the broad areas of critical infrastructure and key resources protection (CIKR), border protection and monitoring, and disaster recovery and response, with application within about five years.

 

• The Technical Committee on Security and Privacy

 

• Listing of academic positions available  by Cynthia Irvine
  (no new positions listed)

 

• Staying in touch....

  • Information for Subscribers and Contributors

  • Who's where: recent address changes

  • Changing your email address?  Please send updates to cipher@ieee-security.org