Cipher Electronic Newsletter of the Technical Committe on    Security & Privacy A Technical Committee of the Computer Society of the IEEE  Electronic Issue (EI) 95,  March 21, 2010 Hilarie Orman,  Editor Book Reviews Sven Dietrich, Associate Editor Yong Guan, Calendar Editor

Contents:

• Letter from the Editor 
   

• Commentary and Opinion

  • Richard Austin's review of Managing the Human Factor in Information Security: How to win over staff and influence business managers by David Lacey

  • Review of the Financial Cryptography conference (Tenerife, Canary Islands, Spain, January 25-28, 2010) by Vaibhav Garg and Debin Liu

  • Review of the Workshop on Ethics in Computer Security Research (Tenerife, Canary Islands, Spain, January 28-29, 2010) by Vaibhav Garg and Debin Liu

  • New NIST Publications

    • Security Configuration
    • Key History on PIV Cards
    • Open Vulnerability Assessment Language
    • IPv6 Deployment
    • Smart Grid Security Strategy

  • Security-Related News:  Announcements and correspondence from readers (please contribute!)

  • Book reviews from past Cipher issues

  • Conference Reports and Commentary from past Cipher issues

  • News items from past Cipher issues

 

• Listing of academic positions available  by Cynthia Irvine
  

  • Posted March 2010
    University of Versailles St-Quentin-en-Yvelines and CNRS
    PRiSM Laboratory - "Cryptology and Information Security" group
    Versailles, France
    Assistant Professor position (Chaire d'Excellence CNRS)
    Deadline for applications: 25 March 2010
    http://www.prism.uvsq.fr/~logo/MCF-0781944P-0424.htm
    English translation
  • Posted February 2010
    UMass Amherst
    Amherst, MA
    Assistant/Associate Professor, Department of Finance and Operations Management March 15, 2010 is the priority date, but applications will be accepted until a successful candidate is found
    https://cybersecurity.umass.edu/?q=node/32
  • Posted October 2009
    Naval Postgraduate School
    Monterey, California
    Faculty Positions
    Open until filled
    http://www.nps.edu/Academics/Schools/GSOIS/Departments/CS/Faculty/Openings/CSFacultyOpenings.html
  • Posted April 2009
    Technische Universität Darmstadt
    Computer Science Department
    Darmstadt, Germany
    PostDocs and PhD students
    Open until filled
    http://www.mais.informatik.tu-darmstadt.de/Positions.html
  • Posted January 2009
    Temple University
    Department of Computer and Information Science
    Philadelphia, PA
    Senior Faculty Position - Associate or Full Professor
    Open until filled
    http://www.temple.edu/cis/news/index.html#SeniorFacultyPosition
  • Posted November 2008
    Florida International University
    School of Computing and Information Sciences Miami, Florida Faculty
    Positions Review begins January 15, 2009; will continue until position filled.
    http://www.cis.fiu.edu/news/recruit08-09.php
  • Posted February 2008
    Imperial College London
    Department of Computing
    London, United Kingdom
    http://www3.imperial.ac.uk/computing/situations-vacant
 
• Additional tenure track academic position Stony Brook
 
• Conference and Workshop Announcements

  • Cipher calls-for-papers and calendar
      Calendar (the calls-for-papers and the calendar announcements may differ slightly in content or time of update): 
    Did you know that you can follow "ciphernews" on Twitter and get the calendar informaton?

  • 3/19/10: HOST, IEEE International Symposium on Hardware-Oriented Security and Trust, Anaheim, California, USA; Submissions are due
  • 3/22/10- 3/24/10: WiSec, 3rd ACM Conference on Wireless Network Security, Stevens Institute of Technology, Hoboken, NJ, USA
  • 3/22/10- 3/26/10: SAC-CF, 25th ACM Symposium on Applied Computing, Computer Forensics Track, Sierre, Switzerland
  • 3/22/10- 3/26/10: SAC-TRECK, 25th ACM Symposium on Applied Computing, Trust, Reputation, Evidence and other Collaboration Know-how Track, Sierre, Switzerland
  • 3/22/10- 3/26/10: SAC-ISRA, 25th ACM Symposium on Applied Computing, Information Security Research and Applications Track, Sierre, Switzerland
  • 3/22/10- 3/26/10: SAC-SEC, 25th ACM Symposium on Applied Computing, Computer Security Track, Sierre, Switzerland
  • 3/26/10: TrustBus, 7th International Conference on Trust, Privacy & Security in Digital Business, Bilbao, Spain; Submissions are due
  • 3/27/10: ADBIS, 14th East-European Conference on Advances in Databases and Information Systems, Track on Personal Identifiable Information: Privacy, Ethics, and Security, Novi Sad; Submissions are due
  • 3/28/10: FTDC, 7th Workshop on Fault Diagnosis and Tolerance in Cryptography, Held in conjunction with the CHES 2010, Santa Barbara, CA, USA; Submissions are due
  • 3/29/10- 4/ 2/10: SESOC, International Workshop on SECurity and SOCial Networking, Mannheim, Germany
  • 3/30/10: Journal of Communications, Special Issue on Recent Advances on Controlling Unwanted Internet Traffic; Submissions are due
  • 4/ 1/10: ESORICS, 15th European Symposium on Research in Computer Security, Athens, Greece; Submissions are due
  • 4/ 1/10: IDMAN, 2nd IFIP WG 11.6 Working Conference on Policies & Research in Identity Management, Oslo, Norway; Submissions are due
  • 4/ 1/10: LIS, Workshop on Logics in Security, Copenhagen, Denmark; Submissions are due
  • 4/ 2/10- 4/ 4/10: AH, 1st ACM Augmented Human International Conference, Megève ski resort, France
  • 4/ 3/10: PST, 8th International Conference on Privacy, Security and Trust, Ottawa, Canada; Submissions are due
  • 4/ 4/10: RAID, 13th International Symposium on Recent Advances in Intrusion Detection, Ottawa, Canada; Submissions are due
  • 4/ 5/10: SECURECOMM, 6th International Conference on Security and Privacy in Communication Networks, Singapore; Submissions are due
  • 4/ 7/10: SCN, 7th Conference on Security and Cryptography for Networks, Amalfi, Italy; Submissions are due
  • 4/ 9/10: HealthSec, 1st USENIX Workshop on Health Security and Privacy, Washington, DC, USA; Submissions are due
  • 4/10/10: FCC, 6th Workshop on Formal and Computational Cryptography, Edinburgh, UK; Submissions are due
  • 4/10/10: Springer Transactions on Computational Science, Special Issue on Security in Computing; Submissions are due
  • 4/13/10: EuroSec, European Workshop on System Security, Held in conjunction with the Annual ACM SIGOPS EuroSys conference, Paris, France
  • 4/13/10- 4/14/10: WISTP, 4th Workshop on Information Security Theory and Practice, Passau, Germany;
  • 4/13/10- 4/15/10: IDtrust, 9th Symposium on Identity and Trust on the Internet, Gaithersburg, Maryland, USA
  • 4/13/10- 4/16/10: ASIACCS, 5th ACM Symposium on Information, Computer and Communications Security, Beijing, China
  • 4/17/10: ACM-CCS, 17th ACM Conference on Computer and Communications Security, Chicago, IL, USA; Submissions are due
  • 4/20/10: RFIDSec, 6th Workshop on RFID Security, Istanbul, Turkey; Submissions are due
  • 4/20/10: SIN, 3rd International Conference on Security of Information and Networks, Taganrog, Rostov-on-Don, Russia; Submissions are due
  • 4/21/10- 4/23/10: CSIIRW, Cyber Security and Information Intelligence Research Workshop, Oak Ridge National Laboratory, Oak Ridge, Tennessee, USA
  • 4/27/10: LEET, 3rd USENIX Workshop on Large-Scale Exploits and Emergent Threats: Botnets, Spyware, Worms, and More, Held in conjunction with the 7th USENIX Symposium on Networked Systems Design and Implementation (NSDI 2010), San Jose, CA, USA
  • 4/30/10: VizSec, 7th International Symposium on Visualization for Cyber Security, Ottawa, Ontario, Canada; Submissions are due
  • 4/30/10: MIST, 2nd International Workshop on Managing Insider Security Threats, Held in conjunction with IFIPTM 2010, Morioka, Iwate, Japan; Submissions are due
  • 5/ 1/10: SCC, 2nd International Workshop on Security in Cloud Computing, Held in Conjunction with ICPP 2010, San Diego, California, USA; Submissions are due
  • 5/ 3/10: HotSec, 5th USENIX Workshop on Hot Topics in Security, Washington DC, USA; Submissions are due
  • 5/15/10: ICTCI, 4th International Conference on Trusted Cloud Infrastructure, Shanghai, China; Submissions are due
  • 5/16/10- 5/19/10: SP, 31st IEEE Symposium on Security and Privacy, The Claremont Resort, Oakland, CA, USA
  • 5/20/10: SADFE, 5th International Workshop on Systematic Approaches to Digital Forensic Engineering, Held in conjunction with the IEEE Symposium on Security and Privacy (SP 2010), Oakland, CA, USA
  • 5/21/10: MetriSec, 6th International Workshop on Security Measurements and Metrics, Held in conjunction with the International Symposium on Empirical Software Engineering and Measurement (ESEM 2010), Bolzano-Bozen, Italy; Submissions are due
  • 5/26/10- 5/28/10: MOBISEC, 2nd International ICST Conference on Security and Privacy in Mobile Information and Communication Systems, Catania, Sicily
  • 5/30/10: SIDEUS, 1st International Workshop on Securing Information in Distributed Environments and Ubiquitous Systems, Fukuoka, Japan; Submissions are due
  • 5/30/10: eCRS, eCrime Researchers Summit, Dallas, Texas, USA; Submissions are due
  • 6/ 4/10: NPSec, 6th Workshop on Secure Network Protocols, Held in conjunction with ICNP 2010, Kyoto, Japan; Submissions are due
  • 6/ 7/10- 6/ 8/10: WEIS, 9th Workshop on the Economics of Information Security, Harvard University, Cambridge, MA, USA
  • 6/ 8/10- 6/10/10: RFIDSec, 6th Workshop on RFID Security, Istanbul, Turkey
  • 6/ 9/10- 6/11/10: SACMAT, 15th ACM Symposium on Access Control Models and Technologies, Pittsburgh, PA, USA
  • 6/13/10: SA&PS4CS, 1st International Workshop on Scientific Analysis and Policy Support for Cyber Security, Held in conjunction with the 5th International Conference on Mathematical Methods, Models, and Architectures for Computer Networks Security (MMM-ACNS 2010), St. Petersburg, Russia; Submissions are due
  • 6/13/10- 6/14/10: HOST, IEEE International Symposium on Hardware-Oriented Security and Trust, Anaheim, California, USA
  • 6/14/10: ACSAC, 26th Annual Computer Security Applications Conference, Austin, Texas, USA; Submissions are due
  • 6/14/10: D-SPAN, 1st International Workshop on Data Security and PrivAcy in wireless Networks, Held in conjunction with WoWMoM 2010, Montreal, QC, Canada
  • 6/14/10- 6/15/10: MIST, 2nd International Workshop on Managing Insider Security Threats, Held in conjunction with IFIPTM 2010, Morioka, Iwate, Japan
  • 6/15/10: ISC, 13th Information Security Conference, Boca Raton, Florida, USA; Submissions are due
  • 6/16/10- 6/18/10: IFIP-TM, 4th IFIP International Conference on Trust Management, Morioka, Japan
  • 6/21/10- 6/23/10: Trust, 3rd International Conference on Trust and Trustworthy Computing, Berlin, Germany
  • 6/21/10- 6/23/10: DBSec, 24th Annual IFIP WG 11.3 Working Conference on Data and Applications Security, Rome, Italy
  • 6/21/10- 6/24/10: OWASP-AppSec-Research, OWASP AppSec Research 2010, Stockholm, Sweden
  • 6/22/10- 6/25/10: ACNS, 8th International Conference on Applied Cryptography and Network Security, Beijing, China
  • 6/25/10: HST, 10th IEEE International Conference on Technologies for Homeland Security, Waltham, MA, USA; Submissions are due
  • 6/25/10: ICDCS-SPCC, 1st International Workshop on Security and Privacy in Cloud Computing, Held in conjunction with the IEEE International Conference on Distributed Computing Systems (ICDCS 2010), Genoa, Italy
  • 6/28/10- 6/20/10: IH, 12th Information Hiding Conference, Calgary, Alberta, Canada
  • 6/28/10- 7/ 2/10: SHPCS, 5th Workshop on Security and High Performance Computing Systems, Held in conjunction with the 6th International Wireless Communications and Mobile Computing Conference (IWCMC 2010), Caen, Normandy, France
  • 6/29/10- 7/ 1/10: TSP, 3rd IEEE International Symposium on Trust, Security and Privacy for Emerging Applications, Bradford, UK
  • 6/30/10: International Journal of Information Technologies and Systems Approach, Special Issue on Privacy and Security Issues in IT; Submissions are due
  • 7/ 8/10- 7/ 9/10: DIMVA, 7th Conference on Detection of Intrusions and Malware & Vulnerability Assessment, Bonn, Germany
  • 7/14/10- 7/16/10: SOUPS, Symposium On Usable Privacy and Security, Redmond, WA, USA
  • 7/20/10: FCC, 6th Workshop on Formal and Computational Cryptography, Edinburgh, UK
  • 7/21/10- 7/23/10: POLICY, IEEE International Symposium on Policies for Distributed Systems and Networks, Fairfax, Virginia, USA
  • 7/26/10- 7/28/10: SECRYPT, 5th International Conference on Security and Cryptography, Athens, Greece
  • 8/ 9/10- 8/13/10: LIS, Workshop on Logics in Security, Copenhagen, Denmark
  • 8/10/10: HealthSec, 1st USENIX Workshop on Health Security and Privacy, Washington, DC, USA
  • 8/10/10: HotSec, 5th USENIX Workshop on Hot Topics in Security, Washington DC, USA
  • 8/11/10- 8/13/10: USENIX-Security, 19th USENIX Security Symposium, Washington, DC, USA
  • 8/17/10- 8/19/10: PST, 8th International Conference on Privacy, Security and Trust, Ottawa, Canada
  • 8/21/10: FTDC, 7th Workshop on Fault Diagnosis and Tolerance in Cryptography, Held in conjunction with the CHES 2010, Santa Barbara, CA, USA
  • 8/30/10- 9/ 3/10: TrustBus, 7th International Conference on Trust, Privacy & Security in Digital Business, Bilbao, Spain
  • 9/ 6/10- 9/ 9/10: MMM-ACNS, 5th International Conference on Mathematical Methods, Models, and Architectures for Computer Networks Security, St. Petersburg, Russia
  • 9/ 7/10- 9/10/10: SECURECOMM, 6th International Conference on Security and Privacy in Communication Networks, Singapore
  • 9/ 7/10- 9/11/10: SIN, 3rd International Conference on Security of Information and Networks, Taganrog, Rostov-on-Don, Russia;
  • 9/ 9/10: SA&PS4CS, 1st International Workshop on Scientific Analysis and Policy Support for Cyber Security, Held in conjunction with the 5th International Conference on Mathematical Methods, Models, and Architectures for Computer Networks Security (MMM-ACNS 2010), St. Petersburg, Russia
  • 9/13/10- 9/15/10: SCN, 7th Conference on Security and Cryptography for Networks, Amalfi, Italy
  • 9/13/10- 9/16/10: SCC, 2nd International Workshop on Security in Cloud Computing, Held in Conjunction with ICPP 2010, San Diego, California, USA
  • 9/14/10: VizSec, 7th International Symposium on Visualization for Cyber Security, Ottawa, Ontario, Canada
  • 9/15/10: MetriSec, 6th International Workshop on Security Measurements and Metrics, Held in conjunction with the International Symposium on Empirical Software Engineering and Measurement (ESEM 2010), Bolzano-Bozen, Italy
  • 9/15/10- 9/17/10: RAID, 13th International Symposium on Recent Advances in Intrusion Detection, Ottawa, Canada
  • 9/20/10- 9/22/10: ESORICS, 15th European Symposium on Research in Computer Security, Athens, Greece
  • 9/20/10- 9/23/10: IFIP-TC9-HCC9, IFIP TC-9 HCC-9 Stream on Privacy and Surveillance, Held in conjunction with the IFIP World Computer Congress 2010, Brisbane, Australia
  • 9/20/10- 9/24/10: ADBIS, 14th East-European Conference on Advances in Databases and Information Systems, Track on Personal Identifiable Information: Privacy, Ethics, and Security, Novi Sad
  • 10/ 4/10-10/ 8/10: ACM-CCS, 17th ACM Conference on Computer and Communications Security, Chicago, IL, USA
  • 10/ 5/10: NPSec, 6th Workshop on Secure Network Protocols, Held in conjunction with ICNP 2010, Kyoto, Japan
  • 10/18/10-10/20/10: ICTCI, 4th International Conference on Trusted Cloud Infrastructure, Shanghai, China
  • 10/18/10-10/20/10: eCRS, eCrime Researchers Summit, Dallas, Texas, USA
  • 10/25/10-10/28/10: ISC, 13th Information Security Conference, Boca Raton, Florida, USA
  • 11/ 4/10-11/ 6/10: SIDEUS, 1st International Workshop on Securing Information in Distributed Environments and Ubiquitous Systems, Fukuoka, Japan
  • 11/ 8/10-11/10/10: HST, 10th IEEE International Conference on Technologies for Homeland Security, Waltham, MA, USA
  • 11/19/10-11/19/10: IDMAN, 2nd IFIP WG 11.6 Working Conference on Policies & Research in Identity Management, Oslo, Norway
  • 12/ 6/10-12/10/10: ACSAC, 26th Annual Computer Security Applications Conference, Austin, Texas, USA
  
  
  
  • new calls or announcements added since Cipher E94

  • HOST 2010 IEEE International Symposium on Hardware-Oriented Security and Trust, Anaheim, California, USA, June 13-14, 2010. (Submissions due 19 March 2010)

    HOST covers security and trust issues in all types of electronic devices and systems such as ASICs, COTS, FPGAs, microprocessors/DSPs, and embedded systems. The mission of HOST is to provide a forum for the presentation and discussion of research that is of critical significance to the security of, and trust in, modern society's microelectronic-supported infrastructures. Papers and presentations that address any of the following "hot topics" are of high interest to the symposium. Papers addressing HOST issues outside of these areas will be considered equally relevant in the review process:

    • Trojan Detection and Isolation
    • Authenticating Foundry of Origin
    • Side Channel Analysis/Attacks
    • Watermarking
    • FPGA Design Security
    • Hardware focused Cryptography
    • IC Metering
    • Physical Unclonable Functions
    • Embedded and Distributed Systems Security
    • Hardware Intrusion Detection and Prevention
    • Security Engineering
    • Scan chain Encryption

  • TrustBus 2010 7th International Conference on Trust, Privacy & Security in Digital Business, Bilbao, Spain, August 30 - September 3, 2010. (Submissions due 26 March 2010)

    The advances in the Information and Communication Technologies (ICT) have raised new opportunities for the implementation of novel applications and the provision of high quality services over global networks. The aim is to utilize this 'information society era' for improving the quality of life for all citizens, disseminating knowledge, strengthening social cohesion, generating earnings and finally ensuring that organizations and public bodies remain competitive in the global electronic marketplace. Unfortunately, such a rapid technological evolution cannot be problem free. Concerns are raised regarding the 'lack of trust' in electronic procedures and the extent to which 'information security' and 'user privacy' can be ensured. The conference will provide an international forum for researchers and practitioners to exchange information regarding advancements in the state of the art and practice of trust and privacy in digital business. We are interested in papers, work-in-progress reports, and industrial experiences describing advances in all areas of digital business applications related to trust and privacy, including, but not limited to:

    • Anonymity and pseudonymity in business transactions
    • Business architectures and underlying infrastructures
    • Common practice, legal and regulatory issues
    • Cryptographic protocols
    • Delivery technologies and scheduling protocols
    • Design of businesses models with security requirements
    • Economics of Information Systems Security
    • Electronic cash, wallets and pay-per-view systems
    • Enterprise management and consumer protection
    • Identity and Trust Management
    • Intellectual property and digital rights management
    • Intrusion detection and information filtering
    • Languages for description of services and contracts
    • Management of privacy & confidentiality
    • Models for access control and authentication
    • Multimedia web services
    • New cryptographic building-blocks for e-business applications
    • Online transaction processing
    • PKI & PMI
    • Public administration, governmental services
    • P2P transactions and scenarios
    • Real-time Internet E-Services
    • Reliability and security of content and data
    • Reliable auction, e-procurement and negotiation technology
    • Reputation in services provision
    • Secure process integration and management
    • Security and Privacy models for Pervasive Information Systems
    • Security Policies
    • Shopping, trading, and contract management tools
    • Smartcard technology
    • Transactional Models
    • Trust and privacy issues in social networks environments
    • Usability of security technologies and services

  • ADBIS 2010 14th East-European Conference on Advances in Databases and Information Systems, Track on Personal Identifiable Information: Privacy, Ethics, and Security, Novi Sad, September 20 - 24, 2010. (Submissions due 27 March 2010)

    Breaches of personally identifiable information (PII) have increased dramatically over the past few years and have resulted in the loss of millions of records. Breaches of PII are hazardous to both individuals and organizations. Individual harms may include identity theft, embarrassment, or blackmail. Organizational harms may include a loss of public trust, legal liability, or high costs to handle the breach (USA National Institute of Standards and Technology, 2009). According to U.S. Department of Health & Human Services, PII is "information in an IT system or online collection: (1) that directly identifies an individual…, or (2) by which an agency intends to identify specific individuals in conjunction with other data elements, i.e., indirect identification. EU directive 95/46/EC calls it "personal data."

  • FTDC 2010 7th Workshop on Fault Diagnosis and Tolerance in Cryptography, Held in conjunction with the CHES 2010, Santa Barbara, CA, USA, August 21, 2010. (Submissions due 28 March 2010)

    In recent years applied cryptography has developed considerably, to satisfy the increasing security requirements of various information technology disciplines, e.g., telecommunications, networking, data base systems and mobile applications. Cryptosystems are inherently computationally complex and in order to satisfy the high throughput requirements of many applications, they are often implemented by means of either VLSI devices (crypto-accelerators) or highly optimised software routines (crypto-libraries) and are used via suitable (network) protocols. The high complexity of such implementations raises concerns regarding their reliability. Research is therefore needed to develop methodologies and techniques for designing robust cryptographic systems (both hardware and software), and to protect them against both accidental faults and intentional intrusions and attacks, in particular those based on the malicious injection of faults into the device for the purpose of extracting the secret key. Contributions to the workshop describing theoretical studies and practical case studies of fault diagnosis and tolerance in cryptographic systems (HW and SW) and protocols are solicited. Topics of interest include, but are not limited to:

    • modeling the reliability of cryptographic systems and protocols
    • inherently reliable cryptographic systems and algorithms
    • faults and fault models for cryptographic devices (HW and SW)
    • reliability-based attack procedures on cryptographic systems (fault-injection attacks) and protocols
    • adapting classical fault diagnosis and tolerance techniques to cryptographic systems
    • novel fault diagnosis and tolerance techniques for cryptographic systems
    • attacks exploiting micro-architecture components (cache, branch predictor, etc.)
    • physical protection against attacks
    • fault injection based attacks using FIB laser and chemistry
    • case studies of attacks, reliability and fault diagnosis and tolerance techniques in cryptographic systems

  • Journal of Communications, Special Issue on Recent Advances on Controlling Unwanted Internet Traffic, November 2010. (Submission Due 30 March 2010)

    Guest editor: Zhenhai Duan (Florida State University, USA), Yingfei Dong (University of Hawaii, USA), and David H.-C. Du (University of Minnesota, USA)
    
    One of the key challenges facing today's Internet is the proliferation of unwanted Internet traffic such as spam, phishing scam, worm, virus, and Distributed Denial of Services (DDoS) attacks. They raise serious concerns over the suitability of the Internet for supporting critical infrastructures including communication, finance, energy distribution, and transportation in its current form. Building trustworthy networks to effectively control unwanted Internet traffic is a grand challenge faced by the networking community and has a profound impact on the future development of the Internet. In this special issue, we solicit original work on identifying new research and development challenges and developing new architectures, protocols, and techniques to control unwanted Internet traffic. Specific topics include, but are not limited to, the followings:

    • Accountable Internet architecture and protocol
    • IP spoofing control and IP traceback
    • Application-layer traffic traceback, e.g. VoIP traceback
    • Worm and virus propagation modeling and control
    • Botnet detection and control
    • Spam control
    • Phishing scam analysis and control
    • Novel applications of virtual machine technique in unwanted traffic control

  • ESORICS 2010 15th European Symposium on Research in Computer Security, Athens, Greece, September 20-22, 2010. (Submissions due 1 April 2010)

    ESORICS is the annual European research event in Computer Security. The Symposium started in 1990 and has been held in several European countries, attracting a wide international audience from both the academic and industrial communities. Papers offering novel research contributions in computer security are solicited for submission to the Symposium. The primary focus is on original, high quality, unpublished research and implementation experiences. We encourage submissions of papers discussing industrial research and development. Papers should focus on topics such as:

    • Access Control
    • Accountability
    • Anonymity
    • Applied Cryptography
    • Attacks and Viral Software
    • Authentication and Delegation
    • Data Integrity
    • Database Security
    • Inference Control
    • Identity Management
    • Information Flow Control
    • Intrusion Tolerance
    • Formal Security Methods
    • Language-based Security
    • Network Security
    • Privacy Enhancing Technologies
    • Risk Analysis and Management
    • Secure Electronic Voting
    • Security Architectures
    • Security Economics
    • Security for Mobile Code
    • Security for Dynamic Coalitions
    • Security in Location Services
    • Security in Social Networks
    • Security Models
    • Security Verification
    • System Security
    • Trust Models and Management
    • Trust Theories
    • Trustworthy User Devices

  • IDMAN 2010 2nd IFIP WG 11.6 Working Conference on Policies & Research in Identity Management, Oslo, Norway, November 18-19, 2010. (Submissions due 1 April 2010)

    Papers offering research contributions focusing on identity management in general and surveillance and monitoring in particular are solicited for submission to the 2nd IFIP WG-11.6 International Conference on Identity Management. Papers may present theory, applications or practical experiences in the field of national identity management, from both a technical and a social perspective, including, but not necessarily limited to:

    • History
    • Law
    • Philosophical and ethical aspects
    • Economics Impact of surveillance and monitoring in both the physical world and in cyberspace
    • Impact on society and politics
    • Impact on e-government and e-government applications
    • Consecutive developments in social tracking, -tracing and -sorting
    • Quality of identity management in general
    • Quality identity data, processes and applications
    • Security and identity management
    • User centered, usable and inclusive identity management
    • Attacks on identity management infrastructure and procedures Central storage of general and biometric identity data
    • Effectiveness of surveillance and monitoring in fighting terrorism, international crime and human trafficking
    • Methods of identification and authentication
    • Models of identification procedures
    • Models of inclusive identification and authentication procedures
    • Government PKI
    • (Possible) role of pseudonymous and anonymous identity in identity management
    • Electronic Ids European and worldwide policies and cooperation in the field of identity management and surveillance and monitoring
    • (Inter)national policies on unique identifiers /social security numbers / personalisation IDs
    • (Inter)national applications of biometrics
    • Vulnerabilities of electronic identification protocols
    • Federative identity management and de-perimetrization
    • Fraud, fraud detection, fraud resistence of technologies
    • Biometric verification, assurance, metrics and measurements
    • Fraud resistance of biometrics
    • Junction between (large scale) applications of identity management and surveillance and monitoring
    • Data Protection
    • Privacy and Privacy Enhancing Technologies (PETs) in identity management
    • Privacy Intrusion Technologies (PITs) in identity management
    • Privacy side-effects and privacy risks assessment of identity management Intelligence and (inter)national threats
    • Impersonation, identity fraud, identity forge and identity theft
    • Tracing, monitoring and forensics

  • LIS 2010 Workshop on Logics in Security, Copenhagen, Denmark, August 9-13, 2010. (Submissions due 1 April 2010)

    In the past two decades, a number of logics and formal frameworks have been proposed to model and analyse interconnected systems from the security point of view. Recently, the increasing need to cope with distributed and complex scenarios forced researchers in formal security to employ non-classical logics to reason about these systems. The aim of this workshop is to bring together logicians and formal security researchers to foster the cross-fertilization between these two areas. Logicians have a lot to benefit from specifying and reasoning about real-world scenarios as well as researchers in security can apply recent advances in non-classical logics to improve their formalisms. We are interested in logical and formal foundations of security to the following topics:

    • Language-based security
    • Judgmental Analysis
    • Automated Theorem Proving
    • Term-Rewriting Systems
    • Logical Programming
    • Modal Logic
    • Dynamic Logic
    • Belief Revision
    Applies to
    • Access Control
    • Privacy
    • Protocol Verification
    • Security Architectures
    • Trust and Reputation Management
    • Static Analysis of Programs
    • Risk Management
    • Policy Compliance
    • Security in Multi-Agent System
    • Formal Cryptography

  • PST 2010 8th International Conference on Privacy, Security and Trust, Ottawa, Canada, August 17-19, 2010. (Submissions due 3 April 2010)

    PST2010 provides a forum for researchers world-wide to unveil their latest work in privacy, security and trust and to show how this research can be used to enable innovation. This year's theme is "Privacy, Security and Trust by Design: PbD - The Gold Standard." With the growth and ubiquity of data in today's hyper-networked world, the need for trust has become more critical than ever. We need new paradigms that seek to integrate and build privacy, security and trustworthiness directly into technologies and systems from the outset and by default. PST2010 will include an Industry Day followed by two days of high-quality research papers whose topics include, but are NOT limited to, the following:

    • Privacy Preserving / Enhancing Technologies
    • Trust Technologies, Technologies for Building Trust in e-Business Strategy
    • Critical Infrastructure Protection
    • Observations of PST in Practice, Society, Policy and Legislation
    • Network and Wireless Security
    • Digital Rights Management
    • Operating Systems Security
    • Identity and Trust management
    • Intrusion Detection Technologies
    • PST and Cloud Computing
    • Secure Software Development and Architecture
    • Human Computer Interaction and PST
    • PST Challenges in e-Services
    • Implications of, and Technologies for, Lawful Surveillance
    • Network Enabled Operations
    • Biometrics, National ID Cards, Identity Theft
    • Advanced Training Tools - PST and Web Services / SOA
    • Information Filtering, Data Mining & Knowledge from Data
    • Privacy, Traceability, and Anonymity
    • National Security and Public Safety
    • Trust and Reputation in Self-Organizing Environments
    • Security Metrics
    • Anonymity and Privacy vs. Accountability
    • Recommendation, Reputation and Delivery Technologies - Access Control and Capability Delegation
    • Continuous Authentication
    • Representations and Formalizations of Trust in Electronic and Physical Social Systems

  • RAID 2010 13th International Symposium on Recent Advances in Intrusion Detection, Ottawa, Canada, September 15-17, 2010. (Submissions due 4 April 2010)

    This symposium, the 13th in an annual series, brings together leading researchers and practitioners from academia, government, and industry to discuss issues and technologies related to intrusion detection and defense. The Recent Advances in Intrusion Detection (RAID) International Symposium series furthers advances in intrusion defense by promoting the exchange of ideas in a broad range of topics. As in previous years, all topics related to intrusion detection, prevention and defense systems and technologies are within scope, including but not limited to the following:

    • Network and host intrusion detection and prevention
    • Anomaly and specification-based approaches
    • IDS cooperation and event correlation
    • Malware prevention, detection, analysis and containment
    • Web application security
    • Insider attack detection
    • Intrusion response, tolerance, and self protection
    • Operational experience and limitations of current approaches
    • Intrusion detection assessment and benchmarking
    • Attacks against IDS including DoS, evasion, and IDS discovery
    • Formal models, analysis, and standards
    • Deception systems and honeypots
    • Vulnerability analysis, risk assessment, and forensics
    • Adversarial machine learning for security
    • Visualization techniques
    • Special environments, including mobile and sensor networks
    • High-performance intrusion detection
    • Legal, social, and privacy issues
    • Network exfiltration detection
    • Botnet analysis, detection, and mitigation

  • SECURECOMM 2010 6th International Conference on Security and Privacy in Communication Networks, Singapore, September 7-10, 2010. (Submissions due 5 April 2010)

    SecureComm'10 seeks high-quality research contributions in the form of well developed papers. Topics of interest encompass research advances in ALL areas of secure communications and networking. Topics in other areas (e.g., formal methods, database security, secure software, applied cryptography) will also be considered if a clear connection to private or secure communications/networking is demonstrated.

  • SCN 2010 7th Conference on Security and Cryptography for Networks, Amalfi, Italy, September 13-15, 2010. (Submissions due 7 April 2010)

    Security and privacy are increasing concerns in computer networks such as the Internet. The availability of fast, reliable, and cheap electronic communication offers the opportunity to perform electronically and in a distributed way a wide range of transactions of a most diverse nature. The Seventh Conference on Security and Cryptography for Networks (SCN 2010) aims at bringing together researchers in the field of cryptography and security in communication networks to foster cooperation and exchange of ideas. Original papers on all technical aspects of cryptography and security are solicited for submission to SCN 2010. Topics of interest are (but not limited to):

    • Anonymity
    • Implementations
    • Authentication
    • Symmetric-Key Cryptography
    • Complexity-based Cryptography
    • Privacy
    • Cryptanalysis
    • Cryptographic Protocols
    • Digital Signatures
    • Public-Key Cryptography
    • Hash Functions
    • Survey and State of the Art
    • Identification
    • Formal Methods in Security
    • Information-Theoretic Security

  • HealthSec 2010 1st USENIX Workshop on Health Security and Privacy, Washington, DC, USA, August 10, 2010. (Submissions due 9 April 2010)

    HealthSec '10 is intended as a forum for lively discussion of aggressively innovative and potentially disruptive ideas on all aspects of medical and health security and privacy. A fundamental goal of the workshop is to promote cross-disciplinary interactions between fields, including, but not limited to, technology, medicine, and policy. Surprising results and thought-provoking ideas will be strongly favored; complete papers with polished results in well-explored research areas are comparatively discouraged. Workshop topics are solicited in all areas relating to healthcare information security and privacy, including:

    • Security and privacy models for healthcare information systems
    • Industrial experiences in healthcare information systems
    • Deployment of open systems for secure and private use of healthcare information technology
    • Security and privacy threats against and countermeasures for existing and future medical devices
    • Regulatory and policy issues of healthcare information systems
    • Privacy of medical records
    • Usability issues in healthcare information systems
    • Threat models for healthcare information systems

  • FCC 2010 6th Workshop on Formal and Computational Cryptography, Edinburgh, UK, July 20, 2010. (Abstract Submissions due 10 April 2010)

    Since the 1980s, two approaches have been developed for analyzing security protocols. One of the approaches is based on a computational model that considers issues of complexity and probability. Messages are modelled as bitstrings and security properties are defined in a strong form, in essence guaranteeing security with high probability against all polynomial time attacks. However, it is difficult to prove security of large, complex protocols in this model. The other approach relies on a symbolic model of protocol execution in which messages are modelled using a term algebra and cryptographic primitives are treated as perfect black-boxes, e.g. the only way to decrypt a ciphertext is to use the corresponding decryption key. This abstraction enables simpler and often automated analyses of complex protocols. Since this model places strong constraints on the attacker, a fundamental question is whether such an analysis implies the strong security properties defined in the computational model. This workshop focuses on approaches that combine and relate symbolic and computational protocol analysis. Over the last few years, there has been a spate of research results in this area. One set of results establish correspondence theorems between the two models, in effect showing that for a certain class of protocols and properties, security in the symbolic model implies security in the computational model. In other work, researchers use language-based techniques such as process calculi, types, and logics to reason directly about the computational model. Several projects also investigate ways of mechanizing computationally sound proofs of protocols. The workshop seeks results in this area of computationally sound protocol analysis: foundations and tools.

  • Springer Transactions on Computational Science, Special Issue on Security in Computing, November/December 2010. (Submission Due 10 April 2010)

    Guest editor: Edward David Moreno (UFS Federal University of Sergipe, Brazil)
    
    This special issue on Security in Computing in the Springer Journal of TCS focuses on novel hardware implementation, new architectures, software solutions, novel applications, cryptographic algorithms and security protocols will become increasingly critical to good system performance, low-power and security. Original papers are solicited for this special issue. Particular emphases will be put on recent innovations about security in the mobile and embedded computing domains. Suggested topics include, but are not limited to:

    • Secure Architectures and Design
    • Security Evaluation and Testing
    • Cryptographic Algorithms and Techniques
    • Security policies, protocols and standards
    • Public- and symmetric-key cryptography in constrained environments such as RFID and smart cards
    • Security in Distributed and pervasive Systems, Grid Computing, P2P systems, Web services, Digital TV, Mobile Devices, Embedded Systems and Wireless Networks
    • Applications of Biometry and Biometric Systems in Security
    • Authentication and Authorization Models and Techniques
    • Application case studies of ICs for secure embedded computing
    • Formal verification of security properties and security protocols
    • Systems and Software Certification Methodologies
    • Relationships among software correctness, reliability, usability, safety, and security

  • ACM-CCS 2010 17th ACM Conference on Computer and Communications Security, Chicago, IL, USA, October 4-8, 2010. (Submissions due 17 April 2010)

    The annual ACM Computer and Communications Security Conference is a leading international forum for information security researchers, practitioners, developers, and users to explore cutting-edge ideas and results, and to exchange techniques, tools, and experiences. The conference seeks submissions from academia, government, and industry presenting novel research on all practical and theoretical aspects of computer and communications security, as well as case studies and implementation experiences. Papers should have relevance to the construction, evaluation, application, or operation of secure systems. Theoretical papers must make a convincing argument for the practical significance of the results. All topic areas related to computer and communications security are of interest and in scope. Accepted papers will be published by ACM Press in the conference proceedings. Outstanding papers will be invited for possible publication in a special issue of the ACM Transactions on Information and System Security.

  • RFIDSec 2010 6th Workshop on RFID Security, Istanbul, Turkey, June 8-10, 2010. (Submissions due 20 April 2010)

    The workshop focuses on approaches to solve security and data-protection issues in advanced contactless technologies like RFID. It stresses implementation aspects imposed by resource constraints. Topics of the conference include but are not limited to:

    • New applications for secure RFID systems
    • Data protection and privacy-enhancing techniques for RFID
    • Cryptographic protocols for RFID (Authentication protocols, Key update mechanisms, Scalability issues)
    • Integration of secure RFID systems (Middleware and security, Public-key infrastructures, Case studies)
    • Resource-efficient implementation of cryptography (Small-footprint hardware, Low-power architectures)
    • Attacks on RFID systems
    • RFID security hardware e.g. RFID with PUF, RFID Trojans, …

  • SIN 2010 3rd International Conference on Security of Information and Networks, Taganrog, Rostov-on-Don, Russia, September 7-11, 2010. (Submissions due 20 April 2010)

    Papers addressing all aspects of security in information and networks are being sought. Researchers working on the following and related subjects are especially encouraged: realization of security schemes, new algorithms, experimenting with existing approaches; secure information systems, especially distributed control and processing applications, and security in networks; interoperability, service levels and quality issues in such systems; information assurance, security, and public policy. Topics of the conference include but are not limited to:

    • Access control and intrusion detection
    • Autonomous and adaptive security
    • Cryptographic techniques and key management
    • Information assurance
    • Network security and protocols
    • Security in information systems
    • Security tools and development platforms
    • Security ontology, models, protocols & policies
    • Secure ontology-based systems
    • Standards, guidelines and certification
    • Security-aware software engineering
    • Trust and privacy

  • VizSec 2010 7th International Symposium on Visualization for Cyber Security, Ottawa, Ontario, Canada, September 14, 2010. (Submissions due 30 April 2010)

    This symposium brings together researchers and practitioners in information visualization and security to address the specific needs of the cyber security community through new and insightful visualization techniques. VizSec will be held in conjunction with the 13th International Symposium on Recent Advances in Intrusion Detection (RAID) September 15 - 17, 2010. VizSec will continue to provide opportunities for the two communities to collaborate and share insights into providing solutions for security needs through visualization approaches.

  • MIST 2010 2nd International Workshop on Managing Insider Security Threats, Held in conjunction with IFIPTM 2010, Morioka, Iwate, Japan, June 14-15, 2010. (Submissions due 30 April 2010)

    During the past decades, information security developments have been mainly concerned with preventing illegal attacks by outsiders, such as hacking, virus propagation, and spyware. However, according to a recent Gartner Research Report, information leakage caused by insiders who are legally authorized to have access to some corporate information is increasing dramatically. These leakages can cause significant damages such as weakening the competitiveness of companies (and even countries). Information leakage caused by insiders occurs less frequently than information leakage caused by outsiders, but the financial damage is much greater. Countermeasures in terms of physical, managerial, and technical aspects are necessary to construct an integral security management system to protect companies' major information assets from unauthorized internal attackers. The objective of this workshop is to showcase the most recent challenges and advances in security technologies and management systems to prevent leakage of organizations' information caused by insiders. It may also include state-of-the-art surveys and case analyses of practical significance. We expect that the workshop will be a trigger for further research and technology improvements related to this important subject. Topics (include but are not limited to):

    • Theoretical foundations and algorithms for addressing insider threats
    • Insider threat assessment and modeling
    • Security technologies to prevent, detect and avoid insider threats
    • Validating the trustworthiness of staff
    • Post-insider threat incident analysis
    • Data breach modeling and mitigation techniques
    • Registration, authentication and identification
    • Certification and authorization
    • Database security
    • Device control system
    • Digital forensic system
    • Digital right management system
    • Fraud detection
    • Network access control system
    • Intrusion detection
    • Keyboard information security
    • Information security governance
    • Information security management systems
    • Risk assessment and management
    • Log collection and analysis
    • Trust management
    • IT compliance (audit)
    • Continuous auditing

  • SCC 2010 2nd International Workshop on Security in Cloud Computing, Held in Conjunction with ICPP 2010, San Diego, California, USA, September 13 - 16, 2010. (Submissions due 1 May 2010)

    Cloud Computing has generated interest from both industry and academia since 2007. As an extension of Grid Computing and Distributed Computing, Cloud Computing aims to provide users with flexible services in a transparent manner. Services are allocated in a "cloud", which is a collection of devices and resources connected through the Internet. Before this paradigm can be widely accepted, the security, privacy and reliability provided by the services in the cloud must be well established. SCC'2010 will bring researchers and experts together to present and discuss the latest developments and technical solutions concerning various aspects of security issues in Cloud Computing. SCC'2010 seeks original unpublished papers focusing on theoretical analysis, emerging applications, novel system architecture construction and design, experimental studies, and social impacts of Cloud Computing. Both review/survey papers and technical papers are expected. Topics of the conference include but are not limited to:

    • Emerging threats to cloud-based services
    • Security models for new services
    • Cloud-aware web service security
    • Information hiding in Cloud Computing
    • Securing distributed data storage in the cloud
    • Privacy and security in Cloud Computing
    • Forensics
    • Robust network architecture
    • Cloud Infrastructure Security
    • Job deployment in the Cloud
    • Intrusion detection/prevention
    • Denial-of-Service (DoS) attacks and defense
    • Robust job scheduling
    • Secure resource allocation and indexing
    • Secure payment for cloud-aware services
    • User authentication in cloud-aware services
    • Security for emerging cloud programming models

  • HotSec 2010 5th USENIX Workshop on Hot Topics in Security, Washington DC, USA, August 10, 2010. (Submissions due 3 May 2010)

    While pragmatic and systems-oriented, HotSec takes a broad view of security and privacy and encompasses research on topics including, but not limited to, large-scale threats, network security, hardware security, software security, programming languages, applied cryptography, anonymity, human-computer interaction, sociology, and economics. We favor papers that propose new directions of research, advocate non-traditional approaches, report on noteworthy experience in an emerging area, or generate lively discussion around an important topic. Papers in well-explored research areas are discouraged. We expect that most accepted position papers will fall into one or more of the following categories:

    • Fundamentally new techniques, approaches, or perspectives for dealing with current security problems
    • New, major problems arising from new technologies that are now being developed or deployed
    • Truly surprising results that cause rethinking of previous approaches

  • ICTCI 2010 4th International Conference on Trusted Cloud Infrastructure, Shanghai, China, October 18-20, 2010. (Submissions due 15 May 2010)

    Cloud computing redefines ways for storing and processing information toward that information is permanently stored and processed in large data centers of shared server infrastructure, and temporarily cached on and used by client devices. This fundamental paradigm change in our IT infrastructure has given rise to many new trust and security challenges for protecting the user's information which is no longer under well physical controls of the user. Issues from data availability, integrity and confidentiality, trustworthiness of shared computing and storage resources, isolation of the user computing space in a virtualized data center, to IT regulations such as governance, risk and compliance (IT GRC), etc., now all have new concerns and face unanticipated vulnerabilities. These invite not only research for better understanding these new issues but also innovation for novel solutions to emerging problems. Topics of interests for ICTCI 2010 include, but not limited to, the following subject categories:

    • Theory and practice in Trusted Computing
    • Secure operating systems
    • Trusted virtual cloud infrastructure
    • Secure management of virtualized cloud resources
    • Secure network architecture for cloud computing
    • Security and privacy aware cloud protocol design
    • Access control for data center applications
    • Key management for data center applications
    • Trust and policy management in clouds
    • Identification and privacy in cloud
    • Remote data integrity protection
    • Off-premise execution software integrity and privacy
    • Secure computation outsourcing
    • Dynamic data operation security
    • Software and data segregation security
    • Failure detection and prediction
    • Secure data management within and across data centers
    • Availability, recovery and auditing
    • Secure wireless and mobile connections to the cloud

  • MetriSec 2010 6th International Workshop on Security Measurements and Metrics, Held in conjunction with the International Symposium on Empirical Software Engineering and Measurement (ESEM 2010), Bolzano-Bozen, Italy, September 15, 2010. (Submissions due 21 May 2010)

    Quantitative assessment is a major stumbling block for software and system security. Although some security metrics exist, they are rarely adequate. The engineering importance of metrics is intuitive: you cannot consistently improve what you cannot measure. Economics is an additional driver for security metrics: customers are unlikely to pay a premium for security if they are unable to quantify what they receive. The goal of the workshop is to foster research into security measurements and metrics and to continue building the community of individuals interested in this field. This year, MetriSec continues its co-location with ESEM, which offers an opportunity for the security metrics folks to meet the metrics community at large. The organizers solicit original submissions from industry and academic experts on the development and application of repeatable, meaningful measurements in the fields of software and system security. The topics of interest include, but are not limited to:

    • Security metrics
    • Security measurement and monitoring
    • Development of predictive models
    • Experimental validation of models
    • Formal theories of security metrics
    • Security quality assurance
    • Empirical assessment of security architectures and solutions
    • Mining data from attack and vulnerability repositories: e.g. CVE, CVSS
    • Static analysis metrics
    • Simulation and statistical analysis
    • Security risk analysis
    • Industrial experience

  • SIDEUS 2010 1st International Workshop on Securing Information in Distributed Environments and Ubiquitous Systems, Fukuoka, Japan, November 4-6, 2010. (Submissions due 30 May 2010)

    At present time, the maturity of research in the field of distributed systems, such as P2P, Grid, Cloud or Internet computing, has pushed through new problems such us those related with security. In systems where the information freely flows across the network, the task of securing it becomes a real concern, and thus an interesting research challenge. For that reason, security is becoming one of the key issues when evaluating such systems and it is important to determine which security mechanisms are available, and how they fit to every particular scenario. The aim of this workshop is to provide a forum for the discussion of ideas on regards to the current challenges and solutions to security in an environment that is rapidly developing such as P2P, Grid, Cloud or Internet computing. The main topics include (but are not limited to):

    • Securing the Internet of Things (IoT)
    • Membership and access control
    • Identity management in distributed systems
    • Security in JXTA-based applications
    • Privacy and anonymity technologies
    • Secure distributed storage
    • Security issues in Vehicular Networks (VANETs)
    • Securing P2P networks against third-party attacks
    • Security and privacy in Delay-Tolerant Networks (DTN)
    • Integrating security in protocols
    • Assessment of information security

  • eCRS 2010 eCrime Researchers Summit, Dallas, Texas, USA, October 18-20, 2010. (Submissions due 30 May 2010)

    eCRS 2010 will bring together academic researchers, security practitioners, and law enforcement to discuss all aspects of electronic crime and ways to combat it, Topics of interests include (but are not limited to):

    • Phishing, rogue-AV, pharming, click-fraud, crimeware, extortion and emerging attacks
    • Technical, legal, political, social and psychological aspects of fraud and fraud prevention
    • Malware, botnets, ecriminal/phishing gangs and collaboration, or money laundering
    • Techniques to assess the risks and yields of attacks and the success rates of countermeasures
    • Delivery techniques, including spam, voice mail and rank manipulation; and countermeasures
    • Spoofing of different types, and applications to fraud
    • Techniques to avoid detection, tracking and takedown; and ways to block such techniques
    • Honeypot design, data mining, and forensic aspects of fraud prevention
    • Design and evaluation of user interfaces in the context of fraud and network security
    • Best practices related to digital forensics tools and techniques, investigative procedures, and evidence acquisition, handling and preservation

  • NPSec 2010 6th Workshop on Secure Network Protocols, Held in conjunction with ICNP 2010, Kyoto, Japan, October 5, 2010. (Submissions due 4 June 2010)

    NPSec2010 focuses on two general areas. The first focus is on the development and analysis of secure or hardened protocols for the operation (establishment and maintenance) of network infrastructure, including such targets as secure multidomain, ad hoc, sensor or overlay networks, or other related target areas. This can include new protocols, enhancements to existing protocols, protocol analysis, and new attacks on existing protocols. The second focus is on employing such secure network protocols to create or enhance network applications. Examples include collaborative firewalls, incentive strategies for multiparty networks, and deployment strategies to enable secure applications. NPSec 2010 particularly welcomes new ideas on security in the context of future Internet design, such as architectural considerations for future Internet security and new primitives for supporting secure network protocol and application design. Topics of interest include but are not limited to:

    • Security in future Internet architectures (role of security in future architectures, integrating security in future protocols and applications)
    • Secure and/or resilient network protocols (e.g., internetworking/routing, MANETs, LANs and WLANs, mobile/cellular data networks, P2P and other overlay networks, federated trust systems, sensor networks)
    • Vulnerabilities of existing protocols and applications (both theoretical and case studies), including attacks
    • Key distribution/management
    • Intrusion detection and response
    • Incentive systems for P2P systems and manet routing
    • Secure protocol configuration and deployment
    • Challenges and security protocols for social networks

  • SA&PS4CS 2010 1st International Workshop on Scientific Analysis and Policy Support for Cyber Security, Held in conjunction with the 5th International Conference on Mathematical Methods, Models, and Architectures for Computer Networks Security (MMM-ACNS 2010), St. Petersburg, Russia, September 9, 2010. (Submissions due 13 June 2010)

    The workshop is dedicated to the methods of scientific analysis and policy support for response to cyber intrusions and attacks. The main topics of the SA&PS4CS'2010 are detection, discrimination, and attribution of various activities of malefactors and response to cyber intrusions and attacks including national level information operations as well as identifying emergent cyber technologies supporting social and political activity management and trans-national distributed computing management.

  • ACSAC 2010 26th Annual Computer Security Applications Conference, Austin, Texas, USA, December 6-10, 2010. (Submissions due 14 June 2010)

    ACSAC is an internationally recognized forum for practitioners, researchers, and developers in information systems security. ACSAC's technical track is well established for presenting academically oriented research results, particularly those that have tangible practical applications. Topics of interest include, but are not limited to:

    • access control
    • applied cryptography
    • audit and audit reduction
    • biometrics
    • certification and accreditation
    • cybersecurity
    • database security
    • denial of service protection
    • distributed systems security
    • electronic commerce security
    • enterprise security management
    • forensics
    • identification & authentication
    • identify management
    • incident response planning
    • information survivability
    • insider threat protection
    • integrity
    • intellectual property rights
    • intrusion detection
    • mobile and wireless security
    • multimedia security
    • operating systems security
    • peer-to-peer security
    • privacy and data protection
    • product evaluation/compliance
    • risk/vulnerability assessment
    • securing cloud infrastructures
    • security engineering and management
    • security in IT outsourcing
    • service oriented architectures
    • software assurance
    • trust management
    • virtualization security
    • VOIP security
    • Web 2.0/3.0 security

  • ISC 2010 13th Information Security Conference, Boca Raton, Florida, USA, October 25-28, 2010. (Submissions due 15 June 2010)

    ISC is an annual international conference covering research (both theory and applications) in Information Security. The conference seeks submissions from academia, industry, and government that present novel research on all theoretical and practical aspects of Information Security. Topics of interest include, but are not limited to:

    • access control
    • accountability
    • anonymity and pseudonymity
    • applied cryptography
    • authentication
    • biometrics
    • computer forensics
    • cryptographic protocols
    • database security
    • data protection
    • data/system integrity
    • digital right management
    • economics of security and privacy
    • electronic frauds
    • formal methods in security
    • identity management
    • information dissemination control
    • information hiding and watermarking
    • intrusion detection
    • network security
    • peer-to-peer security
    • privacy
    • secure group communications
    • security and privacy in pervasive/ubiquitous computing
    • security in information flow
    • security in IT outsourcing
    • security for mobile code
    • security of grid computing
    • security of eCommerce, eBusiness and eGovernment
    • security in location services
    • security modeling and architectures
    • security models for ambient intelligence environments
    • security in social networks
    • trust models and trust management policies
    • embedded security

  • HST 2010 10th IEEE International Conference on Technologies for Homeland Security, Waltham, MA, USA, November 8-10, 2010. (Submissions due 25 June 2010)

    The tenth annual IEEE Conference on Technologies for Homeland Security will focus on innovative technologies for deterring and preventing attacks, protecting critical infrastructure and individuals, and mitigating damage and expediting recovery. Submissions are desired in the broad areas of critical infrastructure and key resources protection (CIKR), border protection and monitoring, and disaster recovery and response, with application within about five years.

  • International Journal of Information Technologies and Systems Approach, Special Issue on Privacy and Security Issues in IT, 2011. (Submission Due 30 June 2010)

    Guest editor: Frank Stowell (University of Portsmouth, England) and Vasilis Katos Democritus (University of Thrace, Greece)
    
    The topic of this special issue is motivated by the ease of collection, processing and dissemination of personal data and the concern about the unintended use or misuse of these data. Monitoring technologies are a fundamental component in IS security that serve as a policy violation detection mechanism but the expanding scope of ICT now means that it is not just the client that is affected but often the wider community e.g. CCTV monitoring as what may have been designed for specific end-users now impacts itself upon the majority. Monitoring has turned into systematic surveillance of emails, telephone usage and through CCTV general citizen activities. In a society where privacy is a fundamental human right the antagonism between privacy and security is a research issue of significance IS researchers as IS itself constitutes the means for feeding such antagonism between security and the privacy of the individual. This special issue invites a range of topics related to Privacy and the associated security issues created by the technology. Topics to be discussed in this special issue include (but are not limited to) the following:

    • Privacy preservation technologies for the citizen
    • Methodologies for analysing privacy requirements of an Information System
    • Protection of biometric data
    • Analysis and development of a systems view of security and its impact upon individual privacy
    • The Economics of security and privacy
    • The behavioural impact of monitoring and surveillance technologies
    • Opportunities and threats in emerging applications utilizing personal data
    • Privacy-centric systems

 

• The Technical Committee on Security and Privacy

• Staying in touch....

  • Information for Subscribers and Contributors

  • Who's where: recent address changes

  • Changing your email address?  Please send updates to cipher@ieee-security.org