Cipher Electronic Newsletter of the Technical Committe on    Security & Privacy A Technical Committee of the Computer Society of the IEEE  Electronic Issue (EI) 96,  May 31, 2010 Hilarie Orman,  Editor Richard Austin, Book Review Editor Sven Dietrich, Associate Editor Yong Guan, Calendar Editor

Contents:

• Letter from the Editor 
   

• Commentary and Opinion

  • Richard Austin's review of The Rootkit Arsenal: Escape and Evasion in the Dark Corners of the System by Reverend Bill Blunden

  • Review of the Security and Privacy Awards Banquet (Berkeley, California, May 17, 2010) by Hilarie Orman

  • Review of the Security and Privacy Symposium, technical sessions (Berkeley/Oakland, California, USA, May 17-19, 2010) by Ben Ransford, University of Massachusetts Amherst
    Sruthi Bandhakavi, University of Illinois at Urbana-Champaign
    Joana Trindade, University of Illinois at Urbana-Champaign

  • No announcements and correspondence from readers this month (please contribute!)

  • Book reviews from past Cipher issues

  • Conference Reports and Commentary from past Cipher issues

  • News items from past Cipher issues

 

• Conference and Workshop Announcements

  • Cipher calls-for-papers and calendar
      (the calls-for-papers and the calendar announcements may differ slightly in content or time of update): 

  • Calendar:
    • 5/24/10: CSET, 3rd Workshop on Cyber Security Experimentation and Test, Washington, DC, USA; Submissions are due
    • 5/26/10- 5/28/10: MOBISEC, 2nd International ICST Conference on Security and Privacy in Mobile Information and Communication Systems, Catania, Sicily
    • 5/28/10: WOOT, 4th USENIX Workshop on Offensive Technologies, Washington, DC, USA; Submissions are due
    • 5/30/10: SIDEUS, 1st International Workshop on Securing Information in Distributed Environments and Ubiquitous Systems, Fukuoka, Japan; Submissions are due
    • 5/30/10: eCRS, eCrime Researchers Summit, Dallas, Texas, USA; Submissions are due
    • 5/31/10: GameSec, The Inaugural Conference on Decision and Game Theory for Security, Berlin, Germany; Submissions are due
    • 6/ 1/10: NeFX, 2nd Annual ACM Northeast Digital Forensics Exchange, Washington, DC, USA; Submissions are due
    • 6/ 4/10: NPSec, 6th Workshop on Secure Network Protocols, Held in conjunction with ICNP 2010, Kyoto, Japan; Submissions are due
    • 6/ 7/10: SafeConfig, 2nd Workshop on Assurable & Usable Security Configuration, Held in conjunction with ACM CCS 2010, Chicago, Illinois, USA; Submissions are due
    • 6/ 7/10- 6/ 8/10: WEIS, 9th Workshop on the Economics of Information Security, Harvard University, Cambridge, MA, USA
    • 6/ 8/10- 6/10/10: RFIDSec, 6th Workshop on RFID Security, Istanbul, Turkey
    • 6/ 9/10- 6/11/10: SACMAT, 15th ACM Symposium on Access Control Models and Technologies, Pittsburgh, PA, USA
    • 6/10/10: CWECS, 1st International Workshop on Cloud, Wireless and e-Commerce Security, Fukuoka, Japan; Submissions are due
    • 6/11/10: Pairing, 4th International Conference on Pairing-based Cryptography, Yamanaka Hot Spring, Japan; Submissions are due
    • 6/11/10: TrustCol, 5th International Workshop on Trusted Collaboration, Held in conjunction with the CollaborateCom 2010, Chicago, Illinois, USA; Submissions are due
    • 6/13/10: SA&PS4CS, 1st International Workshop on Scientific Analysis and Policy Support for Cyber Security, Held in conjunction with the 5th International Conference on Mathematical Methods, Models, and Architectures for Computer Networks Security (MMM-ACNS 2010), St. Petersburg, Russia; Submissions are due
    • 6/13/10: FAST, 7th International Workshop on Formal Aspects of Security & Trust, Pisa, Italy; Submissions are due
    • 6/13/10- 6/14/10: HOST, IEEE International Symposium on Hardware-Oriented Security and Trust, Anaheim, California, USA
    • 6/14/10: ACSAC, 26th Annual Computer Security Applications Conference, Austin, Texas, USA; Submissions are due
    • 6/14/10: STC, 5th Annual Workshop on Scalable Trusted Computing, Held in conjunction with ACM CCS 2010, Chicago, Illinois, USA; Submissions are due
    • 6/14/10: D-SPAN, 1st International Workshop on Data Security and PrivAcy in wireless Networks, Held in conjunction with WoWMoM 2010, Montreal, QC, Canada
    • 6/14/10- 6/15/10: MIST, 2nd International Workshop on Managing Insider Security Threats, Held in conjunction with IFIPTM 2010, Morioka, Iwate, Japan
    • 6/15/10: ISC, 13th Information Security Conference, Boca Raton, Florida, USA; Submissions are due
    • 6/15/10: International Journal of Secure Software Engineering (IJSSE), Special Issue on Software Security Engineering Education; Submissions are due
    • 6/15/10: DPM, International Workshop on Data Privacy Management, Held in conjunction with the ESORICS 2010, Athens, Greece; Submissions are due
    • 6/15/10: SETOP, 3rd International Workshop on Autonomous and Spontaneous Security, Held in conjunction with the ESORICS 2010, Athens, Greece; Submissions are due
    • 6/16/10- 6/18/10: IFIP-TM, 4th IFIP International Conference on Trust Management, Morioka, Japan
    • 6/20/10: STM, 6th International Workshop on Security and Trust Management, Athens, Greece; Submissions are due
    • 6/21/10- 6/23/10: Trust, 3rd International Conference on Trust and Trustworthy Computing, Berlin, Germany
    • 6/21/10- 6/23/10: DBSec, 24th Annual IFIP WG 11.3 Working Conference on Data and Applications Security, Rome, Italy
    • 6/21/10- 6/24/10: OWASP-AppSec-Research, OWASP AppSec Research 2010, Stockholm, Sweden
    • 6/22/10- 6/25/10: ACNS, 8th International Conference on Applied Cryptography and Network Security, Beijing, China
    • 6/25/10: ICDCS-SPCC, 1st International Workshop on Security and Privacy in Cloud Computing, Held in conjunction with the IEEE International Conference on Distributed Computing Systems (ICDCS 2010), Genoa, Italy
    • 6/27/10: PRITS, Workshop on Pattern Recognition for IT Security, Held in conjunction with DAGM 2010, Darmstadt, Germany; Submissions are due
    • 6/28/10: PSDML, ECML/PKDD Workshop on Privacy and Security issues in Data Mining and Machine Learning, Barcelona, Spain; Submissions are due
    • 6/28/10- 6/20/10: IH, 12th Information Hiding Conference, Calgary, Alberta, Canada
    • 6/28/10- 7/ 2/10: SHPCS, 5th Workshop on Security and High Performance Computing Systems, Held in conjunction with the 6th International Wireless Communications and Mobile Computing Conference (IWCMC 2010), Caen, Normandy, France
    • 6/29/10- 7/ 1/10: TSP, 3rd IEEE International Symposium on Trust, Security and Privacy for Emerging Applications, Bradford, UK
    • 6/30/10: International Journal of Information Technologies and Systems Approach, Special Issue on Privacy and Security Issues in IT; Submissions are due
    • 6/30/10: Malware, 5th IEEE International Conference on Malicious and Unwanted Software, Nancy, France; Submissions are due
    • 7/ 2/10: EC2ND, 6th European Conference on Computer Network Defense, Berlin, Germany; Submissions are due
    • 7/ 8/10- 7/ 9/10: DIMVA, 7th Conference on Detection of Intrusions and Malware & Vulnerability Assessment, Bonn, Germany
    • 7/ 9/10: TrustCom, IEEE/IFIP International Symposium on Trusted Computing and Communications, Hong Kong SAR, China; Submissions are due
    • 7/14/10- 7/16/10: SOUPS, Symposium On Usable Privacy and Security, Redmond, WA, USA
    • 7/16/10: ICISS, 6th International Conference on Information Systems Security, Gandhinagar, India; Submissions are due
    • 7/20/10: FCC, 6th Workshop on Formal and Computational Cryptography, Edinburgh, UK
    • 7/21/10- 7/23/10: POLICY, IEEE International Symposium on Policies for Distributed Systems and Networks, Fairfax, Virginia, USA
    • 7/26/10- 7/28/10: SECRYPT, 5th International Conference on Security and Cryptography, Athens, Greece
    • 8/ 1/10: Journal of Network and Computer Applications, Special Issue on Trusted Computing and Communications; Submissions are due
    • 8/ 1/10: INTRUST, International Conference on Trusted Systems, Beijing, China; Submissions are due
    • 8/ 9/10: CSET, 3rd Workshop on Cyber Security Experimentation and Test, Washington, DC, USA
    • 8/ 9/10: WOOT, 4th USENIX Workshop on Offensive Technologies, Washington, DC, USA
    • 8/ 9/10- 8/13/10: LIS, Workshop on Logics in Security, Copenhagen, Denmark
    • 8/10/10: HealthSec, 1st USENIX Workshop on Health Security and Privacy, Washington, DC, USA
    • 8/10/10: HotSec, 5th USENIX Workshop on Hot Topics in Security, Washington DC, USA
    • 8/11/10- 8/13/10: USENIX-Security, 19th USENIX Security Symposium, Washington, DC, USA
    • 8/17/10- 8/19/10: PST, 8th International Conference on Privacy, Security and Trust, Ottawa, Canada
    • 8/21/10: FTDC, 7th Workshop on Fault Diagnosis and Tolerance in Cryptography, Held in conjunction with the CHES 2010, Santa Barbara, CA, USA
    • 8/30/10- 9/ 3/10: TrustBus, 7th International Conference on Trust, Privacy & Security in Digital Business, Bilbao, Spain
    • 8/31/10: Wiley Security and Communication Networks (SCN), Special Issue on Defending Against Insider Threats and Internal Data Leakage; Submissions are due
    • 9/ 6/10- 9/ 9/10: MMM-ACNS, 5th International Conference on Mathematical Methods, Models, and Architectures for Computer Networks Security, St. Petersburg, Russia
    • 9/ 7/10- 9/10/10: SECURECOMM, 6th International Conference on Security and Privacy in Communication Networks, Singapore
    • 9/ 7/10- 9/11/10: SIN, 3rd International Conference on Security of Information and Networks, Taganrog, Rostov-on-Don, Russia;
    • 9/ 9/10: SA&PS4CS, 1st International Workshop on Scientific Analysis and Policy Support for Cyber Security, Held in conjunction with the 5th International Conference on Mathematical Methods, Models, and Architectures for Computer Networks Security (MMM-ACNS 2010), St. Petersburg, Russia
    • 9/13/10: ESSoS, International Symposium on Engineering Secure Software and Systems, Madrid, Spain; Submissions are due
    • 9/13/10- 9/14/10: NeFX, 2nd Annual ACM Northeast Digital Forensics Exchange, Washington, DC, USA
    • 9/13/10- 9/15/10: SCN, 7th Conference on Security and Cryptography for Networks, Amalfi, Italy
    • 9/13/10- 9/16/10: SCC, 2nd International Workshop on Security in Cloud Computing, Held in Conjunction with ICPP 2010, San Diego, California, USA
    • 9/14/10: VizSec, 7th International Symposium on Visualization for Cyber Security, Ottawa, Ontario, Canada
    • 9/15/10: IEEE Transactions on Information Forensics and Security, Special Issue on Using the Physical Layer for Securing the Next Generation of Communication Systems; Submissions are due
    • 9/15/10: CODASPY, 1st ACM Conference on Data and Application Security and Privacy, San Antonio, TX, USA; Submissions are due
    • 9/15/10: WIFS, International Workshop on Information Forensics & Security, Seattle, WA, USA; Submissions are due
    • 9/15/10: MetriSec, 6th International Workshop on Security Measurements and Metrics, Held in conjunction with the International Symposium on Empirical Software Engineering and Measurement (ESEM 2010), Bolzano-Bozen, Italy
    • 9/15/10- 9/17/10: RAID, 13th International Symposium on Recent Advances in Intrusion Detection, Ottawa, Canada
    • 9/16/10- 9/17/10: FAST, 7th International Workshop on Formal Aspects of Security & Trust, Pisa, Italy
    • 9/20/10- 9/22/10: ESORICS, 15th European Symposium on Research in Computer Security, Athens, Greece
    • 9/20/10- 9/23/10: IFIP-TC9-HCC9, IFIP TC-9 HCC-9 Stream on Privacy and Surveillance, Held in conjunction with the IFIP World Computer Congress 2010, Brisbane, Australia
    • 9/20/10- 9/24/10: ADBIS, 14th East-European Conference on Advances in Databases and Information Systems, Track on Personal Identifiable Information: Privacy, Ethics, and Security, Novi Sad
    • 9/20/10- 9/21/10: NIST Cryptographic Key Management Workshop) Gaithersburg Maryland
    • 9/21/10: PRITS, Workshop on Pattern Recognition for IT Security, Held in conjunction with DAGM 2010, Darmstadt, Germany
    • 9/23/10: DPM, International Workshop on Data Privacy Management, Held in conjunction with the ESORICS 2010, Athens, Greece
    • 9/23/10: SETOP, 3rd International Workshop on Autonomous and Spontaneous Security, Held in conjunction with the ESORICS 2010, Athens, Greece
    • 9/23/10- 9/24/10: STM, 6th International Workshop on Security and Trust Management, Athens, Greece
    • 9/24/10: PSDML, ECML/PKDD Workshop on Privacy and Security issues in Data Mining and Machine Learning, Barcelona, Spain
    • 10/ 4/10: SafeConfig, 2nd Workshop on Assurable & Usable Security Configuration, Held in conjunction with ACM CCS 2010, Chicago, Illinois, USA
    • 10/ 4/10: STC, 5th Annual Workshop on Scalable Trusted Computing, Held in conjunction with ACM CCS 2010, Chicago, Illinois, USA
    • 10/ 4/10-10/ 8/10: ACM-CCS, 17th ACM Conference on Computer and Communications Security, Chicago, IL, USA
    • 10/ 5/10: NPSec, 6th Workshop on Secure Network Protocols, Held in conjunction with ICNP 2010, Kyoto, Japan
    • 10/ 9/10: TrustCol, 5th International Workshop on Trusted Collaboration, Held in conjunction with the CollaborateCom 2010, Chicago, Illinois, USA
    • 10/18/10-10/20/10: ICTCI, 4th International Conference on Trusted Cloud Infrastructure, Shanghai, China
    • 10/18/10-10/20/10: eCRS, eCrime Researchers Summit, Dallas, Texas, USA
    • 10/20/10-10/21/10: Malware, 5th IEEE International Conference on Malicious and Unwanted Software, Nancy, France
    • 10/25/10-10/28/10: ISC, 13th Information Security Conference, Boca Raton, Florida, USA
    • 10/28/10-10/29/10: EC2ND, 6th European Conference on Computer Network Defense, Berlin, Germany
    • 11/ 4/10-11/ 6/10: SIDEUS, 1st International Workshop on Securing Information in Distributed Environments and Ubiquitous Systems, Fukuoka, Japan
    • 11/ 4/10-11/ 6/10: CWECS, 1st International Workshop on Cloud, Wireless and e-Commerce Security, Fukuoka, Japan
    • 11/ 8/10-11/10/10: HST, 10th IEEE International Conference on Technologies for Homeland Security, Waltham, MA, USA
    • 11/19/10-11/19/10: IDMAN, 2nd IFIP WG 11.6 Working Conference on Policies & Research in Identity Management, Oslo, Norway
    • 11/22/10-11/23/10: GameSec, The Inaugural Conference on Decision and Game Theory for Security, Berlin, Germany
    • 12/ 6/10-12/10/10: ACSAC, 26th Annual Computer Security Applications Conference, Austin, Texas, USA
    • 12/11/10-12/13/10: TrustCom, IEEE/IFIP International Symposium on Trusted Computing and Communications, Hong Kong SAR, China
    • 12/12/10-12/15/10: WIFS, International Workshop on Information Forensics & Security, Seattle, WA, USA
    • 12/13/10-12/15/10: Pairing, 4th International Conference on Pairing-based Cryptography, Yamanaka Hot Spring, Japan
    • 12/13/10-12/15/10: INTRUST, International Conference on Trusted Systems, Beijing, China
    • 12/15/10-12/19/10: ICISS, 6th International Conference on Information Systems Security, Gandhinagar, India
    • 2/ 9/11- 2/10/11: ESSoS, International Symposium on Engineering Secure Software and Systems, Madrid, Spain
    • 2/21/11- 2/23/11: CODASPY, 1st ACM Conference on Data and Application Security and Privacy, San Antonio, TX, USA
   
  
  • new calls or announcements added since Cipher E95

  • CSET 2010 3rd Workshop on Cyber Security Experimentation and Test, Washington, DC, USA, August 9, 2010. (Submissions due 24 May 2010)

    The workshop invites you to submit papers on the science, design, architecture, construction, operation, and use of cyber security experiments in network testbeds and infrastructures. Topics of interest include but are not limited to:

    • Science of security/testbed experimentation (Data and tools to achieve realistic experiment setup/scenarios, Diagnosis of and methodologies for dealing with experimental artifacts, Support for experimentation on a large scale (virtualization, federation, high fidelity scale-down), Tools and methodologies to achieve, and metrics to measure, correctness, repeatability, and sharing of experiments
    • Testbeds and methodologies (Tools, methodologies, and infrastructure that support risky experimentation, Support for experimentation in emerging security topics (cyber-physical systems, wireless, botnets, etc.), Novel experimentation approaches (e.g., coupling of emulation and simulation), Experience in designing or deploying secure testbeds, Instrumentation and automation of experiments; their archiving, preservation, and visualization, Fair sharing of testbed resources)
    • Hands-on security education (Experiences teaching security classes that use hands-on security experiments for homework, in-class demonstrations, or class projects, Experiences from red team/blue team exercises)

  • WOOT 2010 4th USENIX Workshop on Offensive Technologies, Washington, DC, USA, August 9, 2010. (Submissions due 28 May 2010)

    Computer security is unique among systems disciplines in that practical details matter and concrete case studies keep the field grounded in practice. WOOT provides a forum for high-quality, peer-reviewed papers discussing tools and techniques for attack. Submission topics include:

    • Vulnerability research (software auditing, reverse engineering)
    • Penetration testing
    • Exploit techniques and automation
    • Network-based attacks (routing, DNS, IDS/IPS/firewall evasion)
    • Reconnaissance (scanning, software, and hardware fingerprinting)
    • Malware design and implementation (rootkits, viruses, bots, worms)
    • Denial-of-service attacks
    • Web and database security
    • Weaknesses in deployed systems (VoIP, telephony, wireless, games)
    • Practical cryptanalysis (hardware, DRM, etc.)

  • SIDEUS 2010 1st International Workshop on Securing Information in Distributed Environments and Ubiquitous Systems, Fukuoka, Japan, November 4-6, 2010. (Submissions due 30 May 2010)

    At present time, the maturity of research in the field of distributed systems, such as P2P, Grid, Cloud or Internet computing, has pushed through new problems such us those related with security. In systems where the information freely flows across the network, the task of securing it becomes a real concern, and thus an interesting research challenge. For that reason, security is becoming one of the key issues when evaluating such systems and it is important to determine which security mechanisms are available, and how they fit to every particular scenario. The aim of this workshop is to provide a forum for the discussion of ideas on regards to the current challenges and solutions to security in an environment that is rapidly developing such as P2P, Grid, Cloud or Internet computing. The main topics include (but are not limited to):

    • Securing the Internet of Things (IoT)
    • Membership and access control
    • Identity management in distributed systems
    • Security in JXTA-based applications
    • Privacy and anonymity technologies
    • Secure distributed storage
    • Security issues in Vehicular Networks (VANETs)
    • Securing P2P networks against third-party attacks
    • Security and privacy in Delay-Tolerant Networks (DTN)
    • Integrating security in protocols
    • Assessment of information security

  • eCRS 2010 eCrime Researchers Summit, Dallas, Texas, USA, October 18-20, 2010. (Submissions due 30 May 2010)

    eCRS 2010 will bring together academic researchers, security practitioners, and law enforcement to discuss all aspects of electronic crime and ways to combat it, Topics of interests include (but are not limited to):

    • Phishing, rogue-AV, pharming, click-fraud, crimeware, extortion and emerging attacks
    • Technical, legal, political, social and psychological aspects of fraud and fraud prevention
    • Malware, botnets, ecriminal/phishing gangs and collaboration, or money laundering
    • Techniques to assess the risks and yields of attacks and the success rates of countermeasures
    • Delivery techniques, including spam, voice mail and rank manipulation; and countermeasures
    • Spoofing of different types, and applications to fraud
    • Techniques to avoid detection, tracking and takedown; and ways to block such techniques
    • Honeypot design, data mining, and forensic aspects of fraud prevention
    • Design and evaluation of user interfaces in the context of fraud and network security
    • Best practices related to digital forensics tools and techniques, investigative procedures, and evidence acquisition, handling and preservation

  • GameSec 2010 The Inaugural Conference on Decision and Game Theory for Security, Berlin, Germany, November 22-23, 2010. (Submissions due 31 May 2010)

    Securing complex and networked systems and managing associated risks become increasingly important as they play an indispensible role in modern life at the turn of the information age. Concurrently, security of ubiquitous communication, data, and computing pose novel research challenges. Security is a multi-faceted problem due to the complexity of underlying hardware, software, and network inter- dependencies as well as human and social factors. It involves decision making in multiple levels and multiple time scales, given the limited resources available to both malicious attackers and administrators defending networked systems. GameSec conference aims to bring together researchers who aim to establish a theoretical foundation for making resource allocation decisions that balance available capabilities and perceived security risks in a principled manner. The conference focuses analytical models based on game, information, communication, optimization, decision, and control theories that are applied to diverse security topics. At the same time, the connection between theoretical models and real world security problems are emphasized to establish the important feedback loop between theory and practice. Observing the scarcity of venues for researchers who try to develop a deeper theoretical understanding of the underlying incentive and resource allocation issues in security, we believe that GameSec will fill an important void and serve as a distinguished forum of highest standards for years to come. Topics of interest include (but are not limited to):

    • Security games
    • Security and risk management
    • Mechanism design and incentives
    • Decentralized security algorithms
    • Security of networked systems
    • Security of Web-based services
    • Security of social networks
    • Intrusion and anomaly detection
    • Resource allocation for security
    • Optimized response to malware
    • Identity management
    • Privacy and security
    • Reputation and trust
    • Information security and watermarking
    • Physical layer security in wireless networks
    • Information theoretic aspects of security
    • Adversarial machine learning
    • Distributed learning for security
    • Cross-layer security
    • Usability and security
    • Human behavior and security
    • Dynamic control of security system
    • Organizational aspects of risk management
    • Cooperation and competition in security

  • NeFX 2010 2nd Annual ACM Northeast Digital Forensics Exchange, Washington, DC, USA, September 13-14, 2010. (Submissions due 1 June 2010)

    Practitioners in digital forensics face many challenges and problems, be they from law enforcement, the intelligence or government community, or private practice. Criminal activity, system intrusions, and computer misuse are endemic in today's networked world. Today's state-of-art digital forensic technology on correlating large amount of often distributed digital evidence, crime scene reconstruction, and eventually mapping them to physical criminal scenario can only be best described as ad hoc and fragmented. We have also seen that most criminal investigations have involved crime scenes that co-exist in both cyberspace and physical worlds. There is an urgent need to move the capabilities and foundation of digital forensics from an ad hoc basis to one of science. Digital forensics is an inherently complex cross-disciplinary field that deals with complicated and potentially inconsistent issues/goals cutting across technical, legal, and law enforcement domains. The ACM Northeast Digital Forensics Exchange (NeFX), sponsored in part by the National Science Foundation and the Army Research Office, is designed to foster collaboration on digital forensics and information assurance between federal and state law enforcement, academia, and industry. Our goal is to bring together leading practitioners and academics in order to yield partnerships that advance research on digital forensic science through mutual sharing of the problems of practice and research. All topic areas related to digital forensics are of interest and in scope, which include, but are not limited to:

    • Imaging/Monitoring
    • Network Forensics
    • Small-scale and Mobile Device Forensics
    • Data Processing and Analytics
    • Software Forensics and Malware Analysis
    • File Carving and File System Analysis
    • Anti-forensics Techniques
    • Digital Forensics (from signal processing perspective)
    • Evidence Modeling and Principles
    • Live and Memory Analysis
    • Multimedia Forensics
    • Database, Web, and Cloud Computing System Forensics
    • Digital Evidence Storage and Preservation
    • Forensic tool Validation: Methodologies and Principles
    • Cyber-crime Strategy Analysis & Modeling
    • Advanced search, analysis, and presentation of digital evidence
    • Courtroom expert witness and case presentation
    • Case studies
    • Legal and Sociological Issues
    • Intelligence Issues in Forensics

  • NPSec 2010 6th Workshop on Secure Network Protocols, Held in conjunction with ICNP 2010, Kyoto, Japan, October 5, 2010. (Submissions due 4 June 2010)

    NPSec2010 focuses on two general areas. The first focus is on the development and analysis of secure or hardened protocols for the operation (establishment and maintenance) of network infrastructure, including such targets as secure multidomain, ad hoc, sensor or overlay networks, or other related target areas. This can include new protocols, enhancements to existing protocols, protocol analysis, and new attacks on existing protocols. The second focus is on employing such secure network protocols to create or enhance network applications. Examples include collaborative firewalls, incentive strategies for multiparty networks, and deployment strategies to enable secure applications. NPSec 2010 particularly welcomes new ideas on security in the context of future Internet design, such as architectural considerations for future Internet security and new primitives for supporting secure network protocol and application design. Topics of interest include but are not limited to:

    • Security in future Internet architectures (role of security in future architectures, integrating security in future protocols and applications)
    • Secure and/or resilient network protocols (e.g., internetworking/routing, MANETs, LANs and WLANs, mobile/cellular data networks, P2P and other overlay networks, federated trust systems, sensor networks)
    • Vulnerabilities of existing protocols and applications (both theoretical and case studies), including attacks
    • Key distribution/management
    • Intrusion detection and response
    • Incentive systems for P2P systems and manet routing
    • Secure protocol configuration and deployment
    • Challenges and security protocols for social networks

  • SafeConfig 2010 2nd Workshop on Assurable & Usable Security Configuration, Held in conjunction with ACM CCS 2010, Chicago, Illinois, USA, October 4, 2010. (Submissions due 7 June 2010)

    A typical enterprise network might have hundreds of security appliances such as firewalls, IPSec gateways, IDS/IPS, authentication servers, authorization/RBAC servers and crypto systems. An enterprise network may also have other non-security devices such as routers, name servers, protocol gateways, etc. These must be logically integrated into a security architecture satisfying security goals at and across multiple networks. Logical integration is accomplished by consistently setting thousands of configuration variables and rules on the devices. The configuration must be constantly adapted to optimize protection and block prospective attacks. The configuration must be tuned to balance security with usability. These challenges are compounded by the deployment of mobile devices and ad hoc networks. The resulting security configuration complexity places a heavy burden on both regular users and experienced administrators and dramatically reduces overall network assurability and usability. This workshop will bring together academic as well as industry researchers to exchange experiences, discuss challenges and propose solutions for offering assurable and usable security.

  • CWECS 2010 1st International Workshop on Cloud, Wireless and e-Commerce Security, Fukuoka, Japan, November 4-6, 2010. (Submissions due 10 June 2010)

    In the last few years, due to increase in number of Cloud computing, Wireless network and E-Commerce (CWEC) applications and studies, the security issues and pivotal challenges include integrity verification, authentication, access control, attack prevention, etc., are also increasing. Recently, security technologies are booming. However, to achieve the whole security target for Cloud computing, wireless network and e-commerce, it requires much more than the mere application of current core technologies. The main purpose of this workshop is to bring together the researchers from academia and industry as well as practitioners to share ideas, problems and solutions relating to the multifaceted aspects of Security Technology in Cloud computing, wireless network and e-commerce, particularly aiming to promote state-of-the-art research in this area. Topics (included, but are not limited to):

    • Handover Security
    • Network Mobility Security
    • VoIP Security
    • Mobile Agent Security
    • Wireless Grid Security
    • RFID Security
    • Cell Phone, PDA and Potable Device Security
    • Mobile, Ad Hoc and Sensor Network Security
    • 3G ~ 4G Communication Security
    • Access Control, Authentication and Authorization for CWEC
    • Cryptography, Cryptanalysis and Digital Signatures for CWEC
    • Key Management and Recovery for CWEC
    • Trust Negotiation, Establishment and Management for CWEC
    • Network Management for CWEC
    • Performance Evaluation for CWEC
    • Privacy, Data Integrity and Data Protection for CWEC
    • Computer Forensics for CWEC
    • Security Threats and Countermeasures for CWEC
    • Cross-layer Design for CWEC

  • Pairing 2010 4th International Conference on Pairing-based Cryptography, Yamanaka Hot Spring, Japan, December 13-15, 2010. (Submissions due 11 June 2010)

    The focus of Pairing 2010 is on all aspects of pairing-based cryptography, including: cryptographic primitives and protocols, mathematical foundations, software and hardware implementation, and applied security.

  • TrustCol 2010 5th International Workshop on Trusted Collaboration, Held in conjunction with the CollaborateCom 2010, Chicago, Illinois, USA, October 9, 2010. (Submissions due 11 June 2010)

    The ongoing, rapid developments in information systems technologies and networking have enabled significant opportunities for streamlining decision making processes and maximizing productivity through distributed collaborations that facilitate unprecedented levels of sharing of information and computational resources. Emerging collaborative environments need to provide efficient support for seamless integration of heterogeneous technologies such as mobile devices and infrastructures, web services, grid computing systems, online social networks, various operating environments, and diverse COTS products. Such heterogeneity introduces, however, significant security and privacy challenges for distributed collaborative applications. Balancing the competing goals of collaboration and security is difficult because interaction in collaborative systems is targeted towards making people, information, and resources available to all who need it whereas information security seeks to ensure the availability, confidentiality, and integrity of these elements while providing it only to those with proper trustworthiness. The key goal of this workshop is to foster active interactions among diverse researchers and practitioners, and generate added momentum towards research in finding viable solutions to the security and privacy challenges faced by the current and future collaborative systems and infrastructures. We solicit unpublished research papers that address theoretical issues and practical implementations/experiences related to security and privacy solutions for collaborative systems. Topics of interest include, but are not limited to:

    • Secure dynamic coalition environments
    • Secure distributed multimedia collaboration
    • Privacy control in collaborative environments
    • Secure workflows for collaborative computing
    • Policy-based management of collaborative workspace
    • Secure middleware for large scale collaborative infrastructures
    • Security and privacy issues in mobile collaborative applications
    • Security frameworks and architectures for trusted collaboration
    • Secure interoperation in multidomain collaborative environments
    • Identity management for large scale collaborative infrastructures
    • Semantic web technologies for secure collaborative infrastructure
    • Trust models, trust negotiation/management for collaborative systems
    • Access control models and mechanisms for collaboration environments
    • Protection models and mechanisms for peer-to-peer collaborative environments
    • Delegation, accountability, and information flow control in collaborative applications
    • Intrusion detection, recovery and survivability of collaborative systems/infrastructures
    • Security of web services and grid technologies for supporting multidomain collaborative applications
    • Security and privacy challenges in cloud-based collaborative applications

  • SA&PS4CS 2010 1st International Workshop on Scientific Analysis and Policy Support for Cyber Security, Held in conjunction with the 5th International Conference on Mathematical Methods, Models, and Architectures for Computer Networks Security (MMM-ACNS 2010), St. Petersburg, Russia, September 9, 2010. (Submissions due 13 June 2010)

    The workshop is dedicated to the methods of scientific analysis and policy support for response to cyber intrusions and attacks. The main topics of the SA&PS4CS’2010 are detection, discrimination, and attribution of various activities of malefactors and response to cyber intrusions and attacks including national level information operations as well as identifying emergent cyber technologies supporting social and political activity management and trans-national distributed computing management.

  • FAST 2010 7th International Workshop on Formal Aspects of Security & Trust, Pisa, Italy, September 16-17, 2010. (Submissions due 13 June 2010)

    The seventh International Workshop on Formal Aspects of Security and Trust (FAST2010) aims at continuing the successful efforts of the previous FAST workshops, fostering cooperation among researchers in the areas of security and trust. FAST focuses on the formal models of security and trust that are needed to state goals and policies for these interactions. We also seek new and innovative techniques for establishing consequences of these formal models. Implementation approaches for such techniques are also welcome. Suggested submission topics include, but are not limited to:

    • Formal models for security, trust and reputation
    • Security protocol design and analysis
    • Logics for security and trust
    • Trust-based reasoning
    • Distributed trust management systems
    • Digital asset protection
    • Data protection
    • Privacy and ID management issues
    • Information flow analysis
    • Language-based security
    • Security and trust aspects in ubiquitous computing
    • Validation/Analysis tools
    • Web/Grid services security/trust/privacy
    • Security and risk assessment
    • Resource and access control
    • Case studies

  • ACSAC 2010 26th Annual Computer Security Applications Conference, Austin, Texas, USA, December 6-10, 2010. (Submissions due 14 June 2010)

    ACSAC is an internationally recognized forum for practitioners, researchers, and developers in information systems security. ACSAC's technical track is well established for presenting academically oriented research results, particularly those that have tangible practical applications. Topics of interest include, but are not limited to:

    • access control
    • applied cryptography
    • audit and audit reduction
    • biometrics
    • certification and accreditation
    • cybersecurity
    • database security
    • denial of service protection
    • distributed systems security
    • electronic commerce security
    • enterprise security management
    • forensics
    • identification & authentication
    • identify management
    • incident response planning
    • information survivability
    • insider threat protection
    • integrity
    • intellectual property rights
    • intrusion detection
    • mobile and wireless security
    • multimedia security
    • operating systems security
    • peer-to-peer security
    • privacy and data protection
    • product evaluation/compliance
    • risk/vulnerability assessment
    • securing cloud infrastructures
    • security engineering and management
    • security in IT outsourcing
    • service oriented architectures
    • software assurance
    • trust management
    • virtualization security
    • VOIP security
    • Web 2.0/3.0 security

  • STC 2010 5th Annual Workshop on Scalable Trusted Computing, Held in conjunction with ACM CCS 2010, Chicago, Illinois, USA, October 4, 2010. (Submissions due 14 June 2010)

    Built on the continued success of previous STC workshops (starting from ACM STC'06) this workshop focuses on fundamental technologies of trusted computing (in a broad sense, with or without TPMs) and its applications in large-scale systems -- those involving large number of users and parties with varying degrees of trust. The workshop is intended to serve as a forum for researchers as well as practitioners to disseminate and discuss recent advances and emerging issues. Topics of interests include but not limited to:

    • Enabling scalable trusted computing
    • Applications of trusted computing
    • Pushing the limits

  • International Journal of Secure Software Engineering (IJSSE), Special Issue on Software Security Engineering Education, March/April 2011. (Submission Due 15 June 2010)

    Guest editor: Nancy R. Mead (Carnegie Mellon University, U.S.A) and Dan Shoemaker (University of Detroit Mercy, U.S.A)
    
    We can improve software security by improving how we teach software security engineering. However, the problem with teaching correct software security engineering practice is that software security practices could be relevant in a number of places within the Software Engineering Body of Knowledge (SWEBOK). Consequently, secure software assurance content might legitimately fit into many different places in the software engineering education process and, in that respect, could be taught many different ways.
    
    This disjointed approach is not an acceptable method for systematically disseminating secure software engineering practice. There should be coordination and, when possible, standardization of the way that educators promulgate secure software assurance content. Otherwise, we run the risk of producing software engineers with potentially conflicting understandings of the same concepts. Unfortunately, there are two practical barriers to achieving coordinated and standardized software security engineering teaching. First, it is not absolutely clear what specific knowledge and skills should be taught and in what places. Second, there are currently no validated methods for delivering that knowledge once it has been identified. As a result, we are seeking insights in this special issue of the journal about how to confront the challenges of ensuring suitable and appropriate teaching of software security engineering content in higher education. This special issue is designed for software professionals and educators to explore innovative approaches to software security engineering education. The following are some suggested topics, as they relate to software security engineering:

    • curricula –undergraduate, graduate, or training
    • course materials
    • model delivery methods
    • student capstone projects and practical experience
    • model syllabi
    • learning models or unique learning interventions
    • distance or asynchronous delivery technologies or approaches
    • business or assurance
    • cases case study methodologies
    • cross-disciplinary collaborations
    • literature reviews or supporting materials
    • PowerPoint presentations

  • DPM 2010 International Workshop on Data Privacy Management, Held in conjunction with the ESORICS 2010, Athens, Greece, September 23, 2010. (Submissions due 15 June 2010)

    The aim of this workshop is to discuss and exchange ideas related to privacy data management. We invite papers from researchers and practitioners working in privacy, security, trustworthy data systems and related areas to submit their original papers in this workshop. The main topics, but not limited to, include:

    • Privacy Information Administration
    • Privacy Policy-based Infrastructures and Architectures
    • Privacy-oriented Access Control Language
    • Privacy in Trust Management
    • Privacy Data Integration
    • Privacy Risk Assessment and Assurance
    • Privacy Services
    • Privacy Policy Analysis
    • Query Execution over Privacy Sensitive Data
    • Privacy Preserving Data Mining
    • Hippocratic and Water-marking Databases
    • Privacy for Integrity-based Computing
    • Privacy Monitoring and Auditing
    • Privacy in Social Networks
    • Privacy in Ambient Intelligence (AmI) Applications
    • Conciliation of Individual Privacy and Corporate/National Security
    • Privacy in computer networks
    • Privacy and RFIDs
    • Privacy in Sensor Networks

  • ISC 2010 13th Information Security Conference, Boca Raton, Florida, USA, October 25-28, 2010. (Submissions due 15 June 2010)

    ISC is an annual international conference covering research (both theory and applications) in Information Security. The conference seeks submissions from academia, industry, and government that present novel research on all theoretical and practical aspects of Information Security. Topics of interest include, but are not limited to:

    • access control
    • accountability
    • anonymity and pseudonymity
    • applied cryptography
    • authentication
    • biometrics
    • computer forensics
    • cryptographic protocols
    • database security
    • data protection
    • data/system integrity
    • digital right management
    • economics of security and privacy
    • electronic frauds
    • formal methods in security
    • identity management
    • information dissemination control
    • information hiding and watermarking
    • intrusion detection
    • network security
    • peer-to-peer security
    • privacy
    • secure group communications
    • security and privacy in pervasive/ubiquitous computing
    • security in information flow
    • security in IT outsourcing
    • security for mobile code
    • security of grid computing
    • security of eCommerce, eBusiness and eGovernment
    • security in location services
    • security modeling and architectures
    • security models for ambient intelligence environments
    • security in social networks
    • trust models and trust management policies
    • embedded security

  • SETOP 2010 3rd International Workshop on Autonomous and Spontaneous Security, Held in conjunction with ESORICS 2010, Athens, Greece, September 23, 2010. (Submissions due 15 June 2010)

    Security and reliability have become a major concern for service oriented applications as well as for communication systems and networks. With the need for evolution, if not revolution, of current network architectures and the Internet, autonomous and spontaneous management will be a key feature of future networks and information systems. In this context, security is an essential property. It must be thought at the early stage of conception of these systems and designed to be also autonomous and spontaneous. Future networks and systems must be able to automatically configure themselves with respect to their security policies. The security policy specification must be dynamic and adapt itself to the changing environment. Those networks and systems should interoperate securely when their respective security policies are heterogeneous and possibly conflicting. They must be able to autonomously evaluate the impact of an intrusion in order to spontaneously select the appropriate and relevant response when a given intrusion is detected. Autonomous and spontaneous security is a major requirement of future networks and systems. Of course, it is crucial to address this issue in different wireless and mobile technologies available today such as RFID, Wifi, Wimax, 3G, etc. Other technologies such as ad hoc and sensor networks, which introduce new type of services, also share similar requirements for an autonomous and spontaneous management of security. The SETOP Workshop seeks submissions that present research results on all aspects related to spontaneous and autonomous security. Topics of interest include, but are not limited to the following:

    • Security policy deployment
    • Self evaluation of risk and impact
    • Distributed intrusion detection
    • Autonomous and spontaneous response
    • Trust establishment
    • Selfish behaviour and collaboration enforcement
    • Security in autonomous networks
    • Security in ad hoc networks
    • Security in sensor/RFID networks
    • Security of Next Generation Networks
    • Security in Cloud Computing
    • Security of Service Oriented Architecture
    • Security of opportunistic networks
    • Privacy in self-organized networks
    • Secure localization
    • Context aware and ubiquitous computing
    • Secure interoperability and negotiation
    • Self-organization in secure routing
    • Identity management
    • Modelling and validation of security

  • STM 2010 6th International Workshop on Security and Trust Management, Athens, Greece, September 23-24, 2010. (Submissions due 20 June 2010)

    STM (Security and Trust Management) is a working group of ERCIM (European Research Consortium in Informatics and Mathematics). Topics of interest include, but are not limited to:

    • access control
    • cryptography
    • digital right management
    • economics of security
    • key management
    • ICT for securing digital as well as physical assets
    • identity management
    • networked systems security
    • privacy and anonymity
    • reputation systems and architectures
    • security and trust management architectures
    • semantics and computational models for security and trust
    • trust assessment and negotiation
    • trust in mobile code
    • trust in pervasive environments
    • trust models
    • trust management policies
    • trusted platforms and trustworthy systems
    • trustworthy user devices

  • PRITS 2010 Workshop on Pattern Recognition for IT Security, Held in conjunction with DAGM 2010, Darmstadt, Germany, September 21, 2010. (Submissions due 27 June 2010)

    Graphical data, such as images or video streams, are of growing importance in several disciplines of IT security, ranging from biometric authentication over digital image forensics to visual passwords and CAPTCHAs. Consequently, methods of image analysis and pattern recognition are increasingly used in security-critical applications. The aim of the workshop is to bring together researchers from the pattern recognition and security communities in order to exchange latest research results. Topics of interest include, but are not limited to:

    • Novel biometric authentication techniques
    • Novel information hiding paradigms
    • Image authentication and robust hashing
    • Digital Forensics
    • Image and video analysis for security
    • Visual Passwords
    • CAPTCHAs

  • PSDML 2010 ECML/PKDD Workshop on Privacy and Security issues in Data Mining and Machine Learning, Barcelona, Spain, September 24, 2010. (Submissions due 28 June 2010)

    Privacy and security-related aspects of data mining and machine learning have been the topic of active research during the last few years, due to the existence of numerous applications with privacy and/or security requirements. Privacy issues have become a serious concern due to the collection, analysis and sharing of personal data by privately owned companies and public sector organizations for various purposes, such as data publishing or data mining. This has led to the development of privacy-preserving data mining and machine learning methods. More general security considerations arise in applications such as biometric authentication, intrusion detection and response, and malware classification. This has led to the development of adversarial learning algorithms, while parallel work in multi-agent settings and in low regret learning algorithms has revealed interesting interplays between learning and game theory. The aim of this workshop is to bring together scientists and practitioners who conduct cutting edge research on privacy and security issues in data mining and machine learning to discuss the most recent advances in these research areas, identify open problem domains and research directions, and propose possible solutions. We invite interdisciplinary research on cryptography, data mining, game theory, machine learning, privacy, security and statistics. Moreover, we invite mature contributions as well as interesting preliminary results and descriptions of open problems on emerging research domains and applications of privacy and security in data mining and machine learning.

  • International Journal of Information Technologies and Systems Approach, Special Issue on Privacy and Security Issues in IT, 2011. (Submission Due 30 June 2010)

    Guest editor: Frank Stowell (University of Portsmouth, England) and Vasilis Katos Democritus (University of Thrace, Greece)
    
    The topic of this special issue is motivated by the ease of collection, processing and dissemination of personal data and the concern about the unintended use or misuse of these data. Monitoring technologies are a fundamental component in IS security that serve as a policy violation detection mechanism but the expanding scope of ICT now means that it is not just the client that is affected but often the wider community e.g. CCTV monitoring as what may have been designed for specific end-users now impacts itself upon the majority. Monitoring has turned into systematic surveillance of emails, telephone usage and through CCTV general citizen activities. In a society where privacy is a fundamental human right the antagonism between privacy and security is a research issue of significance IS researchers as IS itself constitutes the means for feeding such antagonism between security and the privacy of the individual. This special issue invites a range of topics related to Privacy and the associated security issues created by the technology. Topics to be discussed in this special issue include (but are not limited to) the following:

    • Privacy preservation technologies for the citizen
    • Methodologies for analysing privacy requirements of an Information System
    • Protection of biometric data
    • Analysis and development of a systems view of security and its impact upon individual privacy
    • The Economics of security and privacy
    • The behavioural impact of monitoring and surveillance technologies
    • Opportunities and threats in emerging applications utilizing personal data
    • Privacy-centric systems

  • Malware 2010 5th IEEE International Conference on Malicious and Unwanted Software, Nancy, France, October 20-21, 2010. (Submissions due 30 June 2010)

    The conference is designed to bring together experts from industry, academia, and government to present and discuss, in an open environment, the latest advances and discoveries in the field of malicious and unwanted software. Techniques, economics and legal issues surrounding the topic of Malware, and the methods to detect and control them will be discussed. This year’s conference will pay particular attention to (and will also be extensively discussed in a panel session) the pressing topic of “Malware and Cloud Computing”. As low-cost Netbooks become popular, Google’s Chrome OS enters the mainstream, and social networks (Facebook, YouTube, Twitter, LinkedIn, and so forth) become ubiquitous, the security dangers associated with the new computing paradigm increase exponentially. In effect, “Cloud Computing”, Multi-tenant, Single Schema, Single Server Platforms (C2S3P) increase vulnerabilities by providing a single point of failure and attack for organized criminal networks. Critical/sensitive/private information is at risk, and very much like previous technology adoption trends, such as wireless networks, the dash for success is trumping the need for security.

  • EC2ND 2010 6th European Conference on Computer Network Defense, Berlin, Germany, October 28-29, 2010. (Submissions due 2 July 2010)

    EC2ND 2010 invites submissions presenting novel ideas in the areas of network defense, intrusion detection and systems security. Topics for submission include but are not limited to:

    • Intrusion Detection
    • Malicious Software
    • Web Security
    • Machine Learning for Security
    • Peer-to-Peer and Grid Security
    • Wireless and Mobile Security
    • Network Forensics
    • Network Discovery and Mapping
    • Incident Response and Management
    • Privacy Protection
    • Cryptography
    • Legal and Ethical Issues

  • TrustCom 2010 IEEE/IFIP International Symposium on Trusted Computing and Communications, Hong Kong SAR, China, December 11-13, 2010. (Submissions due 9 July 2010)

    With the rapid development and the increasing complexity of computer and communications systems and networks, traditional security technologies and measures can not meet the demand for integrated and dynamic security solutions. As a challenging and innovative research field, trusted computing and communications target computer and communications systems and networks that are available, secure, reliable, controllable, dependable, and so on. In a word, they must be trustworthy. If we view the traditional security as identity trust, the broader field of trusted computing and communications also includes behavior trust of systems and networks. In fact, trusted computing and communications have become essential components of various distributed services, applications, and systems, including ad-hoc networks, peer-to-peer networks, social networks, semantic webs, e-commence, e- government, pervasive, ubiquitous, and cyber-physical systems. TrustCom-10 is an international forum for presenting and discussing emerging ideas and trends in trusted computing and communications in computer systems and networks from both the research community as well as the industry. Topics of interest include, but are not limited to:

    • Trust semantics, metrics, and models
    • Trust inference, computation, and
    • Trusted computing platform
    • Trusted network computing
    • Trusted operating systems
    • Trusted software
    • Trusted database
    • Trusted services and applications
    • Trusted communications
    • Trust in e-commerce and e-government
    • Trust in mobile and wireless networks
    • Reliable and fault-tolerant computer systems/networks
    • Survivable computer systems/networks
    • Cryptography and security protocols
    • Authentication in computer systems/networks
    • Access control in computer systems/networks
    • Key management in computer systems/networks
    • Anonymity and privacy in computer systems/networks
    • Trust in emerging applications
    • Miscellaneous trust issues

  • ICISS 2010 6th International Conference on Information Systems Security, Gandhinagar, India, December 15-19, 2010. (Submissions due 16 July 2010)

    The ICISS 2010 encourages submissions addressing theoretical and practical problems in information and systems security and related areas. We especially like to encourage papers in domains that have not been represented much in the past at the conference, such as database security/privacy, usability aspects of security, operating systems security, and sensor networks security. Papers that introduce and address unique security challenges or present thought-provoking ideas are also welcome.

  • Journal of Network and Computer Applications, Special Issue on Trusted Computing and Communications, 2nd Quarter, 2011. (Submission Due 1 August 2010)

    Guest editor: Laurence T. Yang (St. Francis Xavier University, Canada) and Guojun Wang (Central South University, China)
    
    With the rapid development and the increasing complexity of computer and communications systems and networks, traditional security technologies and measures can not meet the demand for integrated and dynamic security solutions. As a challenging and innovative research field, trusted computing and communications target computer and communications systems and networks that are available, secure, reliable, controllable, dependable, and so on. In a word, they must be trustworthy. If we view the traditional security as identity trust, the broader field of trusted computing and communications also includes behavior trust of systems and networks. In fact, trusted computing and communications have become essential components of various distributed services, applications, and systems, including self-organizing networks, social networks, semantic webs, e-commence, and e-government. Research areas of relevance would therefore include, but not only limited to, the following topics:

    • Trusted computing platform and paradigm
    • Trusted systems and architectures
    • Trusted operating systems
    • Trusted software
    • Trusted database
    • Trusted services and applications
    • Trust in e-commerce and e-government
    • Trust in mobile and wireless networks
    • Trusted communications and networking
    • Reliable and fault-tolerant computer systems/networks
    • Survivable computer systems/networks
    • Autonomic and dependable computer systems/networks

  • INTRUST 2010 International Conference on Trusted Systems, Beijing, China, December 13-15, 2010. (Submissions due 1 August 2010)

    INTRUST 2010 conference focuses on the theory, technologies and applications of trusted systems. It is devoted to all aspects of trusted computing systems, including trusted modules, platforms, networks, services and applications, from their fundamental features and functionalities to design principles, architecture and implementation technologies. The goal of the conference is to bring academic and industrial researchers, designers, and implementers together with end-users of trusted systems, in order to foster the exchange of ideas in this challenging and fruitful area. INTRUST 2010 solicits original papers on any aspect of the theory, advanced development and applications of trusted computing, trustworthy systems and general trust issues in modern computing systems. The conference will have an academic track and an industrial track. This call for papers is for contributions to both of the tracks. Submissions to the academic track should emphasize theoretical and practical research contributions to general trusted system technologies, while submissions to the industrial track may focus on experiences in the implementation and deployment of real-world systems.

  • Wiley Security and Communication Networks (SCN), Special Issue on Defending Against Insider Threats and Internal Data Leakage, 2011. (Submission Due 31 August 2010)

    Guest editor: Elisa Bertino (Purdue university, USA), Gabriele Lenzini (SnT-Univ. of Luxembourg, Luxembourg), Marek R. Ogiela (AGH University of Science & Technology, Poland), and Ilsun You (Korean Bible University, Korea)
    
    This special issue collects scientific studies and works reporting on the most recent challenges and advances in security technologies and management systems about protecting an organization's information from corporate malicious activities. It aims to be the showcase for researchers that address the problems on how to prevent the leakage of organizations' information caused by insiders. The contributions to this special issue can conduct state-of-the-art surveys and case-analyses of practical significance, which, we wish, will support and foster further research and technology improvements related to this important subject. Papers on practical as well as on theoretical topics are invited. Topics include (but are not limited to):

    • Theoretical foundations and algorithms for addressing insider threats
    • Insider threat assessment and modeling
    • Security technologies to prevent, detect and avoid insider threats
    • Validating the trustworthiness of staff
    • Post-insider threat incident analysis
    • Data breach modeling and mitigation techniques
    • Authentication and identification
    • Certification and authorization
    • Database security
    • Device control system
    • Digital forensic system
    • Digital right management system
    • Fraud detection
    • Network access control system
    • Intrusion detection
    • Keyboard information security
    • Information security governance
    • Information security management systems
    • Risk assessment and management
    • Log collection and analysis
    • Trust management
    • Secure information splitting and sharing algorithms
    • Steganography and subliminal channels
    • IT compliance (audit)
    • Continuous auditing
    • Socio-Technical Engineering Attack to Security and Privacy

  • ESSoS 2011 International Symposium on Engineering Secure Software and Systems, Madrid, Spain, February 9-10, 2011. (Submissions due 13 September 2010)

    Trustworthy, secure software is a core ingredient of the modern world. Unfortunately, the Internet is too. Hostile, networked environments, like the Internet, can allow vulnerabilities in software to be exploited from anywhere. To address this, high-quality security building blocks (e.g., cryptographic components) are necessary, but insufficient. Indeed, the construction of secure software is challenging because of the complexity of modern applications, the growing sophistication of security requirements, the multitude of available software technologies and the progress of attack vectors. Clearly, a strong need exists for engineering techniques that scale well and that demonstrably improve the software's security properties. The Symposium seeks submissions on subjects related to its goals. This includes a diversity of topics including (but not limited to):

    • scalable techniques for threat modeling and analysis of vulnerabilities
    • specification and management of security requirements and policies
    • security architecture and design for software and systems
    • model checking for security
    • specification formalisms for security artifacts
    • verification techniques for security properties
    • systematic support for security best practices
    • security testing
    • security assurance cases
    • programming paradigms, models and DLS's for security
    • program rewriting techniques
    • processes for the development of secure software and systems
    • security-oriented software reconfiguration and evolution
    • security measurement
    • automated development
    • trade-off between security and other non-functional requirements
    • support for assurance, certification and accreditation

  • IEEE Transactions on Information Forensics and Security, Special Issue on Using the Physical Layer for Securing the Next Generation of Communication Systems, June 1, 2011. (Submission Due 15 September 2010)

    Guest editor: Vincent Poor (Princeton University, USA), Wade Trappe (Rutgers University, USA), Aylin Yener (Pennsylvania State University,USA), Hisato Iwai (Doshisha University, Japan), Joao Barros (University of Porto, Portugal), and Paul Prucnal (Princeton University, USA)
    
    Communication technologies are undergoing a renaissance as there is a movement to explore new, clean slate approaches for building communication networks. Although future Internet efforts promise to bring new perspectives on protocol designs for high-bandwidth, access-anything from anywhere services, ensuring that these new communication systems are secure will also require a re-examination of how we build secure communication infrastructures. Traditional approaches to building and securing networks are tied tightly to the concept of protocol layer separation. For network design, routing is typically considered separately from link layer functions, which are considered independently of transport layer phenomena or even the applications that utilize such functions. Similarly, in the security arena, MAC-layer security solutions (e.g. WPA2 for 802.11 devices) are typically considered as point-solutions to address threats facing the link layer, while routing and transport layer security issues are dealt with in distinct, non-integrated protocols like IPSEC and TLS. The inherent protocol separation involved in security solutions is only further highlighted by the fact that the physical layer is generally absent from consideration. This special issue seeks to provide a venue for ongoing research area in physical layer security across all variety of communication media, ranging from wireless networks at the edge to optical backbones at the core of the network. The scope of this special issue will be interdisciplinary, involving contributions from experts in the areas of cryptography, computer security, information theory, signal processing, communications theory, and propagation theory. In particular, the areas of interest include, but are not limited to, the following:

    • Information-theoretic formulations for confidentiality and authentication
    • Generalizations of Wyner’s wiretap problem to wireless and optical systems
    • Physical layer techniques for disseminating information
    • Techniques to extract secret keys from channel state information
    • Secrecy of MIMO and multiple-access channels
    • Physical layer methods for detecting and thwarting spoofing and Sybil attacks
    • Techniques to achieve covert or stealthy communication at the physical layer
    • Quantum cryptography
    • Modulation recognition and forensics
    • Security and trustworthiness in cooperative communication
    • Fast encryption using physical layer properties
    • Attacks and threat analyses targeted at subverting physical layer communications

  • CODASPY 2011 1st ACM Conference on Data and Application Security and Privacy, San Antonio, TX, USA, February 21-23, 2011. (Submissions due 15 September 2010)

    Data and the applications that manipulate data are the crucial assets in today's information age. With the increasing drive towards availability of data and services anytime anywhere, security and privacy risks have increased. New applications such as social networking and social computing provide value by aggregating input from numerous individual users and/or the mobile devices they carry with them and computing new information of value to society and individuals. Data and applications security and privacy has rapidly expanded as a research field with many important challenges to be addressed. The goal of the conference is to discuss novel exciting research topics in data and application security and privacy and to lay out directions for further research and development in this area. The conference seeks submissions from diverse communities, including corporate and academic researchers, open-source projects, standardization bodies, governments, system and security administrators, software engineers and application domain experts.

  • WIFS 2010 International Workshop on Information Forensics & Security, Seattle, WA, USA, December 12-15, 2010. (Submissions due 15 September 2010)

    WIFS is an avenue for knowledge exchange that encompasses a broad range of disciplines and facilitates the flow of ideas between various disparate communities that constitute information security. With this focus, we hope that researchers will identify new opportunities for collaboration across disciplines and gain new perspectives. The conference will feature prominent keynote speakers, tutorials, and lecture sessions. Appropriate topics of interest include, but are not limited to:

    • Computer Security
    • Forensics Analysis
    • Biometrics
    • Network Security
    • Cryptography for Multimedia content
    • Usability aspects of security
    • Information theory and security
    • Privacy
    • Data hiding
    • Surveillance
    • Digital Rights Management
    • Secure applications
    • Hardware Security

• The Technical Committee on Security and Privacy

 

• Listing of academic positions available  by Cynthia Irvine
  Recent postings:
  

  • Posted May 2010
    University of Massachusetts
    Computer Science Department
    Amherst, Massachusetts
    PostDoc
    Application materials should be sent to postdoc-spqr@cs.umass.edu by May 28, 2010.
    http://www.cs.umass.edu/~kevinfu/postdoc.html
  • Posted April 2010
    Dartmouth College
    Hanover, NH USA
    Postdoctoral research fellow
    Applications received by June 1 have the best chance
    http://www.cs.dartmouth.edu/~dfk/postdoc.html
  • Posted March 2010
    Radboud University
    Nijmegen, the Netherlands
    Assistant Professor in Computer Security (0.8 fte)
    Deadline for applications: 24 April 2010
    http://www.ru.nl/ds/about_ds/vacancies/
 

• Staying in touch....

  • Information for Subscribers and Contributors

  • Who's where: recent address changes

  • Changing your email address?  Please send updates to cipher@ieee-security.org