Cipher Electronic Newsletter of the Technical Committe on    Security & Privacy A Technical Committee of the Computer Society of the IEEE  Electronic Issue (EI) 98,  September 27, 2010 Hilarie Orman,  Editor Book Reviews Sven Dietrich, Associate Editor Yong Guan, Calendar Editor

Contents:

• Letter from the Editor 
   

• Commentary and Opinion

  • Richard Austin's review of How Risky Is It, Really?: Why Our Fears Don't Always Match the Facts by David Ropeik

  • NewsBits:  Announcements and correspondence from readers (please contribute!)

    • Obituary for Paul Karger, a Giant in Our Field
    • IETF Revises Cryptographic Message Syntax (CMS)
    • NIST Seeks Public Comment on Application-Specific Cryptographic Key Derivation

  • Book reviews from past Cipher issues

  • Conference Reports and Commentary from past Cipher issues

  • News items from past Cipher issues

   

• Listing of academic positions available  by Cynthia Irvine
  
  New Posting
  

  Posted June 2010
  George Mason University
  Department of Applied Information Technology
  Fairfax, VA
  Review of applications will continue until positions are filled
  http://jobs.gmu.edu, Position number F9379z

• Conference and Workshop Announcements

  • Cipher calls-for-papers and calendar
      new calls or announcements added since Cipher E97 (the calls-for-papers and the calendar announcements may differ slightly in content or time of update): 

  • 9/20/10: ICC-CISS, IEEE ICC 2011, Communication and Information Systems Security Symposium, Kyoto, Japan; Submissions are due
  • 9/20/10- 9/22/10: ESORICS, 15th European Symposium on Research in Computer Security, Athens, Greece
  • 9/20/10- 9/23/10: IFIP-TC9-HCC9, IFIP TC-9 HCC-9 Stream on Privacy and Surveillance, Held in conjunction with the IFIP World Computer Congress 2010, Brisbane, Australia
  • 9/20/10- 9/24/10: ADBIS, 14th East-European Conference on Advances in Databases and Information Systems, Track on Personal Identifiable Information: Privacy, Ethics, and Security, Novi Sad
  • 9/21/10: PRITS, Workshop on Pattern Recognition for IT Security, Held in conjunction with DAGM 2010, Darmstadt, Germany
  • 9/23/10: DPM, International Workshop on Data Privacy Management, Held in conjunction with the ESORICS 2010, Athens, Greece
  • 9/23/10: SETOP, 3rd International Workshop on Autonomous and Spontaneous Security, Held in conjunction with the ESORICS 2010, Athens, Greece
  • 9/23/10- 9/24/10: STM, 6th International Workshop on Security and Trust Management, Athens, Greece
  • 9/24/10: CODASPY, 1st ACM Conference on Data and Application Security and Privacy, San Antonio, TX, USA; Submissions are due
  • 9/24/10: PSDML, ECML/PKDD Workshop on Privacy and Security issues in Data Mining and Machine Learning, Barcelona, Spain
  • 10/ 1/10: FC, 15th International Conference on Financial Cryptography and Data Security, Bay Gardens Beach Resort, St. Lucia; Submissions are due
  • 10/ 4/10: SafeConfig, 2nd Workshop on Assurable & Usable Security Configuration, Held in conjunction with ACM CCS 2010, Chicago, Illinois, USA
  • 10/ 4/10: STC, 5th Annual Workshop on Scalable Trusted Computing, Held in conjunction with ACM CCS 2010, Chicago, Illinois, USA
  • 10/ 4/10-10/ 8/10: ACM-CCS, 17th ACM Conference on Computer and Communications Security, Chicago, IL, USA
  • 10/ 5/10: NPSec, 6th Workshop on Secure Network Protocols, Held in conjunction with ICNP 2010, Kyoto, Japan
  • 10/ 9/10: TrustCol, 5th International Workshop on Trusted Collaboration, Held in conjunction with the CollaborateCom 2010, Chicago, Illinois, USA
  • 10/15/10: Future Generation Computer System, Special Issue on Trusting Software Behavior, 3rd Quarter, 2011; Submissions are due
  • 10/15/10: IFIP-DF, 7th Annual IFIP WG 11.9 International Conference on Digital Forensics, Orlando, Florida, USA; Submissions are due
  • 10/15/10: WECSR, 2nd Workshop on Ethics in Computer Security Research, Bay Gardens Beach Resort, St. Lucia; Submissions are due
  • 10/18/10-10/20/10: ICTCI, 4th International Conference on Trusted Cloud Infrastructure, Shanghai, China
  • 10/18/10-10/20/10: eCRS, eCrime Researchers Summit, Dallas, Texas, USA
  • 10/20/10-10/21/10: Malware, 5th IEEE International Conference on Malicious and Unwanted Software, Nancy, France
  • 10/22/10: LightSec, Workshop on Lightweight Security & Privacy: Devices, Protocols, and Applications, Istanbul, Turkey; Submissions are due
  • 10/24/10: WESS, 5th Workshop on Embedded Systems Security, Scottsdale, AZ, USA
  • 10/25/10-10/28/10: ISC, 13th Information Security Conference, Boca Raton, Florida, USA
  • 10/28/10-10/29/10: EC2ND, 6th European Conference on Computer Network Defense, Berlin, Germany
  • 10/31/10: SESOC, 3rd International Workshop on Security and Social Networking, Held in conjunction with the PerCom 2011, Seattle, WA, USA; Submissions are due
  • 10/31/10: RFIDsec-Asia, Workshop on RFID Security, Wuxi, China; Submissions are due
  • 11/ 4/10-11/ 6/10: SIDEUS, 1st International Workshop on Securing Information in Distributed Environments and Ubiquitous Systems, Fukuoka, Japan
  • 11/ 4/10-11/ 6/10: CWECS, 1st International Workshop on Cloud, Wireless and e-Commerce Security, Fukuoka, Japan
  • 11/ 7/10: FSE, 18th International Workshop on Fast Software Encryption, Lyngby, Denmark; Submissions are due
  • 11/ 8/10-11/10/10: HST, 10th IEEE International Conference on Technologies for Homeland Security, Waltham, MA, USA
  • 11/15/10: IEEE Network, Special Issue on Network Traffic Monitoring and Analysis; Submissions are due
  • 11/15/10: IFIP-SEC, 26th IFIP TC-11 International Information Security Conference, Luzern, Switzerland; Submissions are due
  • 11/18/10-11/19/10: IDMAN, 2nd IFIP WG 11.6 Working Conference on Policies & Research in Identity Management, Oslo, Norway
  • 11/19/10: SP, 32nd IEEE Symposium on Security & Privacy, The Claremont Resort, Berkeley/Oakland, California, USA; Submissions are due
  • 11/22/10-11/23/10: GameSec, The Inaugural Conference on Decision and Game Theory for Security, Berlin, Germany
  • 11/29/10: SecIoT, 1st Workshop on the Security of the Internet of Things, Held in conjunction with the Internet of Things 2010, Tokyo, Japan
  • 11/30/10-12/ 3/10: CPSRT, International Workshop on Cloud Privacy, Security, Risk & Trust, Held in conjunction with the 2nd IEEE International Conference on Cloud Computing Technology and Science (CloudCom 2010), Indianapolis, IN, USA
  • 12/ 1/10-12/ 3/10: In-Bio-We-Trust, International Workshop on Bio-Inspired Trust Management for Information Systems, Held in conjunction with the Bionetics 2010, Boston, MA, USA
  • 12/ 2/10: WISTP, 5th Workshop in Information Security Theory and Practice, Heraklion, Crete, Greece; Submissions are due
  • 12/ 6/10-12/10/10: ACSAC, 26th Annual Computer Security Applications Conference, Austin, Texas, USA
  • 12/11/10-12/13/10: TrustCom, IEEE/IFIP International Symposium on Trusted Computing and Communications, Hong Kong SAR, China
  • 12/12/10-12/15/10: WIFS, International Workshop on Information Forensics & Security, Seattle, WA, USA
  • 12/13/10-12/15/10: Pairing, 4th International Conference on Pairing-based Cryptography, Yamanaka Hot Spring, Japan
  • 12/13/10-12/15/10: INTRUST, International Conference on Trusted Systems, Beijing, China
  • 12/15/10: IFIP-CIP, 5th Annual IFIP WG 11.10 International Conference on Critical Infrastructure Protection, Hanover, New Hampshire, USA; Submissions are due
  • 12/15/10-12/19/10: ICISS, 6th International Conference on Information Systems Security, Gandhinagar, India
  • 1/ 7/11: SACMAT, 16th ACM Symposium on Access Control Models and Technologies, Innsbruck, Austria; Submissions are due
  • 1/30/11- 2/ 2/11: IFIP-DF, 7th Annual IFIP WG 11.9 International Conference on Digital Forensics, Orlando, Florida, USA
  • 2/ 6/11- 2/ 9/11: NDSS, Network & Distributed System Security Symposium, San Diego, California, USA
  • 2/ 9/11- 2/10/11: ESSoS, International Symposium on Engineering Secure Software and Systems, Madrid, Spain
  • 2/14/11- 2/16/11: FSE, 18th International Workshop on Fast Software Encryption, Lyngby, Denmark
  • 2/14/11- 2/18/11: CT-RSA, RSA Conference, The Cryptographers' Track, San Francisco, CA, USA
  • 2/21/11- 2/23/11: CODASPY, 1st ACM Conference on Data and Application Security and Privacy, San Antonio, TX, USA
  • 2/27/11: DFRWS, 11th Digital Forensics Research Conference, New Orleans, LA, USA; Submissions are due
  • 2/28/11- 3/ 4/11: FC, 15th International Conference on Financial Cryptography and Data Security, Bay Gardens Beach Resort, St. Lucia
  • 3/ 4/11: WECSR, 2nd Workshop on Ethics in Computer Security Research, Bay Gardens Beach Resort, St. Lucia
  • 3/14/11- 3/15/11: LightSec, Workshop on Lightweight Security & Privacy: Devices, Protocols, and Applications, Istanbul, Turkey
  • 3/21/10: SESOC, 3rd International Workshop on Security and Social Networking, Held in conjunction with the PerCom 2011, Seattle, WA, USA
  • 3/21/11- 3/25/11: SAC-TRECK, 26th ACM Symposium on Applied Computing, Track: Trust, Reputation, Evidence and other Collaboration Know-how (TRECK), TaiChung, Taiwan
  • 3/23/11- 3/25/11: IFIP-CIP, 5th Annual IFIP WG 11.10 International Conference on Critical Infrastructure Protection, Hanover, New Hampshire, USA
  • 4/ 6/11- 4/ 8/11: RFIDsec-Asia, Workshop on RFID Security, Wuxi, China
  • 5/22/11- 5/25/11: SP, 32nd IEEE Symposium on Security & Privacy, The Claremont Resort, Berkeley/Oakland, California, USA
  • 6/ 1/11- 6/ 3/11: WISTP, 5th Workshop in Information Security Theory and Practice, Heraklion, Crete, Greece
  • 6/ 5/11- 6/ 9/11: ICC-CISS, IEEE ICC 2011, Communication and Information Systems Security Symposium, Kyoto, Japan
  • 6/ 7/11- 6/ 9/11: IFIP-SEC, 26th IFIP TC-11 International Information Security Conference, Luzern, Switzerland
  • 6/15/11- 6/17/11: SACMAT, 16th ACM Symposium on Access Control Models and Technologies, Innsbruck, Austria
  • 8/ 1/11- 8/ 3/11: DFRWS, 11th Digital Forensics Research Conference, New Orleans, LA, USA
  • new calls or announcements added since Cipher E97

  • ICC-CISS 2011 IEEE ICC 2011, Communication and Information Systems Security Symposium, Kyoto, Japan, June 5-9, 2011. (Submissions due 20 September 2010)

    With the advent of pervasive computer applications and due to the proliferation of heterogeneous wired and wireless computer and communication networks, security, privacy and trust issues have become paramount. This Symposium will address all aspects of the modeling, design, implementation, deployment, and management of security algorithms, protocols, architectures, and systems. Furthermore, contributions devoted to the evaluation, optimization, or enhancement of security and privacy mechanisms for current technologies, as well as devising efficient security and privacy solutions for emerging areas from physical layer technology to the application layer, are solicited. Topics of interest include, but are not limited to, the following:

    • Authentication protocols and message authentication
    • Biometric security: technologies, risks, vulnerabilities, bio-cryptography, mobile template protection
    • Computer and network forensics
    • Cryptanalysis
    • DDOS attacks, DNS spoofing, intrusion, localization and countermeasures
    • Digital right management: information hiding, watermarking, fingerprinting, and traitor tracing scheme
    • Formal trust models, security modeling and protocol design
    • Information systems security and security management
    • Mobile and Wireless network security, including ad hoc networks, P2P networks, 3G, 4G, sensor networks, Bluetooth, 802.11 family and WiMAX
    • Network security metrics and performance
    • Operating systems and application security and analysis tools
    • Optical network security
    • Physical security and hardware/software security
    • Privacy and privacy enhancing technologies
    • Public-key, symmetric-key, applied crypto, coding-based cryptography
    • Quantum cryptography
    • Virtual private networks and group security
    • VoIP, IPTV, DAB, and other multimedia security
    • Vulnerability, exploitation tools and virus analysis
    • Web, Cloud, eBusiness, eCommerce, eGovernment security

  • CODASPY 2011 1st ACM Conference on Data and Application Security and Privacy, San Antonio, TX, USA, February 21-23, 2011. (Submissions due 24 September 2010)

    Data and the applications that manipulate data are the crucial assets in today's information age. With the increasing drive towards availability of data and services anytime anywhere, security and privacy risks have increased. New applications such as social networking and social computing provide value by aggregating input from numerous individual users and/or the mobile devices they carry with them and computing new information of value to society and individuals. Data and applications security and privacy has rapidly expanded as a research field with many important challenges to be addressed. The goal of the conference is to discuss novel exciting research topics in data and application security and privacy and to lay out directions for further research and development in this area. The conference seeks submissions from diverse communities, including corporate and academic researchers, open-source projects, standardization bodies, governments, system and security administrators, software engineers and application domain experts.

  • FC 2011 15th International Conference on Financial Cryptography and Data Security, Bay Gardens Beach Resort, St. Lucia, February 28 - March 4, 2011. (Submissions due 1 October 2010)

    Financial Cryptography and Data Security is a major international forum for research, advanced development, education, exploration, and debate regarding information assurance, with a specific focus on commercial contexts. The conference covers all aspects of securing transactions and systems. Original works focusing on both fundamental and applied real-world deployments on all aspects surrounding commerce security are solicited. Submissions need not be exclusively concerned with cryptography. Systems security and inter-disciplinary efforts are particularly encouraged.

  • Future Generation Computer System, Special Issue on Trusting Software Behavior, 3rd Quarter, 2011. Submission Due 15 October 2010)

    Guest editor: Gyungho Lee (Korea University, Korea)
    
    With proliferation of computing in virtually every aspect of modern society (i.e., smart grid, robotic surgery systems, smart phones, etc), trusting software behavior goes with much more profound side effects beyond mere malfunctioning of the system. Trustworthiness of software behavior that controls such critical systems and devices is an essential aspect we need to measure, evaluate and establish. With bugs and intentional compromises through the process of software design, development, deployment and use, software behavior trustworthiness is shaky in terms of empirical basis as well as in terms of theoretical basis. This special section in a forthcoming issue of the Future Generation Computer System (FGCS) journal is to put together the current state-of-the art in measuring, evaluating and fostering trustworthiness for software behavior in diverse contexts of modern and future computing environment. Original technical articles are solicited in all aspects of Trusting Software Behavior. Topics for this special section include, but are not limited to:

    • Definitions of and measures for software trustworthiness
    • Approaches on evaluation of software trustworthiness
    • Techniques and software tools to enhance software trustworthiness
    • Trust management
    • Architecture support for enhancing software trustworthiness
    • Case studies performed on industrial systems

  • IFIP-DF 2011 7th Annual IFIP WG 11.9 International Conference on Digital Forensics, Orlando, Florida, USA, January 30 - February 2, 2011. (Submissions due 15 October 2010)

    The IFIP Working Group 11.9 on Digital Forensics (www.ifip119.org) is an active international community of scientists, engineers and practitioners dedicated to advancing the state of the art of research and practice in the emerging field of digital forensics. The Seventh Annual IFIP WG 11.9 International Conference on Digital Forensics will provide a forum for presenting original, unpublished research results and innovative ideas related to the extraction, analysis and preservation of all forms of electronic evidence. Papers and panel proposals are solicited. All submissions will be refereed by a program committee comprising members of the Working Group. Papers and panel submissions will be selected based on their technical merit and relevance to IFIP WG 11.9. The conference will be limited to approximately sixty participants to facilitate interactions between researchers and intense discussions of critical research issues. Keynote presentations, revised papers and details of panel discussions will be published as an edited volume - the seventh in the series entitled Research Advances in Digital Forensics (Springer) in the summer of 2011. Revised and/or extended versions of selected papers from the conference will be published in special issues of one or more international journals. Technical papers are solicited in all areas related to the theory and practice of digital forensics. Areas of special interest include, but are not limited to:

    • Theories, techniques and tools for extracting, analyzing and preserving digital evidence
    • Network forensics
    • Portable electronic device forensics
    • Digital forensic processes and workflow models
    • Digital forensic case studies
    • Legal, ethical and policy issues related to digital forensics

  • WECSR 2011 2nd Workshop on Ethics in Computer Security Research, Bay Gardens Beach Resort, St. Lucia, March 4, 2011. (Submissions due 15 October 2010)

    Computer security often leads to discovering interesting new problems and challenges. The challenge still remains to follow a path acceptable for Institutional Review Boards at academic institutions, as well as compatible with ethical guidelines for professional societies or government institutions. However, no exact guidelines exist for computer security research yet. This workshop will bring together computer security researchers, practitioners, policy makers, and legal experts. This workshop solicits submissions describing or suggesting ethical and responsible conduct in computer security research. While we focus on setting standards and sharing prior experiences and experiments in computer security research, successful or not, we tap into research behavior in network security, computer security, applied cryptography, privacy, anonymity, and security economics. This workshop will favor discussions among participants, in order to shape the future of ethical standards in the field.

  • LightSec 2011 Workshop on Lightweight Security & Privacy: Devices, Protocols, and Applications, Istanbul, Turkey, March 14-15, 2011. (Submissions due 22 October 2010)

    The main goal of this workshop is to promote and initiate novel research on the security & privacy issues for applications that can be termed as lightweight security, due to the associated constraints on metrics such as available power, energy, computing ability, area, execution time, and memory requirements. Topics of interest include, but are not limited to:

    • Design, analysis and implementation of lightweight cryptographic protocols & applications
    • Cryptographic hardware development for constrained domains
    • Design, analysis and implementation of security & privacy solutions for wireless embedded systems
    • Design, analysis and implementation of lightweight privacy-preserving protocols & systems
    • Design and analysis of fast and compact cryptographic algorithms
    • Wireless network security for low-resource devices
    • Low-power crypto architectures
    • Fast and compact biometric-based algorithms for authentication and identification
    • Scalable protocols and architectures for security and privacy
    • Formal methods for analysis of lightweight cryptographic protocols

  • SESOC 2011 3rd International Workshop on Security and Social Networking, Held in conjunction with the PerCom 2011, Seattle, WA, USA, March 21, 2011. (Submissions due 31 October 2010)

    Future pervasive communication systems aim at supporting social and collaborative communications: the evolving topologies are expected to resemble the actual social networks of the communicating users and information on their characteristics can be a powerful aid for any network operation. New emerging technologies that use information on the social characteristics of their participants raise entirely new privacy concerns and require new reflections on security problems such as trust establishment, cooperation enforcement or key management. The aim of this workshop is to encompass research advances in all areas of security, trust and privacy in pervasive communication systems, integrating the social structure of the network as well. Topics of Interest include:

    • all types of emerging privacy concerns
    • new aspects of trust
    • decentralized social networking services
    • availability and resilience
    • community based secure communication
    • data confidentiality, data integrity
    • anonymity, pseudonymity
    • new key management approaches
    • secure bootstrapping
    • security issues in forwarding, routing
    • security aspects regarding cooperation
    • new approaches to reputation
    • new attack paradigms
    • social engineering, and phishing
    • new requirements for software security
    • malware

  • RFIDsec-Asia 2011 Workshop on RFID Security, Wuxi, China, April 6-8, 2011. (Submissions due 31 October 2010)

    RFIDsec aims to bridge the gap between cryptographic & security researchers and RFID developers through invited talks and contributed presentations. The RFIDsec Asia workshop is aligned with RFIDSec. RFIDsec11 Asia provides a forum to address the fundamental issues in theory and practice related to security and privacy issues, designs, standards, and case studies in the development of RFID systems, EPCglobal network, and Internet of Things (IoT). Submissions and interactions from academia, government and industry are welcome and appreciated. Moreover, the workshop plans to organize summit and exhibition for Internet of Things and RFID. Topics of the conference include but not limited to:

    • Cryptographic protocols for RFID/IoT: Authentication protocols, Key update mechanisms, Scalability issues
    • Integration of secure RFID/IoT systems: RFID security hardware, Middleware and security, (Public-key) Infrastructures, Case studies
    • Resource-efficient implementation of cryptography: Small-footprint hardware, Low-power architectures
    • Attacks & Countermeasures on RFID/IoT systems
    • New applications for secure RFID/IoT systems
    • Data protection for RFID/IoT
    • Trust Model, data protection and sharing for EPCglobal network
    • RFID sensor security
    • Context based RFID/IoT security and privacy
    • Privacy-enhancing techniques for RFID/IoT
    • Privacy-preserving techniques for RFID/IoT
    • Legal aspects of RFID/IoT security and privacy
    • Risk assessment & management of RFID/IoT security
    • Privacy and security challenges for sensor networks/IoT

  • FSE 2011 18th International Workshop on Fast Software Encryption, Lyngby, Denmark, February 14-16, 2011. (Submissions due 7 November 2010)

    FSE 2011 is the 18th annual Fast Software Encryption workshop, for the tenth year sponsored by the International Association for Cryptologic Research (IACR). Original research papers on symmetric cryptology are invited for submission to FSE 2011. The workshop concentrates on fast and secure primitives for symmetric cryptography, including the design and analysis of block ciphers, stream ciphers, encryption schemes, analysis and evaluation tools, hash functions, and message authentication codes (MACs).

  • IEEE Network, Special Issue on Network Traffic Monitoring and Analysis, May 2011. (Submission Due 15 November 2010)

    Guest editor: Wei Wang (University of Luxembourg, Luxembourg), Xiangliang Zhang (University of Paris-sud 11, France), Wenchang Shi (Renmin University of China, China), Shiguo Lian (France Telecom R&D Beijing, China), and Dengguo Feng (Chinese Academy of Sciences, China)
    
    Modern computer networks are increasingly complex and ever-evolving. Understanding and measuring such a network is a difficult yet vital task for network management and diagnosis. Network traffic monitoring, analysis and anomaly detection provides useful tools in understanding network behavior and in determining network performance and reliability so as to effectively troubleshoot and resolve the issues in practice. Network traffic monitoring and anomaly detection also provides a basis for prevention and reaction in network security, as intrusions, attacks, worms, and other kinds of malicious behaviors can be detected by traffic analysis and anomaly detection. This special issue seeks original articles examining the state of the art, open issues, research results, tool evaluation, and future research directions in network monitoring, analysis and anomaly detection. Possible topics include:

    • Network traffic analysis and classification
    • Traffic sampling and signal processing methods
    • Network performance measurements
    • Network anomaly detection and troubleshooting
    • Network security threats and countermeasures
    • Network monitoring and traffic measurement systems
    • Real environment experiments and testbeds

  • IFIP-SEC 2011 26th IFIP TC-11 International Information Security Conference, Luzern, Switzerland, June 7-9, 2011. (Submissions due 15 November 2010)

    The SEC conferences are in a series of well-established international conferences on Security and Privacy organized annually by the Technical Committee 11 (TC-11) of IFIP (International Federation for Information Processing). IFIP SEC 2011 aims at bringing together primarily researchers, but also practitioners from academia, industry and governmental institutions for elaborating and discussing IT Security and Privacy Challenges that we are facing today and in the future. Papers offering novel and mature research contributions, in any aspect of information security and privacy are solicited for submission to the 26th IFIP TC-11 International Information Security Conference. Papers may present theory, applications, or practical experiences on security and privacy topics including but not limited to:

    • Access Control
    • Anonymity
    • Applications of Cryptography
    • Attacks and Malicious Software
    • Authentication and Authorization
    • Biometrics and Applications
    • Critical ICT Resources Protection
    • Data and Systems Integrity
    • Data Protection
    • ECommerce Privacy & Security
    • Enterprise Security
    • Identity Management
    • Information Hiding
    • Information Warfare
    • Internet and Web Security
    • Intrusion Detection
    • IT-Forensics
    • Mobile Computing Security
    • Mobile Networks Security
    • Network Security Protocols
    • Multilateral Security
    • Peer-to-Peer Security
    • Privacy Enhancing Technologies
    • RFID Privacy & Security
    • Risk Analysis and Management
    • Secure Electronic Voting
    • Secure Sensor Networks
    • Secure Systems Development
    • Security Architectures
    • Security Economics
    • Security Education
    • Security Management
    • Security Metrics
    • Semantic Web Privacy & Security
    • Smart Cards
    • Software Security
    • Spam, SPIT, SPIM
    • Transparency Enhancing Tools
    • Trust Management and Models
    • Trusted Computing
    • Ubiquitous Privacy & Security
    • Usability of Security and Privacy

  • SP 2011 32nd IEEE Symposium on Security & Privacy, The Claremont Resort, Berkeley/Oakland, California, USA, May 22-25, 2011. (Submissions due 19 November 2010)

    Since 1980, the IEEE Symposium on Security and Privacy (S&P) has been the premier forum for computer security research, presenting the latest developments and bringing together researchers and practitioners. We solicit previously unpublished papers offering novel research contributions in any aspect of computer security or privacy. Papers may present advances in the theory, design, implementation, analysis, verification, or empirical evaluation of secure systems. Topics of interest include:

    • Access control
    • Accountability
    • Anonymity
    • Application security
    • Attacks and defenses
    • Authentication
    • Censorship and censorship-resistance
    • Distributed systems security
    • Embedded systems security
    • Forensics
    • Hardware security
    • Intrusion detection
    • Language-based security
    • Malware
    • Metrics
    • Network security
    • Privacy-preserving systems
    • Protocol security
    • Secure information flow
    • Security and privacy policies
    • Security architectures
    • System security
    • Usability and security
    • Web security

  • WISTP 2011 5th Workshop in Information Security Theory and Practice, Heraklion, Crete, Greece, June 1-3, 2011. (Submissions due 2 December 2010)

    Technical enhancements of mobile network infrastructures and the availability of powerful mobile devices are rapidly changing the way in which users interact and communicate in everyday life. These devices include but not limited to PDAs, mobile phones, smart cards, wireless sensors, and RFID tags. Among the main common features of these devices include constraint resources and wireless communications. WISTP 2011 aims to address the security and privacy issues that are increasingly exposed by mobile communications and related services, along with evaluating their impact on individuals, and the society at large. The workshop seeks submissions from academia and industry presenting novel research on all theoretical and practical aspects of security and privacy of mobile and smart devices, as well as experimental studies of fielded systems based on wireless communication, the application of security technology, the implementation of systems, and lessons learned. We encourage submissions from other communities such as law and business that present these communities' perspectives on technological issues. Topics of interest include, but are not limited to:

    • Authentication and access control
    • Ad hoc networks security and privacy
    • Biometrics, national ID cards
    • Data security and privacy
    • Digital rights management
    • Embedded systems security
    • Human and psychological aspects of security
    • Identity management
    • Information assurance and trust management
    • Intrusion detection and information filtering
    • Lightweight cryptography
    • Mobile and ubiquitous network security
    • Mobile codes security
    • Mobile commerce security
    • Mobile devices security
    • Privacy enhancing technologies
    • RFID systems security
    • Secure self-organization and self-configuration
    • Security in location services
    • Security metrics
    • Security models and architectures
    • Security of GSM/GPRS/UMTS systems
    • Security and privacy policies
    • Security protocols
    • Smart card security
    • Vehicular network security and privacy
    • Wireless communication security and privacy
    • Wireless sensor network security and privacy

  • IFIP-CIP 2011 5th Annual IFIP WG 11.10 International Conference on Critical Infrastructure Protection, Hanover, New Hampshire, USA, March 23-25, 2011. (Submissions due 15 December 2010)

    The IFIP Working Group 11.10 on Critical Infrastructure Protection is an active international community of researchers, infrastructure operators and policy-makers dedicated to applying scientific principles, engineering techniques and public policy to address current and future problems in information infrastructure protection. Following the success of the first four conferences, the Fifth Annual IFIP WG 11.10 International Conference on Critical Infrastructure Protection will again provide a forum for presenting original, unpublished research results and innovative ideas related to all aspects of critical infrastructure protection. Papers and panel proposals are solicited. Submissions will be refereed by members of Working Group 11.10 and other internationally-recognized experts in critical infrastructure protection. Papers and panel submissions will be selected based on their technical merit and relevance to IFIP WG 11.10. The conference will be limited to seventy participants to facilitate interactions among researchers and intense discussions of research and implementation issues. Papers are solicited in all areas of critical infrastructure protection. Areas of interest include, but are not limited to:

    • Infrastructure vulnerabilities, threats and risks
    • Security challenges, solutions and implementation issues
    • Infrastructure sector interdependencies and security implications
    • Risk analysis and risk assessment methodologies
    • Modeling and simulation of critical infrastructures
    • Legal, economic and policy issues related to critical infrastructure protection
    • Secure information sharing
    • Infrastructure protection case studies
    • Distributed control systems/SCADA security
    • Telecommunications network security

  • SACMAT 2011 16th ACM Symposium on Access Control Models and Technologies, Innsbruck, Austria, June 15-17, 2011. (Submissions due 7 January 2010)

    ACM SACMAT is the premier forum for the presentation of research results and experience reports on leading edge issues of access control, including models, systems, applications, and theory. The aims of the symposium are to share novel access control solutions that fulfil the needs of heterogeneous applications and environments, and to identify new directions for future research and development. SACMAT provides researchers and practitioners with a unique opportunity to share their perspectives with others interested in the various aspects of access control. Papers offering novel research contributions in all aspects of access control are solicited. We solicit proposals for panels and systems demonstrations as well. Topics of Interest:

    • Access control models and extensions
    • Access control requirements
    • Access control design methodology
    • Access control mechanisms, systems, and tools
    • Access control in distributed and mobile systems
    • Access control for innovative applications
    • Administration of access control policies
    • Delegation
    • Identity management
    • Policy/Role engineering
    • Safety analysis and enforcement
    • Standards for access control
    • Trust management
    • Trust and risk models in access control
    • Theoretical foundations for access control models
    • Usability in access control systems
    • Usage control

  • DFRWS 2011 11th Digital Forensics Research Conference, New Orleans, LA, USA, August 1-3, 2011. (Submissions due 27 February 2010)

    DFRWS brings together leading researchers, developers, practitioners, and educators interested in advancing the state of the art in digital forensics from around the world. As the most established venue in the field, DFRWS is the preferred place to present both cutting-edge research and perspectives on best practices for all aspects of digital forensics. As an independent organization, we promote open community discussions and disseminate the results of our work to the widest audience. We invite original contributions as research papers, panel proposals, Work-in-Progress talks, workshop proposals, and demo proposals. Topics of Interest:

    • Forensic analysis
    • Incident response and live analysis
    • Network-based forensics, including network traffic analysis, traceback and attribution
    • Event reconstruction methods and tools
    • File system and memory analysis
    • Application analysis
    • Embedded systems
    • Small scale and mobile devices
    • Large-scale investigations
    • Digital evidence storage and preservation
    • Data mining and information discovery
    • Data hiding and recovery
    • Data extraction and reconstruction
    • Multimedia analysis
    • Database forensics
    • Tool testing and development
    • Digital evidence and the law
    • Anti-forensics and anti-anti-forensics
    • Case studies and trend reports
    • Malware forensics
    • Data visualization in forensic analysis
    • Forensics of virtual and cloud environments
    • Investigation of insider attacks
    • Error rates of forensic methods
    • Interpersonal communications and social network analysis
    • Non-traditional approaches to forensic analysis

  • The Technical Committee on Security and Privacy

   

  • Staying in touch....

    • Information for Subscribers and Contributors

    • Who's where: recent address changes

    • Changing your email address?  Please send updates to cipher@ieee-security.org

   

  ---

  IEEE Computer Society's Technical Committee on Security and Privacy

  	TC home page	TC Officers
  	How to join the TC	TC publications available online
  	TC Publications for sale	Cipher past issues archive
  	IEEE Computer Society	Cipher Privacy Policy

  
  

  ---