Cipher Electronic Newsletter of the Technical Committe on    Security & Privacy A Technical Committee of the Computer Society of the IEEE  Electronic Issue (EI) 99,  November 16, 2010 Hilarie Orman,  Editor Book Reviews Sven Dietrich, Associate Editor Yong Guan, Calendar Editor

Contents:

• Letter from the Editor 
   

• Commentary and Opinion

  • Richard Austin's review of Malware Analysts' Cookbook and DVD: Tools and Techniques for Fighting Malicious Code by Michael Hale Ligh, Steven Adair, Blake Hartstein and Matthew Richard

  • NewsBits:  Announcements and correspondence from readers (please contribute!)

    • Simple email evades suspicion
    • Facebook faces down a botnet

  • Book reviews from past Cipher issues

  • Conference Reports and Commentary from past Cipher issues

  • News items from past Cipher issues

 

• Listing of academic positions available  by Cynthia Irvine
  

  New posting: October 2010
  Rutgers University
  Management Science and Information Systems Department
  Piscataway, New Jersey
  Tenure-track Assistant/Associate professor
  Applications received by February 1, 2011 are given full consideration
  http://www.business.rutgers.edu/files/msis_communications_of_the_acm.pdf

• Cipher calls-for-papers and calendar
    Calendar:
    (the calls-for-papers and the calendar announcements may differ slightly in content or time of update): 
    Cipher calendar announcements are on Twitter; follow "ciphernews"
  

  • 11/15/10: IEEE Network, Special Issue on Network Traffic Monitoring and Analysis; Submissions are due
  • 11/15/10: IFIP-SEC, 26th IFIP TC-11 International Information Security Conference, Luzern, Switzerland; Submissions are due
  • 11/18/10-11/19/10: IDMAN, 2nd IFIP WG 11.6 Working Conference on Policies & Research in Identity Management, Oslo, Norway
  • 11/19/10: SP, 32nd IEEE Symposium on Security & Privacy, The Claremont Resort, Berkeley/Oakland, California, USA; Submissions are due
  • 11/22/10-11/23/10: GameSec, The Inaugural Conference on Decision and Game Theory for Security, Berlin, Germany
  • 11/29/10: SecIoT, 1st Workshop on the Security of the Internet of Things, Held in conjunction with the Internet of Things 2010, Tokyo, Japan
  • 11/30/10-12/ 3/10: CPSRT, International Workshop on Cloud Privacy, Security, Risk & Trust, Held in conjunction with the 2nd IEEE International Conference on Cloud Computing Technology and Science (CloudCom 2010), Indianapolis, IN, USA
  • 12/ 1/10: WiSec, 4th ACM Conference on Wireless Network Security, Hamburg, Germany; Submissions are due
  • 12/ 1/10-12/ 3/10: In-Bio-We-Trust, International Workshop on Bio-Inspired Trust Management for Information Systems, Held in conjunction with the Bionetics 2010, Boston, MA, USA
  • 12/ 2/10: WISTP, 5th Workshop in Information Security Theory and Practice, Heraklion, Crete, Greece; Submissions are due
  • 12/ 3/10: Cybercrime and Cloud Forensics: Applications for Investigation Processes; Submissions are due
  • 12/ 6/10-12/10/10: ACSAC, 26th Annual Computer Security Applications Conference, Austin, Texas, USA
  • 12/ 8/10: POLICY, 12th IEEE International Symposium on Policies for Distributed Systems and Networks, Pisa, Italy; Submissions are due
  • 12/11/10-12/13/10: TrustCom, IEEE/IFIP International Symposium on Trusted Computing and Communications, Hong Kong SAR, China
  • 12/12/10-12/15/10: WIFS, International Workshop on Information Forensics & Security, Seattle, WA, USA
  • 12/13/10-12/15/10: Pairing, 4th International Conference on Pairing-based Cryptography, Yamanaka Hot Spring, Japan
  • 12/13/10-12/15/10: INTRUST, International Conference on Trusted Systems, Beijing, China
  • 12/15/10: IFIP-CIP, 5th Annual IFIP WG 11.10 International Conference on Critical Infrastructure Protection, Hanover, New Hampshire, USA; Submissions are due
  • 12/15/10: ISPEC, 7th Information Security Practice and Experience Conference, Guangzhou, China; Submissions are due
  • 12/15/10-12/19/10: ICISS, 6th International Conference on Information Systems Security, Gandhinagar, India
  • 1/ 7/11: SACMAT, 16th ACM Symposium on Access Control Models and Technologies, Innsbruck, Austria; Submissions are due
  • 1/12/11: IFIPTM, 5th IFIP International Conference on Trust Management, Copenhagen, Denmark; Submissions are due
  • 1/14/11: DIMVA, 8th International Conference on Detection of Intrusions and Malware & Vulnerability Assessment, Amsterdam, The Netherlands; Submissions are due
  • 1/19/11: HOST, 4th IEEE International Sympoium on Hardware-Oriented Security and Trust, San Diego, CA, USA; Submissions are due
  • 1/21/11: ACNS, 9th International Conference on Applied Cryptography and Network Security, Nerja, Malaga, Spain; Submissions are due
  • 1/30/11- 2/ 2/11: IFIP-DF, 7th Annual IFIP WG 11.9 International Conference on Digital Forensics, Orlando, Florida, USA
  • 2/ 6/11- 2/ 9/11: NDSS, Network & Distributed System Security Symposium, San Diego, California, USA
  • 2/ 9/11- 2/10/11: ESSoS, International Symposium on Engineering Secure Software and Systems, Madrid, Spain
  • 2/10/11: USENIX Security, 20th USENIX Security Symposium, San Francisco, CA, USA; Submissions are due
  • 2/14/11: SAR/SSI, International Conference on Network and Information Systems Security, La Rochelle, France; Submissions are due
  • 2/14/11- 2/16/11: FSE, 18th International Workshop on Fast Software Encryption, Lyngby, Denmark
  • 2/14/11- 2/18/11: CT-RSA, RSA Conference, The Cryptographers' Track, San Francisco, CA, USA
  • 2/15/11: TRUST, 4th International Conference on Trust and Trustworthy Computing, Pittsburgh, PA, USA; Submissions are due
  • 2/21/11- 2/23/11: CODASPY, 1st ACM Conference on Data and Application Security and Privacy, San Antonio, TX, USA
  • 2/27/11: DFRWS, 11th Digital Forensics Research Conference, New Orleans, LA, USA; Submissions are due
  • 2/27/11: SAFECOMP, 30th International Conference on Computer Safety, Reliability and Security, Naples, Italy; Submissions are due
  • 2/28/11- 3/ 4/11: FC, 15th International Conference on Financial Cryptography and Data Security, Bay Gardens Beach Resort, St. Lucia
  • 3/ 4/11: WECSR, 2nd Workshop on Ethics in Computer Security Research, Bay Gardens Beach Resort, St. Lucia
  • 3/14/11- 3/15/11: LightSec, Workshop on Lightweight Security & Privacy: Devices, Protocols, and Applications, Istanbul, Turkey
  • 3/20/10: PST, 9th International Conference on Privacy, Security and Trust, Montreal, Quebec, Canada; Submissions are due
  • 3/21/10: SESOC, 3rd International Workshop on Security and Social Networking, Held in conjunction with the PerCom 2011, Seattle, WA, USA
  • 3/21/11- 3/25/11: SAC-TRECK, 26th ACM Symposium on Applied Computing, Track: Trust, Reputation, Evidence and other Collaboration Know-how (TRECK), TaiChung, Taiwan
  • 3/23/11- 3/25/11: IFIP-CIP, 5th Annual IFIP WG 11.10 International Conference on Critical Infrastructure Protection, Hanover, New Hampshire, USA
  • 4/ 6/11- 4/ 8/11: RFIDsec-Asia, Workshop on RFID Security, Wuxi, China
  • 5/18/11- 5/21/11: SAR/SSI, International Conference on Network and Information Systems Security, La Rochelle, France
  • 5/22/11- 5/25/11: SP, 32nd IEEE Symposium on Security & Privacy, The Claremont Resort, Berkeley/Oakland, California, USA
  • 5/30/11- 6/ 1/11: ISPEC, 7th Information Security Practice and Experience Conference, Guangzhou, China
  • 6/ 1/11- 6/ 3/11: WISTP, 5th Workshop in Information Security Theory and Practice, Heraklion, Crete, Greece
  • 6/ 5/11- 6/ 6/11: HOST, 4th IEEE International Symposium on Hardware-Oriented Security and Trust, San Diego, CA, USA
  • 6/ 5/11- 6/ 9/11: ICC-CISS, IEEE ICC 2011, Communication and Information Systems Security Symposium, Kyoto, Japan
  • 6/ 6/11- 6/ 8/11: POLICY, 12th IEEE International Symposium on Policies for Distributed Systems and Networks, Pisa, Italy
  • 6/ 7/11- 6/ 9/11: IFIP-SEC, 26th IFIP TC-11 International Information Security Conference, Luzern, Switzerland
  • 6/ 7/11- 6/10/11: ACNS, 9th International Conference on Applied Cryptography and Network Security, Nerja, Malaga, Spain
  • 6/14/11- 6/17/11: WiSec, 4th ACM Conference on Wireless Network Security, Hamburg, Germany
  • 6/15/11- 6/17/11: SACMAT, 16th ACM Symposium on Access Control Models and Technologies, Innsbruck, Austria
  • 6/22/11- 6/24/11: TRUST, 4th International Conference on Trust and Trustworthy Computing, Pittsburgh, PA, USA
  • 6/29/11- 7/ 1/11: IFIPTM, 5th IFIP International Conference on Trust Management, Copenhagen, Denmark
  • 7/ 7/11- 7/ 8/11: DIMVA, 8th International Conference on Detection of Intrusions and Malware & Vulnerability Assessment, Amsterdam, The Netherlands
  • 7/19/11- 7/21/11: PST, 9th International Conference on Privacy, Security and Trust, Montreal, Quebec, Canada
  • 8/ 1/11- 8/ 3/11: DFRWS, 11th Digital Forensics Research Conference, New Orleans, LA, USA
  • 8/10/11- 8/12/11: USENIX Security, 20th USENIX Security Symposium, San Francisco, CA, USA
  • 9/19/11- 9/21/11: SAFECOMP, 30th International Conference on Computer Safety, Reliability and Security, Naples, Italy
  
  
• new calls or announcements added since Cipher E98

• IEEE Network, Special Issue on Network Traffic Monitoring and Analysis, May 2011. (Submission Due 15 November 2010)

  Guest editor: Wei Wang (University of Luxembourg, Luxembourg), Xiangliang Zhang (University of Paris-sud 11, France), Wenchang Shi (Renmin University of China, China), Shiguo Lian (France Telecom R&D Beijing, China), and Dengguo Feng (Chinese Academy of Sciences, China)
  
  Modern computer networks are increasingly complex and ever-evolving. Understanding and measuring such a network is a difficult yet vital task for network management and diagnosis. Network traffic monitoring, analysis and anomaly detection provides useful tools in understanding network behavior and in determining network performance and reliability so as to effectively troubleshoot and resolve the issues in practice. Network traffic monitoring and anomaly detection also provides a basis for prevention and reaction in network security, as intrusions, attacks, worms, and other kinds of malicious behaviors can be detected by traffic analysis and anomaly detection. This special issue seeks original articles examining the state of the art, open issues, research results, tool evaluation, and future research directions in network monitoring, analysis and anomaly detection. Possible topics include:

  • Network traffic analysis and classification
  • Traffic sampling and signal processing methods
  • Network performance measurements
  • Network anomaly detection and troubleshooting
  • Network security threats and countermeasures
  • Network monitoring and traffic measurement systems
  • Real environment experiments and testbeds

• IFIP-SEC 2011 26th IFIP TC-11 International Information Security Conference, Luzern, Switzerland, June 7-9, 2011. (Submissions due 15 November 2010)

  The SEC conferences are in a series of well-established international conferences on Security and Privacy organized annually by the Technical Committee 11 (TC-11) of IFIP (International Federation for Information Processing). IFIP SEC 2011 aims at bringing together primarily researchers, but also practitioners from academia, industry and governmental institutions for elaborating and discussing IT Security and Privacy Challenges that we are facing today and in the future. Papers offering novel and mature research contributions, in any aspect of information security and privacy are solicited for submission to the 26th IFIP TC-11 International Information Security Conference. Papers may present theory, applications, or practical experiences on security and privacy topics including but not limited to:

  • Access Control
  • Anonymity
  • Applications of Cryptography
  • Attacks and Malicious Software
  • Authentication and Authorization
  • Biometrics and Applications
  • Critical ICT Resources Protection
  • Data and Systems Integrity
  • Data Protection
  • ECommerce Privacy & Security
  • Enterprise Security
  • Identity Management
  • Information Hiding
  • Information Warfare
  • Internet and Web Security
  • Intrusion Detection
  • IT-Forensics
  • Mobile Computing Security
  • Mobile Networks Security
  • Network Security Protocols
  • Multilateral Security
  • Peer-to-Peer Security
  • Privacy Enhancing Technologies
  • RFID Privacy & Security
  • Risk Analysis and Management
  • Secure Electronic Voting
  • Secure Sensor Networks
  • Secure Systems Development
  • Security Architectures
  • Security Economics
  • Security Education
  • Security Management
  • Security Metrics
  • Semantic Web Privacy & Security
  • Smart Cards
  • Software Security
  • Spam, SPIT, SPIM
  • Transparency Enhancing Tools
  • Trust Management and Models
  • Trusted Computing
  • Ubiquitous Privacy & Security
  • Usability of Security and Privacy

• SP 2011 32nd IEEE Symposium on Security & Privacy, The Claremont Resort, Berkeley/Oakland, California, USA, May 22-25, 2011. (Submissions due 19 November 2010)

  Since 1980, the IEEE Symposium on Security and Privacy (S&P) has been the premier forum for computer security research, presenting the latest developments and bringing together researchers and practitioners. We solicit previously unpublished papers offering novel research contributions in any aspect of computer security or privacy. Papers may present advances in the theory, design, implementation, analysis, verification, or empirical evaluation of secure systems. Topics of interest include:

  • Access control
  • Accountability
  • Anonymity
  • Application security
  • Attacks and defenses
  • Authentication
  • Censorship and censorship-resistance
  • Distributed systems security
  • Embedded systems security
  • Forensics
  • Hardware security
  • Intrusion detection
  • Language-based security
  • Malware
  • Metrics
  • Network security
  • Privacy-preserving systems
  • Protocol security
  • Secure information flow
  • Security and privacy policies
  • Security architectures
  • System security
  • Usability and security
  • Web security

• WiSec 2011 4th ACM Conference on Wireless Network Security, Hamburg, Germany, June 14-17, 2011. (Submissions due 1 December 2010)

  As wireless and mobile networking becomes ubiquitous, security and privacy gains in importance. The focus of ACM Conference on Wireless Network Security (ACM WiSec) is on exploring attacks on (and threats facing) wireless communication as well as techniques to address them. Settings of interest include: cellular, metropolitan, mesh, local-area, personal-area, home, vehicular, sensor, ad hoc, satellite, and underwater networks as well as cognitive radio and RFID. Topics of interest include, but are not limited to:

  • Naming and addressing vulnerabilities
  • Key management in wireless/mobile environments
  • Secure neighbor discovery / Secure localization
  • Secure PHY and MAC protocols
  • Trust establishment
  • Intrusion detection, detection of malicious behavior
  • Revocation of malicious parties
  • Denial of service
  • User privacy, location privacy
  • Anonymity, unobservability, prevention of traffic analysis
  • Identity theft and phishing in mobile networks
  • Charging &s secure payment
  • Cooperation and prevention of non-cooperative behavior
  • Economics of wireless security
  • Vulnerability and attack modeling
  • Incentive-aware secure protocol design
  • Jamming/Anti-jamming communication
  • Cross-layer design for security
  • Monitoring and surveillance
  • Cryptographic primitives for wireless communication
  • Formal methods for wireless security
  • Mobile/wireless platform and systems (OS and application) security

• WISTP 2011 5th Workshop in Information Security Theory and Practice, Heraklion, Crete, Greece, June 1-3, 2011. (Submissions due 2 December 2010)

  Technical enhancements of mobile network infrastructures and the availability of powerful mobile devices are rapidly changing the way in which users interact and communicate in everyday life. These devices include but not limited to PDAs, mobile phones, smart cards, wireless sensors, and RFID tags. Among the main common features of these devices include constraint resources and wireless communications. WISTP 2011 aims to address the security and privacy issues that are increasingly exposed by mobile communications and related services, along with evaluating their impact on individuals, and the society at large. The workshop seeks submissions from academia and industry presenting novel research on all theoretical and practical aspects of security and privacy of mobile and smart devices, as well as experimental studies of fielded systems based on wireless communication, the application of security technology, the implementation of systems, and lessons learned. We encourage submissions from other communities such as law and business that present these communities' perspectives on technological issues. Topics of interest include, but are not limited to:

  • Authentication and access control
  • Ad hoc networks security and privacy
  • Biometrics, national ID cards
  • Data security and privacy
  • Digital rights management
  • Embedded systems security
  • Human and psychological aspects of security
  • Identity management
  • Information assurance and trust management
  • Intrusion detection and information filtering
  • Lightweight cryptography
  • Mobile and ubiquitous network security
  • Mobile codes security
  • Mobile commerce security
  • Mobile devices security
  • Privacy enhancing technologies
  • RFID systems security
  • Secure self-organization and self-configuration
  • Security in location services
  • Security metrics
  • Security models and architectures
  • Security of GSM/GPRS/UMTS systems
  • Security and privacy policies
  • Security protocols
  • Smart card security
  • Vehicular network security and privacy
  • Wireless communication security and privacy
  • Wireless sensor network security and privacy

• Cybercrime and Cloud Forensics: Applications for Investigation Processes, (Chapter proposal submission Due 3 December 2010)

  Editor: Cyril Onwubiko (Research Series Ltd, London, UK) and Thomas Owens (Brunel University, London, UK)
  
  Cloud computing has the potential to become one of the most transformative developments in how information technology services are created, delivered, and accessed. However, cloud computing represents both opportunity and crisis for cybercrime investigation and digital forensics. With the rise of cyber attacks and various crimes in the highly complex multi-jurisdictional and multi-tenant cloud environments, there is an urgent need to extend the applications of investigation processes into the Cloud. This book will introduce the new area of cloud forensics and collect research and case studies on current, state-of-the-art applications for investigation processes in cloud computing environments. Chapters may address cloud forensics applications from the perspectives of cloud providers, cloud customers, security architects, law enforcement agencies, research institutes, etc. This book will serve as a reference for cloud communities, digital forensics practitioners, researchers who wish to understand current issues, advancing research, and technical innovations in the field of cloud forensics.

• POLICY 2011 12th IEEE International Symposium on Policies for Distributed Systems and Networks, Pisa, Italy, June 6-8, 2011. (Submissions due 8 December 2010)

  The symposium brings together researchers and practitioners working on policy-based systems across a wide range of application domains including policy-based networking, privacy, trust and security management, autonomic computing, pervasive systems and enterprise systems. POLICY 2011 is the 12th in a series of successful events, which have provided a forum for discussion and collaboration between researchers, developers and users of policy-based systems. In addition to the areas mentioned above, we specifically encourage this year contributions on policy-based techniques in support of Cloud computing and Enterprise Service Oriented applications as well as the use of reasoning, verification and learning techniques in policy-based systems.

• IFIP-CIP 2011 5th Annual IFIP WG 11.10 International Conference on Critical Infrastructure Protection, Hanover, New Hampshire, USA, March 23-25, 2011. (Submissions due 15 December 2010)

  The IFIP Working Group 11.10 on Critical Infrastructure Protection is an active international community of researchers, infrastructure operators and policy-makers dedicated to applying scientific principles, engineering techniques and public policy to address current and future problems in information infrastructure protection. Following the success of the first four conferences, the Fifth Annual IFIP WG 11.10 International Conference on Critical Infrastructure Protection will again provide a forum for presenting original, unpublished research results and innovative ideas related to all aspects of critical infrastructure protection. Papers and panel proposals are solicited. Submissions will be refereed by members of Working Group 11.10 and other internationally-recognized experts in critical infrastructure protection. Papers and panel submissions will be selected based on their technical merit and relevance to IFIP WG 11.10. The conference will be limited to seventy participants to facilitate interactions among researchers and intense discussions of research and implementation issues. Papers are solicited in all areas of critical infrastructure protection. Areas of interest include, but are not limited to:

  • Infrastructure vulnerabilities, threats and risks
  • Security challenges, solutions and implementation issues
  • Infrastructure sector interdependencies and security implications
  • Risk analysis and risk assessment methodologies
  • Modeling and simulation of critical infrastructures
  • Legal, economic and policy issues related to critical infrastructure protection
  • Secure information sharing
  • Infrastructure protection case studies
  • Distributed control systems/SCADA security
  • Telecommunications network security

• ISPEC 2011 7th Information Security Practice and Experience Conference, Guangzhou, China, May 30 - June 1, 2011. (Submissions due 15 December 2010)

  ISPEC is an annual conference that brings together researchers and practitioners to provide a confluence of new information security technologies, their applications and their integration with IT systems in various vertical sectors. Authors are invited to submit full papers presenting new research results related to information security technologies and applications. All submissions must describe original research that is not published or currently under review by another conference or journal. Areas of interest include, but are not limited to:

  • Applied cryptography
  • Access control
  • Digital rights management
  • Economic incentives for deployment of information security systems
  • Information security in vertical applications
  • Network security
  • Privacy and anonymity
  • Risk evaluation and security certification
  • Resilience and availability
  • Secure system architectures
  • Security policy
  • Security protocols
  • Trust model and management
  • Usability aspects of information security systems

• SACMAT 2011 16th ACM Symposium on Access Control Models and Technologies, Innsbruck, Austria, June 15-17, 2011. (Submissions due 7 January 2010)

  ACM SACMAT is the premier forum for the presentation of research results and experience reports on leading edge issues of access control, including models, systems, applications, and theory. The aims of the symposium are to share novel access control solutions that fulfil the needs of heterogeneous applications and environments, and to identify new directions for future research and development. SACMAT provides researchers and practitioners with a unique opportunity to share their perspectives with others interested in the various aspects of access control. Papers offering novel research contributions in all aspects of access control are solicited. We solicit proposals for panels and systems demonstrations as well. Topics of Interest:

  • Access control models and extensions
  • Access control requirements
  • Access control design methodology
  • Access control mechanisms, systems, and tools
  • Access control in distributed and mobile systems
  • Access control for innovative applications
  • Administration of access control policies
  • Delegation
  • Identity management
  • Policy/Role engineering
  • Safety analysis and enforcement
  • Standards for access control
  • Trust management
  • Trust and risk models in access control
  • Theoretical foundations for access control models
  • Usability in access control systems
  • Usage control

• IFIPTM 2011 5th IFIP International Conference on Trust Management, Copenhagen, Denmark, June 29 - July 1, 2011. (Submissions due 12 January 2011)

  The mission of the IFIPTM 2011 Conference is to share research solutions to problems of Trust and Trust management, including related Security and Privacy issues, and to identify new issues and directions for future research and development work. IFIPTM 2011 invites submissions presenting novel research on all topics related to Trust, Security and Privacy, including but not limited to those listed below:
  Security, trust and privacy
  

  • formal aspects (specification, reasoning and analysis)
  • applications and services
  • policy management
  • in social networks and emerging contexts
  • in collaborative applications, crowdsourcing and wiki systems
  • ethical, sociological, psychological and legal aspects
  • human-computer interaction and usable systems
  Trust and reputation management systems
  
  • architectures and models
  • metrics and computation
  • applications
  Identity management and trust
  
  • anonymity, privacy and accountability
  • legal aspects
  Trustworthy systems
  
  • platforms & Standards
  • software and services
  • applications

• DIMVA 2011 8th International Conference on Detection of Intrusions and Malware & Vulnerability Assessment, Amsterdam, The Netherlands, July 7-8, 2011. (Submissions due 14 January 2011)

  The annual DIMVA conference serves as a premier forum for advancing the state of the art in intrusion detection, malware detection, and vulnerability assessment. DIMVA's scope includes, but is not restricted to the following areas:
  Intrusion Detection
  

  • Novel approaches & new environments
  • Insider detection
  • Prevention & response
  • Data leakage
  • Result correlation & cooperation
  • Evasion attacks
  • Potentials & limitations
  • Operational experiences
  • Privacy, legal & social aspects
  Malware Detection
  
  • Automated analysis, reversing & execution tracing
  • Containment & sandboxed operation
  • Acquisition of specimen
  • Infiltration
  • Behavioral models
  • Prevention & containment
  • Trends & upcoming risks
  • Forensics & recovery
  • Economic aspects
  Vulnerability Assessment
  
  • Vulnerability detection & analysis
  • Vulnerability prevention
  • Web application security
  • Fuzzing techniques
  • Classification & evaluation
  • Situational awareness

• HOST 2011 4th IEEE International Sympoium on Hardware-Oriented Security and Trust, San Diego, CA, June 5-6, 2011. (Submissions due 19 January 2011)

  A wide range of applications, from secure RFID tagging to high-end trusted computing, relies on dedicated and trusted hardware platforms. The security and trustworthiness of such hardware designs are critical to their successful deployment and operation. Recent advances in tampering and reverse engineering show that important challenges lie ahead. For example, secure electronic designs may be affected by malicious circuits, Trojans that alter system operation. Furthermore, dedicated secure hardware implementations are susceptible to novel forms of attack that exploit side-channel leakage and faults. Third, the globalized, horizontal semiconductor business model raises concerns of trust and intellectual-property protection. HOST 2011 is a forum for novel solutions to address these challenges. Innovative test mechanisms may reveal Trojans in a design before they are able to do harm. Implementation attacks may be thwarted using side-channel resistant design or fault-tolerant designs. New security-aware design tools can assist a designer in implementing critical and trusted functionality, quickly and efficiently. HOST 2011 seeks contributions based on, but not limited to, the following topics:

  • Trojan detection and isolation
  • Implementation Attacks and Countermeasures
  • Side channel Analysis and Fault Analysis
  • Intellectual Property Protection and Metering
  • Tools and Methodologies for Secure Hardware Design
  • Hardware Architectures for Cryptography
  • Hardware Security Primitives: PUFs and TRNGs
  • Applications of Secure Hardware
  • Interaction of Secure Hardware and Software

• ACNS 2011 9th International Conference on Applied Cryptography and Network Security, Nerja, Malaga, Spain, June 7-10, 2011. (Submissions due 21 January 2011)

  Original papers on all aspects of applied cryptography as well as computer/network security and privacy are solicited. Topics of interest include, but are not limited to:

  • Applied cryptography and cryptographic protocols
  • Cryptographic primitives, e.g., cryptosystems, ciphers and hash functions
  • Network security protocols
  • Privacy, anonymity and untraceability
  • Security for the next-generation Internet
  • Internet fraud, e.g., phishing, pharming, spam, and click fraud
  • Email and web security
  • Public key infrastructures, key management, certification and revocation
  • Trust and its metrics
  • Usable security and cryptography
  • Intellectual property protection and digital rights management
  • Modeling and protocol design
  • Automated protocols analysis
  • Secure virtualization and security in cloud computing
  • Security and privacy in sensor, mobile, ad hoc and delay-tolerant networks, p2p systems, as well as wireless (e.g., RFID, Bluetooth) communications

• USENIX Security 2011 20th USENIX Security Symposium, San Francisco, CA, USA, August 10?12, 2011. (Submissions due 10 February 2011)

  The USENIX Security Symposium brings together researchers, practitioners, system administrators, system programmers, and others interested in the latest advances in the security of computer systems and networks. Refereed paper submissions are solicited in all areas relating to systems and network security, including:

  • Adaptive security and system management
  • Analysis of network and security protocols
  • Applications of cryptographic techniques
  • Attacks against networks and machines
  • Authentication and authorization of users, systems, and applications
  • Automated tools for source code analysis
  • Botnets
  • Cryptographic implementation analysis and construction
  • Denial-of-service attacks and countermeasures
  • File and filesystem security
  • Firewall technologies
  • Forensics and diagnostics for security
  • Hardware security
  • Intrusion and anomaly detection and prevention
  • Malicious code analysis, anti-virus, anti-spyware
  • Network infrastructure security
  • Operating system security
  • Privacy-preserving (and compromising) systems
  • Public key infrastructure
  • Rights management and copyright protection
  • Security architectures
  • Security in heterogeneous and large-scale environments
  • Security policy
  • Self-protecting and -healing systems
  • Techniques for developing secure systems
  • Technologies for trustworthy computing
  • Usability and security
  • Voting systems analysis and security
  • Wireless and pervasive/ubiquitous computing security
  • Web security, including client-side and server-side security

• SAR/SSI 2011 International Conference on Network and Information Systems Security, La Rochelle, France, May 18-21, 2011. (Submissions due 14 February 2011)

  The SAR-SSI conference series provides a forum for presenting novel research results, practical experiences and innovative ideas in network and information systems security. The goal of SAR-SSI-2011 is fostering exchanges among academic researchers, industry and a wider audience interested in network and information system security. The conference will offer a broad area of events, ranging from panels, tutorials, technical presentations and informal meetings. Prospective authors are encouraged to submit papers describing novel research contributions as well as proposals for tutorials and panels.

• TRUST 2011 4th International Conference on Trust and Trustworthy Computing, Pittsburgh, PA, USA, June 22-24, 2011. (Submissions due 15 February 2011)

  This conference focuses on trusted and trustworthy computing, both from the technical and social perspectives. The conference itself has two main strands, one devoted to technical aspects and one devoted to socio-economic aspects of trusted computing. The conference solicits original papers on any aspect (technical or social and economic) of the design, application and usage of trusted and trustworthy computing, which concerns a broad range of concepts including trustworthy infrastructures, cloud computing, services, hardware, software and protocols. Topics of interest include, but are not limited to:
  Technical Strand
  

  • Architecture and implementation technologies for trusted platforms and trustworthy infrastructures
  • Trust, Security and Privacy in embedded systems
  • Trust, Security and Privacy in social networks
  • Trusted mobile platforms and mobile phone security
  • Implementations of trusted computing (hardware and software)
  • Applications of trusted computing
  • Trustworthy infrastructures and services for cloud computing (including resilience)
  • Attestation and integrity verification
  • Cryptographic aspects of trusted and trustworthy computing
  • Design, implementation and analysis of security hardware, i.e., hardware with cryptographic and security functions, physically unclonable functions (PUFs)
  • Intrusion resilience in trusted computing
  • Virtualization for trusted platforms
  • Secure storage
  • Security policy and management of trusted computing
  • Access control for trusted platforms
  • Privacy aspects of trusted computing
  • Verification of trusted computing architectures
  • Usability and end-user interactions with trusted platforms
  • Limitations of trusted computing
  Socio-economic Strand
  
  • Usability and user perceptions of trustworthy systems and risks
  • Effects of trustworthy systems upon user, corporate, and governmental behavior
  • Economic drivers for trustworthy systems in corporate environment
  • The impact of trustworthy systems in enhancing trust in cloud-like infrastructures
  • The adequacy of guarantees provided by trustworthy systems for systems critically dependent upon trust, such as elections and government oversight
  • The impact of trustworthy systems upon digital forensics, police investigations and court proceedings
  • Game theoretical approaches to modeling or designing trustworthy systems
  • Approaches to model and simulate scenarios of how trustworthy systems would be used in corporate environments and in personal space
  • Experimental economics studies of trustworthiness
  • The interplay between privacy, privacy enhancing technologies and trustworthy systems
  • Critiques of trustworthy systems

• DFRWS 2011 11th Digital Forensics Research Conference, New Orleans, LA, USA, August 1-3, 2011. (Submissions due 27 February 2010)

  DFRWS brings together leading researchers, developers, practitioners, and educators interested in advancing the state of the art in digital forensics from around the world. As the most established venue in the field, DFRWS is the preferred place to present both cutting-edge research and perspectives on best practices for all aspects of digital forensics. As an independent organization, we promote open community discussions and disseminate the results of our work to the widest audience. We invite original contributions as research papers, panel proposals, Work-in-Progress talks, workshop proposals, and demo proposals. Topics of Interest:

  • Forensic analysis
  • Incident response and live analysis
  • Network-based forensics, including network traffic analysis, traceback and attribution
  • Event reconstruction methods and tools
  • File system and memory analysis
  • Application analysis
  • Embedded systems
  • Small scale and mobile devices
  • Large-scale investigations
  • Digital evidence storage and preservation
  • Data mining and information discovery
  • Data hiding and recovery
  • Data extraction and reconstruction
  • Multimedia analysis
  • Database forensics
  • Tool testing and development
  • Digital evidence and the law
  • Anti-forensics and anti-anti-forensics
  • Case studies and trend reports
  • Malware forensics
  • Data visualization in forensic analysis
  • Forensics of virtual and cloud environments
  • Investigation of insider attacks
  • Error rates of forensic methods
  • Interpersonal communications and social network analysis
  • Non-traditional approaches to forensic analysis

• SAFECOMP 2011 30th International Conference on Computer Safety, Reliability and Security, Naples, Italy, September 19-21, 2011. (Submissions due 27 February 2011)

  SAFECOMP is an annual event covering the state-of-the-art, experience and trends in the areas of safety, security and reliability of critical computer applications. The 2011 Key theme is "Safety and security of computer-based systems and infrastructures: from risk assessment to threat mitigation". Papers are invited in application and industrial sectors as well as research areas. Especially papers on industrial experience and practice are encouraged.

• PST 2011 9th International Conference on Privacy, Security and Trust, Montreal, Quebec, Canada, July 19-21, 2011. (Submissions due 20 March 2011)

  PST2011 provides a forum for researchers world-wide to unveil their latest work in privacy, security and trust and to show how this research can be used to enable innovation. PST2011 will include an Innovation Day featuring workshops and tutorials followed by two days of high-quality research papers whose topics include, but are NOT limited to, the following:

  • Privacy Preserving / Enhancing Technologies
  • Critical Infrastructure Protection
  • Network and Wireless Security
  • Operating Systems Security
  • Intrusion Detection Technologies
  • Secure Software Development and Architecture
  • PST Challenges in e-Services, e.g. e-Health, e-Government, e Commerce
  • Network Enabled Operations
  • Digital forensics
  • Information Filtering, Data Mining and Knowledge from Data
  • National Security and Public Safety
  • Security Metrics
  • Recommendation, Reputation and Delivery Technologies
  • Continuous Authentication
  • Trust Technologies, Technologies for Building Trust in e-Business Strategy
  • Observations of PST in Practice, Society, Policy and Legislation
  • Digital Rights Management
  • Identity and Trust management
  • PST and Cloud Computing
  • Human Computer Interaction and PST
  • Implications of, and Technologies for, Lawful Surveillance
  • Biometrics, National ID Cards, Identity Theft
  • PST and Web Services / SOA
  • Privacy, Traceability, and Anonymity
  • Trust and Reputation in Self-Organizing Environments
  • Anonymity and Privacy vs. Accountability
  • Access Control and Capability Delegation
  • Representations and Formalizations of Trust in Electronic and Physical Social Systems