Cipher Electronic Newsletter of the Technical Committe on    Security & Privacy A Technical Committee of the Computer Society of the IEEE  Electronic Issue (EI) 101,  March 15, 2011 Hilarie Orman,  Editor Book Reviews Sven Dietrich, Associate Editor Yong Guan, Calendar Editor

Contents:

• Letter from the Editor 
   

• Commentary and Opinion

  • Review of Financial Cryptography, the Workshop Real-life Cryptographic protocols and Standardization, and the Workshop on Ethics in Computer Security Research (St. Lucia, February 28-March 4, 2011) by Omar Choudary

  • Hilarie Orman's review of Surveillance or Security? The Risks Posed by New Wiretapping Technologies by Susan Landau

  • Richard Austin's review of Windows Registry Forensics: Advanced Digital Forensic Analysis of the Windows Registry by Harlan Carvey

  • News Items
    • Public key cryptography inventors honored
    • National Science Foundation's Trustworthy Computing Program, sign up for news

  • Book reviews from past Cipher issues

  • Conference Reports and Commentary from past Cipher issues

  • News items from past Cipher issues

 

• The Technical Committee on Security and Privacy

• Listing of academic positions available  by Cynthia Irvine
  

  New, Posted February 2011
  The University of Texas at Dallas
  Richardson/Dallas, Texas
  Assistant/Associate/Professor
  Until position filled
  http://csrc.utdallas.edu/UTD-Cyber-Security-Faculty-Position.pdf

 

• Cipher calls-for-papers and calendar
    Cipher calendar announcements are on Twitter; follow "ciphernews"
    new calls or announcements added since Cipher E100 (the calls-for-papers and the calendar announcements may differ slightly in content or time of update): 

• Conference and Workshop Announcements

  • 3/15/11: SADFE, International Workshop on Systematic Approaches to Digital Forensic Engineering, Held in conjunction with the IEEE Symposium on Security and Privacy (SP 2011), Berkeley, CA, USA; Submissions are due
  • 3/15/11- 3/16/11: CSC, Workshop on Cryptography and Security in Clouds, Zurich, Switzerland
  • 3/18/11: STM, 7th International Workshop on Security and Trust Management, Held in conjunction with IFIPTM 2011, Copenhagen, Denamrk; Submissions are due
  • 3/20/11: PST, 9th International Conference on Privacy, Security and Trust, Montreal, Quebec, Canada; Submissions are due
  • 3/21/11: ESORICS, 16th European Symposium on Research in Computer Security, Leuven, Belgium; Submissions are due
  • 3/21/11: SESOC, 3rd International Workshop on Security and Social Networking, Held in conjunction with the PerCom 2011, Seattle, WA, USA
  • 3/21/11- 3/25/11: SAC-TRECK, 26th ACM Symposium on Applied Computing, Track: Trust, Reputation, Evidence and other Collaboration Know-how (TRECK), TaiChung, Taiwan
  • 3/22/11: ESAS, 6th IEEE International Workshop on Engineering Semantic Agent Systems, Held in conjunction with IEEE COMPSAC 2011, Munich, Germany; Submissions are due
  • 3/23/11- 3/25/11: IFIP-CIP, 5th Annual IFIP WG 11.10 International Conference on Critical Infrastructure Protection, Hanover, New Hampshire, USA
  • 3/25/11: W2SP, Web 2.0 Security and Privacy 2011 Workshop, Held in conjunction with IEEE Symposium on Security and Privacy (SP 2011), Berkeley, CA, USA; Submissions are due
  • 3/29/11: FCS, Workshop on Foundations of Computer Security, Held in conjunction with LICS 2011, Toronto, Ontario, Canada; Submissions are due
  • 3/29/11: LEET, 4th USENIX Workshop on Large-Scale Exploits and Emergent Threats, Boston, MA, USA
  • 3/31/11: RAID, 14th International Symposium on Recent Advances in Intrusion Detection, Menlo Park, CA, USA; Submissions are due
  • 4/ 1/11: VizSec, 8th International Symposium on Visualization for Cyber Security, Held in conjunction with the Symposium on Usable Privacy and Security (SOUPS 2011), Pittsburgh, PA, USA; Submissions are due
  • 4/ 4/11: NSPW 2011 New Security Paradigms Workshop, Marin County, CA, USA; Submissions are due
  • 4/ 5/11: HealthSec 2011 2nd USENIX Workshop on Health Security and Privacy, Held in conjunction with the 20th USENIX Security Symposium, San Francisco, CA, USA; Submissions are due
  • 4/ 6/11- 4/ 8/11: RFIDsec-Asia, Workshop on RFID Security, Wuxi, China
  • 4/ 8/11: ASA 2011 5th International Workshop on Analysis of Security APIs, Paris, France; Submissions are due
  • 4/18/11: CSET 2011 4th Workshop on Cyber Security Experimentation and Test, Held in conjunction with the 20th USENIX Security Symposium, San Francisco, CA, USA; Submissions are due
  • 4/20/11: EVT/WOTE 2011 Electronic Voting Technology Workshop/ Workshop on Trustworthy Elections, Held in conjunction with the 20th USENIX Security Symposium, San Francisco, CA, USA; Submissions are due
  • 4/24/11: PBD 2011 1st International Workshop on Privacy by Design, Held in conjunction with the Sixth International Conference on Availability, Reliability and Security (ARES 2011), Vienna, Austria; Submissions are due
  • 4/26/11: IWSEC 2011 6th International Workshop on Security, Tokyo, Japan; Submissions are due
  • 5/ 2/11: WOOT 2011 5th USENIX Workshop on Offensive Technologies, Held in conjunction with the 20th USENIX Security Symposium, San Francisco, CA, USA; Submissions are due
  • 5/ 5/11: HotSec 2011 6th USENIX Workshop on Hot Topics in Security, Held in conjunction with the 20th USENIX Security Symposium, San Francisco, CA, USA; Submissions are due
  • 5/ 6/11: ACM-CCS 2011 18th ACM Conference on Computer and Communications Security, Chicago, IL, USA; Submissions are due
  • 5/ 9/11: SAC 2011 18th International Workshop on Selected Areas in Cryptography, Toronto, Ontario, Canada; Submissions are due
  • 5/10/11: CRiSIS 2011 6th International Conference on Risks and Security of Internet and Systems, Timisoara, Romania; Submissions are due
  • 5/11/11: NSS 2011 5th International Conference on Network and System Security, Milan, Italy; Submissions are due
  • 5/16/11: SecureComm 2011 7th International Conference on Network Security & Privacy, London, United Kingdom; Submissions are due
  • 5/18/11- 5/20/11: IH 2011 13th Information Hiding Conference, Prague, Czech Republic
  • 5/18/11- 5/21/11: SAR/SSI, International Conference on Network and Information Systems Security, La Rochelle, France
  • 5/20/11: Security and Communication Networks (SCN), Special Issue on Security and Privacy in Ubiquitous Computing; Submissions are due
  • 5/22/11- 5/25/11: SP, 32nd IEEE Symposium on Security & Privacy, The Claremont Resort, Berkeley/Oakland, California, USA
  • 5/26/11: SADFE, International Workshop on Systematic Approaches to Digital Forensic Engineering, Held in conjunction with the IEEE Symposium on Security and Privacy (SP 2011), Berkeley, CA, USA
  • 5/26/11: W2SP, Web 2.0 Security and Privacy 2011 Workshop, Held in conjunction with IEEE Symposium on Security and Privacy (SP 2011), Berkeley, CA, USA
  • 5/30/11: MetriSec 2011 7th International Workshop on Security Measurements and Metrics, Held in conjunction with the International Symposium on Empirical Software Engineering and Measurement (ESEM 2011), Banff, Alberta, Canada; Submissions are due
  • 5/30/11- 6/ 1/11: ISPEC, 7th Information Security Practice and Experience Conference, Guangzhou, China
  • 6/ 1/11- 6/ 3/11: WISTP, 5th Workshop in Information Security Theory and Practice, Heraklion, Crete, Greece
  • 6/ 5/11- 6/ 6/11: HOST, 4th IEEE International Symposium on Hardware-Oriented Security and Trust, San Diego, CA, USA
  • 6/ 5/11- 6/ 9/11: ICC-CISS, IEEE ICC 2011, Communication and Information Systems Security Symposium, Kyoto, Japan
  • 6/ 6/11- 6/ 8/11: POLICY, 12th IEEE International Symposium on Policies for Distributed Systems and Networks, Pisa, Italy
  • 6/ 7/11- 6/ 9/11: IFIP-SEC, 26th IFIP TC-11 International Information Security Conference, Luzern, Switzerland
  • 6/ 7/11- 6/10/11: ACNS, 9th International Conference on Applied Cryptography and Network Security, Nerja, Malaga, Spain
  • 6/14/11- 6/17/11: WiSec, 4th ACM Conference on Wireless Network Security, Hamburg, Germany
  • 6/15/11- 6/17/11: SACMAT, 16th ACM Symposium on Access Control Models and Technologies, Innsbruck, Austria
  • 6/20/11: D-SPAN, 2nd IEEE International Workshop on Data Security and PrivAcy in wireless Networks, Held in conjunction with IEEE WoWMoM 2011, Lucca, Italy
  • 6/20/11: FCS, Workshop on Foundations of Computer Security, Held in conjunction with LICS 2011, Toronto, Ontario, Canada
  • 6/22/11- 6/24/11: TRUST, 4th International Conference on Trust and Trustworthy Computing, Pittsburgh, PA, USA
  • 6/27/11- 6/28/11: STM, 7th International Workshop on Security and Trust Management, Held in conjunction with IFIPTM 2011, Copenhagen, Denamrk
  • 6/27/11- 6/29/11: CSF, 24th IEEE Computer Security Foundations Symposium, Domaine de l'Abbaye des Vaux-de-Cernay, France
  • 6/29/11- 7/ 1/11: IFIPTM, 5th IFIP International Conference on Trust Management, Copenhagen, Denmark
  • 6/30/11: TrustCom 2011 10th IEEE International Conference on Trust, Security and Privacy in Computing and Communications, Changsha, China; Submissions are due
  • 6/30/11: ASA 2011 5th International Workshop on Analysis of Security APIs, Paris, France
  • 7/ 7/11- 7/ 8/11: DIMVA, 8th International Conference on Detection of Intrusions and Malware & Vulnerability Assessment, Amsterdam, The Netherlands
  • 7/11/11- 7/13/11: DBSec, 25th Annual WG 11.3 Conference on Data and Applications Security and Privacy, Richmond, Virginia, USA
  • 7/18/11- 7/22/11: ESAS, 6th IEEE International Workshop on Engineering Semantic Agent Systems, Held in conjunction with IEEE COMPSAC 2011, Munich, Germany
  • 7/19/11- 7/21/11: PST, 9th International Conference on Privacy, Security and Trust, Montreal, Quebec, Canada
  • 7/20/11: VizSec, 8th International Symposium on Visualization for Cyber Security, Held in conjunction with the Symposium on Usable Privacy and Security (SOUPS 2011), Pittsburgh, PA, USA
  • 7/22/11- 7/24/11: ID, ACM/Springer International Workshop on Identity: Security, Management & Applications, Kochi, Kerala, India
  • 7/27/11- 7/29/11: PETS, 11th Privacy Enhancing Technologies Symposium, Waterloo, ON, Canada
  • 8/ 1/11- 8/ 3/11: DFRWS, 11th Digital Forensics Research Conference, New Orleans, LA, USA
  • 8/ 8/11: CSET 2011 4th Workshop on Cyber Security Experimentation and Test, Held in conjunction with the 20th USENIX Security Symposium, San Francisco, CA, USA
  • 8/ 8/11: WOOT 2011 5th USENIX Workshop on Offensive Technologies, Held in conjunction with the 20th USENIX Security Symposium, San Francisco, CA, USA
  • 8/ 8/11- 8/ 9/11: EVT/WOTE 2011 Electronic Voting Technology Workshop/ Workshop on Trustworthy Elections, Held in conjunction with the 20th USENIX Security Symposium, San Francisco, CA, USA
  • 8/ 9/11: HealthSec 2011 2nd USENIX Workshop on Health Security and Privacy, Held in conjunction with the 20th USENIX Security Symposium, San Francisco, CA, USA
  • 8/ 9/11: HotSec 2011 6th USENIX Workshop on Hot Topics in Security, Held in conjunction with the 20th USENIX Security Symposium, San Francisco, CA, USA
  • 8/10/11- 8/12/11: USENIX Security, 20th USENIX Security Symposium, San Francisco, CA, USA
  • 8/11/11- 8/12/11: SAC 2011 18th International Workshop on Selected Areas in Cryptography, Toronto, Ontario, Canada
  • 8/22/11- 8/26/11: PBD 2011 1st International Workshop on Privacy by Design, Held in conjunction with the Sixth International Conference on Availability, Reliability and Security (ARES 2011), Vienna, Austria
  • 9/ 6/11- 9/ 8/11: NSS 2011 5th International Conference on Network and System Security, Milan, Italy
  • 9/ 7/11- 9/ 9/11: SecureComm 2011 7th International Conference on Network Security & Privacy, London, United Kingdom
  • 9/12/11- 9/14/11: ESORICS, 16th European Symposium on Research in Computer Security, Leuven, Belgium
  • 9/12/11- 9/15/11: NSPW 2011 New Security Paradigms Workshop, Marin County, CA, USA
  • 9/19/11- 9/21/11: SAFECOMP, 30th International Conference on Computer Safety, Reliability and Security, Naples, Italy
  • 9/20/11- 9/21/11: RAID, 14th International Symposium on Recent Advances in Intrusion Detection, Menlo Park, CA, USA
  • 9/21/11: MetriSec 2011 7th International Workshop on Security Measurements and Metrics, Held in conjunction with the International Symposium on Empirical Software Engineering and Measurement (ESEM 2011), Banff, Alberta, Canada
  • 9/26/11- 9/28/11: CRiSIS 2011 6th International Conference on Risks and Security of Internet and Systems, Timisoara, Romania
  • 10/17/11-10/21/11: ACM-CCS 2011 18th ACM Conference on Computer and Communications Security, Chicago, IL, USA
  • 11/ 8/11-11/10/11: IWSEC 2011 6th International Workshop on Security, Tokyo, Japan
  • 11/16/11-11/18/11: TrustCom 2011 10th IEEE International Conference on Trust, Security and Privacy in Computing and Communications, Changsha, China
• new calls or announcements added since Cipher E100

• SADFE 2011 International Workshop on Systematic Approaches to Digital Forensic Engineering, Held in conjunction with the IEEE Symposium on Security and Privacy (SP 2011), Berkeley, CA, USA, May 26, 2011. (Submissions due 15 March 2011)

  The SADFE (Systematic Approaches to Digital Forensic Engineering) International Workshop promotes systematic approaches to cyber crime investigations, by furthering the advancement of digital forensic engineering as a disciplined science and practice. Today's digital artifacts permeate our lives and are part of every crime and every case of digital discovery. The field of digital forensics faces many challenges, including scale, scope and presentation of highly technical information in legal venues to nontechnical audiences. Digital evidence may be extant for only nanoseconds or for years; they may consist of a single modified bit, or huge volumes of data; they may be found locally or spread globally throughout a complex digital infrastructure on public or private systems. Following the success of previous SADFE workshops, cyber crime investigations and digital forensics tools will continue to be the key topics of the meeting. We also welcome a broader range of digital forensics papers that do not necessarily involve either crime or digital forensics tools. General attack analysis, the insider threat, insurance and compliance investigations, similar forms of retrospective analysis, and digital discovery are all viable topics. Past speakers and attendees of SADFE have included computer and information scientists, social scientists, digital forensic practitioners, IT professionals, law enforcement, lawyers, and judges. The synthesis of science with practice and the law with technology form the foundation of this conference. SADFE addresses the gap between today's practice and the establishment of digital forensics as a science. To advance the field, SADFE-2011 solicits broad-based, innovative approaches to digital forensic engineering in the following four areas:

  • Digital Data and Evidence Management: advanced digital evidence discovery, collection, and storage
  • Scientific Principle-based Digital Forensic Processes: systematic engineering processes supporting digital evidence management which are sound on scientific, technical and legal grounds
  • Digital Evidence Analytics: advanced digital evidence analysis, correlation, and presentation
  • Forensic-support technologies: forensic-enabled and proactive monitoring/response

  To honor the outstanding work in digital forensics, the SADFE will provide awards for the highest overall quality papers and posters from the accepted program, as measured by scientific contribution, depth, and impact. A student must be the first author to be eligible for the best student paper award.

• STM 2011 7th International Workshop on Security and Trust Management, Held in conjunction with IFIPTM 2011, Copenhagen, Denamrk, June 27-28, 2011. (Submissions due 18 March 2011)

  STM (Security and Trust Management) is a working group of ERCIM (European Research Consortium in Informatics and Mathematics). STM'11 is the seventh workshop in this series and will be held in Copenhagen, Denmark in conjunction with IFIPTM 2011. Topics of interest include, but are not limited to:

  • access control
  • cryptography
  • digital right management
  • economics of security
  • key management
  • ICT for securing digital as well as physical assets
  • identity management
  • networked systems security
  • privacy and anonymity
  • reputation systems and architectures
  • security and trust management architectures
  • semantics and computational models for security and trust
  • trust assessment and negotiation
  • trust in mobile code
  • trust in pervasive environments
  • trust models
  • trust management policies
  • trusted platforms and trustworthy systems
  • trustworthy user devices

• PST 2011 9th International Conference on Privacy, Security and Trust, Montreal, Quebec, Canada, July 19-21, 2011. (Submissions due 20 March 2011)

  PST2011 provides a forum for researchers world-wide to unveil their latest work in privacy, security and trust and to show how this research can be used to enable innovation. PST2011 will include an Innovation Day featuring workshops and tutorials followed by two days of high-quality research papers whose topics include, but are NOT limited to, the following:

  • Privacy Preserving / Enhancing Technologies
  • Critical Infrastructure Protection
  • Network and Wireless Security
  • Operating Systems Security
  • Intrusion Detection Technologies
  • Secure Software Development and Architecture
  • PST Challenges in e-Services, e.g. e-Health, e-Government, e Commerce
  • Network Enabled Operations
  • Digital forensics
  • Information Filtering, Data Mining and Knowledge from Data
  • National Security and Public Safety
  • Security Metrics
  • Recommendation, Reputation and Delivery Technologies
  • Continuous Authentication
  • Trust Technologies, Technologies for Building Trust in e-Business Strategy
  • Observations of PST in Practice, Society, Policy and Legislation
  • Digital Rights Management
  • Identity and Trust management
  • PST and Cloud Computing
  • Human Computer Interaction and PST
  • Implications of, and Technologies for, Lawful Surveillance
  • Biometrics, National ID Cards, Identity Theft
  • PST and Web Services / SOA
  • Privacy, Traceability, and Anonymity
  • Trust and Reputation in Self-Organizing Environments
  • Anonymity and Privacy vs. Accountability
  • Access Control and Capability Delegation
  • Representations and Formalizations of Trust in Electronic and Physical Social Systems

• ESORICS 2011 16th European Symposium on Research in Computer Security, Leuven, Belgium, September 12-14, 2011. (Submissions due 21 March 2011)

  ESORICS is the annual European research event in Computer Security. The Symposium started in 1990 and has been held in several European countries, attracting a wide international audience from both the academic and industrial communities. Papers offering novel research contributions in computer security are solicited for submission to the Symposium. The primary focus is on original, high quality, unpublished research and implementation experiences. Submitted papers must not substantially overlap with papers that have been published or that are simultaneously submitted to a journal or a conference with proceedings. We encourage submissions of papers discussing industrial research and development. Suggested topics include but are not restricted to:

  • Access Control
  • Accountability
  • Ad hoc Networks
  • Anonymity
  • Applied Cryptography
  • Attacks and Viral Software
  • Authentication and Delegation
  • Biometrics
  • Database Security
  • Digital Content Protection
  • Distributed Systems Security
  • Electronic Payments
  • Embedded Systems Security
  • Inference Control
  • Information Hiding
  • Identity Management
  • Information Flow Control
  • Integrity
  • Intrusion Detection
  • Formal Security Methods
  • Language-Based Security
  • Network Security
  • Phishing and Spam Prevention
  • Privacy
  • Risk Analysis and Management
  • Secure Electronic Voting
  • Security Architectures
  • Security Economics
  • Security and Privacy Policies
  • Security for Mobile Code
  • Security in Location Services
  • Security in Social Networks
  • Security Models
  • Security Verification
  • Software Security
  • Steganography
  • Systems Security
  • Trust Models and Management
  • Trustworthy User Devices
  • Web Security
  • Wireless Security

• ESAS 2011 6th IEEE International Workshop on Engineering Semantic Agent Systems, Held in conjunction with IEEE COMPSAC 2011, Munich, Germany, July 18-22, 2011. (Submissions due 22 March 2011)

  Semantic web technologies render dynamic, heterogeneous, distributed, shared semantic content equally accessible to human reader and software agents. ESAS Workshops Series focuses on concepts, foundations and applications of semantic agent systems and bringing forward better practices of engineering them. Research and technologies related to Semantic Web and agent systems are very much in focus at ESAS. Topics of interest span a wide spectrum of both theory and practice of semantics and agent architectures, including software agents, mobile agents, autonomous semantic agents, context-aware intelligent agents, agents as semantic web services, multi-agent systems, agent communities, cooperation and goal seeking through shared policy and ontology, safety & security in semantic multi-agent information systems, and other QoS issues.

• W2SP 2011 Web 2.0 Security and Privacy 2011 Workshop, Held in conjunction with IEEE Symposium on Security and Privacy (SP 2011), Berkeley, CA, USA, May 26, 2011. (Submissions due 25 March 2011)

  W2SP brings together researchers, practitioners, web programmers, policy makers, and others interested in the latest understanding and advances in the security and privacy of the web, browsers and their eco-system. We have had four years of successful W2SP workshops. This year, we will additionally invite selected papers to a special issue of the journal. We are seeking both short position papers (2-4 pages) and longer papers (a maximum of 10 pages). The scope of W2SP 2011 includes, but is not limited to:

  • Trustworthy cloud-based services
  • Privacy and reputation in social networks
  • Security and privacy as a service
  • Usable security and privacy
  • Security for the mobile web
  • Identity management and psuedonymity
  • Web services/feeds/mashups
  • Provenance and governance
  • Security and privacy policies for composible content
  • Next-generation browser technology
  • Secure extensions and plug-ins
  • Advertisement and affiliate fraud
  • Measurement study for understanding web security and privacy

• FCS 2011 Workshop on Foundations of Computer Security, Held in conjunction with LICS 2011, Toronto, Ontario, Canada, June 20, 2011. (Submissions due 29 March 2011)

  Computer security is an established field of computer science of both theoretical and practical significance. In recent years, there has been increasing interest in logic-based foundations for various methods in computer security, including the formal specification, analysis and design of security protocols and their applications, the formal definition of various aspects of security such as access control mechanisms, mobile code security and denial-of-service attacks, and the modeling of information flow and its application to confidentiality policies, system composition, and covert channel analysis. The aim of the workshop FCS'11 is to provide a forum for continued activity in different areas of computer security, bringing computer security researchers in closer contact with the LICS community and giving LICS attendees an opportunity to talk to experts in computer security, on the one hand, and contribute to bridging the gap between logical methods and computer security foundations, on the other. We are interested both in new results in theories of computer security and also in more exploratory presentations that examine open questions and raise fundamental concerns about existing theories, as well as in new results on developing and applying automated reasoning techniques and tools for the formal specification and analysis of security protocols.

• RAID 2011 14th International Symposium on Recent Advances in Intrusion Detection, Menlo Park, CA, USA, September 20-21, 2011. (Submissions due 31 March 2011)

  This symposium, the 14th in an annual series, brings together leading researchers and practitioners from academia, government, and industry to discuss issues and technologies related to intrusion detection and defense. The Recent Advances in Intrusion Detection (RAID) International Symposium series furthers advances in intrusion defense by promoting the exchange of ideas in a broad range of topics. As in previous years, all topics related to intrusion detection, prevention and defense systems and technologies are within scope, including but not limited to the following:

  • Network and host intrusion detection and prevention
  • Anomaly and specification-based approaches
  • IDS cooperation and event correlation
  • Malware prevention, detection, analysis, containment
  • Web application security
  • Insider attack detection
  • Intrusion response, tolerance, and self-protection
  • Operational experiences with current approaches
  • Intrusion detection assessment and benchmarking
  • Attacks against intrusion detection systems
  • Formal models, analysis, and standards
  • Deception systems and honeypots
  • Vulnerability analysis and forensics
  • Adversarial machine learning for security
  • Visualization techniques
  • High-performance intrusion detection
  • Legal, social, and privacy issues
  • Network exfiltration detection
  • Botnet analysis, detection, and mitigation
  • Cyber-physical systems

• VizSec 2011 8th International Symposium on Visualization for Cyber Security, Held in conjunction with the Symposium on Usable Privacy and Security (SOUPS 2011), Pittsburgh, PA, USA, July 20, 2011. (Submissions due 1 April 2011)

  The annual symposium joins academic, government, and industry leaders from around the globe to share the latest developments and applications of visualization techniques to address current cyber security challenges. Researchers and practitioners are invited to submit technical papers and panel session proposals that offer a novel contribution to security visualization. Papers are encouraged on new visualization technologies and methods that have been applied and demonstrated to be useful in a range of security domains including, but not limited to, computer forensics, risk assessment, cryptography, malware analysis, and situational awareness.

• NSPW 2011 New Security Paradigms Workshop, Marin County, CA, USA, September 12-15, 2011. (Submissions due 4 April 2011)

  The New Security Paradigms Workshop (NSPW) is seeking papers that address the current limitations of information security. Today's security risks are diverse and plentiful - botnets, database breaches, phishing attacks, targeted cyber attacks - and yet present tools for combating them are insufficient. To address these limitations, NSPW welcomes unconventional, promising approaches to important security problems and innovative critiques of current security theory and practice. We are particularly interested in perspectives from outside computer security, both from other areas of computer science (such as operating systems, human-computer interaction, databases, programming languages, algorithms) and other sciences that study adversarial relationships such as biology and economics. We discourage papers that offer incremental improvements to security and mature work that is appropriate for standard information security venues.

• HealthSec 2011 2nd USENIX Workshop on Health Security and Privacy, Held in conjunction with the 20th USENIX Security Symposium, San Francisco, CA, USA, August 9, 2011. ( Position Paper Submissions due 5 April 2011)

  The focus of HealthSec '11 is the exploration of security and privacy issues that arise from the exploding quantity of digital personal health information, in both the provider and the patient settings. The Program Committee strongly encourages cross-disciplinary interactions between fields, including, but not limited to, technology, medicine, and policy. Surprising results and thought-provoking ideas will be strongly favored; complete papers with polished results in well-explored research areas are comparatively discouraged. We will select position papers that show potential to stimulate or catalyze further research and explorations of new directions, as well as extended abstracts that explore a specific issue a little more deeply, including preliminary results. Position papers are solicited on topics in all areas relating to healthcare information security and privacy, including:

  • Security and privacy models for healthcare information systems
  • Industry experience in securing healthcare information systems
  • Design and deployment of patient-oriented systems for securely accessing and managing personal health data
  • Security and privacy threats against existing and future medical devices--and countermeasures
  • Regulatory and policy issues of healthcare information systems
  • Privacy of medical information
  • Usability issues, especially combined with security constraints
  • Threat models for healthcare information systems

• ASA 2011 5th International Workshop on Analysis of Security APIs, Paris, France, June 30, 2011. (Position Paper Submissions due 8 April 2011)

  Security APIs allow untrusted code to access sensitive resources in a secure way. Security API analysis is an emerging field of computer security research. The aim of the ASA workshop is to bring together researchers working in security API analysis for a day of presentations and discussions. Since the field is relatively young, polished research papers will not be solicited. Instead, the workshop will follow the format that was highly successful at ASA in 2007-10: prospective participants are invited to submit a short (1-4 page) abstract describing their current work and/or interests in the area. We plan to have two sessions of 20-minute talks by participants, with each session followed by informal discussion. There will also be a workshop dinner in the evening, and subject to confirmation, an invited speaker. The scope of ASA runs from theoretical results and formalisms for API analysis right through to applications and empirical results with security APIs deployed `in the field'. Applications of interest include (but are not limited to) financial applications (e.g. APIs of Hardware Security Modules), smartcard APIs, the Trusted Computing Architecture, and security APIs for web based systems.

• CSET 2011 4th Workshop on Cyber Security Experimentation and Test, Held in conjunction with the 20th USENIX Security Symposium, San Francisco, CA, USA, August 8, 2011. (Submissions due 18 April 2011)

  The focus of CSET is on the science of cyber security evaluation, as well as experimentation, measurement, metrics, data, and simulations as those subjects relate to computer and network security. The science of cyber security is challenging for a number of reasons:

  • Data: There is an absence of data usable by the community. Moreover, there is no clear understanding of what good data would look like if it was obtained, and how the value of data changes over time.
  • Realism: Experiments must faithfully recreate the relevant features of the phenomena they investigate in order to obtain correct results, yet data about threats and the Internet landscape is sparse, modeling humans is hard, and issues of scaling (up or down) are not well understood. Hence careful reasoning about "realism" is required.
  • Rigor: Repeatability and correctness must be ensured in any scientific experimentation. These can be extremely hard to achieve.
  • Risk: Cyber security experiments naturally carry significant risk if not properly contained and controlled. At the same time, these experiments may well require some degree of interaction with the larger world to be useful.
  Meeting these challenges requires transformational advance in understanding of the relationship between scientific method and cyber security evaluation, as well as transformational advance in capability of the underlying resources and infrastructure and usability of the data. The 4th Workshop on Cyber Security Experimentation and Test (CSET '11) invites submissions on the science, design, architecture, construction, operation, and use of cyber security data and experiments.

• EVT/WOTE 2011 Electronic Voting Technology Workshop/ Workshop on Trustworthy Elections, Held in conjunction with the 20th USENIX Security Symposium, San Francisco, CA, USA, August 8-9, 2011. (Submissions due 20 April 2011)

  USENIX, ACCURATE, and IAVoSS are sponsoring the 2011 Electronic Voting Technology Workshop/Workshop on Trustworthy Elections (EVT/WOTE '11). EVT/WOTE brings together researchers from a variety of disciplines, ranging from computer science and human-computer interaction experts through political scientists, legal experts, election administrators, and voting equipment vendors. Papers should contain original research in any area related to electronic voting technologies and verifiable elections. Example applications include but are not limited to:

  • Ballot-box electronic voting systems
  • Remote electronic voting systems
  • Voter registration systems
  • Procedures for ballot auditing
  • Cryptographic (or non-cryptographic) verifiable election schemes

• PBD 2011 1st International Workshop on Privacy by Design, Held in conjunction with the Sixth International Conference on Availability, Reliability and Security (ARES 2011), Vienna, Austria, August 22-26, 2011. (Submissions due 24 April 2011)

  While data privacy was in the past mainly assured through procedures, laws or static access control policies, these protection mechanisms tend to be ineffective once data is ubiquitously available, outsourced to partially untrusted servers or processed by third parties. In addition, most current approaches towards achieving privacy - such as anonymisation and aggregation - are either incompatible with the increasing complexity of data usage or easy to compromise due to advances in statistical analysis and availability of side-information. Recent research tries to provide technical solutions in order to minimize the exposure of sensitive data while still allowing data-driven business models. For example, cryptographic schemes such as Secure Multiparty Computation, data-centric protection schemes such as Enterprise Rights Management or trusted virtualization technologies may be used to make IT systems intrinsically privacy friendly, finally contributing to the vision of "privacy by design". The aim of the workshop is to bring together researchers, systems engineers and privacy professionals in order to drive the concept of Privacy by Design and discuss implementation aspects as well as the surrounding legal and economic issues. The main topics of interest comprise but are not limited to:

  • design issues of privacy-enhanced systems
  • cryptographic approaches for privacy
  • practical aspects of Secure Multiparty Computation
  • data centric security
  • Information/Enterprise Rights Management
  • privacy-enhanced system architectures
  • privacy and biometrics
  • privacy in the cloud
  • Privacy Enhancing Technologies
  • censorship resistance
  • economic and legal aspects of privacy
  • usability of Privacy Enhancing Technologies

• IWSEC 2011 6th International Workshop on Security, Tokyo, Japan, November 8-10, 2011. (Submissions due 26 April 2011)

  Original papers on the research and development of various security topics are solicited for submission to IWSEC 2011. Topics of interest for IWSEC 2011 include but are not limited to:

  • Foundations of Security
  • Security in Networks and Ubiquitous Computing Systems
  • Security in Real Life Applications

• WOOT 2011 5th USENIX Workshop on Offensive Technologies, Held in conjunction with the 20th USENIX Security Symposium, San Francisco, CA, USA, August 8, 2011. (Submissions due 2 May 2011)

  Computer security is unique among systems disciplines in that practical details matter and concrete case studies keep the field grounded in practice. WOOT provides a forum for high-quality, peer-reviewed papers discussing tools and techniques for attack. Submissions should reflect the state of the art in offensive computer security technology, either surveying previously poorly known areas or presenting entirely new attacks. Submission topics include but are not limited to:

  • Vulnerability research (software auditing, reverse engineering)
  • Penetration testing
  • Exploit techniques and automation
  • Network-based attacks (routing, DNS, IDS/IPS/firewall evasion)
  • Reconnaissance (scanning, software, and hardware fingerprinting)
  • Malware design and implementation (rootkits, viruses, bots, worms)
  • Denial-of-service attacks
  • Web and database security
  • Weaknesses in deployed systems (VoIP, telephony, wireless, games)
  • Practical cryptanalysis (hardware, DRM, etc.)

• HotSec 2011 6th USENIX Workshop on Hot Topics in Security, Held in conjunction with the 20th USENIX Security Symposium, San Francisco, CA, USA, August 9, 2011. (Submissions due 5 May 2011)

  HotSec is renewing its focus by placing singular emphasis on new security ideas and problems. Works reflecting incremental ideas or well understood problems will not be accepted. Cross-discipline papers identifying new security problems or exploring approaches not previously applied to security will be given special consideration. All submissions should propose new directions of research, advocate non-traditional approaches, report on noteworthy experience in an emerging area, or generate lively discussion around an important topic. HotSec takes a broad view of security and privacy and encompasses research on topics including but not limited to:

  • Large-scale threats
  • Network security
  • Hardware security
  • Software security
  • Physical security
  • Programming languages
  • Applied cryptography
  • Privacy
  • Human-computer interaction
  • Emerging computing environment
  • Sociology
  • Economics

• ACM-CCS 2011 18th ACM Conference on Computer and Communications Security, Chicago, IL, USA, October 17-21, 2011. (Submissions due 6 May 2011)

  The annual ACM Computer and Communications Security Conference is a leading international forum for information security researchers, practitioners, developers, and users to explore cutting-edge ideas and results, and to exchange techniques, tools, and experiences. The conference seeks submissions from academia, government, and industry presenting novel research on all practical and theoretical aspects of computer and communications security. Papers should have relevance to the construction, evaluation, application, or operation of secure systems. Theoretical papers must make a convincing argument for the practical significance of the results. All topic areas related to computer and communications security are of interest and in scope. Accepted papers will be published by ACM Press in the conference proceedings. Outstanding papers will be invited for possible publication in a special issue of the ACM Transactions on Information and System Security.

• SAC 2011 18th International Workshop on Selected Areas in Cryptography, Toronto, Ontario, Canada, August 11-12, 2011. (Submissions due 9 May 2011)

  The Workshop on Selected Areas in Cryptography (SAC) is an annual conference dedicated to specific themes in the area of cryptographic system design and analysis. Authors are encouraged to submit original papers related to the themes for the SAC 2011 workshop:

  • Design and analysis of symmetric key primitives and cryptosystems, including block and stream ciphers, hash functions, and MAC algorithms.
  • Efficient implementations of symmetric and public key algorithms.
  • Mathematical and algorithmic aspects of applied cryptology.
  • Cryptographic tools and methods for securing clouds.

• CRiSIS 2011 6th International Conference on Risks and Security of Internet and Systems, Timisoara, Romania, September 26-28, 2011. (Submissions due 10 May 2011)

  The topics addressed by CRiSIS range from the analysis of risks, attacks to networks and system survivability, passing through security models, security mechanisms and privacy enhancing technologies. Prospective authors are invited to submit research results as well as practical experiment or deployment reports. Industrial papers about applications and case studies, such as telemedicine, banking, e-government and critical infrastructure, are also welcome. The list of topics includes but is not limited to:

  • Analysis and management of risks
  • Attacks and defences
  • Attack data acquisition and network monitoring
  • Cryptography, Biometrics, Watermarking
  • Dependability and fault tolerance of Internet applications
  • Distributed systems security
  • Embedded system security
  • Intrusion detection and Prevention systems
  • Hardware-based security and Physical security
  • Trust management
  • Organizational, ethical and legal issues
  • Privacy protection and anonymization
  • Security and dependability of operating systems
  • Security and safety of critical infrastructures
  • Security and privacy of peer-to-peer system
  • Security and privacy of wireless networks
  • Security models and security policies
  • Security of new generation networks, security of VoIP and multimedia
  • Security of e-commerce, electronic voting and database systems
  • Traceability, metrology and forensics
  • Use of smartcards and personal devices for Internet applications
  • Web security

• NSS 2011 5th International Conference on Network and System Security, Milan, Italy, September 6-8, 2011. (Submissions due 11 May 2011)

  NSS is an annual international conference covering research in network and system security. The 5th International Conference on Network and System Security (NSS 2011) will be held in Milan, Italy. The conference seeks submissions from academia, industry, and government presenting novel research on all theoretical and practical aspects of network security, privacy, applications security, and system security. Papers describing case studies, implementation experiences, and lessons learned are also encouraged. Topics of interest include, but are not limited to:

  • Active Defense Systems
  • Adaptive Defense Systems
  • Analysis, Benchmark of Security Systems
  • Authentication
  • Biometric Security
  • Complex Systems Security
  • Database and System Security
  • Data Protection
  • Data/System Integrity
  • Distributed Access Control
  • Distributed Attack Systems
  • Denial-of-Service
  • Electronic Communication Privacy
  • High Performance Network Virtualization
  • High Performance Security Systems
  • Hardware Security
  • Identity Management
  • Intelligent Defense Systems
  • Insider Threats
  • Intellectual Property Rights Protection
  • Internet and Network Forensics
  • Intrusion Detection and Prevention
  • Key Distribution and Management
  • Large-Scale Attacks and Defense
  • Malware
  • Network Resiliency
  • Network Security
  • RFID Security and Privacy
  • Security Architectures
  • Security for Critical Infrastructures
  • Security in P2P Systems
  • Security in Cloud and Grid Systems
  • Security in E-Commerce
  • Security in Pervasive/Ubiquitous Computing
  • Security and Privacy in Smart Grid
  • Security and Privacy in Wireless Networks
  • Secure Mobile Agents and Mobile Code
  • Security Policy
  • Security Protocols
  • Security Simulation and Tools
  • Security Theory and Tools
  • Standards and Assurance Methods
  • Trusted Computing
  • Trust Management
  • World Wide Web Security

• SecureComm 2011 7th International Conference on Network Security & Privacy, London, United Kingdom, September 7-9, 2011. (Submissions due 16 May 2011)

  SecureComm2011 seeks high-quality research contributions in the form of well developed papers. Topics of interest encompass research advances in ALL areas of secure communications and networking. Topics in other areas (e.g., formal methods, database security, secure software, applied cryptography) will also be considered if a clear connection to private or secure communications/networking is demonstrated. The aim of SecureComm is to bring together security and privacy experts in academia, industry and government as well as practitioners, standards developers and policy makers, in order to engage in a discussion about common goals and explore important research directions in the field. SecureComm also serves as a venue for learning about state-of-the-art in security and privacy research, giving attendees the opportunity to network with experts in the field. Topics include:

  • Network Intrusion Detection and Prevention, Firewalls, Packet Filters
  • Malware and botnets
  • Communication Privacy and Anonymity
  • Distributed denial of service
  • Public Key Infrastructures, key management, credentials
  • Web security
  • Secure Routing, Naming/Addressing, Network Management
  • Security & Privacy in Pervasive and Ubiquitous Computing, e.g., RFIDs
  • Security & Privacy for emerging technologies: VoIP, peer-to-peer and overlay network systems, Web 2.0

• Security and Communication Networks (SCN), Special Issue on Security and Privacy in Ubiquitous Computing, 2012, (Submission Due 20 May 2011)

  Editor: Ali Miri (Ryerson University, Canada), Nen-Fu Huang (National Tsing Hua University, Taiwan, ROC), and Abderrahim Benslimane (University of Avignon, France)
  
  The research area of mobile computing has become more important following the recent widespread drive towards mobile ad hoc networks, wireless sensor networks and vehicular ad hoc network tracking technologies and their applications. The availability of high bandwidth 3G infrastructures and the pervasive deployment of low cost WiFi infrastructures and WiMAX to create hotspots around the world serve to accelerate the development of mobile computing towards ubiquitous computing. Security and privacy in converged computing systems are considered an important part of these systems, and pose challenging open problems. This special issue will focus on the research challenges and issues in security and privacy in ubiquitous computing. Manuscripts regarding novel algorithms, architectures, implementations and experiences are welcome. Topics include but are not limited to:

  • Secure architectures for converged communication networks
  • Multi-hop authentication and authorization
  • Context-aware security in computing
  • Security management of mobile data
  • Security for ubiquitous multimedia communication
  • Secure user interactions and ubiquitous services
  • Security and privacy in location based services
  • Security and privacy in mobile social networks
  • Trust management in ubiquitous services
  • Security in home networks
  • Homeland security and surveillance
  • Trusted cloud computing
  • Secure group communication/multicast
  • Secure machine-to-machine communication
  • Security in portable devices and wearable computers
  • Privacy protection in distributed data mining
  • Energy efficient intrusion detection schemes in mobile computing

• MetriSec 2011 7th International Workshop on Security Measurements and Metrics, Held in conjunction with the International Symposium on Empirical Software Engineering and Measurement (ESEM 2011), Banff, Alberta, Canada, September 21, 2011. (Submissions due 30 May 2011)

  Quantitative assessment is a major stumbling block for software and system security. Although some security metrics exist, they are rarely adequate. The engineering importance of metrics is intuitive: you cannot consistently improve what you cannot measure. Economics is an additional driver for security metrics: customers are unlikely to pay a premium for security if they are unable to quantify what they receive. The goal of the workshop is to foster research into security measurements and metrics and to continue building the community of individuals interested in this field. This year, MetriSec continues its co-location with ESEM, which offers an opportunity for the security metrics folks to meet the metrics community at large. The organizers solicit original submissions from industry and academic experts on the development and application of repeatable, meaningful measurements in the fields of software and system security. The topics of interest include, but are not limited to:

  • Security metrics
  • Security measurement and monitoring
  • Development of predictive models
  • Experimental validation of models
  • Formal theories of security metrics
  • Security quality assurance
  • Empirical assessment of security architectures and solutions
  • Mining data from attack and vulnerability repositories: e.g. CVE, CVSS
  • Software security metrics
  • Static analysis metrics
  • Simulation and statistical analysis
  • Security risk analysis
  • Industrial experience

• TrustCom 2011 10th IEEE International Conference on Trust, Security and Privacy in Computing and Communications, Changsha, China, November 16-18, 2011. (Submissions due 30 June 2011)

  With rapid development and increasing complexity of computer and communications systems and networks, user requirements for trust, security and privacy are becoming more and more demanding. However, there is a grand challenge that traditional security technologies and measures may not meet user requirements in open, dynamic, heterogeneous, mobile, wireless, and distributed computing environments. Therefore, we need to build systems and networks in which various applications allow users to enjoy more comprehensive services while preserving trust, security and privacy at the same time. As useful and innovative technologies, trusted computing and communications are attracting researchers with more and more attention. IEEE TrustCom-11 is an international conference for presenting and discussing emerging ideas and trends in trusted computing and communications in computer systems and networks from both the research community as well as the industry.