IEEE Cipher: Newsletter of the IEEE Computer Society Technical Committee on Security and Privacy, Issue 103 July 19, 2011

Cipher
Electronic Newsletter of the Technical Committe on
Security & Privacy
A Technical Committee of the Computer Society of the IEEE

Electronic Issue (EI) 103, July 19, 2011

Hilarie Orman, Editor	Book Reviews
Sven Dietrich, Associate Editor	Yong Guan, Calendar Editor

Conference and Workshop Announcements

Cipher calls-for-papers and calendar
Cipher calendar announcements are on Twitter; follow "ciphernews"

(the calls-for-papers and the calendar announcements may differ slightly in content or time of update):

7/ 16/11: WPES, 10th ACM Workshop on Privacy in the Electronic Society, Held in conjunction with the ACM CCS 2011, Chicago, IL, USA; Submissions are due

7/ 19/11: WPLS, Workshop on Physical Layer Security, Held in conjunction with the IEEE Globecom Conference 2011, Houston, Texas, USA; Submissions are due

7/19/11- 7/21/11: PST, 9th International Conference on Privacy, Security and Trust, Montreal, Quebec, Canada

7/21/11: eCrime Researchers Summit, 6th IEEE eCrime Researchers Summit, Held in conjunction with the 2011 APWG General Meeting, San Diego, CA, USA; Submissions are due

7/22/11- 7/24/11: ID, ACM/Springer International Workshop on Identity: Security, Management & Applications, Kochi, Kerala, India

7/27/11- 7/29/11: PETS, 11th Privacy Enhancing Technologies Symposium, Waterloo, ON, Canada

7/31/11: Nordsec, 16th Nordic Workshop on Secure IT-Systems, Tallinn, Estonia; Submissions are due

8/ 1/11: INTRUST, International Conference on Trusted Systems, Beijing, China; Submissions are due

8/ 1/11- 8/ 3/11: DFRWS, 11th Digital Forensics Research Conference, New Orleans, LA, USA

8/ 9/11: NDSS, Network & Distributed System Security Symposium, San Diego, California, USA; Submissions are due

8/10/11- 8/12/11: USENIX Security, 20th USENIX Security Symposium, San Francisco, CA, USA

8/15/11: WICT-NDF, World Congress on Information and Communication Technologies, Intrusion Detection and Forensics, Mumbai, India; Submissions are due

8/15/11: Wiley Security and Communication Networks Journal, Special Issue on Applications of Machine Learning Techniques to Intrusion Detection and Digital Forensics; Submissions are due

8/21/11: International Journal of Information Security, Special Issue on SCADA and Control System Security; Submissions are due

8/22/11- 8/24/11: WISA, 12th International Workshop on Information Security Applications, Jeju Island, Korea

8/29/11: CT-RSA, RSA Conference, Cryptographers' Track, San Francisco, California, USA; Submissions are due

9/ 6/11- 9/ 7/11: EC2ND, 7th European Conference on Computer Network Defense, Gothenburg, Sweden

9/ 6/11- 9/ 8/11: IWSSC 2011 1st International Workshop on Securing Services on the Cloud, Held in conjunction with the 5th International Conference on Network and System Security (NSS 2011), Milan, Italy

9/12/11- 9/14/11: ESORICS, 16th European Symposium on Research in Computer Security, Leuven, Belgium

9/15/11: IFIP-DF, 8th Annual IFIP WG 11.9 International Conference on Digital Forensics, University of Pretoria, Pretoria, South Africa; Submissions are due

9/15/11: FC, 16th Financial Cryptography and Data Security, Divi Flamingo Beach Resort, Bonaire; Submissions are due

9/15/11- 9/16/11: FAST, 8th International Workshop on Formal Aspects of Security & Trust, Held in conjunction with the European Symposium on Research in Computer Security (ESORICS 2011), Leuven, Belgium

9/15/11- 9/16/11: SETOP, 4th International Workshop on Autonomous and Spontaneous Security, Held in conjunction with the European Symposium on Research in Computer Security (ESORICS 2011), Leuven, Belgium

9/15/11- 9/16/11: DPM, 6th International Workshop on Data Privacy Management, Held in conjunction with the European Symposium on Research in Computer Security (ESORICS 2011), Leuven, Belgium

9/15/11- 9/16/11: EuroPKI, 8th European Workshop on Public Key Services, Applications and Infrastructures, Held in conjunction with the European Symposium on Research in Computer Security (ESORICS 2011), Leuven, Belgium

9/18/11: ESSoS, 4th International Symposium on Engineering Secure Software and Systems, Eindhoven, The Netherlands; Submissions are due

9/19/11- 9/21/11: SAFECOMP, 30th International Conference on Computer Safety, Reliability and Security, Naples, Italy

9/20/11- 9/21/11: RAID, 14th International Symposium on Recent Advances in Intrusion Detection, Menlo Park, CA, USA

9/26/11- 9/28/11: CRiSIS, 6th International Conference on Risks and Security of Internet and Systems, Timisoara, Romania

9/30/11: Elsevier Computers & Electrical Engineering, Special Issue on Recent Advances in Security and Privacy in Distributed Communications; Submissions are due

10/ 1/11: IEEE Systems Journal, Special Issue on Security and Privacy in Complex Systems,; Submissions are due

10/17/11: STC, 6th ACM Workshop on Scalable Trusted Computing, Held in conjunction with the ACM CCS 2011, Chicago, IL, USA

10/17/11: WPES, 10th ACM Workshop on Privacy in the Electronic Society, Held in conjunction with the ACM CCS 2011, Chicago, IL, USA

10/19/11: SecIoT, 2nd Workshop on the Security of the Internet of Things, Held in conjunction with IEEE iThings 2011, Dalian, China

10/21/11: CCSW, ACM Cloud Computing Security Workshop, Held in conjunction with the ACM CCS 2011, Chicago, IL, USA

10/21/11: AISec, 4th Workshop on Artificial Intelligence and Security, Held in conjunction with ACM CCS 2011, Chicago, IL, USA

10/24/11-10/26/11: DSPSR, 1st IEEE/IFIP EUC Workshop on Data Management, Security and Privacy in Sensor Networks and RFID, Held in conjunction with the 9th IEEE/IFIP International Conference on Embedded and Ubiquitous Computing (EUC 2011), Melbourne, Australia

10/26/11-10/28/11: Nordsec, 16th Nordic Workshop on Secure IT-Systems, Tallinn, Estonia

11/ 7/11-11/ 9/11: eCrime Researchers Summit, 6th IEEE eCrime Researchers Summit, Held in conjunction with the 2011 APWG General Meeting, San Diego, CA, USA

11/16/11: TSCloud, 1st IEEE International Workshop on Trust and Security in Cloud Computing, Changsha, China

11/16/11-11/18/11: TrustCom, 10th IEEE International Conference on Trust, Security and Privacy in Computing and Communications, Changsha, China

11/27/11-11/29/11: INTRUST, International Conference on Trusted Systems, Beijing, China

11/29/11-12/ 2/11: WIFS, IEEE Workshop on Information Forensics and Security, Foz do Iguacu, Brazil

12/ 5/11-12/ 9/11: ACSAC, 27th Annual Computer Security Applications Conference, Orlando, Florida, USA

12/ 9/11: WPLS, Workshop on Physical Layer Security, Held in conjunction with the IEEE Globecom Conference 2011, Houston, Texas, USA

12/11/11-12/14/11: WICT-NDF, World Congress on Information and Communication Technologies, Intrusion Detection and Forensics, Mumbai, India

1/ 3/12- 1/ 5/12: IFIP-DF, 8th Annual IFIP WG 11.9 International Conference on Digital Forensics, University of Pretoria, Pretoria, South Africa

1/ 4/12- 1/ 7/12: HICSS-ST, 45th Annual HAWAII International Conference on System Sciences, Software Technology Track, Grand Wailea Maui, Hawaii, USA

2/ 5/12- 2/ 8/12: NDSS, Network & Distributed System Security Symposium, San Diego, California, USA

2/16/12- 2/17/12: ESSoS, 4th International Symposium on Engineering Secure Software and Systems, Eindhoven, The Netherlands

2/27/12- 3/ 2/12: CT-RSA, RSA Conference, Cryptographers' Track, San Francisco, California, USA

2/27/12- 3/ 2/12: FC, 16th Financial Cryptography and Data Security, Divi Flamingo Beach Resort, Bonaire

new calls or announcements added since Cipher E102

WPES 2011 10th ACM Workshop on Privacy in the Electronic Society, Held in conjunction with the ACM CCS 2011, Chicago, IL, USA, October 17, 2011. (Submissions due 16 July 2011)
The need for privacy-aware policies, regulations, and techniques has been widely recognized. This workshop discusses the problems of privacy in the global interconnected societies and possible solutions. The workshop seeks submissions from academia and industry presenting novel research on all theoretical and practical aspects of electronic privacy, as well as experimental studies of fielded systems. We encourage submissions from other communities such as law and business that present these communities' perspectives on technological issues. Topics of interest include, but are not limited to:

anonymity, pseudonymity, and unlinkability
data correlation and leakage attacks
data security and privacy
electronic communication privacy
economics of privacy
information dissemination control
personally identifiable information
privacy-aware access control
privacy and anonymity in the Web
privacy in cloud and grid systems
privacy and confidentiality management
privacy and data mining
privacy in the digital business
privacy in the electronic records
privacy enhancing technologies
privacy in health care and public administration
privacy and human rights
privacy metrics
privacy in mobile systems
privacy in outsourced scenarios
privacy policies
privacy vs. security
privacy in social networks
privacy threats
privacy and virtual identity
public records and personal privacy
user profiling
wireless privacy

WPLS 2011 Workshop on Physical Layer Security, Held in conjunction with the IEEE Globecom Conference 2011, Houston, Texas, USA, December 9, 2011. (Submissions due 19 July 2011)
There has been a growing interest in recent times in using resources at the Physical Layer for designing novel security techniques that compliment existing cryptographic methods. Such solutions often exploit the unique characteristics of wireless channels in defeating both active and passive adversaries. The PhysicalLayer Security Workshop aims to bring together researchers working on various aspects of Physical layer security to present their latest research activity. Prospective Authors are encouraged to submit unpublished contributions in physical-layer security including (but not limited to) the following topics:

Code design for wiretap channels
Alignment and structured codes for wiretap channels
Secrecy capacity of multipath, fading, MIMO channels
Effects of channel state information on secure communications
Cooperative secure communications
Secret key agreement and distillation
Secret key capacity of wireless channels
Integration of physical-layer security into wireless systems
Practical and implementation issues
Game theoretic Models for PHY-Security

eCrime Researchers Summit 2011 6th IEEE eCrime Researchers Summit, Held in conjunction with the 2011 APWG General Meeting, San Diego, CA, USA, November 7-9, 2011. (Submissions due 21 July 2011)
eCRS 2011 will bring together academic researchers, security practitioners, and law enforcement to discuss all aspects of electronic crime and ways to combat it, Topics of interests include (but are not limited to):

Phishing, rogue-AV, pharming, click-fraud, crimeware, extortion and emerging attacks
Technical, legal, political, social and psychological aspects of fraud and fraud prevention
Malware, botnets, ecriminal/phishing gangs and collaboration, or money laundering
Techniques to assess the risks and yields of attacks and the success rates of countermeasures
Delivery techniques, including spam, voice mail and rank manipulation; and countermeasures
Spoofing of different types, and applications to fraud
Techniques to avoid detection, tracking and takedown; and ways to block such techniques
Honeypot design, data mining, and forensic aspects of fraud prevention
Design and evaluation of user interfaces in the context of fraud and network security
Best practices related to digital forensics tools and techniques, investigative procedures, and evidence acquisition, handling and preservation

Nordsec 2011 16th Nordic Workshop on Secure IT-Systems, Tallinn, Estonia, October 26-28, 2011. (Submissions due 31 July 2011)
The conference welcomes contributions in the form of papers, short papers, and posters. Since 1996, the NordSec conferences have brought together computer security researchers and practitioners from around the world, and particularly from the Nordic countries and Northern Europe. The conference focuses on applied IT security and is intended to encourage interaction between academic and industrial research. Student papers and posters are particularly encouraged. Submissions reporting industrial or governmental experiences are also encouraged and will be given special consideration. Contributions should reflect original research, developments, studies and practical experience within all areas of IT security. With the theme "IT Security in Governance", this year's conference will emphasize policies, strategies and technologies related to the security and sustainability of processes executed by heterogeneous organizations, departments or organizational clusters of all sizes. NordSec 2011 also welcomes contributions over a broad range of topics in IT security, including, but not limited to, the following areas:

Applied cryptography
Commercial security policies and their enforcement
Communication and network security
Computer crime and information warfare
Hardware and smart card applications
Internet and web security
Intrusion detection
Language-based techniques for security
New ideas and paradigms in security
Operating system security
Privacy and anonymity
Security education and training
Security evaluation and measurement
Security management and audit
Security modeling and metrics
Access control and security models
Security protocols
Social engineering and phishing
Security usability
Economics, law and social aspects of security
Software security and malware
Trust and identity management

INTRUST 2011 International Conference on Trusted Systems, Beijing, China, November 27-29, 2011. (Submissions due 1 August 2011)
Building on the success of INTRUST 2009 and INTRUST 2010 (both were held in Beijing, P. R. China), this conference focuses on the theory, technologies and applications of trusted systems. It is devoted to all aspects of trusted computing systems, including trusted modules, platforms, networks, services and applications, from their fundamental features and functionalities to design principles, architecture and implementation technologies. The goal of the conference is to bring academic and industrial researchers, designers, and implementers together with end-users of trusted systems, in order to foster the exchange of ideas in this challenging and fruitful area. INTRUST 2011 solicits original papers on any aspect of the theory, advanced development and applications of trusted computing, trustworthy systems and general trust issues in modern computing systems. The conference will have an academic track and an industrial track. This call for papers is for contributions to both of the tracks. Submissions to the academic track should emphasize theoretical and practical research contributions to general trusted system technologies, while submissions to the industrial track may focus on experiences in the implementation and deployment of real-world systems. Topics of relevance include but are not limited to:

Fundamental features and functionalities of trusted systems
Primitives and mechanisms for building a chain of trust
Design principles and architectures of trusted modules and platforms
Implementation technologies for trusted modules and platforms
Cryptographic aspects of trusted systems, including cryptographic algorithms and protocols, and their implementation and application in trusted systems
Scalable safe network operation in trusted systems
Mobile trusted systems, such as trusted mobile platforms, sensor networks, mobile (ad hoc) networks, peer-to-peer networks, Bluetooth, etc.
Storage aspects for trusted systems
Applications of trusted systems, e.g. trusted email, web services and various e-commerce services
Trustworthy infrastructures and services for cloud computing
Trusted intellectual property protection: metering, watermarking, digital rights management and enterprise rights management
Software protection for trusted systems
Hardware security for trusted systems
Authentication and access control for trusted systems
Key, identity and certificate management for trusted systems
Privacy aspects for trusted systems
Attestation aspects for trusted systems, including the measurement and verification of the behaviour of trusted systems
Standards organizations and their contributions to trusted systems, such as TCG, ISO/IEC, IEEE 802.11, etc.
Emerging technologies for trusted systems, such as RFID, memory spots, smart cards, etc.
Trust metrics and robust trust inference in distributed systems
Usability and reliability aspects for trusted systems
Trust modeling, economic analysis and protocol design for rational and malicious adversaries
Virtualisation for trusted systems
Limitations of trusted systems
Security analysis of trusted systems, including formal method proofs, provable security and automated analysis
Security policies for, and management of, trusted systems
Intrusion resilience and revocation aspects for trusted systems
Scalability aspects of trusted systems
Compatibility aspects of trusted systems
Experiences in building real-world trusted systems
Socio-economic aspects of trusted systems

NDSS 2012 Network & Distributed System Security Symposium, San Diego, California, USA, February 5-8, 2012. (Submissions due 9 August 2011)
The Network and Distributed System Security Symposium fosters information exchange among research scientists and practitioners of network and distributed system security. The target audience includes those interested in practical aspects of network and distributed system security, with a focus on system design and implementation. A major goal is to encourage and enable the Internet community to apply, deploy, and advance the state of available security technology. Overall, we are looking for not only for solid results but also for crazy out of the box ideas. Areas of interest include (but are not limited to):

Network perimeter controls: firewalls, packet filters, application gateways
Network protocol security: routing, naming, network management
Cloud computing security
Security issues in Future Internet architecture and design
Security of web-based applications and services
Anti-malware techniques: detection, analysis, and prevention
Secure future home networks, Internet of Things, body-area networks
Intrusion prevention, detection, and response
Combating cyber-crime: anti-phishing, anti-spam, anti-fraud techniques
Privacy and anonymity technologies
Security for wireless, mobile networks
Security of personal communication systems
Vehicular Ad-hoc Network (VANETs) Security
Security of peer-to-peer and overlay network systems
Electronic commerce security: e.g., payments, notarization, timestamping
Network security policies: implementation deployment, management
Intellectual property protection: protocols, implementations, DRM
Public key infrastructures, key management, certification, and revocation
Security for Emerging Technologies
Special problems and case studies: cost, usability, security vs. efficiency
Collaborative applications: teleconferencing and video-conferencing
Smart Grid Security
Secure Electronic Voting
Security of large-scale critical infrastructures
Trustworthy Computing for network protocols and distributed systems
Network and distributed systems forensics

WICT-NDF 2011 World Congress on Information and Communication Technologies, Intrusion Detection and Forensics, Mumbai, India, December 11-14, 2011. (Submissions due 15 August 2011)
Authors are invited to submit original papers containing cutting edge research, novel research vision or work-in-progress in any area of intrusion detection and forensics. All accepted papers will be published in the conference proceedings by IEEE. The track will cover a wide range of topics. Topics of interest include but are not limited to:

Host and Network based approaches
Anomaly and specification-based approaches
Lightweight, data mining and soft computing approaches
Hybrid Approaches to information discovery and intrusion detection
Formal Models, Framework and Architectures
Botnets and vulnerabilities
Malware, Worm, Virus and Spyware
Insider attack detection and investigation
High Performance and Real-Time Environments, including large-scale, high data volume/ high-Speed networks.
Highly distributed and heterogeneous environments
Embedded system and small scale environments
Special environments, including wireless, mobile, sensor networks and smart grid
Virtual and Cloud Environments
Social network analysis
Deception systems and honeypots
Incident response and live analysis
Traceback and attribution
Event reconstruction methods and tools
Attacks against IDS, IDS protection and tolerance
Anti-forensics and anti-anti-forensics
Visualization Techniques
Performance evaluation, metrics and benchmarking
Commercial products and their directions
Test Beds and Datasets

Wiley Security and Communication Networks Journal, Special Issue on Applications of Machine Learning Techniques to Intrusion Detection and Digital Forensics, 2012, (Submission Due 15 August 2011)
Editor: Ajith Abraham (Norwegian University of Science and Technology, Norway), Anjali Sardana (Indian Institute of Technology Roorkee, India), ManPyo Hong (Ajou University, South Korea), Irfan Ahmed (Queensland University of Technology, Australia), and Rafael Accorsi (University of Freiburg, Germany)
The security of computers and their networks is a major concern. As the computing devices become more pervasive and connected (such as from personal computer running a simple desktop application to embedded systems controlling a critical infrastructure), they face versatile and unknown threats ranging from sophisticated malwares, to less prevalent but still serious attacks like Web site defacement, denial of service attacks, financial fraud and network break-ins. They are both critical and costly and required to be detected in-time. Moreover, the detection of intrusions often leads to the forensic investigation requiring the acquisition of massive volume of data and their analysis. The manual effort to deal with the problems is costly and time consuming and thus, brings the need of machine learning techniques that are often used to efficiently and reliably perform this labour intensive work. In this special issue, we plan to present the cutting edge research focusing on intrusion detection and digital forensics with the application of machine learning techniques. The Journal is soliciting submissions based on an open call for papers covering areas that are included but not limited to the following:

Detection of known or unknown exploitable vulnerabilities
Detection of known or unknown attacks
Deception systems and honeypots
Smart phone and Digital Forensics
Network and host intrusion detection
Anomaly and specification-based approaches
Application security
Spam, botnets, viruses, malwares
Web security
Log analysis
Forensic analysis of large datasets
Online forensic analysis
Forensic analysis of social networks
3D forensic scene model generation and analysis
Network forensics
Data acquisition

International Journal of Information Security, Special Issue on SCADA and Control System Security, 2012, (Submission Due 21 August 2011)
Editor: Irfan Ahmed (Queensland University of Technology, Australia), Martin Naedele (ABB Corporate Research, Switzerland), Charles Palmer (Dartmouth College, USA), Ryoichi Sasaki (Tokyo Denki University, Japan), Bradley Schatz (Queensland University of Technology, Australia), and Andrew West (Invensys Operations Management, Australia)

Supervisory control and data acquisition (SCADA) and industrial control systems monitor and control a wide range of industrial and infrastructure processes such as manufacturing production lines, water treatment, fuel production and electricity distribution. Such systems are usually built using a variety of commodity computer and networking components, and are becoming increasingly interconnected with corporate and other Internet-visible networks. As a result, they face significant threats from internal and external actors. For example, the now famous Stuxnet (which is a Windows-specific computer worm containing a rootkit and four zero-day attacks) was specifically written to attack SCADA systems that alone caused multi-million dollars damages in 2010. The critical requirement for high availability in SCADA and industrial control systems, along with the use of bespoke, resource constrained computing devices, legacy operating systems and proprietary software applications limits the applicability of traditional information security solutions. Thus, research focusing on devising security solutions that are applicable in the control systems context is imperative, as evidenced by the increased focus on the problem by governments worldwide. This Special Issue aims to present the latest developments, trends and research solutions addressing security of the computers and networks used in SCADA and other industrial control systems. The topics of interest include but not limited to, intrusion detection and prevention, malware, vulnerability analysis of control systems protocols, digital forensics, application security and performance impact of security methods and tools in control systems. This list is not exhaustive and other relevant topics will be considered.

CT-RSA 2012 RSA Conference, Cryptographers' Track, San Francisco, California, USA, February 27-March 2, 2012. (Submissions due 29 August 2011)
The RSA Conference is the largest annual information security event, with hundreds of vendors and thousands of attendees. Among the 20 tracks of the RSA conference, the Cryptographers' Track stands out, offering a glimpse of academic research in the field of cryptography. The Cryptographers' Track was founded in 2001, and it has since established its presence in the cryptographic community. To support the academic exchange, RSA conference offers a special academic discount for registration, as well as a waiver for the speakers presenting their papers that were accepted to CT-RSA 2012. Original research papers pertaining to all aspects of cryptography are solicited. Submissions may present applications, techniques, theory, and practical experience on topics including, but not limited to:

Public-key encryption
Symmetric-key encryption
Cryptanalysis
Digital signatures
Hash functions
Cryptographic protocols
Tamper-resistance
Efficient implementations
Elliptic-curve cryptography
Lattice-based cryptography
Quantum cryptography
Formal security models
Network security
Hardware security
E-commerce

IFIP-DF 2012 8th Annual IFIP WG 11.9 International Conference on Digital Forensics, University of Pretoria, Pretoria, South Africa, January 3-5, 2012. (Submissions due 15 September 2011)
The IFIP Working Group 11.9 on Digital Forensics (www.ifip119.org) is an active international community of scientists, engineers and practitioners dedicated to advancing the state of the art of research and practice in digital forensics. The Eighth Annual IFIP WG 11.9 International Conference on Digital Forensics will provide a forum for presenting original, unpublished research results and innovative ideas related to the extraction, analysis and preservation of all forms of electronic evidence. Papers and panel proposals are solicited. All submissions will be refereed by a program committee comprising members of the Working Group. Papers and panel submissions will be selected based on their technical merit and relevance to IFIP WG 11.9. The conference will be limited to approximately sixty participants to facilitate interactions between researchers and intense discussions of critical research issues. Keynote presentations, revised papers and details of panel discussions will be published as an edited volume - the eighth in the series entitled Research Advances in Digital Forensics (Springer) in the summer of 2012. Revised and/or extended versions of selected papers from the conference will be published in special issues of one or more international journals. Technical papers are solicited in all areas related to the theory and practice of digital forensics. Areas of special interest include, but are not limited to:

Theories, techniques and tools for extracting, analyzing and preserving digital evidence
Network and cloud forensics
Embedded device forensics
Digital forensic processes and workflow models
Digital forensic case studies
Legal, ethical and policy issues related to digital forensics

FC 2012 16th Financial Cryptography and Data Security, Divi Flamingo Beach Resort, Bonaire, February 27 - March 2, 2012. (Submissions due 15 September 2011)
Financial Cryptography and Data Security is a major international forum for research, advanced development, education, exploration, and debate regarding information assurance, with a specific focus on commercial contexts. The conference covers all aspects of securing transactions and systems. Original works focusing on both fundamental and applied real-world deployments on all aspects surrounding commerce security are solicited. Submissions need not be exclusively concerned with cryptography. Systems security and inter-disciplinary works are particularly encouraged. The topics include:

Anonymity and Privacy
Auctions and Audits
Authentication and Identification
Backup Authentication
Biometrics
Certification and Authorization
Cloud Computing Security
Commercial Cryptographic Applications
Contracts and Transactions
Data Outsourcing Security
Digital Cash and Payment Systems
Digital Incentive and Loyalty Systems
Digital Rights Management
Fraud Detection
Game Theoretic Approaches to Security
Identity Theft
Information Security
Infrastructure Design Legal and Regulatory Issues
Management and Operations
Microfinance and Micropayments
Mobile Internet Device Security
Monitoring
Phishing and Social Engineering
Privacy-enhancing Systems
Reputation Systems
RFID-Based and Contactless Payment Systems
Risk Assessment and Management
Secure Banking and Financial Web Services
Secure Tokens and Hardware
Securing Emerging Computational Paradigms
Security and Risk Perceptions and Judgments
Security Economics
Smartcards
Spam
Trust Management
Underground-Market Economics
Usability
Virtual Economies
Voting Systems

ESSoS 2012 4th International Symposium on Engineering Secure Software and Systems, Eindhoven, The Netherlands, February 16 - 17, 2012. (Submissions due 18 September 2011)
Trustworthy, secure software is a core ingredient of the modern world. Unfortunately, the Internet is too. Hostile, networked environments, like the Internet, can allow vulnerabilities in software to be exploited from anywhere. To address this, high-quality security building blocks (e.g., cryptographic components) are necessary, but insufficient. Indeed, the construction of secure software is challenging because of the complexity of modern applications, the growing sophistication of security requirements, the multitude of available software technologies and the progress of attack vectors. Clearly, a strong need exists for engineering techniques that scale well and that demonstrably improve the software's security properties. The goal of this symposium is to bring together researchers and practitioners to advance the states of the art and practice in secure software engineering. The Symposium seeks submissions on subjects related to its goals. This includes a diversity of topics including (but not limited to):

scalable techniques for threat modeling and analysis of vulnerabilities
specification and management of security requirements and policies
security architecture and design for software and systems
model checking for security
specification formalisms for security artifacts
verification techniques for security properties
systematic support for security best practices
security testing
security assurance cases
programming paradigms, models and DLS's for security
program rewriting techniques
processes for the development of secure software and systems
security-oriented software reconfiguration and evolution
security measurement
automated development
trade-off between security and other non-functional requirements
support for assurance, certification and accreditation

Elsevier Computers & Electrical Engineering, Special Issue on Recent Advances in Security and Privacy in Distributed Communications, September 2012, (Submission Due 30 September 2011)
Editor: Gregorio Martinez (University of Murcia, Spain), Felix Gomez Marmol (NEC Laboratories Europe, Germany), and Jose M. Alcaraz Calero (Hewlett-Packard Laboratories, United Kingdom)
Security services need to be considered as part of most communication proposals being discussed nowadays in distributed communication environments. Additionally, in the last few years, privacy has been gaining interest from both the designers and the customers of security solutions, thus being considered now as a key aspect for them. For a good security and/or privacy design, one needs to be informed of the latest advances in this field, this being the main objective of this special issue. This special issue is intended to report the most recent research works related to security and privacy, particularly in the following fields:

Anonymity
Authentication
Authorization and access control
Critical Infrastructure Protection (CIP)
Data integrity and protection
Identity Management
Intrusion detection and prevention
End-to-end security solutions
Privacy enhancing technologies
Risk analysis and management
Security policies
Threats and vulnerabilities
Trust and reputation management in distributed scenarios

IEEE Systems Journal, Special Issue on Security and Privacy in Complex Systems, 2012, (Submission Due 1 October 2011)
Editor: Sushil Jajodia (George Mason University, USA) and Pierangela Samarati (Universita` degli Studi di Milano, Italy)
Today's information society relies on a globally interconnected infrastructure composed of diverse and widely distributed systems. It is of utmost importance to ensure proper protection to such complex systems, or systems-of-systems, to ensure security, privacy, and availability of the infrastructure as well as of resources and information it provides and manages. The problem is far from trivial, due to the criticality and the social impact of the applications and services relying on this global infrastructure, as well as the complexity given by the co-existence and co-operation of, possibly heterogeneous, component systems. The goal of this special issue is to collect high-quality contributions on security and privacy in complex systems and systems-of-systems. We solicit submissions from academia, industry, and government presenting novel and original research on all theoretical and practical aspects of security and privacy in complex systems. The focus of the special issue spans security and privacy theory, technology, methodology, and applications in complex systems. Submitted papers should therefore explicitly address issues in the complex system scenario. Topics of interest include, but are not limited, to the ones listed below provided that they are treated with specific focus on the complex system scenario:

access control
anonymity
applied cryptography
authentication
biometric security and privacy
cyber warfare and security
complex systems security
computer forensics
critical infrastructure protection
data and application security
data protection
data/system integrity
dependability, reliability, and availability
formal methods for security and privacy
human factors in security and privacy
identity management
insider threats
intrusion detection and prevention
knowledge extraction/representation for security
legal and ethical issues
middleware security
network security
operating systems security and privacy
protection from cyberhacking
security engineering
secure environments and applications
secure interoperability
security and privacy metrics
security and privacy policies
security and privacy in cloud computing
security and privacy in ad hoc networks
security and privacy in e-services
security and privacy in grid computing
security and privacy in mobile systems
security and privacy in monitoring systems
security and privacy in industrial systems
security and privacy in pervasive/ubiquitous computing
security and privacy in sensor networks
security and privacy in smart grid and distributed generation systems
security and privacy in social applications and networks
security and privacy in wireless sensor networks
security architectures
security management in complex scenarios
social implications of security and privacy
surveillance systems
threats, vulnerabilities, and risk management
transportation systems
trust management
usable security for complex systems
verification and validation of complex systems
web service security

Staying in touch....

Information for Subscribers and Contributors

Who's where: recent address changes

Changing your email address? Please send updates to cipher@ieee-security.org

IEEE Computer Society's Technical Committee on Security and Privacy

TC home page TC Officers

How to join the TC TC publications available online

TC Publications for sale Cipher past issues archive

IEEE Computer Society Cipher Privacy Policy

	TC home page	TC Officers
	How to join the TC	TC publications available online
	TC Publications for sale	Cipher past issues archive
	IEEE Computer Society	Cipher Privacy Policy

Contents: