Cipher Electronic Newsletter of the Technical Committe on    Security & Privacy A Technical Committee of the Computer Society of the IEEE  Electronic Issue (EI) 109,  July 23, 2012 Hilarie Orman,  Editor Book Reviews Sven Dietrich, Associate Editor Yong Guan, Calendar Editor

Contents:

• Letter from the Editor 
   

• Commentary and Opinion

  • Richard Austin's review of Wireless Network Security: A Beginner's Guide by Tyler Wrightson

  • News: Grum Gone, Less Spam?
  • News: Internet Name Malware Largely Quashed by Deadline

  • NewsBits:  Announcements and correspondence from readers (please contribute!)

  • Book reviews from past Cipher issues

  • Conference Reports and Commentary from past Cipher issues

  • News items from past Cipher issues

   

• Listing of academic positions available  by Cynthia Irvine
  Recent postings:

  • Posted July 2012
    Naval Postgraduate School
    Monterey, California
    CS Department Faculty Positions
    Open until filled
    http://www.nps.edu/Academics/Schools/GSOIS/Departments/CS/Faculty/Openings/CSFacultyOpenings.html
    

  • Posted July 2012
    Imperial College London
    London, UK
    Lectureship
    Closing Date 16 August 2012
    http://www3.imperial.ac.uk/computing/vacancies#L

  • Posted June 2011 (still open as of July 2012) University of Waterloo
    Waterloo, ON, Canada
    Postdoctoral Research Position
    Open until filled
    http://crysp.uwaterloo.ca/prospective/postdoc/

  • Posted May 2011 (still open as of July 2012) University of Massachusetts Amherst
    Amherst, MA, USA
    Positions: Research Scientist, Postdoctoral Research Associate, Undergraduate Researcher, Graduate Research Assistant
    Open until filled
    http://spqr.cs.umass.edu/jobs.php

• Conference and Workshop Announcements

  • Cipher calls-for-papers and calendar
      Cipher calendar announcements are on Twitter; follow "ciphernews"
      new calls or announcements added since Cipher E108 (the calls-for-papers and the calendar announcements may differ slightly in content or time of update): 

  • 7/24/11- 7/27/12: SECRYPT, 9th International Conference on Security and Cryptography, Rome, Italy
  • 7/30/11- 8/ 2/12: SecIoT, Workshop on the Security of the Internet of Things, Munich, Germany
  • 8/ 1/12: NDSS, 20th Annual Network and Distributed System Security Symposium, Catamaran Resort Hotel and Spa San Diego, California, USA; Submissions are due
  • 8/ 3/12: eCrime-Summit, 7th IEEE eCrime Researchers Summit, Held in conjunction with the 2012 APWG General Meeting, Las Croabas, Puerto Rico; Submissions are due
  • 8/ 6/12: CSET, 5th Workshop on Cyber Security Experimentation and Test, Bellevue, WA, USA
  • 8/ 6/12- 8/ 7/12: HealthSec, 3rd USENIX Workshop on Health Security and Privacy, Bellevue, WA, USA
  • 8/ 8/12- 8/10/12: USENIX-Security, 21st USENIX Security Symposium, Bellevue, WA, USA
  • 8/20/12: INSCRYPT, 8th China International Conference on Information Security and Cryptology, Beijing, China; Submissions are due
  • 8/20/12- 8/24/12: SecSE, 6th International Workshop on Secure Software Engineering, Held in conjunction with ARES 2012, Prague, Czech Republic
  • 8/20/12- 8/24/12: WSDF, 5th International Workshop on Digital Forensics, Held in conjunction with ARES 2012, Prague, Czech Republic
  • 8/20/12- 8/24/12: MoCrySEn, 1st International Workshop on Modern Cryptography and Security Engineering, Held in conjunction with ARES 2012, Prague, Czech Republic
  • 8/31/12: CODASPY, 3nd ACM Conference on Data and Application Security and Privacy, San Antonio, Texas, USA; Submissions are due
  • 9/ 3/12- 9/ 7/12: TrustBus, 9th International Conference on Trust, Privacy, and Security in Digital Business, Held in conjunction with DEXA 2012, Vienna University of Technology, Austria
  • 9/ 9/12- 9/12/12: CHES, IACR Workshop on Cryptographic Hardware and Embedded Systems, Leuven, Belgium
  • 9/10/12: SAEPOG, Secure Autonomous Electric Power Grids Workshop, Co-located with the Sixth IEEE International Conference on Self-Adaptive and Self-Organizing Systems (SASO 2012), Lyon, France
  • 9/12/12: CloudSec, 4th International Workshop on Security in Cloud Computing, Held in conjunction with the 41st ICPP, Pittsburgh, PA, USA
  • 9/17/12- 9/18/12: CRITIS, 7th International Workshop on Critical Information Infrastructures Security, Radisson Blu Lillehammer Hotel, Turisthotellveien 6, 2609 Lillehammer, Norway
  • 9/19/12- 9/21/12: NSPW, New Security Paradigms Workshop, Bertinoro, Italy
  • 9/26/12- 9/28/12: ProvSec, 6th International Conference on Provable Security, Chengdu, China
  • 9/30/12: ESSoS, 5th International Symposium on Engineering Secure Software and Systems, Paris, France; Submissions are due
  • 10/ 1/12: IEEE Network Magazine, Special Issue on Security in Cognitive Radio Networks; Submissions are due
  • 10/ 1/12-10/ 4/12: SSS, 14th International Symposium on Stabilization, Safety, and Security of Distributed Systems, Toronto, Canada
  • 10/ 8/12-10/11/12: SRDS, 31st International Symposium on Reliable Distributed Systems, Irvine, California, USA
  • 10/13/12: FC, 17th International Conference on Financial Cryptography and Data Security, Bankoku Shinryokan, Busena Terrace Beach Resort, Okinawa, Japan; Submissions are due
  • 10/15/12: BADGERS, ACM Workshop on Building Analysis Datasets and Gathering Experience Returns for Security, Held in conjunction with ACM CCS 2012, Sheraton Raleigh Hotel, Raleigh, NC, USA
  • 10/16/12-10/18/12: ACM-CCS, 19th ACM Conference on Computer and Communications Security, Raleigh, North Carolina, USA
  • 10/19/12: CCSW, ACM Cloud Computing Security Workshop, Held in conjunction with ACM CCS 2012, Sheraton Raleigh Hotel, Raleigh, NC, USA
  • 10/19/12: STC, 7th ACM Workshop on Scalable Trusted Computing, Held in conjunction with ACM CCS 2012, Sheraton Raleigh Hotel, Raleigh, NC, USA
  • 10/19/12: AISec, 5th ACM Workshop on Artificial Intelligence and Security, Held in conjunction with ACM CCS 2012, Sheraton Raleigh Hotel, Raleigh, NC, USA
  • 10/22/12-10/25/12: LCN-SICK, Workshop on Security in Communications Networks, Held in Conjunction with IEEE LCN 2012, Clearwater, FL, USA
  • 10/23/12-10/24/12: eCrime-Summit, 7th IEEE eCrime Researchers Summit, Held in conjunction with the 2012 APWG General Meeting, Las Croabas, Puerto Rico
  • 10/26/12: IDMAN, 3rd IFIP WG 11.6 Working Conference on Policies & Research in Identity Management, London, UK; Submissions are due
  • 10/30/12: NPSec, 7th Workshop on Secure Network Protocols, Austin, Texas, USA
  • 10/31/12-11/ 2/12: Nordsec, 17th Nordic Conference in Secure IT Systems, Karlskrona, Sweden
  • 11/ 5/12-11/ 6/12: GameSec, 3rd Conference on Decision and Game Theory for Security, Budapest, Hungary
  • 11/ 8/12-11/ 9/12: RFIDsec-Asia, Workshop on RFID and IoT Security, Taipei, Taiwan
  • 11/10/12: Springer International Journal of Information Security journal, Special Issue on Security in Cloud Computing; Submissions are due
  • 11/21/12-11/23/12: NSS, 6th International Conference on Network and System Security, Wu Yi Shan, Fujian, China
  • 11/28/12-12/ 1/12: INSCRYPT, 8th China International Conference on Information Security and Cryptology, Beijing, China
  • 12/ 2/12-12/ 5/12: WIFS, IEEE International Workshop on Information Forensics and Security, Tenerife, Spain
  • 12/ 9/12-12/14/12: LISA, 26th Large Installation System Administration Conference, San Diego, CA, USA
  • 12/15/12-12/19/12: ICISS, 8th International Conference on Information Systems Security, Guwahati, India
  • 1/ 7/13- 1/ 10/13: HICSS-CSS, 46th HAWAII International Conference on System Sciences, Internet and the Digital Economy Track, Cybercrime and Security Strategy Mini-track, Grand Wailea, Maui, Hawaii, USA
  • 2/18/13- 2/20/13: CODASPY, 3nd ACM Conference on Data and Application Security and Privacy, San Antonio, Texas, USA
  • 2/24/13- 2/27/13: NDSS, 20th Annual Network and Distributed System Security Symposium, Catamaran Resort Hotel and Spa San Diego, California, USA
  • 2/27/13- 3/ 1/13: ESSoS, 5th International Symposium on Engineering Secure Software and Systems, Paris, France
  • 4/ 1/13- 4/ 5/13: FC, 17th International Conference on Financial Cryptography and Data Security, Bankoku Shinryokan, Busena Terrace Beach Resort, Okinawa, Japan
  • 4/ 8/13- 4/ 9/13: IDMAN, 3rd IFIP WG 11.6 Working Conference on Policies & Research in Identity Management, London, UK
   
  • new calls or announcements added since Cipher E108

  • NDSS 2013 20th Annual Network and Distributed System Security Symposium, Catamaran Resort Hotel and Spa San Diego, California, USA, February 24-27, 2013. (Submissions due 1 August 2012)

    The Network and Distributed System Security Symposium fosters information exchange among researchers and practitioners of network and distributed system security. The target audience includes those interested in practical aspects of network and distributed system security, with a focus on actual system design and implementation. A major goal is to encourage and enable the Internet community to apply, deploy, and advance the state of available network and distributed systems security technologies. Special emphasis will be made to accept papers in the core theme of network and distributed systems security. Consequently, papers that cover networking protocols and distributed systems algorithms are especially invited to be submitted. Moreover, practical papers in these areas are also very welcome. Submissions are solicited in, but not limited to, the following areas:

    • Anti-malware techniques: detection, analysis, and prevention
    • Combating cyber-crime: anti-phishing, anti-spam, anti-fraud techniques
    • Future Internet architecture and design
    • High-availability wired and wireless networks
    • Implementation, deployment and management of network security policies
    • Integrating security in Internet protocols: routing, naming, network management
    • Intellectual property protection: protocols, implementations, metering, watermarking, digital rights management
    • Intrusion prevention, detection, and response
    • Privacy and anonymity technologies
    • Public key infrastructures, key management, certification, and revocation
    • Special problems and case studies: e.g., tradeoffs between security and efficiency, usability, reliability and cost
    • Security for collaborative applications: teleconferencing and video-conferencing
    • Security for Cloud Computing
    • Security for electronic commerce: e.g., payment, barter, EDI, notarization, timestamping, endorsement, & licensing
    • Security for emerging technologies: sensor networks, wireless/mobile (and ad hoc) networks, and personal communication systems
    • Security for future home networks, Internet of Things, body-area networks
    • Security for large-scale systems and critical infrastructures (e.g., electronic voting, smart grid)
    • Security for peer-to-peer and overlay network systems
    • Security for Vehicular Ad-hoc Networks (VANETs)
    • Security of Web-based applications and services
    • Trustworthy Computing mechanisms to secure network protocols and distributed systems

  • eCrime-Summit 2012 7th IEEE eCrime Researchers Summit, Held in conjunction with the 2012 APWG General Meeting, Las Croabas, Puerto Rico, October 23-24, 2012. (Submissions due 3 August 2012)

    eCRS 2012 will bring together academic researchers, security practitioners, and law enforcement to discuss all aspects of electronic crime and ways to combat it, Topics of interests include (but are not limited to):

    • Case studies of current attack methods, including phishing, malware, rogue antivirus, pharming, crimeware, botnets, and emerging techniques
    • Case studies of online advertising fraud, including click fraud, malvertising, cookie stuffing, and affiliate fraud
    • Case studies of large-scale take-downs, such as coordinated botnet disruption
    • Technical, legal, political, social and psychological aspects of fraud and fraud prevention
    • Economics of online crime, including measurement studies of underground economies and models of e-crime
    • Uncovering and disrupting online criminal collaboration and gangs
    • Financial infrastructure of e-crime, including payment processing and money laundering
    • Techniques to assess the risks and yields of attacks and the effectiveness of countermeasures
    • Delivery techniques, including spam, voice mail, social network and web search manipulation; and countermeasures
    • Techniques to avoid detection, tracking and take-down; and ways to block such techniques
    • Best practices for detecting and avoiding damages to critical internet infrastructure, such as DNS and SCADA, from electronic crime activities

  • INSCRYPT 2012 8th China International Conference on Information Security and Cryptology, Beijing, China, November 28 - December 1, 2012. (Submissions due 20 August 2012)

    Inscrypt 2012 seeks high-quality research contributions in the form of well developed papers. Topics of interest encompass research advances in ALL areas of information security, cryptology, and their applications:

    • Access Control
    • Authentication and Authorization
    • Biometric security
    • Block cipher modes of operation
    • Cloud computing security
    • Database security
    • Digital asset security and protection
    • Electronic Commerce Security
    • Foundations of Cryptography
    • Hash functions and MACs
    • Information Hiding and Watermarking
    • Intrusion Detection
    • Key Management and Key Recovery
    • Mobile network Security
    • Network Security
    • Operating system security
    • Privacy protection
    • Risk evaluation and security modeling
    • Secret Key and Public Key Cryptography
    • Security issues in Internet of Things
    • Security and Cryptographic Protocols
    • Software security and protection
    • System security

  • CODASPY 2013 3nd ACM Conference on Data and Application Security and Privacy, San Antonio, Texas, USA, February 18-20, 2013. (Submissions due 31 August 2012)

    Data and applications security and privacy has rapidly expanded as a research field with many important challenges to be addressed. The goal of the ACM Conference on Data and Applications Security (CODASPY) is to discuss novel, exciting research topics in data and application security and privacy and to lay out directions for further research and development in this area. The conference seeks paper and poster submissions from diverse communities, including corporate and academic researchers, open-source projects, standardization bodies, governments, system and security administrators, software engineers and application domain experts. Topics of interest include, but are not limited to:

    • Application-layer security policies
    • Access control for applications
    • Access control for databases
    • Data-dissemination controls
    • Data forensics
    • Enforcement-layer security policies
    • Privacy-preserving techniques
    • Private information retrieval
    • Search on protected/encrypted data
    • Secure auditing
    • Secure collaboration
    • Secure data provenance
    • Secure electronic commerce
    • Secure information sharing
    • Secure knowledge management
    • Secure multiparty computations
    • Secure software development
    • Securing data/apps on untrusted platforms
    • Securing the semantic web
    • Security and privacy in GIS/spatial data
    • Security and privacy for mobile apps and devices
    • Security and privacy in healthcare
    • Security policies for databases
    • Social computing security and privacy
    • Social networking security and privacy
    • Trust metrics for applications, data, and users
    • Usable security and privacy
    • Web application security

  • ESSoS 2013 5th International Symposium on Engineering Secure Software and Systems, Paris, France, February 27 - March 1, 2013. (Submissions due 30 September 2012)

    Trustworthy, secure software is a core ingredient of the modern world. Hostile, networked environments, like the Internet, can allow vulnerabilities in software to be exploited from anywhere. To address this, high-quality security building blocks (e.g., cryptographic components) are necessary, but insufficient. Indeed, the construction of secure software is challenging because of the complexity of modern applications, the growing sophistication of security requirements, the multitude of available software technologies and the progress of attack vectors. Clearly, a strong need exists for engineering techniques that scale well and that demonstrably improve the software's security properties. The goal of this symposium is to bring together researchers and practitioners to advance the states of the art and practice in secure software engineering. Being one of the few conference-level events dedicated to this topic, it explicitly aims to bridge the software engineering and security engineering communities, and promote cross-fertilization. The Symposium seeks submissions on subjects related to its goals. This includes a diversity of topics including (but not limited to):

    • scalable techniques for threat modeling and analysis of vulnerabilities
    • specification and management of security requirements and policies
    • security architecture and design for software and systems
    • model checking for security
    • specification formalisms for security artifacts
    • verification techniques for security properties
    • systematic support for security best practices
    • security testing
    • security assurance cases
    • programming paradigms, models and DLS's for security
    • program rewriting techniques
    • processes for the development of secure software and systems
    • security-oriented software reconfiguration and evolution
    • security measurement
    • automated development
    • trade-off between security and other non-functional requirements (in particular economic considerations)
    • support for assurance, certification and accreditation
    • empirical secure software engineering

  • IEEE Network Magazine, Special Issue on Security in Cognitive Radio Networks, May 2013, (Submission Due 1 October 2012)

    Editors: Kui Ren (Illinois Institute of Technology, USA), Haojin Zhu (Shanghai Jiao Tong University, USA), Zhu Han (University of Houston, USA), and Radha Poovendran (University of Washington, USA)

    Cognitive radio (CR) is an emerging advanced radio technology in wireless access, with many promising benefits including dynamic spectrum sharing, robust cross-layer adaptation, and collaborative networking. Based on a software-defined radio (SDR), cognitive radios are fully programmable and can sense their environment and dynamically adapt their transmission frequencies, power levels, modulation schemes, and networking protocols for improving network and application performance. It is anticipated that cognitive radio technology will be the next wave of innovation in information and communications technologies. Although the recent years have seen major and remarkable developments in the field of cognitive networking technologies, the security aspects of cognitive radio networks have attracted less attention so far. Due to the particular characteristics of the CR system, entirely new classes of security threats and challenges are introduced such as licensed user emulation, selfish misbehaviors and unauthorized use of spectrum bands. These new types of attacks take the advantage the inherent characteristics of CR, and could severely disrupt the basic functionalities of CR systems. Therefore, for achieving successful deployment of CR technologies in practice, there is a critical need for new security designs and implementations to make CR networks secure and robust against these new attacks. Topics of interest include, but are not limited to:

    • General security architecture for CR networks
    • Cross-layer security design of CR networks
    • Secure routing in multi-hop CR networks
    • Physical layer security for CR networks
    • Geo-location for security in CR networks
    • Defending and mitigating jamming-based DoS attacks in CR networks
    • Defending against energy depletion attacks in resource-constrained CR networks
    • Attack modeling, prevention, mitigation, and defense in CR systems, including primary user emulation attacks, authentication methods of primary users, spectrum sensing data falsification, spectrum misusage and selfish misbehaviors and unauthorized use of spectrum bands
    • Methods for detecting, isolating and expelling misbehaving cognitive nodes
    • Security policies, standards and regulations for CR networks
    • Implementation and testbed for security evaluation in CR systems
    • Privacy protection in CR networks
    • Security issues for database-based CR networks
    • Security in CR networks for the smart grid
    • Intrusion detection systems in CR networks

  • FC 2013 17th International Conference on Financial Cryptography and Data Security, Bankoku Shinryokan, Busena Terrace Beach Resort, Okinawa, Japan, April 1–5, 2013. (Submissions due 13 October 2012)

    Financial Cryptography and Data Security is a major international forum for research, advanced development, education, exploration, and debate regarding information assurance, with a specific focus on commercial contexts. The conference covers all aspects of securing transactions and systems. Original works focusing on both fundamental and applied real-world deployments on all aspects surrounding commerce security are solicited. Submissions need not be exclusively concerned with cryptography. Systems security and inter-disciplinary efforts are particularly encouraged. Topics include:

    • Anonymity and Privacy
    • Auctions and Audits
    • Authentication and Identification
    • Biometrics
    • Certification and Authorization
    • Cloud Computing Security
    • Commercial Cryptographic Applications
    • Data Outsourcing Security
    • Information Security
    • Game Theoretic Security
    • Securing Emerging Computational Paradigms
    • Identity Theft
    • Fraud Detection
    • Phishing and Social Engineering
    • Digital Rights Management
    • Digital Cash and Payment Systems
    • Digital Incentive and Loyalty Systems
    • Microfinance and Micropayments
    • Contactless Payment and Ticketing Systems
    • Secure Banking and Financial Web Services
    • Security and Privacy in Mobile Devices and Applications
    • Security and Privacy in Automotive and Transport Systems and Applications
    • Smartcards, Secure Tokens and Secure Hardware
    • Privacy-enhancing Systems
    • Reputation Systems
    • Security and Privacy in Social Networks
    • Security and Privacy in Sound and Secure Financial Systems Based on Social Networks
    • Risk Assessment and Management
    • Risk Perceptions and Judgments
    • Legal and Regulatory Issues
    • Security Economics
    • Spam
    • Transactions and Contracts
    • Trust Management
    • Underground-Market Economics
    • Usable Security
    • Virtual Economies
    • Voting Systems

  • IDMAN 2013 3rd IFIP WG 11.6 Working Conference on Policies & Research in Identity Management, London, UK, April 8-9, 2013. (Submissions due 26 October 2012)

    IDMAN conference focuses on the theory, technologies and applications of identity management. The world of the 21st century is, more than ever, global and impersonal. As a result of increasing cyber fraud and cyber terrorism, the demand for better technical methods of identification is growing, not only in companies and organisations but also in the world at large. Moreover, in our society digital identities increasingly play a role in the provision of eGovernment and eCommerce services. For practical reasons, Identity Management Systems are needed that are usable and interoperable. At the same time, individuals increasingly leave trails of personal data when using the Internet, which allows them to be profiled and which may be stored for many years to come. Technical trends such as Cloud Computing and pervasive computing make personal data processing non-transparent, and make it increasingly difficult for users to control their personal spheres. As part of this tendency, surveillance and monitoring are increasingly present in society, both in the public and private domains. Whilst the original intention is to contribute to security and safety, surveillance and monitoring might, in some cases, have unintended or even contradictory effects. Moreover, the omnipresence of surveillance and monitoring systems might directly conflict with public and democratic liberties. These developments raise substantial new challenges for privacy and identity management at the technical, social, ethical, regulatory, and legal levels. Identity management challenges the information security research community to focus on interdisciplinary and holistic approaches, while retaining the benefits of previous research efforts. Papers offering research contributions to the area of identity management are solicited for submission to the 3rd IFIP WG-11.6 IDMAN conference. Papers may present theory, applications or practical experience in the field of identity management, from a technical, legal or socio-economic perspective, including, but not necessarily limited to:

    • Novel identity management technologies and approaches
    • Interoperable identity management solutions
    • Privacy-enhancing technologies
    • Identity management for mobile and ubiquitous computing
    • Identity management solutions for eHealth, eGovernmeant and eCommerce
    • Privacy and Identity (Management) in and for cloud computing
    • Privacy and Identity in social networks
    • Risk analysis techniques for privacy risk and privacy impact assessment
    • Privacy management of identity management
    • Identity theft prevention
    • Attribute based authentication and access control
    • User-centric identity management
    • Legal, socio-economic, philosophical and ethical aspects
    • Impact on society and politics
    • Related developments in social tracking, tracing and sorting
    • Quality of identity data, processes and applications
    • User centered, usable and inclusive identity management
    • Attacks on identity management infrastructures
    • Methods of identification and authentication
    • Identification and authentication procedures
    • Applications of anonymous credentials
    • (Privacy-preserving) identity profiling and fraud detection
    • Government PKIs
    • (Possible) role of pseudonymous and anonymous identity in identity management
    • Electronic IDs: European and worldwide policies and cooperation in the field of identity management
    • Surveillance and monitoring
    • (Inter)national policies on unique identifiers /social security numbers / personalisation IDs
    • Vulnerabilities in electronic identification protocols
    • Federative identity management and de-perimeterisation
    • Biometric verification
    • (Inter)national applications of biometrics
    • Impersonation, identity fraud, identity forge and identity theft
    • Tracing, monitoring and forensics
    • Proliferation/omnipresence of identification
    • Threats to democracy and political control

  • Springer International Journal of Information Security journal, Special Issue on Security in Cloud Computing, Fall 2013, (Submission Due 10 November 2012)

    Editors: Stefanos Gritzalis (University of the Aegean, Greece), Chris Mitchell (Royal Holloway, University of London, UK), Bhavani Thuraisingham (University of Texas at Dallas, USA), and Jianying Zhou (Institute for Infocomm Research, Singapore)
    
    This special issue of the International Journal of Information Security aims at providing researchers and professionals with insights on the state-of-the-art in Security in Cloud Computing. It will publish original, novel and high quality research contributions from industry, government, business, and academia. Topics of interest may include (but are not limited to) one or more of the following themes:

    • Auditing in Cloud Computing
    • Business and security risk models
    • Cloud Infrastructure Security
    • Cloud-centric security modeling and threats
    • Copyright protection in the Cloud era
    • Cryptography in the Cloud era
    • Emerging threats in Cloud-based services
    • Forensics in Cloud environments
    • Legal and regulatory issues in the Cloud era
    • Multi-tenancy related security/privacy issues
    • Performance evaluation for security solutions
    • Privacy in Cloud computing
    • Secure identity management mechanisms
    • Secure job deployment and scheduling
    • Secure virtualization and resource allocation mechanisms
    • Securing distributed data storage in the Cloud
    • Security and privacy in big data management
    • Security and privacy in mobile Cloud
    • Security and privacy requirements engineering in the Cloud
    • Security for emerging Cloud programming models
    • Security management in the Cloud
    • Security modelling and threats in Cloud computing
    • Trust and policy management in the Cloud
    • User authentication and access control in Cloud-aware services

 

• The Technical Committee on Security and Privacy

 

• Staying in touch....

  • Information for Subscribers and Contributors

  • Who's where: recent address changes

  • Changing your email address?  Please send updates to cipher@ieee-security.org