Cipher Electronic Newsletter of the Technical Committe on    Security & Privacy A Technical Committee of the Computer Society of the IEEE  Electronic Issue (EI) 111,  November 19, 2012 Hilarie Orman,  Editor Book Reviews Sven Dietrich, Associate Editor Yong Guan, Calendar Editor

Contents:

• Letter from the Editor 
   

• Commentary and Opinion

  • Richard Austin's review of Advanced Penetration Testing for Highly Secured Environments: The Ultimate Security Guide by Lee Allen

  • NewsBits:  Announcements and correspondence from readers (please contribute!)

    • US Banks DoSed
    • Spyware vs. Dissidents

  • Book reviews from past Cipher issues

  • Conference Reports and Commentary from past Cipher issues

  • News items from past Cipher issues

 

• Listing of academic positions available  by Cynthia Irvine
  Recent additions:
  

  Posted Oct 2012
  California State University Long Beach
  Long Beach, California
  Assistant Professor
  Closing Date: Jan, 15, 2013 open until filled
  http://www.csulb.edu/divisions/aa/personnel/jobs/posting/1070/index.html

  Posted Oct 2012
  Dartmouth,
  Hanover, New Hampshire
  Assistant Professor
  Closing date: Jan 1, 2013
  http://www.cs.dartmouth.edu/site-content/site/assistant-professor-position-2012-2013.php

  Posted Oct 2012
  Naval Postgraduate School, Cyber Academic Group
  Linthicum, Maryland
  Research Associate
  Open until filled
  http://www.nps.edu/Academics/Schools/GSOIS/Departments/CyberAcademicGroup.html

  Posted Oct 2012
  University of Helsinki, Department of Computer Science
  Helsinki, Finland
  Postdoctoral Researcher
  Closing Date: Dec 1, 2012
  http://www.helsinki.fi/recruitment/index.html?id=59816

  Posted Oct 2012
  U.S. Naval Academy
  Annapolis, Maryland
  Tenure-track faculty - all ranks
  Open until filled
  http://www.usna.edu/CS/jobs/jobAdCS_AY13_2.pdf

  Posted Sep 2012 Naval Postgraduate School
  Monterey, California
  CS Department Faculty Positions
  Open until filled
  http://www.nps.edu/Academics/Schools/GSOIS/Departments/CS/Faculty/Openings/CSFacultyOpenings.html

  Posted Sep 2012
  Digital Security - Radboud University Nijmegen
  Nijmegen, The Netherlands
  Tenure track Assistant Professor
  Closes October 15, 2012
  "http://www.pz.science.ru.nl/WP/2011.12/Tenure Track to Assistent Professor at the Faculty of Science dec 2011.pdf"

  Received by Cipher, not included on NPS website:
  Virgina Tech
  National Capital Region
  Associate Professor
  Screening begins Dec. 31, 2012
  http://www.cs.vt.edu/FacultySearch

 

• Conference and Workshop Announcements

  • Cipher calls-for-papers and calendar
    
      Calendar (the calls-for-papers and the calendar announcements may differ slightly in content or time of update): 

  • 11/21/12-11/23/12: NSS, 6th International Conference on Network and System Security, Wu Yi Shan, Fujian, China
  • 11/28/12-12/ 1/12: INSCRYPT, 8th China International Conference on Information Security and Cryptology, Beijing, China
  • 12/ 2/12-12/ 5/12: WIFS, IEEE International Workshop on Information Forensics and Security, Tenerife, Spain
  • 12/ 3/12: ASIACCS, 8th ACM Symposium on Information, Computer and Communications Security, Hangzhou, China; Submissions are due
  • 12/ 3/12: ISPEC, 9th Information Security Practice and Experience Conference, Lanzhou, China; Submissions are due
  • 12/ 9/12-12/14/12: LISA, 26th Large Installation System Administration Conference, San Diego, CA, USA
  • 12/10/12: HOST, IEEE International Symposium on Hardware-oriented Security and Trust, Austin Convention Center, Austin, TX, USA; Submissions are due
  • 12/15/12: NSS, 7th International Conference on Network and System Security, Madrid, Spain; Submissions are due
  • 12/15/12-12/19/12: ICISS, 8th International Conference on Information Systems Security, Guwahati, India
  • 12/31/12: IFIP1110-CIP, 7th Annual IFIP WG 11.10 International Conference on Critical Infrastructure Protection, Washington, DC, USA; Submissions are due
  • 1/ 6/13: SACMAT, 18th ACM Symposium on Access Control Models and Technologies, Amsterdam, The Netherlands; Submissions are due
  • 1/ 7/13: SPW, 21st International Workshop on Security Protocols, Sidney Sussex College, Cambridge, England; Submissions are due
  • 1/ 7/13- 1/10/13: HICSS-CSS, 46th HAWAII International Conference on System Sciences, Internet and the Digital Economy Track, Cybercrime and Security Strategy Mini-track, Grand Wailea, Maui, Hawaii, USA
  • 1/25/13: IFIP-TM, 7th IFIP International Conference on Trust Management, Málaga, Spain; Submissions are due
  • 1/28/13- 1/30/13: IFIP119-DF, 9th Annual IFIP WG 11.9 International Conference on Digital Forensics, Orlando, Florida, USA
  • 1/30/13: International Journal of Cloud Computing, Special Issue on Information Assurance and System Security in Cloud Computing; Submissions are due
  • 1/30/13: CSF, 26th IEEE Computer Security Foundations Symposium, Tulane University, New Orleans Louisiana, USA; Submissions are due
  • 2/ 1/13: ACNS, 11th International Conference on Applied Cryptography and Network Security, Banff, Alberta, Canada; Submissions are due
  • 2/15/13: TRUST, 6th International Conference on Trust and Trustworthy Computing, London, UK; Submissions are due
  • 2/18/13- 2/20/13: CODASPY, 3nd ACM Conference on Data and Application Security and Privacy, San Antonio, Texas, USA
  • 2/24/13- 2/27/13: NDSS, 20th Annual Network and Distributed System Security Symposium, Catamaran Resort Hotel and Spa San Diego, California, USA
  • 2/27/13- 3/ 1/13: ESSoS, 5th International Symposium on Engineering Secure Software and Systems, Paris, France
  • 3/ 1/13: CNS, 1st IEEE Conference on Communications and Network Security, Washington D.C., USA; Submissions are due
  • 3/ 7/13: SOUPS, Symposium On Usable Privacy and Security, Northumbria University, Newcastle, UK; Submissions are due
  • 3/18/13- 3/20/13: IFIP1110-CIP, 7th Annual IFIP WG 11.10 International Conference on Critical Infrastructure Protection, Washington, DC, USA
  • 3/18/13- 3/20/13: SPW, 21st International Workshop on Security Protocols, Sidney Sussex College, Cambridge, England
  • 4/ 1/13- 4/ 5/13: FC, 17th International Conference on Financial Cryptography and Data Security, Bankoku Shinryokan, Busena Terrace Beach Resort, Okinawa, Japan
  • 4/ 8/13- 4/ 9/13: IDMAN, 3rd IFIP WG 11.6 Working Conference on Policies & Research in Identity Management, London, UK
  • 5/ 8/13- 5/10/13: ASIACCS, 8th ACM Symposium on Information, Computer and Communications Security, Hangzhou, China
  • 5/12/13- 5/14/13: ISPEC, 9th Information Security Practice and Experience Conference, Lanzhou, China
  • 5/19/13- 5/22/13: SP, 34th IEEE Symposium on Security and Privacy, San Francisco, California, USA
  • 6/ 2/13- 6/ 3/13: HOST, IEEE International Symposium on Hardware-oriented Security and Trust, Austin Convention Center, Austin, TX, USA
  • 6/ 3/13- 6/ 4/13: NSS, 7th International Conference on Network and System Security, Madrid, Spain
  • 6/ 3/13- 6/ 7/13: IFIP-TM, 7th IFIP International Conference on Trust Management, Málaga, Spain
  • 6/12/13- 6/14/13: SACMAT, 18th ACM Symposium on Access Control Models and Technologies, Amsterdam, The Netherlands
  • 6/17/13- 6/19/13: TRUST, 6th International Conference on Trust and Trustworthy Computing, London, UK
  • 6/25/13- 6/28/13: ACNS, 11th International Conference on Applied Cryptography and Network Security, Banff, Alberta, Canada
  • 6/26/13- 6/28/13: CSF, 26th IEEE Computer Security Foundations Symposium, Tulane University, New Orleans Louisiana, USA
  • 7/24/13- 7/26/13: SOUPS, Symposium On Usable Privacy and Security, Northumbria University, Newcastle, UK
  • 10/14/13-10/16/13: CNS, 1st IEEE Conference on Communications and Network Security, Washington D.C., USA
  
  
  • new calls or announcements added since Cipher E110

  • ASIACCS 2013 8th ACM Symposium on Information, Computer and Communications Security, Hangzhou, China, May 8-10, 2013. (Submissions due 3 December 2012)

    ASIACCS is a major international forum for information security researchers, practitioners, developers, and users to explore and exchange the newest cyber security ideas, breakthroughs, findings, techniques, tools, and experiences. We invite submissions from academia, government, and industry presenting novel research on all theoretical and practical aspects of computer and network security. Areas of interest for ASIACCS 2013 include, but are not limited to:

    • access control
    • accounting and audit
    • applied cryptography
    • authentication
    • cloud computing security
    • data/system integrity
    • data and application security
    • digital rights management
    • formal methods for security
    • hardware-based security
    • identity management
    • inference control and disclosure
    • intrusion detection
    • key management
    • malware and botnets
    • mobile computing security
    • operating system security
    • phishing and countermeasures
    • privacy-enhancing technology
    • security architecture
    • security in ubiquitous computing
    • security management
    • security verification
    • smartcards
    • software security
    • trusted computing
    • usable security and privacy
    • wireless security
    • web security

  • ISPEC 2013 9th Information Security Practice and Experience Conference, Lanzhou, China, May 12-14, 2013. (Submissions due 3 December 2012)

    ISPEC is an annual conference that brings together researchers and practitioners to provide a confluence of new information security technologies, their applications and their integration with IT systems in various vertical sectors. Authors are invited to submit full papers presenting new research results related to information security technologies and applications. Areas of interest include, but are not limited to:

    • Access control
    • Applied cryptography
    • Availability, resilience, and usability
    • Cryptanalysis
    • Database Security
    • Digital rights management
    • Information security in vertical applications
    • Multimedia security
    • Network security
    • Privacy and anonymity
    • Risk evaluation and security certification
    • Security of smart cards and RFID systems
    • Security policies
    • Security protocols
    • Security systems
    • Trust model and management
    • Trusted computing

  • HOST 2013 IEEE International Symposium on Hardware-oriented Security and Trust, Austin Convention Center, Austin, TX, USA, June 2-3, 2013. (Submissions due 10 December 2012)

    Pervasive computing is now penetrating a wider range of domains and applications, including many safety-critical cyber-physical systems that we increasingly depend on. Trusted hardware platforms make up the backbone for successful deployment and operation of these systems. However, recent advances in tampering and reverse engineering show that important challenges in guaranteeing the trust of these components await us. For example, malicious alterations inserted into electronic designs can allow for backdoors into the system. Furthermore, new forms of attacks that exploit side-channel signals are being developed. Third, intellectual-property protection is becoming a major concern in the globalized, horizontal semiconductor business model. HOST 2013 is a forum for novel solutions to address these challenges. Innovative test mechanisms may reveal Trojans in a design before they are able to do harm. Implementation attacks may be thwarted using side-channel resistant design or fault-tolerant designs. New security-aware design tools can assist a designer in implementing critical and trusted functionality, quickly and efficiently. The IEEE International Symposium on Hardware Oriented Security and Trust seeks original contributions in the area of hardware-oriented security. This includes tools, design methods, architectures, circuits, and novel applications of secure hardware. HOST 2013 seeks contributions based on, but not limited to, the following topics:

    • Counterfeit detection and avoidance
    • Cyber-physical security and trust
    • Trojan detection and isolation
    • Implementation attacks and countermeasures
    • Side channel analysis and fault analysis
    • Intellectual property protection and metering
    • Hardware architectures for cryptography
    • Hardware security primitives: PUFs and TRNGs
    • Reliability-security optimization and tradeoffs
    • Applications of secure hardware
    • Tools and methodologies for secure hardware design

  • NSS 2013 7th International Conference on Network and System Security, Madrid, Spain, June 3-4, 2013. (Submissions due 15 December 2012)

    NSS is an annual international conference covering research in network and system security. The conference seeks submissions from academia, industry, and government presenting novel research on all theoretical and practical aspects of network security, privacy, applications security, and system security. Papers describing case studies, implementation experiences, and lessons learned are also encouraged. Topics of interest include but are not limited to:

    • Active Defense Systems
    • Adaptive Defense Systems
    • Analysis, Benchmark of Security Systems
    • Applied Cryptography
    • Authentication
    • Biometric Security
    • Complex Systems Security
    • Database and System Security
    • Data Protection
    • Data/System Integrity
    • Distributed Access Control
    • Distributed Attack Systems
    • Denial-of-Service
    • High Performance Network Virtualization
    • High Performance Security Systems
    • Hardware Security
    • Identity Management
    • Intelligent Defense Systems
    • Insider Threats
    • Intellectual Property Rights Protection
    • Internet and Network Forensics
    • Intrusion Detection and Prevention
    • Key Distribution and Management
    • Large-scale Attacks and Defense
    • Malware
    • Network Resiliency
    • Network Security
    • RFID Security and Privacy
    • Security Architectures
    • Security for Critical Infrastructures
    • Security in P2P systems
    • Security in Cloud and Grid Systems
    • Security in E-Commerce
    • Security in Pervasive/Ubiquitous Computing
    • Security and Privacy in Smart Grid
    • Security and Privacy in Wireless Networks
    • Secure Mobile Agents and Mobile Code
    • Security Policy
    • Security Protocols
    • Security Simulation and Tools
    • Security Theory and Tools
    • Standards and Assurance Methods
    • Trusted Computing
    • Trust Management
    • World Wide Web Security

  • IFIP1110-CIP 2013 7th Annual IFIP WG 11.10 International Conference on Critical Infrastructure Protection, Washington, DC, USA, March 18-20, 2013. (Submissions due 31 December 2012)

    The IFIP Working Group 11.10 on Critical Infrastructure Protection is an active international community of researchers, infrastructure operators and policy-makers dedicated to applying scientific principles, engineering techniques and public policy to address current and future problems in information infrastructure protection. Following the success of the first six conferences, the Seventh Annual IFIP WG 11.10 International Conference on Critical Infrastructure Protection will again provide a forum for presenting original, unpublished research results and innovative ideas related to all aspects of critical infrastructure protection. Papers and panel proposals are solicited. Submissions will be refereed by members of Working Group 11.10 and other internationally-recognized experts in critical infrastructure protection. Papers and panel submissions will be selected based on their technical merit and relevance to IFIP WG 11.10. The conference will be limited to seventy participants to facilitate interactions among researchers and intense discussions of research and implementation issues. A selection of papers from the conference will be published in an edited volume - the seventh in the series entitled Critical Infrastructure Protection (Springer) - in the fall of 2013. Revised and/or extended versions of outstanding papers from the conference will be published in the International Journal of Critical Infrastructure Protection (Elsevier). Papers are solicited in all areas of critical infrastructure protection. Areas of interest include, but are not limited to:

    • Infrastructure vulnerabilities, threats and risks
    • Security challenges, solutions and implementation issues
    • Infrastructure sector interdependencies and security implications
    • Risk analysis and risk assessment methodologies
    • Modeling and simulation of critical infrastructures
    • Legal, economic and policy issues related to critical infrastructure protection
    • Secure information sharing
    • Infrastructure protection case studies
    • Distributed control systems/SCADA security
    • Telecommunications network security

  • SACMAT 2013 18th ACM Symposium on Access Control Models and Technologies, Amsterdam, The Netherlands, June 12-14, 2013. (Submissions due 6 January 2013)

    The ACM Symposium on Access Control Models and Technologies (SACMAT) continues the tradition, first established by the ACM Workshop on Role-Based Access Control, of being the premier forum for the presentation of research results and experience reports on leading edge issues of access control, including models, systems, applications, and theory. The missions of the symposium are to share novel access control solutions that fulfil the needs of heterogeneous applications and environments, and to identify new directions for future research and development. SACMAT provides researchers and practitioners with a unique opportunity to share their perspectives with others interested in the various aspects of access control. Papers offering novel research contributions in all aspects of access control are solicited for submission to the 18th ACM Symposium on Access Control Models and Technologies (SACMAT 2013). Topics of interest include but are not limited to:

    • Access control models and extensions
    • Access control requirements
    • Access control design methodology
    • Access control mechanisms, systems, and tools
    • Access control in distributed and mobile systems
    • Access control for innovative applications
    • Administration of access control policies
    • Economic models for access Control
    • Hardware enhanced access Control
    • Identity management
    • Policy/Role engineering
    • Safety analysis and enforcement
    • Standards for access control
    • Trust management
    • Trust and risk models in access control
    • Theoretical foundations for access control models
    • Usability in access control systems
    • Usage control

  • SPW 2013 21st International Workshop on Security Protocols, Sidney Sussex College, Cambridge, England, March 18-20, 2013. (Submissions due 7 January 2013)

    The theme of this year's workshop is "What's Happening on the Other Channel?" Many protocols use a secondary channel, either explicitly (as in multichannel protocols) but more usually implicitly, for example to exchange master keys, or their hashes. The role of the Other Channel is fundamental, and often problematic, and yet protocol composers typically take them as a given. Sometimes the Other Channel really is completely covert, but sometimes it just has properties that are different. And it's not only security properties that are relevant here: bandwidth, latency and error rate are often important considerations too. Even a line-of-sight channel usually doesn't quite have the properties that we unthinkingly attributed to it. Moriarty has been subscribing to the Other Channel for years: perhaps it's time for Alice and Bob to tune in too. This theme is not intended to restrict the topic of your paper, but to help provide a particular perspective and to focus the discussions. Our intention is to stimulate discussion likely to lead to conceptual advances, or to promising new lines of investigation, rather than merely to consider finished work.

  • IFIP-TM 2013 7th IFIP International Conference on Trust Management, Málaga, Spain, June 3-7, 2013. (Submissions due 25 January 2013)

    IFIPTM 2013 will be the 7th International Conference on Trust Management under the auspices of IFIP. The mission of the IFIPTM 2013 Conference is to share research solutions to problems of Trust and Trust management, and to identify new issues and directions for future research and development work. IFIPTM 2013 invites submissions presenting novel research on all topics related to Trust, Security and Privacy.

  • International Journal of Cloud Computing, Special Issue on Information Assurance and System Security in Cloud Computing, Fall 2013, (Submission Due 30 January 2013)

    Editors: Yu Chen (Binghamton University, USA), Kai Hwang (University of Southern California, USA), Wei-Shinn Ku (Auburn University, USA), and Douglas Summerville (Binghamton University, USA)
    
    Cloud computing has attracted interest from both industry and academia since 2007, which has been recognized as the new paradigm of IT industry. Cloud computing provides users with flexible services in a transparent manner. Services are allocated in a "cloud", which is a collection of devices and resources connected through the Internet. Before this paradigm can be widely accepted, the security, privacy and reliability provided by the services in the cloud must be well established. The special issue seeks original unpublished papers focusing on various aspects of security issues in cloud computing environments. Aiming at presenting and discussing the latest developments, this special issue welcomes papers addressing theoretical analysis, emerging applications, novel system architecture construction and design, experimental studies, and social impacts of cloud computing. Both review/survey papers and technical papers are encouraged. The topics include but are not limited to:
    

    • Emerging threats to Cloud-based services
    • Security model for new services
    • Security in Cloud-aware web service
    • Information hiding/encryption in Cloud Computing
    • Copyright protection in the Cloud
    • Securing distributed data storage in cloud
    • Privacy and security in Cloud Computing
    • Forensics in Cloud environments
    • Robust Cloud network architecture
    • Cloud Infrastructure Security
    • Intrusion detection/prevention
    • Denial-of-Service (DoS) attacks and defense
    • Robust job scheduling
    • Secure resource allocation and indexing
    • Secure payment for Cloud-aware services
    • User authentication in Cloud-aware services
    • Non-Repudiation solutions in the Cloud
    • Security for emerging Cloud programming models
    • Performance evaluation for security solutions
    • Testbed/Simulators for Cloud security research
    • Hardware-based Security solutions, i.e. hardware for encryption, etc.
    • Detection and prevention of hardware Trojans

  • CSF 2013 26th IEEE Computer Security Foundations Symposium, Tulane University, New Orleans Louisiana, USA, June 26 - 28, 2013. (Submissions due 30 January 2013)

    The Computer Security Foundations Symposium is an annual conference for researchers in computer security. CSF seeks papers on foundational aspects of computer security, e.g., formal security models, relationships between security properties and defenses, principled techniques and tools for design and analysis of security mechanisms as well as their application to practice. While CSF welcomes submissions beyond the topics listed below, the main focus of CSF is foundational security: submissions that lack foundational aspects risk rejection. New theoretical results in computer security are welcome. Possible topics include, but are not limited to:

    • Access control
    • Accountability
    • Anonymity and Privacy
    • Authentication
    • Cryptographic protocols
    • Data and system integrity
    • Database security
    • Data provenance
    • Decidability and complexity
    • Distributed systems security
    • Electronic voting
    • Executable content
    • Formal methods for security
    • Game Theory and Decision Theory
    • Hardware-based security
    • Information flow
    • Intrusion detection
    • Language-based security
    • Network security
    • Resource usage control
    • Security for mobile computing
    • Security models
    • Socio-technical security
    • Trust and trust management

  • ACNS 2013 11th International Conference on Applied Cryptography and Network Security, Banff, Alberta, Canada, June 25-28, 2013. (Submissions due 1 February 2013)

    The 11th International Conference on Applied Cryptography and Network Security seeks submissions from academia, industry, and government presenting novel research on all aspects of applied cryptography as well as network security and privacy. Papers describing novel paradigms, original directions, or non-traditional perspectives are also encouraged. The conference has two tracks: a research track and an industry track. Topics of interest include, but are not limited to:

    • Access control
    • Applied cryptography
    • Automated protocols analysis
    • Biometric security and privacy
    • Complex systems security
    • Critical infrastructure protection
    • Cryptographic primitives and protocols
    • Database and system security
    • Data protection
    • Digital rights management
    • Email and web security
    • Identity management
    • Intellectual property protection
    • Internet fraud
    • Intrusion detection and prevention
    • Key management
    • Malware
    • Network security protocols
    • Privacy, anonymity, and untraceability
    • Privacy-enhancing technology
    • Protection for the future Internet
    • Secure mobile agents and mobile code
    • Security in e-commerce
    • Security in P2P systems
    • Security in pervasive/ubiquitous computing
    • Security and privacy in cloud and grid systems
    • Security and privacy in distributed systems
    • Security and privacy in smart grids
    • Security and privacy in wireless networks
    • Security and privacy metrics
    • Trust management
    • Usability and security

  • TRUST 2013 6th International Conference on Trust and Trustworthy Computing, London, UK, June 17-19, 2013. (Submissions due 15 February 2013)

    TRUST 2013 is an international conference on the technical and socio-economic aspects of trustworthy infrastructures. It provides an excellent interdisciplinary forum for researchers, practitioners, and decision makers to explore new ideas and discuss experiences in building, designing, using and understanding trustworthy computing systems. The conference solicits original papers on any aspect (technical, social or socio-economic) of the design, application and usage of trusted and trustworthy computing. Papers can address design, application and usage of trusted and trustworthy computing in a broad range of concepts including, but not limited to, trustworthy infrastructures, cloud computing, services, hardware, software and protocols.

  • CNS 2013 1st IEEE Conference on Communications and Network Security, Washington D.C., USA, October 14-16, 2013. (Submissions due 1 March 2013)

    Cyber security has become an important research and development area for academia, government, and industry in recent years. As government and industry investment in cyber security research continues to grow, there will be a dramatic increase in the amount of new results generated by the research community, which must be disseminated widely amongst the research community in order to provide the peer review feedback that is needed to ensure that high-quality solutions that address important and emerging security issues are developed. As a leading professional society focusing on communications technologies, IEEE Communications Society (ComSoc) has identified the need for a high-quality security conference that would focus on communications-oriented aspects of security. IEEE ComSoc has thus decided to launch a new conference dedicated to Communications and Network Security. This new conference is positioned to be a core ComSoc conference (at a level comparable to IEEE INFOCOM ) and will serve as a premier forum for cyber security researchers, practitioners, policy makers, and users to exchange ideas, techniques and tools, raise awareness, and share experience related to security and privacy. IEEE CNS seeks original high-quality technical papers from academia, government, and industry. Topics of interest encompass all practical and theoretical aspects of communications and network security, all the way from the physical layer to the various network layers to the variety of applications reliant on a secure communication substrate. Submissions with main contribution in other areas, such as information security, software security, system security, or applied cryptography, will also be considered if a clear connection to secure communications/networking is demonstrated. Particular topics of interest include, but are not limited to:

    • Security and Privacy in the Internet, peer-to-peer networks, overlay networks
    • Security and Privacy in Wi-Fi, Wi-Max, ad hoc, mesh, sensor, and RFID networks
    • Security and Privacy in emerging technologies: social networks, cognitive radio networks, disruption/delay tolerant networks, vehicular networks, cloud computing, smart grid
    • Cross-layer methods for enhancing security
    • Information-theoretic security
    • Anonymization and privacy in communication systems
    • Traffic analysis, location privacy and obfuscation of mobile device information
    • Physical layer security methods: confidentiality and authentication
    • Secure routing, network management
    • Intrusion detection
    • Computer and network forensics
    • Vulnerability, exploitation tools, Malware, Botnet, DDoS attacks
    • Key management and PKI
    • Security metrics and performance evaluation, traffic analysis techniques
    • Web, e-commerce, m-commerce, and e-mail security
    • Social, economic and policy issues of trust, security and privacy
    • Ensuring the availability of communications, survivability of networks in the presence of denial of service
    • Jamming and jamming-resistance
    • Multipath routing around network holes

  • SOUPS 2013 Symposium On Usable Privacy and Security, Northumbria University, Newcastle, UK, July 24-26, 2013. (Submissions due 7 March 2013)

    The 2013 Symposium on Usable Privacy and Security (SOUPS) will bring together an interdisciplinary group of researchers and practitioners in human computer interaction, security, and privacy. The program will feature technical papers, a poster session, panels and invited talks, lightning talks and demos, and workshops and tutorials. We invite authors to submit original papers describing research or experience in all areas of usable privacy and security. Topics include, but are not limited to:

    • innovative security or privacy functionality and design
    • new applications of existing models or technology
    • field studies of security or privacy technology
    • usability evaluations of new or existing security or privacy features
    • security testing of new or existing usability features
    • longitudinal studies of deployed security or privacy features
    • the impact of organizational policy or procurement decisions
    • lessons learned from the deployment and use of usable privacy and security features
    • reports of replicating previously published studies and experiments
    • reports of failed usable security studies or experiments, with the focus on the lessons learned from such experience

 

• Staying in touch....

  • Information for Subscribers and Contributors

  • Who's where: recent address changes Kevin Fu has recently announced his move to the University of Michigan

  • Changing your email address?  Please send updates to cipher@ieee-security.org