Cipher Electronic Newsletter of the Technical Committe on    Security & Privacy A Technical Committee of the Computer Society of the IEEE  Electronic Issue (EI) 112,  January 21, 2013 Hilarie Orman,  Editor Richard Austin Book Review Editor Sven Dietrich, Associate Editor Yong Guan, Calendar Editor

Contents:

• Letter from the Editor 
   

• Commentary and Opinion

  • Richard Austin's review of Critical Thinking for Strategic Intelligence by K. H. Pherson and R. H. Pherson

  • Richard Austin's review of All In One CISSP Exam Guide by Shon Harris

  • NewsBits:  Announcements and correspondence from readers (please contribute!)

    • Deadline for NSA Best Paper Competition is Jan. 31, 2013
    • Verified Software Milestone Award Winner is Xavier Leroy
    • 10 Arrested in Theft of Web Data
    • Health-care sector vulnerable to hackers, researchers say
    • U.S. Banks Again Hit by Wave of Cyberattacks
    • Banks seek NSA help amid attacks on their computer systems
    • Computer malware targets Europe agencies

  • Book reviews from past Cipher issues

  • Conference Reports and Commentary from past Cipher issues

  • News items from past Cipher issues

 

• Listing of academic positions available  by Cynthia Irvine
  

  • Posted Jan 2013
    Max Planck Institute for Software Systems (MPI-SWS)
    Kaiserslautern and Saarbruecken, Germany
    Tenure-track and tenured faculty
    Deadline: January 31, 2013
    https://www.mpi-sws.org/index.php?n=careers/tenure-track
    
  • (Announced to Cipher on Dec 14 2012)
    Department of Computer Science, Virginia Tech
    National Capital Region
    Associate Professor in Cybersecurity
    Screening begins Dec. 31, 2012 and continues until position is filled
    https://listings.jobs.vt.edu/postings/28397
  • (Announced to Cipher on Dec 19 2012)
    Stony Brook University
    Long Island, New York
    Multiple tenure track positions
    Review will begin immediately and continue until positions are filled
    https://hiring.cs.stonybrook.edu
  • Posted Dec 2012
    New York University, Abu Dhabi
    Abu Dhabi, UAE
    Assistant, Associate or Full Professor
    Date position announcement closes: January 15, 2013
    http://nyuad.nyu.edu/about/careers/faculty-positions.html
  • Posted Nov 2012
    University of Texas at El Paso
    El Paso, Texas
    Assistant Professor
    Applications encouraged by November 15, 2012
    http://www.cs.utep.edu/DeptCS/hiring/open-position2013.html
 

• The Technical Committee on Security and Privacy

• Conference and Workshop Announcements

  • Cipher calls-for-papers and calendar
    and "ciphernews" on Twitter

  • Calendar of Events
    • 1/25/13: IFIP-TM, 7th IFIP International Conference on Trust Management, Málaga, Spain; Submissions are due
    • 1/28/13- 1/30/13: IFIP119-DF, 9th Annual IFIP WG 11.9 International Conference on Digital Forensics, Orlando, Florida, USA
    • 1/30/13: International Journal of Cloud Computing, Special Issue on Information Assurance and System Security in Cloud Computing; Submissions are due
    • 1/30/13: CSF, 26th IEEE Computer Security Foundations Symposium, Tulane University, New Orleans Louisiana, USA; Submissions are due
    • 1/31/13: IEEE Transactions on Network and Service Management, Special Issue on Management of Cloud Services; Submissions are due
    • 1/31/13: NFSP, 2nd International Workshop on Network Forensics, Security and Privacy, Held in conjunction with the 33rd International Conference on Distributed Computing Systems (ICDCS 2013), Philadelphia, PA, USA; Submissions are due
    • 1/31/13: WISTP, 7th Workshop in Information Security Theory and Practice, Heraklion, Greece; Submissions are due
    • 2/ 1/13: ACNS, 11th International Conference on Applied Cryptography and Network Security, Banff, Alberta, Canada; Submissions are due
    • 2/ 1/13: AsiaPKC, ACM Asia Public-Key Cryptography Workshop, Held in conjunction with the the 8th ACM Symposium on Information, Computer and Communications Security (ASIACCS 2013), Hangzhou, China; Submissions are due
    • 2/ 1/13: SESP, 1st International Workshop on Security in Embedded Systems and Smartphones, Held in conjunction with the the 8th ACM Symposium on Information, Computer and Communications Security (ASIACCS 2013), Hangzhou, China; Submissions are due
    • 2/ 1/13: SCC, International Workshop on Security in Cloud Computing, Held in conjunction with the the 8th ACM Symposium on Information, Computer and Communications Security (ASIACCS 2013), Hangzhou, China; Submissions are due
    • 2/10/13: Elsevier Computer Communications Journal, Special Issue on Opportunistic Networking; Submissions are due
    • 2/10/13: DIMVA, 10th International Conference on Detection of Intrusions and Malware & Vulnerability Assessment, Berlin, Germany; Submissions are due
    • 2/15/13: TRUST, 6th International Conference on Trust and Trustworthy Computing, London, UK; Submissions are due
    • 2/15/13: DBSEC, 27th Annual IFIP WG 11.3 Working Conference on Data and Applications Security and Privacy, Rutgers University, Newark, NJ, USA; Submissions are due
    • 2/18/13- 2/20/13: CODASPY, 3nd ACM Conference on Data and Application Security and Privacy, San Antonio, Texas, USA
    • 2/21/13: USENIX-Security, 22nd USENIX Security Symposium, Washington, DC. USA; Submissions are due
    • 2/22/13: MoST, Mobile Security Technologies Workshop, Co-located with the 34th IEEE Symposium on Security and Privacy (IEEE S&P 2013) and an event of the IEEE Computer Society's Security and Privacy Workshops (SPW 2013), San Francisco, CA, USA; Submissions are due
    • 2/24/13- 2/27/13: NDSS, 20th Annual Network and Distributed System Security Symposium, Catamaran Resort Hotel and Spa San Diego, California, USA
    • 2/27/13- 3/ 1/13: ESSoS, 5th International Symposium on Engineering Secure Software and Systems, Paris, France
    • 2/28/13: D-SPAN, 4th IEEE Workshop on Data Security and Privacy in Wireless Networks, Co-located with the 14th International Symposium on a World of Wireless, Mobile and Multimedia Networks (WoWMoM 2013), Madrid, Spain; Submissions are due
    • 3/ 1/13: CNS, 1st IEEE Conference on Communications and Network Security, Washington D.C., USA; Submissions are due
    • 3/ 1/13: W2SP, Web 2.0 Security & Privacy Workshop, Co-located with the 34th IEEE Symposium on Security and Privacy (IEEE S&P 2013) and an event of the IEEE Computer Society's Security and Privacy Workshops (SPW 2013), San Francisco, CA, USA; Submissions are due
    • 3/ 1/13: CHES, Workshop on Cryptographic Hardware and Embedded Systems, Co-located with the 33rd Annual International Cryptology Conference (CRYPTO 2013), Santa Barbara, California, USA; Submissions are due
    • 3/ 4/13: PRISMS, International Conference on Privacy and Security in Mobile Systems, Atlantic City, NJ, USA; Submissions are due
    • 3/ 7/13: SOUPS, Symposium On Usable Privacy and Security, Northumbria University, Newcastle, UK; Submissions are due
    • 3/11/13: VOTE-ID, 4th International Conference on E-voting and Identity, University of Surrey, Guildford, UK; Submissions are due
    • 3/15/13: HST, 13th annual IEEE Conference on Technologies for Homeland Security, Waltham, Massachusetts, USA; Submissions are due
    • 3/17/13: PST, 11th International Conference on Privacy, Security and Trust, Tarragona, Catalonia; Submissions are due
    • 3/18/13- 3/20/13: IFIP1110-CIP, 7th Annual IFIP WG 11.10 International Conference on Critical Infrastructure Protection, Washington, DC, USA
    • 3/18/13- 3/20/13: SPW, 21st International Workshop on Security Protocols, Sidney Sussex College, Cambridge, England
    • 4/ 1/13- 4/ 5/13: FC, 17th International Conference on Financial Cryptography and Data Security, Bankoku Shinryokan, Busena Terrace Beach Resort, Okinawa, Japan
    • 4/ 2/13: RFIDSEC, 9th Workshop on RFID Security, Graz, Austria; Submissions are due
    • 4/ 8/13- 4/ 9/13: IDMAN, 3rd IFIP WG 11.6 Working Conference on Policies & Research in Identity Management, London, UK
    • 5/ 7/13: AsiaPKC, ACM Asia Public-Key Cryptography Workshop, Held in conjunction with the the 8th ACM Symposium on Information, Computer and Communications Security (ASIACCS 2013), Hangzhou, China
    • 5/ 7/13: SESP, 1st International Workshop on Security in Embedded Systems and Smartphones, Held in conjunction with the the 8th ACM Symposium on Information, Computer and Communications Security (ASIACCS 2013), Hangzhou, China
    • 5/ 7/13: SCC, International Workshop on Security in Cloud Computing, Held in conjunction with the the 8th ACM Symposium on Information, Computer and Communications Security (ASIACCS 2013), Hangzhou, China
    • 5/ 8/13- 5/10/13: ASIACCS, 8th ACM Symposium on Information, Computer and Communications Security, Hangzhou, China
    • 5/12/13- 5/14/13: ISPEC, 9th Information Security Practice and Experience Conference, Lanzhou, China
    • 5/19/13- 5/22/13: SP, 34th IEEE Symposium on Security and Privacy, San Francisco, California, USA
    • 5/23/13: MoST, Mobile Security Technologies Workshop, Co-located with the 34th IEEE Symposium on Security and Privacy (IEEE S&P 2013) and an event of the IEEE Computer Society's Security and Privacy Workshops (SPW 2013), San Francisco, CA, USA
    • 5/24/13: W2SP, Web 2.0 Security & Privacy Workshop, Co-located with the 34th IEEE Symposium on Security and Privacy (IEEE S&P 2013) and an event of the IEEE Computer Society's Security and Privacy Workshops (SPW 2013), San Francisco, CA, USA
    • 5/28/13- 5/30/13: WISTP, 7th Workshop in Information Security Theory and Practice, Heraklion, Greece
    • 6/ 2/13- 6/ 3/13: HOST, IEEE International Symposium on Hardware-oriented Security and Trust, Austin Convention Center, Austin, TX, USA
    • 6/ 3/13- 6/ 4/13: NSS, 7th International Conference on Network and System Security, Madrid, Spain
    • 6/ 3/13- 6/ 7/13: IFIP-TM, 7th IFIP International Conference on Trust Management, Málaga, Spain
    • 6/ 4/13: D-SPAN, 4th IEEE Workshop on Data Security and Privacy in Wireless Networks, Co-located with the 14th International Symposium on a World of Wireless, Mobile and Multimedia Networks (WoWMoM 2013), Madrid, Spain
    • 6/12/13- 6/14/13: SACMAT, 18th ACM Symposium on Access Control Models and Technologies, Amsterdam, The Netherlands
    • 6/17/13- 6/19/13: TRUST, 6th International Conference on Trust and Trustworthy Computing, London, UK
    • 6/24/13- 6/27/13: PRISMS, International Conference on Privacy and Security in Mobile Systems, Atlantic City, NJ, USA
    • 6/25/13- 6/28/13: ACNS, 11th International Conference on Applied Cryptography and Network Security, Banff, Alberta, Canada
    • 6/26/13- 6/28/13: CSF, 26th IEEE Computer Security Foundations Symposium, Tulane University, New Orleans Louisiana, USA
    • 7/ 8/13: NFSP, 2nd International Workshop on Network Forensics, Security and Privacy, Held in conjunction with the 33rd International Conference on Distributed Computing Systems (ICDCS 2013), Philadelphia, PA, USA
    • 7/ 9/13- 7/11/13: RFIDSEC, 9th Workshop on RFID Security, Graz, Austria
    • 7/10/13- 7/12/13: PST, 11th International Conference on Privacy, Security and Trust, Tarragona, Catalonia
    • 7/15/13- 7/17/13: DBSEC, 27th Annual IFIP WG 11.3 Working Conference on Data and Applications Security and Privacy, Rutgers University, Newark, NJ, USA
    • 7/17/13- 7/19/13: VOTE-ID, 4th International Conference on E-voting and Identity, University of Surrey, Guildford, UK
    • 7/18/13- 7/19/13: DIMVA, 10th International Conference on Detection of Intrusions and Malware & Vulnerability Assessment, Berlin, Germany
    • 7/24/13- 7/26/13: SOUPS, Symposium On Usable Privacy and Security, Northumbria University, Newcastle, UK
    • 7/14/13- 7/16/13: USENIX-Security, 22nd USENIX Security Symposium, Washington, DC. USA
    • 8/20/13- 8/23/13: CHES, Workshop on Cryptographic Hardware and Embedded Systems, Co-located with the 33rd Annual International Cryptology Conference (CRYPTO 2013), Santa Barbara, California, USA
    • 10/14/13-10/16/13: CNS, 1st IEEE Conference on Communications and Network Security, Washington D.C., USA
    • 11/12/13-11/14/13: HST, 13th annual IEEE Conference on Technologies for Homeland Security, Waltham, Massachusetts, USA
    
    
  • new calls or announcements added since Cipher E111

  • IFIP-TM 2013 7th IFIP International Conference on Trust Management, Málaga, Spain, June 3-7, 2013. (Submissions due 25 January 2013)

    IFIPTM 2013 will be the 7th International Conference on Trust Management under the auspices of IFIP. The mission of the IFIPTM 2013 Conference is to share research solutions to problems of Trust and Trust management, and to identify new issues and directions for future research and development work. IFIPTM 2013 invites submissions presenting novel research on all topics related to Trust, Security and Privacy.

  • International Journal of Cloud Computing, Special Issue on Information Assurance and System Security in Cloud Computing, Fall 2013, (Submission Due 30 January 2013)

    Editors: Yu Chen (Binghamton University, USA), Kai Hwang (University of Southern California, USA), Wei-Shinn Ku (Auburn University, USA), and Douglas Summerville (Binghamton University, USA)
    
    Cloud computing has attracted interest from both industry and academia since 2007, which has been recognized as the new paradigm of IT industry. Cloud computing provides users with flexible services in a transparent manner. Services are allocated in a "cloud", which is a collection of devices and resources connected through the Internet. Before this paradigm can be widely accepted, the security, privacy and reliability provided by the services in the cloud must be well established. The special issue seeks original unpublished papers focusing on various aspects of security issues in cloud computing environments. Aiming at presenting and discussing the latest developments, this special issue welcomes papers addressing theoretical analysis, emerging applications, novel system architecture construction and design, experimental studies, and social impacts of cloud computing. Both review/survey papers and technical papers are encouraged. The topics include but are not limited to:
    

    • Emerging threats to Cloud-based services
    • Security model for new services
    • Security in Cloud-aware web service
    • Information hiding/encryption in Cloud Computing
    • Copyright protection in the Cloud
    • Securing distributed data storage in cloud
    • Privacy and security in Cloud Computing
    • Forensics in Cloud environments
    • Robust Cloud network architecture
    • Cloud Infrastructure Security
    • Intrusion detection/prevention
    • Denial-of-Service (DoS) attacks and defense
    • Robust job scheduling
    • Secure resource allocation and indexing
    • Secure payment for Cloud-aware services
    • User authentication in Cloud-aware services
    • Non-Repudiation solutions in the Cloud
    • Security for emerging Cloud programming models
    • Performance evaluation for security solutions
    • Testbed/Simulators for Cloud security research
    • Hardware-based Security solutions, i.e. hardware for encryption, etc.
    • Detection and prevention of hardware Trojans

  • CSF 2013 26th IEEE Computer Security Foundations Symposium, Tulane University, New Orleans Louisiana, USA, June 26 - 28, 2013. (Submissions due 30 January 2013)

    The Computer Security Foundations Symposium is an annual conference for researchers in computer security. CSF seeks papers on foundational aspects of computer security, e.g., formal security models, relationships between security properties and defenses, principled techniques and tools for design and analysis of security mechanisms as well as their application to practice. While CSF welcomes submissions beyond the topics listed below, the main focus of CSF is foundational security: submissions that lack foundational aspects risk rejection. New theoretical results in computer security are welcome. Possible topics include, but are not limited to:

    • Access control
    • Accountability
    • Anonymity and Privacy
    • Authentication
    • Cryptographic protocols
    • Data and system integrity
    • Database security
    • Data provenance
    • Decidability and complexity
    • Distributed systems security
    • Electronic voting
    • Executable content
    • Formal methods for security
    • Game Theory and Decision Theory
    • Hardware-based security
    • Information flow
    • Intrusion detection
    • Language-based security
    • Network security
    • Resource usage control
    • Security for mobile computing
    • Security models
    • Socio-technical security
    • Trust and trust management

  • IEEE Transactions on Network and Service Management, Special Issue on Management of Cloud Services, Fall 2013, (Submission Due 31 January 2013)

    Editors: Gregorio Martinez (University of Murcia, Spain), Roy Campbell (University of Illinois, USA), and Jose M. Alcaraz Calero (Hewlett-Packard Laboratories, UK)
    
    Cloud computing is becoming recognized as a revolutionary new way to use computing and storage services more efficiently. Revenues for public cloud services for one company, Amazon Web Services, have reached almost $1 billion a year. Yet cloud computing is challenging traditional management methods as it encompasses the business support, provisioning, configuration, portability, and interoperability of cloud providers supporting cloud consumers and brokers as outlined in the NIST Cloud Computing Reference Architecture. Business support includes the management of customers, contracts, and inventory as well as accounting, billing, reporting, auditing, pricing, and rating. Provisioning and configuration must consider rapid provisioning, resource changing, monitoring, reporting, metering, and service level agreements (SLA). Portability and interoperability concerns both efficient and inexpensive data and application migration across multiple cloud environments. This can include data portability, data object migration, bulk data transfer; a unified management interface to support service interoperability across multiple cloud providers; and the migration of applications, services, machine images or virtual machine instances from one cloud provider to another. Cloud provisions like multi-tenancy, interoperability, scalability, reliability, efficiency, support of on-demand service composition, privacy, security and advanced audit are posing a set of challenges to the management field still largely to be addressed. This special issue is intending to serve as a work of reference compiling the major achievements in the management of cloud services with emphasis on the field of network and service management. The final objective is to make cloud services and technologies more mature so as to boost and to facilitate a higher widespread uptake of cloud systems in the industry. Topics of interest, include, but are not limited to the following:

    • Cloud service orchestration, APIs and usage control
    • Cloud service auditing, monitoring, and metering
    • Design of components of a management as a service layer
    • Management of cloud federations
    • Mobility management in cloud scenarios
    • Multi-cloud applications
    • New models and paradigms for cloud service management
    • Novel and emerging standards for interoperability between clouds
    • QoS/QoE and SLA management in the cloud
    • Secure and private management of cloud data

  • NFSP 2013 2nd International Workshop on Network Forensics, Security and Privacy, Held in conjunction with the 33rd International Conference on Distributed Computing Systems (ICDCS 2013), Philadelphia, PA, USA, July 8, 2013. (Submissions due 31 January 2013)

    Cyberspace has been reshaped as an integration of businesses, governments and individuals, such as e-business, communication and social life. At the same time, it has also been providing convenient platforms for crimes, such as financial fraud, information phishing, distributed denial of service attacks, and fake message propagation. Especially, the emergence of social networks has raised significant security and privacy issues to the public. We have seen news of various network related security attacks from time to time, and defenders are usually vulnerable to detect, mitigate and traceback to the source of attacks. It is a new research challenge of fighting against criminals in the cyber space. The potential solutions involve various disciplines, such as networking, watermarking, information theory, game theory, mathematical and statistical modelling, data mining, artificial intelligence, multimedia processing, neural network, pattern recognition, cryptography and forensic criminology, etc.

  • WISTP 2013 7th Workshop in Information Security Theory and Practice, Heraklion, Greece, May 28-30, 2013. (Submissions due 31 January 2013)

    Current developments in IT are characterized by an increasing use of personal mobile devices and an increasing reliance on IT for supporting industrial applications in the physical world. A new persepctive on socio-technical and cyber-physical systems is required that sees in IT more than just an infrastructure but focuses on the ever closer integration between social and technical processes as well. Application markets, such as Google Play and Apple App Store drive a mobile ecosystem, offering new business models with high turnovers and new opportunities, which however, also attract cybercriminals and raise new privacy concerns. In the area of cyber-physical systems, research has to go beyond securing the IT infrastructure and to consider attacks launched by combining manipulations in physical space and cyber space. The workshop seeks submissions from academia and industry presenting novel research on all aspects of security and privacy of mobile devices, such as Android and iOS platforms, as well as studies on securing cyber-physical systems.

  • ACNS 2013 11th International Conference on Applied Cryptography and Network Security, Banff, Alberta, Canada, June 25-28, 2013. (Submissions due 1 February 2013)

    The 11th International Conference on Applied Cryptography and Network Security seeks submissions from academia, industry, and government presenting novel research on all aspects of applied cryptography as well as network security and privacy. Papers describing novel paradigms, original directions, or non-traditional perspectives are also encouraged. The conference has two tracks: a research track and an industry track. Topics of interest include, but are not limited to:

    • Access control
    • Applied cryptography
    • Automated protocols analysis
    • Biometric security and privacy
    • Complex systems security
    • Critical infrastructure protection
    • Cryptographic primitives and protocols
    • Database and system security
    • Data protection
    • Digital rights management
    • Email and web security
    • Identity management
    • Intellectual property protection
    • Internet fraud
    • Intrusion detection and prevention
    • Key management
    • Malware
    • Network security protocols
    • Privacy, anonymity, and untraceability
    • Privacy-enhancing technology
    • Protection for the future Internet
    • Secure mobile agents and mobile code
    • Security in e-commerce
    • Security in P2P systems
    • Security in pervasive/ubiquitous computing
    • Security and privacy in cloud and grid systems
    • Security and privacy in distributed systems
    • Security and privacy in smart grids
    • Security and privacy in wireless networks
    • Security and privacy metrics
    • Trust management
    • Usability and security

  • AsiaPKC 2013 ACM Asia Public-Key Cryptography Workshop, Held in conjunction with the the 8th ACM Symposium on Information, Computer and Communications Security (ASIACCS 2013), Hangzhou, China, May 7, 2013. (Submissions due 1 February 2013)

    Public-key cryptography plays an essential role in processing various kinds of data while assuring different flavors of cryptographic properties. The theme of this workshop is focused on novel public-key cryptosystems and techniques that can be used to solve a wide range of real-life application problems. This workshop solicits original contributions on both applied and theoretic aspects of public-key cryptography. Topics of interest to the workshop include, but at not limited to:

    • Applied public-key cryptography for solving emerging application problems
    • Provably-secure public-key primitives and protocols
    • Key management for, and by, public-key cryptosystems
    • Privacy-preserving cryptographic computations
    • Two-party and multi-party computations
    • Homomorphic public-key cryptosystems
    • Attributed-based and functional public-key cryptography
    • Digital signatures with special properties
    • System security properties of public-key cryptography
    • Post-quantum public-key cryptography
    • Fast implementation of public-key cryptosystems

  • SESP 2013 1st International Workshop on Security in Embedded Systems and Smartphones, Held in conjunction with the the 8th ACM Symposium on Information, Computer and Communications Security (ASIACCS 2013), Hangzhou, China, May 7, 2013. (Submissions due 1 February 2013)

    Embedded computing has recently become more and more present in devices used in everyday life. A wide variety of applications, from consumer electronics to biomedical systems, require building up powerful yet cheap embedded devices. In this context, embedded software has turned out to be more and more complex, posing new security challenging issues. We broadly view that smartphones as mobile embedded systems. This workshop aims to bring together the research efforts from both the academia and industry in all security and privacy aspects related to embedded systems and smart phones. We encourage submissions on all theoretical and practical aspects, as well as experimental studies of deployed systems. Topics of interests include (but are not limited to) the following subject categories related to embedded systems and smart phone:

    • Secure embedded system architecture
    • System-level security design and simulation techniques for Embedded Systems
    • Verification and validation of Embedded Systems
    • Security and privacy for Cyber physical systems (Internet of Things) and networked sensor devices
    • Security implications for multicore, SoC-based, and heterogeneous Embedded Systems and applications
    • Secure data management in Embedded Systems
    • Middleware and virtual machines security in Embedded Systems
    • Secure management of virtualized resources
    • Authenticating users to devices and services
    • Mobile Web Browsers
    • Usability
    • Rogue application detection and recovery
    • Vulnerability detection and remediation
    • Secure application development
    • Cloud support for mobile and embedded system security

  • SCC 2013 International Workshop on Security in Cloud Computing, Held in conjunction with the the 8th ACM Symposium on Information, Computer and Communications Security (ASIACCS 2013), Hangzhou, China, May 7, 2013. (Submissions due 1 February 2013)

    Cloud computing has emerged as today's most exciting computing paradigm shift in information technology. With the efficient sharing of abundant computing resources in the cloud, users can economically enjoy the on-demand high quality cloud applications and services without committing large capital outlays locally. While the cloud benefits are compelling, its unique attributes also raise many security and privacy challenges in areas such as data security, recovery, privacy, access control, trusted computing, as well as legal issues in areas such as regulatory compliance, auditing, and many others. This workshop aims to bring together the research efforts from both the academia and industry in all security aspects related to cloud computing. We encourage submissions on all theoretical and practical aspects, as well as experimental studies of deployed systems. Topics of interests include (but are not limited to) the following subject categories:

    • Secure cloud architecture
    • Cloud access control and key management
    • Identification and privacy in cloud
    • Integrity assurance for data outsourcing
    • Integrity and verifiable computation
    • Computation over encrypted data
    • Software and data segregation security
    • Secure management of virtualized resources
    • Trusted computing technology
    • Joint security and privacy aware protocol design
    • Failure detection and prediction
    • Secure data management within and across data centers
    • Availability, recovery and auditing
    • Secure computation outsourcing
    • Secure mobile cloud

  • Elsevier Computer Communications Journal, Special Issue on Opportunistic Networking, Fall 2013 (TBD), (Submission Due 10 February 2013)

    Editors: Chiara Boldrini (IIT-CNR, Italy), Kyunghan Lee (Ulsan National Institute of Science and Technology, Korea), Melek Onen (EURECOM, France), Joerg Ott (Aalto University, Finland), and Elena Pagani (Universita' degli Studi di Milano, Italy)
    
    The widespread availability of mobile portable devices enriched with a variety of sensing capabilities, coupled with the impelling need of communication anytime and anywhere, has rapidly raised the interest towards new approaches to communications between users. Opportunistic networks are an instance of the delay tolerant paradigm applied to networks made up of users' portable devices (such as smartphones and tablets). As such, they are able to cope with challenged network conditions that are often present in real life, such as high node mobility, variable connectivity, and disconnections, which would impair communications in traditional Mobile Ad Hoc Networks. In this scenario, user mobility becomes one of the main drivers to enable message delivery. In fact, according to the store-carry-and-forward paradigm, user devices store messages and carry them around while they move in the network, exchanging them upon encounter with other nodes, and eventually delivering them to their destination or to interested users. This new communication paradigm enables legacy applications in challenged scenarios, as well as it paves the way to innovative solutions. While opportunistic networks initially received attention to support communication where an infrastructure is not available (for disaster recovery or in rural areas), nowadays a number of applications can be envisaged ranging from content sharing, through mobile social networking, to participatory and urban sensing. All these applications rely on data forwarding amongst devices. As a consequence, two aspects become relevant, that is, the need for mechanisms guaranteeing trusted and secure communications while preserving users' privacy (in the absence of infrastructure and sometimes even end-to-end connectivity), and incentive mechanisms able to boost the participation in the network. This Special Issue of Computer Communications seeks contributions pushing the state of the art in Opportunistic Networking. Topics of interest include (but are not limited to) the following:

    • Mobility measurements and models, mobility trace analysis
    • Measurements, models, and analysis for user behaviors on mobile devices
    • Unicast and multicast routing
    • Transport, congestion control, and reliability issues
    • Content dissemination, content caching, service composition, opportunistic computing
    • Trust, security & privacy in opportunistic forwarding, incentive mechanisms, reputation systems, and key management
    • Application support and middleware for opportunistic networks
    • New applications and services relying on opportunistic networking
    • Systems and experience for real-world deployments

  • DIMVA 2013 10th International Conference on Detection of Intrusions and Malware & Vulnerability Assessment, Berlin, Germany, July 18-19 2013. (Submissions due 10 February 2013)

    The annual DIMVA conference serves as a premier forum for advancing the state of the art in intrusion detection, malware detection, and vulnerability assessment. Each year, DIMVA brings together international experts from academia, industry, and government to present and discuss novel research in these areas. DIMVA solicits submission of high-quality, original scientific papers presenting novel research on malware analysis, intrusion detection, and related systems security topics.

  • TRUST 2013 6th International Conference on Trust and Trustworthy Computing, London, UK, June 17-19, 2013. (Submissions due 15 February 2013)

    TRUST 2013 is an international conference on the technical and socio-economic aspects of trustworthy infrastructures. It provides an excellent interdisciplinary forum for researchers, practitioners, and decision makers to explore new ideas and discuss experiences in building, designing, using and understanding trustworthy computing systems. The conference solicits original papers on any aspect (technical, social or socio-economic) of the design, application and usage of trusted and trustworthy computing. Papers can address design, application and usage of trusted and trustworthy computing in a broad range of concepts including, but not limited to, trustworthy infrastructures, cloud computing, services, hardware, software and protocols.

  • DBSEC 2013 27th Annual IFIP WG 11.3 Working Conference on Data and Applications Security and Privacy, Rutgers University, Newark, NJ, USA, July 15-17, 2013. (Submissions due 15 February 2013)

    The 27th Annual IFIP WG 11.3 Working Conference on Data and Applications Security and Privacy provides a forum for presenting original unpublished research results, practical experiences, and innovative ideas in data and applications security. Both papers and panel proposals are also solicited. Papers may present theory, techniques, applications, or practical experience on topics of relevance to IFIP WG 11.3:

    • Access Control
    • Applied cryptography in data security
    • Identity theft and countermeasures
    • Integrity maintenance
    • Intrusion detection
    • Knowledge discovery and privacy
    • Logics for security and privacy
    • Organizational security
    • Privacy-preserving data management
    • Secure transaction processing
    • Secure information integration
    • Secure Semantic Web
    • Secure sensor monitoring
    • Secure Web Services
    • Threats, vulnerabilities, and risk management
    • Trust management

  • USENIX-Security 2013 22nd USENIX Security Symposium, Washington, DC. USA, August 14-16, 2013. (Submissions due 21 February 2013)

    The USENIX Security Symposium brings together researchers, practitioners, system administrators, system programmers, and others interested in the latest advances in the security of computer systems and networks. The USENIX Security Symposium is primarily a systems security conference. Papers whose contributions are primarily new cryptographic algorithms or protocols, cryptanalysis, electronic commerce primitives, etc., may not be appropriate for this conference. Refereed paper submissions are solicited in all areas relating to systems and network security, including:

    • Analysis of network and security protocols
    • Applications of cryptographic techniques
    • Attacks with novel insights, techniques, or results
    • Authentication and authorization of users, systems, and applications
    • Automated tools for source code analysis
    • Botnets
    • Cryptographic implementation analysis and construction
    • Denial-of-service attacks and countermeasures
    • Embedded systems security
    • File and filesystem security
    • Forensics and diagnostics for security
    • Hardware security
    • Human-computer interaction, security, and privacy
    • Intrusion and anomaly detection and prevention
    • Malicious code analysis, anti-virus, anti-spyware
    • Mobile system security
    • Network infrastructure security
    • Operating system security
    • Privacy-enhancing technologies
    • Security architectures
    • Security education and training
    • Security for critical infrastructures
    • Security in heterogeneous and large-scale environments
    • Security in ubiquitous computing environments
    • Security policy
    • Self-protecting and self-healing systems
    • Techniques for developing secure systems
    • Technologies for trustworthy computing
    • Wireless security
    • Web security, including client-side and server-side security

  • MoST 2013 Mobile Security Technologies Workshop, Co-located with the 34th IEEE Symposium on Security and Privacy (IEEE S&P 2013) and an event of the IEEE Computer Society's Security and Privacy Workshops (SPW 2013), San Francisco, CA, USA, May 23, 2013. (Submissions due 22 February 2013)

    Mobile Security Technologies (MoST) brings together researchers, practitioners, policy makers, and hardware and software developers of mobile systems to explore the latest understanding and advances in the security and privacy for mobile devices, applications, and systems. We are seeking both short position papers (2-4 pages) and longer papers (a maximum of 10 pages). The scope of MoST 2013 includes, but is not limited to, security and privacy specifically for mobile devices and services related to:

    • Device hardware
    • Operating systems
    • Middleware
    • Mobile web
    • Secure and efficient communication
    • Secure application development tools and practices
    • Privacy
    • Vulnerabilities and remediation techniques
    • Usable security
    • Identity and access control
    • Risks in putting trust in the device vs. in the network/cloud
    • Special applications, such as medical monitoring and records
    • Mobile advertisement
    • Secure applications and application markets
    • Economic impact of security and privacy technologies

  • D-SPAN 2013 4th IEEE Workshop on Data Security and Privacy in Wireless Networks, Co-located with the 14th International Symposium on a World of Wireless, Mobile and Multimedia Networks (WoWMoM 2013), Madrid, Spain, June 4, 2013. (Submissions due 28 February 2013)

    The workshop focuses on research developments related to data security and privacy in wireless and mobile networks. This workshop solicits papers from two main categories: (1) papers that consider the security and privacy of data collection, transmission, storage, publishing, and sharing in wireless networks broadly defined, e.g., MANET, cellular, vehicular, ad hoc, cognitive, and sensor networks; and (2) papers that use data analytics to address security and privacy problems in wireless networks. The workshop provides a venue for researchers to present new ideas with impact on three communities - wireless networks, databases, and security. Topics of interest include, but are not limited to:

    • Secure Localization and location privacy
    • Privacy and anonymity in wireless and mobile networks
    • Secure query processing, data collection, and aggregation for wireless sensor networks
    • Secure and private data streaming
    • Key extraction, distribution, and management in wireless networks
    • Secure data processing in mobile ad-hoc networks (MANET)
    • Secure data collection in body-area networks
    • Throughput-security tradeoffs in wireless networks
    • Wireless and mobile security for health and smart grid applications

  • CNS 2013 1st IEEE Conference on Communications and Network Security, Washington D.C., USA, October 14-16, 2013. (Submissions due 1 March 2013)

    Cyber security has become an important research and development area for academia, government, and industry in recent years. As government and industry investment in cyber security research continues to grow, there will be a dramatic increase in the amount of new results generated by the research community, which must be disseminated widely amongst the research community in order to provide the peer review feedback that is needed to ensure that high-quality solutions that address important and emerging security issues are developed. As a leading professional society focusing on communications technologies, IEEE Communications Society (ComSoc) has identified the need for a high-quality security conference that would focus on communications-oriented aspects of security. IEEE ComSoc has thus decided to launch a new conference dedicated to Communications and Network Security. This new conference is positioned to be a core ComSoc conference (at a level comparable to IEEE INFOCOM ) and will serve as a premier forum for cyber security researchers, practitioners, policy makers, and users to exchange ideas, techniques and tools, raise awareness, and share experience related to security and privacy. IEEE CNS seeks original high-quality technical papers from academia, government, and industry. Topics of interest encompass all practical and theoretical aspects of communications and network security, all the way from the physical layer to the various network layers to the variety of applications reliant on a secure communication substrate. Submissions with main contribution in other areas, such as information security, software security, system security, or applied cryptography, will also be considered if a clear connection to secure communications/networking is demonstrated. Particular topics of interest include, but are not limited to:

    • Security and Privacy in the Internet, peer-to-peer networks, overlay networks
    • Security and Privacy in Wi-Fi, Wi-Max, ad hoc, mesh, sensor, and RFID networks
    • Security and Privacy in emerging technologies: social networks, cognitive radio networks, disruption/delay tolerant networks, vehicular networks, cloud computing, smart grid
    • Cross-layer methods for enhancing security
    • Information-theoretic security
    • Anonymization and privacy in communication systems
    • Traffic analysis, location privacy and obfuscation of mobile device information
    • Physical layer security methods: confidentiality and authentication
    • Secure routing, network management
    • Intrusion detection
    • Computer and network forensics
    • Vulnerability, exploitation tools, Malware, Botnet, DDoS attacks
    • Key management and PKI
    • Security metrics and performance evaluation, traffic analysis techniques
    • Web, e-commerce, m-commerce, and e-mail security
    • Social, economic and policy issues of trust, security and privacy
    • Ensuring the availability of communications, survivability of networks in the presence of denial of service
    • Jamming and jamming-resistance
    • Multipath routing around network holes

  • W2SP 2013 Web 2.0 Security & Privacy Workshop, Co-located with the 34th IEEE Symposium on Security and Privacy (IEEE S&P 2013) and an event of the IEEE Computer Society's Security and Privacy Workshops (SPW 2013), San Francisco, CA, USA, May 24, 2013. (Submissions due 1 March 2013)

    W2SP brings together researchers, practitioners, web programmers, policy makers, and others interested in the latest understanding and advances in the security and privacy of the web, browsers and their eco-system. We are seeking both short position papers (2-4 pages) and longer papers (a maximum of 10 pages). The scope of W2SP 2013 includes, but is not limited to:

    • Trustworthy cloud-based services
    • Privacy and reputation in social networks
    • Security and privacy as a service
    • Usable security and privacy
    • Security for the mobile web
    • Identity management and psuedonymity
    • Web services/feeds/mashups
    • Provenance and governance
    • Security and privacy policies for composible content
    • Next-generation browser technology
    • Secure extensions and plug-ins
    • Advertisement and affiliate fraud
    • Measurement study for understanding web security and privacy

  • CHES 2013 Workshop on Cryptographic Hardware and Embedded Systems, Co-located with the 33rd Annual International Cryptology Conference (CRYPTO 2013), Santa Barbara, California, USA, August 20-23, 2013. (Submissions due 1 March 2013)

    CHES covers new results on all aspects of the design and analysis of cryptographic hardware and software implementations. The workshop builds a bridge between the cryptographic research community and the cryptographic engineering community. With participants from industry, academia, and government organizations, the number of participants has grown to over 300 in recent years. CHES 2013 will be co-located with the 33rd Annual International Cryptology Conference, CRYPTO 2013, in Santa Barbara, California, USA. This will provide unique interaction opportunities for the communities of both conferences. In addition to a track of high-quality presentations, CHES 2013 will offer invited talks, tutorials, a poster session, and a rump session. The topics of CHES 2013 include but are not limited to:

    • Cryptographic implementations
    • Attacks against implementations and countermeasures against these attacks
    • Tools and methodologies
    • Interactions between cryptographic theory and implementation issues
    • Applications

  • PRISMS 2013 International Conference on Privacy and Security in Mobile Systems, Atlantic City, NJ, USA, June 24-27, 2013. (Submissions due 4 March 2013)

    PRISMS is the successor of MobiSec (International Conference on Security and Privacy in Mobile Information and Communication Systems). The conference under a new name (PRISMS) is organized this year with the co-sponsorship of IEEE. Its focus is the convergence of information and communication technology in mobile scenarios. This convergence is realised in intelligent mobile devices, accompanied by the advent of next-generation communication networks. Privacy and security aspects need to be covered at all layers of mobile networks, from mobile devices, to privacy respecting credentials and mobile identity management, up to machine-to-machine communications. In particular, mobile devices such as Smartphones and Internet Tablets have been very successful in commercialization. However, their security mechanisms are not always able to deal with the growing trend of information-stealing attacks. As mobile communication and information processing becomes a commodity, economy and society require protection of this precious resource. Mobility and trust in networking go hand in hand for future generations of users, who need privacy and security at all layers of technology. In addition, the introduction of new data collection practices and data-flows (e.g. sensing data) from the mobile device makes it more difficult to understand the new security and privacy threats introduced. PRISMS strives to bring together the leading-edge of academia and industry in mobile systems security, as well as practitioners, standards developers and policymakers. Contributions may range from architecture designs and implementations to cryptographic solutions for mobile and resource-constrained devices.

  • SOUPS 2013 Symposium On Usable Privacy and Security, Northumbria University, Newcastle, UK, July 24-26, 2013. (Submissions due 7 March 2013)

    The 2013 Symposium on Usable Privacy and Security (SOUPS) will bring together an interdisciplinary group of researchers and practitioners in human computer interaction, security, and privacy. The program will feature technical papers, a poster session, panels and invited talks, lightning talks and demos, and workshops and tutorials. We invite authors to submit original papers describing research or experience in all areas of usable privacy and security. Topics include, but are not limited to:

    • innovative security or privacy functionality and design
    • new applications of existing models or technology
    • field studies of security or privacy technology
    • usability evaluations of new or existing security or privacy features
    • security testing of new or existing usability features
    • longitudinal studies of deployed security or privacy features
    • the impact of organizational policy or procurement decisions
    • lessons learned from the deployment and use of usable privacy and security features
    • reports of replicating previously published studies and experiments
    • reports of failed usable security studies or experiments, with the focus on the lessons learned from such experience

  • VOTE-ID 2013 4th International Conference on E-voting and Identity, University of Surrey, Guildford, UK, July 17-19, 2013. (Submissions due 11 March 2013)

    Electronic voting is a very active research area covering a broad range of issues, from computer security and cryptographic issues to human psychology and legal issues. The aim of Vote-ID is to bring together researchers and practitioners from academia, industry and governmental institutions, all working on e-voting systems. The scope covers all aspects of electronic voting systems, including, but not limited to:

    • Design and evaluation of e-voting systems
    • Security requirements and formal analysis
    • Voter authentication and identity management
    • Cryptographic voting schemes
    • Verifiable election technologies
    • Methods for reconciling voter identification with vote privacy
    • Usability and accessibility
    • Deployment and lifecycle concerns
    • Implementation issues and trade-offs
    • Legal, political and other interdisciplinary issues

  • HST 2013 13th annual IEEE Conference on Technologies for Homeland Security, Waltham, Massachusetts, USA, November 12 - 14, 2013. (Submissions due 15 March 2013)

    The 13th annual IEEE Conference on Technologies for Homeland Security (HST '13), will be held 12 - 14 November will bring together innovators from leading academic, industry, business, Homeland Security Centers of Excellence, and government programs to provide a forum to discuss ideas, concepts, and experimental results. Produced by IEEE with technical support from DHS S&T, IEEE Boston Section, and IEEE-USA and organizational support from MIT Lincoln Laboratory, Raytheon, Battelle, and MITRE, this year's event will once again showcase selected technical paper and posters highlighting emerging technologies in the areas of Cyber Security, Attack and Disaster Preparation, Recovery, and Response, Land and Maritime Border Security and Biometrics & Forensics.

  • PST 2013 11th International Conference on Privacy, Security and Trust, Tarragona, Catalonia, July 10-12, 2013. (Submissions due 17 March 2013)

    PST2013 provides a forum for researchers world-wide to unveil their latest work in privacy, security and trust and to show how this research can be used to enable innovation. PST2013 will include one day of tutorials followed by two days of high-quality research papers whose topics include, but are NOT limited to, the following:

    • Privacy Preserving / Enhancing Technologies
    • Critical Infrastructure Protection
    • Network and Wireless Security
    • Operating Systems Security
    • Intrusion Detection Technologies
    • Secure Software Development and Architecture
    • PST Challenges in e-Services, e.g. e-Health, e-Government, e-Commerce
    • Network Enabled Operations
    • Digital forensics
    • Information Filtering, Data Mining and Knowledge from Data
    • National Security and Public Safety
    • Cryptographic techniques for privacy preservation
    • Security Metrics
    • Recommendation, Reputation and Delivery Technologies
    • Continuous Authentication
    • Trust Technologies, Technologies for Building Trust in e-Business Strategy
    • Observations of PST in Practice, Society, Policy and Legislation
    • Digital Rights Management
    • Identity and Trust management
    • PST and Cloud Computing
    • Human Computer Interaction and PST
    • Implications of, and Technologies for, Lawful Surveillance
    • Biometrics, National ID Cards, Identity Theft
    • PST and Web Services / SOA
    • Privacy, Traceability, and Anonymity
    • Trust and Reputation in Self-Organizing Environments
    • Anonymity and Privacy vs. Accountability
    • Access Control and Capability Delegation
    • Representations and Formalizations of Trust in Electronic and Physical Social Systems

  • RFIDSEC 2013 9th Workshop on RFID Security, Graz, Austria, July 9-11, 2013. (Submissions due 2 April 2013)

    RFIDsec is the premier workshop devoted to security and privacy in Radio Frequency Identification (RFID) with participants throughout the world. RFIDsec brings together researchers from academia and industry for topics of importance to improving the security and privacy of RFID, NFC, contactless technologies, and the Internet of Things. RFIDsec bridges the gap between cryptographic researchers and RFID developers through invited talks and contributed presentations. Topics of the workshop include but are not limited to:

    • New applications for secure RFID, NFC, and other constrained systems
    • Resource-efficient implementations of cryptography o Small-footprint hardware and/or software o Low-power and/or low energy implementations
    • Attacks on RFID systems: Side-channel attacks, Fault attacks, Hardware tampering
    • Data protection and privacy-enhancing techniques
    • Cryptographic protocols: Authentication protocols, Key distribution, Scalability issues
    • Integration of secure RFID systems: Infrastructures, Middleware and security, Data mining and other systemic approaches to RFID security
    • RFID hardware security: Physical Unclonable Functions (PUFs), RFID Trojans
    • Case studies