Cipher Electronic Newsletter of the Technical Committe on    Security & Privacy A Technical Committee of the Computer Society of the IEEE  Electronic Issue (EI) 115,  July 17, 2013 Hilarie Orman,  Editor Richard Austin, Book Review Editor Sven Dietrich, Associate Editor Yong Guan, Calendar Editor

Contents:

• Letter from the Editor 
   

• Conference and Workshop Announcements

  • Commentary and Opinion

    • Richard Austin's review of Linux Malware incident Response: A Practitioner's Guide to Forensic Collection and Examination of Volatile Data by Cameron Malin, Eoghan Casey and James Aquilina

    • News Items:  Announcements and correspondence from readers (please contribute!)

      • Tiny Utah-based ISP makes a name for itself by rebuffing government snoops
      • Nations Buying as Hackers Sell Flaws in Computer Code
      • Report Indicates More Extensive Cooperation by Microsoft on Surveillance
      • Report: Web monitoring devices made by U.S. firm Blue Coat detected in Iran, Sudan
      • NSA in Utah: Mining a mountain of data
      • Secret-court judges upset at portrayal of 'collaboration' with government
      • Bipartisan group of senators urges transparency on phone record surveillance
      • Report: Verizon providing all call records to U.S. under court order, Washington Post
      • Hagel chides China for cyber-espionage
      • U.S. and China to Hold Talks on Hacking
      • Apple's new two factor security system has holes

    • Book reviews from past Cipher issues

    • Conference Reports and Commentary from past Cipher issues

    • News items from past Cipher issues

   

  • Listing of new academic positions available  by Cynthia Irvine
    Department of Computer Science, KU Leuven
    Leuven Belgium
    Multiple PhD positions in Secure Software
    Announcement closes August 31, 2013
    https://distrinet.cs.kuleuven.be/jobs

   

  • Cipher calls-for-papers and calendar
      Cipher calendar announcements are on Twitter; follow "ciphernews"
      new calls or announcements added since Cipher E114 (the calls-for-papers and the calendar announcements may differ slightly in content or time of update): 

  • 7/15/13- 7/17/13: DBSEC, 27th Annual IFIP WG 11.3 Working Conference on Data and Applications Security and Privacy, Rutgers University, Newark, NJ, USA
  • 7/16/13: SADFE, 8th International Workshop on Systematic Approaches to Digital Forensics Engineering, Hong Kong; Submissions are due
  • 7/17/13- 7/19/13: VOTE-ID, 4th International Conference on E-voting and Identity, University of Surrey, Guildford, UK
  • 7/18/13- 7/19/13: DIMVA, 10th International Conference on Detection of Intrusions and Malware & Vulnerability Assessment, Berlin, Germany
  • 7/20/13: PROOFS, 2nd International Workshop on Security Proofs for Embedded Systems, Santa Barbara, California, USA; Submissions are due
  • 7/21/13: TClouds, Workshop on Trustworthy Clouds, Co-located with ESORICS 2013, Egham, U.K; Submissions are due
  • 7/22/13: VizSec, 10th International Symposium on Visualization for Cyber Security, Atlanta GA, USA; Submissions are due
  • 7/22/13: SPSM, 3rd Workshop on Security and Privacy in Smartphones and Mobile Devices, Held in conjunction with the ACM CCS 2013, Berlin, Germany; Submissions are due
  • 7/22/13: TrustED, 3rd International Workshop on Trustworthy Embedded Devices, Collocated with the ACM Conference on Computer & Communications Security (CCS) 2013, Berlin, Germany; Submissions are due
  • 7/24/13- 7/26/13: SOUPS, Symposium On Usable Privacy and Security, Northumbria University, Newcastle, UK
  • 7/24/13- 7/26/13: SOUPS-RISK, Workshop on Risk Perception in IT Security and Privacy, Newcastle, UK
  • 7/29/13- 7/31/13: SECRYPT, 10th International Conference on Security and Cryptography, Reykjavik, Iceland
  • 8/ 5/13: NDSS, 21st Annual Network and Distributed System Security Symposium, San Diego, California, USA; Submissions are due
  • 8/14/13- 8/16/13: USENIX-Security, 22nd USENIX Security Symposium, Washington, DC. USA
  • 8/15/13: ATC, 10th IEEE International Conference on Autonomic and Trusted Computing, Sorrento Peninsula, Italy; Submissions are due
  • 8/19/13- 8/21/13: WISA, 14th International Workshop on Information Security Applications, Jeju Island, Korea
  • 8/20/13- 8/23/13: CHES, Workshop on Cryptographic Hardware and Embedded Systems, Co-located with the 33rd Annual International Cryptology Conference (CRYPTO 2013), Santa Barbara, California, USA
  • 8/24/13: PROOFS, 2nd International Workshop on Security Proofs for Embedded Systems, Santa Barbara, California, USA
  • 8/30/13- 8/31/13: TGC, 8th International Symposium on Trustworthy Global Computing, Buenos Aires, Argentina
  • 9/ 2/13- 9/ 6/13: ECTCM, 1st International Workshop on Emerging Cyberthreats and Countermeasures, Co-located with ARES 2013, University Regensburg, Germany
  • 9/ 2/13- 9/ 6/13: SeCIHD, 3rd IFIP International Workshop on Security and Cognitive Informatics for Homeland Defense, Held in conjunction with the 8th ARES Conference (ARES 2013), Regensburg, Germany
  • 9/ 6/13: ESSOS, 6th International Symposium on Engineering Secure Software and Systems, Munich, Germany; Submissions are due
  • 9/12/13- 9/13/13: DPM, 8th International Workshop on Data Privacy Management, Held in conjunction with ESORICS 2013, Egham, U.K.
  • 9/12/13- 9/13/13: QASA, 2nd International Workshop in Quantitative Aspects in Security Assurance, Held in conjunction with ESORICS 2013, Egham, U.K.
  • 9/12/13- 9/13/13: TClouds, Workshop on Trustworthy Clouds, Co-located with ESORICS 2013, Egham, U.K
  • 9/13/13: SAC-SEC, 29th ACM Symposium on Applied Computing, Computer Security track, Gyeongju, Korea; Submissions are due
  • 9/15/13: IFIP119-DF, 10th Annual IFIP WG 11.9 International Conference on Digital Forensics, Vienna University of Technology, Vienna, Austria; Submissions are due
  • 9/17/13- 9/18/13: eCrime, 8th IEEE eCrime Researchers Summit, San Francisco, California, USA
  • 9/25/13- 9/26/13: CMS, 14th Joint IFIP TC6 and TC11 Conference on Communications and Multimedia Security, Magdeburg, Germany
  • 9/25/13- 9/27/13: SECURECOMM, 9th International ICST Conference on Security and Privacy in Communication Networks, Sydney, Australia
  • 9/30/13-10/ 2/13: SeTTIT, Workshop on Security Tools and Techniques for Internet of Things, Co-located with the BODYNETS 2013 conference, Boston, Massachusetts, USA
  • 10/ 4/13: POST, 3rd Conference on Principles of Security and Trust, Grenoble, France; Submissions are due
  • 10/14/13: VizSec, 10th International Symposium on Visualization for Cyber Security, Atlanta GA, USA
  • 10/14/13: SafeConfig, 6th Symposium on Security Analytics and Automation, Washington, D.C., USA
  • 10/14/13-10/16/13: CNS, 1st IEEE Conference on Communications and Network Security, Washington D.C., USA
  • 10/23/13-10/25/13: CRiSIS, 8th International Conference on Risks and Security of Internet and Systems, La Rochelle, France
  • 11/ 1/13: IEEE Transactions on Reliability, Special Section on Trustworthy Computing; Submissions are due
  • 11/ 4/13: TrustED, 3rd International Workshop on Trustworthy Embedded Devices, Collocated with the ACM Conference on Computer & Communications Security (CCS) 2013, Berlin, Germany
  • 11/ 4/13-11/ 8/13: CCS, 20th ACM Conference on Computer and Communications Security, Berlin, Germany
  • 11/ 8/13: SPSM, 3rd Workshop on Security and Privacy in Smartphones and Mobile Devices, Held in conjunction with the ACM CCS 2013, Berlin, Germany
  • 11/12/13-11/14/13: HST, 13th annual IEEE Conference on Technologies for Homeland Security, Waltham, Massachusetts, USA
  • 11/18/13-11/20/13: IWSEC, 8th International Workshop on Security, Okinawaken Shichouson Jichikaikan, Japan
  • 11/20/13-11/22/13: ICICS, 15th International Conference on Information and Communications Security, Beijing, China
  • 11/21/13-11/22/13: SADFE, 8th International Workshop on Systematic Approaches to Digital Forensics Engineering, Hong Kong
  • 11/26/13-11/28/13: SIN, 6th International Conference on Security of Information and Networks, Aksaray, Turkey
  • 11/27/13: RFIDsec-Asia, Workshop on RFID and IoT Security, Guangzhou, China
  • 12/ 9/13-12/13/13: BigSecurity, 1st International Workshop on Security and Privacy in Big Data, Held in conjunction with Globecom 2013, Atlanta, Georgia, USA
  • 12/18/13-12/21/13: ATC, 10th IEEE International Conference on Autonomic and Trusted Computing, Sorrento Peninsula, Italy
  • 1/ 8/14- 1/10/14: IFIP119-DF, 10th Annual IFIP WG 11.9 International Conference on Digital Forensics, Vienna University of Technology, Vienna, Austria
  • 2/23/14- 2/26/14: NDSS, 21st Annual Network and Distributed System Security Symposium, San Diego, California, USA
  • 2/26/14- 2/28/14: ESSOS, 6th International Symposium on Engineering Secure Software and Systems, Munich, Germany
  • 3/24/14- 3/28/14: IFIP119-DF, 10th Annual IFIP WG 11.9 International Conference on Digital Forensics, Vienna University of Technology, Vienna, Austria
  • 4/ 7/14- 4/11/14: POST, 3rd Conference on Principles of Security and Trust, Grenoble, France
  
  
  • new calls or announcements added since Cipher E114

  • SADFE 2013 8th International Workshop on Systematic Approaches to Digital Forensics Engineering, Hong Kong, November 21-22, 2013. (Submissions due 16 July 2013)

    We invite you to SADFE-2013, the eighth international conference on Systematic Approaches to Digital Forensic Engineering to be held in Hong Kong, China, November 21-22, 2013. SADFE-2013 investigates the application of digital forensic engineering expertise to advance a variety of goals, including criminal and corporate investigations, as well as documentation of individual and organizational activities. We believe digital forensic engineering is vital to security, the administration of justice and the evolution of culture. We welcome previously unpublished papers on digital forensics, security and preservation as to civil, criminal and national security investigations for use within a court of law, the execution of national policy or to aid in understanding the past and digital knowledge in general. Potential topics to be addressed by submissions include, but are not limited to:

    • Digital Data and Evidence Management: advanced digital evidence discovery, collection, management, storage and preservation
    • Digital Evidence, Data Integrity and Analytics: advanced digital evidence and digitized data analysis, correlation, and presentation
    • Forensics of embedded or non-traditional devices (e.g. digicams, cell phones, SCADA, obsolete storage media)
    • Forensic and digital data integrity issues for digital preservation and recovery
    • Scientific Principle-Based Digital Forensic Processes: systematic engineering processes supporting digital evidence management which are sound on scientific, technical and legal grounds
    • Legal, Ethical and Technical Challenges

  • PROOFS 2013 2nd International Workshop on Security Proofs for Embedded Systems, Santa Barbara, California, USA, August 24, 2013. (Submissions due 20 July 2013)

    Formal methods are used to increase the confidence level in system designs. They are customarily used for safety and dependability testing. The focus of the PROOFS workshop is the study of formal methods applied at the design stage with a view to preventing implementation-level attacks. As analog devices (random number generation, physically unclonable functions, etc.) are involved in some protection schemes, their experimental security proof are also emerging as a hot topic. Thus the workshop welcomes contributions in the following fields:

    • modelization of the threat
    • model verification and analysis with mathematical methods
    • protections, with their formal proof (at algorithmic or at code-level)
    • cyber-security patterns against viruses and malicious intrusions
    • resilience approaches to side-channel attacks
    • resilience approaches to perturbation attacks
    • resilience approaches to invasive attacks
    • formal verification of embedded software, at source code or assembly level
    • formal verification of VLSI designs, at RTL or netlist-level
    • formal verification of hardware designs of crypto algorithms
    • formal techniques for malicious circuits detection in embedded system
    • return on experiment about common criteria certification at EAL6 or EAL7

  • TClouds 2013 Workshop on Trustworthy Clouds, Co-located with ESORICS 2013, Egham, U.K, September 12-13, 2013. (Submissions due 21 July 2013)

    The workshop aims at bringing together researchers and practitioners working in cryptography, security, and distributed systems, from academia and industry, who are interested in the security and resilience of cloud computing. Security and resilience are widely regarded as a key concern for cloud-service providers, who want to protect their platforms and isolate tenants, as well as for cloud-customers, who want to minimize exposure of their data and computations. The goal is to create a dialogue about common goals and to discuss solutions for security problems in cloud computing, relying on operating system techniques, secure distributed protocols, cryptographic methods, and the trusted computing paradigm. Topics include cryptographic protocols, secure virtualization mechanisms, resilient distributed protocols, privacy and integrity for outsourced data, trusted computing etc.

  • VizSec 2013 10th International Symposium on Visualization for Cyber Security, Atlanta GA, USA, October 14, 2013. (Submissions due 22 July 2013)

    The 10th International Symposium on Visualization for Cyber Security (VizSec) is a forum that brings together researchers and practitioners from academia, government, and industry to address the needs of the cyber security community through new and insightful visualization and analysis techniques. VizSec will provide an excellent venue for fostering greater exchange and new collaborations on a broad range of security- and privacy-related topics. Important research problems often lie at the intersection of disparate domains. Our focus is to explore effective, scalable visual interfaces for security domains, where visualization may provide a distinct benefit, including computer forensics, reverse engineering, insider threat detection, cryptography, privacy, preventing 'user assisted' attacks, compliance management, wireless security, secure coding, and penetration testing in addition to traditional network security. Human time and attention are precious resources. We are particularly interested in visualization and interaction techniques that effectively capture human analyst insights so that further processing may be handled by machines, freeing the analyst for other tasks. For example, a malware analyst might use a visualization system to analyze a new piece of malicious software and then facilitate generating a signature for future machine processing. When appropriate, research that incorporates multiple data sources, such as network packet captures, firewall rule sets and logs, DNS logs, web server logs, and/or intrusion detection system logs, is particularly desirable.

  • SPSM 2013 3rd Workshop on Security and Privacy in Smartphones and Mobile Devices, Held in conjunction with the ACM CCS 2013, Berlin, Germany, November 8, 2013. (Submissions due 22 July 2013)

    The SPSM workshop intends to provide a venue for interested researchers and practitioners to get together and exchange ideas. The workshop will deepen our understanding of various security and privacy issues on smartphones. As with the two very well received previous editions, the topics of interest to SPSM 2013 include (but are not limited to) the following subject categories:

    • Device/hardware security
    • OS/Middleware security
    • Application security
    • Authenticating users to devices and services
    • Mobile Web Browsers
    • Usability
    • Privacy
    • Rogue application detection and recovery
    • Vulnerability detection and remediation
    • Secure application development
    • Cloud support for mobile security

  • TrustED 2013 3rd International Workshop on Trustworthy Embedded Devices, Collocated with the ACM Conference on Computer & Communications Security (CCS) 2013, Berlin, Germany, November 4, 2013. (Submissions due 22 July 2013)

    In this workshop we consider selected aspects of cyber physical systems and their environments. We aim to bring together experts from academia, research institutions, industry, and government to discuss problems, challenges, and some recent scientific and technological developments in this field. In particular, we are keenly interested in the participation of industry representatives. The workshop topics include, but are not limited to:

    • embedded system security
    • privacy aspects of embedded systems (e.g., medical devices, electronic IDs)
    • physical and logical convergence (e.g., secure and privacy-preserving facility management)
    • hardware entangled cryptography
    • foundation, development, and applications of physical security primitives (e.g., physical unclonable functions - PUFs)
    • remote attestation
    • IP protection for embedded systems
    • reverse engineering
    • secure execution environments (e.g., TrustZone, TPMs) on mobile devices
    • new protection paradigms for trustworthy embedded systems

  • NDSS 2014 21st Annual Network and Distributed System Security Symposium, San Diego, California, USA, February 23-26, 2014. (Submissions due 5 August 2013)

    The Network and Distributed System Security Symposium fosters information exchange among researchers and practitioners of network and distributed system security. The target audience includes those interested in practical aspects of network and distributed system security, with a focus on actual system design and implementation. A major goal is to encourage and enable the Internet community to apply, deploy, and advance the state of available network and distributed systems security technologies. Submissions are solicited in, but not limited to, the following areas:

    • Anti-malware techniques: detection, analysis, and prevention
    • Combating cyber-crime: anti-phishing, anti-spam, anti-fraud techniques
    • Future Internet architecture and design
    • High-availability wired and wireless networks
    • Implementation, deployment and management of network security policies
    • Integrating security in Internet protocols: routing, naming, network management
    • Intellectual property protection: protocols, implementations, metering, watermarking, digital rights management
    • Intrusion prevention, detection, and response
    • Privacy and anonymity technologies
    • Public key infrastructures, key management, certification, and revocation
    • Special problems and case studies: e.g., tradeoffs between security and efficiency, usability, reliability and cost
    • Security for collaborative applications: teleconferencing and video-conferencing
    • Security for cloud computing
    • Security for emerging technologies: sensor/wireless/mobile/personal networks and systems
    • Security for future home networks, Internet of Things, body-area networks
    • Security for large-scale systems and critical infrastructures (e.g., electronic voting, smart grid)
    • Security for peer-to-peer and overlay network systems
    • Security for Vehicular Ad-hoc Networks (VANETs)
    • Security of Web-based applications and services
    • Trustworthy Computing mechanisms to secure network protocols and distributed systems
    • Usable security and privacy

  • ATC 2013 10th IEEE International Conference on Autonomic and Trusted Computing, Sorrento Peninsula, Italy, December 18-21, 2013. (Submissions due 15 August 2013)

    Computing systems including hardware, software, communication, and networks are growing towards an ever-increasing scale and heterogeneity, becoming overly complex. Such complexity is getting even more critical with the ubiquitous permeation of embedded devices and other pervasive systems. To cope with the growing and ubiquitous complexity, Autonomic Computing (AC) focuses on self-manageable computing and communication systems that exhibit self-awareness, self-configuration, self-optimization, self-healing, self-protection and other self-x operations to the maximum extent possible without human intervention or guidance. Organic Computing (OC) additionally addresses adaptivity, robustness, and controlled emergence as well as nature-inspired concepts for self-organization. Any autonomic or organic system must be trustworthy to avoid the risk of losing control and retain confidence that the system will not fail. Trust and/or distrust relationships in the Internet and in pervasive infrastructures are key factors to enable dynamic interaction and cooperation of various users, systems, and services. Trusted/Trustworthy Computing (TC) aims at making computing and communication systems as well as services available, predictable, traceable, controllable, assessable, sustainable, dependable, persistent, security/privacy protectable, etc. ATC 2013 will offer a forum for researchers to exchange ideas and experiences in the most innovative research and development in these challenging areas and includes all technical aspects related to autonomic/organic computing (AC/OC) and trusted computing (TC).

  • ESSOS 2014 6th International Symposium on Engineering Secure Software and Systems, Munich, Germany, February 26-28, 2014. (Submissions due 6 September 2013)

    Trustworthy, secure software is a core ingredient of the modern world. So is the Internet. Hostile, networked environments, like the Internet, can allow vulnerabilities in software to be exploited from anywhere. To address this, high-quality security building blocks (e.g., cryptographic components) are necessary, but insufficient. Indeed, the construction of secure software is challenging because of the complexity of modern applications, the growing sophistication of security requirements, the multitude of available software technologies and the progress of attack vectors. Clearly, a strong need exists for engineering techniques that scale well and that demonstrably improve the software's security properties. The Symposium seeks submissions on subjects related to its goals. This includes a diversity of topics including (but not limited to):

    • scalable techniques for threat modeling and analysis of vulnerabilities
    • specification and management of security requirements and policies
    • security architecture and design for software and systems
    • model checking for security
    • specification formalisms for security artifacts
    • verification techniques for security properties
    • systematic support for security best practices
    • security testing
    • security assurance cases
    • programming paradigms, models and DSL's for security
    • program rewriting techniques
    • processes for the development of secure software and systems
    • security-oriented software reconfiguration and evolution
    • security measurement
    • automated development
    • trade-off between security and other non-functional requirements (in particular economic considerations)
    • support for assurance, certification and accreditation
    • empirical secure software engineering
    • security by design

  • SAC-SEC 2014 29th ACM Symposium on Applied Computing, Computer Security track, Gyeongju, Korea, March 24-28, 2014. (Submissions due 13 September 2013)

    For the past twenty-eight years, the ACM Symposium on Applied Computing has been a primary gathering forum for applied computer scientists, computer engineers, software engineers, and application developers from around the world. The Security Track reaches its thirteenth edition this year, thus appearing among the most established tracks in the Symposium. The list of issues remains vast, ranging from protocols to work-flows. Topics of interest include but are not limited to:

    • software security (protocols, operating systems, etc.)
    • hardware security (smartcards, biometric technologies, etc.)
    • mobile security (properties for/from mobile agents, etc.)
    • network security (anti-DoS tools, firewalls, real-time monitoring, mobile networks, sensor networks, etc.)
    • alternatives to cryptography (steganography, etc.)
    • security-specific software development practices (vulnerability testing, fault-injection resilience, etc.)
    • privacy and anonymity (trust management, pseudonymity, identity management, electronic voting, etc.)
    • safety and dependability issues (reliability, survivability, etc.)
    • cyberlaw and cybercrime (copyrights, trademarks, defamation, intellectual property, etc.)
    • security management and usability issues (security configuration, policy management, usability trials etc.)
    • workflow and service security (business processes, web services, etc.)
    • security in cloud computing and virtualised environments

  • IFIP119-DF 2014 10th Annual IFIP WG 11.9 International Conference on Digital Forensics, Vienna University of Technology, Vienna, Austria, January 8-10, 2014. (Submissions due 15 September 2013)

    The IFIP Working Group 11.9 on Digital Forensics (www.ifip119.org) is an active international community of scientists, engineers and practitioners dedicated to advancing the state of the art of research and practice in digital forensics. The Tenth Annual IFIP WG 11.9 International Conference on Digital Forensics will provide a forum for presenting original, unpublished research results and innovative ideas related to the extraction, analysis and preservation of all forms of electronic evidence. Papers and panel proposals are solicited. All submissions will be refereed by a program committee comprising members of the Working Group. Papers and panel submissions will be selected based on their technical merit and relevance to IFIP WG 11.9. The conference will be limited to approximately sixty participants to facilitate interactions between researchers and intense discussions of critical research issues. Technical papers are solicited in all areas related to the theory and practice of digital forensics. Areas of special interest include, but are not limited to:

    • Theories, techniques and tools for extracting, analyzing and preserving digital evidence
    • Network and cloud forensics
    • Embedded device forensics
    • Digital forensic processes and workflow models
    • Digital forensic case studies
    • Legal, ethical and policy issues related to digital forensics

  • POST 2014 3rd Conference on Principles of Security and Trust, Grenoble, France, April 7-11, 2014. (Submissions due 4 October 2013)

    Principles of Security and Trust is a broad forum related to the theoretical and foundational aspects of security and trust. Papers of many kinds are welcome: new theoretical results, practical applications of existing foundational ideas, and innovative theoretical approaches stimulated by pressing practical problems. We seek submissions proposing theories to clarify security and trust within computer science; submissions establishing new results in existing theories; and also submissions raising fundamental concerns about existing theories. We welcome new techniques and tools to automate reasoning within such theories, or to solve security and trust problems. Case studies that reflect the strengths and limitations of foundational approaches are also welcome, as are more exploratory presentations on open questions. Areas of interest include:

    • Access control
    • Anonymity
    • Authentication
    • Availability
    • Cloud security
    • Confidentiality
    • Covert channels
    • Crypto foundations
    • Economic issues
    • Information flow
    • Integrity
    • Languages for security
    • Malicious code
    • Mobile code
    • Models and policies
    • Privacy
    • Provenance
    • Reputation and trust
    • Resource usage
    • Risk assessment
    • Security architectures
    • Security protocols
    • Trust management
    • Web service security

  • IEEE Transactions on Reliability, Special Section on Trustworthy Computing, 2014, (Submission Due 1 November 2013)

    Editors: Shiuhpyng Winston Shieh (National Chiao Tung University, Taiwan)
    
    Trustworthy Computing (TC) has been applied to software-enabled computing systems and networks that are inherently secure, private, available, and reliable. As the fast growing mobile cloud computing emerges to cover smart phones, tablets, smart TV, and cloud computing platforms, these ubiquitous computing devices poses new challenges to trustworthy computing. Cloud computing offers organizations of all sizes the ability to embrace and implement new applications at far less cost than traditional approaches. Organizations that move workloads to the cloud take advantage of the capabilities of their cloud providers to ensure continuous availability of services. However, the ever-growing complexity of such systems and the software that controls them not only makes it much more difficult to guarantee their quality, but also introduces more vulnerability for malicious attacks, intrusion, and data loss. To address these needs, this special section calls for novel applications of emerging techniques for trustworthy computing of information, software, systems, networks. Reviews and case studies which address state-of-art research and state-of-practice industry experiences are also welcomed. The topics of interest include, but are not limited to:

    • Security, reliability, privacy, and availability issues in computing systems and networks
    • Trustworthy computing in small or large systems, such as mobile devices, embedded systems, cloud computing platforms, and internet of things
    • Information, system, and software assurance
    • Auditing, verification, validation
    • Security testing, evaluation, and measurement
    • Data protection, maintenance, recovery, and risk assessment
    • Authentication, authorization, access control, and accounting
    • Penetration analysis, intrusion detection and prevention
    • Malware behavior analysis, and software vulnerability discovery
    • Hardware techniques facilitating trustworthy computing, such as Trusted Platform Module (TPM)
    • Trustworthy operating systems and applications
    • Cloud Computing
    • Mobile Computing
    • Software defined networking (SDN)
    • Cryptographic techniques

 

• The Technical Committee on Security and Privacy

 

• Staying in touch....

  • Information for Subscribers and Contributors

  • Who's where: recent address changes

  • Changing your email address?  Please send updates to cipher@ieee-security.org