 |
|
Conference and Workshop Announcements
Commentary and Opinion
Richard Austin's review of Penetration Testing: A Hands-On Introduction to Hacking by Georgia Weidman
News Briefs: Announcements and correspondence from readers (please contribute!)
Listing of academic positions available by
Cynthia Irvine
Cipher
calls-for-papers
and
calendar
Cipher calendar announcements are on Twitter; follow "ciphernews"
new calls or announcements added since Cipher E121
(the calls-for-papers and the calendar announcements may differ
slightly in content or time of update):
Wiley Security and Communication Networks (SCN), Special Issue on Security and Privacy in Internet of Things: Methods, Architectures and Solutions, Summer/Autumn, 2015, (Submissions Due 30 September 2014)
Editor: Guangjie Han (Hohai University, China),
Lei Shu (Guangdong University of Petrochemical Technology, China),
Sammy Chan (City University of Hong Kong, Hong Kong, China),
and Jiankun Hu (University of New South Wales at the Australian Defence
Force Academy, Australia).
Internet of Things (IoT) is a rapidly developing research area cross various
technological fields including computer science, electronic engineering,
mobile and wireless communications, embedded systems, etc. Many technologies
serve as the building blocks of this new paradigm, such as wireless sensor
networks (WSN), RFID, cloud services, machine-to-machine interfaces (M2M),
and so on. IoT will allow billions of objects in the physical world as well
as virtual environments to exchange data with each other in an autonomous
way so as to create smart environments such as automotive, healthcare,
logistics, environmental monitoring, and many others. However, IoT introduces
new challenges for the security of systems and processes and the privacy of
individuals. Protecting the information in IoT is a complex and difficult
task. IoT requires global connectivity and accessibility which means anyone
can access in anytime and anyway. It results in that the number of attack
vectors available to malicious attackers might become staggering. Furthermore,
the inherent complexity of the IoT, where multiple heterogeneous entities
located in different contexts can exchange information with each other,
further complicates the design and deployment of efficient, interoperable
and scalable security mechanisms. The ubiquitous and clouding computing
also makes the problem of privacy leakage get urgent. As a result, there
is an increasing demand for development of new security and privacy
approaches to guarantee the security, privacy, integrity and availability
of resources in IoTs. This special issue aims to bring together
state-of-the-art contributions on Internet of Things Security and Privacy:
discover the existing IoT security challenges, introduce threats and
attacker models that can be applied to IoT architectures, design methods of
secure IoT applications and architectures, collect quality research proposals
with a solid background in both theoretical and practical aspects. Original,
unpublished contributions are solicited in all aspects of this discipline.
Suitable topics include but are not limited to the following in the
context of IoT:
IWSAC 2014 2nd International Workshop on Security Assurance in the Cloud, Held in conjunction with the 10th International Conference on Signal Image Technology & Internet Based Systems (SITIS 2014), Marrakech, Morocco. November 23-27, 2014. (Submissions Due 30 September 2014)
The ongoing merge between Service-Oriented Architectures (SOAs) and the Cloud computing paradigm provides a new environment fostering the integration of services located within company boundaries with those in the Cloud. An increasing number of organizations implement their business processes and applications via runtime composition of services made available in the Cloud by external suppliers. This scenario is changing the traditional view of security introducing new service security risks and threats, and requires re-thinking of current assurance, development, testing, and verification methodologies. In particular, security assurance in the cloud is becoming a pressing need to increase the confidence of the cloud actors that the cloud and its services are behaving as expected, and requires novel approaches addressing SOA and cloud peculiarities. IWSAC 2014 is the continuation of the International Workshop on Securing Services on the Cloud, held in September 2011, Milan, Italy. It aims to address the security assurance issues related to the deployment of services in the Cloud, along with evaluating their impact on traditional security solutions for software and network systems. The workshop seeks submissions from academia and industry presenting novel research on all theoretical and practical aspects of security and assurance of services implemented in the Cloud, as well as experimental studies in Cloud infrastructures, the implementation of services, and lessons learned. Topics of interest include, but are not limited to:
IEEE Transactions on Dependable and Secure Computing, Special Issue on Cyber Crime, 2015, (Submissions Due 1 October 2014)
Editor: Wojciech Mazurczyk (Warsaw University of Technology, Poland),
Thomas J. Holt (School of Criminal Justice, Michigan State University, USA)
and Krzysztof Szczypiorski (Warsaw University of Technology, Poland)
Cyber crimes reflect the evolution of criminal practices that have adapted to
the world of information and communication technologies. Cybercriminality has
become a curse of the modern world with the potential to affect every one
nationally and/or internationally. Individuals, companies, governments and
institutions may become victims as well as (involuntary) helpers of cyber
criminals. The inability to provide cyber-security can potentially have a
tremendous socio-economic impact on global enterprises as well as individuals.
The aim of this special issue is to bring together the research
accomplishments provided by the researchers from academia and the industry.
The other goal is to show the latest research results in the field of cyber
crime. Prospective authors will be encouraged to submit related distinguished
research papers on the subject of both: theoretical approaches and practical
case reviews. Topics of interest include, but are not limited to:
IFIP119-DF 2015 11th Annual IFIP WG 11.9 International Conference on Digital Forensics, Orlando, Florida, USA, January 26-28, 2015. (Submissions Due 10 October 2014)
The IFIP Working Group 11.9 on Digital Forensics (www.ifip119.org) is an active international community of scientists, engineers and practitioners dedicated to advancing the state of the art of research and practice in digital forensics. The Eleventh Annual IFIP WG 11.9 International Conference on Digital Forensics will provide a forum for presenting original, unpublished research results and innovative ideas related to the extraction, analysis and preservation of all forms of electronic evidence. Papers and panel proposals are solicited. All submissions will be refereed by a program committee comprising members of the Working Group. Papers and panel submissions will be selected based on their technical merit and relevance to IFIP WG 11.9. The conference will be limited to approximately sixty participants to facilitate interactions between researchers and intense discussions of critical research issues. Keynote presentations, revised papers and details of panel discussions will be published as an edited volume - the eleventh volume in the well-known Research Advances in Digital Forensics book series (Springer, Heidelberg, Germany) during the summer of 2015. Technical papers are solicited in all areas related to the theory and practice of digital forensics. Areas of special interest include, but are not limited to:
PPREW 2014 4th Program Protection and Reverse Engineering Workshop, Co-Located with the Annual Computer Security Applications Conference (ACSAC 2014), New Orleans, LA, USA, December 9, 2014. (Submissions Due 10 October 2014)
Program protection and reverse engineering are dualisms of good and evil. Beneficial uses of reverse engineering abound: malicious software needs to be analyzed and understood in order to prevent their spread and to assess their functional footprint; owners of intellectual property (IP) at times need to recover lost or unmaintained designs. Conversely, malicious reverse engineering allows illegal copying and subversion; designers can employ obfuscation and tamper-proofing on IP to target various attack vectors. In this sense, protecting IP and protecting malware from detection and analysis is a double-edged sword: depending on the context, the same techniques are either beneficial or harmful. Likewise, tools that deobfuscate malware in good contexts become analysis methods that support reverse engineering for illegal activity. PPREW invites papers on practical and theoretical approaches for program protection and reverse engineering used in beneficial contexts, focusing on analysis/ deobfuscation of malicious code and methods/tools that hinder reverse engineering. Ongoing work with preliminary results, theoretical approaches, tool-based methods, and empirical studies on various methods are all appropriate. Studies on hardware/circuit based methods or software/assembly based mechanisms are within scope of the workshop. We expect the workshop to provide exchange of ideas and support for cooperative relationships among researchers in industry, academia, and government. Topics of interest include, but are not limited, to the following:
WEARABLE-S&P 2015 1st Workshop on Wearable Security and Privacy, Held in conjunction with Financial Crypto (FC 2015), Isla Verde, Puerto Rico, January 30, 2015. (Submissions Due 16 October 2014)
This workshop focuses on the unique challenges of security and privacy for wearable devices. The demand for a variety of technologies in wearable devices has increased in recent years. Products ranging from Google glass, to EEG brainwave signal readers, to heart rate monitors, have opened up many new applications, but also give rise to concerns involving security and privacy. This workshop seeks papers addressing the unique challenges of security and privacy for wearable computing devices. Suggested topics include (but are not limited to) empirical and theoretical studies of:
HOST 2015 IEEE International Symposium on Hardware Oriented Security and Trust, Washington DC Metro Area, USA, May 5-7, 2015. (Abstract Submissions Due 24 October 2014 and Paper Submission due 31 October 2014)
The focus of modern computational and communication systems has been shifting from effective sharing of well-protected, scarce, and expensive resources to large-scale information exchange among a plurality of users that communicate using protected mobile devices and sensors, which can be placed in potentially hostile environments. Additionally, integrated circuit synthesis and manufacturing techniques are now complex and distributed with a number of potential security vulnerabilities. Security has emerged as a metric of paramount importance. The scope of system security now includes, in addition to encrypted communication, properties such as privacy, anonymity, and trust. The starting and ending points for all system and application vulnerabilities and defense mechanisms are hardware. The initial impetus was provided by government agencies and individual efforts, but recently a number of coordinated research projects have been undertaken by essentially all hardware and system companies. The IEEE International Symposium on Hardware Oriented Security and Trust (HOST) aims to facilitate the rapid growth of hardware-based security research and development. HOST seeks original contributions in the area of hardware and system security. Relevant research topics include techniques, tools, design/test methods, architectures, circuits, and applications of secure hardware. HOST 2015 invites contributions that are related to, but not limited by, the following topics:
ASIACCS 2015 10th ACM Symposium on Information, Computer and Communications Security, Singapore, April 14-17, 2015. (Submissions Due 26 October 2014)
ASIACCS is a major international forum for information security researchers, practitioners, developers, and users to explore and exchange the newest cyber security ideas, breakthroughs, findings, techniques, tools, and experiences. We invite submissions from academia, government, and industry presenting novel research on all theoretical and practical aspects of computer and network security. Areas of interest for ASIACCS 2015 include, but are not limited to:
CS2 2015 2nd Workshop on Cryptography and Security in Computing Systems, Co-located with HiPEAC 2015 Conference, Amsterdam, The Netherlands, January 19-21, 2015. (Submissions Due 27 October 2014)
The wide diffusion of embedded systems, including multi-core, many-core, and reconfigurable platforms, poses a number of challenges related to the security of the operation of such systems, as well as of the information stored in them. Malicious adversaries can leverage unprotected communication to hijack cyber-physical systems, resulting in incorrect and potentially highly dangerous behaviours, or can exploit side channel information leakage to recover secret information from a computing system. Untrustworthy third party software and hardware can create openings for such attacks, which must be detected and removed or countered. The prevalence of multi/many core systems opens additional issues such as NoC security. Finally, the complexity on modern and future embedded and mobile systems leads to the need to depart from manual planning and deployment of security features. Thus, design automation tools will be needed to design and verify the security features of new hardware/software systems. The workshop is a venue for security and cryptography experts to interact with the computer architecture and compilers community, aiming at cross-fertilization and multi-disciplinary approaches to security in computing systems. Topics of interest include, but are not limited to:
Elsevier Computer Communications Journal, Special Issue on Security and Privacy in Unified Communications: Challenges and Solutions, 2015, (Submissions Due 31 October 2014)
Editor: Georgios Karopoulos (Joint Research Centre (JRC), Italy),
Georgios Portokalidis (Stevens Institute of Technology, USA),
Josep Domingo-Ferrer (Universitat Rovira i Virgili, Catalonia),
Ying-Dar Lin (National Chiao Tung University (NCTU), Taiwan),
Dimitris Geneiatakis (Joint Research Centre (JRC), Italy),
and Georgios Kambourakis (University of the Aegean, Greece)
Unified Communications (UC) merge different communication technologies, types of
products, and services, from various manufacturers, operators, and countries,
following diverse policies and standards. Specifically, in the context of UC,
a range of communication tools are integrated in a way that both corporations
and individuals are able to manage all their communications in one entity
instead of doing it disjointly. It is therefore said that UC bridges the
opening between the various computer related communication technologies and
Voice over IP (VoIP). However, this high level of heterogeneity expands the
risks related to security and privacy that stakeholders should deal with.
To eliminate or even prevent the increasing threats to end-users and operators,
it is important to explore this growing and timely research topic. This feature
topic will benefit the research community towards identifying challenges and
disseminating the latest methodologies and solutions to UC security and
privacy issues. Its objective is to publish high-quality articles presenting
open issues, algorithms, protocols, policies, frameworks, standards, and
solutions for UC related to security and privacy. Only technical papers
describing previously unpublished, original, state-of-the-art research,
and not currently under review by a conference or a journal will be
considered. Reviews and case studies which address state-of-art research
and state-of-practice industry experiences are also welcomed. We solicit
papers in a variety of topics related to unified communications security
and privacy, including, but not limited to:
Security and Privacy Symposium
San Jose, California
May 18-20, 2015
(Submissions due November 14, 2014)
Since 1980, the IEEE Symposium on Security and Privacy has been the premier forum for computer security research, presenting the latest developments and bringing together researchers and practitioners. We solicit previously unpublished papers offering novel research contributions in any aspect of security or privacy. Papers may present advances in the theory, design, implementation, analysis, verification, or empirical evaluation and measurement of secure systems.
Topics of interest include:
This topic list is not meant to be exhaustive; S&P is interested in all aspects of computer security and privacy. Papers without a clear application to security or privacy, however, will be considered out of scope and may be rejected without full review.
Given the rapidly expanding and maturing security and privacy community, we hope to increase the acceptance rate of papers that are more far-reaching and risky, as long as those papers also show sufficient promise for creating interesting discussions and questioning widely-held beliefs.
Following the success of recent years' conferences, we are also soliciting papers focused on systematization of knowledge (SoK). The goal of this call is to encourage work that evaluates, systematizes, and contextualizes existing knowledge. Such work can provide a high value to our community but may not be accepted because of a lack of novel research contributions. Suitable papers are those that provide important new insights on established, major research areas or support or challenge long-held beliefs with compelling evidence. Papers that survey research areas without providing such insights are not appropriate. Submissions will be distinguished by the prefix "SoK:" in the title and a checkbox on the submission form. They will be reviewed by the full PC and held to the same standards as traditional research papers, except instead of emphasizing novel research contributions the emphasis will be on value to the community. Accepted papers will be presented at the symposium and included in the proceedings.
PETS 2015 15th Privacy Enhancing Technologies Symposium, Philadelphia, PA, USA, June 30 - July 2, 2015. (Submissions Due 22 November 2014 or 15 February 2015)
The annual Privacy Enhancing Technologies Symposium (PETS) brings together
privacy and anonymity experts from around the world to discuss recent
advances and new perspectives. PETS addresses the design and realization
of privacy services for the Internet and other data systems and
communication networks. Papers should present novel practical and/or
theoretical research into the design, analysis, experimentation, or
fielding of privacy-enhancing technologies. While PETS has traditionally
been home to research on anonymity systems and privacy-oriented
cryptography, we strongly encourage submissions in a number of both
well-established and some emerging privacy-related topics.
*** New starting this year ***: Papers will undergo a journal-style
reviewing process and be published in the Proceedings on Privacy Enhancing
Technologies (PoPETs). PoPETs, a scholarly journal for timely research
papers on privacy, has been established as a way to improve reviewing
and publication quality while retaining the highly successful PETS
community event. PoPETs will be published by De Gruyter Open
(http://degruyteropen.com/), the world's second largest publisher of
Open Access academic content, and part of the De Gruyter group
(http://www.degruyter.com/), which has over 260 years of publishing
history. Authors can submit papers to one of several submission deadlines
during the year. Papers are provided with major/minor revision decisions
on a predictable schedule, where we endeavor to assign the same reviewers
to major revisions. Authors can address the concerns of reviewers in their
revision and rebut reviewer comments before a final decision on acceptance
is made. Papers accepted for publication by May 15th will be presented at
that year's symposium. Note that accepted papers must be presented at PETS.
Suggested topics include but are not restricted to:
IoTPTS 2015 Workshop on IoT Privacy, Trust, and Security, Held in conjunction with ASIACCS 2015, Singapore, April 14, 2015. (Submissions Due 7 January 2015)
The Internet of Things (IoT) is the next great technology frontier. At a basic level, IoT refers simply to networked devices, but the IoT vision is a complex ecosystem that ranges from cloud backend services and big-data analytics to home, public, industrial, and wearable sensor devices and appliances. Architectures for these systems are in the formative stages, and now is the time to ensure privacy, trust, and security are designed into these systems from the beginning. We encourage submissions on all aspects of IoT privacy, trust, and security. Topic of interest include (but are not limited) to the following areas:
Staying in touch....
Changing your email address? Please send updates to cipher@ieee-security.org
IEEE Computer Society's Technical Committee on Security and Privacy
| TC home page | TC Officers | |
| How to join the TCSP | TC publications available online | |
| TC Publications for sale | Cipher past issues archive | |
| IEEE Computer Society | Cipher Privacy Policy |