 |
|
Commentary and Opinion
Richard Austin's review of The Art of Memory Forensics: Detecting malware and threats in Windows, Linux, and Mac Memory by Michael Ligh, Andrew Case, Jamie Levy and Aaron Walters
NewsBits: Announcements and correspondence from readers (please contribute!)
Listing of academic positions available by
Cynthia Irvine
New since Cipher E122
Posted November 2014
Department of Informatics, University at Albany - SUNY
Albany, NY
Assistant Professor in Cyber Security
Open until filled
http://goo.gl/eU9nj0
Conference and Workshop Announcements
Cipher
calls-for-papers
and
calendar
Cipher calendar announcements are on Twitter; follow "ciphernews"
(the calls-for-papers and the calendar announcements may differ
slightly in content or time of update):
DAC-Security Track 2015 Design Automation Conference, San Francisco, CA, USA, June 7-11, 2015. (Submission Due 21 November 2014)
Security primitives and protocols are typically built upon the notion of a "secret" key or code stored in a protected place. A common presumption in software, data, and systems security is that as long as the secret is in the hardware, their method is invulnerable to attacks and exploits. However this is not true. These systems are vulnerable to a variety of hardware-centric attacks: side channel analysis, reverse engineering, IP piracy, hardware Trojans and counterfeiting. Furthermore, a host of hardware-based threats are emerging due to the globalization of Integrated Circuit (IC) and embedded system design. Consequently, designers and users of ICs, Intellectual Property (IP) and embedded systems are beginning to re-assess their trust in these systems. Overall, there is an urgent need to create, analyze, evaluate, and improve the hardware base of the contemporary security solutions. The Security Track at DAC seeks to highlight and celebrate the emergence of security and trust as an important dimension of Hardware and Embedded Systems Design (side-by-side with power, performance, and reliability).
PETS 2015 15th Privacy Enhancing Technologies Symposium, Philadelphia, PA, USA, June 30 - July 2, 2015. (Submission Due 22 November 2014 or 15 February 2015)
The annual Privacy Enhancing Technologies Symposium (PETS) brings together
privacy and anonymity experts from around the world to discuss recent
advances and new perspectives. PETS addresses the design and realization
of privacy services for the Internet and other data systems and
communication networks. Papers should present novel practical and/or
theoretical research into the design, analysis, experimentation, or
fielding of privacy-enhancing technologies. While PETS has traditionally
been home to research on anonymity systems and privacy-oriented
cryptography, we strongly encourage submissions in a number of both
well-established and some emerging privacy-related topics.
*** New starting this year ***: Papers will undergo a journal-style
reviewing process and be published in the Proceedings on Privacy Enhancing
Technologies (PoPETs). PoPETs, a scholarly journal for timely research
papers on privacy, has been established as a way to improve reviewing
and publication quality while retaining the highly successful PETS
community event. PoPETs will be published by De Gruyter Open
(http://degruyteropen.com/), the world's second largest publisher of
Open Access academic content, and part of the De Gruyter group
(http://www.degruyter.com/), which has over 260 years of publishing
history. Authors can submit papers to one of several submission deadlines
during the year. Papers are provided with major/minor revision decisions
on a predictable schedule, where we endeavor to assign the same reviewers
to major revisions. Authors can address the concerns of reviewers in their
revision and rebut reviewer comments before a final decision on acceptance
is made. Papers accepted for publication by May 15th will be presented at
that year's symposium. Note that accepted papers must be presented at PETS.
Suggested topics include but are not restricted to:
NDSS-USEC 2015 NDSS Workshop on Usable Security, San Diego, California, USA, February 8, 2015. (Submission Due 2 December 2014)
The Workshop on Usable Security invites submissions on all aspects of human factors and usability in the context of security and privacy. USEC 2015 aims to bring together researchers already engaged in this interdisciplinary effort with other computer science researchers in areas such as visualization, artificial intelligence and theoretical computer science as well as researchers from other domains such as economics or psychology. We particularly encourage collaborative research from authors in multiple fields. Topics include, but are not limited to:
SPA 2015 International Workshop on Security and Privacy Analytics, Co-located with ACM CODASPY 2015, San Antonio, TX, USA, March 2-4, 2015. (Submission Due 7 December 2014)
Increasingly, sophisticated techniques from machine learning, data mining, statistics and natural language processing are being applied to challenges in security and privacy fields. However, experts from these areas have no medium where they can meet and exchange ideas so that strong collaborations can emerge, and cross-fertilization of these areas can occur. Moreover, current courses and curricula in security do not sufficiently emphasize background in these areas and students in security and privacy are not emerging with deep knowledge of these topics. Hence, we propose a workshop that will address the research and development efforts in which analytical techniques from machine learning, data mining, natural language processing and statistics are applied to solve security and privacy challenges ("security analytics"). Submissions of papers related to methodology, design, techniques and new directions for security and privacy that make significant use of machine learning, data mining, statistics or natural language processing are welcome. Furthermore, submissions on educational topics and systems in the field of security analytics are also highly encouraged. The workshop will focus on, but not limited to, the following areas:
International Journal of Distributed Sensor Networks, Special Issue on Intrusion Detection and Security Mechanisms for Wireless Sensor Networks, May 2015, (Submission Due 12 December 2014)
Editor: S. Khan (Kohat University of Science and Technology, Pakistan),
Jaime Lloret Mauri (Polytechnic University of Valencia, Spain),
and Sandra Sendra (Universidade da Beira Interior, Covilh, Portugal)
Wireless sensor networks are gaining significant interest from academia and
industry. Wireless sensor networks are multihop, self-organizing, self-healing,
and distributed in nature. These characteristics also increase vulnerability
and expose sensor networks to various kinds of security attacks. Advanced
security mechanisms and intrusion detection systems (IDSs) can play an
important role in detecting and preventing security attacks. This special
issue aims to gather recent advances in the area of security aspect of
wireless sensor networks. Research and review articles that focus on the
challenges and the state-of-the-art solutions are welcomed. The papers
will be peer reviewed and will be selected on the basis of their quality
and relevance to the topic of this special issue. Potential topics
include, but are not limited to:
ISPEC 2015 11th International Conference on Information Security Practice and Experience, Beijing, China, May 5-8, 2014. (Submission Due 14 December 2014)
ISPEC is an annual conference that brings together researchers and practitioners to provide a confluence of new information security technologies, their applications and their integration with IT systems in various vertical sectors. Conference Topics include:
CPSS 2015 1st Cyber-Physical System Security Workshop, Held in conjunction with ACM AsiaCCS 2015, Singapore, April 14, 2015. (Submission Due 28 December 2014)
Cyber-Physical Systems (CPS) consist of large-scale interconnected systems of heterogeneous components interacting with their physical environments. There are a multitude of CPS devices and applications being deployed to serve critical functions in our lives. The security of CPS becomes extremely important. This workshop will provide a platform for professionals from academia, government, and industry to discuss how to address the increasing security challenges facing CPS. Besides invited talks, we also seek novel submissions describing theoretical and practical security solutions to CPS. Papers that are pertinent to the security of embedded systems, SCADA, smart grid, and critical infrastructure networks are all welcome, especially in the domains of energy and transportation. Topics of interest include, but are not limited to:
IoTPTS 2015 Workshop on IoT Privacy, Trust, and Security, Held in conjunction with ASIACCS 2015, Singapore, April 14, 2015. (Submission Due 7 January 2015)
The Internet of Things (IoT) is the next great technology frontier. At a basic level, IoT refers simply to networked devices, but the IoT vision is a complex ecosystem that ranges from cloud backend services and big-data analytics to home, public, industrial, and wearable sensor devices and appliances. Architectures for these systems are in the formative stages, and now is the time to ensure privacy, trust, and security are designed into these systems from the beginning. We encourage submissions on all aspects of IoT privacy, trust, and security. Topic of interest include (but are not limited) to the following areas:
W2SP 2015 Web 2.0 Security and Privacy Workshop, Held in conjunction with IEEE Symposium on Security and Privacy (SP 2015), San Jose, CA, USA, May 21, 2015. (Submission Due 12 January 2015)
W2SP brings together researchers, practitioners, web programmers, policy makers, and others interested in the latest understanding and advances in the security and privacy of the web, browsers, cloud, mobile and their eco-system. We have had eight years of successful W2SP workshops. The scope of W2SP 2015 includes, but is not limited to:
ACNS 2015 13th International Conference on Applied Cryptography and Network Security, New York, NY, USA, June 2-5, 2015. (Submission Due 16 January 2015)
The 13th International Conference on Applied Cryptography and Network Security (ACNS 2015) seeks submissions presenting novel research on all technical aspects of applied cryptography, network and computer security, and privacy. This includes submissions on traditional cryptography and security areas (e.g., symmetric or public key cryptography, network security, privacy and anonymity), emerging areas (e.g., security and privacy for big data, outsourced computation, or digital currency), and new paradigms or non-traditional perspectives. Submissions may focus on new visions, definitions, security and privacy metrics, provably secure protocols, impossibility results, attacks, industrial challenges, case studies, experimental reports related to implementation and deployment of real-world systems or policies, or any other original research advancing the state of the art.
GenoPri 2015 2nd International Workshop on Genome Privacy and Security, Held in conjunction with IEEE Symposium on Security and Privacy (SP 2015), San Jose, CA, USA, May 21, 2015. (Submission Due 20 January 2015)
Over the past several decades, genome sequencing technologies have evolved from slow and expensive systems that were limited in access to a select few scientists and forensics investigators to high-throughput, relatively low-cost tools that are available to consumers. A consequence of such technical progress is that genomics has become one of the next major challenges for privacy and security because (1) genetic diseases can be unveiled, (2) the propensity to develop specific diseases (such as Alzheimer's) can be revealed, (3) a volunteer, accepting to have his genomic code made public, can leak substantial information about his ethnic heritage and the genomic data of his relatives (possibly against their will), and (4) complex privacy issues can arise if DNA analysis is used for criminal investigations and medical purposes. As genomics is increasingly integrated into healthcare and "recreational" services (e.g., ancestry testing), the risk of DNA data leakage is serious for both individuals and their relatives. Failure to adequately protect such information could lead to a serious backlash, impeding genomic research, that could affect the well-being of our society as a whole. This prompts the need for research and innovation in all aspects of genome privacy and security, as suggested by the non-exhaustive list of topics below:
IWPE 2015 1st International Workshop on Privacy Engineering, Held in conjunction with IEEE Symposium on Security and Privacy (SP 2015), San Jose, CA, USA, May 21, 2015. (Submission Due 23 January 2015)
Ongoing news reports regarding global surveillance programs, massive personal data breaches in corporate databases, and notorious examples of personal tragedies due to privacy violations have intensified societal demands for privacy-friendly systems. In response, current legislative and standardization processes worldwide aim to strengthen individual's privacy by introducing legal and organizational frameworks that personal data collectors and processors must follow. However, in practice, these initiatives alone are not enough to guarantee that organizations and software developers will be able to identify and adopt appropriate privacy engineering techniques in their daily practices. Even if so, it is difficult to systematically evaluate whether the systems they develop using such techniques comply with legal frameworks, provide necessary technical assurances, and fulfill users' privacy requirements. It is evident that research is needed in developing techniques that can aid the translation of legal and normative concepts, as well as user expectations into systems requirements. Furthermore, methods that can support organizations and engineers in developing (socio-)technical systems that address these requirements is of increasing value to respond to the existing societal challenges associated with privacy. While there is a consensus on the benefits of an engineering approach to privacy, concrete proposals for processes, models, methodologies, techniques and tools that support engineers and organizations in this endeavor are few and in need of immediate attention. To cover this gap, the topics of the International Workshop on Privacy Engineering (IWPE'15) focus on all the aspects surrounding privacy engineering, ranging from its theoretical foundations, engineering approaches, and support infrastructures, to its practical application in projects of different scale. IWPE'15 welcomes papers that focus on novel solutions on the recent developments in the general area of privacy engineering. Topics of interests include, but are not limited to:
CAV 2015 27th International Conference on Computer Aided Verification, San Francisco, California, USA, July 18-24 2015. (Submission Due 30 January 2015)
CAV 2015 is the 27th in a series dedicated to the advancement of the theory and practice of computer-aided formal analysis methods for hardware and software systems. CAV considers it vital to continue spurring advances in hardware and software verification while expanding to new domains such as biological systems and computer security. The conference covers the spectrum from theoretical results to concrete applications, with an emphasis on practical verification tools and the algorithms and techniques that are needed for their implementation. The proceedings of the conference will be published in the Springer LNCS series. A selection of papers will be invited to a special issue of Formal Methods in System Design and the Journal of the ACM. Topics of interest include but are not limited to:
WiSec 2015 8th ACM Conference on Security and Privacy in Wireless and Mobile Networks, New York City, NY, USA, June 22-26, 2015. (Submission Due 10 February 2015)
ACM WiSec is the leading ACM and SIGSAC conference dedicated to all aspects of security and privacy in wireless and mobile and mobile networks and their applications. In addition to the traditional ACM WiSec topics of physical, link, and network layer security, we welcome papers focusing on the security and privacy of mobile software platforms, usable security and privacy, biometrics, cryptography, and the increasingly diverse range of mobile or wireless applications such as Internet of Things, and Cyber-Physical Systems. The conference welcomes both theoretical as well as systems contributions. Topics of interest include, but are not limited to:
PETS 2015 15th Privacy Enhancing Technologies Symposium, Philadelphia, PA, USA, June 30 - July 2, 2015. (Submission Due 15 February 2015)
The annual Privacy Enhancing Technologies Symposium (PETS) brings together
privacy and anonymity experts from around the world to discuss recent
advances and new perspectives. PETS addresses the design and realization
of privacy services for the Internet and other data systems and
communication networks. Papers should present novel practical and/or
theoretical research into the design, analysis, experimentation, or
fielding of privacy-enhancing technologies. While PETS has traditionally
been home to research on anonymity systems and privacy-oriented
cryptography, we strongly encourage submissions in a number of both
well-established and some emerging privacy-related topics.
*** New starting this year ***: Papers will undergo a journal-style
reviewing process and be published in the Proceedings on Privacy Enhancing
Technologies (PoPETs). PoPETs, a scholarly journal for timely research
papers on privacy, has been established as a way to improve reviewing
and publication quality while retaining the highly successful PETS
community event. PoPETs will be published by De Gruyter Open
(http://degruyteropen.com/), the world's second largest publisher of
Open Access academic content, and part of the De Gruyter group
(http://www.degruyter.com/), which has over 260 years of publishing
history. Authors can submit papers to one of several submission deadlines
during the year. Papers are provided with major/minor revision decisions
on a predictable schedule, where we endeavor to assign the same reviewers
to major revisions. Authors can address the concerns of reviewers in their
revision and rebut reviewer comments before a final decision on acceptance
is made. Papers accepted for publication by May 15th will be presented at
that year's symposium. Note that accepted papers must be presented at PETS.
Suggested topics include but are not restricted to:
LangSec 2015 2nd Workshop on Language-Theoretic Security, Held in conjunction with IEEE Symposium on Security and Privacy (SP 2015), San Jose, CA, USA, May 21, 2015. (Submission Due 16 February 2015)
LangSec workshop solicits contributions related to the growing area of language-theoretic security. LangSec offers a coherent explanation for the "science of insecurity" as more than an ad hoc collection of software mistakes or design flaws. This explanation is predicated on the connection between fundamental computability principles and the continued existence of software flaws. LangSec posits that the only path to trustworthy software that takes untrusted inputs is treating all valid or expected inputs as a formal language and treating the respective input-handling routines as a recognizer for that language. The LangSec approach to system design is primarily concerned with achieving practical assurance: development that is rooted in fundamentally sound computability theory, but is expressed as efficient and practical systems components. One major objective of the workshop is to develop and share this viewpoint with attendees and the broader systems security community to help establish a foundation for research based on LangSec principles. The overall goal of the workshop is to bring more clarity and focus to two complementary areas: (1) practical software assurance and (2) vulnerability analysis (identification, characterization, and exploit development). The LangSec community views these activities as related and highly structured engineering disciplines and seeks to provide a forum to explore and develop this relationship.
USENIX-Security 2015 24th USENIX Security Symposium, Washington, D.C., USA, August 12-14, 2015. (Submission Due 16 February 2015)
The USENIX Security Symposium brings together researchers, practitioners, system administrators, system programmers, and others interested in the latest advances in the security and privacy of computer systems and networks. All researchers are encouraged to submit papers covering novel and scientifically significant practical works in computer security. Refereed paper submissions are solicited in all areas relating to systems research in security and privacy, including but not limited to:
RFIDSec 2015 11th Workshop on RFID Security, Co-located with ACM WiSec 2015, New York City, NY, USA, June 22-23, 2015. (Submission Due 17 February 2015)
The RFIDSec workshop is the premier international venue on the latest technological advances in security and privacy in Radio Frequency Identification (RFID). The 11th edition of RFIDSec continues the effort to broaden the scope towards solutions for security and privacy in related constrained environments: Internet of Things, NFC devices, Wireless Tags, and more. Attendees from academia, industry and government can network with a broad range of international experts. The workshop will include both invited and contributed talks. We invite researchers to submit their latest results in Security and Privacy for RFID as well as for associated technologies. Topics of interest include:
SECRYPT 2015 12th International Conference on Security and Cryptography, Colmar, Alsace, France, July 20 - 22, 2015. (Submission Due 3 March 2015)
SECRYPT is an annual international conference covering research in information and communication security. The conference seeks submissions from academia, industry, and government presenting novel research on all theoretical and practical aspects of data protection, privacy, security, and cryptography. Papers describing the application of security technology, the implementation of systems, and lessons learned are also encouraged. Papers describing new methods or technologies, advanced prototypes, systems, tools and techniques and general survey papers indicating future directions are also encouraged. Topics of interest include:
Staying in touch....
Changing your email address? Please send updates to cipher@ieee-security.org
IEEE Computer Society's Technical Committee on Security and Privacy
| TC home page | TC Officers | |
| How to join the TCSP | TC publications available online | |
| TC Publications for sale | Cipher past issues archive | |
| IEEE Computer Society | Cipher Privacy Policy |