 |
|
Conference and Workshop Announcements
Commentary and Opinion
Richard Austin's review of Thinking Security: Stopping Next Year's Hackers by Steven Bellovin
News Items from the Media:
Listing of academic positions available by
Cynthia Irvine
(no new listings since Cipher E129)
Cipher
calls-for-papers
and
calendar
Cipher calendar announcements are on Twitter; follow "ciphernews"
new calls or announcements added since Cipher E129
(the calls-for-papers and the calendar announcements may differ
slightly in content or time of update):
ACNS 2016 14th International Conference on Applied Cryptography and Network Security, London, United Kingdom, June 19-22, 2016. (Submission Due 27 January 2016)
The conference seeks submissions presenting novel research on all technical aspects of applied cryptography, cyber security (incl. network and computer security) and privacy. This includes submissions from academia/industry on traditional and emerging topics and new paradigms in these areas, with a clear connection to real-world problems, systems or applications. Submissions may focus on the modelling, design, analysis (incl. security proofs and attacks), development (e.g. implementations), deployment (e.g. system integration), and maintenance (e.g. performance measurements, usability studies) of algorithms/protocols/standards/implementations/technologies/devices/systems standing in relation with applied cryptography, cyber security and privacy, while advancing or bringing new insights to the state of the art. Some topics of interest include but not limited to:
LASER 2016 4th Workshop on Learning from Authoritative Security Experiment Results, Co-located with 37th IEEE Symposium on Security and Privacy (IEEE S&P 2016), San Jose, CA, USA, May 26, 2016. (Submission Due 29 January 2016)
The Learning from Authoritative Security Experiment Results (LASER) workshop series focuses on learning from and improving cyber security experimental results. LASER explores both positive and negative results, the latter of which are not often published. LASER's overarching goal is to foster a dramatic change in the paradigm of cyber security research and experimentation, improving the overall quality of practiced science. This year, LASER will focus on cyber security experimentation methods and results that demonstrate approaches to increasing the repeatability and archiving of experiments, methods, results, and data. Participants will find LASER to be a constructive and highly interactive venue featuring informal paper presentations and extended discussions. To promote a high level of interaction, attendance will be limited, with first preference given to participating authors. Additional seats will be available on a first-come first-served basis. LASER also seeks to foster good science in the next generation of cyber security researchers. As such, LASER offers a limited number of student scholarships for participation.
MOST 2016 Workshop on Mobile Security Technologies, Co-located with 37th IEEE Symposium on Security and Privacy (IEEE S&P 2016), San Jose, CA, USA, May 26, 2016. (Submission Due 29 January 2016)
Mobile Security Technologies (MoST) brings together researchers, practitioners, policy makers, and hardware and software developers of mobile systems to explore the latest understanding and advances in the security and privacy for mobile devices, applications, and systems. With the development of new mobile platforms, such as Android and iOS, mobile computing has shown exponential growth in popularity in recent years. To benefit from the availability of constantly-growing consumer base, new services and applications are being built from the composition of existing ones at breakneck speed. This rapid growth has also been coupled with new security and privacy concerns and challenges. For instance, more and more sensitive content is being collected and shared by third-party applications that, if misused, can have serious security and privacy repercussions. Consequently, there is a growing need to study and address these new challenges. We are seeking both short position papers (2-4 pages) and longer papers (a maximum of 10 pages). The topics of interest include, but are not limited to:
ICIMP 2016 11th International Conference on Internet Monitoring and Protection, Valencia, Spain, May 22-26, 2016. (Submission Due 31 January 2016)
The International Conference on Internet Monitoring and Protection (ICIMP 2016) continues a series of special events targeting security, performance, vulnerabilities in Internet, as well as disaster prevention and recovery. Dedicated events focus on measurement, monitoring and lessons learnt in protecting the user. The design, implementation and deployment of large distributed systems are subject to conflicting or missing requirements leading to visible and/or hidden vulnerabilities. Vulnerability specification patterns and vulnerability assessment tools are used for discovering, predicting and/or bypassing known vulnerabilities. Vulnerability self-assessment software tools have been developed to capture and report critical vulnerabilities. Some of vulnerabilities are fixed via patches, other are simply reported, while others are self-fixed by the system itself. Despite the advances in the last years, protocol vulnerabilities, domain-specific vulnerabilities and detection of critical vulnerabilities rely on the art and experience of the operators; sometimes this is fruit of hazard discovery and difficult to be reproduced and repaired. System diagnosis represent a series of pre-deployment or post-deployment activities to identify feature interactions, service interactions, behavior that is not captured by the specifications, or abnormal behavior with respect to system specification. As systems grow in complexity, the need for reliable testing and diagnosis grows accordingly. The design of complex systems has been facilitated by CAD/CAE tools. Unfortunately, test engineering tools have not kept pace with design tools, and test engineers are having difficulty developing reliable procedures to satisfy the test requirements of modern systems. Therefore, rather than maintaining a single candidate system diagnosis, or a small set of possible diagnoses, anticipative and proactive mechanisms have been developed and experimented. In dealing with system diagnosis data overload is a generic and tremendously difficult problem that has only grown. Cognitive system diagnosis methods have been proposed to cope with volume and complexity.
IEEE Computer, Special Issue on Supply Chain Security for Cyber-Infrastructure. (Submission Due 1 February 2016)
Editors: Domenic Forte (University of Florida, USA),
Swarup Bhunia (University of Florida, USA),
Ron Perez (Cryptography Research Inc., USA),
and Yongdae Kim, Korea Advanced Institute of Science and Technology, Korea).
Design, fabrication, assembly, distribution, system integration, and disposal of today's
electronic components, systems, and software involve multiple untrusted parties. Recent
reports demonstrate that this long and globally distributed supply chain is vulnerable
to counterfeiting (cloning, overproduction, recycling, etc.) and malicious design
modification (such as Trojan attacks). The issues associated with counterfeit components
include security and reliability risks to critical systems, profit and reputation loss for
intellectual property owners, and the discouragement of innovation in system development.
Recent bugs such as Heartbleed have shown that flaws in open source and third-party code
can have a tremendous impact, including the leakage of sensitive and personal data. While
awareness in the hardware supply chain has increased in recent years, the scope of the
problem has continued to grow and evolve. Data from the Government and Industry Data
Exchange Program and Information Handling Services Inc. indicates a sixfold and fourfold increase,
respectively, in reported counterfeit components over the last four years. Existing solutions
fail to provide adequate protection against supply chain security issues, and many are too
intrusive and expensive to be practical for industry use. Most focus on protecting custom
digital integrated circuits (ICs) such as processors and field-programmable gate arrays.
However, many other large and small electronic systems and components are just as
susceptible to recycling, cloning, and tampering, but have not been adequately addressed.
Meanwhile, recent reports by the Business Software Alliance highlight the widespread use
of unlicensed software in emerging markets, which account for the majority of PCs in use
globally. Furthermore, the software distribution model has shifted from purchases made
in stores to those made online, creating even more opportunities for hackers to manipulate
code and/or spread malware. This special issue is intended to raise awareness of supply
chain issues, highlight new attacks, point out the existing solutions, and encourage fresh
protection approaches. It will focus on supply chain security, as well as comprehensive,
cost effective, and easy-to-use solutions. We solicit articles on topics related to
security in all parts of the hardware and software supply chain. While articles that focus
on specific supply chain security gaps are acceptable, those that address problems with
all steps of the supply chain and/or hardware-software integration are strongly
encouraged. Example topics include, but are not limited to, the following:
WTMC 2016 International Workshop on Traffic Measurements for Cybersecurity, Co-located with 11th ACM Asia Conference on Computer and Communications Security (AsiaCCS 2016), Xi'an, China, May 30, 2016. (Submission Due 1 February 2016)
Today's world's societies are becoming more and more dependent on open networks such as the Internet - where commercial activities, business transactions and government services are realized. This has led to the fast development of new cyber threats and numerous information security issues which are exploited by cyber criminals. The inability to provide trusted secure services in contemporary computer network technologies has a tremendous socio-economic impact on global enterprises as well as individuals. Current communication networks are increasingly becoming pervasive, complex, and ever-evolving due to factors like enormous growth in the number of network users, continuous appearance of network applications, increasing amount of data transferred, and diversity of user behaviors. Understanding and measuring traffic in such networks is a difficult yet vital task for network management but recently also for cybersecurity purposes. Network traffic measuring and monitoring can, for example, enable the analysis of the spreading of malicious software and its capabilities or can help to understand the nature of various network threats including those that exploit users' behavior and other user's sensitive information. On the other hand network traffic investigation can also help to assess the effectiveness of the existing countermeasures or contribute to building new, better ones. Recently, traffic measurements have been utilized in the area of economics of cybersecurity e.g. to assess ISP "badness" or to estimate the revenue of cyber criminals. Topics of interest include, but are not limited to:
DIMVA 2016 13th International Conference on Detection of Intrusions and Malware & Vulnerability Assessment, San Sebastian, Spain, July 7-8, 2016. (Submission Due 3 February 2016)
The annual DIMVA conference serves as a premier forum for advancing the state of
the art in intrusion detection, malware detection, and vulnerability assessment.
Each year, DIMVA brings together international experts from academia, industry,
and government to present and discuss novel research in these areas. DIMVA
solicits submission of high-quality, original scientific papers presenting novel
research on malware analysis, intrusion detection, and related systems security
topics. As per our tradition, DIMVA encourages submissions from the following
broad areas:
INTRUSION DETECTION
IoTPTS 2016 2nd ACM International Workshop on IoT Privacy, Trust, and Security, Held in conjunction with the 11th ACM Symposium on Information, Computer and Communications Security (ASIACCS 2016), Xian, China, May 30, 2016. (Submission Due 12 February 2016)
The Internet of Things (IoT) is the next great technology frontier. At a basic level, IoT refers simply to networked devices, but the IoT vision is a complex ecosystem that ranges from cloud backend services and big-data analytics to home, public, industrial, and wearable sensor devices and appliances. Architectures for these systems are in the formative stages, and now is the time to ensure privacy, trust, and security are designed into these systems from the beginning. We encourage submissions on all aspects of IoT privacy, trust, and security. Topics of interest include (but are not limited) to the following areas:
CSF 2016 29th IEEE Computer Security Foundations Symposium, Lisbon, Portugal, June 28 - July 1, 2016. (Submission Due 12 February 2016)
The Computer Security Foundations Symposium is an annual conference for
researchers in computer security. CSF seeks papers on foundational aspects of
computer security, such as formal security models, relationships between
security properties and defenses, principled techniques and tools for design and
analysis of security mechanisms, as well as their application to practice. While
CSF welcomes submissions beyond the topics listed below, the main focus of
CSF is foundational security: submissions that lack foundational aspects risk
rejection. This year, CSF will use a light form of double blind reviewing (see the
conference website). New results in computer security are welcome. We also
encourage challenge/vision papers, which may describe open questions and
raise fundamental concerns about security. Possible topics for all papers include,
but are not limited to: access control, accountability, anonymity and privacy,
authentication, computer-aided cryptography, data and system integrity,
database security, decidability and complexity, distributed systems security,
electronic voting, formal methods and verification, decision theory,
hardware-based security, information flow, intrusion detection, language-based
security, network security, data provenance, mobile security, security metrics,
security protocols, software security, socio-technical security, trust management,
usable security, web security.
SPECIAL SESSIONS: This year, we strongly encourage papers in two foundational
areas of research we would like to promote at CSF:
WiSec 2016 9th ACM Conference on Security and Privacy in Wireless and Mobile Networks, Darmstadt, Germany, July 18-20, 2016. (Abstract Submission Due 26 February 2016 and Paper Submission Due 4 March 2016)
ACM WiSec is the leading ACM conference dedicated to all aspects of security and privacy in wireless and mobile networks and systems and their applications. In addition to the traditional ACM WiSec topics of physical, link, and network layer security, we welcome papers focusing on the security and privacy of mobile software platforms, usable security and privacy, biometrics, cryptography, and the increasingly diverse range of mobile or wireless applications such as Internet of Things, and Cyber-Physical Systems. The conference welcomes both theoretical as well as systems contributions. Topics of interest include:
IEEE Cloud Computing, Special Issue on Cloud Security. (Submission Due 29 February 2016)
Editors: Peter Mueller (IBM Zurich Research Laboratory, Switzerland),
Chin-Tser Huang (University of South Carolina, USA),
Shui Yu (Deakin University, Australia), Zahir Tari (RMIT University, Australia),
and Ying-Dar Lin (National Chiao Tung University, Taiwan).
Many critical applications - from medical, financial, and big data applications to
applications with real-time constraints - are being migrated to cloud platforms.
It's been predicted that the bulk of future IT infrastructure spending will be on
cloud platforms and applications, and nearly half of all large enterprises are planning
cloud deployments by the end of 2017. However, cloud computing systems and
services are also major targets for cyberattackers. Because the cloud infrastructure is
always, to a certain degree, an open and shared resource, it's subject to malicious
attacks from both insiders and outsiders. Side-channel attacks, identity hijacking, and
distribution of malicious code have all been observed. Thus, centralized management of
security in cloud environments needs to be carefully analyzed and maintained. These
vulnerabilities point to the importance of protecting cloud platforms, infrastructures,
hosted applications, and information data, and create demand for much higher-level cloud
security management than is available today. This calls for comprehensive vulnerability
analyses and massive theoretical and practical innovation in security technologies. This
special issue aims to address these needs. Areas of interest for the special issue include,
but are not limited to:
PETS 2016 16th Privacy Enhancing Technologies Symposium, Darmstadt, Germany, July 19-22, 2016. (Submission Due 31 August 2015, 30 November 2015, or 29 February 2016)
The annual Privacy Enhancing Technologies Symposium (PETS) brings together privacy experts from around the world to discuss recent advances and new perspectives on research in privacy technologies. New model as of PETS 2015: Papers undergo a journal-style reviewing process and accepted papers are published in the journal Proceedings on Privacy Enhancing Technologies (PoPETs). PoPETs, a scholarly, open access journal for timely research papers on privacy, has been established as a way to improve reviewing and publication quality while retaining the highly successful PETS community event. Authors can submit papers to PoPETs four times a year, every three months on a predictable schedule. Authors are notified of the decisions about two months after submission. In addition to accept and reject decisions, papers may be provided with 'major revision' decisions, in which case authors are invited to revise and resubmit their article to one of the following two submission deadlines. NEW as of PETS 2016: PETS 2016 also solicits submissions for Systematization of Knowledge (SoK) papers. These are papers that critically review, evaluate, and contextualize work in areas for which a body of prior literature exists, and whose contribution lies in systematizing the existing knowledge in that area. Authors are encouraged to view our FAQ about the submission process. Suggested topics include but are not restricted to:
IMPS 2016 Workshop on Innovations in Mobile Privacy and Security, Held in conjunction with ESSoS 2016, London, UK, April 6, 2016. (Submission Due 29 February 2016)
IMPS aims to bring together researchers working on challenges in security and privacy for mobile platforms, broadly considered. We are interested in investigations into existing security platforms, their users, applications and app store ecosystems, and research into novel security or privacy mechanisms, tools and analysis. Areas of interest include but are not restricted to:
DBSec 2016 30th Annual IFIP WG 11.3 Working Conference on Data and Applications Security and Privacy, Trento, Italy, July 18-21, 2016. (Submission Due 29 February 2016)
DBSec is an annual international conference covering research in data and applications security and privacy. The conference seeks submissions from academia, industry, and government presenting novel research on all theoretical and practical aspects of data protection, privacy, and applications security. Topics of interest include (but are not limited to):
SECRYPT 2016 13th International Conference on Security and Cryptography, Lisbon, Portugal, July 26 - 28, 2016. (Submission Due 1 March 2016)
SECRYPT is an annual international conference covering research in information and communication security. The conference seeks submissions from academia, industry, and government presenting novel research on all theoretical and practical aspects of data protection, privacy, security, and cryptography. Papers describing the application of security technology, the implementation of systems, and lessons learned are also encouraged. Papers describing new methods or technologies, advanced prototypes, systems, tools and techniques and vision papers indicating future directions are also encouraged. Conference topics:
STPSA 2016 11th IEEE International Workshop on Security, Trust, and Privacy for Software Applications, Held in conjunction with COMPSAC 2016, Atlanta, GA, USA, June 10-14, 2016. (Submission Due 6 March 2016)
Information security has become a major concern for both pervasive and non-pervasive software applications. Software systems must be engineered with reliable protection mechanisms with respect to security, privacy, and trust, while still delivering the expected value of the software to their customers. The traditional approaches to secure a system (e.g., IDS, firewalls) are no longer sufficient to address many security, trust, and privacy (STP) issues. These issues should be addressed by building more effective STP-aware software applications. The principal obstacle in developing STP-aware software is that current software specification, design, implementation, and testing practices do not include adequate methods and tools to achieve security, trust, and privacy goals. As most systems now are Internet-based, the number of attackers is increased dramatically and threat scenarios have changed. Traditional security measures do not fit well for the software of pervasive applications. Since location and contexts are key attributes of pervasive applications, the privacy issues need to be handled in a novel manner than traditional software applications. The devices in pervasive computing leave and join in ad hoc manner in the pervasive network. These create a need for new trust models for pervasive computing applications. In this workshop, we will also welcome papers on the challenges and requirements of security, privacy, and trust for pervasive software applications. This workshop will bring researchers from academia and industry to discuss methods and tools to achieve security, trust, and privacy goals of both pervasive and pervasive software applications. This workshop will focus on techniques, experiences and lessons learned with respect to the state of art for the security, trust, and privacy aspects of both pervasive and non-pervasive software applications along with some open issues.
SHPCS 2016 11th International Workshop on Security and High Performance Computing Systems, Held in conjunction with the 2016 International Conference on High Performance Computing & Simulation (HPCS 2016), Innsbruck, Austria, July 18 - 22, 2016. (Submission Due 7 March 2016)
Providing high performance computing and security is a challenging task. Internet, operating systems and distributed environments currently suffer from poor security support and cannot resist common attacks. Adding security measures typically degrade performance. This workshop addresses relationships between security, high performance and distributed computing systems in four directions. First, it considers how to add security properties (authentication, confidentiality, integrity, non-repudiation, access control) to high performance computing systems and how they can be formally verified both at design-time (formal verification) and at run-time (run-time verification). In this case, safety properties can also be addressed, such as availability and fault tolerance for high performance computing systems. Second, it addresses vulnerabilities and security threats (and remediation) targeting HPC, grid, cloud and mobile environments. Third, it covers how to use HPC systems to solve security problems. For instance, a grid computation can break an encryption code, a cluster can support high performance intrusion detection or a distributed formal verification system. More generally, this topic addresses every efficient use of a high performance computing systems to improve security. Fourth, it investigates the tradeoffs between maintaining high performance and achieving security in computing systems and solutions to balance the two objectives. In all these directions, various formal analyses, as well as performance analyses or monitoring techniques can be conducted to show the efficiency of a security infrastructure. The workshop seeks submissions from academia and industry presenting novel research on all theoretical and practical aspects of security related to HPC, distributed, network and mobile environments, as well as case studies and implementation experiences. Papers should have practical relevance to the construction, evaluation, application, or operation of secure systems.
ISC 2016 19th Information Security Conference, Honolulu, Hawaii, USA, September 7-9, 2016. (Submission Due 7 March 2016)
The Information Security Conference (ISC) is an annual international conference covering research in theory and applications of Information Security. ISC aims to attract high quality papers in all technical aspects of information security. ISC has been held in five continents. Papers on all technical aspects of these topics are solicited for submission. Areas of interest include, but are not restricted to:
HAISA 2016 International Symposium on Human Aspects of Information Security & Assurance, Frankfurt Germany, July 19 - 21, 2016. (Submission Due 25 March 2016)
It is commonly acknowledged that security requirements cannot be addressed by technical means alone, and that a significant aspect of protection comes down to the attitudes, awareness, behaviour and capabilities of the people involved. Indeed, people can potentially represent a key asset in achieving security, but at present, factors such as lack of awareness and understanding, combined with unreasonable demands from security technologies, can dramatically impede their ability to do so. Ensuring appropriate attention and support for the needs of users should therefore be seen as a vital element of a successful security strategy. People at all levels (i.e. from organisations to domestic environments; from system administrators to end-users) need to understand security concepts, how the issues may apply to them, and how to use the available technology to protect their systems. In addition, the technology itself can make a contribution by reducing the demands upon users, simplifying protection measures, and automating a variety of safeguards. With the above in mind, this symposium specifically addresses information security issues that relate to people. It concerns the methods that inform and guide users' understanding of security, and the technologies that can benefit and support them in achieving protection. The symposium welcomes papers addressing research and case studies in relation to any aspect of information security that pertains to the attitudes, perceptions and behaviour of people, and how human characteristics or technologies may be positively modified to improve the level of protection. Indicative themes include:
IWSEC 2016 11th International Workshop on Security, Tokyo, Japan, September 12-14, 2016. (Submission Due 31 March 2016)
Original papers on the research and development of various security topics, as well as case studies and implementation experiences, are solicited for submission to IWSEC 2016. Topics of interest for IWSEC 2016 include all theory and practice of cryptography, information security, and network security, as in previous IWSEC workshops. In particular, we encourage the following topics in this year:
I-SAT 2016 International Workshop on Information Security, Assurance, and Trust, Vancouver, BC, Canada, June 16-18, 2016. (Submission Due 4 April 2016)
The goal of this workshop is to provide a forum for researchers, scientists and engineers working in academia and industry to share their experiences, new ideas and research results in the areas of information and system security, assurance, and trust. I-SAT2016 will address novel research targeting technical aspects of protecting information security and establishing trust in the digital space. New paradigms and solutions targeting emerging topics in such fields will be presented and discussed by researchers and industrial experts. The main focus of the workshop will include, but not limited to the following:
PMSPCR 2016 Workshop on Process Mining for Security, Privacy, Compliance & Resilience, Held in conjunction with the 19th International Conference on Business Information Systems (BIS 2016), Leipzig, Germany, July 6-8, 2016. (Submission Due 12 April 2016)
Security in Business Processes (BP) is an extension to well-known security analysis. Security rules are either defined by regulation, e.g. data protection law, or as guidelines for good conducts, e.g. Basel III or SOX. Business guidelines, e.g. ITIL and COBIT, form a specification of regulation and business conduct, but there are almost no satisfying approaches as far as computer science is concerned. This workshop deals with process mining as a means for security analysis. Three phases may be identified: process analysis before execution, monitoring, or after execution of the BP. With regard to the latter, logs recording the events executed in BP build the basis for Process Mining (PM), which provides methods and tools to ensure compliance to regulations and guidelines. This workshop aims to explore the potentials of process mining to bridge the gap between an analysis of workflows and a certification of compliance and security. We invite innovative and previously undisclosed contributions, but also case studies and best practices, which present the analysis of business processes related to security, resilience and privacy aspects "by design", during runtime, and forensically, based on the analysis of process logs. In this regard, we explicitly invite submission of practical contributions.
TrustCom 2016 15th IEEE International Conference on Trust, Security and Privacy in Computing and Communications, Tianjin, China, August 23-26, 2016. (Submission Due 15 April 2016)
With the rapid development and increasing complexity of computer systems
and communication networks, user requirements for trust, security and privacy
are becoming more and more demanding. Therefore, there is a grand challenge
that traditional security technologies and measures may not meet user requirements
in open, dynamic, heterogeneous, mobile, wireless, and distributed computing
environments. As a result, we need to build systems and networks in which various
applications allow users to enjoy more comprehensive services while preserving trust,
security and privacy at the same time. As useful and innovative technologies, trusted
computing and communications are attracting researchers with more and more attention.
The conference aims at bringing together researchers and practitioners in the world
working on trusted computing and communications, with regard to trust, security,
privacy, reliability, dependability, survivability, availability, and fault tolerance aspects
of computer systems and networks, and providing a forum to present and discuss
emerging ideas and trends in this highly challenging research field. Topics of interest
include, but not limited to:
Trust Track
ESORICS 2016 21st European Symposium on Research in Computer Security, Heraklion, Crete, September 26-30, 2016. (Submission Due 22 April 2016)
ESORICS is the annual European research event in Computer Security. The Symposium started in 1990 and has been held in several European countries, attracting a wide international audience from both the academic and industrial communities. Papers offering novel research contributions in computer security are solicited for submission to the Symposium. The primary focus is on original, high quality, unpublished research and implementation experiences. We encourage submissions of papers discussing industrial research and development. Topics of interest include, but are not limited to:
EuroUSEC 2016 1st European Workshop on Usable Security, Affiliated with PETS 2016, Darmstadt, Germany, July 18, 2016. (Submission Due 13 May 2016)
The aim of this workshop is to bring together researchers from different areas of computer science such as security, visualisation, artificial intelligence and machine learning as well as researchers from other domains such as psychology, social science and economics. We encourage submissions from collaborative research by authors of multiple fields. Topics of interest include:
Call for Book Chapters: Empirical Research for Software Security: Foundations and Experience, Taylor & Francis Group, LLC. (Submission Due 15 May 2016)
This book introduces the reader to using empirical research methods in exploring software security challenges. These methods include data analytics, questionnaires, interviews, and surveys that produce evidence for or against given claims. The book provides the foundations for using these empirical methods of collecting evidence about tools, techniques, methods, and processes for developing secure software using practical examples. Developing secure software requires the integration of methods, such as threat modeling and risk assessment and the integration of tools, such as security testing and code analysis tools into the development process. The design of such methods and processes is in general an artistic endeavor that is based on the shared expert knowledge, claims, and opinions. Empirical research methods allow extracting knowledge and insights from the data that organizations collect from their processes and tools and from the opinions of the experts who practice these processes and methods. This knowledge extraction contributes to maturing the design and adaptation of these techniques, methods, and processes. Example of the topics of interest include:
IEEE Transactions on Computers, Special Section on Secure Computer Architectures. (Submission Due 30 May 2016)
Editors: Ruby Lee (Princeton University, USA),
Patrick Schaumont (Virginia Tech, USA),
Ron Perez (Cryptography Research Inc., USA),
and Guido Bertoni (ST Microelectronics, USA).
Nowadays, computer architectures are profoundly affected by a new security landscape,
caused by the dramatic evolution of information technology over the past decade. First,
secure computer architectures have to support a wide range of security applications that
extend well beyond the desktop environment, and that also include handheld, mobile and
embedded architectures, as well as high-end computing servers. Second, secure computer
architectures have to support new applications of information security and privacy, as well
as new information security standards. Third, secure computer architectures have to be protected
and be tamper-resistant at multiple abstraction levels, covering network, software, and
hardware. This Special Section from Transactions on Computers aims to capture this evolving
landscape of secure computing architectures, to build a vision of opportunities and unresolved
challenges. It is expected that contributed submissions will place emphasis on secure
computing in general and on engineering and architecture design aspects of security in particular.
IEEE Transactions on Computers seeks original manuscripts for a Special Section on Secure
Computer Architectures tentatively scheduled to appear in the July 2017 issue. The topics
of interest for this special section include:
Staying in touch....
Changing your email address? Please send updates to cipher@ieee-security.org
IEEE Computer Society's Technical Committee on Security and Privacy
| TC home page | TC Officers | |
| How to join the TCSP | TC publications available online | |
| TC Publications for sale | Cipher past issues archive | |
| IEEE Computer Society | Cipher Privacy Policy |