Cipher Electronic Newsletter of the Technical Committe on    Security & Privacy A Technical Committee of the Computer Society of the IEEE  Electronic Issue (EI) 131,  March 22, 2016 Hilarie Orman,  Editor Richard Austin, Book Review Editor Sven Dietrich, Associate Editor Yong Guan, Calendar Editor

Contents:

• Letter from the Editor 
   

• Conference and Workshop Announcements

  • Commentary and Opinion

    • Richard Austin's review of The Car Hacker's Handbook: A Guide for the Penetration Tester by Craig Smith

    • NewsBits:  Announcements and correspondence from readers (please contribute!)

      • More employee data leakage from US Federal Departments
      • British teenager social engineers top US officials
      • NIST releases two crypto documents for public comment
      • The iPhone lands in hot water, crypto-wise
      • Stop changing your password
      • Iran to be named dam hacker
      • Carhacking, it's a thing in the Io(insecure)T
      • The 2015 Turing Award Goes to Diffie and Hellman

    • Book reviews from past Cipher issues

    • Conference Reports and Commentary from past Cipher issues

    • News items from past Cipher issues

   

  • Listing of academic positions available  by Cynthia Irvine
    (nothing new since Cipher E130)

   

  • Cipher calls-for-papers and calendar
      Cipher calendar announcements are on Twitter; follow "ciphernews"
      new calls or announcements added since Cipher E130 (the calls-for-papers and the calendar announcements may differ slightly in content or time of update): 

  • 3/21/16- 3/24/16: EuroSP, 1st IEEE European Symposium on Security and Privacy, Congress Center Saar, Saarbrücken, Germany
  • 3/23/16: TELERISE 2016 2nd International Workshop on TEchnical and LEgal aspects of data pRIvacy and SEcurity, Co-located with ICWE 2016, Università della Svizzera Italiana (USI) Lugano, Switzerland; Submissions are due
  • 3/23/16- 3/25/16: INTRICATE-SEC, 4th International Workshop on Security Intricacies in Cyber-Physical Systems and Services, Held in conjunction with the 30th International Conference on Advanced Information Networking and Applications (AINA-2016), Crans-Montana, Switzerland
  • 3/25/16: HAISA, International Symposium on Human Aspects of Information Security & Assurance, Frankfurt Germany; Submissions are due
  • 3/25/16: MSPN, International Conference on Mobile, Secure and Programmable Networking, Paris, France; Submissions are due
  • 3/31/16: IWSEC, 11th International Workshop on Security, Tokyo, Japan; Submissions are due
  • 4/ 1/16: RAID, 19th International Symposium on Research in Attacks, Intrusions and Defenses, Paris, France; Submissions are due
  • 4/ 1/16: SIN, 9th International Conference on Security of Information and Networks, Rutgers University, New Jersey, NJ, USA; Submissions are due
  • 4/ 4/16: I-SAT, International Workshop on Information Security, Assurance, and Trust, Vancouver, BC, Canada; Submissions are due
  • 4/ 4/16: IWCC, 5th International Workshop on Cyber Crime, Co-located with the 11th International Conference on Availability, Reliability and Security (ARES 2016), Salzburg, Austria; Submissions are due
  • 4/ 6/16: IMPS, Workshop on Innovations in Mobile Privacy and Security, Held in conjunction with ESSoS 2016, London, UK
  • 4/ 6/16- 4/ 8/16: ESSoS, International Symposium on Engineering Secure Software and Systems, University of London, London, UK
  • 4/12/16: PMSPCR, Workshop on Process Mining for Security, Privacy, Compliance & Resilience, Held in conjunction with the 19th International Conference on Business Information Systems (BIS 2016), Leipzig, Germany; Submissions are due
  • 4/15/16: TrustCom, 15th IEEE International Conference on Trust, Security and Privacy in Computing and Communications, Tianjin, China; Submissions are due
  • 4/17/16: NSAA, Workshop on Network Security Analytics and Automation, Held in conjunction with the 25th International Conference on Computer Communication and Networks (ICCCN 2016), Waikoloa, Hawaii, USA; Submissions are due
  • 4/18/16: GraMSec, 3rd International Workshop on Graphical Models for Security, Co-located with CSF 2016, Lisbon, Portugal; Submissions are due
  • 4/19/16- 4/20/16: Cybersecurity, Cybersecurity Symposium, Coeur d'Alene, Idaho, U.S.A
  • 4/20/16: CNS, 4th IEEE Conference on Communications and Network Security, Philadelphia, PA, USA; Submissions are due
  • 4/22/16: ESORICS, 21st European Symposium on Research in Computer Security, Heraklion, Crete; Submissions are due
  • 4/30/16: Mycrypt, 2nd International Conference on Cryptology & Malicious Security, Kuala Lumpur, Malaysia; Submissions are due
  • 5/ 3/16: WISTP, 10th WISTP International Conference on Information Security Theory and Practice, Heraklion, Crete, Greece; Submissions are due
  • 5/ 5/16- 5/ 7/16: HOST, IEEE International Symposium on Hardware Oriented Security and Trust, Washington DC, USA
  • 5/ 9/16: TRUST, 9th International Conference on Trust & Trustworthy Computing, Vienna, Austria; Submissions are due
  • 5/13/16: EuroUSEC, 1st European Workshop on Usable Security, Affiliated with PETS 2016, Darmstadt, Germany; Submissions are due
  • 5/15/16: Call for Book Chapters: Empirical Research for Software Security: Foundations and Experience, Taylor & Francis Group, LLC.; Submissions are due
  • 5/22/16- 5/26/16: ICIMP, 11th International Conference on Internet Monitoring and Protection, Valencia, Spain
  • 5/23/16: ACM CCS, 23rd ACM Conference on Computer and Communications Security, Vienna, Austria; Submissions are due
  • 5/23/16- 5/25/16: SP, 37th IEEE Symposium on Security and Privacy, San Jose, CA, USA
  • 5/26/16: SPW, Security and Privacy Workshops, Held in conjunction with the 37th IEEE Symposium on Security and Privacy (SP 2016), San Jose, CA, USA
  • 5/26/16: BioSTAR, International Workshop on Bio-inspired Security, Trust, Assurance and Resilience, Co-located with 37th IEEE Symposium on Security and Privacy (IEEE S&P 2016), San Jose, CA, USA
  • 5/26/16: MOST, Workshop on Mobile Security Technologies, Co-located with 37th IEEE Symposium on Security and Privacy (IEEE S&P 2016), San Jose, CA, USA
  • 5/26/16: LASER, 4th Workshop on Learning from Authoritative Security Experiment Results, Co-located with 37th IEEE Symposium on Security and Privacy (IEEE S&P 2016), San Jose, CA, USA
  • 5/30/16: IEEE Transactions on Computers, Special Section on Secure Computer Architectures; Submissions are due
  • 5/30/16: SSR, 3rd International conference on Security Standardization Research, Gaithersburg, MD, USA; Submissions are due
  • 5/30/16- 6/ 1/16: IFIP SEC, 31th IFIP TC-11 SEC 2016 International Information Security and Privacy Conference, Ghent, Belgium
  • 5/30/16: WTMC, International Workshop on Traffic Measurements for Cybersecurity, Co-located with 11th ACM Asia Conference on Computer and Communications Security (AsiaCCS 2016), Xi'an, China
  • 5/30/16: IoTPTS, 2nd ACM International Workshop on IoT Privacy, Trust, and Security, Co-located with 11th ACM Asia Conference on Computer and Communications Security (AsiaCCS 2016), Xi'an, China
  • 5/31/16- 6/ 3/16: ASIACCS, 11th ACM Asia Conference on Computer and Communications Security, Xi'an, China
  • 5/31/16: CPSS, 2nd ACM Cyber-Physical System Security Workshop, Held in conjunction with ACM AsiaCCS 2016 Conference, Xi'an, China
  • 6/ 1/16: SADFE, 11th International Conference on Systematic Approaches to Digital Forensics Engineering, Kyoto, Japan; Submissions are due
  • 6/ 1/16- 6/ 3/16: MSPN, International Conference on Mobile, Secure and Programmable Networking, Paris, France
  • 6/ 4/16: PROOFS, 5th International Workshop on Security Proofs for Embedded Systems, Santa Barbara, California, USA; Submissions are due
  • 6/ 9/16: TELERISE 2016 2nd International Workshop on TEchnical and LEgal aspects of data pRIvacy and SEcurity, Co-located with ICWE 2016, Università della Svizzera Italiana (USI) Lugano, Switzerland
  • 6/10/16- 6/14/16: STPSA, 11th IEEE International Workshop on Security, Trust, and Privacy for Software Applications, Held in conjunction with COMPSAC 2016, Atlanta, GA, USA
  • 6/15/16: SecureComm, 12th EAI International Conference on Security and Privacy in Communication Networks, Guangzhou, China; Submissions are due
  • 6/15/16: IWDW, 15th International Workshop on Digital-forensics and Watermarking, Beijing, China; Submissions are due
  • 6/16/16- 6/18/16: I-SAT, International Workshop on Information Security, Assurance, and Trust, Vancouver, BC, Canada
  • 6/19/16- 6/22/16: ACNS, 14th International Conference on Applied Cryptography and Network Security, London, United Kingdom
  • 6/27/16: GraMSec, 3rd International Workshop on Graphical Models for Security, Co-located with CSF 2016, Lisbon, Portugal
  • 6/28/16- 7/ 1/16: CSF, 29th IEEE Computer Security Foundations Symposium, Lisbon, Portugal
  • 7/ 6/16- 7/ 8/16: PMSPCR, Workshop on Process Mining for Security, Privacy, Compliance & Resilience, Held in conjunction with the 19th International Conference on Business Information Systems (BIS 2016), Leipzig, Germany
  • 7/ 7/16- 7/ 8/16: DIMVA, 13th International Conference on Detection of Intrusions and Malware & Vulnerability Assessment, San Sebastian, Spain
  • 7/18/16: EuroUSEC, 1st European Workshop on Usable Security, Affiliated with PETS 2016, Darmstadt, Germany
  • 7/18/16- 7/20/16: WiSec 2016 9th ACM Conference on Security and Privacy in Wireless and Mobile Networks, Darmstadt, Germany
  • 7/18/16- 7/21/16: DBSec, 30th Annual IFIP WG 11.3 Working Conference on Data and Applications Security and Privacy, Trento, Italy
  • 7/18/16- 7/22/16: SHPCS, 11th International Workshop on Security and High Performance Computing Systems, Held in conjunction with the 2016 International Conference on High Performance Computing & Simulation (HPCS 2016), Innsbruck, Austria
  • 7/19/16- 7/21/16: HAISA, International Symposium on Human Aspects of Information Security & Assurance, Frankfurt Germany
  • 7/19/16- 7/22/16: PETS, 16th Privacy Enhancing Technologies Symposium, Darmstadt, Germany
  • 7/20/16- 7/22/16: SIN, 9th International Conference on Security of Information and Networks, Rutgers University, New Jersey, NJ, USA
  • 7/26/16- 7/28/16: SECRYPT, 13th International Conference on Security and Cryptography, Lisbon, Portugal
  • 7/23/16- 7/26/16: TrustCom, 15th IEEE International Conference on Trust, Security and Privacy in Computing and Communications, Tianjin, China
  • 8/ 1/16- 8/ 4/16: NSAA, Workshop on Network Security Analytics and Automation, Held in conjunction with the 25th International Conference on Computer Communication and Networks (ICCCN 2016), Waikoloa, Hawaii, USA
  • 8/20/16: PROOFS, 5th International Workshop on Security Proofs for Embedded Systems, Santa Barbara, California, USA
  • 8/22/16: GenoPri, 3rd International Workshop on Genome Privacy and Security, Held in conjunction with the AMIA 2016 Annual Symposium, Chicago, IL, USA; Submissions are due
  • 8/29/16- 8/30/16: TRUST, 9th International Conference on Trust & Trustworthy Computing, Vienna, Austriaue
  • 8/29/16- 9/ 2/16: IWCC, 5th International Workshop on Cyber Crime, Co-located with the 11th International Conference on Availability, Reliability and Security (ARES 2016), Salzburg, Austria
  • 9/ 7/16- 9/ 9/16: ISC, 19th Information Security Conference, Honolulu, Hawaii, USA
  • 9/12/16- 9/14//16: IWSEC, 11th International Workshop on Security, Tokyo, Japan
  • 9/17/16- 9/19/16: IWDW, 15th International Workshop on Digital-forensics and Watermarking, Beijing, China
  • 9/19/16- 9/21/16: RAID, 19th International Symposium on Research in Attacks, Intrusions and Defenses, Paris, France
  • 9/20/16- 9/22/16: SADFE, 11th International Conference on Systematic Approaches to Digital Forensics Engineering, Kyoto, Japan
  • 9/26/16- 9/27/16: WISTP, 10th WISTP International Conference on Information Security Theory and Practice, Heraklion, Crete, Greece
  • 9/26/16- 9/30/16: ESORICS, 21st European Symposium on Research in Computer Security, Heraklion, Crete
  • 10/10/16-10/12/16: SecureComm, 12th EAI International Conference on Security and Privacy in Communication Networks, Guangzhou, China
  • 10/17/16-10/19/16: CNS, 4th IEEE Conference on Communications and Network Security, Philadelphia, PA, USA
  • 10/24/16-10/28/16: ACM CCS, 23rd ACM Conference on Computer and Communications Security, Vienna, Austria
  • 11/12/16: GenoPri, 3rd International Workshop on Genome Privacy and Security, Held in conjunction with the AMIA 2016 Annual Symposium, Chicago, IL, USA
  • 12/ 1/16-12/ 2/16: Mycrypt, 2nd International Conference on Cryptology & Malicious Security, Kuala Lumpur, Malaysia
  • 12/ 5/16-12/ 6/16: SSR, 3rd International conference on Security Standardization Research, Gaithersburg, MD, USA
  
  
  • new calls or announcements added since Cipher E130

  • TELERISE 2016 2nd International Workshop on TEchnical and LEgal aspects of data pRIvacy and SEcurity, Co-located with ICWE 2016, Università della Svizzera Italiana (USI) Lugano, Switzerland, June 9, 2016. (Submissions Due 23 March 2016)

    Information sharing on the Web is essential for today's business and societal transactions. Nevertheless, such a sharing should not violate the security and privacy requirements either dictated by Law to protect data subjects or by internal regulations provided both at organisation and individual level. An effectual, rapid, and unfailing electronic data sharing among different parties, while protecting legitimate rights on these data, is a key issue with several shades. Among them, how to translate the high-level law obligations, business constraints, and users' requirements into system-level privacy policies, as well as engineering efficient and practical Web applications-based solutions for policy definition and enforcement. TELERISE aims at providing a forum for researchers and engineers, in academia as well as in industry, to foster an exchange of research results, experiences, and products in the area of privacy preserving, secure data management, and engineering on the Web, from a technical and legal perspective. The ultimate goal is to conceive new trends and ideas on designing, implementing, and evaluating solutions for privacy-preserving information sharing, with an eye to the cross-relations between ICT and regulatory aspects of data management and engineering. Topics of interest are (but not limited to):

    • Model-based and experimental assessment of data protection
    • Privacy in identity management and authentication
    • Modeling and analysis languages for representation, visualization, specification of legal regulations
    • Technical, legal, and user requirements for data protection
    • User-friendly authoring tools to edit privacy preferences
    • IT infrastructures for privacy and security policies management
    • IT infrastructure for supporting privacy and security policies evolution
    • Privacy and security policies conflict analysis and resolution strategies
    • Electronic Data Sharing Agreements representation: languages and management infrastructure
    • Cross-relations between privacy-preserving technical solutions and legal regulations
    • Privacy aware access and usage control
    • Privacy and security policies enforcement mechanisms
    • Privacy preserving data allocation and storage
    • Software systems compliance with applicable laws and regulations
    • Heuristic for pattern identification in law text
    • Empirical analysis of consumer's awareness of privacy and security policies

  • HAISA 2016 International Symposium on Human Aspects of Information Security & Assurance, Frankfurt Germany, July 19 - 21, 2016. (Submissions Due 25 March 2016)

    It is commonly acknowledged that security requirements cannot be addressed by technical means alone, and that a significant aspect of protection comes down to the attitudes, awareness, behaviour and capabilities of the people involved. Indeed, people can potentially represent a key asset in achieving security, but at present, factors such as lack of awareness and understanding, combined with unreasonable demands from security technologies, can dramatically impede their ability to do so. Ensuring appropriate attention and support for the needs of users should therefore be seen as a vital element of a successful security strategy. People at all levels (i.e. from organisations to domestic environments; from system administrators to end-users) need to understand security concepts, how the issues may apply to them, and how to use the available technology to protect their systems. In addition, the technology itself can make a contribution by reducing the demands upon users, simplifying protection measures, and automating a variety of safeguards. With the above in mind, this symposium specifically addresses information security issues that relate to people. It concerns the methods that inform and guide users' understanding of security, and the technologies that can benefit and support them in achieving protection. The symposium welcomes papers addressing research and case studies in relation to any aspect of information security that pertains to the attitudes, perceptions and behaviour of people, and how human characteristics or technologies may be positively modified to improve the level of protection. Indicative themes include:

    • Information security culture
    • Awareness and education methods
    • Enhancing risk perception
    • Public understanding of security
    • Usable security
    • Psychological models of security software usage
    • User acceptance of security policies and technologies
    • User-friendly authentication methods
    • Biometric technologies and impacts
    • Automating security functionality
    • Non-intrusive security
    • Assisting security administration
    • Impacts of standards, policies, compliance requirements
    • Organizational governance for information assurance
    • Simplifying risk and threat assessment
    • Understanding motivations for misuse
    • Social engineering and other human-related risks
    • Privacy attitudes and practices
    • Computer ethics and security

  • MSPN 2016 International Conference on Mobile, Secure and Programmable Networking, Paris, France, June 1-3, 2016. (Submissions Due 25 March 2016)

    The rapid deployment of new infrastructures based on network virtualization and Cloud computing triggers new applications and services that in turn generate new constraints such as security and/or mobility. The International Conference on Mobile, Secure and Programmable Networking aims at providing a top forum for researchers and practitioners to present and discuss new trends in networking infrastructures, security, services and applications while focusing on virtualization and Cloud computing, network programming, Internet of things and Cloud computing convergence, Software Defined Networks (SDN) and their security. Position papers are also welcome and should be clearly marked as such. The accepted papers wil be published as a post-proceedings in Springer's LNCS. Authors are invited to submit complete unpublished papers, which are not under review in any other conference or journal, including, but not limited to, the following topic areas:

    • Software Defined Networks (tools, software, concepts)
    • Virtualization and Cloud computing
    • Networks and Cloud computing
    • Mobile computing and Mobile Cloud computing
    • Security, Privacy and Trust in Networks, Services and Applications
    • Green computing and networking
    • Ubiquitous Computing and Sensor Networks
    • System design and testbeds
    • Cross-Layer Design and Optimization
    • Modeling and performance evaluation
    • 4G and 5G networks
    • Social networks
    • Cooperative networking and Self-Organizing networks
    • Distributed sensing, actuation, and control in cyber-physical systems
    • Internet of Things
    • Vehicular networks and Connected Cars
    • Crowdsourcing
    • Datacenter networking
    • Location-based Services
    • Smart cities

  • IWSEC 2016 11th International Workshop on Security, Tokyo, Japan, September 12-14, 2016. (Submissions Due 31 March 2016)

    Original papers on the research and development of various security topics, as well as case studies and implementation experiences, are solicited for submission to IWSEC 2016. Topics of interest for IWSEC 2016 include all theory and practice of cryptography, information security, and network security, as in previous IWSEC workshops. In particular, we encourage the following topics in this year:

    • Big Data Analysis for Security
    • Critical Infrastructure Security
    • Cryptanalysis
    • Cryptographic Protocols
    • Cybersecurity Economics
    • Digital Forensics
    • Enriched Cryptography
    • Formal Methods
    • IoT security
    • Machine Learning for Security
    • Malware Countermeasures
    • Measurements for Cybersecurity
    • Multiparty Computation
    • Post Quantum Cryptography
    • Privacy Preserving
    • Real World Cryptography
    • Visualization for Security

  • RAID 2016 19th International Symposium on Research in Attacks, Intrusions and Defenses, Paris, France, September 19-21, 2016. (Submissions Due 1 April 2016)

    The 19th International Symposium on Research in Attacks, Intrusions and Defenses (RAID 2016) aims at bringing together leading researchers and practitioners from academia, government, and industry to discuss novel research contributions related to computer and information security. Research papers on all topics related to cyber attacks, intrusions or defenses are within scope, including papers on:

    • Malware and unwanted software
    • Mobile and Web security and privacy
    • Cloud computing security
    • Computer and network security
    • Denial-of-Service attacks
    • Formal models, analysis, and standards
    • Vulnerability analysis
    • Secure software development
    • Machine learning for security
    • Computer security visualization techniques
    • Cyber crime and underground economies
    • Hardware security
    • Program analysis and reverse engineering
    • Digital forensics
    • Usable security and privacy
    • Intrusion detection and prevention
    • Cyber physical systems
    • Security measurement studies
    • Security and privacy of the Internet of Things
    • Threats against critical infrastructures and mitigation thereof
    • Cyber intelligence techniques and threats intel sharing

  • SIN 2016 9th International Conference on Security of Information and Networks, Rutgers University, New Jersey, NJ, USA, July 20-22, 2016. (Submissions Due 1 April 2016)

    Papers, special sessions, tutorials, and workshops addressing all aspects of security in information and networks are being sought. Researchers and industrial practitioners working on the following and related subjects are especially encouraged: development and realization of cryptographic solutions, security schemes, new algorithms; critical analysis of existing approaches; secure information systems, especially distributed control and processing applications, and security in networks; interoperability, service levels and quality issues in such systems; information assurance, security, and public policy; detection and prevention of cybercrimes such as fraud and phishing; next generation network architectures, protocols, systems and applications; security education curriculum; industrial experiences and challenges of the above. Doctoral students are encouraged to propose papers on ongoing research. Original papers will be considered; submissions must not substantially duplicate work that any of the authors has published elsewhere or has submitted in parallel to any other conference or workshop that has proceedings. All submitted papers will be reviewed by at least three members of the program committee judging its originality, significance, correctness, presentation and relevance. Authors are also encouraged to propose position papers on practical studies and experiments, critique of existing work, emerging issues, and novel ideas under development. Enterprises and research centers developing, implementing, or using security tools and frameworks are encouraged to propose application / tool demo. Proposals of half-day tutorials on fundamental to advanced subjects covering practical implementation aspects of security are welcome. Proposals of special session(s) to be held in the main conference are welcome. Proposals are invited for workshops to be held in conjunction with SIN 2016 Conference. The workshop proposal theme should be closely related to the conference topics. Broad areas of interest include theory, tools, and applications of security for information, computer, network, and cloud but are not limited to, the following:

    • Access control and intrusion detection
    • Security of cyber-physical systems
    • Autonomous and adaptive security
    • Security tools and development platforms
    • Computational intelligence techniques in security
    • Security ontology, models, protocols & policies
    • Computer network defense
    • Standards, guidelines and certification
    • Cryptographic techniques and key management
    • Security-aware software engineering
    • Trust and privacy
    • Information assurance
    • Malware analysis
    • Network security and protocols
    • Security in Mobile/Embedded Systems
    • Cloud security
    • Security education and innovative curriculum

  • I-SAT 2016 International Workshop on Information Security, Assurance, and Trust, Vancouver, BC, Canada, June 16-18, 2016. (Submissions Due 4 April 2016)

    The goal of this workshop is to provide a forum for researchers, scientists and engineers working in academia and industry to share their experiences, new ideas and research results in the areas of information and system security, assurance, and trust. I-SAT2016 will address novel research targeting technical aspects of protecting information security and establishing trust in the digital space. New paradigms and solutions targeting emerging topics in such fields will be presented and discussed by researchers and industrial experts. The main focus of the workshop will include, but not limited to the following:

    • Application Security and Threat Management
    • Cyber Security, Privacy and Trust
    • Modern Authentication Paradigms
    • Big data security
    • Database security
    • Digital Fraud detection
    • Social engineering and insider threats
    • Cyber threat intelligence
    • Cloud, Mobile, and Internet-of-Things security
    • Digital forensics
    • Intrusion Detection
    • Biometrics
    • Botnet and DDoS detection and control

  • IWCC 2016 5th International Workshop on Cyber Crime, Co-located with the 11th International Conference on Availability, Reliability and Security (ARES 2016), Salzburg, Austria, August 29 - September 2, 2016. (Submissions Due 4 April 2016)

    Today's world's societies are becoming more and more dependent on open networks such as the Internet - where commercial activities, business transactions and government services are realized. This has led to the fast development of new cyber threats and numerous information security issues which are exploited by cyber criminals. The inability to provide trusted secure services in contemporary computer network technologies has a tremendous socio-economic impact on global enterprises as well as individuals. Moreover, the frequently occurring international frauds impose the necessity to conduct the investigation of facts spanning across multiple international borders. Such examination is often subject to different jurisdictions and legal systems. A good illustration of the above being the Internet, which has made it easier to perpetrate traditional crimes. It has acted as an alternate avenue for the criminals to conduct their activities, and launch attacks with relative anonymity. The increased complexity of the communications and the networking infrastructure is making investigation of the crimes difficult. Traces of illegal digital activities are often buried in large volumes of data, which are hard to inspect with the aim of detecting offences and collecting evidence. Nowadays, the digital crime scene functions like any other network, with dedicated administrators functioning as the first responders. This poses new challenges for law enforcement policies and forces the computer societies to utilize digital forensics to combat the increasing number of cybercrimes. Forensic professionals must be fully prepared in order to be able to provide court admissible evidence. To make these goals achievable, forensic techniques should keep pace with new technologies. The aim of 5th International Workshop on Cyber Crime is to bring together the research accomplishments provided by the researchers from academia and the industry. The other goal is to show the latest research results in the field of digital forensics and to present the development of tools and techniques which assist the investigation process of potentially illegal cyber activity. We encourage prospective authors to submit related distinguished research papers on the subject of both: theoretical approaches and practical case reviews. The workshop will be accessible to both non-experts interested in learning about this area and experts interesting in hearing about new research and approaches. Topics of interest include, but are not limited to:

    • Cyber crimes: evolution, new trends and detection
    • Cyber crime related investigations
    • Computer and network forensics
    • Digital forensics tools and applications
    • Digital forensics case studies and best practices
    • Privacy issues in digital forensics
    • Network traffic analysis, traceback and attribution
    • Incident response, investigation and evidence handling
    • Integrity of digital evidence and live investigations
    • Identification, authentication and collection of digital evidence
    • Anti-forensic techniques and methods
    • Watermarking and intellectual property theft
    • Social networking forensics
    • Steganography/steganalysis and covert/subliminal channels
    • Network anomalies detection
    • Novel applications of information hiding in networks
    • Political and business issues related to digital forensics and anti-forensic techniques

  • PMSPCR 2016 Workshop on Process Mining for Security, Privacy, Compliance & Resilience, Held in conjunction with the 19th International Conference on Business Information Systems (BIS 2016), Leipzig, Germany, July 6-8, 2016. (Submissions Due 12 April 2016)

    Security in Business Processes (BP) is an extension to well-known security analysis. Security rules are either defined by regulation, e.g. data protection law, or as guidelines for good conducts, e.g. Basel III or SOX. Business guidelines, e.g. ITIL and COBIT, form a specification of regulation and business conduct, but there are almost no satisfying approaches as far as computer science is concerned. This workshop deals with process mining as a means for security analysis. Three phases may be identified: process analysis before execution, monitoring, or after execution of the BP. With regard to the latter, logs recording the events executed in BP build the basis for Process Mining (PM), which provides methods and tools to ensure compliance to regulations and guidelines. This workshop aims to explore the potentials of process mining to bridge the gap between an analysis of workflows and a certification of compliance and security. We invite innovative and previously undisclosed contributions, but also case studies and best practices, which present the analysis of business processes related to security, resilience and privacy aspects "by design", during runtime, and forensically, based on the analysis of process logs. In this regard, we explicitly invite submission of practical contributions.

  • TrustCom 2016 15th IEEE International Conference on Trust, Security and Privacy in Computing and Communications, Tianjin, China, August 23-26, 2016. (Submissions Due 15 April 2016)

    With the rapid development and increasing complexity of computer systems and communication networks, user requirements for trust, security and privacy are becoming more and more demanding. Therefore, there is a grand challenge that traditional security technologies and measures may not meet user requirements in open, dynamic, heterogeneous, mobile, wireless, and distributed computing environments. As a result, we need to build systems and networks in which various applications allow users to enjoy more comprehensive services while preserving trust, security and privacy at the same time. As useful and innovative technologies, trusted computing and communications are attracting researchers with more and more attention. The conference aims at bringing together researchers and practitioners in the world working on trusted computing and communications, with regard to trust, security, privacy, reliability, dependability, survivability, availability, and fault tolerance aspects of computer systems and networks, and providing a forum to present and discuss emerging ideas and trends in this highly challenging research field. Topics of interest include, but not limited to:
    Trust Track

    • Trust semantics, metrics and models
    • Trusted computing platform
    • Trusted network computing
    • Trusted operating systems
    • Trusted software and applications
    • Trust in social networks
    • Trust in e-commerce and e-government
    • Trust in mobile and wireless communications
    • Risk and reputation management
    • Survivable computer systems/networks
    • Trust of 5G
    • Miscellaneous trust issues
    Security Track
    • Network security
    • Computer security
    • Database security
    • Web applications security
    • Security policy, model and architecture
    • Security in social networks
    • Security in parallel and distributed systems
    • Security in mobile and wireless communications
    • Security in grid/cloud/pervasive computing
    • Authentication, authorization and accounting
    • Security of 5G
    • Miscellaneous security issues
    Privacy Track
    • Privacy in Web-based applications and services
    • Privacy in database systems
    • Privacy in parallel and distributed systems
    • Privacy in grid/cloud/pervasive computing
    • Privacy in mobile and wireless communications
    • Privacy in e-commerce and e-government
    • Privacy in network deployment and management
    • Privacy and trust
    • Privacy and security
    • Privacy and anonymity
    • Privacy preservation in 5G
    • Miscellaneous privacy issues
    Forensics Track
    • Anti-forensics
    • Biometrics
    • Cryptanalysis
    • Big data forensics
    • CCTV forensics
    • Cloud forensics
    • Computational forensics
    • Cyber-physical system forensics
    • Datamining for forensics
    • Facial recognition
    • Fingerprint forensics
    • Image forensics
    • Malware forensics
    • Mobile app forensics (e.g. Skype, WeChat and Facebook)
    • Mobile device forensics
    • Multimedia forensics
    • Network forensics
    • Steganography and steganalysis
    • System reverse engineering
    • Watermarking

  • NSAA 2016 Workshop on Network Security Analytics and Automation, Held in conjunction with the 25th International Conference on Computer Communication and Networks (ICCCN 2016), Waikoloa, Hawaii, USA, August 1-4, 2016. (Submissions Due 17 April 2016)

    This workshop provides a forum for researchers to explore promising new approaches to enable enterprises to quickly determine courses of action in response to ever changing computer network threats. Emphasis will be focused on building a sustained ecosystem for network security and using big data analytics techniques to determine appropriate responses to prevent massive attack events by neutralizing threats before they have a chance to gather momentum. To this end effective and safe automation and integration of security tools are critical. Topics of interest include, but not limited to:

    • Cyber threat information sharing standards, ontologies, and infrastructure
    • Assessing the reputation of cyber threat intelligence sources
    • Course of action planning based on shared information
    • Enrichment of shared threat information
    • Application of big data analytics to identify threats
    • Visualization of logs and attack information
    • Integration of network security responses
    • Orchestration of responses to threats
    • Curriculum development related to network security analytics and automation
    • Automation of responses
    • Safety controls for automation
    • Network resiliency

  • GraMSec 2016 3rd International Workshop on Graphical Models for Security, Co-located with CSF 2016,
    Lisbon, Portugal, June 27, 2016. (Submissions Due 18 April 2016)

    Graphical security models provide an intuitive but systematic approach to analyze security weaknesses of systems and to evaluate potential protection measures. Formal methods and cyber security researchers, as well as security professionals from industry and government, have proposed various graphical security modeling schemes. Such models are used to capture different security facets (digital, physical, and social) and address a range of challenges including vulnerability assessment, risk analysis, defense analysis, automated defensing, secure services composition, policy validation and verification. The objective of the GraMSec workshop is to contribute to the development of well-founded graphical security models, efficient algorithms for their analysis, as well as methodologies for their practical usage. The workshop seeks submissions from academia, industry, and government presenting novel research on all theoretical and practical aspects of graphical models for security. The topics of the workshop include, but are not limited to:

    • Graphical models for threat modeling and analysis
    • Graphical models for risk analysis and management
    • Graphical models for requirements analysis and management
    • Textual and graphical representation for system, organizational, and business security
    • Visual security modeling and analysis of socio-technical and cyber-physical systems
    • Graphical security modeling for cyber situational awareness
    • Graphical models supporting the security by design paradigm
    • Methods for quantitative and qualitative analysis of graphical security models
    • Formal semantics and verification of graphical security models
    • Methods for (semi-)automatic generation of graphical security models
    • Enhancement and/or optimization of existing graphical security models
    • Scalable evaluation of graphical security models
    • Evaluation algorithms for graphical security models
    • Dynamic update of graphical security models
    • Game theoretical approaches to graphical security modeling
    • Attack trees, attack graphs and their variants
    • Stochastic Petri nets, Markov chains, and Bayesian networks for security
    • UML-based models and other graphical modeling approaches for security
    • Software tools for graphical security modeling and analysis
    • Case studies and experience reports on the use of graphical security modeling paradigm

  • CNS 2016 4th IEEE Conference on Communications and Network Security,
    Philadelphia, PA, USA, October 17-19, 2016. (Submissions Due 20 April 2016)

    IEEE Conference on Communications and Network Security (CNS) is a conference series in IEEE Communications Society (ComSoc) core conference portfolio and the only ComSoc conference focusing solely on cyber security. IEEE CNS is also a spin-off of IEEE INFOCOM, the premier ComSoc conference on networking. The goal of CNS is to provide an outstanding forum for cyber security researchers, practitioners, policy makers, and users to exchange ideas, techniques and tools, raise awareness, and share experience related to all practical and theoretical aspects of communications and network security. Building on the success of the past three years� conferences, IEEE CNS 2016 seeks original high-quality technical papers from academia, government, and industry. Topics of interest encompass all practical and theoretical aspects of communications and network security, all the way from the physical layer to the various network layers to the variety of applications reliant on a secure communication substrate.

  • ESORICS 2016 21st European Symposium on Research in Computer Security,
    Heraklion, Crete, September 26-30, 2016. (Submissions Due 22 April 2016)

    ESORICS is the annual European research event in Computer Security. The Symposium started in 1990 and has been held in several European countries, attracting a wide international audience from both the academic and industrial communities. Papers offering novel research contributions in computer security are solicited for submission to the Symposium. The primary focus is on original, high quality, unpublished research and implementation experiences. We encourage submissions of papers discussing industrial research and development. Topics of interest include, but are not limited to:

    • access control
    • accountability
    • ad hoc networks
    • anonymity
    • applied cryptography
    • authentication
    • biometrics
    • data and computation integrity
    • database security
    • data protection
    • digital content protection
    • digital forensics
    • distributed systems security
    • embedded systems security
    • inference control
    • information hiding
    • identity management
    • information flow control
    • information security governance and management
    • intrusion detection
    • formal security methods
    • language-based security
    • network security
    • phishing and spam prevention
    • privacy
    • privacy preserving data mining
    • risk analysis and management
    • secure electronic voting
    • security architectures
    • security economics
    • security metrics
    • security models
    • security and privacy for big data
    • security and privacy in cloud scenarios
    • security and privacy in complex systems
    • security and privacy in content centric networking
    • security and privacy in crowdsourcing
    • security and privacy in the IoT
    • security and privacy in location services
    • security and privacy for mobile code
    • security and privacy in pervasive / ubiquitous computing
    • security and privacy policies
    • security and privacy in social networks
    • security and privacy in web services
    • security and privacy in cyber-physical systems
    • security, privacy and resilience in critical infrastructures
    • security verification
    • software security
    • systems security
    • trust models and management
    • trustworthy user devices
    • usable security and privacy
    • web security
    • wireless security

  • Mycrypt 2016 2nd International Conference on Cryptology & Malicious Security,
    Kuala Lumpur, Malaysia, December 1-2, 2016. (Submissions Due 30 April 2016)

    Original papers of substantial technical contribution in the areas of cryptology and malicious security are solicited for submission to the International Conference on Cryptology & Malicious Security. Submissions to Mycrypt 2016 should be aimed towards the following topic categories:

    • paradigm-shifting, unconventional cryptology (e.g. malicious crypto, unconventional formulations of underlying problems, or new hard problems)
    • position papers on breakthrough cryptologic/security research
    • revisits/critiques/analysis of long-standing crypto paradigms/approaches/models/formulations (in fact, we also encourage paired submissions by crypto factions of opposing views, where each paper in the pair argues for/against a paradigm)
    • approaches/solutions to long-standing open problems; or formulations of long-standing/thus-far adhoc security approaches
    • analysis of crypto/security standardization processes & how they may be subverted
    • cryptofications of the real world (e.g. new types of adversarial models and/or notions inspired by real world incidences/problems, modelling humans-in-the-security-loop)
    • crypto & beyond: cryptologic techniques in union with techniques from other disciplines

  • WISTP 2016 10th WISTP International Conference on Information Security Theory and Practice,
    Heraklion, Crete, Greece, September 26-27, 2016. (Submissions Due 3 May 2016)

    The 10th WISTP International Conference on Information Security Theory and Practice (WISTP 2016) seeks original submissions from academia and industry presenting novel research on all theoretical and practical aspects of security and privacy, as well as experimental studies of fielded systems, the application of security technology, the implementation of systems, and lessons learned. We encourage submissions from other communities such as law, business, and policy that present these communities' perspectives on technological issues.

  • TRUST 2016 9th International Conference on Trust & Trustworthy Computing,
    Vienna, Austria, August 29-30, 2016. (Submissions Due 9 May 2016)

    TRUST 2016 is an international conference that explores new ideas and experiences in building, designing, using and understanding trustworthy computing systems. We are now calling for papers. Interested authors are invited to submit papers describing novel and previously unpublished results in building, designing, using and understanding trustworthy computing systems. Paper topics include, but are not limited to:

    • Architectures for trustworthy infrastructures
    • Emerging applications and technologies, including recent industrial research and development on trusted/trustworthy computing
    • Hardware security, including secure storage, cryptographic coprocessors, smartcards, and physically unclonable functions (PUFs)
    • Trustworthy applications, including webbased systems
    • Trusted mobile computing platforms
    • Trustworthy embedded, CyberPhysical, and Internet of Things systems
    • Security analysis and formal techniques for trusted/trustworthy computing
    • Verification of trusted/trustworthy computing (architectures, platforms, software, protocols)
    • Usability of trusted/trustworthy computing solutions and humancomputer interactions
    • Cloud security and trustworthy services
    • Trust management
    • Software engineering techniques for trustworthiness
    • Operating system security, including virtualization and monitoring
    • Cryptography for trusted computing and related applications
    • Intrusion detection and resilience leveraging trusted computing
    • Security policies and management of trusted/trustworthy systems
    • Experimental, userbased or testbed studies

  • EuroUSEC 2016 1st European Workshop on Usable Security, Affiliated with PETS 2016,
    Darmstadt, Germany, July 18, 2016. (Submissions Due 13 May 2016)

    The aim of this workshop is to bring together researchers from different areas of computer science such as security, visualisation, artificial intelligence and machine learning as well as researchers from other domains such as psychology, social science and economics. We encourage submissions from collaborative research by authors of multiple fields. Topics of interest include:

    • Usability evaluation of existing security and privacy paradigms or technologies
    • Design and evaluation of novel security and privacy paradigms or technologies
    • Evaluation of existing security and privacy awareness and education tools
    • Design and evaluation of novel security and privacy awareness and education tools
    • Lessons learned from the design, deployment, management or the evaluation of security and privacy paradigms or technologies
    • Foundations of usable security and privacy
    • Psychological, sociological and economic aspects of security and privacy
    • Methodology for usable security and privacy research

  • Call for Book Chapters: Empirical Research for Software Security: Foundations and Experience, Taylor & Francis Group, LLC. (Submissions Due 15 May 2016)

    This book introduces the reader to using empirical research methods in exploring software security challenges. These methods include data analytics, questionnaires, interviews, and surveys that produce evidence for or against given claims. The book provides the foundations for using these empirical methods of collecting evidence about tools, techniques, methods, and processes for developing secure software using practical examples. Developing secure software requires the integration of methods, such as threat modeling and risk assessment and the integration of tools, such as security testing and code analysis tools into the development process. The design of such methods and processes is in general an artistic endeavor that is based on the shared expert knowledge, claims, and opinions. Empirical research methods allow extracting knowledge and insights from the data that organizations collect from their processes and tools and from the opinions of the experts who practice these processes and methods. This knowledge extraction contributes to maturing the design and adaptation of these techniques, methods, and processes. Example of the topics of interest include:

    • The science of secure software
    • Survey of threat modeling techniques
    • Empirical research in software security
    • The fundamentals of data analytics for secure software
    • Assessment of the challenges of developing secure software using the agile approach
    • Assessment of the usability of security code analysis tools
    • The impact of security assessment on the developers' security awareness
    • The efficiency of security training
    • Combinatorial testing for software security

  • ACM CCS 2016 23rd ACM Conference on Computer and Communications Security,
    Vienna, Austria, October 24-28, 2016. (Submissions Due 23 May 2016)

    The conference seeks submissions from academia, government, and industry presenting novel research results in all practical and theoretical aspects of computer and communications security. Papers should be related to the construction, evaluation, application, or operation of secure systems. Theoretical papers must make a convincing argument for the relevance of the results to secure systems. All topic areas related to computer and communications security are of interest and in scope. Accepted papers will be published by ACM Press in the conference proceedings.

  • IEEE Transactions on Computers, Special Section on Secure Computer Architectures. (Submissions Due 30 May 2016)

    Editors: Ruby Lee (Princeton University, USA), Patrick Schaumont (Virginia Tech, USA), Ron Perez (Cryptography Research Inc., USA), and Guido Bertoni (ST Microelectronics, USA).
    
    Nowadays, computer architectures are profoundly affected by a new security landscape, caused by the dramatic evolution of information technology over the past decade. First, secure computer architectures have to support a wide range of security applications that extend well beyond the desktop environment, and that also include handheld, mobile and embedded architectures, as well as high-end computing servers. Second, secure computer architectures have to support new applications of information security and privacy, as well as new information security standards. Third, secure computer architectures have to be protected and be tamper-resistant at multiple abstraction levels, covering network, software, and hardware. This Special Section from Transactions on Computers aims to capture this evolving landscape of secure computing architectures, to build a vision of opportunities and unresolved challenges. It is expected that contributed submissions will place emphasis on secure computing in general and on engineering and architecture design aspects of security in particular. IEEE Transactions on Computers seeks original manuscripts for a Special Section on Secure Computer Architectures tentatively scheduled to appear in the July 2017 issue. The topics of interest for this special section include:

    • Cryptographic Primitives
    • Homomorphic Computing and Multiparty Computing
    • Scalability Issues of Server-level Secure Computing
    • High Performance/Low Power Cryptography
    • Oblivious RAM
    • Side-Channel Analysis
    • Side-channel attacks and defenses
    • Hardware Trojans and Backdoors
    • Hardware Vulnerabilities - Counters, Caches, Shared Memory
    • Computing Architectures for Isolation
    • Smartphone Security
    • Embedded Systems Security
    • Secure Processors and Systems
    • Hardware Security
    • Secure Virtualization and Memory Safety
    • Security Simulation, Testing, Validation and Verification
    • Metrics for Tamper Resistance
    • Security Metrics
    • Standards in Secure Computing
    • Instruction-Sets for Security and Cryptography
    • Dedicated and Protected Storage
    • Secure Computer Interfaces

  • SSR 2016 3rd International conference on Security Standardization Research,
    Gaithersburg, MD, USA, December 5-6, 2016. (Submissions Due 30 May 2016)

    Over the last two decades a huge range of standards have been developed covering many different aspects of cyber security. These documents have been published by national and international formal standardization bodies, as well as by industry consortia. Many of these standards have become very widely used - to take just one example, the ISO/IEC 27000 series have become a commonly used basis for managing corporate information security. Despite their wide use, there will always be a need to revise existing security standards and to add new standards to cover new domains. The purpose of this conference is to discuss the many research problems deriving from studies of existing standards, the development of revisions to existing standards, and the exploration of completely new areas of standardization. Indeed, many security standards bodies are only beginning to address the issue of transparency, so that the process of selecting security techniques for standardization can be seen to be as scientific and unbiased as possible. This conference is intended to cover the full spectrum of research on security standardization, including, but not restricted to, work on cryptographic techniques (including ANSI, IEEE, IETF, ISO/IEC JTC 1/SC 27, ITU-T and NIST), security management, security evaluation criteria, network security, privacy and identity management, smart cards and RFID tags, biometrics, security modules, and industry-specific security standards (e.g. those produced by the payments, telecommunications and computing industries for such things as payment protocols, mobile telephony and trusted computing). Papers offering research contributions to the area of security standardization are solicited for submission to the SSR 2016 conference. Papers may present theory, applications or practical experience in the field of security standardization, including, but not necessarily limited to:

    • access control
    • biometrics
    • cloud computing
    • critical national infrastructure (CNI) protection
    • consistency and comparison of multiple standards
    • critiques of standards
    • cryptanalysis
    • cryptographic protocols
    • cryptographic techniques
    • evaluation criteria
    • formal analysis of standards
    • history of standardization
    • identity management
    • industrial control systems security
    • internet security
    • interoperability of standards
    • intrusion detection
    • key management and PKIs
    • management of the standardization process
    • mobile security
    • network security
    • open standards and open source
    • payment system security
    • privacy
    • regional and international standards
    • RFID tag security
    • risk analysis
    • security controls
    • security management
    • security protocols
    • security services
    • security tokens
    • smart cards
    • telecommunications security
    • trusted computing
    • web security

  • SADFE 2016 11th International Conference on Systematic Approaches to Digital Forensics Engineering,
    Kyoto, Japan, September 20-22, 2016. (Submissions Due 1 June 2016)

    SADFE-2016 is concerned with the generation, analysis and sustainability of digital evidence and evolving t tools and techniques that are used in this effort. Advancement in this field requires innovative methods, systems, and practices, which are grounded in solid research coupled with an understanding of user needs. Digital forensics at SADFE focuses on the issues introduced by the coupling of rapidly advancing technologies and increased globalization. We believe digital forensic engineering is vital to security, the administration of justice and the evolution of culture. Potential topics include, but are not limited to:
    Digital Data and Evidence Collection:

    • Identification, authentication and collection of digital evidence
    • Extraction and management of forensic artifacts
    • Identification and redaction of personally identifying/sensitive information
    • Evidence and digital memory preservation, curation and storage
    • Compliance of architectures and processes (including network processes) with forensic requirements
    • Data, digital knowledge, and web mining systems for identification and authentication of data
    • Honeynets and other deception technologies that collect data for forensic analysis
    • Innovative forensic techniques for new technologies
    Digital Evidence Management, Integrity and Analytics:
    • Advanced search, analysis, and presentation of digital evidence
    • Cybercrime analysis, modeling and reconstruction technologies
    • Tools and techniques for combining digital and non-digital evidence
    • Supporting both qualitative and quantitative evidence
    • Handling of evidence and the preservation of data integrity and admissibility
    • Digital evidence in the face of encryption
    • Forensic-support technologies: forensic-enabled and proactive monitoring/response
    Scientific Principle-Based Digital Forensic Processes
    • Examination environments for digital data
    • Legal/technical aspects of admissibility and evidence tests
    • Forensic tool validation: legal implications and issues
    • Handling increasing volumes of digital discovery
    • Computational Forensics and Validation Issues in Forensic Authentication and Validation.
    • Forensic Readiness by Design
    • Forensics tool validation
    • Computational systems and computational forensic analysis
    Legal, Ethical and Technical Challenges
    • Forensics, policy and ethical implications new and evolving technologies
    • Legal and privacy implications for digital and computational forensic analysis
    • New Evidence Decisions
    • Legal case construction and digital evidence support
    • Transnational Investigations/Case Integration
    • Managing geographically, politically and/or jurisdictionally dispersed data artifacts
    • Case studies illustrating privacy, legal and legislative issues
    • Courtroom expert witness and case presentation
    The Impacts of the following on any of the above
    • Technological challenges
    • Legal and ethical challenges
    • Economic challenges
    • Political challenges
    • Cultural and professional challenges
    • New Trends (Internet of Things, Cloud Computing, Smart City, Big Data, etc.)

  • PROOFS 2016 5th International Workshop on Security Proofs for Embedded Systems, Santa Barbara, California, USA, August 20, 2016. (Submissions Due 4 June 2016)

    This workshop, the fifth in an annual series, brings together leading researchers and practitioners from academia, government, and industry to discuss the application of formal methods to the field of embedded systems security. PROOFS seeks contributions about methodologies that increase the confidence level in the security of embedded systems, especially those which contain cryptographic algorithms. Exploratory works and use-cases are especially welcomed.

  • SecureComm 2016 12th EAI International Conference on Security and Privacy in Communication Networks,
    Guangzhou, China, October 10-12, 2016. (Submissions Due 15 June 2016)

    SecureComm seeks high-quality research contributions in the form of well-developed papers. Topics of interest encompass research advances in ALL areas of secure communications and networking. Topics in other areas (e.g., formal methods, database security, secure software, theoretical cryptography) will be considered only if a clear connection to private or secure communication/networking is demonstrated. Topics of interest include, but are not limited to the following:

    • Security & Privacy in Wired, Wireless, Mobile, Hybrid, Sensor, Ad Hoc networks
    • Network Intrusion Detection and Prevention, Firewalls, Packet Filters
    • Malware Analysis and Detection including Botnets, Trojans and APTs
    • Web and Systems Security
    • Distributed Denial of Service Attacks and Defenses
    • Communication Privacy and Anonymity
    • Circumvention and Anti-Censorship Technologies
    • Network and Internet Forensics Techniques
    • Authentication Systems: Public Key Infrastructures, Key Management, Credential Management
    • Secure Routing, Naming/Addressing, Network Management
    • Security & Privacy in Pervasive and Ubiquitous Computing, e.g., RFIDs
    • Security & Privacy in Peer-to-Peer and Overlay Networks
    • Security & Privacy for Emerging Technologies: VoIP, Internet-of-Things, Social Networks
    • Security & Isolation in Cloud, Data Center and Software-Defined Networks

  • IWDW 2016 15th International Workshop on Digital-forensics and Watermarking,
    Beijing, China, September 17-19, 2016. (Submissions Due 15 June 2016)

    The 15th International Workshop on Digital-forensics and Watermarking (IWDW 2016) is a premier forum for researchers and practitioners working on novel research, development and applications of digital watermarking and forensics techniques for multimedia security. We invite submissions of high-quality original research papers. Areas of interest include, but are not limited to:

    • Mathematical modeling of embedding and detection
    • Information theoretic, stochastic aspects of data hiding
    • Security issues, including attacks and counter-attacks
    • Combination of data hiding and cryptography
    • Optimum watermark detection and reliable recovery
    • Estimation of watermark capacity
    • Channel coding techniques for watermarking
    • Large-scale experimental tests and benchmarking
    • New statistical and perceptual models of multimedia content
    • Reversible data hiding
    • Data hiding in special media
    • Data hiding and authentication
    • Steganography and steganalysis
    • Digital multimedia forensics & anti-forensics
    • Copyright protection, DRM, forensic watermarking
    • Visual cryptography & secret image sharing
    • Security based on human vision system

  • GenoPri 2016 3rd International Workshop on Genome Privacy and Security, Held in conjunction with the AMIA 2016 Annual Symposium,
    Chicago, IL, USA, November 12, 2016. (Submissions Due 22 August 2016)

    Over the past several decades, genome sequencing technologies have evolved from slow and expensive systems that were limited in access to a select few scientists and forensics investigators to high-throughput, relatively low-cost tools that are available to consumers. A consequence of such technical progress is that genomics has become one of the next major challenges for privacy and security because (1) genetic diseases can be unveiled, (2) the propensity to develop specific diseases (such as Alzheimer�s) can be revealed, (3) a volunteer, accepting to have his genomic code made public, can leak substantial information about his ethnic heritage and the genomic data of his relatives (possibly against their will), and (4) complex privacy issues can arise if DNA analysis is used for criminal investigations and medical purposes. As genomics is increasingly integrated into healthcare and "recreational" services (e.g., ancestry testing), the risk of DNA data leakage is serious for both individuals and their relatives. Failure to adequately protect such information could lead to a serious backlash, impeding genomic research, that could affect the well-being of our society as a whole. This prompts the need for research and innovation in all aspects of genome privacy and security, as suggested by the non-exhaustive list of topics on the workshop website.

 

• The Technical Committee on Security and Privacy

 

• Staying in touch....

  • Information for Subscribers and Contributors

  • Who's where: recent address changes

  • Changing your email address?  Please send updates to cipher@ieee-security.org