Cipher Electronic Newsletter of the Technical Committe on    Security & Privacy A Technical Committee of the Computer Society of the IEEE  Electronic Issue (EI) 132,  May 31, 2016 Hilarie Orman,  Editor Richard Austin, Book Review Editor Sven Dietrich, Associate Editor Yong Guan, Calendar Editor

Contents:

• Letter from the Editor 
   

  • Commentary and Opinion and News

    • Richard Austin's review of Cyber War versus Cyber Realities: Cyber Conflict in the International System by Brandon Valeriano and Ryan C. Harris

    • Book reviews from past Cipher issues

    • News Items from the Media: 

      • Missiles and Floppies
      • Hospital Chain Endures Malware Attack
      • FBI No Stranger to Hacking
      • Microsoft Wants to Tell You About Search Warrants
      • Computer science education has no cybersecurity?
      • $1M USD, and the FBI remains basically clueless (5 items)
      • Malware and the car
      • When is a config glitch a "breach"? (2 items)
      • Banking network used for theft, blame the banks, not the network (2 items)
      • Crypto Wars Drag On (2 items)
      • Nakamoto is an Ozzie?
      • Really Bad Idea: Unpack malware in the kernel

    • Conference Reports and Commentary from past Cipher issues

    • News items from past Cipher issues

 

• Listing of academic positions available  by Cynthia Irvine
  
  (nothing new since Nov 2015)
  --------------
  Received directly by Cipher:
  

  PhD candidates sought for research in the field of formal modeling and analysis of security. The position is within the project entitled "Attack-Defense Trees for Computer Security: Formal Modeling of Preventive and Reactive Countermeasures".

  For further inquiries please contact Dr. Barbara Kordy (barbara.kordy@irisa.fr)

  For more information about this vacancy please check http://people.irisa.fr/Barbara.Kordy/vacancies/PhD_16.pdf

  ---

 

• Cipher calls-for-papers and calendar
    Cipher calendar announcements are on Twitter; follow "ciphernews"
    new calls or announcements added since Cipher E131 (the calls-for-papers and the calendar announcements may differ slightly in content or time of update): 

• Conference and Workshop Announcements

  • Cipher calls-for-papers and calendar
      Calendar (the calls-for-papers and the calendar announcements may differ slightly in content or time of update): 

  • 5/30/16: IEEE Transactions on Computers, Special Section on Secure Computer Architectures; Submissions are due
  • 5/30/16: SSR, 3rd International conference on Security Standardization Research, Gaithersburg, MD, USA; Submissions are due
  • 5/30/16- 6/ 1/16: IFIP SEC, 31th IFIP TC-11 SEC 2016 International Information Security and Privacy Conference, Ghent, Belgium
  • 5/30/16: WTMC, International Workshop on Traffic Measurements for Cybersecurity, Co-located with 11th ACM Asia Conference on Computer and Communications Security (AsiaCCS 2016), Xi'an, China
  • 5/30/16: IoTPTS, 2nd ACM International Workshop on IoT Privacy, Trust, and Security, Co-located with 11th ACM Asia Conference on Computer and Communications Security (AsiaCCS 2016), Xi'an, China
  • 5/31/16: Mycrypt, 2nd International Conference on Cryptology & Malicious Security, Kuala Lumpur, Malaysia; Submissions are due
  • 5/31/16- 6/ 3/16: ASIACCS, 11th ACM Asia Conference on Computer and Communications Security, Xi'an, China
  • 5/31/16: CPSS, 2nd ACM Cyber-Physical System Security Workshop, Held in conjunction with ACM AsiaCCS 2016 Conference, Xi'an, China
  • 6/ 1/16- 6/ 3/16: MSPN, International Conference on Mobile, Secure and Programmable Networking, Paris, France
  • 6/ 4/16: PROOFS, 5th International Workshop on Security Proofs for Embedded Systems, Santa Barbara, California, USA; Submissions are due
  • 6/ 4/16: FNSS, 2nd International Conference on Future Networks Systems and Security, Paris, France; Submissions are due
  • 6/ 9/16: TELERISE 2016 2nd International Workshop on TEchnical and LEgal aspects of data pRIvacy and SEcurity, Co-located with ICWE 2016, Università della Svizzera Italiana (USI) Lugano, Switzerland
  • 6/10/16: SADFE, 11th International Conference on Systematic Approaches to Digital Forensics Engineering, Kyoto, Japan; Submissions are due
  • 6/10/16- 6/14/16: STPSA, 11th IEEE International Workshop on Security, Trust, and Privacy for Software Applications, Held in conjunction with COMPSAC 2016, Atlanta, GA, USA
  • 6/15/16: SecureComm, 12th EAI International Conference on Security and Privacy in Communication Networks, Guangzhou, China; Submissions are due
  • 6/15/16: IWDW, 15th International Workshop on Digital-forensics and Watermarking, Beijing, China; Submissions are due
  • 6/15/16: BigTrust, 1st International Workshop on Trust, Security and Privacy for Big Data, Granada, Spain; Submissions are due
  • 6/16/16- 6/18/16: I-SAT, International Workshop on Information Security, Assurance, and Trust, Vancouver, BC, Canada
  • 6/19/16- 6/22/16: ACNS, 14th International Conference on Applied Cryptography and Network Security, London, United Kingdom
  • 6/27/16: GraMSec, 3rd International Workshop on Graphical Models for Security, Co-located with CSF 2016, Lisbon, Portugal
  • 6/28/16- 7/ 1/16: CSF, 29th IEEE Computer Security Foundations Symposium, Lisbon, Portugal
  • 6/30/16: SPACE, 6th International Conference on Security, Privacy and Applied Cryptography Engineering, Hyderabad, India; Submissions are due
  • 7/ 1/16: NordSec, 21st Nordic Conference on Secure IT Systems, Oulu, Finland; Submissions are due
  • 7/ 6/16- 7/ 8/16: PMSPCR, Workshop on Process Mining for Security, Privacy, Compliance & Resilience, Held in conjunction with the 19th International Conference on Business Information Systems (BIS 2016), Leipzig, Germany
  • 7/ 7/16- 7/ 8/16: DIMVA, 13th International Conference on Detection of Intrusions and Malware & Vulnerability Assessment, San Sebastian, Spain
  • 7/18/16: EuroUSEC, 1st European Workshop on Usable Security, Affiliated with PETS 2016, Darmstadt, Germany
  • 7/18/16- 7/20/16: WiSec 2016 9th ACM Conference on Security and Privacy in Wireless and Mobile Networks, Darmstadt, Germany
  • 7/18/16- 7/21/16: DBSec, 30th Annual IFIP WG 11.3 Working Conference on Data and Applications Security and Privacy, Trento, Italy
  • 7/18/16- 7/22/16: SHPCS, 11th International Workshop on Security and High Performance Computing Systems, Held in conjunction with the 2016 International Conference on High Performance Computing & Simulation (HPCS 2016), Innsbruck, Austria
  • 7/19/16- 7/21/16: HAISA, International Symposium on Human Aspects of Information Security & Assurance, Frankfurt Germany
  • 7/19/16- 7/22/16: PETS, 16th Privacy Enhancing Technologies Symposium, Darmstadt, Germany
  • 7/20/16- 7/22/16: SIN, 9th International Conference on Security of Information and Networks, Rutgers University, New Jersey, NJ, USA
  • 7/22/16: WISCS, 3rd ACM Workshop on Information Sharing and Collaborative Security, Held in conjunction with 23rd ACM Conference on Computer and Communications Security (CCS 2016), Hofburg Palace, Vienna, Austria; Submissions are due
  • 7/23/16- 7/26/16: TrustCom, 15th IEEE International Conference on Trust, Security and Privacy in Computing and Communications, Tianjin, China
  • 7/26/16- 7/28/16: SECRYPT, 13th International Conference on Security and Cryptography, Lisbon, Portugal
  • 7/27/16: TrustED, 6th International Workshop on Trustworthy Embedded Devices, Held in conjunction with 23rd ACM Conference on Computer and Communications Security (CCS 2016), Hofburg Palace, Vienna, Austria; Submissions are due
  • 7/29/16: ICISS, 12th International Conference on Information Systems Security, Jaipur, India; Submissions are due
  • 8/ 1/16- 8/ 4/16: NSAA, Workshop on Network Security Analytics and Automation, Held in conjunction with the 25th International Conference on Computer Communication and Networks (ICCCN 2016), Waikoloa, Hawaii, USA
  • 8/20/16: PROOFS, 5th International Workshop on Security Proofs for Embedded Systems, Santa Barbara, California, USA
  • 8/22/16: GenoPri, 3rd International Workshop on Genome Privacy and Security, Held in conjunction with the AMIA 2016 Annual Symposium, Chicago, IL, USA; Submissions are due
  • 8/29/16- 8/30/16: TRUST, 9th International Conference on Trust & Trustworthy Computing, Vienna, Austriaue
  • 8/29/16- 9/ 2/16: IWCC, 5th International Workshop on Cyber Crime, Co-located with the 11th International Conference on Availability, Reliability and Security (ARES 2016), Salzburg, Austria
  • 9/ 7/16- 9/ 9/16: ISC, 19th Information Security Conference, Honolulu, Hawaii, USA
  • 9/12/16- 9/14//16: IWSEC, 11th International Workshop on Security, Tokyo, Japan
  • 9/17/16- 9/19/16: IWDW, 15th International Workshop on Digital-forensics and Watermarking, Beijing, China
  • 9/19/16- 9/21/16: RAID, 19th International Symposium on Research in Attacks, Intrusions and Defenses, Paris, France
  • 9/20/16- 9/22/16: SADFE, 11th International Conference on Systematic Approaches to Digital Forensics Engineering, Kyoto, Japan
  • 9/26/16- 9/27/16: WISTP, 10th WISTP International Conference on Information Security Theory and Practice, Heraklion, Crete, Greece
  • 9/26/16- 9/30/16: ESORICS, 21st European Symposium on Research in Computer Security, Heraklion, Crete
  • 10/ 1/16: INTRICATE-SEC, 5th International Workshop on Security Intricacies in Cyber-Physical Systems and Services, Taipei, Taiwan; Submissions are due
  • 10/10/16-10/12/16: SecureComm, 12th EAI International Conference on Security and Privacy in Communication Networks, Guangzhou, China
  • 10/17/16-10/19/16: CNS, 4th IEEE Conference on Communications and Network Security, Philadelphia, PA, USA
  • 10/24/16-10/28/16: ACM CCS, 23rd ACM Conference on Computer and Communications Security, Vienna, Austria
  • 10/24/16: WISCS, 3rd ACM Workshop on Information Sharing and Collaborative Security, Held in conjunction with 23rd ACM Conference on Computer and Communications Security (CCS 2016), Hofburg Palace, Vienna, Austria
  • 10/28/16: TrustED, 6th International Workshop on Trustworthy Embedded Devices, Held in conjunction with 23rd ACM Conference on Computer and Communications Security (CCS 2016), Hofburg Palace, Vienna, Austria
  • 11/ 2/16-11/ 4/16: NordSec, 21st Nordic Conference on Secure IT Systems, Oulu, Finland
  • 11/12/16: GenoPri, 3rd International Workshop on Genome Privacy and Security, Held in conjunction with the AMIA 2016 Annual Symposium, Chicago, IL, USA
  • 11/23/16-11/15/16: FNSS, 2nd International Conference on Future Networks Systems and Security, Paris, France
  • 12/ 1/16-12/ 2/16: Mycrypt, 2nd International Conference on Cryptology & Malicious Security, Kuala Lumpur, Malaysia
  • 12/ 5/16-12/ 6/16: SSR, 3rd International conference on Security Standardization Research, Gaithersburg, MD, USA
  • 12/14/16-12/16/16: BigTrust, 1st International Workshop on Trust, Security and Privacy for Big Data, Granada, Spain
  • 12/16/16-12/18/16: SPACE, 6th International Conference on Security, Privacy and Applied Cryptography Engineering, Hyderabad, India
  • 12/16/16-12/20/16: ICISS, 12th International Conference on Information Systems Security, Jaipur, India
  • 3/27/17- 3/29/17: INTRICATE-SEC, 5th International Workshop on Security Intricacies in Cyber-Physical Systems and Services, Taipei, Taiwan
   
  
  • new calls or announcements added since Cipher E131

  • IEEE Transactions on Computers, Special Section on Secure Computer Architectures. (Submission Due 30 May 2016)

    Editors: Ruby Lee (Princeton University, USA), Patrick Schaumont (Virginia Tech, USA), Ron Perez (Cryptography Research Inc., USA), and Guido Bertoni (ST Microelectronics, USA).
    
    Nowadays, computer architectures are profoundly affected by a new security landscape, caused by the dramatic evolution of information technology over the past decade. First, secure computer architectures have to support a wide range of security applications that extend well beyond the desktop environment, and that also include handheld, mobile and embedded architectures, as well as high-end computing servers. Second, secure computer architectures have to support new applications of information security and privacy, as well as new information security standards. Third, secure computer architectures have to be protected and be tamper-resistant at multiple abstraction levels, covering network, software, and hardware. This Special Section from Transactions on Computers aims to capture this evolving landscape of secure computing architectures, to build a vision of opportunities and unresolved challenges. It is expected that contributed submissions will place emphasis on secure computing in general and on engineering and architecture design aspects of security in particular. IEEE Transactions on Computers seeks original manuscripts for a Special Section on Secure Computer Architectures tentatively scheduled to appear in the July 2017 issue. The topics of interest for this special section include:

    • Cryptographic Primitives
    • Homomorphic Computing and Multiparty Computing
    • Scalability Issues of Server-level Secure Computing
    • High Performance/Low Power Cryptography
    • Oblivious RAM
    • Side-Channel Analysis
    • Side-channel attacks and defenses
    • Hardware Trojans and Backdoors
    • Hardware Vulnerabilities - Counters, Caches, Shared Memory
    • Computing Architectures for Isolation
    • Smartphone Security
    • Embedded Systems Security
    • Secure Processors and Systems
    • Hardware Security
    • Secure Virtualization and Memory Safety
    • Security Simulation, Testing, Validation and Verification
    • Metrics for Tamper Resistance
    • Security Metrics
    • Standards in Secure Computing
    • Instruction-Sets for Security and Cryptography
    • Dedicated and Protected Storage
    • Secure Computer Interfaces

  • SSR 2016 3rd International conference on Security Standardization Research, Gaithersburg, MD, USA, December 5-6, 2016. (Submission Due 30 May 2016)

    Over the last two decades a huge range of standards have been developed covering many different aspects of cyber security. These documents have been published by national and international formal standardization bodies, as well as by industry consortia. Many of these standards have become very widely used - to take just one example, the ISO/IEC 27000 series have become a commonly used basis for managing corporate information security. Despite their wide use, there will always be a need to revise existing security standards and to add new standards to cover new domains. The purpose of this conference is to discuss the many research problems deriving from studies of existing standards, the development of revisions to existing standards, and the exploration of completely new areas of standardization. Indeed, many security standards bodies are only beginning to address the issue of transparency, so that the process of selecting security techniques for standardization can be seen to be as scientific and unbiased as possible. This conference is intended to cover the full spectrum of research on security standardization, including, but not restricted to, work on cryptographic techniques (including ANSI, IEEE, IETF, ISO/IEC JTC 1/SC 27, ITU-T and NIST), security management, security evaluation criteria, network security, privacy and identity management, smart cards and RFID tags, biometrics, security modules, and industry-specific security standards (e.g. those produced by the payments, telecommunications and computing industries for such things as payment protocols, mobile telephony and trusted computing). Papers offering research contributions to the area of security standardization are solicited for submission to the SSR 2016 conference. Papers may present theory, applications or practical experience in the field of security standardization, including, but not necessarily limited to:

    • access control
    • biometrics
    • cloud computing
    • critical national infrastructure (CNI) protection
    • consistency and comparison of multiple standards
    • critiques of standards
    • cryptanalysis
    • cryptographic protocols
    • cryptographic techniques
    • evaluation criteria
    • formal analysis of standards
    • history of standardization
    • identity management
    • industrial control systems security
    • internet security
    • interoperability of standards
    • intrusion detection
    • key management and PKIs
    • management of the standardization process
    • mobile security
    • network security
    • open standards and open source
    • payment system security
    • privacy
    • regional and international standards
    • RFID tag security
    • risk analysis
    • security controls
    • security management
    • security protocols
    • security services
    • security tokens
    • smart cards
    • telecommunications security
    • trusted computing
    • web security

  • Mycrypt 2016 2nd International Conference on Cryptology & Malicious Security, Kuala Lumpur, Malaysia, December 1-2, 2016. (Submission Due 31 May 2016)

    Original papers of substantial technical contribution in the areas of cryptology and malicious security are solicited for submission to the International Conference on Cryptology & Malicious Security. Submissions to Mycrypt 2016 should be aimed towards the following topic categories:

    • paradigm-shifting, unconventional cryptology (e.g. malicious crypto, unconventional formulations of underlying problems, or new hard problems)
    • position papers on breakthrough cryptologic/security research
    • revisits/critiques/analysis of long-standing crypto paradigms/approaches /models/formulations (in fact, we also encourage paired submissions by crypto factions of opposing views, where each paper in the pair argues for/against a paradigm)
    • approaches/solutions to long-standing open problems; or formulations of long-standing/thus-far adhoc security approaches
    • analysis of crypto/security standardization processes & how they may be subverted
    • cryptofications of the real world (e.g. new types of adversarial models and/or notions inspired by real world incidences/problems, modelling humans-in-the-security-loop)
    • crypto & beyond: cryptologic techniques in union with techniques from other disciplines

  • PROOFS 2016 5th International Workshop on Security Proofs for Embedded Systems, Santa Barbara, California, USA, August 20, 2016. (Submission Due 4 June 2016)

    This workshop, the fifth in an annual series, brings together leading researchers and practitioners from academia, government, and industry to discuss the application of formal methods to the field of embedded systems security. PROOFS seeks contributions about methodologies that increase the confidence level in the security of embedded systems, especially those which contain cryptographic algorithms. Exploratory works and use-cases are especially welcomed.

  • FNSS 2016 2nd International Conference on Future Networks Systems and Security, Paris, France, November 23 - 25, 2016. (Submission Due 4 June 2016)

    The network of the future is envisioned as an effective, intelligent, adaptive, active and high performance Internet that can enable applications ranging from smart cities to tsunami monitoring. The network of the future will be a network of billions or trillions of entities (devices, machines, things, vehicles) communicating seamlessly with one another and is rapidly gaining global attention from academia, industry, and government. The International Conference on Future Networks Systems and Security aims to provide a forum that brings together researchers from academia, practitioners from industry, standardization bodies, and government to meet and exchange ideas on recent research and future directions for the evolution of the future Internet. The technical discussion will be focused on the technology, communications, systems and security aspects of relevance to the network of the future.

  • SADFE 2016 11th International Conference on Systematic Approaches to Digital Forensics Engineering, Kyoto, Japan, September 20-22, 2016. (Submission Due 10 June 2016)

    SADFE-2016 is concerned with the generation, analysis and sustainability of digital evidence and evolving t tools and techniques that are used in this effort. Advancement in this field requires innovative methods, systems, and practices, which are grounded in solid research coupled with an understanding of user needs. Digital forensics at SADFE focuses on the issues introduced by the coupling of rapidly advancing technologies and increased globalization. We believe digital forensic engineering is vital to security, the administration of justice and the evolution of culture. Potential topics include, but are not limited to:
    Digital Data and Evidence Collection:

    • Identification, authentication and collection of digital evidence
    • Extraction and management of forensic artifacts
    • Identification and redaction of personally identifying/sensitive information
    • Evidence and digital memory preservation, curation and storage
    • Compliance of architectures and processes (including network processes) with forensic requirements
    • Data, digital knowledge, and web mining systems for identification and authentication of data
    • Honeynets and other deception technologies that collect data for forensic analysis
    • Innovative forensic techniques for new technologies
    Digital Evidence Management, Integrity and Analytics:
    • Advanced search, analysis, and presentation of digital evidence
    • Cybercrime analysis, modeling and reconstruction technologies
    • Tools and techniques for combining digital and non-digital evidence
    • Supporting both qualitative and quantitative evidence
    • Handling of evidence and the preservation of data integrity and admissibility
    • Digital evidence in the face of encryption
    • Forensic-support technologies: forensic-enabled and proactive monitoring/response
    Scientific Principle-Based Digital Forensic Processes
    • Examination environments for digital data
    • Legal/technical aspects of admissibility and evidence tests
    • Forensic tool validation: legal implications and issues
    • Handling increasing volumes of digital discovery
    • Computational Forensics and Validation Issues in Forensic Authentication and Validation.
    • Forensic Readiness by Design
    • Forensics tool validation
    • Computational systems and computational forensic analysis
    Legal, Ethical and Technical Challenges
    • Forensics, policy and ethical implications new and evolving technologies
    • Legal and privacy implications for digital and computational forensic analysis
    • New Evidence Decisions
    • Legal case construction and digital evidence support
    • Transnational Investigations/Case Integration
    • Managing geographically, politically and/or jurisdictionally dispersed data artifacts
    • Case studies illustrating privacy, legal and legislative issues
    • Courtroom expert witness and case presentation
    The Impacts of the following on any of the above
    • Technological challenges
    • Legal and ethical challenges
    • Economic challenges
    • Political challenges
    • Cultural and professional challenges
    • New Trends (Internet of Things, Cloud Computing, Smart City, Big Data, etc.)

  • SecureComm 2016 12th EAI International Conference on Security and Privacy in Communication Networks, Guangzhou, China, October 10-12, 2016. (Submission Due 15 June 2016)

    SecureComm seeks high-quality research contributions in the form of well-developed papers. Topics of interest encompass research advances in ALL areas of secure communications and networking. Topics in other areas (e.g., formal methods, database security, secure software, theoretical cryptography) will be considered only if a clear connection to private or secure communication/networking is demonstrated. Topics of interest include, but are not limited to the following:

    • Security & Privacy in Wired, Wireless, Mobile, Hybrid, Sensor, Ad Hoc networks
    • Network Intrusion Detection and Prevention, Firewalls, Packet Filters
    • Malware Analysis and Detection including Botnets, Trojans and APTs
    • Web and Systems Security
    • Distributed Denial of Service Attacks and Defenses
    • Communication Privacy and Anonymity
    • Circumvention and Anti-Censorship Technologies
    • Network and Internet Forensics Techniques
    • Authentication Systems: Public Key Infrastructures, Key Management, Credential Management
    • Secure Routing, Naming/Addressing, Network Management
    • Security & Privacy in Pervasive and Ubiquitous Computing, e.g., RFIDs
    • Security & Privacy in Peer-to-Peer and Overlay Networks
    • Security & Privacy for Emerging Technologies: VoIP, Internet-of-Things, Social Networks
    • Security & Isolation in Cloud, Data Center and Software-Defined Networks

  • IWDW 2016 15th International Workshop on Digital-forensics and Watermarking, Beijing, China, September 17-19, 2016. (Submission Due 15 June 2016)

    The 15th International Workshop on Digital-forensics and Watermarking (IWDW 2016) is a premier forum for researchers and practitioners working on novel research, development and applications of digital watermarking and forensics techniques for multimedia security. We invite submissions of high-quality original research papers. Areas of interest include, but are not limited to:

    • Mathematical modeling of embedding and detection
    • Information theoretic, stochastic aspects of data hiding
    • Security issues, including attacks and counter-attacks
    • Combination of data hiding and cryptography
    • Optimum watermark detection and reliable recovery
    • Estimation of watermark capacity
    • Channel coding techniques for watermarking
    • Large-scale experimental tests and benchmarking
    • New statistical and perceptual models of multimedia content
    • Reversible data hiding
    • Data hiding in special media
    • Data hiding and authentication
    • Steganography and steganalysis
    • Digital multimedia forensics & anti-forensics
    • Copyright protection, DRM, forensic watermarking
    • Visual cryptography & secret image sharing
    • Security based on human vision system

  • BigTrust 2016 1st International Workshop on Trust, Security and Privacy for Big Data, Granada, Spain, December 14-16, 2016. (Submission Due 15 June 2016)

    Big Data has the potential for enabling new insights to change science, engineering, medicine, healthcare, finance, business, and ultimately society itself. Current work on Big Data focuses on information processing such as data mining and analysis. However, trust, security and privacy of Big Data are vital concerns that have received less research focus. Regarding the above context, this workshop proposal is aimed at bringing together people from both academia and industry to present their most recent work related to trust, security and privacy issues in Big Data, and exchange ideas and thoughts in order to identify emerging research topics and define the future of Big Data. BigTrust 2016 is a part of ICA3PP 2016 16th International Conference on Algorithms and Architectures for Parallel Processing. The scope and interests for the special issue include but are not limited to the following list:

    • Big Data Science, Foundations, and applications
    • Trust in Big Data
    • Security & Privacy in Big Data

  • SPACE 2016 6th International Conference on Security, Privacy and Applied Cryptography Engineering, Hyderabad, India, December 16-18, 2016. (Submission Due 30 June 2016)

    SPACE 2016 is the sixth in this series of conferences which started in 2011. This annual event is devoted to various aspects of security, privacy, applied cryptography, and cryptographic engineering. SPACE 2016 is being organized by C.R.Rao Advanced Institute of Mathematics, Statistics and Computer Science, Hyderabad-India (AIMSCS). The conference will include invited tutorials and keynote talks from world-renowned experts. The conference will be accompanied by two days of tutorials aiming at Master's and Ph.D. students featuring lectures in the mornings and practical sessions in the afternoon. Original papers are invited on all aspects of security, privacy, and cryptography engineering.

  • NordSec 2016 21st Nordic Conference on Secure IT Systems, Oulu, Finland, November 2-4, 2016. (Submission Due 1 July 2016)

    NordSec addresses a broad range of topics within IT security with the aim of bringing together computer security researchers and encouraging interaction between academia and industry. NordSec 2016 is co-located with the 10th International Crisis Management Workshop and Oulu Winter School. NordSec welcomes contributions within, but not limited to, the following areas:

    • Access control and security models
    • Applied cryptography
    • Cloud security
    • Commercial security policies and enforcement
    • Cyber crime, warfare, and forensics
    • Economic, legal, and social aspects of security
    • Enterprise security
    • Hardware and smart card security
    • Mobile and embedded security
    • Internet of Things and M2M security
    • Internet, communication, and network security
    • Intrusion detection
    • Language-based techniques for security
    • New ideas and paradigms in security
    • Operating system security
    • Privacy and anonymity
    • Security education and training
    • Security evaluation and measurement
    • Security management and audit
    • Security protocols
    • Security usability
    • Social engineering and phishing
    • Software security and malware
    • Trust and identity management
    • Trusted computing
    • Vulnerability testing

  • WISCS 2016 3rd ACM Workshop on Information Sharing and Collaborative Security, Held in conjunction with 23rd ACM Conference on Computer and Communications Security (CCS 2016), Hofburg Palace, Vienna, Austria, October 24, 2016. (Submission Due 22 July 2016)

    Sharing of cyber-security related information is believed to greatly enhance the ability of organizations to defend themselves against sophisticated attacks. If one organization detects a breach sharing associated security indicators (such as attacker IP addresses, domain names, file hashes etc.) provides valuable, actionable information to other organizations. The analysis of shared security data promises novel insights into emerging attacks. Sharing higher level intelligence about threat actors, the tools they use and mitigations provides defenders with much needed context for better preparing and responding to attacks. In the US and the EU major efforts are underway to strengthen information sharing. Yet, there are a number of technical and policy challenges to realizing this vision. Which information exactly should be shared? How can privacy and confidentiality be protected? How can we create high-fidelity intelligence from shared data without getting overwhelmed by false positives? The 3rd Workshop on Information Sharing and Collaborative Security (WISCS 2016) aims to bring together experts and practitioners from academia, industry and government to present innovative research, case studies, and legal and policy issues. The workshop solicits original research papers in these areas, both full and short papers.

  • TrustED 2016 6th International Workshop on Trustworthy Embedded Devices, Held in conjunction with 23rd ACM Conference on Computer and Communications Security (CCS 2016), Hofburg Palace, Vienna, Austria, October 28, 2016. (Submission Due 27 July 2016)

    TrustED considers selected security and privacy (S&P) aspects of cyber physical systems and their environments, which influence trust and trust establishment in such environments. A major theme of TrustED 2016 will be security and privacy aspects of the Internet of Things Paradigm. The IoTs promises to make reality Mark Weisser's vision of ubiquitous computation set out in his 1991 influential paper. Yet to make such vision successful, it is widely acknowledged that security of super large distributed systems has to be guaranteed and the privacy of the collected data protected. Submissions exploring new paradigms to assure security and privacy in the IoTs are thus strongly encouraged. The workshop topics include but are not limited to:

    • Trustworthy and secure embedded systems
    • Novel constructions, implementations and applications with physical security primitives (e.g., PUFs, PhySec)
    • Hardware entangled cryptography
    • Novel security architectures for the IoTs
    • Frameworks and tools to design, validate and test trustworthy embedded systems
    • Secure execution environments (e.g., TrustZone, TPMs) on mobile devices
    • Remote attestation and integrity validation
    • Privacy aspects of embedded systems (e.g., medical devices, electronic IDs)
    • Physical and logical convergence (e.g., secure and privacy-preserving facility management)
    • Novel paradigms to established trust in large distributed environments

  • ICISS 2016 12th International Conference on Information Systems Security, Jaipur, India, December 16-20, 2016. (Submission Due 29 July 2016)

    The ICISS Conference held annually, provides a forum for disseminating latest research results in information and systems security. Like previous years, proceedings of the conference will be published as part of the Springer Verlag series of Lecture Notes in Computer Science. Submissions are encouraged from academia, industry and government, addressing theoretical and practical problems in information and systems security and related areas. Topics of interest include but are not limited to:

    • Access and Usage Control
    • Authentication and Audit
    • Cloud Security
    • Cyber-physical Systems Security
    • Digital Forensics
    • Distributed Systems Security
    • Identity Management
    • Intrusion Tolerance and Recovery
    • Language-based Security
    • Network Security
    • Privacy and Anonymity
    • Security and Usability
    • Sensor and Ad Hoc Network Security
    • Software Security
    • Vulnerability Detection and Mitigation
    • Application Security
    • Biometric Security
    • Cryptographic Protocols
    • - Data Security and Privacy
    • Digital Rights Management
    • Formal Models in Security
    • Intrusion Detection and Prevention
    • Key Management
    • Malware Analysis and Mitigation
    • Operating Systems Security
    • Secure Data Streams
    • Security Testing
    • Smartphone Security
    • Usable Security
    • Web Security

  • GenoPri 2016 3rd International Workshop on Genome Privacy and Security, Held in conjunction with the AMIA 2016 Annual Symposium, Chicago, IL, USA, November 12, 2016. (Submission Due 22 August 2016)

    Over the past several decades, genome sequencing technologies have evolved from slow and expensive systems that were limited in access to a select few scientists and forensics investigators to high-throughput, relatively low-cost tools that are available to consumers. A consequence of such technical progress is that genomics has become one of the next major challenges for privacy and security because (1) genetic diseases can be unveiled, (2) the propensity to develop specific diseases (such as Alzheimer's) can be revealed, (3) a volunteer, accepting to have his genomic code made public, can leak substantial information about his ethnic heritage and the genomic data of his relatives (possibly against their will), and (4) complex privacy issues can arise if DNA analysis is used for criminal investigations and medical purposes. As genomics is increasingly integrated into healthcare and "recreational" services (e.g., ancestry testing), the risk of DNA data leakage is serious for both individuals and their relatives. Failure to adequately protect such information could lead to a serious backlash, impeding genomic research, that could affect the well-being of our society as a whole. This prompts the need for research and innovation in all aspects of genome privacy and security, as suggested by the non-exhaustive list of topics on the workshop website.

  • INTRICATE-SEC 2017 5th International Workshop on Security Intricacies in Cyber-Physical Systems and Services, Taipei, Taiwan, March 27-29, 2017. (Submission Due 1 October 2016)

    Cyber-physical systems (CPS) are ubiquitous in critical infrastructures such as electrical power generation, transmission, and distribution networks, water management, and transportation, but also in both industrial and home automation. For flexibility, convenience, and efficiency, CPS are increasingly supported by commodity hardware and software components that are deliberately interconnected using open standard general purpose information and communication technology (ICT). The long life-cycles of CPS and increasingly incremental changes to these systems require novel approaches to the composition and inter-operability of services provided. The paradigm of service-oriented architectures (SoA) has successfully been used in similar long-lived and heterogeneous software systems. However, adapting the SoA paradigm to the CPS domain requires maintaining the security, reliability and privacy properties not only of the individual components but also, for complex interactions and service orchestrations that may not even exist during the initial design and deployment of an architecture. An important consideration therefore is the design and analysis of security mechanisms and architectures able to handle cross domain inter-operability over multiple domains involving components with highly heterogeneous capabilities. The INTRICATE-SEC workshop aims to provide a platform for academics, industry, and government professionals to communicate and exchange ideas on provisioning secure CPS and Services.

 

• The Technical Committee on Security and Privacy

 

• Staying in touch....

  • Information for Subscribers and Contributors

  • Who's where: recent address changes

  • Changing your email address?  Please send updates to cipher@ieee-security.org