Cipher Electronic Newsletter of the Technical Committee on    Security & Privacy A Technical Committee of the Computer Society of the IEEE  Electronic Issue (EI) 143,  March 18, 2018 Hilarie Orman,  Editor Sven Dietrich, Book Review Editor Sven Dietrich, Associate Editor Yong Guan, Calendar Editor

Contents:

• Letter from the Editor 
   

• News Items from the Media

  • News:  Announcements and correspondence from readers (please contribute!)

  • CERIAS Celebrates a Score
  • Blame it on Russia (The US and UK do!)
  • Mid-term elections cause a rash of fretting
  • Secure Voting Machines, My Foot
  • Russia, turn off the lights!

  • News items from past Cipher issues

• Commentary and Opinion

  • Book reviews from past Cipher issues

  • Conference Reports and Commentary from past Cipher issues

 

• Listing of academic positions available  by Cynthia Irvine
  

  • Vrije Universiteit Amsterdam
    Netherlands
    Three faculty positions in CS security
    Job Highlights: https://www.vusec.net/3-positions-cs
    Job Description: https://www.vu.nl/en/employment/vacancies/2018/18068ThreeAssistantProfessorsOrAssociateProfessorsInComputerSystems.aspx
    Information: D.C.A.Bulterman@vu.nl
    
    
  • Vrije Universiteit Amsterdam
    Netherlands
    PhD/Postdoc in systems security
    Job Highlights: https://www.vusec.net/join/
    Information: vusec@vu.nl (mention VUseek in subject)
    
    
  • Surrey Centre for Cyber Security, University of Surrey
    United Kingdom
    UK citizenship required
    To apply, contact Dr. Ioana Boureanu i.boureanu@surrey.ac.uk
    Information at: https://jobs.surrey.ac.uk/vacancy.aspx?ref=007318
    
    
   

• Conference and Workshop Announcements

  • Cipher calls-for-papers and calendar
      Cipher calendar announcements are on Twitter; follow "ciphernews"
    Requests for inclusion in the list should sent per instructions.
      new calls or announcements added since Cipher E142 (the calls-for-papers and the calendar announcements may differ slightly in content or time of update): 

  • 3/21/17: IWSPA, 4th International Workshop on Security and Privacy Analytics, Co-located with ACM CODASPY 2018, Tempe, AZ, USA
  • 3/23/18: IWSEC, 13th International Workshop on Security, Sendai, Japan, Submissions are due
  • 3/25/18- 3/28/18: PKC, 21st IACR International Conference on Practice and Theory in Public-Key Cryptography, Rio de Janeiro, Brazil
  • 3/30/18: DASC, 16th IEEE International Conference on Dependable, Autonomic and Secure Computing, Athens, Greece, Submissions are due
  • 3/30/18: DBSec, 32nd Annual IFIP WG 11.3 Working Conference on Data and Applications Security and Privacy, Bergamo, Italy, Submissions are due
  • 4/ 1/18: SP, 40th IEEE Symposium on Security and Privacy, San Francisco, CA, USA, Submissions are due
  • 4/ 1/18: DSML, International Workshop on Dependable and Secure Machine Learning, Co-located with the 48th IEEE/IFIP International Conference on Dependable Systems and Networks (DSN 2018), Luxembourg City, Luxembourg, Submissions are due
  • 4/10/18- 4/11/18: HotSoS, 5th Annual Hot Topics in the Science of Security Symposium, Raleigh, North Carolina, USA
  • 4/13/18: NSPW, New Security Paradigms Workshop, Cumberland Lodge, Windsor, UK, Submissions are due
  • 4/15/18: FARES, 13th International Workshop on Frontiers in Availability, Reliability and Security, Hamburg, Germany, Submissions are due
  • 4/15/18: GRAMSEC, 5th International Workshop on Graphical Models for Security, Co-located with CSF 2018, Oxford, UK, Submissions are due
  • 4/17/18: NISK, 11th Norwegian Information Security Conference, Longyearbyen, Svalbard, Norway, Submissions are due
  • 4/25/18: PLLS, 2nd Workshop on the Protection of Long-Lived Systems, Parnu, Estonia, Submissions are due
  • 4/30/18: ICDF2C, 10th EAI International Conference on Digital Forensics & Cyber Crime, New Orleans, LA, USA, Submissions are due
  • 4/30/18: WCTI, International Workshop on Cyber Threat Intelligence, Held in conjunction with the 13th International Conference on Availability, Reliability and Security (ARES 2018), Hamburg, Germany, Submissions are due
  • 4/30/18- 5/ 4/18: HOST, IEEE International Symposium on Hardware-Oriented Security and Trust, Washington DC, USA
  • 5/ 1/18: SP, 40th IEEE Symposium on Security and Privacy, San Francisco, CA, USA, Submissions are due
  • 5/ 1/18: SciSec, 1st International Conference on Science of Cyber Security, Beijing, China, Submissions are due
  • 5/ 1/18: CANS, 17th International Conference on Cryptology and Network Security, Naples, Italy, Submissions are due
  • 5/ 2/18- 5/ 3/18: HST, 18th annual IEEE Symposium on Technologies for Homeland Security, Washington D.C., USA
  • 5/ 8/18: ACM-CCS, 25th ACM Conference on Computer and Communications Security, Toronto, Canada, Submissions are due
  • 5/21/18- 5/23/18: SP, 39th IEEE Symposium on Security and Privacy, San Francisco, CA, USA
  • 5/22/18: STRIVE, 1st Workshop on Safety, securiTy, and pRivacy In automotiVe systEms, Co-located with SAFECOMP 2018, Vasteras, Sweden, Submissions are due
  • 5/24/18: BioSTAR, 3rd International Workshop on Bio-inspired Security, Trust, Assurance and Resilience, Co-located with 39th IEEE Symposium on Security and Privacy (IEEE S&P 2018), San Francisco, CA, USA
  • 5/2/18: SADFE, 12th International Workshop on Systematic Approaches to Digital Forensics Engineering, Co-located with 39th IEEE Symposium on Security and Privacy (IEEE S&P 2018), San Francisco, CA, USA
  • 5/30/18- 6/ 1/18: CNS 2018 IEEE Conference on Communications and Network Security, Beijing, China
  • 6/ 4/18- 6/ 7/18: WIIoTS, Workshop on Industrial Internet of Things Security, Bilbao, Spain
  • 6/ 4/18- 6/ 8/18: ASIACCS, ACM Symposium on Information, Computer and Communications Security, Sungdo, Incheon, Korea
  • 6/25/18: DSML, International Workshop on Dependable and Secure Machine Learning, Co-located with the 48th IEEE/IFIP International Conference on Dependable Systems and Networks (DSN 2018), Luxembourg City, Luxembourg
  • 6/26/18- 6/27/18: ESSoS, International Symposium on Engineering Secure Software and Systems, Campus Paris-Saclay, France
  • 7/ 2/18- 7/ 4/18: IVSW, 3rd International Verification and Security Workshop, Costa Brava, Spain
  • 7/ 8/18: GRAMSEC, 5th International Workshop on Graphical Models for Security, Co-located with CSF 2018, Oxford, UK
  • 7/ 8/18- 7/13/18: WCCI-Blockchain, Blockchain Research and Applications Session, Held in conjunction with the 2018 World Congress on Computational Intelligence (WCCI 2018), Rio de Janeiro, Brasil
  • 7/15/18- 7/18/18: DFRWS, 18th Annual DFRWS USA 2018 Conference, Providence, Rhode Island, USA
  • 7/16/18- 7/18/18: DBSec, 32nd Annual IFIP WG 11.3 Working Conference on Data and Applications Security and Privacy, Bergamo, Italy
  • 7/20/18: ISDDC, International Conference on Intelligent, Secure and Dependable Systems in Distributed and Cloud Environments, Vancouver, BC, Canada, Submissions are due
  • 7/24/18- 7/27/18: PETS, 18th Privacy Enhancing Technologies Symposium, Barcelona, Spain
  • 8/12/18- 8/14/18: SOUPS, 14th Symposium on Usable Privacy and Security, Baltimore, MD, USA
  • 8/12/18- 8/14/18: SciSec, 1st International Conference on Science of Cyber Security, Beijing, China
  • 8/12/18- 8/15/18: DASC, 16th IEEE International Conference on Dependable, Autonomic and Secure Computing, Athens, Greece
  • 8/15/18- 8/17/18: USENIX Security, 27th USENIX Security Symposium, Baltimore, MD, USA
  • 8/19/18- 8/23/18: Crypto, 38th International Cryptology Conference, Santa Barbara, CA, USA
  • 8/27/18- 8/30/18: ARES, 13th International Conference on Availability, Reliability and Security, Hamburg, Germany
  • 8/27/18- 8/30/18: FARES, 13th International Workshop on Frontiers in Availability, Reliability and Security, Hamburg, Germany
  • 8/27/18- 8/30/18: WCTI, International Workshop on Cyber Threat Intelligence, Held in conjunction with the 13th International Conference on Availability, Reliability and Security (ARES 2018), Hamburg, Germany
  • 8/28/18- 8/31/18: NSPW, New Security Paradigms Workshop, Cumberland Lodge, Windsor, UK
  • 9/ 3/18- 9/ 5/18: IWSEC, 13th International Workshop on Security, Sendai, Japan,
  • 9/10/18- 9/12/18: ICDF2C, 10th EAI International Conference on Digital Forensics & Cyber Crime, New Orleans, LA, USA
  • 9/17/18- 9/19/18: PLLS, 2nd Workshop on the Protection of Long-Lived Systems, Parnu, Estonia
  • 9/18/18: STRIVE, 1st Workshop on Safety, securiTy, and pRivacy In automotiVe systEms, Co-located with SAFECOMP 2018, Vasteras, Sweden
  • 9/18/18- 9/20/18: NISK, 11th Norwegian Information Security Conference, Longyearbyen, Svalbard, Norway
  • 9/30/18-10/ 2/18: SecDev, IEEE Security Development Conference, Cambridge, MA, USA
  • 9/30/18-10/ 3/18: CANS, 17th International Conference on Cryptology and Network Security, Naples, Italy
  • 10/1/18: Springer International Journal of Information Security, Special Issue on IoT Security and Privacy, Submissions are due
  • 10/15/18-10/19/18: ACM-CCS, 25th ACM Conference on Computer and Communications Security, Toronto, Canada
  • 11/28/18-11/30/18: ISDDC, International Conference on Intelligent, Secure and Dependable Systems in Distributed and Cloud Environments, Vancouver, BC, Canada
  • 5/20/19- 5/22/19: SP, 40th IEEE Symposium on Security and Privacy, San Francisco, CA, USA
   
  
  • new calls or announcements added since Cipher E142

  • IWSEC 2018 13th International Workshop on Security, Sendai, Japan, September 3-5, 2018. (Submissions Due 23 March 2018)

    Original papers on the research and development of various security topics, as well as case studies and implementation experiences, are solicited for submission to IWSEC 2018. Topics of interest for IWSEC 2018 include all theory and practice of cryptography, information security, and network security, as in previous IWSEC workshops.

  • DASC 2018 16th IEEE International Conference on Dependable, Autonomic and Secure Computing, Athens, Greece, August 12-15, 2018. (Submissions Due 30 March 2018)

    IEEE DASC 2018 aims to bring together computer scientists, industrial engineers, and researchers to discuss and exchange experimental and theoretical results, novel designs, work-in-progress, experience, case studies, and trend-setting ideas in the areas of dependability, security, trust and/or autonomic computing systems. Topics of particular interests include the following tracks, but are not limited to:

    • Dependable, Autonomic, Secure Computing Systems, Architectures and Communications
    • Cloud Computing and Fog/edge Computing with Autonomic and Trusted Environment
    • Dependable Automatic Control Techniques and Systems
    • Dependable Sensors, Devices, Embedded Systems
    • Dependable Electronic-Mechanical Systems, Optic-Electronic Systems
    • Self-improvement in Dependable Systems
    • Self-healing, Self-protection and Fault-tolerant Systems
    • Hardware and Software Reliability, Verification and Testing
    • Software Engineering for Dependable Systems
    • Safety-critical Systems in Transportation and Power System
    • Security Models and Quantifications
    • Trusted P2P, Web Service, SoA, SaaS, EaaS, and PaaS
    • Self-protection and Intrusion-detection in Security
    • DRM, Watermarking Technology, IP Protection
    • Context-aware Access Control
    • Virus Detections and Anti-Virus Techniques/Software
    • Cyber Attack, Crime and Cyber War
    • Human Interaction with Trusted and Autonomic Computing Systems
    • Security, Dependability and Autonomic Issues in Ubiquitous Computing
    • Security, Dependability and Autonomic Issues in Cyber-Physical System
    • Security, Dependability and Autonomic Issues in Big Data, SDN, and IoT Systems
    • QoS in Communications and Services and Service Oriented Architectures
    • Information and System Security
    • Reliable Computing and Trusted Computing
    • Wireless Emergency and Security Systems
    • Information Technology in Biomedicine
    • Multimedia Security Issues over Mobile and Wireless Networks
    • Multimedia in Mobile Computing: Issues, System Design and Performance Evaluation
    • Software Architectures and Design for Emerging Systems
    • Software Engineering for Emerging Networks, Systems, and Mobile Systems
    • Evaluation Platforms for Dependable, Autonomic and Secure Computing Systems
    • Trustworthy Data, Secured Data Collection System, Model, and Architectures

  • DBSec 2018 32nd Annual IFIP WG 11.3 Working Conference on Data and Applications Security and Privacy, Bergamo, Italy, July 16-18, 2018. (Submissions Due 30 March 2018)

    DBSec is an annual international conference covering research in data and applications security and privacy. The 32nd Annual IFIP WG 11.3 Working Conference on Data and Applications Security and Privacy (DBSec 2018) will be held in Bergamo, Italy. The conference seeks submissions from academia, industry, and government presenting novel research on all theoretical and practical aspects of data protection, privacy, and applications security. Topics of interest include, but are not limited to:

    • access control
    • anonymity
    • applied cryptography in data security
    • authentication
    • big data security
    • data and system integrity
    • data protection
    • database security
    • digital rights management
    • identity management
    • intrusion detection
    • knowledge discovery and privacy
    • methodologies for data and application security
    • network security
    • organizational security
    • privacy
    • secure cloud computing
    • secure distributed systems
    • secure information integration
    • secure Web services
    • security and privacy in crowdsourcing
    • security and privacy in IT outsourcing
    • security and privacy in the Internet of Things
    • security and privacy in location-based services
    • security and privacy in P2P scenarios and social networks
    • security and privacy in pervasive/ubiquitous computing
    • security and privacy policies
    • security management
    • security metrics
    • threats, vulnerabilities, and risk management
    • trust and reputation systems
    • trust management
    • wireless and mobile security

  • SP 2019 40th IEEE Symposium on Security and Privacy, San Francisco, CA, USA, May 20-22, 2019. (Submissions Due first day of each month)

    Since 1980 in Oakland, the IEEE Symposium on Security and Privacy has been the premier forum for computer security research, presenting the latest developments and bringing together researchers and practitioners. We solicit previously unpublished papers offering novel research contributions in any aspect of security or privacy. Papers may present advances in the theory, design, implementation, analysis, verification, or empirical evaluation and measurement of secure systems. Topics of interest include:

    • Access control and authorization
    • Accountability
    • Anonymity
    • Application security
    • Attacks and defenses
    • Authentication
    • Censorship resistance
    • Cloud security
    • Distributed systems security
    • Economics of security and privacy
    • Embedded systems security
    • Forensics
    • Hardware security
    • Intrusion detection and prevention
    • Malware and unwanted software
    • Mobile and Web security and privacy
    • Language-based security
    • Network and systems security
    • Privacy technologies and mechanisms
    • Protocol security
    • Secure information flow
    • Security and privacy for the Internet of Things
    • Security and privacy metrics
    • Security and privacy policies
    • Security architectures
    • Usable security and privacy
    This topic list is not meant to be exhaustive; S&P is interested in all aspects of computer security and privacy. Papers without a clear application to security or privacy, however, will be considered out of scope and may be rejected without full review.
    
    Systematization of Knowledge Papers As in past years, we solicit systematization of knowledge (SoK) papers that evaluate, systematize, and contextualize existing knowledge, as such papers can provide a high value to our community. Suitable papers are those that provide an important new viewpoint on an established, major research area, support or challenge long-held beliefs in such an area with compelling evidence, or present a convincing, comprehensive new taxonomy of such an area. Survey papers without such insights are not appropriate. Submissions will be distinguished by the prefix ÒSoK:Ó in the title and a checkbox on the submission form. They will be reviewed by the full PC and held to the same standards as traditional research papers, but they will be accepted based on their treatment of existing work and value to the community, and not based on any new research results they may contain. Accepted papers will be presented at the symposium and included in the proceedings.
    
    Workshops The Symposium is also soliciting submissions for co-located workshops. Further details on submissions can be found at https://www.ieee-security.org/TC/SP2019/workshops.html.
    
    Ongoing Submissions To enhance the quality and timeliness of the scientific results presented as part of the Symposium, and to improve the quality of our reviewing process, IEEE S&P now accepts paper submissions 12 times a year, on the first of each month. The detailed process can be found at the conference call-for-papers page.

  • DSML 2018 International Workshop on Dependable and Secure Machine Learning, Co-located with the 48th IEEE/IFIP International Conference on Dependable Systems and Networks (DSN 2018), Luxembourg City, Luxembourg, June 25, 2018. (Submissions Due 1 April 2018)

    The DSN Workshop on Dependable and Secure Machine Learning (DSML) is an open forum for researchers, practitioners, and regulatory experts, to present and discuss innovative ideas and practical techniques and tools for producing dependable and secure machine learning (ML) systems. A major goal of the workshop is to draw the attention of the research community to the problem of establishing guarantees of reliability, security, safety, and robustness for systems that incorporate increasingly complex ML models, and to the challenge of determining whether such systems can comply with requirements for safety-critical systems. A further goal is to build a research community at the intersection of machine learning and dependable and secure computing.

  • NSPW 2018 New Security Paradigms Workshop, Cumberland Lodge, Windsor, UK, August 28-31, 2018. (Submissions Due 13 April 2018)

    The New Security Paradigms Workshop (NSPW) seeks embryonic, disruptive, and unconventional ideas on information and cyber security that benefit from early feedback. Submissions typically address current limitations of information security, directly challenge long-held beliefs or the very foundations of security, or discuss problems from an entirely novel angle, leading to new solutions. We welcome papers both from computer science and other disciplines that study adversarial relationships, as well as from practice. The workshop is invitation-only; all accepted papers receive a 1 hour plenary time slot for presentation and discussion. In order to maximize diversity of perspectives, we particularly encourage submissions from new NSPW authors, from Ph.D. students, and from non-obvious disciplines and institutions. In 2018, NSPW invites theme submissions around "Security in 2038" next to regular submissions. We know from past experience that every security advance brings with it new security failures. Automated software updates open the door to malicious software updates; DNSSEC is subject to cryptography-based denial-of-service attacks; antivirus software can be compromised by data files that are otherwise harmless. We encourage authors to imagine the security problems of the next 20 years, how they are currently being created through fallible solutions and paradigms, and what alternative paradigms would be available to mitigate those anomalies (as meant by Kuhn). Theme submissions can take any form, but we suggest writing them as if they were a submission for NSPW 2038 (including citations to future work). We particularly invite submissions (co-)authored by historians and futurologists.

  • FARES 2018 13th International Workshop on Frontiers in Availability, Reliability and Security, Hamburg, Germany, August 27-30, 2018. (Submissions Due 15 April 2018)

    FARES establishes an in-depth academic platform to exchange novel theories, designs, applications and on-going research results among researchers and practitioners in different Computing Dependability aspects which emphasize the Practical Issues in Availability, Reliability and Security. Topics of interest comprise but are not limited to:

    • Reliability Models and Failure Prevention
    • Standards, Guidelines and Certification
    • Dependability Requirement Engineering
    • Intrusion Detection and Fraud Detection
    • Database and Datawarehouse Security
    • Dependability Modelling and Prediction
    • Secure Enterprise Information System
    • Trust Models and Trust Management
    • Network/Software/Database Security
    • Risk Planning, Analysis & Awareness
    • Survivability of Computing Systems
    • Authorization and Authentication
    • Applied Tools and Applications
    • Security and privacy issues
    • Security Models / Methods
    • Availability and Reliability
    • Usability and Security
    • Digital Forensics
    • Grid Security

  • GRAMSEC 2018 5th International Workshop on Graphical Models for Security, Co-located with CSF 2018, Oxford, UK, July 8, 2018. (Submissions Due 15 April 2018)

    The use of graphical security models to represent and analyse the security of systems has gained an increasing research attention over the last two decades. Formal methods and computer security researchers, as well as security professionals from the industry and government, have proposed various graphical security models, metrics, and measurements. Graphical models are used to capture different security facets and address a range of challenges including security assessment, automated defence, secure services composition, security policy validation, and verification. For example, attack graphs, attack trees, attack-defence trees, and attack countermeasure trees represent possible ways of attacking and defending a system while misuse cases and mal-activity diagrams capture threats and abusive behaviour of users.

  • NISK 2018 11th Norwegian Information Security Conference, Longyearbyen, Svalbard, Norway, September 18-20, 2018. (Submissions Due 17 April 2018)

    The 11th Norwegian Information Security Conference (NISK2018) will take place in Svalbard, Sep. 18-20, 2018. The annual NISK conference series aims to be the principal Norwegian venue for presenting new research and developments in the field of ICT security and privacy, and bringing together people from universities, industry, and public authorities. We invite national and international contributions in any aspect of ICT security and privacy. Submissions can be in the form of full papers, short papers and poster/demo presentation. All papers must be original and not simultaneously submitted to another journal or conference.

  • PLLS 2018 2nd Workshop on the Protection of Long-Lived Systems, Parnu, Estonia, September 17-19, 2018. (Submissions Due 25 April 2018)

    Original contributions on technical, legal, social and economical aspects of protecting systems that are intended to work or have been working during a long period of time are solicited for submission to PLLS 2018. Submissions are welcome on any topics related to long-term security.

  • ICDF2C 2018 10th EAI International Conference on Digital Forensics & Cyber Crime, New Orleans, LA, USA, September 10-12, 2018. (Submissions Due 30 April 2018)

    Cyberspace is becoming increasingly central to the basic function of modern society. Cybercrime and cyberwarfare have emerged as major threats to the integrity of digital information and to the functioning of cyber-controlled physical systems. Such threats have direct consequences for almost all individuals, businesses and organizations, government institutions, and civic processes. Digital forensics and cybercrime investigations are multidisciplinary areas that encompass law and law enforcement, computer science and engineering, IT operations, economics and finance, data analytics and criminal justice. ICDF2C brings together researchers and practitioners from all these areas in order to scientifically address the numerous challenges due to the rapid increase in the amount and variety of data under investigation, as well as the growing complexity of both the threats and the targeted systems.

  • WCTI 2018 International Workshop on Cyber Threat Intelligence, Held in conjunction with the 13th International Conference on Availability, Reliability and Security (ARES 2018), Hamburg, Germany, August 27-30, 2018. (Submissions Due 30 April 2018)

    In order to effectively defend a system against malicious activities, information about the nature of the adversaries, their available skills and resources is essential. Without this information, we run the risk that the portfolio of countermeasures does not turn out to be adequate to thwart off cyber threats, or that the defender deploys unnecessary resources. Cyber Threat Intelligence is an emerging new discipline, which aims to develop methods and techniques to assemble information about compromises, extract information about the infrastructure and tools used, investigate adversarial techniques and practices and their evolution, structure and share this information and thus help detect and prevent future incidents. WCTI aims to bring together experts from academia, industry, government and law enforcement who are interested to advance the state of the art in cyber threat intelligence. The aim of the workshop is to present mature and early stage ideas, promote discussion and exchange, and build a community of researchers and practitioners in cyber threat intelligence.

  • SciSec 2018 1st International Conference on Science of Cyber Security, Beijing, China, August 12-14, 2018. (Submissions Due 1 May 2018)

    This new forum aims to catalyze the research collaborations between the relevant communities and disciplines that can work together to deepen our understanding of, and build a firm foundation for, the emerging Science of Cyber Security. Publications in this venue would distinguish themselves from others by taking or thinking from a holistic perspective about cyber security, rather than the building-block perspective. Each submission will be reviewed (double blind) by at least 3 reviewers. The program committee plans to select and award a Best Paper and a Best Student Paper. The post-conference proceedings will be published in Springer's Lecture Notes in Computer Science (LNCS) series. Areas of interest include:

    • Cybersecurity Dynamics
    • Cybersecurity Metrics and Their Measurements
    • First-principle Cybersecurity Modeling and Analysis (e.g., Dynamical Systems, Control-Theoretic, and Game-Theoretic Modeling)
    • Cybersecurity Data Analytics
    • Big Data for Cybersecurity
    • Artificial Intelligence for Cybersecurity
    • Machine Learning for Cybersecurity
    • Economics Approaches for Cybersecurity
    • Social Sciences Approaches for Cybersecurity
    • Statistical Physics Approaches for Cybersecurity
    • Complexity Sciences Approaches for Cybersecurity
    • Experimental Cybersecurity
    • Macroscopic Cybersecurity
    • Statistics Approaches for Cybersecurity
    • Human Factors for Cybersecurity
    • Compositional Security
    • Biology-inspired Approaches for Cybersecurity

  • CANS 2018 17th International Conference on Cryptology and Network Security, Naples, Italy, September 30 - October 3, 2018. (Submissions Due 1 May 2018)

    The annual International Conference on Cryptology and Network Security (CANS) focuses on current advances in all aspects of cryptology, data protection, and network and computer security. CANS 2018 is held in cooperation with the International Association of Cryptologic Research (IACR). High quality papers on unpublished research and implementation experiences are solicited for submission.

  • ACM-CCS 2018 25th ACM Conference on Computer and Communications Security, Toronto, Canada, October 15-19, 2018. (Submissions Due 8 May 2018)

    The 25th ACM Conference on Computer and Communications Security (ACM CCS) seeks submissions presenting scientific innovations in all practical and theoretical aspects of computer and communications security and privacy. Papers should demonstrate their real-world impacts. Theoretic papers are expected to make a convincing case for the relevance of their techniques and findings to secure systems.

  • STRIVE 2018 1st Workshop on Safety, securiTy, and pRivacy In automotiVe systEms, Co-located with SAFECOMP 2018, Vasteras, Sweden, September 18, 2018. (Submissions Due 22 May 2018)

    The introduction of ICT systems into vehicles make them more prone to cyber-security attacks. Such attacks may impact on vehicles capability and, consequently, on the safety of drivers, passengers. The strong integration among dedicated ICT devices, the physical environment, and the networking infrastructure, leads to consider modern vehicles as Cyber-Physical Systems (CPS). This workshop aims at providing a forum for researchers and engineers in academia and industry to foster an exchange of research results, experiences, and products in the automotive domain from both a theoretical and practical perspective. Its ultimate goal is to envision new trends and ideas about aspects of designing, implementing, and evaluating innovative solutions for CPS with a particular focus on the new generation of vehicles. Indeed, the automotive domain presents several challenges in the fields of vehicular network, Internet of Things, Privacy, as well as Safety and Security methods and approaches. The workshop aims at presenting the advancement on the state of art in these fields and spreading their adoption in several scenarios involving main stockholders of the automotive domain.

  • Springer International Journal of Information Security, Special Issue on IoT Security and Privacy, (Submissions Due 1 October 2018)

    Guest Editors: akeshi Takahashi (National Institute of Information and Communications Technology, Japan), Rodrigo Roman Castro (Universidad de Malaga, Spain), Ryan Ko (University of Waikato, New Zealand), Bilhanan Silverajan (Tampere University of Technology, Finland), and Said Tabet (Dell EMC, USA).
    
    The Internet is gradually transforming from a communication platform for conventional IT appliances into the Internet of Things (IoT), increasingly interconnecting many assorted devices and sensors. These devices are generally referred as IoT devices, and many of them are inexpensive and can be constrained in terms of energy, bandwidth and memory. The establishment of IoT ecosystems in various domains is bringing multiple benefits to human users and companies alike. Example of such domains include Smart Homes, Smart Cities, the Industrial Internet and even Intelligent Transportation Systems. However, the IoT as a whole - including related paradigms such as Machine-to-Machine (M2M) and Cyber-Physical Systems (CPS) - is susceptible to a multitude of threats. In fact, many IoT devices currently are insecure and have many security vulnerabilities. For example, many vulnerable IoT devices which have been infected with malware have subsequently become comprised into large botnets, resulting in devastating DDOS attacks. Consequently, ensuring the security of such IoT ecosystems - before, during, and after an attack takes place - is a crucial issue for our society at this moment. This special issue aims to collect contributions by leading-edge researchers from academia and industry, show the latest research results in the field of IoT security and privacy, and provide valuable information to researchers as well as practitioners, standards developers and policymakers. Its aim is to focus on the research challenges and issues in IoT security. Manuscripts regarding novel algorithms, architectures, implementations, and experiences are welcome. Topics include but are not limited to:

    • Secure protocols for IoT devices
    • Privacy solutions and privacy helpers for IoT environments
    • Trust frameworks and secure/private collaboration mechanisms for IoT environments
    • Secure management and self-healing for IoT environments
    • Operative systems security for IoT devices
    • Security diagnosis tools for IoT devices
    • Threat and vulnerability detection in IoT environments
    • Anomaly detection and prevention mechanisms in IoT networks
    • Case studies of malware analysis in IoT environments
    • IoT forensics and digital evidence
    • Testbeds and experimental facilities for IoT security analysis and research
    • Standardization activities for IoT security
    • Security and privacy solutions tailored to specific IoT domains and ecosystems

  • ISDDC 2018 International Conference on Intelligent, Secure and Dependable Systems in Distributed and Cloud Environments, Vancouver, BC, Canada, November 28-30, 2018. (Submissions Due 20 July 2018)

    This conference solicits papers addressing issues related to the design, analysis, and implementation, of dependable and secure infrastructures, systems, architectures, algorithms, and protocols that deal with network computing, mobile/ubiquitous systems, cloud systems, and IoT systems.

 

• The Technical Committee on Security and Privacy

 

• Staying in touch....

  • Information for Subscribers and Contributors

  • Who's where: recent address changes

  • Changing your email address?  Please send updates to cipher@ieee-security.org