Cipher
Calls for Papers



IEEE Computer Society's Technical Committee on Security and Privacy


 

Last Modified:06/26/17

Note: Please send new calls to cipher-cfp@ieee-security.org and take a moment to read the submission guidelines. And please see the Cipher Calendar for events sorted in date order. For all other questions, please contact cipher-cfp@ieee-security.org by email.

Contents

 

Special Issues of Journals and Handbooks


IET Networks, Special Issues on Security architecture and technologies for 5G, (Submission Due 30 June 2017) [posted here 05/08/17]
Guest Editors: Hongke Zhang (Beijing Jiaotong University, China), Chi-Yuan Chen (National Ilan University, Taiwan), Shui Yu (Deakin University, Australia), and Wei Quan (Beijing Jiaotong University, China).

5G security challenges come from many aspects. Firstly, secure network architectures are required as the basis for 5G to support a huge number of connected devices. Secondly, 5G will migrate or bring in many promising network technologies, such as Software Defined Networking (SDN), Network Functions Virtualization (NFV), Information Centric Network (ICN), Device to Device (D2D), Network Slicing, Cloud Computing/Fog Computing and so on. These technologies should also provide security guarantee for 5G architecture. Thirdly, more and more user data and network traffic will be carried in the 5G network. Big Data Security should be considered to protect these data, including the data privacy, data sources, data analytics and so on. Fourthly, 5G will promote many interesting applications, which also require secure supports, such as Vehicular Network, Internet of Energy (IoE) and VR/AR. We call for survey and research papers in the 5G security scope. We aim to provide a platform for researchers to further explore the security issues, technologies, architecture for 5G networks.

For more information, please see http://digital-library.theiet.org/files/IET_NET_CFP_SEC.pdf.

Elsevier Computer Networks, Special Issue on Security and Performance of Software-defined Networks and Functions Virtualization, (Submission Due 30 June 2017) [posted here 06/23/17]
Guest Editors: David Hausheer (Otto von Guericke University Magdeburg, Germany), Oliver Hohlfeld (RWTH Aachen, Germany), Stefan Schmid (Aalborg University & TU Berlin, Denmark and Germany), and Guofei Gu (Texas A&M University, U.S.A).

Software-defined Networking (SDN) and Network Functions Virtualization (NFV) are envisioned to massively change network management by enabling a more flexible management of complex networks. While the aim of SDN is to split the control and data plane and to introduce open interfaces between these layers, NFV abstracts network functions from dedicated hardware to virtual machines running on commodity hardware. Consequently, applying SDN/NFV is claimed to have a high business advantage in terms of cost savings and additional revenue sources for network operators, new opportunities for solution providers, and opening new business models. However, major performance challenges arise when realizing SDN/NFV given the overheads imposed by software and virtualization stacks. At the same time, e.g., the outsourcing of network control or the relocation of network functions to cloud services create new challenges on data privacy and network security. This special issue of the Computer Networks Journal solicits original, high-quality papers that present, analyze and discuss solutions to improve the security and privacy in SDN/NFV, mechanisms to achieve high packet processing performances in virtualized environments, as well as performance benchmarking aspects and standards. Related topics, such as new security mechanisms enabled by SDN/NFV (e.g. mitigation of DDoS attacks), validation, verification and certification of network functions, design of energy efficient NFV networks, new algorithms controlling the function placement, as well as new services offerings enabled by SDN/NFV (e.g. to improve the end-user experience), techno-economic aspects (e.g. new pricing and business models), and others are also within the scope of the special issue.

For more information, please see https://www.journals.elsevier.com/computer-networks/call-for-papers/special-issue-on-security-and-performance-of-software-define.

Security and Communication Networks journal, Special Issue on Emerging and Unconventional: New Attacks and Innovative Detection Techniques, (Submission Due 28 July 2017) [posted here 03/20/17]
Guest Editors: Luca Caviglione (National Research Council of Italy,Italy), Wojciech Mazurczyk (Warsaw University of Technology & FernUniversität in Hagen, Poland), Steffen Wendzel (Fraunhofer FKIE, Germany), and Sebastian Zander (Murdoch University, Australia).

In the last years, advancements of the information and communication technologies have spawned a variety of innovative paradigms, such as cloud and fog computing, the Internet of Things (IoT), or complex vehicle-to-vehicle frameworks. As a consequence, the cybersecurity panorama is now getting populated with complex, emerging, and unconventional attacks, which require deep investigation and proper understanding. For example, the diffusion of online social networks brought social engineering to the next level, while IoT led to a completely new set of hazards also endangering the user at a physical level. Modern threats also exploit a variety of advanced methods to increase their stealthiness in order to remain unnoticed for long periods, as well as reduce the effectiveness of many digital forensics techniques and detection tools. Therefore, new and emerging technologies changed the modern cybersecurity landscape, which nowadays is populated by novel attacks and also requires innovative detection and prevention methods. In this perspective, the special issue aims at investigating the most advanced and innovative forms of attacks and scenarios, for instance, considering automotive or building automation settings. To complete the picture, a relevant attention will be given to works dealing with innovative forms of detection and forensics analysis, which are mandatory to counteract sophisticated malware able to hide or take advantage of unconventional and complex scenarios. This issue accepts high quality papers containing novel original research results and review articles of exceptional merit covering the most cutting-edge cybersecurity threats and countermeasures. Potential topics include but are not limited to the following:
- Novel advanced and persistent threats aiming at automotive and smart buildings/cities
- Security issues and profiling hazards in smart buildings/cities
- IoT and device specific attacks, for example, battery drain attacks or attacks on IoT routing protocols
- Hazards taking advantage from social media, for example, social bots and new social engineering attacks
- Information hiding threats to counteract forensics tools and analysis
- Network steganography for data exfiltration and new information-hiding-capable threats
- Energy-based detection of slow and hidden attacks, including low-attention rising threats for mobile and handheld devices
- Scalable countermeasures for preventing steganography in big-data-like sources
- Novel threats targeting vehicles and cloud and software defined networking technologies
- Bioinspired attacks and detection mechanisms
- Ransomware: novel trends, characteristics, and detection
- Moving Target Defense (MTD) solutions against infections

For more information, please see https://www.hindawi.com/journals/scn/si/761087/cfp/.

Ad Hoc Networks, Special Issue on Security of IoT-enabled Infrastructures in Smart Cities, (Submission Due 1 September 2017) [posted here 04/10/17]
Guest Editors: Steven Furnell (Plymouth University, United Kingdom), Abbas M. Hassan (Al Azhar University, Qena, Egypt), and Theo Tryfonas (University of Bristol, United Kingdom).

Internet of Things (IoT) is a paradigm that involves a network of physical objects containing embedded technologies to collect, communicate, sense, and interact with their internal states or the external environment through wireless or wired connections. IoT uses unique addressing schemes and network infrastructures to create new application or services. Smart cities are developed urban environments where any citizen can use any service anywhere and anytime. IoT has become a generator of smart cities aiming at overcoming the problems inherent in traditional urban developments. The nature of IoT information exchange among the connected objects “Things” and remote locations for data storage and data processing gives the ability to collect numerous amounts of data about individuals, and other things in the smart city. Hence, these data can be passed to malicious or have vulnerabilities such as man-in-the-middle attack or denial-of-service (DoS) attacks. Therefore, collected and transferred bands of data via IoT infrastructure would affect the national security and privacy. Driven by the concept that IoT is the major builder in the coming smart cities, security and privacy have become inevitable requirements not only for personal safety, but also for assuring the sustainability of the ubiquitous city. Although, there are available researches that address the security challenges in IoT data, this special issue aims to address the security and privacy challenges emerging from deploying IoT in smart cities with a special emphasize on the IoT device, infrastructures, networking, and protocols. In addition, the special issue provides an up-to-date statement of the current research progresses in IoT security, privacy challenges, and mitigation approaches for protecting the individuals’ safety and the sustainability of the smart city. The topics of interest include but are not limited to:
- Innovative techniques for IoT infrastructure security
- Internet of Things (IoT) devices and protocols security
- Cross-domain trust management in smart communities
- Cloud computing-based security solutions for IoT data
- Security and privacy frameworks for IoT-based smart cities
- Critical infrastructures resilience and security in smart cities
- Biometric modalities involved in IoT security for smart cities
- Security challenges and mitigation approaches for smart cities
- Cyber attacks detection and prevention systems for IoT networks
- Interoperable security for urban planning and applications
- Ethics, legal, and social considerations in IoT security

For more information, please see https://www.journals.elsevier.com/ad-hoc-networks/call-for-papers/special-issue-on-security-of-iot-enabled-infrastructures-in.

Security and Communication Networks journal, Special Issue on User Authentication in the IoE Era: Attacks, Challenges, Evaluation, and New Designs, (Submission Due 1 September 2017) [posted here 04/24/17]
Guest Editors: Ding Wang (Peking University, Beijing, China), Shujun Li (University of Surrey, Guildford, UK), and Qi Jiang (University of Waterloo, Ontario, Canada and Xidian University, Xi'an, China).

We are venturing into the new era of Internet of Everything (IoE) where smaller and smarter computing devices have begun to be integrated into the cyber-physical-social environments in which we are living our lives. Despite its great potential, IoE also exposes devices and their users to new security and privacy threats, such as attacks emanating from the Internet that can impact human users' health and safety. User authentication, as a first line of defense, has been widely deployed to prevent unauthorized access and, in many cases, is also the primary line of defense. However, conventional user authentication mechanisms are not capable of addressing these new challenges. Firstly, it is not possible to directly utilize many Internet-centric security solutions because of the inherent characteristics of IoE devices (e.g., their limited computational capabilities and power supply). Secondly, IoE devices may lack conventional user interfaces, such as keyboards, mice, and touch screens, so that many traditional solutions simply cannot be applied. In summary, the subjects of user authentication in IoE are compelling, yet largely underexplored, and new technologies are needed by both the industry and academia. This special issue aims to provide a venue for researchers to disseminate their recent research ideas and results about user authentication in IoE. Potential topics include but are not limited to the following:
- Lightweight authentication
- Password-based authentication
- Biometric-based authentication
- Multi-factor authentication
- Continuous/implicit authentication
- Authentication for fog/edge computing
- Authentication for cloud computing
- Anonymous authentication
- Privacy enhancing technologies for authentication
- New paradigms for user authentication
- Attacks on authentication for IoE devices
- Human aspects of authentication in IoE
- Foundational principles for authentication
- Evaluation metrics for authentication schemes

For more information, please see https://www.hindawi.com/journals/scn/si/908453/cfp/.

Information & Communications Technology Express, Special Issue on Critical Infrastructure (CI) & Smart Grid Cyber Security, (Submission Due 1 December 2017) [posted here 04/10/17]
Guest Editors: Leandros A. Maglaras (De Montfort University, UK), Ki-Hyung Kim (Ajou University, Korea), Helge Janicke (De Montfort University, UK), Mohamed Amine Ferrag, Guelma University, Algeria), Artemios G. Voyiatzis (SBA Research, Austria), Pavlina Fragkou (T.E.I of Athens, Greece), Athanasios Maglaras (T.E.I. of Thessaly, Greece), and Tiago J. Cruz (University of Coimbra, Portugal).

Cyber-physical systems are becoming vital to modernizing the national critical infrastructure (CI) systems. A smart grid is an energy transmission and distribution network enhanced through digital control, monitoring, and telecommunications capabilities. It provides a real-time, two-way flow of energy and information to all stakeholders in the electricity chain, from the generation plant to the commercial, industrial, and residential end user. Each smart grid subsystem and its associated assets require specific security functions and solutions. For example, the solution to secure a substation is not the same as the solution to secure demand response and home energy management systems. Usual cyber security technologies and best practices—such as antivirus, firewalls, intrusion prevention systems, network security design, defense in depth, and system hardening—are necessary to protect the smart grid. However, history showed they are only part of the solution. Owing to the rapid increase of sophisticated cyber threats with exponentially destructive effects advanced cyber security technologies must be developed. The title of this special issue of ICT Express is therefore coined concisely as "Special Issue on CI & Smart Grid Cyber Security". This special issue focuses on innovative methods and techniques in order to address unique security issues relating to CI and smart grids. Original submissions reflecting latest research observation and achievement in the following areas are invited:
- Hardware Security Solutions
- Incident response
- Real-time threat intelligence
- Situation Awareness
- Security information and event management (SIEM) systems
- Machine Learning Techniques
- Safety-Security Interactions
- System Vulnerabilities
- Cyber Security Engineering
- Human Awareness & Training
- Intrusion Detection Systems
- Trust and privacy
- Malware Analysis
- Behavioral Modeling
- Secure Communication Protocols
- Malware analysis
- Network security and protocols
- Hardware enforced virtualization

For more information, please see https://www.journals.elsevier.com/ict-express/call-for-papers/special-issue-on-ci-smart-grid-cyber-security.

Conference and Workshop Call-for-papers

June 2017

GameSec 2017 8th Conference on Decision and Game Theory for Security, Vienna, Austria, October 23-25, 2017. (Submission Due 29 June 2017) [posted here 02/20/17]
The goal of GameSec is to bring together academic and industrial researchers in an effort to identify and discuss the major technical challenges and recent results that highlight the connection between game theory, control, distributed optimization, economic incentives and real world security, reputation, trust and privacy problems in a variety of technological systems. Submissions should solely be original research papers that have neither been published nor submitted for publication elsewhere.
- Game theory and mechanism design for security and privacy
- Pricing and economic incentives for building dependable and secure systems
- Dynamic control, learning, and optimization and approximation techniques
- Decision making and decision theory for cybersecurity and security requirements engineering
- Socio-technological and behavioral approaches to security
- Risk assessment and risk management
- Security investment and cyber insurance
- Security and privacy for the Internet-of-Things (IoT), cyber-physical systems, resilient control systems
- New approaches for security and privacy in cloud computing and for critical infrastructure
- Security and privacy of wireless and mobile communications, including user location privacy
- Game theory for intrusion detection
- Empirical and experimental studies with game-theoretic or optimization analysis for security and privacy

For more information, please see http://www.gamesec-conf.org/cfp.php.

AsianHOST 2017 IEEE Asian Hardware-Oriented Security and Trust Symposium, Beijing, China, October 19-20, 2017. (Submission Due 30 June 2017) [posted here 04/03/17]
IEEE Asian Hardware Oriented Security and Trust Symposium (AsianHOST) aims to facilitate the rapid growth of hardware security research and development in Asia and South Pacific areas. AsianHOST highlights new results in the area of hardware and system security. Relevant research topics include techniques, tools, design/test methods, architectures, circuits, and applications of secure hardware. AsianHOST 2017 invites original contributions related to, but not limited by, the following topics:
- Hardware Trojan attacks and detection techniques
- Side-channel attacks and countermeasures
- Metrics, policies, and standards related to hardware security
- Secure system-on-chip (SoC) architecture
- Security rule checks at IP, IC, and System levels
- Hardware IP trust (watermarking, metering, trust verification)
- FPGA security
- Trusted manufacturing including split manufacturing, 2.5D, and 3D ICs
- Emerging nanoscale technologies in hardware security applications
- Security analysis and protection of Internet of Things (IoT)
- Cyber-physical system (CPS) security and resilience
- Reverse engineering and hardware obfuscation at all levels of abstraction
- Supply chain risks mitigation including counterfeit detection & avoidance
- Hardware techniques that ensure software and/or system security
- Analysis of real attacks and threat evaluation

For more information, please see http://asianhost.org/2017/.

SPIFEC 2017 1st European Workshop on Security and Privacy in Fog and Edge Computing, Held In conjunction with ESORICS 2017, Oslo, Norway, September 14-15, 2017. (Submission Due 30 June 2017) [posted here 05/08/17]
The main goal of Fog Computing and other related Edge paradigms, such as Multi-Access Edge Computing, is to decentralize the Cloud and bring some of its services closer to the edge of the network, where data are generated and decisions are made. Cloud-enabled edge platforms will be able to cooperate not only with each other but with the cloud, effectively creating a collaborative and federated environment. This paradigm shift will fulfill the needs of novel services, such as augmented reality, that have particularly stringent requirements like extremely low latency. It will also help improve the vision of the Internet of Things by improving its scalability and overall functionality, among other benefits. To enable this vision, a number of platforms and technologies need to securely coexist, including sensors and actuators, edge-deployed systems, software-defined networks, hardware virtualization, data mining mechanisms, etc. However, this paradigm shift calls for new security challenges and opportunities to leverage services for new scenarios and applications. The field of edge computing security is almost unexplored, and demands further attention from the research community and industry in order to unleash the full potential of this paradigm.

For more information, please see https://www.nics.uma.es/pub/spifec.

STM 2017 13th International Workshop on Security and Trust Management, Co-located with with ESORICS 2017, Oslo, Norway, September 14-15, 2017. (Submission Due 30 June 2017) [posted here 05/22/17]
STM (Security and Trust Management) is a working group of ERCIM (European Research Consortium in Informatics and Mathematics). The workshop seeks submissions from academia, industry, and government presenting novel research on all theoretical and practical aspects of security and trust in ICT. Topics of interest include, but are not limited to:
- Access control
- Anonymity
- Applied cryptography
- Authentication
- Complex systems security
- Data and application security
- Data protection
- Data/system integrity
- Digital rights management
- Economics of security and privacy
- Formal methods for security and trust
- Identity management
- Legal and ethical issues
- Mobile security
- Networked systems security
- Operating systems security
- Privacy
- Security and trust metrics
- Security and trust policies
- Security and trust management architectures
- Security and trust for big data
- Security and trust in cloud environments
- Security and trust in content delivery networks
- Security and trust in crowdsourcing
- Security and trust in grid computing
- Security and trust in the Internet of Things
- Security and trust in pervasive computing
- Security and trust in services
- Security and trust in social networks
- Social implications of security and trust
- Trust assessment and negotiation
- Trust in mobile code
- Trust models
- Trust management policies
- Trust and reputation systems
- Trusted platforms
- Trustworthy systems and user devices

For more information, please see http://stm2017.di.unimi.it.

NuTMiC 2017 Number Theory Methods in Cryptology, Warsaw, Poland, September 11-13, 2017. (Submission Due 30 June 2017) [posted here 06/19/17]
The aim of the conference is to cross-pollinate Number Theory and Cryptology. On the one hand, help the conference is going to explore Number Theory challenges that flow from rapidly evolving fields of the modern Cryptology. On the other hand, sick it is going to investigate Number Theory methods in the design and analysis of cryptologic systems and protocols. Besides the well-established connections between the two domains such as primality testing, factorisation, elliptic curves, lattices (to mention a few), the conference endeavours to forge new ones that would encompass Number Theory structures and algorithms that have never been used in Cryptology before. It is expected that these new connections would lead to novel, more efficient and secure cryptographic systems and protocols (such as one-way functions, pseudorandom number generators, encryption algorithms, digital signatures, etc.).

For more information, please see https://www.nics.uma.es/pub/spifec.

July 2017

CTC 2017 7th International Symposium on Secure Virtual Infrastructures - Cloud and Trusted Computing, Rhodes, Greece, October 23-24, 2017. (Submission Due 5 July 2017) [posted here 03/27/17]
Current and future service-based software needs to remain focused towards the development and deployment of large and complex intelligent and networked information systems, required for internet-based and intranet-based systems in organizations, as well to move to IoT integration and big data analytics. Today, service-based software covers a very wide range of application domains as well as technologies and research issues. This has found realization through Cloud Computing, Big Data, and IoT. Vital element in such networked, virtualized, and sensor-based information systems are the notions of trust, security, privacy and risk management. The conference solicits submissions from both academia and industry presenting novel research in the context of Cloud Computing, Big Data, and IoT, presenting theoretical and practical approaches to cloud, big data, and IoT trust, security, privacy and risk management. The conference will provide a special focus on the intersection between cloud paradigm, big data analytics, and IoT integration, bringing together experts from the three communities to discuss on the vital issues of trust, security, privacy and risk management in Cloud Computing, shedding the light on novel issues and requirements in big data and IoT domains. Potential contributions could cover new approaches, methodologies, protocols, tools, or verification and validation techniques. We also welcome review papers that analyze critically the current status of trust, security, privacy and risk management in the cloud, big data, and IoT. Papers from practitioners who encounter trust, security, privacy, and risk management problems, and seek understanding are finally welcome. For 2017, a special emphasis will be put on "Secure and Trustworthy Big Data Analytics and IoT Integration: From the Periphery to the Cloud".

For more information, please see http://www.otmconferences.org/index.php/conferences/ctc-2017.

SSS 2017 19th Annual International Symposium on Stabilization, Safety, and Security of Distributed Systems, Boston, Massachusetts, USA, November 5-8, 2017. (Submission Due 7 July 2017) [posted here 05/01/17]
SSS is an international forum for researchers and practitioners in the design and development of distributed systems with a focus on systems that are able to provide guarantees on their structure, performance, and/or security in the face of an adverse operational environment. Research in distributed systems is now at a crucial point in its evolution, marked by the importance and variety of dynamic distributed systems such as peer-to-peer networks, large-scale sensor networks, mobile ad-hoc networks, and cloud computing. Moreover, new applications such as grid and web services, distributed command and control, and a vast array of decentralized computations in a variety of disciplines has driven the need to ensure that distributed computations are self-stabilizing, performant, safe and secure. The symposium takes a broad view of the self-managed distributed systems area and encourages the submission of original contributions spanning fundamental research and practical applications within its scope, covered by the three symposium tracks: (i) Stabilizing Systems: Theory and Practice, (ii) Distributed Computing and Communication Networks, as well as (iii) Computer Security and Information Privacy.

For more information, please see http://bitly.com/SSS-2017.

FPS 2017 10th International Symposium on Foundations & Practice of Security, Nancy, France, October 23-25, 2017. (Submission Due 9 July 2017) [posted here 05/22/17]
Protecting the communication and data infrastructure of an increasingly inter-connected world has become vital to the normal functioning of all aspects of our world. Security has emerged as an important scientific discipline whose many multifaceted complexities deserve the attention and synergy of the mathematical, computer science and engineering communities. The aim of FPS is to discuss and exchange theoretical and practical ideas that address security issues in inter-connected systems. It aims to provide scientific presentations as well as to establish links, promote scientific collaboration, joint research programs, and student exchanges between institutions involved in this important and fast moving research field. We also invite papers from researchers and practitioners working in security, privacy, trustworthy data systems and related areas to submit their original papers.

For more information, please see http://fps2017.loria.fr/.

LASER 2017 Workshop on Learning from Authoritative Security Experiment Results, Arlington, VA, USA, October 18-19, 2017. (Submission Due 15 July 2017) [posted here 06/12/17]
The LASER workshop series focuses on learning from and improving cybersecurity experimental results. It explores both positive and negative results, the latter of which are not often published. LASER's overarching goal is to foster a dramatic change in the paradigm of cyber security research and experimentation, improving the overall quality of practiced science. This year, LASER's goal will be to improve the rigor and quality of security experimentation by providing a venue where cybersecurity researchers can discuss experimental methods and present research that exemplifies sound scientific practice. We particularly encourage papers in three areas:
- Well-designed security experiments, with positive or negative results.
- Experimental techniques that help address common sources of error.
- Replications (successful or failed) of previously published experiments.

For more information, please see http://2017.laser-workshop.org/submissions/call-papers.

CPS-Sec 2017 IEEE International Workshop on Cyber-Physical Systems Security, Held in Conjunction with the IEEE Conference on Communications and Network Security (CNS 2017), Las Vegas, NV, USA, October 9-11, 2017. (Submission Due 18 July 2017) [posted here 06/19/17]
The CPS-Sec Workshop will primarily focus on the security and privacy aspects of Cyber-Physical Systems and Internet of Things. The workshop will include papers (both novel and work-in-progress submissions), invited talks, panels, and discussions to facilitate the exchange of research ideas in a community environment. We are sure that the CPS-Sec workshop will greatly benefit from your contributions.

For more information, please see http://cns2017.ieee-cns.org/workshop/cps-sec-international-workshop-cyber-physical-systems-security.

NordSec 2017 22nd Nordic Conference on Secure IT Systems, Tartu, Estonia, November 8-10, 2017. (Submission Due 21 July 2017) [posted here 06/19/17]
NordSec addresses a broad range of topics within IT security with the aim of bringing together computer security researchers and encouraging interaction between academia and industry. We invite participants to present their ideas in poster sessions during lunches and coffee breaks. NordSec 2017 welcomes contributions within, but not limited to, the following areas:
- Access control and security models
- Applied cryptography
- Blockchains
- Cloud security
- Commercial security policies and enforcement
- Cryptanalysis
- Cryptographic protocols
- Cyber crime, warfare, and forensics
- Economic, legal, and social aspects of security
- Enterprise security
- Hardware and smart card security
- Mobile and embedded security
- Internet of Things and M2M security
- Internet, communication, and network security
- Intrusion detection
- Language-based techniques for security
- New ideas and paradigms in security
- Operating system security
- Privacy and anonymity
- Public-key cryptography
- Security and machine learning
- Security education and training
- Security evaluation and measurement
- Security management and audit
- Security protocols
- Security usability
- Social engineering and phishing
- Software security and malware
- Symmetric cryptography
- Trust and identity management
- Trusted computing
- Vulnerability testing
- Web application security

For more information, please see http://nordsec2017.cs.ut.ee.

August 2017

MIST 2017 9th ACM CCS International Workshop on Managing Insider Security Threats, Dallas, USA, October 30 - November 3, 2017. (Submission Due 4 August 2017) [posted here 05/15/17]
During the past two decades, information security technology developments have been mainly concerned with intrusion detection to prevent unauthorized attacks from outside the network. This includes hacking, virus propagation, spyware and more. However, according to a recent Gartner Research Report, information leaks have drastically increased from insiders who are legally authorized to access corporate information. The unauthorized leak of critical or proprietary information can cause significant damage to corporate image and reputation, perhaps even weakening its competitiveness in the marketplace. On a larger scale, government and public sectors may suffer competitive loss to other nations due to an internal intelligence breach. While the leaking of critical information by insiders has a lower public profile than that of viruses and hacker attacks, the financial impact and loss can be just as devastating. The objective of this workshop is to showcase the most recent challenges and advances in security and cryptography technologies and management systems for preventing information breaches by insiders. The workshop promotes state-of-the-art research, surveys and case analyses of practical significance. Physical, managerial, and technical countermeasures will be covered in the context of an integrated security management system that protects critical cyber-infrastructure against unauthorized internal attack. We expect that this workshop will be a trigger for further research and technology improvements related to this important subject.

For more information, please see http://isyou.info/conf/mist17.

WPES 2017 Workshop on Privacy in the Electronic Society, Dallas, Texas, USA, October 30, 2017. (Submission Due 4 August 2017) [posted here 05/22/17]
The need for privacy-aware policies, regulations, and techniques has been widely recognized. This workshop discusses the problems of privacy in the global interconnected societies and possible solutions. The 2017 Workshop, held in conjunction with the ACM CCS conference, is the sixteenth in a yearly forum for papers on all the different aspects of privacy in today's electronic society. The workshop seeks submissions from academia and industry presenting novel research on all theoretical and practical aspects of electronic privacy, as well as experimental studies of fielded systems. We encourage submissions from other communities such as law and business that present these communities' perspectives on technological issues. Topics of interest include, but are not limited to, anonymization and trasparency, crowdsourcing for privacy and security, data correlation and leakage attacks, data security and privacy, data and computations integrity in emerging scenarios, electronic communication privacy, economics of privacy, information dissemination control, models, languages, and techniques for big data protection, personally identifiable information, privacy-aware access control, privacy and anonymity on the web, privacy in biometric systems, privacy in cloud and grid systems, privacy and confidentiality management, privacy and data mining, privacy in the Internet of Things, privacy in the digital business, privacy in the electronic records, privacy enhancing technologies, privacy and human rights, privacy in health care and public administration, privacy metrics, privacy in mobile systems, privacy in outsourced scenarios, privacy policies, privacy vs. security, privacy of provenance data, privacy in social networks, privacy threats, privacy and virtual identity, user profiling, and wireless privacy.

For more information, please see https://cs.pitt.edu/wpes2017.

September 2017

SP 2018 39th IEEE Symposium on Security and Privacy, San Francisco, CA, USA, May 21-23, 2018. (Submission Due 1 September 2017) [posted here 06/12/17]
Since 1980 in Oakland, the IEEE Symposium on Security and Privacy has been the premier forum for computer security research, presenting the latest developments and bringing together researchers and practitioners. We solicit previously unpublished papers offering novel research contributions in any aspect of security or privacy. Papers may present advances in the theory, design, implementation, analysis, verification, or empirical evaluation and measurement of secure systems. Topics of interest include:
- Access control and authorization
- Accountability
- Anonymity
- Application security
- Attacks and defenses
- Authentication
- Censorship resistance
- Cloud security
- Distributed systems security
- Economics of security and privacy
- Embedded systems security
- Forensics
- Hardware security
- Intrusion detection and prevention
- Malware and unwanted software
- Mobile and Web security and privacy
- Language-based security
- Network and systems security
- Privacy technologies and mechanisms
- Protocol security
- Secure information flow
- Security and privacy for the Internet of Things
- Security and privacy metrics
- Security and privacy policies
- Security architectures
- Usable security and privacy
This topic list is not meant to be exhaustive; S&P is interested in all aspects of computer security and privacy. Papers without a clear application to security or privacy, however, will be considered out of scope and may be rejected without full review.

Systematization of Knowledge Papers
As in past years, we solicit systematization of knowledge (SoK) papers that evaluate, systematize, and contextualize existing knowledge, as such papers can provide a high value to our community. Suitable papers are those that provide an important new viewpoint on an established, major research area, support or challenge long-held beliefs in such an area with compelling evidence, or present a convincing, comprehensive new taxonomy of such an area. Survey papers without such insights are not appropriate. Submissions will be distinguished by the prefix “SoK:” in the title and a checkbox on the submission form. They will be reviewed by the full PC and held to the same standards as traditional research papers, but they will be accepted based on their treatment of existing work and value to the community, and not based on any new research results they may contain. Accepted papers will be presented at the symposium and included in the proceedings.

Workshops
The Symposium is also soliciting submissions for co-located workshops. Further details on submissions can be found at https://www.ieee-security.org/TC/SP2018/workshops.html.

Ongoing Submissions
To enhance the quality and timeliness of the scientific results presented as part of the Symposium, and to improve the quality of our reviewing process, IEEE S&P now accepts paper submissions 12 times a year, on the first of each month. The detailed process can be found at the conference call-for-papers page.
.
For more information, please see https://www.ieee-security.org/TC/SP2018/cfpapers.html.

IFIP119-DF 2018 14th Annual IFIP WG 11.9 International Conference on Digital Forensics, New Delhi, India, January 3-5, 2018. (Submission Due 1 September 2017) [posted here 05/01/17]
The IFIP Working Group 11.9 on Digital Forensics (www.ifip119.org) is an active international community of scientists, engineers and practitioners dedicated to advancing the state of the art of research and practice in digital forensics. The Fourteenth Annual IFIP WG 11.9 International Conference on Digital Forensics will provide a forum for presenting original, unpublished research results and innovative ideas related to the extraction, analysis and preservation of all forms of electronic evidence. Papers and panel proposals are solicited. All submissions will be refereed by a program committee comprising members of the Working Group. Papers and panel submissions will be selected based on their technical merit and relevance to IFIP WG 11.9. The conference will be limited to approximately a hundred participants to facilitate interactions between researchers and intense discussions of critical research issues. Keynote presentations, revised papers and details of panel discussions will be published as an edited volume - the fourteenth volume in the well-known Advances in Digital Forensics book series (Springer, Heidelberg, Germany) during the summer of 2018. Technical papers and posters are solicited in all areas related to the theory and practice of digital forensics. Areas of special interest include, but are not limited to:
- Theories, techniques and tools for extracting, analyzing and preserving digital evidence
- Network and cloud forensics
- Embedded device forensics
- Digital forensic processes and workflow models
- Digital forensic case studies
- Legal, ethical and policy issues related to digital forensics

For more information, please see http://www.ifip119.org.

Archival Journals Regularly Specializing in Security and Privacy

Journal of Privacy Technology (JOPT),   Editor-in-Chief:  Latanya Sweeney
This online-only Journal, started in 2004 and  operated by Carnegie Mellon University, is a forum for the publication of original current research in privacy technology. It encourages the submission of any material dealing primarily with the technological aspects of privacy or with the privacy aspects of technology, which may include analysis of the interaction between policy and technology or the technological implications of legal decisions.  More information can be found at http://www.jopt.org/.

IEEE Security and Privacy Magazine,   Editor-in-Chief: Shari Lawrence Pfleeger
IEEE Security & Privacy provides a unique combination of research articles, case studies, tutorials, and regular departments covering diverse aspects of information assurance such as legal and ethical issues, privacy concerns, tools to help secure information, analysis of vulnerabilities and attacks, trends and new developments, pedagogical and curricular issues in educating the next generation of security professionals, secure operating systems and applications, security issues in wireless networks, design and test strategies for secure and survivable systems, and cryptology.  More information can be found at http://www.computer.org/portal/web/computingnow/securityandprivacy.

ACM Transactions on Information and System Security,   Editor-in-Chief: Gene Tsudik
ACM invites submissions for its Transactions on Information and System Security, inaugurated in November 1998. TISSEC publishes original archival-quality research papers and technical notes in all areas of information and system security including technologies, systems, applications, and policies. Papers should have practical relevance to the construction, evaluation, application, or operation of secure systems. Theoretical papers will be accepted only if there is convincing argument for the practical significance of the results. Theory must be justified by convincing examples illustrating its application. More information is given on the journal web page at http://www.acm.org/tissec.

IEEE Transactions on Dependable and Secure Computing,   Editor-in-Chief: Ravi Sandhu
The IEEE Transactions on Dependable and Secure Computing publishes archival research results related to research into foundations, methodologies, and mechanisms that support the achievement—through design, modeling, and evaluation—of systems and networks that are dependable and secure to the desired degree without compromising performance. The focus will also include measurement, modeling, and simulation techniques, and foundations for jointly evaluating, verifying, and designing for performance, security, and dependability constraints. More information is given on the journal web page at http://www.computer.org/portal/web/tdsc.

The Springer Series on ADVANCES IN INFORMATION SECURITY
The purpose of the Advances in Information Security book series is to establish the state of the art and set the course for future research in information security. The scope of this series includes not only all aspects of computer, network security, and cryptography, but related areas, such as fault tolerance and software assurance. The series serves as a central source of reference for information security research and developments. The series aims to publish thorough and cohesive overviews on specific topics in Information Security, as well as works that are larger in scope than survey articles and that will contain more detailed background information. The series also provides a single point of coverage of advanced and timely topics and a forum for topics that may not have reached a level of maturity to warrant a comprehensive textbook. Prospective Authors or Editors: If you have an idea for a book that would fit in this series, we would welcome the opportunity to review your proposal. Should you wish to discuss any potential project further or receive specific information regarding book proposal requirements, please contact Professor Sushil Jajodia (jajodia@gmu.edu,703-993-1653).
 
Journal of Computer Security,   Editor-in-Chief: John Mitchell and Pierangela Samarati
JCS is an archival research journal for significant advances in computer security. Subject areas include architecture, operating systems, database systems, networks, authentication, distributed systems, formal models, verification, algorithms, mechanisms, and policies. All papers must be submitted online at http://www.iospress.nl/journal/journal-of-computer-security/. More information is given on the journal web page at http://jcs.stanford.edu/.
 
Computers & Security,   Editor-in-Chief: Eugene H. Spafford
Computers & Security aims to satisfy the needs of managers and experts involved in computer security by providing a blend of research developments, innovations, and practical management advice. Original submissions on all computer security topics are invited, particularly those of practical benefit to the practitioner. All papers must be submitted online at http://ees.elsevier.com/cose/. More information can be found at http://www.elsevier.com/locate/issn/01674048.
 
International Journal of Information Security,   Editors-in-Chief: D. Gollmann; J. Lopez; E. Okamoto
The International Journal of Information Security, IJIS, aims to provide prompt publication of important technical work in information security, attracting any person interested in communications, commerce, banking, medicine, or other areas of endeavor affected by information security. Any research submission on theory, applications, and implementations of information security is welcomed. This includes, but is not limited to, system security, network security, content protection, applications and foundations of information security. More information is given on the journal web page at http://www.springer.com/computer/security+and+cryptology/journal/10207.
 
International Journal of Network Security,   Editors-in-Chief: Min-Shiang Hwang
International Journal of Network Security is an international official journal of Science Publications, publishing original articles, reviews and short communications of a high scientific and technology in network security. Subjects covered include: access control, computer security, cryptography, communications security, data security, database security, electronic commerce security, information security, multimedia security, and network security. Authors are strongly encouraged to submit their papers electronically by using online manuscript submission at http://ijns.nchu.edu.tw/, or submit their Word, ps or pdf file to the editor-in-chief (via Email: mshwang@isrc.nchu.edu.tw): Min-Shiang Hwang, at the Department of Management Information Systems, National Chung Hsing University, Taiwan, R.O.C.  More information can be found at http://ijns.femto.com.tw/.
 
International Journal of Security and Networks,   Editors-in-Chief: Yang Xiao
International Journal of Security and Networks is an archival research journal for significant advances in network security. Subject areas include attack models, security mechanisms, security services, authentication, authorization, access control, multicast security, data confidentiality, data integrity, non-repudiation, forensics, privacy protection, secure protocols, formal analyses, intrusion detection, key management, trust establishment, revocation of malicious parties, security policies, fraudulent usage, dependability and reliability, prevention of traffic analysis, network security performance evaluation, tradeoff analysis between performance and security, security standards, etc. All papers must be submitted online at http://www.inderscience.com/ijsn/. More information is given on the journal web page at http://www.inderscience.com/ijsn/.
 
International Journal of Critical Infrastructure Protection,   Editors-in-Chief: Sujeet Shenoi
International Journal of Critical Infrastructure Protection's primary aim is to publish high quality scientific and policy papers in all areas of critical infrastructure protection. Of particular interest are articles that weave science, technology and policy to craft sophisticated yet practical solutions that will secure information, computer and network assets in the various critical infrastructure sectors. All papers must be submitted online at http://www.elsevier.com/locate/ijcip. More information is given on the journal web page at http://www.elsevier.com/locate/ijcip.
 
IEEE Transactions on Information Forensics and Security,   Editors-in-Chief: C.-C. Jay Kuo
IEEE Transactions on Information Forensics and Security aims to provide a unified locus for archival research on the fundamental contributions and the mathematics behind information forensics, information security, surveillance, and systems applications that incorporate these features. Authors are strongly encouraged to submit their papers electronically to the online manuscript system, Manuscript Central, via sps-ieee.manuscriptcentral.com.  More information can be found at http://www.ieee.org/organizations/society/sp/tifs.html.
 
EURASIP Journal on Information Security,   Editors-in-Chief: Stefan Katzenbeisser
EURASIP Journal on Information Security aims to bring together researchers and practitioners dealing with the general field of information security, with a particular emphasis on the use of signal processing tools in adversarial environments. As such, it addresses all works whereby security is achieved through a combination of techniques from cryptography, computer security, machine learning and multimedia signal processing. Application domains lie, for example, in secure storage, retrieval and tracking of multimedia data, secure outsourcing of computations, forgery detection of multimedia data, or secure use of biometrics. The journal also welcomes survey papers that give the reader a gentle introduction to one of the topics covered as well as papers that report large-scale experimental evaluations of existing techniques. Pure cryptographic papers are outside the scope of the journal. The journal also welcomes proposals for Special Issues. All papers must be submitted online at http://jis.eurasipjournals.com/manuscript.  More information can be found at http://jis.eurasipjournals.com.