Cipher
Calls for Papers



IEEE Computer Society's Technical Committee on Security and Privacy


 

Last Modified:03/16/15

Note: Please send new calls to cipher-cfp@ieee-security.org and take a moment to read the submission guidelines. And please see the Cipher Calendar for events sorted in date order. For all other questions, please contact cipher-cfp@ieee-security.org by email.

Contents

 

Special Issues of Journals and Handbooks


IEEE Transactions on Cloud Computing, Special Issue on Cloud Security Engineering. (Submission Due 31 March 2015) [posted here 02/02/15]
Editors: Kim-Kwang Raymond Choo (University of South Australia, Australia), Omer Rana (Cardiff University, UK), and Muttukrishnan Rajarajan (City University London, UK).

As the use of cloud computing grows throughout society in general, it is essential that cloud service providers and cloud service users ensure that security and privacy safeguards are in place. There is, however, no perfect security and when a cybersecurity incident occurs, digital investigation will require the identification, preservation and analysis of evidential data. This special issue is dedicated to the identification of techniques that enable security mechanisms to be engineered and implemented in Cloud-based systems. A key focus will be on the integration of theoretical foundations with practical deployment of security strategies that make Cloud systems more secure for both end users and providers - enabling end users to increase the level of trust they have in Cloud providers - and conversely for Cloud service providers to provide greater guarantees to end users about the security of their services and data. Significant effort has been invested in performance engineering of Cloud-based systems, with a variety of research-based and commercial tools that enable autoscaling of Cloud systems, mechanisms for supporting Service Level Agreement-based provisioning and adaptation and more recently for supporting energy management of large scale data centres. This special issue will be devoted to understanding whether a similar engineering philosophy can be extended to support security mechanisms, and more importantly, whether experience from the performance engineering community (who often need to carry out analysis on large log files) can be carried over into the security domain. We encourage authors to be exploratory in their papers - reporting on novel use of performance engineering tools that could be repurposed for supporting security management and vice versa. Topics of interest include:
- Advanced security features
- Anonymity
- Cloud forensic and anti-forensic techniques and implementations
- Cloud privacy
- Cloud-based honeypots
- Cloud-based intrusion detection and prevention systems
- Distributed authentication and authentication
- Implementation of cryptographic and key management strategies in clouds (e.g. homomorphic encryption for cloud computing)
- Multi-Cloud security provisioning
- Real time analysis of security (log) data for alert generation
- Remote collection of evidence (e.g. from cloud servers)
- Security-focused Service Level Agreements

For more information, please see http://www.computer.org/cms/Computer.org/transactions/cfps/cfp_tccsi_cse.pdf.

Elsevier Future Generation Computer Systems, Special Issue on Cloud Cryptography: State of the Art and Recent Advances. (Submission Due 1 May 2015) [posted here 01/19/15]
Editors: Kim-Kwang Raymond Choo (University of South Australia, Australia), Josep Domingo-Ferrer (Universitat Rovira i Virgili, Catalonia), and Lei Zhang (East China Normal University, China)

Cloud computing is widely used by organisations and individuals. Despite the popularity of cloud computing, cloud security is still an area needing further research. A particularly promising approach to achieve security in this new computing paradigm is through cryptography, but traditional cryptographic techniques are not entirely suitable for cloud implementation due to computational efficiency limitations and other constraints. This special issue is dedicated to providing both scientists and practitioners with a forum to present their recent research on the use of novel cryptography techniques to improve the security of the underlying cloud architecture or ecosystem, particularly research that integrates both theory and practice. For example, how do we design an efficient cloud cryptography system that offers enhanced security without compromising on usability and performance? An efficient fully homomorphic encryption scheme might be an option. Such a scheme should guarantee that the cloud service provider is unable to view the content of the data he stores (thereby ensuring data confidentiality to users). However, sufficiently efficient fully homomorphic encryption is not yet available. We encourage authors to be exploratory in their submissions – that is, to report on advances beyond the state of the art in research and development of cryptographic techniques that result in secure and efficient means of ensuring security and privacy of cloud data. Topics of interest include but are not limited to:
- Anonymity
- Access control
- Cloud key agreement
- Distributed authentication and authority
- Implementation of cryptographic schemes
- Homomorphic encryption
- Multi-cloud security
- Privacy-preserving provisioning
- Remote proofs of storage
- Searchable encryption
- Secure computation

For more information, please see http://www.journals.elsevier.com/future-generation-computer-systems/call-for-papers/special-issue-on-cloud-cryptography-state-of-the-art-and-rec/.

IEICE Transactions on Information and Systems, Special Issue on Information and Communication System Security. (Submission Due 22 May 2015) [posted here 01/19/15]
Editors: Toshihiro Yamauchi (Okayama University, Japan), Yasunori Ishihara (Osaka University, Japan), and Atsushi Kanai (Hosei University, Japan).

The major topics include, but are not limited to:
- Security Technologies on AdHoc Network, P2P, Sensor Network, RFID, Wireless Network, Mobile Network, Home Network, Cloud, and SNS
- Access Control, Content Security, DRM, CDN, Privacy Protection, E-Commerce, PKI, Security Architecture, Security Protocol, Security Implementation, Technologies, Secure OS, Security Evaluation/Authentication

For more information, please see http://www.ieice.org/~icss/index.en.html.

IEEE Transactions on Services Computing, Special Issue on Security and Dependability of Cloud Systems and Services. (Submission Due 31 May 2015) [posted here 02/16/15]
Editors: Marco Vieira (University of Coimbra, Portugal) and Stefano Russo (Università di Napoli Federico II, Italy).

Service-based cloud systems are being used in business-, mission- and safety-critical scenarios to achieve operational goals. Their characteristics of complexity, heterogeneity, and fast-changing dynamics bring difficult challenges to the research and industry communities. Among them, security and dependability (Sec. & Dep.) have been widely identified as increasingly relevant issues. Crucial aspects to be addressed include: metrics, techniques and tools for assessing Sec. & Dep.; modeling and evaluation of the impact of accidental and malicious threats; failure and recovery analysis; Sec. & Dep. testing, testbeds, benchmarks; infrastructure interdependencies, interoperability in presence of Sec. & Dep. guarantees. The objective of this Special Issue is to bring together sound original contributions from researchers and practitioners on methodologies, techniques and tools to assess or improve the security and dependability of cloud systems and services. Suggested topics include, but are not limited to:
- Design, deployment and management of secure and dependable cloud systems and services
- Secure and dependable Service-Oriented Architecture (SOA)
- Secure and dependable Big Data services
- Specification and design methodologies (e.g., model-driven, component-based)
- Modeling and simulation of security and dependability of cloud systems and services
- Metrics for quantifying services dependability and security
- Dependability and security benchmarking of cloud systems
- Verification and validation (V&V) for dependability and security evaluation of services
- Formal verification, testing, analytical and experimental evaluation of services
- Off-line versus on-line dependability and security services assessment
- Protocols and network technologies for dependable and secure mobile cloud applications
- Virtualization for dependable cloud networks
- Future Internet architectures and protocols for mobile cloud computing
- Design and use of supporting tools for creating dependable and secure services
- Case studies illustrating challenges and solutions in designing secure and dependable cloud systems and services

For more information, please see http://www.computer.org/cms/Computer.org/transactions/cfps/cfp_tscsi_sdcss.pdf.

Journal of Computer and System Sciences, Special Issue on Cyber Security in the Critical Infrastructure: Advances and Future Directions. (Submission Due 31 August 2015) [posted here 02/02/15]
Editors: Jemal Abawajy (Deakin University, Australia), Kim-Kwang Raymond Choo (University of South Australia, Australia), and Rafiqul Islam (Charles Sturt University, Australia).

This special issue invites original research papers that reports on state-of-the-art and recent advancements in securing our critical infrastructure and cyberspace, with a particular emphasis on novel techniques to build resilient critical information infrastructure. Topics of interest include but are not limited to:
- Cyber security mitigation techniques for critical infrastructures such as banking and finance, communications, emergency services, energy, food chain, health, mass gatherings, transport and water
- Cyber threat modelling and analysis
- Cyber forensics
- Visual analytics and risk management techniques for cyber security
- Cyber security test beds, tools, and methodologies

For more information, please see http://www.journals.elsevier.com/journal-of-computer-and-system-sciences/call-for-papers/cyber-security-in-the-critical-infrastructure-advances-and-f/.

Conference and Workshop Call-for-papers

March 2015

SECRYPT 2015 12th International Conference on Security and Cryptography, Colmar, Alsace, France, July 20 - 22, 2015. (Submission Due 17 March 2015) [posted here 11/17/14]
SECRYPT is an annual international conference covering research in information and communication security. The conference seeks submissions from academia, industry, and government presenting novel research on all theoretical and practical aspects of data protection, privacy, security, and cryptography. Papers describing the application of security technology, the implementation of systems, and lessons learned are also encouraged. Papers describing new methods or technologies, advanced prototypes, systems, tools and techniques and general survey papers indicating future directions are also encouraged. Topics of interest include:
- Access Control
- Applied Cryptography
- Biometrics Security and Privacy
- Critical Infrastructure Protection
- Data Integrity
- Data Protection
- Database Security and Privacy
- Digital Forensics
- Digital Rights Management
- Ethical and Legal Implications of Security and Privacy
- Formal Methods for Security
- Human Factors and Human Behavior Recognition Techniques
- Identification, Authentication and Non-repudiation
- Identity Management
- Information Hiding
- Information Systems Auditing
- Insider Threats and Countermeasures
- Intellectual Property Protection
- Intrusion Detection & Prevention
- Management of Computing Security
- Network Security
- Organizational Security Policies
- Peer-to-Peer Security
- Personal Data Protection for Information Systems
- Privacy
- Privacy Enhancing Technologies
- Reliability and Dependability
- Risk Assessment
- Secure Software Development Methodologies
- Security and Privacy for Big Data
- Security and privacy in Complex Systems
- Security and Privacy in Crowdsourcing
- Security and Privacy in IT Outsourcing
- Security and Privacy in Location-based Services
- Security and Privacy in Mobile Systems
- Security and Privacy in Pervasive/Ubiquitous Computing
- Security and Privacy in Smart Grids
- Security and Privacy in Social Networks
- Security and Privacy in the Cloud
- Security and Privacy in Web Services
- Security and Privacy Policies
- Security Area Control
- Security Deployment
- Security Engineering
- Security in Distributed Systems
- Security Information Systems Architecture
- Security Management
- Security Metrics and Measurement
- Security Protocols
- Security requirements
- Security Verification and Validation
- Sensor and Mobile Ad Hoc Network Security
- Service and Systems Design and QoS Network Security
- Software Security
- Trust management and Reputation Systems
- Ubiquitous Computing Security
- Wireless Network Security

For more information, please see http://www.secrypt.icete.org.

MSPN 2015 International Conference on Mobile, Secure and Programmable Networking, Paris, France, June 15-17, 2015. (Submission Due 20 March 2015) [posted here 02/23/15]
The rapid deployment of new infrastructures based on network virtualization and Cloud computing triggers new applications and services that in turn generate new constraints such as security and/or mobility. The International Conference on Mobile, Secure and Programmable Networking aims at providing a top forum for researchers and practitioners to present and discuss new trends in networking infrastructures, security, services and applications while focusing on virtualization and Cloud computing for networks, network programming, Software Defined Networks (SDN) and their security. Position papers are also welcome and should be clearly marked as such. Authors are invited to submit complete unpublished papers, which are not under review in any other conference or journal, including, but not limited to, the following topic areas:
- Software Defined Networks (tools, software, concepts)
- Virtualization and Cloud computing
- Networks and Cloud computing
- Mobile computing and Mobile Cloud computing
- Security, Privacy and Trust in Networks, Services and Applications
- Green computing and networking
- Ubiquitous Computing and Sensor Networks
- System design and testbeds
- Cross-Layer Design and Optimization
- Quality of service
- Modeling and performance evaluation
- 4G and 5G networks
- Social networks
- Cooperative networking and Self-Organizing networks
- Distributed sensing, actuation, and control in cyber-physical systems
- Internet of Things
- Vehicular networks and Connected Car
- Crowdsourcing
- Datacenter networking
- Location-based Services
- Web-services and SOA

For more information, please see http://cedric.cnam.fr/workshops/mspn2015/.

PTDCS 2015 Workshop on Privacy by Transparency in Data-Centric Services, Held in conjunction with the 18th International Conference on Business Information Systems (BIS 2015), Poznan, Poland, June 24-26, 2015. (Submission Due 22 March 2015) [posted here 02/02/15]
Big Data has developed into a key factor of the economy that benefits users and providers of data-centric services. However, the analysis of growing volumes of users data in data-centric services also presents significant privacy challenges. The objective of this workshop is to bring researchers and practitioners together to explore transparency-based mechanisms, such as dashboards, economic explanations of the use of privacy and value of data, as well as user behavior. In particular, the goal of this workshop is to set thematic milestones for the technical development of transparency mechanisms on the one hand, and on the other, trace ways in which technical progress, users and industry could profit from transparency. A major focus will be set on Transparency-Enhancing Technologies (TET) and, in particular, Privacy Dashboards. Topics of interest include, but are not limited to:
- Accountability in Data-Centric Services
- Economics of TET
- Privacy Dashboards
- Privacy Economics
- Privacy Policy Specification and Negotiation
- Privacy in Socio-Technical Systems
- Privacy-Enabled Business Models
- Requirements for TET
- Transparent Behavioral Targeting
- Transparent Usage Control

For more information, please see http://bis.kie.ue.poznan.pl/bis2015/workshops/ptdcs-2015/.

TrustBus 2015 12th International Conference on Trust, Privacy, and Security in Digital Business, Valencia, Spain, September 1-2, 2015. (Submission Due 22 March 2015) [posted here 02/16/15]
TrustBus'2015 will bring together researchers from different disciplines, developers, and users all interested in the critical success factors of digital business systems. We are interested in papers, work-in-progress reports, and industrial experiences describing advances in all areas of digital business applications related to trust and privacy, including, but not limited to:
- Anonymity and pseudonymity in business transactions
- Business architectures and underlying infrastructures
- Common practice, legal and regulatory issues
- Cryptographic protocols
- Delivery technologies and scheduling protocols
- Design of businesses models with security requirements
- Economics of Information Systems Security
- Electronic cash, wallets and pay-per-view systems
- Enterprise management and consumer protection
- Identity and Trust Management
- Intellectual property and digital rights management
- Intrusion detection and information filtering
- Languages for description of services and contracts
- Management of privacy & confidentiality
- Models for access control and authentication
- Multimedia web services
- New cryptographic building-blocks for e-business applications
- Online transaction processing
- PKI & PMI
- Public administration, governmental services
- P2P transactions and scenarios
- Real-time Internet E-Services
- Reliability and security of content and data
- Reliable auction, e-procurement and negotiation technology
- Reputation in services provision
- Secure process integration and management
- Security and Privacy models for Pervasive Information Systems
- Security Policies
- Shopping, trading, and contract management tools
- Smartcard technology
- Transactional Models
- Trust and privacy issues in mobile commerce environments
- Usability of security technologies and services

For more information, please see http://www.ds.unipi.gr/trustbus15/.

HAISA 2015 International Symposium on Human Aspects of Information Security & Assurance, Lesvos, Greece, July 1-3, 2015. (Submission Due 31 March 2015) [posted here 01/12/15]
It is commonly acknowledged that security requirements cannot be addressed by technical means alone, and that a significant aspect of protection comes down to the attitudes, awareness, behaviour and capabilities of the people involved. Indeed, people can potentially represent a key asset in achieving security, but at present, factors such as lack of awareness and understanding, combined with unreasonable demands from security technologies, can dramatically impede their ability to do so. Ensuring appropriate attention and support for the needs of users should therefore be seen as a vital element of a successful security strategy. People at all levels (i.e. from organisations to domestic environments; from system administrators to end-users) need to understand security concepts, how the issues may apply to them, and how to use the available technology to protect their systems. In addition, the technology itself can make a contribution by reducing the demands upon users, simplifying protection measures, and automating a variety of safeguards. With the above in mind, this symposium specifically addresses information security issues that relate to people. It concerns the methods that inform and guide users' understanding of security, and the technologies that can benefit and support them in achieving protection. The symposium welcomes papers addressing research and case studies in relation to any aspect of information security that pertains to the attitudes, perceptions and behaviour of people, and how human characteristics or technologies may be positively modified to improve the level of protection. Indicative themes include:
- Information security culture
- Awareness and education methods
- Enhancing risk perception
- Public understanding of security
- Usable security
- Psychological models of security software usage
- User acceptance of security policies and technologies
- User-friendly authentication methods
- Biometric technologies and impacts
- Automating security functionality
- Non-intrusive security
- Assisting security administration
- Impacts of standards, policies, compliance requirements
- Organizational governance for information assurance
- Simplifying risk and threat assessment
- Understanding motivations for misuse
- Social engineering and other human-related risks
- Privacy attitudes and practices
- Computer ethics and security

For more information, please see http://haisa.org/.

ECTCM 2015 3rd International Workshop on Emerging Cyberthreats and Countermeasures, Held in conjunction with the 10th International Conference on Availability, Reliability and Security (ARES 2015), Toulouse, France, August 24-28, 2015. (Submission Due 31 March 2015) [posted here 02/16/15]
The 3rd International Workshop on Emerging Cyberthreats and Countermeasures aims at bringing together researchers and practitioners working in different areas related to cybersecurity. In the elapsed year 2014 bleeding hearts, shocked shells, poodles and several more shocking vulnerabilities in essential parts of our IT (security) infrastructure emerged. We want to contribute to all technical, organizational and social facets of this problem. Contributions demonstrating current vulnerabilities and threats as well as new countermeasures are warmly welcome.

For more information, please see http://www.ares-conference.eu/conference/workshops/wsdf-2015/.

April 2015

Globecom-CISS 2015 IEEE Globecom 2015, Communication & Information System Security Symposium, San Diego, CA, USA, December 6-10, 2015. (Submission Due 1 April 2015) [posted here 02/09/15]
As communication and information systems become more indispensable to the society, their security has also become extremely critical. This symposium welcomes manuscripts on all aspects of the modeling, design, implementation, deployment, and management of security algorithms, protocols, architectures, and systems. Furthermore, contributions devoted to the evaluation, optimization, or enhancement of security and privacy mechanisms for current technologies, as well as devising efficient security and privacy solutions for emerging areas, from physical-layer technology up to cyber security, are solicited. The Communication & Information Systems Security Symposium seeks original contributions in the following topical areas, plus others that are not explicitly listed but are closely related:
- Anonymous communication, metrics and performance
- Attack, detection and prevention
- Authentication protocols and key management
- Availability and survivability of secure services and systems
- Biometric security: technologies, risks, vulnerabilities, bio-cryptography, mobile template protection
- Cloud, data center and distributed systems security
- Computer and network forensics
- Cryptography for network security
- Cyber security
- Digital rights management
- Firewall technologies
- Formal trust models, security modeling, and design of secure protocols
- Information systems security and security management
- Internet security and privacy
- Malware detection and damage recovery
- Network security metrics and performance
- Operating systems and application security
- Physical security and hardware/software security
- Post-quantum network security
- Privacy and privacy-enhancing technologies
- Security and privacy for mobile and wireless networks
- Security for cloud computing and networking
- Security for mobile and wireless networks
- Security for next-generation networks
- Security in virtual machine environments
- Security tools for communication and information systems
- Trustworthy computing
- Wired systems and optical network security

For more information, please see http://globecom2015.ieee-globecom.org/sites/globecom2015.ieee-globecom.org/files/u42/GC15_TPC_CFP_CISS_-_Communication_&_Information_System_Security.pdf.

RT2ND 2015 International Workshop on Risk and Trust in New Network Developments, Held in conjunction with the 10th International Conference on Availability, Reliability and Security (ARES 2015), Toulouse, France, August 24-28, 2015. (Submission Due 1 April 2015) [posted here 02/09/15]
The drive of being connected anywhere and anytime, the convenience of smart services, and advances in embedded computing have recently pushed new network developments. Several factors have contributed to this development, e.g., hardware advances (devices are smaller, more powerful, and batteries last longer), the heterogeneity of end-points (a range of devices and “intelligent things”), different architectures (networks of networks, self-configuring, opportunistic and ad-hoc networks), enhancements in technology (mobile, wireless, Bluetooth, RFID, NFC) and the ever more networked society (devices are increasingly affordable and ubiquitous). Such developments have created new network paradigms such as Vehicular Networks, Body Area Networks, Personal Area Networks, Smart Camera Networks, Virtualized Networks, Service-oriented Networks, Home Area Networks, and Named Data Networks. Novelties in network architectures, technologies and applications raise numerous challenges in terms of risk and trust, and in the trade-off between them. This workshop aims to bring together researchers and practitioners, and foment discussion on risk and trust in emerging networks and how to best defend against their misuse. We encourage different types of contributions – surveys, technical and empirical contributions.

For more information, please see http://www.ares-conference.eu/conference/workshops/rt2nd-2015/.

WSDF 2015 8th International Workshop on Digital Forensics, Held in conjunction with the 10th International Conference on Availability, Reliability and Security (ARES 2015), Toulouse, France, August 24-28, 2015. (Submission Due 1 April 2015) [posted here 02/09/15]
Digital forensics is a rapidly evolving field primarily focused on the extraction, preservation and analysis of digital evidence obtained from electronic devices in a manner that is legally acceptable. Research into new methodologies tools and techniques within this domain is necessitated by an ever-increasing dependency on tightly interconnected, complex and pervasive computer systems and networks. The ubiquitous nature of our digital lifestyle presents many avenues for the potential misuse of electronic devices in crimes that directly involve, or are facilitated by, these technologies. The aim of digital forensics is to produce outputs that can help investigators ascertain the overall state of a system. This includes any events that have occurred within the system and entities that have interacted with that system. Due care has to be taken in the identification, collection, archiving, maintenance, handling and analysis of digital evidence in order to prevent damage to data integrity. Such issues combined with the constant evolution of technology provide a large scope of digital forensic research. WSDF aims to bring together experts from academia, industry, government and law enforcement who are interested in advancing the state of the art in digital forensics by exchanging their knowledge, results, ideas and experiences. The aim of the workshop is to provide a relaxed atmosphere that promotes discussion and free exchange of ideas while providing a sound academic backing. The focus of this workshop is not only restricted to digital forensics in the investigation of crime. It also addresses security applications such as automated log analysis, forensic aspects of fraud prevention and investigation, policy and governance.

For more information, please see http://www.ares-conference.eu/conference/workshops/wsdf-2015/.

PST 2015 International Conference on Privacy, Security and Trust, Izmir, Turkey, July 21-23, 2015. (Submission Due 1 April 2015) [posted here 02/16/15]
This conference, the thirteenth in an annual series, provides a forum for researchers world-wide to unveil their latest work in privacy, security and trust and to show how this research can be used to enable innovation. High-quality papers in all PST related areas that, at the time of submission, are not under review and have not already been published or accepted for publications elsewhere are solicited. PST2015 topics include, but are NOT limited to, the following:
- Privacy Preserving / Enhancing Technologies
- Critical Infrastructure Protection
- Network and Wireless Security
- Operating Systems Security
- Intrusion Detection Technologies
- Secure Software Development and Architecture
- PST Challenges in e-Services, e.g. e-Health, e-Government, e-Commerce
- Network Enabled Operations
- Digital forensics
- Information Filtering, Data Mining and Knowledge from Data
- National Security and Public Safety
- Cryptographic Techniques for Privacy Preservation
- Security Metrics
- Recommendation, Reputation and Delivery Technologies
- Privacy, Traceability, and Anonymity
- Trust and Reputation in Self-Organizing Environments
- Anonymity and Privacy vs. Accountability
- Access Control and Capability Delegation

For more information, please see http://pst2015.yasar.edu.tr/.

IFIP-Summer School on Privacy and Identity Management 2015 10th IFIP Summer School on Privacy and Identity Management - Time for a Revolution?, Edinburgh, Scotland, August 16-21, 2015. (Submission Due 1 April 2015) [posted here 02/16/15]
The Summer School takes a holistic approach to society and technology and supports interdisciplinary exchange through keynote and plenary lectures, tutorials, workshops, and research paper presentations. In particular, participants' contributions that combine technical, legal, regulatory, socio-economic, social or societal, political, ethical, anthropological, philosophical, or psychological perspectives are welcome. The school seeks contributions in the form of research papers, tutorials, and workshop proposals from all disciplines (e.g., computer science, informatics, economics, ethics, law, psychology, sociology, political and other social sciences, surveillance studies, business and public management), and is especially inviting contributions from students who are at the stage of preparing either a master's or a PhD thesis. Topics of interest include, but are not limited to:
- big data analysis, biometrics, cloud computing, virtuality, data and visual analytics
- concepts of anonymity, pseudonymity, identity in different disciplines or cultures
- cybercrime and cybersecurity
- data breaches, data retention and law enforcement
- digital rights and net neutrality
- digital participation, participatory design, ethically-informed design, co-creation and co-ollaboration, ecosystems, and social actors' engagement in design
- health informatics, informed consent, and data-sharing
- impact of legislative or regulatory initiatives on privacy
- impact of technology on social exclusion/digital divide/social and cultural aspects
- privacy and identity management (services, technologies, infrastructures, usability aspects, legal and socio-economic aspects)
- privacy-by-design, privacy-by-default, and privacy impact assessment
- privacy-enhancing technologies (PETs), privacy standardisation, and privacy issues relating to eIDs
- profiling and tracking technologies
- public attitudes to (national) security and privacy
- roadmap towards increased privacy protection, use of PETs and privacy by design as a standard procedure
- semantics, web security, and privacy
- social accountability, social, legal and ethical aspects of technology and the Internet specifically
- social care, community care, integrated care and opportunities for as well as threats to individual and community privacy
- social networks, social computing, crowdsourcing and social movements
- surveillance, video surveillance, sensor networks, and the Internet of Things
- transparency-enhancing technologies (TETs)
- trust management and reputation systems
- ubiquitous and usable privacy and identity management

For more information, please see http://www.ifip-summerschool.org/ .

SPE 2015 IEEE 5th International Workshop on Security and Privacy Engineering, Co-located with 11th IEEE World Congress on Services (SERVICES 2015), New York, NY, USA, June 27 - July 2, 2015. (Submission Due 1 April 2015) [posted here 02/23/15]
Built upon the success of spectrum of conferences within the IEEE World Congress on Services and the Security and Privacy Engineering workshop, IEEE Security and Privacy Engineering (SPE 2015) theme is a unique place to exchange ideas of engineering secure systems in the context of service computing, cloud computing, and big data analytics. The emphasis on engineering in security and privacy of services differentiates the theme from other traditional prestigious security and privacy workshops, symposiums, and conferences. The practicality and value realization are examined by practitioners from leading industries as well as scientists from academia. In line with the engineering spirit, we solicit original papers presenting real solutions and visions on building secure service systems that can be applied to government procurement, digital medical records, cloud environments, social networking for business purposes, multimedia application, mobile commerce, education, and the like. Potential contributions could cover, but are not limited to, methodologies, protocols, tools, or verification and validation techniques. We also welcome review papers that analyze critically the status of current Security and Privacy (S&P) in a specific area. Papers from practitioners who encounter security and privacy problems and seek understanding are also welcome. Topics of interests of SPE 2015 include, but are not limited to:
- S&P Engineering of Service-Based Applications
- Security Engineering of Service Compositions
- Practical Approaches to Security Engineering of Services
- Privacy-Aware Service Engineering
- Industrial and Real Use Cases in S&P Engineering of (Cloud) Services
- S&P Engineering of Cloud Services
- Auditing and Assessment
- Assurance and Certification
- Cloud Transparency
- Security Management and Governance
- Privacy Enforcement in Clouds and Services
- Cybersecurity Issues of Clouds and Services
- Validation and Verification of S&P in Clouds and Services
- Applied Cryptography for S&P in Clouds and Services
- S&P Testing in Clouds and Services
- Security and Privacy Modeling
- Socio-Economics and Compliance
- Education and Awareness
- Big Data S&P Engineering
- Mobile Cloud S&P Engineering
- S&P Engineering into futuristic blue skies

For more information, please see http://sesar.di.unimi.it/SPE2015/.

ESORICS 2015 20th European Symposium on Research in Computer Security, Vienna, Austria, September 23-25, 2015. (Submission Due 4 April 2015) [posted here 01/12/15]
ESORICS is the annual European research event in Computer Security. The Symposium started in 1990 and has been held in several European countries, attracting a wide international audience from both the academic and industrial communities. Papers offering novel research contributions in computer security are solicited for submission to the Symposium. The primary focus is on original, high quality, unpublished research and implementation experiences. We encourage submissions of papers discussing industrial research and development. Topics of interest include, but are not limited to:
- access control
- accountability
- ad hoc networks
- anonymity
- applied cryptography
- authentication
- biometrics
- database security
- data protection
- digital content protection
- digital forensic
- distributed systems security
- electronic payments
- embedded systems security
- inference control
- information hiding
- identity management
- information flow control
- integrity
- intrusion detection
- formal security methods
- language-based security
- network security
- phishing and spam prevention
- privacy
- risk analysis and management
- secure electronic voting
- security architectures
- security economics
- security metrics
- security models
- security and privacy in cloud scenarios
- security and privacy in complex systems
- security and privacy in location services
- security and privacy for mobile code
- security and privacy in pervasive/ubiquitous computing
- security and privacy policies
- security and privacy in social networks
- security and privacy in web services
- security verification
- software security
- steganography
- systems security
- trust models and management
- trustworthy user devices
- web security
- wireless security

For more information, please see http://www.esorics2015.sba-research.org.

WISTP 2015 9th WISTP International Conference on Information Security Theory and Practice, Crete, Greece, August 24-25, 2015. (Submission Due 10 April 2015) [posted here 02/23/15]
Future ICT technologies, such as the concepts of Ambient Intelligence, Cyber-physical Systems, and Internet of Things provide a vision of the Information Society in which: a) people and physical systems are surrounded with intelligent interactive interfaces and objects, and b) environments are capable of recognising and reacting to the presence of different individuals or events in a seamless, unobtrusive, and invisible manner. The success of future ICT technologies will depend on how secure these systems are and to what extent they protect the privacy of individuals and individuals trust them. In 2007, Workshop in Information Security Theory and Practice (WISTP) was created as a forum for bringing together researchers and practitioners in related areas and to encourage interchange and cooperation between the research community and the industrial/consumer community. Based on the growing interest of the participants, 2015 edition is becoming a conference - The 9th WISTP International Conference on Information Security Theory and Practice (WISTP'2015). WISTP 2015 seeks original submissions from academia and industry presenting novel research on all theoretical and practical aspects of security and privacy, as well as experimental studies of fielded systems, the application of security technology, the implementation of systems, and lessons learned. We encourage submissions from other communities such as law, business, and policy that present these communities' perspectives on technological issues. Topics of interest include, but are not limited to:
- Security and Privacy in Smart Devices
- Security and Privacy in Networks
- Security and Privacy in Architectures, Protocols, Policies, Systems and Applications

For more information, please see http://www.wistp.org.

FCS 2015 Workshop on Foundations of Computer Security, Held in conjunction with IEEE CSF 2015, Verona, Italy, July 13, 2015. (Submission Due 10 April 2015) [posted here 03/02/15]
Computer security is an established field of both theoretical and practical significance. In recent years, there has been sustained interest in the formal foundations of methods used in computer security. The aim of the FCS 2015 workshop is to provide a forum for continued activity in this area. The scope of FCS 2015 includes, but is not limited to, the formal specification, analysis, and design of cryptographic protocols and their applications; the formal definition of various aspects of security such as access control mechanisms, mobile code security and denial-of-service attacks; the modelling of information flow and its application to confidentiality policies, system composition, and covert channel analysis. We are interested both in new theoretical results in computer security and also in more exploratory presentations that examine open questions and raise fundamental concerns about existing theories, as well as in new results on developing and applying automated reasoning techniques and tools for the formal specification and analysis of security protocols. We thus solicit submission of papers both on mature work and on work in progress. Please note that FCS has no published proceedings. Presenting a paper at the workshop should not preclude submission to or publication in other venues. Papers presented at the workshop will be made publicly available, but this will not constitute an official proceedings.

For more information, please see http://software.imdea.org/~bkoepf/FCS15/.

NSS 2015 9th International Conference on Network and System Security, New York City, NY, USA, November 3-5, 2015. (Submission Due 15 April 2015) [posted here 01/05/15]
NSS is an annual international conference covering research in network and system security. The conference seeks submissions from academia, industry, and government presenting novel research on all theoretical and practical aspects of network security, privacy, applications security, and system security. Papers describing case studies, implementation experiences, and lessons learned are also encouraged. Topics of interest include but are not limited to:
- Active Defense Systems
- Adaptive Defense Systems
- Applied Cryptography
- Analysis, Benchmark of Security Systems
- Authentication
- Biometric Security
- Complex Systems Security
- Database and System Security
- Data Protection
- Data/System Integrity
- Distributed Access Control
- Distributed Attack Systems
- Denial-of-Service
- High Performance Network Virtualization
- Hardware Security
- High Performance Security Systems
- Identity Management
- Intelligent Defense Systems
- Insider Threats
- Intellectual Property Rights Protection
- Internet and Network Forensics
- Intrusion Detection and Prevention
- Key Distribution and Management
- Large-scale Attacks and Defense
- Malware
- Network Resiliency
- Network Security
- RFID Security and Privacy
- Security Architectures
- Security for Critical Infrastructures
- Security in P2P systems
- Security in Cloud and Grid Systems
- Security in E-Commerce
- Security in Pervasive/Ubiquitous Computing
- Security and Privacy in Smart Grid
- Security and Privacy in Wireless Networks
- Security Policy
- Secure Mobile Agents and Mobile Code
- Security Theory and Tools
- Standards and Assurance Methods
- Trusted Computing
- Trust Management
- World Wide Web Security

For more information, please see http://anss.org.au/nss2015/index.htm.

CNS 2015 3rd IEEE Conference on Communications and Network Security, Florence, Italy, September 28-30, 2015. (Submission Due 24 April 2015) [posted here 01/19/15]
IEEE Conference on Communications and Network Security (CNS) is a new conference series in IEEE Communications Society (ComSoc) core conference portfolio and the only ComSoc conference focusing solely on cyber security. IEEE CNS is also a spin-off of IEEE INFOCOM, the premier ComSoc conference on networking. The goal of CNS is to provide an outstanding forum for cyber security researchers, practitioners, policy makers, and users to exchange ideas, techniques and tools, raise awareness, and share experience related to all practical and theoretical aspects of communications and network security. Building on the success of the past two years' conferences, IEEE CNS 2015 seeks original high-quality technical papers from academia, government, and industry. Topics of interest encompass all practical and theoretical aspects of communications and network security, all the way from the physical layer to the various network layers to the variety of applications reliant on a secure communication substrate. Submissions with main contribution in other areas, such as information security, software security, system security, or applied cryptography, will also be considered if a clear connection to secure communications/networking is demonstrated. Particular topics of interest include, but are not limited to:
- Anonymization and privacy in communication systems
- Biometric authentication and identity management
- Computer and network forensics
- Data and application security
- Data protection and integrity
- Availability of communications, survivability of networks in the presence of attacks
- Key management and PKI for networks
- Information-theoretic security
- Intrusion detection and prevention
- Location privacy
- Mobile security
- Outsourcing of network and data communication services
- Physical layer security methods, cross-layer methods for enhancing security
- Secure routing, network management
- Security for critical infrastructures
- Security metrics and performance evaluation
- Security and privacy for big data
- Security and privacy in body area networks
- Security and privacy in content delivery network
- Security and privacy in cloud computing and federated cloud
- Security and privacy in crowdsourcing
- Security and privacy in the Internet of Things
- Security and privacy in multihop wireless networks: ad hoc, mesh, sensor, vehicular and RFID networks
- Security and privacy in peer-to-peer networks and overlay networks
- Security and privacy in single-hop wireless networks: Wi-Fi, Wi-Max
- Security and privacy in smart grid, cognitive radio networks, and disruption/delay tolerant networks
- Security and privacy in social networks
- Security and privacy in pervasive and ubiquitous computing
- Social, economic and policy issues of trust, security and privacy
- Traffic analysis
- Usable security for networked computer systems
- Vulnerability, exploitation tools, malware, botnet, DDoS attacks
- Web, e-commerce, m-commerce, and e-mail security

For more information, please see http://cns2015.ieee-cns.org/.

May 2015

CRITIS 2015 10th International Conference on Critical Information Infrastructures Security, Berlin, Germany, October 5-7, 2015. (Submission Due 10 May 2015) [posted here 03/09/15]
CRITIS 2015 has four foci. Topic category 1, Resilience and protection of cyber-physical systems, covers advances in the classical CIIP sectors telecommunication, cyber systems and electricity infrastructures. Topic category 2 focuses on advances in C(I)IP policies and best practices in C(I)IP specifically from stakeholders' perspectives. In topic category 3, general advances in C(I)IP, we are explicitly inviting contributions from additional infrastructure sectors like energy, transport, and smart built infrastructure) and cover also cross-sector CI(I)P aspects. In 2013, the CRITIS series of conferences has started to foster contributions from young experts and researchers ("Young CRITIS"), and in 2014 this has been reinforced by the first edition of the CIPRNet Young CRITIS Award (CYCA). We will continue both activities at CRITIS 2015, since our demanding multi-disciplinary field of research requires open-minded talents.

For more information, please see http://www.critis2015.org.

ACM-CCS 2015 22nd ACM Conference on Computer and Communications Security, Denver, Colorado, USA, October 12-16, 2015. (Submission Due 15 May 2015) [posted here 02/02/15]
The ACM Conference on Computer and Communications Security (CCS) is the flagship annual conference of the Special Interest Group on Security, Audit and Control (SIGSAC) of the Association for Computing Machinery (ACM). The conference brings together information security researchers, practitioners, developers, and users from all over the world to explore cutting-edge ideas and results. It provides an environment to conduct intellectual discussions. From its inception, CCS has established itself as a high standard research conference in its area.

For more information, please see http://www.sigsac.org/ccs/CCS2015.

June 2015
July 2015

ICISS 2015 11th International Conference on Information Systems Security, Kolkata, India, December 16-20, 2015. (Submission Due 29 July 2015) [posted here 02/02/15]
The conference series ICISS (International Conference on Information Systems Security), held annually, provides a forum for disseminating latest research results in information and systems security. ICISS 2015, the eleventh conference in this series, will be held under the aegis of the Society for Research in Information Security and Privacy (SRISP). Submissions are encouraged from academia, industry and government, addressing theoretical and practical problems in information and systems security and related areas. Topics of interest include but are not limited to:
- Access and Usage Control
- Application Security
- Authentication and Audit
- Biometric Security
- Cloud Security
- Cryptographic Protocols
- Cyber-physical Systems Security
- Data Security and Privacy
- Digital Forensics
- Digital Rights Management
- Distributed Systems Security
- Formal Models in Security
- Identity Management
- Intrusion Detection and Prevention
- Intrusion Tolerance and Recovery
- Key Management
- Language-based Security
- Malware Analysis and Mitigation
- Network Security
- Operating Systems Security
- Privacy and Anonymity
- Secure Data Streams
- Security and Usability
- Security Testing
- Sensor and Ad Hoc Network Security
- Smartphone Security
- Software Security
- Usable Security
- Vulnerability Detection and Mitigation
- Web Security

For more information, please see http://www.iciss.org.in.

Archival Journals Regularly Specializing in Security and Privacy

Journal of Privacy Technology (JOPT),   Editor-in-Chief:  Latanya Sweeney
This online-only Journal, started in 2004 and  operated by Carnegie Mellon University, is a forum for the publication of original current research in privacy technology. It encourages the submission of any material dealing primarily with the technological aspects of privacy or with the privacy aspects of technology, which may include analysis of the interaction between policy and technology or the technological implications of legal decisions.  More information can be found at http://www.jopt.org/.

IEEE Security and Privacy Magazine,   Editor-in-Chief: Shari Lawrence Pfleeger
IEEE Security & Privacy provides a unique combination of research articles, case studies, tutorials, and regular departments covering diverse aspects of information assurance such as legal and ethical issues, privacy concerns, tools to help secure information, analysis of vulnerabilities and attacks, trends and new developments, pedagogical and curricular issues in educating the next generation of security professionals, secure operating systems and applications, security issues in wireless networks, design and test strategies for secure and survivable systems, and cryptology.  More information can be found at http://www.computer.org/portal/web/computingnow/securityandprivacy.

ACM Transactions on Information and System Security,   Editor-in-Chief: Gene Tsudik
ACM invites submissions for its Transactions on Information and System Security, inaugurated in November 1998. TISSEC publishes original archival-quality research papers and technical notes in all areas of information and system security including technologies, systems, applications, and policies. Papers should have practical relevance to the construction, evaluation, application, or operation of secure systems. Theoretical papers will be accepted only if there is convincing argument for the practical significance of the results. Theory must be justified by convincing examples illustrating its application. More information is given on the journal web page at http://www.acm.org/tissec.

IEEE Transactions on Dependable and Secure Computing,   Editor-in-Chief: Ravi Sandhu
The IEEE Transactions on Dependable and Secure Computing publishes archival research results related to research into foundations, methodologies, and mechanisms that support the achievement—through design, modeling, and evaluation—of systems and networks that are dependable and secure to the desired degree without compromising performance. The focus will also include measurement, modeling, and simulation techniques, and foundations for jointly evaluating, verifying, and designing for performance, security, and dependability constraints. More information is given on the journal web page at http://www.computer.org/portal/web/tdsc.

The Springer Series on ADVANCES IN INFORMATION SECURITY
The purpose of the Advances in Information Security book series is to establish the state of the art and set the course for future research in information security. The scope of this series includes not only all aspects of computer, network security, and cryptography, but related areas, such as fault tolerance and software assurance. The series serves as a central source of reference for information security research and developments. The series aims to publish thorough and cohesive overviews on specific topics in Information Security, as well as works that are larger in scope than survey articles and that will contain more detailed background information. The series also provides a single point of coverage of advanced and timely topics and a forum for topics that may not have reached a level of maturity to warrant a comprehensive textbook. Prospective Authors or Editors: If you have an idea for a book that would fit in this series, we would welcome the opportunity to review your proposal. Should you wish to discuss any potential project further or receive specific information regarding book proposal requirements, please contact Professor Sushil Jajodia (jajodia@gmu.edu,703-993-1653).
 
Journal of Computer Security,   Editor-in-Chief: John Mitchell and Pierangela Samarati
JCS is an archival research journal for significant advances in computer security. Subject areas include architecture, operating systems, database systems, networks, authentication, distributed systems, formal models, verification, algorithms, mechanisms, and policies. All papers must be submitted online at http://www.iospress.nl/journal/journal-of-computer-security/. More information is given on the journal web page at http://jcs.stanford.edu/.
 
Computers & Security,   Editor-in-Chief: Eugene H. Spafford
Computers & Security aims to satisfy the needs of managers and experts involved in computer security by providing a blend of research developments, innovations, and practical management advice. Original submissions on all computer security topics are invited, particularly those of practical benefit to the practitioner. All papers must be submitted online at http://ees.elsevier.com/cose/. More information can be found at http://www.elsevier.com/locate/issn/01674048.
 
International Journal of Information Security,   Editors-in-Chief: D. Gollmann; J. Lopez; E. Okamoto
The International Journal of Information Security, IJIS, aims to provide prompt publication of important technical work in information security, attracting any person interested in communications, commerce, banking, medicine, or other areas of endeavor affected by information security. Any research submission on theory, applications, and implementations of information security is welcomed. This includes, but is not limited to, system security, network security, content protection, applications and foundations of information security. More information is given on the journal web page at http://www.springer.com/computer/security+and+cryptology/journal/10207.
 
International Journal of Network Security,   Editors-in-Chief: Min-Shiang Hwang
International Journal of Network Security is an international official journal of Science Publications, publishing original articles, reviews and short communications of a high scientific and technology in network security. Subjects covered include: access control, computer security, cryptography, communications security, data security, database security, electronic commerce security, information security, multimedia security, and network security. Authors are strongly encouraged to submit their papers electronically by using online manuscript submission at http://ijns.nchu.edu.tw/, or submit their Word, ps or pdf file to the editor-in-chief (via Email: mshwang@isrc.nchu.edu.tw): Min-Shiang Hwang, at the Department of Management Information Systems, National Chung Hsing University, Taiwan, R.O.C.  More information can be found at http://ijns.femto.com.tw/.
 
International Journal of Security and Networks,   Editors-in-Chief: Yang Xiao
International Journal of Security and Networks is an archival research journal for significant advances in network security. Subject areas include attack models, security mechanisms, security services, authentication, authorization, access control, multicast security, data confidentiality, data integrity, non-repudiation, forensics, privacy protection, secure protocols, formal analyses, intrusion detection, key management, trust establishment, revocation of malicious parties, security policies, fraudulent usage, dependability and reliability, prevention of traffic analysis, network security performance evaluation, tradeoff analysis between performance and security, security standards, etc. All papers must be submitted online at http://www.inderscience.com/ijsn/. More information is given on the journal web page at http://www.inderscience.com/ijsn/.
 
International Journal of Critical Infrastructure Protection,   Editors-in-Chief: Sujeet Shenoi
International Journal of Critical Infrastructure Protection's primary aim is to publish high quality scientific and policy papers in all areas of critical infrastructure protection. Of particular interest are articles that weave science, technology and policy to craft sophisticated yet practical solutions that will secure information, computer and network assets in the various critical infrastructure sectors. All papers must be submitted online at http://www.elsevier.com/locate/ijcip. More information is given on the journal web page at http://www.elsevier.com/locate/ijcip.
 
IEEE Transactions on Information Forensics and Security,   Editors-in-Chief: C.-C. Jay Kuo
IEEE Transactions on Information Forensics and Security aims to provide a unified locus for archival research on the fundamental contributions and the mathematics behind information forensics, information security, surveillance, and systems applications that incorporate these features. Authors are strongly encouraged to submit their papers electronically to the online manuscript system, Manuscript Central, via sps-ieee.manuscriptcentral.com.  More information can be found at http://www.ieee.org/organizations/society/sp/tifs.html.
 
EURASIP Journal on Information Security,   Editors-in-Chief: Stefan Katzenbeisser
EURASIP Journal on Information Security aims to bring together researchers and practitioners dealing with the general field of information security, with a particular emphasis on the use of signal processing tools in adversarial environments. As such, it addresses all works whereby security is achieved through a combination of techniques from cryptography, computer security, machine learning and multimedia signal processing. Application domains lie, for example, in secure storage, retrieval and tracking of multimedia data, secure outsourcing of computations, forgery detection of multimedia data, or secure use of biometrics. The journal also welcomes survey papers that give the reader a gentle introduction to one of the topics covered as well as papers that report large-scale experimental evaluations of existing techniques. Pure cryptographic papers are outside the scope of the journal. The journal also welcomes proposals for Special Issues. All papers must be submitted online at http://jis.eurasipjournals.com/manuscript.  More information can be found at http://jis.eurasipjournals.com.