Cipher
Calls for Papers



IEEE Computer Society's Technical Committee on Security and Privacy


 

Last Modified:09/09/14

Note: Please send new calls to cipher-cfp@ieee-security.org and take a moment to read the submission guidelines. And please see the Cipher Calendar for events sorted in date order. For all other questions, please contact cipher-cfp@ieee-security.org by email.

Contents

 

Special Issues of Journals and Handbooks


Journal of Computer Security, Special Issue on Security and High Performance Computing Systems, 2015, (Submission Due 15 September 2014) [posted here 06/23/14]

Editor: Luca Spalazzi (Università di Ancona, Italy) and Luca Viganò (King's College London, UK)

Providing high performance computing and security is a challenging task. On the one hand, Internet, operating systems and distributed environments currently suffer from poor security support and cannot resist common attacks. On the other hand, adding security measures typically degrades performance. The relationships between security and high performance computing systems thus raise a number of problems and challenges that are of interest for this special issue, such as (but not limited to) the following ones: (1). How to enforce security requirements in high performance computing systems. For instance, which kind of obfuscation techniques can enforce privacy in a cloud storage, or how grid security can be verified at design-time (formal verification) or at run-time (run-time verification). In this case, safety properties can also be addressed, such as availability and fault tolerance for high performance computing systems. (2). How to use high performance computing systems to solve security problems. For instance, a grid computation can break an encryption code, and a cluster can support high performance intrusion detection or a distributed formal verification system. More generally, this topic addresses every efficient use of a high performance computing systems to improve security. (3). The tradeoffs between maintaining high performance and achieving security in computing systems and solutions to balance the two objectives. In all these directions, various formal analyses, as well as performance analyses or monitoring techniques can be conducted to show the efficiency of a security infrastructure. The special issue seeks submissions from academia and industry presenting novel research on all theoretical and practical aspects of computer and network security, as well as case studies and implementation experiences. Papers should have practical relevance to the construction, evaluation, application, or operation of secure systems. The topics of interest include (but are not limited to) the following:
- Access Control
- Accounting and Audit
- Anonymity
- Applied Cryptography
- Authentication
- Cloud Security
- Commercial and Industry Security
- Cryptographic Protocols
- Data and Application Security
- Data/System Integrity
- Database Security
- Digital Rights Management
- Formal Verification of Secure Systems
- Identity Management
- Inference/Controlled Disclosure
- Information Warfare
- Intellectual Property Protection
- Intrusion and Attack Detection
- Intrusion and Attack Response
- Key Management
- Privacy-Enhancing Technology
- Secure Networking
- Secure System Design
- Security Monitoring & Management
- Security for Mobile Code
- Security for Specific Domains (e.g., E-Government, E-Business, P2P)
- Security in IT Outsourcing
- Security in Mobile and Wireless Networks
- Security in Untrusted & Adversarial Environments and Systems
- Security in Operating Systems
- Security Location Services
- Security of Grid and Cluster Architectures
- Security Visualization
- Smartcards
- Trust Management Policies
- Trust Models
- Web Security
- Web Services Security

For more information, please see http://www.gii.it/news/call-for-papers/137-jcs-special-issue.html.

IEEE Transactions on Cloud Computing, Special Issue on Security and Privacy Protection on Clouds, 2nd Quarter, 2015, (Submission Due 15 September 2014) [posted here 09/08/14]

Editor: Meikang Qiu (Pace University, USA) and Sun-Yuan Kung (Princeton University, USA)

The emerging paradigm of cloud computing provides a new way to address the constraints of limited energy, capabilities, and resources. Researchers and practitioners have embraced cloud computing as a new approach that has the potential for a profound impact in our daily life and world economy. However, security and privacy protection is a critical concern in the development and adoption of cloud computing. To avoid system fragility and defend against vulnerabilities exploration from cyber attacker, various cyber security techniques and tools have been developed for cloud systems. This special issue will focus on the challenging topic-"Security and Privacy Protection on Clouds" and invites the state-of-the-art research results to be submitted here. This special issue calls for original, high-quality, high-impact research papers related to the following broad topics, but are not limited to:
- Cloud Security in New Paradigms
- Mobile cloud security
- Mobile cloud privacy protection
- Cloud hacking and virus protection
- Cloud browser security
- Next generation fire wall for clouds
- Cloud monitoring
- Cloud incident response
- Digital forensics in clouds
- Big data security in clouds
- Cloud data center security
- Database security for cloud systems
- Social engineering in clouds
- Insider threats and models in clouds
- Advance spear phishing in clouds
- Cloud threat intelligence for cloud systems
- Reliability and fault tolerance for cloud systems
- Cloud-based tele-health and medical security and privacy protection
- Hardware-related security in clouds
- Security and performance trade-off
- Energy-aware security in clouds
- Infrastructure security for clouds

For more information, please see http://www.computer.org/cms/Computer.org/transactions/cfps/cfp_tccsi_sppc.pdfl.

Wiley Security and Communication Networks (SCN), Special Issue on Security and Privacy in Internet of Things: Methods, Architectures and Solutions, Summer/Autumn, 2015, (Submission Due 30 September 2014) [posted here 08/18/14]

Editor: Guangjie Han (Hohai University, China), Lei Shu (Guangdong University of Petrochemical Technology, China), Sammy Chan (City University of Hong Kong, Hong Kong, China), and Jiankun Hu (University of New South Wales at the Australian Defence Force Academy, Australia).

Internet of Things (IoT) is a rapidly developing research area cross various technological fields including computer science, electronic engineering, mobile and wireless communications, embedded systems, etc. Many technologies serve as the building blocks of this new paradigm, such as wireless sensor networks (WSN), RFID, cloud services, machine-to-machine interfaces (M2M), and so on. IoT will allow billions of objects in the physical world as well as virtual environments to exchange data with each other in an autonomous way so as to create smart environments such as automotive, healthcare, logistics, environmental monitoring, and many others. However, IoT introduces new challenges for the security of systems and processes and the privacy of individuals. Protecting the information in IoT is a complex and difficult task. IoT requires global connectivity and accessibility which means anyone can access in anytime and anyway. It results in that the number of attack vectors available to malicious attackers might become staggering. Furthermore, the inherent complexity of the IoT, where multiple heterogeneous entities located in different contexts can exchange information with each other, further complicates the design and deployment of efficient, interoperable and scalable security mechanisms. The ubiquitous and clouding computing also makes the problem of privacy leakage get urgent. As a result, there is an increasing demand for development of new security and privacy approaches to guarantee the security, privacy, integrity and availability of resources in IoTs. This special issue aims to bring together state-of-the-art contributions on Internet of Things Security and Privacy: discover the existing IoT security challenges, introduce threats and attacker models that can be applied to IoT architectures, design methods of secure IoT applications and architectures, collect quality research proposals with a solid background in both theoretical and practical aspects. Original, unpublished contributions are solicited in all aspects of this discipline. Suitable topics include but are not limited to the following in the context of IoT:
- Cyber security in the IoT
- Secure policy, model and architecture for the IoT
- Security and privacy for the IoT network and systems
- Secure communication technologies for the IoT
- Security and privacy in cloud computing applied to the IoT
- Security and privacy in sensor networks applied to the IoT
- Security and privacy in parallel and distributed systems applied to the IoT
- Intrusion detection and avoidance techniques for the IoT
- Identity, authentication, authorization and accounting techniques for the IoT
- Threat and vulnerability modeling for the IoT
- Lightweight cryptographic solutions for the IoT
- Key agreement, distribution and management techniques for the IoT
- Privacy and anonymity techniques for the IoT
- Trust establishment, negotiation and management techniques for the IoT
- Trusted network computing, operating systems, software and applications for the IoT
- Risk and reputation management techniques for the IoT
- Secure network protocols and frameworks for the IoT
- Secure access control technologies and frameworks for the IoT
- Secure solutions for realization of IoT
- Privacy-preserving IoT applications

For more information, please see http://onlinelibrary.wiley.com/doi/10.1002/sec.1065/full.

IEEE Transactions on Dependable and Secure Computing, Special Issue on Cyber Crime, 2015, (Submission Due 1 October 2014) [posted here 04/28/14]

Editor: Wojciech Mazurczyk (Warsaw University of Technology, Poland), Thomas J. Holt (School of Criminal Justice, Michigan State University, USA) and Krzysztof Szczypiorski (Warsaw University of Technology, Poland)

Cyber crimes reflect the evolution of criminal practices that have adapted to the world of information and communication technologies. Cybercriminality has become a curse of the modern world with the potential to affect every one nationally and/or internationally. Individuals, companies, governments and institutions may become victims as well as (involuntary) helpers of cyber criminals. The inability to provide cyber-security can potentially have a tremendous socio-economic impact on global enterprises as well as individuals. The aim of this special issue is to bring together the research accomplishments provided by the researchers from academia and the industry. The other goal is to show the latest research results in the field of cyber crime. Prospective authors will be encouraged to submit related distinguished research papers on the subject of both: theoretical approaches and practical case reviews. Topics of interest include, but are not limited to:
- Cyber-crime science
- Emerging cybercriminals techniques and countermeasures
- Cyber forensics and anti-forensic procedures, techniques, tools and analysis
- Cyber crime investigations & incident response
- Active and passive cyber crime defense techniques, tools and mechanisms
- Cybersecurity testbeds, tools, methodologies
- Cyber threat modeling analysis, cyber risk and vulnerability assessment
- Cyber warfare & cyber terrorism
- Cybersecurity economic modeling and metrics
- Cybersecurity standards, policy, law, and regulation
- Legal, ethical and policy issues related to cyber crime
- Human and behavioral issues in cyber crime
- Network traffic analysis and modelling for cyber crime science
- Deviant activities and crime patterns
- Insider threat detection and prevention
- Misuse of personal data and the right to online privacy

For more information, please see http://www.computer.org/cms/Computer.org/transactions/cfps/cfp_tdscsi_cc.pdf.

Elsevier Computer Communications Journal, Special Issue on Security and Privacy in Unified Communications: Challenges and Solutions, 2015, (Submission Due 31 October 2014) [posted here 07/14/14]

Editor: Georgios Karopoulos (Joint Research Centre (JRC), Italy), Georgios Portokalidis (Stevens Institute of Technology, USA), Josep Domingo-Ferrer (Universitat Rovira i Virgili, Catalonia), Ying-Dar Lin (National Chiao Tung University (NCTU), Taiwan), Dimitris Geneiatakis (Joint Research Centre (JRC), Italy), and Georgios Kambourakis (University of the Aegean, Greece)

Unified Communications (UC) merge different communication technologies, types of products, and services, from various manufacturers, operators, and countries, following diverse policies and standards. Specifically, in the context of UC, a range of communication tools are integrated in a way that both corporations and individuals are able to manage all their communications in one entity instead of doing it disjointly. It is therefore said that UC bridges the opening between the various computer related communication technologies and Voice over IP (VoIP). However, this high level of heterogeneity expands the risks related to security and privacy that stakeholders should deal with. To eliminate or even prevent the increasing threats to end-users and operators, it is important to explore this growing and timely research topic. This feature topic will benefit the research community towards identifying challenges and disseminating the latest methodologies and solutions to UC security and privacy issues. Its objective is to publish high-quality articles presenting open issues, algorithms, protocols, policies, frameworks, standards, and solutions for UC related to security and privacy. Only technical papers describing previously unpublished, original, state-of-the-art research, and not currently under review by a conference or a journal will be considered. Reviews and case studies which address state-of-art research and state-of-practice industry experiences are also welcomed. We solicit papers in a variety of topics related to unified communications security and privacy, including, but not limited to:
- Authorization and access control for UC services
- Denial of service prevention schemes for UC
- Reliability and availability issues on UC
- Penetration testing, intrusion detection and prevention
- End-to-end security solutions
- Cryptographic protocols for UC
- Voice security
- Signaling security and privacy
- Multimedia application security and privacy analysis
- Multimedia communication platforms vulnerabilities and attacks
- Security and privacy in mobile communication services
- Smartphone multimedia apps security and privacy
- Social networking security and privacy
- Testbed and case studies for secure and private UC services
- Trust establishment in UC
- IP Multimedia Subsystem (IMS) security
- Privacy and identity management
- Privacy enhancing technologies for UC
- Privacy models for UC
- Security and privacy assessment for UC
- Security policies
- Auditing, verification, and validation of UC services
- Risk analysis and management
- Cyber-security issues affecting UC
- Protection of UC as a Critical Information Infrastructure
- VoIP peering security issues

For more information, please see http://www.journals.elsevier.com/computer-communications/call-for-papers/special-issue-on-security-and-privacy-in-unified-communicati/.

Conference and Workshop Call-for-papers

September 2014

ESSoS 2015 6th International Symposium on Engineering Secure Software and Systems, Milan, Italy, March 4-6, 2015. (Submission Due 8 September 2014) [posted here 06/23/14]
Trustworthy, secure software is a core ingredient of the modern world. So is the Internet. Hostile, networked environments, like the Internet, can allow vulnerabilities in software to be exploited from anywhere. To address this, high-quality security building blocks (e.g., cryptographic components) are necessary, but insufficient. Indeed, the construction of secure software is challenging because of the complexity of modern applications, the growing sophistication of security requirements, the multitude of available software technologies and the progress of attack vectors. Clearly, a strong need exists for engineering techniques that scale well and that demonstrably improve the software's security properties. The goal of this symposium, which will be the sixth in the series, is to bring together researchers and practitioners to advance the states of the art and practice in secure software engineering. Being one of the few conference-level events dedicated to this topic, it explicitly aims to bridge the software engineering and security engineering communities, and promote cross-fertilization. The symposium will feature two days of technical program. In addition to academic papers, the symposium encourages submission of high-quality, informative industrial experience papers about successes and failures in security software engineering and the lessons learned. Furthermore, the symposium also accepts short idea papers that crisply describe a promising direction, approach, or insight. Paper submissions are solicited in all areas relating to secure software and secure systems research, including but not limited to:
- Cloud security, virtualization for security
- Mobile devices security
- Automated techniques for vulnerability discovery and analysis
- Model checking for security
- Binary code analysis, reverse-engineering
- Programming paradigms, models, and domain-specific languages for security
- Operating system security
- Verification techniques for security properties
- Malware: detection, analysis, mitigation
- Security in critical infrastructures
- Security economics
- Security by design
- Static and dynamic code analysis for security
- Web applications security
- Program rewriting techniques for security
- Security measurements
- Empirical secure software engineering
- Security-oriented software reconfiguration and evolution
- Computer forensics
- Processes for the development of secure software and systems
- Human-computer interaction for security
- Security testing
- Embedded software security

For more information, please see https://distrinet.cs.kuleuven.be/events/essos/2015/calls-papers.html.

ICISSP 2015 1st International Conference on Information Systems Security and Privacy, ESEO, Angers, Loire Valley, France, February 9-11, 2015. (Submission Due 9 September 2014) [posted here 06/30/14]
The International Conference on Information Systems Security and Privacy aims at creating a meeting point of researchers and practitioners that address security and privacy challenges that concern information systems, especially in organizations, including not only technological issues but also social issues. The conference welcomes papers of either practical or theoretical nature, presenting research or applications addressing all aspects of security and privacy, such as methods to improve the accuracy of data, encryption techniques to conceal information in transit and avoid data breaches, identity protection, biometrics, access control policies, location information and mobile systems privacy, transactional security, social media privacy control, web and email vulnerabilities, trust management, compliance violations in organizations, security auditing, and so on. Cloud computing, big data, and other IT advances raise added security and privacy concerns to organizations and individuals, thus creating new research opportunities. Each of these topic areas is expanded below but the sub-topics list is not exhaustive. Papers may address one or more of the listed sub-topics, although authors should not feel limited by them. Unlisted but related sub-topics are also acceptable, provided they fit in one of the following main topic areas:
- Data and Software Security
- Trust
- Privacy and Confidentiality
- Mobile Systems Security
- Biometric Authentication

For more information, please see http://www.icissp.org/.

CODASPY 2015 5th ACM Conference on Data and Application Security and Privacy, San Antonio, Texas, USA, March 2-4 2015. (Submission Due 15 September 2014) [posted here 07/21/14]
Data and applications security and privacy has rapidly expanded as a research field with many important challenges to be addressed. The goal of the ACM Conference on Data and Applications Security (CODASPY) is to discuss novel, exciting research topics in data and application security and privacy and to lay out directions for further research and development in this area. The conference seeks submissions from diverse communities, including corporate and academic researchers, open-source projects, standardization bodies, governments, system and security administrators, software engineers and application domain experts. Topics of interest include, but are not limited to:
- Application-layer security policies
- Access control for applications
- Access control for databases
- Data-dissemination controls
- Data forensics
- Enforcement-layer security policies
- Privacy-preserving techniques
- Private information retrieval
- Search on protected/encrypted data
- Secure auditing
- Secure collaboration
- Secure data provenance
- Secure electronic commerce
- Secure information sharing
- Secure knowledge management
- Secure multiparty computations
- Secure software development
- Securing data/apps on untrusted platforms
- Securing the semantic web
- Security and privacy in GIS/spatial data
- Security and privacy in healthcare
- Security policies for databases
- Social computing security and privacy
- Social networking security and privacy
- Trust metrics for applications, data, and users
- Usable security and privacy
- Web application security

For more information, please see http://www.codaspy.org/.

FC 2015 19th International Conference on Financial Cryptography and Data Security, San Juan, Puerto Rico, January 26-30, 2015. (Submission Due 15 September 2014) [posted here 08/18/14]
Financial Cryptography and Data Security is a major international forum for research, advanced development, education, exploration, and debate regarding information assurance, with a specific focus on financial, economic and commercial transaction security. Original works focusing on securing commercial transactions and systems are solicited; fundamental as well as applied real-world deployments on all aspects surrounding commerce security are of interest. Submissions need not be exclusively concerned with cryptography. Systems security, economic or behavioral perspectives, and, more generally, inter-disciplinary efforts are particularly encouraged. Topics of interests include, but are not limited to:
- Access Control
- Anonymity and Privacy
- Applied Cryptography
- Auctions and Mechanisms
- Authentication and Identification
- Behavioral Aspects of Security and Privacy
- Biometrics
- Certification and Audits
- Cloud Computing and Data Outsourcing Security
- Commercial Cryptographic Applications
- Contactless Payment and Ticketing Systems
- Cryptographic Currencies
- Digital Cash and Payment Systems
- Digital Rights Management
- Economics of Security and Privacy
- Electronic Commerce Security
- Electronic Crime and Underground Markets
- Fraud Detection and Forensics
- Game Theory for Security and Privacy
- Identity Theft
- Insider Threats
- Legal and Regulatory Issues
- Microfinance and Micropayments
- Mobile Systems Security and Privacy
- Phishing and Social Engineering
- Reputation Systems
- Risk Assessment and Management
- Secure Banking and Financial Services
- Smart Contracts and Financial Instruments
- Smartcards, Secure Tokens and Secure Hardware
- Social Networks Security and Privacy
- Trust Management
- Usability and Security
- Virtual Goods and Virtual Economies
- Voting Systems
- Web Security

For more information, please see http://fc15.ifca.ai/.

October 2014

IFIP119-DF 2015 11th Annual IFIP WG 11.9 International Conference on Digital Forensics, Orlando, Florida, USA, January 26-28, 2015. (Submission Due 10 October 2014) [posted here 06/16/14]
The IFIP Working Group 11.9 on Digital Forensics (www.ifip119.org) is an active international community of scientists, engineers and practitioners dedicated to advancing the state of the art of research and practice in digital forensics. The Eleventh Annual IFIP WG 11.9 International Conference on Digital Forensics will provide a forum for presenting original, unpublished research results and innovative ideas related to the extraction, analysis and preservation of all forms of electronic evidence. Papers and panel proposals are solicited. All submissions will be refereed by a program committee comprising members of the Working Group. Papers and panel submissions will be selected based on their technical merit and relevance to IFIP WG 11.9. The conference will be limited to approximately sixty participants to facilitate interactions between researchers and intense discussions of critical research issues. Keynote presentations, revised papers and details of panel discussions will be published as an edited volume - the eleventh volume in the well-known Research Advances in Digital Forensics book series (Springer, Heidelberg, Germany) during the summer of 2015. Technical papers are solicited in all areas related to the theory and practice of digital forensics. Areas of special interest include, but are not limited to:
- Theories, techniques and tools for extracting, analyzing and preserving digital evidence
- Network and cloud forensics
- Embedded device forensics
- Digital forensic processes and workflow models
- Digital forensic case studies
- Legal, ethical and policy issues related to digital forensics

For more information, please see http://www.ifip119.org.

PPREW 2014 4th Program Protection and Reverse Engineering Workshop, Co-Located with the Annual Computer Security Applications Conference (ACSAC 2014), New Orleans, LA, USA, December 9, 2014. (Submission Due 10 October 2014) [posted here 08/18/14]
Program protection and reverse engineering are dualisms of good and evil. Beneficial uses of reverse engineering abound: malicious software needs to be analyzed and understood in order to prevent their spread and to assess their functional footprint; owners of intellectual property (IP) at times need to recover lost or unmaintained designs. Conversely, malicious reverse engineering allows illegal copying and subversion; designers can employ obfuscation and tamper-proofing on IP to target various attack vectors. In this sense, protecting IP and protecting malware from detection and analysis is a double-edged sword: depending on the context, the same techniques are either beneficial or harmful. Likewise, tools that deobfuscate malware in good contexts become analysis methods that support reverse engineering for illegal activity. PPREW invites papers on practical and theoretical approaches for program protection and reverse engineering used in beneficial contexts, focusing on analysis/ deobfuscation of malicious code and methods/tools that hinder reverse engineering. Ongoing work with preliminary results, theoretical approaches, tool-based methods, and empirical studies on various methods are all appropriate. Studies on hardware/circuit based methods or software/assembly based mechanisms are within scope of the workshop. We expect the workshop to provide exchange of ideas and support for cooperative relationships among researchers in industry, academia, and government. Topics of interest include, but are not limited, to the following:
- Obfuscation / Deobfuscation (polymorphism)
- Tamper-proofing / Hardware-based protection
- Theoretic proofs for exploitation or protection
- Software watermarking / Digital fingerprinting
- Reverse engineering tools and techniques
- Side channel analysis and vulnerability mitigation
- Program / circuit slicing
- Information hiding and discovery
- Virtualization for protection and/or analysis
- Forensic and anti-forensic protection
- Moving target and active cyber defense
- Theoretic analysis frameworks (Abstract Interpretation, Homomorphic Encryption, Term Rewriting Systems, Machine Learning, Large Scale Boolean Matching)
- Component / Functional Identification
- Program understanding
- Source code (static/dynamic) analysis techniques

For more information, please see http://www.pprew.org.

HOST 2015 IEEE International Symposium on Hardware Oriented Security and Trust, Washington DC Metro Area, USA, May 5-7, 2015 . (Abstract Submission Due 24 October 2014 and Paper Submission due 31 October 2014) [posted here 08/25/14]
The focus of modern computational and communication systems has been shifting from effective sharing of well-protected, scarce, and expensive resources to large-scale information exchange among a plurality of users that communicate using protected mobile devices and sensors, which can be placed in potentially hostile environments. Additionally, integrated circuit synthesis and manufacturing techniques are now complex and distributed with a number of potential security vulnerabilities. Security has emerged as a metric of paramount importance. The scope of system security now includes, in addition to encrypted communication, properties such as privacy, anonymity, and trust. The starting and ending points for all system and application vulnerabilities and defense mechanisms are hardware. The initial impetus was provided by government agencies and individual efforts, but recently a number of coordinated research projects have been undertaken by essentially all hardware and system companies. The IEEE International Symposium on Hardware Oriented Security and Trust (HOST) aims to facilitate the rapid growth of hardware-based security research and development. HOST seeks original contributions in the area of hardware and system security. Relevant research topics include techniques, tools, design/test methods, architectures, circuits, and applications of secure hardware. HOST 2015 invites contributions that are related to, but not limited by, the following topics:
- Hardware Trojan attacks and detection techniques
- Hardware-based security primitives (PUFs, PPUFs, HRNG)
- Security, privacy, and trust protocols using hardware security primitives
- Trusted information flow
- Trusted design using untrusted tools
- Trusted manufacturing including split manufacturing
- Remote integrated circuits enabling and disabling and IP watermarking
- Undeniable hardware metering techniques
- Techniques and metrics for hardware system data confidentiality and hardware design confidentiality, integrity, and authenticity
- Reverse engineering and hardware obfuscation
- Side-channel attacks and techniques for their prevention
- Supply chain risks mitigation including counterfeit detection & avoidance
- Hardware tampering attacks
- Hardware authentication techniques
- Hardware techniques that ensure software and/or system security
- Trusted remote sensing and computing
- Hardware attestation techniques

For more information, please see http://www.hostsymposium.org.

ASIACCS 2015 10th ACM Symposium on Information, Computer and Communications Security, Singapore, April 14-17, 2015. (Submission Due 26 October 2014) [posted here 06/21/14]
ASIACCS is a major international forum for information security researchers, practitioners, developers, and users to explore and exchange the newest cyber security ideas, breakthroughs, findings, techniques, tools, and experiences. We invite submissions from academia, government, and industry presenting novel research on all theoretical and practical aspects of computer and network security. Areas of interest for ASIACCS 2015 include, but are not limited to:
- Access control
- Accounting and audit
- Applied cryptography
- Authentication
- Cloud computing security
- Cyber-physical security
- Data and application security
- Digital forensics
- Embedded systems security
- Formal methods for security
- Hardware-based security
- Intrusion detection
- Key management
- Malware and botnets
- Mobile computing security
- Network security
- Operating system security
- Privacy-enhancing technology
- Security architectures
- Security metrics
- Software security
- Smart grid security
- Threat modelling
- Trusted computing
- Usable security and privacy
- Web security
- Wireless security

For more information, please see http://icsd.i2r.a-star.edu.sg/asiaccs15.

CS2 2015 2nd Workshop on Cryptography and Security in Computing Systems, Co-located with HiPEAC 2015 Conference, Amsterdam, The Netherlands, January 19-21, 2015. (Submission Due 27 October 2014) [posted here 08/18/14]
The wide diffusion of embedded systems, including multi-core, many-core, and reconfigurable platforms, poses a number of challenges related to the security of the operation of such systems, as well as of the information stored in them. Malicious adversaries can leverage unprotected communication to hijack cyber-physical systems, resulting in incorrect and potentially highly dangerous behaviours, or can exploit side channel information leakage to recover secret information from a computing system. Untrustworthy third party software and hardware can create openings for such attacks, which must be detected and removed or countered. The prevalence of multi/many core systems opens additional issues such as NoC security. Finally, the complexity on modern and future embedded and mobile systems leads to the need to depart from manual planning and deployment of security features. Thus, design automation tools will be needed to design and verify the security features of new hardware/software systems. The workshop is a venue for security and cryptography experts to interact with the computer architecture and compilers community, aiming at cross-fertilization and multi-disciplinary approaches to security in computing systems. Topics of interest include, but are not limited to:
- Compiler and Runtime Support for Security
- Cryptography in Embedded and Reconfigurable Systems
- Design Automation and Verification of Security
- Efficient Cryptography through Multi/Many core Systems
- Fault Attacks and Countermeasures, including interaction with Fault Tolerance
- Passive Side Channel Attacks and Countermeasures
- Hardware Architecture and Extensions for Cryptography
- Hardware/Software Security Techniques
- Hardware Trojans and Reverse Engineering
- Physical Unclonable Functions
- Privacy in Embedded Systems
- Security of Embedded and Cyber-Physical Systems
- Security of Networks-on-Chips and Multi-core Architectures
- Trusted computing

For more information, please see http://www.cs2.deib.polimi.it.

Archival Journals Regularly Specializing in Security and Privacy

Journal of Privacy Technology (JOPT),   Editor-in-Chief:  Latanya Sweeney
This online-only Journal, started in 2004 and  operated by Carnegie Mellon University, is a forum for the publication of original current research in privacy technology. It encourages the submission of any material dealing primarily with the technological aspects of privacy or with the privacy aspects of technology, which may include analysis of the interaction between policy and technology or the technological implications of legal decisions.  More information can be found at http://www.jopt.org/.

IEEE Security and Privacy Magazine,   Editor-in-Chief: Shari Lawrence Pfleeger
IEEE Security & Privacy provides a unique combination of research articles, case studies, tutorials, and regular departments covering diverse aspects of information assurance such as legal and ethical issues, privacy concerns, tools to help secure information, analysis of vulnerabilities and attacks, trends and new developments, pedagogical and curricular issues in educating the next generation of security professionals, secure operating systems and applications, security issues in wireless networks, design and test strategies for secure and survivable systems, and cryptology.  More information can be found at http://www.computer.org/portal/web/computingnow/securityandprivacy.

ACM Transactions on Information and System Security,   Editor-in-Chief: Gene Tsudik
ACM invites submissions for its Transactions on Information and System Security, inaugurated in November 1998. TISSEC publishes original archival-quality research papers and technical notes in all areas of information and system security including technologies, systems, applications, and policies. Papers should have practical relevance to the construction, evaluation, application, or operation of secure systems. Theoretical papers will be accepted only if there is convincing argument for the practical significance of the results. Theory must be justified by convincing examples illustrating its application. More information is given on the journal web page at http://www.acm.org/tissec.

IEEE Transactions on Dependable and Secure Computing,   Editor-in-Chief: Ravi Sandhu
The IEEE Transactions on Dependable and Secure Computing publishes archival research results related to research into foundations, methodologies, and mechanisms that support the achievement—through design, modeling, and evaluation—of systems and networks that are dependable and secure to the desired degree without compromising performance. The focus will also include measurement, modeling, and simulation techniques, and foundations for jointly evaluating, verifying, and designing for performance, security, and dependability constraints. More information is given on the journal web page at http://www.computer.org/portal/web/tdsc.

The Springer Series on ADVANCES IN INFORMATION SECURITY
The purpose of the Advances in Information Security book series is to establish the state of the art and set the course for future research in information security. The scope of this series includes not only all aspects of computer, network security, and cryptography, but related areas, such as fault tolerance and software assurance. The series serves as a central source of reference for information security research and developments. The series aims to publish thorough and cohesive overviews on specific topics in Information Security, as well as works that are larger in scope than survey articles and that will contain more detailed background information. The series also provides a single point of coverage of advanced and timely topics and a forum for topics that may not have reached a level of maturity to warrant a comprehensive textbook. Prospective Authors or Editors: If you have an idea for a book that would fit in this series, we would welcome the opportunity to review your proposal. Should you wish to discuss any potential project further or receive specific information regarding book proposal requirements, please contact Professor Sushil Jajodia (jajodia@gmu.edu,703-993-1653).
 
Journal of Computer Security,   Editor-in-Chief: John Mitchell and Pierangela Samarati
JCS is an archival research journal for significant advances in computer security. Subject areas include architecture, operating systems, database systems, networks, authentication, distributed systems, formal models, verification, algorithms, mechanisms, and policies. All papers must be submitted online at http://www.iospress.nl/journal/journal-of-computer-security/. More information is given on the journal web page at http://jcs.stanford.edu/.
 
Computers & Security,   Editor-in-Chief: Eugene H. Spafford
Computers & Security aims to satisfy the needs of managers and experts involved in computer security by providing a blend of research developments, innovations, and practical management advice. Original submissions on all computer security topics are invited, particularly those of practical benefit to the practitioner. All papers must be submitted online at http://ees.elsevier.com/cose/. More information can be found at http://www.elsevier.com/locate/issn/01674048.
 
International Journal of Information Security,   Editors-in-Chief: D. Gollmann; J. Lopez; E. Okamoto
The International Journal of Information Security, IJIS, aims to provide prompt publication of important technical work in information security, attracting any person interested in communications, commerce, banking, medicine, or other areas of endeavor affected by information security. Any research submission on theory, applications, and implementations of information security is welcomed. This includes, but is not limited to, system security, network security, content protection, applications and foundations of information security. More information is given on the journal web page at http://www.springer.com/computer/security+and+cryptology/journal/10207.
 
International Journal of Network Security,   Editors-in-Chief: Min-Shiang Hwang
International Journal of Network Security is an international official journal of Science Publications, publishing original articles, reviews and short communications of a high scientific and technology in network security. Subjects covered include: access control, computer security, cryptography, communications security, data security, database security, electronic commerce security, information security, multimedia security, and network security. Authors are strongly encouraged to submit their papers electronically by using online manuscript submission at http://ijns.nchu.edu.tw/, or submit their Word, ps or pdf file to the editor-in-chief (via Email: mshwang@isrc.nchu.edu.tw): Min-Shiang Hwang, at the Department of Management Information Systems, National Chung Hsing University, Taiwan, R.O.C.  More information can be found at http://ijns.femto.com.tw/.
 
International Journal of Security and Networks,   Editors-in-Chief: Yang Xiao
International Journal of Security and Networks is an archival research journal for significant advances in network security. Subject areas include attack models, security mechanisms, security services, authentication, authorization, access control, multicast security, data confidentiality, data integrity, non-repudiation, forensics, privacy protection, secure protocols, formal analyses, intrusion detection, key management, trust establishment, revocation of malicious parties, security policies, fraudulent usage, dependability and reliability, prevention of traffic analysis, network security performance evaluation, tradeoff analysis between performance and security, security standards, etc. All papers must be submitted online at http://www.inderscience.com/ijsn/. More information is given on the journal web page at http://www.inderscience.com/ijsn/.
 
International Journal of Critical Infrastructure Protection,   Editors-in-Chief: Sujeet Shenoi
International Journal of Critical Infrastructure Protection's primary aim is to publish high quality scientific and policy papers in all areas of critical infrastructure protection. Of particular interest are articles that weave science, technology and policy to craft sophisticated yet practical solutions that will secure information, computer and network assets in the various critical infrastructure sectors. All papers must be submitted online at http://www.elsevier.com/locate/ijcip. More information is given on the journal web page at http://www.elsevier.com/locate/ijcip.
 
IEEE Transactions on Information Forensics and Security,   Editors-in-Chief: C.-C. Jay Kuo
IEEE Transactions on Information Forensics and Security aims to provide a unified locus for archival research on the fundamental contributions and the mathematics behind information forensics, information security, surveillance, and systems applications that incorporate these features. Authors are strongly encouraged to submit their papers electronically to the online manuscript system, Manuscript Central, via sps-ieee.manuscriptcentral.com.  More information can be found at http://www.ieee.org/organizations/society/sp/tifs.html.
 
EURASIP Journal on Information Security,   Editors-in-Chief: Stefan Katzenbeisser
EURASIP Journal on Information Security aims to bring together researchers and practitioners dealing with the general field of information security, with a particular emphasis on the use of signal processing tools in adversarial environments. As such, it addresses all works whereby security is achieved through a combination of techniques from cryptography, computer security, machine learning and multimedia signal processing. Application domains lie, for example, in secure storage, retrieval and tracking of multimedia data, secure outsourcing of computations, forgery detection of multimedia data, or secure use of biometrics. The journal also welcomes survey papers that give the reader a gentle introduction to one of the topics covered as well as papers that report large-scale experimental evaluations of existing techniques. Pure cryptographic papers are outside the scope of the journal. The journal also welcomes proposals for Special Issues. All papers must be submitted online at http://jis.eurasipjournals.com/manuscript.  More information can be found at http://jis.eurasipjournals.com.