Last Modified:07/19/10

Note: Please send new calls to cipher-cfp@ieee-security.org and take a moment to read the submission guidelines. And please see the Cipher Calendar for events sorted in date order. For all other questions, please contact cipher-cfp@ieee-security.org by email.

Contents

Special Issues of Journals and Handbooks

Journal of Network and Computer Applications, Special Issue on Trusted Computing and Communications, 2nd Quarter, 2011. (Submission Due 1 August 2010) [posted here 05/24/10]

Guest editor: Laurence T. Yang (St. Francis Xavier University, Canada) and Guojun Wang (Central South University, China)

With the rapid development and the increasing complexity of computer and communications systems and networks, traditional security technologies and measures can not meet the demand for integrated and dynamic security solutions. As a challenging and innovative research field, trusted computing and communications target computer and communications systems and networks that are available, secure, reliable, controllable, dependable, and so on. In a word, they must be trustworthy. If we view the traditional security as identity trust, the broader field of trusted computing and communications also includes behavior trust of systems and networks. In fact, trusted computing and communications have become essential components of various distributed services, applications, and systems, including self-organizing networks, social networks, semantic webs, e-commence, and e-government. Research areas of relevance would therefore include, but not only limited to, the following topics:
- Trusted computing platform and paradigm
- Trusted systems and architectures
- Trusted operating systems
- Trusted software
- Trusted database
- Trusted services and applications
- Trust in e-commerce and e-government
- Trust in mobile and wireless networks
- Trusted communications and networking
- Reliable and fault-tolerant computer systems/networks
- Survivable computer systems/networks
- Autonomic and dependable computer systems/networks

For more information, please see http://www.elsevier.com/locate/jnca.

IEEE Software, Special Issue on Software Protection, March, 2011. (Submission Due 1 August 2010) [posted here 06/07/10]

Guest editor: Paolo Falcarin (University of East London, UK), Christian Collberg (University of Arizona, USA), Mikhail Atallah (Purdue University, USA), and Mariusz Jakubowski (Microsoft Research)

Software protection is an area of growing importance in software engineering and security: leading-edge researchers have developed several pioneering approaches for preventing or resisting software piracy and tampering, building a heterogeneous body of knowledge spanning different topics: obfuscation, information hiding, reverse engineering, source/binary code transformation, operating systems, networking, encryption, and trusted computing. IEEE Software seeks submissions for a special issue on software protection. We seek articles that present proven mechanisms and strategies to mitigate one or more of the problems faced by software protection. These strategies should offer practitioners appropriate methods, approaches, techniques, guidelines, and tools to support evaluation and integration of software protection techniques into their software products. Possible topics include:
- Analysis of legal, ethical, and usability aspects of software protection
- Best practices and lesson learned while dealing with different relevant threats
- Case studies on success and/or failure in applying software protections
- Code obfuscation and reverse-engineering complexity
- Computing with encrypted functions and data
- Protection of authorship: watermarking and fingerprinting
- Remote attestations and network-based approaches
- Security evaluation of software protection's effectiveness
- Software protection methods used by malware (viruses, rootkits, worms, and botnets)
- Source and binary code protections
- Tamper-resistant software: mobile, self-checking, and self-modifying code
- Tools to implement or defeat software protections
- Trusted computing or other hardware-assisted protection
- Virtualization and protections based on operating systems

For more information, please see http://www.computer.org/portal/web/computingnow/swcfp2.

Wiley Security and Communication Networks (SCN), Special Issue on Defending Against Insider Threats and Internal Data Leakage, 2011. (Submission Due 31 August 2010) [posted here 04/12/10]

Guest editor: Elisa Bertino (Purdue university, USA), Gabriele Lenzini (SnT-Univ. of Luxembourg, Luxembourg), Marek R. Ogiela (AGH University of Science & Technology, Poland), and Ilsun You (Korean Bible University, Korea)

This special issue collects scientific studies and works reporting on the most recent challenges and advances in security technologies and management systems about protecting an organization's information from corporate malicious activities. It aims to be the showcase for researchers that address the problems on how to prevent the leakage of organizations' information caused by insiders. The contributions to this special issue can conduct state-of-the-art surveys and case-analyses of practical significance, which, we wish, will support and foster further research and technology improvements related to this important subject. Papers on practical as well as on theoretical topics are invited. Topics include (but are not limited to):
- Theoretical foundations and algorithms for addressing insider threats
- Insider threat assessment and modeling
- Security technologies to prevent, detect and avoid insider threats
- Validating the trustworthiness of staff
- Post-insider threat incident analysis
- Data breach modeling and mitigation techniques
- Authentication and identification
- Certification and authorization
- Database security
- Device control system
- Digital forensic system
- Digital right management system
- Fraud detection
- Network access control system
- Intrusion detection
- Keyboard information security
- Information security governance
- Information security management systems
- Risk assessment and management
- Log collection and analysis
- Trust management
- Secure information splitting and sharing algorithms
- Steganography and subliminal channels
- IT compliance (audit)
- Continuous auditing
- Socio-Technical Engineering Attack to Security and Privacy

For more information, please see http://isyou.hosting.paran.com/mist10/SCN-SI-10.pdf.

IEEE Internet Computing, Special Issue on Security and Privacy in Social Networks, May/June 2011. (Submission Due 1 September 2010) [posted here 07/12/10]

Guest editor: Gail-Joon Ahn (Arizona State University, USA), Mohamed Shehab (UNC Charlotte, USA), and Anna Squicciarini (Penn State University, USA)

Social networks where people exchange personal and public information have enabled users to connect with their friends, coworkers, colleagues, family and even with strangers. Several social networking sites have developed to facilitate such social interactions and sharing activities on the Internet over the past several years. The popularity of social networking sites on the Internet introduces the use of mediated­communication into the relationship development process. Also, online social networks have recently emerged as a promising area of research with a vast reach and application space. Users post information on their profiles to share and interact with their other friends in the social network. Social networks are not limited to simple entertaining applications; instead several critical businesses have adopted social networks to attract new customer spaces and to provide new services. The current trends of social networks are indirectly requiring users to become system and policy administrators for protecting their content in this social setting. This is further complicated by the rapid growth rate of social networks and by the continuous adoption of new services on social networks. Furthermore, the use of personal information in social networks raises entirely new privacy concerns and requires new insights on security problems. Several studies and recent news have highlighted the increasing risk of misuse of personal data processed by online social networking applications and the lack of awareness among the user population. The security needs of social networks are still not well understood and are not fully defined. Nevertheless it is clear these will be quite different from classic security requirements. It is important to bring a depth of security experience from multiple security domains and technologies to this field as well as depth and breadth of knowledge about social networks. The aim of this special issue is to encompass research advances in all areas of security and privacy in social networks. We welcome contributions relating to novel technologies and methodologies for securely building and managing social networks and relevant secure applications as well as to cross-cutting issues. Topics of interest: include but are not limited to:
- Access control and identity management
- Delegation and secure collaboration
- Information flow, diffusion and auditing
- Malware analysis in social networks
- Privacy challenges and mechanism
- Risk assessment and management
- Secure social-network application development and methodologies
- Secure object tagging, bookmarking and annotations
- Trust and reputation management
- Usability driven security mechanisms

For more information, please see http://www.public.asu.edu/~gahn1/icsn2011.htm.

IEEE Transactions on Information Forensics and Security, Special Issue on Using the Physical Layer for Securing the Next Generation of Communication Systems, June 1, 2011. (Submission Due 15 September 2010) [posted here 04/12/10]

Guest editor: Vincent Poor (Princeton University, USA), Wade Trappe (Rutgers University, USA), Aylin Yener (Pennsylvania State University,USA), Hisato Iwai (Doshisha University, Japan), Joao Barros (University of Porto, Portugal), and Paul Prucnal (Princeton University, USA)

Communication technologies are undergoing a renaissance as there is a movement to explore new, clean slate approaches for building communication networks. Although future Internet efforts promise to bring new perspectives on protocol designs for high-bandwidth, access-anything from anywhere services, ensuring that these new communication systems are secure will also require a re-examination of how we build secure communication infrastructures. Traditional approaches to building and securing networks are tied tightly to the concept of protocol layer separation. For network design, routing is typically considered separately from link layer functions, which are considered independently of transport layer phenomena or even the applications that utilize such functions. Similarly, in the security arena, MAC-layer security solutions (e.g. WPA2 for 802.11 devices) are typically considered as point-solutions to address threats facing the link layer, while routing and transport layer security issues are dealt with in distinct, non-integrated protocols like IPSEC and TLS. The inherent protocol separation involved in security solutions is only further highlighted by the fact that the physical layer is generally absent from consideration. This special issue seeks to provide a venue for ongoing research area in physical layer security across all variety of communication media, ranging from wireless networks at the edge to optical backbones at the core of the network. The scope of this special issue will be interdisciplinary, involving contributions from experts in the areas of cryptography, computer security, information theory, signal processing, communications theory, and propagation theory. In particular, the areas of interest include, but are not limited to, the following:
- Information-theoretic formulations for confidentiality and authentication
- Generalizations of Wyner’s wiretap problem to wireless and optical systems
- Physical layer techniques for disseminating information
- Techniques to extract secret keys from channel state information
- Secrecy of MIMO and multiple-access channels
- Physical layer methods for detecting and thwarting spoofing and Sybil attacks
- Techniques to achieve covert or stealthy communication at the physical layer
- Quantum cryptography
- Modulation recognition and forensics
- Security and trustworthiness in cooperative communication
- Fast encryption using physical layer properties
- Attacks and threat analyses targeted at subverting physical layer communications

For more information, please see http://www.signalprocessingsociety.org/publications/periodicals/forensics/forensics-authors-info/.

IEEE Network, Special Issue on Network Traffic Monitoring and Analysis, May 2011. (Submission Due 15 November 2010) [posted here 07/12/10]

Guest editor: Wei Wang (University of Luxembourg, Luxembourg), Xiangliang Zhang (University of Paris-sud 11, France), Wenchang Shi (Renmin University of China, China), Shiguo Lian (France Telecom R&D Beijing, China), and Dengguo Feng (Chinese Academy of Sciences, China)

Modern computer networks are increasingly complex and ever-evolving. Understanding and measuring such a network is a difficult yet vital task for network management and diagnosis. Network traffic monitoring, analysis and anomaly detection provides useful tools in understanding network behavior and in determining network performance and reliability so as to effectively troubleshoot and resolve the issues in practice. Network traffic monitoring and anomaly detection also provides a basis for prevention and reaction in network security, as intrusions, attacks, worms, and other kinds of malicious behaviors can be detected by traffic analysis and anomaly detection. This special issue seeks original articles examining the state of the art, open issues, research results, tool evaluation, and future research directions in network monitoring, analysis and anomaly detection. Possible topics include:
- Network traffic analysis and classification
- Traffic sampling and signal processing methods
- Network performance measurements
- Network anomaly detection and troubleshooting
- Network security threats and countermeasures
- Network monitoring and traffic measurement systems
- Real environment experiments and testbeds

For more information, please see http://dl.comsoc.org/livepubs/ni/info/cfp/cfpnetwork0511.htm.

Conference and Workshop Call-for-papers

WESS 2010 5th Workshop on Embedded Systems Security, Scottsdale, AZ, USA, October 24, 2010. (Submissions due 26 July 2010) [posted here 06/07/10]
Embedded computing systems are widely found in application areas ranging from safety-critical systems to vital information management. This introduces a large number of security issues. Embedded systems are vulnerable to remote intrusion, local intrusion, fault-based and power/timing-based attacks, intellectual-property theft, subversion, hijacking and more. Due to their strong link to software engineering and hardware engineering, these security issues are different from the traditional security problems found on personal computers. For example, embedded devices are resource-constrained in power and performance, which requires them to use computationally efficient solutions. They have a very weak physical trust boundary, which enables many different implementation-oriented attacks. They use an intimate connection between hardware and software, often without the shielding of an operating system. This workshop provides a forum for researchers to present novel ideas on addressing security issues that arise in the design, the operation, and the testing of secure embedded systems. Of particular interest are security topics that are unique to embedded systems. Topics of Interest:
- Trust models for secure embedded hardware and software
- Isolation techniques for secure embedded hardware, hyperware, and software
- System architectures for secure embedded systems
- Metrics for secure design of embedded hardware and software
- Security concerns for medical and other applications of embedded systems
- Support for intellectual property protection and anti-counterfeiting
- Specialized components for authentication, key storage and key generation
- Support for secure debugging and troubleshooting
- Implementation attacks and countermeasures
- Design tools for secure embedded hardware and software
- Hardware/software codesign for secure embedded systems
- Specialized hardware support for security protocols

For more information, please see http://www.wess-workshop.org/.

INTRUST 2010 International Conference on Trusted Systems, Beijing, China, December 13-15, 2010. (Submissions due 1 August 2010) [posted here 04/12/10]
INTRUST 2010 conference focuses on the theory, technologies and applications of trusted systems. It is devoted to all aspects of trusted computing systems, including trusted modules, platforms, networks, services and applications, from their fundamental features and functionalities to design principles, architecture and implementation technologies. The goal of the conference is to bring academic and industrial researchers, designers, and implementers together with end-users of trusted systems, in order to foster the exchange of ideas in this challenging and fruitful area. INTRUST 2010 solicits original papers on any aspect of the theory, advanced development and applications of trusted computing, trustworthy systems and general trust issues in modern computing systems. The conference will have an academic track and an industrial track. This call for papers is for contributions to both of the tracks. Submissions to the academic track should emphasize theoretical and practical research contributions to general trusted system technologies, while submissions to the industrial track may focus on experiences in the implementation and deployment of real-world systems.

For more information, please see http://www.tcgchina.org.

NDSS 2011 Network & Distributed System Security Symposium, San Diego, California, USA, February 6-9, 2011. (Submissions due 6 August 2010) [posted here 06/07/10]
The Network and Distributed System Security Symposium fosters information exchange among researchers and practitioners of network and distributed system security. The target audience includes those interested in practical aspects of network and distributed system security, with a focus on actual system design and implementation. A major goal is to encourage and enable the Internet community to apply, deploy, and advance the state of available network and distributed systems security technology. Special emphasis will be made to accept papers in the core theme of network and distributed systems security. Consequently, papers that cover networking protocols and distributed systems algorithms are especially invited to be submitted. Moreover, practical papers in these areas are also very welcome. Submissions are solicited in, but not limited to, the following areas:
- Integrating security in Internet protocols: routing, naming, network management
- High-availability wired and wireless networks
- Security for Cloud Computing
- Future Internet architecture and design
- Security of Web-based applications and services
- Anti-malware techniques: detection, analysis, and prevention
- Security for future home networks, Internet of Things, body-area networks
- Intrusion prevention, detection, and response
- Combating cyber-crime: anti-phishing, anti-spam, anti-fraud techniques
- Privacy and anonymity technologies
- Security for emerging technologies: sensor networks, wireless/mobile (and ad hoc) networks, and personal communication systems
- Security for Vehicular Ad-hoc Networks (VANETs)
- Security for peer-to-peer and overlay network systems
- Security for electronic commerce: e.g., payment, barter, EDI, notarization, timestamping, endorsement, and licensing
- Implementation, deployment and management of network security policies
- Intellectual property protection: protocols, implementations, metering, watermarking, digital rights management
- Public key infrastructures, key management, certification, and revocation
- Special problems and case studies: e.g., tradeoffs between security and efficiency, usability, reliability and cost
- Security for collaborative applications: teleconferencing and video-conferencing
- Security for large-scale systems and critical infrastructures (e.g., electronic voting, smart grid)
- Applying Trustworthy Computing mechanisms to secure network protocols and distributed systems

For more information, please see http://hotcrp.cylab.cmu.edu/ndss11/.

CPSRT 2010 International Workshop on Cloud Privacy, Security, Risk & Trust, Held in conjunction with the 2nd IEEE International Conference on Cloud Computing Technology and Science (CloudCom 2010), Indianapolis, IN, USA, November 30 - December 3, 2010. (Submissions due 15 August 2010) [posted here 06/21/10]
Cloud computing has emerged to address an explosive growth of web-connected devices, and handle massive amounts of data. It is defined and characterized by massive scalability and new Internet-driven economics. Yet, privacy, security, and trust for cloud computing applications are lacking in many instances and risks need to be better understood. Privacy in cloud computing may appear straightforward, since one may conclude that as long as personal information is protected, it shouldn’t matter whether the processing is in a cloud or not. However, there may be hidden obstacles such as conflicting privacy laws between the location of processing and the location of data origin. Cloud computing can exacerbate the problem of reconciling these locations if needed, since the geographic location of processing can be extremely difficult to find out, due to cloud computing’s dynamic nature. Another issue is user-centric control, which can be a legal requirement and also something consumers want. However, in cloud computing, the consumers' data is processed in the cloud, on machines they don't own or control, and there is a threat of theft, misuse or unauthorized resale. Thus, it may even be necessary in some cases to provide adequate trust for consumers to switch to cloud services. In the case of security, some cloud computing applications simply lack adequate security protection such as fine-grained access control and user authentication (e.g. Hadoop). Since enterprises are attracted to cloud computing due to potential savings in IT outlay and management, it is necessary to understand the business risks involved. If cloud computing is to be successful, it is essential that it is trusted by its users. Therefore, we also need studies on cloud-related trust topics, such as what are the components of such trust and how can trust be achieved, for security as well as for privacy. The CPSRT workshop will bring together a diverse group of academics as well as government and industry practitioners in an integrated state-of-the-art analysis of privacy, security, risk, and trust in the cloud. The workshop will address cloud issues specifically related to (but not limited to) the following topics of interest:
- Access control and key management
- Security and privacy policy management
- Identity management
- Remote data integrity protection
- Secure computation outsourcing
- Secure data management within and across data centers
- Secure distributed data storage
- Secure resource allocation and indexing
- Intrusion detection/prevention
- Denial-of-Service (DoS) attacks and defense
- Web service security, privacy, and trust
- User requirements for privacy
- Legal requirements for privacy
- Privacy enhancing technologies
- Privacy aware map-reduce framework
- Risk or threat identification and analysis
- Risk or threat management
- Trust enhancing technologies
- Trust management

For more information, please see http://cpsrt.cloudcom.org/.

CT-RSA 2011 RSA Conference, The Cryptographers' Track, San Francisco, CA, USA, February 14-18, 2011. (Submissions due 20 August 2010) [posted here 07/19/10]
The RSA Conference is the largest annual computer security event, with over 350 vendors, and thousands of attendees. The Cryptographers' Track (CT-RSA) is a research conference within the RSA Conference. CT- RSA has begun in 2002, and has become an established venue for presenting cryptographic research papers. Original research papers pertaining to all aspects of cryptography are solicited. Submissions may present applications, techniques, theory, and practical experience on topics including, but not limited to:
- public-key encryption
- symmetric-key encryption
- cryptanalysis
- digital signatures
- hash functions
- cryptographic protocols
- tamper-resistance
- fast implementations
- elliptic-curve cryptography
- lattice-based cryptography
- quantum cryptography
- formal security models
- network security
- hardware security
- e-commerce

For more information, please see http://ct-rsa2011.di.uoa.gr.

SAC-TRECK 2011 26th ACM Symposium on Applied Computing, Track: Trust, Reputation, Evidence and other Collaboration Know-how (TRECK), TaiChung, Taiwan, March 21-25, 2011. (Submissions due 24 August 2010) [posted here 07/12/10]
The goal of the ACM SAC 2011 TRECK track remains to review the set of applications that benefit from the use of computational trust and online reputation. Computational trust has been used in reputation systems, risk management, collaborative filtering, social/business networking services, dynamic coalitions, virtual organisations and even combined with trusted computing hardware modules. The TRECK track covers all computational trust/reputation applications, especially those used in real-world applications. The topics of interest include, but are not limited to:
- Trust management, reputation management and identity management
- Pervasive computational trust and use of context-awareness
- Mobile trust, context-aware trust
- Web 2.0 reputation and trust
- Trust-based collaborative applications
- Automated collaboration and trust negotiation
- Trade-off between privacy and trust
- Trust/risk-based security frameworks
- Combined computational trust and trusted computing
- Tangible guarantees given by formal models of trust and risk
- Trust metrics assessment and threat analysis
- Trust in peer-to-peer and open source systems
- Technical trust evaluation and certification
- Impacts of social networks on computational trust
- Evidence gathering and management
- Real-world applications, running prototypes and advanced simulations
- Applicability in large-scale, open and decentralised environments
- Legal and economic aspects related to the use of trust and reputation engines
- User-studies and user interfaces of computational trust and online reputation applications

For more information, please see http://www.trustcomp.org/treck/.

In-Bio-We-Trust 2010 International Workshop on Bio-Inspired Trust Management for Information Systems, Held in conjunction with the Bionetics 2010, Boston, MA, USA, December 1-3, 2010. (Submissions due 1 September 2010) [posted here 06/21/10]
Traditional security mechanisms fall short of what new information systems need. To fix this problem, two research communities have recently proposed new security mechanisms. One of those communities is called "bio-inspired systems" and is increasingly borrowing ideas from nature to make information systems more effective and robust. The other is called "trust management systems" and has been proposing and scrutinizing algorithms for information systems that mimic how people manage trust in society. Increasingly the two communities are working on similar research problems but, alas, they are doing so separately. Although there is an enormous number of potentially useful bio-inspired mechanisms that can be exploited in trust management, it comes as a surprise that bio-inspired trust management has not received any attention at all. Clearly,the dialog between researchers in bio-inspired systems and in trust management should widen. The workshop seeks to bring together the world's experts in both communities, and to stimulate and disseminate interesting research ideas and results. Contributions are solicited in all aspects of bio-inspired and trust management systems, including:
- Bio-inspired models for managing trust in any information systems: virtual organizations, grid and cloud computing, mobile-ad-hoc/opportunistic/delay-tolerant networks, service oriented architectures, self-organizing networks and communities, mobile cooperative systems, mobile platforms, recommender systems.
- Fixed and mobile architectures and protocols for distributed trust management.
- Identity management in trust models.
- Security attacks to trust systems and adaptive bio-inspired defenses.
- Incorporation of bio-inspired algorithms into security communication protocols and computing architectures.
- Descriptions of pilot programs, case studies, applications, work-in-progress, surveys, and experiments integrating biological designs or trust and security aspects into information systems.

For more information, please see http://inbiowetrust.org.

SecIoT 2010 The 1st Workshop on the Security of the Internet of Things, Held in conjunction with the Internet of Things 2010, Tokyo, Japan, November 29, 2010. (Submissions due 10 September 2010) [posted here 07/19/10]
While there are many definitions of the Internet of Things (IoT), all of them revolve around the same central concept: a world-wide network of interconnected objects. These objets will make use of multiple technological building blocks, such as wireless communication, sensors, actuators, and RFID, in order to allow people and things to be connected anytime anyplace, with anything and anyone. However, before this new vision takes its first steps, it is essential to consider the security implications of billions of intelligent things cooperating with other real and virtual entities over the Internet. SecIoT'10 wants to bring together researchers and professionals from universities, private companies and Public Administrations interested or involved in all security-related heterogeneous aspects of the Internet of Things. We invite research papers, work-in-progress reports, R&D projects results, surveying works and industrial experiences describing significant security advances in the following (non-exclusive) areas of the Internet of Things:
- New security problems in the context of the IoT
- Privacy risks and data management problems
- Identifying, authenticating, and authorizing entities
- Development of trust frameworks for secure collaboration
- New cryptographic primitives for constrained "things"
- Connecting heterogeneous ecosystems and technologies
- Legal Challenges and Governance Issues
- Resilience to external and internal attacks
- Context-Aware security
- Providing protection to an IP-connected IoT
- Web services security and other application-layer issues

For more information, please see http://www.isac.uma.es/seciot10.

ESSoS 2011 International Symposium on Engineering Secure Software and Systems, Madrid, Spain, February 9-10, 2011. (Submissions due 13 September 2010) [posted here 03/29/10]
Trustworthy, secure software is a core ingredient of the modern world. Unfortunately, the Internet is too. Hostile, networked environments, like the Internet, can allow vulnerabilities in software to be exploited from anywhere. To address this, high-quality security building blocks (e.g., cryptographic components) are necessary, but insufficient. Indeed, the construction of secure software is challenging because of the complexity of modern applications, the growing sophistication of security requirements, the multitude of available software technologies and the progress of attack vectors. Clearly, a strong need exists for engineering techniques that scale well and that demonstrably improve the software's security properties. The Symposium seeks submissions on subjects related to its goals. This includes a diversity of topics including (but not limited to):
- scalable techniques for threat modeling and analysis of vulnerabilities
- specification and management of security requirements and policies
- security architecture and design for software and systems
- model checking for security
- specification formalisms for security artifacts
- verification techniques for security properties
- systematic support for security best practices
- security testing
- security assurance cases
- programming paradigms, models and DLS's for security
- program rewriting techniques
- processes for the development of secure software and systems
- security-oriented software reconfiguration and evolution
- security measurement
- automated development
- trade-off between security and other non-functional requirements
- support for assurance, certification and accreditation

For more information, please see http://distrinet.cs.kuleuven.be/events/essos2011/.

CODASPY 2011 1st ACM Conference on Data and Application Security and Privacy, San Antonio, TX, USA, February 21-23, 2011. (Submissions due 15 September 2010) [posted here 05/10/10]
Data and the applications that manipulate data are the crucial assets in today's information age. With the increasing drive towards availability of data and services anytime anywhere, security and privacy risks have increased. New applications such as social networking and social computing provide value by aggregating input from numerous individual users and/or the mobile devices they carry with them and computing new information of value to society and individuals. Data and applications security and privacy has rapidly expanded as a research field with many important challenges to be addressed. The goal of the conference is to discuss novel exciting research topics in data and application security and privacy and to lay out directions for further research and development in this area. The conference seeks submissions from diverse communities, including corporate and academic researchers, open-source projects, standardization bodies, governments, system and security administrators, software engineers and application domain experts.

For more information, please see http://www.codaspy.org/.

FC 2011 15th International Conference on Financial Cryptography and Data Security, Bay Gardens Beach Resort, St. Lucia, February 28 – March 4, 2011. (Submissions due 1 October 2010) [posted here 07/19/10]
Financial Cryptography and Data Security is a major international forum for research, advanced development, education, exploration, and debate regarding information assurance, with a specific focus on commercial contexts. The conference covers all aspects of securing transactions and systems. Original works focusing on both fundamental and applied real-world deployments on all aspects surrounding commerce security are solicited. Submissions need not be exclusively concerned with cryptography. Systems security and inter-disciplinary efforts are particularly encouraged.

For more information, please see http://ifca.ai/fc11/.

IFIP-DF 2011 7th Annual IFIP WG 11.9 International Conference on Digital Forensics, Orlando, Florida, USA, January 30 – February 2, 2011. (Submissions due 15 October 2010) [posted here 05/10/10]
The IFIP Working Group 11.9 on Digital Forensics (www.ifip119.org) is an active international community of scientists, engineers and practitioners dedicated to advancing the state of the art of research and practice in the emerging field of digital forensics. The Seventh Annual IFIP WG 11.9 International Conference on Digital Forensics will provide a forum for presenting original, unpublished research results and innovative ideas related to the extraction, analysis and preservation of all forms of electronic evidence. Papers and panel proposals are solicited. All submissions will be refereed by a program committee comprising members of the Working Group. Papers and panel submissions will be selected based on their technical merit and relevance to IFIP WG 11.9. The conference will be limited to approximately sixty participants to facilitate interactions between researchers and intense discussions of critical research issues. Keynote presentations, revised papers and details of panel discussions will be published as an edited volume – the seventh in the series entitled Research Advances in Digital Forensics (Springer) in the summer of 2011. Revised and/or extended versions of selected papers from the conference will be published in special issues of one or more international journals. Technical papers are solicited in all areas related to the theory and practice of digital forensics. Areas of special interest include, but are not limited to:
- Theories, techniques and tools for extracting, analyzing and preserving digital evidence
- Network forensics
- Portable electronic device forensics
- Digital forensic processes and workflow models
- Digital forensic case studies
- Legal, ethical and policy issues related to digital forensics

For more information, please see http://www.ifip119.org.

Archival Journals Regularly Specializing in Security and Privacy

Journal of Privacy Technology (JOPT),   Editor-in-Chief:  Latanya Sweeney
This online-only Journal, started in 2004 and  operated by Carnegie Mellon University, is a forum for the publication of original current research in privacy technology. It encourages the submission of any material dealing primarily with the technological aspects of privacy or with the privacy aspects of technology, which may include analysis of the interaction between policy and technology or the technological implications of legal decisions.  More information can be found at http://www.jopt.org/.

IEEE Security and Privacy Magazine,   Editor-in-Chief: Carl E. Landwehr
IEEE Security & Privacy provides a unique combination of research articles, case studies, tutorials, and regular departments covering diverse aspects of information assurance such as legal and ethical issues, privacy concerns, tools to help secure information, analysis of vulnerabilities and attacks, trends and new developments, pedagogical and curricular issues in educating the next generation of security professionals, secure operating systems and applications, security issues in wireless networks, design and test strategies for secure and survivable systems, and cryptology.  More information can be found at http://computer.org/security/.

ACM Transactions on Information and System Security,   Editor-in-Chief: Gene Tsudik
ACM invites submissions for its Transactions on Information and System Security, inaugurated in November 1998. TISSEC publishes original archival-quality research papers and technical notes in all areas of information and system security including technologies, systems, applications, and policies. Papers should have practical relevance to the construction, evaluation, application, or operation of secure systems. Theoretical papers will be accepted only if there is convincing argument for the practical significance of the results. Theory must be justified by convincing examples illustrating its application. More information is given on the journal web page at http://www.acm.org/tissec.

IEEE Transactions on Dependable and Secure Computing,   Editor-in-Chief: Virgil D. Gligor
The IEEE Transactions on Dependable and Secure Computing publishes archival research results related to research into foundations, methodologies, and mechanisms that support the achievement—through design, modeling, and evaluation—of systems and networks that are dependable and secure to the desired degree without compromising performance. The focus will also include measurement, modeling, and simulation techniques, and foundations for jointly evaluating, verifying, and designing for performance, security, and dependability constraints. More information is given on the journal web page at http://www.computer.org/tdsc/.

The Kluwer International Series on ADVANCES IN INFORMATION SECURITY.
The purpose of the Advances in Information Security book series is to establish the state of the art and set the course for future research in information security. The scope of this series includes not only all aspects of computer and network security, but related areas such as fault tolerance and software assurance. The series will serve as a central source of reference for information security research and developments. The series aims to publish thorough and cohesive overviews on specific topics in Information Security, as well as works that are larger in scope than survey articles and that will contain more detailed background information. The series also provides a single point of coverage of advanced and timely topics and a forum for topics that may not have reached a level of maturity to warrant a comprehensive textbook. Prospective Authors or Editors: If you have an idea for a book that would fit in this series, we would welcome the opportunity to review your proposal. Should you wish to discuss any potential project further or receive specific information regarding book proposal requirements, please contact either Sushil Jajodia (jajodia@gmu.edu,703-993-1653) or Lance Wobus (lance.wobus@wkap.com, 781-681-0602)
 
Journal of Computer Security,   Editor-in-Chief: Sushil Jadodia and Jonathan Millen
JCS is an archival research journal for significant advances in computer security. Subject areas include architecture, operating systems, database systems, networks, authentication, distributed systems, formal models, verification, algorithms, mechanisms, and policies. Submissions: send six copies to one of the editors in chief: Sushil Jadodia, CSIS, George Mason University, 440 University Drive, Fairfax, VA 22030, or Jonathan Millen, The MITRE Corporation, 202 Burlington Rd., Bedford, MA. Subscriptions: contact IOS Press, Niewe Hemweg 6B, 1013 BG Amsterdam, Netherlands, (e-mail: order@iospress.nl) for information about individual or institutional subscriptions or back issues. More information is given on the journal web page at http://www.mitre.org/jcs.
 
Computers & Security,   Editor-in-Chief: Dimitris Gritzalis
Computers & Security aims to satisfy the needs of managers and experts involved in computer security by providing a blend of research developments, innovations, and practical management advice. Original submissions on all computer security topics are invited, particularly those of practical benefit to the practitioner. Four copies of papers from 5-10,000 words should be sent to the editor, N. Dudley, at Elsevier Advanced Technology, P.O. Box 150, Kidlington, Oxford, OX5 1AS, United Kingdom. Telephones: voice +44(0)1865 843848 / 843000; fax +44 (0) 1865 843971.  More information can be found at http://www.elsevier.com/locate/issn/01674048.
 
International Journal of Information Security,   Editors-in-Chief: D. Gollmann; J. Lopez; E. Okamoto
The International Journal of Information Security, IJIS, aims to provide prompt publication of important technical work in information security, attracting any person interested in communications, commerce, banking, medicine, or other areas of endeavor affected by information security. Any research submission on theory, applications, and implementations of information security is welcomed. This includes, but is not limited to, system security, network security, content protection, applications and foundations of information security. More information is given on the journal web page at http://link.springer.de/link/service/journals/10207/index.htm.
 
International Journal of Network Security,   Editors-in-Chief: Min-Shiang Hwang
International Journal of Network Security is an international official journal of Science Publications, publishing original articles, reviews and short communications of a high scientific and technology in network security. Subjects covered include: access control, computer security, cryptography, communications security, data security, database security, electronic commerce security, information security, multimedia security, and network security. Authors are strongly encouraged to submit their papers electronically by using online manuscript submission at http://ijns.nchu.edu.tw/, or submit their Word, ps or pdf file to the editor-in-chief (via Email: mshwang@isrc.nchu.edu.tw): Min-Shiang Hwang, at the Department of Management Information Systems, National Chung Hsing University, Taiwan, R.O.C.  More information can be found at http://ijns.nchu.edu.tw/.
 
International Journal of Security and Networks,   Editors-in-Chief: Yang Xiao
International Journal of Security and Networks is an archival research journal for significant advances in network security. Subject areas include attack models, security mechanisms, security services, authentication, authorization, access control, multicast security, data confidentiality, data integrity, non-repudiation, forensics, privacy protection, secure protocols, formal analyses, intrusion detection, key management, trust establishment, revocation of malicious parties, security policies, fraudulent usage, dependability and reliability, prevention of traffic analysis, network security performance evaluation, tradeoff analysis between performance and security, security standards, etc. All papers must be submitted online at http://www.inderscience.com/ijsn/. More information is given on the journal web page at http://www.inderscience.com/ijsn/.
 
International Journal of Critical Infrastructure Protection,   Editors-in-Chief: Sujeet Shenoi
International Journal of Critical Infrastructure Protection's primary aim is to publish high quality scientific and policy papers in all areas of critical infrastructure protection. Of particular interest are articles that weave science, technology and policy to craft sophisticated yet practical solutions that will secure information, computer and network assets in the various critical infrastructure sectors. All papers must be submitted online at http://www.elsevier.com/locate/ijcip. More information is given on the journal web page at http://www.elsevier.com/locate/ijcip.
 
IEEE Transactions on Information Forensics and Security,   Editors-in-Chief: Nasir D. Memon
IEEE Transactions on Information Forensics and Security aims to provide a unified locus for archival research on the fundamental contributions and the mathematics behind information forensics, information security, surveillance, and systems applications that incorporate these features. Authors are strongly encouraged to submit their papers electronically to the online manuscript system, Manuscript Central, via sps-ieee.manuscriptcentral.com.  More information can be found at http://www.ieee.org/organizations/society/sp/tifs.html.