Cipher
Calls for Papers



IEEE Computer Society's Technical Committee on Security and Privacy


 

Last Modified:08/03/15

Note: Please send new calls to cipher-cfp@ieee-security.org and take a moment to read the submission guidelines. And please see the Cipher Calendar for events sorted in date order. For all other questions, please contact cipher-cfp@ieee-security.org by email.

Contents

 

Special Issues of Journals and Handbooks


Journal of Computer and System Sciences, Special Issue on Cyber Security in the Critical Infrastructure: Advances and Future Directions. (Submission Due 31 August 2015) [posted here 02/02/15]
Editors: Jemal Abawajy (Deakin University, Australia), Kim-Kwang Raymond Choo (University of South Australia, Australia), and Rafiqul Islam (Charles Sturt University, Australia).

This special issue invites original research papers that reports on state-of-the-art and recent advancements in securing our critical infrastructure and cyberspace, with a particular emphasis on novel techniques to build resilient critical information infrastructure. Topics of interest include but are not limited to:
- Cyber security mitigation techniques for critical infrastructures such as banking and finance, communications, emergency services, energy, food chain, health, mass gatherings, transport and water
- Cyber threat modelling and analysis
- Cyber forensics
- Visual analytics and risk management techniques for cyber security
- Cyber security test beds, tools, and methodologies

For more information, please see http://www.journals.elsevier.com/journal-of-computer-and-system-sciences/call-for-papers/cyber-security-in-the-critical-infrastructure-advances-and-f/.

Elsevier Future Generation Computer Systems, Special issue on Security, Privacy and Trust of the User-centric Solutions. (Submission Due 1 September 2015) [posted here 07/13/15]
Editors: Raja Naeem Akram (University of London, United Kingdom), Hsiao-Hwa Chen (National Cheng Kung University, Taiwan), Javier Lopez (University of Malaga, Spain), Damien Sauveron (University of Limoges, France), and Laurence T. Yang (St. Francis Xavier University, Canada).

In future computing environments, due to the ongoing development of pervasive and smart technologies, movement towards user-centric solutions must be paramount. The frameworks for everyday personal computing devices, including smartphones, smart cards and sensors, are becoming user-centric instead of issuer-centric. User-centric solutions can target a wide range of applications, ranging from individual devices communicating with other connected devices, through to data-sharing in cloud computing and open grids on very powerful computing systems. User-centric solutions address the devices themselves and the ways in which they communicate, i.e., the networks and the end-user applications. The key factor in the success of user-centric solutions is the peace of mind of users. To achieve this the security, privacy and trust in the user-centric ecosystem for any device must be ensured. This special issue aims to further scientific research within the field of security, privacy and trust for user-centric solutions. It will accept original research papers that report the latest results and advances in this area. It also invites review articles that focus on the state of the art in security, privacy and trust solutions for user-centric devices, network and applications, highlighting trends and challenges. The papers will be peer reviewed and will be selected on the basis of their quality and relevance to the topic of this special issue. Topics include (but are not limited to):
- Security, Privacy and Trust of User-centric Devices (Smartphones, PDA, RFID, Sensors, Smart Cards, Smart Cameras, Smart Objects), User-centric Networks (Mobile Ad hoc Networks, M2M Networks, Urban Networks, Wireless Sensor Networks),and User-centric Applications (Cloud Computing, Data Provenance, Smart Grids
- Technologies used to enhance Security, Privacy and Trust in User-centric solutions (NFC, IPv6, TPM)
- Societal issues related to Security, Privacy and Trust in User-centric solutions (HCI, User interactions)

For more information, please see http://www.journals.elsevier.com/future-generation-computer-systems/call-for-papers/special-issue-on-security-privacy-and-trust-of-the-user-cent/.

IEICE Transactions on Information and Systems, Special Issue on Information and Communication System Security. (Submission Due 10 September 2015) [posted here 04/20/15]
Editors: Abhishek Parakh (University of Nebraska, Omaha, USA) and Zhiwei Wang (Nanjing University of Posts and Telecommunications, P.R. China).

Mobile devices, such as smart tags, smart pads, tablets, PDAs, smart phones and wireless sensors, have become pervasive and attract significant interest from academia, industry, and standard organizations. With the latest cloud computing technology, those mobile devices will play a more and more important role in computing and communication. When those devices become pervasive, security become critical components for the acceptance of applications build based on those devices. Moreover, several favorable characteristics of mobile devices, including portability, mobility and sensitivity, further increase the challenges of security in these systems. However due to rapid development and applications, security in mobile systems involves different challenges. This special issue aims to bring together works of technologists and researchers who share an interest in the area of security in mobile systems, and to explore new venues of collaboration. Its main purpose is to promote discussions about research and relevant activities in the models and designs of secure, privacy-preserving, trusted architectures, security protocols, cryptographic algorithms, services and applications, as well as to analyse cyber threat in mobile systems. It also aims at increasing the synergy between academic and industry professionals working in this area. We seek papers that address theoretical, experimental research, and works-in-progress for security-related issues in the context of mobile systems. Suitable topics include the following in relation to security:
- Cryptography for mobile systems
- Mobile local area networks
- Mobile mesh networks
- Mobile ad-hoc networks
- Vehicular networks
- Mobile social networks
- Mobile smart grid
- Mobile RFID-based systems
- Mobile cloud
- Mobile cyber-physical systems
- Internet of things
- Location-based service systems
- Mobile healthcare systems
- Big data for mobile computing

For more information, please see http://www.journals.elsevier.com/computers-and-electrical-engineering/call-for-papers/challenges-and-solutions-in-mobile-systems-security/.

IET Information Security, Special Issue on Lightweight and Energy-Efficient Security Solutions for Mobile Computing Devices. (Submission Due 14 September 2015) [posted here 07/13/15]
Editors: Nele Mentens (KU Leuven, Belgium), Damien Sauveron (University of Limoges, France), José María Sierra Cámara (Universidad Carlos III Madrid, Spain), Shiuh-Jeng Wang (Central Police University, Taiwan, R.O.C.), and Isaac Woungang (Ryerson University, Canada).

In the modern life, computing devices are becoming more and more mobile and embedded, meaning that they are vulnerable to power limitation and low resources. In this context, the needs of lightweight and energy-efficient security solutions to secure communication as well as applications in which they are involved are inescapable. The targeted mobile devices are small and low computational ones such as RFID, Contactless Smart Card, Wireless Sensors Nodes, to name a few. The aim of this Special Issue is to publish state-of-the-art research results in recent advances in Lightweight and Energy-Efficient Security Solutions for Mobile and Pervasive Computing Devices.

For more information, please see http://digital-library.theiet.org/files/IET_IFS_SI_CFP.pdf.

Pervasive and Mobile Computing, Special Issue on Mobile Security, Privacy and Forensics. (Submission Due 30 September 2015) [posted here 05/11/15]
Editors: Kim-Kwang Raymond Choo (University of South Australia, Australia), Lior Rokach (Ben-Gurion University of the Negev Beer-Sheva, Israel), and Claudio Bettini (University of Milan, Italy)

This special issue will focus on cutting edge research from both academia and industry on the topic of mobile security, privacy and forensics, with a particular emphasis on novel techniques to secure user data and/or obtain evidential data from mobile devices in crimes that make use of sophisticated and secure technologies. Topics of interest include:
- Advanced mobile security features
- Anti-anti mobile forensics
- Data visualization in mobile forensics
- Economics of mobile user security and privacy
- Information security awareness of mobile users
- Mobile app security
- Mobile cloud security
- Mobile device security
- Mobile app forensic and anti-forensic techniques
- Mobile device forensic and anti-forensic techniques
- Mobile evidence preservation and examination
- Mobile information leakage detection and prevention
- Mobile malware
- Mobile network security
- Mobile threat identification, detection and prevention
- Mobile user anonymity
- Privacy in geo-social networks
- Privacy in mobile context-aware services
- Privacy for mobile smart objects
- Trust models for mobile devices and services
- Usability of mobile privacy and security technologies

For more information, please see http://www.journals.elsevier.com/pervasive-and-mobile-computing/call-for-papers/special-issue-on-mobile-security-privacy-and-forensics/.

Elsevier Computer Networks, Special issue on Recent Advances in Physical-Layer Security. (Submission Due 15 October 2015) [posted here 07/13/15]
Editors: Gerhard Hancke (City University of Hong Kong, Hong Kong), Aikaterini Mitrokotsa (Chalmers University of Technology, Sweden), Reihaneh Safavi-Naini (University of Calgary, Canada), and Damien Sauveron (University of Limoges, France).

Physical-layer security is emerging as a promising approach for supporting new and existing security services. Aspects of the physical layer have the potential to provide security services that challenges the capabilities of conventional cryptographic mechanisms, such as relay attacks, ad-hoc key establishment and key-less secure communication. This special issue aims to further scientific research into both theoretical and practical approaches to physical-layer security. It will accept original research papers that report latest results and advances in this area, and will also invite review articles that focus on the state-of-the-art, highlighting trends and challenges. The papers will be peer reviewed and will be selected on the basis of their quality and relevance to the topic of this special issue. We would particularly like to encourage submissions that present strong experimental and/or practical implementation results. Topics include (but are not limited to):
- Determining physical proximity of devices (distance-bounding protocols, location limited channels, etc.)
- Device fingerprinting based on communication features (frequency/data clock skew/transients, etc.)
- Noisy channels ('friendly' jamming) approaches for security
- Jamming ('unfriendly') resistance
- Secret-key generation and agreement over wireless channels
- Cross-layer security mechanisms incorporating cryptography and physical layer aspects for low-resource devices like RFID (efficient schemes, simplified signal processing requirements, etc.)
- Experimental results on practical implementations of physical layer security techniques

For more information, please see http://www.journals.elsevier.com/computer-networks/call-for-papers/special-issue-on-recent-advances-in-physical-layer-security/.

WileySecurity and Communication Networks journal, Special Issue on Cyber Crime. (Submission Due 20 October 2015) [posted here 06/29/15]
Editors: Wojciech Mazurczyk (Warsaw University of Technology, Poland), Krzysztof Szczypiorski (Warsaw University of Technology, Poland), Zoran Duric (George Mason University, USA), and Dengpan Ye (Wuhan University, China).

Today's world's societies are becoming more and more dependent on open networks such as the Internet - where commercial activities, business transactions and government services are realized. This has led to the fast development of new cyber threats and numerous information security issues which are exploited by cyber criminals. The inability to provide trusted secure services in contemporary computer network technologies has a tremendous socio-economic impact on global enterprises as well as individuals. Moreover, the frequently occurring international frauds impose the necessity to conduct the investigation of facts spanning across multiple international borders. Such examination is often subject to different jurisdictions and legal systems. A good illustration of the above being the Internet, which has made it easier to perpetrate traditional crimes. It has acted as an alternate avenue for the criminals to conduct their activities, and launch attacks with relative anonymity. The increased complexity of the communications and the networking infrastructure is making investigation of the crimes difficult. Traces of illegal digital activities are often buried in large volumes of data, which are hard to inspect with the aim of detecting offences and collecting evidence. Nowadays, the digital crime scene functions like any other network, with dedicated administrators functioning as the first responders. This poses new challenges for law enforcement policies and forces the computer societies to utilize digital forensics to combat the increasing number of cybercrimes. Forensic professionals must be fully prepared in order to be able to provide court admissible evidence. To make these goals achievable, forensic techniques should keep pace with new technologies. The aim of this special issue is to bring together the research accomplishments provided by the researchers from academia and the industry. The other goal is to show the latest research results in the field of digital forensics and to present the development of tools and techniques which assist the investigation process of potentially illegal cyber activity. We encourage prospective authors to submit related distinguished research papers on the subject of both: theoretical approaches and practical case reviews. This special issue presents some of the most relevant ongoing research in cyber crime. Topics include, but are not limited to the following:
- Cyber crimes: evolution, new trends and detection/prevention
- Cyber crime related investigations
- Network forensics: tools and applications, case studies and best practices
- Privacy issues in network forensics
- Social networking forensics
- Network traffic analysis, traceback and attribution
- Network incidents response, investigation and evidence handling
- Identification, authentication and collection of digital evidence in networking environment
- Anti-forensic techniques and methods
- Stealthiness improving techniques: information hiding, steganography/steganalysis and covert/subliminal channels
- Watermarking and intellectual property theft
- Network anomalies detection

For more information, please see http://onlinelibrary.wiley.com/journal/10.1002/%28ISSN%291939-0122.

IEEE Communication Magazine, Feature Topic on Bio-inspired Cyber Security for Communications and Networking. (Submission Due 1 November 2015) [posted here 06/29/15]
Editors: Wojciech Mazurczyk (Warsaw University of Technology, Poland), Sean Moore (Centripetal Networks, USA), Errin W. Fulp (Wake Forest University, USA), Hiroshi Wada (Unitrends, Australia), and Kenji Leibnitz (National Institute of Information and Communications Technology, Japan).

Nature is Earth’s most amazing invention machine for solving problems and adapting to significant environmental changes. Its ability to address complex, large-scale problems with robust, adaptable, and efficient solutions results from many years of selection, genetic drift and mutations. Thus, it is not surprising that inventors and researchers often look to natural systems for inspiration and methods for solving problems in human-created artificial environments. This has resulted in the development of evolutionary algorithms including genetic algorithms and swarm algorithms, and of classifier and pattern-detection algorithms, such as neural networks, for solving hard computational problems.

A natural evolutionary driver is to survive long enough to create a next-generation of descendants and ensure their survival. One factor in survival is an organism’s ability to defend against attackers, both predators and parasites, and against rapid changes in environmental conditions. Analogously, networks and communications systems use cyber security to defend their assets against cyber criminals, hostile organizations, hackers, activists, and sudden changes in the network environment (e.g., DDoS attacks). Many of the defense methods used by natural organisms may be mapped to cyber space to implement effective cyber security. Some examples include immune systems, invader detection, friend vs. foe, camouflage, mimicry, evasion, etc. Many cyber security technologies and systems in common use today have their roots in bio-inspired methods, including anti-virus, intrusion detection, threat behavior analysis, attribution, honeypots, counterattack, and the like. As the threats evolve to evade current cyber security technologies, similarly the bio-inspired security and defense technologies evolve to counter the threat.

The goal of this feature topic is twofold: (1) to survey the current academic and industry research in bio-inspired cyber security for communications and networking, so that the ComSoc community can understand the current evolutionary state of cyber threats, defenses, and intelligence, and can plan for future transitions of the research into practical implementations; and (2) to survey current academic and industry system projects, prototypes, and deployed products and services (including threat intelligence services) that implement the next generation of bio-inspired methods. Please note that we recognize that in some cases, details may be limited or obscured for security reasons. Topics of interests include, but are not limited to:
- Bio-inspired anomaly & intrusion detection
- Adaptation algorithms for cyber security & networking
- Biometrics related to cyber security & networking
- Bio-inspired security and networking algorithms & technologies
- Biomimetics related to cyber security & networking
- Bio-inspired cyber threat intelligence methods and systems
- Moving-target techniques
- Network Artificial Immune Systems
- Adaptive and Evolvable Systems
- Neural networks, evolutionary algorithms, and genetic algorithms for cyber security & networking
- Prediction techniques for cyber security & networking
- Information hiding solutions (steganography, watermarking) and detection for network traffic
- Cooperative defense systems
- Bio-inspired algorithms for dependable networks

For more information, please see http://www.comsoc.org/commag/cfp/bio-inspired-cyber-security-communications-and-networking.

ACM Transactions on Internet Technology, Special Issue on Internet of Things (IoT): Secure Service Delivery. (Submission Due 30 November 2015) [posted here 04/27/15]
Editors: Elisa Bertino (Purdue University, USA), Kim-Kwang Raymond Choo (University of South Australia, Australia), Dimitrios Georgakopoulos (RMIT University, Australia), and Surya Nepal (CSIRO, Australia).

The aim of this special section is to bring together cutting-edge research with particular emphasis on novel and innovative techniques to ensure the security and privacy of IoT services and users. We solicit research contributions and potential solutions for IoT-based secure service delivery anywhere and at any time. This special section emphasizes service-level considerations. Topics of interest include, but are not limited to:
- Security of IoT
- IoT Service Architectures and Platforms
- Real-Time IoT Service Security Analytics and Forensics
- Organizational Privacy and Security Policies
- Governance for IoT Services
- Social Aspects of IoT Security
- Security and Privacy Threats to IoT Services and Users
- Accountability and Trust Management
- Legal Considerations and Regulations
- Case Studies and Applications

For more information, please see http://toit.acm.org/CfP/ACM-ToIT-CfP-IoT-Security.pdf.

Conference and Workshop Call-for-papers

August 2015

EuroSP 2016 1st IEEE European Symposium on Security and Privacy, Congress Center Saar, Saarbrücken, Germany, March 21-24, 2016. (Submission Due 6 August 2015) [posted here 07/13/15]
The IEEE European Symposium on Security and Privacy (EuroS&P) has been founded as the European sister conference of the established IEEE S&P symposium, and thus as a premier forum for computer security research, presenting the latest developments and bringing together researchers and practitioners. We solicit previously unpublished papers offering novel research contributions in any aspect of security or privacy. Papers may present advances in the theory, design, implementation, analysis, verification, or empirical evaluation and measurement of secure systems. Topics of interest include:
- Access control
- Accountability
- Anonymity
- Application security
- Attacks and defenses
- Authentication
- Censorship and censorship-resistance
- Cloud security
- Distributed systems security
- Embedded systems security
- Forensics
- Formal methods for security
- Hardware security
- Intrusion detection
- Malware
- Metrics
- Mobile security and privacy
- Language-based security
- Network security
- Privacy-preserving systems
- Protocol security
- Secure information flow
- Security and privacy policies
- Security architectures
- System security
- Usable security and privacy
- Web security and privacy

For more information, please see http://www.ieee-security.org/TC/EuroSP2016/.

ICISS 2015 11th International Conference on Information Systems Security, Kolkata, India, December 16-20, 2015. (Submission Due 10 August 2015) [posted here 02/02/15]
The conference series ICISS (International Conference on Information Systems Security), held annually, provides a forum for disseminating latest research results in information and systems security. ICISS 2015, the eleventh conference in this series, will be held under the aegis of the Society for Research in Information Security and Privacy (SRISP). Submissions are encouraged from academia, industry and government, addressing theoretical and practical problems in information and systems security and related areas. Topics of interest include but are not limited to:
- Access and Usage Control
- Application Security
- Authentication and Audit
- Biometric Security
- Cloud Security
- Cryptographic Protocols
- Cyber-physical Systems Security
- Data Security and Privacy
- Digital Forensics
- Digital Rights Management
- Distributed Systems Security
- Formal Models in Security
- Identity Management
- Intrusion Detection and Prevention
- Intrusion Tolerance and Recovery
- Key Management
- Language-based Security
- Malware Analysis and Mitigation
- Network Security
- Operating Systems Security
- Privacy and Anonymity
- Secure Data Streams
- Security and Usability
- Security Testing
- Sensor and Ad Hoc Network Security
- Smartphone Security
- Software Security
- Usable Security
- Vulnerability Detection and Mitigation
- Web Security

For more information, please see http://www.iciss.org.in.

NDSS 2016 Network and Distributed System Security Symposium, San Diego, California, USA, February 21-24, 2016. (Submission Due 14 August 2015) [posted here 06/22/15]
ISOC NDSS fosters information exchange among researchers and practitioners of network and distributed system security. The target audience includes those interested in practical aspects of network and distributed system security, with a focus on actual system design and implementation. A major goal is to encourage and enable the Internet community to apply, deploy, and advance the state of available security technologies. Technical papers and panel proposals are solicited. All submissions will be reviewed by the Program Committee and accepted submissions will be published by the Internet Society in the Proceedings of NDSS 2016. The Proceedings will be made freely accessible from the Internet Society webpages. Furthermore, permission to freely reproduce all or parts of papers for noncommercial purposes is granted provided that copies bear the Internet Society notice included in the first page of the paper. The authors are therefore free to post the camera-ready versions of their papers on their personal pages and within their institutional repositories. Reproduction for commercial purposes is strictly prohibited and requires prior consent. Topics include:
- Anti-malware techniques: detection, analysis, and prevention
- Combating cyber-crime: anti-phishing, anti-spam, anti-fraud techniques
- Security for future Internet architectures and designs (e.g., Software-Defined Networking)
- High-availability wired and wireless networks
- Implementation, deployment and management of network security policies
- Integrating security in Internet protocols: routing, naming, network management
- Intellectual property protection: protocols, implementations, metering, watermarking, digital rights management
- Intrusion prevention, detection, and response
- Privacy and anonymity technologies
- Security and privacy for distributed cryptocurrencies
- Security and privacy in Social Networks
- Public key infrastructures, key management, certification, and revocation
- Special problems and case studies: e.g., tradeoffs between security and efficiency, usability, reliability and cost
- Security for collaborative applications: teleconferencing and video-conferencing
- Security for cloud computing
- Security for emerging technologies: sensor/wireless/mobile/personal networks and systems
- Security for future home networks, Internet of Things, body-area networks
- Security for large-scale systems and critical infrastructures (e.g., electronic voting, smart grid)
- Security for peer-to-peer and overlay network systems
- Security for Vehicular Ad-hoc Networks (VANETs)
- Security of Web-based applications and services
- Trustworthy Computing mechanisms to secure network protocols and distributed systems
- Usable security and privacy

For more information, please see http://www.internetsociety.org/events/ndss-symposium-2016.

September 2015

SPW 2016 Security and Privacy Workshops, Held in conjunction with the 37th IEEE Symposium on Security and Privacy (SP 2016), San Jose, CA, USA, May 26, 2016. (Submission Due 1 September 2015) [posted here 08/03/15]
Since 1980, the IEEE Symposium on Security and Privacy (SP) has been the premier forum for the presentation of developments in computer security and electronic privacy, and for bringing together researchers and practitioners in the field. To expand opportunities for scientific exchanges, the IEEE CS Technical Committee on Security and Privacy created the Security and Privacy Workshops (SPW). The typical purpose of such a workshop is to cover a specific aspect of security and privacy in more detail, making it easy for the participants to attend IEEE SP and a specialized workshop at SPW with just one trip. Furthermore, the co-location offers synergies for the organizers. The number of workshops and attendees has grown steadily during recent years. Workshops can be annual events, one time events, or aperiodic. The Security and Privacy Workshops in 2016 will be held on Thursday, May 26. All workshops will occur on that day. Up to six workshops will be hosted by SPW.

For more information, please see http://www.ieee-security.org/TC/SP2016/cfworkshops.html.

IFIP119-DF 2016 12th IFIP WG 11.9 International Conference on Digital Forensics, New Delhi, India, January 4-6, 2016. (Submission Due 4 September 2015) [posted here 07/20/15]
The IFIP Working Group 11.9 on Digital Forensics (www.ifip119.org) is an active international community of scientists, engineers and practitioners dedicated to advancing the state of the art of research and practice in digital forensics. The Twelfth Annual IFIP WG 11.9 International Conference on Digital Forensics will provide a forum for presenting original, unpublished research results and innovative ideas related to the extraction, analysis and preservation of all forms of electronic evidence. Papers and panel proposals are solicited. All submissions will be refereed by a program committee comprising members of the Working Group. Papers and panel submissions will be selected based on their technical merit and relevance to IFIP WG 11.9. The conference will be limited to approximately 100 participants to facilitate interactions between researchers and intense discussions of critical research issues. Keynote presentations, revised papers and details of panel discussions will be published as an edited volume - the twelfth volume in the well-known Advances in Digital Forensics book series (Springer, Heidelberg, Germany) during the summer of 2016. Technical papers and posters are solicited in all areas related to the theory and practice of digital forensics. Areas of special interest include, but are not limited to:
- Theories, techniques and tools for extracting, analyzing and preserving digital evidence
- Network and cloud forensics
- Embedded device forensics
- Digital forensic processes and workflow models
- Digital forensic case studies
- Legal, ethical and policy issues related to digital forensics

For more information, please see http://www.ifip119.org.

ICISSP 2016 2nd International Conference on Information Systems Security and Privacy, Rome, Italy, February 19-21, 2016. (Submission Due 8 September 2015) [posted here 06/08/15]
The International Conference on Information Systems Security and Privacy aims at creating a meeting point for researchers and practitioners that address security and privacy challenges that concern information systems, especially in organizations, including not only technological issues but also social issues. The conference welcomes papers of either practical or theoretical nature, presenting research or applications addressing all aspects of security and privacy, that concerns to organizations and individuals, thus creating new research opportunities. Topics include:
- Security Frameworks, Architectures and Protocols
- Cryptographic Algorithms
- Information Hiding and Anonymity
- Vulnerability Analysis and Countermeasures
- Database Security
- Content Protection and Digital Rights Management
- Software Security Assurance
- Security Architecture and Design Analysis
- Security Testing
- Risk and Reputation Management
- Phishing
- Security and Trust in Pervasive Information Systems
- Legal and Regulatory Issues
- Security Professionalism and Practice
- Trust in Social Networks
- Identity and Trust Management
- Intrusion Detection and Response
- Smartcard Technology
- Privacy-Enhancing Models and Technologies
- Privacy In Cloud and Pervasive Computing
- Authentication, Privacy and Security Models
- Social Media Privacy
- E-Voting and Privacy
- Privacy Metrics and Control
- Malware Detection
- Vehicular Systems and Networks
- Threat Awareness
- Identification and Access Control
- Mobile Systems Security
- Biometric Technologies and Applications
- Security Awareness and Education
- Data and Software Security
- Data Mining and Knowledge Discovery
- Web Applications and Services

For more information, please see http://www.icissp.org/.

CODASPY 2016 6TH ACM Conference on Data and Application Security and Privacy, New Orleans, LA, USA, March 9-11, 2016. (Submission Due 14 September 2015) [posted here 07/13/15]
Data and applications security and privacy has rapidly expanded as a research field with many important challenges to be addressed. The goal of the ACM Conference on Data and Applications Security (CODASPY) is to discuss novel, exciting research topics in data and application security and privacy and to lay out directions for further research and development in this area. The conference seeks submissions from diverse communities, including corporate and academic researchers, open-source projects, standardization bodies, governments, system and security administrators, software engineers and application domain experts. Topics of interest include, but are not limited to:
- Application-layer security policies
- Access control for applications
- Access control for databases
- Data-dissemination controls
- Data forensics
- Enforcement-layer security policies
- Privacy-preserving techniques
- Private information retrieval
- Search on protected/encrypted data
- Secure auditing
- Secure collaboration
- Secure data provenance
- Secure electronic commerce
- Secure information sharing
- Secure knowledge management
- Secure multiparty computations
- Secure software development
- Securing data/apps on untrusted platforms
- Securing the semantic web
- Security and privacy in GIS/spatial data
- Security and privacy in healthcare
- Security policies for databases
- Social computing security and privacy
- Social networking security and privacy
- Trust metrics for applications, data, and users
- Usable security and privacy
- Usage Control
- Web application security

For more information, please see http://www.codaspy.org.

ICSS 2015 Industrial Control System Security Workshop, Held in conjunction with 31st Annual Computer Security Applications Conference (ACSAC), Los Angeles, California, USA, December 7-11, 2015. (Submission Due 21 September 2015) [posted here 08/03/15]
Supervisory control and data acquisition (SCADA) and industrial control systems monitor and control a wide range of industrial and infrastructure processes such as water treatment, power generation and transmission, oil and gas refining and steal manufacturing. Such systems are usually built using a variety of commodity computer and networking components, and are becoming increasingly interconnected with corporate and other Internet-visible networks. As a result, they face significant threats from internal and external actors. For example, Stuxnet malware was specifically written to attack SCADA systems that alone caused multi-million dollars damages in 2010. The critical requirement for high availability in SCADA and industrial control systems, along with the use of resource constrained computing devices, legacy operating systems and proprietary software applications limits the applicability of traditional information security solutions. The goal of this workshop is to explore new security techniques that are applicable in the control systems context. Papers of interest including (but not limited to) the following subject categories are solicited:
- Intrusion detection and prevention
- Malware
- Vulnerability analysis of control systems protocols
- Digital forensics
- Virtualization
- Application security
- Performance impact of security methods and tools in control systems

For more information, please see http://acsac.org/2015/workshops/icss/.

ESSoS 2016 International Symposium on Engineering Secure Software and Systems, University of London, London, UK, April 6 - 8, 2016. (Submission Due 25 September 2015) [posted here 07/13/15]
Trustworthy, secure software is a core ingredient of the modern world. So is the Internet. Hostile, networked environments, like the Internet, can allow vulnerabilities in software to be exploited from anywhere. High-quality security building blocks (e.g., cryptographic components) are necessary but insufficient to address these concerns. Indeed, the construction of secure software is challenging because of the complexity of modern applications, the growing sophistication of security requirements, the multitude of available software technologies and the progress of attack vectors. Clearly, a strong need exists for engineering techniques that scale well and that demonstrably improve the software's security properties. The goal of this symposium, which will be the eighth in the series, is to bring together researchers and practitioners to advance the states of the art and practice in secure software engineering. Being one of the few conference-level events dedicated to this topic, it explicitly aims to bridge the software engineering and security engineering communities, and promote cross-fertilization. The symposium will feature two days of technical program including two keynote presentations. In addition to academic papers, the symposium encourages submission of high-quality, informative industrial experience papers about successes and failures in security software engineering and the lessons learned. Furthermore, the symposium also accepts short idea papers that crisply describe a promising direction, approach, or insight. The Symposium seeks submissions on subjects related to its goals. This includes a diversity of topics including (but not limited to):
- Cloud security, virtualization for security
- Mobile devices security
- Automated techniques for vulnerability discovery and analysis
- Model checking for security
- Binary code analysis, reverse-engineering
- Programming paradigms, models, and domain-specific languages for security
- Operating system security
- Verification techniques for security properties
- Malware: detection, analysis, mitigation
- Security in critical infrastructures
- Security by design
- Static and dynamic code analysis for security
- Web applications security
- Program rewriting techniques for security
- Security measurements
- Empirical secure software engineering
- Security-oriented software reconfiguration and evolution
- Computer forensics
- Processes for the development of secure software and systems
- Security testing
- Embedded software security

For more information, please see https://distrinet.cs.kuleuven.be/events/essos/2016/calls-papers.html.

October 2015

INTRICATE-SEC 2016 4th International Workshop on Security Intricacies in Cyber-Physical Systems and Services, Held in conjunction with the 30th International Conference on Advanced Information Networking and Applications (AINA-2016), Crans-Montana, Switzerland, March 23-25, 2016. (Submission Due 3 October 2015) [posted here 07/06/15]
For INTRICATE-SEC 2016 we are expanding our scope from a focus on security intricacies in designing/modelling service oriented architectures to the broader field of secure cyber physical systems (CPS) and services. Of particular interest are ideas and solutions on provisioning secure CPS and services over resource constrained and low power lossy networks. In addition to invited talks, we welcome papers with novel theoretical and application-centered contributions focused on (but not restricted to) the following topics:
- Security and Privacy for CPS, including: Anonymity and Pseudonymity, Authentication and Authorization, Trust & Identity Management, Privacy, and Malware.
- Secure Service Platforms for CPS, including: Smart Grids, Demand Management, Scheduling, Energy Management Models, and Mobile Web Services and Middleware.
- Secure Architectures for CPS, including: Data Modeling, Home Energy Management, Scalability, Reliability, and Safety, Resource Constrained and Low Power Lossy Networks, and Unconventional/Biologically Inspired Models

For more information, please see http://infosec.cs.uct.ac.za/INTRICATE-SEC/.

PQCrypto 2016 7th International Conference on Post-Quantum Cryptography, Fukuoka, Japan, February 24-26, 2016. (Submission Due 7 October 2015) [posted here 03/23/15]
The aim of PQCrypto is to serve as a forum for researchers to present results and exchange ideas on the topic of cryptography in an era with large-scale quantum computers. The conference will be preceded by a winter school on February 22-23, 2016. Original research papers on all technical aspects of cryptographic research related to post-quantum cryptography are solicited. The topics include (but are not restricted to):
- Cryptosystems that have the potential to be safe against quantum computers such as: hash-based signature schemes, lattice-based cryptosystems, code-based cryptosystems, multivariate cryptosystems and quantum cryptographic schemes;
- Classical and quantum attacks including side-channel attacks on post-quantum cryptosystems;
- Security models for the post-quantum era.

For more information, please see https://pqcrypto2016.jp/.

November 2015

SP 2016 37th IEEE Symposium on Security and Privacy, San Jose, CA, USA, May 23-25, 2016. (Submission Due 13 November 2015) [posted here 08/03/15]
Since 1980 in Oakland, the IEEE Symposium on Security and Privacy has been the premier forum for computer security research, presenting the latest developments and bringing together researchers and practitioners. We solicit previously unpublished papers offering novel research contributions in any aspect of security or privacy. Papers may present advances in the theory, design, implementation, analysis, verification, or empirical evaluation and measurement of secure systems. Topics of interest include:
- Access control and authorization
- Accountability
- Anonymity
- Application security
- Attacks and defenses
- Authentication
- Censorship resistance
- Cloud security
- Distributed systems security
- Economics of security and privacy
- Embedded systems security
- Forensics
- Hardware security
- Intrusion detection
- Malware and unwanted software
- Mobile and Web security and privacy
- Language-based security
- Network and systems security
- Privacy technologies and mechanisms
- Protocol security
- Secure information flow
- Security and privacy for the Internet of Things
- Security and privacy metrics
- Security and privacy policies
- Security architectures
- System security
- Usable security and privacy

For more information, please see http://www.ieee-security.org/TC/SP2016/.

ASIACCS 2016 11th ACM Asia Conference on Computer and Communications Security, Xi'an, China, May 31 - June 3, 2016. (Submission Due 20 November 2015) [posted here 08/03/15]
Building on the success of ACM Conference on Computer and Communications Security (CCS) and ACM Transactions on Information and System Security (TISSEC), the ACM Special Interest Group on Security, Audit, and Control (SIGSAC) formally established the annual ACM Symposium on InformAtion, Computer and Communications Security (ASIACCS). The inaugural ASIACCS was held in Taipei (2006). Since then ASIACCS has been held in Singapore (2007), Tokyo (2008), Sydney (2009), Beijing (2010), Hong Kong (2011), Seoul (2012), Hangzhou (2013), Kyoto (2014), and Singapore (2015). Considering that this series of meetings has moved beyond a symposium and it is now widely regarded as the Asia version of CCS, the full name of AsiaCCS is officially changed to ACM Asia Conference on Computer and Communications Security starting in June 2015. The 11th ACM Asia Conference on Computer and Communications Security (ASIACCS 2016) will be held in 31 May - 3 June, 2016 in Xi'an, China. We invite submissions from academia, government, and industry presenting novel research on all theoretical and practical aspects of computer and network security. Areas of interest for ASIACCS 2016 include, but are not limited to:
- Access control
- Accounting and audit
- Applied cryptography
- Authentication
- Cloud computing security
- Cyber-physical security
- Data and application security
- Digital forensics
- Embedded systems security
- Formal methods for security
- Hardware-based security
- Intrusion detection
- Key management
- Malware and botnets
- Mobile computing security
- Network security
- Operating system security
- Privacy-enhancing technology
- Security architectures
- Security metrics
- Software security
- Smart grid security
- Threat modeling
- Trusted computing
- Usable security and privacy
- Web security
- Wireless security

For more information, please see http://meeting.xidian.edu.cn/conference/AsiaCCS2016/home.html.

December 2015

IFIP SEC 2016 31th IFIP TC-11 SEC 2016 International Information Security and Privacy Conference, Ghent, Belgium, May 30 - June 1, 2016. (Submission Due 24 December 2015) [posted here 07/27/15]
The IFIP SEC conference is the flagship event of the International Federation for Information Processing (IFIP) Technical Committee 11 on Security and Privacy Protection in Information Processing Systems (TC-11, www.ifiptc11.org). We seek submissions from academia, industry, and government presenting novel research on all theoretical and practical aspects of security and privacy protection in ICT Systems. Topics of interest:
- Access control and authentication
- Applied cryptography
- Audit and risk analysis
- Big data security and privacy
- Cloud security and privacy
- Critical infrastructure protection
- Cyber-physical systems security
- Data and applications security
- Digital forensics
- Human aspects of security and privacy
- Identity management
- Information security education
- Information security management
- Information technology misuse and the law
- Managing information security functions
- Mobile security
- Multilateral security
- Network & distributed systems security
- Pervasive systems security
- Privacy protection and Privacy-by-design
- privacy enhancing technologies
- Surveillance and counter-surveillance
- Trust management

For more information, please see http://ifipsec.org/2016/.

Archival Journals Regularly Specializing in Security and Privacy

Journal of Privacy Technology (JOPT),   Editor-in-Chief:  Latanya Sweeney
This online-only Journal, started in 2004 and  operated by Carnegie Mellon University, is a forum for the publication of original current research in privacy technology. It encourages the submission of any material dealing primarily with the technological aspects of privacy or with the privacy aspects of technology, which may include analysis of the interaction between policy and technology or the technological implications of legal decisions.  More information can be found at http://www.jopt.org/.

IEEE Security and Privacy Magazine,   Editor-in-Chief: Shari Lawrence Pfleeger
IEEE Security & Privacy provides a unique combination of research articles, case studies, tutorials, and regular departments covering diverse aspects of information assurance such as legal and ethical issues, privacy concerns, tools to help secure information, analysis of vulnerabilities and attacks, trends and new developments, pedagogical and curricular issues in educating the next generation of security professionals, secure operating systems and applications, security issues in wireless networks, design and test strategies for secure and survivable systems, and cryptology.  More information can be found at http://www.computer.org/portal/web/computingnow/securityandprivacy.

ACM Transactions on Information and System Security,   Editor-in-Chief: Gene Tsudik
ACM invites submissions for its Transactions on Information and System Security, inaugurated in November 1998. TISSEC publishes original archival-quality research papers and technical notes in all areas of information and system security including technologies, systems, applications, and policies. Papers should have practical relevance to the construction, evaluation, application, or operation of secure systems. Theoretical papers will be accepted only if there is convincing argument for the practical significance of the results. Theory must be justified by convincing examples illustrating its application. More information is given on the journal web page at http://www.acm.org/tissec.

IEEE Transactions on Dependable and Secure Computing,   Editor-in-Chief: Ravi Sandhu
The IEEE Transactions on Dependable and Secure Computing publishes archival research results related to research into foundations, methodologies, and mechanisms that support the achievement—through design, modeling, and evaluation—of systems and networks that are dependable and secure to the desired degree without compromising performance. The focus will also include measurement, modeling, and simulation techniques, and foundations for jointly evaluating, verifying, and designing for performance, security, and dependability constraints. More information is given on the journal web page at http://www.computer.org/portal/web/tdsc.

The Springer Series on ADVANCES IN INFORMATION SECURITY
The purpose of the Advances in Information Security book series is to establish the state of the art and set the course for future research in information security. The scope of this series includes not only all aspects of computer, network security, and cryptography, but related areas, such as fault tolerance and software assurance. The series serves as a central source of reference for information security research and developments. The series aims to publish thorough and cohesive overviews on specific topics in Information Security, as well as works that are larger in scope than survey articles and that will contain more detailed background information. The series also provides a single point of coverage of advanced and timely topics and a forum for topics that may not have reached a level of maturity to warrant a comprehensive textbook. Prospective Authors or Editors: If you have an idea for a book that would fit in this series, we would welcome the opportunity to review your proposal. Should you wish to discuss any potential project further or receive specific information regarding book proposal requirements, please contact Professor Sushil Jajodia (jajodia@gmu.edu,703-993-1653).
 
Journal of Computer Security,   Editor-in-Chief: John Mitchell and Pierangela Samarati
JCS is an archival research journal for significant advances in computer security. Subject areas include architecture, operating systems, database systems, networks, authentication, distributed systems, formal models, verification, algorithms, mechanisms, and policies. All papers must be submitted online at http://www.iospress.nl/journal/journal-of-computer-security/. More information is given on the journal web page at http://jcs.stanford.edu/.
 
Computers & Security,   Editor-in-Chief: Eugene H. Spafford
Computers & Security aims to satisfy the needs of managers and experts involved in computer security by providing a blend of research developments, innovations, and practical management advice. Original submissions on all computer security topics are invited, particularly those of practical benefit to the practitioner. All papers must be submitted online at http://ees.elsevier.com/cose/. More information can be found at http://www.elsevier.com/locate/issn/01674048.
 
International Journal of Information Security,   Editors-in-Chief: D. Gollmann; J. Lopez; E. Okamoto
The International Journal of Information Security, IJIS, aims to provide prompt publication of important technical work in information security, attracting any person interested in communications, commerce, banking, medicine, or other areas of endeavor affected by information security. Any research submission on theory, applications, and implementations of information security is welcomed. This includes, but is not limited to, system security, network security, content protection, applications and foundations of information security. More information is given on the journal web page at http://www.springer.com/computer/security+and+cryptology/journal/10207.
 
International Journal of Network Security,   Editors-in-Chief: Min-Shiang Hwang
International Journal of Network Security is an international official journal of Science Publications, publishing original articles, reviews and short communications of a high scientific and technology in network security. Subjects covered include: access control, computer security, cryptography, communications security, data security, database security, electronic commerce security, information security, multimedia security, and network security. Authors are strongly encouraged to submit their papers electronically by using online manuscript submission at http://ijns.nchu.edu.tw/, or submit their Word, ps or pdf file to the editor-in-chief (via Email: mshwang@isrc.nchu.edu.tw): Min-Shiang Hwang, at the Department of Management Information Systems, National Chung Hsing University, Taiwan, R.O.C.  More information can be found at http://ijns.femto.com.tw/.
 
International Journal of Security and Networks,   Editors-in-Chief: Yang Xiao
International Journal of Security and Networks is an archival research journal for significant advances in network security. Subject areas include attack models, security mechanisms, security services, authentication, authorization, access control, multicast security, data confidentiality, data integrity, non-repudiation, forensics, privacy protection, secure protocols, formal analyses, intrusion detection, key management, trust establishment, revocation of malicious parties, security policies, fraudulent usage, dependability and reliability, prevention of traffic analysis, network security performance evaluation, tradeoff analysis between performance and security, security standards, etc. All papers must be submitted online at http://www.inderscience.com/ijsn/. More information is given on the journal web page at http://www.inderscience.com/ijsn/.
 
International Journal of Critical Infrastructure Protection,   Editors-in-Chief: Sujeet Shenoi
International Journal of Critical Infrastructure Protection's primary aim is to publish high quality scientific and policy papers in all areas of critical infrastructure protection. Of particular interest are articles that weave science, technology and policy to craft sophisticated yet practical solutions that will secure information, computer and network assets in the various critical infrastructure sectors. All papers must be submitted online at http://www.elsevier.com/locate/ijcip. More information is given on the journal web page at http://www.elsevier.com/locate/ijcip.
 
IEEE Transactions on Information Forensics and Security,   Editors-in-Chief: C.-C. Jay Kuo
IEEE Transactions on Information Forensics and Security aims to provide a unified locus for archival research on the fundamental contributions and the mathematics behind information forensics, information security, surveillance, and systems applications that incorporate these features. Authors are strongly encouraged to submit their papers electronically to the online manuscript system, Manuscript Central, via sps-ieee.manuscriptcentral.com.  More information can be found at http://www.ieee.org/organizations/society/sp/tifs.html.
 
EURASIP Journal on Information Security,   Editors-in-Chief: Stefan Katzenbeisser
EURASIP Journal on Information Security aims to bring together researchers and practitioners dealing with the general field of information security, with a particular emphasis on the use of signal processing tools in adversarial environments. As such, it addresses all works whereby security is achieved through a combination of techniques from cryptography, computer security, machine learning and multimedia signal processing. Application domains lie, for example, in secure storage, retrieval and tracking of multimedia data, secure outsourcing of computations, forgery detection of multimedia data, or secure use of biometrics. The journal also welcomes survey papers that give the reader a gentle introduction to one of the topics covered as well as papers that report large-scale experimental evaluations of existing techniques. Pure cryptographic papers are outside the scope of the journal. The journal also welcomes proposals for Special Issues. All papers must be submitted online at http://jis.eurasipjournals.com/manuscript.  More information can be found at http://jis.eurasipjournals.com.