Cipher
Calls for Papers



IEEE Computer Society's Technical Committee on Security and Privacy


 

Last Modified:01/19/15

Note: Please send new calls to cipher-cfp@ieee-security.org and take a moment to read the submission guidelines. And please see the Cipher Calendar for events sorted in date order. For all other questions, please contact cipher-cfp@ieee-security.org by email.

Contents

 

Special Issues of Journals and Handbooks


IEEE Cloud Computing, Special Issue on Legal Clouds: How to Balance Privacy with Legitimate Surveillance and Lawful Data Access. (Submission Due 1 March 2015) [posted here 01/19/15]
Editors: Kim-Kwang Raymond Choo (University of South Australia, Australia), and Rick Sarre (University of South Australia, Australia)

This special issue will focus on cutting edge research from both academia and industry on the topic of balancing cloud user privacy with legitimate surveillance and lawful data access, with a particular focus on cross-disciplinary research. For example, how can we design technologies that will enhance "guardianship" and the "deterrent" effect in cloud security at the same time as reducing the "motivations" of cybercriminals? Topics of interest include but are not limited to:
- Advanced cloud security
- Cloud forensics and anti-forensics
- Cloud incident response
- Cloud information leakage detection and prevention
- Enhancing and/or preserving cloud privacy
- Cloud surveillance
- Crime prevention strategies
- Legal issues relating to surveillance
- Enhancing privacy technology for cloud-based apps

For more information, please see http://www.computer.org/portal/web/computingnow/call-for-paper-cloud-computing-july-august.

Elsevier Future Generation Computer Systems, Special Issue on Cloud Cryptography: State of the Art and Recent Advances. (Submission Due 1 May 2015) [posted here 01/19/15]
Editors: Kim-Kwang Raymond Choo (University of South Australia, Australia), Josep Domingo-Ferrer (Universitat Rovira i Virgili, Catalonia), and Lei Zhang (East China Normal University, China)

Cloud computing is widely used by organisations and individuals. Despite the popularity of cloud computing, cloud security is still an area needing further research. A particularly promising approach to achieve security in this new computing paradigm is through cryptography, but traditional cryptographic techniques are not entirely suitable for cloud implementation due to computational efficiency limitations and other constraints. This special issue is dedicated to providing both scientists and practitioners with a forum to present their recent research on the use of novel cryptography techniques to improve the security of the underlying cloud architecture or ecosystem, particularly research that integrates both theory and practice. For example, how do we design an efficient cloud cryptography system that offers enhanced security without compromising on usability and performance? An efficient fully homomorphic encryption scheme might be an option. Such a scheme should guarantee that the cloud service provider is unable to view the content of the data he stores (thereby ensuring data confidentiality to users). However, sufficiently efficient fully homomorphic encryption is not yet available. We encourage authors to be exploratory in their submissions – that is, to report on advances beyond the state of the art in research and development of cryptographic techniques that result in secure and efficient means of ensuring security and privacy of cloud data. Topics of interest include but are not limited to:
- Anonymity
- Access control
- Cloud key agreement
- Distributed authentication and authority
- Implementation of cryptographic schemes
- Homomorphic encryption
- Multi-cloud security
- Privacy-preserving provisioning
- Remote proofs of storage
- Searchable encryption
- Secure computation

For more information, please see http://www.journals.elsevier.com/future-generation-computer-systems/call-for-papers/special-issue-on-cloud-cryptography-state-of-the-art-and-rec/.

IEICE Transactions on Information and Systems, Special Issue on Information and Communication System Security. (Submission Due 22 May 2015) [posted here 01/19/15]
Editors: Toshihiro Yamauchi (Okayama University, Japan), Yasunori Ishihara (Osaka University, Japan), and Atsushi Kanai (Hosei University, Japan).

The major topics include, but are not limited to:
- Security Technologies on AdHoc Network, P2P, Sensor Network, RFID, Wireless Network, Mobile Network, Home Network, Cloud, and SNS
- Access Control, Content Security, DRM, CDN, Privacy Protection, E-Commerce, PKI, Security Architecture, Security Protocol, Security Implementation, Technologies, Secure OS, Security Evaluation/Authentication

For more information, please see http://www.ieice.org/~icss/index.en.html.

Conference and Workshop Call-for-papers

January 2015

GenoPri 2015 2nd International Workshop on Genome Privacy and Security, Held in conjunction with IEEE Symposium on Security and Privacy (SP 2015), San Jose, CA, USA, May 21, 2015. (Submission Due 20 January 2015) [posted here 10/06/14]
Over the past several decades, genome sequencing technologies have evolved from slow and expensive systems that were limited in access to a select few scientists and forensics investigators to high-throughput, relatively low-cost tools that are available to consumers. A consequence of such technical progress is that genomics has become one of the next major challenges for privacy and security because (1) genetic diseases can be unveiled, (2) the propensity to develop specific diseases (such as Alzheimer’s) can be revealed, (3) a volunteer, accepting to have his genomic code made public, can leak substantial information about his ethnic heritage and the genomic data of his relatives (possibly against their will), and (4) complex privacy issues can arise if DNA analysis is used for criminal investigations and medical purposes. As genomics is increasingly integrated into healthcare and "recreational" services (e.g., ancestry testing), the risk of DNA data leakage is serious for both individuals and their relatives. Failure to adequately protect such information could lead to a serious backlash, impeding genomic research, that could affect the well-being of our society as a whole. This prompts the need for research and innovation in all aspects of genome privacy and security, as suggested by the non-exhaustive list of topics below:
- Privacy-preserving analysis of and computation on genomic data
- Security and privacy metrics for the leakage of genomic data
- Cross-layer attacks to genome privacy
- Access control for genomic data
- Differentiated access rights for medical professionals
- Quantification of genome privacy
- De-anonymization attacks against genomic databases
- Efficient cryptographic techniques for enhancing security/privacy of genomic data
- Privacy enhancing technologies for genomic data
- Implications of synthetic DNA for privacy
- Applications of differential privacy to the protection of genomic data
- Storage and long-term safety of genomic data
- Secure sharing of genomic data between different entities
- Trust in genomic research and applications
- Social and economic issues for genome privacy and security
- Ethical and legal issues in genomics
- Studies of policy efforts in genomics
- User studies and perceptions
- Social and economic issues for genome privacy
- Studies of issues and challenges with informed consent
- Privacy issues in transcriptomics and proteomics
- Systematization-of-knowledge of genome privacy and security research

For more information, please see http://www.genopri.org/.

SACMAT 2015 20th ACM Symposium on Access Control Models and Technologies, Vienna, Austria, June 1-3, 2015. (Submission Due 20 January 2015) [posted here 01/05/15]
The ACM Symposium on Access Control Models and Technologies (SACMAT) is the premier forum for the presentation of research results and experience reports on leading edge issues of access control, including models, systems, applications, and theory. The aims of the symposium are to share novel access control solutions that fulfil the needs of heterogeneous applications and environments, and to identify new directions for future research and development. SACMAT provides researchers and practitioners with a unique opportunity to share their perspectives with others interested in the various aspects of access control. Papers offering novel research contributions in all aspects of access control are solicited for submission to the 20th ACM Symposium on Access Control Models and Technologies (SACMAT 2015). Accepted papers will be presented at the symposium and published by the ACM in the symposium proceedings. Topics of interest include but are not limited to:
- Access Intelligence
- Administration
- Applications
- Attribute-based systems
- Authentication
- Big data
- Biometrics
- Cloud computing
- Cryptographic approaches
- Cyber-physical systems
- Databases and data management
- Design methodology
- Distributed and mobile systems
- Economic models and game theory
- Enforcement
- Hardware enhanced
- Identity management
- Mechanisms, systems, and tools
- Models and extensions
- Obligations
- Policy engineering and analysis
- Requirements
- Risk
- Safety analysis
- Standards
- Theoretical foundations
- Trust management
- Usability

For more information, please see http://www.sacmat.org/.

IWPE 2015 1st International Workshop on Privacy Engineering, Held in conjunction with IEEE Symposium on Security and Privacy (SP 2015), San Jose, CA, USA, May 21, 2015. (Submission Due 23 January 2015) [posted here 10/06/14]
Ongoing news reports regarding global surveillance programs, massive personal data breaches in corporate databases, and notorious examples of personal tragedies due to privacy violations have intensified societal demands for privacy-friendly systems. In response, current legislative and standardization processes worldwide aim to strengthen individual’s privacy by introducing legal and organizational frameworks that personal data collectors and processors must follow. However, in practice, these initiatives alone are not enough to guarantee that organizations and software developers will be able to identify and adopt appropriate privacy engineering techniques in their daily practices. Even if so, it is difficult to systematically evaluate whether the systems they develop using such techniques comply with legal frameworks, provide necessary technical assurances, and fulfill users’ privacy requirements. It is evident that research is needed in developing techniques that can aid the translation of legal and normative concepts, as well as user expectations into systems requirements. Furthermore, methods that can support organizations and engineers in developing (socio-)technical systems that address these requirements is of increasing value to respond to the existing societal challenges associated with privacy. While there is a consensus on the benefits of an engineering approach to privacy, concrete proposals for processes, models, methodologies, techniques and tools that support engineers and organizations in this endeavor are few and in need of immediate attention. To cover this gap, the topics of the International Workshop on Privacy Engineering (IWPE'15) focus on all the aspects surrounding privacy engineering, ranging from its theoretical foundations, engineering approaches, and support infrastructures, to its practical application in projects of different scale. IWPE’15 welcomes papers that focus on novel solutions on the recent developments in the general area of privacy engineering. Topics of interests include, but are not limited to:
- Integration of law and policy compliance into the development process
- Privacy impact assessment
- Privacy risk management models
- Privacy breach recovery Methods
- Technical standards, heuristics and best practices for privacy engineering
- Privacy engineering in technical standards
- Privacy requirements elicitation and analysis methods
- User privacy and data protection requirements
- Management of privacy requirements with other system requirements
- Privacy requirements operationalization
- Privacy engineering strategies and design patterns
- Privacy architectures
- Privacy engineering and databases
- Privacy engineering in the context of interaction design and usability
- Privacy testing and evaluation methods
- Validation and verification of privacy requirements
- Engineering Privacy Enhancing Technologies
- Models and approaches for the verification of privacy properties
- Tools supporting privacy engineering
- Teaching and training privacy engineering
- Adaptations of privacy engineering into specific software development processes
- Pilots and real-world applications
- Privacy engineering and accountability
- Organizational, legal, political and economic aspects of privacy engineering

For more information, please see http://ieee-security.org/TC/SPW2015/IWPE/.

TELERISE 2015 1st International Workshop on TEchnical and LEgal aspects of data pRIvacy and SEcurity, Co-located with ICSE 2015, Florence, Italy, May 18, 2015. (Submission Due 23 January 2015) [posted here 12/15/14]
Information sharing is essential for today's business and societal transactions. Nevertheless, such a sharing should not violate the security and privacy requirements dictated by Law, by internal regulations of organisations, and by data subjects. An effectual, rapid, and unfailing electronic data sharing among different parties, while protecting legitimate rights on these data, is a key issue with several shades. Among them, how to translate the high-level law obligations, business constraints, and users' requirements into system-level privacy policies, providing efficient and practical solutions for policy definition and enforcement. TELERISE aims at providing a forum for researchers and engineers, in academia and industry, to foster an exchange of research results, experiences, and products in the area of privacy preserving and secure data management, from a technical and legal perspective. The ultimate goal is to conceive new trends and ideas on designing, implementing, and evaluating solutions for privacy-preserving information sharing, with an eye to cross-relations between ICT and regulatory aspects of data management. Topics of interest are (but not limited to):
- Model-based and experimental assessment of data protection
- Privacy in identity management and authentication
- Modelling and analysis languages for representation, visualization, specification of legal regulations
- Technical, legal and user requirements for data protection
- User-friendly authoring tools to edit privacy preferences
- IT infrastructures for privacy and security policies management
- IT infrastructure for supporting privacy and security policies evolution
- Privacy and security policies conflict analysis and resolution strategies
- Electronic Data Sharing Agreements Representation: Languages and Management Infrastructure
- Cross-relations between privacy-preserving technical solutions and legal regulations
- Privacy aware access and usage control
- Privacy and security policies enforcement mechanisms
- Privacy preserving data allocation and storage
- Software systems compliance with applicable laws and regulations
- Heuristic for pattern identification in law text
- Empirical analysis of consumer's awareness of privacy and security policies

For more information, please see http://www.iit.cnr.it/telerise2015/.

CAV 2015 27th International Conference on Computer Aided Verification, San Francisco, California, USA, July 18-24 2015. (Submission Due 30 January 2015) [posted here 10/06/14]
CAV 2015 is the 27th in a series dedicated to the advancement of the theory and practice of computer-aided formal analysis methods for hardware and software systems. CAV considers it vital to continue spurring advances in hardware and software verification while expanding to new domains such as biological systems and computer security. The conference covers the spectrum from theoretical results to concrete applications, with an emphasis on practical verification tools and the algorithms and techniques that are needed for their implementation. The proceedings of the conference will be published in the Springer LNCS series. A selection of papers will be invited to a special issue of Formal Methods in System Design and the Journal of the ACM. Topics of interest include but are not limited to:
- Algorithms and tools for verifying models and implementations
- Hardware verification techniques
- Deductive, compositional, and abstraction techniques for verification
- Program analysis and software verification
- Verification methods for parallel and concurrent hardware/software systems
- Testing and run-time analysis based on verification technology
- Applications and case studies in verification
- Decision procedures and solvers for verification
- Mathematical and logical foundations of practical verification tools
- Verification in industrial practice
- Algorithms and tools for system synthesis
- Hybrid systems and embedded systems verification
- Verification techniques for security
- Formal models and methods for biological systems

For more information, please see http://i-cav.org/2015/.

February 2015

DIMVA 2015 12th International Conference on Detection of Intrusions and Malware & Vulnerability Assessment, Milano, Italy, July 9-10, 2015. (Submission Due 8 February 2015) [posted here 12/15/14]
The annual DIMVA conference serves as a premier forum for advancing the state of the art in intrusion detection, malware detection, and vulnerability assessment. Each year, DIMVA brings together international experts from academia, industry, and government to present and discuss novel research in these areas. This year, due to the increased threats against critical infrastructures and industrial control systems, we encourage submissions in these areas. Specifically, we welcome strong technical contributions that consider the cross-area obstacles (e.g., privacy, societal and legal aspects) that arise when deploying protection measures in the real world.

For more information, please see http://www.dimva2015.it.

WiSec 2015 8th ACM Conference on Security and Privacy in Wireless and Mobile Networks, New York City, NY, USA, June 22-26, 2015. (Submission Due 10 February 2015) [posted here 11/17/14]
ACM WiSec is the leading ACM and SIGSAC conference dedicated to all aspects of security and privacy in wireless and mobile and mobile networks and their applications. In addition to the traditional ACM WiSec topics of physical, link, and network layer security, we welcome papers focusing on the security and privacy of mobile software platforms, usable security and privacy, biometrics, cryptography, and the increasingly diverse range of mobile or wireless applications such as Internet of Things, and Cyber-Physical Systems. The conference welcomes both theoretical as well as systems contributions. Topics of interest include, but are not limited to:
- Mobile malware and platform security
- Security & Privacy for Smart Devices (e.g., Smartphones)
- Wireless and mobile privacy and anonymity
- Secure localization and location privacy
- Cellular network fraud and security
- Jamming attacks and defenses
- Key extraction, agreement, or distribution
- Theoretical foundations, cryptographic primitives, and formal methods
- NFC and smart payment applications
- Security and privacy for mobile sensing systems
- Wireless or mobile security and privacy in health, automotive, avionics, or smart grid applications
- Self-tracking/Quantified Self Security and Privacy
- Physical Tracking Security and Privacy
- Usable Mobile Security and Privacy
- Economics of Mobile Security and Privacy
- Bring Your Own Device (BYOD) Security

For more information, please see http://www.sigsac.org/wisec/WiSec2015/.

EUSIPCO 2015 23rd European Signal Processing Conference, Information Forensics and Security Track, Nice, Cote d' Azur, France, August 31 - September 4, 2015. (Submission Due 13 February 2015) [posted here 12/15/14]
EUSIPCO is the flagship conference of the European Association for Signal Processing (EURASIP). EUSIPCO 2015 will feature world-class speakers, oral and poster sessions, keynotes, exhibitions, demonstrations and tutorials and is expected to attract in the order of 600 leading researchers and industry figures from all over the world. The Information Forensics and Security Track addresses all works whereby security is achieved through a combination of techniques from cryptography, computer security, machine learning and multimedia signal processing.

For more information, please see http://www.eusipco2015.org.

PETS 2015 15th Privacy Enhancing Technologies Symposium, Philadelphia, PA, USA, June 30 - July 2, 2015. (Submission Due 22 November 2014 or 15 February 2015) [posted here 09/22/14]
The annual Privacy Enhancing Technologies Symposium (PETS) brings together privacy and anonymity experts from around the world to discuss recent advances and new perspectives. PETS addresses the design and realization of privacy services for the Internet and other data systems and communication networks. Papers should present novel practical and/or theoretical research into the design, analysis, experimentation, or fielding of privacy-enhancing technologies. While PETS has traditionally been home to research on anonymity systems and privacy-oriented cryptography, we strongly encourage submissions in a number of both well-established and some emerging privacy-related topics.

*** New starting this year ***: Papers will undergo a journal-style reviewing process and be published in the Proceedings on Privacy Enhancing Technologies (PoPETs). PoPETs, a scholarly journal for timely research papers on privacy, has been established as a way to improve reviewing and publication quality while retaining the highly successful PETS community event. PoPETs will be published by De Gruyter Open (http://degruyteropen.com/), the world's second largest publisher of Open Access academic content, and part of the De Gruyter group (http://www.degruyter.com/), which has over 260 years of publishing history. Authors can submit papers to one of several submission deadlines during the year. Papers are provided with major/minor revision decisions on a predictable schedule, where we endeavor to assign the same reviewers to major revisions. Authors can address the concerns of reviewers in their revision and rebut reviewer comments before a final decision on acceptance is made. Papers accepted for publication by May 15th will be presented at that year's symposium. Note that accepted papers must be presented at PETS. Suggested topics include but are not restricted to:
- Behavioural targeting
- Building and deploying privacy-enhancing systems
- Crowdsourcing for privacy
- Cryptographic tools for privacy
- Data protection technologies
- Differential privacy
- Economics of privacy and game-theoretical approaches to privacy
- Forensics and privacy
- Human factors, usability and user-centered design for PETs
- Information leakage, data correlation and generic attacks to privacy
- Interdisciplinary research connecting privacy to economics, law, ethnography, psychology, medicine, biotechnology
- Location and mobility privacy
- Measuring and quantifying privacy
- Obfuscation-based privacy
- Policy languages and tools for privacy
- Privacy and human rights
- Privacy in ubiquitous computing and mobile devices
- Privacy in cloud and big-data applications
- Privacy in social networks and microblogging systems
- Privacy-enhanced access control, authentication, and identity management
- Profiling and data mining
- Reliability, robustness, and abuse prevention in privacy systems
- Surveillance
- Systems for anonymous communications and censorship resistance
- Traffic analysis
- Transparency enhancing tools

For more information, please see https://www.petsymposium.org/2015/.

LangSec 2015 2nd Workshop on Language-Theoretic Security, Held in conjunction with IEEE Symposium on Security and Privacy (SP 2015), San Jose, CA, USA, May 21, 2015. (Submission Due 16 February 2015) [posted here 10/06/14]
LangSec workshop solicits contributions related to the growing area of language-theoretic security. LangSec offers a coherent explanation for the "science of insecurity" as more than an ad hoc collection of software mistakes or design flaws. This explanation is predicated on the connection between fundamental computability principles and the continued existence of software flaws. LangSec posits that the only path to trustworthy software that takes untrusted inputs is treating all valid or expected inputs as a formal language and treating the respective input-handling routines as a recognizer for that language. The LangSec approach to system design is primarily concerned with achieving practical assurance: development that is rooted in fundamentally sound computability theory, but is expressed as efficient and practical systems components. One major objective of the workshop is to develop and share this viewpoint with attendees and the broader systems security community to help establish a foundation for research based on LangSec principles. The overall goal of the workshop is to bring more clarity and focus to two complementary areas: (1) practical software assurance and (2) vulnerability analysis (identification, characterization, and exploit development). The LangSec community views these activities as related and highly structured engineering disciplines and seeks to provide a forum to explore and develop this relationship.

For more information, please see http://spw15.langsec.org/index.html.

USENIX-Security 2015 24th USENIX Security Symposium, Washington, D.C., USA, August 12-14, 2015. (Submission Due 16 February 2015) [posted here 11/17/14]
The USENIX Security Symposium brings together researchers, practitioners, system administrators, system programmers, and others interested in the latest advances in the security and privacy of computer systems and networks. All researchers are encouraged to submit papers covering novel and scientifically significant practical works in computer security. Refereed paper submissions are solicited in all areas relating to systems research in security and privacy, including but not limited to:
- Systems security
- Cryptographic implementation analysis and construction, applied cryptography
- Programming language security
- Web security
- Hardware security
- Network security
- Privacy-enhancing technologies, anonymity
- Human-computer interaction, security, and privacy
- Social issues and security
- Security analysis
- Security measurement studies

For more information, please see https://www.usenix.org/conference/usenixsecurity15.

RFIDSec 2015 11th Workshop on RFID Security, Co-located with ACM WiSec 2015, New York City, NY, USA, June 22-23, 2015. (Submission Due 17 February 2015) [posted here 11/17/14]
The RFIDSec workshop is the premier international venue on the latest technological advances in security and privacy in Radio Frequency Identification (RFID). The 11th edition of RFIDSec continues the effort to broaden the scope towards solutions for security and privacy in related constrained environments: Internet of Things, NFC devices, Wireless Tags, and more. Attendees from academia, industry and government can network with a broad range of international experts. The workshop will include both invited and contributed talks. We invite researchers to submit their latest results in Security and Privacy for RFID as well as for associated technologies. Topics of interest include:
- Implementations of cryptography and protocols with constrained resources in terms of energy, power, computation resources and memory footprint
- Lightweight cryptography and cryptographic protocols
- Efficient and secure processor architectures for constrained environments
- Tamper and reverse-engineering resistant designs for constrained platforms
- Side-channel and fault attacks as well as countermeasures
- Novel implementations of cryptography to support privacy and untraceability
- Cross-layer engineering of constrained secure implementations within secure systems
- Novel technologies and applications such as NFC, IC anti-counterfeiting, and Internet of Things
- Design issues related to scalability, large-scale deployment and management of secure tags

For more information, please see http://rfidsec2015.iaik.tugraz.at/.

MoST 2015 Mobile Security Technologies Workshop, an event of the IEEE Computer Society's Security and Privacy Workshops (SPW 2015), Held in conjunction with the 34th IEEE Symposium on Security and Privacy (IEEE SP 2015), The Fairmont Hotel, San Jose, CA, USA, May 21, 2015. (Submission Due 22 February 2015) [posted here 01/12/15]
Mobile Security Technologies (MoST) brings together researchers, practitioners, policy makers, and hardware and software developers of mobile systems to explore the latest understanding and advances in the security and privacy for mobile devices, applications, and systems. The scope of MoST 2015 includes, but is not limited to, security and privacy specifically for mobile devices and services related to:
- Device hardware
- Operating systems
- Middleware
- Mobile web
- Secure and efficient communication
- Secure application development tools and practices
- Privacy
- Vulnerabilities and remediation techniques
- Usable security
- Identity and access control
- Risks in putting trust in the device vs. in the network/cloud
- Special applications, such as medical monitoring and records
- Mobile advertisement
- Secure applications and application markets
- Economic impact of security and privacy technologies

For more information, please see http://ieee-security.org/TC/SPW2015/MoST/.

WEIS 2015 14th Annual Workshop on the Economic of Information Security, Delft University of Technology, The Netherlands, June 22-23, 2015. (Submission Due 27 February 2015) [posted here 01/05/15]
The Workshop on the Economics of Information Security (WEIS) is the leading forum for interdisciplinary scholarship on information security and privacy, combining expertise from the fields of economics, social science, business, law, policy, and computer science. Prior workshops have explored the role of incentives between attackers and defenders of information systems, identified market failures surrounding Internet security, quantified risks of personal data disclosure, and assessed investments in cyber-defense. WEIS 2015 will build on past efforts using empirical and analytic tools not only to understand threats, but also to strengthen security and privacy through novel evaluations of available solutions. We encourage economists, computer scientists, legal scholars, business school researchers, security and privacy specialists, as well as industry experts to submit their research and participate by attending the workshop. Suggested topics include (but are not limited to) empirical and theoretical studies of:
- Optimal investment in information security
- Models and analysis of online crime
- Risk management and cyber-insurance
- Security standards and regulation
- Cyber-security and privacy policy
- Cyber-defense strategy and game theory
- Security and privacy models and metrics
- Economics of privacy and anonymity
- Behavioral security and privacy
- Vulnerability discovery, disclosure, and patching
- Incentives for information sharing and cooperation
- Incentives regarding pervasive monitoring threats

For more information, please see http://weis2015.econinfosec.org/.

EDFC 2015 National Conference on Ethics and Digital Forensics, Arlington, VA, USA, May 13-15, 2015. (Extended Abstract Submission Due 28 February 2015) [posted here 12/01/14]
The National Science Foundation (NSF) and Alabama Cyber Research Consortium (ALCRC) are hosting the first interdisciplinary conference on professional ethics and digital forensics: Professional Ethics and Digital Forensics: An Interdisciplinary Conference. This conference will provide opportunities for both academics and practitioners to address a pressing issue in digital forensics: the lack of unifying ethical standards, procedures and guidelines for routine activities, such as digital forensic analysis, cybercrime case processing, and data mining/surveillance. This conference will also explore cyber ethics from the following interdisciplinary perspectives: Digital Forensic Investigations, Social and Behavioral Sciences, Jurisprudence, and Cyber Education and Awareness.

For more information, please see http://edfc.thecenter.uab.edu.

March 2015

SECRYPT 2015 12th International Conference on Security and Cryptography, Colmar, Alsace, France, July 20 - 22, 2015. (Submission Due 3 March 2015) [posted here 11/17/14]
SECRYPT is an annual international conference covering research in information and communication security. The conference seeks submissions from academia, industry, and government presenting novel research on all theoretical and practical aspects of data protection, privacy, security, and cryptography. Papers describing the application of security technology, the implementation of systems, and lessons learned are also encouraged. Papers describing new methods or technologies, advanced prototypes, systems, tools and techniques and general survey papers indicating future directions are also encouraged. Topics of interest include:
- Access Control
- Applied Cryptography
- Biometrics Security and Privacy
- Critical Infrastructure Protection
- Data Integrity
- Data Protection
- Database Security and Privacy
- Digital Forensics
- Digital Rights Management
- Ethical and Legal Implications of Security and Privacy
- Formal Methods for Security
- Human Factors and Human Behavior Recognition Techniques
- Identification, Authentication and Non-repudiation
- Identity Management
- Information Hiding
- Information Systems Auditing
- Insider Threats and Countermeasures
- Intellectual Property Protection
- Intrusion Detection & Prevention
- Management of Computing Security
- Network Security
- Organizational Security Policies
- Peer-to-Peer Security
- Personal Data Protection for Information Systems
- Privacy
- Privacy Enhancing Technologies
- Reliability and Dependability
- Risk Assessment
- Secure Software Development Methodologies
- Security and Privacy for Big Data
- Security and privacy in Complex Systems
- Security and Privacy in Crowdsourcing
- Security and Privacy in IT Outsourcing
- Security and Privacy in Location-based Services
- Security and Privacy in Mobile Systems
- Security and Privacy in Pervasive/Ubiquitous Computing
- Security and Privacy in Smart Grids
- Security and Privacy in Social Networks
- Security and Privacy in the Cloud
- Security and Privacy in Web Services
- Security and Privacy Policies
- Security Area Control
- Security Deployment
- Security Engineering
- Security in Distributed Systems
- Security Information Systems Architecture
- Security Management
- Security Metrics and Measurement
- Security Protocols
- Security requirements
- Security Verification and Validation
- Sensor and Mobile Ad Hoc Network Security
- Service and Systems Design and QoS Network Security
- Software Security
- Trust management and Reputation Systems
- Ubiquitous Computing Security
- Wireless Network Security

For more information, please see http://www.secrypt.icete.org.

SOUPS 2015 Symposium On Usable Privacy and Security, Ottawa, Canada, July 22-24, 2015. (Submission Due 6 March 2015) [posted here 12/01/14]
The 2015 Symposium on Usable Privacy and Security (SOUPS) will bring together an interdisciplinary group of researchers and practitioners in human computer interaction, security, and privacy. We invite authors to submit original papers describing research or experience in all areas of usable privacy and security. We welcome a variety of research methods, including both qualitative and quantitative approaches. Topics include, but are not limited to:
- innovative security or privacy functionality and design
- new applications of existing models or technology
- field studies of security or privacy technology
- usability evaluations of new or existing security or privacy features
- security testing of new or existing usability features
- longitudinal studies of deployed security or privacy features
- studies of administrators or developers and support for security and privacy
- the impact of organizational policy or procurement decisions, and
- lessons learned from the deployment and use of usable privacy and security features
- reports of replicating previously published studies and experiments
- reports of failed usable security studies or experiments, with the focus on the lessons learned from such experience

For more information, please see http://cups.cs.cmu.edu/soups/.

HAISA 2015 International Symposium on Human Aspects of Information Security & Assurance, Lesvos, Greece, July 1-3, 2015. (Submission Due 31 March 2015) [posted here 01/12/15]
It is commonly acknowledged that security requirements cannot be addressed by technical means alone, and that a significant aspect of protection comes down to the attitudes, awareness, behaviour and capabilities of the people involved. Indeed, people can potentially represent a key asset in achieving security, but at present, factors such as lack of awareness and understanding, combined with unreasonable demands from security technologies, can dramatically impede their ability to do so. Ensuring appropriate attention and support for the needs of users should therefore be seen as a vital element of a successful security strategy. People at all levels (i.e. from organisations to domestic environments; from system administrators to end-users) need to understand security concepts, how the issues may apply to them, and how to use the available technology to protect their systems. In addition, the technology itself can make a contribution by reducing the demands upon users, simplifying protection measures, and automating a variety of safeguards. With the above in mind, this symposium specifically addresses information security issues that relate to people. It concerns the methods that inform and guide users' understanding of security, and the technologies that can benefit and support them in achieving protection. The symposium welcomes papers addressing research and case studies in relation to any aspect of information security that pertains to the attitudes, perceptions and behaviour of people, and how human characteristics or technologies may be positively modified to improve the level of protection. Indicative themes include:
- Information security culture
- Awareness and education methods
- Enhancing risk perception
- Public understanding of security
- Usable security
- Psychological models of security software usage
- User acceptance of security policies and technologies
- User-friendly authentication methods
- Biometric technologies and impacts
- Automating security functionality
- Non-intrusive security
- Assisting security administration
- Impacts of standards, policies, compliance requirements
- Organizational governance for information assurance
- Simplifying risk and threat assessment
- Understanding motivations for misuse
- Social engineering and other human-related risks
- Privacy attitudes and practices
- Computer ethics and security

For more information, please see http://haisa.org/.

April 2015

ESORICS 2015 20th European Symposium on Research in Computer Security, Vienna, Austria, September 23-25, 2015. (Submission Due 4 April 2015) [posted here 01/12/15]
ESORICS is the annual European research event in Computer Security. The Symposium started in 1990 and has been held in several European countries, attracting a wide international audience from both the academic and industrial communities. Papers offering novel research contributions in computer security are solicited for submission to the Symposium. The primary focus is on original, high quality, unpublished research and implementation experiences. We encourage submissions of papers discussing industrial research and development. Topics of interest include, but are not limited to:
- access control
- accountability
- ad hoc networks
- anonymity
- applied cryptography
- authentication
- biometrics
- database security
- data protection
- digital content protection
- digital forensic
- distributed systems security
- electronic payments
- embedded systems security
- inference control
- information hiding
- identity management
- information flow control
- integrity
- intrusion detection
- formal security methods
- language-based security
- network security
- phishing and spam prevention
- privacy
- risk analysis and management
- secure electronic voting
- security architectures
- security economics
- security metrics
- security models
- security and privacy in cloud scenarios
- security and privacy in complex systems
- security and privacy in location services
- security and privacy for mobile code
- security and privacy in pervasive/ubiquitous computing
- security and privacy policies
- security and privacy in social networks
- security and privacy in web services
- security verification
- software security
- steganography
- systems security
- trust models and management
- trustworthy user devices
- web security
- wireless security

For more information, please see http://www.esorics2015.sba-research.org.

NSS 2015 9th International Conference on Network and System Security, New York City, NY, USA, November 3-5, 2015. (Submission Due 15 April 2015) [posted here 01/05/15]
NSS is an annual international conference covering research in network and system security. The conference seeks submissions from academia, industry, and government presenting novel research on all theoretical and practical aspects of network security, privacy, applications security, and system security. Papers describing case studies, implementation experiences, and lessons learned are also encouraged. Topics of interest include but are not limited to:
- Active Defense Systems
- Adaptive Defense Systems
- Applied Cryptography
- Analysis, Benchmark of Security Systems
- Authentication
- Biometric Security
- Complex Systems Security
- Database and System Security
- Data Protection
- Data/System Integrity
- Distributed Access Control
- Distributed Attack Systems
- Denial-of-Service
- High Performance Network Virtualization
- Hardware Security
- High Performance Security Systems
- Identity Management
- Intelligent Defense Systems
- Insider Threats
- Intellectual Property Rights Protection
- Internet and Network Forensics
- Intrusion Detection and Prevention
- Key Distribution and Management
- Large-scale Attacks and Defense
- Malware
- Network Resiliency
- Network Security
- RFID Security and Privacy
- Security Architectures
- Security for Critical Infrastructures
- Security in P2P systems
- Security in Cloud and Grid Systems
- Security in E-Commerce
- Security in Pervasive/Ubiquitous Computing
- Security and Privacy in Smart Grid
- Security and Privacy in Wireless Networks
- Security Policy
- Secure Mobile Agents and Mobile Code
- Security Theory and Tools
- Standards and Assurance Methods
- Trusted Computing
- Trust Management
- World Wide Web Security

For more information, please see http://anss.org.au/nss2015/index.htm.

CNS 2015 3rd IEEE Conference on Communications and Network Security, Florence, Italy, September 28-30, 2015. (Submission Due 24 April 2015) [posted here 01/19/15]
IEEE Conference on Communications and Network Security (CNS) is a new conference series in IEEE Communications Society (ComSoc) core conference portfolio and the only ComSoc conference focusing solely on cyber security. IEEE CNS is also a spin-off of IEEE INFOCOM, the premier ComSoc conference on networking. The goal of CNS is to provide an outstanding forum for cyber security researchers, practitioners, policy makers, and users to exchange ideas, techniques and tools, raise awareness, and share experience related to all practical and theoretical aspects of communications and network security. Building on the success of the past two years' conferences, IEEE CNS 2015 seeks original high-quality technical papers from academia, government, and industry. Topics of interest encompass all practical and theoretical aspects of communications and network security, all the way from the physical layer to the various network layers to the variety of applications reliant on a secure communication substrate. Submissions with main contribution in other areas, such as information security, software security, system security, or applied cryptography, will also be considered if a clear connection to secure communications/networking is demonstrated. Particular topics of interest include, but are not limited to:
- Anonymization and privacy in communication systems
- Biometric authentication and identity management
- Computer and network forensics
- Data and application security
- Data protection and integrity
- Availability of communications, survivability of networks in the presence of attacks
- Key management and PKI for networks
- Information-theoretic security
- Intrusion detection and prevention
- Location privacy
- Mobile security
- Outsourcing of network and data communication services
- Physical layer security methods, cross-layer methods for enhancing security
- Secure routing, network management
- Security for critical infrastructures
- Security metrics and performance evaluation
- Security and privacy for big data
- Security and privacy in body area networks
- Security and privacy in content delivery network
- Security and privacy in cloud computing and federated cloud
- Security and privacy in crowdsourcing
- Security and privacy in the Internet of Things
- Security and privacy in multihop wireless networks: ad hoc, mesh, sensor, vehicular and RFID networks
- Security and privacy in peer-to-peer networks and overlay networks
- Security and privacy in single-hop wireless networks: Wi-Fi, Wi-Max
- Security and privacy in smart grid, cognitive radio networks, and disruption/delay tolerant networks
- Security and privacy in social networks
- Security and privacy in pervasive and ubiquitous computing
- Social, economic and policy issues of trust, security and privacy
- Traffic analysis
- Usable security for networked computer systems
- Vulnerability, exploitation tools, malware, botnet, DDoS attacks
- Web, e-commerce, m-commerce, and e-mail security

For more information, please see http://cns2015.ieee-cns.org/.

Archival Journals Regularly Specializing in Security and Privacy

Journal of Privacy Technology (JOPT),   Editor-in-Chief:  Latanya Sweeney
This online-only Journal, started in 2004 and  operated by Carnegie Mellon University, is a forum for the publication of original current research in privacy technology. It encourages the submission of any material dealing primarily with the technological aspects of privacy or with the privacy aspects of technology, which may include analysis of the interaction between policy and technology or the technological implications of legal decisions.  More information can be found at http://www.jopt.org/.

IEEE Security and Privacy Magazine,   Editor-in-Chief: Shari Lawrence Pfleeger
IEEE Security & Privacy provides a unique combination of research articles, case studies, tutorials, and regular departments covering diverse aspects of information assurance such as legal and ethical issues, privacy concerns, tools to help secure information, analysis of vulnerabilities and attacks, trends and new developments, pedagogical and curricular issues in educating the next generation of security professionals, secure operating systems and applications, security issues in wireless networks, design and test strategies for secure and survivable systems, and cryptology.  More information can be found at http://www.computer.org/portal/web/computingnow/securityandprivacy.

ACM Transactions on Information and System Security,   Editor-in-Chief: Gene Tsudik
ACM invites submissions for its Transactions on Information and System Security, inaugurated in November 1998. TISSEC publishes original archival-quality research papers and technical notes in all areas of information and system security including technologies, systems, applications, and policies. Papers should have practical relevance to the construction, evaluation, application, or operation of secure systems. Theoretical papers will be accepted only if there is convincing argument for the practical significance of the results. Theory must be justified by convincing examples illustrating its application. More information is given on the journal web page at http://www.acm.org/tissec.

IEEE Transactions on Dependable and Secure Computing,   Editor-in-Chief: Ravi Sandhu
The IEEE Transactions on Dependable and Secure Computing publishes archival research results related to research into foundations, methodologies, and mechanisms that support the achievement—through design, modeling, and evaluation—of systems and networks that are dependable and secure to the desired degree without compromising performance. The focus will also include measurement, modeling, and simulation techniques, and foundations for jointly evaluating, verifying, and designing for performance, security, and dependability constraints. More information is given on the journal web page at http://www.computer.org/portal/web/tdsc.

The Springer Series on ADVANCES IN INFORMATION SECURITY
The purpose of the Advances in Information Security book series is to establish the state of the art and set the course for future research in information security. The scope of this series includes not only all aspects of computer, network security, and cryptography, but related areas, such as fault tolerance and software assurance. The series serves as a central source of reference for information security research and developments. The series aims to publish thorough and cohesive overviews on specific topics in Information Security, as well as works that are larger in scope than survey articles and that will contain more detailed background information. The series also provides a single point of coverage of advanced and timely topics and a forum for topics that may not have reached a level of maturity to warrant a comprehensive textbook. Prospective Authors or Editors: If you have an idea for a book that would fit in this series, we would welcome the opportunity to review your proposal. Should you wish to discuss any potential project further or receive specific information regarding book proposal requirements, please contact Professor Sushil Jajodia (jajodia@gmu.edu,703-993-1653).
 
Journal of Computer Security,   Editor-in-Chief: John Mitchell and Pierangela Samarati
JCS is an archival research journal for significant advances in computer security. Subject areas include architecture, operating systems, database systems, networks, authentication, distributed systems, formal models, verification, algorithms, mechanisms, and policies. All papers must be submitted online at http://www.iospress.nl/journal/journal-of-computer-security/. More information is given on the journal web page at http://jcs.stanford.edu/.
 
Computers & Security,   Editor-in-Chief: Eugene H. Spafford
Computers & Security aims to satisfy the needs of managers and experts involved in computer security by providing a blend of research developments, innovations, and practical management advice. Original submissions on all computer security topics are invited, particularly those of practical benefit to the practitioner. All papers must be submitted online at http://ees.elsevier.com/cose/. More information can be found at http://www.elsevier.com/locate/issn/01674048.
 
International Journal of Information Security,   Editors-in-Chief: D. Gollmann; J. Lopez; E. Okamoto
The International Journal of Information Security, IJIS, aims to provide prompt publication of important technical work in information security, attracting any person interested in communications, commerce, banking, medicine, or other areas of endeavor affected by information security. Any research submission on theory, applications, and implementations of information security is welcomed. This includes, but is not limited to, system security, network security, content protection, applications and foundations of information security. More information is given on the journal web page at http://www.springer.com/computer/security+and+cryptology/journal/10207.
 
International Journal of Network Security,   Editors-in-Chief: Min-Shiang Hwang
International Journal of Network Security is an international official journal of Science Publications, publishing original articles, reviews and short communications of a high scientific and technology in network security. Subjects covered include: access control, computer security, cryptography, communications security, data security, database security, electronic commerce security, information security, multimedia security, and network security. Authors are strongly encouraged to submit their papers electronically by using online manuscript submission at http://ijns.nchu.edu.tw/, or submit their Word, ps or pdf file to the editor-in-chief (via Email: mshwang@isrc.nchu.edu.tw): Min-Shiang Hwang, at the Department of Management Information Systems, National Chung Hsing University, Taiwan, R.O.C.  More information can be found at http://ijns.femto.com.tw/.
 
International Journal of Security and Networks,   Editors-in-Chief: Yang Xiao
International Journal of Security and Networks is an archival research journal for significant advances in network security. Subject areas include attack models, security mechanisms, security services, authentication, authorization, access control, multicast security, data confidentiality, data integrity, non-repudiation, forensics, privacy protection, secure protocols, formal analyses, intrusion detection, key management, trust establishment, revocation of malicious parties, security policies, fraudulent usage, dependability and reliability, prevention of traffic analysis, network security performance evaluation, tradeoff analysis between performance and security, security standards, etc. All papers must be submitted online at http://www.inderscience.com/ijsn/. More information is given on the journal web page at http://www.inderscience.com/ijsn/.
 
International Journal of Critical Infrastructure Protection,   Editors-in-Chief: Sujeet Shenoi
International Journal of Critical Infrastructure Protection's primary aim is to publish high quality scientific and policy papers in all areas of critical infrastructure protection. Of particular interest are articles that weave science, technology and policy to craft sophisticated yet practical solutions that will secure information, computer and network assets in the various critical infrastructure sectors. All papers must be submitted online at http://www.elsevier.com/locate/ijcip. More information is given on the journal web page at http://www.elsevier.com/locate/ijcip.
 
IEEE Transactions on Information Forensics and Security,   Editors-in-Chief: C.-C. Jay Kuo
IEEE Transactions on Information Forensics and Security aims to provide a unified locus for archival research on the fundamental contributions and the mathematics behind information forensics, information security, surveillance, and systems applications that incorporate these features. Authors are strongly encouraged to submit their papers electronically to the online manuscript system, Manuscript Central, via sps-ieee.manuscriptcentral.com.  More information can be found at http://www.ieee.org/organizations/society/sp/tifs.html.
 
EURASIP Journal on Information Security,   Editors-in-Chief: Stefan Katzenbeisser
EURASIP Journal on Information Security aims to bring together researchers and practitioners dealing with the general field of information security, with a particular emphasis on the use of signal processing tools in adversarial environments. As such, it addresses all works whereby security is achieved through a combination of techniques from cryptography, computer security, machine learning and multimedia signal processing. Application domains lie, for example, in secure storage, retrieval and tracking of multimedia data, secure outsourcing of computations, forgery detection of multimedia data, or secure use of biometrics. The journal also welcomes survey papers that give the reader a gentle introduction to one of the topics covered as well as papers that report large-scale experimental evaluations of existing techniques. Pure cryptographic papers are outside the scope of the journal. The journal also welcomes proposals for Special Issues. All papers must be submitted online at http://jis.eurasipjournals.com/manuscript.  More information can be found at http://jis.eurasipjournals.com.