Cipher
Calls for Papers



IEEE Computer Society's Technical Committee on Security and Privacy


 

Last Modified:6/29/09

Note: Please send new calls to cipher-cfp@ieee-security.org and take a moment to read the submission guidelines. And please see the Cipher Calendar for events sorted in date order. For all other questions, please contact cipher-cfp@ieee-security.org by email.

Contents

 

Special Issues of Journals and Handbooks

IEICE Transactions on Information and Systems, Special Section on Trust, Security and Privacy for Pervasive Applications, March 2010. (Submission Due 1 July 2009) [posted here 6/15/09]

Guest editor: Guojun Wang (Central South University, China), Laurence T. Yang (St. Francis Xavier University, Canada), and Kouichi Sakurai (Kyushu University, Japan)

The objective of this special section is to publish recent progress focusing on the trust, security, privacy, and related issues such as technical, social and cultural implications for pervasive devices, services, networks, applications and systems. Topics of interest include (but are not limited to):
- Trust, Security and Privacy (TSP) metrics and architectures for pervasive computing
- Trust and Risk management in pervasive environment
- Security and privacy protection in pervasive environment
- Security and privacy in mobile and wireless communications for databases
- Safety and user experiences in pervasive environment
- TSP-aware social and cultural implications in pervasive environment
- Cryptographic devices for pervasive computing
- Biometric authentication for pervasive devices
- Security for embedded software and systems
- TSP-aware middleware design for pervasive services
- TSP-aware case studies on pervasive applications/systems
- Cryptographic technologies, including Key management and authentication, in pervasive applications/systems
- Access control, anonymity, reliability and fault tolerance in pervasive applications/systems
- Audit and accountability in pervasive applications/systems
- Miscellaneous issues in pervasive devices, services, applications, and systems

For more information, please see http://www.ieice.org/eng/s_issue/cfp/2010_3ED.pdf.

IEEE Design and Test of Computers, Special Issue on Verifying Physical Trustworthiness of Integrated Circuits and Systems, January/February 2010. (Submission Due 1 August 2009) [posted here 6/8/09]

Guest editor: Mohammad Tehranipoor (University of Connecticut, USA) and Farinaz Koushanfar (Rice University, USA)

The emergence of a globalized, horizontal semiconductor business model raises a set of concerns involving the security and trust of the information systems on which modern society is increasingly reliant for mission-critical functionality. Hardware security and trust issues span a broad range including threats related to the malicious insertion of Trojan circuits designed, e.g., to act as a silicon time bomb to disable a chip, to intellectual property (IP) and integrated circuit (IC) piracy, to untrusted 3rd party IPs, to attacks designed to extract encryption keys and IP from a chip, and to malicious system disruption and diversion. Trojans can be inserted into a circuit or system developed by 3rd party IP vendor, system integrator, or foundry. Topics of interest include (but are not limited to):
- Trojan detection and isolation
- Authenticating foundry of origin
- Watermarking
- IC Metering
- FPGA design security
- Physical unclonable functions (PUFs)
- Hardware intrusion detection and prevention
- Scan-chain encryption

For more information, please see http://www.engr.uconn.edu/~tehrani/CFP-D&T-SI.pdf.

Information Systems Frontiers, Special Issue on Security Management and Technologies for Protecting Against Internal Data Leakages, Spring or Summer 2010. (Submission Due 14 August 2009) [posted here 2/2/09]

Guest editor: David Chadwick (University of Kent, UK), Hang Bae Chang (Daejin University, South Korea), Ilsun You (Korean Bible University, South Korea), and Seong-Moo Yoo (University of Alabama in Huntsville, USA)

During the past decades, information security developments have been mainly concerned with preventing illegal attacks by outsiders, such as hacking, virus propagation, and spyware. However, according to a recent Gartner Research Report, information leakage caused by insiders who are legally authorized to have access to some corporate information is increasing dramatically. These leakages can cause significant damages such as weakening the competitiveness of companies (and even countries). Information leakage caused by insiders occurs less frequently than information leakage caused by outsiders, but the financial damage is much greater. Countermeasures in terms of physical, managerial, and technical aspects are necessary to construct an integral security management system to protect companies' major information assets from unauthorized internal attackers. The objective of this special issue is to showcases the most recent challenges and advances in security technologies and management systems to prevent leakage of organizations' information caused by insiders. It may also include state-of-the-art surveys and case analyses of practical significance. We expect that the special issue will be a trigger for further research and technology improvements related to this important subject. Topics(include but are not limited to):
- Theoretical foundations and algorithms for addressing insider threats
- Insider threat assessment and modeling
- Security technologies to prevent, detect and avoid insider threats
- Validating the trustworthiness of staff
- Post-insider threat incident analysis
- Data breach modeling and mitigation techniques
- Registration, authentication and identification
- Certification and authorization
- Database security
- Device control system
- Digital forensic system
- -Digital right management system
- Fraud detection
- Network access control system
- Intrusion detection
- Keyboard information security
- Information security governance
- Information security management systems
- Risk assessment and management
- Log collection and analysis
- Trust management
- IT compliance (audit) and continuous auditing

For more information, please see http://www.som.buffalo.edu/isinterface/ISFrontiers/forthcoming1/InfoSec09-SI-CFP.pdf.

International Journal of Communication Networks and Information Security, Special Issue on Composite and Integrated Security Solutions for Wireless Sensor Networks, Spring 2010. (Submission Due 1 September 2009) [posted here 5/25/09]

Guest editor: Riaz Ahmed Shaikh (Kyung Hee University, Korea), Al-Sakib Khan Pathan (Kyung Hee University, Korea), Jaime Lloret (Polytechnic University of Valencia, Spain)

This special issue is devoted to composite and integrated security solutions for Wireless Sensor Networks (WSNs). In WSNs, researchers have so far focused on the individual aspects (cryptography, privacy or trust) of security that are capable of providing protection against specific types of attacks. However, efforts on achieving completeness via a composite and integrated solution are lacking. That is ultimately necessary to attain because of its wide applicability in various sensitive applications, such as health-care, military, habitat monitoring, etc. The objective of this special issue is to gather recent advances in the area of composite and integrated security solutions of wireless sensor networks. This special issue covers topics that include, but are not limited to:
- Adaptive and Intelligent Defense Systems
- Authentication and Access control
- Data security and privacy
- Denial of service attacks and countermeasures
- Identity, Route and Location Anonymity schemes
- Intrusion detection and prevention techniques
- Cryptography, encryption algorithms and Key management schemes
- Secure routing schemes
- Secure neighbor discovery and localization
- Trust establishment and maintenance
- Confidentiality and data integrity
- Security architectures, deployments and solutions

For more information, please see http://ijcnis.kust.edu.pk/announcement.

Journal of System Architecture, Special Issue on Security and Dependability Assurance of Software Architectures, Spring 2010. (Submission Due 1 September 2009) [posted here 6/8/09]

Guest editor: Ernesto Damiani (Università degli Studi di Milano, Italy), Sigrid Gürgens (Fraunhofer Institute for Secure Information Technology, Germany), Antonio Maña (Universidad de Málaga, Spain), George Spanoudakis (City University, London, UK), and Claudio A. Ardagna (Università degli Studi di Milano, Italy)

The JSA special issue will focus in particular on context, methodologies, techniques, and tools for V&V of software architectures, with particular focus on supporting assurance and compliance, as well as security and dependability certification, for evolving and long-lived systems. Authors are invited to submit papers on a variety of topics, including but not limited to:
- foundations and new perspectives of V&V mechanisms and security certifications
- solutions, tools, frameworks for S&D assurance and certification
- new and/or existing certification processes and tools suitable for challenging contexts (e.g., telecommunications, mobile, real time, process control, and embedded systems), and/or experience with them
- new and/or existing modelling techniques which are particularly suited to evolving systems, and/or experience with them
- tools and case studies that integrate techniques from different areas, such as V&V mechanisms, including static verification, dynamic verification, testing, product and process certification, empirical software engineering, modeling of evolving and distributed systems

For more information, please see http://ees.elsevier.com/jsa/.

IEEE Security & Privacy, Special Issue on Privacy-Preserving Sharing of Sensitive Information, July/August 2010. (Submission Due 15 November 2009) [posted here 6/29/09]

Guest editor: Sal Stolfo (Columbia University, USA) and Gene Tsudik (UC Irvine, USA)

Privacy-Preserving Sharing of Sensitive Information (PPSSI) is motivated by the increasing need for organizations or people who don't fully trust each other to share sensitive information. Many types of organizations must often collect, analyze, and disseminate data rapidly and accurately without exposing sensitive information to wrong or untrusted parties. For example, census-takers collect private data with the understanding that it won't be released in a form traceable to the individual who provided it. Companies might be willing to divulge sensitive financial data to organizations that release only aggregate data for an industry sector. A hospital might share patient information with a state health agency but only to allow the latter to determine the number (and not the identities) of uninsured patients. While statistical methods for protecting data have been in use for decades, they're not foolproof and they generally involve a trusted third party to produce privacy-preserving statistical digests. More recently, techniques employing secure multi-party function evaluation, encrypted keywords, and private information retrieval have been studied and, in a few cases, deployed, However there are no practical tools and technologies to guarantee data privacy, especially, whenever organizations have certain common goals and require exchanges of data. To this end, the objective of PPSSI technology is to enable multiple entities to cooperate and share information without exposing more than what is necessary to complete a common task. Potential submission topics include (but are not limited to) the following:
- PPSSI requirements and policy enforcement; prospective policies governing PPSSI, including formal models and policy languages as well as trust models.
- Data “cleaning” and obfuscation techniques.
- Cryptographic protocols; innovative constructs, their performance and implementation issues, for example, private information retrieval, searching over encrypted data and private set operations.
- Data management; storage and data management issues arising in PPSSI settings.
- Secure hardware; architectures and technologies in support of PPSSI

For more information, please see https://mc.manuscriptcentral.com/cs-ieee.


Conference and Workshop Call-for-papers

June 2009

STM 2009 5th International Workshop on Security and Trust Management, Held in conjunction with ESORICS 2009, Saint Malo, France, September 24-25, 2009. (Submissions due 30 June 2009) [posted here 5/4/09]
STM (Security and Trust Management) is a established working group of ERCIM (European Research Consortium in Informatics and Mathematics). Topics of interest include, but are not limited to:
- access control
- cryptography
- data protection
- digital right management
- economics of security and privacy
- key management
- ICT for securing digital as well as physical assets
- identity management
- networked systems security
- privacy and anonymity
- reputation systems and architectures
- security and trust management architectures
- semantics and computational models for security and trust
- trust assessment and negotiation
- trust in mobile code
- trust in pervasive environments
- trust models
- trust management policies
- trusted platforms and trustworthy systems
- trustworthy user devices

For more information, please see http://stm09.dti.unimi.it.

CryptoWorkshop-QuantumComm 2009 Workshop on Quantum and Classical Information Security, Held in conjunction with the International Conference on Quantum Communication and Quantum Networking (QuantumComm 2009), Vico Equense, Sorrento peninsula, Naples, Italy, October 26, 2009 . (Submissions due 30 June 2009) [posted here 6/15/09]
The research communities of quantum information security and of classical information security tend to be composed of people that do not share the same scientific backgrounds and work in parallel, with different perspectives, on topics that are on the opposite highly similar. The variety of these topics: secret key agreement, public-key and secret-key encryption schemes, secure multi-party computation, information-theoretic cryptographic schemes, complexity reductions and provable security, composability of cryptographic primitives, cryptanalysis, cryptographic side-channels, security evaluation and certification of cryptographic implementations, network security, deployment and management of security infrastructures, etc..., has become extremely large as quantum cryptography has progressively widened it scope. However, some exagerate claims of "unconditionnal quantum supporters", not well informed about cryptography, has lead to misunderstandings and in particular to the false belief that quantum cryptography could replace classical cryptography, while in fact the scientific results indicate that cryptography in a quantum world would still be largely classical. The purpose of this workshop is to bring together researchers with different backgrounds who however work on converging problems in classical or quantum information security in order to foster discussions and exchanges among these communities. We believe that promising advances both in fundamental cryptographic research and in practical network security can result from a closer cooperation of classical and quantum information security communities.

For more information, please see http://www.quantumcomm.org/workshop.shtml.

July 2009

SEWCN 2009 1st ICST International Workshop on Security in Emerging Wireless Communication and Networking Systems, Held in conjunction with SecureComm 2009, Athens, Greece, September 14, 2009. (Submissions due 1 July 2009) [posted here 6/29/09]
Innovative wireless communication and networking systems have been proposed and studied in recent years, including cognitive radio networks, multi-channel multi-radio networks, cyber-physical systems, vehicle ad hoc networks, and others. The goal of this workshop is to develop and employ secure architectures and protocols to enhance these emerging wireless systems. As these wireless systems have new features and serve new applications, they are raising new security concerns that existing security technologies may not be sufficient to tackle. Hence, these wireless systems require re-examination of current security techniques and creation of new security schemes. The design of these wireless systems also needs security as an integral part to prevent misuse of them and assure their functionality. This workshop particularly invites new ideas on security in the context of these emerging wireless communication and networking systems, including identifying new threats and new primitives for supporting secure system design. Topics on security in emerging wireless systems include, but are not limited to the following:
- Vulnerabilities and threats
- Cross-layer design for security
- Security of cognitive radio
- Security of channel management
- Resilient control over network
- Secure neighbor and location discovery
- Key management
- Intrusion detection and response
- User and data privacy
- Anti-jamming communication
- Denial of service

For more information, please see http://sewcn.org.

CCSW 2009 ACM Cloud Computing Security Workshop, Held in conjunction with the 16th ACM Conference on Computer and Communications Security (CCS 2009), Chicago, IL, USA, November 13, 2009. (Submissions due 3 July 2009) [posted here 4/27/09]
Notwithstanding the latest buzzword (grid, cloud, utility computing, SaaS, etc.), large-scale computing and cloud-like infrastructures are here to stay. How exactly they will look like tomorrow is still for the markets to decide, yet one thing is certain: clouds bring with them new untested deployment and associated adversarial models and vulnerabilities. It is essential that our community becomes involved at this early stage. The CCSW workshop aims to bring together researchers and practitioners in all security aspects of cloud-centric and outsourced computing, including:
- secure cloud resource virtualization mechanisms
- secure data management outsourcing
- practical privacy and integrity mechanisms for outsourcing
- foundations of cloud-centric threat models
- secure computation outsourcing
- remote attestation mechanisms in clouds
- sandboxing and VM-based enforcements
- trust and policy management in clouds
- secure identity management mechanisms
- new cloud-aware web service security paradigms and mechanisms
- cloud-centric regulatory compliance issues and mechanisms
- business and security risk models and clouds
- cost and usability models and their interaction with security in clouds
- scalability of security in global-size clouds
- trusted computing technology and clouds
- binary analysis of software for remote attestation and cloud protection
- network security (DOS, IDS etc.) mechanisms for cloud contexts
- security for emerging cloud programming models
- energy/cost/efficiency of security in clouds

For more information, please see http://crypto.cs.stonybrook.edu/ccsw09.

SafeConfig 2009 Workshop on Assurable & Usable Security Configuration, Collocated with the ACM CCS 2009, Chicago, USA, November 9, 2009. (Submissions due 6 July 2009) [posted here 6/29/09]
A typical enterprise network might have hundreds of security devices such as firewalls, IPSec gateways, IDS/IPS, authentication servers, authorization/RBAC servers and crypto systems. These must be logically integrated into a security architecture satisfying security goals at and across multiple networks. Logical integration is accomplished by consistently setting thousands of configuration variables and rules on the devices. The configuration must be constantly adapted to optimize protection and block prospective attacks. The configuration must be tuned to balance security with usability. These challenges are compounded by the deployment of mobile devices and ad hoc networks. The resulting security configuration complexity places a heavy burden on both regular users and experienced administrators and dramatically reduces overall network assurability and usability. For example, a December 2008 report from Center for Strategic and International Studies ?Securing Cyberspace for the 44th Presidency? states that ?inappropriate or incorrect security configurations ? were responsible for 80% of Air Force vulnerabilities? and a May 2008 report from Juniper Networks ?What is Behind Network Downtime?? states that ?human factors ? [are] responsible for 50 to 80 percent of network device outages?. This workshop will bring together academic as well as industry researchers to exchange experiences, discuss challenges and propose solutions for offering assurable and usable security. This workshop will consist of presentations and panel discussions on the following topics:
- Integrating network and host configuration
- Automated forensics and mitigation
- Usability issues in security management
- Metrics for measuring assurability and usability: Usable security often involves trade offs between security or privacy and usability/utility
- Abstract models and languages for configuration specification
- Configuration refinement and enforcement
- Configuration of MANETS and coalition networks
- Formal semantics of security policies
- Configuration testing, debugging and evaluation
- Reasoning about uncertainly in configuration management
- Representation of belief, trust, and risk in security policies
- Configuration/misconfiguration visualization
- Configuration reasoning and conflict analysis
- Risk adaptive configuration systems
- Context-aware security configuration for pervasive and mobile computing
- Configuration accountability
- Automated signature and patch management
- Automated alarm management
- Protecting the privacy and integrity of security configuration
- Optimizing security, flexibility and performance
- Measurable metric of flexibility and usability
- Design for flexibility and manageability ? clean slate approach
- Configuration management vs. least-privilege

For more information, please see http://www.arc.cs.depaul.edu/~ehab/ccs/safeconfig09/.

ACSA 2009 2009 FTRG International Workshop on Advances in Cryptography, Security and Applications for Future Computing, Jeju, Korea, December 11-12, 2009. (Submissions due 15 July 2009) [posted here 6/29/09]
ACSA-09 focuses on advances in Cryptography, Security and Applications for Future Computing. It is intended to foster state-of-the-art research in the area of cryptography, security and its applications for Future Computer Science (FCS). The FCS represents an interdisciplinary field with roots in mathematics and engineering with applications in future computing environments including ubiquitous, pervasive, grid, and P2P computing. It aims to solve the various problems of advanced computing and communication services using mathematics and computer science in future computing environments. The reliable security solutions that rely on in depth cryptography are required as a countermeasure, such as data confidentiality, data integrity, authentication, non-repudiation, and access control services. Original contributions, not currently under review to another journal or conference, are solicited in relevant areas including, but not limited to, the following:
- Mathematical and Algorithmic Foundations of Applied Cryptography for FCS
- Authentication and Non-repudiation for FCS
- Design and Analysis of Cryptographic Algorithms and Protocols for FCS
- Pairing Based Cryptography for FCS
- Provable Security for Cryptographic Primitives Suitable for FCS
- Information Security with Mathematical Emphasis for FCS
- Identity and Trust Management for FCS
- Database and System Security for FCS
- Intrusion Detection, Tolerance and Prevention for FCS
- Access control and DRM for FCS
- Information assurance for FCS
- New Security Issues for FCS

For more information, please see http://www.ftrg.org/acsa2009/.

ICISS 2009 5th International Conference on Information Systems Security, Kolkata, India, December 14-18, 2009. (Submissions due 15 July 2009) [posted here 4/27/09]
The conference series ICISS (International Conference on Information Systems Security), held annually, provides a forum for disseminating the latest research results in information and systems security. The ICISS 2009 encourages submissions addressing theoretical and practical problems in information and systems security and related areas. We especially like to encourage papers in domains that have not been represented much in the past at the conference, such as database security/privacy, usability aspects of security, operating systems security, and sensor networks security. Papers that introduce and address unique security challenges or present thought-provoking ideas are also welcome.

For more information, please see http://www.eecs.umich.edu/iciss09/.

F2GC 2009 2nd International Workshop on Forensics for Future Generation Communication environments, Jeju, Korea, December 10-12, 2009. (Submissions due 17 July 2009) [posted here 6/29/09]
Future Generation Communication environments (FGC) are advanced communication and networking environments where all applications and services are focused on users. In addition, the FGC has emerged rapidly an exciting new paradigm to provide reliable and comfortable life services. Furthermore, the benefits of FGC will only be realized if security issues can be appropriately addressed. Specially, forensics for FGC is very important in the security fields. This workshop is intended to foster state-of-the-art research forensics in the area of FGC including information and communication technologies, law, social sciences and business administration. Topics of interest include but are not limited to following:
- Digital forensics tools in FGC
- Digital Evidence Management in FGC
- Digital Evidence Analytics in FGC
- Digital Forensics Surveillance Technology and Procedures in FGC
- Digital evidence visualisation and communication for FGC
- Digital evidence storage and preservation in FGC
- Incident response and investigation in FGC
- Forensic procedures in FGC
- Portable electronic device forensics for FGC
- Network forensics in FGC
- Data hiding and recovery in FGC
- Network traffic analysis, traceback and attribution in FGC
- Legal, ethical and policy issues related to digital forensics in FGC
- Integrity of digital evidence and live investigations
- Multimedia analysis in FGC
- Trends and Challenges for FGC
- Evidence Protection in FGC
- Forensics case studies in FGC

For more information, please see http://www.ftrg.org/F2GC2009/.

MPIS 2009 2nd International Workshop on Multimedia, Information Privacy and Intelligent Computing Systems, Jeju, Korea, December 10-12, 2009. (Submissions due 20 July 2009) [posted here 6/29/09]
This workshop on Multimedia, Information Privacy and Intelligent Computing Systems is intended to foster the dissemination of state-of-the-art research in the area of multimedia and intelligent computing including multimedia signal processing, information security, soft computing such as neural network, fuzzy theory and genetic algorithm, and novel applications of intelligent computing in multimedia. As a follow-up to the workshop, we plan to publish high quality papers, covering the various theories and practical applications related to multimedia and intelligent computing. We invite new and original submissions addressing theoretical and practical topics in information technology and intelligent computing fields.

For more information, please see http://www.ftrg.org/MPIS2009/.

ReConFig 2009 International Conference on ReConFigurable Computing and FPGAs, Special Track on Reconfigurable Computing for Security and Cryptography, Cancun, Mexico, December 9-11, 2009. (Submissions due 31 July 2009) [posted here 6/8/09]
Reconfigurable hardware offers unique opportunities for the design and implementation of secure applications in embedded and high-end computing platforms. High performance, carefully-controlled execution, and physical isolation are just a few of the advantages that hardware brings over software. At the same time, new challenges appear, such as the protection of intellectual property in a reconfigurable fabric, and the protection of soft-hardware against malicious tampering. This special track seeks the latest innovations in reconfigurable computing for security and cryptography. Topics of interest include the following:
- Hardware Implementation of Novel Cryptographic Algorithms and Protocols
- Reconfigurable Cryptographic Primitives
- Special-Purpose Hardware for Cryptanalysis
- Hardware Support for Trustworthy Software Execution
- True and Pseudo Random Generators
- Circuit Identification and Physical Unclonable Functions
- Efficient Methods for Protection of Hardware IPs
- FPGA Design Security
- Fault Attacks and Side-channel Attacks
- Hardware Tamper Resistance and Tamper Evidence
- Hardware Trojan Detection and Resistance
- Design Flows for Hardware-based Secure Systems
- Performance Evaluation of Secure Reconfigurable Hardware

For more information, please see http://www.reconfig.org.

August 2009

MidSec 2009 2nd Workshop on Middleware Security, Held in conjunction with the 10th ACM/IFIP/USENIX International Middleware Conference (MIDDLEWARE 2009), Urbana Champaign, Illinois, USA, November 30, 2009. (Submissions due 1 August 2009) [posted here 6/15/09]
Modern applications are predominantly built around the distributed programming paradigm. Client-server applications, grids, peer-to-peer networks and event-based systems are examples of architectures that are used by a large share of the present software base. These paradigms expose applications to numerous, ever-growing security threats. However, many areas of security are still only partially addressed w.r.t. middleware. Examples are identity management, privacy and anonymity, accountability, application protection, and so on. While more conventional research results in the above-mentioned areas of middleware security are appreciated, this year the MidSec workshop will particularly welcome papers in the area of security measures for lightweight composition. Papers are sought after from two complementary angles: middleware platforms and software architectures. Mashup editors provide an easy-to-use facility that brings the power of software composition at the fingertips of any Internet-connected user. The mashup model is catching the enterprise world as well; it all started with situational applications and it is currently spreading further. Ready or not, here it comes. We are about to face times where application composition will be less and less rigid and hence will more and more resemble organized chaos. Enforcing sound security principles in such a muddled environment is an interesting research challenge for both the middleware and the software architecture communities. On one hand, software architectures modeling techniques must provide suitable abstractions to represent and address the above (and many other) security concerns. On the other hand, middleware platforms should support such abstractions in a natural, usable way. The topics of interest for papers include, but are not limited to:
- Middleware security and privacy
- Security and privacy in agent-based platforms
- Context-sensitive security middleware
- Security and privacy in aspect-based middleware
- Security and privacy in service-oriented architectures
- Middleware-level security monitoring and measurement
- Middleware-driven lightweight secure composition
- Architecture-driven lightweight secure composition
- Security and privacy in enterprise mashups
- Usability and security in lightweight composition

For more information, please see http://www.cs.kuleuven.be/conference/MidSec2009/.

IFIP-DF 2010 6th Annual IFIP WG 11.9 International Conference on Digital Forensics, University of Hong Kong, Hong Kong, January 3-6, 2010. (Submissions due 15 August 2009) [posted here 2/2/09]
The IFIP Working Group 11.9 on Digital Forensics (www.ifip119.org) is an active international community of scientists, engineers and practitioners dedicated to advancing the state of the art of research and practice in the emerging field of digital forensics. The Sixth Annual IFIP WG 11.9 International Conference on Digital Forensics will provide a forum for presenting original, unpublished research results and innovative ideas related to the extraction, analysis and preservation of all forms of electronic evidence. Technical papers are solicited in all areas related to the theory and practice of digital forensics. Areas of special interest include, but are not limited to:
- Theories, techniques and tools for extracting, analyzing and preserving digital evidence
- Network forensics
- Portable electronic device forensics
- Digital forensic processes and workflow models
- Digital forensic case studies
- Legal, ethical and policy issues related to digital forensics

For more information, please see http://www.ifip119.org/Conferences/WG11-9-CFP-2010.pdf.

UbiSafe 2009 2nd IEEE International Symposium on Ubisafe Computing, Chengdu, China, December 12-14, 2009. (Submissions due 15 August 2009) [posted here 2/2/09]
The UbiSafe-09 Symposium provides a forum for engineers and scientists in academia, industry, and government to address all safety related profound challenges including technical, social, legal and ethical issues, and to present and discuss their ideas, theories, technologies, systems, tools, applications, work in progress and experience on all aspects of UbiSafe computing. UbiSafe emphasizes the SAFE aspects for ubiquitous, pervasive, AmI, mobile, universal, embedded, wearable, augmented, invisible, hidden, context-aware, sentient, proactive, autonomic, or whatever it is called, computing. UbiSafe computing is focused on theories and technologies for ubiquitous artifacts to function safely for different purposes; for ubiquitous systems to work safely in various situations; and for ubiquitous environments to behave safely with all people. A series of challenges exist to let people benefit from ubiquitous services, and simultaneously guarantee their safety in making ubiquitous safe artifacts, systems, and environments.

For more information, please see http://cs.okstate.edu/ubisafe09/.

INTRUST 2009 The International Conference on Trusted Systems, Beijing, P. R. China, December 17-19, 2009. (Submissions due 17 August 2009) [posted here 4/27/09]
INTRUST 2009 is the first International Conference on the theory, technologies and applications of trusted systems. It is devoted to all aspects of trusted computing systems, including trusted modules, platforms, networks, services and applications, from their fundamental features and functionalities to design principles, architecture and implementation technologies. The goal of the conference is to bring academic and industrial researchers, designers, and implementers together with end-users of trusted systems, in order to foster the exchange of ideas in this challenging and fruitful area. INTRUST 2009 solicits original papers on any aspect of the theory, advanced development and applications of trusted computing, trustworthy systems and general trust issues in modern computing systems. The conference will have an academic track and an industrial track. This call for papers is for contributions to both of the tracks. Submissions to the academic track should emphasize theoretical and practical research contributions to general trusted system technologies, while submissions to the industrial track may focus on experiences on the implementation and deployment of real-world systems. Topics of relevance include but are not limited to:
- Fundamental features and functionalities of trusted systems
- Primitives and mechanisms for building a chain of trust
- Design principles and architectures of trusted modules and platforms
- Implementation technologies for trusted modules and platforms
- Cryptographic aspects of trusted systems, including cryptographic algorithms and protocols, and their implementation and application in trusted systems
- Scalable safe network operation in trusted systems
- Mobile trusted systems, such as trusted mobile platforms, sensor networks, mobile (ad hoc) networks, peer-to-peer networks, Bluetooth, etc.
- Storage aspects for trusted systems
- Applications of trusted systems, e.g. trusted email, web services and various e-commerce services
- Trusted intellectual property protection: metering, watermarking and digital rights management
- Software protection for trusted systems
- Authentication and access control for trusted systems
- Key, identity and certificate management for trusted systems
- Privacy aspects for trusted systems
- Attestation aspects for trusted systems, such as measurement and verification of the behavior of trusted systems
- Standards organizations and their contributions to trusted systems, such as TCG, ISO/IEC, IEEE 802.11, etc.
- Emerging technologies for trusted systems, such as RFID, memory spots, etc.
- Trust metrics and robust trust inference in distributed systems
- Usability and reliability aspects for trusted systems
- Trust modeling, economic analysis and protocol design for rational and malicious adversaries
- Virtualisation for trusted systems
- Limitations of trusted systems
- Security analysis of trusted systems, including formal method proofs, provable security and automated analysis
- Security policies for, and management of, trusted systems
- Intrusion resilience and revocation aspects for trusted systems
- Scalability aspects of trusted systems
- Compatibility aspects of trusted systems
- Experiences in building real-world trusted systems
- Socio-economic aspects of trusted systems

For more information, please see http://www.tcgchina.org.

Inscrypt 2009 5th China International Conference on Information Security and Cryptology, Beijing China, December 12 - 15, 2009. (Submissions due 25 August 2009) [posted here 6/8/09]
Inscrypt 2009 seeks high-quality research contributions in the form of well developed papers. Topics of interest encompass research advances in ALL areas of cryptology, information security and their applications, include:
- Access Control
- Authentication and Authorization
- Biometric Security
- Distributed System Security
- Database Security
- Electronic Commerce Security
- Intrusion Detection
- Information Hiding and Watermarking
- Key Management and Key Recovery
- Network Security
- Security Protocols and Their Analysis
- Security Modeling and Architectures
- Provable Security
- Secure Multiparty Computation
- Foundations of Cryptography
- Secret Key and Public Key Cryptosystems
- Implementation of Cryptosystems
- Hash Functions and MACs
- Block Cipher Modes of Operation
- Intellectual Property Protection
- Mobile System Security
- Operating System Security
- Risk Evaluation and Security Certification
- Prevention and Detection of Malicious Codes

For more information, please see http://www.inscrypt.cn/.

September 2009

SAC-CF 2010 25th ACM Symposium on Applied Computing, Computer Forensics Track, Sierre, Switzerland, March 22-26, 2010. (Submissions due 8 September 2009) [posted here 5/25/09]
With the exponential growth of computer users, the number of criminal activities that involves computers has increased tremendously. The field of Computer Forensics has gained considerable attention in the past few years. It is clear that in addition to law enforcement agencies and legal personnel, the involvement of computer savvy professionals is vital for any digital incident investigation. Unfortunately, there are not many well-qualified computer crime investigators available to meet this demand. An approach to solve this problem is to develop state-of-the-art research and development tools for practitioners in addition to creating awareness among computer users. The primary goal of this track will be to provide a forum for researchers, practitioners, and educators interested in Computer Forensics in order to advance research and educational methods in this increasingly challenging field. We expect that people from academia, industry, government, and law enforcement will share their previously unpublished ideas on research, education, and practice through this track. We solicit original, previously unpublished papers in the following general (non-exhaustive) list of topics:
- Incident Response and Live Data Analysis
- Operating System and Application Analysis
- File System Analysis
- Network Evidence Collection
- Network Forensics
- Data Hiding and Recovery
- Digital Image Forensics
- Event Reconstruction and Tracking
- Forensics in Untrusted Environments
- Hardware Assisted Forensics
- Legal, Ethical and Privacy Issues
- Attributing Malicious Cyber Activity
- Design for Forensic Evaluation
- Visualization for Forensics

For more information, please see http://comp.uark.edu/~bpanda/sac2010cfp.pdf.

SAC-TRECK 2010 25th ACM Symposium on Applied Computing, Trust, Reputation, Evidence and other Collaboration Know-how Track (TRECK), Sierre, Switzerland, March 22-26, 2010. (Submissions due 8 September 2009) [posted here 5/25/09]
Computational models of trust and online reputation mechanisms have been gaining momentum. The goal of the ACM SAC 2010 TRECK track remains to review the set of applications that benefit from the use of computational trust and online reputation. Computational trust has been used in reputation systems, risk management, collaborative filtering, social/business networking services, dynamic coalitions, virtual organisations and even combined with trusted computing hardware modules. The TRECK track covers all computational trust/reputation applications, especially those used in real-world applications. The topics of interest include, but are not limited to:
- Recommender and reputation systems
- Trust management, reputation management and identity management
- Pervasive computational trust and use of context-awareness
- Mobile trust, context-aware trust
- Web 2.0 reputation and trust
- Trust-based collaborative applications
- Automated collaboration and trust negotiation
- Trade-off between privacy and trust
- Trust/risk-based security frameworks
- Combined computational trust and trusted computing
- Tangible guarantees given by formal models of trust and risk
- Trust metrics assessment and threat analysis
- Trust in peer-to-peer and open source systems
- Technical trust evaluation and certification
- Impacts of social networks on computational trust
- Evidence gathering and management
- Real-world applications, running prototypes and advanced simulations
- Applicability in large-scale, open and decentralised environments
- Legal and economic aspects related to the use of trust and reputation engines
- User-studies and user interfaces of computational trust and online reputation applications

For more information, please see http://www.trustcomp.org/treck/.

SAC-ISRA 2010 25th ACM Symposium on Applied Computing, Information Security Research and Applications Track, Sierre, Switzerland, March 22-26, 2010. (Submissions due 8 September 2009) [posted here 6/8/09]
As society becomes more reliant on information systems, networks, and mobile communication, we become more vulnerable to security incidents. Our critical infrastructures for energy, communication, and transportation are interconnected via the Internet, bringing with this the efficiencies and economies of scale and the risk associated with open networks. It has turned out that economic and societal interests go beyond technical security, as they also relate to organizational and behavioral security facets. This track provides a venue for holistic security issues related to detecting, mitigating and preventing the threat of attacks against information and communication systems. It brings together security researchers from the areas of computer science, information systems and systems science who are otherwise spread over multiple conferences. Papers that address improving the security of information system- reliant organizations from threats through technical, organizational, or behavioral change are encouraged. These may include simulation studies, case-based research, empirical studies, and other applications of quantitative and qualitative methods. Topics include, but are not limited to:
- Internet security
- Economics of information security
- Identifying modes of misuse
- Applications of access policies
- Analysis of known and unknown modes of attack
- Detecting and mitigating insider threats
- Modeling risks and approaches to mitigation
- Teaching and training security and business managers about information security
- Creating channels and techniques to share confidential information
- Modeling and theory building of security issues
- Insider threats
- Social and business security policy
- Intrusion detection/prevention
- Electronic commerce security and privacy
- Secure software development
- Electronic voting
- Security metrics
- Risk and fraud assessment
- Trust
- Process Control Systems / SCADA security

For more information, please see http://www.albany.edu/~er945/CfP_SAC2010_ISRA.html.

NDSS 2010 17th Annual Network & Distributed System Security Symposium, San Diego, CA, USA, February 28 - March 3, 2010. (Submissions due 11 September 2009) [posted here 5/4/09]
The Network and Distributed System Security Symposium fosters information exchange among research scientists and practitioners of network and distributed system security services. The target audience includes those interested in practical aspects of network and distributed system security, with a focus on actual system design and implementation (rather than theory). A major goal is to encourage and enable the Internet community to apply, deploy, and advance the state of available security technology. Submissions are solicited in, but not limited to, the following areas:
- Security of Web-based applications and services
- Anti-malware techniques: detection, analysis, and prevention
- Intrusion prevention, detection, and response
- Security for electronic voting
- Combating cyber-crime: anti-phishing, anti-spam, anti-fraud techniques
- Privacy and anonymity technologies
- Network perimeter controls: firewalls, packet filters, and application gateways
- Security for emerging technologies: sensor networks, wireless/mobile (and ad hoc) networks, and personal communication systems
- Security for Vehicular Ad-hoc Networks (VANETs)
- Security for peer-to-peer and overlay network systems
- Security for electronic commerce: e.g., payment, barter, EDI, notarization, timestamping, endorsement, and licensing
- Implementation, deployment and management of network security policies
- Intellectual property protection: protocols, implementations, metering, watermarking, digital rights management
- Integrating security services with system and application security facilities and protocols
- Public key infrastructures, key management, certification, and revocation
- Special problems and case studies: e.g., tradeoffs between security and efficiency, usability, reliability and cost
- Security for collaborative applications: teleconferencing and video-conferencing
- Software hardening: e.g., detecting and defending against software bugs (overflows, etc.)
- Security for large-scale systems and critical infrastructures
- Integrating security in Internet protocols: routing, naming, network management

For more information, please see http://www.isoc.org/isoc/conferences/ndss/10/cfp.shtml.

EC2ND 2009 5th European Conference on Computer Network Defence, Politecnico di Milano, Milano, Italy, November 12-13, 2009. (Submissions due 15 September 2009) [posted here 6/8/09]
The theme of the conference is the protection of computer networks. The conference will draw participants from academia and industry in Europe and beyond to discuss hot topics in applied network and systems security. EC2ND invites submissions presenting novel ideas at an early stage with the intention to act as a discussion forum and feedback channel for promising, innovative security research. While our goal is to solicit ideas that are not completely worked out, and might have challenging and interesting open questions, we expect submissions to be supported by some evidence of feasibility or preliminary quantitative results. Topics include but are not limited to:
- Intrusion Detection
- Denial-of-Service
- Privacy Protection
- Security Policy
- Peer-to-Peer and Grid Security
- Network Monitoring
- Web Security
- Vulnerability Management and Tracking
- Network Forensics
- Wireless and Mobile Security
- Cryptography
- Network Discovery and Mapping
- Incident Response and Management
- Malicious Software
- Web Services Security
- Legal and Ethical Issues

For more information, please see http://2009.ec2nd.org/.

WiSec 2010 3rd ACM Conference on Wireless Network Security, Stevens Institute of Technology, Hoboken, NJ, USA, March 22-24, 2010. (Submissions due 21 September 2009) [posted here 6/8/09]
As wireless networks become ubiquitous, their security gains in importance. The ACM Conference on Wireless Network Security (WiSec) aims at exploring attacks on wireless networks as well as techniques to thwart them. The considered networks encompass cellular, metropolitan, local area, vehicular, ad hoc, satellite, underwater, cognitive radio, and sensor networks, as well as RFID. Topics of interest include, but are not limited to:
- Naming and addressing vulnerabilities
- Key management in wireless/mobile environments
- Secure neighbor discovery / Secure localization
- Secure PHY and MAC protocols
- Trust establishment
- Intrusion detection, detection of malicious behavior
- Revocation of malicious parties
- Denial of service
- User privacy, location privacy
- Anonymity, prevention of traffic analysis
- Identity theft and phishing in mobile networks
- Charging
- Cooperation and prevention of non-cooperative behavior
- Economics of wireless security
- Vulnerability and attack modeling
- Incentive-aware secure protocol design
- Jamming/Anti-jamming communication
- Cross-layer design for security
- Monitoring and surveillance
- Cryptographic primitives for wireless communication
- Formal methods for wireless security
- Mobile platform and systems (OS and application) security

For more information, please see http://www.sigsac.org/wisec/WiSec2010.

ASIACCS 2010 5th ACM Symposium on Information, Computer and Communications Security, Beijing, China, April 13-16, 2010. (Submissions due 28 September 2009) [posted here 6/29/09]
ASIACCS is a major international forum for information security researchers, practitioners, developers, and users to explore and exchange the latest cyber-security ideas, breakthroughs, findings, techniques, tools, and experiences. We invite submissions from academia, government, and industry presenting novel research on all theoretical and practical aspects of computer and network security. Topics of interest include, but are not limited to:
- anonymity
- access control
- secure networking
- accounting and audit
- key management
- intrusion detection
- authentication
- smartcards
- data and application security
- Malware and botnets
- privacy-enhancing technology
- software security
- inference/controlled disclosure
- intellectual-property protection
- digital-rights management
- trusted computing
- phishing and countermeasures
- commercial and industry security
- security management
- web security
- applied cryptography
- mobile-computing security
- cryptographic protocols
- data/system integrity
- information warfare
- formal methods for security
- identity management
- security in ubiquitous computing, e.g., RFIDs
- security and privacy for emerging technologies, e.g., VoIP, peer-to-peer and overlay network systems, Web 2.0

For more information, please see http://www.dacas.cn/asiaccs2010.

ESSoS 2010 2nd International Symposium on Engineering Secure Software and Systems, Pisa, Italy, February 3-4, 2010. (Submissions due 30 September 2009) [posted here 6/29/09]
The goal of this symposium is to bring together researchers and practitioners to advance the states of the art and practice in secure software engineering. Being one of the few conference-level events dedicated to this topic, it explicitly aims to bridge the software engineering and security engineering communities, and promote cross-fertilization. The symposium will feature two days of technical program as well as one day of tutorials. The technical program includes an experience track for which the submission of highly informative case studies describing (un)successful secure software project experiences and lessons learned is explicitly encouraged. Topics of interest include, but are not limited to:
- scalable techniques for threat modeling and analysis of vulnerabilities
- specification and management of security requirements and policies
- security architecture and design for software and systems
- model checking for security
- specification formalisms for security artifacts
- verification techniques for security properties
- systematic support for security best practices
- security testing
- security assurance cases
- programming paradigms, models and DLS's for security
- program rewriting techniques
- processes for the development of secure software and systems
- security-oriented software reconfiguration and evolution
- security measurement
- automated development
- trade-off between security and other non-functional requirements
- support for assurance, certification and accreditation

For more information, please see http://distrinet.cs.kuleuven.be/events/essos2010.

Archival Journals Regularly Specializing in Security and Privacy

Journal of Privacy Technology (JOPT),   Editor-in-Chief:  Latanya Sweeney
This online-only Journal, started in 2004 and  operated by Carnegie Mellon University, is a forum for the publication of original current research in privacy technology. It encourages the submission of any material dealing primarily with the technological aspects of privacy or with the privacy aspects of technology, which may include analysis of the interaction between policy and technology or the technological implications of legal decisions.  More information can be found at http://www.jopt.org/.

IEEE Security and Privacy Magazine,   Editor-in-Chief: Carl E. Landwehr
IEEE Security & Privacy provides a unique combination of research articles, case studies, tutorials, and regular departments covering diverse aspects of information assurance such as legal and ethical issues, privacy concerns, tools to help secure information, analysis of vulnerabilities and attacks, trends and new developments, pedagogical and curricular issues in educating the next generation of security professionals, secure operating systems and applications, security issues in wireless networks, design and test strategies for secure and survivable systems, and cryptology.  More information can be found at http://computer.org/security/.

ACM Transactions on Information and System Security,   Editor-in-Chief: Gene Tsudik
ACM invites submissions for its Transactions on Information and System Security, inaugurated in November 1998. TISSEC publishes original archival-quality research papers and technical notes in all areas of information and system security including technologies, systems, applications, and policies. Papers should have practical relevance to the construction, evaluation, application, or operation of secure systems. Theoretical papers will be accepted only if there is convincing argument for the practical significance of the results. Theory must be justified by convincing examples illustrating its application. More information is given on the journal web page at http://www.acm.org/tissec.

IEEE Transactions on Dependable and Secure Computing,   Editor-in-Chief: Virgil D. Gligor
The IEEE Transactions on Dependable and Secure Computing publishes archival research results related to research into foundations, methodologies, and mechanisms that support the achievement—through design, modeling, and evaluation—of systems and networks that are dependable and secure to the desired degree without compromising performance. The focus will also include measurement, modeling, and simulation techniques, and foundations for jointly evaluating, verifying, and designing for performance, security, and dependability constraints. More information is given on the journal web page at http://www.computer.org/tdsc/.

The Kluwer International Series on ADVANCES IN INFORMATION SECURITY.
The purpose of the Advances in Information Security book series is to establish the state of the art and set the course for future research in information security. The scope of this series includes not only all aspects of computer and network security, but related areas such as fault tolerance and software assurance. The series will serve as a central source of reference for information security research and developments. The series aims to publish thorough and cohesive overviews on specific topics in Information Security, as well as works that are larger in scope than survey articles and that will contain more detailed background information. The series also provides a single point of coverage of advanced and timely topics and a forum for topics that may not have reached a level of maturity to warrant a comprehensive textbook. Prospective Authors or Editors: If you have an idea for a book that would fit in this series, we would welcome the opportunity to review your proposal. Should you wish to discuss any potential project further or receive specific information regarding book proposal requirements, please contact either Sushil Jajodia (jajodia@gmu.edu,703-993-1653) or Lance Wobus (lance.wobus@wkap.com, 781-681-0602)
 
Journal of Computer Security,   Editor-in-Chief: Sushil Jadodia and Jonathan Millen
JCS is an archival research journal for significant advances in computer security. Subject areas include architecture, operating systems, database systems, networks, authentication, distributed systems, formal models, verification, algorithms, mechanisms, and policies. Submissions: send six copies to one of the editors in chief: Sushil Jadodia, CSIS, George Mason University, 440 University Drive, Fairfax, VA 22030, or Jonathan Millen, The MITRE Corporation, 202 Burlington Rd., Bedford, MA. Subscriptions: contact IOS Press, Niewe Hemweg 6B, 1013 BG Amsterdam, Netherlands, (e-mail: order@iospress.nl) for information about individual or institutional subscriptions or back issues. More information is given on the journal web page at http://www.mitre.org/jcs.
 
Computers & Security,   Editor-in-Chief: Dimitris Gritzalis
Computers & Security aims to satisfy the needs of managers and experts involved in computer security by providing a blend of research developments, innovations, and practical management advice. Original submissions on all computer security topics are invited, particularly those of practical benefit to the practitioner. Four copies of papers from 5-10,000 words should be sent to the editor, N. Dudley, at Elsevier Advanced Technology, P.O. Box 150, Kidlington, Oxford, OX5 1AS, United Kingdom. Telephones: voice +44(0)1865 843848 / 843000; fax +44 (0) 1865 843971.  More information can be found at http://www.elsevier.com/locate/issn/01674048.
 
International Journal of Information Security,   Editors-in-Chief: D. Gollmann; J. Lopez; E. Okamoto
The International Journal of Information Security, IJIS, aims to provide prompt publication of important technical work in information security, attracting any person interested in communications, commerce, banking, medicine, or other areas of endeavor affected by information security. Any research submission on theory, applications, and implementations of information security is welcomed. This includes, but is not limited to, system security, network security, content protection, applications and foundations of information security. More information is given on the journal web page at http://link.springer.de/link/service/journals/10207/index.htm.
 
International Journal of Network Security,   Editors-in-Chief: Min-Shiang Hwang
International Journal of Network Security is an international official journal of Science Publications, publishing original articles, reviews and short communications of a high scientific and technology in network security. Subjects covered include: access control, computer security, cryptography, communications security, data security, database security, electronic commerce security, information security, multimedia security, and network security. Authors are strongly encouraged to submit their papers electronically by using online manuscript submission at http://ijns.nchu.edu.tw/, or submit their Word, ps or pdf file to the editor-in-chief (via Email: mshwang@isrc.nchu.edu.tw): Min-Shiang Hwang, at the Department of Management Information Systems, National Chung Hsing University, Taiwan, R.O.C.  More information can be found at http://ijns.nchu.edu.tw/.
 
International Journal of Security and Networks,   Editors-in-Chief: Yang Xiao
International Journal of Security and Networks is an archival research journal for significant advances in network security. Subject areas include attack models, security mechanisms, security services, authentication, authorization, access control, multicast security, data confidentiality, data integrity, non-repudiation, forensics, privacy protection, secure protocols, formal analyses, intrusion detection, key management, trust establishment, revocation of malicious parties, security policies, fraudulent usage, dependability and reliability, prevention of traffic analysis, network security performance evaluation, tradeoff analysis between performance and security, security standards, etc. All papers must be submitted online at http://www.inderscience.com/ijsn/. More information is given on the journal web page at http://www.inderscience.com/ijsn/.
 
International Journal of Critical Infrastructure Protection,   Editors-in-Chief: Sujeet Shenoi
International Journal of Critical Infrastructure Protection's primary aim is to publish high quality scientific and policy papers in all areas of critical infrastructure protection. Of particular interest are articles that weave science, technology and policy to craft sophisticated yet practical solutions that will secure information, computer and network assets in the various critical infrastructure sectors. All papers must be submitted online at http://www.elsevier.com/locate/ijcip. More information is given on the journal web page at http://www.elsevier.com/locate/ijcip.
 
IEEE Transactions on Information Forensics and Security,   Editors-in-Chief: Nasir D. Memon
IEEE Transactions on Information Forensics and Security aims to provide a unified locus for archival research on the fundamental contributions and the mathematics behind information forensics, information security, surveillance, and systems applications that incorporate these features. Authors are strongly encouraged to submit their papers electronically to the online manuscript system, Manuscript Central, via sps-ieee.manuscriptcentral.com.  More information can be found at http://www.ieee.org/organizations/society/sp/tifs.html.