Last Modified:05/13/13

Note: Please send new calls to cipher-cfp@ieee-security.org and take a moment to read the submission guidelines. And please see the Cipher Calendar for events sorted in date order. For all other questions, please contact cipher-cfp@ieee-security.org by email.

Contents

Special Issues of Journals and Handbooks

IEEE Transactions on Reliability, Special Section on Trustworthy Computing, 2014, (Submission Due 1 November 2013) [posted here 04/01/2013]

Editors: Shiuhpyng Winston Shieh (National Chiao Tung University, Taiwan)

Trustworthy Computing (TC) has been applied to software-enabled computing systems and networks that are inherently secure, private, available, and reliable. As the fast growing mobile cloud computing emerges to cover smart phones, tablets, smart TV, and cloud computing platforms, these ubiquitous computing devices poses new challenges to trustworthy computing. Cloud computing offers organizations of all sizes the ability to embrace and implement new applications at far less cost than traditional approaches. Organizations that move workloads to the cloud take advantage of the capabilities of their cloud providers to ensure continuous availability of services. However, the ever-growing complexity of such systems and the software that controls them not only makes it much more difficult to guarantee their quality, but also introduces more vulnerability for malicious attacks, intrusion, and data loss. To address these needs, this special section calls for novel applications of emerging techniques for trustworthy computing of information, software, systems, networks. Reviews and case studies which address state-of-art research and state-of-practice industry experiences are also welcomed. The topics of interest include, but are not limited to:
- Security, reliability, privacy, and availability issues in computing systems and networks
- Trustworthy computing in small or large systems, such as mobile devices, embedded systems, cloud computing platforms, and internet of things
- Information, system, and software assurance
- Auditing, verification, validation
- Security testing, evaluation, and measurement
- Data protection, maintenance, recovery, and risk assessment
- Authentication, authorization, access control, and accounting
- Penetration analysis, intrusion detection and prevention
- Malware behavior analysis, and software vulnerability discovery
- Hardware techniques facilitating trustworthy computing, such as Trusted Platform Module (TPM)
- Trustworthy operating systems and applications
- Cloud Computing
- Mobile Computing
- Software defined networking (SDN)
- Cryptographic techniques

For more information, please see http://rs.ieee.org/images/files/newsletters/2013/1_2013/CFP3.htm.

Conference and Workshop Call-for-papers

IWSEC 2013 8th International Workshop on Security, Okinawaken Shichouson Jichikaikan, Japan, November 18-20, 2013. (Submissions due 13 May 2013) [posted here 03/18/13]
Original papers on the research and development of various security topics, as well as case studies and implementation experiences, are solicited for submission to IWSEC 2013. Topics of interest for IWSEC 2013 include but are not limited to:
- Anonymity
- Application Security
- Authentication, Authorization and Access Control
- Biometrics
- Block/Stream Ciphers
- Cloud Computing Security
- Cryptographic Implementations and their Analysis
- Cryptographic Protocols
- Cryptanalysis
- Data and System Integrity
- Database Security
- Digital Forensics
- Digital Signatures
- E-business/e-commerce/e-government Security
- Hash Functions
- Information Hiding
- Information Law and Ethics
- Intellectual Property Protection
- Intrusion Prevention and Detection
- Malware Prevention and Detection
- Mobile System Security
- Network Security
- Privacy Preserving Systems
- Public Key Cryptosystems
- Quantum Security
- Risk Analysis and Risk Management
- Security Architectures
- Security for Consumer Electronics
- Security for Critical Infrastructures
- Security Management
- Secure Multiparty Computation
- Security for Ubiquitous/Pervasive Computing
- Smart Card and RFID Security
- Software Security
- System Security
- Web Security

For more information, please see http://www.iwsec.org/2013/.

SOUPS-RISK 2013 Workshop on Risk Perception in IT Security and Privacy, Newcastle, UK, July 24-26, 2013. (Submissions due 30 May 2013) [posted here 03/04/13]
This workshop is an opportunity to bring together researchers and practitioners to share experiences, concerns and ideas about how to address the gap between user perception of IT risks and security / organizational requirements for security and privacy. Willingness to perform actions for security purposes is strongly determined by the costs and perceived benefit to the individual. When end-users' perceptions of risk are not aligned with organization or system, there is a mismatch in perceived benefit, leading to poor user acceptance of the technology. For example, organizations face complex decisions when pushing valuable information across the network to mobile devices, web clients, automobiles and other embedded systems. This may impose burdensome security decisions on employees and clients due to the risks of devices being lost or stolen, shoulder surfing, eavesdropping, etc. Effective risk communication can provide a shared understanding of the need for, and benefits of secure approaches and practices. While risk perception has been studied in non-IT contexts, how well people perceive and react to IT risk is less well understood. How systems measure IT risk, how it is best communicated to users, and how to best align these often misaligned perspectives is poorly understood. Risk taking decisions (policies) are increasingly being pushed out to users who are frequently ill prepared to make complex technical security decisions based on limited information about the consequences of their actions. In other risk domains we know that non-experts think and respond to risk very differently than experts. Non-experts often rely on affect, and may be unduly influenced by the perceived degree of damage that will be caused. Experts, and risk evaluation systems, use statistical reasoning to assess risk. The purpose of this workshop is to bring together researchers and practitioners to share experiences, concerns and ideas about how to address the gap between user perception of IT risks and security / organizational requirements for security and privacy. Topics of interest include:
- Human decision and different attack types: Malware, eavesdropping, inadvertent loss / disclosure of information, phishing, browser attacks, etc.
- Research methods and metrics for assessing perception of risk
- Assessing value of assets and resources at risk
- Communicating and portrayal of risk - security indicators, status indicators, etc.
- Organizational versus personal risk
- The psychology of risk perception
- Behavioral aspects of risk perception
- Real versus perceived risk
- Other topics related to measuring IT risk and/or user perception of IT risk

For more information, please see http://cups.cs.cmu.edu/soups/2013/risk.html.

WISA 2013 14th International Workshop on Information Security Applications, Jeju Island, Korea, August 19-21, 2013. (Submissions due 31 May 2013) [posted here 04/15/13]
This year's program committee chairs decide to convert WISA to be a venue for discussing system security and offensive technology issues among researchers in Asia. More specifically, it will resemble two well-known conferences: USENIX Security and WOOT. The primary focus of WISA 2013, therefore, is on systems and network security, and the secondary focus is on offensive technology. Accordingly, the workshop will be composed of two tracks: regular and OT (Offensive Technology). Regular paper submissions are solicited in all areas relating to systems and network security, including:
- Analysis of network and security protocols
- Anonymity and censorship-resistant technologies
- Applications of cryptographic techniques
- Authentication and authorization of users, systems, and applications
- Automated tools for source code/binary analysis
- Botnet defense
- Critical infrastructure security
- Cryptographic implementation analysis and construction
- Denial-of-service attack countermeasures
- Embedded systems security
- Forensics
- Hardware and physical security
- Human-computer interaction, security, and privacy
- Intrusion/anomaly detection and prevention
- Malware analysis
- Mobile/wireless/cellular system security
- Network infrastructure security
- Operating system security
- Physical security
- Security architectures
- Security in heterogeneous and large-scale environments
- Security in ubiquitous computing environments
- Security policy
- Storage and file system security
- Techniques for developing secure systems
- Trustworthy computing
- Web security, including client-side and server-side security

For more information, please see http://www.wisa.or.kr/.

DPM 2013 8th International Workshop on Data Privacy Management, Held in conjunction with ESORICS 2013, Egham, U.K., September 12-13, 2013. (Submissions due 2 June 2013) [posted here 04/15/13]
The aim of this workshop is to discuss and exchange the ideas related to privacy data management. We invite papers from researchers and practitioners working in privacy, security, trustworthy data systems and related areas to submit their original papers in this workshop. Topics of interest include, but are not limited to the following:
- Privacy Information Management
- Privacy Policy-based Infrastructures and Architectures
- Privacy-oriented Access Control Languages and Models
- Privacy in Trust Management
- Privacy Data Integration
- Privacy Risk Assessment and Assurance
- Privacy Services
- Privacy Policy Analysis
- Lightweight cryptography & Cryptanalysis
- Query Execution over Privacy Sensitive Data
- Privacy Preserving Data Mining
- Hippocratic and Water-marking Databases
- Privacy for Integrity-based Computing
- Privacy Monitoring and Auditing
- Privacy in Social Networks
- Privacy in Ambient Intelligence (AmI) Applications
- Individual Privacy vs. Corporate/National Security
- Code-based Cryptology
- Privacy in computer networks
- Privacy and RFIDs
- Privacy and Big Data
- Privacy in sensor networks

For more information, please see http://research.icbnet.ntua.gr/DPM2013/.

CRiSIS 2013 8th International Conference on Risks and Security of Internet and Systems, La Rochelle, France, October 23-25, 2013. (Submissions due 3 June 2013) [posted here 03/25/13]
The topics addressed by CRiSIS range from the analysis of risks, attacks to networks and system survivability, as well as security models, security mechanisms and privacy enhancing technologies. Prospective authors are invited to submit research results as well as practical experiment or deployment reports. Industrial papers about applications and case studies, such as tele medicine, banking, e-government and critical infrastructure, are also welcome. The list of topics includes but is not limited to:
- Analysis and management of risk
- Attacks and defenses
- Attack data acquisition and network monitoring
- Cryptography, Biometrics, Watermarking
- Dependability and fault tolerance of Internet applications
- Distributed systems security
- Embedded system security
- Empirical methods for security and risk evaluation
- Hardware-based security and Physical security
- Intrusion detection and Prevention systems
- Organizational, ethical and legal issues
- Privacy protection and anonymization
- Risk-aware access and usage control
- Security and risk assessment
- Security and risks metrics
- Security and dependability of operating systems
- Security and safety of critical infrastructures
- Security and privacy of peer-to-peer system
- Security and privacy of wireless networks
- Security models and security policies
- Security of new generation networks, security of VoIP and multimedia
- Security of e-commerce, electronic voting and database systems
- Security of social networks
- Smartphone security and privacy
- Traceability, metrology and forensics
- Trust management
- Use of smart cards and personal devices for Internet applications
- Web and cloud security

For more information, please see http://secinfo.msi.unilim.fr/crisis2013/.

QASA 2013 2nd International Workshop in Quantitative Aspects in Security Assurance, Held in conjunction with ESORICS 2013, Egham, U.K., September 12-13, 2013. (Submissions due 5 June 2013) [posted here 04/15/13]
There is an increasing demand for techniques to deal with quantitative aspects of security assurance at several levels of the development life-cycle of systems & services, e.g., from requirements elicitation to run-time operation and maintenance. The aim of this workshop is to bring together researchers and practitioners interested in these research topics with a particular emphasis techniques for service oriented architectures. The scope of the workshop, is intended to be broad, including aspects as dependability, privacy, risk and trust. The list of topics includes, but it is not limited to:
- Probabilistic/stochastic model checking
- Quantitative information flow analysis
- Quantitative issues in access and usage control
- Security testing techniques
- Static/dynamic code analysis techniques
- Metrics for security, trust and privacy
- Incremental/modular security assurance analysis
- Process compliance assurance techniques
- Tool support for quantitative security assurance
- Simulation techniques
- Model-driven techniques for security, trust, risk and privacy
- Assurance cases modelling and analysis

For more information, please see http://www.iit.cnr.it/qasa2013.

BigSecurity 2013 1st International Workshop on Security and Privacy in Big Data, Held in conjunction with Globecom 2013, Atlanta, Georgia, USA, December 9-13, 2013. (Submissions due 10 June 2013) [posted here 05/13/13]
As we are deep into the Information Age, we witness the explosive growth of data available on the Internet. For example, human beings create about 2.5 quintillion bytes of data every day in 2012, which come from sensors, individual archives, social networks, Internet of Things, enterprise and Internet in all scales and formats. We face one of the most challenging issues, i.e., how to effectively manage such a large amount of data and identify new ways to analyze large amounts of data and unlock information. The issue is also known as Big Data, which has been emerging as a hot topic in Information and Communication Technologies (ICT) research. Security and privacy issue is critical for Big Data. Many works have been carried out focusing on business, application and information processing level from big data, such as data mining and analysis. However, security and privacy issues in Big Data are seldom mentioned to date. Due to its extraordinary scale, security and privacy in Big Data faces many challenges, such as efficient encryption and decryption algorithms, encrypted information retrieval, attribute based encryption, attacks on availability, reliability and integrity of Big Data. This workshop offers a timely venue for researchers and industry partners to present and discuss their latest results in security and privacy related work of Big Data.

For more information, please see http://www.nsp.org.au/CFP/BigSecurity/.

SafeConfig 2013 6th Symposium on Security Analytics and Automation, Washington, D.C., USA, October 14, 2013. (Submissions due 25 June 2013) [posted here 05/13/13]
The new sophisticated cyber security threats demand new security management approaches that offer a holistic security analytics based on the system data including configurations, logs and network traffic. Security analytics must be able to handle large volumes of data in order to model, integrate, analyze and respond to threats at real time. The system configuration/policy is a key component that determines the security and resiliency of networked information systems and services. However, a typical enterprise networked environment contains thousands of network and security devices and millions of inter-dependent configuration variables (e.g., rules) that orchestrate the end-to-end system behavior globally. As the current technology moves toward "smart" cyber infrastructure and open networking platforms (e.g. OpenFlow and virtual computing), the need for security analytics and automation significantly increases. The coupled integration of network sensor data and configuration in a unified framework will enable intelligent response, automated defense, and network resiliency/agility. This symposium offers a unique opportunity by bringing together researchers form academic, industry as well as government agencies to discuss these challenges, exchange experiences, and propose joint plans for promoting research and development in this area. SafeConfig Symposium is a one day program that will include invited talks, technical presentations of peer-reviewed papers, poster/demo sessions, and joint panels on research collaboration. SafeConfig Symposium solicits the submission of original unpublished ideas in 8-page long papers, 4-page sort papers, or 2-pages posters. Security analytics and automation for new emerging application domains such as clouds and data centers, cyber-physical systems software defined networking and Internet of things are of particular interest to SafeConfig community.

For more information, please see http://www.safeconfig.org.

SIN 2013 6th International Conference on Security of Information and Networks, Aksaray, Turkey, November 26-28, 2013. (Submissions due 30 June 2013) [posted here 03/04/13]
The 6th International Conference on Security of Information and Networks (SIN 2013) provides an international forum for presentation of research and applications of security in information and networks. Papers addressing all aspects of security in information and networks are being sought. Researchers and industrial practitioners working on the following and related subjects are especially encouraged: Development and realization of cryptographic solutions, security schemes, new algorithms; critical analysis of existing approaches; secure information systems, especially distributed control and processing applications, and security in networks; interoperability, service levels and quality issues in such systems; information assurance, security, and public policy; detection and prevention of cybercrimes such as fraud and phishing; next generation network architectures, protocols, systems and applications; industrial experiences and challenges of the above.

For more information, please see http://www.sinconf.org.

RFIDsec-Asia 2013 Workshop on RFID and IoT Security, Guangzhou, China, November 27, 2013. (Submissions due 1 July 2013) [posted here 03/18/13]
The workshop series of RFIDsec Asia, the Asia branch of RFIDsec, aims to provide researchers, enterprises and governments a platform to investigate, discuss and propose new solutions on security and privacy issues of RFID/IoT (Internet of Things) technologies and applications. Papers with original research in theory and practical system design concerning RFID/IoT security are solicited. Topics of interest include, but are not limited to, the following:
- New applications for secure RFID/IoT systems
- Data integrity and privacy protection techniques for RFID/IoT
- Attacks and countermeasures on RFID/IoT systems
- Design and analysis on secure RFID/IoT hardware
- Risk assessment and management on RFID/IoT applications
- Trust model, data aggregation and information sharing for EPCglobal network
- Resource efficient implementation of cryptography
- Integration of secure RFID/IoT systems

For more information, please see http://www.inscrypt.cn/2013/Inscrypt_2013/CFP-RFIDsecAsia.htm.

eCrime 2013 8th IEEE eCrime Researchers Summit, San Francisco, California, USA, September 17-18, 2013. (Submissions due 5 July 2013) [posted here 05/13/13]
eCRS 2013 consist of two full days which bring together academic researchers, security practitioners, and law enforcement to discuss all aspects of electronic crime and ways to combat it. Topics of interests include (but are not limited to):
- Case studies of current attack methods, including phishing, malware, rogue antivirus, pharming, crimeware, botnets, and emerging techniques
- Case studies of online advertising fraud, including click fraud, malvertising, cookie stuffing, and affiliate fraud
- Case studies of large-scale take-downs, such as coordinated botnet disruption
- Technical, legal, political, social and psychological aspects of fraud and fraud prevention
- Economics of online crime, including measurement studies of underground economies and models of e-crime
- Uncovering and disrupting online criminal collaboration and gangs
- Financial infrastructure of e-crime, including payment processing and money laundering
- Techniques to assess the risks and yields of attacks and the effectiveness of countermeasures
- Delivery techniques, including spam, voice mail, social network and web search manipulation; and countermeasures
- Techniques to avoid detection, tracking and take-down; and ways to block such techniques
- Best practices for detecting and avoiding damages to critical internet infrastructure, such as DNS and SCADA, from electronic crime activities

For more information, please see http://ecrimeresearch.org/events/eCrime2013/cfp.

VizSec 2013 10th International Symposium on Visualization for Cyber Security, Atlanta GA, USA, October 14, 2013. (Submissions due 8 July 2013) [posted here 03/04/13]
The 10th International Symposium on Visualization for Cyber Security (VizSec) is a forum that brings together researchers and practitioners from academia, government, and industry to address the needs of the cyber security community through new and insightful visualization and analysis techniques. VizSec will provide an excellent venue for fostering greater exchange and new collaborations on a broad range of security- and privacy-related topics. Important research problems often lie at the intersection of disparate domains. Our focus is to explore effective, scalable visual interfaces for security domains, where visualization may provide a distinct benefit, including computer forensics, reverse engineering, insider threat detection, cryptography, privacy, preventing 'user assisted' attacks, compliance management, wireless security, secure coding, and penetration testing in addition to traditional network security. Human time and attention are precious resources. We are particularly interested in visualization and interaction techniques that effectively capture human analyst insights so that further processing may be handled by machines, freeing the analyst for other tasks. For example, a malware analyst might use a visualization system to analyze a new piece of malicious software and then facilitate generating a signature for future machine processing. When appropriate, research that incorporates multiple data sources, such as network packet captures, firewall rule sets and logs, DNS logs, web server logs, and/or intrusion detection system logs, is particularly desirable.

For more information, please see http://www.vizsec.org/.

SPSM 2013 3rd Workshop on Security and Privacy in Smartphones and Mobile Devices, Held in conjunction with the ACM CCS 2013, Berlin, Germany, November 8, 2013. (Submissions due 22 July 2013) [posted here 05/13/13]
The SPSM workshop intends to provide a venue for interested researchers and practitioners to get together and exchange ideas. The workshop will deepen our understanding of various security and privacy issues on smartphones. As with the two very well received previous editions, the topics of interest to SPSM 2013 include (but are not limited to) the following subject categories:
- Device/hardware security
- OS/Middleware security
- Application security
- Authenticating users to devices and services
- Mobile Web Browsers
- Usability
- Privacy
- Rogue application detection and recovery
- Vulnerability detection and remediation
- Secure application development
- Cloud support for mobile security

For more information, please see http://www.spsm-workshop.org/2013/.

POST 2014 3rd Conference on Principles of Security and Trust, Grenoble, France, April 7–11, 2014. (Submissions due 4 October 2013) [posted here 05/13/13]
Principles of Security and Trust is a broad forum related to the theoretical and foundational aspects of security and trust. Papers of many kinds are welcome: new theoretical results, practical applications of existing foundational ideas, and innovative theoretical approaches stimulated by pressing practical problems. We seek submissions proposing theories to clarify security and trust within computer science; submissions establishing new results in existing theories; and also submissions raising fundamental concerns about existing theories. We welcome new techniques and tools to automate reasoning within such theories, or to solve security and trust problems. Case studies that reflect the strengths and limitations of foundational approaches are also welcome, as are more exploratory presentations on open questions. Areas of interest include:
- Access control
- Anonymity
- Authentication
- Availability
- Cloud security
- Confidentiality
- Covert channels
- Crypto foundations
- Economic issues
- Information flow
- Integrity
- Languages for security
- Malicious code
- Mobile code
- Models and policies
- Privacy
- Provenance
- Reputation and trust
- Resource usage
- Risk assessment
- Security architectures
- Security protocols
- Trust management
- Web service security

For more information, please see http://www.etaps.org/2014/post-2014.

Archival Journals Regularly Specializing in Security and Privacy

Journal of Privacy Technology (JOPT),   Editor-in-Chief:  Latanya Sweeney
This online-only Journal, started in 2004 and  operated by Carnegie Mellon University, is a forum for the publication of original current research in privacy technology. It encourages the submission of any material dealing primarily with the technological aspects of privacy or with the privacy aspects of technology, which may include analysis of the interaction between policy and technology or the technological implications of legal decisions.  More information can be found at http://www.jopt.org/.

IEEE Security and Privacy Magazine,   Editor-in-Chief: Carl E. Landwehr
IEEE Security & Privacy provides a unique combination of research articles, case studies, tutorials, and regular departments covering diverse aspects of information assurance such as legal and ethical issues, privacy concerns, tools to help secure information, analysis of vulnerabilities and attacks, trends and new developments, pedagogical and curricular issues in educating the next generation of security professionals, secure operating systems and applications, security issues in wireless networks, design and test strategies for secure and survivable systems, and cryptology.  More information can be found at http://computer.org/security/.

ACM Transactions on Information and System Security,   Editor-in-Chief: Gene Tsudik
ACM invites submissions for its Transactions on Information and System Security, inaugurated in November 1998. TISSEC publishes original archival-quality research papers and technical notes in all areas of information and system security including technologies, systems, applications, and policies. Papers should have practical relevance to the construction, evaluation, application, or operation of secure systems. Theoretical papers will be accepted only if there is convincing argument for the practical significance of the results. Theory must be justified by convincing examples illustrating its application. More information is given on the journal web page at http://www.acm.org/tissec.

IEEE Transactions on Dependable and Secure Computing,   Editor-in-Chief: Virgil D. Gligor
The IEEE Transactions on Dependable and Secure Computing publishes archival research results related to research into foundations, methodologies, and mechanisms that support the achievement—through design, modeling, and evaluation—of systems and networks that are dependable and secure to the desired degree without compromising performance. The focus will also include measurement, modeling, and simulation techniques, and foundations for jointly evaluating, verifying, and designing for performance, security, and dependability constraints. More information is given on the journal web page at http://www.computer.org/tdsc/.

The Kluwer International Series on ADVANCES IN INFORMATION SECURITY.
The purpose of the Advances in Information Security book series is to establish the state of the art and set the course for future research in information security. The scope of this series includes not only all aspects of computer and network security, but related areas such as fault tolerance and software assurance. The series will serve as a central source of reference for information security research and developments. The series aims to publish thorough and cohesive overviews on specific topics in Information Security, as well as works that are larger in scope than survey articles and that will contain more detailed background information. The series also provides a single point of coverage of advanced and timely topics and a forum for topics that may not have reached a level of maturity to warrant a comprehensive textbook. Prospective Authors or Editors: If you have an idea for a book that would fit in this series, we would welcome the opportunity to review your proposal. Should you wish to discuss any potential project further or receive specific information regarding book proposal requirements, please contact either Sushil Jajodia (jajodia@gmu.edu,703-993-1653) or Lance Wobus (lance.wobus@wkap.com, 781-681-0602)
 
Journal of Computer Security,   Editor-in-Chief: Sushil Jadodia and Jonathan Millen
JCS is an archival research journal for significant advances in computer security. Subject areas include architecture, operating systems, database systems, networks, authentication, distributed systems, formal models, verification, algorithms, mechanisms, and policies. Submissions: send six copies to one of the editors in chief: Sushil Jadodia, CSIS, George Mason University, 440 University Drive, Fairfax, VA 22030, or Jonathan Millen, The MITRE Corporation, 202 Burlington Rd., Bedford, MA. Subscriptions: contact IOS Press, Niewe Hemweg 6B, 1013 BG Amsterdam, Netherlands, (e-mail: order@iospress.nl) for information about individual or institutional subscriptions or back issues. More information is given on the journal web page at http://www.mitre.org/jcs.
 
Computers & Security,   Editor-in-Chief: Dimitris Gritzalis
Computers & Security aims to satisfy the needs of managers and experts involved in computer security by providing a blend of research developments, innovations, and practical management advice. Original submissions on all computer security topics are invited, particularly those of practical benefit to the practitioner. Four copies of papers from 5-10,000 words should be sent to the editor, N. Dudley, at Elsevier Advanced Technology, P.O. Box 150, Kidlington, Oxford, OX5 1AS, United Kingdom. Telephones: voice +44(0)1865 843848 / 843000; fax +44 (0) 1865 843971.  More information can be found at http://www.elsevier.com/locate/issn/01674048.
 
International Journal of Information Security,   Editors-in-Chief: D. Gollmann; J. Lopez; E. Okamoto
The International Journal of Information Security, IJIS, aims to provide prompt publication of important technical work in information security, attracting any person interested in communications, commerce, banking, medicine, or other areas of endeavor affected by information security. Any research submission on theory, applications, and implementations of information security is welcomed. This includes, but is not limited to, system security, network security, content protection, applications and foundations of information security. More information is given on the journal web page at http://link.springer.de/link/service/journals/10207/index.htm.
 
International Journal of Network Security,   Editors-in-Chief: Min-Shiang Hwang
International Journal of Network Security is an international official journal of Science Publications, publishing original articles, reviews and short communications of a high scientific and technology in network security. Subjects covered include: access control, computer security, cryptography, communications security, data security, database security, electronic commerce security, information security, multimedia security, and network security. Authors are strongly encouraged to submit their papers electronically by using online manuscript submission at http://ijns.nchu.edu.tw/, or submit their Word, ps or pdf file to the editor-in-chief (via Email: mshwang@isrc.nchu.edu.tw): Min-Shiang Hwang, at the Department of Management Information Systems, National Chung Hsing University, Taiwan, R.O.C.  More information can be found at http://ijns.femto.com.tw/.
 
International Journal of Security and Networks,   Editors-in-Chief: Yang Xiao
International Journal of Security and Networks is an archival research journal for significant advances in network security. Subject areas include attack models, security mechanisms, security services, authentication, authorization, access control, multicast security, data confidentiality, data integrity, non-repudiation, forensics, privacy protection, secure protocols, formal analyses, intrusion detection, key management, trust establishment, revocation of malicious parties, security policies, fraudulent usage, dependability and reliability, prevention of traffic analysis, network security performance evaluation, tradeoff analysis between performance and security, security standards, etc. All papers must be submitted online at http://www.inderscience.com/ijsn/. More information is given on the journal web page at http://www.inderscience.com/ijsn/.
 
International Journal of Critical Infrastructure Protection,   Editors-in-Chief: Sujeet Shenoi
International Journal of Critical Infrastructure Protection's primary aim is to publish high quality scientific and policy papers in all areas of critical infrastructure protection. Of particular interest are articles that weave science, technology and policy to craft sophisticated yet practical solutions that will secure information, computer and network assets in the various critical infrastructure sectors. All papers must be submitted online at http://www.elsevier.com/locate/ijcip. More information is given on the journal web page at http://www.elsevier.com/locate/ijcip.
 
IEEE Transactions on Information Forensics and Security,   Editors-in-Chief: Nasir D. Memon
IEEE Transactions on Information Forensics and Security aims to provide a unified locus for archival research on the fundamental contributions and the mathematics behind information forensics, information security, surveillance, and systems applications that incorporate these features. Authors are strongly encouraged to submit their papers electronically to the online manuscript system, Manuscript Central, via sps-ieee.manuscriptcentral.com.  More information can be found at http://www.ieee.org/organizations/society/sp/tifs.html.