| |
Last Modified:07/19/10
Note: Please send new calls to
cipher-cfp@ieee-security.org and take a moment to read the
submission guidelines. And please
see the Cipher
Calendar for events sorted in date order. For all other
questions, please contact
cipher-cfp@ieee-security.org by email.
Contents
Journal of Network and Computer Applications,
Special Issue on Trusted Computing and Communications,
2nd Quarter, 2011.
(Submission Due 1 August 2010) [posted here 05/24/10]
Guest editor: Laurence T. Yang (St. Francis Xavier University, Canada)
and Guojun Wang (Central South University, China)
With the rapid development and the increasing complexity of computer
and communications systems and networks, traditional security technologies
and measures can not meet the demand for integrated and dynamic security
solutions. As a challenging and innovative research field, trusted computing
and communications target computer and communications systems and networks
that are available, secure, reliable, controllable, dependable, and so on.
In a word, they must be trustworthy. If we view the traditional security as
identity trust, the broader field of trusted computing and communications
also includes behavior trust of systems and networks. In fact, trusted
computing and communications have become essential components of various
distributed services, applications, and systems, including self-organizing
networks, social networks, semantic webs, e-commence, and e-government.
Research areas of relevance would therefore include, but not only limited
to, the following topics:
- Trusted computing platform and paradigm
- Trusted systems and architectures
- Trusted operating systems
- Trusted software
- Trusted database
- Trusted services and applications
- Trust in e-commerce and e-government
- Trust in mobile and wireless networks
- Trusted communications and networking
- Reliable and fault-tolerant computer systems/networks
- Survivable computer systems/networks
- Autonomic and dependable computer systems/networks
For more information, please see
http://www.elsevier.com/locate/jnca.
IEEE Software,
Special Issue on Software Protection,
March, 2011.
(Submission Due 1 August 2010) [posted here 06/07/10]
Guest editor: Paolo Falcarin (University of East London, UK),
Christian Collberg (University of Arizona, USA),
Mikhail Atallah (Purdue University, USA), and Mariusz Jakubowski (Microsoft Research)
Software protection is an area of growing importance in software engineering and security:
leading-edge researchers have developed several pioneering approaches for preventing
or resisting software piracy and tampering, building a heterogeneous body of
knowledge spanning different topics: obfuscation, information hiding,
reverse engineering, source/binary code transformation, operating systems,
networking, encryption, and trusted computing.
IEEE Software seeks submissions for a special issue on software protection.
We seek articles that present proven mechanisms and strategies to mitigate
one or more of the problems faced by software protection. These strategies
should offer practitioners appropriate methods, approaches, techniques,
guidelines, and tools to support evaluation and integration of software
protection techniques into their software products. Possible topics include:
- Analysis of legal, ethical, and usability aspects of software protection
- Best practices and lesson learned while dealing with different relevant threats
- Case studies on success and/or failure in applying software protections
- Code obfuscation and reverse-engineering complexity
- Computing with encrypted functions and data
- Protection of authorship: watermarking and fingerprinting
- Remote attestations and network-based approaches
- Security evaluation of software protection's effectiveness
- Software protection methods used by malware (viruses, rootkits, worms, and botnets)
- Source and binary code protections
- Tamper-resistant software: mobile, self-checking, and self-modifying code
- Tools to implement or defeat software protections
- Trusted computing or other hardware-assisted protection
- Virtualization and protections based on operating systems
For more information, please see
http://www.computer.org/portal/web/computingnow/swcfp2.
Wiley Security and Communication Networks (SCN),
Special Issue on Defending Against Insider Threats and Internal Data Leakage,
2011.
(Submission Due 31 August 2010) [posted here 04/12/10]
Guest editor: Elisa Bertino (Purdue university, USA),
Gabriele Lenzini (SnT-Univ. of Luxembourg, Luxembourg),
Marek R. Ogiela (AGH University of Science & Technology, Poland),
and Ilsun You (Korean Bible University, Korea)
This special issue collects scientific studies and works reporting on the most recent challenges
and advances in security technologies and management systems
about protecting an organization's information from corporate malicious activities.
It aims to be the showcase for researchers that address the problems on how to prevent the leakage of
organizations' information caused by insiders. The contributions to this special
issue can conduct state-of-the-art surveys and case-analyses of practical significance,
which, we wish, will support and foster further research
and technology improvements related to this important subject.
Papers on practical as well as on theoretical topics are invited.
Topics include (but are not limited to):
- Theoretical foundations and algorithms for addressing insider threats
- Insider threat assessment and modeling
- Security technologies to prevent, detect and avoid insider threats
- Validating the trustworthiness of staff
- Post-insider threat incident analysis
- Data breach modeling and mitigation techniques
- Authentication and identification
- Certification and authorization
- Database security
- Device control system
- Digital forensic system
- Digital right management system
- Fraud detection
- Network access control system
- Intrusion detection
- Keyboard information security
- Information security governance
- Information security management systems
- Risk assessment and management
- Log collection and analysis
- Trust management
- Secure information splitting and sharing algorithms
- Steganography and subliminal channels
- IT compliance (audit)
- Continuous auditing
- Socio-Technical Engineering Attack to Security and Privacy
For more information, please see
http://isyou.hosting.paran.com/mist10/SCN-SI-10.pdf.
IEEE Internet Computing,
Special Issue on Security and Privacy in Social Networks,
May/June 2011.
(Submission Due 1 September 2010) [posted here 07/12/10]
Guest editor: Gail-Joon Ahn (Arizona State University, USA),
Mohamed Shehab (UNC Charlotte, USA),
and Anna Squicciarini (Penn State University, USA)
Social networks where people exchange personal and public information have
enabled users to connect with their friends, coworkers, colleagues, family
and even with strangers. Several social networking sites have developed to
facilitate such social interactions and sharing activities on the Internet
over the past several years. The popularity of social networking sites on the
Internet introduces the use of mediatedcommunication into the relationship
development process. Also, online social networks have recently emerged as a
promising area of research with a vast reach and application space. Users post
information on their profiles to share and interact with their other friends
in the social network. Social networks are not limited to simple entertaining
applications; instead several critical businesses have adopted social networks
to attract new customer spaces and to provide new services. The current trends
of social networks are indirectly requiring users to become system and policy
administrators for protecting their content in this social setting. This is
further complicated by the rapid growth rate of social networks and by the
continuous adoption of new services on social networks. Furthermore, the
use of personal information in social networks raises entirely new privacy
concerns and requires new insights on security problems. Several studies
and recent news have highlighted the increasing risk of misuse of personal
data processed by online social networking applications and the lack of
awareness among the user population. The security needs of social networks
are still not well understood and are not fully defined.
Nevertheless it is clear these will be quite different from classic
security requirements. It is important to bring a depth of security experience
from multiple security domains and technologies to this field as well as
depth and breadth of knowledge about social networks.
The aim of this special issue is to encompass research advances in all areas
of security and privacy in social networks. We welcome contributions
relating to novel technologies and methodologies for securely building
and managing social networks and relevant secure applications as well as
to cross-cutting issues. Topics of interest: include but are not limited to:
- Access control and identity management
- Delegation and secure collaboration
- Information flow, diffusion and auditing
- Malware analysis in social networks
- Privacy challenges and mechanism
- Risk assessment and management
- Secure social-network application development and methodologies
- Secure object tagging, bookmarking and annotations
- Trust and reputation management
- Usability driven security mechanisms
For more information, please see
http://www.public.asu.edu/~gahn1/icsn2011.htm.
IEEE Transactions on Information Forensics and Security,
Special Issue on Using the Physical Layer for Securing the
Next Generation of Communication Systems,
June 1, 2011.
(Submission Due 15 September 2010) [posted here 04/12/10]
Guest editor: Vincent Poor (Princeton University, USA),
Wade Trappe (Rutgers University, USA),
Aylin Yener (Pennsylvania State University,USA),
Hisato Iwai (Doshisha University, Japan),
Joao Barros (University of Porto, Portugal),
and Paul Prucnal (Princeton University, USA)
Communication technologies are undergoing a renaissance as there is a
movement to explore new, clean slate approaches for building communication
networks. Although future Internet efforts promise to bring new perspectives
on protocol designs for high-bandwidth, access-anything from anywhere services,
ensuring that these new communication systems are secure will also
require a re-examination of how we build secure communication
infrastructures. Traditional approaches to building and securing networks
are tied tightly to the concept of protocol layer separation. For network
design, routing is typically considered separately from link layer functions,
which are considered independently of transport layer phenomena or even the
applications that utilize such functions. Similarly, in the security arena,
MAC-layer security solutions (e.g. WPA2 for 802.11 devices) are typically
considered as point-solutions to address threats facing the link layer,
while routing and transport layer security issues are dealt with in distinct,
non-integrated protocols like IPSEC and TLS. The inherent protocol separation
involved in security solutions is only further highlighted by the fact that
the physical layer is generally absent from consideration.
This special issue seeks to provide a venue for ongoing research area in
physical layer security across all variety of communication media, ranging
from wireless networks at the edge to optical backbones at the core of the
network. The scope of this special issue will be interdisciplinary, involving
contributions from experts in the areas of cryptography, computer security,
information theory, signal processing, communications theory, and propagation
theory. In particular, the areas of interest include, but are not limited to,
the following:
- Information-theoretic formulations for confidentiality and authentication
- Generalizations of Wyner’s wiretap problem to wireless and optical systems
- Physical layer techniques for disseminating information
- Techniques to extract secret keys from channel state information
- Secrecy of MIMO and multiple-access channels
- Physical layer methods for detecting and thwarting spoofing and Sybil attacks
- Techniques to achieve covert or stealthy communication at the physical layer
- Quantum cryptography
- Modulation recognition and forensics
- Security and trustworthiness in cooperative communication
- Fast encryption using physical layer properties
- Attacks and threat analyses targeted at subverting physical layer communications
For more information, please see
http://www.signalprocessingsociety.org/publications/periodicals/forensics/forensics-authors-info/.
IEEE Network,
Special Issue on Network Traffic Monitoring and Analysis,
May 2011.
(Submission Due 15 November 2010) [posted here 07/12/10]
Guest editor: Wei Wang (University of Luxembourg, Luxembourg),
Xiangliang Zhang (University of Paris-sud 11, France),
Wenchang Shi (Renmin University of China, China),
Shiguo Lian (France Telecom R&D Beijing, China),
and Dengguo Feng (Chinese Academy of Sciences, China)
Modern computer networks are increasingly complex and ever-evolving.
Understanding and measuring such a network is a difficult yet vital
task for network management and diagnosis. Network traffic monitoring,
analysis and anomaly detection provides useful tools in understanding
network behavior and in determining network performance and
reliability so as to effectively troubleshoot and resolve the
issues in practice. Network traffic monitoring and anomaly detection
also provides a basis for prevention and reaction in network security,
as intrusions, attacks, worms, and other kinds of malicious behaviors
can be detected by traffic analysis and anomaly detection.
This special issue seeks original articles examining the state of the art,
open issues, research results, tool evaluation, and
future research directions in network monitoring, analysis and anomaly detection.
Possible topics include:
- Network traffic analysis and classification
- Traffic sampling and signal processing methods
- Network performance measurements
- Network anomaly detection and troubleshooting
- Network security threats and countermeasures
- Network monitoring and traffic measurement systems
- Real environment experiments and testbeds
For more information, please see
http://dl.comsoc.org/livepubs/ni/info/cfp/cfpnetwork0511.htm.
July 2010
WESS 2010
5th Workshop on Embedded Systems Security,
Scottsdale, AZ, USA, October 24, 2010.
(Submissions due 26 July 2010) [posted here 06/07/10]
Embedded computing systems are widely found in application areas ranging
from safety-critical systems to vital information management. This
introduces a large number of security issues. Embedded systems are
vulnerable to remote intrusion, local intrusion, fault-based and
power/timing-based attacks, intellectual-property theft, subversion,
hijacking and more. Due to their strong link to software engineering
and hardware engineering, these security issues are different from
the traditional security problems found on personal computers. For
example, embedded devices are resource-constrained in power and
performance, which requires them to use computationally efficient
solutions. They have a very weak physical trust boundary, which
enables many different implementation-oriented attacks. They use
an intimate connection between hardware and software, often
without the shielding of an operating system. This workshop
provides a forum for researchers to present novel ideas on
addressing security issues that arise in the design, the operation,
and the testing of secure embedded systems. Of particular interest
are security topics that are unique to embedded systems.
Topics of Interest:
- Trust models for secure embedded hardware and software
- Isolation techniques for secure embedded hardware,
hyperware, and software
- System architectures for secure embedded systems
- Metrics for secure design of embedded hardware and software
- Security concerns for medical and other applications of
embedded systems
- Support for intellectual property protection and anti-counterfeiting
- Specialized components for authentication, key storage and key generation
- Support for secure debugging and troubleshooting
- Implementation attacks and countermeasures
- Design tools for secure embedded hardware and software
- Hardware/software codesign for secure embedded systems
- Specialized hardware support for security protocols
For more information, please see
http://www.wess-workshop.org/.
August 2010
INTRUST 2010
International Conference on Trusted Systems,
Beijing, China, December 13-15, 2010.
(Submissions due 1 August 2010) [posted here 04/12/10]
INTRUST 2010 conference focuses on the theory, technologies and applications of
trusted systems. It is devoted to all aspects of trusted computing systems,
including trusted modules, platforms, networks, services and applications,
from their fundamental features and functionalities to design principles,
architecture and implementation technologies. The goal of the conference is
to bring academic and industrial researchers, designers, and implementers
together with end-users of trusted systems, in order to foster the exchange
of ideas in this challenging and fruitful area.
INTRUST 2010 solicits original papers on any aspect of the theory, advanced
development and applications of trusted computing, trustworthy systems and
general trust issues in modern computing systems. The conference will have
an academic track and an industrial track. This call for papers is for
contributions to both of the tracks. Submissions to the academic track
should emphasize theoretical and practical research contributions to
general trusted system technologies, while submissions to the industrial
track may focus on experiences in the implementation and deployment of
real-world systems.
For more information, please see
http://www.tcgchina.org.
NDSS 2011
Network & Distributed System Security Symposium,
San Diego, California, USA, February 6-9, 2011.
(Submissions due 6 August 2010) [posted here 06/07/10]
The Network and Distributed System Security Symposium fosters information
exchange among researchers and practitioners of network and distributed
system security. The target audience includes those interested in
practical aspects of network and distributed system security, with
a focus on actual system design and implementation. A major goal is
to encourage and enable the Internet community to apply, deploy,
and advance the state of available network and distributed systems
security technology. Special emphasis will be made to accept papers
in the core theme of network and distributed systems security.
Consequently, papers that cover networking protocols and distributed
systems algorithms are especially invited to be submitted. Moreover,
practical papers in these areas are also very welcome.
Submissions are solicited in, but not limited to, the following areas:
- Integrating security in Internet protocols: routing, naming, network management
- High-availability wired and wireless networks
- Security for Cloud Computing
- Future Internet architecture and design
- Security of Web-based applications and services
- Anti-malware techniques: detection, analysis, and prevention
- Security for future home networks, Internet of Things, body-area networks
- Intrusion prevention, detection, and response
- Combating cyber-crime: anti-phishing, anti-spam, anti-fraud techniques
- Privacy and anonymity technologies
- Security for emerging technologies: sensor networks, wireless/mobile
(and ad hoc) networks, and personal communication systems
- Security for Vehicular Ad-hoc Networks (VANETs)
- Security for peer-to-peer and overlay network systems
- Security for electronic commerce: e.g., payment, barter, EDI,
notarization, timestamping, endorsement, and licensing
- Implementation, deployment and management of network security policies
- Intellectual property protection: protocols, implementations,
metering, watermarking, digital rights management
- Public key infrastructures, key management, certification, and revocation
- Special problems and case studies: e.g., tradeoffs between security
and efficiency, usability, reliability and cost
- Security for collaborative applications: teleconferencing and video-conferencing
- Security for large-scale systems and critical infrastructures
(e.g., electronic voting, smart grid)
- Applying Trustworthy Computing mechanisms to secure
network protocols and distributed systems
For more information, please see
http://hotcrp.cylab.cmu.edu/ndss11/.
CPSRT 2010
International Workshop on Cloud Privacy, Security, Risk & Trust,
Held in conjunction with the 2nd IEEE International Conference
on Cloud Computing Technology and Science (CloudCom 2010),
Indianapolis, IN, USA, November 30 - December 3, 2010.
(Submissions due 15 August 2010) [posted here 06/21/10]
Cloud computing has emerged to address an explosive growth of
web-connected devices, and handle massive amounts of data. It is
defined and characterized by massive scalability and new
Internet-driven economics. Yet, privacy, security, and trust
for cloud computing applications are lacking in many instances
and risks need to be better understood. Privacy in cloud computing
may appear straightforward, since one may conclude that as
long as personal information is protected, it shouldn’t matter
whether the processing is in a cloud or not. However, there may be
hidden obstacles such as conflicting privacy laws between the
location of processing and the location of data origin. Cloud
computing can exacerbate the problem of reconciling these locations
if needed, since the geographic location of processing can be
extremely difficult to find out, due to cloud computing’s dynamic
nature. Another issue is user-centric control, which can be a legal
requirement and also something consumers want. However, in cloud
computing, the consumers' data is processed in the cloud, on machines
they don't own or control, and there is a threat of theft, misuse or
unauthorized resale. Thus, it may even be necessary in some cases to
provide adequate trust for consumers to switch to cloud services.
In the case of security, some cloud computing applications simply
lack adequate security protection such as fine-grained access control
and user authentication (e.g. Hadoop). Since enterprises are attracted
to cloud computing due to potential savings in IT outlay and management,
it is necessary to understand the business risks involved. If cloud
computing is to be successful, it is essential that it is trusted by
its users. Therefore, we also need studies on cloud-related trust
topics, such as what are the components of such trust and how can
trust be achieved, for security as well as for privacy.
The CPSRT workshop will bring together a diverse group of academics
as well as government and industry practitioners in an integrated
state-of-the-art analysis of privacy, security, risk, and
trust in the cloud. The workshop will address cloud issues
specifically related to (but not limited to) the following
topics of interest:
- Access control and key management
- Security and privacy policy management
- Identity management
- Remote data integrity protection
- Secure computation outsourcing
- Secure data management within and across data centers
- Secure distributed data storage
- Secure resource allocation and indexing
- Intrusion detection/prevention
- Denial-of-Service (DoS) attacks and defense
- Web service security, privacy, and trust
- User requirements for privacy
- Legal requirements for privacy
- Privacy enhancing technologies
- Privacy aware map-reduce framework
- Risk or threat identification and analysis
- Risk or threat management
- Trust enhancing technologies
- Trust management
For more information, please see
http://cpsrt.cloudcom.org/.
CT-RSA 2011
RSA Conference, The Cryptographers' Track,
San Francisco, CA, USA, February 14-18, 2011.
(Submissions due 20 August 2010) [posted here 07/19/10]
The RSA Conference is the largest annual computer security event,
with over 350 vendors, and thousands of attendees. The Cryptographers'
Track (CT-RSA) is a research conference within the RSA Conference.
CT- RSA has begun in 2002, and has become an established venue for
presenting cryptographic research papers. Original research papers
pertaining to all aspects of cryptography are solicited. Submissions
may present applications, techniques, theory, and practical experience
on topics including, but not limited to:
- public-key encryption
- symmetric-key encryption
- cryptanalysis
- digital signatures
- hash functions
- cryptographic protocols
- tamper-resistance
- fast implementations
- elliptic-curve cryptography
- lattice-based cryptography
- quantum cryptography
- formal security models
- network security
- hardware security
- e-commerce
For more information, please see
http://ct-rsa2011.di.uoa.gr.
SAC-TRECK 2011
26th ACM Symposium on Applied Computing,
Track: Trust, Reputation, Evidence and other Collaboration Know-how (TRECK),
TaiChung, Taiwan, March 21-25, 2011.
(Submissions due 24 August 2010) [posted here 07/12/10]
The goal of the ACM SAC 2011 TRECK track remains to review the set of
applications that benefit from the use of computational trust and online
reputation. Computational trust has been used in reputation systems,
risk management, collaborative filtering, social/business networking
services, dynamic coalitions, virtual organisations and even combined
with trusted computing hardware modules. The TRECK track covers all
computational trust/reputation applications, especially those
used in real-world applications.
The topics of interest include, but are not limited to:
- Trust management, reputation management and identity management
- Pervasive computational trust and use of context-awareness
- Mobile trust, context-aware trust
- Web 2.0 reputation and trust
- Trust-based collaborative applications
- Automated collaboration and trust negotiation
- Trade-off between privacy and trust
- Trust/risk-based security frameworks
- Combined computational trust and trusted computing
- Tangible guarantees given by formal models of trust and risk
- Trust metrics assessment and threat analysis
- Trust in peer-to-peer and open source systems
- Technical trust evaluation and certification
- Impacts of social networks on computational trust
- Evidence gathering and management
- Real-world applications, running prototypes and advanced simulations
- Applicability in large-scale, open and decentralised environments
- Legal and economic aspects related to the use of trust and reputation engines
- User-studies and user interfaces of computational trust and online
reputation applications
For more information, please see
http://www.trustcomp.org/treck/.
September 2010
In-Bio-We-Trust 2010
International Workshop on Bio-Inspired Trust Management for Information Systems,
Held in conjunction with the Bionetics 2010,
Boston, MA, USA, December 1-3, 2010.
(Submissions due 1 September 2010) [posted here 06/21/10]
Traditional security mechanisms fall short of what new information systems
need. To fix this problem, two research communities have recently proposed
new security mechanisms. One of those communities is called "bio-inspired
systems" and is increasingly borrowing ideas from nature to make information
systems more effective and robust. The other is called "trust management systems" and
has been proposing and scrutinizing algorithms for information systems
that mimic how people manage trust in society. Increasingly the two
communities are working on similar research problems but, alas, they
are doing so separately. Although there is an enormous number of
potentially useful bio-inspired mechanisms that can be exploited in
trust management, it comes as a surprise that bio-inspired trust
management has not received any attention at all.
Clearly,the dialog between researchers in bio-inspired systems and in trust
management should widen. The workshop seeks to bring together the
world's experts in both communities, and to stimulate and
disseminate interesting research ideas and results.
Contributions are solicited in all aspects of bio-inspired and
trust management systems, including:
- Bio-inspired models for managing trust in any information systems:
virtual organizations, grid and cloud computing,
mobile-ad-hoc/opportunistic/delay-tolerant networks,
service oriented architectures,
self-organizing networks and communities,
mobile cooperative systems,
mobile platforms, recommender systems.
- Fixed and mobile architectures and protocols for distributed trust management.
- Identity management in trust models.
- Security attacks to trust systems and adaptive bio-inspired defenses.
- Incorporation of bio-inspired algorithms into security communication
protocols and computing architectures.
- Descriptions of pilot programs, case studies, applications,
work-in-progress, surveys, and experiments integrating biological
designs or trust and security aspects into information systems.
For more information, please see
http://inbiowetrust.org.
SecIoT 2010
The 1st Workshop on the Security of the Internet of Things,
Held in conjunction with the Internet of Things 2010,
Tokyo, Japan, November 29, 2010.
(Submissions due 10 September 2010) [posted here 07/19/10]
While there are many definitions of the Internet of Things (IoT), all of them
revolve around the same central concept: a world-wide network of interconnected
objects. These objets will make use of multiple technological building blocks,
such as wireless communication, sensors, actuators, and RFID, in order to
allow people and things to be connected anytime anyplace, with anything and
anyone. However, before this new vision takes its first steps, it is essential
to consider the security implications of billions of intelligent things
cooperating with other real and virtual entities over the Internet.
SecIoT'10 wants to bring together researchers and professionals from
universities, private companies and Public Administrations interested or
involved in all security-related heterogeneous aspects of the Internet of
Things. We invite research papers, work-in-progress reports, R&D projects
results, surveying works and industrial experiences describing significant
security advances in the following (non-exclusive) areas of the Internet of Things:
- New security problems in the context of the IoT
- Privacy risks and data management problems
- Identifying, authenticating, and authorizing entities
- Development of trust frameworks for secure collaboration
- New cryptographic primitives for constrained "things"
- Connecting heterogeneous ecosystems and technologies
- Legal Challenges and Governance Issues
- Resilience to external and internal attacks
- Context-Aware security
- Providing protection to an IP-connected IoT
- Web services security and other application-layer issues
For more information, please see
http://www.isac.uma.es/seciot10.
ESSoS 2011
International Symposium on Engineering Secure Software and Systems,
Madrid, Spain, February 9-10, 2011.
(Submissions due 13 September 2010) [posted here 03/29/10]
Trustworthy, secure software is a core ingredient of the modern world.
Unfortunately, the Internet is too. Hostile, networked environments, like the Internet,
can allow vulnerabilities in software to be exploited from anywhere. To address this,
high-quality security building blocks (e.g., cryptographic components) are necessary,
but insufficient. Indeed, the construction of secure software is challenging because of
the complexity of modern applications, the growing sophistication of security requirements,
the multitude of available software technologies and the progress of attack vectors.
Clearly, a strong need exists for engineering techniques that scale well and that
demonstrably improve the software's security properties.
The Symposium seeks submissions on subjects related to its goals. This includes
a diversity of topics including (but not limited to):
- scalable techniques for threat modeling and analysis of vulnerabilities
- specification and management of security requirements and policies
- security architecture and design for software and systems
- model checking for security
- specification formalisms for security artifacts
- verification techniques for security properties
- systematic support for security best practices
- security testing
- security assurance cases
- programming paradigms, models and DLS's for security
- program rewriting techniques
- processes for the development of secure software and systems
- security-oriented software reconfiguration and evolution
- security measurement
- automated development
- trade-off between security and other non-functional requirements
- support for assurance, certification and accreditation
For more information, please see
http://distrinet.cs.kuleuven.be/events/essos2011/.
CODASPY 2011
1st ACM Conference on Data and Application Security and Privacy,
San Antonio, TX, USA, February 21-23, 2011.
(Submissions due 15 September 2010) [posted here 05/10/10]
Data and the applications that manipulate data are the crucial assets
in today's information age. With the increasing drive towards availability
of data and services anytime anywhere, security and privacy risks
have increased. New applications such as social networking and social
computing provide value by aggregating input from numerous individual
users and/or the mobile devices they carry with them and computing new
information of value to society and individuals. Data and applications
security and privacy has rapidly expanded as a research field with many
important challenges to be addressed. The goal of the conference is to
discuss novel exciting research topics in data and application security
and privacy and to lay out directions for further research and
development in this area. The conference seeks submissions from diverse
communities, including corporate and academic researchers, open-source
projects, standardization bodies, governments, system and security
administrators, software engineers and application domain experts.
For more information, please see
http://www.codaspy.org/.
October 2010
FC 2011
15th International Conference on Financial Cryptography and Data Security,
Bay Gardens Beach Resort, St. Lucia, February 28 – March 4, 2011.
(Submissions due 1 October 2010) [posted here 07/19/10]
Financial Cryptography and Data Security is a major international forum for
research, advanced development, education, exploration, and debate regarding
information assurance, with a specific focus on commercial contexts. The
conference covers all aspects of securing transactions and systems. Original
works focusing on both fundamental and applied real-world deployments on all
aspects surrounding commerce security are solicited. Submissions need not be
exclusively concerned with cryptography. Systems security and
inter-disciplinary efforts are particularly encouraged.
For more information, please see
http://ifca.ai/fc11/.
IFIP-DF 2011
7th Annual IFIP WG 11.9 International Conference on Digital Forensics,
Orlando, Florida, USA, January 30 – February 2, 2011.
(Submissions due 15 October 2010) [posted here 05/10/10]
The IFIP Working Group 11.9 on Digital Forensics (www.ifip119.org) is
an active international community of scientists, engineers and practitioners
dedicated to advancing the state of the art of research and practice
in the emerging field of digital forensics. The Seventh Annual
IFIP WG 11.9 International Conference on Digital Forensics will
provide a forum for presenting original, unpublished research
results and innovative ideas related to the extraction, analysis
and preservation of all forms of electronic evidence. Papers and
panel proposals are solicited. All submissions will be refereed
by a program committee comprising members of the Working Group.
Papers and panel submissions will be selected based on their
technical merit and relevance to IFIP WG 11.9. The conference
will be limited to approximately sixty participants to
facilitate interactions between researchers and intense
discussions of critical research issues. Keynote presentations,
revised papers and details of panel discussions will be published
as an edited volume – the seventh in the series entitled Research
Advances in Digital Forensics (Springer) in the summer of 2011.
Revised and/or extended versions of selected papers from the
conference will be published in special issues of one or more
international journals. Technical papers are solicited in all
areas related to the theory and practice of digital forensics.
Areas of special interest include, but are not limited to:
- Theories, techniques and tools for extracting, analyzing
and preserving digital evidence
- Network forensics
- Portable electronic device forensics
- Digital forensic processes and workflow models
- Digital forensic case studies
- Legal, ethical and policy issues related to digital forensics
For more information, please see
http://www.ifip119.org.
Journal of Privacy Technology (JOPT),
Editor-in-Chief: Latanya Sweeney
This online-only Journal, started in 2004 and operated by Carnegie
Mellon University, is a forum for the publication of original
current research in privacy technology. It encourages the submission
of any material dealing primarily with the technological aspects of
privacy or with the privacy aspects of technology, which may include
analysis of the interaction between policy and technology or the
technological implications of legal decisions. More information can
be found at http://www.jopt.org/.
IEEE Security and Privacy Magazine, Editor-in-Chief:
Carl E. Landwehr
IEEE Security & Privacy provides a unique combination of research
articles, case studies, tutorials, and regular departments covering
diverse aspects of information assurance such as legal and ethical
issues, privacy concerns, tools to help secure information, analysis
of vulnerabilities and attacks, trends and new developments,
pedagogical and curricular issues in educating the next generation
of security professionals, secure operating systems and
applications, security issues in wireless networks, design and test
strategies for secure and survivable systems, and cryptology. More
information can be found at
http://computer.org/security/.
ACM Transactions on Information and System Security,
Editor-in-Chief: Gene Tsudik
ACM invites submissions for its Transactions on Information and
System Security, inaugurated in November 1998. TISSEC publishes
original archival-quality research papers and technical notes in all
areas of information and system security including technologies,
systems, applications, and policies. Papers should have practical
relevance to the construction, evaluation, application, or operation
of secure systems. Theoretical papers will be accepted only if there
is convincing argument for the practical significance of the
results. Theory must be justified by convincing examples
illustrating its application. More information is given on the
journal web page at
http://www.acm.org/tissec.
IEEE Transactions on Dependable and Secure Computing,
Editor-in-Chief: Virgil D. Gligor
The IEEE Transactions on Dependable and Secure Computing publishes
archival research results related to research into foundations,
methodologies, and mechanisms that support the achievement—through
design, modeling, and evaluation—of systems and networks that are
dependable and secure to the desired degree without compromising
performance. The focus will also include measurement, modeling, and
simulation techniques, and foundations for jointly evaluating,
verifying, and designing for performance, security, and dependability
constraints. More information is given on the
journal web page at
http://www.computer.org/tdsc/.
The Kluwer International Series on ADVANCES IN INFORMATION
SECURITY.
The purpose of the Advances in Information Security book series is
to establish the state of the art and set the course for future
research in information security. The scope of this series includes
not only all aspects of computer and network security, but related
areas such as fault tolerance and software assurance. The series
will serve as a central source of reference for information security
research and developments. The series aims to publish thorough and
cohesive overviews on specific topics in Information Security, as
well as works that are larger in scope than survey articles and that
will contain more detailed background information. The series also
provides a single point of coverage of advanced and timely topics
and a forum for topics that may not have reached a level of maturity
to warrant a comprehensive textbook. Prospective Authors or Editors:
If you have an idea for a book that would fit in this series, we
would welcome the opportunity to review your proposal. Should you
wish to discuss any potential project further or receive specific
information regarding book proposal requirements, please contact
either Sushil Jajodia (jajodia@gmu.edu,703-993-1653) or Lance Wobus
(lance.wobus@wkap.com, 781-681-0602)
Journal of Computer Security,
Editor-in-Chief: Sushil Jadodia and Jonathan Millen
JCS is an archival research journal for significant advances in
computer security. Subject areas include architecture, operating systems,
database systems, networks, authentication, distributed systems,
formal models, verification, algorithms, mechanisms, and policies.
Submissions: send six copies to one of the editors in chief:
Sushil Jadodia, CSIS, George Mason University, 440 University Drive,
Fairfax, VA 22030, or Jonathan Millen, The MITRE Corporation,
202 Burlington Rd., Bedford, MA. Subscriptions: contact IOS Press,
Niewe Hemweg 6B, 1013 BG Amsterdam, Netherlands, (e-mail: order@iospress.nl)
for information about individual or institutional subscriptions or back issues.
More information is given on the journal web page at
http://www.mitre.org/jcs.
Computers & Security,
Editor-in-Chief: Dimitris Gritzalis
Computers & Security aims to satisfy the needs of managers
and experts involved in computer security by providing a blend of
research developments, innovations, and practical management advice.
Original submissions on all computer security topics are invited,
particularly those of practical benefit to the practitioner. Four
copies of papers from 5-10,000 words should be sent to the editor,
N. Dudley, at Elsevier Advanced Technology, P.O. Box 150,
Kidlington, Oxford, OX5 1AS, United Kingdom. Telephones: voice
+44(0)1865 843848 / 843000; fax +44 (0) 1865 843971. More
information can be found at
http://www.elsevier.com/locate/issn/01674048.
International Journal of Information Security,
Editors-in-Chief: D. Gollmann; J. Lopez; E. Okamoto
The International Journal of Information Security, IJIS, aims to
provide prompt publication of important technical work in
information security, attracting any person interested in
communications, commerce, banking, medicine, or other areas of
endeavor affected by information security. Any research submission
on theory, applications, and implementations of information security
is welcomed. This includes, but is not limited to, system security,
network security, content protection, applications and foundations
of information security. More information is given on the journal
web page at
http://link.springer.de/link/service/journals/10207/index.htm.
International Journal of Network Security,
Editors-in-Chief: Min-Shiang Hwang
International Journal of Network Security is an international
official journal of Science Publications, publishing original articles,
reviews and short communications of a high scientific and technology
in network security. Subjects covered include: access control,
computer security, cryptography, communications security, data security,
database security, electronic commerce security, information security,
multimedia security, and network security. Authors are strongly encouraged
to submit their papers electronically by using online manuscript submission
at
http://ijns.nchu.edu.tw/, or submit their Word, ps or pdf file
to the editor-in-chief (via Email: mshwang@isrc.nchu.edu.tw): Min-Shiang Hwang,
at the Department of Management Information Systems,
National Chung Hsing University, Taiwan, R.O.C. More
information can be found at
http://ijns.nchu.edu.tw/.
International Journal of Security and Networks,
Editors-in-Chief: Yang Xiao
International Journal of Security and Networks is an archival research journal
for significant advances in network security. Subject areas include attack models,
security mechanisms, security services, authentication, authorization, access control,
multicast security, data confidentiality, data integrity, non-repudiation, forensics,
privacy protection, secure protocols, formal analyses, intrusion detection,
key management, trust establishment, revocation of malicious parties, security policies,
fraudulent usage, dependability and reliability, prevention of traffic analysis,
network security performance evaluation, tradeoff analysis between performance and
security, security standards, etc. All papers must be submitted online
at
http://www.inderscience.com/ijsn/. More information is given on
the journal web page at
http://www.inderscience.com/ijsn/.
International Journal of Critical Infrastructure Protection,
Editors-in-Chief: Sujeet Shenoi
International Journal of Critical Infrastructure Protection's
primary aim is to publish high quality scientific and policy papers in all
areas of critical infrastructure protection. Of particular interest are
articles that weave science, technology and policy to craft
sophisticated yet practical solutions that will secure information,
computer and network assets in the various critical infrastructure
sectors. All papers must be submitted online
at
http://www.elsevier.com/locate/ijcip. More information is given on
the journal web page at
http://www.elsevier.com/locate/ijcip.
IEEE Transactions on Information Forensics and Security,
Editors-in-Chief: Nasir D. Memon
IEEE Transactions on Information Forensics and Security aims to
provide a unified locus for archival research on the fundamental contributions
and the mathematics behind information forensics, information security,
surveillance, and systems applications that incorporate these features.
Authors are strongly encouraged
to submit their papers electronically to the online manuscript system,
Manuscript Central, via
sps-ieee.manuscriptcentral.com. More
information can be found at
http://www.ieee.org/organizations/society/sp/tifs.html.
|