Last Modified:5/5/08

Note: Please send new calls to cipher-cfp@ieee-security.org and take a moment to read the submission guidelines. And please see the Cipher Calendar for events sorted in date order. For all other questions, please contact cipher-cfp@ieee-security.org by email.

Contents

Special Issues of Journals and Handbooks

ACM Transactions on Reconfigurable Technology and Systems, Special Issue on Security in Reconfigurable Systems Design, 2009. (Submission Due 23 May 2008) [posted here 5/5/08]

Guest editors: Patrick Schaumont (Virginia Tech, USA), Alex K. Jones (University of Pittsburgh, USA), and Steve Trimberger (Xilinx, USA)

The secure operation of computer systems and networks continues to be an important research topic for a variety of applications and infrastructures. Increasingly, these security concerns are extending from the software information-processing domain into the hardware domain and in particular into the reconfigurable computing research community. From a design perspective, security forms a separate dimension in design alongside of constraints on area, performance, and power. By carefully considering security issues in the design of reconfigurable hardware, security can become a basic property of the system implementation rather than being addressed as an afterthought. This special issue of ACM Transactions on Reconfigurable Technology and Systems solicits papers in the areas of secure design technologies and architectures for reconfigurable devices and novel applications for reconfigurable platforms. Topics of interest include but are not limited to the following areas:
Design Technologies and Architectures:
- Protection of hardware design intellectual property (e.g. FPGA bitstream).
- Side-channel resistant and fault-resistant design mechanisms.
- The use of Physically Unclonable Functions for authentication and anti-counterfeiting.
- Architectural techniques to mitigate the tradeoffs between power, performance, and area with system security.
- Methods for creating device-unique identifiers from device fabrication properties.
- Architectures that improve component isolation and resistance to physical attacks.
- Secure and formally verifiable/equivalent design automation techniques for reconfigurable hardware.
Novel Applications:
- Improving the performance or power consumption of software implementations of security algorithms using reconfigurable hardware.
- Acceleration to increase feasibility of brute force attacks on cryptographic algorithms.
- Use of physical partitioning of subsystems to improve secure system design.
- Use of reconfigurable architecture features for resistance to physical attacks.
- Prototyping of novel trusted computing primitives.

For more information, please see http://trets.cse.sc.edu/TRETS-Security-SI.pdf.

Wiley's Security and Communication Networks Journal, Special Issue on Security in Mobile Wireless Networks, 4th quarter of 2009. (Submission Due 30 September 2008) [posted here 4/28/08]

Guest editors: Abderrahim Benslimane (University of Avignon, France) Chadi Assi (Concordia University, Montreal, Canada), Stamatios V. Kartalopoulos (University of Oklahoma, USA), and Fred Nen-Fu Huang (National Tsing Hua University, Taiwan)

Security has become a primary concern in order to provide protected communication in mobile networks. Unlike the wired networks, the unique characteristics of mobile networks pose a number of nontrivial challenges to security design, such as open peer-to-peer network architecture, shared wireless medium, stringent resource constraints, highly dynamic network topology and absence of a trusted infrastructure. Ubiquitous roaming impacts on a radio access system by requiring that it supports handover between neighbouring cells and different networks. Also, mobile networks are more exposed to interferences than wired networks. There are several components that contribute to this: adjacent channels, co-channels, Doppler shifts, multipath, and fading. This SI aims to identify and explore the different issues and challenges related to security aspects in mobile networks. What are the impacts (benefits or inconvenience) of mobility on security? What are the appropriate mobility models to have a good level of security? Are Classical IDS approaches appropriate for mobile environments? How can be managed security when Mobility pattern and/or behaviour prediction? The complete security solution should span both layers, and encompass all three security components of prevention, detection, and reaction. Topics of interest include, but are not limited to, the following as they relate to mobile networks:
- Secure mobile PHY/MAC protocols
- Secure mobile routing protocols
- Security under resource constraints (e.g., energy, bandwidth, memory, and computation constraints)
- Performance and security tradeoffs in mobile networks
- Secure roaming across administrative domains
- Key management in mobile scenarios
- Cryptographic Protocols
- Authentication and access control in mobile networks
- Intrusion detection and tolerance in mobile network
- Trust establishment, negotiation, and management
- Secure mobile location services
- Secure clock distribution
- Privacy and anonymity
- Denial of service in mobile networks
- Prevention of traffic analysis

For more information, please see http://www3.interscience.wiley.com/cgi-bin/jtoc/114299116/.

Conference and Workshop Call-for-papers

FCC 2008 4th Workshop on Formal and Computational Cryptography, Carnegie Mellon University, Pittsburgh, PA, USA, June 26, 2008. (Submissions due 5 May 2008) [posted here 4/28/08]
Since the 1980s, two approaches have been developed for analyzing security protocols. One of the approaches is based on a computational model that considers issues of computational complexity and probability. Messages are modeled as bitstrings and security properties are defined in a strong form, in essence guaranteeing security with high probability against all probabilistic polynomial-time attacks. However, it is difficult to prove security of large, complex protocols in this model. The other approach relies on a symbolic model of protocol execution in which messages are modelled using a term algebra and cryptographic primitives are treated as perfect black-boxes, e.g. the only way to decrypt a ciphertext is to use the corresponding decryption key. This abstraction enables significantly simpler and often automated analysis of complex protocols. Since this model places strong constraints on the attacker, a fundamental question is whether such an analysis implies the strong security properties defined in the computational model. This workshop focuses on approaches that combine and relate symbolic and computational protocol analysis. Over the last few years, there has been a spate of research results in this area. One set of results establish correspondence theorems between the two models, in effect showing that for a certain class of protocols and properties, security in the symbolic model implies security in the computational model. In other work, researchers use language-based techniques such as process calculi and protocol logics to reason directly about the computational model. Several projects are investigating ways of mechanizing computationally sound proofs of protocols. T he workshop seeks results in this area of computationally sound protocol analysis: foundations and tools.

For more information, please see http://www.di.ens.fr/~blanchet/fcc08/.

IWSEC 2008 3rd International Workshop on Security, Kagawa, Japan, November 25-27, 2008. (Submissions due 8 May 2008) [posted here 1/17/08]
The aim of IWSEC2008 is to contribute to security research and development addressing the topics from traditional theory and tools on security to other up-to-date issues. Topics include but are not limited to:
- Cryptography
- Authorization and Access Control
- Biometrics
- Information Hiding
- Quantum Security
- Network and Distributed Systems Security
- Privacy Enhancing Technology
- Security Issues in Ubiquitous/Pervasive Computing
- Security Management
- Software and System Security
- Protection of Critical Infrastructure
- Digital Forensics
- Economics and Other Scientific Approaches for Security

For more information, please see http://www.iwsec.org.

AISec 2008 1st ACM Workshop on AISec, Held in conjunction with the 15th ACM Conference on Computer and Communication Security (CCS 2008), Alexandria, VA, USA, October 27, 2008. (Submissions due 9 May 2008) [posted here 3/3/08]
The ubiquitous nature of information and communication today is often cited as the cause of many security and privacy problems including identity and reputation management, viruses/worms and phishing/pharming. There is strong evidence, however, that this abundance of information and communication has at least as many security and privacy benefits as costs. Consider for example, the use of machine learning algorithms to detect network intrusions, crowd-based approaches to anonymous communication and the use of data mining algorithms to determine content sanitization. All of these efforts benefit from recent advances in AI, which have often been driven by increases in the amount of available data. To fully realize the security and privacy benefits of today's ubiquitous information, the security community needs expertise in the tools and techniques for managing that information, namely, artificial intelligence technology, and the AI community needs an understanding of security and privacy problems. To facilitate an exchange of ideas between these two communities, we are holding the first workshop in "AISec" in conjunction with the 15th ACM Conference on Computer and Communications Security (CCS), the new field of security and privacy solutions that leverage AI technologies. The topics of interest include but are not limited to:
- Spam detection
- Fraud detection
- Botnet detection
- Intrusion detection
- Malware identification
- Insider threat detection
- Privacy-preserving data mining
- Inference detection and control
- Phishing detection and prevention
- Design and analysis of CAPTCHAs
- AI approaches to trust and reputation
- Machine learning techniques for optimizing user experience
- Vulnerability testing through intelligent probing (e.g. fuzzing)
- Content-driven security policy management & access control
- Techniques and methods for generating training and test set

For more information, please see http://www.aisec.info.

WPES 2008 7th ACM Workshop on Privacy in the Electronic Society, Held in conjunction with the 15th ACM Conference on Computer and Communication Security (CCS 2008), Alexandria, VA, USA, October 27, 2008. (Submissions due 12 May 2008) [posted here 4/21/08]
The need to consider privacy has been widely recognized in society at large, with resulting impact on government, commerce, education, health care, entertainment, and other sectors. This workshop discusses the problems related to privacy in the global interconnected society and their possible solutions. The workshop seeks submissions from academia and industry presenting novel research on all theoretical and practical aspects of electronic privacy, as well as experimental studies of fielded systems. We encourage submissions from other communities such as law and business that present these communities' perspectives on technological issues. Topics of interest include, but are not limited to:
- anonymity, pseudonymity, and unlinkability
- privacy and confidentiality management
- business models with privacy requirements
- privacy in electronic records
- protection from correlation, inference, and linking attacks
- privacy in health care and public administration
- electronic communication privacy
- public records and personal privacy
- information dissemination control
- privacy and virtual identity
- privacy-aware access control
- personally identifiable information
- privacy in the digital business
- privacy policy enforcement
- privacy enhancing technologies
- privacy and data mining
- privacy policies and their enforcement
- relationships between privacy and security
- privacy and anonymity in Web transactions
- user profiling
- privacy in social networks
- wireless privacy
- privacy threats
- economics of privacy
- privacy and human rights
- RFIDs and privacy
- privacy in mobile computing
- privacy in outsourced computing
- privacy in electronic voting

For more information, please see http://dais.cs.uiuc.edu/wpes08.

QOP 2008 4th International Workshop on Quality of Protection, Held in conjunction with the 15th ACM Conference on Computer and Communication Security (CCS 2008), Alexandria, VA, USA, October 27, 2008. (Submissions due 15 May 2008) [posted here 3/3/08]
In the last few decades, Information Security has gained numerous standards, industrial certifications, and risk analysis methodologies. However, the field still lacks the strong, quantitative, measurement-based assurance that we find in other fields. For example, Networking researchers have created and utilize Quality of Service (QoS), Service Level Agreements (SLAs), and performance evaluation measures. Empirical Software Engineering has made similar advances with software measures: processes to measure the quality and reliability of software exist and are appreciated in industry. Security looks different. Even a fairly sophisticated standard such as ISO17799 has an intrinsically qualitative nature. Notions such as Security Metrics, Quality of Protection (QoP) or Protection Level Agreement (PLA) have surfaced in the literature, but they still have a qualitative flavor. Furthermore, many recorded security incidents have a non-IT cause. As a result, security requires a much wider notion of "system" than do most other fields in computer science. In addition to the IT infrastructure, the "system" in security includes users, work processes, and organizational structures. The goal of the QoP Workshop is to help security research progress towards a notion of Quality of Protection in Security comparable to the notion of Quality of Service in Networking, Software Reliability, or measures in Empirical Software Engineering. The topics of interest include but are not limited to:
- Industrial experience
- Security risk analysis
- Security measures
- Reliability analysis
- Security quality assurance
- Measurement-based decision making and risk management
- Empirical assessment of security architectures and solutions
- Mining data from attack and vulnerability repositories
- Measurement theory
- Formal theories of security measures
- Security measurement and monitoring
- Experimental validation of models
- Simulation and statistical analysis
- Stochastic modeling

For more information, please see http://qop-workshop.org.

IFIP-ISM 2008 IFIP TC 11.1 11th Annual Working Conference on Information Security Management, Hyderabad, India, December 16-20, 2008. (Submissions due 15 May 2008) [posted here 4/7/08]
With the security of information becoming an evermore significant concern of many organizations, information security management has become a real concern for many individuals and organizations. Advanced safeguards are required to protect the information assets of not only large but also small and distributed enterprises. Effective approaches to information security management, such as policies and certifications, are now required, and must be supported by a range of technical and human-centric measures. Topics of interest include, but are not limited to, the following:
- Formulating effective information security policies
- Establishing and maintaining security culture
- Security governance and compliance
- Strategies for managing security in SME environments
- Methodologies and techniques for certification and accreditation
- Standards for information security management
- Managing technology and people
- Organizing and assigning responsibility for security
- Outsourcing information security
- Risk assessment
- Measurement of security
- Requirements for awareness, training and education
- Evaluation of information security in companies
- Information security surveys and case studies

For more information, please see http://security.isy.vcu.edu/.

SecPri-WiMob 2008 1st International Workshop on Security and Privacy in Wireless and Mobile Computing, Networking and Communications, Held in conjunction with the 4th IEEE International Conference on Wireless and Mobile Computing, Networking and Communications (WiMob 2008), Avignon, France, October 12, 2008. (Submissions due 16 May 2008) [posted here 4/14/08]
Wireless and Mobile communication networks offer organizations and users several benefits, such as portability, mobility and flexibility, while increasing everyday business productivity, and reducing installation cost. However, although Wireless and Mobile communication environments eliminate many of the problems associated with traditional wired networks, the new security and privacy risks introduced by such environments need to be reduced by exploiting appropriate security measures and safeguards, ensuring an acceptable level of overall residual hazard. The objectives of the SecPri-WiMob 2008 Workshop are to bring together researchers from research communities in Wireless and Mobile Computing, Networking and Communications, Security and Privacy, with the goal of fostering interaction. We welcome the submission of papers from the full spectrum of issues related with Security and Privacy in Wireless and Mobile Computing, Networking and Communications. Papers may focus on protocols, architectures, methods, technologies, applications, practical experiences, simulation results and analysis, theory and validation on topics include, but not limited to:
- Cryptographic Protocols for Mobile and Wireless Networks
- Key Management in Mobile and Wireless Computing
- Reasoning about Security and Privacy
- Privacy and Anonymity in Mobile and Wireless Computing
- Public Key Infrastructure in Mobile and Wireless Environments
- Economics of Security and Privacy in Wireless and Mobile environments
- Security Architectures and Protocols in Wireless LANs
- Security Architectures and Protocols in B3G/4G Mobile Networks
- Security and Privacy features into Mobile and Wearable devices
- Location Privacy
- Ad hoc Networks Security
- Sensor Networks Security
- Wireless Ad Hoc Networks Security
- Role of Sensors to Enable Security
- Security and Privacy in Pervasive Computing
- Trust Establishment, Negotiation, and Management
- Secure PHY/MAC/routing protocols
- Security under Resource Constraints (bandwidth, computation constraints, energy)

For more information, please see http://www.aegean.gr/SecPri_WiMob_2008.

CRiSIS 2008 3rd International Conference on Risks and Security of Internet and Systems, Tozeur, Tunisia, October 28-30, 2008. (Submissions due 19 May 2008) [posted here 2/18/08]
The topics addressed by CRiSIS’2008 range from the analysis of faults, risks, attacks and vulnerabilities to system survivability and adaptability, passing through security policies and models, security and dependability mechanisms and privacy enhancing technologies. Topics include but are not limited to:
Models for specification, design and validation of security and dependability
- Security and trust models
- Models for security policies
- Formal methods, verification and certification
- UML and MDA for dependable systems
- Architectures for secure and dependable systems
- Self-protecting models and architectures
- Designing business models with security management
Management of security and dependability
- Management of risks, attacks and vulnerabilities
- Risk analysis, security and quality assurance
- Awareness of risks, attacks and vulnerabilities
- Metrology and security management
- Key management Infrastructure (PKI) and trust management
- Monitoring and management of faults
- Planning and executing of repair actions
- Adaptability management
Security and dependability techniques and mechanisms
- Authentication, authorization and audit
- Privacy protection and anonymization
- Intrusion detection and fraud detection
- Traceability and forensics
- Biometrics, watermarking, cryptography and security protocols
- Access and information flow controls
- Use of smartcards and personal devices
- Firewalls and intrusion detection systems
- Viruses, worms and malicious codes
- Attack data acquisition (honeypots) and network monitoring
- Adaptation of security policies
Secure and dependable systems
- Security and dependability of operating systems and network components
- Security of services oriented applications
- Security dependability of distributed and grid applications
- Fault tolerance of Internet applications
- Reflective middleware
- Security and safety of critical infrastructures
- Security and privacy of peer-to-peer system, wireless networks, VPN and embedded systems
- Security of new generation networks, security of Voice-over-IP and multimedia
- Self-protecting, self-stabilizing and self-healing systems
Secure and dependable applications
- Security in Electronic payment
- Security of electronic voting
- Security in e-health
- Dependability in e-learning

For more information, please see http://www.redcad.org/crisis2008/.

ICICS 2008 10th International Conference on Information and Communications Security, Birmingham, UK, October 20-22, 2008. (Submissions due 20 May 2008) [posted here 3/24/08]
The event, which started in 1997, brings together individuals involved in multiple disciplines of Information and Communications Security, in order to foster the exchange of ideas. ICICS 2008 will be organised by the School of Computer Science, University of Birmingham, in co-operation with HP Laboratories (Bristol, UK) and the International Communications and Information Security Association (ICISA). Original papers on all aspects of information and communications security are solicited for submission to ICICS 2008. Areas of interest include, but are not limited to:
- Access control
- Anti-malware
- Anonymity
- Applied cryptography
- Authentication and authorization
- Biometric security
- Data and system integrity
- Database security
- Distributed systems security
- Electronic commerce
- Fraud control
- Grid security
- Information hiding and watermarking
- Intellectual property protection
- Intrusion detection
- Key management and key recovery
- Language-based security
- Operating system security
- Network security
- Risk evaluation and security certification
- Security for mobile computing
- Security models
- Security protocols
- Trusted computing

For more information, please see http://events.cs.bham.ac.uk/icics08/.

DIM 2008 4th ACM Workshop on Digital Identity Management, Held in conjunction with the 15th ACM Conference on Computer and Communication Security (CCS 2008), Fairfax, VA, USA, October 31, 2008. (Submissions due 23 May 2008) [posted here 3/3/08]
As the competitive edge of the global economy is shifting to "services" delivered over the Internet, we need a way of making identity available on-demand to the services in an open, scalable, and secure manner. Identity for services is a holistic concern that must satisfy technology, regulatory and business needs for existing and emerging markets, such as Software as a Service (SaaS) and Service Oriented Architectures (SOA). Identity services should introduce consistency, efficiency and scalability in IT infrastructures built on the Internet to form the new "identity layer". Also, it should be easy for developers to incorporate identity services as part of distributed application logic. To fully achieve the potential benefits of identity managed as a set of services, such as cost-effectiveness and shorter deployment times, several security and privacy challenges must be addressed. Such challenges arise because of the complex and distributed systems across different organizations involved in identity service offerings. The goal of the workshop is to lay the foundation and agenda for further research and development in this area. Under the broad umbrella of "Services and Identity", we encourage both researchers and practitioners to participate and submit papers on topics including, but not limited to the following:
- Identity management for SaaS
- SOA for identity
- Scalability issues in identity management
- Resilient identity service provisioning
- Dynamic mutual trust negotiation
- SLA for identity services
- Identity based access control
- Migration to identity services
- Identity service discovery
- Virtual directories
- Identity management process assurance
- Identity life-cycle
- Externalization of identity
- Risk management for identity
- Identity oracles
- Translation and resolution of namespaces
- Network transport as a service
- Privacy and hosted services
- Mobile identities
- Balance between de-centralization of identity and centralization of controls
- Privacy preservation during orchestration of services in multiple domains

For more information, please see http://www2.pflab.ecl.ntt.co.jp/dim2008.

DRM 2008 8th ACM Workshop on Digital Rights Management, Held in conjunction with the 15th ACM Conference on Computer and Communication Security (CCS 2008), Alexandria, VA, USA, October 27, 2008. (Submissions due 23 May 2008) [posted here 3/10/08]
The ACM Workshop on Digital Rights Management is an international forum that serves as an interdisplinary bridge between areas that can be applied to solving the problem of Intellectual Property protection of digital content. These include: cryptography, software and computer systems design, trusted computing, information and signal processing, intellectual property law, policy-making, as well as business analysis and economics. Its purpose is to bring together researchers from the above fields for a full day of formal talks and informal discussions, covering new results that will spur new investigations regarding the foundations and practices of DRM.

For more information, please see http://www.ece.unm.edu/DRM2008/.

StorageSS 2008 4th International Workshop on Storage Security and Survivability, Held in conjunction with the 15th ACM Conference on Computer and Communication Security (CCS 2008), Alexandria, VA, USA, October 27, 2008. (Submissions due 23 May 2008) [posted here 5/5/08]
The 4th ACM International Workshop on Storage Security and Survivability (StorageSS 2008) will bring together researchers in storage systems, computer and network security, and cryptography. We encourage paper submissions from both research and industry presenting novel ideas on all theoretical and practical aspects of protecting data in storage and file systems. TOPICS OF INTEREST include, but aren't limited to:
- storage protection tradeoffs
- storage protection deployment (including case studies)
- smart storage for security and/or survivability
- analysis of covert storage channels and leaks
- mobile storage protection
- novel backup protection techniques
- protection using versioning
- storage encryption techniques (modes of operation, fast software/hardware encryption)
- key management techniques
- encrypted keyword search and database query
- security analysis of deployed file/volume encryptor, encrypted disc
- tamper-evident storage protection techniques
- immutable storage protection techniques, provenance
- storage threat models
- storage intrusion detection systems
- security for long-term / archival storage
- privacy and trust issues in (untrusted) remote/hosted storage
- TPM and storage security

For more information, please see http://storagess.org/2008/.

SecCo 2008 6th International Workshop on Security Issues in Concurrency, Toronto, Canada, August 23, 2008. (Submissions due 26 May 2008) [posted here 4/21/08]
Emerging trends in concurrency theory require the definition of models and languages adequate for the design and management of new classes of applications, mainly to program either WANs (like Internet) or smaller networks of mobile and portable devices (which support applications based on a dynamically reconfigurable communication structure). Due to the openness of these systems, new critical aspects come into play, such as the need to deal with malicious components or with a hostile environment. Current research on network security issues (e.g. secrecy, authentication, etc.) usually focuses on opening cryptographic point-to-point tunnels. Therefore, the proposed solutions in this area are not always exploitable to support the end-to-end secure interaction between entities whose availability or location is not known beforehand. The aim of the workshop is to cover the gap between the security and the concurrency communities. More precisely, the workshop promotes the exchange of ideas, trying to focus on common interests and stimulating discussions on central research questions. In particular, we look for papers dealing with security issues (such as authentication, integrity, privacy, confidentiality, access control, denial of service, service availability, safety aspects, fault tolerance, trust, language-based security) in emerging fields like web services, mobile ad-hoc networks, agent-based infrastructures, peer-to-peer systems, context-aware computing, global/ubiquitous/pervasive computing.

For more information, please see http://www.lsv.ens-cachan.fr/SecCo08/.

ACSAC 2008 24th Annual Computer Security Applications Conference, Anaheim, California, December 8-12, 2008. (Submissions due 1 June 2008) [posted here 4/21/08]
ACSAC is an internationally recognized forum where practitioners, researchers, and developers in information system security meet to learn and to exchange practical ideas and experiences. Papers offering novel contributions in any aspect of computer and application security are solicited. Papers may present technique, applications, or practical experience, or theory that has a clear practical impact. Papers are encouraged on technologies and methods that have been demonstrated to be useful for improving information systems security and that address lessons from actual application. Topics of interest include, but are not limited to:
- access control
- applied cryptography
- audit and audit reduction
- biometrics
- boundary control devices
- certification and accreditation
- database security
- defensive information warfare
- denial of service protection
- electronic commerce security
- enterprise security
- forensics
- identification and authentication
- identity management
- incident response planning
- information survivability
- insider threat protection
- integrity
- intellectual property rights protection
- intrusion detection
- malware
- multimedia security
- operating systems security
- peer-to-peer security
- privacy and anonymity
- product evaluation criteria and compliance
- risk/vulnerability assessment
- secure location services
- security engineering and management
- security in IT outsourcing
- service oriented architectures
- software assurance
- trust management
- virtualization security
- voip security

For more information, please see http://www.acsac.org.

VMSec 2008 1st ACM Workshop on Virtual Machine Security, Held in conjunction with the 15th ACM Conference on Computer and Communication Security (CCS 2008), Fairfax, VA, USA, October 31, 2008. (Submissions due 2 June 2008) [posted here 4/21/08]
This workshop, the first of its kind to deal exclusively with virtual machine security, will tackle the important research topics in virtualization security. Virtualization has seen an explosion in growth in deployment, implementations, and applications. Virtualization holds unique properties that make it attractive for security including isolation, compartmentalization, live state capture, and replay. Virtualization has been used to study malicious software as well as to prevent malicious software infection. In addition, virtualization itself is now the subject of attack. This workshop aims to bring together leading researchers in the fields of virtualization and security to present the latest work on these topics. Scope and topics include:
- Applications of virtualization for security
- Security and integrity of virtual machines
- Detecting virtualization
- Evading virtualization
- Trapping malicious code via virtualization
- Economic implications of virtualization
- Attacks and vulnerabilities against virtualization environments
- Honey Nets and Honey Client architectures, systems, and results
- Management and control of virtual machine farms for security
- Forensics using virtualization
- Enhancing privacy and anonymity using virtualization
- Measuring security and performance of virtualization
- Instrumentation and control of virtualization
- Performance optimization of virtual machines
- Performance and security analysis of lightweight virtualization
- Virtualization for mobile devices
- Vulnerabilities in virtualization environments

For more information, please see http://csis.gmu.edu/VMSec/.

NPSec 2008 4th workshop on Secure Network Protocols, Held in conjunction with the 16th IEEE International Conference on Network Protocols (ICNP 2008), Orlando, Florida, USA, October 19, 2008. (Submissions due 6 June 2008) [posted here 5/5/08]
NPSec focuses on two general areas. The first focus is on the development and analysis of secure or hardened protocols for the operation (establishment and maintenance) of network infrastructure, including such targets as secure multidomain, ad hoc, sensor or overlay networks, or other related target areas. This can include new protocols, enhancements to existing protocols, protocol analysis, and new attacks on existing protocols. The second focus is on employing such secure network protocols to create or enhance network applications. Examples include collaborative firewalls, incentive strategies for multiparty networks, and deployment strategies to enable secure applications. NPSec 2008 particularly welcomes new ideas on security in the context of future Internet design, such as architectural considerations for future Internet security and new primitives for supporting secure network protocol and application design. Topics of interest include but are not limited to:
- security in future Internet architectures
- secure and/or resilient network protocols, e.g. (internetworking/routing, MANETs, LANs and WLANs, mobile/cellular data networks, p2p and other overlay networks, federated trust systems, sensor networks)
- vulnerabilities of existing protocols and applications (both theoretical and case studies), including attacks
- key distribution/management
- intrusion detection and response
- incentive systems for p2p systems and MANETs routing
- secure protocol configuration and deployment

For more information, please see http://www.netsec.colostate.edu/npsec08/.

OSSCoNF 2008 1st Workshop on Open Source Software for Computer and Network Forensics, Held in conjunction with the 4th International Conference on Open Source Systems (OSS 2008), Milan, Italy, September 7-10, 2008. (Submissions due 7 June 2008) [posted here 2/25/08]
OSSCoNF aims at creating an informal, but selected academic venue to discuss the benefits (and drawbacks, if any) of using Free, Libre, and Open Source Software (FLOSS) for computer and network forensics, incident management and digital investigations. The main topics of interest for the workshop are:
- FLOSS tools for Evidence Management
- Tools for acquisition, collection, and storage of digital evidence
- Tools for identification, authentication, integrity preservation of digital evidence
- FLOSS tools for Analysis and Identification of Evidence
- Tools for the analysis and search of digital evidence
- Tools for cybercrime scenarios reconstruction, correlation and data mining applied to digital forensics
- Tools for analysis of embedded or non-traditional devices such as cellphones, cameras...
- FLOSS tools for analysis of cybercrime
- Data mining systems for cyber-crime strategy analysis and modeling
- Systems for data collection and monitoring of attack trends
- FLOSS tools validation and test cases, or FLOSS validation approaches for proprietary tools
- FLOSS tools for the automation of the forensic process and case management

For more information, please see http://conferenze.dei.polimi.it/ossconf.

InSPEC 2008 International Workshop on Security and Privacy in Enterprise Computing, Held in conjunction with the 12th IEEE International EDOC Conference (EDOC 2008), Munich, Germany, September 15, 2008. (Submissions due 13 June 2008) [posted here 4/7/08]
Several technologies have emerged for enterprise computing. Today, services are becoming the new building blocks of enterprise systems and service-oriented architectures are combining them in a flexible and novel way. These technological trends are accompanied by new business trends due to globalization that involve innovative forms of collaborations. All of these trends bring with them new challenges to the security and privacy of enterprise computing. New concepts for solving these challenges require the combination of many disciplines from computer science and information systems, such as cryptography, networking, distributed systems, process modeling and design, access control, privacy etc. It is the goal of this workshop to provide a forum for exchange of novel research in these areas among the experts from academia and industry. Topics include:
Security and privacy in workflow systems
- Access control architectures
- Modeling of security and privacy constraints
- Automatic security augmentation
- Secure/Trusted virtual domains
Security and privacy in service-oriented architectures
- Secure composition of services
- Semantic aware security
- Security services
- Trustworthy computation
Identity Management
- Security and Privacy
- Applications to compliance
- Effective use in business IT systems
Data sharing
- Cryptographic protection during data sharing
- Privacy-preserving distributed applications
- Efficient multi-party computations
- Privacy and data sharing policies
Security and privacy in management information systems
- Novel secure applications
- Secure and private data analytics
- Flexible and seamless security architectures
- Secure operating system design
Collaborations
- Secure and private supply chains
- Security and privacy in virtual organizations
- Private social network and Web 2.0 applications
- Security and privacy in outsourcing

For more information, please see http://ra.crema.unimi.it/inspec2008/.

SKM 2008 Workshop on Secure Knowledge Management, Richardson, Texas, USA, November 3-4, 2008. (Submissions due 13 June 2008) [posted here 5/5/08]
Knowledge management is the methodology for systematically gathering, organizing, and disseminating information. It essentially consists of processes and tools to effectively capture and share data as well as use the knowledge of individuals within an organization. Knowledge Management Systems (KMS) promote sharing information among employees and should contain security features to prevent any unauthorized access. Security is becoming a major issue revolving around KMS. Security methods may include authentication or passwords, cryptography programs, intrusion detection systems or access control systems. Issues include insider threat (protecting from malicious insiders), infrastructure protection (securing against subversion attacks) and establishing correct policies and refinement and enforcement. Furthermore KMS content is much more sensitive than raw data stored in databases and issues of privacy also become important. Since the attacks in 2001, many organizations, especially the US government, have increased their concern about KMS. With the advent of intranets and web-access, it is even more crucial to protect corporate knowledge as numerous individuals now have access to the assets of a corporation. Therefore, we need effective mechanisms for securing data, information, and knowledge as well as the applications. The proposed workshop in Secure Knowledge Management will help in raising the awareness of academics and practitioners in this critical area of research and develop important questions that need to be tackled by the research community. Topics of interest include, and are not limited to:
- Secure Languages (Secure Knowledge Query Manipulation Language, Security Assertion Markup Language, B2B Circles of Trust)
- Return of Investment on Secure Knowledge Systems
- Digital Rights Management (Digital Policy Management)
- Secure Content Management (Secure Content Management in Authorized Domains, Secure Content Delivery, Content Trust Index)
- Knowledge Management for National Security (Securing and Sharing What We Know: Privacy, Trust and Knowledge Management, Identity Security Guarantee, Building Trust and Security in the B2B Marketplace)
- Security and Privacy in Knowledge Management
- Wireless security in the context of Knowledge Management

For more information, please see http://cs.utdallas.edu/skm2008/call_for_papers.htm.

TrustCom 2008 The 2008 International Symposium on Trusted Computing, Central South University, Zhang Jia Jie, China, November 18-20, 2008. (Submissions due 15 June 2008) [posted here 4/28/08]
This symposium, held in conjunction with The 9th International Conference for Young Computer Scientists (ICYCS 2008), brings together researchers and engineers from academia, government and industry working on topics of trusted computing with regard to security, safety, privacy, reliability, dependability, survivability, availability, and fault tolerance aspects of computer systems and networks. The aim is to provide a forum for them to present and discuss emerging ideas and trends in this highly challenging research field. Main topics of interest include, but are not limited to:
- Semantics, metrics and models of trust
- Trust establishment, propagation, and management
- Trusted computing platform
- Trusted network computing
- Trusted operating system
- Trusted software
- Trusted database
- Trusted services and applications
- Trust in e-commerce and e-government
- Trust in mobile and wireless networks
- Cryptography and security protocols
- Reliable and fault-tolerant computer systems/networks
- Survivable computer systems/networks
- Authentication in computer systems/networks
- Access control in computer systems/networks
- Key management in computer systems/networks

For more information, please see http://trust.csu.edu.cn/conference/trustcom2008/.

SIS 2008 3rd International Workshop on Secure Information Systems, Wisla, Poland, October 20-22, 2008. (Submissions due 15 June 2008) [posted here 4/21/08]
The SIS workshop is envisioned as a forum to promote the exchange of ideas and results addressing complex security issues that arise in modern information systems. We aim at bringing together a community of security researchers and practitioners working in such divers areas as networking security, antivirus protection, intrusion detection, cryptography, security protocols, and others. We would like to promote an integrated view at the security of information systems. Covered topics include (but are not limited to):
- Access control
- Adaptive security
- Cryptography
- Copyright protection
- Cyberforensics
- Honeypots
- Information hiding
- Intrusion detection
- Network security
- Privacy
- Secure commerce
- Security exploits
- Security policies
- Security protocols
- Security services
- Security evaluation and prediction
- Software protection
- Trusted computing
- Threat modeling
- Usability and security
- Viruses and worms
- Zero-configuration security mechanisms

For more information, please see http://www.sis.imcsit.org/.

STC 2008 3rd ACM Workshop on Scalable Trusted Computing, Held in conjunction with the 15th ACM Conference on Computer and Communication Security (CCS 2008), Fairfax, VA, USA, October 31, 2008. (Submissions due 16 June 2008) [posted here 3/31/08]
Built on the continuous success of ACM STC'06 and STC'07, this workshop focuses on fundamental technologies of trusted computing and its applications in large-scale systems -- those involving large number of users and parties with varying degrees of trust. The workshop is intended to serve as a forum for researchers as well as practitioners to disseminate and discuss recent advances and emerging issues. Topics of interests include but not limited to:
- security policies and models of trusted computing
- architecture and implementation technologies for trusted platform
- limitations, alternatives and tradeoffs regarding trusted computing
- trust in authentications, users and computing services
- hardware based trusted computing
- software based trusted computing
- pros and cons of hardware based approach
- remote attestation of trusted devices
- censorship-freeness in trusted computing
- cryptographic support in trusted computing
- case study in trusted computing
- applications of trusted computing
- intrusion resilience in trusted computing
- access control for trusted computing
- principles for handling scales
- scalable trust supports and services
- trusted embedded computing and systems
- trusted computing in networks and distributed systems
- virtualization and trusted computing

For more information, please see http://www.sisa.samsung.com/innovation/stc08.

SERENE 2008 RISE/EFTS Joint International Workshop on Software Engineering for REsilieNt systEms, Newcastle upon Tyne, UK, November 17-19, 2008. (Submissions due 23 June 2008) [posted here 4/21/08]
The SERENE 2008 workshop is an international forum for researchers and practitioners interested in the advances in Software Engineering for Resilient Systems. SERENE 2008 views resilient systems as open distributed systems that have capabilities to dynamically adapt, in a predictable way, to unexpected and harmful events, including faults and errors. Engineering such systems is a challenging issue which needs urgent attention from and combined efforts by people working in various domains. Achieving this objective is a very complex task, since it implies reasoning explicitly and in a consistent way about systems functional and non-functional characteristics. SERENE advocates the idea that resilience should be explicitly included into traditional software engineering theories and practices and should become an integral part of all steps of software development. As current software engineering practices tend to either capture only normal behaviour, or to deal with all abnormal situations only at the late development phases, new software engineering methods and tools need to be developed to support explicit handling of abnormal situations through the whole software life cycle. Moreover, every phase of the software development process needs to be enriched with the phase-specific resilience means. The following constitutes a list of the key software engineering domains that the SERENE workshop will focus on. This list should not, however, be considered as closed or technically restrictive:
- Formal and semi-formal modelling of resilience properties
- Re-engineering for resilience
- Software development processes for resilience
- Requirement engineering processes for resilience
- Model Driven Engineering of resilient systems
- Verification and validation of resilient systems
- Error and fault handling in the software life-cycle
- Resilience through exception handling in the software life-cycle
- Frameworks and design patterns for resilience
- Software architectures for resilience
- Component-based development and resilience
- System structuring for resilience
- Atomic actions
- Dynamic resilience mechanisms
- Resilience prediction
- Resilience metadata
- Reasoning and adaptation services for improving and ensuring resilience
- Intelligent and adaptive approaches to engineering resilient systems
- Engineering of self-healing autonomic systems
- Dynamic reconfiguration for resilience
- Run-time management of resilience requirements
- CASE tools for developing resilient systems

For more information, please see http://serene2008.uni.lu.

PiLBA 2008 International Workshop on Privacy in Location-Based Applications, Held in conjunction with the the 13th European Symposium on Research in Computer Security (ESORICS 2008), Malaga, Spain, October 10, 2008. (Submissions due 30 June 2008) [posted here 4/7/08]
Although data security and privacy issues have been extensively investigated in several domains, the current available techniques are not readily applicable for privacy protection in location based applications (LBA). An example application is a Location Based Service, which is typically invoked through mobile devices that can include location and movement information in service requests. Other location based applications use similar data, possibly stored in a moving object database, to solve various kinds of optimization problems, to perform statistical analysis of specific phenomena, as well as to predict potentially critical situations. While location data can be very effective for better services and can enable new kind of services, it poses serious threats to the privacy of users. LBA in travel, logistics, health care, and other industries already exist and are poised to proliferate. Examples include the identification of resources close to the user (e.g., the closest pharmacy), and the identification of the optimal route to reach a destination from the user's position considering traffic conditions and possibly other constraints. One of the critical issues for a wide-spread deployment of these applications is how to conciliate the effectiveness and quality of these services with privacy concerns. They bring unique challenges mostly due to the richness of location and time information that is necessarily connected to location based applications. The research in this field involves aspects of spatio-temporal reasoning, query processing, system security, statistical inference, and anonymization techniques. Several research groups have been working in the recent years to identify privacy attacks and defense techniques in this domain. Topics of interest include everything involving privacy aspects arising in the design, development and deployment of location-based applications. Examples are the following:
- Formal models of attacks and defenses in LBA
- Anonymization/Pseudonymization in LBA
- Sensitive data obfuscation in LBA
- Authorization and Access Control involving spatio-temporal data
- Publication of micro-data acquired through LBA
- Privacy preserving data mining on geographically referenced data
- Statistical approaches to privacy preservation in LBA
- Trust Management in LBA
- Applied Cryptography for LBA

For more information, please see http://pilba.dico.unimi.it.

ICISS 2008 4th International Conference on Information Systems Security, Hyderabad, India, December 16-20, 2008. (Submissions due 19 July 2008) [posted here 4/7/08]
The ICISS 2008 encourages submissions from academia, industry and government addressing theoretical and practical problems in information and systems security and related areas. Topics of interest include but are not limited to:
- Application Security
- Authentication and Access Control
- Biometric Security
- Data Security
- Digital Forensics and Diagnostics
- Digital Rights Management
- Distributed System Security
- Formal Methods in Security
- Intrusion Detection, Prevention and Response
- Intrusion Tolerance and Recovery
- Key Management and Cryptographic Protocols
- Language-based Security
- Malware Analysis and Mitigation
- Network Security
- Operating System Security
- Privacy and Anonymity
- Security in P2P, Sensor and Ad Hoc Networks
- Software Security
- Vulnerability Detection and Mitigation
- Web Security

For more information, please see http://www.seclab.cs.sunysb.edu/iciss08/.

NordSec 2008 13th Nordic Workshop on Secure IT Systems, Copenhagen, Denmark, October 9-10, 2008. (Submissions due 23 July 2008) [posted here 4/28/08]
The NordSec workshops are focused on applied computer security and are intended to encourage interchange and cooperation between research and industry. NordSec 2008 is organized by the Technical University of Denmark. NordSec 2008 has a special focus on "Security for the Citizens"; papers and extended abstracts on this topic are especially welcome. Topics include, but are not limited to, the following areas of computer security:
- Applied Cryptography
- Commercial Security Policies and Enforcement
- Communication and Network Security
- Computer Crime and Information Warfare
- Hardware and Smart Card Applications
- Internet and Web Security
- Intrusion Detection
- Language-based Techniques for Security
- New Ideas and Paradigms in Security
- Operating System Security
- PKI Systems and Key Escrow
- Privacy and Anonymity
- Security Education and Training
- Security Evaluations and Measurements
- Security Management and Audit
- Security Models
- Security Protocols
- Social-Engineering and Phishing
- Software Security, Attacks, and Defenses
- Trust and Trust Management

For more information, please see http://lbt.imm.dtu.dk/nsd08/nordsec08/.

ICIW 2009 4th International Conference on Information Warfare and Security, Breakwater Lodge, Cape Town, South Africa, March 26-27, 2009. (Submissions due 4 September 2008) [posted here 5/5/08]
Information warfare and security are at the forefront of modern defence strategies. Strong strands of research and interest are developing in the area, including the understanding of threats and risks to information systems, the development of a strong security culture, as well as incident detection and post incident investigation. The International Conference on Information Warfare and Security (ICIW) offers an opportunity for academics, practitioners and consultants from the US, North America and elsewhere who are involved in the study, management, development and implementation of systems and concepts related to information warfare or are interested in ways to improve information systems security, to come together and exchange ideas. This conference is continuing to establish itself as a key event for individuals working in the field from around the world.

For more information, please see http://academic-conferences.org/iciw/iciw2009/iciw09-home.htm.

IFIP-DF 2009 5th Annual IFIP WG 11.9 International Conference on Digital Forensics, Orlando, Florida, USA, January 25-28, 2009. (Submissions due 15 October 2008) [posted here 4/14/08]
The IFIP Working Group 11.9 on Digital Forensics (www.ifip119.org) is an active international community of scientists, engineers and practitioners dedicated to advancing the state of the art of research and practice in the emerging field of digital forensics. The Fifth Annual IFIP WG 11.9 International Conference on Digital Forensics will provide a forum for presenting original, unpublished research results and innovative ideas related to the extraction, analysis and preservation of all forms of electronic evidence. Keynote presentations, revised papers and details of panel discussions will be published as an edited volume - the fifth in the series entitled Research Advances in Digital Forensics (Springer) in the summer of 2009. Technical papers are solicited in all areas related to the theory and practice of digital forensics. Areas of special interest include, but are not limited to:
- Theories, techniques and tools for extracting, analyzing and preserving digital evidence
- Network forensics
- Portable electronic device forensics
- Digital forensic processes and workflow models
- Digital forensic case studies
- Legal, ethical and policy issues related to digital forensics

For more information, please see http://www.ifip119.org.

Archival Journals Regularly Specializing in Security and Privacy

Journal of Privacy Technology (JOPT),   Editor-in-Chief:  Michael Shamos
This online-only Journal, started in 2004 and  operated by Carnegie Mellon University, is a forum for the publication of original current research in privacy technology. It encourages the submission of any material dealing primarily with the technological aspects of privacy or with the privacy aspects of technology, which may include analysis of the interaction between policy and technology or the technological implications of legal decisions.  More information can be found at http://www.jopt.org/.

IEEE Security and Privacy Magazine,   Editor-in-Chief: George Cybenko
IEEE Security & Privacy provides a unique combination of research articles, case studies, tutorials, and regular departments covering diverse aspects of information assurance such as legal and ethical issues, privacy concerns, tools to help secure information, analysis of vulnerabilities and attacks, trends and new developments, pedagogical and curricular issues in educating the next generation of security professionals, secure operating systems and applications, security issues in wireless networks, design and test strategies for secure and survivable systems, and cryptology.  More information can be found at http://computer.org/security/.

ACM Transactions on Information and System Security,   Editor-in-Chief: Michael Reiter
ACM invites submissions for its Transactions on Information and System Security, inaugurated in November 1998. TISSEC publishes original archival-quality research papers and technical notes in all areas of information and system security including technologies, systems, applications, and policies. Papers should have practical relevance to the construction, evaluation, application, or operation of secure systems. Theoretical papers will be accepted only if there is convincing argument for the practical significance of the results. Theory must be justified by convincing examples illustrating its application. More information is given on the journal web page at http://www.acm.org/tissec.

IEEE Transactions on Dependable and Secure Computing,   Editor-in-Chief: Ravishankar K. Iyer
The IEEE Transactions on Dependable and Secure Computing publishes archival research results related to research into foundations, methodologies, and mechanisms that support the achievement—through design, modeling, and evaluation—of systems and networks that are dependable and secure to the desired degree without compromising performance. The focus will also include measurement, modeling, and simulation techniques, and foundations for jointly evaluating, verifying, and designing for performance, security, and dependability constraints. More information is given on the journal web page at http://www.computer.org/tdsc/.

The Kluwer International Series on ADVANCES IN INFORMATION SECURITY.
The purpose of the Advances in Information Security book series is to establish the state of the art and set the course for future research in information security. The scope of this series includes not only all aspects of computer and network security, but related areas such as fault tolerance and software assurance. The series will serve as a central source of reference for information security research and developments. The series aims to publish thorough and cohesive overviews on specific topics in Information Security, as well as works that are larger in scope than survey articles and that will contain more detailed background information. The series also provides a single point of coverage of advanced and timely topics and a forum for topics that may not have reached a level of maturity to warrant a comprehensive textbook. Prospective Authors or Editors: If you have an idea for a book that would fit in this series, we would welcome the opportunity to review your proposal. Should you wish to discuss any potential project further or receive specific information regarding book proposal requirements, please contact either Sushil Jajodia (jajodia@gmu.edu,703-993-1653) or Lance Wobus (lance.wobus@wkap.com, 781-681-0602)
 
Journal of Computer Security,   Editor-in-Chief: Sushil Jadodia and Jonathan Millen
JCS is an archival research journal for significant advances in computer security. Subject areas include architecture, operating systems, database systems, networks, authentication, distributed systems, formal models, verification, algorithms, mechanisms, and policies. Submissions: send six copies to one of the editors in chief: Sushil Jadodia, CSIS, George Mason University, 440 University Drive, Fairfax, VA 22030, or Jonathan Millen, The MITRE Corporation, 202 Burlington Rd., Bedford, MA. Subscriptions: contact IOS Press, Niewe Hemweg 6B, 1013 BG Amsterdam, Netherlands, (e-mail: order@iospress.nl) for information about individual or institutional subscriptions or back issues. More information is given on the journal web page at http://www.mitre.org/jcs.
 
Computers & Security,   Editor-in-Chief: E. Schultz
Computers & Security aims to satisfy the needs of managers and experts involved in computer security by providing a blend of research developments, innovations, and practical management advice. Original submissions on all computer security topics are invited, particularly those of practical benefit to the practitioner. Four copies of papers from 5-10,000 words should be sent to the editor, N. Dudley, at Elsevier Advanced Technology, P.O. Box 150, Kidlington, Oxford, OX5 1AS, United Kingdom. Telephones: voice +44(0)1865 843848 / 843000; fax +44 (0) 1865 843971.  More information can be found at http://www.elsevier.com/locate/issn/01674048.
 
International Journal of Information Security,   Editors-in-Chief: D. Gollmann; J. Lopez; C.A. Meadows; E. Okamoto
The International Journal of Information Security, IJIS, aims to provide prompt publication of important technical work in information security, attracting any person interested in communications, commerce, banking, medicine, or other areas of endeavor affected by information security. Any research submission on theory, applications, and implementations of information security is welcomed. This includes, but is not limited to, system security, network security, content protection, applications and foundations of information security. More information is given on the journal web page at http://link.springer.de/link/service/journals/10207/index.htm.
 
International Journal of Network Security,   Editors-in-Chief: Min-Shiang Hwang
International Journal of Network Security is an international official journal of Science Publications, publishing original articles, reviews and short communications of a high scientific and technology in network security. Subjects covered include: access control, computer security, cryptography, communications security, data security, database security, electronic commerce security, information security, multimedia security, and network security. Authors are strongly encouraged to submit their papers electronically by using online manuscript submission at http://ijns.nchu.edu.tw/, or submit their Word, ps or pdf file to the editor-in-chief (via Email: mshwang@isrc.nchu.edu.tw): Min-Shiang Hwang, at the Department of Management Information Systems, National Chung Hsing University, Taiwan, R.O.C.  More information can be found at http://ijns.nchu.edu.tw/.
 
International Journal of Security and Networks,   Editors-in-Chief: Yang Xiao
International Journal of Security and Networks is an archival research journal for significant advances in network security. Subject areas include attack models, security mechanisms, security services, authentication, authorization, access control, multicast security, data confidentiality, data integrity, non-repudiation, forensics, privacy protection, secure protocols, formal analyses, intrusion detection, key management, trust establishment, revocation of malicious parties, security policies, fraudulent usage, dependability and reliability, prevention of traffic analysis, network security performance evaluation, tradeoff analysis between performance and security, security standards, etc. All papers must be submitted online at http://www.inderscience.com/ijsn/. More information is given on the journal web page at http://www.inderscience.com/ijsn/.
 
IEEE Transactions on Information Forensics and Security,   Editors-in-Chief: Pierre Moulin
IEEE Transactions on Information Forensics and Security aims to provide a unified locus for archival research on the fundamental contributions and the mathematics behind information forensics, information security, surveillance, and systems applications that incorporate these features. Authors are strongly encouraged to submit their papers electronically to the online manuscript system, Manuscript Central, via sps-ieee.manuscriptcentral.com.  More information can be found at http://www.ieee.org/organizations/society/sp/tifs.html.