Cipher
Calls for Papers



IEEE Computer Society's Technical Committee on Security and Privacy


 

Last Modified:11/28/16

Note: Please send new calls to cipher-cfp@ieee-security.org and take a moment to read the submission guidelines. And please see the Cipher Calendar for events sorted in date order. For all other questions, please contact cipher-cfp@ieee-security.org by email.

Contents

 

Special Issues of Journals and Handbooks


IEEE MultiMedia, Special Issue on Cybersecurity for Cyber-Enabled Multimedia Applications, (Submission Due 1 December 2016) [posted here 08/01/16]
Guest Editors: Qun Jin (Waseda University, Japan), Yong Xiang (Deakin University, Australia), Guozi Sun (Nanjing University of Posts and Telecommunications, China), Yao Liu (University of South Florida, USA), and Chin-Chen Chang (Feng Chia University, Taiwan)

With the rapid popularity of social network applications and advanced digital devices, the past few years have witnessed the explosive growth of multimedia big data in terms of both scale and variety. Such increasing multimedia data determines a new way of communication — seamless network connection, the joyfulness user experience, and free information sharing. Meanwhile, security issues related to such multimedia big data have arisen, and an urgent demand for novel technologies has emerged to deal with copyright protection, multimedia forgery detection, and cybersecurity, especially for cyber-enabled multimedia applications. Although many promising solutions have been proposed recently, it is still challenging for the multimedia community to effectively and efficiently handle security challenges over large-scale multimedia data, especially when the scale comes up from tens of thousands to tens of millions or even billions. This special issue aims to bring together the greatest research efforts in cybersecurity for cyber-enabled multimedia applications to specifically deal with the security challenges in the multimedia big data era. The main goals are to investigate novel ideas and research work of cybersecurity issues with multimedia big data; find or develop effective and efficient techniques and methods in computer vision, multimedia processing, and sensor networks for specific cybersecurity tasks, such as data hiding, and forensics; survey the progress of this area in the past years; and explore interesting and practical cyber-enabled multimedia applications. Submissions should be unpublished and present innovative research work offering contributions either from a methodological or application point of view. Topics of interest include, but are not limited to, the following:
- Emerging fundamental issues in multimedia big data security
- Text, audio, images, and video data hiding
- Multimedia steganography and corresponding steganalysis
- Multimedia watermarking, fingerprinting, and hashing
- Multimedia forensics and data source identification
- Cryptography, secret sharing, and biometrics
- Multimedia network security, privacy, and protection
- Multimedia big data trust management and access control
- Secure covert communications and cybersecurity
- Secure cyber-enabled multimedia applications in health, education, and so on

For more information, please see https://www.computer.org/web/computingnow/mmcfp4.

Advances in Multimedia journal, Special Issue on Emerging Challenges and Solutions for Multimedia Security, (Submission Due 2 December 2016) [posted here 08/22/16]
Guest Editors: Wojciech Mazurczyk (Warsaw University of Technology, Poland), Artur Janicki (Warsaw University of Technology, Poland), Hui Tian (National Huaqiao University, China), and Honggang Wang (University of Massachusetts Dartmouth, USA)

Today’s world’s societies are becoming more and more dependent on open networks such as the Internet, where commercial activities, business transactions, government services, and entertainment services are realized. This has led to the fast development of new cyber threats and numerous information security issues which are exploited by cyber criminals. The inability to provide trusted secure services in contemporary computer network technologies could have a tremendous socioeconomic impact on global enterprises as well as on individuals. In the recent years, rapid development in digital technologies has been augmented by the progress in the field of multimedia standards and the mushrooming of multimedia applications and services penetrating and changing the way people interact, communicate, work, entertain, and relax. Multimedia services are becoming more significant and popular and they enrich humans’ everyday life. Currently, the term multimedia information refers not only to text, image, video, or audio content but also to graphics, flash, web, 3D data, and so forth. Multimedia information may be generated, processed, transmitted, retrieved, consumed, or shared in various environments. The lowered cost of reproduction, storage, and distribution, however, also invites much motivation for large-scale commercial infringement. The above-mentioned issues have generated new challenges related to protection of multimedia services, applications, and digital content. Providing multimedia security is significantly different from providing typical computer information security, since multimedia content usually involves large volumes of data and requires interactive operations and real-time responses. Additionally, ensuring digital multimedia security must also signify safeguarding of the multimedia services. Different services require different methods for content distribution, payment, interaction, and so forth. Moreover, these services are also expected to be “smart” in the environment of converged networks, which means that they must adapt to different network conditions and types as multimedia information can be utilized in various networked environments, for example, in fixed, wireless, and mobile networks. All of these make providing security for multimedia even harder to perform. This special issue intends to bring together diversity of international researchers, experts, and practitioners who are currently working in the area of digital multimedia security. Researchers both from academia and industry are invited to contribute their work for extending the existing knowledge in the field. The aim of this special issue is to present a collection of high-quality research papers that will provide a view on the latest research advances not only on secure multimedia transmission and distribution but also on multimedia content protection. Potential topics include, but are not limited to:
- Emerging technologies in digital multimedia security
- Digital watermarking
- Fingerprinting in multimedia signals
- Digital media steganology (steganography and steganalysis)
- Information theoretic analysis of secure multimedia systems
- Security/privacy in multimedia services
- Multimedia and digital media forensics
- Quality of Service (QoS)/Quality of Experience (QoE) and their relationships with security
- Security of voice and face biometry
- Multimedia integrity verification and authentication
- Multimedia systems security
- Digital rights management
- Digital content protection
- Tampering and attacks on original information
- Content identification and secure content delivery
- Piracy detection and tracing
- Copyright protection and surveillance
- Forgery detection
- Secure multimedia networking
- Multimedia network protection, privacy, and security
- Secure multimedia system design, trusted computing, and protocol security

For more information, please see http://www.hindawi.com/journals/am/si/561923/cfp/.

Journal of Visual Communication and Image Representation, Special Issue on Data-driven Multimedia Forensics and Security, (Submission Due 28 February 2017) [posted here 11/14/16]
Guest Editors: Anderson Rocha (University of Campinas, Brazil), Shujun Li (Universityof Surrey, UK), C.-C. Jay Kuo (University of Southern California, US), Alessandro Piva (University of Florence, Italy), and Jiwu Huang (Shenzhen University, China)

In the last decade a large number of multimedia forensic and security techniques have been proposed to evaluate integrity of multimedia data. However, most of these solutions adopt very limiting and simplifying working conditions, being more appropriate for laboratorial tests than for real-world deployment. Unfortunately, with big data requirements on the table, the stakes are higher now. Forensics and security experts are no longer required to provide the society with solutions for specific cases. Instead, we need to cope with shear amounts of data and in different operational and acquisition conditions. In addition to the traditional multimedia forensics and security research around integrity and authentication, digital images and videos have also been the core components in other related application domains, e.g. biometrics, image and video based information hiding, image and video collection forensics, automatic child porn detection, digital triage of image and video evidence, attacks on image and video-based CAPTCHAs, etc. A common feature of the above listed multimedia forensics and security problems is that they can all be solved by machine learning techniques driven by training data. In recent years, some new and powerful modeling and machine learning paradigms have been developed that allow us to glean over massive amounts of data and directly extract useful information for proper decision making, thus creating new techniques to solve those multimedia forensics and security problems with improved performance. This Special Issue invites researchers in all related fields (including but not limited to image and video signal processing, machine learning, computer vision and pattern recognition, cyber security, digital forensics) to join us in a quest for pinpointing the next-generation image and video forensics and security solutions of tomorrow, capable of processing image and video data using the recently-developed deep learning paradigm and other new modelling and learning techniques. ALL submissions must highlight their machine-learning based approach and discuss how their solutions deal with large collections of data. The core data used in your work should be visual data (images and videos). Video data may also include RGB, IR, and depth data. The topics of interest of this Special Issue are listed below. The list is not exhaustive and prospective authors should contact the editors in case of any question. Submissions can contemplate original research, serious dataset collection and benchmarking, or critical surveys. Example Topics of Interest:
- Attacks on visual CAPTCHAs
- Biometrics and counter-spoofing
- Content-protection and counter-protection
- Counter forensics
- Cyber threat analysis for image and video data
- Forensic data fusion (if at least one source contains images and videos)
- Image and video collection forensics
- Incident response related to image and video data
- Multimedia evidence recovery and validation
- Multimedia forensics (forgery detection, attribution, CGI classification)
- Multimedia provenance (phylogeny, digital triage of multimedia evidence)
- Sensitive content detection (porn and child porn detection, violence detection)
- Surveillance for forensics and security applications
- Visual analytics for forensics and security applications
- Visual information hiding: designs and attacks

For more information, please see http://www.journals.elsevier.com/journal-of-visual-communication-and-image-representation.

IEEE Security & Privacy Magazine, Special issue on Digital Forensics, (Submission Due 1 March 2017) [posted here 08/22/16]
Guest Editors: Wojciech Mazurczyk (Warsaw University of Technology & FernUniversität in Hagen, Poland), Steffen Wendzel (Fraunhofer FKIE, Germany), Luca Caviglione (National Research Council of Italy, Italy), and Simson L. Garfinkel (National Institute of Standards and Technology, USA)

Modern societies are becoming increasingly dependent on open networks where commercial activities, business transactions, and government services are delivered. Despite the benefits, these networks have led to new cyberthreats and cybersecurity issues. Abuse of and mistrust for telecommunications and computer network technologies have significant socioeconomic impacts on global enterprises as well as individuals. Cybercriminal activities such as fraud often require the investigations that span across international borders. In addition, they’re often subject to different jurisdictions and legal systems. The increased intricacy of the communication and networking infrastructure complicates investigation of such activities. Clues of illegal digital activities are often buried in large volumes of data that makes crime detection and evidence collection difficult. This poses new challenges for law enforcement and compels computer societies to utilize digital forensics to combat the growing number of cybercrimes. Forensic professionals must be fully prepared to gather effective digital evidence. Forensic techniques must keep pace with new technologies; therefore, digital forensics is becoming more important for law enforcement and information and network security. This multidisciplinary area includes several fields, including law, computer science, finance, networking, data mining, and criminal justice. It faces diverse challenges and issues in terms of the efficiency of digital evidence processing and related forensic procedures. This special issue aims to collect the most relevant ongoing research efforts in digital forensics field. Topics include, but aren’t limited to:
- real-world case studies, best practices, and readiness;
- challenges and emerging trends;
- digital forensic triage;
- antiforensics and anti-antiforensics approaches;
- networking incident response, investigation, and evidence handling;
- network forensics and traffic analysis;
- detecting illegal sites and traffic (for instance, child abuse/exploitation);
- malware and targeted attacks including analysis and attribution;
- information-hiding techniques (network stenography, covert channels, and so on);
- stealth communication through online games and its detection;
- use and implications of machine learning in digital forensics;
- big data and digital forensics;
- network traffic fingerprinting and attacks;
- cybercrimes design, detection, and investigation;
- cybercrime issues and solutions from a digital forensics perspective;
- nontraditional forensic scenarios and approaches (for instance, vehicles, SCADA, automation and control);
- social networking forensics;
- cloud forensics;
- law enforcement and digital forensics; and
- digital forensics for incident response, research, policy compliance enforcement, and so on.

For more information, please see https://www.computer.org/web/computingnow/spcfp6.

Conference and Workshop Call-for-papers

November 2016

PETS 2017 17th Privacy Enhancing Technologies Symposium, Minneapolis, MN, USA, July 18 – July 21, 2017. (Submission Due 31 August 2016; 30 November 2016; 28 February 2017) [posted here 8/8/16]
The annual Privacy Enhancing Technologies Symposium (PETS) brings together privacy experts from around the world to present and discuss recent advances and new perspectives on research in privacy technologies. Papers undergo a journal-style reviewing process and accepted papers are published in Proceedings on Privacy Enhancing Technologies (PoPETs), a scholarly, open access journal. Submitted papers should present novel practical and/or theoretical research into the design, analysis, experimentation, or fielding of privacy-enhancing technologies. While PETS/PoPETs has traditionally been home to research on anonymity systems and privacy-oriented cryptography, we strongly encourage submissions on a number of both well-established and emerging privacy-related topics, for which examples are provided below. PoPETs also solicits submissions for Systematization of Knowledge (SoK) papers. These are papers that critically review, evaluate, and contextualize work in areas for which a body of prior literature exists, and whose contribution lies in systematizing the existing knowledge in that area.

For more information, please see https://petsymposium.org/.

December 2016

CPSS 2017 3rd ACM Cyber-Physical System Security Workshop, Abu Dhabi, UAE, April 2, 2017. (Submission Due 1 December 2016) [posted here 10/10/16]
Cyber-Physical Systems (CPS) consist of large?scale interconnected systems of heterogeneous components interacting with their physical environments. There are a multitude of CPS devices and applications being deployed to serve critical functions in our lives. The security of CPS becomes extremely important. This workshop will provide a platform for professionals from academia, government, and industry to discuss how to address the increasing security challenges facing CPS. Besides invited talks, we also seek novel submissions describing theoretical and practical security solutions to CPS. Papers that are pertinent to the security of embedded systems, SCADA, smart grid, and critical infrastructure networks are all welcome, especially in the domains of energy and transportation. Topics of interest include, but are not limited to:
- Authentication and access control for CPS
- Autonomous vehicle security
- Availability, recovery and auditing for CPS
- Data security and privacy for CPS
- Embedded systems security
- EV charging system security
- Industrial control system security
- Intrusion detection for CPS
- IoT security
- Key management in CPS
- Legacy CPS system protection
- Lightweight crypto and security
- Risk assessment for CPS
- SCADA security
- Security architectures for CPS
- Smart grid security
- Threat modeling for CPS
- Urban transportation system security
- Vulnerability analysis for CPS
- Wireless sensor network security

For more information, please see http://icsd.i2r.a-star.edu.sg/cpss17/.

USEC 2017 Usable Security Mini Conference, Co-located with NDSS 2017, San Diego, California, USA, February 26, 2017. (Submission Due 1 December 2016) [posted here 10/31/16]
One cannot have security and privacy without considering both the technical and human aspects thereof. If the user is not given due consideration in the development process, the system is likely to enable users to protect their privacy and security in the Internet. Usable security and security is more complicated than traditional usability. This is because traditional usability principles cannot always be applied. For example, one of the cornerstones of usability is that people are given feedback on their actions, and are helped to recover from errors. In authentication, we obfuscate password entry (a usability fail) and we give people no assistance to recover from errors. Moreover, security is often not related to the actual functionality of the system, so people often see it as a bolt-on, and an annoying hurdle. These and other usability challenges of security are the focus of this workshop. We invite submissions on all aspects of human factors including mental models, adoption, and usability in the context of security and privacy. USEC 2017 aims to bring together researchers already engaged in this interdisciplinary effort with other computer science researchers in areas such as visualization, artificial intelligence, machine learning and theoretical computer science as well as researchers from other domains such as economics, legal scientists, social scientists, and psychology. We particularly encourage collaborative research from authors in multiple disciplines. It is the aim of USEC to contribute to an increase of the scientific quality of research in human factors in security and privacy. To this end, we encourage the use of replication studies to validate research findings. This important and often very insightful branch of research is sorely under-represented in human factors in security and privacy research to date. Papers in these categories should be clearly marked as such and will not be judged against regular submissions on novelty. Rather, they will be judged based on scientific quality and value to the community. We also encourage reports of failed experiments, since their publication will serve to prevent others falling into the same traps. Topics include, but are not limited to:
- Human factors related to the deployment of the Internet of Things (New topic for 2017)
- Usable security / privacy evaluation of existing and/or proposed solutions
- Mental models that contribute to, or complicate, security or privacy
- Lessons learned from designing, deploying, managing or evaluating security and privacy technologies
- Foundations of usable security and privacy incl. usable security and privacy patterns
- Ethical, psychological, sociological, economic, and legal aspects of security and privacy technologies

For more information, please see http://www.dcs.gla.ac.uk/~karen/usec/.

IWSPA 2017 3rd ACM International Workshop on Security and Privacy Analytics, Co-located with ACM CODASPY 2017, Scottsdale, Arizona, USA, March 24, 2017. (Submission Due 6 December 2016) [posted here 10/17/16]
Increasingly, sophisticated techniques from machine learning, data mining, statistics and natural language processing are being applied to challenges in security and privacy fields. However, experts from these areas have no medium where they can meet and exchange ideas so that strong collaborations can emerge, and cross-fertilization of these areas can occur. Moreover, current courses and curricula in security do not sufficiently emphasize background in these areas and students in security and privacy are not emerging with deep knowledge of these topics. Hence, we propose a workshop that will address the research and development efforts in which analytical techniques from machine learning, data mining, natural language processing and statistics are applied to solve security and privacy challenges (“security analytics”). Submissions of papers related to methodology, design, techniques and new directions for security and privacy that make significant use of machine learning, data mining, statistics or natural language processing are welcome. Furthermore, submissions on educational topics and systems in the field of security analytics are also highly encouraged.

For more information, please see http://capex.cs.uh.edu/?q=content/international-workshop-security-and-privacy-analytics-2017.

SEMS 2017 IEEE Workshop on Security for Embedded and Mobile Systems, Held in conjunction with IEEE Euro S&P 2017 and EUROCRYPT 2017, Paris, France, April 30, 2017. (Submission Due 10 December 2017) [posted here 12/5/16]
Embedded and mobile devices that provide security and crypto functionalities and manage private and confidential data are omnipresent in our daily lives. Examples of such devices range from smart cards and RFID tags, to mobile phones, tablets, and IoT devices. Ensuring the security and privacy of these devices is a challenging problem, as witnessed by recent breaking of crypto and security systems used in mobile phones, car keys, and RFID-enabled cards. Typical threats to extract the keys include side-channel and fault analysis. Additionally, the vulnerabilities of the devices imply also privacy concerns. The operating systems supporting some of those devices, particularly mobile phones and tablets, but also IoT ones, have become very complex. Various sorts of malware present a constant threat for users. Although measures like application sandboxing take place, they also open the court for new attacks by constantly collecting and organizing sensitive information about the user. We especially encourage novel ideas exploiting architecture-specific or novel "out of the box" attacks combining ideas from different communities, e.g., malware detection or privacy violation using side-channels. The workshop seeks submissions from academia and industry presenting novel research results on the following topics of interest:
- Security architectures for embedded and mobile systems
- Physical (side-channel and fault) attacks on embedded and mobile systems
- Hardware security of mobile devices
- (mobile) Malware detection and prevention
- Machine learning applications to highlight possible threats to user privacy
- Privacy-preserving issues for mobile devices
- Secure localization and location privacy for mobile devices
- Security and privacy in the Internet of Things
- Secure execution environments (e.g., TrustZone, TPMs) on mobile devices
- Sensor spoofing attacks

For more information, please see http://sems2017.cs.ru.nl/index.shtml.

S&B 2017 IEEE Security and Privacy on the Blockchain, Held in conjunction with the IEEE EuroS&P and EuroCrypt 2017 Conferences, Paris, France, April 29, 2017. (Submission Due 14 December 2017) [posted here 11/28/16]
The Security and Privacy on the Blockchain Workshop is the first IEEE forum for research on the security and privacy properties of blockchains as a solution for transactional systems, co-located with EuroCrypt and EuroS&P. We solicit previously unpublished papers offering novel contributions in both Bitcoin and wider blockchain research. Papers may present advances in the theory, design, implementation, analysis, verification, or empirical evaluation and measurement of existing systems. Papers that shed new light on past or informally known results by means of sound formal theory or thorough empirical analysis are welcome. Topics of Interest include:
- Novel attacks on blockchain technologies
- Improvements to core blockchain cryptographic primitives
- Compact ring signatures
- Compact range proofs
- Privacy-Preserving Signature Aggregation
- (De) anonymization of blockchain records
- Improvements of SNARKs for blockchain technologies
- Formal verification of smart contracts
- The security of SPV models
- Game theoretic analysis of proof-of-work
- Relevant Systematization of Knowledge papers
- Security and privacy trade-offs related to scalability and decentralization

For more information, please see http://prosecco.gforge.inria.fr/ieee-blockchain2016.

ACM TURC-SP 2017 Mobile Security Technologies Workshop, Co-located with the 38th IEEE Symposium on Security and Privacy (IEEE S&P 2017), San Jose, CA, USA, May 25, 2017. (Submission Due 15 December 2017) [posted here 12/5/16]
The ACM TURC 2017 (Security and Privacy Track) conference is a new leading international forum for academia, government, and industry to present novel research results in all practical and theoretical aspects of computer and communications security. Papers should be related to the construction, evaluation, application, or operation of secure systems. All topic areas related to computer and communications security are of interest and in scope. The ACM TURC 2017 (Security and Privacy Track) is technically supported by ACM SIGSAC in China (Pending Approval). Topics of interest include but are not limited to the following:
- Access control
- Accounting and audit
- Applied cryptography
- Authentication
- Big data security and privacy
- Biometrics
- Blockchain and alternatives
- Cloud computing security
- Computer forensics
- Cyber-physical security
- Data and application security
- Embedded systems security
- Formal methods for security
- Hardware-based security and applications
- IoT security and privacy
- Key management
- Malware and botnets
- Mobile computing security
- Network security
- Operating system security
- Practical post-quantum security
- Privacy-enhancing technology
- Runtime attacks and defenses
- Secure computation
- Security architectures
- Security of critical infrastructures
- Security metrics
- Software security
- Trusted computing
- Usable security and privacy
- Web security
- Wireless security and privacy

For more information, please see http://china.acm.org/TURC/2017/SIGSAC.html.

IFIPSEC 2017 32nd IFIP TC-11 SEC 2017 International Information Security and Privacy Conference, Rome, Italy, May 29-31, 2017. (Submission Due 23 December 2016) [posted here 10/24/16]
The IFIP SEC conference is the flagship event of the International Federation for Information Processing (IFIP) Technical Committee 11 on Security and Privacy Protection in Information Processing Systems (TC-11, www.ifiptc11.org). Previous SEC conferences were held in Ghent (Belgium) 2016, Hamburg (Germany) 2015, Marrakech (Morroco) 2014, Auckland (New Zealand) 2013, Heraklion (Greece) 2012, Lucerne (Switzerland) 2011, and Brisbane (Australia) 2010. We seek submissions from academia, industry, and government presenting novel research on all theoretical and practical aspects of security and privacy protection in ICT Systems. Topics of interest include, but are not limited to:
- Access control and authentication
- Applied cryptography
- Audit and risk analysis
- Biometrics
- Big data security and privacy
- Cloud security and privacy
- Critical infrastructure protection
- Cyber-physical systems security
- Data protection
- Data and applications security
- Digital forensics
- Human aspects of security and privacy
- Identity management
- Information security education
- Information security management
- Information technology mis-use and the law
- Managing information security functions
- Mobile security
- Multilateral security
- Network & distributed systems security
- Privacy protection and Privacy-by-design
- Privacy enhancing technologies
- Security and privacy in crowdsourcing
- Security and privacy in pervasive systems
- Security and privacy in the Internet of Things
- Security and privacy policies
- Surveillance and counter-surveillance
- Trust management
- Usable security

For more information, please see http://ifipsec.org/2017/.

January 2017

BioSTAR 2017 International Workshop on Bio-inspired Security, Trust, Assurance and Resilience, Co-located with the 38th IEEE Symposium on Security and Privacy (IEEE S&P 2017), San Jose, CA, USA, May 25, 2017. (Submission Due 15 January 2017) [posted here 10/24/16]
As computing and communication systems continue to expand and offer new services, these advancements require more dynamic, diverse, and interconnected computing infrastructures. Unfortunately, defending and maintaining resilient and trustworthy operation of these complex systems are increasingly difficult challenges. Conventional approaches to Security, Trust, Assurance and Resilience (STAR for short) are often too narrowly focused and cannot easily scale to manage large, coordinated and persistent attacks in these environments. Designs found in nature are increasingly used as a source of inspiration for STAR and related networking and intelligence solutions for complex computing and communication environments. Nature's footprint is present in the world of Information Technology, where there are an astounding number of computational bio-inspired techniques. These well-regarded approaches include genetic algorithms, neural networks, ant algorithms, immune systems just to name a few. For example several networking management and security technologies have successfully adopted some of nature's approaches, such as swarm intelligence, artificial immune systems, sensor networks, moving target defense, diversity-based software design, etc. Nature has also developed an outstanding ability to recognize individuals or foreign objects and adapt/evolve to protect a group or a single organism. Solutions that incorporate these nature-inspired characteristics often have improved performance and/or provided new capabilities beyond more traditional methods. The aim of this workshop is to bring together the research accomplishments provided by the researchers from academia and the industry. The other goal is to show the latest research results in the field of nature-inspired STAR aspects in computing and communications. Topics of interests include, but are not limited to:
- Nature-inspired anomaly and intrusion detection
- Adaptation algorithms
- Biometrics
- Nature-inspired algorithms and technologies for STAR
- Biomimetics
- Artificial Immune Systems
- Adaptive and Evolvable Systems
- Machine Learning, neural networks, genetic algorithms for STAR
- Nature-inspired analytics and prediction
- Cognitive systems
- Sensor and actuator networks and systems
- Information hiding solutions (steganography, watermarking) for network traffic
- Cooperative defense systems
- Cloud-supported nature-inspired STAR
- Theoretical development in heuristics
- Management of decentralized networks
- Nature-inspired algorithms for dependable networks
- Platforms for STAR services
- Diversity in computing and communications
- Survivable and sustainable systems
- STAR management systems
- Autonomic cyber defenses

For more information, please see http://biostar.cybersecurity.bio/.

WTMC 2017 2nd International Workshop on Traffic Measurements for Cybersecurity, Co-located with the 38th IEEE Symposium on Security and Privacy (IEEE S&P 2017), San Jose, CA, USA, May 25, 2017. (Submission Due 15 January 2017) [posted here 10/24/16]
Current communication networks are increasingly becoming pervasive, complex, and ever-evolving due to factors like enormous growth in the number of network users, continuous appearance of network applications, increasing amount of data transferred, and diversity of user behaviors. Understanding and measuring traffic in such networks is a difficult yet vital task for network management but recently also for cybersecurity purposes. Network traffic measuring and monitoring can, for example, enable the analysis of the spreading of malicious software and its capabilities or can help to understand the nature of various network threats including those that exploit users’ behavior and other user’s sensitive information. On the other hand network traffic investigation can also help to assess the effectiveness of the existing countermeasures or contribute to building new, better ones. Recently, traffic measurements have been utilized in the area of economics of cybersecurity e.g. to assess ISP or to estimate the revenue of cyber criminals. The aim of this workshop is to bring together the research accomplishments provided by the researchers from academia and the industry. The other goal is to show the latest research results in the field of cybersecurity and understand how traffic measurements can influence it. We encourage prospective authors to submit related distinguished research papers on the subject of both: theoretical approaches and practical case reviews. This workshop presents some of the most relevant ongoing research in cybersecurity seen from the traffic measurements perspective. The workshop will be accessible to both non-experts interested in learning about this area and experts interesting in hearing about new research and approaches. Topics of interest include, but are not limited to:
- Measurements for network incidents response, investigation and evidence handling
- Measurements for network anomalies detection
- Measurements for economics of cybersecurity
- Network traffic analysis to discover the nature and evolution of the cybersecurity threats
- Measurements for assessing the effectiveness of the threats detection/prevention methods and countermeasures
- Novel passive, active and hybrid measurements techniques for cybersecurity purposes
- Traffic classification and topology discovery tools for monitoring the evolving status of the network from the cybersecurity perspective
- Correlation of measurements across multiple layers, protocols or networks for cybersecurity purposes
- Novel visualization approaches to detect network attacks and other threats
- Analysis of network traffic to provide new insights about network structure and behavior from the security perspective
- Measurements of network protocol and applications behavior and its impact on cybersecurity and users' privacy
- Measurements related to network security and privacy

For more information, please see http://wtmc.info.

WoC 2017 3rd IEEE International Workshop on Container Technologies and Container Clouds, Held in conjunction with IEEE International Conference on Cloud Engineering (IC2E 2017), Vancouver, Canada, April 4-7, 2017. (Submission Due 15 January 2017) [posted here 10/31/16]
Containers are a lightweight OS-level virtualization abstraction primarily based on namespace isolation and control groups. In the recent years, container-based virtualization for applications has gained immense popularity thanks to the success of technologies like Docker. Container packaging mechanisms like Docker, LXD and Rkt, as well as management frameworks like Kubernetes, Mesos, etc., are witnessing widespread adoption in the industry today. Container technologies have eliminated the feature parity between development and production environment by enabling developers to package applications and their dependencies as a single unit that can be run across diverse operating environments. Though containers provide a great amount of flexibility and portability from a developer's perspective, there are several important challenges that need to be addressed by the infrastructure provider, in order to run these virtualized applications in a cloud environment. The second workshop on container technologies and container clouds solicits contributions in this area from researchers and practitioners in both the academia and industry. The workshop welcomes submissions describing unpublished research, position papers as well as deployment experiences on various topics related to containers as outlined below:
- Security, isolation and performance of containers
- Network architectures for multi-host container deployments
- Orchestration models for cloud scale deployments
- High availability systems for containerized workloads
- Leveraging hardware support for containers and containerized workloads
- Migrating and optimizing traditional workloads for containers
- Operational issues surrounding management of large clusters of containers
- Container use cases and challenges for HPC, Big Data and IoT applications
- Other topics relevant to containers

For more information, please see http://researcher.watson.ibm.com/researcher/view_group.php?id=7476.

WACC 2017 International Workshop on Assured Cloud Computing and QoS aware Big Data, Held in conjunction with 17th IEEE/ACM International Symposium on Cluster, Cloud and Grid Computing (CCGRID 2017), Madrid, Spain, May 14-17, 2017. (Submission Due 15 January 2017) [posted here 11/14/16]
WACC draws together researchers, practitioners, and thought leaders from government, industry, and academia. The workshop provides a forum of dialogue centered upon the development and advancement of an effort to design, implement, and evaluate dependable cloud architectures that can provide assurances with respect to security, reliability, and timeliness of computations (or services). Some new “assured” target applications include, but are not limited to, dependable Big Data applications and streaming, data analytics and its tools, real-time computations for monitoring, control of cyber-physical systems such as power systems, and mission critical computations for rescue and recovery. The technical emphasis of WACC is design, implementation, and evaluation of cloud services, data analytics tools, and security solutions to enable dependable Big Data applications. Research on cloud services, ICT-skilled data scientists and application developers can find complementary solutions and partnerships to evaluate and integrate additional solutions. Data scientists can find new tools that could address existing needs.

For more information, please see http://www.eubra-bigsea.eu/WACC_2017.

HotSpot 2017 5th Workshop on Hot Issues in Security Principles and Trust, Affiliated with ETAPS 2017, Uppsala, Sweden, April 23, 2017. (Submission Due 15 January 2017) [posted here 12/5/16]
This workshop is intended to be a less formal counterpart to the Principles of Security and Trust (POST) conference at ETAPS with an emphasis on “hot topics”, both of security and of its theoretical foundations and analysis. Submissions about new and emerging topics (for example, those that have not appeared prominently in conferences and workshops until now) are particularly encouraged. Submissions of preliminary, tentative work are also encouraged. This workshop is organized by IFIP WG 1.7: Theoretical Foundations of Security Analysis and Design.

For more information, please see https://infsec.uni-trier.de/events/hotspot2017.

IoTPTS 2017 3rd International Workshop on IoT Privacy, Trust, and Security, Held in conjunction with the 12th ACM Symposium on Information, Computer and Communications Security (ASIACCS 2017), Abu Dhabi, UAE, April 2, 2017. (Submission Due 20 January 2017) [posted here 11/21/16]
The Internet of Things (IoT) is the next great technology frontier. At a basic level, IoT refers simply to networked devices, but the IoT vision is a complex ecosystem that ranges from cloud backend services and big-data analytics to home, public, industrial, and wearable sensor devices and appliances. Architectures for these systems are in the formative stages, and now is the time to ensure privacy, trust, and security are designed into these systems from the beginning. We encourage submissions on all aspects of IoT privacy, trust, and security. Topics of interest include (but are not limited) to the following areas:
- Privacy and IoT data
- Privacy attacks for IoT
- Trust management and device discoverability for IoT
- Usability of privacy and security systems in IoT
- User risk perceptions and modeling for IoT
- Policy Management and enforcement for IoT
- Authentication and access control for users for IoT
- Cryptography for IoT
- Attack detection and remediation for IoT
- Security architectures for IoT systems and applications

For more information, please see https://sites.google.com/site/iotpts2017/.

DSC 2017 IEEE Conference on Dependable and Secure Computing, Taipei, Taiwan, August 7-10, 2017. (Submission Due 21 January 2017) [posted here 10/24/16]
The IEEE Conference on Dependable and Secure Computing solicits papers, posters, practices, and experiences for presenting innovative research results, problem solutions, and new challenges in the field of dependable and secure computing. The whole spectrum of IT systems and application areas, including hardware design and software systems, with stringent relevant to dependability and security concerns are of interest to DSC. Authors are invited to submit original works on research and practice of creating, validating, deploying, and maintaining dependable and secure systems. The conference has two tracks for research papers, the "Computer Systems, Networks, and Software" track and the "System Electronics, VLSI, and CAD" track. In addition to research papers, the DSC conference will also include a submission category for experience and practice papers on new findings in the two aforementioned categories. The PC will evaluate a submission to the experience and practice track with the understanding that it predominantly contributes to the VLSI/CAD design knowhow or the extension of the community's knowledge about how the security protection of known techniques fares in real-world operations. Authors have to submit a short paper along with slides and an optional supplemental video to demonstrate the implementation and/or the practicability of the work.

For more information, please see http://dsc17.cs.nctu.edu.tw/.

MOST 2017 Mobile Security Technologies Workshop, Co-located with the 38th IEEE Symposium on Security and Privacy (IEEE S&P 2017), San Jose, CA, USA, May 25, 2017. (Submission Due 22 January 2017) [posted here 12/5/16]
Mobile Security Technologies (MoST) brings together researchers, practitioners, policy makers, and hardware and software developers of mobile systems to explore the latest understanding and advances in the security and privacy for mobile devices, applications, and systems. We are seeking both short position papers (2-4 pages) and longer papers (a maximum of 10 pages). The topics of interest include, but are not limited to:
- Identity and access control for mobile platforms
- Mobile app security
- Mobile cloud security
- Mobile hardware security
- Mobile middleware and OS security
- Mobile web and advertisement security
- Protecting security-critical applications of mobile platforms
- Secure application development tools and practices
- Security study of mobile ecosystems
- Unmanned aerial vehicles (UAVs) security
- Wearable and IoT security

For more information, please see http://ieee-security.org/TC/SPW2017/MoST/.

February 2017

IWPE 2017 3rd International Workshop on Privacy Engineering, Co-located with IEEE Symposium on Security and Privacy (SP 2017), San Jose, CA, USA, May 25, 2017. (Submission Due 3 February 2017) [posted here 11/7/16]
Ongoing news reports regarding global surveillance programs, massive personal data breaches in corporate databases, and notorious examples of personal tragedies due to privacy violations have intensified societal demands for privacy-friendly systems. In response, current legislative and standardization processes worldwide aim to strengthen individual’s privacy by introducing legal, organizational and technical frameworks that personal data collectors and processors must follow. However, in practice, these initiatives alone are not enough to guarantee that organizations and software developers will be able to identify and adopt appropriate privacy engineering techniques in their daily practices. Even if so, it is difficult to systematically evaluate whether the systems they develop using such techniques comply with legal frameworks, provide necessary technical assurances, and fulfill users’ privacy requirements. It is evident that research is needed in developing techniques and tools that can aid the translation of legal and normative concepts, as well as user expectations into systems requirements. Furthermore, methods that can support organizations and engineers in developing (socio-)technical systems that address these requirements is of increasing value to respond to the existing societal challenges associated with privacy. In this context, privacy engineering research is emerging as an important topic. Engineers are increasingly expected to build and maintain privacy-preserving and data-protection compliant systems in different ICT domains such as health, energy, transportation, social computing, law enforcement, public services; based on different infrastructures such as cloud, grid, or mobile computing and architectures. While there is a consensus on the benefits of an engineering approach to privacy, concrete proposals for models, methods, techniques and tools that support engineers and organizations in this endeavor are few and in need of immediate attention. To cover this gap, the topics of the International Workshop on Privacy Engineering (IWPE'17) focus on all the aspects surrounding privacy engineering, ranging from its theoretical foundations, engineering approaches, and support infrastructures, to its practical application in projects of different scale. Specifically, we are seeking the following kinds of papers: (1) technical papers that illustrate the engineering or application of a novel formalism, method or other research finding (e.g., a privacy enhancing protocol) with preliminary evaluation; (2) experience and practice papers that describe a case study, challenge or lessons learned from in a specific domain; (3) early evaluations of tools and other infrastructure that support engineering tasks in privacy requirements, design, implementation, testing, etc.; (4) interdisciplinary studies or critical reviews of existing privacy engineering concepts, methods, tools and frameworks; or (5) vision papers that take a clear position informed by evidence based on a thorough literature review. IWPE’17 welcomes papers that focus on novel solutions on the recent developments in the general area of privacy engineering. Topics of interests include, but are not limited to:
- Integrating law and policy compliance into the development process
- Privacy impact assessment during software development
- Privacy risk management models
- Privacy breach recovery Methods
- Technical standards, heuristics and best practices for privacy engineering
- Privacy engineering in technical standards
- Privacy requirements elicitation and analysis methods
- User privacy and data protection requirements
- Management of privacy requirements with other system requirements
- Privacy requirements elicitation and analysis techniques
- Privacy engineering strategies and design patterns
- Privacy-preserving architectures
- Privacy engineering and databases, services, and the cloud
- Privacy engineering in networks
- Engineering techniques for fairness, transparency, and privacy in databases
- Privacy engineering in the context of interaction design and usability
- Privacy testing and evaluation methods
- Validation and verification of privacy requirements
- Privacy Engineering and design
- Engineering Privacy Enhancing Technologies (PETs)
- Integration of PETs into systems
- Models and approaches for the verification of privacy properties
- Tools and formal languages supporting privacy engineering
- Teaching and training privacy engineering
- Adaptations of privacy engineering into specific software development processes
- Pilots and real-world applications
- Evaluation of privacy engineering methods, technologies and tools
- Privacy engineering and accountability
- Privacy engineering and business processes
- Privacy engineering and manageability of data in (large) enterprises
- Organizational, legal, political and economic aspects of privacy engineering

For more information, please see http://ieee-security.org/TC/SPW2017/IWPE/.

PETS 2017 17th Privacy Enhancing Technologies Symposium, Minneapolis, MN, USA, July 18 – July 21, 2017. (Submission Due 31 August 2016; 30 November 2016; 28 February 2017) [posted here 8/8/16]
The annual Privacy Enhancing Technologies Symposium (PETS) brings together privacy experts from around the world to present and discuss recent advances and new perspectives on research in privacy technologies. Papers undergo a journal-style reviewing process and accepted papers are published in Proceedings on Privacy Enhancing Technologies (PoPETs), a scholarly, open access journal. Submitted papers should present novel practical and/or theoretical research into the design, analysis, experimentation, or fielding of privacy-enhancing technologies. While PETS/PoPETs has traditionally been home to research on anonymity systems and privacy-oriented cryptography, we strongly encourage submissions on a number of both well-established and emerging privacy-related topics, for which examples are provided below. PoPETs also solicits submissions for Systematization of Knowledge (SoK) papers. These are papers that critically review, evaluate, and contextualize work in areas for which a body of prior literature exists, and whose contribution lies in systematizing the existing knowledge in that area.

For more information, please see https://petsymposium.org/.

March 2017

SOUPS 2017 13th Symposium on Usable Privacy and Security, Santa Clara, CA, USA, July 12–14, 2017. (Submission Due 1 March 2017) [posted here 11/21/16]
The 2017 Symposium on Usable Privacy and Security (SOUPS) will bring together an interdisciplinary group of researchers and practitioners in human computer interaction, security, and privacy. We invite authors to submit previously unpublished papers describing research or experience in all areas of usable privacy and security. We welcome a variety of research methods, including both qualitative and quantitative approaches. Topics include, but are not limited to:
- Innovative security or privacy functionality and design
- Field studies of security or privacy technology
- Usability evaluations of new or existing security or privacy features
- Security testing of new or existing usability features
- Longitudinal studies of deployed security or privacy features
- Studies of administrators or developers and support for security and privacy
- The impact of organizational policy or procurement decisions
- Lessons learned from the deployment and use of usable privacy and security features

For more information, please see https://www.usenix.org/conference/soups2017/call-for-papers.

Archival Journals Regularly Specializing in Security and Privacy

Journal of Privacy Technology (JOPT),   Editor-in-Chief:  Latanya Sweeney
This online-only Journal, started in 2004 and  operated by Carnegie Mellon University, is a forum for the publication of original current research in privacy technology. It encourages the submission of any material dealing primarily with the technological aspects of privacy or with the privacy aspects of technology, which may include analysis of the interaction between policy and technology or the technological implications of legal decisions.  More information can be found at http://www.jopt.org/.

IEEE Security and Privacy Magazine,   Editor-in-Chief: Shari Lawrence Pfleeger
IEEE Security & Privacy provides a unique combination of research articles, case studies, tutorials, and regular departments covering diverse aspects of information assurance such as legal and ethical issues, privacy concerns, tools to help secure information, analysis of vulnerabilities and attacks, trends and new developments, pedagogical and curricular issues in educating the next generation of security professionals, secure operating systems and applications, security issues in wireless networks, design and test strategies for secure and survivable systems, and cryptology.  More information can be found at http://www.computer.org/portal/web/computingnow/securityandprivacy.

ACM Transactions on Information and System Security,   Editor-in-Chief: Gene Tsudik
ACM invites submissions for its Transactions on Information and System Security, inaugurated in November 1998. TISSEC publishes original archival-quality research papers and technical notes in all areas of information and system security including technologies, systems, applications, and policies. Papers should have practical relevance to the construction, evaluation, application, or operation of secure systems. Theoretical papers will be accepted only if there is convincing argument for the practical significance of the results. Theory must be justified by convincing examples illustrating its application. More information is given on the journal web page at http://www.acm.org/tissec.

IEEE Transactions on Dependable and Secure Computing,   Editor-in-Chief: Ravi Sandhu
The IEEE Transactions on Dependable and Secure Computing publishes archival research results related to research into foundations, methodologies, and mechanisms that support the achievement—through design, modeling, and evaluation—of systems and networks that are dependable and secure to the desired degree without compromising performance. The focus will also include measurement, modeling, and simulation techniques, and foundations for jointly evaluating, verifying, and designing for performance, security, and dependability constraints. More information is given on the journal web page at http://www.computer.org/portal/web/tdsc.

The Springer Series on ADVANCES IN INFORMATION SECURITY
The purpose of the Advances in Information Security book series is to establish the state of the art and set the course for future research in information security. The scope of this series includes not only all aspects of computer, network security, and cryptography, but related areas, such as fault tolerance and software assurance. The series serves as a central source of reference for information security research and developments. The series aims to publish thorough and cohesive overviews on specific topics in Information Security, as well as works that are larger in scope than survey articles and that will contain more detailed background information. The series also provides a single point of coverage of advanced and timely topics and a forum for topics that may not have reached a level of maturity to warrant a comprehensive textbook. Prospective Authors or Editors: If you have an idea for a book that would fit in this series, we would welcome the opportunity to review your proposal. Should you wish to discuss any potential project further or receive specific information regarding book proposal requirements, please contact Professor Sushil Jajodia (jajodia@gmu.edu,703-993-1653).
 
Journal of Computer Security,   Editor-in-Chief: John Mitchell and Pierangela Samarati
JCS is an archival research journal for significant advances in computer security. Subject areas include architecture, operating systems, database systems, networks, authentication, distributed systems, formal models, verification, algorithms, mechanisms, and policies. All papers must be submitted online at http://www.iospress.nl/journal/journal-of-computer-security/. More information is given on the journal web page at http://jcs.stanford.edu/.
 
Computers & Security,   Editor-in-Chief: Eugene H. Spafford
Computers & Security aims to satisfy the needs of managers and experts involved in computer security by providing a blend of research developments, innovations, and practical management advice. Original submissions on all computer security topics are invited, particularly those of practical benefit to the practitioner. All papers must be submitted online at http://ees.elsevier.com/cose/. More information can be found at http://www.elsevier.com/locate/issn/01674048.
 
International Journal of Information Security,   Editors-in-Chief: D. Gollmann; J. Lopez; E. Okamoto
The International Journal of Information Security, IJIS, aims to provide prompt publication of important technical work in information security, attracting any person interested in communications, commerce, banking, medicine, or other areas of endeavor affected by information security. Any research submission on theory, applications, and implementations of information security is welcomed. This includes, but is not limited to, system security, network security, content protection, applications and foundations of information security. More information is given on the journal web page at http://www.springer.com/computer/security+and+cryptology/journal/10207.
 
International Journal of Network Security,   Editors-in-Chief: Min-Shiang Hwang
International Journal of Network Security is an international official journal of Science Publications, publishing original articles, reviews and short communications of a high scientific and technology in network security. Subjects covered include: access control, computer security, cryptography, communications security, data security, database security, electronic commerce security, information security, multimedia security, and network security. Authors are strongly encouraged to submit their papers electronically by using online manuscript submission at http://ijns.nchu.edu.tw/, or submit their Word, ps or pdf file to the editor-in-chief (via Email: mshwang@isrc.nchu.edu.tw): Min-Shiang Hwang, at the Department of Management Information Systems, National Chung Hsing University, Taiwan, R.O.C.  More information can be found at http://ijns.femto.com.tw/.
 
International Journal of Security and Networks,   Editors-in-Chief: Yang Xiao
International Journal of Security and Networks is an archival research journal for significant advances in network security. Subject areas include attack models, security mechanisms, security services, authentication, authorization, access control, multicast security, data confidentiality, data integrity, non-repudiation, forensics, privacy protection, secure protocols, formal analyses, intrusion detection, key management, trust establishment, revocation of malicious parties, security policies, fraudulent usage, dependability and reliability, prevention of traffic analysis, network security performance evaluation, tradeoff analysis between performance and security, security standards, etc. All papers must be submitted online at http://www.inderscience.com/ijsn/. More information is given on the journal web page at http://www.inderscience.com/ijsn/.
 
International Journal of Critical Infrastructure Protection,   Editors-in-Chief: Sujeet Shenoi
International Journal of Critical Infrastructure Protection's primary aim is to publish high quality scientific and policy papers in all areas of critical infrastructure protection. Of particular interest are articles that weave science, technology and policy to craft sophisticated yet practical solutions that will secure information, computer and network assets in the various critical infrastructure sectors. All papers must be submitted online at http://www.elsevier.com/locate/ijcip. More information is given on the journal web page at http://www.elsevier.com/locate/ijcip.
 
IEEE Transactions on Information Forensics and Security,   Editors-in-Chief: C.-C. Jay Kuo
IEEE Transactions on Information Forensics and Security aims to provide a unified locus for archival research on the fundamental contributions and the mathematics behind information forensics, information security, surveillance, and systems applications that incorporate these features. Authors are strongly encouraged to submit their papers electronically to the online manuscript system, Manuscript Central, via sps-ieee.manuscriptcentral.com.  More information can be found at http://www.ieee.org/organizations/society/sp/tifs.html.
 
EURASIP Journal on Information Security,   Editors-in-Chief: Stefan Katzenbeisser
EURASIP Journal on Information Security aims to bring together researchers and practitioners dealing with the general field of information security, with a particular emphasis on the use of signal processing tools in adversarial environments. As such, it addresses all works whereby security is achieved through a combination of techniques from cryptography, computer security, machine learning and multimedia signal processing. Application domains lie, for example, in secure storage, retrieval and tracking of multimedia data, secure outsourcing of computations, forgery detection of multimedia data, or secure use of biometrics. The journal also welcomes survey papers that give the reader a gentle introduction to one of the topics covered as well as papers that report large-scale experimental evaluations of existing techniques. Pure cryptographic papers are outside the scope of the journal. The journal also welcomes proposals for Special Issues. All papers must be submitted online at http://jis.eurasipjournals.com/manuscript.  More information can be found at http://jis.eurasipjournals.com.