Cipher
Calls for Papers



IEEE Computer Society's Technical Committee on Security and Privacy


 

Last Modified:01/23/17

Note: Please send new calls to cipher-cfp@ieee-security.org and take a moment to read the submission guidelines. And please see the Cipher Calendar for events sorted in date order. For all other questions, please contact cipher-cfp@ieee-security.org by email.

Contents

 

Special Issues of Journals and Handbooks


IEEE Security and Privacy, Special Issue on Blockchain Security and Privacy, (Submission Due 1 February 2017) [posted here 12/5/16]
Guest Editors: Ghassan Karame (NEC Laboratories Europe, Germany), and Srdjan Capkun (ETH Zurich, Switzerland)

The blockchain emerged as a novel distributed consensus scheme that allows transactions, and any other data, to be securely stored and verified without a centralized authority. For some time, the notion of blockchain was tightly coupled with Bitcoin, a well-known proof of work hash-based mechanism. Today, there are more than one hundred alternate blockchains. Some are simple variants of Bitcoin, whereas others significantly differ in their design and provide different functional and security guarantees. This shows that the research community is in search of a simple, scalable, and deployable blockchain technology. Various reports further point to an increased interest in the use of blockchains across many applications and a significant investment by different industries in their development. The blockchain will likely induce considerable change to a large number of systems and businesses. Distributed trust, and therefore security and privacy, is at the core of the blockchain technologies and has the potential to either make them a success or cause them to fail. This special issue aims to collect the most relevant ongoing research efforts in blockchain security and privacy. Topics include, but aren’t limited to:
- Platforms for decentralized consensus (Bitcoin, Ethereum, Stellar, Ripple, Open Blockchain, etc.)
- New threat models and attacks on existing blockchain technologies
- Defenses and countermeasures
- Simple payment verification modes and lightweight blockchain clients
- Anonymity and privacy issues and measures to enhance anonymity and privacy
- Proof-of-work, -stake, -burn, and other consensus alternatives
- Scalability issues and solutions
- Incentive mechanisms for blockchains
- Economic, monetary, legal, ethical, and societal aspects
- Applicability of the technology in financial markets
- Regulation and law enforcement
- Fraud detection and financial crime prevention
- Case studies (for instance, of adoption, attacks, forks, and scams)
- New applications

For more information, please see https://www.computer.org/security-and-privacy/2016/11/21/blockchain-security-and-privacy-call-for-papers/.

Elsevier Digital Communications and Networks, Special Issue on Big Data Security and Privacy, (Submission Due 15 February 2017) [posted here 1/23/17]
Guest Editors: Shui Yu (Deakin University, Australia), Peter Muller (IBM Zurich Research Laboratory, Switzerland), and Albert Zomaya (University of Sydney, Australia).

As human beings are deep into the Information Age, we have been witnessing the rapid development of Big Data. Huge amounts of data from sensors, individual archives, social networks, Internet of Things, enterprise and Internet are collected, shared and analyzed. Security and Privacy is one of the most concerned issues in Big Data. Big Data definitely desires the security and privacy protection all through the collection, transmission and analysis procedures. The features of Big Data such as Veracity, Volume, Variety and dynamicity bring new challenges to security and privacy protection. To protect the confidentiality, integrity and availability, traditional security measures such as cryptography, log/event analysis, intrusion detection/prevention and access control have taken a new dimension. To protect the privacy, new pattern of measures such as privacy-preserved data analysis need to be explored. There is a lot of work to be done in this emerging field. The purpose of this special issue is to make the security and privacy communities realizing the challenges and tasks that we face in Big Data. We focus on exploring the security and privacy aspects of Big Data as supporting and indispensable elements of the emerging Big Data research. The areas of interest include, but are not limited to, the following:
- Security technologies for collecting of Big Data
- Cryptography and Big Data
- Intrusion detection and transmission surveillance of Big Data
- Storage and system security for Big Data
- Big Data forensics
- Integrity protection and authentication of Big Data
- Access control of Big Data
- Privacy aware analysis and retrieval of Big Data
- Privacy aware data fusion of Big Data

For more information, please see https://www.journals.elsevier.com/digital-communications-and-networks/call-for-papers/big-data-security-and-privacy.

Journal of Visual Communication and Image Representation, Special Issue on Data-driven Multimedia Forensics and Security, (Submission Due 28 February 2017) [posted here 11/14/16]
Guest Editors: Anderson Rocha (University of Campinas, Brazil), Shujun Li (Universityof Surrey, UK), C.-C. Jay Kuo (University of Southern California, US), Alessandro Piva (University of Florence, Italy), and Jiwu Huang (Shenzhen University, China)

In the last decade a large number of multimedia forensic and security techniques have been proposed to evaluate integrity of multimedia data. However, most of these solutions adopt very limiting and simplifying working conditions, being more appropriate for laboratorial tests than for real-world deployment. Unfortunately, with big data requirements on the table, the stakes are higher now. Forensics and security experts are no longer required to provide the society with solutions for specific cases. Instead, we need to cope with shear amounts of data and in different operational and acquisition conditions. In addition to the traditional multimedia forensics and security research around integrity and authentication, digital images and videos have also been the core components in other related application domains, e.g. biometrics, image and video based information hiding, image and video collection forensics, automatic child porn detection, digital triage of image and video evidence, attacks on image and video-based CAPTCHAs, etc. A common feature of the above listed multimedia forensics and security problems is that they can all be solved by machine learning techniques driven by training data. In recent years, some new and powerful modeling and machine learning paradigms have been developed that allow us to glean over massive amounts of data and directly extract useful information for proper decision making, thus creating new techniques to solve those multimedia forensics and security problems with improved performance. This Special Issue invites researchers in all related fields (including but not limited to image and video signal processing, machine learning, computer vision and pattern recognition, cyber security, digital forensics) to join us in a quest for pinpointing the next-generation image and video forensics and security solutions of tomorrow, capable of processing image and video data using the recently-developed deep learning paradigm and other new modelling and learning techniques. ALL submissions must highlight their machine-learning based approach and discuss how their solutions deal with large collections of data. The core data used in your work should be visual data (images and videos). Video data may also include RGB, IR, and depth data. The topics of interest of this Special Issue are listed below. The list is not exhaustive and prospective authors should contact the editors in case of any question. Submissions can contemplate original research, serious dataset collection and benchmarking, or critical surveys. Example Topics of Interest:
- Attacks on visual CAPTCHAs
- Biometrics and counter-spoofing
- Content-protection and counter-protection
- Counter forensics
- Cyber threat analysis for image and video data
- Forensic data fusion (if at least one source contains images and videos)
- Image and video collection forensics
- Incident response related to image and video data
- Multimedia evidence recovery and validation
- Multimedia forensics (forgery detection, attribution, CGI classification)
- Multimedia provenance (phylogeny, digital triage of multimedia evidence)
- Sensitive content detection (porn and child porn detection, violence detection)
- Surveillance for forensics and security applications
- Visual analytics for forensics and security applications
- Visual information hiding: designs and attacks

For more information, please see http://www.journals.elsevier.com/journal-of-visual-communication-and-image-representation.

IEEE Security & Privacy Magazine, Special issue on Digital Forensics, (Submission Due 1 March 2017) [posted here 08/22/16]
Guest Editors: Wojciech Mazurczyk (Warsaw University of Technology & FernUniversität in Hagen, Poland), Steffen Wendzel (Fraunhofer FKIE, Germany), Luca Caviglione (National Research Council of Italy, Italy), and Simson L. Garfinkel (National Institute of Standards and Technology, USA)

Modern societies are becoming increasingly dependent on open networks where commercial activities, business transactions, and government services are delivered. Despite the benefits, these networks have led to new cyberthreats and cybersecurity issues. Abuse of and mistrust for telecommunications and computer network technologies have significant socioeconomic impacts on global enterprises as well as individuals. Cybercriminal activities such as fraud often require the investigations that span across international borders. In addition, they’re often subject to different jurisdictions and legal systems. The increased intricacy of the communication and networking infrastructure complicates investigation of such activities. Clues of illegal digital activities are often buried in large volumes of data that makes crime detection and evidence collection difficult. This poses new challenges for law enforcement and compels computer societies to utilize digital forensics to combat the growing number of cybercrimes. Forensic professionals must be fully prepared to gather effective digital evidence. Forensic techniques must keep pace with new technologies; therefore, digital forensics is becoming more important for law enforcement and information and network security. This multidisciplinary area includes several fields, including law, computer science, finance, networking, data mining, and criminal justice. It faces diverse challenges and issues in terms of the efficiency of digital evidence processing and related forensic procedures. This special issue aims to collect the most relevant ongoing research efforts in digital forensics field. Topics include, but aren’t limited to:
- real-world case studies, best practices, and readiness;
- challenges and emerging trends;
- digital forensic triage;
- antiforensics and anti-antiforensics approaches;
- networking incident response, investigation, and evidence handling;
- network forensics and traffic analysis;
- detecting illegal sites and traffic (for instance, child abuse/exploitation);
- malware and targeted attacks including analysis and attribution;
- information-hiding techniques (network stenography, covert channels, and so on);
- stealth communication through online games and its detection;
- use and implications of machine learning in digital forensics;
- big data and digital forensics;
- network traffic fingerprinting and attacks;
- cybercrimes design, detection, and investigation;
- cybercrime issues and solutions from a digital forensics perspective;
- nontraditional forensic scenarios and approaches (for instance, vehicles, SCADA, automation and control);
- social networking forensics;
- cloud forensics;
- law enforcement and digital forensics; and
- digital forensics for incident response, research, policy compliance enforcement, and so on.

For more information, please see https://www.computer.org/web/computingnow/spcfp6.

Conference and Workshop Call-for-papers

February 2017

IWPE 2017 3rd International Workshop on Privacy Engineering, Co-located with IEEE Symposium on Security and Privacy (SP 2017), San Jose, CA, USA, May 25, 2017. (Submission Due 3 February 2017) [posted here 11/7/16]
Ongoing news reports regarding global surveillance programs, massive personal data breaches in corporate databases, and notorious examples of personal tragedies due to privacy violations have intensified societal demands for privacy-friendly systems. In response, current legislative and standardization processes worldwide aim to strengthen individual’s privacy by introducing legal, organizational and technical frameworks that personal data collectors and processors must follow. However, in practice, these initiatives alone are not enough to guarantee that organizations and software developers will be able to identify and adopt appropriate privacy engineering techniques in their daily practices. Even if so, it is difficult to systematically evaluate whether the systems they develop using such techniques comply with legal frameworks, provide necessary technical assurances, and fulfill users’ privacy requirements. It is evident that research is needed in developing techniques and tools that can aid the translation of legal and normative concepts, as well as user expectations into systems requirements. Furthermore, methods that can support organizations and engineers in developing (socio-)technical systems that address these requirements is of increasing value to respond to the existing societal challenges associated with privacy. In this context, privacy engineering research is emerging as an important topic. Engineers are increasingly expected to build and maintain privacy-preserving and data-protection compliant systems in different ICT domains such as health, energy, transportation, social computing, law enforcement, public services; based on different infrastructures such as cloud, grid, or mobile computing and architectures. While there is a consensus on the benefits of an engineering approach to privacy, concrete proposals for models, methods, techniques and tools that support engineers and organizations in this endeavor are few and in need of immediate attention. To cover this gap, the topics of the International Workshop on Privacy Engineering (IWPE'17) focus on all the aspects surrounding privacy engineering, ranging from its theoretical foundations, engineering approaches, and support infrastructures, to its practical application in projects of different scale. Specifically, we are seeking the following kinds of papers: (1) technical papers that illustrate the engineering or application of a novel formalism, method or other research finding (e.g., a privacy enhancing protocol) with preliminary evaluation; (2) experience and practice papers that describe a case study, challenge or lessons learned from in a specific domain; (3) early evaluations of tools and other infrastructure that support engineering tasks in privacy requirements, design, implementation, testing, etc.; (4) interdisciplinary studies or critical reviews of existing privacy engineering concepts, methods, tools and frameworks; or (5) vision papers that take a clear position informed by evidence based on a thorough literature review. IWPE’17 welcomes papers that focus on novel solutions on the recent developments in the general area of privacy engineering. Topics of interests include, but are not limited to:
- Integrating law and policy compliance into the development process
- Privacy impact assessment during software development
- Privacy risk management models
- Privacy breach recovery Methods
- Technical standards, heuristics and best practices for privacy engineering
- Privacy engineering in technical standards
- Privacy requirements elicitation and analysis methods
- User privacy and data protection requirements
- Management of privacy requirements with other system requirements
- Privacy requirements elicitation and analysis techniques
- Privacy engineering strategies and design patterns
- Privacy-preserving architectures
- Privacy engineering and databases, services, and the cloud
- Privacy engineering in networks
- Engineering techniques for fairness, transparency, and privacy in databases
- Privacy engineering in the context of interaction design and usability
- Privacy testing and evaluation methods
- Validation and verification of privacy requirements
- Privacy Engineering and design
- Engineering Privacy Enhancing Technologies (PETs)
- Integration of PETs into systems
- Models and approaches for the verification of privacy properties
- Tools and formal languages supporting privacy engineering
- Teaching and training privacy engineering
- Adaptations of privacy engineering into specific software development processes
- Pilots and real-world applications
- Evaluation of privacy engineering methods, technologies and tools
- Privacy engineering and accountability
- Privacy engineering and business processes
- Privacy engineering and manageability of data in (large) enterprises
- Organizational, legal, political and economic aspects of privacy engineering

For more information, please see http://ieee-security.org/TC/SPW2017/IWPE/.

ACNS 2017 15th International Conference on Applied Cryptography and Network Security, Kanazawa, Japan, July 10-12, 2017. (Submissions Due 3 February 2017) [posted here 12/12/16]
ACNS is an annual conference focusing on innovative research and current developments that advance the areas of applied cryptography, cyber security and privacy. Both academic research works with high relevance to real-world problems as well as developments in industrial and technical frontiers fall within the scope of the conference. Submissions may focus on the modelling, design, analysis (including security proofs and attacks), development (e.g. implementations), deployment (e.g. system integration), and maintenance (including performance measurements, usability studies) of algorithms / protocols / standards / implementations / technologies / devices / systems, standing in close relation with applied cryptography, cyber security and privacy, while advancing or bringing new insights to the state of the art.

For more information, please see https://cy2sec.comm.eng.osaka-u.ac.jp/acns2017/.

USENIX Security 2017 26th USENIX Security Symposium, Vancouver, Canada, August 16–18, 2017. (Submissions Due 16 February 2017) [posted here 1/23/17]
The USENIX Security Symposium brings together researchers, practitioners, system administrators, system programmers, and others interested in the latest advances in the security and privacy of computer systems and networks. All researchers are encouraged to submit papers covering novel and scientifically significant practical works in computer security. USENIX Security is interested in all aspects of computing systems security and privacy. Papers without a clear application to security or privacy, however, will be considered out of scope and may be rejected without full review.

For more information, please see https://www.usenix.org/conference/usenixsecurity17/call-for-papers.

CSF 2017 30th IEEE Computer Security Foundations Symposium, Co-located with CRYPTO 2017, Santa Barbara, California, USA, August 22-25, 2017. (Submissions Due 17 February 2017) [posted here 12/12/16]
The Computer Security Foundations Symposium is an annual conference for researchers in computer security. CSF seeks papers on foundational aspects of computer security, such as formal security models, relationships between security properties and defenses, principled techniques and tools for design and analysis of security mechanisms, as well as their application to practice. While CSF welcomes submissions beyond the topics listed below, the main focus of CSF is foundational security: submissions that lack foundational aspects risk rejection. This year, CSF will use a light form of double-blind reviewing. New results in computer security are welcome. We also encourage challenge/vision papers, which may describe open questions and raise fundamental concerns about security.

For more information, please see http://csf2017.tecnico.ulisboa.pt/.

WICSPIT 2017 Workshop on Innovative CyberSecurity and Privacy for Internet of Things: Strategies, Technologies, and Implementations, Held in conjunction with the International Conference on Internet of Things, Big Data and Security (IoTBDS 2017), Porto, Portugal, April 24 - 26, 2017. (Submissions Due 20 February 2017) [posted here 1/23/17]
Cyber-attackers are steadily getting more creative and ambitious in their exploits and causing real-world damage (e.g., the German steel mill hack in 2014, the Ukrainian Power Grid hack in 2015). Proprietary and personally identifiable information are vulnerable to leakage as well (e.g., the Sony hack in 2014, the US Office of Personnel Management in 2014). The Internet of Things (IoT), a platform which allows everything to process information, communicate data, and analyze context opens up new vulnerabilities for both security and privacy. Smart buildings and smart cities, for example, will collect and process data for millions of individuals. Industrial systems, which were never intended to be linked via common protocols, are recognized as suddenly being open to security threats that can limit service availability and possibly cause considerable damage. Autonomous systems allowed to operate with minimal oversight are ripe targets for cyber-attacks. Data stored and processed in confidence in the cloud may be subject to exfiltration, leading to public embarrassment or the exposure of proprietary information. As cyber-events increase in number and severity, security engineers must incorporate innovative cybersecurity strategies and technologies to safeguard their systems and confidential information. A strategy to address a cybersecurity vulnerability, once identified, must understand the nature of the vulnerability and how to mitigate it. The “security tax” or “privacy tax” (system and service degradation) caused by the implementation of the mitigating security technologies may be so great that the end user bypasses the technologies and processes meant to ensure the system’s security and privacy. A practical reality of the adoption of IoT is that it will require integration of new technologies with existing systems and infrastructure, which will continue to expose new security and privacy vulnerabilities; re-engineering may be required. The human element of IoT, the user, must be considered, and how the user and the IoT system interact to optimize system security and user privacy must be defined. Cyber-attackers and cyber victims are often in different countries, the transnational nature of many cyber-events necessitate the consideration of public policy and legal concerns as well. This workshop aims to showcase new and emerging strategies and technologies for forecasting, mitigating, countering, and attributing cyber-events that threaten security and privacy within the realm of IoT. The institutional benefits of IoT adoption are clear, however security and privacy concerns are constantly coming to light. As organizations—both public and private, large and small—adopt new IoT technologies, we hope that this workshop can serve as an opening conversation between government, industry, and academia for the purpose of addressing those concerns.

For more information, please see http://iotbds.org/WICSPIT.aspx.

IVSW 2017 2nd International Verification and Security Workshop, Thessaloniki, Greece, July 3-5, 2017. (Submissions Due 26 February 2017) [posted here 1/23/17]
Issues related to verification and security are increasingly important in modern electronic systems. In particular, the huge complexity of electronic systems has led to growth in quality, reliability and security needs in several application domains as well as pressure for low cost products. There is a corresponding increasing demand for cost-effective verification techniques and security solutions. These needs have increased dramatically with the increased complexity of electronic systems and the fast adoption of these systems in all aspects of our daily lives. The goal of IVSW is to bring industry practitioners and researchers from the fields of verification, validation, test, reliability and security to exchange innovative ideas and to develop new methodologies for solving the difficult challenges facing us today in various SoC design environments.   The workshop seeks submissions from academia and industry presenting novel research results on the following topics of interest:
- Verification challenges of IoT
- High-level test generation for functional verification
- Emulation techniques and FPGA prototyping
- Triage and debug methodologies
- Silicon debugging
- Low-power verification
- Formal techniques and their applications
- Verification coverage
- Performance validation and characterization
- Design for Verifiability (DFV)
- Memory and coherency verification
- ESL design and Virtual Platforms
- Security verification
- Design for security
- Hardware Security IP
- Secure circuit design
- Fault-based attacks and counter measures
- Security solutions for analog/mixed signal circuits
- Security Applications in automotive, railway, avionics and space
- Internet of Things (IoT) security considerations
- Data analytics in verification and security
- Security EDA tools
- Hardware/software security and verification

For more information, please see http://tima.imag.fr/conferences/ivsw/ivsw17/.

PETS 2017 17th Privacy Enhancing Technologies Symposium, Minneapolis, MN, USA, July 18 – July 21, 2017. (Submission Due 31 August 2016; 30 November 2016; 28 February 2017) [posted here 8/8/16]
The annual Privacy Enhancing Technologies Symposium (PETS) brings together privacy experts from around the world to present and discuss recent advances and new perspectives on research in privacy technologies. Papers undergo a journal-style reviewing process and accepted papers are published in Proceedings on Privacy Enhancing Technologies (PoPETs), a scholarly, open access journal. Submitted papers should present novel practical and/or theoretical research into the design, analysis, experimentation, or fielding of privacy-enhancing technologies. While PETS/PoPETs has traditionally been home to research on anonymity systems and privacy-oriented cryptography, we strongly encourage submissions on a number of both well-established and emerging privacy-related topics, for which examples are provided below. PoPETs also solicits submissions for Systematization of Knowledge (SoK) papers. These are papers that critically review, evaluate, and contextualize work in areas for which a body of prior literature exists, and whose contribution lies in systematizing the existing knowledge in that area.

For more information, please see https://petsymposium.org/.

March 2017

SOUPS 2017 13th Symposium on Usable Privacy and Security, Santa Clara, CA, USA, July 12–14, 2017. (Submission Due 1 March 2017) [posted here 11/21/16]
The 2017 Symposium on Usable Privacy and Security (SOUPS) will bring together an interdisciplinary group of researchers and practitioners in human computer interaction, security, and privacy. We invite authors to submit previously unpublished papers describing research or experience in all areas of usable privacy and security. We welcome a variety of research methods, including both qualitative and quantitative approaches. Topics include, but are not limited to:
- Innovative security or privacy functionality and design
- Field studies of security or privacy technology
- Usability evaluations of new or existing security or privacy features
- Security testing of new or existing usability features
- Longitudinal studies of deployed security or privacy features
- Studies of administrators or developers and support for security and privacy
- The impact of organizational policy or procurement decisions
- Lessons learned from the deployment and use of usable privacy and security features

For more information, please see https://www.usenix.org/conference/soups2017/call-for-papers.

DBSec 2017 31st Annual IFIP WG 11.3 Conference on Data and Applications Security and Privacy, Philadelphia, PA, USA, July 17-19, 2017. (Submission Due 6 March 2017) [posted here 1/2/17]
DBSec is an annual international conference covering research in data and applications security and privacy. The 31st Annual IFIP WG 11.3 Conference on Data and Applications Security and Privacy (DBSec 2017) will be held in Philadelphia, PA, USA. The conference seeks submissions from academia, industry, and government presenting novel research on all theoretical and practical aspects of data protection, privacy, and applications security. Topics of interest include, but are not limited to:
- access control 
- anonymity
- applied cryptography in data security 
- authentication
- big data security 
- data and system integrity
- data protection 
- database security 
- digital rights management 
- identity management  
- intrusion detection
- knowledge discovery and privacy
- methodologies for data and application security 
- network security 
- organizational security 
- privacy  
- secure cloud computing
- secure distributed systems 
- secure information integration 
- secure Web services  
- security and privacy in crowdsourcing
- security and privacy in IT outsourcing 
- security and privacy in the Internet of Things 
- security and privacy in location-based services
- security and privacy in P2P scenarios and social networks
- security and privacy in pervasive/ubiquitous computing
- security and privacy policies
- security management
- security metrics
- threats, vulnerabilities, and risk management
- trust and reputation systems
- trust management
- wireless and mobile security

For more information, please see https://dbsec2017.ittc.ku.edu/.

WiSec 2017 10th ACM Conference on Security and Privacy in Wireless and Mobile Networks, Boston, MA, USA, July 18-20, 2017. (Submission Due 13 March 2017) [posted here 12/19/16]
ACM WiSec is the leading ACM and SIGSAC conference dedicated to all aspects of security and privacy in wireless and mobile networks and their applications. In addition to the traditional ACM WiSec topics of physical, link, and network layer security, we welcome papers focusing on the security and privacy of mobile software platforms, usable security and privacy, biometrics, cryptography, and the increasingly diverse range of mobile or wireless applications such as Internet of Things, and Cyber-Physical Systems. The conference welcomes both theoretical as well as systems contributions. Topics of interest include, but are not limited to:
- Security & privacy for smart devices (e.g., smartphones)
- Wireless and mobile privacy and anonymity
- Secure localization and location privacy
- Cellular network fraud and security
- Jamming attacks and defenses
- Key management (agreement or distribution) for wireless or mobile systems
- Information-theoretic security schemes for wireless systems
- Theoretical and formal approaches for wireless and mobile security
- Cryptographic primitives for wireless and mobile security
- NFC and smart payment applications
- Security and privacy for mobile sensing systems
- Wireless or mobile security for emerging applications (e.g, privacy in health, automotive, avionics, smart grid, or IoT applications)
- Physical tracking security and privacy
- Usable mobile security and privacy
- Economics of mobile security and privacy
- Bring Your Own Device (BYOD) security
- Mobile malware and platform security
- Security for cognitive radio and dynamic spectrum access systems
- Security protocols for wireless networking

For more information, please see http://wisec2017.ccs.neu.edu/.

RAID 2017 20th International Symposium on Research in Attacks, Intrusions and Defenses, Atlanta, GA, USA, September 18-20, 2017. (Submission Due 28 March 2017) [posted here 12/19/16]
Over the last 20 years, the International Symposium on Research in Attacks, Intrusions and Defenses (RAID) has established itself as a venue where leading researchers and practitioners from academia, industry, and the government are given the opportunity to present novel research in a unique venue to an engaged and lively community. The conference is known for the quality and thoroughness of the reviews of the papers submitted, the desire to build a bridge between research carried out in different communities, and the emphasis given on the need for sound experimental methods and measurement to improve the state of the art in cybersecurity. RAID features a traditional poster session with a walking dinner on the first evening to encourage the presentation of work in progress and the active participation of younger members of the community. In this special year, the 20th anniversary of RAID's creation, we are soliciting research papers on topics covering all well-motivated security problems. We care about techniques that identify new real-world threats, techniques to prevent them, to detect them, to mitigate them or to assess their prevalence and their consequences. Measurement papers are encouraged, as well as papers offering public access to new tools or datasets, or experience papers that clearly articulate important lessons. Specific topics of interest to RAID include:
- Computer, network and cloud computing security
- SDN for/against security
- Malware and unwanted software
- Program analysis and reverse engineering
- Mobile and Web security and privacy
- Vulnerability analysis techniques
- Usable security and privacy
- Intrusion detection and prevention
- Cyber intelligence techniques and (privacy preserving) threats intel sharing
- Threats against critical infrastructures and mitigation thereof
- Hardware security, Cyber physical systems, IoT security
- Statistical and adversarial learning for computer security
- Cyber crime and underground economies
- The ecosystem behind Denial-of-Service attacks
- Security measurement studies
- Digital forensics
- Computer security visualization techniques

For more information, please see https://www.raid2017.org/.

April 2017
May 2017

PST 2017 15th Conference on Privacy, Security and Trust, Calgary, Alberta, Canada, August 28-30, 2017. (Submission Due 15 May 2017) [posted here 1/16/17]
PST2017 provides a forum for researchers and practitioners to present their latest research results, developments and ideas in areas of privacy, security and trust. PST 2017 topics are inter-disciplinary across privacy, security and trust. Technologies  of interest include, but are not limited to:
- Access Control
- Adversarial Machine Learning
- Anonymity, Accountability and Audit
- Attacks on Security and Privacy
- Authentication
- Biometrics
- Blockchain and Related Technologies
- Computer and Network Forensics
- Cryptographic Protocols
- Distributed Trust and Consensus
- Formal Methods for Security and Privacy
- Identity Management
- Intrusion Detection
- Key Management
- Metrics for Security and Privacy
- Privacy Preserving/Enhancing Technologies
- Program Analysis for Security and Privacy
- Quantum-resistant Cryptography
- Reputation Systems
- Threat modeling and risk analysis

For more information, please see http://www.ucalgary.ca/pst2017/.

ACM CCS 2017 24th ACM Conference on Computer and Communication Security, Dallas, TX, USA, October 30 - November 3, 2017. (Submission Due 19 May 2017) [posted here 1/23/17]
The ACM Conference on Computer and Communications Security (CCS) is the flagship annual conference of the Special Interest Group on Security, Audit and Control (SIGSAC) of the Association for Computing Machinery (ACM). The conference brings together information security researchers, practitioners, developers, and users from all over the world to explore cutting-edge ideas and results. It provides an environment to conduct intellectual discussions. From its inception, CCS has established itself as a high-standard research conference in its area.

For more information, please see https://www.sigsac.org/ccs/CCS2017.

June 2017

ACSAC 2017 33rd Annual Computer Security Applications Conference, San Juan, Puerto Rico, December 4-8, 2017. (Submission Due 1 June 2017) [posted here 1/23/17]
The Annual Computer Security Applications Conference (ACSAC) is an internationally recognized forum where practitioners, researchers, and developers in information and system security meet to learn and to exchange practical ideas and experiences. If you are developing, researching, or implementing practical security solutions, consider sharing your experience and expertise at ACSAC. We are especially interested in submissions that address the application of security technology, the implementation of systems, and lessons learned. Some example topics are:
- Access Control
- Anonymity
- Applied Cryptography
- Assurance
- Audit
- Biometrics
- Security case studies
- Cloud Security
- Cyber-Physical Systems
- Denial of Service Protection
- Distributed Systems Security
- Embedded Systems Security
- Enterprise Security Management
- Evaluation and Compliance
- Digital Forensics
- Identity Management
- Incident Response
- Insider Threat Protection
- Integrity
- Intrusion Detection
- Intellectual Property
- Malware
- Mobile/Wireless Security
- Multimedia Security
- Network Security
- OS Security
- P2P Security
- Privacy & Data Protection
- Privilege Management
- Resilience
- Security and Privacy of the Internet of Things
- Security Engineering
- Software Security
- Supply Chain Security
- Trust Management
- Trustworthy Computing
- Usability and Human-centric Aspects of Security
- Virtualization Security
- Web Security

For more information, please see http://www.acsac.org.

Archival Journals Regularly Specializing in Security and Privacy

Journal of Privacy Technology (JOPT),   Editor-in-Chief:  Latanya Sweeney
This online-only Journal, started in 2004 and  operated by Carnegie Mellon University, is a forum for the publication of original current research in privacy technology. It encourages the submission of any material dealing primarily with the technological aspects of privacy or with the privacy aspects of technology, which may include analysis of the interaction between policy and technology or the technological implications of legal decisions.  More information can be found at http://www.jopt.org/.

IEEE Security and Privacy Magazine,   Editor-in-Chief: Shari Lawrence Pfleeger
IEEE Security & Privacy provides a unique combination of research articles, case studies, tutorials, and regular departments covering diverse aspects of information assurance such as legal and ethical issues, privacy concerns, tools to help secure information, analysis of vulnerabilities and attacks, trends and new developments, pedagogical and curricular issues in educating the next generation of security professionals, secure operating systems and applications, security issues in wireless networks, design and test strategies for secure and survivable systems, and cryptology.  More information can be found at http://www.computer.org/portal/web/computingnow/securityandprivacy.

ACM Transactions on Information and System Security,   Editor-in-Chief: Gene Tsudik
ACM invites submissions for its Transactions on Information and System Security, inaugurated in November 1998. TISSEC publishes original archival-quality research papers and technical notes in all areas of information and system security including technologies, systems, applications, and policies. Papers should have practical relevance to the construction, evaluation, application, or operation of secure systems. Theoretical papers will be accepted only if there is convincing argument for the practical significance of the results. Theory must be justified by convincing examples illustrating its application. More information is given on the journal web page at http://www.acm.org/tissec.

IEEE Transactions on Dependable and Secure Computing,   Editor-in-Chief: Ravi Sandhu
The IEEE Transactions on Dependable and Secure Computing publishes archival research results related to research into foundations, methodologies, and mechanisms that support the achievement—through design, modeling, and evaluation—of systems and networks that are dependable and secure to the desired degree without compromising performance. The focus will also include measurement, modeling, and simulation techniques, and foundations for jointly evaluating, verifying, and designing for performance, security, and dependability constraints. More information is given on the journal web page at http://www.computer.org/portal/web/tdsc.

The Springer Series on ADVANCES IN INFORMATION SECURITY
The purpose of the Advances in Information Security book series is to establish the state of the art and set the course for future research in information security. The scope of this series includes not only all aspects of computer, network security, and cryptography, but related areas, such as fault tolerance and software assurance. The series serves as a central source of reference for information security research and developments. The series aims to publish thorough and cohesive overviews on specific topics in Information Security, as well as works that are larger in scope than survey articles and that will contain more detailed background information. The series also provides a single point of coverage of advanced and timely topics and a forum for topics that may not have reached a level of maturity to warrant a comprehensive textbook. Prospective Authors or Editors: If you have an idea for a book that would fit in this series, we would welcome the opportunity to review your proposal. Should you wish to discuss any potential project further or receive specific information regarding book proposal requirements, please contact Professor Sushil Jajodia (jajodia@gmu.edu,703-993-1653).
 
Journal of Computer Security,   Editor-in-Chief: John Mitchell and Pierangela Samarati
JCS is an archival research journal for significant advances in computer security. Subject areas include architecture, operating systems, database systems, networks, authentication, distributed systems, formal models, verification, algorithms, mechanisms, and policies. All papers must be submitted online at http://www.iospress.nl/journal/journal-of-computer-security/. More information is given on the journal web page at http://jcs.stanford.edu/.
 
Computers & Security,   Editor-in-Chief: Eugene H. Spafford
Computers & Security aims to satisfy the needs of managers and experts involved in computer security by providing a blend of research developments, innovations, and practical management advice. Original submissions on all computer security topics are invited, particularly those of practical benefit to the practitioner. All papers must be submitted online at http://ees.elsevier.com/cose/. More information can be found at http://www.elsevier.com/locate/issn/01674048.
 
International Journal of Information Security,   Editors-in-Chief: D. Gollmann; J. Lopez; E. Okamoto
The International Journal of Information Security, IJIS, aims to provide prompt publication of important technical work in information security, attracting any person interested in communications, commerce, banking, medicine, or other areas of endeavor affected by information security. Any research submission on theory, applications, and implementations of information security is welcomed. This includes, but is not limited to, system security, network security, content protection, applications and foundations of information security. More information is given on the journal web page at http://www.springer.com/computer/security+and+cryptology/journal/10207.
 
International Journal of Network Security,   Editors-in-Chief: Min-Shiang Hwang
International Journal of Network Security is an international official journal of Science Publications, publishing original articles, reviews and short communications of a high scientific and technology in network security. Subjects covered include: access control, computer security, cryptography, communications security, data security, database security, electronic commerce security, information security, multimedia security, and network security. Authors are strongly encouraged to submit their papers electronically by using online manuscript submission at http://ijns.nchu.edu.tw/, or submit their Word, ps or pdf file to the editor-in-chief (via Email: mshwang@isrc.nchu.edu.tw): Min-Shiang Hwang, at the Department of Management Information Systems, National Chung Hsing University, Taiwan, R.O.C.  More information can be found at http://ijns.femto.com.tw/.
 
International Journal of Security and Networks,   Editors-in-Chief: Yang Xiao
International Journal of Security and Networks is an archival research journal for significant advances in network security. Subject areas include attack models, security mechanisms, security services, authentication, authorization, access control, multicast security, data confidentiality, data integrity, non-repudiation, forensics, privacy protection, secure protocols, formal analyses, intrusion detection, key management, trust establishment, revocation of malicious parties, security policies, fraudulent usage, dependability and reliability, prevention of traffic analysis, network security performance evaluation, tradeoff analysis between performance and security, security standards, etc. All papers must be submitted online at http://www.inderscience.com/ijsn/. More information is given on the journal web page at http://www.inderscience.com/ijsn/.
 
International Journal of Critical Infrastructure Protection,   Editors-in-Chief: Sujeet Shenoi
International Journal of Critical Infrastructure Protection's primary aim is to publish high quality scientific and policy papers in all areas of critical infrastructure protection. Of particular interest are articles that weave science, technology and policy to craft sophisticated yet practical solutions that will secure information, computer and network assets in the various critical infrastructure sectors. All papers must be submitted online at http://www.elsevier.com/locate/ijcip. More information is given on the journal web page at http://www.elsevier.com/locate/ijcip.
 
IEEE Transactions on Information Forensics and Security,   Editors-in-Chief: C.-C. Jay Kuo
IEEE Transactions on Information Forensics and Security aims to provide a unified locus for archival research on the fundamental contributions and the mathematics behind information forensics, information security, surveillance, and systems applications that incorporate these features. Authors are strongly encouraged to submit their papers electronically to the online manuscript system, Manuscript Central, via sps-ieee.manuscriptcentral.com.  More information can be found at http://www.ieee.org/organizations/society/sp/tifs.html.
 
EURASIP Journal on Information Security,   Editors-in-Chief: Stefan Katzenbeisser
EURASIP Journal on Information Security aims to bring together researchers and practitioners dealing with the general field of information security, with a particular emphasis on the use of signal processing tools in adversarial environments. As such, it addresses all works whereby security is achieved through a combination of techniques from cryptography, computer security, machine learning and multimedia signal processing. Application domains lie, for example, in secure storage, retrieval and tracking of multimedia data, secure outsourcing of computations, forgery detection of multimedia data, or secure use of biometrics. The journal also welcomes survey papers that give the reader a gentle introduction to one of the topics covered as well as papers that report large-scale experimental evaluations of existing techniques. Pure cryptographic papers are outside the scope of the journal. The journal also welcomes proposals for Special Issues. All papers must be submitted online at http://jis.eurasipjournals.com/manuscript.  More information can be found at http://jis.eurasipjournals.com.