Cipher
Calls for Papers



IEEE Computer Society's Technical Committee on Security and Privacy


 

Last Modified:01/25/16

Note: Please send new calls to cipher-cfp@ieee-security.org and take a moment to read the submission guidelines. And please see the Cipher Calendar for events sorted in date order. For all other questions, please contact cipher-cfp@ieee-security.org by email.

Contents

 

Special Issues of Journals and Handbooks


IEEE Computer, Special Issue on Supply Chain Security for Cyber-Infrastructure. (Submission Due 1 February 2016) [posted here 12/14/15]
Editors: Domenic Forte (University of Florida, USA), Swarup Bhunia (University of Florida, USA), Ron Perez (Cryptography Research Inc., USA), and Yongdae Kim, Korea Advanced Institute of Science and Technology, Korea).

Design, fabrication, assembly, distribution, system integration, and disposal of today's electronic components, systems, and software involve multiple untrusted parties. Recent reports demonstrate that this long and globally distributed supply chain is vulnerable to counterfeiting (cloning, overproduction, recycling, etc.) and malicious design modification (such as Trojan attacks). The issues associated with counterfeit components include security and reliability risks to critical systems, profit and reputation loss for intellectual property owners, and the discouragement of innovation in system development. Recent bugs such as Heartbleed have shown that flaws in open source and third-party code can have a tremendous impact, including the leakage of sensitive and personal data. While awareness in the hardware supply chain has increased in recent years, the scope of the problem has continued to grow and evolve. Data from the Government and Industry Data Exchange Program and Information Handling Services Inc. indicates a sixfold and fourfold increase, respectively, in reported counterfeit components over the last four years. Existing solutions fail to provide adequate protection against supply chain security issues, and many are too intrusive and expensive to be practical for industry use. Most focus on protecting custom digital integrated circuits (ICs) such as processors and field-programmable gate arrays. However, many other large and small electronic systems and components are just as susceptible to recycling, cloning, and tampering, but have not been adequately addressed. Meanwhile, recent reports by the Business Software Alliance highlight the widespread use of unlicensed software in emerging markets, which account for the majority of PCs in use globally. Furthermore, the software distribution model has shifted from purchases made in stores to those made online, creating even more opportunities for hackers to manipulate code and/or spread malware. This special issue is intended to raise awareness of supply chain issues, highlight new attacks, point out the existing solutions, and encourage fresh protection approaches. It will focus on supply chain security, as well as comprehensive, cost effective, and easy-to-use solutions. We solicit articles on topics related to security in all parts of the hardware and software supply chain. While articles that focus on specific supply chain security gaps are acceptable, those that address problems with all steps of the supply chain and/or hardware-software integration are strongly encouraged. Example topics include, but are not limited to, the following:
- Analysis of supply chain vulnerabilities and trends
- Risk-based analysis for counterfeit electronics, pirated software, and/or malicious hardware and software
- Quantitative metrics for hardware and software supply chain security
- Security at hardware-software integration boundaries
- Hardware and software reverse engineering and anti-reverse engineering
- Hardware and software Trojan detection, prevention, and recovery
- Provenance for counterfeit electronics and unlicensed software
- Secure software delivery and digital rights management
- Primitives, sensors, and tests for counterfeit electronics detection
- Novel solutions for analog and mixed-signal counterfeit ICs
- Hardware metering at device and system levels
- Tracking and tracing of electronic devices and systems

For more information, please see http://www.computer.org/web/computingnow/cocfp8.

IEEE Cloud Computing, Special Issue on Cloud Security. (Submission Due 29 February 2016) [posted here 1/11/16]
Editors: Peter Mueller (IBM Zurich Research Laboratory, Switzerland), Chin-Tser Huang (University of South Carolina, USA), Shui Yu (Deakin University, Australia), Zahir Tari (RMIT University, Australia), and Ying-Dar Lin (National Chiao Tung University, Taiwan).

Many critical applications - from medical, financial, and big data applications to applications with real-time constraints - are being migrated to cloud platforms. It's been predicted that the bulk of future IT infrastructure spending will be on cloud platforms and applications, and nearly half of all large enterprises are planning cloud deployments by the end of 2017. However, cloud computing systems and services are also major targets for cyberattackers. Because the cloud infrastructure is always, to a certain degree, an open and shared resource, it's subject to malicious attacks from both insiders and outsiders. Side-channel attacks, identity hijacking, and distribution of malicious code have all been observed. Thus, centralized management of security in cloud environments needs to be carefully analyzed and maintained. These vulnerabilities point to the importance of protecting cloud platforms, infrastructures, hosted applications, and information data, and create demand for much higher-level cloud security management than is available today. This calls for comprehensive vulnerability analyses and massive theoretical and practical innovation in security technologies. This special issue aims to address these needs. Areas of interest for the special issue include, but are not limited to:
- Access control mechanisms for clouds
- Cloud security management
- Colluding attacks over multiple clouds
- Distributed denial of service in clouds
- Information retrieval on encrypted data in clouds
- Information sharing and data protection in clouds
- Intrusion detection in clouds
- Privacy policy framework for clouds
- Secure applications distributed over clouds
- Secure big data in clouds
- Security architectures for mobile cloud computing
- Security in software-defined networks.
- Security protocols for cloud computing
- Trust computing for meshed cloud services
- Virtualization of security in clouds

For more information, please see http://www.computer.org/cloudcomputing.

Call for Book Chapters: Empirical Research for Software Security: Foundations and Experience, Taylor & Francis Group, LLC. (Submission Due 15 May 2016) [posted here 1/11/16]
This book introduces the reader to using empirical research methods in exploring software security challenges. These methods include data analytics, questionnaires, interviews, and surveys that produce evidence for or against given claims. The book provides the foundations for using these empirical methods of collecting evidence about tools, techniques, methods, and processes for developing secure software using practical examples. Developing secure software requires the integration of methods, such as threat modeling and risk assessment and the integration of tools, such as security testing and code analysis tools into the development process. The design of such methods and processes is in general an artistic endeavor that is based on the shared expert knowledge, claims, and opinions. Empirical research methods allow extracting knowledge and insights from the data that organizations collect from their processes and tools and from the opinions of the experts who practice these processes and methods. This knowledge extraction contributes to maturing the design and adaptation of these techniques, methods, and processes. Example of the topics of interest include:
- The science of secure software
- Survey of threat modeling techniques
- Empirical research in software security
- The fundamentals of data analytics for secure software
- Assessment of the challenges of developing secure software using the agile approach
- Assessment of the usability of security code analysis tools
- The impact of security assessment on the developers' security awareness
- The efficiency of security training
- Combinatorial testing for software security

For more information, please see https://www.sit.fraunhofer.de/de/ijsse/?no_cache=1.

IEEE Transactions on Computers, Special Section on Secure Computer Architectures. (Submission Due 30 May 2016) [posted here 12/7/15]
Editors: Ruby Lee (Princeton University, USA), Patrick Schaumont (Virginia Tech, USA), Ron Perez (Cryptography Research Inc., USA), and Guido Bertoni (ST Microelectronics, USA).

Nowadays, computer architectures are profoundly affected by a new security landscape, caused by the dramatic evolution of information technology over the past decade. First, secure computer architectures have to support a wide range of security applications that extend well beyond the desktop environment, and that also include handheld, mobile and embedded architectures, as well as high-end computing servers. Second, secure computer architectures have to support new applications of information security and privacy, as well as new information security standards. Third, secure computer architectures have to be protected and be tamper-resistant at multiple abstraction levels, covering network, software, and hardware. This Special Section from Transactions on Computers aims to capture this evolving landscape of secure computing architectures, to build a vision of opportunities and unresolved challenges. It is expected that contributed submissions will place emphasis on secure computing in general and on engineering and architecture design aspects of security in particular. IEEE Transactions on Computers seeks original manuscripts for a Special Section on Secure Computer Architectures tentatively scheduled to appear in the July 2017 issue. The topics of interest for this special section include:
- Cryptographic Primitives
- Homomorphic Computing and Multiparty Computing
- Scalability Issues of Server-level Secure Computing
- High Performance/Low Power Cryptography
- Oblivious RAM
- Side-Channel Analysis
- Side-channel attacks and defenses
- Hardware Trojans and Backdoors
- Hardware Vulnerabilities - Counters, Caches, Shared Memory
- Computing Architectures for Isolation
- Smartphone Security
- Embedded Systems Security
- Secure Processors and Systems
- Hardware Security
- Secure Virtualization and Memory Safety
- Security Simulation, Testing, Validation and Verification
- Metrics for Tamper Resistance
- Security Metrics
- Standards in Secure Computing
- Instruction-Sets for Security and Cryptography
- Dedicated and Protected Storage
- Secure Computer Interfaces

For more information, please see http://www.computer.org/cms/Computer.org/transactions/cfps/cfp_tcsi_sca.pdf.

Conference and Workshop Call-for-papers

January 2016

ACNS 2016 14th International Conference on Applied Cryptography and Network Security, London, United Kingdom, June 19-22, 2016. (Submission Due 27 January 2016) [posted here 08/24/15]
The conference seeks submissions presenting novel research on all technical aspects of applied cryptography, cyber security (incl. network and computer security) and privacy. This includes submissions from academia/industry on traditional and emerging topics and new paradigms in these areas, with a clear connection to real-world problems, systems or applications. Submissions may focus on the modelling, design, analysis (incl. security proofs and attacks), development (e.g. implementations), deployment (e.g. system integration), and maintenance (e.g. performance measurements, usability studies) of algorithms/protocols/standards/implementations/technologies/devices/systems standing in relation with applied cryptography, cyber security and privacy, while advancing or bringing new insights to the state of the art. Some topics of interest include but not limited to:
- Access control
- Applied cryptography
- Automated security analysis
- Biometric security/privacy
- Complex systems security
- Critical infrastructures
- Cryptographic primitives
- Cryptographic protocols
- Data protection
- Database/system security
- Digital rights management
- Email and web security
- Future Internet security
- Identity management
- IP protection
- Internet fraud, cybercrime
- Internet-of-Things security
- Intrusion detection
- Key management
- Malware
- Mobile/wireless/5G security
- Network security protocols
- Privacy/anonymity, PETs
- Pervasive security
- Security in e-commerce
- Security in P2P systems
- Security in grid systems
- Cloud security/privacy
- Security/privacy metrics
- Trust management
- Ubiquitous security/privacy
- Human factors in security
- Usability in security/privacy

For more information, please see http://acns2016.sccs.surrey.ac.uk/.

LASER 2016 4th Workshop on Learning from Authoritative Security Experiment Results, Co-located with 37th IEEE Symposium on Security and Privacy (IEEE S&P 2016), San Jose, CA, USA, May 26, 2016. (Submission Due 29 January 2016) [posted here 11/16/15]
The Learning from Authoritative Security Experiment Results (LASER) workshop series focuses on learning from and improving cyber security experimental results. LASER explores both positive and negative results, the latter of which are not often published. LASER's overarching goal is to foster a dramatic change in the paradigm of cyber security research and experimentation, improving the overall quality of practiced science. This year, LASER will focus on cyber security experimentation methods and results that demonstrate approaches to increasing the repeatability and archiving of experiments, methods, results, and data. Participants will find LASER to be a constructive and highly interactive venue featuring informal paper presentations and extended discussions. To promote a high level of interaction, attendance will be limited, with first preference given to participating authors. Additional seats will be available on a first-come first-served basis. LASER also seeks to foster good science in the next generation of cyber security researchers. As such, LASER offers a limited number of student scholarships for participation.

For more information, please see http://2016.laser-workshop.org/.

MOST 2016 Workshop on Mobile Security Technologies, Co-located with 37th IEEE Symposium on Security and Privacy (IEEE S&P 2016), San Jose, CA, USA, May 26, 2016. (Submission Due 29 January 2016) [posted here 11/9/15]
Mobile Security Technologies (MoST) brings together researchers, practitioners, policy makers, and hardware and software developers of mobile systems to explore the latest understanding and advances in the security and privacy for mobile devices, applications, and systems. With the development of new mobile platforms, such as Android and iOS, mobile computing has shown exponential growth in popularity in recent years. To benefit from the availability of constantly-growing consumer base, new services and applications are being built from the composition of existing ones at breakneck speed. This rapid growth has also been coupled with new security and privacy concerns and challenges. For instance, more and more sensitive content is being collected and shared by third-party applications that, if misused, can have serious security and privacy repercussions. Consequently, there is a growing need to study and address these new challenges. We are seeking both short position papers (2-4 pages) and longer papers (a maximum of 10 pages). The topics of interest include, but are not limited to:
- Identity and access control for mobile platforms
- Mobile app security
- Mobile cloud security
- Mobile hardware security
- Mobile middleware and OS security
- Mobile web and advertisement security
- Protecting security-critical applications of mobile platforms
- Secure application development tools and practices
- Security study of mobile ecosystems
- Unmanned aerial vehicles (UAVs) security
- Wearable and IoT security

For more information, please see http://ieee-security.org/TC/SPW2016/MoST/cfp.html.

ICIMP 2016 11th International Conference on Internet Monitoring and Protection, Valencia, Spain, May 22-26, 2016. (Submission Due 31 January 2016) [posted here 12/7/15]
The International Conference on Internet Monitoring and Protection (ICIMP 2016) continues a series of special events targeting security, performance, vulnerabilities in Internet, as well as disaster prevention and recovery. Dedicated events focus on measurement, monitoring and lessons learnt in protecting the user. The design, implementation and deployment of large distributed systems are subject to conflicting or missing requirements leading to visible and/or hidden vulnerabilities. Vulnerability specification patterns and vulnerability assessment tools are used for discovering, predicting and/or bypassing known vulnerabilities. Vulnerability self-assessment software tools have been developed to capture and report critical vulnerabilities. Some of vulnerabilities are fixed via patches, other are simply reported, while others are self-fixed by the system itself. Despite the advances in the last years, protocol vulnerabilities, domain-specific vulnerabilities and detection of critical vulnerabilities rely on the art and experience of the operators; sometimes this is fruit of hazard discovery and difficult to be reproduced and repaired. System diagnosis represent a series of pre-deployment or post-deployment activities to identify feature interactions, service interactions, behavior that is not captured by the specifications, or abnormal behavior with respect to system specification. As systems grow in complexity, the need for reliable testing and diagnosis grows accordingly. The design of complex systems has been facilitated by CAD/CAE tools. Unfortunately, test engineering tools have not kept pace with design tools, and test engineers are having difficulty developing reliable procedures to satisfy the test requirements of modern systems. Therefore, rather than maintaining a single candidate system diagnosis, or a small set of possible diagnoses, anticipative and proactive mechanisms have been developed and experimented. In dealing with system diagnosis data overload is a generic and tremendously difficult problem that has only grown. Cognitive system diagnosis methods have been proposed to cope with volume and complexity.

For more information, please see http://www.iaria.org/conferences2016/ICIMP16.html.

February 2016

WTMC 2016 International Workshop on Traffic Measurements for Cybersecurity, Co-located with 11th ACM Asia Conference on Computer and Communications Security (AsiaCCS 2016), Xi'an, China, May 30, 2016 . (Submission Due 1 February 2016) [posted here 11/16/15]
Today's world's societies are becoming more and more dependent on open networks such as the Internet - where commercial activities, business transactions and government services are realized. This has led to the fast development of new cyber threats and numerous information security issues which are exploited by cyber criminals. The inability to provide trusted secure services in contemporary computer network technologies has a tremendous socio-economic impact on global enterprises as well as individuals. Current communication networks are increasingly becoming pervasive, complex, and ever-evolving due to factors like enormous growth in the number of network users, continuous appearance of network applications, increasing amount of data transferred, and diversity of user behaviors. Understanding and measuring traffic in such networks is a difficult yet vital task for network management but recently also for cybersecurity purposes. Network traffic measuring and monitoring can, for example, enable the analysis of the spreading of malicious software and its capabilities or can help to understand the nature of various network threats including those that exploit users' behavior and other user's sensitive information. On the other hand network traffic investigation can also help to assess the effectiveness of the existing countermeasures or contribute to building new, better ones. Recently, traffic measurements have been utilized in the area of economics of cybersecurity e.g. to assess ISP "badness" or to estimate the revenue of cyber criminals. Topics of interest include, but are not limited to:
- Measurements for network incidents response, investigation and evidence handling
- Measurements for network anomalies detection
- Measurements for economics of cybersecurity
- Network traffic analysis to discover the nature and evolution of the cybersecurity threats
- Measurements for assessing the effectiveness of the threats detection/prevention methods and countermeasures
- Novel passive, active and hybrid measurements techniques for cybersecurity purposes
- Traffic classification and topology discovery tools for monitoring the evolving status of the network from the cybersecurity perspective
- Correlation of measurements across multiple layers, protocols or networks for cybersecurity purposes
- Novel visualization approaches to detect network attacks and other threats
- Analysis of network traffic to provide new insights about network structure and behavior from the security perspective
- Measurements of network protocol and applications behavior and its impact on cybersecurity and users' privacy
- Measurements related to network security and privacy

For more information, please see http://wtmc.info.

DIMVA 2016 13th International Conference on Detection of Intrusions and Malware & Vulnerability Assessment, San Sebastian, Spain, July 7-8, 2016. (Submission Due 3 February 2016) [posted here 12/7/15]
The annual DIMVA conference serves as a premier forum for advancing the state of the art in intrusion detection, malware detection, and vulnerability assessment. Each year, DIMVA brings together international experts from academia, industry, and government to present and discuss novel research in these areas. DIMVA solicits submission of high-quality, original scientific papers presenting novel research on malware analysis, intrusion detection, and related systems security topics. As per our tradition, DIMVA encourages submissions from the following broad areas:
INTRUSION DETECTION
- Novel approaches and domains
- Insider detection
- Prevention and response
- Data leakage and exfiltration
- Result correlation and cooperation
- Evasion and other attacks
- Potentials and limitations
- Operational experiences
- Privacy, legal and social aspects
- Targeted attacks
MALWARE DETECTION
- Automated analyses
- Behavioral models
- Prevention and containment
- Classification
- Lineage
- Forensics and recovery
- Underground economy
VULNERABILITY ASSESSMENT
- Vulnerability detection
- Vulnerability prevention
- Vulnerability analysis
- Exploitation prevention
- Situational awareness
- Active probing

For more information, please see http://dimva2016.mondragon.edu.

IoTPTS 2016 2nd ACM International Workshop on IoT Privacy, Trust, and Security, Held in conjunction with the 11th ACM Symposium on Information, Computer and Communications Security (ASIACCS 2016), Xian, China, May 30, 2016. (Submission Due 12 February 2016) [posted here 11/2/15]
The Internet of Things (IoT) is the next great technology frontier. At a basic level, IoT refers simply to networked devices, but the IoT vision is a complex ecosystem that ranges from cloud backend services and big-data analytics to home, public, industrial, and wearable sensor devices and appliances. Architectures for these systems are in the formative stages, and now is the time to ensure privacy, trust, and security are designed into these systems from the beginning. We encourage submissions on all aspects of IoT privacy, trust, and security. Topics of interest include (but are not limited) to the following areas:
- Privacy and IoT data
- Privacy attacks for IoT
- Trust management and device discoverability for IoT
- Usability of privacy and security systems in IoT
- User risk perceptions and modeling for IoT
- Policy Management and enforcement for IoT
- Authentication and access control for users for IoT
- Cryptography for IoT
- Attack detection and remediation for IoT
- Security architectures for IoT systems and applications

For more information, please see https://sites.google.com/site/iotpts2016/.

CSF 2016 29th IEEE Computer Security Foundations Symposium, Lisbon, Portugal, June 28 - July 1, 2016. (Submission Due 12 February 2016) [posted here 1/25/16]
The Computer Security Foundations Symposium is an annual conference for researchers in computer security. CSF seeks papers on foundational aspects of computer security, such as formal security models, relationships between security properties and defenses, principled techniques and tools for design and analysis of security mechanisms, as well as their application to practice. While CSF welcomes submissions beyond the topics listed below, the main focus of CSF is foundational security: submissions that lack foundational aspects risk rejection. This year, CSF will use a light form of double blind reviewing (see the conference website). New results in computer security are welcome. We also encourage challenge/vision papers, which may describe open questions and raise fundamental concerns about security. Possible topics for all papers include, but are not limited to: access control, accountability, anonymity and privacy, authentication, computer-aided cryptography, data and system integrity, database security, decidability and complexity, distributed systems security, electronic voting, formal methods and verification, decision theory, hardware-based security, information flow, intrusion detection, language-based security, network security, data provenance, mobile security, security metrics, security protocols, software security, socio-technical security, trust management, usable security, web security.

SPECIAL SESSIONS: This year, we strongly encourage papers in two foundational areas of research we would like to promote at CSF:
- PRIVACY (Chair: Daniel Kifer). CSF 2015 will include a special session on privacy foundations and invites submissions on innovations in practice, as well as definitions, models, and frameworks for communication and data privacy, principled analysis of deployed or proposed privacy protection mechanisms, and foundational aspects of practical privacy technologies. We especially encourage submissions aiming at connecting the computer science point of view on privacy with that of other disciplines (law, economics, sociology, statistics...)
- SECURITY ECONOMICS (Chair: Jens Grossklags). There is an interplay between important system properties including privacy, security, efficiency, flexibility, and usability. Diverse systems balance these properties differently, and as such provide varied benefits (for users) for different costs (for builders and attackers). In short, securing systems is ultimately an economic question. CSF 2016 will include a special session on security economics, where we invite submissions on foundational work in this area. Topics include, but are not limited to, risk management and cyber-insurance, investments in information security, security metrics, decision and game theory for security, and cryptocurrencies.
These papers will be reviewed under the supervision of the special session chairs. They will be presented at the conference, and will appear in the CSF proceedings, without any distinction from the other papers.

For more information, please see http://csf2016.tecnico.ulisboa.pt/.

WiSec 2016 9th ACM Conference on Security and Privacy in Wireless and Mobile Networks, Darmstadt, Germany, July 18-20, 2016. (Abstract Submission Due 26 February 2016 and Paper Submission Due 4 March 2016) [posted here 1/25/16]
ACM WiSec is the leading ACM conference dedicated to all aspects of security and privacy in wireless and mobile networks and systems and their applications. In addition to the traditional ACM WiSec topics of physical, link, and network layer security, we welcome papers focusing on the security and privacy of mobile software platforms, usable security and privacy, biometrics, cryptography, and the increasingly diverse range of mobile or wireless applications such as Internet of Things, and Cyber-Physical Systems. The conference welcomes both theoretical as well as systems contributions. Topics of interest include:
- Security & privacy for smart devices (e.g., smartphones)
- Wireless and mobile privacy and anonymity
- Secure localization and location privacy
- Cellular network fraud and security
- Jamming attacks and defenses
- Key management (agreement or distribution) for wireless or mobile systems
- Information-theoretic security schemes for wireless systems
- Theoretical and formal approaches for wireless and mobile security
- Cryptographic primitives for wireless and mobile security
- NFC and smart payment applications
- Security and privacy for mobile sensing systems
- Wireless or mobile security for emerging applications (e.g, privacy in health, automotive, avionics, smart grid, or IoT applications)
- Physical tracking security and privacy
- Usable mobile security and privacy
- Economics of mobile security and privacy
- Bring Your Own Device (BYOD) security
- Mobile malware and platform security
- Security for cognitive radio and dynamic spectrum access systems
- Security protocols for wireless networking

For more information, please see http://www.sigsac.org/wisec/WiSec2016/.

PETS 2016 16th Privacy Enhancing Technologies Symposium, Darmstadt, Germany, July 19-22, 2016. (Submission Due 31 August 2015, 30 November 2015, or 29 February 2016) [posted here 08/03/15]
The annual Privacy Enhancing Technologies Symposium (PETS) brings together privacy experts from around the world to discuss recent advances and new perspectives on research in privacy technologies. New model as of PETS 2015: Papers undergo a journal-style reviewing process and accepted papers are published in the journal Proceedings on Privacy Enhancing Technologies (PoPETs). PoPETs, a scholarly, open access journal for timely research papers on privacy, has been established as a way to improve reviewing and publication quality while retaining the highly successful PETS community event. Authors can submit papers to PoPETs four times a year, every three months on a predictable schedule. Authors are notified of the decisions about two months after submission. In addition to accept and reject decisions, papers may be provided with 'major revision' decisions, in which case authors are invited to revise and resubmit their article to one of the following two submission deadlines. NEW as of PETS 2016: PETS 2016 also solicits submissions for Systematization of Knowledge (SoK) papers. These are papers that critically review, evaluate, and contextualize work in areas for which a body of prior literature exists, and whose contribution lies in systematizing the existing knowledge in that area. Authors are encouraged to view our FAQ about the submission process. Suggested topics include but are not restricted to:
- Behavioural targeting
- Building and deploying privacy-enhancing systems
- Crowdsourcing for privacy
- Cryptographic tools for privacy
- Data protection technologies
- Differential privacy
- Economics of privacy and game-theoretical approaches to privacy
- Forensics and privacy
- Human factors, usability and user-centered design for PETs
- Information leakage, data correlation and generic attacks to privacy
- Interdisciplinary research connecting privacy to economics, law, ethnography, psychology, medicine, biotechnology
- Location and mobility privacy
- Measuring and quantifying privacy
- Obfuscation-based privacy
- Policy languages and tools for privacy
- Privacy and human rights
- Privacy in ubiquitous computing and mobile devices
- Privacy in cloud and big-data applications
- Privacy in social networks and microblogging systems
- Privacy-enhanced access control, authentication, and identity management
- Profiling and data mining
- Reliability, robustness, and abuse prevention in privacy systems
- Surveillance
- Systems for anonymous communications and censorship resistance
- Traffic analysis
- Transparency enhancing tools

For more information, please see http://petsymposium.org/.

IMPS 2016 Workshop on Innovations in Mobile Privacy and Security, Held in conjunction with ESSoS 2016, London, UK, April 6, 2016. (Submission Due 29 February 2016) [posted here 12/14/15]
IMPS aims to bring together researchers working on challenges in security and privacy for mobile platforms, broadly considered. We are interested in investigations into existing security platforms, their users, applications and app store ecosystems, and research into novel security or privacy mechanisms, tools and analysis. Areas of interest include but are not restricted to:
- Secure application development tools and practices
- Privacy enhancing techniques for devices and connected services
- Secure or trusted computing mechanisms
- Static and dynamic analysis for security
- Formal methods for mobile security
- Vulnerability detection and prevention
- Mobile operating system security features
- Security and privacy for IoT and other constrained devices
- Usable security and privacy on small or mobile devices

For more information, please see http://groups.inf.ed.ac.uk/security/IMPS/.

DBSec 2016 30th Annual IFIP WG 11.3 Working Conference on Data and Applications Security and Privacy, Trento, Italy, July 18-21, 2016. (Submission Due 29 February 2016) [posted here 1/4/16]
DBSec is an annual international conference covering research in data and applications security and privacy. The conference seeks submissions from academia, industry, and government presenting novel research on all theoretical and practical aspects of data protection, privacy, and applications security. Topics of interest include (but are not limited to):
- access control
- anonymity
- applied cryptography in data security
- authentication
- big data security
- data and system integrity
- data protection
- database security
- digital rights management
- identity management
- intrusion detection
- knowledge discovery and privacy
- methodologies for data and application security
- network security
- organizational security
- privacy
- secure distributed systems
- secure information integration
- secure Web services
- security and privacy in crowdsourcing
- security and privacy in IT outsourcing
- security and privacy in the Internet of Things
- security and privacy in location-based services
- security and privacy in P2P scenarios and social networks
- security and privacy in pervasive/ubiquitous computing
- security and privacy in cloud scenarios
- security and privacy policies
- security management
- security metrics
- threats, vulnerabilities, and risk management
- trust and reputation systems
- trust management
- wireless and mobile security
- biometrics

For more information, please see http://dbsec2016.fbk.eu.

March 2016

SECRYPT 2016 13th International Conference on Security and Cryptography, Lisbon, Portugal, July 26 - 28, 2016. (Submission Due 1 March 2016) [posted here 11/23/15]
SECRYPT is an annual international conference covering research in information and communication security. The conference seeks submissions from academia, industry, and government presenting novel research on all theoretical and practical aspects of data protection, privacy, security, and cryptography. Papers describing the application of security technology, the implementation of systems, and lessons learned are also encouraged. Papers describing new methods or technologies, advanced prototypes, systems, tools and techniques and vision papers indicating future directions are also encouraged. Conference topics:
- Access Control
- Applied Cryptography
- Biometrics Security and Privacy
- Critical Infrastructure Protection
- Data Integrity
- Data Protection
- Database Security and Privacy
- Digital Forensics
- Digital Rights Management
- Ethical and Legal Implications of Security and Privacy
- Formal Methods for Security
- Human Factors and Human Behavior Recognition Techniques
- Identification, Authentication and Non-repudiation
- Identity Management
- Information Hiding
- Information Systems Auditing
- Insider Threats and Countermeasures
- Intellectual Property Protection
- Intrusion Detection & Prevention
- Management of Computing Security
- Network Security
- Organizational Security Policies
- Peer-to-Peer Security
- Personal Data Protection for Information Systems
- Privacy
- Privacy Enhancing Technologies
- Reliability and Dependability
- Risk Assessment
- Secure Software Development Methodologies
- Security and Privacy for Big Data
- Security and privacy in Complex Systems
- Security and Privacy in Crowdsourcing
- Security and Privacy in IT Outsourcing
- Security and Privacy in Location-based Services
- Security and Privacy in Mobile Systems
- Security and Privacy in Pervasive/Ubiquitous Computing
- Security and Privacy in Smart Grids
- Security and Privacy in Social Networks
- Security and Privacy in the Cloud
- Security and Privacy in Web Services
- Security and Privacy Policies
- Security Area Control
- Security Deployment
- Security Engineering
- Security in Distributed Systems
- Security Information Systems Architecture
- Security Management
- Security Metrics and Measurement
- Security Protocols
- Security requirements
- Security Verification and Validation
- Sensor and Mobile Ad Hoc Network Security
- Service and Systems Design and QoS Network Security
- Software Security
- Trust management and Reputation Systems
- Ubiquitous Computing Security
- Wireless Network Security

For more information, please see http://www.secrypt.icete.org.

STPSA 2016 11th IEEE International Workshop on Security, Trust, and Privacy for Software Applications, Held in conjunction with COMPSAC 2016, Atlanta, GA, USA, June 10-14, 2016. (Submission Due 6 March 2016) [posted here 1/25/16]
Information security has become a major concern for both pervasive and non-pervasive software applications. Software systems must be engineered with reliable protection mechanisms with respect to security, privacy, and trust, while still delivering the expected value of the software to their customers. The traditional approaches to secure a system (e.g., IDS, firewalls) are no longer sufficient to address many security, trust, and privacy (STP) issues. These issues should be addressed by building more effective STP-aware software applications. The principal obstacle in developing STP-aware software is that current software specification, design, implementation, and testing practices do not include adequate methods and tools to achieve security, trust, and privacy goals. As most systems now are Internet-based, the number of attackers is increased dramatically and threat scenarios have changed. Traditional security measures do not fit well for the software of pervasive applications. Since location and contexts are key attributes of pervasive applications, the privacy issues need to be handled in a novel manner than traditional software applications. The devices in pervasive computing leave and join in ad hoc manner in the pervasive network. These create a need for new trust models for pervasive computing applications. In this workshop, we will also welcome papers on the challenges and requirements of security, privacy, and trust for pervasive software applications. This workshop will bring researchers from academia and industry to discuss methods and tools to achieve security, trust, and privacy goals of both pervasive and pervasive software applications. This workshop will focus on techniques, experiences and lessons learned with respect to the state of art for the security, trust, and privacy aspects of both pervasive and non-pervasive software applications along with some open issues.

For more information, please see http://staging.computer.org/web/compsac2016/stpsa.

SHPCS 2016 11th International Workshop on Security and High Performance Computing Systems, Held in conjunction with the 2016 International Conference on High Performance Computing & Simulation (HPCS 2016), Innsbruck, Austria, July 18 - 22, 2016. (Submission Due 7 March 2016) [posted here 1/18/16]
Providing high performance computing and security is a challenging task. Internet, operating systems and distributed environments currently suffer from poor security support and cannot resist common attacks. Adding security measures typically degrade performance. This workshop addresses relationships between security, high performance and distributed computing systems in four directions. First, it considers how to add security properties (authentication, confidentiality, integrity, non-repudiation, access control) to high performance computing systems and how they can be formally verified both at design-time (formal verification) and at run-time (run-time verification). In this case, safety properties can also be addressed, such as availability and fault tolerance for high performance computing systems. Second, it addresses vulnerabilities and security threats (and remediation) targeting HPC, grid, cloud and mobile environments. Third, it covers how to use HPC systems to solve security problems. For instance, a grid computation can break an encryption code, a cluster can support high performance intrusion detection or a distributed formal verification system. More generally, this topic addresses every efficient use of a high performance computing systems to improve security. Fourth, it investigates the tradeoffs between maintaining high performance and achieving security in computing systems and solutions to balance the two objectives. In all these directions, various formal analyses, as well as performance analyses or monitoring techniques can be conducted to show the efficiency of a security infrastructure. The workshop seeks submissions from academia and industry presenting novel research on all theoretical and practical aspects of security related to HPC, distributed, network and mobile environments, as well as case studies and implementation experiences. Papers should have practical relevance to the construction, evaluation, application, or operation of secure systems.

For more information, please see http://hpcs2016.cisedu.info/2-conference/workshops---hpcs2016/workshop09-shpcs.

ISC 2016 19th Information Security Conference, Honolulu, Hawaii, USA, September 7-9, 2016. (Submission Due 7 March 2016) [posted here 1/25/16]
The Information Security Conference (ISC) is an annual international conference covering research in theory and applications of Information Security. ISC aims to attract high quality papers in all technical aspects of information security. ISC has been held in five continents. Papers on all technical aspects of these topics are solicited for submission. Areas of interest include, but are not restricted to:
- access control
- accountability
- anonymity and pseudonymity
- applied cryptography
- authentication
- biometrics
- computer forensics
- critical infrastructure security
- cryptographic protocols
- database security
- data protection
- data/system integrity
- digital right management
- economics of security and privacy
- electronic frauds
- embedded security
- formal methods in security
- identity management
- information hiding & watermarking
- intrusion detection
- network security
- peer-to-peer security
- privacy
- secure group communications
- security in information flow
- security for Internet of Things
- security for mobile code
- secure cloud computing
- security in location services
- security modeling & architectures
- security and privacy in social networks
- security and privacy in pervasive and ubiquitous computing
- security of eCommerce, eBusiness and eGovernment
- security models for ambient intelligence environments
- trust models and trust policies
- economics of security and privacy
- information dissemination control

For more information, please see http://manoa.hawaii.edu/isc2016.

HAISA 2016 International Symposium on Human Aspects of Information Security & Assurance, Frankfurt Germany, July 19 - 21, 2016. (Submission Due 25 March 2016) [posted here 1/18/16]
It is commonly acknowledged that security requirements cannot be addressed by technical means alone, and that a significant aspect of protection comes down to the attitudes, awareness, behaviour and capabilities of the people involved. Indeed, people can potentially represent a key asset in achieving security, but at present, factors such as lack of awareness and understanding, combined with unreasonable demands from security technologies, can dramatically impede their ability to do so. Ensuring appropriate attention and support for the needs of users should therefore be seen as a vital element of a successful security strategy. People at all levels (i.e. from organisations to domestic environments; from system administrators to end-users) need to understand security concepts, how the issues may apply to them, and how to use the available technology to protect their systems. In addition, the technology itself can make a contribution by reducing the demands upon users, simplifying protection measures, and automating a variety of safeguards. With the above in mind, this symposium specifically addresses information security issues that relate to people. It concerns the methods that inform and guide users' understanding of security, and the technologies that can benefit and support them in achieving protection. The symposium welcomes papers addressing research and case studies in relation to any aspect of information security that pertains to the attitudes, perceptions and behaviour of people, and how human characteristics or technologies may be positively modified to improve the level of protection. Indicative themes include:
- Information security culture
- Awareness and education methods
- Enhancing risk perception
- Public understanding of security
- Usable security
- Psychological models of security software usage
- User acceptance of security policies and technologies
- User-friendly authentication methods
- Biometric technologies and impacts
- Automating security functionality
- Non-intrusive security
- Assisting security administration
- Impacts of standards, policies, compliance requirements
- Organizational governance for information assurance
- Simplifying risk and threat assessment
- Understanding motivations for misuse
- Social engineering and other human-related risks
- Privacy attitudes and practices
- Computer ethics and security

For more information, please see http://haisa.org/.

IWSEC 2016 11th International Workshop on Security, Tokyo, Japan, September 12-14, 2016. (Submission Due 31 March 2016) [posted here 11/23/15]
Original papers on the research and development of various security topics, as well as case studies and implementation experiences, are solicited for submission to IWSEC 2016. Topics of interest for IWSEC 2016 include all theory and practice of cryptography, information security, and network security, as in previous IWSEC workshops. In particular, we encourage the following topics in this year:
- Big Data Analysis for Security
- Critical Infrastructure Security
- Cryptanalysis
- Cryptographic Protocols
- Cybersecurity Economics
- Digital Forensics
- Enriched Cryptography
- Formal Methods
- IoT security
- Machine Learning for Security
- Malware Countermeasures
- Measurements for Cybersecurity
- Multiparty Computation
- Post Quantum Cryptography
- Privacy Preserving
- Real World Cryptography
- Visualization for Security

For more information, please see http://www.iwsec.org/2016/.

April 2016

I-SAT 2016 International Workshop on Information Security, Assurance, and Trust, Vancouver, BC, Canada, June 16-18, 2016. (Submission Due 4 April 2016) [posted here 1/18/16]
The goal of this workshop is to provide a forum for researchers, scientists and engineers working in academia and industry to share their experiences, new ideas and research results in the areas of information and system security, assurance, and trust. I-SAT2016 will address novel research targeting technical aspects of protecting information security and establishing trust in the digital space. New paradigms and solutions targeting emerging topics in such fields will be presented and discussed by researchers and industrial experts. The main focus of the workshop will include, but not limited to the following:
- Application Security and Threat Management
- Cyber Security, Privacy and Trust
- Modern Authentication Paradigms
- Big data security
- Database security
- Digital Fraud detection
- Social engineering and insider threats
- Cyber threat intelligence
- Cloud, Mobile, and Internet-of-Things security
- Digital forensics
- Intrusion Detection
- Biometrics
- Botnet and DDoS detection and control

For more information, please see http://i-sat.ca.

PMSPCR 2016 Workshop on Process Mining for Security, Privacy, Compliance & Resilience, Held in conjunction with the 19th International Conference on Business Information Systems (BIS 2016), Leipzig, Germany, July 6-8, 2016. (Submission Due 12 April 2016) [posted here 1/25/16]
Security in Business Processes (BP) is an extension to well-known security analysis. Security rules are either defined by regulation, e.g. data protection law, or as guidelines for good conducts, e.g. Basel III or SOX. Business guidelines, e.g. ITIL and COBIT, form a specification of regulation and business conduct, but there are almost no satisfying approaches as far as computer science is concerned. This workshop deals with process mining as a means for security analysis. Three phases may be identified: process analysis before execution, monitoring, or after execution of the BP. With regard to the latter, logs recording the events executed in BP build the basis for Process Mining (PM), which provides methods and tools to ensure compliance to regulations and guidelines. This workshop aims to explore the potentials of process mining to bridge the gap between an analysis of workflows and a certification of compliance and security. We invite innovative and previously undisclosed contributions, but also case studies and best practices, which present the analysis of business processes related to security, resilience and privacy aspects "by design", during runtime, and forensically, based on the analysis of process logs. In this regard, we explicitly invite submission of practical contributions.

For more information, please see http://bis.kie.ue.poznan.pl/bis2016/workshops/pmspcr-2016/.

TrustCom 2016 15th IEEE International Conference on Trust, Security and Privacy in Computing and Communications, Tianjin, China, August 23-26, 2016. (Submission Due 15 April 2016) [posted here 12/7/15]
With the rapid development and increasing complexity of computer systems and communication networks, user requirements for trust, security and privacy are becoming more and more demanding. Therefore, there is a grand challenge that traditional security technologies and measures may not meet user requirements in open, dynamic, heterogeneous, mobile, wireless, and distributed computing environments. As a result, we need to build systems and networks in which various applications allow users to enjoy more comprehensive services while preserving trust, security and privacy at the same time. As useful and innovative technologies, trusted computing and communications are attracting researchers with more and more attention. The conference aims at bringing together researchers and practitioners in the world working on trusted computing and communications, with regard to trust, security, privacy, reliability, dependability, survivability, availability, and fault tolerance aspects of computer systems and networks, and providing a forum to present and discuss emerging ideas and trends in this highly challenging research field. Topics of interest include, but not limited to:
Trust Track
- Trust semantics, metrics and models
- Trusted computing platform
- Trusted network computing
- Trusted operating systems
- Trusted software and applications
- Trust in social networks
- Trust in e-commerce and e-government
- Trust in mobile and wireless communications
- Risk and reputation management
- Survivable computer systems/networks
- Trust of 5G
- Miscellaneous trust issues
Security Track
- Network security
- Computer security
- Database security
- Web applications security
- Security policy, model and architecture
- Security in social networks
- Security in parallel and distributed systems
- Security in mobile and wireless communications
- Security in grid/cloud/pervasive computing
- Authentication, authorization and accounting
- Security of 5G
- Miscellaneous security issues
Privacy Track
- Privacy in Web-based applications and services
- Privacy in database systems
- Privacy in parallel and distributed systems
- Privacy in grid/cloud/pervasive computing
- Privacy in mobile and wireless communications
- Privacy in e-commerce and e-government
- Privacy in network deployment and management
- Privacy and trust
- Privacy and security
- Privacy and anonymity
- Privacy preservation in 5G
- Miscellaneous privacy issues
Forensics Track
- Anti-forensics
- Biometrics
- Cryptanalysis
- Big data forensics
- CCTV forensics
- Cloud forensics
- Computational forensics
- Cyber-physical system forensics
- Datamining for forensics
- Facial recognition
- Fingerprint forensics
- Image forensics
- Malware forensics
- Mobile app forensics (e.g. Skype, WeChat and Facebook)
- Mobile device forensics
- Multimedia forensics
- Network forensics
- Steganography and steganalysis
- System reverse engineering
- Watermarking

For more information, please see http://adnet.tju.edu.cn/TrustCom2016/.

ESORICS 2016 21st European Symposium on Research in Computer Security, Heraklion, Crete, September 26-30, 2016. (Submission Due 22 April 2016) [posted here 1/25/16]
ESORICS is the annual European research event in Computer Security. The Symposium started in 1990 and has been held in several European countries, attracting a wide international audience from both the academic and industrial communities. Papers offering novel research contributions in computer security are solicited for submission to the Symposium. The primary focus is on original, high quality, unpublished research and implementation experiences. We encourage submissions of papers discussing industrial research and development. Topics of interest include, but are not limited to:
- access control
- accountability
- ad hoc networks
- anonymity
- applied cryptography
- authentication
- biometrics
- data and computation integrity
- database security
- data protection
- digital content protection
- digital forensics
- distributed systems security
- embedded systems security
- inference control
- information hiding
- identity management
- information flow control
- information security governance and management
- intrusion detection
- formal security methods
- language-based security
- network security
- phishing and spam prevention
- privacy
- privacy preserving data mining
- risk analysis and management
- secure electronic voting
- security architectures
- security economics
- security metrics
- security models
- security and privacy for big data
- security and privacy in cloud scenarios
- security and privacy in complex systems
- security and privacy in content centric networking
- security and privacy in crowdsourcing
- security and privacy in the IoT
- security and privacy in location services
- security and privacy for mobile code
- security and privacy in pervasive / ubiquitous computing
- security and privacy policies
- security and privacy in social networks
- security and privacy in web services
- security and privacy in cyber-physical systems
- security, privacy and resilience in critical infrastructures
- security verification
- software security
- systems security
- trust models and management
- trustworthy user devices
- usable security and privacy
- web security
- wireless security

For more information, please see http://www.ics.forth.gr/esorics2016/.

May 2016

EuroUSEC 2016 1st European Workshop on Usable Security, Affiliated with PETS 2016, Darmstadt, Germany, July 18, 2016. (Submission Due 13 May 2016) [posted here 1/18/16]
The aim of this workshop is to bring together researchers from different areas of computer science such as security, visualisation, artificial intelligence and machine learning as well as researchers from other domains such as psychology, social science and economics. We encourage submissions from collaborative research by authors of multiple fields. Topics of interest include:
- Usability evaluation of existing security and privacy paradigms or technologies
- Design and evaluation of novel security and privacy paradigms or technologies
- Evaluation of existing security and privacy awareness and education tools
- Design and evaluation of novel security and privacy awareness and education tools
- Lessons learned from the design, deployment, management or the evaluation of security and privacy paradigms or technologies
- Foundations of usable security and privacy
- Psychological, sociological and economic aspects of security and privacy
- Methodology for usable security and privacy research

For more information, please see https://eurousec.secuso.org/2016/.

Archival Journals Regularly Specializing in Security and Privacy

Journal of Privacy Technology (JOPT),   Editor-in-Chief:  Latanya Sweeney
This online-only Journal, started in 2004 and  operated by Carnegie Mellon University, is a forum for the publication of original current research in privacy technology. It encourages the submission of any material dealing primarily with the technological aspects of privacy or with the privacy aspects of technology, which may include analysis of the interaction between policy and technology or the technological implications of legal decisions.  More information can be found at http://www.jopt.org/.

IEEE Security and Privacy Magazine,   Editor-in-Chief: Shari Lawrence Pfleeger
IEEE Security & Privacy provides a unique combination of research articles, case studies, tutorials, and regular departments covering diverse aspects of information assurance such as legal and ethical issues, privacy concerns, tools to help secure information, analysis of vulnerabilities and attacks, trends and new developments, pedagogical and curricular issues in educating the next generation of security professionals, secure operating systems and applications, security issues in wireless networks, design and test strategies for secure and survivable systems, and cryptology.  More information can be found at http://www.computer.org/portal/web/computingnow/securityandprivacy.

ACM Transactions on Information and System Security,   Editor-in-Chief: Gene Tsudik
ACM invites submissions for its Transactions on Information and System Security, inaugurated in November 1998. TISSEC publishes original archival-quality research papers and technical notes in all areas of information and system security including technologies, systems, applications, and policies. Papers should have practical relevance to the construction, evaluation, application, or operation of secure systems. Theoretical papers will be accepted only if there is convincing argument for the practical significance of the results. Theory must be justified by convincing examples illustrating its application. More information is given on the journal web page at http://www.acm.org/tissec.

IEEE Transactions on Dependable and Secure Computing,   Editor-in-Chief: Ravi Sandhu
The IEEE Transactions on Dependable and Secure Computing publishes archival research results related to research into foundations, methodologies, and mechanisms that support the achievement—through design, modeling, and evaluation—of systems and networks that are dependable and secure to the desired degree without compromising performance. The focus will also include measurement, modeling, and simulation techniques, and foundations for jointly evaluating, verifying, and designing for performance, security, and dependability constraints. More information is given on the journal web page at http://www.computer.org/portal/web/tdsc.

The Springer Series on ADVANCES IN INFORMATION SECURITY
The purpose of the Advances in Information Security book series is to establish the state of the art and set the course for future research in information security. The scope of this series includes not only all aspects of computer, network security, and cryptography, but related areas, such as fault tolerance and software assurance. The series serves as a central source of reference for information security research and developments. The series aims to publish thorough and cohesive overviews on specific topics in Information Security, as well as works that are larger in scope than survey articles and that will contain more detailed background information. The series also provides a single point of coverage of advanced and timely topics and a forum for topics that may not have reached a level of maturity to warrant a comprehensive textbook. Prospective Authors or Editors: If you have an idea for a book that would fit in this series, we would welcome the opportunity to review your proposal. Should you wish to discuss any potential project further or receive specific information regarding book proposal requirements, please contact Professor Sushil Jajodia (jajodia@gmu.edu,703-993-1653).
 
Journal of Computer Security,   Editor-in-Chief: John Mitchell and Pierangela Samarati
JCS is an archival research journal for significant advances in computer security. Subject areas include architecture, operating systems, database systems, networks, authentication, distributed systems, formal models, verification, algorithms, mechanisms, and policies. All papers must be submitted online at http://www.iospress.nl/journal/journal-of-computer-security/. More information is given on the journal web page at http://jcs.stanford.edu/.
 
Computers & Security,   Editor-in-Chief: Eugene H. Spafford
Computers & Security aims to satisfy the needs of managers and experts involved in computer security by providing a blend of research developments, innovations, and practical management advice. Original submissions on all computer security topics are invited, particularly those of practical benefit to the practitioner. All papers must be submitted online at http://ees.elsevier.com/cose/. More information can be found at http://www.elsevier.com/locate/issn/01674048.
 
International Journal of Information Security,   Editors-in-Chief: D. Gollmann; J. Lopez; E. Okamoto
The International Journal of Information Security, IJIS, aims to provide prompt publication of important technical work in information security, attracting any person interested in communications, commerce, banking, medicine, or other areas of endeavor affected by information security. Any research submission on theory, applications, and implementations of information security is welcomed. This includes, but is not limited to, system security, network security, content protection, applications and foundations of information security. More information is given on the journal web page at http://www.springer.com/computer/security+and+cryptology/journal/10207.
 
International Journal of Network Security,   Editors-in-Chief: Min-Shiang Hwang
International Journal of Network Security is an international official journal of Science Publications, publishing original articles, reviews and short communications of a high scientific and technology in network security. Subjects covered include: access control, computer security, cryptography, communications security, data security, database security, electronic commerce security, information security, multimedia security, and network security. Authors are strongly encouraged to submit their papers electronically by using online manuscript submission at http://ijns.nchu.edu.tw/, or submit their Word, ps or pdf file to the editor-in-chief (via Email: mshwang@isrc.nchu.edu.tw): Min-Shiang Hwang, at the Department of Management Information Systems, National Chung Hsing University, Taiwan, R.O.C.  More information can be found at http://ijns.femto.com.tw/.
 
International Journal of Security and Networks,   Editors-in-Chief: Yang Xiao
International Journal of Security and Networks is an archival research journal for significant advances in network security. Subject areas include attack models, security mechanisms, security services, authentication, authorization, access control, multicast security, data confidentiality, data integrity, non-repudiation, forensics, privacy protection, secure protocols, formal analyses, intrusion detection, key management, trust establishment, revocation of malicious parties, security policies, fraudulent usage, dependability and reliability, prevention of traffic analysis, network security performance evaluation, tradeoff analysis between performance and security, security standards, etc. All papers must be submitted online at http://www.inderscience.com/ijsn/. More information is given on the journal web page at http://www.inderscience.com/ijsn/.
 
International Journal of Critical Infrastructure Protection,   Editors-in-Chief: Sujeet Shenoi
International Journal of Critical Infrastructure Protection's primary aim is to publish high quality scientific and policy papers in all areas of critical infrastructure protection. Of particular interest are articles that weave science, technology and policy to craft sophisticated yet practical solutions that will secure information, computer and network assets in the various critical infrastructure sectors. All papers must be submitted online at http://www.elsevier.com/locate/ijcip. More information is given on the journal web page at http://www.elsevier.com/locate/ijcip.
 
IEEE Transactions on Information Forensics and Security,   Editors-in-Chief: C.-C. Jay Kuo
IEEE Transactions on Information Forensics and Security aims to provide a unified locus for archival research on the fundamental contributions and the mathematics behind information forensics, information security, surveillance, and systems applications that incorporate these features. Authors are strongly encouraged to submit their papers electronically to the online manuscript system, Manuscript Central, via sps-ieee.manuscriptcentral.com.  More information can be found at http://www.ieee.org/organizations/society/sp/tifs.html.
 
EURASIP Journal on Information Security,   Editors-in-Chief: Stefan Katzenbeisser
EURASIP Journal on Information Security aims to bring together researchers and practitioners dealing with the general field of information security, with a particular emphasis on the use of signal processing tools in adversarial environments. As such, it addresses all works whereby security is achieved through a combination of techniques from cryptography, computer security, machine learning and multimedia signal processing. Application domains lie, for example, in secure storage, retrieval and tracking of multimedia data, secure outsourcing of computations, forgery detection of multimedia data, or secure use of biometrics. The journal also welcomes survey papers that give the reader a gentle introduction to one of the topics covered as well as papers that report large-scale experimental evaluations of existing techniques. Pure cryptographic papers are outside the scope of the journal. The journal also welcomes proposals for Special Issues. All papers must be submitted online at http://jis.eurasipjournals.com/manuscript.  More information can be found at http://jis.eurasipjournals.com.