Cipher
Calls for Papers



IEEE Computer Society's Technical Committee on Security and Privacy


 

Last Modified:03/21/16

Note: Please send new calls to cipher-cfp@ieee-security.org and take a moment to read the submission guidelines. And please see the Cipher Calendar for events sorted in date order. For all other questions, please contact cipher-cfp@ieee-security.org by email.

Contents

 

Special Issues of Journals and Handbooks


Call for Book Chapters: Empirical Research for Software Security: Foundations and Experience, Taylor & Francis Group, LLC. (Submission Due 15 May 2016) [posted here 1/11/16]
This book introduces the reader to using empirical research methods in exploring software security challenges. These methods include data analytics, questionnaires, interviews, and surveys that produce evidence for or against given claims. The book provides the foundations for using these empirical methods of collecting evidence about tools, techniques, methods, and processes for developing secure software using practical examples. Developing secure software requires the integration of methods, such as threat modeling and risk assessment and the integration of tools, such as security testing and code analysis tools into the development process. The design of such methods and processes is in general an artistic endeavor that is based on the shared expert knowledge, claims, and opinions. Empirical research methods allow extracting knowledge and insights from the data that organizations collect from their processes and tools and from the opinions of the experts who practice these processes and methods. This knowledge extraction contributes to maturing the design and adaptation of these techniques, methods, and processes. Example of the topics of interest include:
- The science of secure software
- Survey of threat modeling techniques
- Empirical research in software security
- The fundamentals of data analytics for secure software
- Assessment of the challenges of developing secure software using the agile approach
- Assessment of the usability of security code analysis tools
- The impact of security assessment on the developers' security awareness
- The efficiency of security training
- Combinatorial testing for software security

For more information, please see https://www.sit.fraunhofer.de/de/ijsse/?no_cache=1.

IEEE Transactions on Computers, Special Section on Secure Computer Architectures. (Submission Due 30 May 2016) [posted here 12/7/15]
Editors: Ruby Lee (Princeton University, USA), Patrick Schaumont (Virginia Tech, USA), Ron Perez (Cryptography Research Inc., USA), and Guido Bertoni (ST Microelectronics, USA).

Nowadays, computer architectures are profoundly affected by a new security landscape, caused by the dramatic evolution of information technology over the past decade. First, secure computer architectures have to support a wide range of security applications that extend well beyond the desktop environment, and that also include handheld, mobile and embedded architectures, as well as high-end computing servers. Second, secure computer architectures have to support new applications of information security and privacy, as well as new information security standards. Third, secure computer architectures have to be protected and be tamper-resistant at multiple abstraction levels, covering network, software, and hardware. This Special Section from Transactions on Computers aims to capture this evolving landscape of secure computing architectures, to build a vision of opportunities and unresolved challenges. It is expected that contributed submissions will place emphasis on secure computing in general and on engineering and architecture design aspects of security in particular. IEEE Transactions on Computers seeks original manuscripts for a Special Section on Secure Computer Architectures tentatively scheduled to appear in the July 2017 issue. The topics of interest for this special section include:
- Cryptographic Primitives
- Homomorphic Computing and Multiparty Computing
- Scalability Issues of Server-level Secure Computing
- High Performance/Low Power Cryptography
- Oblivious RAM
- Side-Channel Analysis
- Side-channel attacks and defenses
- Hardware Trojans and Backdoors
- Hardware Vulnerabilities - Counters, Caches, Shared Memory
- Computing Architectures for Isolation
- Smartphone Security
- Embedded Systems Security
- Secure Processors and Systems
- Hardware Security
- Secure Virtualization and Memory Safety
- Security Simulation, Testing, Validation and Verification
- Metrics for Tamper Resistance
- Security Metrics
- Standards in Secure Computing
- Instruction-Sets for Security and Cryptography
- Dedicated and Protected Storage
- Secure Computer Interfaces

For more information, please see http://www.computer.org/cms/Computer.org/transactions/cfps/cfp_tcsi_sca.pdf.

Conference and Workshop Call-for-papers

March 2016

TELERISE 2016 2nd International Workshop on TEchnical and LEgal aspects of data pRIvacy and SEcurity, Co-located with ICWE 2016, Università della Svizzera Italiana (USI) Lugano, Switzerland, June 9, 2016. (Submission Due 23 March 2016) [posted here 2/1/16]
Information sharing on the Web is essential for today's business and societal transactions. Nevertheless, such a sharing should not violate the security and privacy requirements either dictated by Law to protect data subjects or by internal regulations provided both at organisation and individual level. An effectual, rapid, and unfailing electronic data sharing among different parties, while protecting legitimate rights on these data, is a key issue with several shades. Among them, how to translate the high-level law obligations, business constraints, and users' requirements into system-level privacy policies, as well as engineering efficient and practical Web applications-based solutions for policy definition and enforcement. TELERISE aims at providing a forum for researchers and engineers, in academia as well as in industry, to foster an exchange of research results, experiences, and products in the area of privacy preserving, secure data management, and engineering on the Web, from a technical and legal perspective. The ultimate goal is to conceive new trends and ideas on designing, implementing, and evaluating solutions for privacy-preserving information sharing, with an eye to the cross-relations between ICT and regulatory aspects of data management and engineering. Topics of interest are (but not limited to):
- Model-based and experimental assessment of data protection
- Privacy in identity management and authentication
- Modeling and analysis languages for representation, visualization, specification of legal regulations
- Technical, legal, and user requirements for data protection
- User-friendly authoring tools to edit privacy preferences
- IT infrastructures for privacy and security policies management
- IT infrastructure for supporting privacy and security policies evolution
- Privacy and security policies conflict analysis and resolution strategies
- Electronic Data Sharing Agreements representation: languages and management infrastructure
- Cross-relations between privacy-preserving technical solutions and legal regulations
- Privacy aware access and usage control
- Privacy and security policies enforcement mechanisms
- Privacy preserving data allocation and storage
- Software systems compliance with applicable laws and regulations
- Heuristic for pattern identification in law text
- Empirical analysis of consumer's awareness of privacy and security policies

For more information, please see http://www.iit.cnr.it/telerise2016/.

HAISA 2016 International Symposium on Human Aspects of Information Security & Assurance, Frankfurt Germany, July 19 - 21, 2016. (Submission Due 25 March 2016) [posted here 1/18/16]
It is commonly acknowledged that security requirements cannot be addressed by technical means alone, and that a significant aspect of protection comes down to the attitudes, awareness, behaviour and capabilities of the people involved. Indeed, people can potentially represent a key asset in achieving security, but at present, factors such as lack of awareness and understanding, combined with unreasonable demands from security technologies, can dramatically impede their ability to do so. Ensuring appropriate attention and support for the needs of users should therefore be seen as a vital element of a successful security strategy. People at all levels (i.e. from organisations to domestic environments; from system administrators to end-users) need to understand security concepts, how the issues may apply to them, and how to use the available technology to protect their systems. In addition, the technology itself can make a contribution by reducing the demands upon users, simplifying protection measures, and automating a variety of safeguards. With the above in mind, this symposium specifically addresses information security issues that relate to people. It concerns the methods that inform and guide users' understanding of security, and the technologies that can benefit and support them in achieving protection. The symposium welcomes papers addressing research and case studies in relation to any aspect of information security that pertains to the attitudes, perceptions and behaviour of people, and how human characteristics or technologies may be positively modified to improve the level of protection. Indicative themes include:
- Information security culture
- Awareness and education methods
- Enhancing risk perception
- Public understanding of security
- Usable security
- Psychological models of security software usage
- User acceptance of security policies and technologies
- User-friendly authentication methods
- Biometric technologies and impacts
- Automating security functionality
- Non-intrusive security
- Assisting security administration
- Impacts of standards, policies, compliance requirements
- Organizational governance for information assurance
- Simplifying risk and threat assessment
- Understanding motivations for misuse
- Social engineering and other human-related risks
- Privacy attitudes and practices
- Computer ethics and security

For more information, please see http://haisa.org/.

MSPN 2016 International Conference on Mobile, Secure and Programmable Networking, Paris, France, June 1-3, 2016. (Submission Due 25 March 2016) [posted here 2/15/16]
The rapid deployment of new infrastructures based on network virtualization and Cloud computing triggers new applications and services that in turn generate new constraints such as security and/or mobility. The International Conference on Mobile, Secure and Programmable Networking aims at providing a top forum for researchers and practitioners to present and discuss new trends in networking infrastructures, security, services and applications while focusing on virtualization and Cloud computing, network programming, Internet of things and Cloud computing convergence, Software Defined Networks (SDN) and their security. Position papers are also welcome and should be clearly marked as such. The accepted papers wil be published as a post-proceedings in Springer's LNCS. Authors are invited to submit complete unpublished papers, which are not under review in any other conference or journal, including, but not limited to, the following topic areas:
- Software Defined Networks (tools, software, concepts)
- Virtualization and Cloud computing
- Networks and Cloud computing
- Mobile computing and Mobile Cloud computing
- Security, Privacy and Trust in Networks, Services and Applications
- Green computing and networking
- Ubiquitous Computing and Sensor Networks
- System design and testbeds
- Cross-Layer Design and Optimization
- Modeling and performance evaluation
- 4G and 5G networks
- Social networks
- Cooperative networking and Self-Organizing networks
- Distributed sensing, actuation, and control in cyber-physical systems
- Internet of Things
- Vehicular networks and Connected Cars
- Crowdsourcing
- Datacenter networking
- Location-based Services
- Smart cities

For more information, please see http://cedric.cnam.fr/workshops/mspn2016/.

IWSEC 2016 11th International Workshop on Security, Tokyo, Japan, September 12-14, 2016. (Submission Due 31 March 2016) [posted here 11/23/15]
Original papers on the research and development of various security topics, as well as case studies and implementation experiences, are solicited for submission to IWSEC 2016. Topics of interest for IWSEC 2016 include all theory and practice of cryptography, information security, and network security, as in previous IWSEC workshops. In particular, we encourage the following topics in this year:
- Big Data Analysis for Security
- Critical Infrastructure Security
- Cryptanalysis
- Cryptographic Protocols
- Cybersecurity Economics
- Digital Forensics
- Enriched Cryptography
- Formal Methods
- IoT security
- Machine Learning for Security
- Malware Countermeasures
- Measurements for Cybersecurity
- Multiparty Computation
- Post Quantum Cryptography
- Privacy Preserving
- Real World Cryptography
- Visualization for Security

For more information, please see http://www.iwsec.org/2016/.

April 2016

RAID 2016 19th International Symposium on Research in Attacks, Intrusions and Defenses, Paris, France, September 19-21, 2016. (Submission Due 1 April 2016) [posted here 2/15/16]
The 19th International Symposium on Research in Attacks, Intrusions and Defenses (RAID 2016) aims at bringing together leading researchers and practitioners from academia, government, and industry to discuss novel research contributions related to computer and information security. Research papers on all topics related to cyber attacks, intrusions or defenses are within scope, including papers on:
- Malware and unwanted software
- Mobile and Web security and privacy
- Cloud computing security
- Computer and network security
- Denial-of-Service attacks
- Formal models, analysis, and standards
- Vulnerability analysis
- Secure software development
- Machine learning for security
- Computer security visualization techniques
- Cyber crime and underground economies
- Hardware security
- Program analysis and reverse engineering
- Digital forensics
- Usable security and privacy
- Intrusion detection and prevention
- Cyber physical systems
- Security measurement studies
- Security and privacy of the Internet of Things
- Threats against critical infrastructures and mitigation thereof
- Cyber intelligence techniques and threats intel sharing

For more information, please see http://www.raid2016.org/.

SIN 2016 9th International Conference on Security of Information and Networks, Rutgers University, New Jersey, NJ, USA, July 20-22, 2016. (Submission Due 1 April 2016) [posted here 2/8/16]
Papers, special sessions, tutorials, and workshops addressing all aspects of security in information and networks are being sought. Researchers and industrial practitioners working on the following and related subjects are especially encouraged: development and realization of cryptographic solutions, security schemes, new algorithms; critical analysis of existing approaches; secure information systems, especially distributed control and processing applications, and security in networks; interoperability, service levels and quality issues in such systems; information assurance, security, and public policy; detection and prevention of cybercrimes such as fraud and phishing; next generation network architectures, protocols, systems and applications; security education curriculum; industrial experiences and challenges of the above. Doctoral students are encouraged to propose papers on ongoing research. Original papers will be considered; submissions must not substantially duplicate work that any of the authors has published elsewhere or has submitted in parallel to any other conference or workshop that has proceedings. All submitted papers will be reviewed by at least three members of the program committee judging its originality, significance, correctness, presentation and relevance. Authors are also encouraged to propose position papers on practical studies and experiments, critique of existing work, emerging issues, and novel ideas under development. Enterprises and research centers developing, implementing, or using security tools and frameworks are encouraged to propose application / tool demo. Proposals of half-day tutorials on fundamental to advanced subjects covering practical implementation aspects of security are welcome. Proposals of special session(s) to be held in the main conference are welcome. Proposals are invited for workshops to be held in conjunction with SIN 2016 Conference. The workshop proposal theme should be closely related to the conference topics. Broad areas of interest include theory, tools, and applications of security for information, computer, network, and cloud but are not limited to, the following:
- Access control and intrusion detection
- Security of cyber-physical systems
- Autonomous and adaptive security
- Security tools and development platforms
- Computational intelligence techniques in security
- Security ontology, models, protocols & policies
- Computer network defense
- Standards, guidelines and certification
- Cryptographic techniques and key management
- Security-aware software engineering
- Trust and privacy
- Information assurance
- Malware analysis
- Network security and protocols
- Security in Mobile/Embedded Systems
- Cloud security
- Security education and innovative curriculum

For more information, please see http://www.sinconf.org.

I-SAT 2016 International Workshop on Information Security, Assurance, and Trust, Vancouver, BC, Canada, June 16-18, 2016. (Submission Due 4 April 2016) [posted here 1/18/16]
The goal of this workshop is to provide a forum for researchers, scientists and engineers working in academia and industry to share their experiences, new ideas and research results in the areas of information and system security, assurance, and trust. I-SAT2016 will address novel research targeting technical aspects of protecting information security and establishing trust in the digital space. New paradigms and solutions targeting emerging topics in such fields will be presented and discussed by researchers and industrial experts. The main focus of the workshop will include, but not limited to the following:
- Application Security and Threat Management
- Cyber Security, Privacy and Trust
- Modern Authentication Paradigms
- Big data security
- Database security
- Digital Fraud detection
- Social engineering and insider threats
- Cyber threat intelligence
- Cloud, Mobile, and Internet-of-Things security
- Digital forensics
- Intrusion Detection
- Biometrics
- Botnet and DDoS detection and control

For more information, please see http://i-sat.ca.

IWCC 2016 5th International Workshop on Cyber Crime, Co-located with the 11th International Conference on Availability, Reliability and Security (ARES 2016), Salzburg, Austria, August 29 - September 2, 2016. (Submission Due 4 April 2016) [posted here 2/15/16]
Today's world's societies are becoming more and more dependent on open networks such as the Internet - where commercial activities, business transactions and government services are realized. This has led to the fast development of new cyber threats and numerous information security issues which are exploited by cyber criminals. The inability to provide trusted secure services in contemporary computer network technologies has a tremendous socio-economic impact on global enterprises as well as individuals. Moreover, the frequently occurring international frauds impose the necessity to conduct the investigation of facts spanning across multiple international borders. Such examination is often subject to different jurisdictions and legal systems. A good illustration of the above being the Internet, which has made it easier to perpetrate traditional crimes. It has acted as an alternate avenue for the criminals to conduct their activities, and launch attacks with relative anonymity. The increased complexity of the communications and the networking infrastructure is making investigation of the crimes difficult. Traces of illegal digital activities are often buried in large volumes of data, which are hard to inspect with the aim of detecting offences and collecting evidence. Nowadays, the digital crime scene functions like any other network, with dedicated administrators functioning as the first responders. This poses new challenges for law enforcement policies and forces the computer societies to utilize digital forensics to combat the increasing number of cybercrimes. Forensic professionals must be fully prepared in order to be able to provide court admissible evidence. To make these goals achievable, forensic techniques should keep pace with new technologies. The aim of 5th International Workshop on Cyber Crime is to bring together the research accomplishments provided by the researchers from academia and the industry. The other goal is to show the latest research results in the field of digital forensics and to present the development of tools and techniques which assist the investigation process of potentially illegal cyber activity. We encourage prospective authors to submit related distinguished research papers on the subject of both: theoretical approaches and practical case reviews. The workshop will be accessible to both non-experts interested in learning about this area and experts interesting in hearing about new research and approaches. Topics of interest include, but are not limited to:
- Cyber crimes: evolution, new trends and detection
- Cyber crime related investigations
- Computer and network forensics
- Digital forensics tools and applications
- Digital forensics case studies and best practices
- Privacy issues in digital forensics
- Network traffic analysis, traceback and attribution
- Incident response, investigation and evidence handling
- Integrity of digital evidence and live investigations
- Identification, authentication and collection of digital evidence
- Anti-forensic techniques and methods
- Watermarking and intellectual property theft
- Social networking forensics
- Steganography/steganalysis and covert/subliminal channels
- Network anomalies detection
- Novel applications of information hiding in networks
- Political and business issues related to digital forensics and anti-forensic techniques

For more information, please see http://stegano.net/IWCC2016/.

PMSPCR 2016 Workshop on Process Mining for Security, Privacy, Compliance & Resilience, Held in conjunction with the 19th International Conference on Business Information Systems (BIS 2016), Leipzig, Germany, July 6-8, 2016. (Submission Due 12 April 2016) [posted here 1/25/16]
Security in Business Processes (BP) is an extension to well-known security analysis. Security rules are either defined by regulation, e.g. data protection law, or as guidelines for good conducts, e.g. Basel III or SOX. Business guidelines, e.g. ITIL and COBIT, form a specification of regulation and business conduct, but there are almost no satisfying approaches as far as computer science is concerned. This workshop deals with process mining as a means for security analysis. Three phases may be identified: process analysis before execution, monitoring, or after execution of the BP. With regard to the latter, logs recording the events executed in BP build the basis for Process Mining (PM), which provides methods and tools to ensure compliance to regulations and guidelines. This workshop aims to explore the potentials of process mining to bridge the gap between an analysis of workflows and a certification of compliance and security. We invite innovative and previously undisclosed contributions, but also case studies and best practices, which present the analysis of business processes related to security, resilience and privacy aspects "by design", during runtime, and forensically, based on the analysis of process logs. In this regard, we explicitly invite submission of practical contributions.

For more information, please see http://bis.kie.ue.poznan.pl/bis2016/workshops/pmspcr-2016/.

TrustCom 2016 15th IEEE International Conference on Trust, Security and Privacy in Computing and Communications, Tianjin, China, August 23-26, 2016. (Submission Due 15 April 2016) [posted here 12/7/15]
With the rapid development and increasing complexity of computer systems and communication networks, user requirements for trust, security and privacy are becoming more and more demanding. Therefore, there is a grand challenge that traditional security technologies and measures may not meet user requirements in open, dynamic, heterogeneous, mobile, wireless, and distributed computing environments. As a result, we need to build systems and networks in which various applications allow users to enjoy more comprehensive services while preserving trust, security and privacy at the same time. As useful and innovative technologies, trusted computing and communications are attracting researchers with more and more attention. The conference aims at bringing together researchers and practitioners in the world working on trusted computing and communications, with regard to trust, security, privacy, reliability, dependability, survivability, availability, and fault tolerance aspects of computer systems and networks, and providing a forum to present and discuss emerging ideas and trends in this highly challenging research field. Topics of interest include, but not limited to:
Trust Track
- Trust semantics, metrics and models
- Trusted computing platform
- Trusted network computing
- Trusted operating systems
- Trusted software and applications
- Trust in social networks
- Trust in e-commerce and e-government
- Trust in mobile and wireless communications
- Risk and reputation management
- Survivable computer systems/networks
- Trust of 5G
- Miscellaneous trust issues
Security Track
- Network security
- Computer security
- Database security
- Web applications security
- Security policy, model and architecture
- Security in social networks
- Security in parallel and distributed systems
- Security in mobile and wireless communications
- Security in grid/cloud/pervasive computing
- Authentication, authorization and accounting
- Security of 5G
- Miscellaneous security issues
Privacy Track
- Privacy in Web-based applications and services
- Privacy in database systems
- Privacy in parallel and distributed systems
- Privacy in grid/cloud/pervasive computing
- Privacy in mobile and wireless communications
- Privacy in e-commerce and e-government
- Privacy in network deployment and management
- Privacy and trust
- Privacy and security
- Privacy and anonymity
- Privacy preservation in 5G
- Miscellaneous privacy issues
Forensics Track
- Anti-forensics
- Biometrics
- Cryptanalysis
- Big data forensics
- CCTV forensics
- Cloud forensics
- Computational forensics
- Cyber-physical system forensics
- Datamining for forensics
- Facial recognition
- Fingerprint forensics
- Image forensics
- Malware forensics
- Mobile app forensics (e.g. Skype, WeChat and Facebook)
- Mobile device forensics
- Multimedia forensics
- Network forensics
- Steganography and steganalysis
- System reverse engineering
- Watermarking

For more information, please see http://adnet.tju.edu.cn/TrustCom2016/.

NSAA 2016 Workshop on Network Security Analytics and Automation, Held in conjunction with the 25th International Conference on Computer Communication and Networks (ICCCN 2016), Waikoloa, Hawaii, USA, August 1-4, 2016. (Submission Due 17 April 2016) [posted here 3/14/16]
This workshop provides a forum for researchers to explore promising new approaches to enable enterprises to quickly determine courses of action in response to ever changing computer network threats. Emphasis will be focused on building a sustained ecosystem for network security and using big data analytics techniques to determine appropriate responses to prevent massive attack events by neutralizing threats before they have a chance to gather momentum. To this end effective and safe automation and integration of security tools are critical. Topics of interest include, but not limited to:
- Cyber threat information sharing standards, ontologies, and infrastructure
- Assessing the reputation of cyber threat intelligence sources
- Course of action planning based on shared information
- Enrichment of shared threat information
- Application of big data analytics to identify threats
- Visualization of logs and attack information
- Integration of network security responses
- Orchestration of responses to threats
- Curriculum development related to network security analytics and automation
- Automation of responses
- Safety controls for automation
- Network resiliency

For more information, please see http://icccn.org/icccn16/.

GraMSec 2016 3rd International Workshop on Graphical Models for Security, Co-located with CSF 2016, Lisbon, Portugal, June 27, 2016. (Submission Due 18 April 2016) [posted here 3/7/16]
Graphical security models provide an intuitive but systematic approach to analyze security weaknesses of systems and to evaluate potential protection measures. Formal methods and cyber security researchers, as well as security professionals from industry and government, have proposed various graphical security modeling schemes. Such models are used to capture different security facets (digital, physical, and social) and address a range of challenges including vulnerability assessment, risk analysis, defense analysis, automated defensing, secure services composition, policy validation and verification. The objective of the GraMSec workshop is to contribute to the development of well-founded graphical security models, efficient algorithms for their analysis, as well as methodologies for their practical usage. The workshop seeks submissions from academia, industry, and government presenting novel research on all theoretical and practical aspects of graphical models for security. The topics of the workshop include, but are not limited to:
- Graphical models for threat modeling and analysis
- Graphical models for risk analysis and management
- Graphical models for requirements analysis and management
- Textual and graphical representation for system, organizational, and business security
- Visual security modeling and analysis of socio-technical and cyber-physical systems
- Graphical security modeling for cyber situational awareness
- Graphical models supporting the security by design paradigm
- Methods for quantitative and qualitative analysis of graphical security models
- Formal semantics and verification of graphical security models
- Methods for (semi-)automatic generation of graphical security models
- Enhancement and/or optimization of existing graphical security models
- Scalable evaluation of graphical security models
- Evaluation algorithms for graphical security models
- Dynamic update of graphical security models
- Game theoretical approaches to graphical security modeling
- Attack trees, attack graphs and their variants
- Stochastic Petri nets, Markov chains, and Bayesian networks for security
- UML-based models and other graphical modeling approaches for security
- Software tools for graphical security modeling and analysis
- Case studies and experience reports on the use of graphical security modeling paradigm

For more information, please see http://gramsec.uni.lu/.

CNS 2016 4th IEEE Conference on Communications and Network Security, Philadelphia, PA, USA, October 17-19, 2016. (Submission Due 20 April 2016) [posted here 2/29/16]
IEEE Conference on Communications and Network Security (CNS) is a conference series in IEEE Communications Society (ComSoc) core conference portfolio and the only ComSoc conference focusing solely on cyber security. IEEE CNS is also a spin-off of IEEE INFOCOM, the premier ComSoc conference on networking. The goal of CNS is to provide an outstanding forum for cyber security researchers, practitioners, policy makers, and users to exchange ideas, techniques and tools, raise awareness, and share experience related to all practical and theoretical aspects of communications and network security. Building on the success of the past three years’ conferences, IEEE CNS 2016 seeks original high-quality technical papers from academia, government, and industry. Topics of interest encompass all practical and theoretical aspects of communications and network security, all the way from the physical layer to the various network layers to the variety of applications reliant on a secure communication substrate.

For more information, please see http://cns2016.ieee-cns.org/.

ESORICS 2016 21st European Symposium on Research in Computer Security, Heraklion, Crete, September 26-30, 2016. (Submission Due 22 April 2016) [posted here 1/25/16]
ESORICS is the annual European research event in Computer Security. The Symposium started in 1990 and has been held in several European countries, attracting a wide international audience from both the academic and industrial communities. Papers offering novel research contributions in computer security are solicited for submission to the Symposium. The primary focus is on original, high quality, unpublished research and implementation experiences. We encourage submissions of papers discussing industrial research and development. Topics of interest include, but are not limited to:
- access control
- accountability
- ad hoc networks
- anonymity
- applied cryptography
- authentication
- biometrics
- data and computation integrity
- database security
- data protection
- digital content protection
- digital forensics
- distributed systems security
- embedded systems security
- inference control
- information hiding
- identity management
- information flow control
- information security governance and management
- intrusion detection
- formal security methods
- language-based security
- network security
- phishing and spam prevention
- privacy
- privacy preserving data mining
- risk analysis and management
- secure electronic voting
- security architectures
- security economics
- security metrics
- security models
- security and privacy for big data
- security and privacy in cloud scenarios
- security and privacy in complex systems
- security and privacy in content centric networking
- security and privacy in crowdsourcing
- security and privacy in the IoT
- security and privacy in location services
- security and privacy for mobile code
- security and privacy in pervasive / ubiquitous computing
- security and privacy policies
- security and privacy in social networks
- security and privacy in web services
- security and privacy in cyber-physical systems
- security, privacy and resilience in critical infrastructures
- security verification
- software security
- systems security
- trust models and management
- trustworthy user devices
- usable security and privacy
- web security
- wireless security

For more information, please see http://www.ics.forth.gr/esorics2016/.

Mycrypt 2016 2nd International Conference on Cryptology & Malicious Security, Kuala Lumpur, Malaysia, December 1-2, 2016. (Submission Due 30 April 2016) [posted here 3/7/16]
Original papers of substantial technical contribution in the areas of cryptology and malicious security are solicited for submission to the International Conference on Cryptology & Malicious Security. Submissions to Mycrypt 2016 should be aimed towards the following topic categories:
- paradigm-shifting, unconventional cryptology (e.g. malicious crypto, unconventional formulations of underlying problems, or new hard problems)
- position papers on breakthrough cryptologic/security research
- revisits/critiques/analysis of long-standing crypto paradigms/approaches/models/formulations (in fact, we also encourage paired submissions by crypto factions of opposing views, where each paper in the pair argues for/against a paradigm)
- approaches/solutions to long-standing open problems; or formulations of long-standing/thus-far adhoc security approaches
- analysis of crypto/security standardization processes & how they may be subverted
- cryptofications of the real world (e.g. new types of adversarial models and/or notions inspired by real world incidences/problems, modelling humans-in-the-security-loop)
- crypto & beyond: cryptologic techniques in union with techniques from other disciplines

For more information, please see https://foe.mmu.edu.my/mycrypt2016.

May 2016

WISTP 2016 10th WISTP International Conference on Information Security Theory and Practice, Heraklion, Crete, Greece, September 26-27, 2016. (Submission Due 3 May 2016) [posted here 2/29/16]
The 10th WISTP International Conference on Information Security Theory and Practice (WISTP 2016) seeks original submissions from academia and industry presenting novel research on all theoretical and practical aspects of security and privacy, as well as experimental studies of fielded systems, the application of security technology, the implementation of systems, and lessons learned. We encourage submissions from other communities such as law, business, and policy that present these communities' perspectives on technological issues.

For more information, please see http://www.wistp.org/.

TRUST 2016 9th International Conference on Trust & Trustworthy Computing, Vienna, Austria, August 29-30, 2016. (Submission Due 9 May 2016) [posted here 3/14/16]
TRUST 2016 is an international conference that explores new ideas and experiences in building, designing, using and understanding trustworthy computing systems. We are now calling for papers. Interested authors are invited to submit papers describing novel and previously unpublished results in building, designing, using and understanding trustworthy computing systems. Paper topics include, but are not limited to:
- Architectures for trustworthy infrastructures
- Emerging applications and technologies, including recent industrial research and development on trusted/trustworthy computing
- Hardware security, including secure storage, cryptographic coprocessors, smartcards, and physically unclonable functions (PUFs)
- Trustworthy applications, including webbased systems
- Trusted mobile computing platforms
- Trustworthy embedded, CyberPhysical, and Internet of Things systems
- Security analysis and formal techniques for trusted/trustworthy computing
- Verification of trusted/trustworthy computing (architectures, platforms, software, protocols)
- Usability of trusted/trustworthy computing solutions and humancomputer interactions
- Cloud security and trustworthy services
- Trust management
- Software engineering techniques for trustworthiness
- Operating system security, including virtualization and monitoring
- Cryptography for trusted computing and related applications
- Intrusion detection and resilience leveraging trusted computing
- Security policies and management of trusted/trustworthy systems
- Experimental, userbased or testbed studies

For more information, please see http://trust2016.sba-esearch.org/.

EuroUSEC 2016 1st European Workshop on Usable Security, Affiliated with PETS 2016, Darmstadt, Germany, July 18, 2016. (Submission Due 13 May 2016) [posted here 1/18/16]
The aim of this workshop is to bring together researchers from different areas of computer science such as security, visualisation, artificial intelligence and machine learning as well as researchers from other domains such as psychology, social science and economics. We encourage submissions from collaborative research by authors of multiple fields. Topics of interest include:
- Usability evaluation of existing security and privacy paradigms or technologies
- Design and evaluation of novel security and privacy paradigms or technologies
- Evaluation of existing security and privacy awareness and education tools
- Design and evaluation of novel security and privacy awareness and education tools
- Lessons learned from the design, deployment, management or the evaluation of security and privacy paradigms or technologies
- Foundations of usable security and privacy
- Psychological, sociological and economic aspects of security and privacy
- Methodology for usable security and privacy research

For more information, please see https://eurousec.secuso.org/2016/.

ACM CCS 2016 23rd ACM Conference on Computer and Communications Security, Vienna, Austria, October 24-28, 2016. (Submission Due 23 May 2016) [posted here 2/15/16]
The conference seeks submissions from academia, government, and industry presenting novel research results in all practical and theoretical aspects of computer and communications security. Papers should be related to the construction, evaluation, application, or operation of secure systems. Theoretical papers must make a convincing argument for the relevance of the results to secure systems. All topic areas related to computer and communications security are of interest and in scope. Accepted papers will be published by ACM Press in the conference proceedings.

For more information, please see http://www.sigsac.org/ccs/CCS2016/call-for-papers/.

SSR 2016 3rd International conference on Security Standardization Research, Gaithersburg, MD, USA, December 5-6, 2016. (Submission Due 30 May 2016) [posted here 2/29/16]
Over the last two decades a huge range of standards have been developed covering many different aspects of cyber security. These documents have been published by national and international formal standardization bodies, as well as by industry consortia. Many of these standards have become very widely used - to take just one example, the ISO/IEC 27000 series have become a commonly used basis for managing corporate information security. Despite their wide use, there will always be a need to revise existing security standards and to add new standards to cover new domains. The purpose of this conference is to discuss the many research problems deriving from studies of existing standards, the development of revisions to existing standards, and the exploration of completely new areas of standardization. Indeed, many security standards bodies are only beginning to address the issue of transparency, so that the process of selecting security techniques for standardization can be seen to be as scientific and unbiased as possible. This conference is intended to cover the full spectrum of research on security standardization, including, but not restricted to, work on cryptographic techniques (including ANSI, IEEE, IETF, ISO/IEC JTC 1/SC 27, ITU-T and NIST), security management, security evaluation criteria, network security, privacy and identity management, smart cards and RFID tags, biometrics, security modules, and industry-specific security standards (e.g. those produced by the payments, telecommunications and computing industries for such things as payment protocols, mobile telephony and trusted computing). Papers offering research contributions to the area of security standardization are solicited for submission to the SSR 2016 conference. Papers may present theory, applications or practical experience in the field of security standardization, including, but not necessarily limited to:
- access control
- biometrics
- cloud computing
- critical national infrastructure (CNI) protection
- consistency and comparison of multiple standards
- critiques of standards
- cryptanalysis
- cryptographic protocols
- cryptographic techniques
- evaluation criteria
- formal analysis of standards
- history of standardization
- identity management
- industrial control systems security
- internet security
- interoperability of standards
- intrusion detection
- key management and PKIs
- management of the standardization process
- mobile security
- network security
- open standards and open source
- payment system security
- privacy
- regional and international standards
- RFID tag security
- risk analysis
- security controls
- security management
- security protocols
- security services
- security tokens
- smart cards
- telecommunications security
- trusted computing
- web security

For more information, please see http://csrc.nist.gov/groups/ST/ssr2016/.

June 2016

SADFE 2016 11th International Conference on Systematic Approaches to Digital Forensics Engineering, Kyoto, Japan, September 20-22, 2016. (Submission Due 1 June 2016) [posted here 2/15/16]
SADFE-2016 is concerned with the generation, analysis and sustainability of digital evidence and evolving t tools and techniques that are used in this effort. Advancement in this field requires innovative methods, systems, and practices, which are grounded in solid research coupled with an understanding of user needs. Digital forensics at SADFE focuses on the issues introduced by the coupling of rapidly advancing technologies and increased globalization. We believe digital forensic engineering is vital to security, the administration of justice and the evolution of culture. Potential topics include, but are not limited to:
Digital Data and Evidence Collection:
- Identification, authentication and collection of digital evidence
- Extraction and management of forensic artifacts
- Identification and redaction of personally identifying/sensitive information
- Evidence and digital memory preservation, curation and storage
- Compliance of architectures and processes (including network processes) with forensic requirements
- Data, digital knowledge, and web mining systems for identification and authentication of data
- Honeynets and other deception technologies that collect data for forensic analysis
- Innovative forensic techniques for new technologies
Digital Evidence Management, Integrity and Analytics:
- Advanced search, analysis, and presentation of digital evidence
- Cybercrime analysis, modeling and reconstruction technologies
- Tools and techniques for combining digital and non-digital evidence
- Supporting both qualitative and quantitative evidence
- Handling of evidence and the preservation of data integrity and admissibility
- Digital evidence in the face of encryption
- Forensic-support technologies: forensic-enabled and proactive monitoring/response
Scientific Principle-Based Digital Forensic Processes
- Examination environments for digital data
- Legal/technical aspects of admissibility and evidence tests
- Forensic tool validation: legal implications and issues
- Handling increasing volumes of digital discovery
- Computational Forensics and Validation Issues in Forensic Authentication and Validation.
- Forensic Readiness by Design
- Forensics tool validation
- Computational systems and computational forensic analysis
Legal, Ethical and Technical Challenges
- Forensics, policy and ethical implications new and evolving technologies
- Legal and privacy implications for digital and computational forensic analysis
- New Evidence Decisions
- Legal case construction and digital evidence support
- Transnational Investigations/Case Integration
- Managing geographically, politically and/or jurisdictionally dispersed data artifacts
- Case studies illustrating privacy, legal and legislative issues
- Courtroom expert witness and case presentation
The Impacts of the following on any of the above
- Technological challenges
- Legal and ethical challenges
- Economic challenges
- Political challenges
- Cultural and professional challenges
- New Trends (Internet of Things, Cloud Computing, Smart City, Big Data, etc.)

For more information, please see http://sadfe.org.

PROOFS 2016 5th International Workshop on Security Proofs for Embedded Systems, Santa Barbara, California, USA, August 20, 2016. (Submission Due 4 June 2016) [posted here 3/21/16]
This workshop, the fifth in an annual series, brings together leading researchers and practitioners from academia, government, and industry to discuss the application of formal methods to the field of embedded systems security. PROOFS seeks contributions about methodologies that increase the confidence level in the security of embedded systems, especially those which contain cryptographic algorithms. Exploratory works and use-cases are especially welcomed.

For more information, please see http://www.proofs-workshop.org/.

SecureComm 2016 12th EAI International Conference on Security and Privacy in Communication Networks, Guangzhou, China, October 10-12, 2016. (Submission Due 15 June 2016) [posted here 2/22/16]
SecureComm seeks high-quality research contributions in the form of well-developed papers. Topics of interest encompass research advances in ALL areas of secure communications and networking. Topics in other areas (e.g., formal methods, database security, secure software, theoretical cryptography) will be considered only if a clear connection to private or secure communication/networking is demonstrated. Topics of interest include, but are not limited to the following:
- Security & Privacy in Wired, Wireless, Mobile, Hybrid, Sensor, Ad Hoc networks
- Network Intrusion Detection and Prevention, Firewalls, Packet Filters
- Malware Analysis and Detection including Botnets, Trojans and APTs
- Web and Systems Security
- Distributed Denial of Service Attacks and Defenses
- Communication Privacy and Anonymity
- Circumvention and Anti-Censorship Technologies
- Network and Internet Forensics Techniques
- Authentication Systems: Public Key Infrastructures, Key Management, Credential Management
- Secure Routing, Naming/Addressing, Network Management
- Security & Privacy in Pervasive and Ubiquitous Computing, e.g., RFIDs
- Security & Privacy in Peer-to-Peer and Overlay Networks
- Security & Privacy for Emerging Technologies: VoIP, Internet-of-Things, Social Networks
- Security & Isolation in Cloud, Data Center and Software-Defined Networks

For more information, please see http://securecomm.org.

IWDW 2016 15th International Workshop on Digital-forensics and Watermarking, Beijing, China, September 17-19, 2016. (Submission Due 15 June 2016) [posted here 2/29/16]
The 15th International Workshop on Digital-forensics and Watermarking (IWDW 2016) is a premier forum for researchers and practitioners working on novel research, development and applications of digital watermarking and forensics techniques for multimedia security. We invite submissions of high-quality original research papers. Areas of interest include, but are not limited to:
- Mathematical modeling of embedding and detection
- Information theoretic, stochastic aspects of data hiding
- Security issues, including attacks and counter-attacks
- Combination of data hiding and cryptography
- Optimum watermark detection and reliable recovery
- Estimation of watermark capacity
- Channel coding techniques for watermarking
- Large-scale experimental tests and benchmarking
- New statistical and perceptual models of multimedia content
- Reversible data hiding
- Data hiding in special media
- Data hiding and authentication
- Steganography and steganalysis
- Digital multimedia forensics & anti-forensics
- Copyright protection, DRM, forensic watermarking
- Visual cryptography & secret image sharing
- Security based on human vision system

For more information, please see http://www.iwdw.net/.

July 2016
August 2016

GenoPri 2016 3rd International Workshop on Genome Privacy and Security, Held in conjunction with the AMIA 2016 Annual Symposium, Chicago, IL, USA, November 12, 2016. (Submission Due 22 August 2016) [posted here 3/7/16]
Over the past several decades, genome sequencing technologies have evolved from slow and expensive systems that were limited in access to a select few scientists and forensics investigators to high-throughput, relatively low-cost tools that are available to consumers. A consequence of such technical progress is that genomics has become one of the next major challenges for privacy and security because (1) genetic diseases can be unveiled, (2) the propensity to develop specific diseases (such as Alzheimer’s) can be revealed, (3) a volunteer, accepting to have his genomic code made public, can leak substantial information about his ethnic heritage and the genomic data of his relatives (possibly against their will), and (4) complex privacy issues can arise if DNA analysis is used for criminal investigations and medical purposes. As genomics is increasingly integrated into healthcare and "recreational" services (e.g., ancestry testing), the risk of DNA data leakage is serious for both individuals and their relatives. Failure to adequately protect such information could lead to a serious backlash, impeding genomic research, that could affect the well-being of our society as a whole. This prompts the need for research and innovation in all aspects of genome privacy and security, as suggested by the non-exhaustive list of topics on the workshop website.

For more information, please see http://www.genopri.org/.

Archival Journals Regularly Specializing in Security and Privacy

Journal of Privacy Technology (JOPT),   Editor-in-Chief:  Latanya Sweeney
This online-only Journal, started in 2004 and  operated by Carnegie Mellon University, is a forum for the publication of original current research in privacy technology. It encourages the submission of any material dealing primarily with the technological aspects of privacy or with the privacy aspects of technology, which may include analysis of the interaction between policy and technology or the technological implications of legal decisions.  More information can be found at http://www.jopt.org/.

IEEE Security and Privacy Magazine,   Editor-in-Chief: Shari Lawrence Pfleeger
IEEE Security & Privacy provides a unique combination of research articles, case studies, tutorials, and regular departments covering diverse aspects of information assurance such as legal and ethical issues, privacy concerns, tools to help secure information, analysis of vulnerabilities and attacks, trends and new developments, pedagogical and curricular issues in educating the next generation of security professionals, secure operating systems and applications, security issues in wireless networks, design and test strategies for secure and survivable systems, and cryptology.  More information can be found at http://www.computer.org/portal/web/computingnow/securityandprivacy.

ACM Transactions on Information and System Security,   Editor-in-Chief: Gene Tsudik
ACM invites submissions for its Transactions on Information and System Security, inaugurated in November 1998. TISSEC publishes original archival-quality research papers and technical notes in all areas of information and system security including technologies, systems, applications, and policies. Papers should have practical relevance to the construction, evaluation, application, or operation of secure systems. Theoretical papers will be accepted only if there is convincing argument for the practical significance of the results. Theory must be justified by convincing examples illustrating its application. More information is given on the journal web page at http://www.acm.org/tissec.

IEEE Transactions on Dependable and Secure Computing,   Editor-in-Chief: Ravi Sandhu
The IEEE Transactions on Dependable and Secure Computing publishes archival research results related to research into foundations, methodologies, and mechanisms that support the achievement—through design, modeling, and evaluation—of systems and networks that are dependable and secure to the desired degree without compromising performance. The focus will also include measurement, modeling, and simulation techniques, and foundations for jointly evaluating, verifying, and designing for performance, security, and dependability constraints. More information is given on the journal web page at http://www.computer.org/portal/web/tdsc.

The Springer Series on ADVANCES IN INFORMATION SECURITY
The purpose of the Advances in Information Security book series is to establish the state of the art and set the course for future research in information security. The scope of this series includes not only all aspects of computer, network security, and cryptography, but related areas, such as fault tolerance and software assurance. The series serves as a central source of reference for information security research and developments. The series aims to publish thorough and cohesive overviews on specific topics in Information Security, as well as works that are larger in scope than survey articles and that will contain more detailed background information. The series also provides a single point of coverage of advanced and timely topics and a forum for topics that may not have reached a level of maturity to warrant a comprehensive textbook. Prospective Authors or Editors: If you have an idea for a book that would fit in this series, we would welcome the opportunity to review your proposal. Should you wish to discuss any potential project further or receive specific information regarding book proposal requirements, please contact Professor Sushil Jajodia (jajodia@gmu.edu,703-993-1653).
 
Journal of Computer Security,   Editor-in-Chief: John Mitchell and Pierangela Samarati
JCS is an archival research journal for significant advances in computer security. Subject areas include architecture, operating systems, database systems, networks, authentication, distributed systems, formal models, verification, algorithms, mechanisms, and policies. All papers must be submitted online at http://www.iospress.nl/journal/journal-of-computer-security/. More information is given on the journal web page at http://jcs.stanford.edu/.
 
Computers & Security,   Editor-in-Chief: Eugene H. Spafford
Computers & Security aims to satisfy the needs of managers and experts involved in computer security by providing a blend of research developments, innovations, and practical management advice. Original submissions on all computer security topics are invited, particularly those of practical benefit to the practitioner. All papers must be submitted online at http://ees.elsevier.com/cose/. More information can be found at http://www.elsevier.com/locate/issn/01674048.
 
International Journal of Information Security,   Editors-in-Chief: D. Gollmann; J. Lopez; E. Okamoto
The International Journal of Information Security, IJIS, aims to provide prompt publication of important technical work in information security, attracting any person interested in communications, commerce, banking, medicine, or other areas of endeavor affected by information security. Any research submission on theory, applications, and implementations of information security is welcomed. This includes, but is not limited to, system security, network security, content protection, applications and foundations of information security. More information is given on the journal web page at http://www.springer.com/computer/security+and+cryptology/journal/10207.
 
International Journal of Network Security,   Editors-in-Chief: Min-Shiang Hwang
International Journal of Network Security is an international official journal of Science Publications, publishing original articles, reviews and short communications of a high scientific and technology in network security. Subjects covered include: access control, computer security, cryptography, communications security, data security, database security, electronic commerce security, information security, multimedia security, and network security. Authors are strongly encouraged to submit their papers electronically by using online manuscript submission at http://ijns.nchu.edu.tw/, or submit their Word, ps or pdf file to the editor-in-chief (via Email: mshwang@isrc.nchu.edu.tw): Min-Shiang Hwang, at the Department of Management Information Systems, National Chung Hsing University, Taiwan, R.O.C.  More information can be found at http://ijns.femto.com.tw/.
 
International Journal of Security and Networks,   Editors-in-Chief: Yang Xiao
International Journal of Security and Networks is an archival research journal for significant advances in network security. Subject areas include attack models, security mechanisms, security services, authentication, authorization, access control, multicast security, data confidentiality, data integrity, non-repudiation, forensics, privacy protection, secure protocols, formal analyses, intrusion detection, key management, trust establishment, revocation of malicious parties, security policies, fraudulent usage, dependability and reliability, prevention of traffic analysis, network security performance evaluation, tradeoff analysis between performance and security, security standards, etc. All papers must be submitted online at http://www.inderscience.com/ijsn/. More information is given on the journal web page at http://www.inderscience.com/ijsn/.
 
International Journal of Critical Infrastructure Protection,   Editors-in-Chief: Sujeet Shenoi
International Journal of Critical Infrastructure Protection's primary aim is to publish high quality scientific and policy papers in all areas of critical infrastructure protection. Of particular interest are articles that weave science, technology and policy to craft sophisticated yet practical solutions that will secure information, computer and network assets in the various critical infrastructure sectors. All papers must be submitted online at http://www.elsevier.com/locate/ijcip. More information is given on the journal web page at http://www.elsevier.com/locate/ijcip.
 
IEEE Transactions on Information Forensics and Security,   Editors-in-Chief: C.-C. Jay Kuo
IEEE Transactions on Information Forensics and Security aims to provide a unified locus for archival research on the fundamental contributions and the mathematics behind information forensics, information security, surveillance, and systems applications that incorporate these features. Authors are strongly encouraged to submit their papers electronically to the online manuscript system, Manuscript Central, via sps-ieee.manuscriptcentral.com.  More information can be found at http://www.ieee.org/organizations/society/sp/tifs.html.
 
EURASIP Journal on Information Security,   Editors-in-Chief: Stefan Katzenbeisser
EURASIP Journal on Information Security aims to bring together researchers and practitioners dealing with the general field of information security, with a particular emphasis on the use of signal processing tools in adversarial environments. As such, it addresses all works whereby security is achieved through a combination of techniques from cryptography, computer security, machine learning and multimedia signal processing. Application domains lie, for example, in secure storage, retrieval and tracking of multimedia data, secure outsourcing of computations, forgery detection of multimedia data, or secure use of biometrics. The journal also welcomes survey papers that give the reader a gentle introduction to one of the topics covered as well as papers that report large-scale experimental evaluations of existing techniques. Pure cryptographic papers are outside the scope of the journal. The journal also welcomes proposals for Special Issues. All papers must be submitted online at http://jis.eurasipjournals.com/manuscript.  More information can be found at http://jis.eurasipjournals.com.