Cipher
Calls for Papers



IEEE Computer Society's Technical Committee on Security and Privacy


 

Last Modified:12/15/14

Note: Please send new calls to cipher-cfp@ieee-security.org and take a moment to read the submission guidelines. And please see the Cipher Calendar for events sorted in date order. For all other questions, please contact cipher-cfp@ieee-security.org by email.

Contents

 

Special Issues of Journals and Handbooks


Conference and Workshop Call-for-papers

December 2014

CPSS 2015 1st Cyber-Physical System Security Workshop, Held in conjunction with ACM AsiaCCS 2015, Singapore, April 14, 2015. (Submission Due 28 December 2014) [posted here 10/13/14]
Cyber-Physical Systems (CPS) consist of large-scale interconnected systems of heterogeneous components interacting with their physical environments. There are a multitude of CPS devices and applications being deployed to serve critical functions in our lives. The security of CPS becomes extremely important. This workshop will provide a platform for professionals from academia, government, and industry to discuss how to address the increasing security challenges facing CPS. Besides invited talks, we also seek novel submissions describing theoretical and practical security solutions to CPS. Papers that are pertinent to the security of embedded systems, SCADA, smart grid, and critical infrastructure networks are all welcome, especially in the domains of energy and transportation. Topics of interest include, but are not limited to:
- Adaptive attack mitigation for CPS
- Authentication and access control for CPS
- Availability, recovery and auditing for CPS
- Data security and privacy for CPS
- Embedded systems security
- EV charging system security
- Intrusion detection for CPS
- Key management in CPS
- Legacy CPS system protection
- Lightweight crypto and security
- SCADA security
- Security of industrial control systems
- Smart grid security
- Threat modeling for CPS
- Urban transportation system security
- Vulnerability analysis for CPS
- Wireless sensor network security

For more information, please see http://icsd.i2r.a-star.edu.sg/cpss15.

January 2015

HotSpot 2015 3rd Workshop on Hot Issues in Security Principles and Trust, London, UK, April 18, 2015. (Submission Due 5 January 2015) [posted here 12/01/14]
This workshop is intended to be a less formal counterpart to the Principles of Security and Trust (POST) conference at ETAPS, and with an emphasis on "hot topics", both of security and of its theoretical foundations and analysis. Like POST, the themes are:
- theory of computer security
- formal specification, analysis and design of security systems
- automated reasoning for security analysis

For more information, please see http://www.lucavigano.com/HotSpot2015/.

IoTPTS 2015 Workshop on IoT Privacy, Trust, and Security, Held in conjunction with ASIACCS 2015, Singapore, April 14, 2015. (Submission Due 7 January 2015) [posted here 09/22/14]
The Internet of Things (IoT) is the next great technology frontier. At a basic level, IoT refers simply to networked devices, but the IoT vision is a complex ecosystem that ranges from cloud backend services and big-data analytics to home, public, industrial, and wearable sensor devices and appliances. Architectures for these systems are in the formative stages, and now is the time to ensure privacy, trust, and security are designed into these systems from the beginning. We encourage submissions on all aspects of IoT privacy, trust, and security. Topic of interest include (but are not limited) to the following areas:
- Privacy and IoT data
- Privacy attacks for IoT
- Trust management and device discoverability for IoT
- Usability of privacy and security systems in IoT
- User risk perceptions and modeling for IoT
- Policy Management and enforcement for IoT
- Authentication and access control for users for IoT
- Cryptography for IoT
- Attack detection and remediation for IoT
- Security architectures for IoT systems and applications

For more information, please see https://sites.google.com/site/iotpts/.

W2SP 2015 Web 2.0 Security and Privacy Workshop, Held in conjunction with IEEE Symposium on Security and Privacy (SP 2015), San Jose, CA, USA, May 21, 2015. (Submission Due 12 January 2015) [posted here 10/06/14]
W2SP brings together researchers, practitioners, web programmers, policy makers, and others interested in the latest understanding and advances in the security and privacy of the web, browsers, cloud, mobile and their eco-system. We have had eight years of successful W2SP workshops. The scope of W2SP 2015 includes, but is not limited to:
- Analysis of Web, Cloud and Mobile Vulnerabilities
- Forensic Analysis of Web, Cloud and Mobile Systems
- Security Analysis of Web, Cloud and Mobile Systems
- Advances in Penetration Testing
- Advances in (SQL/code) Injection Attacks
- Trustworthy Cloud-based, Web and Mobile services
- Privacy and Reputation in Web (e.g. Social Networks), Cloud, Mobile Systems
- Security and Privacy as a Service
- Usable Security and Privacy
- Security and Privacy Solutions for the Web, Cloud and Mobile
- Identity Management, Pseudonymity and Anonymity
- Security/Privacy Web Services/Feeds/Mashups
- Provenance and Governance
- Security and Privacy Policy Management for the Web, Cloud and Mobile
- Next-Generation Web/Mobile Browser Technology
- Security/Privacy Extensions and Plug-ins
- Online Privacy and Security frameworks
- Advertisement and Affiliate fraud
- Studies on Understanding Web/Cloud/Mobile Security and Privacy
- Technical Solutions for Security and Privacy legislation
- Solutions for connecting the Business, Legal, Technical and Social aspects on Web/Cloud/Mobile Security and Privacy
- Technologies merging Economics with Security/Privacy
- Innovative Security/Privacy Solutions for Industry Verticals
- Formal methods in Security

For more information, please see http://ieee-security.org/TC/SPW2015/W2SP/cfp.html.

ACNS 2015 13th International Conference on Applied Cryptography and Network Security, New York, NY, USA, June 2-5, 2015. (Submission Due 16 January 2015) [posted here 11/03/14]
The 13th International Conference on Applied Cryptography and Network Security (ACNS 2015) seeks submissions presenting novel research on all technical aspects of applied cryptography, network and computer security, and privacy. This includes submissions on traditional cryptography and security areas (e.g., symmetric or public key cryptography, network security, privacy and anonymity), emerging areas (e.g., security and privacy for big data, outsourced computation, or digital currency), and new paradigms or non-traditional perspectives. Submissions may focus on new visions, definitions, security and privacy metrics, provably secure protocols, impossibility results, attacks, industrial challenges, case studies, experimental reports related to implementation and deployment of real-world systems or policies, or any other original research advancing the state of the art.

For more information, please see http://acns2015.cs.columbia.edu/.

GenoPri 2015 2nd International Workshop on Genome Privacy and Security, Held in conjunction with IEEE Symposium on Security and Privacy (SP 2015), San Jose, CA, USA, May 21, 2015. (Submission Due 20 January 2015) [posted here 10/06/14]
Over the past several decades, genome sequencing technologies have evolved from slow and expensive systems that were limited in access to a select few scientists and forensics investigators to high-throughput, relatively low-cost tools that are available to consumers. A consequence of such technical progress is that genomics has become one of the next major challenges for privacy and security because (1) genetic diseases can be unveiled, (2) the propensity to develop specific diseases (such as Alzheimer’s) can be revealed, (3) a volunteer, accepting to have his genomic code made public, can leak substantial information about his ethnic heritage and the genomic data of his relatives (possibly against their will), and (4) complex privacy issues can arise if DNA analysis is used for criminal investigations and medical purposes. As genomics is increasingly integrated into healthcare and "recreational" services (e.g., ancestry testing), the risk of DNA data leakage is serious for both individuals and their relatives. Failure to adequately protect such information could lead to a serious backlash, impeding genomic research, that could affect the well-being of our society as a whole. This prompts the need for research and innovation in all aspects of genome privacy and security, as suggested by the non-exhaustive list of topics below:
- Privacy-preserving analysis of and computation on genomic data
- Security and privacy metrics for the leakage of genomic data
- Cross-layer attacks to genome privacy
- Access control for genomic data
- Differentiated access rights for medical professionals
- Quantification of genome privacy
- De-anonymization attacks against genomic databases
- Efficient cryptographic techniques for enhancing security/privacy of genomic data
- Privacy enhancing technologies for genomic data
- Implications of synthetic DNA for privacy
- Applications of differential privacy to the protection of genomic data
- Storage and long-term safety of genomic data
- Secure sharing of genomic data between different entities
- Trust in genomic research and applications
- Social and economic issues for genome privacy and security
- Ethical and legal issues in genomics
- Studies of policy efforts in genomics
- User studies and perceptions
- Social and economic issues for genome privacy
- Studies of issues and challenges with informed consent
- Privacy issues in transcriptomics and proteomics
- Systematization-of-knowledge of genome privacy and security research

For more information, please see http://www.genopri.org/.

IWPE 2015 1st International Workshop on Privacy Engineering, Held in conjunction with IEEE Symposium on Security and Privacy (SP 2015), San Jose, CA, USA, May 21, 2015. (Submission Due 23 January 2015) [posted here 10/06/14]
Ongoing news reports regarding global surveillance programs, massive personal data breaches in corporate databases, and notorious examples of personal tragedies due to privacy violations have intensified societal demands for privacy-friendly systems. In response, current legislative and standardization processes worldwide aim to strengthen individual’s privacy by introducing legal and organizational frameworks that personal data collectors and processors must follow. However, in practice, these initiatives alone are not enough to guarantee that organizations and software developers will be able to identify and adopt appropriate privacy engineering techniques in their daily practices. Even if so, it is difficult to systematically evaluate whether the systems they develop using such techniques comply with legal frameworks, provide necessary technical assurances, and fulfill users’ privacy requirements. It is evident that research is needed in developing techniques that can aid the translation of legal and normative concepts, as well as user expectations into systems requirements. Furthermore, methods that can support organizations and engineers in developing (socio-)technical systems that address these requirements is of increasing value to respond to the existing societal challenges associated with privacy. While there is a consensus on the benefits of an engineering approach to privacy, concrete proposals for processes, models, methodologies, techniques and tools that support engineers and organizations in this endeavor are few and in need of immediate attention. To cover this gap, the topics of the International Workshop on Privacy Engineering (IWPE'15) focus on all the aspects surrounding privacy engineering, ranging from its theoretical foundations, engineering approaches, and support infrastructures, to its practical application in projects of different scale. IWPE’15 welcomes papers that focus on novel solutions on the recent developments in the general area of privacy engineering. Topics of interests include, but are not limited to:
- Integration of law and policy compliance into the development process
- Privacy impact assessment
- Privacy risk management models
- Privacy breach recovery Methods
- Technical standards, heuristics and best practices for privacy engineering
- Privacy engineering in technical standards
- Privacy requirements elicitation and analysis methods
- User privacy and data protection requirements
- Management of privacy requirements with other system requirements
- Privacy requirements operationalization
- Privacy engineering strategies and design patterns
- Privacy architectures
- Privacy engineering and databases
- Privacy engineering in the context of interaction design and usability
- Privacy testing and evaluation methods
- Validation and verification of privacy requirements
- Engineering Privacy Enhancing Technologies
- Models and approaches for the verification of privacy properties
- Tools supporting privacy engineering
- Teaching and training privacy engineering
- Adaptations of privacy engineering into specific software development processes
- Pilots and real-world applications
- Privacy engineering and accountability
- Organizational, legal, political and economic aspects of privacy engineering

For more information, please see http://ieee-security.org/TC/SPW2015/IWPE/.

TELERISE 2015 1st International Workshop on TEchnical and LEgal aspects of data pRIvacy and SEcurity, Co-located with ICSE 2015, Florence, Italy, May 18, 2015. (Submission Due 23 January 2015) [posted here 12/15/14]
Information sharing is essential for today's business and societal transactions. Nevertheless, such a sharing should not violate the security and privacy requirements dictated by Law, by internal regulations of organisations, and by data subjects. An effectual, rapid, and unfailing electronic data sharing among different parties, while protecting legitimate rights on these data, is a key issue with several shades. Among them, how to translate the high-level law obligations, business constraints, and users' requirements into system-level privacy policies, providing efficient and practical solutions for policy definition and enforcement. TELERISE aims at providing a forum for researchers and engineers, in academia and industry, to foster an exchange of research results, experiences, and products in the area of privacy preserving and secure data management, from a technical and legal perspective. The ultimate goal is to conceive new trends and ideas on designing, implementing, and evaluating solutions for privacy-preserving information sharing, with an eye to cross-relations between ICT and regulatory aspects of data management. Topics of interest are (but not limited to):
- Model-based and experimental assessment of data protection
- Privacy in identity management and authentication
- Modelling and analysis languages for representation, visualization, specification of legal regulations
- Technical, legal and user requirements for data protection
- User-friendly authoring tools to edit privacy preferences
- IT infrastructures for privacy and security policies management
- IT infrastructure for supporting privacy and security policies evolution
- Privacy and security policies conflict analysis and resolution strategies
- Electronic Data Sharing Agreements Representation: Languages and Management Infrastructure
- Cross-relations between privacy-preserving technical solutions and legal regulations
- Privacy aware access and usage control
- Privacy and security policies enforcement mechanisms
- Privacy preserving data allocation and storage
- Software systems compliance with applicable laws and regulations
- Heuristic for pattern identification in law text
- Empirical analysis of consumer's awareness of privacy and security policies

For more information, please see http://www.iit.cnr.it/telerise2015/.

CAV 2015 27th International Conference on Computer Aided Verification, San Francisco, California, USA, July 18-24 2015. (Submission Due 30 January 2015) [posted here 10/06/14]
CAV 2015 is the 27th in a series dedicated to the advancement of the theory and practice of computer-aided formal analysis methods for hardware and software systems. CAV considers it vital to continue spurring advances in hardware and software verification while expanding to new domains such as biological systems and computer security. The conference covers the spectrum from theoretical results to concrete applications, with an emphasis on practical verification tools and the algorithms and techniques that are needed for their implementation. The proceedings of the conference will be published in the Springer LNCS series. A selection of papers will be invited to a special issue of Formal Methods in System Design and the Journal of the ACM. Topics of interest include but are not limited to:
- Algorithms and tools for verifying models and implementations
- Hardware verification techniques
- Deductive, compositional, and abstraction techniques for verification
- Program analysis and software verification
- Verification methods for parallel and concurrent hardware/software systems
- Testing and run-time analysis based on verification technology
- Applications and case studies in verification
- Decision procedures and solvers for verification
- Mathematical and logical foundations of practical verification tools
- Verification in industrial practice
- Algorithms and tools for system synthesis
- Hybrid systems and embedded systems verification
- Verification techniques for security
- Formal models and methods for biological systems

For more information, please see http://i-cav.org/2015/.

February 2015

DIMVA 2015 12th International Conference on Detection of Intrusions and Malware & Vulnerability Assessment, Milano, Italy, July 9-10, 2015. (Submission Due 8 February 2015) [posted here 12/15/14]
The annual DIMVA conference serves as a premier forum for advancing the state of the art in intrusion detection, malware detection, and vulnerability assessment. Each year, DIMVA brings together international experts from academia, industry, and government to present and discuss novel research in these areas. This year, due to the increased threats against critical infrastructures and industrial control systems, we encourage submissions in these areas. Specifically, we welcome strong technical contributions that consider the cross-area obstacles (e.g., privacy, societal and legal aspects) that arise when deploying protection measures in the real world.

For more information, please see http://www.dimva2015.it.

WiSec 2015 8th ACM Conference on Security and Privacy in Wireless and Mobile Networks, New York City, NY, USA, June 22-26, 2015. (Submission Due 10 February 2015) [posted here 11/17/14]
ACM WiSec is the leading ACM and SIGSAC conference dedicated to all aspects of security and privacy in wireless and mobile and mobile networks and their applications. In addition to the traditional ACM WiSec topics of physical, link, and network layer security, we welcome papers focusing on the security and privacy of mobile software platforms, usable security and privacy, biometrics, cryptography, and the increasingly diverse range of mobile or wireless applications such as Internet of Things, and Cyber-Physical Systems. The conference welcomes both theoretical as well as systems contributions. Topics of interest include, but are not limited to:
- Mobile malware and platform security
- Security & Privacy for Smart Devices (e.g., Smartphones)
- Wireless and mobile privacy and anonymity
- Secure localization and location privacy
- Cellular network fraud and security
- Jamming attacks and defenses
- Key extraction, agreement, or distribution
- Theoretical foundations, cryptographic primitives, and formal methods
- NFC and smart payment applications
- Security and privacy for mobile sensing systems
- Wireless or mobile security and privacy in health, automotive, avionics, or smart grid applications
- Self-tracking/Quantified Self Security and Privacy
- Physical Tracking Security and Privacy
- Usable Mobile Security and Privacy
- Economics of Mobile Security and Privacy
- Bring Your Own Device (BYOD) Security

For more information, please see http://www.sigsac.org/wisec/WiSec2015/.

EUSIPCO 2015 23rd European Signal Processing Conference, Information Forensics and Security Track, Nice, Cote d' Azur, France, August 31 - September 4, 2015. (Submission Due 13 February 2015) [posted here 12/15/14]
EUSIPCO is the flagship conference of the European Association for Signal Processing (EURASIP). EUSIPCO 2015 will feature world-class speakers, oral and poster sessions, keynotes, exhibitions, demonstrations and tutorials and is expected to attract in the order of 600 leading researchers and industry figures from all over the world. The Information Forensics and Security Track addresses all works whereby security is achieved through a combination of techniques from cryptography, computer security, machine learning and multimedia signal processing.

For more information, please see http://www.eusipco2015.org.

PETS 2015 15th Privacy Enhancing Technologies Symposium, Philadelphia, PA, USA, June 30 - July 2, 2015. (Submission Due 22 November 2014 or 15 February 2015) [posted here 09/22/14]
The annual Privacy Enhancing Technologies Symposium (PETS) brings together privacy and anonymity experts from around the world to discuss recent advances and new perspectives. PETS addresses the design and realization of privacy services for the Internet and other data systems and communication networks. Papers should present novel practical and/or theoretical research into the design, analysis, experimentation, or fielding of privacy-enhancing technologies. While PETS has traditionally been home to research on anonymity systems and privacy-oriented cryptography, we strongly encourage submissions in a number of both well-established and some emerging privacy-related topics.

*** New starting this year ***: Papers will undergo a journal-style reviewing process and be published in the Proceedings on Privacy Enhancing Technologies (PoPETs). PoPETs, a scholarly journal for timely research papers on privacy, has been established as a way to improve reviewing and publication quality while retaining the highly successful PETS community event. PoPETs will be published by De Gruyter Open (http://degruyteropen.com/), the world's second largest publisher of Open Access academic content, and part of the De Gruyter group (http://www.degruyter.com/), which has over 260 years of publishing history. Authors can submit papers to one of several submission deadlines during the year. Papers are provided with major/minor revision decisions on a predictable schedule, where we endeavor to assign the same reviewers to major revisions. Authors can address the concerns of reviewers in their revision and rebut reviewer comments before a final decision on acceptance is made. Papers accepted for publication by May 15th will be presented at that year's symposium. Note that accepted papers must be presented at PETS. Suggested topics include but are not restricted to:
- Behavioural targeting
- Building and deploying privacy-enhancing systems
- Crowdsourcing for privacy
- Cryptographic tools for privacy
- Data protection technologies
- Differential privacy
- Economics of privacy and game-theoretical approaches to privacy
- Forensics and privacy
- Human factors, usability and user-centered design for PETs
- Information leakage, data correlation and generic attacks to privacy
- Interdisciplinary research connecting privacy to economics, law, ethnography, psychology, medicine, biotechnology
- Location and mobility privacy
- Measuring and quantifying privacy
- Obfuscation-based privacy
- Policy languages and tools for privacy
- Privacy and human rights
- Privacy in ubiquitous computing and mobile devices
- Privacy in cloud and big-data applications
- Privacy in social networks and microblogging systems
- Privacy-enhanced access control, authentication, and identity management
- Profiling and data mining
- Reliability, robustness, and abuse prevention in privacy systems
- Surveillance
- Systems for anonymous communications and censorship resistance
- Traffic analysis
- Transparency enhancing tools

For more information, please see https://www.petsymposium.org/2015/.

LangSec 2015 2nd Workshop on Language-Theoretic Security, Held in conjunction with IEEE Symposium on Security and Privacy (SP 2015), San Jose, CA, USA, May 21, 2015. (Submission Due 16 February 2015) [posted here 10/06/14]
LangSec workshop solicits contributions related to the growing area of language-theoretic security. LangSec offers a coherent explanation for the "science of insecurity" as more than an ad hoc collection of software mistakes or design flaws. This explanation is predicated on the connection between fundamental computability principles and the continued existence of software flaws. LangSec posits that the only path to trustworthy software that takes untrusted inputs is treating all valid or expected inputs as a formal language and treating the respective input-handling routines as a recognizer for that language. The LangSec approach to system design is primarily concerned with achieving practical assurance: development that is rooted in fundamentally sound computability theory, but is expressed as efficient and practical systems components. One major objective of the workshop is to develop and share this viewpoint with attendees and the broader systems security community to help establish a foundation for research based on LangSec principles. The overall goal of the workshop is to bring more clarity and focus to two complementary areas: (1) practical software assurance and (2) vulnerability analysis (identification, characterization, and exploit development). The LangSec community views these activities as related and highly structured engineering disciplines and seeks to provide a forum to explore and develop this relationship.

For more information, please see http://spw15.langsec.org/index.html.

USENIX-Security 2015 24th USENIX Security Symposium, Washington, D.C., USA, August 12-14, 2015. (Submission Due 16 February 2015) [posted here 11/17/14]
The USENIX Security Symposium brings together researchers, practitioners, system administrators, system programmers, and others interested in the latest advances in the security and privacy of computer systems and networks. All researchers are encouraged to submit papers covering novel and scientifically significant practical works in computer security. Refereed paper submissions are solicited in all areas relating to systems research in security and privacy, including but not limited to:
- Systems security
- Cryptographic implementation analysis and construction, applied cryptography
- Programming language security
- Web security
- Hardware security
- Network security
- Privacy-enhancing technologies, anonymity
- Human-computer interaction, security, and privacy
- Social issues and security
- Security analysis
- Security measurement studies

For more information, please see https://www.usenix.org/conference/usenixsecurity15.

RFIDSec 2015 11th Workshop on RFID Security, Co-located with ACM WiSec 2015, New York City, NY, USA, June 22-23, 2015. (Submission Due 17 February 2015) [posted here 11/17/14]
The RFIDSec workshop is the premier international venue on the latest technological advances in security and privacy in Radio Frequency Identification (RFID). The 11th edition of RFIDSec continues the effort to broaden the scope towards solutions for security and privacy in related constrained environments: Internet of Things, NFC devices, Wireless Tags, and more. Attendees from academia, industry and government can network with a broad range of international experts. The workshop will include both invited and contributed talks. We invite researchers to submit their latest results in Security and Privacy for RFID as well as for associated technologies. Topics of interest include:
- Implementations of cryptography and protocols with constrained resources in terms of energy, power, computation resources and memory footprint
- Lightweight cryptography and cryptographic protocols
- Efficient and secure processor architectures for constrained environments
- Tamper and reverse-engineering resistant designs for constrained platforms
- Side-channel and fault attacks as well as countermeasures
- Novel implementations of cryptography to support privacy and untraceability
- Cross-layer engineering of constrained secure implementations within secure systems
- Novel technologies and applications such as NFC, IC anti-counterfeiting, and Internet of Things
- Design issues related to scalability, large-scale deployment and management of secure tags

For more information, please see http://rfidsec2015.iaik.tugraz.at/.

EDFC 2015 National Conference on Ethics and Digital Forensics, Arlington, VA, USA, May 13-15, 2015. (Extended Abstract Submission Due 28 February 2015) [posted here 12/01/14]
The National Science Foundation (NSF) and Alabama Cyber Research Consortium (ALCRC) are hosting the first interdisciplinary conference on professional ethics and digital forensics: Professional Ethics and Digital Forensics: An Interdisciplinary Conference. This conference will provide opportunities for both academics and practitioners to address a pressing issue in digital forensics: the lack of unifying ethical standards, procedures and guidelines for routine activities, such as digital forensic analysis, cybercrime case processing, and data mining/surveillance. This conference will also explore cyber ethics from the following interdisciplinary perspectives: Digital Forensic Investigations, Social and Behavioral Sciences, Jurisprudence, and Cyber Education and Awareness.

For more information, please see http://edfc.thecenter.uab.edu.

March 2015

SECRYPT 2015 12th International Conference on Security and Cryptography, Colmar, Alsace, France, July 20 - 22, 2015. (Submission Due 3 March 2015) [posted here 11/17/14]
SECRYPT is an annual international conference covering research in information and communication security. The conference seeks submissions from academia, industry, and government presenting novel research on all theoretical and practical aspects of data protection, privacy, security, and cryptography. Papers describing the application of security technology, the implementation of systems, and lessons learned are also encouraged. Papers describing new methods or technologies, advanced prototypes, systems, tools and techniques and general survey papers indicating future directions are also encouraged. Topics of interest include:
- Access Control
- Applied Cryptography
- Biometrics Security and Privacy
- Critical Infrastructure Protection
- Data Integrity
- Data Protection
- Database Security and Privacy
- Digital Forensics
- Digital Rights Management
- Ethical and Legal Implications of Security and Privacy
- Formal Methods for Security
- Human Factors and Human Behavior Recognition Techniques
- Identification, Authentication and Non-repudiation
- Identity Management
- Information Hiding
- Information Systems Auditing
- Insider Threats and Countermeasures
- Intellectual Property Protection
- Intrusion Detection & Prevention
- Management of Computing Security
- Network Security
- Organizational Security Policies
- Peer-to-Peer Security
- Personal Data Protection for Information Systems
- Privacy
- Privacy Enhancing Technologies
- Reliability and Dependability
- Risk Assessment
- Secure Software Development Methodologies
- Security and Privacy for Big Data
- Security and privacy in Complex Systems
- Security and Privacy in Crowdsourcing
- Security and Privacy in IT Outsourcing
- Security and Privacy in Location-based Services
- Security and Privacy in Mobile Systems
- Security and Privacy in Pervasive/Ubiquitous Computing
- Security and Privacy in Smart Grids
- Security and Privacy in Social Networks
- Security and Privacy in the Cloud
- Security and Privacy in Web Services
- Security and Privacy Policies
- Security Area Control
- Security Deployment
- Security Engineering
- Security in Distributed Systems
- Security Information Systems Architecture
- Security Management
- Security Metrics and Measurement
- Security Protocols
- Security requirements
- Security Verification and Validation
- Sensor and Mobile Ad Hoc Network Security
- Service and Systems Design and QoS Network Security
- Software Security
- Trust management and Reputation Systems
- Ubiquitous Computing Security
- Wireless Network Security

For more information, please see http://www.secrypt.icete.org.

SOUPS 2015 Symposium On Usable Privacy and Security, Ottawa, Canada, July 22-24, 2015. (Submission Due 6 March 2015) [posted here 12/01/14]
The 2015 Symposium on Usable Privacy and Security (SOUPS) will bring together an interdisciplinary group of researchers and practitioners in human computer interaction, security, and privacy. We invite authors to submit original papers describing research or experience in all areas of usable privacy and security. We welcome a variety of research methods, including both qualitative and quantitative approaches. Topics include, but are not limited to:
- innovative security or privacy functionality and design
- new applications of existing models or technology
- field studies of security or privacy technology
- usability evaluations of new or existing security or privacy features
- security testing of new or existing usability features
- longitudinal studies of deployed security or privacy features
- studies of administrators or developers and support for security and privacy
- the impact of organizational policy or procurement decisions, and
- lessons learned from the deployment and use of usable privacy and security features
- reports of replicating previously published studies and experiments
- reports of failed usable security studies or experiments, with the focus on the lessons learned from such experience

For more information, please see http://cups.cs.cmu.edu/soups/.

Archival Journals Regularly Specializing in Security and Privacy

Journal of Privacy Technology (JOPT),   Editor-in-Chief:  Latanya Sweeney
This online-only Journal, started in 2004 and  operated by Carnegie Mellon University, is a forum for the publication of original current research in privacy technology. It encourages the submission of any material dealing primarily with the technological aspects of privacy or with the privacy aspects of technology, which may include analysis of the interaction between policy and technology or the technological implications of legal decisions.  More information can be found at http://www.jopt.org/.

IEEE Security and Privacy Magazine,   Editor-in-Chief: Shari Lawrence Pfleeger
IEEE Security & Privacy provides a unique combination of research articles, case studies, tutorials, and regular departments covering diverse aspects of information assurance such as legal and ethical issues, privacy concerns, tools to help secure information, analysis of vulnerabilities and attacks, trends and new developments, pedagogical and curricular issues in educating the next generation of security professionals, secure operating systems and applications, security issues in wireless networks, design and test strategies for secure and survivable systems, and cryptology.  More information can be found at http://www.computer.org/portal/web/computingnow/securityandprivacy.

ACM Transactions on Information and System Security,   Editor-in-Chief: Gene Tsudik
ACM invites submissions for its Transactions on Information and System Security, inaugurated in November 1998. TISSEC publishes original archival-quality research papers and technical notes in all areas of information and system security including technologies, systems, applications, and policies. Papers should have practical relevance to the construction, evaluation, application, or operation of secure systems. Theoretical papers will be accepted only if there is convincing argument for the practical significance of the results. Theory must be justified by convincing examples illustrating its application. More information is given on the journal web page at http://www.acm.org/tissec.

IEEE Transactions on Dependable and Secure Computing,   Editor-in-Chief: Ravi Sandhu
The IEEE Transactions on Dependable and Secure Computing publishes archival research results related to research into foundations, methodologies, and mechanisms that support the achievement—through design, modeling, and evaluation—of systems and networks that are dependable and secure to the desired degree without compromising performance. The focus will also include measurement, modeling, and simulation techniques, and foundations for jointly evaluating, verifying, and designing for performance, security, and dependability constraints. More information is given on the journal web page at http://www.computer.org/portal/web/tdsc.

The Springer Series on ADVANCES IN INFORMATION SECURITY
The purpose of the Advances in Information Security book series is to establish the state of the art and set the course for future research in information security. The scope of this series includes not only all aspects of computer, network security, and cryptography, but related areas, such as fault tolerance and software assurance. The series serves as a central source of reference for information security research and developments. The series aims to publish thorough and cohesive overviews on specific topics in Information Security, as well as works that are larger in scope than survey articles and that will contain more detailed background information. The series also provides a single point of coverage of advanced and timely topics and a forum for topics that may not have reached a level of maturity to warrant a comprehensive textbook. Prospective Authors or Editors: If you have an idea for a book that would fit in this series, we would welcome the opportunity to review your proposal. Should you wish to discuss any potential project further or receive specific information regarding book proposal requirements, please contact Professor Sushil Jajodia (jajodia@gmu.edu,703-993-1653).
 
Journal of Computer Security,   Editor-in-Chief: John Mitchell and Pierangela Samarati
JCS is an archival research journal for significant advances in computer security. Subject areas include architecture, operating systems, database systems, networks, authentication, distributed systems, formal models, verification, algorithms, mechanisms, and policies. All papers must be submitted online at http://www.iospress.nl/journal/journal-of-computer-security/. More information is given on the journal web page at http://jcs.stanford.edu/.
 
Computers & Security,   Editor-in-Chief: Eugene H. Spafford
Computers & Security aims to satisfy the needs of managers and experts involved in computer security by providing a blend of research developments, innovations, and practical management advice. Original submissions on all computer security topics are invited, particularly those of practical benefit to the practitioner. All papers must be submitted online at http://ees.elsevier.com/cose/. More information can be found at http://www.elsevier.com/locate/issn/01674048.
 
International Journal of Information Security,   Editors-in-Chief: D. Gollmann; J. Lopez; E. Okamoto
The International Journal of Information Security, IJIS, aims to provide prompt publication of important technical work in information security, attracting any person interested in communications, commerce, banking, medicine, or other areas of endeavor affected by information security. Any research submission on theory, applications, and implementations of information security is welcomed. This includes, but is not limited to, system security, network security, content protection, applications and foundations of information security. More information is given on the journal web page at http://www.springer.com/computer/security+and+cryptology/journal/10207.
 
International Journal of Network Security,   Editors-in-Chief: Min-Shiang Hwang
International Journal of Network Security is an international official journal of Science Publications, publishing original articles, reviews and short communications of a high scientific and technology in network security. Subjects covered include: access control, computer security, cryptography, communications security, data security, database security, electronic commerce security, information security, multimedia security, and network security. Authors are strongly encouraged to submit their papers electronically by using online manuscript submission at http://ijns.nchu.edu.tw/, or submit their Word, ps or pdf file to the editor-in-chief (via Email: mshwang@isrc.nchu.edu.tw): Min-Shiang Hwang, at the Department of Management Information Systems, National Chung Hsing University, Taiwan, R.O.C.  More information can be found at http://ijns.femto.com.tw/.
 
International Journal of Security and Networks,   Editors-in-Chief: Yang Xiao
International Journal of Security and Networks is an archival research journal for significant advances in network security. Subject areas include attack models, security mechanisms, security services, authentication, authorization, access control, multicast security, data confidentiality, data integrity, non-repudiation, forensics, privacy protection, secure protocols, formal analyses, intrusion detection, key management, trust establishment, revocation of malicious parties, security policies, fraudulent usage, dependability and reliability, prevention of traffic analysis, network security performance evaluation, tradeoff analysis between performance and security, security standards, etc. All papers must be submitted online at http://www.inderscience.com/ijsn/. More information is given on the journal web page at http://www.inderscience.com/ijsn/.
 
International Journal of Critical Infrastructure Protection,   Editors-in-Chief: Sujeet Shenoi
International Journal of Critical Infrastructure Protection's primary aim is to publish high quality scientific and policy papers in all areas of critical infrastructure protection. Of particular interest are articles that weave science, technology and policy to craft sophisticated yet practical solutions that will secure information, computer and network assets in the various critical infrastructure sectors. All papers must be submitted online at http://www.elsevier.com/locate/ijcip. More information is given on the journal web page at http://www.elsevier.com/locate/ijcip.
 
IEEE Transactions on Information Forensics and Security,   Editors-in-Chief: C.-C. Jay Kuo
IEEE Transactions on Information Forensics and Security aims to provide a unified locus for archival research on the fundamental contributions and the mathematics behind information forensics, information security, surveillance, and systems applications that incorporate these features. Authors are strongly encouraged to submit their papers electronically to the online manuscript system, Manuscript Central, via sps-ieee.manuscriptcentral.com.  More information can be found at http://www.ieee.org/organizations/society/sp/tifs.html.
 
EURASIP Journal on Information Security,   Editors-in-Chief: Stefan Katzenbeisser
EURASIP Journal on Information Security aims to bring together researchers and practitioners dealing with the general field of information security, with a particular emphasis on the use of signal processing tools in adversarial environments. As such, it addresses all works whereby security is achieved through a combination of techniques from cryptography, computer security, machine learning and multimedia signal processing. Application domains lie, for example, in secure storage, retrieval and tracking of multimedia data, secure outsourcing of computations, forgery detection of multimedia data, or secure use of biometrics. The journal also welcomes survey papers that give the reader a gentle introduction to one of the topics covered as well as papers that report large-scale experimental evaluations of existing techniques. Pure cryptographic papers are outside the scope of the journal. The journal also welcomes proposals for Special Issues. All papers must be submitted online at http://jis.eurasipjournals.com/manuscript.  More information can be found at http://jis.eurasipjournals.com.