Contents

Past Conferences and Other Announcements - 2004

ACSAC 20 The 20th Annual Computer Security Applications Conference, Hilton Tucson El Conquistador, Tucson, AZ, USA, December 6-10, 2004.  [posted here 5/14/04]
The 19th Annual Computer Security Applications Conference is an internationally recognized conference that provides a forum for experts in information system security to exchange practical ideas about solving real problems. Papers and proposals that address the application of technology, the implementation of systems, and lessons learned will be given special consideration. The ACSAC Program Committee is looking for papers, panels, forums, case studies presentations, tutorials, workshops, and works in progress that address practical solutions to problems related to protecting commercial enterprises or government information infrastructures.
 

A list of topics of interest along with other conference information can be found at www.acsac.org.

ISWC2004 3rd Workshop on Trust, Security, and Reputation on the Semantic Web, Hiroshima, Japan, November 7, 2004. [posted here 5/29/04]
This workshop will bring together researchers from different communities to examine cutting-edge approaches towards the establishment of these security, trust, and reputation                         
infrastructures. The emphasis will be to advance and integrate security and trust related research from the semantic web, logical reasoning, grid, agent, peer-to-peer, and web services.                        
                                                                               
The workshop will include both presentations of research papers and demonstrations of implemented systems. We envisage a wide variety of
contributions both from the area of traditional security and access control research as well as from the area of reputation propagation and social network theory.

<>Workshop topics include, but are not limited to, the following:                
                                                                               
    - rule-based policies, contracts and business rules                        
    - natural-language and visual interfaces for policy languages              
    - rules and ontologies for security, trust and privacy                     
    - digitally signed RDF                                                     
    - security requirements engineering                                        
    - trust establishment and automated trust negotiation                      
    - decentralized trust infrastructures for semantic web and grid environments                                                             
    - trust metrics and models                                                 
    - trust and provenance                                                     
    - trust and reputation management and propagation                          
    - friends of a friend networks / FOAF                                      
    - distributed computation of trust                                         
    - security and trust for agents, peer-to-peer, grid and web services       
    - case studies on security and trust applications                          

For more info, see  http://trust.mindswap.org/trustWorkshop/

NORDSEC2004 9th Nordic Workshop on Secure IT Systems, Espoo, Finland, November 4-5, 2004.  [posted here 5/13/04]
 

The NORDSEC workshops started in 1996 with the aim of bringing researchers and practitioners within computer security in the Nordic countries. The theme of the workshop has been applied security, i.e. all kinds of security issues that could encourage interchange and cooperation between the research community and the industrial/consumer community. Possible topics include, but are not limited to the following:

- Privacy and Privacy Enhancing Technologies
- Wireless Communication Security
- Inter/Intra/Extranet Security
- Security Protocol Modeling and Analysis
- E-and M-Business Security
- New Firewall Technologies
- Secure Infrastructures; TTP, PKI, Key Escrow/Recovery
- Computer Crime and Information Warfare
- Detecting Attacks, Intrusions and Computer Misuse
- Smart Card Applications
- Security Management and Audit
- Security Evaluations and Measurements
- Security in Commercial off-the-shelf Products, COTS
- Operating System Security
- Security Models
- New Ideas and Paradigms for Security
- Security Education and Training
- Quality of Service or Software Engineering in Relation to Security

The workshop will consist of paper sessions, panel discussions and invited talks. For a complete call for papers, see http://www.tml.hut.fi/Nordsec2004/call_for_papers.html

PSDM04, ICDM Workshop on Privacy and Security Aspects of Data Mining, November 1, 2004, Brighton, UK. [posted here 8/4/04]
The goal of this workshop is to discuss issues of privacy and security in data mining, synergize different views of techniques and policies, and 
brainstorm future research directions. Although techniques, such as random perturbation, cryptographic-based methods, and database inference
control have been developed, many of the key problems still remain open in this area.  Especially, new privacy and security issues have been
identified, and the scope of this problem has been expanded. In addition to these existing technologies, people attempt to explore new approaches
to tackle the problem.
 

Furthermore, special techniques may be needed to deal with some data mining applications, such as privacy-preserving mining of imbalanced
data, bioinformatics data, streaming data, etc. It would be valuable to both the privacy and security community and the data
mining community to examine the progress achieved in this area.  Researchers with interest in the areas of privacy and
security as well as data mining and machine learning are strongly encouraged to attend the workshop.                                                                       
                                               
Topics of Interest                                                              
                                                                   
- Privacy and security protection during the phase of data collection,  including privacy and security policies, data ownership, identity theft protection.
- Access control techniques and secure data models.
- Secure learning algorithms for randomized/perturbed data.
- Privacy-Preserving multi-party data mining.
- Trust management for data mining.
- Learning from imbalanced data, streaming data, and bioinformatics data
- Trust management for data mining.
- Learning from imbalanced data, streaming data, and bioinformatics data while preserving data  privacy.                   
- Inference/disclosure related data mining.
- Privacy protection in E-Commerce.
- Privacy laws for fraud detection and for protecting personal data, medical data, and the public release of data.                          
- Secure link analysis and social network analysis.
- Data mining applications for terrorist detection.
- Privacy enhancement technologies in web environments.                        
- Privacy guarantees and usability of perturbation and randomization techniques.                                                              
- Analysis of confidentiality control methods.                         
 

For complete call-for-paper information, please see http://chacs.nrl.navy.mil/psdm04
 

VizDMSEC Workshop on Visualization and Data Mining for Computer Security, Washington DC, USA, October 29, 2004.  [posted here 5/29/04]
                   
Information about security on large and complex computer networks is high volume, heterogeneous, distributed, and dynamic over time.  Of             
interest to this workshop are two complementary methods to process high-dimensional data into knowledge: visualization and data mining.
Visualization represents high-dimension security data in 2D/3D  graphics and animations intended to facilitate quick inferences for
situational awareness and focusing of attention on potential security events.  Data mining focuses on algorithms to accurately detect
patterns in high-dimension security data representing unauthorized system access or computer network attacks. Papers with demonstrated
results will be given priority.                                                 
                                                                                
More information on this workshop can be found at  http://www.cs.fit.edu/~pkc/vizdmsec04/ .

WPES'04 ACM Workshop on Privacy in Electronic Society, George Mason University, Washington DC, USA, October 28, 2004. [posted here 5/29/04]
                   
 This workshop is being held as part of the 11th ACM conference on Computer and Communicutions Security. The workshop seeks submissions from academia and industry presenting novel research on all theoretical and practical aspects of electronic privacy, as well as experimental studies of fielded systems. We encourage submissions from other communities such as law and business that present these communities' perspectives on technological issues.
 

Topics of interest include, but are not limited to:

anonymity, pseudonymity, and unlinkability                     privacy and confidentiality management
business model with privacy requirements                           privacy in the electronic records
data protection from correlation and leakage attacks         privacy in health care and public administration
electronic communication privacy                                        public records and personal privacy
information dissemination control                                        privacy and virtual identity
privacy-aware access control                                                  personally identifiable information
privacy in the digital business                                               privacy policy enforcement
privacy enhancing technologies                                           privacy and data mining
privacy policies and human rights                                        relationships between privacy and security
privacy and anonymity in Web transactions                     user profiling
privacy threats                                                                          wireless privacy
 

For more information, please see:  http://seclab.dti.unimi.it/wpes2004/
 

ICICS 2004   Sixth International Conference on Information and Communications Security, Malaga, Spain, October 27-29, 2004.  [posted here 2/18/04]
The 2004 International Conference on Information and Communications Security will be the sixth event in the ICICS conference series, started
in 1997, that brings together individuals involved in multiple disciplines of Information and Communications Security in order to foster exchange
of ideas. Original papers are solicited for submission.

Areas of interest include but are not limited to:

- Anonymity                                     
- Authentication and Authorization
- Biometrics                                    
- Computer Forensics
- Critical Infrastructures Protection
- Cryptography and its Applications
- Data and Systems Integrity            
- Design and Analysis of Cryptosystems
- Electronic Commerce Security          
- Fraud Control and Information Hiding
- Information and Security Assurance  
- Intellectual Property Protection
- Intrusion Detection and Response      
- Key Management and Key Recovery
- Mobile Communications Security        
- Network Security
- Privacy Protection                    
- Risk Evaluation and Security Certification
- Security Models                               
- Security Protocols
- Software Protection                   
- Smart Cards
- Trust Management                              
- Watermarking

For more information, see http://icics04.lcc.uma.es for details.

FMSE'04 2nd ACM Workshop on Formal Methods in Security Engineering: From Specifications to Code, Washington DC, USA, October 28, 2004. [posted here 5/29/04]
                   
 This workshop is being held as part of the 11th ACM conference on Computer and Communicutions Security.We aim to bring together researchers and practitioners from both the security and the software engineering communities, from academia and industry, who are working on applying formal methods to designing and validating large-scale systems. We are seeking submissions addressing foundational issues in:

    - security specification techniques
    - formal trust models
    - combination of formal techniques with semi-formal techniques like UML
    - formal analyses of specific security properties relevant to software development
    - security-preserving composition and refinement of processes
    - faithful abstractions of cryptographic primitives and protocols in process abstractions
    - integration of formal security specification, refinement and validation techniques in development methods and tools.

The primary focus is on high-quality original unpublished research and case studies.
 

For more information, please see: http://www.zurich.ibm.com/~mbc/FMSE04/call.html

ACM MOBIWAC ACM International Workshop on Mobility Management and Wireless Access (with Mobicom 2004), Philadelphia, PA, USA, October 25, 2004. [posted here 6/30/04]
This workshop solicits papers, both form researchers and practitioners, dealing with mobile computing and wireless access technologies,
with an emphasis on mobility and location management, ubiquitous and ad hoc access, awareness,
mobile computational ambient agents, natural interaction and seamless access.
                                                                               
The workshop will include contributed technical papers, invited papers, panel discussions and tools demonstrations.                                    

Authors are encouraged to submit both theoretical and practical results of significance on all aspects of wireless and mobile access technologies         
with an emphasis on mobility management and wireless access.

The scope of this workshop includes, but is not limited, to:

- Wireless/Mobile Access Protocols
- Wireless Web Access
- Fault Tolerance in Wireless Access Networks
- Application development for embedded electronics and mobile devices
  (with J2ME Wireless Devices, etc.)
- Wireless Multimedia Protocols
- Design and architecture of wireless communication and mobile computing
- Mobile service and QoS management
- Localization and tracking of mobile users
- Modeling of wireless devices and networks
- Large scale simulation
- Channel Allocation
- Analysis of correctness and efficiency of protocols
- Pervasive Computing
- Ubiquitous and mobile access
- Security and privacy issues
- Awareness-dependent wireless applications
- Interactive applications
- Awareness-dependent wireless applications
- Interactive applications
- Context-awareness
- Wireless, ad hoc and sensor access devices
- Wireless internet access technologies
- Mobile commerce technologies

For more info, see http://ru1.cti.gr/mobiwac04/

SASN2004 ACM Workshop on Security of Ad Hoc and Sensor Networks, Wyndham City Hotel, Washington, DC, October 25, 2004.  [posted here 5/13/04]
This workshop seeks submissions from academia and industry presenting novel research on all aspects of security for ad hoc and sensor networks, as well as experimental studies of fielded systems.  Submission of papers
based on work-in-progress is encouraged.  Topics of interest include, but are not limited to, the following as they relate to wireless networks,mobile ad hoc networks, or sensor networks:

- Security under resource constraints, e.g., energy, bandwidth, memory, and computation constraints
- Performance and security tradeoffs
- Secure roaming across administrative domains
- Key management
- Cryptographic protocols
- Authentication and access control
- Trust establishment, negotiation, and management
- Intrusion detection and tolerance
- Secure location services
- Privacy and anonymity
- Secure routing
- Secure MAC protocols
- Denial of service
- Prevention of traffic analysis

For more info, see http://www.cs.gmu.edu/sasn

DRM2004 ACM Workshop on Digital Rights Management, Wyndham City Hotel, Washington, DC, October 25, 2004. [posted here 5/29/04]
This workshop seeks submissions from academia and industry presenting novel research on all aspects of security for ad hoc and sensor networks, as well as experimental studies of fielded systems.  Submission of papers
based on work-in-progress is encouraged.  Topics of interest include, but are not limited to, the following as they relate to wireless networks,mobile ad hoc networks, or sensor networks:

- Security under resource constraints, e.g., energy, bandwidth, memory, and computation constraints
- Performance and security tradeoffs
- Secure roaming across administrative domains
- Key management
- Cryptographic protocols
- Authentication and access control
- Trust establishment, negotiation, and management
- Intrusion detection and tolerance
- Secure location services
- Privacy and anonymity
- Secure routing
- Secure MAC protocols
- Denial of service
- Prevention of traffic analysis

For more info, see http://mollie.engr.uconn.edu/DRM2004/

<>CCS 2004   11th ACM Conference on Computer and Communications Security, Washington, DC, USA, October 25-29, 2004.  [posted here 11/18/03]
 

(See the  call at http:///www.acm.org/sigsac/ccs/CCS2004 for details).

SASC2004 The State of the Art of Stream Ciphers, Novotel Brugge Centrum, Brugge, Belgium, October 14-15, 2004  [posted here 09/07/04]
The cryptographic community is well served by a variety of efficient and trusted block ciphers. Yet there remains only a limited selection of            
trusted, non-proprietary, and royalty-free stream ciphers.  SASC is a  special workshop that aims to provide a more complete understanding of the      
current state of stream cipher design and analysis. Sponsored by the ECRYPT Network of Excellence (http://www.ecrypt.eu.org) SASC will consider the         
current state of stream cipher knowledge. In particular it is hoped to  expose new and existing stream cipher proposals, cryptanalytic tools, and       
design criteria to the wider attention of the cryptographic community.          
 
<>WiSe 2004   Workshop on Wireless Security (in conjunction with MobiCom 2004), Philadelphia, PA, USA, October 1, 2004.  [posted here 1/19/04]
The objective of this workshop is to bring together researchers from research communities in wireless networking, security, applied cryptography, and dependability; with the goal of fostering interaction. With the proliferation of wireless networks, issues related to secure and dependable operation of such networks are gaining importance. Topics of interest include, but are not limited to:
   - Trust establishment
   - Key management in wireless/mobile environments
   - Economic incentives for collaboration
   - Security modeling and protocol design in the context of rational/malicious adversaries
   - Light-weight cryptography, efficient protocols and implementations
   - Intrusion detection, detection of malicious behaviour
   - Revocation of malicious parties
   - Secure PHY/MAC/routing protocols
   - Secure location determination
   - Denial of service
   - Privacy (location, contents, actions)
   - Anonymity, prevention of traffic analysis
   - Dependable wireless networking
   - Monitoring and surveillance
More information can be found at www.ece.cmu.edu/~adrian/wise2004.

VANET2004  First ACM Workshop on Vehicular Ad Hoc Networks (held in conjunction with ACM MobiCom 2004), Loews Philadelphia Hotel, Philadelphia, PA, USA, October 1, 2004. [posted here 5/13/04]
 

Creating high-performance, highly scalable, and secure VANET technologies presents an extraordinary challenge to the wireless research community. Yet, certain limitations commonly assumed in ad hoc networks are mitigated in VANET. For example, VANET may marshal relatively large computational resources. Ample and recharging power sources can be assumed. Mobility patterns are constrained by road paths and driving speed restrictions. VANET represents high resource/performance wireless technology.  As such, VANET can use significantly different approaches than sensor networks. VANET applications will include on-board active safety systems leveraging vehicle-vehicle or roadside-vehicle networking. These systems may assist drivers in avoiding collisions. Non-safety applications include real-time traffic congestion and routing information, high-speed tolling, mobile infotainment, and many others.
We invite papers from researchers on all aspects of vehicular ad hoc networks, such as new applications, networking protocols, security paradigms, network management technologies, power control, modulation, coding, channel modeling, etc. The session will bring together visionary researchers for an exciting exchange of ideas.
 

For more info, please see: http://www.path.berkeley.edu/vanet/
 

SAPS'04 Workshop on Specification and Automated Processing of Security Requirements, Linz, Austria, September 20-25, 2004. [posted here 5/13/04]
                   
 This workshop is being held as part of the 19th IEEE International Conference on Automated Software Engineering.   The exchange of concepts, prototypes, research ideas, and
other results which contribute to the academic arena and also benefit business and industrial communities, is of particular interest.

 Original papers are solicited for submission to the workshop related (but not limited) to the following topics of interest:

- Security requirements specification and analysis
- Formal semantics for security requirements
- Integration of Security engineering into software
  engineering processes
- Automated tools supporting integrated security
  engineering and software engineering processes
- Security in programming languages
- Automatic tools for secure software development
- Automatic analysis/enforcement of security policies
- Definition and analysis of security-related semantic
  models
- Tools for formal analysis of security properties
- Specification, characterisation and integration of
  security components and patterns

For more information, please see:   http://www.lcc.uma.es/SAPS04

NSPW2004   New Security Paradigms Workshop 2004, White Point Beach Resort, Nova Scotia, Canada, September 20-23, 2004. [posted here 3/27/04]
For twelve years the New Security Paradigms Workshop (NSPW) has provided
a stimulating and highly interactive forum for innovative approaches to
computer security. The workshop offers a constructive environment for
experienced researchers and practitioners as well as newer participants
in the field. The result is a unique opportunity to exchange ideas. NSPW
2004 will take place September 20 - 23 at theWhite Point Beach Resort,
located on the southern shore of beautiful Nova Scotia. The resort can
be reached by air via Halifax or by ferry from Portland, Maine.

In order to preserve the small, focused nature of the workshop,
participation is limited to authors of accepted papers and conference
organizers. NSPW is unique in format and highly interactive in
nature. Each paper is typically the focus of 45 to 60 minutes of
presentation and discussion. Authors are encouraged to present ideas that
might be considered risky in some other forum, and all participants
are charged with providing feedback in a constructive manner. The
resulting intensive brainstorming has proven to be an excellent medium
for furthering the development of these ideas. The proceedings, which
are published after the workshop, have consistently benefited from the
inclusion of workshop feedback.

Because we expect new paradigms, we accept wide-ranging topics in
information security. Papers that present a significant shift in
thinking about difficult security issues or builds on a previous shift
are welcomed. Our program committee particularly looks for new paradigms,
innovative approaches to older problems, early thinking on new topics,
and controversial issues that might not make it into other conferences
but deserve to have their try at shaking and breaking the mold.

We welcome three categories of submission: research papers, 5 - 10
page position papers, and discussion topic proposals. Discussion topic
proposals should include an in-depth description of the topic to be
discussed, a convincing argument that the topic will lead to a lively
discussion, and supporting materials. Submissions must be accompanied by
a justification statement (why this is a new paradigm) and an attendance
statement (how many authors expect to attend). All attendees are expected
to stay for the entire duration of the workshop.

Detailed submission information and instructions may be found at
http://www.nspw.org/.

PDCS 2004   International Workshop on Security in Parallel and Distributed Systems (in conjunction with the 17th International Conference on Parallel and Distributed Computing Systems), San Francisco, CA, USA, September 15-17,2004.    [posted here 5/13/04]

In recent years, interest has increased in the field of security of parallel and distributed systems, which include the control mechanisms, mobile code
security, denial-of-service attacks, trust management, modeling of information flow and its application to confidentiality policies, system composition,
and covert channel analysis. We will focus our program on issues related to important properties of system security, such as measurability,
sustainability, affordability, and usability in parallel and distributed systems.  Topics ofinterest include:
. Distributed Access Control and Trust Management
. Key Management and Authentication
. Privacy and Anonymity
. Benchmark and Security Analysis
. Security for Peer to Peer systems and Grid Computing Systems
. Secure Multicast and Broadcast
. Secure multiparty and two-party computations
. Computer and Network Forensics
. Denial-of-service Attacks and Countermeasures
. Secure E-Commerce/E-Business
. Security Verification
. Distributed Database Security
. Digital Rights Management
. Secure Mobile Agents and Mobile Code
. Intrusion detection
. Security in ad-hoc and sensor networks
. World Wide Web Security

More information can be found at the conference web site at http://securityworkshop.ece.iastate.edu

RAID'2004   Seventh International Symposium on Recent Advances in Intrusion Detection, Institut Eurécom, Sophia-Antipolis, French Riviera, France, September 15-17, 2004. [posted here 12/11/03]
For RAID 2004 there is a special theme: the interdependence between intrusion detection and society. Thus, we will also welcome papers that address issues that arise when studying intrusion detection, including information gathering and monitoring, as a part of a larger, not necessarily purely technical, perspective. The RAID 2004 program committee invites three types of submissions: full papers presenting mature research results; practical experience reports describing a valuable experience or a case study; and panel proposals for presenting and discussing hot topics in intrusion detection systems. The RAID 2004 web site elaborates on these themes and also provides a full list of topics of interest (http://raid04.eurecom.fr)


ESORICS 2004   9th European Symposium on Research in Computer Security, Institut Eurécom, Sophia-Antipolis, French Riviera, France, September 13-15, 2004.   [posted here 12/21/03]
Papers offering novel research contributions in any aspect of computer security are solicited for submission to ESORICS 2004. Organized in a series of European countries, ESORICS is confirmed as the European research event in computer security. The primary focus is on high-quality original unpublished research, case studies and implementation experiences. We encourage submissions of papers discussing industrial research and development. Information on topics of interest, and instructions for submitting a paper can be found at http://esorics04.eurecom.fr.

 

SCN'04 Fourth Conference on Security in Communication Networks,Amalfi, Italy, September 8-10, 2004. [posted here 5/13/04]
 

The Fourth Conference on Security in Communication Networks (SCN '04) will be held in Amalfi (Italy) on September 8-10 2004. SCN '04 aims at bringing
together researchers in the field of security in communication networks to foster cooperation and exchange of ideas. Original papers on all technical
aspects of cryptology  and network security are solicited for submission to SCN04. Topics of interest are (but not limited to):

    Anonymity                                             Implementations
    Authentication                                       Key Distribution
    Block Ciphers                                        Operating Systems Security
    Complexity-based Cryptography      Privacy
    Cryptanalysis                                         Protocols
    Digital Signatures                                 Public Key Encryption
    Hash Functions                                     Secret Sharing
    Identification                                        Survey and state of the art

For more information, please see http://www.dia.unisa.it/conferences/SCN04/

 

Trustbus'04   Trust and Privacy in Digital Business, Zaragoza, Spain, August 30 - September 3, 2004.   [posted here 12/21/03]
The First International Conference on Trust and Privacy in Digital Business (TrustBus’04) will be held in conjunction with the 15th International Conference on Database and Expert Systems Applications (DEXA'04), (http://dexa.org/dexa2004/). TrustBus’04 shall bring together researchers from different disciplines, developers, and users all interested in the critical success factors of digital business systems. We invite papers, work-in-progress reports, industrial experiences describing advances in all areas of digital business applications. A complete list of topics of interest and instructions for submitting a paper can be found on the conference web site at http://www-ifs.uni-regensburg.de/trustbus04/

SecCo2004 2nd International Workshop on Security Issues in Coordination Models, Languages and Systems,  London, United Kingdom. August 30, 2004. [posted here 5/13/04]

Coordination models,  languages  and  middlewares,  which  advocate  a distinct separation between the internal behaviour of the entities and
their interaction, represent a promising approach. However, due to the openness of these systems, new critical aspects come into  play,  such
as the need to deal  with  malicious  components  or  with  a  hostile environment. Current research on network security issues (eg. secrecy,
authentication,  etc.)  usually   focuses   on  opening  cryptographic point-to-point tunnels. Therefore, the proposed solutions in this area
are  not  always  exploitable   to   support   the  end-to-end  secureinteraction between entities  whose  availability  or  location is not
known beforehand.
 

Topics of interest include, but are not limited to:

      Theoretical foundations, specification, analysis,  case-studies,
      applications for

      authentication                               coordination models
      integrity                                         web service technology
      privacy                                           mobile ad-hoc networks
      confidentiality                              agent-based infrastructures
      access control           -in-               peer-to-peer systems
      denial of service                            global computing
      service availability                      context-aware computing
      safety aspects                                component-based systems
      fault tolerance                              ubiquitous/pervasive computing
 

For more information, please see:   http://cs.unibo.it/secco04

VLDB2004 Workshop "Secure Data Management in a Connected World", Royal York Hotel, Toronto, Canada, August 30, 2004.  [posted here 5/13/04]
 

Aim of the workshop is to bring together people from the security research community and data management research community in order to
exchange ideas on the secure management of data in the context of emerging networked services and applications. The workshop will provide
forum for discussing practical experiences and theoretical research efforts that can help in solving these critical problems in secure data
management. Authors from both academia and industry are invited to submit papers presenting novel research on the topics of interest.

Topics of interest include (but are not limited to) the following:
- Data Hiding
- Secure Storage
- Secure Data Management in File Systems
- Digital Rights Management
- Data Encryption
- Search on Encrypted Data
- Metadata and Security
- XML Security
- Multimedia Security and Privacy
- Authorization and Access Control Techniques
- Security and Privacy Management
- Privacy Enhanced Data Management (indexing, access control)
- Private Information Retrieval
- User Profiling and Privacy
- Privacy Preserving Data Mining
- Statistical Database Security
- Security and Privacy Requirements for Ambient Applications
- Information Dissemination Control
- Protection of Personally Identifiable Information

For further info, please see http://www.extra.research.philips.com/sdm-workshop/
 

CSES 2004   2nd International Workshop on Certification and Security in Inter-Organizational E-Services, Toulouse, August 26-27, 2004. [posted here 3/27/04]
The workshop is within IFIP-WCC 2004, the 18th World Computer Congress of the IFIP. This is a uniquely rich event featuring a variety of
initiatives on key issues in Information Technology.  For more information on it see http://www.wcc2004.org/.

Topics of interest include (but are not limited to):
- Traceability in e-services
- Certification in e-services
- Methods for guaranteeing non-repudiation in e-services
- Authentication and encryption in e-services
- Public Key Infrastructures
- Certification Authorities and management of trust
- Authorization and access control models for e-services
- Certification and security for mobile access to e-services
- User and e-service profiling
- Security and certification issues in GRID computing
- Risks analysis methods (new approaches and experiences)
- Risks through interception and tracking technologies
- Algorithmic issues in providing secure and certified e-services
- Information flow issues
- Firewall technology and e-services
- Administration and management of safeguards
- Security middleware solutions
- Web Services, certification and security
- Secure electronic markets
- Messaging Security in e-services
- Web Security in e-services
- Security Issues in e-Services
- Multilateral Security
- Network Protocol Security
- Users' security responsibilities
- Protecting users/usees by Privacy-Enhancing Technologies
- Critical Information Infrastructure Protection and Social Implications
- Organizational issues in implementing security measures

Submissions describing real-life application experiences, research
results and methodological proposals are solicited, from participants
belonging to the governmental, industrial and academic communities.

For more information, see the web page at: http://www.nestor.uniroma2.it/cses2004.htm

ICETE 2004   International Conference on E-business and Telecommunication Networks, Setúbal, Portugal, August 25-28, 2004.  [posted here 7/28/03]
Topics of interest include: Global Communication Information Systems and Services; Security and Reliability in Information Systems and Networks; Wireless Communication systems and Networks; and Multimedia Signal Processing. More information can be found at www.icete.org, or contact the ICETE secretariat at secretariat@icete.org.
 

CARDIS 2004   The 6th Smart Card Research and Advanced Application IFIP Conferencet, Toulouse, France, (as part of the 18th IFIP World Computer Congress), August 23-26, 2004.  [posted here 1/25/04]
The program committee seeks papers describing the design, development,
application, and validation of smart card technologies. Submissions across
a broad range of smart card development phases are encouraged, from
exploratory research and proof-of-concept studies to practical application
and deployment of smart card technology.

 Topics of interest include, but are not limited to:
  - Smart Device, Person Representation and Ambient Intelligence
  - Smart Device, Identity, Privacy and Trust
  - Smart Card and Smart Device software (OS, VM, API...)
  - High-level data model and management (On-card data sharing schemes...)
  - Integrated development environments (automatic mask & application generation)
  - (Distributed) Application development and deployment
  - Emerging opportunities for standardization
  - From Smart Card to Smart Device (hardware, form factor, display...)
  - Biometrics and Smart Cards
  - High-speed, small-footprint encryption
  - Cryptographic accelerators  
  - Cryptographic protocols for Smart Cards (and Smart Devices)
  - Attacks and countermeasures in hardware and software 
  - Hardware, software and service (application) validation and certification
  - Formal Modelling  
  - Benchmarking  
  - Smart Card (Smart Device) and Applications in Internet, WLAN, DRM,...

More information can be found at www.sec2004.org.

IFIP/Sec 2004   The 19th IFIP International Information Security Conference (IFIP/Sec 2004), Centre de Congrès Pierre Baudis, Toulouse, France, (as part of the 18th IFIP World Computer Congress), August 23-26, 2004.  [posted here 1/25/04]

Papers offering novel research contributions in any aspect of computer
security are solicited for submission to the 19th IFIP International
Information Security Conference. Papers may present theory, applications
or practical experiences on topics including, but not limited to:
     - Accounting and auditing       - Multilateral security
    - Authentication                         - Data and system integrity
    - Data protection                        - Authorization and access control
    - Privacy, Anonymity                - Security models and architectures
    - Computer Forensics                - Risk analysis and risk management
    - Internet and www security     - Secure e-government
    - Information hiding                   - e-business/e-commerce security
    - Information security                - Secure information systems development
    - Intrusion detection                  - Security management
    - Assurance                                 - Security verification
    - Key management                     - Commercial and industrial security
    - Security policies                         - Mobility and ubiquitous systems
    - DRM & Content Protection      - Information warfare and Critical Infrastructure Protection

More information can be found at www.sec2004.org.
<>
I-NetSec04   Third Working Conference on Privacy and Anonymity Issues in Networked and Distributed Systems (special track at the 19th IFIP International Information Security Conference), Toulouse, France, August 23-26, 2004.  [posted here 12/9/03]

Privacy and anonymity are increasingly important aspects in electronic services. The workshop will focus on these aspects in advanced distributed applications, such as m-commerce, agent-based systems, P2P, ... Suggested topics include, but are not restricted to:
   - Models for threats to privacy/anonymity
   - Models and measures for privacy/anonymity
   - Secure protocols that preserve privacy/anonymity
   - Privacy, anonymity and peer-to-peer systems
   - Privacy, anonymity and mobile agents
   - Privacy/anonymity in payment systems
   - Privacy/anonymity in pervasive computing applications
   - Anonymous communication systems
   - Legal issues of anonymity
   - Techniques for enhancing privacy in existing systems
More information can be found at www.sec2004.org.


WISA 2004 The 5th International Workshop on Information Security Applications, Ramada Plaza,
Jeju Island, Korea, August 23-25, 2003.  [posted here 3/27/04]
The 5th International Workshop on Information Security Applications (WISA 2004)
will be held in Jeju Island, Korea on August 23-25, 2004. It is sponsored by
the Korea Institute of Information and Cryptology (KIISC), Electronics &
Telecommunications Research Institute (ETRI), and Ministry of Information and
Communication (MIC). The focus of this workshop is on all technical and
practical aspects of cryptographic and non-cryptographic security applications.
The workshop will serve as a forum for new results from the academic research
community as well as from the industry.

The areas of interest include, but are not limited to:

* Internet & Wireless Security                            * Cyber Indication & Intrusion Detection
* E-Commerce Protocols                                     * Smart Cards & Secure Hardware
* Access Control & Database Security             * Mobile Security
* Biometrics & Human Interface                        * Privacy & Anonymity
* Network Security Protocols                             * Public Key Crypto Applications
* Security & Trust Management                         * Threats & Information Warfare
* Digital Rights Management                             * Virus Protection
* Secure Software & Systems                             * Ubiquitous Computing Security
* Information Hiding                                            * Peer-to-Peer Security

More information can be found at http://dasan.sejong.ac.kr/~wisa04

CHES 2004   Cryptographic Hardware and Embedded Systems, Cambridge (Boston), USA, August 11-13,2004.  [posted here 12/9/03]
The focus of this workshop is on all aspects of cryptographic hardware and security in embedded systems. Of special interest are contributions that describe new methods for efficient hardware implementations and high-speed software for embedded systems, e.g., smart cards, microprocessors, DSPs, etc. We hope that the workshop will help to fill the gap between the cryptography research community and the application areas of cryptography. The topics of CHES 2004 include but are not limited to:
  - Computer architectures for public-key and secret-key cryptosystems
  - Efficient algorithms for embedded processors
  - Reconfigurable computing in cryptography
  - Cryptographic processors and co-processors
  - Cryptography in wireless applications (mobile phone, LANs, etc.)
  - Security in pay-TV systems
  - Smart card attacks and architectures
  - Tamper resistance on the chip and board level
  - True and pseudo random number generators
  - Special-purpose hardware for cryptanalysis
  - Embedded security
  - Device identification
More information can be found at www.chesworkshop.org.
 

CEAS   The First Conference on Email and Anti-Spam, Mountain View, CA, USA, July 30-31, August 1, 2004. [posted here 1/10/04]
The Conference on Email and Anti-Spam invites the submission of papers for its first meeting, held in cooperation with AAAI (the American Association for Artificial Intelligence). Papers are invited on all aspects of email and spam, including research papers (Computer science oriented academic-style research), industry reports (Descriptions of important or innovative products), and law and policy papers. A full list of topics can be found on the conference web site at www.ceas.cc.

IFIP WG 11.3   18th Annual IFIP WG 11.3 Working Conference on Data and Application Security, Sitges, Spain, July 25-28, 2004.  [posted here 10/14/03]
The conference provides a forum for presenting original unpublished research results, practical experiences, and innovative ideas in data and applications security. Papers and panel proposals are solicited. The conference is limited to about forty participants so that ample time for discussion and interaction may occur. Papers may present theory, technique, applications, or practical experience on topics of interest of IFIP WG11.3:
   - Techniques and methodologies for data and application security
   - Threats, vulnerabilities, and risk management
   - Web application security
   - Secure Semantic Web technologies and applications
   - Privacy
   - Secure information integration
   - Security planning and administration
   - Security assessment methodologies
   - Access Control
   - Integrity maintenance
   - Knowledge discovery and privacy
   - Cryptography
   - Concurrency control
   - Sensor information management
   - Fault-tolerance/recovery methods
   - Organizational security
   - Security tradeoffs
Additional topics of interest include but not limited to: Critical Infrastructure Protection, Cyber Terrorism, Information Warfare, Intrusion Protection, Damage assessment and repair, Database Forensics, and Electronic Commerce Security. More information can be found at http://seclab.dti.unimi.it/~ifip113/2004/.

WOLFASI    Workshop on Logical Foundations of an Adaptive Security Infrastructure
(WOLFASI), a sub-workshop of the Logic in Computer Science (LICS) Foundations of Computer Security (FCS'04) Workshop, Turku, Finland, July 12-13, 2004. [posted here 3/27/04]
It was felt that the field of adaptive security is sufficiently
well-defined, sufficiently important, and sufficiently of current
interest to warrant a special session of its own in the framework of
FCS.  The Workshop on Logical Foundations of an Adaptive Security
Infrastructure deals with the logical underpinnings of the following
scenario:

A distributed computer system operates in a semi-autonomous mode,
serving as a communications network, with nodes that perform control
functions pertaining to the network and to local hardware devices.
During a period of critical operation, the system detects an intrusion
attempt in some nodes, along with a power glitch at other nodes, and
an intelligence report about an increase in a certain type of
threat. This information is analyzed and various responses are
executed: dealing with the perceived intrusion, rerouting network
traffic around suspect nodes, adjusting the power allocation,
adjusting the crptographic strength of certain message authentication
functions, etc. This set of executed responses is chosen to best
achieve the desired result, within the confines of the security
policy, as currently re-evaluated, at the appropriate time, and with
currently available resources.

Papers are solicited in this context, for more details, see:  http://www.aero.org/wolfas
 

FCS 2004   Foundations of Computer Security Workshop, Turku, Finland, July 12-13, 2004. [posted here 1/25/04]
The aim of this workshop is  to provide a forum for continued activity in this area,  to bring computer security researchers  in contact with the  LICS'04 and  ICALP'04 communities,  and  to give  LICS and  ICALP attendees an opportunity to talk to experts in computer security. We are interested both in new results in theories of computer security and also in more exploratory presentations that examine open questions and raise  fundamental concerns  about  existing theories. 

Topics include, but are not limited to:

Composition issues                      authentication
Formal specification                     availability and denial of service
Foundations of verification         covert channels
Information flow analysis            cryptographic protocols
Language-based security             confidentiality
Logic-based design            for     integrity and privacy
Program transformation               intrusion detection
Security models                            malicious code
Static analysis                               mobile code
Statistical methods                       mutual distrust
Trust management                        security policies

For more details, see:  http://www.cs.chalmers.se/~andrei/FCS04/.