Contents
ICDCIT 2005
2nd International Conference on Distributed Computing & Internet Technology,
Bhubaneswar, India, December 22-24, 2005.
[posted here 3/21/05]
Mobile communication and Internet technology together have played key role in
connecting people across the globe for sharing and trading information.
This information globalization has forced us to think about the integration of
applications running at geographically dispersed locations. The spin off of
these developments have led to some interesting and serious
research on issues pertaining to distributed computing,
web services, system security and software engineering. ICDCIT
series is a forum for interactions of researchers working in the above mentioned areas.
For more information, please see
http://www.cse.iitk.ac.in/~rkg/ICDCIT05/.
CISC 2005
SKLOIS Conference on Information Security and Cryptology,
Beijing, China, December 15-17, 2005. [posted here 4/22/05]
The SKLOIS conference on information security and cryptology seeks full papers presenting
new research results related to cryptology, information security and their applications.
Areas of interest include, but are not limited to:
- Access Control
- Authentication and Authorization
- Biometric Security
- Distributed System Security
- Database Security
- Electronic Commerce Security
- Intrusion Detection
- Information Hiding and Watermarking
- Key Management and Key Recovery
- Network Security
- Security Protocols and Their Analysis
- Security Modeling and Architecture
- Provable Security
- Multiparty Security Computation
- Foundations of Cryptography
- Secret Key and Public Key Cryptosystems
- Implementation of Cryptosystems
- Hash Functions and MAC
- Modes of Operation
- Intellectual Property Protection
- Mobile System Security
- Operating System Security
- Risk Evaluation and Security Certification
- Malicious Codes and Prevention
For more information, please see
http://www.is.iscas.ac.cn/cisc/index.htm.
CANS 2005
4th International Conference on Cryptography and Network Security,
Xiamen, Fujian Province, China, December 14-16, 2005.
[posted here 4/22/05]
The main goals of this conference are to promote research on all aspects of network security and
to build a bridge between research on cryptography and network security. So, we welcome scientific
and academic papers that focus on this multidisciplinary area. Topics of interest include:
- Denial of Service
- Intrusion Detection
- Router Security
- Spam
- Spyware
- Scanning
- WWW Security
- Anonymity and internet voting
- Broadcast and Multicast Security
- DNS Security
- Firewalls
- Information Hiding
- International Standards
- (IP) Spoofing
- PKI
- Secure E-Mail
- Secure protocols, (SSH, SSL, ...)
- Security of Ad Hoc Networks
- Session Hijacking
- Virtual Private Networks
- Wireless Security
- cryptology
For more information, please see
http://math.fjnu.edu.cn/cans.
SISW 2005
3rd International IEEE Security in Storage Workshop,
Held in conjunction with the 4th USENIX Conference on File and Storage Technologies (FAST 2005),
San Francisco, CA, USA, December 14-16, 2005.
[posted here 7/10/05]
The workshop seeks submissions from academia and industry presenting novel research
on all theoretical and practical aspects of designing, building and managing secure
storage systems; possible topics include, but are not limited to the following:
- Cryptographic Algorithms for Storage
- Cryptanalysis of Systems and Protocols
- Key Management for Sector and File based Storage Systems
- Balancing Usability, Performance and Security concerns
- Unintended Data Recovery
- Attacks on Storage Area Networks and Storage
- Insider Attack Countermeasures
- Security for Mobile Storage
- Defining and Defending Trust Boundaries in Storage
- Relating Storage Security to Network Security
- Database Encryption
- Search on Encrypted Information
For more information, please see
http://ieeeia.org/sisw/2005/index.htm.
ICICS 2005
7th International Conference on Information and Communications Security,
Beijing, China, December 6-9, 2005. [posted here 5/23/05]
Original papers are solicited for submission to the Seventh International Conference
on Information and Communications Security (ICICS'05). ICICS aims to bring together
individuals involved in multiple disciplines of information and communications
security to foster exchange of ideas. Areas of interest include, but are not limited to:
- Access control
- Anti-Virus and Anti-Worms
- Anonymity, Authentication and Authorization
- Biometric Security
- Data and System Integrity
- Database Security
- Distributed Systems Security
- Electronic Commerce Security
- Fraud Control
- Grid Security
- Information Hiding and Watermarking
- Intellectual Property Protection
- Intrusion detection
- Key Management and Key Recovery
- Language-based Security
- Operating System Security
- Network Security
- Risk Evaluation and Security Certification
- Security for Mobile Computing
- Security Models
- Security Protocols
- Trusted Computing
For more information, please see
http://www.icics2005.org/.
AXMEDIS 2005
1st International Conference on Automated Production of Cross Media Content
for Multi-channel Distribution,
Florence, Italy, November 30-December 2, 2005. [posted here 3/9/05]
This event seeks to promote discussion and interaction between researchers,
practitioners, developers and users of tools, technology transfer experts, and
project managers. AXMEDIS-2005 will bring together a variety of participants from
the academic, business and industrial worlds, to address different technical and
commercial issues. Particular interests include the exchange of concepts, prototypes,
research ideas, industrial experiences and other results. The conference focuses on
the challenges in the cross-media domain (including production, protection, management,
representation, formats, aggregation, workflow, distribution, business and transaction
models), and the integration of content management systems and distribution chains,
with particularly emphasis on the reduction of costs and solutions for complex
cross-domain problems.
Topics of interest include, but are not restricted to, the following aspects:
- Automatic cross-media production, gathering, crawling, composition, formatting, P2P, etc.
- Formats and models for multi-channel content distribution
- Multimedia standards such as MPEG-7, MPEG-21, DMP, etc.
- Legal aspects related to digital content
- High quality Audio Video Coding
- Multimedia Music representation and formatting
- Watermarking and fingerprinting techniques
- GRID and Distributed systems for Content production
- Multimedia Middleware
- Workflow management systems
- Web services for content distribution
- Distribution with P2P architectures
- Semantic Web and P2P
- Collecting and clearing of rights and licenses
- Formats and tools for Content Aware
- Archives managements for cultural and educational applications
- Digital Rights Management (DRM), models and tools, and interoperability
- Synchronisation technologies and solutions
- Business and transaction models
- Systems and approaches for content production/distribution on demand
- Digital Content User Interface
- Digital Content accessibility
- Payments model
- Novel applications and case-studies of relevant technologies
For more information, please see
http://www.axmedis.org/axmedis2005/call4papers.html.
PSDM 2005
Privacy and Security Aspects of Data Mining,
Held in Conjunction with 2005 IEEE International Conference on Data Mining,
New Orleans, Louisiana, USA, November 27, 2005.
[posted here 7/31/05]
The aim of this workshop is to address issues of privacy and security
in data mining, synergize different views of techniques and policies,
and brainstorm future research directions. Although techniques, such
as random perturbation techniques, secure multiparty computation based
approaches, cryptographic-based methods, and database inference
control have been developed, many of the key problems still remain
open in this area. Especially, new privacy and security issues have
been identified, and the scope of this problem has been expanded. How
does the privacy and security issue affect the design of data mining
algorithm? What impacts will this research impose on diverse areas of
counter-terrorism, distributed computation, and privacy law
legislation? We encourage researchers with interest in the areas of
privacy and security as well as data mining and machine learning to
attend the workshop.
- Access control techniques and secure data models
- Cryptographic tools for privacy preserving data mining
- Secure learning algorithms for randomized/perturbed data
- Privacy preserving multi-party data mining
- Trust management for data mining
- Inference/disclosure related data mining
- Privacy protection in E-Commerce
- Privacy laws for fraud detection and for protecting personal data, medical data, and
the public release of data
- Secure link analysis and social network analysis
- Data mining applications for terrorist detection
- Privacy enhancement technologies in web environments
- Privacy guarantees and usability of perturbation and randomization techniques
- Analysis of confidentiality control methods
- Privacy policy analysis
- Privacy preserving data integration
- Privacy policy infrastructure
- Privacy preserving query systems
- Identify theft protection
For more information, please see
http://www.site.uottawa.ca/~zhizhan/ppdmworkshop2005/psdm05.
Tencon 2005
IEEE International Region 10 Conference,
Melbourne, Australia, November 21-24, 2005.
[posted here 9/7/05]
Tencon’05 is an international technical conference sponsored by
IEEE Region 10 to be held in Melbourne Australia from 21 – 24
November 2005. Its goal is to provide an international forum
for specialist presentations, discussions and interactions.
Tencon'05 themes not only include extensive coverage of topics
in computing, communications, signal processing and power
engineering, but Tencon'05 has also extended its scope to
include pertinent issues in technology and society, such as
biomedical engineering, legal, privacy and security issues.
For more information, please see
http://www.tencon2005.org/.
CNIS 2005
The IASTED International Conference on Communication, Network, and Information Security,
Phoenix, AZ, USA, November 14-16, 2005. [posted here 5/23/05]
Modern communication systems demand everyday security, both at home and work. While email,
online shopping, and pervasive computing allow increased information sharing, they also
provide an avenue for malicious attackers to negate our privacy and alter our information.
The IASTED International Conference on Communication, Network and Information Security
(CNIS 2005) will bring together industry leaders and academic pioneers from several
disciplines to further understand the direction that security is headed, and the methods
that will be used to get there. This conference is for both builders and users of modern
communication systems. Topics of interest include, but are not limited to:
Communication Security:
- Access Control
- Authentication
- Cryptographic Protocols and Application
- Digital Signatures
- Disaster Protocols
- Hash Functions
- Warning Systems
Network Security:
- Computer/Network Disaster Recovery
- Global Security Architectures and Infrastructures
- Hacking and Intrusion Detection
- Secure Deletion
- Secure Email
- Spam
- Viruses and Worms
- Web Security
- WiFi Spying/Sniffing
- Wireless Privacy
- Wireless Security
- Virtual Private Networks
Information Security:
- Biometrics
- Digital Rights Management
- Digitally Embedded Signatures
- DNA, Fingerprint, Iris, and Retina Scanning
- Identity Theft
- Information Hiding
- Legal and Regulatory Issues in Communication
- Operating System Security
- Plagiarism
- Privacy and Confidentiality
- Software Security
- Spyware
- Standards
- Watermarking
For more information, please see
http://www.iasted.org/conferences/2005/phoenix/cnis.htm.
SWS 2005
Workshop on Secure Web Services,
Held in conjunction with the 12th ACM Conference on Computer and Communications Security (CCS 2005),
Fairfax, VA, USA, November 11, 2005.
[posted here 6/14/05]
Basic security protocols for Web Services, such as XML Security, the WS-*
series of proposals, SAML, and XACML are the basic set of building blocks
enabling Web Services and the nodes of GRID architectures to interoperate
securely. While these building blocks are now firmly in place, a number of
challenges are still to be met for Web services and GRID nodes to be fully
secured and trusted, providing for secure communications between cross-platform
and cross-language Web services. Also, the current trend toward representing
Web services orchestration and choreography via advanced business process
metadata is fostering a further evolution of current security models and
languages, whose key issues include setting and managing security policies,
inter-organizational (trusted partner) security issues and the implementation
of high level business policies in a Web services environment. The SWS workshop
explores these challenges, ranging from the advancement and best practices of
building block technologies such as XML and Web services security protocols
to higher level issues such as advanced metadata, general security policies,
trust establishment, risk management, and service assurance.
Topics of interest include, but are not limited to, the following:
- Web services and GRID computing security
- Authentication and authorization
- Frameworks for managing, establishing and assessing inter-organizational trust relationships
- Web services exploitation of Trusted Computing
- Semantics-aware Web service security and Semantic Web Secure orchestration of Web services
- Privacy and digital identities support
For more information, please see
http://ra.crema.unimi.it/sws05/.
DIM 2005
Workshop on Digital Identity Management,
Held in conjunction with the 12th ACM Conference on Computer and Communications Security (CCS 2005),
Fairfax, VA, USA, November 11, 2005.
[posted here 6/14/05]
Digital identity management is becoming an integral part of our lives and businesses
as more and more of the online interactions in which we participate depend on
networked computer systems communicating potentially sensitive identity information
across personal, company, and enterprise boundaries. Conversely, the abuse of digital
identities (e.g. identity theft, eavesdropping, hacking, profiling, etc) poses an
increasing threat to both our privacy and finances - thereby affecting society’s
collective confidence in online interactions.
The goals of this workshop are to explore the frontier of digital identity
management, from theoretical analysis to real-world experience, to share
the knowledge obtained to date, and to propose an agenda for further
research. Participants from industry as well as academia are welcome
and encouraged to participate. We invite you to submit a paper that deals
with the emerging challenges of this new frontier of identity management.
The possible list of topics includes but is not limited to:
- Identity federation
- Best practices for privacy-respecting SSO
- Identity life cycle management
- Privacy policy specification and enforcement
- Strong authentication and identity theft
- Trust and governance – P2P or centralized
- Collective identity
- Identity management in vertical areas (e.g. mobile, government and healthcare)
- Interoperability between different protocols/standards
- Identity referencing
- Privacy in geolocation services
- Pseudonymity vs anonymity
- Credential management
- Usability in identity management
For more information, please see
http://www2.pflab.ecl.ntt.co.jp/dim/.
StorageSS 2005
The Storage Security and Survivability Workshop,
Held in conjunction with the 12th ACM Conference on Computer and Communications Security (CCS 2005),
Fairfax, VA, USA, November 11, 2005. [posted here 3/25/05]
There has been an evolution of protection solutions mirrored in both
the security and survivability research communities: (1) from physical
protection solutions targeting people, (2) to system protection solutions
targeting networked-systems, (3) and now the new emerging paradigm of
information-centric solutions targetting the data itself. This workshop
focuses on stimulating new ideas in order to reshape storage protection
strategies. Clearly storage security and survivability is a complex,
multi-dimensional problem with dynamics over time so a large variety of
approaches may be appropriate including prevention, monitoring,
measurements, mitigation, and recovery.
We bring Storage-SS to the ACM CCS 2005 Conference to foster a greater
exchange between computer protection researchers/professionals and
computer storage researchers/professionals. In this vein, we seek
submissions from both research and industry presenting novel ideas on all
theoretical and practical aspects of protecting storage systems.
Specifically we seek submissions in two types distinct paper categories:
Regular Paper (12 page maximum) and Work-In-Progress/Short Paper (6 page
maximum). A list of potential topics includes but is not limited to the
following:
- storage protection tradeoffs
- storage protection deployment (including case studies)
- smart storage for security/survivability
- analysis of covert storage channels
- storage leak analysis
- mobile storage protection
- novel backup protection techniques
- storage versioning protection techniques
- storage encryption techniques (both key mgmt and crypto algorithms)
- tamper-evident storage protection techniques
- immutable storage protection techniques
- storage threat models
- storage intrusion detection systems
- storage area network (SAN) security/survivability
- security/survivability for storage over a distance
- security/survivability with Internet storage service providers
- storage security/survivability in an HPC environment
For more information, please see
http://www.ncassr.org/projects/storage-sec/storageSS-2005/.
WORM 2005
3rd Workshop on Rapid Malcode (WORM),
Held in conjunction with the 12th ACM Conference on Computer and Communications Security (CCS 2005),
Fairfax, VA, USA, November 11, 2005.
[posted here 2/27/05]
In the last several years, Internet-wide infectious epidemics have emerged as
one of the leading threats to information security and service availability.
The vehicles for these outbreaks, malicious codes called "worms", take advantage
of the combination of software monocultures and the uncontrolled Internet communication
model to quickly compromise large numbers of hosts. Such worms are increasingly being
used as delivery mechanisms for various types of malicious payloads, including
remote-controlled "zombies", spyware and botnets. Recent incidents have also reveals
the use of new propagation techniques as well as the use of worms to target small
user communities or specific applications. Current operational practices have not
been able to manage these threats effectively.
This workshop continues the efforts of the previous years to provide a forum
to bring together ideas, understanding and experiences bearing on the worm
problem from a wide range of communities, including academia, industry and
the government. We are soliciting papers from researchers and practitioners
on subjects including, but not limited to:
- Automatic detection and characterization
- Reactive countermeasures
- Proactive defenses
- Threat assessment
- Email and web-based malcode
- Measurement studies
- Testbeds & evaluation
- Reverse engineering
- Significant operational experiences
- Surveys of the field
- Analysis of worm construction, current & future
- Modeling and analysis of propagation dynamics
- Forensic methods of attribution
- The combination of different types of malware
For more information, please see
http://www1.cs.columbia.edu/~angelos/worm05/.
FMSE 2005
3nd ACM Workshop on Formal Methods in Security Engineering From Specifications to Code,
Held in conjunction with the 12th ACM Conference on Computer and Communications Security (CCS 2005),
Fairfax, VA, USA, November 11, 2005. [posted here 4/18/05]
Information security has become a crucial concern for the commercial
deployment of almost all applications and middleware. Despite this
commonly recognized fact, the incorporation of security requirements
in the software development process is not yet well understood. The
deployment of security mechanisms is often done in an ad-hoc manner
only, without a formal security specification, often without a
thorough security analysis and almost necessarily without a formal
security validation of the final product. That is, a process is
lacking for making the transition from high-level security models and
policies through development to code.
We aim to bring together researchers and practitioners from both the
security and the software engineering communities, from academia and
industry, who are working on applying formal methods to designing and
validating large-scale systems. We are seeking submissions addressing
foundational issues in:
- security specification techniques
- formal trust models
- combination of formal techniques with semi-formal techniques like UML
- formal analyses of specific security properties relevant to software development
- security-preserving composition and refinement of processes
- faithful abstractions of cryptographic primitives and protocols in process abstractions
- integration of formal security specification, refinement and
validation techniques in development methods and tools
For more information, please see
http://www.ti.informatik.uni-kiel.de/~kuesters/FMSE05/.
ISSRE 2005
16th IEEE International Symposium on Software Reliability Engineering (ISSRE 2005),
Chicago, Illinois, USA, November 8-11, 2005. [posted here 3/9/05]
ISSRE focuses on the theory and practice of Software Reliability Engineering.
The conference scope includes techniques and practices to (1) verify and validate
software, (2) estimate and predict its dependability, and (3) make it more tolerant/robust
to faults. The major theme for this year's conference is Developing High Reliability for
Ubiquitous Mobile Applications. Topics of interest include, but are not limited to, the following:
- Software reliability models
- Practice of reliability modeling
- Software architecture reliability
- Software safety analysis
- Formal reliability assurance methods
- Model-based verification and validation
- Software testing and verification
- Software test effectiveness
- Empirical reliability studies
- Reliability measurement
- Tools and automation
- Fault-tolerant and robust software
- Security testing
- Quantitative characterization of security
- Software certification
- Internet reliability engineering
- End-to-end dependability
- Dependable web services
- Quality of network service
- Dependability and performance of mobile applications
- Dependability of electronic commerce applications
- Dependability and QoS of distributed applications
- Dependability of adaptive and autonomous systems
- Distributed test environments for mobile applications
- Operational profiles of mobile user populations
- Integration of RF propagation models with end-to-end reliability models
- Automatic and in-situ RF survey and monitoring
- Collection and interpretation of end-to-end quality of service metrics
- Reliability modeling and testing of handset power management and provisioning,
mobile ad hoc networks (MANETs), high-latency (satellite) channels with mobile ground stations,
bandwidth-intensive (e.g., video) mobile applications, mobile PAN, LAN, MAN, or WAN over WiFi,
WiMax, GSM, or CDMA, integrated WiFi, WiMax, GSM, CDMA, VOIP, multi-stack (e.g.
WiFi and GSM) failure modes
For more information, please see
http://rachel.utdallas.edu/issre.
WSNS 2005
2005 International Workshop on Wireless and Sensor Networks Security,
Held in conjunction with the 2nd IEEE International Conference on
Mobile Ad-hoc and Sensor Systems (MASS 2005),
Washington DC, USA, November 7-10, 2005.
[posted here 5/12/05]
Wireless networks have experienced an explosive growth during the last few years.
Nowadays, there is a large variety of networks spanning from the well-known cellular
networks to non-infrastructure wireless networks such as mobile ad hoc networks and
sensor networks. This workshops aims to bring together researchers and practitioners
from wireless and sensor networking, security, cryptography, and distributed computing
communities, with the goals of promoting discussions and collaborations. We are
interested in novel research on all aspects of security in wireless and sensor
networks and tradeoff between security and performance such as QoS, dependability,
scalability, etc. We are seeking papers that describe original and unpublished
contributions addressing various aspects of secured wireless/sensor networks.
Topics of interest include, but are not limited to:
- Authentication and Access Control
- Cryptographic Protocol
- Experimental Studies
- Key Management
- Information Hiding
- Intrusion Detection and Response
- Privacy and Anonymity
- Secure Localization and Synchronization
- Security and Performance tradeoff
- Security Policy and Enforcement Issues
- Security Protocols Design, Analysis and Verification
- Secure Routing/MAC
- Surveillance and Monitoring
- Trust Management
For more information, please see
http://www.cs.wcupa.edu/~zjiang/wsns05.htm.
SADFE 2005
1st International Workshop on Systematic Approaches to Digital Forensic Engineering,
Taipei, Taiwan, November 7-10, 2005. [posted here 5/12/05]
The SADFE (Systematic Approaches to Digital Forensic Engineering) International
Workshop is intended to further the advancement of computer forensic engineering
by promoting innovative & leading-edge systematic approaches to cyber crime
investigation. The workshop brings together top digital forensic researchers,
advanced tool/product builders, and expert law enforcement from around the world
for information exchange and R&D collaboration.
SADFE 2005 solicits broad-based, innovative digital
forensic engineering technology, practical experience & process related submissions
in the following areas:
- Systematic engineering processes & methodologies for computer forensic
- Advanced techniques in evidence collection, search, analysis, correlation,
handling and preservation
- Progressive cyber crime scenario analysis and reconstruction technology
- Legal case construction & digital evidence support
- Legal and technical collaboration
- Legal and technical aspects of tool validation
- Courtroom expert witness and case presentation
- Intrusion detection systems (IDS) for computer forensic
- Forensics of embedded devices (e.g. digicams, cell phones)
- Innovative forensic engineering tools and applications
- Attack strategy analysis & modeling
- Privacy, legal and legislation issues
- Monitoring and incident response
- Forensic-enabled architectures and processes
- Advanced system and application log analysis
For more information, please see
http://conf.ncku.edu.tw/sadfe/index.htm.
SASN 2005
3rd ACM Workshop on Security of Ad Hoc and Sensor Networks,
Held in conjunction with the 12th ACM Conference on Computer and Communications Security (CCS 2005),
Alexandria, VA, USA, November 7, 2005. [posted here 3/10/05]
Ad hoc and sensor networks are expected to become an integral part of the future computing
landscape. However, these networks introduce new security challenges due to their dynamic
topology, severe resource-constraints, and absence of a trusted infrastructure. SASN 2005
seeks submissions from academia and industry presenting novel research on all aspects of
security for ad hoc and sensor networks, as well as experimental studies of fielded
systems. This one-day workshop builds on the success of SASN 2003 and SASN 2004.
Topics of interest include, but are not limited to, the following as they relate
to mobile ad hoc networks or sensor networks:
- Security under resource constraints (e.g., energy, bandwidth, memory, and
computation constraints)
- Performance and security tradeoffs
- Secure roaming across administrative domains
- Key management
- Cryptographic Protocols
- Authentication and access control
- Trust establishment, negotiation, and management
- Intrusion detection and tolerance
- Secure location services
- Secure clock distribution
- Privacy and anonymity
- Secure routing
- Secure MAC protocols
- Denial of service
- Prevention of traffic analysis
For more information, please see
http://discovery.csc.ncsu.edu/SASN05/.
WPES 2005
Workshop on Privacy in the Electronic Society,
Held in conjunction with the 12th ACM Conference on Computer and Communications Security (CCS 2005),
Alexandria, VA, USA, November 7, 2005. [posted here 6/14/05]
The need for privacy-aware policies, regulations, and techniques has been widely
recognized. This workshop discusses the problems of privacy in the global
interconnected societies and possible solutions. The workshop seeks
submissions from academia and industry presenting novel research on all
theoretical and practical aspects of electronic privacy, as well as
experimental studies of fielded systems. We encourage submissions from other
communities such as law and business that present these communities'
perspectives on technological issues. Topics of interest include, but
are not limited to:
- anonymity, pseudonymity, and unlinkability
- data correlation and leakage attacks
- electronic communication privacy
- information dissemination control
- privacy in health care and public administration
- privacy and confidentiality management
- personally identifiable information
- privacy-aware access control
- privacy in the digital business
- privacy enhancing technologies
- privacy policies
- privacy and anonymity on the Web
- privacy in the electronic records
- public records and personal privacy
- privacy and human rights
- privacy threats
- privacy and virtual identity
- privacy policy enforcement
- privacy and data mining
- privacy vs. security
- user profiling
- wireless privacy
- economics of privacy
For more information, please see
http://wpes05.dti.unimi.it/.
CCS 2005 12th
ACM Conference on Computer and Communications Security, Alexandria,
VA, USA, November 7-11, 2005. [posted here 11/14/04]
Papers offering novel research contributions to any aspect of
computer security are solicited for submission to the 12th ACM
conference. The primary focus is on high-quality
original unpublished research, case studies, and implementation
experiences. Papers should have practical relevance to the
construction, evaluation, application, or operation of
secure systems. Theoretical papers must make convincing arguments
for the practical significance of the results. Theory must be
justified by compelling examples illustrating its
application.
Topics of interest include:
- access control
- authentication
- accounting and audit
- database and system security
- security for mobile code
- applied cryptography
- data/system integrity
- smart-cards and secure PDAs
- cryptographic protocols
- e-business/e-commerce
- intrusion detection
- inference/controlled disclosure
- key management
- privacy and anonymity
- security management
- intellectual property protection
- information warfare
- secure networking
- security verification
- commercial and industry security
For more information, please see
http:///www.acm.org/sigsac/ccs/.
DRM 2005
Workshop on Digital Rights Management,
Held in conjunction with the 12th ACM Conference on Computer and Communications Security (CCS 2005),
Alexandria, VA, USA, November 7, 2005. [posted here 6/14/05]
Digital Rights Management (DRM) is an area of pressing interest, as the
Internet has become the center of distribution for digital goods of all sorts.
The business potential of digital content distribution is huge, as are its
economic, legal and social implications. DRM, as a technical interdisciplinary
field, is at the heart of controlling the digital content and assuring
authorized, user friendly, safe, well-managed, automated, and fraud-free
distribution. The field of DRM combines cryptographic technology, software
and systems research, information and signal processing methods, legal, social
and policy aspects, as well as business analysis and economics.
Original papers on all aspects of Digital Rights Management are solicited
for submission to DRM 2005, the Fifth ACM Workshop on Digital Rights
Management. Topics of interest include but are not limited to:
- anonymous publishing
- architectures for DRM systems auditing
- business models for online content distribution
- computing environments and platforms for DRM systems
- copyright-law issues, including but not limited to fair use
- digital policy management
- implementations and case studies
- privacy and anonymity
- risk management
- robust identification of digital content
- security issues, including but not limited to authorization, encryption,
tamper resistance, and watermarking.
- software related issues.
- supporting cryptographic technology including but not limited to
traitor tracing, broadcast encryption, obfuscation.
- threat and vulnerability assessment.
- concrete software patent cases
- usability aspects of DRM systems.
- web services related to DRM systems
For more information, please see
http://www.titr.uow.edu.au/DRM2005/.
IWCIP 2005
1st IEEE International Workshop on Critical Infrastructure Protection,
Darmstadt, Germany, November 3-4, 2005. [posted here 6/14/05]
The IEEE Task Force on Information Assurance is sponsoring an interdisciplinary workshop
on research, policy, and experience in the field of critical infrastructure
protection (CIP) and critical information infrastructure protection (CIIP).
The workshop seeks submissions from academia, government, and industry presenting
novel research, policy, and applications and experience in the field of
critical infrastructure protection. Possible topics include, but are not limited to
the following:
Scientific and Technical Understanding of CIP/CIIP
- Modeling, analysis, and assessment of infrastructures and their interdependencies
- Identification of public and private assets for CIP/CIIP
- Analysis and management of threats, risks, and vulnerabilities of critical
infrastructures at the national level
- Cyberterrorism, cybercrime, and information operations
Scientific, Technical, and Organizational Approaches for CIP/CIIP
- Information security, security engineering, software security for CIP/CIIP
- CIP/CIIP requirements of the information society
- Early warning and information sharing networks
- Knowledge-based alerting and management approaches and mechanisms
- Public-Private-Partnerships (PPP) and their security requirements for cooperative CIP/CIIP
- Information Sharing and Analysis Centers (ISAC), information sanitization,
and secure exchange of confidential information
- Global/enterprise security architectures and information infrastructures
National and Transnational CIP/CIIP Positions and Issues
- Definition and analysis of national CIP/CIIP policies and positions
- Mechanisms for international cooperation among CIP groups
For more information, please see
http://www.iwcip.org/2005/.
DRMTICS 2005
1st International Conference on Digital Rights Management: Technologies, Issues, Challenges and Systems,
Sydney, Australia, October 31 - November 2, 2005.
[posted here 5/23/05]
This new conference series (abbreviated: DRMTICS, pronounced: "dramatics") seeks
submissions from academia and industry describing novel research results that cover
theoretical and practical advancements in all areas of DRM systems. The conference will
serve as a broad multi-disciplinary forum for all DRM related issues. Of
particular interest this year are rights expression languages, processes and methods
for DRM applications, together with social, legal, usability, and business aspects of
such systems. Alternative economic and incentive based models, their analysis,
implementation and case studies are highly encouraged.
Topics include but are not limited to:
- DRM systems and architecture
- ODRL, XrML and other rights expression languages
- Usage monitoring and metering
- Business and charging models for content distribution
- Economic aspects of content distribution
- Code obfuscation and software protection
- Usability aspects of DRM systems
- Concrete software patent cases
- DRM law and policy issues
- Fair use and copyright law issues
- Content sharing and mobility
- Privacy enhanced content distribution
- Peer-to-peer systems for content distribution
- MPEG-21, OMA and other standard activities for DRM
- Security technologies (including, but not limited to, authorisation, encryption,
tamper resistance and controlled access)
- Watermarking, fingerprinting and content identification
- Broadcast encryption and traitor tracing
- Implementations and case studies of DRM systems
- Web services for content distribution
- Access control systems for digital rights management
- Interoperability and accessibility
- Electronic publication and digital libraries
- Issues in distributed computer games
For more information, please see
http://www.titr.uow.edu.au/DRMTICS2005.
NIST-CHW 2005
Cryptographic Hash Workshop,
Gaithersburg, Maryland, USA, October 31 - November 1, 2005.
[posted here 5/9/05]
Recently a team of researchers reported that the SHA-1 function offers significantly
less collision resistance than could be expected from a cryptographic hash function of
its output size. NIST plans to host a Cryptographic Hash Workshop on Oct. 31-Nov. 1, 2005
to solicit public input in how best to respond to the current state of research in this area.
The workshop has the following goals:
- Assess the status of the current NIST-approved hash functions, i.e., the SHA-256 and
SHA-512 families in addition to SHA-1
- Discuss short term actions to mitigate the potential problems with the
various applications of the approved hash functions
- Discuss the conditions that would warrant an early transition away from
any of the approved hash functions
- Discuss the potential replacement options for any of the approved hash functions
- Clarify the properties of unkeyed cryptographic hash functions required for different
applications
For more information, please see
http://www.nist.gov/hash-function.
VizSEC 2005
2nd Workshop on Visualization for Computer Security,
Held in conjunction with IEEE Vis2005 and InfoVis2005,
Minneapolis, Minnesota, USA, October 26, 2005. [posted here 3/9/05]
Networked computers are increasingly ubiquitous, and they are subject to
attack, misuse, and abuse. Every effort is being made by organizations and
individuals to build and maintain trustworthy computing systems. The
traditional, signature-based and statistical methods are limited in their
capability to cope with the large, evolving data and the dynamic nature of
Internet. In many applications, visualization proves very effective to
understand large high-dimensional data. Thus, there is a growing interest
in the development of visualization methods as alternative or
complementary solutions to the pressing cyber security problems.
We solicit papers that report innovative results in solving all aspects of
cyber security problems with visualization techniques.
For more information, please see
http://www.cs.ucdavis.edu/~ma/VizSEC05/.
ITW 2005
Information Theory Workshop on Theory and Practice in Information-Theoretic Security,
Awaji Island, Japan, October 16-19, 2005. [posted here 3/10/05]
The 2005 Information Theory Workshop will be devoted to the dissemination and
further development of the boundary areas between information theory and
information security. A main goal of the workshop is to create a unique
and excellent venue for researchers working in diverse disciplines to exchange
latest research results on unconditional security and to discuss directions
for future explorations. Topics which this workshop deals with include
(but are not limited to):
- Theoretical and practical topics concerning information-theoretic security
- Paradigms, approaches and techniques concerning information-theoretic security
- Information theory applicable to information security
- Applications of information theory to computational security
- Topics in the bounded storage model and the noisy channel model
- Quantum information theory applicable to information security
- Quantum cryptography
For more information, please see
http://imailab-www.iis.u-tokyo.ac.jp/~itw05/.
Mycrypt 2005
International Conference on Cryptology in Malaysia, Kuala Lumpur, Malaysia,
September 28 – October 1, 2005. [posted here 3/21/05]
Original papers on all technical aspects of cryptology are solicited for submission
to Mycrypt 2005, the inaugural international conference on cryptology, hosted in Malaysia.
The conference is co-organized by iSECURES (Information Security Research) Lab at Swinburne
University of Technology (Sarawak Campus), NISER (National ICT Security and Emergency
Response Centre) and INSPEM (Institute for Mathematical Research) at UPM (University
Putra Malaysia).
For more information, please see
http://www.niser.org.my/mycrypt2005/.
MMM-ACNS 2005
3rd International Workshop on Mathematical Methods, Models and
Architectures for Computer Networks Security,
St. Petersburg, Russia, September 24-28, 2005. [posted here 1/16/05]
The Firs and Second International Workshops "Mathematical
Methods, Models and Architectures for Computer Networks
Security" (MMM-ACNS-2001
(http://space.iias.spb.su/mmm2001/main.jsp) and
MMM-ACNS-2003 (http://space.iias.spb.su/mmm-acns03/index.jsp))
organized in
2001 and 2003 respectively by St. Petersburg Institute for
Informatics and Automation, Binghamton University (SUNY) and
US Air Force Research Laboratory/Information Directorate and
supported by the European Office of Aerospace Research and
Development USAF, Office of Naval Research Global, and
Russian Foundation of Basic Research were very successful.
These workshops demonstrated the high interest of the
international scientific community to the theoretical aspects
of the computer network and information security and the need
for conducting of such workshops as on-going series.
The proposed MMM-ACNS-2005 Workshop is intended as a third
step in this series and will be focused on theoretical
problems in the area under consideration. Its objectives are
to bring together leading researchers from academia and
governmental organizations as well as practitioners in the
area of computer networks and information security,
facilitating personal interactions and discussions on various
aspects of information technologies in conjunction with
computer network and information security problems arising in
large-scale computer networks engaged in information storing,
transmitting, and processing.
Papers may present theory, technique, and applications on topics
including but are not restricted to:
- Adaptive security
- Anonymity and privacy
- Authentication and authorization
- Access control
- Computer and network forensics
- Data and application security
- Data mining, machine learning, immunological and cognitive approaches to security
- Deception systems and honeypots
- Denial-of-service attacks and countermeasures
- Electronic commerce security
- Formal analysis of security properties
- Game theoretic approaches to security
- Information flow analysis
- Information survivability
- Information warfare and critical infrastructure protection
- Integrated information security systems based on information fusion
- Intrusion and fraud avoidance, detection, response and tolerance
- Insider attack countermeasures
- Language-based security
- Modeling malicious behavior or attacks
- Monitoring and surveillance
- Network perimeter controls: firewalls, packet filters, application gateways
- New ideas and paradigms for security
- Operating system security
- Public key infrastructure, key management, certification, and revocation
- Risk analysis and risk management
- Security of emerging technologies: sensor networks, wireless/mobile (and ad hoc) networks, personal
communication systems, peer-to-peer and overlay network systems
- Security of autonomous agents and multi-agent systems: protecting agents and agent
infrastructure from attacks, secure agent communication, secure mobile agents
and mobile code, trusted agents
- Security modeling and simulation
- Security policies: specification, refining, verification, implementation, deployment and management
- Security requirements engineering
- Security specification and verification
- Trust establishment, negotiation, and management, including trust and
reputation in virtual organizations
- Virtual private networks
- Viruses, worms, and other malicious code
- Vulnerability assessment
- Wireless communication security
- World wide web security
For more information, please see
http://space.iias.spb.su/mmm-acns05/.
IWAP 2005
4th International Workshop for Applied PKI, Singapore, September 21-23, 2005.
[posted here 12/13/04]
IWAP'05 will be held in Singapore on September 21-23, 2005. Original
papers on all aspects of
PKI are solicited for submission to IWAP'05. Topics of interest
include, but are not limited
to, the following:
- Authentication & Verification
- Bio-PKI & Mobile PKI
- Case Studies
- Certificates and its Revocation
- Cross Certification
- Design & Implementation
- Interoperability & Standards
- Key Management & Recovery
- Legal Issues, Policies & Regulations
- Modeling & Architecture
- Privilege Management Infrastructure
- Protocols & Applications
- Reliability & Fault-Tolerance
- Risk Management & Analysis
- Security Analysis & Testing
- Signature Validation
- Time Stamping
- Trust & Privacy
For more information, please see
http://iwap05.i2r.a-star.edu.sg/.
NSPW 2005
New Security Paradigms Workshop,
Lake Arrowhead, California, USA, September 20-23, 2005. [posted here 2/4/05]
NSPW is a unique workshop that is devoted to the critical examination of new paradigms in security.
Our program committee particularly looks for new paradigms, innovative approaches to
older problems, early thinking on new topics, and controversial issues that might
not make it into other conferences but deserve to have their try at shaking and breaking the mold.
We welcome three categories of submission:
- Research papers should be of a length commensurate with the
novelty of the paradigm and the amount of novel material that
the reviewer must assimilate in order to evaluate it.
- Position papers should be 5 - 10 pages in length and should
espouse a well reasoned and carefully documented position on a security
related topic that merits challenge and / or discussion.
- Discussion topic proposals. Discussion topic proposals should
include an in-depth description of the topic to be discussed, a
convincing argument that the topic will lead to a lively
discussion, and supporting materials that can aid in the evaluation
of the proposal. The later may include the credentials of the
proposed discussants. Discussion topic proposers may want to
consider involving conference organizers or previous attendees in
their proposals.
For more information, please see
http://www.nspw.org.
FloCon 2005
2nd Annual FloCon 2005 Analysis Workshop,
New Orleans, Louisiana, USA, September 20-22, 2005. [posted here 2/14/05]
FloCon is an open workshop that provides a forum for researchers,
operational analysts, and other parties interested in the security
analysis of large volumes of traffic to develop the next generation
of flow-based analysis. Flow is an abstraction of network traffic in
which packets are grouped together by common attributes over time.
In security, flow has been used to survey and analyze large networks
and long periods of time, but the field is still in its infancy.
FloCon 2005 will have an active workshop structure: our goal is to
have presentations coupled with working breakout sessions on
specific topics. Based on submissions and suggestions, we will
develop a three-day track.
Appropriate topics include, but are not limited to, the following:
- Experience reports in flow analysis
- Operational security analysis using flows
- Advanced flow analysis techniques
- Expanding the flow format for security needs
- Integrating flows into other security analysis
- Facilitating data sharing/public repositories
- Flow collection technologies
- Network traffic modeling for security
- Alternative traffic abstracts for services
For more information, please see
http://www.cert.org/flocon/.
MADNES 2005
Secure Mobile Ad-hoc Networks and Sensors workshop, Held in conjunction with
the ISC '05 conference, Singapore, September 20-22, 2005.
[posted here 12/22/04]
The MADNES workshop. co-sponsored by the
SAIT Laboratory and the
U.S. Army Research Office will feature information about security in mobile
and ad-hoc networks. Proceedings will be published as Springer-Verlag,
LNCS. Topics of interest include:
- Security and fault tolerance
- Privacy issues
- Security & privacy applications of mobile agents and intelligent autonomous systems
- Distributed denial of service attacks and defenses
- Mobile code security and verification
- Key management and trust infrastructures
- Security, privacy and efficiency trade-offs
- Secure distributed algorithms
- Secure & private protocols for dynamic group applications
- Secure location, discovery and authentication of neighbors
- Secure timing and synchronization
- Secure/private data collection and aggregation
- Secure self-configuration
- Secure routing
- Analysis and simulation of security and privacy properties
- Case Studies
- Energy efficient cryptography
For more information, please see
http://www.sait.fsu.edu/madnes/cfp.shtml.
ISC 2005
8th Information Security Conference, Singapore, September 20-23, 2005.
[posted here 12/13/04]
ISC'05 will be held in Singapore on 20-23 September, 2005. Original
papers on all technical
aspects of information security are solicited for submission to
ISC'05. Topics of interest include, but are not limited to, the following:
- Access Control
- Ad Hoc & Sensor Network Security
- Applied Cryptography
- Authentication and Non-repudiation
- Cryptographic Protocols
- Denial of Service
- E-Commerce Security
- Identity and Trust Management
- Information Hiding
- Insider Threats and Countermeasures
- Intrusion Detection & Prevention
- Network & Wireless Security
- Peer-to-Peer Security
- Privacy and Anonymity
- Security Analysis Methodologies
- Security in Software Outsourcing
- Systems and Data Security
- Ubiquitous Computing Security
For more information, please see
http://isc05.i2r.a-star.edu.sg/.
CoALa 2005
Workshop on Contract Architectures and Languages,
Held in conjunction with the 9th International IEEE Enterprise Distributed
Object Computing Conference (EDOC 2005),
Fairfax, VA, USA, September 20, 2005.
[posted here 5/16/05]
This Workshop will provide a collaborative forum for the participants to exchange recent or preliminary
results, to conduct intensive discussions on a particular topic, or to coordinate efforts between
representatives of a technical community in the area of Contract Architectures and Languages.
The program committee seeks papers and proposals that address various aspects of contracts,
including enterprise modeling, e-business, formal and legal aspects with the aim of
providing a balanced mix of presentations from these different perspectives.
Topics of interest include, but are not limited to:
- Enterprise contract architectures
- Contract as a basis for coordination of cross-organisational interactions
- Contracts from system theoretic point of view
- Formalisms for expressing contracts
- Contract description languages
- Contract negotiation, validation
- Run-time contract monitoring and enforcement
- tandardisation activities for e-contracts (e.g. legalXML OASIS and UN/CEFACT): status and directions
- The use of model-driven techniques and tools
- Legal issues associated with electronic contracts
- Tools for drafting and constructing contracts
- Integration of contract management systems with other enterprise systems,
e.g. payment systems and ERP systems
- Contract management requirements for specific contracts, e.g. SLAs,
construction, financial and e-government contracts
- Trust and contract management issues
- Use and applicability of existing standards/initiatives (e.g. Web
Services, BPEL4WS, WS-CDL, RuleML etc)
- Links between contracts and business processes
- Practical experience with contract management systems
For more information, please see
http://www.dstc.edu.au/Research/Projects/coala/2005/.
FOSAD 2005
5th International School on Foundations of Security Analysis and Design,
Bertinoro, Italy, September 19-24, 2005. [posted here 02/01/05]
Security in computer systems and networks is emerging as one of the most challenging
research areas for the future. The main aim of the school is to offer a good spectrum
of current research in foundations of security, ranging from programming languages to
analysis of protocols, that can be of help for graduate students, young researchers
from academia or industry that intend to approach the field. The FOSAD series started
in 2000 and last edition was in 2004. This year the school covers one week (from Monday 19
to Saturday 24, September 2005) and alternates monographic courses of 4/6 hours and
short courses of 2/3 hours. We also encourage presentations given by those participants
that intend to take advantage of the audience for discussing their current research
in the area.
The school is organized at the University Residential Center of Bertinoro,
situated in Bertinoro, a small village on a scenic hill with a wonderful panorama,
in between Forli' and Cesena (about 50 miles south-east of Bologna, 15 miles to the
Adriatic sea). The cheapest way to travel is by plane to Forli' airport (the secondary
airport of Bologna), which is daily connected to London and Frankfurt AM through the
low fares airline Ryanair.
For more information, please see
http://www.sti.uniurb.it/events/fosad.
PBA 2005
International Workshop on Protection by Adaptation,
Held in conjunction with the 7th International Conference on Information
Integration and Web Based Applications & Services (iiWAS2005),
Kuala Lumpur, Malaysia, September 19-21, 2005.
[posted here 3/9/05]
For most people, security refers to cryptographic algorithms, biometric authentication
techniques, passwords, etc. Beyond these intuitive notions, security is rather a very
broad topic and may be viewed from a variety of other perspectives, including new
access control models, software architectures for security systems, and security
policies specifications. Emerging applications are subject to a high
number of attacks due to the distributed nature of these new environments,
mobility of users and devices, services heterogeneity and the different
capabilities of devices used to access these services.
The aim of this workshop is to encourage the research community to better
consider context-based security as a new trend that may face future more
subtle security attacks. We believe that the force of a good security system
should not rely only on the force of security protocols but also on the way it
copes with new and completely unpredictable situations or at least learn from
new situations and updates its behavior accordingly. This goal can be reached
by making future security solutions freely adaptive. We look for original
submissions on the following topics (but not limited to):
- Security in mobile, wireless and ad hoc environments
- Dynamic security policies
- Context-based access control
- Context in security
- Agile encryption
- Artificial intelligence and security
- Adaptive security solutions
- Middleware for context-based security systems
- Conflicting norms issues in security policies
- Flexible security architectures for pervasive applications
- Security contexts discovery, retrieval, representation and modeling
- Modeling users’ security profiles
- Metrics for evaluating security infrastructures
- Testing of adaptive security systems
- Software architectures for adaptive security (design patterns, etc)
- Adaptive security levels in heterogeneous environments
- Enforcing applications security semantics
- Metrics for predicting security threats
For more information, please see
http://www.iiwas.org/workshops/pba-2005/.
CMS 2005
9th IFIP TC-6 TC-11 Conference on Communications and Multimedia Security,
Salzburg, Austria, September 19-21, 2005. [posted here 3/9/05]
CMS is a joint working conference of IFIP TC6 and TC11. The CMS conference
attempts to be a forum for researchers working on all aspects of communications
and multimedia security. This year the organizers especially encourage submissions
on topics such as security of information hiding, combined encryption and
watermarking schemes, XML security and network security. Papers should
have practical relevance to the construction or evaluation of secure
systems; theoretical papers should demonstrate their practical significance.
We solicit papers describing original ideas and research results related to
the Communication and Multimedia Security area. Suggested topics include -
but are not limited to:
- Applied cryptography
- Privacy protection
- Biometrics
- Security for mobile devices
- Security of multimedia content
- Network security
- Steganography
- Secure Electronic Commerce
- Digital watermarking
- Web security
- Cryptography
- Digital Rights Management
- Identification and authentication
- XML security
For more information, please see
http://cms2005.sbg.ac.at/call.html.
ECC 2005
9th Workshop on Elliptic Curve Cryptography (ECC 2005),
Technical University of Denmark, Copenhagen, Denmark, September 19-21, 2005. [posted here 3/6/05]
ECC 2005 is the ninth in a series of annual workshops dedicated to the study of
elliptic curve cryptography and related areas. Over the past years the ECC conference
series has broadened its scope beyond curve-based cryptography and now covers a wide
range of areas within modern cryptography. For instance, past ECC conferences
included presentations on hyperelliptic curve cryptography, pairing-based cryptography,
quantum key distribution, AES, implementation issues, and deployments (e.g.,
cryptography for travel documents).
At the same time ECC continues to be the premier conference on elliptic
curve cryptography. It is hoped that ECC 2005 will further our mission of
encouraging and stimulating research on the security and implementation of
elliptic curve cryptosystems and related areas, and encouraging collaboration
between mathematicians, computer scientists and engineers in the academic,
industry and government sectors.
As with past ECC conferences, there will be about 15 invited lectures
(and no contributed talks) delivered by internationally leading experts.
There will be both state-of-the-art survey lectures as well as lectures on
latest research developments.
For more information, please see
http://www.cacr.math.uwaterloo.ca/conferences/2005/ecc2005/announcement.html.
FEE 2005
Frontiers in Electronic Elections,
Milan, Italy, September 15-16, 2005. [posted here 7/22/05]
The workshop is organized by ECRYPT, the European Network of Excellence in Cryptology,
and in association with ESORICS 2005, the 10th European Symposium on Research in Computer
Security, which takes place September 12-14, in Milan. The workshop is an activity of
ECRYPT's PROVILAB, the virtual lab on cryptographic protocols. It follows in the tradition
of a series of workshops devoted to cryptographic voting methods, such as WOTE '01 and
the 2003 DIMACS Workshop on Electronic Voting.
For some 25 years cryptographers have been proposing electronic voting schemes of
ever increasing strength and versatility, dealing with ballot secrecy, election
integrity etc., typically viewing the problem as a special case of secure multiparty
computation. The aim of this workshop is to bring together researchers and practitioners
from academia and industry, who are working on cryptographic protocols for electronic
voting systems, to evaluate the state of the art, to share practical experiences, and
to look for possible enhancements. Topics include but are not limited to:
- Election integrity
- Election verifiability
- Ballot secrecy
- Voter anonymity
- Voter authorization
- Receipts and coercibility
- Secure bulletin boards
- Implementation of broadcast channels
- Implementation of anonymous channels
- Threat models
- Formal requirements
- Formal security analysis
For more information, please see
http://www.win.tue.nl/~berry/fee2005/.
STM 2005
1st International Workshop on Security and Trust Management,
Held in conjunction with ESORICS 2005, Milano, Italy,
September 15, 2005. [posted here 5/10/05]
STM (Security and Trust Management) is a recently established working
group of ERCIM (European Research Consortium in Informatics and Mathematics). It
is planned to organize STM workshops on a yearly basis. This will be the first
workshop in this series. The focus of this first workshop will coincide with
the research topics of the STM working group. These comprise:
- To investigate the foundations and applications of security and trust in ICT
- To study the deep interplay between trust management and common security issues such as
confidentiality, integrity and availability
- To identify and promote new areas of research connected with security management, e.g.
dynamic and mobile coalition management (e.g., P2P, MANETs, Web/GRID services)
- To identify and promote new areas of research connected with trust management, e.g.
reputation, recommendation, collaboration etc.
- To provide a platform for presenting and discussing emerging ideas and trends.
The topics of interest of this workshop include but are not limited to:
- Rigorous semantics and computational models for security and trust
- Security and trust management architectures, mechanisms and policies
- Networked systems security
- Privacy and anonymity
- Identity management
- ICT for securing digital as well as physical assets
- Cryptography
For more information, please see
http://www-rocq.inria.fr/arles/events/STM2005/index.html.
QoP 2005
1st Workshop on Quality of Protection,
Held in conjunction with ESORICS 2005 and METRICS 2005, Milano, Italy,
September 15, 2005. [posted here 4/29/05]
Information Security in Industry has matured in the last few decades. Standards such as
ISO17799, the Common Criteria (ISO15408), a number of industrial certification and risk analysis
methodologies have raised the bar on what is considered a good security solution from a
business perspective. However, even a fairly sophisticated standard such as ISO17799 has
an intrinsically qualitative nature. Notions such as Security Metrics, Quality of Protection
(QoP) or Protection Level Agreement (PLA) have surfaced in the literature but still have
a qualitative flavour. The QoP Workshop intends to discuss how security research can
progress towards a notion of Quality of Protection in Security comparable to the notion of
Quality of Service in Networking, Software Reliability, or Software Measurements and
Metrics in Empirical Software Engineering. Topics of interest include, but are not limited to:
- Industrial Experience
- Security Risk Analysis
- Security Quality Assurance
- Measurement-based decision making and risk management
- Empirical assessment of security architectures and solutions
- Mining data from attacks and vulnerabilities repositories
- Security metrics
- Measurement theory and formal theories of security metrics
- Security measurement and monitoring
- Experimental verification and validation of models
- Simulation and statistical analysis, stochastic modeling
- Reliability analysis
For more information, please see
http://dit.unitn.it/~qop/.
ESORICS 2005
10th European Symposium on Research in Computer Security,
Milan, Italy, September 14-16, 2005. [posted here 1/18/05]
Papers offering novel research contributions in any aspect of computer
security are solicited for submission to the Tenth European Symposium
on Research in Computer Security (ESORICS 2005). Organized in a series
of European countries, ESORICS is confirmed as the European research
event in computer security. The symposium started in 1990 and has been
held on alternate years in different European countries and attracts
an international audience from both the academic and industrial
communities. From 2002 it has been held yearly. The Symposium has
established itself as one of the premiere, international gatherings on
information assurance. Papers may present theory, technique,
applications, or practical experience on topics including:
- access control
- accountability
- anonymity
- applied cryptography
- authentication
- covert channels
- cryptographic protocols
- cybercrime
- data and application security
- data integrity
- denial of service attacks
- dependability
- digital right management
- firewalls
- formal methods in security
- identity management
- inference control
- information dissemination control
- information flow control
- information warfare
- intellectual property protection
- intrusion tolerance
- language-based security
- network security
- non-interference
- peer-to-peer security
- privacy-enhancing technology
- pseudonymity
- secure electronic commerce
- security administration
- security as quality of service
- security evaluation
- security management
- security models
- security requirements engineering
- security verification
- smartcards
- steganography
- subliminal channels
- survivability
- system security
- transaction management
- trust models and trust management policies
- trustworthy user devices
For more information, please see
http://esorics05.dti.unimi.it/.
AMESP 2005
Workshop on Appropriate Methodology for Empirical Studies of Privacy,
Rome, Italy, September 12, 2005. [posted here 5/16/05]
The workshop aims to reflect on appropriate methodology to empirically study privacy
issues related to technology by drawing upon both theoretical perspectives as well as
practical experiences. Successful as well as failed empirical investigations could
prove quite illuminating for this purpose. Some of the questions the workshop plans
to address include:
- What methodologies are suited for studying privacy in what kinds of settings?
- What criteria could be applied to determine appropriateness of a given methodology
for a given setting?
- For each methodology, what are the best practices to follow and the pitfalls to avoid?
- For each methodology, how could bias be avoided?
- In what ways do methodologies complement each other?
- Given that cultural values regarding privacy, and legal and policy aspects of
privacy reflexively influence each other,
could we hope to isolate the effect of each of these on privacy practices? If so, how?
- In what ways can we address the mismatch between stated user preferences and actual user practices?
For more information, please see
http://www.privacymethodologies.tk.
PIC 2005
Workshop on UbiComp Privacy: Privacy in Context,
Tokyo, Japan, September 11, 2005.
[posted here 5/23/05]
The main goals of this workshop are to discuss social, technical, and
legal solutions to reducing, managing, or redefining privacy risks under
the various constraints shaped by the context of a certain application, a
specific set of users, or a particular culture. Instead of seeing privacy
as an isolated abstract concept we are interested in reviewing and
discussing privacy as an integral part of individual contexts of
technology use, which greatly influences both concepts and systems design.
We invite submissions reflecting diverse perspectives on privacy, whether
based on notions of individual rights, legal contracts, economic
incentives, social obligation, or interpersonal intimacy.
Social and legal issues in ubicomp privacy
- How do various technology stakeholders (designers, managers, employees,
consumers, regulators, activists, citizens, etc.) conceive of privacy and
its relevance to ubicomp technologies? How do conceptions change over time,
as they use and become more familiar with systems?
- What incentives work best for ubicomp systems? How can weaker parties (e.g.,
individuals) respond to organizations’ desire for information?
How should this shape design?
- How can we conceptualize, design, and provide context-dependent privacy
that dynamically changes according to a specific situation or user need?
Can we gather key insights from users’ day-to-day practices to assist in
the design of large-scale ubiquitous computing systems?
- How is privacy enacted and conceived differently in different cultures
and communities, e.g., in different countries, across professional groups,
within families, between genders?
- How do affordances of different application domains shape the level of
privacy users expect, or the level of privacy that can be provided?
- What trade-offs are necessary to balance privacy vs. efficiency, convenience,
and security? Under what circumstances is privacy to be limited or expanded?
Methods for investigating and building ubicomp privacy
- What are the best methods for evaluating, measuring, and understanding privacy
concerns? What kinds of qualitative and quantitative approaches work well?
- What can be learned from past cases? What ubicomp-relevant systems have succeeded
or failed because (or despite) of their treatment of personal information and privacy
risks? What systems have successfully transitioned (or unexpectedly failed to transition)
from one context or culture to another?
- Which research methods have been applied to the empirical and social study of
ubiquitous computing systems and privacy? Can we identify best practices for
laboratory and field experiments as well as potential longitudinal studies?
- What kinds of design methods are most effective for understanding the privacy
concerns of a given community, especially while early in the design process?
- What kinds of tools are useful for prototyping and implementing privacy-sensitive systems?
- What progress is needed in core technologies such as cryptography, trusted systems,
AI inference and user modeling to implement better privacy-sensitive systems?
For more information, please see
http://www.sims.berkeley.edu/~jensg/Ubicomp2005/.
RAID 2005 Eighth
International Symposium on Recent Advances in Intrusion Detection,
Seattle, Washington, USA, September 7-9, 2005. [posted here 12/13/04]
This symposium, the eighth in an annual series, brings together
leading researchers and practitioners from academia, government, and
industry to discuss intrusion detection
technologies and issues from the research and commercial
perspectives. The RAID International Symposium series is intended to
further advances in intrusion defense by promoting the
exchange of ideas in a broad range of topics.
For RAID 2005 we are expanding our historical scope from a focus on
intrusion detection to the broader field of intrusion defense. Of
particular interest are intrusion tolerant systems and
systems for which detection triggers an adaptive response. As in
2004, we welcome papers that address issues related to intrusion
defense, including information gathering and monitoring,
as a part of a larger, not necessarily purely technical,
perspective. We also invite papers on the following topics, as they
bear on intrusion detection and the general problem of
information security:
- Risk assessment and risk management
- Intrusion tolerance
- Deception systems and honeypots
- Vulnerability Analysis and Management
- IDS Assessment
- IDS Survivability
- Privacy aspects
- Data mining techniques
- Visualization techniques
- Cognitive approaches
- Biological approaches
- Self-learning
- Case studies
- Legal issues
- Critical infrastructure protection (CIP)
For more information, please see
http://www.conjungi.com/RAID/ and
http://www.raid-symposium.org/.
SECOVAL 2005
SECOVAL Workshop: The Value of Security through Collaboration,
Held in conjunction with the 1st International Conference on Security and Privacy
for Emerging Areas in Communication Networks(SECURECOMM 2005),
Athens, Greece, September 5-9, 2005. [posted here 2/27/05]
Security is usually centrally managed, for example in a form of policies duly executed
by individual nodes. This workshop will cover the alternative trend of using
collaboration and trust to provide security. Instead of centrally managed
security policies, nodes may use specific knowledge (both local and acquired
from other nodes) to make security-related decisions. The research addressed
by the workshop can be roughly divided into three main areas, each
answering the individual research questions. They are: (a) Reasoning
behind current trends in security through collaboration,
(b) different approaches and models to security through collaboration,
(c) the unique set of problems and risks brought by security through collaboration.
Contributions should address at least one of these areas.
Topics of interest to the workshop include, but are not limited to:
- Approaches to security through collaboration
- Specificities of security through collaboration
- Trust models and metrics
- Standardization of trust metrics
- Value and meaning of trust
- Trust-based security decision process
- Value and models of networks of collaborators
- Threat and risk analysis of security through collaboration
- Attacks due to collaboration and mitigation of these attacks
- Technical trust of the underlying infrastructure used for deployment
- Costs and benefits of trust and collaboration based security compared to other models
- Privacy and legal aspects of security through collaboration
For more information, please see
http://www.secoval.org.
CNFR 2005
Computer Network Forensics Research Workshop,
Held in conjunction with the 1st International Conference on Security and Privacy
for Emerging Areas in Communication Networks(SECURECOMM 2005),
Athens, Greece, September 5-9, 2005. [posted here 3/5/05]
The First Computer Network Forensics Research Workshop will bring together
researchers and practitioners of computer network forensics to further
define and refine field while sharing their research results.
Goals of CNFR '05 are (a)disseminate New and in-progress research in network forensics,
(b) define Network Forensics as an area, how it relates to other areas
and what new problems are to be faced, and
(c) build a community of those interested in network forensics.
Topics of interest to the workshop include, but are not limited to:
- Defining/Modeling Network Forensics
- Legal/Practical Challenges to Network Evidence
- Application of Traditional Security Tools
- Network Forensics Architectures
- Traceback & Attribution
- Evidence Collection/Storage
- International/Internet Legal Issues/Case Studies
- Problems with Use of Traditional Network Tools
- Law Enforcement/Legal Perspectives
- Other Digital Forensics-related Research
For more information, please see
http://www.ece.iastate.edu/cnfr/.
SECURECOMM 2005
1st International Conference on Security and Privacy for Emerging Areas in Communication Networks,
Athens, Greece, September 5-9, 2005. [posted here 02/01/05]
SCOPE: The focus of this conference is two-fold: a) Security and Privacy in
wireless, mobile, ad hoc, sensor, personal-area and RFID networks,
b) Security and Privacy in pervasive and ubiquitous computing. The conference aims
to bring together academic, industrial and government researchers, practitioners,
standards developers and policy makers.
Topics of interest include, but are not limited to:
- Wireless Network Security (WiFi, WiMAX, WiMedia and others)
- Sensor and Mobile Ad Hoc Network Security
- Security of GSM/GPRS/UMTS systems
- RFID security and privacy
- Wireless Intrusion Detection Systems, tolerance and recovery
- Firewalls and Application gateways for wireless/mobile networks and pervasive/ubiquitous computing
- Public key infrastructures for wireless/mobile networks and pervasive/ubiquitous computing
- Web Security, Authentication and Authorization in wireless/mobile networks and
pervasive/ubiquitous computing
- Privacy/Anonymity Preserving Design in wireless/mobile networks and pervasive/ubiquitous computing
- E-commerce protocols and micropayment schemes
- Secure Localization systems
- Security in hybrid (e.g., wireline/wireless) networks
For more information, please see
http://www.securecomm.org.
WMASH 2005 3rd
ACM International Workshop on Wireless Mobile Applications and Services on WLAN Hotspots,
Held in conjunction with ACM MOBICOM 2005,
Cologne, Germany, September 2, 2005. [posted here 3/4/05]
The goal of the workshop is to address and discuss the technical and business challenges,
ideas, views, and research results in providing public wireless Internet services
and applications for nomadic users in small, highly-populated, public spaces
(wireless LANs and "hotspots").
We are specifically interested in work dealing with network layer and
above (layers 3-7). However, cross-layer solutions including MAC interaction
as well as ESS management via IAPP are welcome. Within the context of interest
to this workshop, a list of topics includes, but is not limited to:
- Applications and services
- New service and business models
- Public WLAN and hotspot architectures
- Community-owned WLAN infrastructures
- WLAN-based ad-hoc network service creation and management
- Metro-area hotspots using 802.11/802.16 mesh
- Multi-radio mesh node designs
- Self-configuring mesh networks for public hotspots
- Mobile routers for transient, portable hotspots
- Application case studies of mobile routers
- Interworking with other wireless systems, e.g., 3G, 802.16
- Mobility, roaming, and handoff management
- Context-aware services and technologies
- Location-aware applications and services
- Multimedia wireless applications, e.g., Voice over WLAN (VoWLAN)
- Authentication, accounting, billing and payment issues
- Security and privacy in public WLANs
- Middleware support
- Service location and discovery
- Traffic measurements and modeling
- Case studies on deployed platforms and experimental testbeds
For more information, please see
http://wmash2005.ece.iastate.edu.
SDM 2005
2nd VLDB Workshop on Secure Data Management,
Held in conjunction with the 31st International Conference on Very Large Databases (VLDB 2005),
Trondheim, Norway, September 2-3, 2005. [posted here 3/6/05]
The aim of the workshop is to bring together people from the security research
community and data management research community in order to exchange ideas on
the secure management of data. This year an additional special session will be
organized with the focus on secure and private data management in healthcare.
The workshop will provide forum for discussing practical experiences and theoretical
research efforts that can help in solving the critical problems in secure data
management. Authors from both academia and industry are invited to submit papers
presenting novel research on the topics of interest.
Topics of interest include (but are not limited to) the following:
- Secure Data Management
- Database Security
- Secure Storage
- Data Integrity
- Data Anonymization
- Data Hiding
- Search on Encrypted Data
- Metadata and Security
- XML Security
- Privacy Preserving Data Mining
- Statistical Database Security
- Digital and Enterprise Rights Management
- Healthcare Security
- Multimedia Security and Privacy
- Authorization and Access Control
- Private Authentication
- Identity Management
- Privacy Enhancing Technologies
- Private Information Retrieval
- User Profiling and Privacy
- Security, Privacy and Ubiquitous Computing
- Information Dissemination Control
- Protection of Personally Identifiable Information
- Applied Cryptography
- Web services security
- Secure Semantic Web
- Privacy and Security with RFID
- Private Watermarking
- Trust Management
- Security and Privacy Management
For more information, please see
http://www.extra.research.philips.com/sdm-workshop/sdm05.html.
WiSe 2005
ACM Workshop on Wireless Security,
Held in conjunction with ACM MobiCom 2005, Cologne, Germany,
August 28 - September 2, 2005. [posted here 4/11/05]
The objective of this workshop is to bring together researchers from research
communities in wireless networking, security, applied cryptography, and dependability;
with the goal of fostering interaction. With the proliferation of wireless networks,
issues related to secure and dependable operation of such networks are gaining importance.
Topics of interest include, but are not limited to:
- Key management in wireless/mobile environments
- Trust establishment
- Computationally efficient primitives
- Intrusion detection, detection of malicious behavior
- Revocation of malicious parties
- Secure PHY/MAC/routing protocols
- Secure location determination
- Denial of service
- User privacy, location privacy
- Anonymity, prevention of traffic analysis
- Dependable wireless networking
- Identity theft and phishing in mobile networks
- Charging in wireless networks
- Cooperation in wireless networks
- Vulnerability modeling
- Incentive-aware secure protocol design
- Jamming
- Monitoring and surveillance
For more information, please see
http://www.ee.washington.edu/research/nsl/wise2005.
TrustBus 2005
2nd International Conference on Trust, Privacy, and Security in Digital Business,
Held in conjunction with the 16th International Conference on Database and
Expert Systems Applications (DEXA 2005),
Copenhagen, Denmark, August 22-26, 2005 [posted here 1/31/05]
TrustBus'05 will bring together researchers from different disciplines, developers,
and users all interested in the critical success factors of digital business systems.
We invite papers, work-in-process reports, industrial experiences describing
advances in all areas in all digital business applications.
For more information, please see
http://www-ifs.uni-regensburg.de/trustbus05/.
SecCo 2005
3rd International Workshop on Security Issues in Concurrency,
San Francisco, CA, USA, August 21-22, 2005. [posted here 5/10/05]
The 3rd International Workshop on Security Issues in Concurrency (SecCo'05) follows
the success of SecCo'03 (held in conjunction with ICALP'03) and SecCo'04 (held in
conjunction with CONCUR'04). New networking technologies require the definition of
models and languages adequate for the design and management of new classes of applications.
Innovations are moving in two directions: on the one hand, the Internet which supports wide
area applications, on the other hand, smaller networks of mobile and portable devices which
support applications based on a dynamically reconfigurable communication structure. In both
cases, the challenge is to develop applications while at design time there is no knowledge
of the availability and/or location of the involved entities.
Coordination models, languages and middlewares, which advocate a distinct separation
between the internal behaviour of the entities and their interaction, represent a
promising approach. However, due to the openness of these systems, new critical aspects
come into play, such as the need to deal with malicious components or with a hostile
environment. Current research on network security issues (e.g. secrecy, authentication, etc.)
usually focuses on opening cryptographic point-to-point tunnels. Therefore, the
proposed solutions in this area are not always exploitable to support the end-to-end
secure interaction between entities whose availability or location is not
known beforehand. Topics of interest include, but are not limited to:
- authentication
- integrity
- privacy
- confidentiality
- access control
- denial of service
- service availability
- safety aspects
- fault tolerance
in
- coordination models
- web service technology
- mobile ad-hoc networks
- agent-based infrastructures
- peer-to-peer systems
- global computing
- context-aware computing
- ubiquitous/pervasive comp
- component-based systems
For more information, please see
http://www.zurich.ibm.com/~mbc/secco05/.
DFRWS 2005
5th Annual Digital Forensics Research Workshop,
New Orleans, LA, USA, August 17-19, 2005. [posted here 5/2/05]
The purpose of this workshop is to bring together researchers, practitioners,
and educators interested in digital forensics. We welcome the participation of
people in industry, government, law enforcement, and academia who are interested in
advancing the state of the art in digital forensics by sharing their results,
knowledge, and experiences. We are looking for research papers, demo proposals,
and panel proposals. Major areas of interest include, but are not limited to,
the following topics:
- Incident response and live analysis
- OS, application, and multimedia analysis
- File system analysis
- Physical analysis (magnetic, optical, electrostatic, etc.)
- Memory analysis
- Network forensics
- Traceback and attribution
- Data hiding and recovery
- Event reconstruction
- Large-scale investigations
- Data mining techniques
- Tool testing and development
- Legal issues
- Case studies and trend reports
- Non-traditional approaches to forensic analysis
For more information, please see
http://www.dfrws.org.
CRYPTO 2005 Twenty-Fifth Annual International Cryptology
Conference, Santa Barbara, CA, USA, August 14-18, 2005.
[posted here 11/14/04]
The 25th International Cryptology Conference will be held at the
University of California, Santa Barbara. The academic program covers
all aspects of cryptology. Formal proceedings, published by
Springer-Verlag, will be provided to registered attendees at the
conference. Technical sessions will run from Monday morning to
Thursday noon, with a non-technical activities half-day on Tuesday
afternoon.
For more information, please see
http://www.iacr.org/conferences/c2005/index.html.
SAC 2005
12th Annual Workshop on Selected Areas in Cryptography,
Queen's University, Kingston, Ontario, Canada, August 11-12, 2005.
[posted here 3/6/05]
The Workshop on Selected Areas in Cryptography (SAC) is an annual conference
dedicated to specific themes in the area of cryptographic system design and
analysis. Authors are encouraged to submit original papers related to the
themes for the SAC 2005 workshop:
- Design and analysis of symmetric key cryptosystems
- Primitives for symmetric key cryptography, including block and stream ciphers,
hash functions, and MAC algorithms
- Efficient implementations of symmetric and public key algorithms
- Cryptographic algorithms and protocols for ubiquitous computing (RFID, sensor networks)
For more information, please see
http://www.ece.queensu
