Cipher
Calls for Papers



IEEE Computer Society's Technical Committee on Security and Privacy


 

Past Conferences and Journal Special Issues

Last Modified:1/9/06

Note: Please contact cipher-cfp@ieee-security.org by email if you have any questions..

Contents

Past journals announcements

Past conferences and other announcements

 
       

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

2003

2002

2001

2000

1999

1998

1997

 

Past Conferences and Other Announcements - 2005

ICDCIT 2005 2nd International Conference on Distributed Computing & Internet Technology, Bhubaneswar, India, December 22-24, 2005. [posted here 3/21/05]
Mobile communication and Internet technology together have played key role in connecting people across the globe for sharing and trading information. This information globalization has forced us to think about the integration of applications running at geographically dispersed locations. The spin off of these developments have led to some interesting and serious research on issues pertaining to distributed computing, web services, system security and software engineering. ICDCIT series is a forum for interactions of researchers working in the above mentioned areas.

For more information, please see http://www.cse.iitk.ac.in/~rkg/ICDCIT05/.

CISC 2005 SKLOIS Conference on Information Security and Cryptology, Beijing, China, December 15-17, 2005. [posted here 4/22/05]
The SKLOIS conference on information security and cryptology seeks full papers presenting new research results related to cryptology, information security and their applications. Areas of interest include, but are not limited to:
- Access Control
- Authentication and Authorization
- Biometric Security
- Distributed System Security
- Database Security
- Electronic Commerce Security
- Intrusion Detection
- Information Hiding and Watermarking
- Key Management and Key Recovery
- Network Security
- Security Protocols and Their Analysis
- Security Modeling and Architecture
- Provable Security
- Multiparty Security Computation
- Foundations of Cryptography
- Secret Key and Public Key Cryptosystems
- Implementation of Cryptosystems
- Hash Functions and MAC
- Modes of Operation
- Intellectual Property Protection
- Mobile System Security
- Operating System Security
- Risk Evaluation and Security Certification
- Malicious Codes and Prevention

For more information, please see http://www.is.iscas.ac.cn/cisc/index.htm.

CANS 2005 4th International Conference on Cryptography and Network Security, Xiamen, Fujian Province, China, December 14-16, 2005. [posted here 4/22/05]
The main goals of this conference are to promote research on all aspects of network security and to build a bridge between research on cryptography and network security. So, we welcome scientific and academic papers that focus on this multidisciplinary area. Topics of interest include:
- Denial of Service
- Intrusion Detection
- Router Security
- Spam
- Spyware
- Scanning
- WWW Security
- Anonymity and internet voting
- Broadcast and Multicast Security
- DNS Security
- Firewalls
- Information Hiding
- International Standards
- (IP) Spoofing
- PKI
- Secure E-Mail
- Secure protocols, (SSH, SSL, ...)
- Security of Ad Hoc Networks
- Session Hijacking
- Virtual Private Networks
- Wireless Security
- cryptology

For more information, please see http://math.fjnu.edu.cn/cans.

SISW 2005 3rd International IEEE Security in Storage Workshop, Held in conjunction with the 4th USENIX Conference on File and Storage Technologies (FAST 2005), San Francisco, CA, USA, December 14-16, 2005. [posted here 7/10/05]
The workshop seeks submissions from academia and industry presenting novel research on all theoretical and practical aspects of designing, building and managing secure storage systems; possible topics include, but are not limited to the following:
- Cryptographic Algorithms for Storage
- Cryptanalysis of Systems and Protocols
- Key Management for Sector and File based Storage Systems
- Balancing Usability, Performance and Security concerns
- Unintended Data Recovery
- Attacks on Storage Area Networks and Storage
- Insider Attack Countermeasures
- Security for Mobile Storage
- Defining and Defending Trust Boundaries in Storage
- Relating Storage Security to Network Security
- Database Encryption
- Search on Encrypted Information

For more information, please see http://ieeeia.org/sisw/2005/index.htm.

ICICS 2005 7th International Conference on Information and Communications Security, Beijing, China, December 6-9, 2005. [posted here 5/23/05]
Original papers are solicited for submission to the Seventh International Conference on Information and Communications Security (ICICS'05). ICICS aims to bring together individuals involved in multiple disciplines of information and communications security to foster exchange of ideas. Areas of interest include, but are not limited to:
- Access control
- Anti-Virus and Anti-Worms
- Anonymity, Authentication and Authorization
- Biometric Security
- Data and System Integrity
- Database Security
- Distributed Systems Security
- Electronic Commerce Security
- Fraud Control
- Grid Security
- Information Hiding and Watermarking
- Intellectual Property Protection
- Intrusion detection
- Key Management and Key Recovery
- Language-based Security
- Operating System Security
- Network Security
- Risk Evaluation and Security Certification
- Security for Mobile Computing
- Security Models
- Security Protocols
- Trusted Computing

For more information, please see http://www.icics2005.org/.

AXMEDIS 2005 1st International Conference on Automated Production of Cross Media Content for Multi-channel Distribution, Florence, Italy, November 30-December 2, 2005. [posted here 3/9/05]
This event seeks to promote discussion and interaction between researchers, practitioners, developers and users of tools, technology transfer experts, and project managers. AXMEDIS-2005 will bring together a variety of participants from the academic, business and industrial worlds, to address different technical and commercial issues. Particular interests include the exchange of concepts, prototypes, research ideas, industrial experiences and other results. The conference focuses on the challenges in the cross-media domain (including production, protection, management, representation, formats, aggregation, workflow, distribution, business and transaction models), and the integration of content management systems and distribution chains, with particularly emphasis on the reduction of costs and solutions for complex cross-domain problems.

Topics of interest include, but are not restricted to, the following aspects:
- Automatic cross-media production, gathering, crawling, composition, formatting, P2P, etc.
- Formats and models for multi-channel content distribution
- Multimedia standards such as MPEG-7, MPEG-21, DMP, etc.
- Legal aspects related to digital content
- High quality Audio Video Coding
- Multimedia Music representation and formatting
- Watermarking and fingerprinting techniques
- GRID and Distributed systems for Content production
- Multimedia Middleware
- Workflow management systems
- Web services for content distribution
- Distribution with P2P architectures
- Semantic Web and P2P
- Collecting and clearing of rights and licenses
- Formats and tools for Content Aware
- Archives managements for cultural and educational applications
- Digital Rights Management (DRM), models and tools, and interoperability
- Synchronisation technologies and solutions
- Business and transaction models
- Systems and approaches for content production/distribution on demand
- Digital Content User Interface
- Digital Content accessibility
- Payments model
- Novel applications and case-studies of relevant technologies

For more information, please see http://www.axmedis.org/axmedis2005/call4papers.html.

PSDM 2005 Privacy and Security Aspects of Data Mining, Held in Conjunction with 2005 IEEE International Conference on Data Mining, New Orleans, Louisiana, USA, November 27, 2005. [posted here 7/31/05]
The aim of this workshop is to address issues of privacy and security in data mining, synergize different views of techniques and policies, and brainstorm future research directions. Although techniques, such as random perturbation techniques, secure multiparty computation based approaches, cryptographic-based methods, and database inference control have been developed, many of the key problems still remain open in this area. Especially, new privacy and security issues have been identified, and the scope of this problem has been expanded. How does the privacy and security issue affect the design of data mining algorithm? What impacts will this research impose on diverse areas of counter-terrorism, distributed computation, and privacy law legislation? We encourage researchers with interest in the areas of privacy and security as well as data mining and machine learning to attend the workshop.
- Access control techniques and secure data models
- Cryptographic tools for privacy preserving data mining
- Secure learning algorithms for randomized/perturbed data
- Privacy preserving multi-party data mining
- Trust management for data mining
- Inference/disclosure related data mining
- Privacy protection in E-Commerce
- Privacy laws for fraud detection and for protecting personal data, medical data, and the public release of data
- Secure link analysis and social network analysis
- Data mining applications for terrorist detection
- Privacy enhancement technologies in web environments
- Privacy guarantees and usability of perturbation and randomization techniques
- Analysis of confidentiality control methods
- Privacy policy analysis
- Privacy preserving data integration
- Privacy policy infrastructure
- Privacy preserving query systems
- Identify theft protection

For more information, please see http://www.site.uottawa.ca/~zhizhan/ppdmworkshop2005/psdm05.

Tencon 2005 IEEE International Region 10 Conference, Melbourne, Australia, November 21-24, 2005. [posted here 9/7/05]
Tencon’05 is an international technical conference sponsored by IEEE Region 10 to be held in Melbourne Australia from 21 – 24 November 2005. Its goal is to provide an international forum for specialist presentations, discussions and interactions. Tencon'05 themes not only include extensive coverage of topics in computing, communications, signal processing and power engineering, but Tencon'05 has also extended its scope to include pertinent issues in technology and society, such as biomedical engineering, legal, privacy and security issues.

For more information, please see http://www.tencon2005.org/.

CNIS 2005 The IASTED International Conference on Communication, Network, and Information Security, Phoenix, AZ, USA, November 14-16, 2005. [posted here 5/23/05]
Modern communication systems demand everyday security, both at home and work. While email, online shopping, and pervasive computing allow increased information sharing, they also provide an avenue for malicious attackers to negate our privacy and alter our information. The IASTED International Conference on Communication, Network and Information Security (CNIS 2005) will bring together industry leaders and academic pioneers from several disciplines to further understand the direction that security is headed, and the methods that will be used to get there. This conference is for both builders and users of modern communication systems. Topics of interest include, but are not limited to:
Communication Security:
- Access Control
- Authentication
- Cryptographic Protocols and Application
- Digital Signatures
- Disaster Protocols
- Hash Functions
- Warning Systems
Network Security:
- Computer/Network Disaster Recovery
- Global Security Architectures and Infrastructures
- Hacking and Intrusion Detection
- Secure Deletion
- Secure Email
- Spam
- Viruses and Worms
- Web Security
- WiFi Spying/Sniffing
- Wireless Privacy
- Wireless Security
- Virtual Private Networks
Information Security:
- Biometrics
- Digital Rights Management
- Digitally Embedded Signatures
- DNA, Fingerprint, Iris, and Retina Scanning
- Identity Theft
- Information Hiding
- Legal and Regulatory Issues in Communication
- Operating System Security
- Plagiarism
- Privacy and Confidentiality
- Software Security
- Spyware
- Standards
- Watermarking

For more information, please see http://www.iasted.org/conferences/2005/phoenix/cnis.htm.

SWS 2005 Workshop on Secure Web Services, Held in conjunction with the 12th ACM Conference on Computer and Communications Security (CCS 2005), Fairfax, VA, USA, November 11, 2005. [posted here 6/14/05]
Basic security protocols for Web Services, such as XML Security, the WS-* series of proposals, SAML, and XACML are the basic set of building blocks enabling Web Services and the nodes of GRID architectures to interoperate securely. While these building blocks are now firmly in place, a number of challenges are still to be met for Web services and GRID nodes to be fully secured and trusted, providing for secure communications between cross-platform and cross-language Web services. Also, the current trend toward representing Web services orchestration and choreography via advanced business process metadata is fostering a further evolution of current security models and languages, whose key issues include setting and managing security policies, inter-organizational (trusted partner) security issues and the implementation of high level business policies in a Web services environment. The SWS workshop explores these challenges, ranging from the advancement and best practices of building block technologies such as XML and Web services security protocols to higher level issues such as advanced metadata, general security policies, trust establishment, risk management, and service assurance. Topics of interest include, but are not limited to, the following:
- Web services and GRID computing security
- Authentication and authorization
- Frameworks for managing, establishing and assessing inter-organizational trust relationships
- Web services exploitation of Trusted Computing
- Semantics-aware Web service security and Semantic Web Secure orchestration of Web services
- Privacy and digital identities support

For more information, please see http://ra.crema.unimi.it/sws05/.

DIM 2005 Workshop on Digital Identity Management, Held in conjunction with the 12th ACM Conference on Computer and Communications Security (CCS 2005), Fairfax, VA, USA, November 11, 2005. [posted here 6/14/05]
Digital identity management is becoming an integral part of our lives and businesses as more and more of the online interactions in which we participate depend on networked computer systems communicating potentially sensitive identity information across personal, company, and enterprise boundaries. Conversely, the abuse of digital identities (e.g. identity theft, eavesdropping, hacking, profiling, etc) poses an increasing threat to both our privacy and finances - thereby affecting society’s collective confidence in online interactions. The goals of this workshop are to explore the frontier of digital identity management, from theoretical analysis to real-world experience, to share the knowledge obtained to date, and to propose an agenda for further research. Participants from industry as well as academia are welcome and encouraged to participate. We invite you to submit a paper that deals with the emerging challenges of this new frontier of identity management. The possible list of topics includes but is not limited to:
- Identity federation
- Best practices for privacy-respecting SSO
- Identity life cycle management
- Privacy policy specification and enforcement
- Strong authentication and identity theft
- Trust and governance – P2P or centralized
- Collective identity
- Identity management in vertical areas (e.g. mobile, government and healthcare)
- Interoperability between different protocols/standards
- Identity referencing
- Privacy in geolocation services
- Pseudonymity vs anonymity
- Credential management
- Usability in identity management

For more information, please see http://www2.pflab.ecl.ntt.co.jp/dim/.

StorageSS 2005 The Storage Security and Survivability Workshop, Held in conjunction with the 12th ACM Conference on Computer and Communications Security (CCS 2005), Fairfax, VA, USA, November 11, 2005. [posted here 3/25/05]
There has been an evolution of protection solutions mirrored in both the security and survivability research communities: (1) from physical protection solutions targeting people, (2) to system protection solutions targeting networked-systems, (3) and now the new emerging paradigm of information-centric solutions targetting the data itself. This workshop focuses on stimulating new ideas in order to reshape storage protection strategies. Clearly storage security and survivability is a complex, multi-dimensional problem with dynamics over time so a large variety of approaches may be appropriate including prevention, monitoring, measurements, mitigation, and recovery.

We bring Storage-SS to the ACM CCS 2005 Conference to foster a greater exchange between computer protection researchers/professionals and computer storage researchers/professionals. In this vein, we seek submissions from both research and industry presenting novel ideas on all theoretical and practical aspects of protecting storage systems. Specifically we seek submissions in two types distinct paper categories: Regular Paper (12 page maximum) and Work-In-Progress/Short Paper (6 page maximum). A list of potential topics includes but is not limited to the following:
- storage protection tradeoffs
- storage protection deployment (including case studies)
- smart storage for security/survivability
- analysis of covert storage channels
- storage leak analysis
- mobile storage protection
- novel backup protection techniques
- storage versioning protection techniques
- storage encryption techniques (both key mgmt and crypto algorithms)
- tamper-evident storage protection techniques
- immutable storage protection techniques
- storage threat models
- storage intrusion detection systems
- storage area network (SAN) security/survivability
- security/survivability for storage over a distance
- security/survivability with Internet storage service providers
- storage security/survivability in an HPC environment

For more information, please see http://www.ncassr.org/projects/storage-sec/storageSS-2005/.

WORM 2005 3rd Workshop on Rapid Malcode (WORM), Held in conjunction with the 12th ACM Conference on Computer and Communications Security (CCS 2005), Fairfax, VA, USA, November 11, 2005. [posted here 2/27/05]
In the last several years, Internet-wide infectious epidemics have emerged as one of the leading threats to information security and service availability. The vehicles for these outbreaks, malicious codes called "worms", take advantage of the combination of software monocultures and the uncontrolled Internet communication model to quickly compromise large numbers of hosts. Such worms are increasingly being used as delivery mechanisms for various types of malicious payloads, including remote-controlled "zombies", spyware and botnets. Recent incidents have also reveals the use of new propagation techniques as well as the use of worms to target small user communities or specific applications. Current operational practices have not been able to manage these threats effectively.

This workshop continues the efforts of the previous years to provide a forum to bring together ideas, understanding and experiences bearing on the worm problem from a wide range of communities, including academia, industry and the government. We are soliciting papers from researchers and practitioners on subjects including, but not limited to:
- Automatic detection and characterization
- Reactive countermeasures
- Proactive defenses
- Threat assessment
- Email and web-based malcode
- Measurement studies
- Testbeds & evaluation
- Reverse engineering
- Significant operational experiences
- Surveys of the field
- Analysis of worm construction, current & future
- Modeling and analysis of propagation dynamics
- Forensic methods of attribution
- The combination of different types of malware

For more information, please see http://www1.cs.columbia.edu/~angelos/worm05/.

FMSE 2005 3nd ACM Workshop on Formal Methods in Security Engineering From Specifications to Code, Held in conjunction with the 12th ACM Conference on Computer and Communications Security (CCS 2005), Fairfax, VA, USA, November 11, 2005. [posted here 4/18/05]
Information security has become a crucial concern for the commercial deployment of almost all applications and middleware. Despite this commonly recognized fact, the incorporation of security requirements in the software development process is not yet well understood. The deployment of security mechanisms is often done in an ad-hoc manner only, without a formal security specification, often without a thorough security analysis and almost necessarily without a formal security validation of the final product. That is, a process is lacking for making the transition from high-level security models and policies through development to code.

We aim to bring together researchers and practitioners from both the security and the software engineering communities, from academia and industry, who are working on applying formal methods to designing and validating large-scale systems. We are seeking submissions addressing foundational issues in:
- security specification techniques
- formal trust models
- combination of formal techniques with semi-formal techniques like UML
- formal analyses of specific security properties relevant to software development
- security-preserving composition and refinement of processes
- faithful abstractions of cryptographic primitives and protocols in process abstractions
- integration of formal security specification, refinement and validation techniques in development methods and tools

For more information, please see http://www.ti.informatik.uni-kiel.de/~kuesters/FMSE05/.

ISSRE 2005 16th IEEE International Symposium on Software Reliability Engineering (ISSRE 2005), Chicago, Illinois, USA, November 8-11, 2005. [posted here 3/9/05]
ISSRE focuses on the theory and practice of Software Reliability Engineering. The conference scope includes techniques and practices to (1) verify and validate software, (2) estimate and predict its dependability, and (3) make it more tolerant/robust to faults. The major theme for this year's conference is Developing High Reliability for Ubiquitous Mobile Applications. Topics of interest include, but are not limited to, the following:
- Software reliability models
- Practice of reliability modeling
- Software architecture reliability
- Software safety analysis
- Formal reliability assurance methods
- Model-based verification and validation
- Software testing and verification
- Software test effectiveness
- Empirical reliability studies
- Reliability measurement
- Tools and automation
- Fault-tolerant and robust software
- Security testing
- Quantitative characterization of security
- Software certification
- Internet reliability engineering
- End-to-end dependability
- Dependable web services
- Quality of network service
- Dependability and performance of mobile applications
- Dependability of electronic commerce applications
- Dependability and QoS of distributed applications
- Dependability of adaptive and autonomous systems
- Distributed test environments for mobile applications
- Operational profiles of mobile user populations
- Integration of RF propagation models with end-to-end reliability models
- Automatic and in-situ RF survey and monitoring
- Collection and interpretation of end-to-end quality of service metrics
- Reliability modeling and testing of handset power management and provisioning, mobile ad hoc networks (MANETs), high-latency (satellite) channels with mobile ground stations, bandwidth-intensive (e.g., video) mobile applications, mobile PAN, LAN, MAN, or WAN over WiFi, WiMax, GSM, or CDMA, integrated WiFi, WiMax, GSM, CDMA, VOIP, multi-stack (e.g. WiFi and GSM) failure modes

For more information, please see http://rachel.utdallas.edu/issre.

WSNS 2005 2005 International Workshop on Wireless and Sensor Networks Security, Held in conjunction with the 2nd IEEE International Conference on Mobile Ad-hoc and Sensor Systems (MASS 2005), Washington DC, USA, November 7-10, 2005. [posted here 5/12/05]
Wireless networks have experienced an explosive growth during the last few years. Nowadays, there is a large variety of networks spanning from the well-known cellular networks to non-infrastructure wireless networks such as mobile ad hoc networks and sensor networks. This workshops aims to bring together researchers and practitioners from wireless and sensor networking, security, cryptography, and distributed computing communities, with the goals of promoting discussions and collaborations. We are interested in novel research on all aspects of security in wireless and sensor networks and tradeoff between security and performance such as QoS, dependability, scalability, etc. We are seeking papers that describe original and unpublished contributions addressing various aspects of secured wireless/sensor networks. Topics of interest include, but are not limited to:
- Authentication and Access Control
- Cryptographic Protocol
- Experimental Studies
- Key Management
- Information Hiding
- Intrusion Detection and Response
- Privacy and Anonymity
- Secure Localization and Synchronization
- Security and Performance tradeoff
- Security Policy and Enforcement Issues
- Security Protocols Design, Analysis and Verification
- Secure Routing/MAC
- Surveillance and Monitoring
- Trust Management

For more information, please see http://www.cs.wcupa.edu/~zjiang/wsns05.htm.

SADFE 2005 1st International Workshop on Systematic Approaches to Digital Forensic Engineering, Taipei, Taiwan, November 7-10, 2005. [posted here 5/12/05]
The SADFE (Systematic Approaches to Digital Forensic Engineering) International Workshop is intended to further the advancement of computer forensic engineering by promoting innovative & leading-edge systematic approaches to cyber crime investigation. The workshop brings together top digital forensic researchers, advanced tool/product builders, and expert law enforcement from around the world for information exchange and R&D collaboration. SADFE 2005 solicits broad-based, innovative digital forensic engineering technology, practical experience & process related submissions in the following areas:
- Systematic engineering processes & methodologies for computer forensic
- Advanced techniques in evidence collection, search, analysis, correlation, handling and preservation
- Progressive cyber crime scenario analysis and reconstruction technology
- Legal case construction & digital evidence support
- Legal and technical collaboration
- Legal and technical aspects of tool validation
- Courtroom expert witness and case presentation
- Intrusion detection systems (IDS) for computer forensic
- Forensics of embedded devices (e.g. digicams, cell phones)
- Innovative forensic engineering tools and applications
- Attack strategy analysis & modeling
- Privacy, legal and legislation issues
- Monitoring and incident response
- Forensic-enabled architectures and processes
- Advanced system and application log analysis

For more information, please see http://conf.ncku.edu.tw/sadfe/index.htm.

SASN 2005 3rd ACM Workshop on Security of Ad Hoc and Sensor Networks, Held in conjunction with the 12th ACM Conference on Computer and Communications Security (CCS 2005), Alexandria, VA, USA, November 7, 2005. [posted here 3/10/05]
Ad hoc and sensor networks are expected to become an integral part of the future computing landscape. However, these networks introduce new security challenges due to their dynamic topology, severe resource-constraints, and absence of a trusted infrastructure. SASN 2005 seeks submissions from academia and industry presenting novel research on all aspects of security for ad hoc and sensor networks, as well as experimental studies of fielded systems. This one-day workshop builds on the success of SASN 2003 and SASN 2004.

Topics of interest include, but are not limited to, the following as they relate to mobile ad hoc networks or sensor networks:
- Security under resource constraints (e.g., energy, bandwidth, memory, and computation constraints)
- Performance and security tradeoffs
- Secure roaming across administrative domains
- Key management
- Cryptographic Protocols
- Authentication and access control
- Trust establishment, negotiation, and management
- Intrusion detection and tolerance
- Secure location services
- Secure clock distribution
- Privacy and anonymity
- Secure routing
- Secure MAC protocols
- Denial of service
- Prevention of traffic analysis

For more information, please see http://discovery.csc.ncsu.edu/SASN05/.

WPES 2005 Workshop on Privacy in the Electronic Society, Held in conjunction with the 12th ACM Conference on Computer and Communications Security (CCS 2005), Alexandria, VA, USA, November 7, 2005. [posted here 6/14/05]
The need for privacy-aware policies, regulations, and techniques has been widely recognized. This workshop discusses the problems of privacy in the global interconnected societies and possible solutions. The workshop seeks submissions from academia and industry presenting novel research on all theoretical and practical aspects of electronic privacy, as well as experimental studies of fielded systems. We encourage submissions from other communities such as law and business that present these communities' perspectives on technological issues. Topics of interest include, but are not limited to:
- anonymity, pseudonymity, and unlinkability
- data correlation and leakage attacks
- electronic communication privacy
- information dissemination control
- privacy in health care and public administration
- privacy and confidentiality management
- personally identifiable information
- privacy-aware access control
- privacy in the digital business
- privacy enhancing technologies
- privacy policies
- privacy and anonymity on the Web
- privacy in the electronic records
- public records and personal privacy
- privacy and human rights
- privacy threats
- privacy and virtual identity
- privacy policy enforcement
- privacy and data mining
- privacy vs. security
- user profiling
- wireless privacy
- economics of privacy

For more information, please see http://wpes05.dti.unimi.it/.

CCS 2005 12th ACM Conference on Computer and Communications Security, Alexandria, VA, USA, November 7-11, 2005. [posted here 11/14/04]
Papers offering novel research contributions to any aspect of computer security are solicited for submission to the 12th ACM conference. The primary focus is on high-quality original unpublished research, case studies, and implementation experiences. Papers should have practical relevance to the construction, evaluation, application, or operation of secure systems. Theoretical papers must make convincing arguments for the practical significance of the results. Theory must be justified by compelling examples illustrating its application.

Topics of interest include:
- access control
- authentication
- accounting and audit
- database and system security
- security for mobile code
- applied cryptography
- data/system integrity
- smart-cards and secure PDAs
- cryptographic protocols
- e-business/e-commerce
- intrusion detection
- inference/controlled disclosure
- key management
- privacy and anonymity
- security management
- intellectual property protection
- information warfare
- secure networking
- security verification
- commercial and industry security

For more information, please see http:///www.acm.org/sigsac/ccs/.

DRM 2005 Workshop on Digital Rights Management, Held in conjunction with the 12th ACM Conference on Computer and Communications Security (CCS 2005), Alexandria, VA, USA, November 7, 2005. [posted here 6/14/05]
Digital Rights Management (DRM) is an area of pressing interest, as the Internet has become the center of distribution for digital goods of all sorts. The business potential of digital content distribution is huge, as are its economic, legal and social implications. DRM, as a technical interdisciplinary field, is at the heart of controlling the digital content and assuring authorized, user friendly, safe, well-managed, automated, and fraud-free distribution. The field of DRM combines cryptographic technology, software and systems research, information and signal processing methods, legal, social and policy aspects, as well as business analysis and economics. Original papers on all aspects of Digital Rights Management are solicited for submission to DRM 2005, the Fifth ACM Workshop on Digital Rights Management. Topics of interest include but are not limited to:
- anonymous publishing
- architectures for DRM systems auditing
- business models for online content distribution
- computing environments and platforms for DRM systems
- copyright-law issues, including but not limited to fair use
- digital policy management
- implementations and case studies
- privacy and anonymity
- risk management
- robust identification of digital content
- security issues, including but not limited to authorization, encryption, tamper resistance, and watermarking.
- software related issues.
- supporting cryptographic technology including but not limited to traitor tracing, broadcast encryption, obfuscation.
- threat and vulnerability assessment.
- concrete software patent cases
- usability aspects of DRM systems.
- web services related to DRM systems

For more information, please see http://www.titr.uow.edu.au/DRM2005/.

IWCIP 2005 1st IEEE International Workshop on Critical Infrastructure Protection, Darmstadt, Germany, November 3-4, 2005. [posted here 6/14/05]
The IEEE Task Force on Information Assurance is sponsoring an interdisciplinary workshop on research, policy, and experience in the field of critical infrastructure protection (CIP) and critical information infrastructure protection (CIIP). The workshop seeks submissions from academia, government, and industry presenting novel research, policy, and applications and experience in the field of critical infrastructure protection. Possible topics include, but are not limited to the following:

Scientific and Technical Understanding of CIP/CIIP
- Modeling, analysis, and assessment of infrastructures and their interdependencies
- Identification of public and private assets for CIP/CIIP
- Analysis and management of threats, risks, and vulnerabilities of critical infrastructures at the national level
- Cyberterrorism, cybercrime, and information operations

Scientific, Technical, and Organizational Approaches for CIP/CIIP
- Information security, security engineering, software security for CIP/CIIP
- CIP/CIIP requirements of the information society
- Early warning and information sharing networks
- Knowledge-based alerting and management approaches and mechanisms
- Public-Private-Partnerships (PPP) and their security requirements for cooperative CIP/CIIP
- Information Sharing and Analysis Centers (ISAC), information sanitization, and secure exchange of confidential information
- Global/enterprise security architectures and information infrastructures

National and Transnational CIP/CIIP Positions and Issues
- Definition and analysis of national CIP/CIIP policies and positions
- Mechanisms for international cooperation among CIP groups

For more information, please see http://www.iwcip.org/2005/.

DRMTICS 2005 1st International Conference on Digital Rights Management: Technologies, Issues, Challenges and Systems, Sydney, Australia, October 31 - November 2, 2005. [posted here 5/23/05]
This new conference series (abbreviated: DRMTICS, pronounced: "dramatics") seeks submissions from academia and industry describing novel research results that cover theoretical and practical advancements in all areas of DRM systems. The conference will serve as a broad multi-disciplinary forum for all DRM related issues. Of particular interest this year are rights expression languages, processes and methods for DRM applications, together with social, legal, usability, and business aspects of such systems. Alternative economic and incentive based models, their analysis, implementation and case studies are highly encouraged. Topics include but are not limited to:
- DRM systems and architecture
- ODRL, XrML and other rights expression languages
- Usage monitoring and metering
- Business and charging models for content distribution
- Economic aspects of content distribution
- Code obfuscation and software protection
- Usability aspects of DRM systems
- Concrete software patent cases
- DRM law and policy issues
- Fair use and copyright law issues
- Content sharing and mobility
- Privacy enhanced content distribution
- Peer-to-peer systems for content distribution
- MPEG-21, OMA and other standard activities for DRM
- Security technologies (including, but not limited to, authorisation, encryption, tamper resistance and controlled access)
- Watermarking, fingerprinting and content identification
- Broadcast encryption and traitor tracing
- Implementations and case studies of DRM systems
- Web services for content distribution
- Access control systems for digital rights management
- Interoperability and accessibility
- Electronic publication and digital libraries
- Issues in distributed computer games

For more information, please see http://www.titr.uow.edu.au/DRMTICS2005.

NIST-CHW 2005 Cryptographic Hash Workshop, Gaithersburg, Maryland, USA, October 31 - November 1, 2005. [posted here 5/9/05]
Recently a team of researchers reported that the SHA-1 function offers significantly less collision resistance than could be expected from a cryptographic hash function of its output size. NIST plans to host a Cryptographic Hash Workshop on Oct. 31-Nov. 1, 2005 to solicit public input in how best to respond to the current state of research in this area. The workshop has the following goals:
- Assess the status of the current NIST-approved hash functions, i.e., the SHA-256 and SHA-512 families in addition to SHA-1
- Discuss short term actions to mitigate the potential problems with the various applications of the approved hash functions
- Discuss the conditions that would warrant an early transition away from any of the approved hash functions
- Discuss the potential replacement options for any of the approved hash functions
- Clarify the properties of unkeyed cryptographic hash functions required for different applications

For more information, please see http://www.nist.gov/hash-function.

VizSEC 2005 2nd Workshop on Visualization for Computer Security, Held in conjunction with IEEE Vis2005 and InfoVis2005, Minneapolis, Minnesota, USA, October 26, 2005. [posted here 3/9/05]
Networked computers are increasingly ubiquitous, and they are subject to attack, misuse, and abuse. Every effort is being made by organizations and individuals to build and maintain trustworthy computing systems. The traditional, signature-based and statistical methods are limited in their capability to cope with the large, evolving data and the dynamic nature of Internet. In many applications, visualization proves very effective to understand large high-dimensional data. Thus, there is a growing interest in the development of visualization methods as alternative or complementary solutions to the pressing cyber security problems. We solicit papers that report innovative results in solving all aspects of cyber security problems with visualization techniques.

For more information, please see http://www.cs.ucdavis.edu/~ma/VizSEC05/.

ITW 2005 Information Theory Workshop on Theory and Practice in Information-Theoretic Security, Awaji Island, Japan, October 16-19, 2005. [posted here 3/10/05]
The 2005 Information Theory Workshop will be devoted to the dissemination and further development of the boundary areas between information theory and information security. A main goal of the workshop is to create a unique and excellent venue for researchers working in diverse disciplines to exchange latest research results on unconditional security and to discuss directions for future explorations. Topics which this workshop deals with include (but are not limited to):
- Theoretical and practical topics concerning information-theoretic security
- Paradigms, approaches and techniques concerning information-theoretic security
- Information theory applicable to information security
- Applications of information theory to computational security
- Topics in the bounded storage model and the noisy channel model
- Quantum information theory applicable to information security
- Quantum cryptography

For more information, please see http://imailab-www.iis.u-tokyo.ac.jp/~itw05/.

Mycrypt 2005 International Conference on Cryptology in Malaysia, Kuala Lumpur, Malaysia, September 28 – October 1, 2005. [posted here 3/21/05]
Original papers on all technical aspects of cryptology are solicited for submission to Mycrypt 2005, the inaugural international conference on cryptology, hosted in Malaysia. The conference is co-organized by iSECURES (Information Security Research) Lab at Swinburne University of Technology (Sarawak Campus), NISER (National ICT Security and Emergency Response Centre) and INSPEM (Institute for Mathematical Research) at UPM (University Putra Malaysia).

For more information, please see http://www.niser.org.my/mycrypt2005/.

MMM-ACNS 2005 3rd International Workshop on Mathematical Methods, Models and Architectures for Computer Networks Security, St. Petersburg, Russia, September 24-28, 2005. [posted here 1/16/05]
The Firs and Second International Workshops "Mathematical Methods, Models and Architectures for Computer Networks Security" (MMM-ACNS-2001 (http://space.iias.spb.su/mmm2001/main.jsp) and MMM-ACNS-2003 (http://space.iias.spb.su/mmm-acns03/index.jsp)) organized in 2001 and 2003 respectively by St. Petersburg Institute for Informatics and Automation, Binghamton University (SUNY) and US Air Force Research Laboratory/Information Directorate and supported by the European Office of Aerospace Research and Development USAF, Office of Naval Research Global, and Russian Foundation of Basic Research were very successful. These workshops demonstrated the high interest of the international scientific community to the theoretical aspects of the computer network and information security and the need for conducting of such workshops as on-going series. The proposed MMM-ACNS-2005 Workshop is intended as a third step in this series and will be focused on theoretical problems in the area under consideration. Its objectives are to bring together leading researchers from academia and governmental organizations as well as practitioners in the area of computer networks and information security, facilitating personal interactions and discussions on various aspects of information technologies in conjunction with computer network and information security problems arising in large-scale computer networks engaged in information storing, transmitting, and processing.
Papers may present theory, technique, and applications on topics including but are not restricted to: - Adaptive security
- Anonymity and privacy
- Authentication and authorization
- Access control
- Computer and network forensics
- Data and application security
- Data mining, machine learning, immunological and cognitive approaches to security
- Deception systems and honeypots
- Denial-of-service attacks and countermeasures
- Electronic commerce security
- Formal analysis of security properties
- Game theoretic approaches to security
- Information flow analysis
- Information survivability
- Information warfare and critical infrastructure protection
- Integrated information security systems based on information fusion
- Intrusion and fraud avoidance, detection, response and tolerance
- Insider attack countermeasures
- Language-based security
- Modeling malicious behavior or attacks
- Monitoring and surveillance
- Network perimeter controls: firewalls, packet filters, application gateways
- New ideas and paradigms for security
- Operating system security
- Public key infrastructure, key management, certification, and revocation
- Risk analysis and risk management
- Security of emerging technologies: sensor networks, wireless/mobile (and ad hoc) networks, personal communication systems, peer-to-peer and overlay network systems
- Security of autonomous agents and multi-agent systems: protecting agents and agent infrastructure from attacks, secure agent communication, secure mobile agents and mobile code, trusted agents
- Security modeling and simulation
- Security policies: specification, refining, verification, implementation, deployment and management
- Security requirements engineering
- Security specification and verification
- Trust establishment, negotiation, and management, including trust and reputation in virtual organizations
- Virtual private networks
- Viruses, worms, and other malicious code
- Vulnerability assessment
- Wireless communication security
- World wide web security

For more information, please see http://space.iias.spb.su/mmm-acns05/.

IWAP 2005 4th International Workshop for Applied PKI, Singapore, September 21-23, 2005. [posted here 12/13/04]
IWAP'05 will be held in Singapore on September 21-23, 2005. Original papers on all aspects of PKI are solicited for submission to IWAP'05. Topics of interest include, but are not limited to, the following:
- Authentication & Verification
- Bio-PKI & Mobile PKI
- Case Studies
- Certificates and its Revocation
- Cross Certification
- Design & Implementation
- Interoperability & Standards
- Key Management & Recovery
- Legal Issues, Policies & Regulations
- Modeling & Architecture
- Privilege Management Infrastructure
- Protocols & Applications
- Reliability & Fault-Tolerance
- Risk Management & Analysis
- Security Analysis & Testing
- Signature Validation
- Time Stamping
- Trust & Privacy

For more information, please see http://iwap05.i2r.a-star.edu.sg/.

NSPW 2005 New Security Paradigms Workshop, Lake Arrowhead, California, USA, September 20-23, 2005. [posted here 2/4/05]
NSPW is a unique workshop that is devoted to the critical examination of new paradigms in security. Our program committee particularly looks for new paradigms, innovative approaches to older problems, early thinking on new topics, and controversial issues that might not make it into other conferences but deserve to have their try at shaking and breaking the mold. We welcome three categories of submission:
- Research papers should be of a length commensurate with the novelty of the paradigm and the amount of novel material that the reviewer must assimilate in order to evaluate it.
- Position papers should be 5 - 10 pages in length and should espouse a well reasoned and carefully documented position on a security related topic that merits challenge and / or discussion.
- Discussion topic proposals. Discussion topic proposals should include an in-depth description of the topic to be discussed, a convincing argument that the topic will lead to a lively discussion, and supporting materials that can aid in the evaluation of the proposal. The later may include the credentials of the proposed discussants. Discussion topic proposers may want to consider involving conference organizers or previous attendees in their proposals.

For more information, please see http://www.nspw.org.

FloCon 2005 2nd Annual FloCon 2005 Analysis Workshop, New Orleans, Louisiana, USA, September 20-22, 2005. [posted here 2/14/05]
FloCon is an open workshop that provides a forum for researchers, operational analysts, and other parties interested in the security analysis of large volumes of traffic to develop the next generation of flow-based analysis. Flow is an abstraction of network traffic in which packets are grouped together by common attributes over time. In security, flow has been used to survey and analyze large networks and long periods of time, but the field is still in its infancy.

FloCon 2005 will have an active workshop structure: our goal is to have presentations coupled with working breakout sessions on specific topics. Based on submissions and suggestions, we will develop a three-day track.

Appropriate topics include, but are not limited to, the following:
- Experience reports in flow analysis
- Operational security analysis using flows
- Advanced flow analysis techniques
- Expanding the flow format for security needs
- Integrating flows into other security analysis
- Facilitating data sharing/public repositories
- Flow collection technologies
- Network traffic modeling for security
- Alternative traffic abstracts for services

For more information, please see http://www.cert.org/flocon/.

MADNES 2005 Secure Mobile Ad-hoc Networks and Sensors workshop, Held in conjunction with the ISC '05 conference, Singapore, September 20-22, 2005. [posted here 12/22/04]
The MADNES workshop. co-sponsored by the SAIT Laboratory and the U.S. Army Research Office will feature information about security in mobile and ad-hoc networks. Proceedings will be published as Springer-Verlag, LNCS. Topics of interest include:
- Security and fault tolerance
- Privacy issues
- Security & privacy applications of mobile agents and intelligent autonomous systems
- Distributed denial of service attacks and defenses
- Mobile code security and verification
- Key management and trust infrastructures
- Security, privacy and efficiency trade-offs
- Secure distributed algorithms
- Secure & private protocols for dynamic group applications
- Secure location, discovery and authentication of neighbors
- Secure timing and synchronization
- Secure/private data collection and aggregation
- Secure self-configuration
- Secure routing
- Analysis and simulation of security and privacy properties
- Case Studies
- Energy efficient cryptography

For more information, please see http://www.sait.fsu.edu/madnes/cfp.shtml.

ISC 2005  8th Information Security Conference, Singapore, September 20-23, 2005. [posted here 12/13/04]
ISC'05 will be held in Singapore on 20-23 September, 2005. Original papers on all technical
aspects of information security are solicited for submission to ISC'05. Topics of interest include, but are not limited to, the following:
- Access Control
- Ad Hoc & Sensor Network Security
- Applied Cryptography
- Authentication and Non-repudiation
- Cryptographic Protocols
- Denial of Service
- E-Commerce Security
- Identity and Trust Management
- Information Hiding
- Insider Threats and Countermeasures
- Intrusion Detection & Prevention
- Network & Wireless Security
- Peer-to-Peer Security
- Privacy and Anonymity
- Security Analysis Methodologies
- Security in Software Outsourcing
- Systems and Data Security
- Ubiquitous Computing Security

For more information, please see http://isc05.i2r.a-star.edu.sg/.

CoALa 2005 Workshop on Contract Architectures and Languages, Held in conjunction with the 9th International IEEE Enterprise Distributed Object Computing Conference (EDOC 2005), Fairfax, VA, USA, September 20, 2005. [posted here 5/16/05]
This Workshop will provide a collaborative forum for the participants to exchange recent or preliminary results, to conduct intensive discussions on a particular topic, or to coordinate efforts between representatives of a technical community in the area of Contract Architectures and Languages. The program committee seeks papers and proposals that address various aspects of contracts, including enterprise modeling, e-business, formal and legal aspects with the aim of providing a balanced mix of presentations from these different perspectives. Topics of interest include, but are not limited to:
- Enterprise contract architectures
- Contract as a basis for coordination of cross-organisational interactions
- Contracts from system theoretic point of view
- Formalisms for expressing contracts
- Contract description languages
- Contract negotiation, validation
- Run-time contract monitoring and enforcement
- tandardisation activities for e-contracts (e.g. legalXML OASIS and UN/CEFACT): status and directions
- The use of model-driven techniques and tools
- Legal issues associated with electronic contracts
- Tools for drafting and constructing contracts
- Integration of contract management systems with other enterprise systems, e.g. payment systems and ERP systems
- Contract management requirements for specific contracts, e.g. SLAs, construction, financial and e-government contracts
- Trust and contract management issues
- Use and applicability of existing standards/initiatives (e.g. Web Services, BPEL4WS, WS-CDL, RuleML etc)
- Links between contracts and business processes
- Practical experience with contract management systems

For more information, please see http://www.dstc.edu.au/Research/Projects/coala/2005/.

FOSAD 2005 5th International School on Foundations of Security Analysis and Design, Bertinoro, Italy, September 19-24, 2005. [posted here 02/01/05]
Security in computer systems and networks is emerging as one of the most challenging research areas for the future. The main aim of the school is to offer a good spectrum of current research in foundations of security, ranging from programming languages to analysis of protocols, that can be of help for graduate students, young researchers from academia or industry that intend to approach the field. The FOSAD series started in 2000 and last edition was in 2004. This year the school covers one week (from Monday 19 to Saturday 24, September 2005) and alternates monographic courses of 4/6 hours and short courses of 2/3 hours. We also encourage presentations given by those participants that intend to take advantage of the audience for discussing their current research in the area.

The school is organized at the University Residential Center of Bertinoro, situated in Bertinoro, a small village on a scenic hill with a wonderful panorama, in between Forli' and Cesena (about 50 miles south-east of Bologna, 15 miles to the Adriatic sea). The cheapest way to travel is by plane to Forli' airport (the secondary airport of Bologna), which is daily connected to London and Frankfurt AM through the low fares airline Ryanair.

For more information, please see http://www.sti.uniurb.it/events/fosad.

PBA 2005 International Workshop on Protection by Adaptation, Held in conjunction with the 7th International Conference on Information Integration and Web Based Applications & Services (iiWAS2005), Kuala Lumpur, Malaysia, September 19-21, 2005. [posted here 3/9/05]
For most people, security refers to cryptographic algorithms, biometric authentication techniques, passwords, etc. Beyond these intuitive notions, security is rather a very broad topic and may be viewed from a variety of other perspectives, including new access control models, software architectures for security systems, and security policies specifications. Emerging applications are subject to a high number of attacks due to the distributed nature of these new environments, mobility of users and devices, services heterogeneity and the different capabilities of devices used to access these services.

The aim of this workshop is to encourage the research community to better consider context-based security as a new trend that may face future more subtle security attacks. We believe that the force of a good security system should not rely only on the force of security protocols but also on the way it copes with new and completely unpredictable situations or at least learn from new situations and updates its behavior accordingly. This goal can be reached by making future security solutions freely adaptive. We look for original submissions on the following topics (but not limited to):
- Security in mobile, wireless and ad hoc environments
- Dynamic security policies
- Context-based access control
- Context in security
- Agile encryption
- Artificial intelligence and security
- Adaptive security solutions
- Middleware for context-based security systems
- Conflicting norms issues in security policies
- Flexible security architectures for pervasive applications
- Security contexts discovery, retrieval, representation and modeling
- Modeling users’ security profiles
- Metrics for evaluating security infrastructures
- Testing of adaptive security systems
- Software architectures for adaptive security (design patterns, etc)
- Adaptive security levels in heterogeneous environments
- Enforcing applications security semantics
- Metrics for predicting security threats

For more information, please see http://www.iiwas.org/workshops/pba-2005/.

CMS 2005 9th IFIP TC-6 TC-11 Conference on Communications and Multimedia Security, Salzburg, Austria, September 19-21, 2005. [posted here 3/9/05]
CMS is a joint working conference of IFIP TC6 and TC11. The CMS conference attempts to be a forum for researchers working on all aspects of communications and multimedia security. This year the organizers especially encourage submissions on topics such as security of information hiding, combined encryption and watermarking schemes, XML security and network security. Papers should have practical relevance to the construction or evaluation of secure systems; theoretical papers should demonstrate their practical significance. We solicit papers describing original ideas and research results related to the Communication and Multimedia Security area. Suggested topics include - but are not limited to:
- Applied cryptography
- Privacy protection
- Biometrics
- Security for mobile devices
- Security of multimedia content
- Network security
- Steganography
- Secure Electronic Commerce
- Digital watermarking
- Web security
- Cryptography
- Digital Rights Management
- Identification and authentication
- XML security

For more information, please see http://cms2005.sbg.ac.at/call.html.

ECC 2005 9th Workshop on Elliptic Curve Cryptography (ECC 2005), Technical University of Denmark, Copenhagen, Denmark, September 19-21, 2005. [posted here 3/6/05]
ECC 2005 is the ninth in a series of annual workshops dedicated to the study of elliptic curve cryptography and related areas. Over the past years the ECC conference series has broadened its scope beyond curve-based cryptography and now covers a wide range of areas within modern cryptography. For instance, past ECC conferences included presentations on hyperelliptic curve cryptography, pairing-based cryptography, quantum key distribution, AES, implementation issues, and deployments (e.g., cryptography for travel documents). At the same time ECC continues to be the premier conference on elliptic curve cryptography. It is hoped that ECC 2005 will further our mission of encouraging and stimulating research on the security and implementation of elliptic curve cryptosystems and related areas, and encouraging collaboration between mathematicians, computer scientists and engineers in the academic, industry and government sectors.

As with past ECC conferences, there will be about 15 invited lectures (and no contributed talks) delivered by internationally leading experts. There will be both state-of-the-art survey lectures as well as lectures on latest research developments.

For more information, please see http://www.cacr.math.uwaterloo.ca/conferences/2005/ecc2005/announcement.html.

FEE 2005 Frontiers in Electronic Elections, Milan, Italy, September 15-16, 2005. [posted here 7/22/05]
The workshop is organized by ECRYPT, the European Network of Excellence in Cryptology, and in association with ESORICS 2005, the 10th European Symposium on Research in Computer Security, which takes place September 12-14, in Milan. The workshop is an activity of ECRYPT's PROVILAB, the virtual lab on cryptographic protocols. It follows in the tradition of a series of workshops devoted to cryptographic voting methods, such as WOTE '01 and the 2003 DIMACS Workshop on Electronic Voting. For some 25 years cryptographers have been proposing electronic voting schemes of ever increasing strength and versatility, dealing with ballot secrecy, election integrity etc., typically viewing the problem as a special case of secure multiparty computation. The aim of this workshop is to bring together researchers and practitioners from academia and industry, who are working on cryptographic protocols for electronic voting systems, to evaluate the state of the art, to share practical experiences, and to look for possible enhancements. Topics include but are not limited to:
- Election integrity
- Election verifiability
- Ballot secrecy
- Voter anonymity
- Voter authorization
- Receipts and coercibility
- Secure bulletin boards
- Implementation of broadcast channels
- Implementation of anonymous channels
- Threat models
- Formal requirements
- Formal security analysis

For more information, please see http://www.win.tue.nl/~berry/fee2005/.

STM 2005 1st International Workshop on Security and Trust Management, Held in conjunction with ESORICS 2005, Milano, Italy, September 15, 2005. [posted here 5/10/05]
STM (Security and Trust Management) is a recently established working group of ERCIM (European Research Consortium in Informatics and Mathematics). It is planned to organize STM workshops on a yearly basis. This will be the first workshop in this series. The focus of this first workshop will coincide with the research topics of the STM working group. These comprise:
- To investigate the foundations and applications of security and trust in ICT
- To study the deep interplay between trust management and common security issues such as confidentiality, integrity and availability
- To identify and promote new areas of research connected with security management, e.g. dynamic and mobile coalition management (e.g., P2P, MANETs, Web/GRID services)
- To identify and promote new areas of research connected with trust management, e.g. reputation, recommendation, collaboration etc.
- To provide a platform for presenting and discussing emerging ideas and trends.

The topics of interest of this workshop include but are not limited to:
- Rigorous semantics and computational models for security and trust
- Security and trust management architectures, mechanisms and policies
- Networked systems security
- Privacy and anonymity
- Identity management
- ICT for securing digital as well as physical assets
- Cryptography

For more information, please see http://www-rocq.inria.fr/arles/events/STM2005/index.html.

QoP 2005 1st Workshop on Quality of Protection, Held in conjunction with ESORICS 2005 and METRICS 2005, Milano, Italy, September 15, 2005. [posted here 4/29/05]
Information Security in Industry has matured in the last few decades. Standards such as ISO17799, the Common Criteria (ISO15408), a number of industrial certification and risk analysis methodologies have raised the bar on what is considered a good security solution from a business perspective. However, even a fairly sophisticated standard such as ISO17799 has an intrinsically qualitative nature. Notions such as Security Metrics, Quality of Protection (QoP) or Protection Level Agreement (PLA) have surfaced in the literature but still have a qualitative flavour. The QoP Workshop intends to discuss how security research can progress towards a notion of Quality of Protection in Security comparable to the notion of Quality of Service in Networking, Software Reliability, or Software Measurements and Metrics in Empirical Software Engineering. Topics of interest include, but are not limited to:
- Industrial Experience
- Security Risk Analysis
- Security Quality Assurance
- Measurement-based decision making and risk management
- Empirical assessment of security architectures and solutions
- Mining data from attacks and vulnerabilities repositories
- Security metrics
- Measurement theory and formal theories of security metrics
- Security measurement and monitoring
- Experimental verification and validation of models
- Simulation and statistical analysis, stochastic modeling
- Reliability analysis

For more information, please see http://dit.unitn.it/~qop/.

ESORICS 2005 10th European Symposium on Research in Computer Security, Milan, Italy, September 14-16, 2005. [posted here 1/18/05]
Papers offering novel research contributions in any aspect of computer security are solicited for submission to the Tenth European Symposium on Research in Computer Security (ESORICS 2005). Organized in a series of European countries, ESORICS is confirmed as the European research event in computer security. The symposium started in 1990 and has been held on alternate years in different European countries and attracts an international audience from both the academic and industrial communities. From 2002 it has been held yearly. The Symposium has established itself as one of the premiere, international gatherings on information assurance. Papers may present theory, technique, applications, or practical experience on topics including:
- access control
- accountability
- anonymity
- applied cryptography
- authentication
- covert channels
- cryptographic protocols
- cybercrime
- data and application security
- data integrity
- denial of service attacks
- dependability
- digital right management
- firewalls
- formal methods in security
- identity management
- inference control
- information dissemination control
- information flow control
- information warfare
- intellectual property protection
- intrusion tolerance
- language-based security
- network security
- non-interference
- peer-to-peer security
- privacy-enhancing technology
- pseudonymity
- secure electronic commerce
- security administration
- security as quality of service
- security evaluation
- security management
- security models
- security requirements engineering
- security verification
- smartcards
- steganography
- subliminal channels
- survivability
- system security
- transaction management
- trust models and trust management policies
- trustworthy user devices

For more information, please see http://esorics05.dti.unimi.it/.

AMESP 2005 Workshop on Appropriate Methodology for Empirical Studies of Privacy, Rome, Italy, September 12, 2005. [posted here 5/16/05]
The workshop aims to reflect on appropriate methodology to empirically study privacy issues related to technology by drawing upon both theoretical perspectives as well as practical experiences. Successful as well as failed empirical investigations could prove quite illuminating for this purpose. Some of the questions the workshop plans to address include:
- What methodologies are suited for studying privacy in what kinds of settings?
- What criteria could be applied to determine appropriateness of a given methodology for a given setting?
- For each methodology, what are the best practices to follow and the pitfalls to avoid?
- For each methodology, how could bias be avoided?
- In what ways do methodologies complement each other?
- Given that cultural values regarding privacy, and legal and policy aspects of privacy reflexively influence each other, could we hope to isolate the effect of each of these on privacy practices? If so, how?
- In what ways can we address the mismatch between stated user preferences and actual user practices?

For more information, please see http://www.privacymethodologies.tk.

PIC 2005 Workshop on UbiComp Privacy: Privacy in Context, Tokyo, Japan, September 11, 2005. [posted here 5/23/05]
The main goals of this workshop are to discuss social, technical, and legal solutions to reducing, managing, or redefining privacy risks under the various constraints shaped by the context of a certain application, a specific set of users, or a particular culture. Instead of seeing privacy as an isolated abstract concept we are interested in reviewing and discussing privacy as an integral part of individual contexts of technology use, which greatly influences both concepts and systems design. We invite submissions reflecting diverse perspectives on privacy, whether based on notions of individual rights, legal contracts, economic incentives, social obligation, or interpersonal intimacy.
Social and legal issues in ubicomp privacy
- How do various technology stakeholders (designers, managers, employees, consumers, regulators, activists, citizens, etc.) conceive of privacy and its relevance to ubicomp technologies? How do conceptions change over time, as they use and become more familiar with systems?
- What incentives work best for ubicomp systems? How can weaker parties (e.g., individuals) respond to organizations’ desire for information? How should this shape design?
- How can we conceptualize, design, and provide context-dependent privacy that dynamically changes according to a specific situation or user need? Can we gather key insights from users’ day-to-day practices to assist in the design of large-scale ubiquitous computing systems?
- How is privacy enacted and conceived differently in different cultures and communities, e.g., in different countries, across professional groups, within families, between genders?
- How do affordances of different application domains shape the level of privacy users expect, or the level of privacy that can be provided?
- What trade-offs are necessary to balance privacy vs. efficiency, convenience, and security? Under what circumstances is privacy to be limited or expanded?
Methods for investigating and building ubicomp privacy
- What are the best methods for evaluating, measuring, and understanding privacy concerns? What kinds of qualitative and quantitative approaches work well?
- What can be learned from past cases? What ubicomp-relevant systems have succeeded or failed because (or despite) of their treatment of personal information and privacy risks? What systems have successfully transitioned (or unexpectedly failed to transition) from one context or culture to another?
- Which research methods have been applied to the empirical and social study of ubiquitous computing systems and privacy? Can we identify best practices for laboratory and field experiments as well as potential longitudinal studies?
- What kinds of design methods are most effective for understanding the privacy concerns of a given community, especially while early in the design process?
- What kinds of tools are useful for prototyping and implementing privacy-sensitive systems?
- What progress is needed in core technologies such as cryptography, trusted systems, AI inference and user modeling to implement better privacy-sensitive systems?

For more information, please see http://www.sims.berkeley.edu/~jensg/Ubicomp2005/.

RAID 2005  Eighth International Symposium on Recent Advances in Intrusion Detection, Seattle, Washington, USA, September 7-9, 2005. [posted here 12/13/04]
This symposium, the eighth in an annual series, brings together leading researchers and practitioners from academia, government, and industry to discuss intrusion detection technologies and issues from the research and commercial perspectives. The RAID International Symposium series is intended to further advances in intrusion defense by promoting the exchange of ideas in a broad range of topics.

For RAID 2005 we are expanding our historical scope from a focus on intrusion detection to the broader field of intrusion defense. Of particular interest are intrusion tolerant systems and systems for which detection triggers an adaptive response. As in 2004, we welcome papers that address issues related to intrusion defense, including information gathering and monitoring, as a part of a larger, not necessarily purely technical, perspective. We also invite papers on the following topics, as they bear on intrusion detection and the general problem of information security:
- Risk assessment and risk management
- Intrusion tolerance
- Deception systems and honeypots
- Vulnerability Analysis and Management
- IDS Assessment
- IDS Survivability
- Privacy aspects
- Data mining techniques
- Visualization techniques
- Cognitive approaches
- Biological approaches
- Self-learning
- Case studies
- Legal issues
- Critical infrastructure protection (CIP)

For more information, please see http://www.conjungi.com/RAID/ and http://www.raid-symposium.org/.

SECOVAL 2005 SECOVAL Workshop: The Value of Security through Collaboration, Held in conjunction with the 1st International Conference on Security and Privacy for Emerging Areas in Communication Networks(SECURECOMM 2005), Athens, Greece, September 5-9, 2005. [posted here 2/27/05]
Security is usually centrally managed, for example in a form of policies duly executed by individual nodes. This workshop will cover the alternative trend of using collaboration and trust to provide security. Instead of centrally managed security policies, nodes may use specific knowledge (both local and acquired from other nodes) to make security-related decisions. The research addressed by the workshop can be roughly divided into three main areas, each answering the individual research questions. They are: (a) Reasoning behind current trends in security through collaboration, (b) different approaches and models to security through collaboration, (c) the unique set of problems and risks brought by security through collaboration. Contributions should address at least one of these areas.

Topics of interest to the workshop include, but are not limited to:
- Approaches to security through collaboration
- Specificities of security through collaboration
- Trust models and metrics
- Standardization of trust metrics
- Value and meaning of trust
- Trust-based security decision process
- Value and models of networks of collaborators
- Threat and risk analysis of security through collaboration
- Attacks due to collaboration and mitigation of these attacks
- Technical trust of the underlying infrastructure used for deployment
- Costs and benefits of trust and collaboration based security compared to other models
- Privacy and legal aspects of security through collaboration

For more information, please see http://www.secoval.org.

CNFR 2005 Computer Network Forensics Research Workshop, Held in conjunction with the 1st International Conference on Security and Privacy for Emerging Areas in Communication Networks(SECURECOMM 2005), Athens, Greece, September 5-9, 2005. [posted here 3/5/05]
The First Computer Network Forensics Research Workshop will bring together researchers and practitioners of computer network forensics to further define and refine field while sharing their research results. Goals of CNFR '05 are (a)disseminate New and in-progress research in network forensics, (b) define Network Forensics as an area, how it relates to other areas and what new problems are to be faced, and (c) build a community of those interested in network forensics.

Topics of interest to the workshop include, but are not limited to:
- Defining/Modeling Network Forensics
- Legal/Practical Challenges to Network Evidence
- Application of Traditional Security Tools
- Network Forensics Architectures
- Traceback & Attribution
- Evidence Collection/Storage
- International/Internet Legal Issues/Case Studies
- Problems with Use of Traditional Network Tools
- Law Enforcement/Legal Perspectives
- Other Digital Forensics-related Research

For more information, please see http://www.ece.iastate.edu/cnfr/.

SECURECOMM 2005 1st International Conference on Security and Privacy for Emerging Areas in Communication Networks, Athens, Greece, September 5-9, 2005. [posted here 02/01/05]
SCOPE: The focus of this conference is two-fold: a) Security and Privacy in wireless, mobile, ad hoc, sensor, personal-area and RFID networks, b) Security and Privacy in pervasive and ubiquitous computing. The conference aims to bring together academic, industrial and government researchers, practitioners, standards developers and policy makers. Topics of interest include, but are not limited to:
- Wireless Network Security (WiFi, WiMAX, WiMedia and others)
- Sensor and Mobile Ad Hoc Network Security
- Security of GSM/GPRS/UMTS systems
- RFID security and privacy
- Wireless Intrusion Detection Systems, tolerance and recovery
- Firewalls and Application gateways for wireless/mobile networks and pervasive/ubiquitous computing
- Public key infrastructures for wireless/mobile networks and pervasive/ubiquitous computing
- Web Security, Authentication and Authorization in wireless/mobile networks and pervasive/ubiquitous computing
- Privacy/Anonymity Preserving Design in wireless/mobile networks and pervasive/ubiquitous computing
- E-commerce protocols and micropayment schemes
- Secure Localization systems
- Security in hybrid (e.g., wireline/wireless) networks

For more information, please see http://www.securecomm.org.

WMASH 2005 3rd ACM International Workshop on Wireless Mobile Applications and Services on WLAN Hotspots, Held in conjunction with ACM MOBICOM 2005, Cologne, Germany, September 2, 2005. [posted here 3/4/05]
The goal of the workshop is to address and discuss the technical and business challenges, ideas, views, and research results in providing public wireless Internet services and applications for nomadic users in small, highly-populated, public spaces (wireless LANs and "hotspots").

We are specifically interested in work dealing with network layer and above (layers 3-7). However, cross-layer solutions including MAC interaction as well as ESS management via IAPP are welcome. Within the context of interest to this workshop, a list of topics includes, but is not limited to:
- Applications and services
- New service and business models
- Public WLAN and hotspot architectures
- Community-owned WLAN infrastructures
- WLAN-based ad-hoc network service creation and management
- Metro-area hotspots using 802.11/802.16 mesh
- Multi-radio mesh node designs
- Self-configuring mesh networks for public hotspots
- Mobile routers for transient, portable hotspots
- Application case studies of mobile routers
- Interworking with other wireless systems, e.g., 3G, 802.16
- Mobility, roaming, and handoff management
- Context-aware services and technologies
- Location-aware applications and services
- Multimedia wireless applications, e.g., Voice over WLAN (VoWLAN)
- Authentication, accounting, billing and payment issues
- Security and privacy in public WLANs
- Middleware support
- Service location and discovery
- Traffic measurements and modeling
- Case studies on deployed platforms and experimental testbeds

For more information, please see http://wmash2005.ece.iastate.edu.

SDM 2005 2nd VLDB Workshop on Secure Data Management, Held in conjunction with the 31st International Conference on Very Large Databases (VLDB 2005), Trondheim, Norway, September 2-3, 2005. [posted here 3/6/05]
The aim of the workshop is to bring together people from the security research community and data management research community in order to exchange ideas on the secure management of data. This year an additional special session will be organized with the focus on secure and private data management in healthcare. The workshop will provide forum for discussing practical experiences and theoretical research efforts that can help in solving the critical problems in secure data management. Authors from both academia and industry are invited to submit papers presenting novel research on the topics of interest.

Topics of interest include (but are not limited to) the following:
- Secure Data Management
- Database Security
- Secure Storage
- Data Integrity
- Data Anonymization
- Data Hiding
- Search on Encrypted Data
- Metadata and Security
- XML Security
- Privacy Preserving Data Mining
- Statistical Database Security
- Digital and Enterprise Rights Management
- Healthcare Security
- Multimedia Security and Privacy
- Authorization and Access Control
- Private Authentication
- Identity Management
- Privacy Enhancing Technologies
- Private Information Retrieval
- User Profiling and Privacy
- Security, Privacy and Ubiquitous Computing
- Information Dissemination Control
- Protection of Personally Identifiable Information
- Applied Cryptography
- Web services security
- Secure Semantic Web
- Privacy and Security with RFID
- Private Watermarking
- Trust Management
- Security and Privacy Management

For more information, please see http://www.extra.research.philips.com/sdm-workshop/sdm05.html.

WiSe 2005 ACM Workshop on Wireless Security, Held in conjunction with ACM MobiCom 2005, Cologne, Germany, August 28 - September 2, 2005. [posted here 4/11/05]
The objective of this workshop is to bring together researchers from research communities in wireless networking, security, applied cryptography, and dependability; with the goal of fostering interaction. With the proliferation of wireless networks, issues related to secure and dependable operation of such networks are gaining importance. Topics of interest include, but are not limited to:
- Key management in wireless/mobile environments
- Trust establishment
- Computationally efficient primitives
- Intrusion detection, detection of malicious behavior
- Revocation of malicious parties
- Secure PHY/MAC/routing protocols
- Secure location determination
- Denial of service
- User privacy, location privacy
- Anonymity, prevention of traffic analysis
- Dependable wireless networking
- Identity theft and phishing in mobile networks
- Charging in wireless networks
- Cooperation in wireless networks
- Vulnerability modeling
- Incentive-aware secure protocol design
- Jamming
- Monitoring and surveillance

For more information, please see http://www.ee.washington.edu/research/nsl/wise2005.

TrustBus 2005 2nd International Conference on Trust, Privacy, and Security in Digital Business, Held in conjunction with the 16th International Conference on Database and Expert Systems Applications (DEXA 2005), Copenhagen, Denmark, August 22-26, 2005 [posted here 1/31/05]
TrustBus'05 will bring together researchers from different disciplines, developers, and users all interested in the critical success factors of digital business systems. We invite papers, work-in-process reports, industrial experiences describing advances in all areas in all digital business applications.

For more information, please see http://www-ifs.uni-regensburg.de/trustbus05/.

SecCo 2005 3rd International Workshop on Security Issues in Concurrency, San Francisco, CA, USA, August 21-22, 2005. [posted here 5/10/05]
The 3rd International Workshop on Security Issues in Concurrency (SecCo'05) follows the success of SecCo'03 (held in conjunction with ICALP'03) and SecCo'04 (held in conjunction with CONCUR'04). New networking technologies require the definition of models and languages adequate for the design and management of new classes of applications. Innovations are moving in two directions: on the one hand, the Internet which supports wide area applications, on the other hand, smaller networks of mobile and portable devices which support applications based on a dynamically reconfigurable communication structure. In both cases, the challenge is to develop applications while at design time there is no knowledge of the availability and/or location of the involved entities. Coordination models, languages and middlewares, which advocate a distinct separation between the internal behaviour of the entities and their interaction, represent a promising approach. However, due to the openness of these systems, new critical aspects come into play, such as the need to deal with malicious components or with a hostile environment. Current research on network security issues (e.g. secrecy, authentication, etc.) usually focuses on opening cryptographic point-to-point tunnels. Therefore, the proposed solutions in this area are not always exploitable to support the end-to-end secure interaction between entities whose availability or location is not known beforehand. Topics of interest include, but are not limited to:
- authentication
- integrity
- privacy
- confidentiality
- access control
- denial of service
- service availability
- safety aspects
- fault tolerance
in
- coordination models
- web service technology
- mobile ad-hoc networks
- agent-based infrastructures
- peer-to-peer systems
- global computing
- context-aware computing
- ubiquitous/pervasive comp
- component-based systems

For more information, please see http://www.zurich.ibm.com/~mbc/secco05/.

DFRWS 2005 5th Annual Digital Forensics Research Workshop, New Orleans, LA, USA, August 17-19, 2005. [posted here 5/2/05]
The purpose of this workshop is to bring together researchers, practitioners, and educators interested in digital forensics. We welcome the participation of people in industry, government, law enforcement, and academia who are interested in advancing the state of the art in digital forensics by sharing their results, knowledge, and experiences. We are looking for research papers, demo proposals, and panel proposals. Major areas of interest include, but are not limited to, the following topics:
- Incident response and live analysis
- OS, application, and multimedia analysis
- File system analysis
- Physical analysis (magnetic, optical, electrostatic, etc.)
- Memory analysis
- Network forensics
- Traceback and attribution
- Data hiding and recovery
- Event reconstruction
- Large-scale investigations
- Data mining techniques
- Tool testing and development
- Legal issues
- Case studies and trend reports
- Non-traditional approaches to forensic analysis

For more information, please see http://www.dfrws.org.

CRYPTO 2005 Twenty-Fifth Annual International Cryptology Conference, Santa Barbara, CA, USA, August 14-18, 2005. [posted here 11/14/04]
The 25th International Cryptology Conference will be held at the University of California, Santa Barbara. The academic program covers all aspects of cryptology. Formal proceedings, published by Springer-Verlag, will be provided to registered attendees at the conference. Technical sessions will run from Monday morning to Thursday noon, with a non-technical activities half-day on Tuesday afternoon.

For more information, please see http://www.iacr.org/conferences/c2005/index.html.

SAC 2005 12th Annual Workshop on Selected Areas in Cryptography, Queen's University, Kingston, Ontario, Canada, August 11-12, 2005. [posted here 3/6/05]
The Workshop on Selected Areas in Cryptography (SAC) is an annual conference dedicated to specific themes in the area of cryptographic system design and analysis. Authors are encouraged to submit original papers related to the themes for the SAC 2005 workshop:
- Design and analysis of symmetric key cryptosystems
- Primitives for symmetric key cryptography, including block and stream ciphers, hash functions, and MAC algorithms
- Efficient implementations of symmetric and public key algorithms
- Cryptographic algorithms and protocols for ubiquitous computing (RFID, sensor networks)

For more information, please see http://www.ece.queensu.ca/sac2005/.

Security-05 14th USENIX Security Symposium, Baltimore, MD, USA, August 1-5, 2005.[posted here 11/14/04]
The USENIX Security Symposium brings together researchers, practitioners, system administrators, system programmers, and others interested in the latest advances in security of computer systems. The 14th USENIX Security Symposium will be held August 1-5, 2005, in Baltimore, MD.

All researchers are encouraged to submit papers covering novel and scientifically significant practical works in security or applied cryptography. Submissions are due on February 4, 2005, 11:59 p.m. PST. The Symposium will span five days: a two-day training program will be followed by a two and one-half day technical program, which will include refereed papers, invited talks, Work-in-Progress reports, panel discussions, and Birds-of-a-Feather sessions.

For more information, please see http://www.usenix.org/events/sec05/cfp/.

CCCT 2005 3rd International Conference on Computing, Communications and Control Technologies, Austin, TX, USA, July 24-27, 2005. [posted here 1/12/05]
CCCT 2005 is an International Conference that will bring together researchers, developers, practitioners, consultants and users of Computer, Communications and Control Technologies, with the aim to serve as a forum to present current and future work, solutions and problems in these fields, as well as in the relationships among them. Consequently, efforts will be done in order to promote and to foster the analogical thinking required by the Systems Approach for interdisciplinary cross-fertilization, "epistemic things" generation and "technical objects" production. Suggested topics in the area of Computing/Information Systems and Technologies include, but are not restricted to:
- Databases
- Models and Algorithms
- Artificial Intelligence
- Computer and Systems Security
- Mathematical Computing
- Programming Languages
- Operating Systems
- Computer Graphics

For more information, please see http://www.iiisconfer.org/ccct05/WebSite/default.asp.

PEP 2005 UM05 Workshop on Privacy-Enhanced Personalization, Edinburgh, Scotland, July 24, 2005. [posted here 1/20/05]
Personalizing people's interaction with computer systems entails gathering considerable amounts of data about them. As numerous recent surveys have consistently demonstrated, computer users are very concerned about their privacy. Moreover, the collection of personal data is also subject to legal regulations in many countries and states. Such regulations impact a number of frequently employed personalization methods. This workshop will explore the potential of research on "privacy-enhanced personalization," which aims at reconciling the goals and methods of user modeling and personalization with privacy constraints imposed by individual preferences, conventions and laws. It will look at, e.g., the following questions:
- How much personal data do individual personalization methods really need? Can we find out in advance or in hindsight what types of data contribute to reasonably successful personalization in a specific application domain, and restrict data collection to these types of data?
- Is client-side personalization a possible answer to privacy concerns and legal restrictions? What technical, legal and business obstacles will have to be overcome?
- In what way should the user be involved in privacy decisions? What does appropriate notice and choice look like, and what rights must and should be granted?
- Will we need trusted third parties, and what services will we need them to provide?
- How much can we benefit from anonymity or pseudonymity infrastructures, and are there limits that should be observed?
- Are distributed user models an answer or a problem from a privacy perspective?
- Does personalization in a mobile context pose additional challenges? How can they be overcome?
- Do mobile user models pose additional privacy problems?
- How can multi-user personalized systems cater to the privacy constraints of each individual user?
- What should an ideal legal framework look like from the perspective of privacy-enhanced personalization?
- Are special provisions necessary in the case of people with disabilities and student-adaptive educational systems?

For more information, please see http://www.ics.uci.edu/~kobsa/PEP05.

Summer School on Reliable Computing Summer School on Reliable Computing, Eugene, Oregon, USA, July 20-29, 2005. [posted here 3/2/05]
This Summer School will cover current research in reliability of software systems ranging from foundational materials on type systems, program analyses, and model checking to advanced applications of the techniques in practice.

Material will be presented at a tutorial level that will help graduate students and researchers from academia or industry understand the critical issues and open problems confronting the field. The course is open to anyone interested. Prerequisites are an elementary knowledge of logic and mathematics that is usually covered in undergraduate classes on discrete mathematics. Some knowledge of programming languages at the level provided by an undergraduate survey course will also be expected. Our primary target group is PhD students. We also expect attendance by faculty members who would like to conduct research on this topic or introduce new courses at their universities. The program consists of more than twenty-five 80-minute lectures presented by internationally recognized leaders in programming languages, model checking, and software reliability research. Speakers and their topics include:
- Counterexample-driven Refinement: Thomas Ball, Microsoft Research
- Specifying and Checking Stateful Software Interfaces: Manuel Fahndrich, Microsoft Research
- Checking Software Properties with Contracts: Robby Findler, University of Chicago
- Domain-Specific Languages: For Fun and Profit: Kathleen Fisher, AT&T Research
- Improving Software Quality with Type Qualifiers: Jeff Foster, University of Maryland
- Lightweight Analyses for Reliable Concurrency: Stephen Freund, Williams College
- Type Systems: A Foundation for Reliable Computing: Robert Harper, Carnegie Mellon University
- Program Verification by Lazy Abstraction: Ranjit Jhala, University of California at San Diego
- An Introduction to Model Checking: Orna Kupferman, Hebrew University, Jerusalem

For more information, please see http://www.cs.uoregon.edu/research/summerschool/summer05/index.html.

AVBPA 2005 Audio- and Video-based Biometric Person Authentication Conference, Tarrytown, New York, USA, July 20-22, 2005. [posted here 3/9/05]
We are now seeing increasing deployment of biometric systems in many walks of life, including iris, fingerprint and face recognition systems at airports as well as access to highly secure facilities. Biometrics-based authentication techniques are the only known techniques today that can support positive and extremely accurate user authentication. Several applications in government, commercial, defense and law enforcement areas have a basic need to automatically identify humans both locally and remotely on a routine basis. The need for high accuracy and broad population coverage has made it necessary to investigate the use of multi-modal biometrics. The intrinsic security of the biometrics systems and the associated privacy concerns have emerged as important research topics. AVBPA will bring together leading biometric researchers, system designers, and end users to promote the development of robust solutions to efficient and secure authentication. The conference has been an official event of The International Association for Pattern Recognition (IAPR-TC14) since 1997. The purpose of this conference is to provide a scientific forum for researchers, engineers, system architects and designers to report recent advances in this area of secure person authentication involving biometrics and related technologies.

For more information, please see http://biometrics.cse.msu.edu/avbpa2005.html.

SNDS 2005 1st International Workshop on Security in Networks and Distributed Systems, Held in conjunction with the 11th International Conference on Parallel and Distributed Systems (ICPADS-2005), Fukuoka, Japan, July 20-22, 2005. [posted here 3/12/05]
Security is an important issue in the research of networks and distributed systems, ranging from the traditional computer networks to newly proliferated areas like sensor networks, P2P systems, and ubiquitous computing. The security threats exploited the weakness of protocols as well as operating systems, and also extended to attack Internet applications such as database systems and web servers. The attacks, including Distributed Deny of Service, Virus, Buffer Overflows and Worms, are causing more economic damages and arouse more attentions. To achieve a secured distributed system, the cybersecurity aspects, namely, data confidentiality, authentication, nonrepudiation, data integrity, privacy, access control and availability, should be fully attained.

This workshop provides a forum for academic and industry professionals to discuss recent progress in the area of network and distributed system security, and includes studies on security attacks that occur in today's networks, security mechanisms that are designed to detect, prevent, or recover from a security attack and security services that are available to enhance system security. Topics of interest include, but are not limited to:
- Distributed digital signatures
- Distributed denial of service attacks
- Distributed intrusion detection and protection systems
- Distributed access control and firewalls
- Security in e-commerce and e-business and other applications
- Security in P2P networks and Grid computing
- Security in mobile and pervasive computing
- Security architectures in distributed and parallel systems
- Security theory and tools in distributed and parallel systems
- Ad hoc and sensor network security
- Buffer overflows
- Cryptographic algorithms
- Data privacy and trustiness
- Information hiding and multimedia watermarking in distributed systems
- Key management and authentication
- Mobile codes security
- Network security issues and protocols
- Software security
- World Wide Web Security

For more information, please see http://www.comp.polyu.edu.hk/SNDS05/.

REFT 2005 Workshop on Rigorous Engineering of Fault-Tolerant Systems, Held in conjunction with the 13th Formal Methods Symposium (FM 2005), Newcastle, UK, July 19, 2005. [posted here 3/1/05]
The growing complexity of modern software systems increases the difficulty of ensuring the overall dependability of software-intensive systems. The complexity of environments in which systems operate, high dependability requirements that they have to meet, the versatility of functions they need to provide and a variety of characteristics they need to have (including adaptivity, mobility and pervasiveness), as well as the complexity of infrastructures on which they rely make system design a true engineering challenge. As a result, systems like these have intricate architecture and require sophisticated coordination and management activities for their execution. These trends are set to continue or even grow as computer systems become ever more intimately connected with their users.

Mastering system complexity requires design techniques that support clear thinking and rigorous validation and verification. This is exactly what formal design methods do. Coping with complexity also requires architectures that are tolerant of faults and unpredictable changes in environment. This issue can be addressed by fault tolerant design techniques. System development methods must be rigorous, explicitly model fault tolerance through all development phases, support the construction of appropriate abstractions and provide techniques for their structured refinement and decomposition.

The aim of this workshop is to bring together researchers from the Fault Tolerance, Formal Methods and Tool Development communities and to discuss recent research results and practical experience in designing fault tolerant applications. Contributions are solicited in all areas related to rigorous development of fault tolerant software systems. The scope of this workshop encompasses but is not limited to:
- Verification and refinement of fault tolerant systems
- Integrated approaches to developing fault tolerant systems (including integration of different formalisms as well as formal strengthening of informal notations)
- Formal foundations for error detection, error recovery, exception and fault handling
- Abstractions, styles and patterns for rigorous development of fault tolerance
- Development and application of tools supporting rigorous design of dependable systems
- Integrated platforms for developing dependable systems
- Rigorous approaches to specification and design of fault tolerance in novel computer systems
- Case studies demonstrating rigorous development of fault tolerant systems

For more information, please see REFT 2005 workshop website.

FAST 2005 3rd International Workshop on Formal Aspects in Security & Trust, Held in conjunction with the 13th Formal Methods Symposium (FM 2005), Newcastle, UK, July 18-19, 2005. [posted here 3/1/05]
The third international Workshop on Formal Aspects in Security and Trust (FAST2005) aims at continuing the successful effort of the first two FAST workshops for fostering the cooperation among researchers in the areas of security and trust. The new challenges offered by the so-called ambient intelligence space as a future paradigm in the information society demand for a coherent framework of concepts, tools and methodologies to enable user's trust&confidence on the underlying computing infrastructure. These need to address issues relating to both guaranteeing security of the infrastructure and the perception of the infrastructure being secure. In addition, user confidence on what is happening must be enhanced by developing trust models effective but also easily comprehensible and manageable by users.

The complexity and scale of deployment of emerging ICT systems based on web service and grid computing concepts also necessitates the investigation of new, scalable and more flexible foundational models of enforcing pervasive security across organizational borders and in situations where there is high uncertainty about the identity and trustworthyness of the participating networked entities (including users, services and resources). The increasing need of building activities sharing different resources managed with different policies demands for new and business enabling models of trust between members of virtual communities including virtual organizations that span across the boundaries of physical enterprises and loosely structured communities of individuals.

Suggested submission topics include, but are not limited to:
- Formal models for security, trust and reputation
- Security protocol design and analysis
- Logics for security and trust
- Trust-based reasoning
- Distributed Trust Management Systems
- Digital Assets Protection
- Data protection
- Privacy and ID management issues
- Information flow analysis
- Language-based security
- Security and Trust aspects in ubiquitous computing
- Validation/Analysis tools
- Web/Grid Services Security/Trust/Privacy
- Security and Risk Assessment
- Case studies

For more information, please see http://www.iit.cnr.it/FAST2005.

ARSPA 2005 2nd Workshop on Automated Reasoning for Security Protocol Analysis, Held in conjunction with the 32nd International Colloquium on Automata, Languages and Programming (ICALP 2005), Lisboa, Portugal, July 16, 2005. [posted here 2/8/05]
The ARSPA workshop aims to bring together researchers and practitioners from both the security and the formal methods communities, from academia and industry, who are working on developing and applying automated reasoning techniques and tools for the formal specification and analysis of security protocols.

Contributions are welcomed on the following topics or related ones:
- Automated analysis and verification of security protocols
- Languages, logics and calculi for the design and specification of security protocols
- Verification methods: accuracy, efficiency
- Decidability and complexity of cryptographic verification problems
- Synthesis and composition of security protocols
- Integration of formal security specification, refinement and validation techniques in development methods and tools

For more information, please see http://www.avispa-project.org/arspa.

ESAS 2005 2nd European Workshop on Security and Privacy in Ad hoc and Sensor Networks, Held in conjunction with the 1st International Conference on Wireless Internet (WICON), Budapest, Hungary, July 14-15, 2005. [posted here 1/24/05]
The vision of ubiquitous computing has generated a lot of interest in wireless ad hoc and sensor networks. However, besides their potential advantages, these new generations of networks also raise some challenging problems with respect to security and privacy. The aim of this workshop is to bring together the network security, cryptography, and wireless networking communities in order to discuss these problems and to propose new solutions. The second ESAS workshop seeks submissions that present original research on all aspects of security and privacy in wireless ad hoc and sensor networks. Submission of papers based on work-in-progress is encouraged. Topics of interest include, but are not limited to the following:
- Privacy and anonymity
- Prevention of traffic analysis
- Location privacy
- Secure positioning and localization
- Secure MAC protocols
- Secure topology control
- Secure routing
- Secure in-network processing
- Secure context aware computing
- Cooperation and fairness
- Charging and rewarding
- Key management
- Trust establishment
- Embedded security
- Cryptography for resource constrained applications
- Distributed intrusion detection

For more information, please see http://www.crysys.hu/ESAS2005/.

ICALP 2005 32nd International Colloquium on Automata, Languages and Programming, Lisboa, Portugal, July 11-15, 2005. [posted here 01/12/04]
ICALP'05 innovates on the structure of its traditional scientific program with the inauguration of a new special Track (C). The aim of Track C is to allow a deeper coverage of a particular topic, to be specifically selected for each year's edition of ICALP on the basis of its timeliness and relevance for the theoretical computer science community. This year, Track C subject is Security and Cryptography Foundations. Topics of interest for Track C include, but are not limited to:
- Cryptographic Notions, Mechanisms, Systems and Protocols
- Cryptographic Proof Techniques, Lower bounds, Impossibilities
- Foundations of Secure Systems and Architectures
- Logic and Semantics of Security Protocols
- Number Theory and Algebraic Algorithms in Cryptography
- Pseudorandomness, Randomness, and Complexity Issues
- Secure Data Structures, Storage, Databases and Content
- Security Modeling: Combinatorics, Graphs, Games, Economics
- Specifications, Verifications and Secure Programming
- Theory of Privacy and Anonymity
- Theory of Security in Networks and Distributed Computing
- Quantum Cryptography and Information Theory

For more information, please see http://icalp05.di.fct.unl.pt/.

SOUPS 2005 Symposium on Usable Privacy and Security, Carnegie Mellon University, Pittsburgh, PA, USA, July 6-8, 2005.[posted here 11/14/04]
The Symposium on Usable Privacy and Security (SOUPS) will be held July 6-8, 2005 at Carnegie Mellon University in Pittsburgh, PA. This symposium will bring together an interdisciplinary group of researchers and practitioners in human computer interaction, security, and privacy. The program will feature refereed papers, tutorials, a poster session, panels and invited talks, and discussion sessions. We seek original papers describing research or experience in all areas of usable privacy and security. Topics include, but are not limited to, breakthrough models, innovative functionality and design, new applications of existing models or technology, usability testing of security features or security testing of usability features, and lessons learned from deploying and using usable privacy and security features. Papers should properly place the work within the field, cite related work, and clearly indicate the innovative aspects of the work or lessons learned as well as the contribution of the work to the field. Suggestions or proposals for panels, tutorials, or invited speakers  should be sent to the general chair, lorrie AT acm.org, by February 25.

For more information, please see http://cups.cs.cmu.edu/soups/.

DIMVA 2005 2nd GI SIG SIDAR Conference on Detection of Intrusions & Malware, and Vulnerability Assessment, Vienna, Austria, July 6-8, 2005. [posted here 11/14/04]
The special interest group Security - Intrusion Detection and Response (SIDAR) of the German Informatics Society (GI) organizes DIMVA as an annual conference that brings together experts from throughout Europe to discuss the state of the art in the areas of intrusion detection, detection of malware, and assessment of vulnerabilities. DIMVA emphasizes the collaboration and exchange of ideas between industry, academia, law enforcement and government, and invites four types of submissions: full papers, industry papers, panel proposals, and tutorial proposals.

For more information, please see http://www.dimva.org/dimva2005.

ACISP 2005 10th Australasian Conference on Information Security and Privacy, Brisbane, Australia, July 4-6, 2005. [posted here 12/13/04]
Original papers pertaining to all aspects of information security and privacy are solicited for submission to the 10th Australasian Conference on Information Security and Privacy (ACISP 2005). Papers may present theory, techniques, applications and practical experiences on a variety of topics including:
- Cryptology
- Mobile communications security
- Database security
- Authentication and authorization
- Secure operating systems
- Intrusion detection
- Access control
- Security management
- Security protocols
- Network security
- Secure commercial applications
- Privacy Technologies
- Smart cards
- Key management and auditing
- Mobile agent security
- Risk assessment
- Secure electronic commerce
- Privacy and policy issues
- Copyright protection
- Security architectures and models
- Evaluation and certification
- Software protection and viruses
- Computer forensics
- Distributed system security
- Identity management
- Biometrics

For more information, please see http://www.isrc.qut.edu.au/events/acisp2005/.

FCS 2005 Foundations of Computer Security, Held in conjunction with the 12th Annual IEEE Symposium on LOGIC IN COMPUTER SCIENCE (LICS 2005), Chicago, IL, USA, June 30 - July 1, 2005. [posted here 1/21/05]
Computer security is an established field of Computer Science of both theoretical and practical significance. In recent years, there has been increasing interest in foundations for various methods in computer security, including the formal specification, analysis and design of cryptographic protocols and their applications, the formal definition of various aspects of security such as access control mechanisms, mobile code security and denial-of-service attacks, trust management, and the modeling of information flow and its application to confidentiality policies, system composition, and covert channel analysis.

The aim of this workshop is to provide a forum for continued activity in this area, to bring computer security researchers in contact with the LICS'05 community, and to give LICS attendees an opportunity to talk to experts in computer security. We are interested both in new results in theories of computer security and also in more exploratory presentations that examine open questions and raise fundamental concerns about existing theories. Possible topics include, but are not limited to:
- Composition issues
- Formal specification
- Foundations of verification
- Information flow analysis
- Language-based security
- Logic-based design
- Program transformation
- Security models
- Static analysis
- Statistical methods
- Trust management
for Authentication, Availability and denial of service, Covert channels, Cryptographic protocols, Confidentiality, Integrity and privacy, Intrusion detection, Malicious code, Mobile code, Mutual distrust, and Security policies.

For more information, please see http://www.cs.chalmers.se/~andrei/FCS05/.

ISSA 2005 5th Annual Information Security South Africa Conference, Gauteng Region (Johannesburg), South Africa, June 29 - July 1, 2005. [posted here 2/2/05]
The ISSA2005 Conference will provide an opportunity for key players to review sustainable practices that have been developed by South Africans in order to meet the challenges delivered by globalization. Topics to b e addressed by the conference include: research papers, case studies, lessons learned, current research, short tutorials and research in progress (student papers).

The field of information security is diverse, including technical, managerial, legal, social and even philosophical issues. Individuals alone cannot address these issues. Only the combined efforts of academia and industry can provide answers and solutions that will benefit all of society.

Topics include but are not limited to:
- Access Control
- Agents
- Architectures and infrastructures
- Audit
- Authentication
- Anti-Virus
- Awareness and training in Security
- Backup, Storage, Recovery
- Biometrics
- Business Continuity Planning and Management
- Certification
- Challenges and solutions of managing security
- Communications/network security
- Content Security
- Corporate governance/Enterprise security
- CRM security
- Digital Identification and Authentication
- Disaster Recovery Planning and Management
- E-Commerce and E-Business security
- E-mail security
- Encryption
- Evaluation of Information Security in companies and information security surveys
- Firewalls
- Forensic Auditing
- Future visions for Information Security Management
- Hacking/cracking
- Human Computer Interaction for Security
- Identity theft
- Intelligent tokens
- Intruder Detection
- IT Governance
- Legal, ethical and social issues related to Information Security
- Legislation
- Managing Information Security
- Methodologies for securing small to medium size enterprises
- Methodologies and techniques for certification and accreditation
- Mobile Computing Security
- Networking Security
- PKI
- Practical industry presentations on managing information security
- Practical industry presentations on applications such as PGP
- Printers, Id Systems
- IT Risk Management
- Information Security Risk Analysis
- Secure servers
- Security Policy and Procedures
- Small distribution applications
- Smart Cards
- Standards - Local & International
- Strategic Information Security
- VPNs
- Vulnerability Assessments

For more information, please see http://www.infosecsa.co.za.

DSN 2005  The International Conference on Dependable Systems and Networks, Pacific Convention Center (Pacifico), Yokohama, Japan, June 28 - July 1,2005. [posted here 9/11/04]
The International Conference on Dependable Systems and Networks 2005(DSN-2005) announces its Call for Contributions for full papers, practical experience reports, workshop proposals, tutorials, student forum, and fast abstracts. Full papers are due November 19th, 2004. Please see www.dsn.org for submission information. Contributions are invited in, but are not limited to:
- Analytical and Simulation Techniques for Performance and Dependability Assessment
- Architectures for Dependable Computer Systems
- Dependability Benchmarking
- Dependability of High-Speed Networks and Protocols
- Dependability Modeling and Prediction
- Dependability in VLSI
- E-commerce Dependability
- Fault Tolerance in Transaction Processing
- Fault Tolerance in Distributed & Real-Time Systems
- Fault Tolerance in Multimedia Systems
- Fault Tolerance in Mobile Systems
- Information Assurance and Survivability
- Internet Dependability and Quality of Service
- Intrusion Tolerant Systems
- Measurement Techniques for Performance and Dependability Assessment
- Safety-Critical Systems
- Software Testing, Validation, and Verification
- Software Reliability
- Tools for Performance and Dependability Assessment

For more info, please see: http://www.dsn.org/.

LBFCM 2005 Workshop on the Link Between Formal and Computational Models, Paris, France, June 23-24, 2005. [posted here 5/16/05]
LBFCM workshop will focus on the relations between the symbolic (Dolev-Yao) model and the computational(complexity-theoretic) model, and more broadly on new advances and research directions in protocol verification. We wish to invite you to participate in this informal workshop on the verification of security protocols.

For more information, please see http://www.loria.fr/~cortier/workshop.html.

Hash Function 2005 ECRYPT Workshop on Hash Functions, Krakow, Poland, June 23-24, 2005. [posted here 3/9/05]
The Hash Function Workshop, organized as one of the activities of the European Network of Excellence in Cryptology ECRYPT, will be devoted to recent developments in the hash functions research. As a workshop and forum for the exchange of ideas and proposals, active participation is encouraged. We expect to have both, invited talks and contributed talks. Attendees are invited to submit papers on all aspects of hash function analysis and deployment including, but not limited to the following:
- hash function design and analysis,
- the state, and likely evolution, of current hash function cryptanalytic research,
- the state of SHA-1 and implications for SHA-n (for n > 1) and RIPEMD-160,
- hash function deployment (such as for MAC constructions and public key infrastructures).

We also encourage submissions that question or comment upon:
- the need for alternative hash functions,
- implications of recent attacks, in particular estimations of risks where a hash function is used as a component in a cryptographic scheme, and the requirements of industry.

For more information, please see http://www.impan.gov.pl/BC/05Hash.html.

CSFW18 18th IEEE Computer Security Foundations Workshop, Aix-en-Provence, France, June 20-22, 2005. [posted here 11/14/04]
This workshop series brings together researchers in computer science to examine foundational issues in computer security. We are interested both in new results in theories of computer security and also in more exploratory presentations that examine open questions and raise fundamental concerns about existing theories. Both papers and panel proposals are welcome. Possible topics include, but are not limited to:
- Access Control
- Authentication
- Data and system integrity
- Database security
- Network security
- Distributed systems security
- Anonymity
- Intrusion detection
- Security for mobile computing
- Security protocols
- Security models
- Decidability issues
- Privacy
- Executable content
- Formal methods for security
- Information flow
- Language-based security

This year's workshop will be held in Aix-en-Provence, France. Proceedings published by the IEEE Computer Society Press will be available at the workshop. Selected papers will be invited for submission to the Journal of Computer Security.

For more information, please see http://ww.csl.sri.com/csfw/index.html.

SIntelProp 2005 5th Annual Symposium on Intellectual Property, Adelphi, MD, USA, June 16-17, 2005. [posted here 5/16/05]
The 2005 CIP Symposium will seek to explore and understand just a few of the various ways in which individuals and organizations think and talk about copyright infringement in our digital age and what actions they take based upon those perceptions. We will focus in particular on issues relevant to the higher education community and the delivery of quality copyrighted content. Facilitating our exploration, discussion, and reflection will be representatives from the academy, library, law, corporation, nonprofit organization, technology sector, and Capitol Hill.

The Symposium will focus on the following critical issues:
- The Impact of Copyright Law and Policy on Academic Culture
- Regulatory Copyright: How Will Universities be Affected?
- P2P File Sharing: Pirates or Revolutionaries?
- Culture and Copyright: A Creative Clash?
- Copyright Infringement in the Digital Age: What Universities Need to Know
- The Copyright Legislative Landscape
- Responses to Copyright Infringement at University Campuses: Best Practices

For more information, please see http://www.umuc.edu/cip/symposium.

IAW 2005 6th IEEE SMC Information Assurance Workshop, West Point, NY, USA, June 15-17, 2005. [posted here 1/13/05]
The workshop is designed to provide a forum for Information Assurance researchers and practitioners to share their research and experiences. Attendees hail from industry, government, and academia. The focus of this workshop is on innovative, new technologies designed to address important Information Assurance issues.

Last year the IEEE IAW added a new track on Honeynet Technologies, sponsored by the Honeynet Project (www.honeynet.org). This will remain a specific focus of the IAW this year. New this year to the technical track are sessions on Security Data Visualization techniques and Biometrics. Other areas of particular interest at this workshop include, but are not limited to:
- Innovative intrusion detection and response methodologies
- Information warfare
- Honeynet technologies (at least one session)
- Visualization and data representation (at least one session)
- Biometrics (at least one session)
- Secure software technologies
- Wireless security
- Computer forensics
- Data Protection
- Educational curriculum
- Best practices
- Information Assurance education and professional development

For more information, please see http://www.itoc.usma.edu/workshop/2005/.

TSPUC 2005 International Workshop on Trust, Security and Privacy for Ubiquitous Computing, Taormina, Sicily, Italy, June 13, 2005. [posted here 11/14/04]
This workshop aims at focussing the attention of the research community on the increasing complexity and relevance of trust, privacy and security issues in ubiquitous computing. Suggested submission topics include, but are not limited to the following ones in mobile (ad Hoc) networks, sensor networks, P2P systems, and portable/embedded/weareable devices:
- Key establishment and distribution
- Access control models, policies and mechanisms
- Trust, reputation and reccomendation management
- Privacy and identity management
- Digital assets management
- Context/location aware computation
- Self-organizing networks/communities
- Intrusion and anomaly detection
- Secure user-device interfaces
- Distributed consensus in the presence of active adversaries
- Analysis/simulation/validation techniques
- Handling emergent properties
- Phishing - attacks and countermeasures
- Case studies

For more information, please see  http://www.iit.cnr.it/TSPUC2005/.

ACNS 2005  3rd Applied Cryptography and Network Security Conference, Columbia University, New York, NY, USA, June 7-10, 2005. [posted here 11/14/04]
Original research papers on all technical aspects of cryptology are solicited for submission to ACNS '05, the Third annual conference on Applied Cryptography and Network Security. There are two tracks for ACNS: a research track and an industrial track. The latter has an emphasis on practical applications. In addition, submissions to the industrial track may be talk proposals (rather than full papers). The PC will consider moving submissions between tracks if the PC feels that a submission is more appropriate for that track (with author permission). Topics of relevance include but are not limited to:
- Applied Cryptography, cryptographic constructions
- Cryptographic applications: e.g., payments, fair exchange, time-stamping, auctions, voting, polling, location services
- Economic incentives for collaboration
- Security modeling and protocol design in the context of rational and malicious adversaries
- Security of limited devices: e.g., adversarial modeling, light-weight cryptography, efficient protocols and implementations
- Integrating security in Internet protocols: routing, naming, TCP/IP, multicast, network management, and the Web
- Intrusion avoidance, detection, and response: systems, experiences and architectures
- Network perimeter controls: firewalls, packet filters, application gateways
- Virtual private networks
- Web security and supporting systems security, such as databases, operating systems, etc.
- Denial of Service: attacks and countermeasures
- Securing critical infrastructure: e.g., routing protocols, the power grid, and emergency communication
- Public key infrastructure, key management, certification, and revocation
- Implementation, deployment and management of network security policies
- Intellectual property protection: protocols, implementations, metering, watermarking, digital rights management
- Fundamental services on network and distributed systems: authentication, data integrity, confidentiality, authorization, non-repudiation, and availability
- Integrating security services with system and application security facilities and protocols: e.g., message handling, file transport/access, directories, time synchronization, database management, boot services, mobile computing
- Security and privacy for emerging technologies: sensor networks, wireless/mobile (and ad hoc) networks, Bluetooth, 802.11, and peer-to-peer systems
- Usable security
- Deployment incentives for security technology
- Web, chat, and email security, including topics such as spam prevention

For more information, please see http://acns2005.cs.columbia.edu/cfp.html.

SDCS 2005 2nd International Workshop on Security in Distributed Computing Systems, Held in conjunction with the 25th International Conference on Distributed Computing Systems (ICDCS-2005), Columbus, OH, USA, June 6-9, 2005. [posted here 12/13/04]
In recent years, interest has increased in the field of security of distributed computing systems, since securing a large-scale networked system becomes a great challenge. These include the control mechanisms, mobile code security, denial-of-service attacks, trust management, modeling of information flow and its application to confidentiality policies, system composition, and covert channel analysis. We will focus our program on issues related to important properties of system security, such as measurability, sustainability, affordability, and usability in distributed computing systems.  Topics of interest include, but are not limited to:
- Distributed Access Control and Trust Management
- Key Management and Authentication
- Privacy and Anonymity
- Benchmark and Security Analysis
- Security for Peer to Peer systems and Grid Computing Systems
- Secure Multicast and Broadcast
- Secure multiparty and two-party computations
- Computer and Network Forensics
- Denial-of-service Attacks and Countermeasures
- Secure E-Commerce/E-Business
- Security Verification
- Distributed Database Security
- Digital Rights Management
- Secure Mobile Agents and Mobile Code
- ntrusion detection
- Viruses, Worms, and Other Malicious Code
- Security in ad-hoc and sensor networks
- World Wide Web Security

For more information, please see http://securityworkshop.ece.iastate.edu.

POLICY 2005 6th IEEE International Workshop on Policies for Distributed Systems and Networks, Stockholm, Sweden, June 6-8, 2005. [posted here 09/07/04]
The policy workshop aims to bring together researchers and practitioners working on policy-based systems across a wide range of application areas including policy-based networking, security management, storage area networking, and enterprise systems. Policy 2005 is the 6th in a series of successful workshops which since 1999 have provided a forum for discussion and collaboration between researchers, developers and users of policy-based systems. This year, in addition to the latest research results from the communities working in the areas mentioned above, we encourage contributions on policy-based techniques in support of: On-demand computing/Utility Computing, SLA/Contract based Management, Virtualization and Policy-based collaboration. As in the previous three years the policy workshop will be co-located with SACMAT 2005.

More information can be found on the workshop web page at http://www.sics.se/policy2005/page.php?id=home.

IHW 2005 7th Information Hiding Workshop, Barcelona, Spain, June 6-8, 2005. [posted here 11/14/04]
Many researchers are interested in hiding information or, conversely, in preventing others from doing so or detecting and extracting the hidden data. Although the protection of digital intellectual property has recently motivated most of the research in  this area, there are many other  applications of increasing interest to both the academic and business communities. Current research topics include:
- anonymous communications
- covert channels in computer systems
- detection of hidden information (steganalysis)
- digital forensic
- information hiding aspects of privacy
- steganography
- subliminal channels in cryptographic protocols
- watermarking for protection of intellectual property
- other applications of watermarking

Continuing a series of successful workshops that brought together these closely-linked research areas, the 7th International Workshop on Information Hiding will be held in Barcelona, Spain.

For more information, please see http://kison.uoc.edu/IH05.

EC 2005 6th ACM Conference on Electronic Commerce, Vancouver, Canada, June 5-8, 2005. [posted here 5/16/04]
Since 1999 the ACM Special Interest Group on Electronic Commerce (SIGECOM) has sponsored the leading scientific conference on advances in theory, systems, and applications for electronic commerce. The Sixth ACM Conference on Electronic Commerce (EC'05) will feature paper presentations, workshops, and tutorials covering all areas of electronic commerce. The natural focus of the conference is on computer science issues, but the conference is interdisciplinary in nature, addressing the following topics:
- Algorithmic mechanism design
- Auction and negotiation technology
- Automated shopping, trading, and contract management
- Computational finance
- Computational game theory and economics
- Computational markets for information services
- Databases and online transaction processing
- Experience with fielded electronic-commerce systems
- Formation of supply chains, coalitions, and virtual enterprises
- Information markets
- Intellectual property and digital rights management
- Languages for describing goods, services, and contracts
- Legal, political, and social issues
- Marketing and advertising technology
- Payment and exchange protocols
- Recommendation, reputation, and trust systems
- Security and privacy issues in electronic commerce
- Software and systems requirements, architectures, and performance
- User-interface issues in electronic commerce

For more information, please see http://www.acm.org/ec05.

WEIS 2005 4th Workshop on the Economics of Information Security, Harvard University, Cambridge, MA, USA, June 2-3, 2005. [posted here 2/8/05]
Original Research Papers on all aspects of the Economics of Information Security are solicited for submission to the Fourth Workshop on the Economics of Information Security. Topics of interest include liability and other legal incentives, game theoretic models, economics of digital rights management, security in open source and free software, cyber-insurance, disaster recovery, trusted computing, reputation economics, network effects in security and privacy, security in grid computing, return on security investment, security and privacy in pervasive computing, risk management, risk perception, economics of trust, virus models, vulnerabilities and incentives, economics of malicious code, identity including PKI, access control, economics of electronic voting security, and economic perspectives on spam.

We invite talks emphasizing economic theory, mathematical modeling, or legal theory. Past notable work used the tools of economics to offer insights into computer security; offered mathematical models of computer security and economics; detailed potential regulatory solutions to computer security; or clarified the challenges of improving security as implemented in practice.

For more information, please see http://www.infosecon.net/workshop/.

SACMAT 2005 10th ACM Symposium on Access Control Models and Technologies, Scandic Hasselbacken, Stockholm, Sweden, June 1-3 , 2005. [posted here 09/09/04]
Papers offering novel research contributions in any aspect of access control are solicited for submission to the Tenth ACM symposium on access control models and technologies (SACMAT). SACMAT 2005 is the fifth of a successful series of symposiums that continue the tradition, first established by the ACM Workshop on Role-Based Access Control, of being the premier forum for presentation of research results and experience reports on leading edge issues of access control, including models, systems, applications, and theory. The missions of the symposium are to share novel access control solutions that fulfill the needs of heterogeneous applications and environments and to identify new directions for future research and development. SACMAT gives researchers and practitioners a unique opportunity to share their perspectives with others interested in the various aspects of access control.

The SACMAT workshop will be co-located with POLICY 2005.

More information can be found  at http://www.sacmat.org/.

PET 2005 5th Workshop on Privacy Enhancing Technologies, Dubrovnik, Croatia, May 30-June 1, 2005. [posted here 9/14/04]
Privacy and anonymity are increasingly important in the online world. Corporations, governments, and other organizations are realizing and exploiting their power to track users and their behavior, and restrict the ability to publish or retrieve documents. Approaches to protecting individuals, groups, but also companies and governments from such profiling and censorship include decentralization, encryption, distributed trust, and automated policy disclosure.

This 5th workshop addresses the design and realization of such privacy and anti-censorship services for the Internet and other communication networks by bringing together anonymity and privacy experts from around the world to discuss recent advances and new perspectives.

The workshop seeks submissions from academia and industry presenting novel research on all theoretical and practical aspects of privacy technologies, as well as experimental studies of fielded systems.  We encourage submissions from other communities such as law and business that present their perspectives on technological issues.

Suggested topics include but are not restricted to:
- Anonymous communications and publishing systems
- Censorship resistance
- Pseudonyms, identity management, linkability, and reputation
- Data protection technologies
- Location privacy
- Policy, law, and human rights relating to privacy
- Privacy and anonymity in peer-to-peer architectures
- Economics of privacy
- Fielded systems and techniques for enhancing privacy in existing systems
- Protocols that preserve anonymity/privacy
- Privacy-enhanced access control or authentication/certification
- Privacy threat models
- Models for anonymity and unobservability
- Attacks on anonymity systems
- Traffic analysis
- Profiling and data mining
- Privacy vulnerabilities and their impact on phishing and identity theft
- Deployment models for privacy infrastructures
- Novel relations of payment mechanisms and anonymity
- Usability issues and user interfaces for PETs
- Reliability, robustness and abuse prevention in privacy systems

For more information, please see http://petworkshop.org/2005/.

WOSIS 2005 3rd International Workshop on Security In Information Systems, held in conjunction with the 7th International Conference on Enterprise Information Systems (ICEIS 2005), Miami Beach, FL, USA, May 24-25, 2005. [posted here 1/12/05]
Information Systems Security is one of the most pressing challenges facing all kind of organizations today. Although many companies have discovered how critical information is to the success of their business or operations, very few have managed to be effective in keeping their information safe, in avoiding unauthorized access, preventing intrusions, stopping secret information disclosure, etc. This workshop will serve as a forum to gather academics, researchers, practitioners and students in the field of security in information systems. The workshop will present new developments, lessons learned from real world cases, and would provide the exchange of ideas and discussion on specific areas. Topics of interest include, but are not limited to:
- Methodologies for the development of security information system
- Access control techniques
- Personal data protection
- Information systems risk management and analysis
- Security in databases, datawarehouses and web information systems
- Secure information systems architectures
- Standards for information systems security
- Metadata for Web and multimedia security
- XML and RDF based metadata for security
- Security Engineering
- Assessment of security software/hardware
- Study, validation and attacks on security protocols
- Real world applications analysis
- Cryptology: Cryptography and Cryptanalysis
- Information hiding: Steganography & Steganalysis
- Peer-to-Peer systems
- Analysis and design of cryptographic algorithms
- Electronic commerce
- Wireless communications
- RFID privacy and security implications
- Anti-Spam techniques
- Open source secure development
- Emission security
- Attacks on copyright marking systems
- Reliability of security systems
- Disaster recovery
- Security of clinical information systems
- Cyberterrorism
- E-Laws and e-government
- PKI technology
- VPNs, IPSEC, IPv6
- Economics aspects of security
- Electronic Voting
- Computer Forensics
- Incident response
- Privacy and freedom issues
- Privacy-preserving Web-mining
- Legal aspects of cyber security

For more information, please see http://www.iceis.org/workshops/wosis/wosis2005-cfp.html.

Eurocrypt 2005 24th Annual Eurocrypt Conference, Aarhus, Denmark, May 22-26, 2005. [posted here 3/22/05]
Original papers on all technical aspects of cryptology are solicited for submission to Eurocrypt 2005, the 24th Annual Eurocrypt Conference. Eurocrypt 2005 is organized by the International Association for Cryptologic Research (IACR).

For more information, please see http://www.iacr.org and http://www.brics.dk/eurocrypt05/.

AusCERT 2005 AusCERT 2005 Refereed R&D Stream, Gold Coast, Australia, May 22-26, 2005. [posted here 01/12/05]
Original papers are solicited for submission to the refereed stream of AusCERT2005 - the AusCERT Asia Pacific Information Technology Security Conference. This stream will run within the regular conference program which is being organised by AusCERT. Full papers submitted to this stream will be refereed by members of the international program committee and published in the conference proceedings.

Topics of interest include, but are not limited to:
- Intrusion Detection
- Network and Wireless Security
- Attack Detection / Honeynets
- Critical Infrastructure Protection
- Legal and Regulatory Issues
- Intrusion Forensics
- Incident Response

For further info, see http://www.isrc.qut.edu.au/events/auscert2005/.

CIIW 2005 1st CRIS International Workshop on Critical Information Infrastructures, Linkoping, Sweden, May 17-18, 2005. [posted here 2/27/05]
This workshop is being held as a combined research-oriented workshop and information exchange for experts and authorities involved in Critical Infrastructures, but with a focus on Information infrastructures. The workshop seeks two categories of papers: (1) high quality unpublished papers (full papers) and (2) work-in-progress and student papers discussing recent interesting work related to the following research areas:
- Dynamic network protection with adaptive and proactive methods
- Intrusion prevention, detection, tolerance and response
- Defence strategies for ISP networks
- Infrastructure vulnerabilities and dependencies
- Monitoring and analysing attack patterns within specific systems or domains
- Monitoring and analysing attack patterns in Internet data
- Recognition and response systems for distributed attacks, e.g. CAPTCHAs
- Distributed denial of service attacks
- Self-propagating malicious code
- Cyber terrorism and organized crime
- System management and self-managed systems
- Self-healing systems, automated patching and node/link recovery, ad-hoc routing
- Real-time response and mitigation
- Network fault-tolerance: wireless networks, sensor networks, IP networks
- Security policy, protection, access control and authentication
- Models and architectures for network survivability
- Interoperability between hybrid wireline/wireless networks
- Robust infrastructures

For more information, please see http://www.ida.liu.se/conferences/CIIW05/.

Cluster-Sec 2005 Cluster Security - The Paradigm Shift - Held in conjunction with the 5th IEEE/ACM International Symposium on Cluster Computing and the Grid (CCGrid) 2005, May 10/11, 2005.[posted here 11/14/04]
Prior to the Spring of 2004, clusters have been protected using enterprise computer network security techniques where cluster nodes where treated as a collection of individual computers. After the successful Internet attacks on HPC centers worldwide in the Spring of 2004, there needs to be a paradigm shift in cluster security strategies. Clusters can no longer be thought of as just a collection of individual computers but rather as an integrated single unit in which any breach may result in a "class break" compromise of the entire cluster. Furthermore, it has also been shown that clusters communicating via grids create dependent risks between clusters such that any cluster compromise may cascade to effect an entire grid.

This workshop focuses on stimulating new ideas in order to reshape cluster protection strategies. Clearly cluster security is a complex, multi-dimensional problem with dynamics over time so a large variety of approaches may be appropriate including prevention, monitoring, measurements, mitigation, and recovery. Papers with demonstrated results will be given priority. Two categories of papers will be considered: Long Paper (12 pages) and Work-In-Progress/Short Paper (6 pages). A list of potential topics includes but is not limited to the following:
- cluster security as an emergent property
- analysis of cluster attacks
- new techniques to protect clusters
- visualizing cluster security
- commercial grade cluster security
- failover cluster security
- cluster-specific intrusion detection
- the relationship between cluster security and grid security
- cluster security vulnerabilities
- cluster security best practices
- storage security on clusters
- storage survivability on clusters

More information can be found on the workshop web page at http://www.ncassr.org/projects/cluster-sec/ccgrid05/.

ISH 2005 International Workshop on Information Security & Hiding, Singapore, May 9-12, 2005. [posted here 11/14/04]
The ISH05 Workshop, held in conjunction with the International Conference on Computational Science & Its Applications (ICCSA'05), is intended as an international forum for researchers in all areas of information security and information hiding. Submissions of papers presenting a high-quality original research are invited for the Workshop tracks:
- Cryptology (cryptography, cryptanalysis)
- Security engineering (side-channel attacks, crypto implementations)
- Steganology (steganography, steganalysis)
- Digital Watermarking

Topics of interest:
- Side-channel analysis & countermeasures
- Implementation of cryptographic algorithms,
- Cryptographic hardware: factoring, cryptanalysis, random number generators, reconfigurable, processors,
- Design & analysis of symmetric-key cryptosystems: block ciphers, stream ciphers, hash functions, MACs, modes of operation, backdoors
- RFID & privacy
- Public-key cryptography, Elliptic curve cryptosystems
- Provable security
- Trusted computing
- Subliminal & covert channels
- Steganography
- Digital watermarking
- Digital rights management
- Links between cryptology and steganology

More information can be found on the workshop web page at http://www.swinburne.edu.my/rphan/ISH05.htm.

Oakland 2005 The 2005 IEEE Symposium on Security and Privacy, The Claremont Resort, Berkeley/Oakland, California, USA, May 8-11, 2005. [posted here 9/7/04]
Since 1980, the IEEE Symposium on Security and Privacy has been the premier forum for the presentation of developments in computer security and electronic privacy, and for bringing together researchers and practitioners in the field. Previously unpublished papers offering novel research contributions in any aspect of computer security or electronic privacy are solicited for submission to the 2005 symposium. Papers may represent advances in the theory, design, implementation, analysis, or empirical evaluation of secure systems, either for general use or for specific application domains. Topics of interest include, but are not limited to, the following:
- Access Control and Audit
- Anonymity and Pseudonymity
- Authentication
- Automated Security Analysis
- Biometrics
- Data Integrity
- Database Security
- Denial of Service
- Distributed Systems Security
- Electronic Privacy
- Forensics
- Information Flow
- Intrusion Detection and Defense
- Language-Based Security
- Mobile Code and Agent Security
- Network Security
- Secure Hardware and Smartcards
- Security Engineering
- Security in Heterogeneous and Large-scale Environments
- Security of Mobile Ad-Hoc Networks
- Security Protocols
- Security Verification
- Viruses, Worms, and Other Malicious Code

The full call for papers can be found at http://www.ieee-security.org/TC/SP2005/oakland05-cfp.html.

DIMACS Workshop on Security of Web Services and E-Commerce, Rutgers University, Piscataway, NJ, USA, May 5-6, 2005. [posted here 11/14/04]
The growth of Web Services, and in particular electronic commerce activities based on them, is quickly being followed by work on Web Services security protocols. While core XML security standards like XMLDSIG, XMLENC and WS-Security have been completed, they only provide the basic building blocks of authentication, integrity protection and confidentiality for Web Services. Additional Web Services standards and protocols are required to provide higher-order operations such as trust management, delegation, and federation. At the same time, the sharp rise in "phishing" attacks and other forms of on-line fraud simply confirms that all our work on security protocols is for naught if we cannot make it both possible and easy for the average user to discover when a security property has failed during a transaction. This workshop aims to explore these areas as well as other current and future security and privacy challenges for Web Services applications and e-commerce.

The workshop will be open to the public (no submission is necessary to attend). If you'd like to give a presentation please send a title and abstract to commerce2005@farcaster.com as soon as possible. Submissions may describe ongoing or planned work related to the security of Web Services and electronic commerce, or they may discuss important research problems or propose a research agenda in this area. Also, we intend this to be a participatory and interactive meeting so we hope you will be able to contribute to the meeting even without giving an announced talk. Presented under the auspices of the Special Focus on Communication Security and Information Privacy.

For more information, please see http://dimacs.rutgers.edu/Workshops/Commerce/.

DHS R&D Conference 2005 Working Together: R&D Partnerships in Homeland Security, Boston, MA, USA, April 27-28, 2005. [posted here 1/17/05]
This two-day Conference will focus on state-of-the-art research and development to anticipate, prevent, respond to, and recover from high-consequence chemical, biological, radiological, nuclear, explosives and cyber terrorist threats. The conference will also address research and development to protect the nation's critical infrastructure, and the harnessing of science and intelligence to reduce threat and risk.

The objectives of this inaugural event are to encourage R&D partnerships among scientists and engineers from government, national laboratories, universities and research institutes, and private sector firms investing in research and development programs and facilities. We are seeking papers on Critical Infrastructure Protection and Cyber Security including:
- Sensor Performance Improvement
- Advanced Risk Modeling
- Simulation and Analysis for Decision Support
- Next-generation Designs and Architecture for Devices and Systems
- Addressing the Insider Threat
- Large-scale Situational Awareness for Critical Infrastructure.

For more information, please see http://www.homelandsecurityresearchconference.org/cfp.html.

PKI R&D Workshop 4th Annual PKI R&D Workshop - Multiple Paths to Trust, NIST, Gaithersburg, MD, USA, April 19-21, 2005. [posted here 09/07/04]
This workshop considers the full range of public key technology used for security decisions and supporting functionalities, including authentication, authorization, identity (syndication, federation, and aggregation), and trust. This year, the workshop has a particular interest in how PKI and emerging trust mechanisms will interact with each other at technical, policy and user levels to support trust models that lack a central authority. This workshop has three goals:
- Explore the current state of public key technology and emerging trust mechanisms in different domains including web services; grid technologies; authentication systems, et. al., in academia, research, government, and industry.
- Share & discuss lessons learned and scenarios from vendors and practitioners on current deployments.
- Provide a forum for leading security researchers to explore the issues relevant to PKI space in areas of security management, identity, trust, policy, authentication, and authorization.

For more info, please see: http://middleware.internet2.edu/pki05/cfp.html.

ISPEC 2005 The First Information Security Practice and Experience Conference, Singapore, April 11-14, 2005. [posted here 7/19/04]
ISPEC is intended to be an annual conference that brings together researchers and practitioners to provide a confluence of new information security technologies, their applications and their integration with IT systems in various vertical sectors.  Authors are invited to submit full papers presenting new research results related to information security technologies and applications.

Areas of interest include, but are not limited to:
- Applications of cryptography
- Critical infrastructure protection
- Digital rights management
- Economic incentives for deployment of information security systems
- Information security in vertical applications
- Legal and regulatory issues
- Privacy and anonymity
- Risk evaluation and security certification
- Resilience and availability
- Secure system architectures
- Security policy
- Security standards activities
- Trust model and management
- Usability aspects of information security systems

More information can be found on the workshop web page at http://ispec2005.i2r.a-star.edu.sg/.

USENIX 2005 USENIX Annual Technical Conference, Anaheim, CA, USA, April 10-15, 2005. [posted here 9/13/04]
The 2005 USENIX Annual Technical Conference General Session Program Committee seeks original and innovative papers about modern computing systems, emphasizing implementations with measured results.

Specific topics of interest include, but are not limited to:
- Benchmarking
- Deployment experience
- Distributed and parallel systems
- Embedded systems
- Energy/power management
- File and storage systems
- Networking and network services
- Operating systems
- Reliability and availability
- Security, privacy, and trust
- Self-managing systems
- Usage studies and workload characterization
- Virtual machines
- Web technology
- Wireless and mobile systems

The general call is available at: http://www.usenix.org/events/usenix05/cfp/general.html The FREENIX track also has a call on open source software. For more info, please see the USENIX page at: http://www.usenix.org/events/usenix05/cfp/freenix.html.

SPC 2005 2nd International Conference on Security in Pervasive Computing, Boppard, Germany, April 6-8, 2005. [posted here 6/12/04]
The ongoing shrinking of computing facilities to small and mobile devices like handhelds, portables or even wearable computers will enhance an ubiquitous information processing. The basic paradigm of such a pervasive computing is the combination of strongly decentralized and distributed computing with the help of diversified devices allowing for spontaneous connectivity. Computers will become invisible to the users awareness and exchange of information between devices will effectively defy users control.  The objective of this conference is to develop new security concepts for complex application scenarios based on systems like handhelds, phones, smartcards, RF-chips and smart labels hand in hand with the emerging technology of ubiquitous and pervasive computing. Particular topics include but are not limited to methods and technologies concerning:
- the identification of risks,
- the definition of security policies, and
- the development of security and privacy measures especially cryptographic protocols related to the specific aspects of ubiquitous and pervasive computing like mobility, location based services, ad-hoc networking, resource allocation/restriction, invisibility and secure hardware/software platforms.

For more info, please see : http://www.spc-conf.org.

IWIA 2005 Third IEEE International Information Assurance Workshop, Washington D.C., USA, March 31 - April 1, 2005[posted here 5/14/04]
The IEEE Task Force on Information Assurance is sponsoring a workshop on information assurance in cooperation with the ACM SIGSAC on research and experience in information assurance. The workshop seeks submissions from academia, government, and industry presenting novel research, applications and experience, and policy on all theoretical and practical aspects of IA.

Possible topics include, but are not limited to the following:
- Operating System IA & S
- Storage IA & S
- Network IA & S
- IA Standardization Approaches
- Information Sharing in Coalition Settings
- Security Models
- Survivability and Resilient Systems
- Formal Methods and Software Engineering for IA
- Survivability and Resilient Systems
- Formal Methods and Software Engineering for IA
- Proactive Approaches to IA
- CCITSE Experience and Methodology
- Intrusion Detection, Prediction, and Countermeasures
- Insider Attack Countermeasures
- Specification, Design, Development, and Deployment of IA Mechanisms
- Policy Issues in Information Assurance

More information can be found on the workshop web page at http://iwia.org/2005/.

TRECK-SAC 2005 ACM Symposium on Applied Computing 2005 Trust, Recommendations, Evidence and other Collaboration Know-how (TRECK) Track, Santa Fe, New Mexico, USA, March 13-17, 2005 [posted here 7/19/04]
The goal of the SAC 2005 TRECK track is to explore the set of applications that either benefit from the use of early trust-based mechanisms or could be enhanced by the integration of an advanced trust engine.

The topics of interest include, but are not limited to:
- Trust/risk-based security frameworks
- Applications of trust management components
- Improvement of recommender systems with adjunct trust/reputation
- Trust-enhanced collaborative applications
- Tangible guarantees given by formal models of trust and risk
- Applications of formal models of trust and risk
- Assessment and threat analysis of trust metrics
- Pervasive computational trust and use of context-aware features
- Trade-off between privacy and trust
- Automated collaboration and trust negotiation
- Integration of soft computing techniques in trust engines
- Evidence gathering and management
- Real world applications, running prototypes and advanced simulations
- Applicability in large scale, open and decentralized environments
- Representation, management and recognition of identities
- Trust and reputation in virtual organizations
- Legal and economic aspects related to the use of trust-based systems
- User-studies of computational trust applications

For more info, please see http://www.trustcomp.org/treck/.

PERCOM 2005 3rd IEEE International Conference on Pervasive computing and Communications, Kauai, Hawaii, USA, March 8-12, 2005. [posted here 1/14/04]
IEEE PerCom 2005 will be the third annual conference on the emerging area of pervasive computing and communications aimed at providing an exciting platform and paradigm for all the time, everywhere services. PerCom 2005 will provide a high profile, leading edge forum for researchers and engineers alike to present their latest research in the field of pervasive computing and communications. The topics of interest include, but are not limited to:
- Pervasive computing architectures
- Intelligent environments
- Wearable computers
- Smart devices and smart spaces
- Service discovery mechanisms
- Middleware services and Agent technologies
- Sensors and actuators
- Positioning and tracking technologies
- Integration of wired and wireless networks
- Personal area networks
- Mobile / wireless computing systems and services
- Context based and implicit computing
- Speech processing / advanced computer vision
- User interfaces and interaction models
- Wireless/mobile service management and delivery
- Ad hoc networking protocols and service discovery
- Resource management in pervasive computing platforms
- Security and privacy issues of pervasive computing systems

For more info, please see http://www.percom.org/index.htm.

I3P Research Fellowship The Institute for Information Infrastructure Protection (I3P) Research Fellowships, for post-doctoral researchers, junior faculty and research scientists. [posted here 1/31/05]
The I3P is a national research consortium of universities, federally-funded labs, and non-profit organizations. The I3P functions as a virtual national lab, bringing together experts from around the country to identify pressing problems and develop innovative approaches and technologies to help protect the U.S. information infrastructure. Through its Fellowship Program, the I3P seeks to build a nationwide cadre of investigators focused on important research challenges highlighted by the I3P Cyber Security Research and Development Agenda. The I3P is chaired and managed by Dartmouth College. This program is funded by the U.S. Department of Homeland Security.

I3P Fellowship Research Areas:
- Enterprise Security Management
- Trust Among Distributed Autonomous Parties
- Discovery and Analysis of Security Properties and Vulnerabilities
- Secure System and Network Response and Recovery
- Traceback, Identification, and Forensics
- Wireless Security
- Metrics and Models
- Law, Policy, and Economic Issues.

For more information, please see http://www.thei3p.org/fellowships.

FC 2005 Ninth International Conference on Financial Cryptography and Data Security, Roseau, The Commonwealth Of Dominica, February 28 - March 3, 2005. [posted here 5/13/04]
Financial Cryptography and Data Security (FC'05) is the premier international forum for research, advanced development, education, exploration, and debate
regarding security in the context of finance and commerce. We have augmented our conference title and expanded our scope to cover all aspects of securing
transactions and systems. These aspects include a range of technical areas such as: cryptography, payment systems, secure transaction architectures, software
systems and tools, user and operator interfaces, fraud prevention, payment systems, secure IT infrastructure, and analysis methodologies. Our focus will
also encompass legal, financial, business and policy aspects. Material both on theoretical (fundamental) aspects of securing systems and on secure applications
and real-world deployments will be considered.

Original papers and presentations on all aspects of financial and commerce security are invited. Submissions must have a visible bearing on
financial and commerce security issues, but can be interdisciplinary in nature and need not be exclusively concerned with cryptography or security. Possible topics for
submission to the various sessions include, but are not limited to:
- Anonymity and Privacy
- Auctions
- Audit and Auditability
- Authentication and Identification, including Biometrics
- Certification and Authorization
- Commercial Cryptographic Applications
- Commercial Transactions and Contracts
- Digital Cash and Payment Systems
- Digital Incentive and Loyalty Systems
- Digital Rights Management
- Financial Regulation and Reporting
- Fraud Detection
- Game Theoretic Approaches to Security
- Infrastructure Design
- Legal and Regulatory Issues
- Microfinance and Micropayments
- Monitoring, Management and Operations
- Reputation Systems
- RFID-Based and Contactless Payment Systems
- Risk Assessment and Management
- Secure Banking
- Secure Financial Web Services
- Securing Emerging Computational Paradigms
- Security and Risk Perceptions and Judgments
- Security Economics
- Smart Cards and Secure Tokens
- Trust Management
- Trustability and Trustworthiness
- Underground-Market Economics
- Usability and Acceptance of Security Systems
- User and Operator Interfaces

For more info, please see http://www.ifca.ai/fc05/.

CT-RSA 2005 RSA Conference 2005, Cryptographers' Track, February 14-18, 2005, San Francisco, CA, USA. [posted here 3/27/04]
The RSA Conference is the largest, regularly staged computer security event. The Cryptographers' Track (CT-RSA) is a research conference within the RSA Conference. CT-RSA 2005 will be the fifth year of the Cryptographers' Track, which has become an established venue for presenting practical research results related to cryptography and data security.

Original research papers pertaining to all aspects of cryptography as well as tutorials are solicited. Submissions may present theory,
techniques, applications and practical experience on topics including, but not limited to: fast implementations, secure electronic commerce, network security and intrusion detection, formal security models, comparison and assessment, tamper-resistance, certification and time-stamping, cryptographic data formats and standards, encryption and signature schemes, public-key infrastructure, protocols, elliptic-curve cryptography, cryptographic algorithm design and cryptanalysis, discrete logarithm and factorization techniques, lattice reduction, and provable security.

For more information, please see http://www.rsasecurity.com/rsalabs/node.asp?id=2015.

NDSS 2005 The Internet Society 2005 Network and Distributed System Security Symposium, Catamaran Resort, San Diego, California, February 2-4, 2005. [posted here 7/19/04]
This symposium will foster information exchange among researchers and practioners of network and distributed system security services. The intended audience includes those who are interested in the practical aspects of network and distributed system security, focusing on actual system design and implementation, rather than theory. A major goal of the symposium is to encourage and enable the Internet community to apply, deploy, and advance the state of available security technology. The proceedings of the symposium will be published by the Internet Society. The Program Committee invites both technical papers and panel proposals. Submissions are solicited for, but are not limited to, the following topics:
- Integrating security in Internet protocols: routing, naming, TCP/IP, multicast, network management, and the Web.
- Intrusion avoidance, detection, and response: systems, experiences and architectures.
- Privacy and anonymity technologies.
- Network perimeter controls: firewalls, packet filters, application gateways.
- Virtual private networks.
- Public key infrastructure, key management, certification, and revocation.
- Secure electronic commerce: e.g., payment, barter, EDI, notarization, timestamping, endorsement, and licensing.
- Supporting security mechanisms and APIs; audit trails; accountability.
- Implementation, deployment and management of network security policies.
- Intellectual property protection: protocols, implementations, metering, watermarking, digital rights management.
- Fundamental services on network and distributed systems: authentication, data integrity, confidentiality, authorization, non-repudiation, and availability.
- Integrating security services with system and application security facilities and protocols: e.g., message handling, file transport/access, directories, time synchronization, data base management, boot services, mobile computing.
- Security for emerging technologies: sensor networks, specialized testbeds, wireless/mobile (and ad hoc) networks, personal communication systems, peer-to-peer and overlay network systems.
- Special problems and case studies: e.g., tradeoffs between security and efficiency, usability, reliability and cost.
- Security for collaborative applications: teleconferencing and video-conferencing, electronic voting, groupwork, etc.
- Software hardening: e.g., detecting and defending against software bugs (overflows, etc.)

For more information, please see http://www.isoc.org/isoc/conferences/ndss/05/index.shtml.

AISW2005 Australasian Information Security Workshop - Digital Rights Management, January 31-February 3, 2005, University of Newcastle, UK. [posted here 8/4/04]
The workshop seeks submissions from academia and industry presenting novel research on theoretical and practical aspects of DRM, as well as experimental studies and fielded systems. We encourage submissions from other communities such as law and business that present these communities' perspectives on technological issues. It is planned to publish accepted papers in the Conferences in Research and Practice in Information Technology series.

For more info, please see http://www.sitacs.uow.edu/aisw2005.

WITS'05  Workshop on Issues in the Theory of Security, Long Beach, California (co-located with POPL'05), January 10-11, 2005. [posted here 09/07/04]
WITS is the official workshop organised by the IFIP WG 1.7 on "Theoretical Foundations of Security Analysis and Design", established to promote the investigation on the theoretical foundations of security,  discovering and promoting new areas of application of theoretical techniques in computer security and supporting the systematic use of formal techniques in the development of security related applications. The members of WG hold their annual workshop as an open event to which all researchers working on the theory of computer security are invited.  This is the fourth workshop of the series. We are seeking sponsorship from ACM SIGPLAN, and plan to be organized in cooperation with GI working group FoMSESS.  Proceedings from of the workshop will be published in the ACM Digital Library.  We are also planning a special issue of the Journal of Computer Security on the workshop.

Suggested submission topics include:
- formal definition and verification of the various aspects of security: confidentiality, privacy, integrity, authentication and availability
- new theoretically-based techniques for the formal analysis and design of cryptographic protocols and their manifold applications (e.g., electronic commerce)
- information flow modelling and its application to the theory of confidentiality policies, composition of systems, and covert channel analysis
- formal techniques for the analysis and verification of code security, including mobile code security
- formal analysis and design for prevention of denial of service.
- security in real-time/probabilistic systems
- language-based security

More information about the workshop can be found at http://chacs.nrl.navy.mil/wits05.

HICSS2005   Security and Survivability of Networked Systems (minitrack at HICSS2005), Hawai'i, USA, January 3-6, 2005. [posted here 3/27/04]
Minitrack description: Malicious attacks on computing systems and networks have grown steadily over the last decade and have reached epidemic proportions.  Despite much progress in security research, the numbers of reported vulnerabilities and incidents are increasing. We are fully embracing computer and network technology in all aspects of our daily lives, and even to control our critical infrastructures, where failures could result in loss of life or have huge financial and environmental consequences. We need to our increase research efforts in this arena.

This minitrack focuses on security and survivability in networked computer systems. Of special interest are contributions that
address survival, tolerance, recovery or masking of malicious attacks. Submissions will be sought from researchers in the area of system survivability, fault-tolerance and intrusion tolerance, software dependability, computer and network security, and economic or statistical modeling of secure/survivable systems.

Topics include, but are not limited to:
- System or software survivability
- Safety critical failure modes
- Network or system intrusion tolerance
- Modeling malicious behavior or attacks
- Survivability and security issues of mobile agent based systems
- Survivability and security issues of ad-hoc networks
- Mathematical models for verification of vulnerability to malicious acts
- Models for measurement/evaluation/validation of survivability
- Software and hardware fault tolerance
- Design for dependability and/or survivability
- PRA and hybrid fault models accounting for malicious acts

For more information see: http://www.cs.uidaho.edu/~krings/HICSS38.htm