Cipher
Calls for Papers



IEEE Computer Society's Technical Committee on Security and Privacy


 

Past Conferences and Journal Special Issues

Last Modified:1/8/07

Note: Please contact cipher-cfp@ieee-security.org by email if you have any questions..

Contents

Past journals announcements

Past conferences and other announcements

 
       

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

2003

2002

2001

2000

1999

1998

1997

 

Past Conferences and Other Announcements - 2006

PADM 2006 IEEE International Workshop on Privacy Aspects of Data Mining, Held in conjunction with the 6th IEEE International Conference on Data Mining (ICDM 2006), Hong Kong, December 18, 2006. [posted here 7/18/06]
Privacy protection in data mining is a crucial issue that has captured the attention of many researchers and administrators across a large number of application domains. Despite such efforts there are still many open issues that deserve further investigation. The workshop hopes to gather researchers and practitioners interested in the privacy aspects of data mining, both by a technical, and a social and legal point of views. We hope to attract interest from a wide range of possible data mining subareas, including: web mining, medical data mining, spatio-temporal data mining, ubiquitous knowledge discovery, and obviously, privacy-preserving data mining. The workshop will seek submissions that cover aspects of privacy protection solutions and threats as they pertain to various data mining endeavors. The following comprises a sample, but not complete, listing of topics:
- Biomedical and healthcare data mining research privacy
- Cryptographic tools for privacy preserving data mining
- Inference and disclosure control for data mining
- Learning algorithms for randomized/perturbed data
- Legal and regulatory frameworks for data mining and privacy
- Privacy and anonymity in e-commerce and user profiling
- Privacy aspects of business processes and enterprise management
- Privacy aspects of geographic, spatial, and temporal data
- Privacy aspects of ubiquitous computing systems
- Privacy enhancement technologies in web environments
- Privacy policy infrastructure, enforcement, and analysis
- Privacy preserving link and social network analysis
- Privacy preserving applications for homeland security
- Privacy preserving data integration
- Privacy protection in fraud and identify theft prevention
- Privacy threats due to data mining
- Query systems and access control
- Trust management for data mining

For more information, please see http://liuppamdm.univ-pau.fr/sws06/.

ICISS 2006 2nd International Conference on Information Systems Security, Kolkata, India, December 17-21, 2006. [posted here 3/6/06]
ICISS conference presents a forum for disseminating the latest research results in Information Systems Security and related areas. Topics of interest include but are not limited to:
- Authentication and Access Control
- Mobile Code Security
- Key Management and Cryptographic Protocols
- E-Business / E-Commerce Security
- Privacy And Anonymity
- Intrusion Detection and Avoidance
- Security Verification
- Database and Application Security and Integrity
- Digital Rights Management
- Security In P2P, Sensor and Ad Hoc Networks
- Secure Web Services
- Fault Tolerance and Recovery Methods For Security Infrastructure
- Threats, Vulnerabilities and Risk Management
- Commercial and Industrial Security

For more information, please see http://www.cdcju.org.in/iciss2006/.

CANS 2006 5th International Conference on Cryptology and Network Security, Suzhou, China, December 8-10, 2006. [posted here 2/8/06]
The main goal of this conference is to promote research on all aspects of network security and cryptology. It is also the goal to build a bridge between research on cryptography and network security. So, we welcome scientific and academic papers that focus on this multidisciplinary area. Areas of interest for CANS '06 include, but are not limited to, the following topics:
- Ad Hoc Network Security
- Access Control for Networks
- Anonymity and internet voting
- Cryptology
- Denial of Service
- Fast Cryptographic Algorithms
- Information Hiding
- Intrusion Detection
- IP Security
- Multicast Security
- PKI
- Phishing
- Router Security
- Secure E-Mail
- Secure protocols (SSH, SSL, ...)
- Spam
- Spyware
- Scanning

For more information, please see http://cis.sjtu.edu.cn/cans2006/index.htm.

ASIAN 2006 11th Annual Asian Computing Science Conference, Tokyo, Japan, December 6-8, 2006. [posted here 7/28/06]
The theme of this year's Annual ASIAN Conference is Secure Software and related computer security issues. The conference aims at discovering and promoting new ways to apply theoretical and practical techniques in secure software analysis, design, development, and operation. Papers are invited on all aspects of theory, practice, applications, and experiences related to this theme. Moreover, papers targeting lessons learn from and education for the development and operation of secure software are particularly welcome. Topics of interest include but are not limited to:
- Theoretical approaches to secure software
- Formal specification and verification of software
- Programming language semantics
- Static analysis
- Type systems and type theory for secure programming
- Automated deduction and reasoning about secure software
- Model checking for security
- Testing and aspects of security in software
- Secure protocols and networks
- Authentication and cryptography issues
- logic and semantics for protocol analysis
- Dependable and autonomic architectures and design
- Secure OS and middleware
- Artificial intelligence for secure systems
- Secure software engineering
- Education for secure software development
- Security-specific software development practices
- Case analysis and failure analysis for secure software
- Policy and standardization issues for secure software

For more information, please see http://www.nii.ac.jp/asian2006/.

ICICS 2006 8th International Conference on Information and Communications Security, Raleigh, NC, USA, December 4-7, 2006. [posted here 6/8/06]
The 2006 International Conference on Information and Communications Security (ICICS '06) will be the eighth event in the ICICS conference series, started in 1997, that brings together researchers and scholars involved in multiple disciplines of Information and Communications Security in order to foster exchange of ideas. ICICS 2006 seeks submissions from academia and industry presenting novel research on all aspects of information and communications security, as well as experimental studies of fielded systems. Topics of interest include, but are not limited to, the following:
- Access Control and Audit
- Anonymity and Pseudonymity
- Authentication
- Automated and Large-Scale Attacks
- Biometrics
- Commercial and Industrial Security
- Data Integrity
- Database security
- Denial of Service
- Distributed Systems Security
- Electronic Privacy
- Information Flow
- Intrusion Detection
- Language-Based Security
- Malicious Code
- Mobile Code and Agent Security
- Network Security
- Peer-to-Peer Security
- Secure Hardware and Smartcards
- Security Protocols
- Security Verification
- Security of Emerging Networks (e.g., Ad-Hoc Networks)

For more information, please see http://discovery.csc.ncsu.edu/ICICS06/.

WATC 2006 2nd Workshop on Advances in Trusted Computing, Tokyo, Japan, November 30 - December 1, 2006. [posted here 6/10/06]
Modern computer systems in large-scale, decentralized, and heterogeneous environments are now facing the diverse threats such as from viruses and other malware. Security research seeks to make computers safer and less vulnerable to those IT threats, and thus more dependable. The goal of Trusted Computing is to allow computers and servers to offer improved computer security relative to that what is currently available. The workshop solicits technical papers offering research contributions spanning from foundations, theory and tools of trusted computing to up-to-date issues. The workshop proceedings will be available at the workshop and via its website. Papers may present theory, applications, or practical experiences on topics including, but not limited to:
- models and principles for trusted computing
- formal models and verification
- software- or hardware-based approaches
- cryptographic approaches
- remote attestation of trusted devices
- standardization in trusted computing groups
- issues in trusted platform modules
- property-based and semantic attestation
- theory and practice for trusted virtual domains
- privacy and legal issues
- applications and case studies
- compliance and conformance
- trust evaluations of computing systems
- scalability
- applications and use cases
- system and platform architectures
- access control and information flow control
- communications
- virtualization and trusted computing
- trusted client architectures
- integrity-evaluating architectures
- integrity management infrastructures

For more information, please see http://www.trl.ibm.com/projects/watc/.

TrustCol 2006 Workshop on Trusted Collaboration, Held in conjunction with the 2nd IEEE International Conference on Collaborative Computing: Networking, Applications and Worksharing (CollaborateCom 2006), Atlanta, GA, USA, November 17 - 20, 2006. [posted here 7/6/06]
The ongoing, rapid developments in information systems technologies and networking have enabled significant opportunities for streamlining decision making processes and maximizing productivity through distributed collaborations that facilitate unprecedented levels of sharing of information and computational resources. Emerging collaborative environments need to provide efficient support for seamless integration of heterogeneous technologies such as mobile devices and infrastructures, web services, grid computing systems, various operating environments, and diverse COTS products. Such heterogeneity introduces, however, significant security and privacy challenges for distributed collaborative applications. Balancing the competing goals of collaboration and security is difficult because interaction in collaborative systems is targeted towards making people, information, and resources available to all who need it whereas information security seeks to ensure the availability, confidentiality, and integrity of these elements while providing it only to those with proper trustworthiness. The key goal of this workshop is to foster active interactions among diverse researchers and practitioners, and generate added momentum towards research in finding viable solutions to the security and privacy challenges faced by the current and future collaborative systems and infrastructures. Topics of interest include, but are not limited to:
- Access control models and mechanisms for collaboration environments
- Security frameworks and architectures for trusted collaboration
- Privacy control in collaborative environments
- Secure middleware for large scale collaborative infrastructures
- Secure dynamic coalition environments
- Secure workflows for collaborative computing
- Secure interoperation in multidomain collaborative environments
- Security and privacy issues in mobile collaborative applications
- Trust models, trust negotiation/management for collaborative systems
- Policy-based management of collaborative workspace
- Secure distributed multimedia collaboration
- Protection models and mechanisms for peer-to-peer collaborative environments
- Delegation, accountability, and information flow control in collaborative applications
- Intrusion detection, recovery and survivability of collaborative systems/infrastructures
- Security of web services and grid technologies for supporting multidomain collaborative applications
- Semantic web technologies for security collaborative infrastructures

For more information, please see http://www.trustcol.org/.

SSI 2006 8th International Symposium on System and Information Security, Sao Jose dos Campos, Sao Paulo, Brazil, November 8-10, 2006. [posted here 8/20/06]
The International Symposium on System and Information Security (SSI) is organized by Instituto Tecnologico de Aeronautica (ITA) and is the foremost event of its kind in Latin America. Submission of original papers on all aspects of computer and network security is invited. Topics of interest include but are not limited to the following:
- Artificial Intelligence methods in system security
- Authentication, access control and auditing
- Computer forensics
- Cryptography
- Database security
- Dependability
- Digital certificates and Public Key Infrastructure - PKI
- Digital Rights Management
- E-commerce security
- Firewalls and other security tools
- Formal methods in system security
- Internet/Web security
- Intrusion detection and prevention
- Management of enterprise security
- Mobile code and agent security
- Network security
- New security paradigms
- Operating systems security
- Risk/vulnerability analysis, assessment and management
- Security in electronic voting systems
- Security of distributed systems
- Security of emerging technologies
- Security policies
- Secure programming
- Security in P2P and Grid computing
- Threats and information warfare
- Trust management
- User privacy and anonymity
- Viruses and other malicious code
- Wireless and ubiquitous computing security

For more information, please see http://www.ssi.org.br/english/.

SWS 2006 1st Workshop on Secure Web Services, Held in conjunction with the 13th ACM Conference on Computer and Communications Security (CCS 2006), FairFax, VA, USA, November 3, 2006. [posted here 5/26/06]
Basic security protocols for Web Services, such as XML Security, the WS-* series of proposals, SAML, and XACML are the basic set of building blocks enabling Web Services and the nodes of GRID architectures to interoperate securely. While these building blocks are now firmly in place, a number of challenges are still to be met for Web services and GRID nodes to be fully secured and trusted, providing for secure communications between cross-platform and cross-language Web services. Also, the current trend toward representing Web services orchestration and choreography via advanced business process metadata is fostering a further evolution of current security models and languages, whose key issues include setting and managing security policies, inter-organizational (trusted partner) security issues and the implementation of high level business policies in a Web services environment. The SWS workshop explores these challenges, ranging from the advancement and best practices of building block technologies such as XML and Web services security protocols to higher level issues such as advanced metadata, general security policies, trust establishment, risk management, and service assurance. Topics of interest include, but are not limited to, the following:
- Web services and GRID computing security
- Authentication and authorization
- Frameworks for managing, establishing and assessing inter-organizational trust relationships
- Web services exploitation of Trusted Computing
- Semantics-aware Web service security and Semantic Web Secure orchestration of Web services
- Privacy and digital identities support

For more information, please see http://liuppamdm.univ-pau.fr/sws06/.

DIM 2006 2nd Workshop on Digital Identity Management, Held in conjunction with the 13th ACM Conference on Computer and Communications Security (CCS 2006), FairFax, VA, USA, November 3, 2006. [posted here 5/26/06]
The Second Workshop on Digital Identity Management will explore the relevance of User Centric Identity Management as an organizing principle for digital identity. It is designed to bring together practitioners, corporate researchers and academics to explore the newly emerging “User Centric” technologies for identity management. The goal of the workshop is to lay the foundation and agenda for further research and development in this area. Under the broad umbrella of user-centric identity, we are soliciting papers from researchers and practitioners on topics including, (but not limited to):
- Basic principles – what makes an identity system user-centric?
- Client-hosted identity
- Consistent UI for identity transactions
- Identity lifecycle management
- Identity Metasystem
- Identity theft prevention
- Privacy-enhancing identity management
- Private Credentials
- Social networks
- Strong authentication
- Unlinkability of Transactions
- URI-based identity systems

For more information, please see http://www2.pflab.ecl.ntt.co.jp/dim2006/.

VizSEC 2006 3rd Workshop on Visualization for Computer Security, Held in conjunction with the 13th ACM Conference on Computer and Communications Security (CCS 2006), FairFax, VA, USA, November 3, 2006. [posted here 3/29/06]
In many applications, visualization has proven to be very effective to understanding such high-dimensional data. Thus, there is a growing interest in the development of visualization methods as alternative or complementary solutions for pressing cybersecurity problems. Visualization represents high-dimensional security data in 2D/3D graphics and animations intended to facilitate quick inferences for situational awareness and/or focusing of attention on potential security events. In order to promote the highest intellectual exchange possible, we seek submissions in four different paper categories, specifically: (1) Tool Update (1-2 pages), (2) Short Paper (3-5 pages), (3) Long Paper (6-10 pages), and (4) Position Paper (2-5 pages). All accepted papers will be published in hardcopy ACM proceedings available the day of the workshop and as well as within the ACM Digital Library. A list of potential topics includes, but is not limited to, the following:
- visualization support for Internet security situational awareness
- visualization support for end user security
- visualization for ISP management support (highlighting security)
- visual authentication schemes (graphical passwords, biometrics)
- visualization to enable secure E-commerce
- visualization for secure transactions via web browsers
- visualization support for secure programming
- visualization support for security device management
- visualizing intrusion detection system alarms (NIDS/HIDS)
- visualizing worm/virus propagation
- visualizing routing anomalies
- feature selection
- forensic visualization
- visualizing network traffic for security
- dynamic attack tree creation (graphic)
- usability studies of security visualization tools
- visualizing large volume computer network logs

For more information, please see http://www.projects.ncassr.org/sift/vizsec/vizsec06/.

STC 2006 1st Workshop on Scalable Trusted Computing, Held in conjunction with the 13th ACM Conference on Computer and Communications Security (CCS 2006), FairFax, VA, USA, November 3, 2006. [posted here 5/26/06]
In a society increasingly dependent on networked information systems, trusted computing plays a crucial role. Despite significant progress in trusted computing components, the issue of scalability in trusted computing and its impact on security are not well-understood. Consequently, there is a dearth of practical solutions for trusted computing in large-scale systems. Approaches suitable for small- or medium-scale trusted computing systems might not be applicable to larger-scale scenarios. This new workshop is focused on trusted computing in large-scale systems -- those involving (at the very least) many millions of users and thousands of third parties with varying degrees of trust. The workshop is intended to serve as a forum for researchers as well as practitioners to disseminate and discuss recent advances and emerging issues. Topics of interest to the workshop include the following:
- models for trusted computing
- principles of trusted computing
- modeling of computing environments, threats, attacks and countermeasures
- limitations, alternatives and tradeoffs regarding trusted computing
- trust in authentications, users and computing services
- hardware based trusted computing
- software based trusted computing
- pros and cons of hardware based approach
- remote attestation of trusted devices
- censorship-freeness in trusted computing
- cryptographic support in trusted computing
- case study in trusted computing
- applications of trusted computing
- intrusion resilience in trusted computing
- access control for trusted computing
- trust of computing systems
- principles for handling scales

For more information, please see http://www.cs.utsa.edu/~shxu/stc06/.

FMSE 2006 4th Workshop on Formal Methods in Security Engineering: From Specifications to Code, Held in conjunction with the 13th ACM Conference on Computer and Communications Security (CCS-13), Fairfax, VA, USA, November 3, 2006. [posted here 5/26/06]
Information security has become a crucial concern for the commercial deployment of almost all applications and middleware. Although this is commonly recognized, the incorporation of security requirements in the software development process is not yet well understood. The deployment of security mechanisms is often ad hoc, without a formal security specification or analysis, and practically always without a formal security validation of the final product. Progress is being made, but there remains a wide gap between high-level security models and actual code development. We seek original research papers addressing foundational issues in formal methods in security engineering. Topics covered include, but are not limited to:
- security specification techniques
- formal trust models
- combination of formal techniques with semi-formal techniques such as UML
- formal analyses of specific security properties relevant to software development
- security-preserving composition and refinement of processes
- symbolic and computational models of security protocols
- integration of security aspects into formal development methods and tools
- access control policies
- information flow
- risk management and network security
- formal analysis of firewalls and intrusion detection systems
- trusted computing
- case studies

For more information, please see http://www.cs.chalmers.se/~dave/FMSE06/.

WORM 2006 4th Workshop on Recurring Malcode, Held in conjunction with the 13th ACM Conference on Computer and Communications Security (CCS-13), Fairfax, VA, USA, November 3, 2006. [posted here 5/15/06]
Internet-wide infectious epidemics have emerged as one of the leading threats to information security and service availability. Self-propagating threats, generally termed 'worms', exploit software weaknesses, hardware limitations, Internet topology, and the open Internet communication model to compromise large numbers of networked systems. Internet worms are increasingly being used as delivery mechanisms for malicious payloads such as spyware, phishing servers, spam relays, and information espionage. Unfortunately, current operational practices still face significant challenges in containing these threats as evidenced by the rise in automated botnet networks and the continued presence of worms released years ago. This workshop provides a forum for exchanging ideas, increasing understanding, and relating experiences on self-propagating malicious software from a wide range of communities, including academia, industry, and the government. We are soliciting papers from researchers and practitioners on subjects including, but not limited to:
- Automatic worm detection and characterization
- Reactive countermeasures
- Proactive defenses
- Detecting and disrupting botnets and malware command and control
- Threat assessment
- New threats and related challenges
- Measurement studies
- Testbeds & evaluation
- Reverse engineering
- Significant operational experiences
- Analysis of worm/botnet construction, current & future
- Modeling and analysis of propagation dynamics
- Forensic methods of attribution

For more information, please see http://www.eecs.umich.edu/~farnam/worm2006.html.

CCS 2006 13th ACM Conference on Computer and Communications Security, Alexandria, VA, USA, October 30 – November 3, 2006. [posted here 3/15/06]
The conference seeks submissions from academia and industry presenting novel research on all theoretical and practical aspects of computer security, as well as case studies and implementation experiences. Papers should have practical relevance to the construction, evaluation, application, or operation of secure systems. Theoretical papers must make convincing argument for the practical significance of the results. Theory must be justified by compelling examples illustrating its application. The primary criterion for appropriateness for CCS is demonstrated practical relevance. CCS may therefore reject perfectly good papers that are appropriate for theory-oriented conferences. Topics of interest include:
- anonymity
- access control
- secure networking
- accounting and audit
- trust models
- key management
- intrusion detection
- authentication
- smartcards
- security location services
- data and application security
- privacy-enhancing technology
- inference/controlled disclosure
- intellectual property protection
- digital rights management
- trust management policies
- phishing and countermeasures
- commercial and industry security
- security management
- database security
- applied cryptography
- peer-to-peer security
- security for mobile code
- cryptographic protocols
- data/system integrity
- information warfare
- identity management
- security in IT outsourcing

For more information, please see http://www.acm.org/sigs/sigsac/ccs/CCS2006/.

StorageSS 2006 2nd Workshop on Storage Security and Survivability, Held in conjunction with the 13th ACM Conference on Computer and Communications Security (CCS 2006), Alexandria, VA, USA, October 30, 2006. [posted here 5/26/06]
There has been an evolution of protection solutions mirrored in both the security and survivability research communities: (1) from physical protection solutions targeting people, (2) to system protection solutions targeting networked-systems, (3) and now the new emerging paradigm of information-centric solutions targeting the data itself. This workshop will focus on stimulating new ideas in order to reshape storage protection strategies. Clearly, storage security and survivability is a complex, multi-dimensional problem that changes over time, so a large variety of approaches may be appropriate including prevention, monitoring, measurements, mitigation, and recovery. The StorageSS workshop aims to foster a greater exchange between computer protection researchers/professionals and computer storage researchers and professionals. A list of potential topics includes but is not limited to the following:
- storage protection tradeoffs
- storage protection deployment (including case studies)
- smart storage for security/survivability
- analysis of covert storage channels
- storage leak analysis
- mobile storage protection
- novel backup protection techniques
- storage versioning protection techniques
- storage encryption techniques (both key mgmt and crypto algorithms)
- tamper-evident storage protection techniques
- immutable storage protection techniques; provenance
- storage threat models
- storage intrusion detection systems
- storage area network (SAN) security/survivability
- security/survivability for storage over a distance
- security/survivability with Internet storage service providers
- security for long-term / archival storage
- storage security/survivability in an HPC environment
- interaction of storage security/survivability and databases
- privacy issues in remote/hosted storage

For more information, please see http://www.storagess.org/.

SASN 2006 4th ACM Workshop on Security of Ad Hoc and Sensor Networks, Held in conjunction with the 13th ACM Conference on Computer and Communications Security (CCS 2006), Alexandria, VA, USA, October 30, 2006. [posted here 4/17/06]
Ad hoc and sensor networks are expected to become an integral part of the future computing landscape. However, these networks introduce new security challenges due to their dynamic topology, severe resource constraints, and absence of a trusted infrastructure. SASN 2006 seeks submissions from academia and industry presenting novel research on all aspects of security for ad hoc and sensor networks, as well as experimental studies of fielded systems. Topics of interest include, but are not limited to, the following as they relate to mobile ad hoc networks or sensor networks:
- Security under resource constraints (e.g., energy, bandwidth, memory, and computation constraints)
- Performance and security tradeoffs
- Secure roaming across administrative domains
- Key management
- Cryptographic Protocols
- Authentication and access control
- Trust establishment, negotiation, and management
- Intrusion detection and tolerance
- Secure location services
- Secure clock distribution
- Privacy and anonymity
- Secure routing
- Secure MAC protocols
- Denial of service
- Prevention of traffic analysis

For more information, please see http://www.cse.psu.edu/~szhu/SASN2006/.

DRM 2006 6th Workshop on Digital Rights Management, Held in conjunction with the 13th ACM Conference on Computer and Communications Security (CCS 2006), Alexandria, VA, USA, October 30, 2006. [posted here 5/26/06]
Digital Rights Management (DRM) is an area of pressing interest, as the Internet has become the center of distribution for digital goods of all sorts. The business potential of digital content distribution is huge, as are its economic, legal and social implications. DRM, as a technical interdisciplinary field, is at the heart of controlling the digital content and assuring authorized, user friendly, safe, well-managed, automated, and fraud-free distribution. The field of DRM combines cryptographic technology, software and systems research, information and signal processing methods, legal, social and policy aspects, as well as business analysis and economics. Original papers on all aspects of Digital Rights Management are solicited for submission to DRM 2006, the Sixth ACM Workshop on Digital Rights Management. Topics of interest include but are not limited to:
- anonymous publishing
- architectures for DRM systems auditing
- business models for online content distribution
- computing environments and platforms for DRM systems
- copyright-law issues, including but not limited to fair use
- digital policy management
- implementations and case studies
- privacy and anonymity
- risk management
- robust identification of digital content
- security issues, including but not limited to authorization, encryption, tamper resistance, and watermarking
- software related issues
- supporting cryptographic technology including but not limited to traitor tracing, broadcast encryption, obfuscation
- threat and vulnerability assessment
- concrete software patent cases
- usability aspects of DRM systems
- web services related to DRM systems

For more information, please see http://www.titr.uow.edu.au/DRM2006/.

WPES 2006 5th Workshop on Privacy in the Electronic Society, Held in conjunction with the 13th ACM Conference on Computer and Communications Security (CCS 2006), Alexandria, VA, USA, October 30, 2006. [posted here 5/26/06]
The need for privacy-aware policies, regulations, and techniques has been widely recognized. This workshop discusses the problems of privacy in the global interconnected societies and possible solutions. The workshop seeks submissions from academia and industry presenting novel research on all theoretical and practical aspects of electronic privacy, as well as experimental studies of fielded systems. We encourage submissions from other communities such as law and business that present these communities' perspectives on technological issues. Topics of interest include, but are not limited to:
- anonymity, pseudonymity, and unlinkability
- data correlation and leakage attacks
- electronic communication privacy
- information dissemination control
- privacy in health care and public administration
- privacy and confidentiality management
- personally identifiable information
- privacy-aware access control
- privacy in the digital business
- privacy enhancing technologies
- privacy policies
- privacy and anonymity on the Web
- privacy in the electronic records
- public records and personal privacy
- privacy and human rights
- privacy threats
- privacy and virtual identity
- privacy policy enforcement
- privacy and data mining
- privacy vs. security
- user profiling
- wireless privacy
- economics of privacy

For more information, please see http://freehaven.net/wpes2006/.

QOP 2006 2nd Workshop on Quality of Protection, Held in conjunction with the 13th ACM Conference on Computer and Communications Security (CCS 2006), Alexandria, VA, USA, October 30, 2006. [posted here 5/26/06]
The QoP Workshop intends to discuss how security research can progress towards a notion of Quality of Protection in Security comparable to the notion of Quality of Service in Networking, Software Reliability, or Software Measurements and Metrics in Empirical Software Engineering. Original submissions are solicited from industry and academic experts to presents their work, plans and views related to Quality of Protection. The topics of interest include but are not limited to:
- Case studies
- Security Risk Analysis
- Security Quality Assurance
- Measurement-based decision making and risk management
- Empirical assessment of security architectures and solutions
- Mining data from attacks and vulnerabilities repositories
- Security metrics
- Measurement theory and formal theories of security metrics
- Security measurement and monitoring
- Experimental verification and validation of models
- Simulation and statistical analysis, stochastic modelling
- Reliability analysis

For more information, please see http://dit.unitn.it/~qop/.

WESII 2006 The Workshop on the Economics of Securing the Information Infrastructure, Arlington, VA, USA, October 23-24, 2006. [posted here 2/3/06]
Our information infrastructure suffers from decades-old vulnerabilities, from the low-level algorithms that select communications routes to the application-level services on which we are becoming increasingly dependent. Are we investing enough to protect our infrastructure? How can we best overcome the inevitable bootstrapping problems that impede efforts to add security to this infrastructure? Who stands to benefit and who stands to lose as security features are integrated into these basic services? How can technology investment decisions best be presented to policymakers? We invite infrastructure providers, developers, social scientists, computer scientists, legal scholars, security engineers, and especially policymakers to help address these and other related questions. Suggested topics (not intended to be comprehensive):
- The economics of deploying security into: The Domain Name System (DNS), BGP & routing infrastrucure, Email & spam prevention, Programming languages, Legacy code bases, User interfaces, and Operating systems
- Measuring the cost of adding security
- Models of deployment penetration
- Empirical studies of deployment
- Measuring/estimating damages
- Code origin authentication
- Establishing roots of trust
- Identity management infrastructure
- Data archival and warehousing infrastructure
- Securing open source code libraries
- Adding security to/over existing APIs
- Liability and legal issues
- Internet politics
- Antitrust Issues
- Privacy Issues

For more information, please see http://wesii.econinfosec.org/.

IWSEC 2006 1st International Workshop on Security, Kyoto, Japan, October 23-24, 2006. [posted here 3/6/06]
Information society based on a cyber space is facing now to the diverse threats due to the complexity of its structure in terms of networking, middleware, agents, P2P applications and ubiquitous computing with such diverse as commercial, personal, communal and public usage. What is needed with security research is to look at the issues from the interdisciplinary viewpoints. Papers may present theory, applications or practical experiences on topics including, but not limited to:
- Fundamental Tools for Information Security
- Network and Distributed Systems Security
- Privacy Enhancing Technology
- Secure Living and Working Environments
- Security in Commerce and Government
- Security Management
- Software and System Security
- Protection of Critical Infrastructures
- Testing, Verification and Certification
- Law, Policy, Ethics and Related Technologies

For more information, please see http://www.iwsec.org/.

CMS 2006 10th Joint IFIP TC6 and TC11 Open Conference on Communications and Multimedia Security, Heraklion, Greece, October 19-21, 2006. [posted here 3/27/06]
CMS’2006 is the 10th Conference in the “Communications and Multimedia Security” series. The series is a joint effort of IFIP Technical Committees TC6 (Communication Systems) and TC11 (Security and Protection in Information Processing Systems). The conference provides a forum for engineers and scientists in information security. State-of-the-art issues as well as practical experiences and new trends in the areas will be the topics of interest again, as proven by preceding conferences. This year the conference will address in particular network and information security issues. We solicit papers describing original ideas and research results on topics that include, but are not limited to:
- Applied cryptography
- Biometrics
- Computer emergency / security incident response
- Multimedia systems security
- Critical Information Infrastructure Protection
- Privacy protection
- Digital watermarking
- Identification and authentication
- Identity management
- Information security management
- Intrusion detection
- Mobile communication security
- Network and Information Security
- Risk Management
- Web Services Security
- Wireless Network Security

For more information, please see http://www.ics.forth.gr/cms06.

NordSec 2006 11th Nordic Workshop on Secure IT-systems, Linköping, Sweden, October 19-20, 2006. [posted here 2/13/06]
The NordSec workshops started in 1996 with the aim of bringing together researchers and practitioners within computer security in the Nordic countries. The theme of the workshop has been applied security, i.e. all kinds of security issues that could encourage interchange and cooperation between the research community and the industrial/consumer community. Possible topics include, but are not limited to the following:
- Anonymity and Privacy
- Applied Cryptography
- Computer Crime
- Information Warfare
- E-and M-Business Security
- Inter/Intra/Extranet Security
- Intrusion Detection
- Language-Based Security
- New Firewall Technologies
- New Ideas and Paradigms for Security
- Operating System Security
- Phishing and Anti-Phishing
- PKI and Key Escrow
- Privacy-Preserving Data-Mining
- Security Education and Training
- Security Evaluations and Measurements
- Security Management and Audit
- Security of Commercial Products
- Security Models
- Security Protocols
- Smart Card Applications
- Software Security
- Web Services Security
- Wireless Communication Security
- Trust and trust management

For more information, please see http://www.ida.liu.se/conferences/nordsec06/.

IMF 2006 International Conference on IT-Incident Management & IT-Forensics, Stuttgart, Germany, October 18 - 19, 2006. [posted here 3/20/06]
In order to advance the fields of IT-Incident Management and Forensics, IMF aims at bringing together experts from throughout the world, to discuss state of the art in the areas of Incident Management and IT-Forensics (IMF). IMF promotes collaboration and exchange of ideas between industry, academia, law-enforcement and other government bodies. The scope of IMF 2006 is broad and includes, but is not restricted to the following areas:
IT-Incident Management:
- Purposes of IT-Incident Management
- Trends, Processes and Methods in Incident Management
- Formats and Standardisation in Incident Management
- Tools for Incident Management
- Education and Training in the field of Incident Management Awareness
- Determination, Detection and Evaluation of Incidents
- Procedures for Handling Incidents
- Problems and Challenges while establishing CERTs/ CSIRTs
- Sources of Information/ Information Exchange/ Communities
- Dealing with Vulnerabilities (vulnerability response)
- Current Threats
- Early Warning Systems
- Organisations (Nat. CERT-Associations, FIRST, TERENA/ TI, TF-CSIRT)
IT-Forensics:
- Trends and Challenges within IT-Forensics
- Methods, Processes and Applications for IT-Forensics (Networks, Operating Systems, Storage Media, ICT-Systems etc.)
- Evidence Protection in IT-Environments
- Standardisation of Evidence Protection Processes
- Data Protection- and other legal implications for IT-Forensics
- Investigation Methods and Processes
- Juristic Relevance of IT-Forensic Investigations
- Tools for IT-Forensics
- Forensic readiness

For more information, please see http://www.imf-conference.org/.

WSNS 2006 2nd International Workshop on Wireless and Sensor Networks Security, Held in conjunction with the 3rd IEEE International Conference on Mobile Ad-hoc and Sensor Systems (MASS 2006), Vancouver, Canada, October 9-12, 2006. [posted here 5/1/06]
Wireless networks have experienced an explosive growth during the last few years. Nowadays, there is a large variety of networks spanning from the well-known cellular networks to non-infrastructure wireless networks such as mobile ad hoc networks and sensor networks. Security issue is a central concern for achieving secured communication in these networks. This one day workshop aims to bring together researchers and practitioners from wireless and sensor networking, security, cryptography, and distributed computing communities, with the goals of promoting discussions and collaborations. We are interested in novel research on all aspects of security in wireless and sensor networks and tradeoff between security and performance such as QoS, dependability, scalability, etc. Topics of interest include, but are not limited to:
- Authentication and Access Control
- Cryptographic Protocol
- Experimental Studies
- Key Management
- Information Hiding
- Intrusion Detection and Response
- Privacy and Anonymity
- Secure Localization and Synchronization
- Security and Performance tradeoff
- Security Policy and Enforcement Issues
- Security Protocols Design, Analysis and Verification
- Secure Routing/MAC
- Surveillance and Monitoring
- Trust Management

For more information, please see http://www.cs.wcupa.edu/~zjiang/wsns06.htm.

ICS 2006 Workshop on Information and Computer Security, Held in conjunction with the 8th International Symposium on Symbolic and Numeric Algorithms for Scientific Computing (SYNASC 2006), Timisoara, Romania, September 29-30, 2006. [posted here 5/15/06]
The ICS 2006 Workshop is intended as an international forum for researchers in all areas of information and computer security. Submissions of papers presenting original research are invited for the following workshop tracks: 
Formal methods in security
- Decidability and complexity
- Language-based security
- Security models
- Security protocols
- Security verification
Security policies and services
- Authentication
- Anonymity and privacy
- Electronic voting
- Information flow
- Intrusion detection
- Resource usage control
- Security for mobile computing
- Trust management Cryptology
- Protocols that provide services in application fields such as e-government, and that are simple enough (or so precisely defined) as to serve as reasonable targets for formal analysis tools;
- Cryptographic primitive implementations that can be formally analyzed;
- Work on combinatorial optimization problems that arise in cryptographic applications and that can be approximately solved using techniques from formal modeling.

For more information, please see http://ics.ieat.ro/.

WiSe 2006 ACM Workshop on Wireless Security, Held in conjunction with ACM MobiCom 2006, Los Angeles, California, USA, September 29, 2006. [posted here 5/1/06]
The objective of this workshop is to bring together researchers from research communities in wireless networking, security, applied cryptography, and dependability; with the goal of fostering interaction. With the proliferation of wireless networks, issues related to secure and dependable operation of such networks are gaining importance. Topics of interest include, but are not limited to:
- Key management in wireless/mobile environments
- Trust establishment
- Computationally efficient primitives
- Intrusion detection, detection of malicious behavior
- Revocation of malicious parties
- Secure PHY/MAC protocols
- Denial of service
- User privacy, location privacy
- Anonymity, prevention of traffic analysis
- Dependable wireless networking
- Identity theft and phishing in mobile networks
- Charging in wireless networks
- Cooperation in wireless networks
- Vulnerability modeling
- Incentive-aware secure protocol design
- Security in vehicular networks
- Jamming
- Cross-layer design for security
- Monitoring and surveillance

For more information, please see http://www.ee.washington.edu/research/nsl/wise2006.

SKM 2006 2nd Secure Knowledge Management Workshop, Brooklyn, NY, USA, September 28-29, 2006. [posted here 6/15/06]
Knowledge management is the methodology for systematically gathering, organizing, and disseminating knowledge. It essentially consists of processes and tools to effectively capture and share knowledge as well as use the knowledge of individuals within an organization. Knowledge Management Systems (KMS) promote sharing information among employees and require security mechanisms to prevent unauthorized access and misuse. Security is a major issue revolving around KMS. Topics of interest include, and are not limited to: 
- Developing access controls and policies for knowledge management
- Statistical data mining techniques under security and privacy constraints
- Methods for measuring security effectiveness
- Design techniques for secure knowledge systems
- Integration for data management, information management and knowledge management
- Inference control policies for sensitive knowledge manipulation
- Secure knowledge query manipulation languages
- Security and privacy assertion markup languages
- B2B circles of trust
- Return on investment in secure knowledge systems
- Digital policy management
- Secure content management
- Knowledge management for national security
- Security and privacy in knowledge management
- Network security in the context of knowledge management
- Economic issues in securing knowledge
- Trust management
- Human factors in knowledge management
- Security, privacy and economic issues in information sharing
- Intersection of knowledge and security policy management

For more information, please see http://www.cs.stonybrook.edu/skm2006.

VietCrypt 2006 1st International Conference on Cryptology in Vietnam, Hanoi, Vietnam, September 25-28, 2006. [posted here 4/3/06]
Cryptology, the science of information protection blending pure computing theory with practical aspects, has been a strongly expanding research area over the last few years. VietCrypt 2006 will provide an international forum on cryptology for the first time in Vietnam. It is an opportunity for scientists, researchers, entrepreneurs, government officers and implementers to exchange novel ideas, new results and practical experiences. Original papers on all technical aspects of cryptology are solicited for submission.

For more information, please see http://www.vietcrypt.org/.

SETA 2006 4th International Conference on Sequences and Their Applications, Beijing, China, September 24-28, 2006. [posted here 2/20/06]
Original papers on all technical aspects of sequences and their applications in communications, cryptography, and combinatorics are solicited for submission to SETA'06. Topics of this conference include, but are not limited to, the following::
- Randomness of sequences
- Correlation (periodic and aperiodic types) and combinatoric aspects of sequences
- Sequences with applications in error-correcting codes
- Sequences over finite fields/rings/function fields, and arrays
- Nonlinear feedback shift register sequences
- Sequences for radar distance range, synchronization, identification, and hardware testing
- Sequences for wireless CDMA systems, low probability interception, and spread spectrum communication
- Pseudorandom sequence generators for stream ciphers
- Correlation and transformations of boolean functions
- Pseudorandom number/function generators and their randomness extraction

For more information, please see http://www.aegean.gr/ISC06.

ESAS 2006 3rd European Workshop on Security and Privacy in Ad hoc and Sensor Networks, Held in conjunction with the European Symposium on Research in Computer Security (ESORICS 2006), Hamburg, Germany, September 20-21, 2006. [posted here 3/13/06]
The vision of ubiquitous computing has generated a lot of interest in wireless ad hoc and sensor networks. However, besides their potential advantages, these new generations of networks also raise some challenging problems with respect to security and privacy. The aim of this workshop is to bring together the network security, cryptography, and wireless networking communities in order to discuss these problems and to propose new solutions. The third ESAS workshop seeks submissions that present original research on all aspects of security and privacy in wireless ad hoc and sensor networks. Submission of papers based on work-in-progress is encouraged. Topics of interest include, but are not limited to the following:
- Privacy and anonymity
- Prevention of traffic analysis
- Location privacy
- Secure positioning and localization
- Secure MAC protocols
- Secure topology control
- Secure routing
- Secure context aware computing
- Secure in-network processing
- Attack resistant data aggregation
- Cooperation and fairness
- Key management
- Trust establishment
- Embedded security
- Cryptography under resource constraints
- Distributed intrusion detection

For more information, please see http://www.crysys.hu/ESAS2006/.

STM 2006 2nd International Workshop on Security and Trust Management, Held in conjunction with ESORICS 2006, Hamburg, Germany, September 20, 2006. [posted here 4/12/06]
STM 2006, sponsored by the Security and Trust Management working group of ERCIM (European Research Consortium in Informatics and Mathematics, is the second workshop in this series. The primary focus is on high-quality original unpublished research, case studies, and implementation experiences. We encourage submissions discussing the application and deployment of security technologies in practice. Topics of interest include but are not limited to:
- semantics and computational models for security and trust
- security and trust management architectures, mechanisms and policies
- networked systems security
- privacy and anonymity
- Identity management
- ICT for securing digital as well as physical assets
- cryptography

For more information, please see http://www.hec.unil.ch/STM06.

NSPW 2006 New Security Paradigms Workshop, Schloss Dagstuhl, Germany, September 18-21, 2006. [posted here 1/24/06]
NSPW is a unique workshop that is devoted to the critical examination of new paradigms in security. Each year, since 1995, we examine proposals for new principles upon which information security can be rebuilt from the ground up. We conduct extensive, highly interactive discussions of these proposals, from which we hope both the audience and the authors emerge with a better understanding of the strengths and weaknesses of what has been discussed. NSPW aspires to be the philosophical and intellectual breeding ground from which a revolution in the science of information security will emerge. We solicit and accept papers on any topic in information security subject to the following caveats:
- Papers that present a significant shift in thinking about difficult security issues are welcome.
- Papers that build on a recent shift are also welcome.
- Contrarian papers that dispute or call into question accepted practice or policy in security are also welcome.
- We solicit papers that are not technology-centric, including those that deal with public policy issues and those that deal with the psychology and sociology of security theory and practice.
- We discourage papers that represent established or completed works as well as those that substantially overlap other submitted or published papers.
- We discourage papers which extend well-established security models with incremental improvements.
- We encourage a high level of scholarship on the part of contributors. Authors are expected to be aware of related prior work in their topic area, even if it predates Google. In the course of preparing an NSPW paper, it is far better to read an original source than to cite a text book interpretation of it.

For more information, please see http://www.nspw.org.

ACEIS 2006 1st Annual Conference on Education in Information Security, Ames, IA, USA, September 18-19, 2006. [posted here 3/27/06]
May 2006 will mark the seventh year of the National Centers of Academic Excellence in Information Assurance Education program. With 67 centers now in operation in the United States as well as many efforts internationally, it is time for educators, students, and employers to join in a scholarly, peer-reviewed effort to discuss unmet needs, exchange ideas, pedagogical methods, research, and future plans for education in information security. The goals of ACEIS '06 are: (1) Disseminate new information assurance educational research and scholarship and (2) Build a community interested in information security education across all levels of pedagogy (K-12 through postgraduate). Example Areas of Interest:
- Educational Methods in Infosec and Assurance
- Instructional theory and methods applied to Infosec and Assurance education
- Student Assessment
- Hardware and Software Tools
- Curricula in Infosec and Assurance
- Papers addressing the body of knowledge in Infosec and Assurance
- Curriculum models for Infosec and Assurance in different disciplines
- Innovative programs or classes
- Industry/government needs in education
- Evaluation and research in Infosec and Assurance Education
- Models for evaluating curricula, courses, instructional methods and students
- Research studies in teaching/learning in Infosec and Assurance
- Panels discussing controversial or timely issues in the area

For more information, please see http://www.aceis.org/.

ESORICS 2006 11th European Symposium On Research In Computer Security, Hamburg, Germany, September 18-20, 2006. [posted here 2/3/06]
Papers offering novel research contributions in any aspect of computer security are solicited for submission to the Eleventh European Symposium on Research in Computer Security (ESORICS 2006). Topics include, but are not limited to:
- access control
- accountability
- applied cryptography
- authentication
- covert channels
- cryptographic protocols
- cybercrime
- data and application security
- denial of service attacks
- digital rights management
- distributed trust management
- formal methods in security
- identity management
- inference control
- information assurance
- information dissemination controls
- information flow controls
- information warfare
- intellectual property protection
- intrusion tolerance
- language-based security
- network security
- peer-to-peer security
- privacy-enhancing technology
- secure electronic commerce
- security as quality of service
- security evaluation
- security management
- security models
- security requirements engineering
- smartcards
- subliminal channels
- system security
- trust models
- trustworthy user devices

For more information, please see http://www.esorics06.tu-harburg.de/.

LSAD 2006 ACM SIGCOMM workshop on Large Scale Attack Defense, Held in conjunction with ACM SIGCOMM 2006, Pisa, Italy, September 11, 2006. [posted here 3/13/06]
In recent years, we have seen an increasing number of large-scale attacks, such as severe worms and DDoS attacks, threatening our systems and networks. Especially, fast spreading attacks present a serious challenge to today's attack defense systems. Speed, frequency, and damage potential of these attacks call for automated response systems. Research in automated defense systems for Internet-wide attacks is focused on large-scale monitoring infrastructures, such as network telescopes and honeynets; intrusion detection approaches, such as memory tainting, network anomaly detection, automated defense strategies, such as signature generation distribution; and identification and analysis of future threats, such as obfuscation methods and novel spreading techniques. The goal of this one day workshop is to explore new directions in monitoring, analysis, and automated defense systems for existing and future large-scale attacks. We invite experts from academia and industry, to discuss and exchange ideas in a broad range of topics. We are soliciting original papers on topics (including, but not limited to) listed below.
- Automated attack detection and classification
- Monitoring and measurement studies
- Anomaly detection
- Reactive and proactive defense systems
- Modelling and analysis of propagation dynamics
- Future challenges for attack defense systems
- Vulnerability assessment methods
- Countermeasure evaluation methods
- Honeypot infrastructures
- Honeypot detection and counter-detection
- Forensics
- Malcode analysis

For more information, please see http://www.acm.org/sigs/sigcomm/sigcomm2006/php/?lsad.

TrustBus 2006 3rd International Conference on Trust, Privacy and Security of Digital Business, Held in conjunction with the 17th International Conference on Database and Expert Systems Applications (DEXA 2006), Krakow, Poland, September 4-8, 2006. [posted here 11/24/05]
TrustBus’06 will bring together researchers from different disciplines, developers, and users all interested in the critical success factors of digital business systems. We are interested in papers, work-in-progress reports, and industrial experiences describing advances in all areas of digital business applications related to trust and privacy, including, but not limited to:
- Anonymity and pseudonymity in business transactions
- Business architectures and underlying infrastructures
- Common practice, legal and regulatory issues
- Cryptographic protocols
- Delivery technologies and scheduling protocols
- Design of businesses models with security requirements
- Economics of Information Systems Security
- Electronic cash, wallets and pay-per-view systems
- Enterprise management and consumer protection
- Identity and Trust Management
- Intellectual property and digital rights management
- Intrusion detection and information filtering
- Languages for description of services and contracts
- Management of privacy & confidentiality
- Models for access control and authentication
- Multimedia web services
- New cryptographic building-blocks for e-business applications
- Online transaction processing
- PKI & PMI
- Public administration, governmental services
- P2P transactions and scenarios
- Real-time Internet E-Services
- Reliability and security of content and data
- Reliable auction, e-procurement and negotiation technology
- Reputation in services provision
- Secure process integration and management
- Security and Privacy models for Pervasive Information Systems
- Security Policies
- Shopping, trading, and contract management tools
- Smartcard technology
- Transactional Models
- Trust and privacy issues in mobile commerce environments
- Usability of security technologies and services

For more information, please see http://www.icsd.aegean.gr/trustbus06/.

WENS 2006 Workshop on Enterprise Network Security, held in conjunction with IEEE Communications Society/CreateNet SecureComm 2006, Baltimore, MD, USA, September 1, 2006. [posted here 5/15/06]
The introduction of networking to the enterprise has introduced an explosion of new productivity. However, the connectivity offered by networking has also introduced significant security issues that can no longer be easily addressed by control of physical access. Specifically, management and monitoring of the security or health of internal LAN/MAN-side services on an enterprise network can often consume significant portions of the IT resource budget. The focus of this workshop is to provide a forum for the exploration of issues unique to the enterprise network. Topics for the workshop include but are not limited to:
- Network risk assessment
- Rogue device detection (wireless APs)
- Trust inference
- Security visualization
- Security and grid computing
- Obfuscation and privacy mechanisms over the grid
- Intrusion dataset creation
- Case studies
- Security testbeds

For more information, please see http://gipse.cse.nd.edu/WENS06.

ISC 2006 9th Information Security Conference, Pythagoras, Greece, August 30 - September 2, 2006. [posted here 11/26/05]
ISC is an annual international conference covering research in and applications of Information Security. ISC aims to attract high quality papers in all technical aspects of information security. Topics of interest include, but are not limited to, the following:
- Access Control
- Accounting and Audit
- Anonymity and Pseudonymity
- Applied Cryptography
- Authentication and Non-repudiation
- Biometrics
- Cryptographic Protocols
- Database and System Security
- Design and Analysis of Cryptographic Algorithms
- Digital Rights Management
- eCommerce, eBusiness and eGovernment Security
- Foundations of Computer Security
- Grid Security
- Identity and Trust Management
- Information Flow
- Information Hiding and Watermarking
- Infrastructure Security
- Intrusion Detection and Prevention
- Mobile, Ad Hoc and Sensor Network Security
- Network and Wireless Network Security
- Peer-to-Peer Network Security
- PKI and PMI
- Privacy
- Security and Privacy Economics
- Security and Privacy in IT Outsourcing
- Security and Privacy in Pervasive and Ubiquitous Computing
- Security Verification
- Security for Mobile Code
- Security Modeling and Architecture
- Trusted Computing
- Security Models for Ambient Intelligence environments
- Usable Security

For more information, please see http://www.aegean.gr/ISC06.

SecureComm 2006 2nd IEEE Communications Society/CreateNet International Conference on Security and Privacy for Emerging Areas in Communication Networks, Baltimore, MD, USA, August 28 - September 1, 2006. [posted here 1/16/06]
The scope of Securecomm 2006 has been broadened since the inaugural 2005 event. Topics of interest encompass research advances in ALL areas of secure communications and networking. Topics in other areas (e.g., formal methods, database security, secure OS/software, theoretical cryptography, e-commerce) will be considered only if a clear connection to privacy and/or security in communication/networking is demonstrated. Presentations reporting on cutting-edge research results are supplemented by panels on controversial issues and invited talks on timely and important topics. Areas of interest include, but ARE NOT limited to, the following:
- Security & Privacy in Wired, Wireless, Mobile, Hybrid, Sensor, Ad Hoc networks
- Network Intrusion Detection and Prevention, DoS Countermeasures
- Firewalls, Routers, Filters and Malware detectors
- Public Key Infrastructures and Other Security Architectures
- Secure Web Communication
- Communication Privacy and Anonymity
- Secure/Private E-commerce
- Secure Routing, Naming/Addressing, Network Management
- Security & Privacy in Pervasive and Ubiquitous Computing, e.g., RFIDs

For more information, please see http://www.securecomm.org.

SECOVAL 2006 2nd IEEE SECURECOMM SECOVAL Workshop: The Value of Security through Collaboration, Held in conjunction with IEEE/CREATE-NET SECURECOMM 2006, Baltimore, MD, USA, August 28 - September 1, 2006. [posted here 3/20/06]
Security is usually centrally managed, for example in a form of policies duly executed by individual nodes. The SECOVAL workshop covers the alternative trend of using collaboration and trust to provide security. Instead of centrally managed security policies, nodes may use specific knowledge (both local and acquired from other nodes) to make security-related decisions. For example, in reputation-based schemes, the reputation of a given node (and hence its security access rights) can be determined based on the recommendations of peer nodes. As systems are being deployed on ever-greater scale without direct connection to their distant home base, the need for self-management is rapidly increasing. Interaction after interaction, as the nodes collaborate, there is the emergence of a digital ecosystem. By guiding the local decisions of the nodes, for example, with whom the nodes collaborate, global properties of the ecosystem where the nodes operate may be guaranteed. Thus, the security property of the ecosystem may be driven by self-organising mechanisms. Depending on which local collaboration is preferred, a more trustworthy ecosystem may emerge. Topics of interest to the workshop include, but are not limited to:
- Approaches to security through collaboration
- Specificities of security through collaboration
- Trust methodologies, models and metrics
- Interoperability and standardization of trust metrics
- Value and meaning of trust
- Trust-based security decision process
- Security based on reputation and recommendations
- Self-organisation mechanisms for a more secure digital ecosystem
- The role of emergence in dynamic trust models
- Collaborative autonomic computing
- Value and models of networks of collaborators and information sharing
- Threat and risk analysis of security through collaboration
- Attacks due to collaboration and mitigation of these attacks
- Technical trust of the underlying infrastructure used for deployment
- Costs and benefits of trust and collaboration based security compared to other models
- Privacy and legal aspects of security through collaboration

For more information, please see http://www.trustcomp.org/secoval/.

SBSEG 2006 6th Brazilian Symposium on Information and Computer Systems Security, Santos, Brazil, August 28 - September 01, 2006. [posted here 2/27/06]
The 6th Brazilian Symposium on Information and Computer System Security is an annual event promoted by the Brazilian Computer Society (SBC). Its main goal is to provide a forum for presenting new research ideas and other relevant activities in the area of information systems security. Topics of interest for SBSeg 2006 include but are not limited to the following:
- cryptographic algorithms and techniques
- legal aspects of data and systems security
- audit and system security assessment
- biometry
- software assurance
- electronic commerce
- computational forensics
- mobile devices, embedded systems and wireless networks
- cryptographic hardware, RFID devices, smart cards
- public-key infrastructure
- data integrity and data confidentiality
- contingency planning and disaster recovery
- autentication techniques
- access control models and techniques
- digital TV, and multimedia content
- standardization
- software piracy
- security policy
- security protocols
- security in grids, P2P and overlay networks
- security in middleware (Java RMI, J2EE, CorbaSec, .Net)
- security in web services (WS-Security, SOAP, XML, XACML)
- distributed systems security
- operating systems security
- secure systems development techniques
- firewall technology
- intrusion detection and other vulnerabilities
- electronic voting
- virus, worms and malicious codes

For more information, please see http://www.unisantos.br/sbseg2006/english/.

CERTSOFT 2006 International Workshop on Software Certification, Ontario, Canada, August 26-27, 2006. [posted here 5/15/06]
Software is currently used to control medical devices, automobiles, aircraft, manufacturing plants, nuclear generating stations, space exploration systems, elevators, electric motors, automated trains, banking transactions, telecommunications devices and a growing number of devices in industry and in our homes. Software is also mission critical for many organizations, even if the software does not control what happens. Clearly, many of these systems have the potential to cause physical harm if they malfunction. Even if they do not cause physical harm, their malfunctions are capable of causing financial and political chaos. Currently there is no consistent regulation of software, and society is starting to demand that software used in critical systems must meet minimum safety, security and reliability standards. Manufacturers of these systems are in the unenviable position of not having any clear guidelines as to what may be regarded as acceptable standards in these situations. Even where the systems are not mission critical, software producers and their customers are becoming interested in methods for assuring quality that may result in software supplied with guarantees. The purpose of the workshop is to discuss issues related to software certification. Possible topics include:
- What is software certification, and what is its relation to system certification?
- Methods, processes, and tools for developing certified software
- Certifying safety-critical applications
- Certifying embedded systems
- Certifying non-critical but commercially significant applications
- Certification of software components
- Developing standards based on experimental analysis of methods
- Formalization of Regulatory Requirements for Software
- Repositories of assured/verified/validated software components
- Using the Common Criteria for IT Security Evaluation as a model
- Standardization of certification methods used in different industries
- Evolutionary and incremental certification

For more information, please see http://fm06.mcmaster.ca/certsoft.

NIST-CHW 2006 2nd Cryptographic Hash Workshop, Santa Barbara, California, USA, August 24-25, 2006. [posted here 2/27/06]
In response to the SHA-1 vulnerability that was announced in Feb. 2005, NIST held a Cryptographic Hash Workshop on Oct. 31-Nov. 1, 2005 to solicit public input on its cryptographic hash function policy and standards. NIST continues to recommend a transition from SHA-1 to the larger approved hash functions (SHA-224, SHA-256, SHA-384, and SHA-512). In response to the workshop, NIST has also decided that it would be prudent in the long-term to develop an additional hash function through a public competition, similar to the development process for the block cipher in the Advanced Encryption Standard (AES). Before initiating the competition, NIST plans to host several more public workshops that will focus on hash function research. The next workshop will be held on August 24-25, 2006, in conjunction with Crypto 2006, with the following goals:
- Explore potential mathematical principles and structures that can provide the foundation for cryptographic hash functions;
- Foster accelerated research on the analysis of hash functions, especially the SHA-2 hash functions;
- Survey the uses of hash functions, and investigate the properties that are assumed, used, or needed. Identify and articulate the required or desirable properties for future hash functions.

Topics for submissions should include, but are not limited to, the following:
Mathematical Foundations
- Iterative structures, i.e., Damgård-Merkle or alternatives
- Compression function constructions, e.g. Davies-Meyer
- Hashing modes, e.g. randomized hashing or keyed hashing
- Formal properties

Analysis and Design
- Analysis and design of hash functions and their components
- New cryptanalytic techniques against hash functions
- Security report on existing hash functions, especially SHA-2
- Tools for designing and analyzing compression functions
- Provable properties of compression functions, e.g., reductions to hard problems.

Practical Uses and Pitfalls
- Uses of hash functions in applications and protocols
- Properties of hash functions that are assumed, required, or obtained in practice
- Vulnerabilities of hash functions caused by unexpected properties or misuse
- Desirable properties for future hash functions

For more information, please see http://www.nist.gov/hash-function.

DFRWS 2006 6th Annual Digital Forensic Research Workshop, Lafayette, Indiana, USA, August 14-16, 2006. [posted here 3/13/06]
The purpose of this workshop is to bring together researchers, practitioners, and educators interested in digital forensics. We welcome the participation of people in industry, government, law enforcement, and academia who are interested in advancing the state of the art in digital forensics by sharing their results, knowledge, and experiences. The accepted papers will be published in printed proceedings. We are looking for research papers, demo proposals, and panel proposals. Major areas of interest include, but are not limited to, the following topics:
- Incident response and live analysis
- OS and application analysis
- Multimedia analysis
- File system analysis
- Memory analysis
- Network analysis
- Data hiding and recovery
- Event reconstruction
- Large-scale investigations
- Data mining techniques
- Automated searching
- Tool testing and development
- Digital evidence storage formats
- Digital evidence and the law
- Traceback and attribution
- Physical media analysis
- Case studies and trend reports
- Non-traditional approaches to forensic analysis

For more information, please see http://www.dfrws.org.

SecUbiq 2006 2nd International Workshop on Security in Ubiquitous Computing Systems, Seoul, Korea, August 1-4, 2006. [posted here 11/29/05]
Ubiquitous computing technology provides an environment where users expect to access resources and services anytime and anywhere. The serious security risks and problems arise because resources can now be accessed by almost anyone with a mobile device in such an open model. The security threats exploited the weakness of protocols as well as operating systems, and also extended to attack ubiquitous applications. The security issues, such as authentication, access control, trust management, privacy and anonymity, etc., should be fully addressed. This workshop provides a forum for academic and industry professionals to discuss recent progress in the area of ubiquitous computing system security, and includes studies on analyses, models and systems, new directions, and novel applications of established mechanisms approaching the risks and concerns associated with the utilization and acceptance of ubiquitous computing devices and systems. Topics: Topics of interest include, but are not limited to:
- Access control
- Ad hoc and sensor network security
- Buffer overflows
- Commercial and industrial security
- Cryptographic algorithms and protocols
- Data privacy and trustiness
- Digital signatures
- Distributed denial of service attacks
- Information hiding and multimedia watermarking in distributed systems
- Internet and web security
- Intrusion detection and protection systems
- Key management and authentication
- Mobile codes security
- Network security issues and protocols
- Privacy and anonymity
- Privacy issues in the use of smart cards and RFID systems
- Security in e-commerce and e-business and other applications
- Security in P2P networks and Grid computing
- Security in distributed and parallel systems
- Software security
- Trust management

For more information, please see http://www.sitacs.uow.au/secubiq06/.

DBSEC 2006 20th Annual IFIP WG 11.3 Working Conference on Data and Applications Security, Sophia Antipolis, France, July 31-August 2, 2006. [posted here 12/16/05]
The conference provides a forum for presenting original unpublished research results, practical experiences, and innovative ideas in data and applications security. Papers and panel proposals are solicited. The conference is limited to about forty participants so that ample time for discussion and interaction may occur. Proceedings will be published by Springer as the next volume in the Research Advances in Database and Information Systems Security series. Papers may present theory, techniques, applications, or practical experience on topics of interest of IFIP WG11.3:
- Access Control
- Application level attacks and intrusion detection
- Applied cryptography in data security
- Identity theft and countermeasures
- Integrity maintenance
- Intrusion tolerance and trusted recovery
- Knowledge discovery and privacy
- Organizational security
- Privacy and privacy-preserving data management
- Secure transaction processing
- Security assessment, planning and administration
- Secure information integration
- Secure sensor information processing
- Threats, vulnerabilities, and risk management
- Trust management
- Web services/application security
- Secure Semantic Web

Additional topics of interest include but not limited to: Critical Infrastructure Protection, Cyber Terrorism, Information Warfare, Database Forensics, Electronic Commerce Security, and Security in Digital Health Care.

For more information, please see http://cimic.rutgers.edu/ifip113/2006/.

USENIX Security 2006 15th USENIX Security Symposium, Vancouver, B.C., Canada, July 31–August 4, 2006. [posted here 10/10/05]
The USENIX Security Symposium brings together researchers, practitioners, system administrators, system programmers, and others interested in the latest advances in the security of computer systems and networks.

All researchers are encouraged to submit papers covering novel and scientifically significant practical works in security or applied cryptography. The Symposium will span five days: a training program will be followed by a two and one-half day technical program, which will include refereed papers, invited talks, Work-in-Progress reports, panel discussions, and Birds-of-a-Feather sessions. New in 2006, a workshop, titled Hot Topics in Security (HotSec '06), will be held in conjunction with the main conference. More details will be announced soon on the USENIX Web site.

For more information, please see http://www.usenix.org/events/sec06/.

HotSec 2006 1st Workshop on Hot Topics in Security, Vancouver, B.C., Canada, July 31, 2006. [posted here 4/7/06]
HotSec is intended as a forum for lively discussion of aggressively innovative and potentially disruptive ideas in all aspects of systems security. Surprising results and thought-provoking ideas will be strongly favored; complete papers with polished results in well-explored research areas are discouraged. Papers will be selected for their potential to stimulate discussion in the workshop. Position papers are expected to fit into one of the following categories:
- Fundamentally new techniques for and approaches to dealing with current security problems
- New major problems arising from new technologies that are now being developed or deployed
- Truly surprising results that cause rethinking of previous approaches

While our goal is to solicit ideas that are not completely worked out, we expect submissions to be supported by some evidence of feasibility or preliminary quantitative results. Possible topics of interest include but are not limited to:
- Secure operation, management, and event response of/for ultra-large-scale systems
- Designing secure large-scale systems and networks
- Self-organizing and self-protecting systems
- Security assurance for non-expert users
- Balancing security and privacy/anonymity
- Interactions between security technology and public policy

For more information, please see http://www.usenix.org/events/hotsec06/cfp/.

CEAS 2006 3rd Conference on Email and Anti-Spam, Mountain View, CA, USA, July 27-28, 2006. [posted here 12/16/05]
The Conference on Email and Anti-Spam (CEAS) invites short and long paper submissions on research results pertaining to a broad range of issues in email and Internet communication. Submissions may address issues relating to any form of electronic messaging, including traditional email, instant messaging, mobile telephone text messaging, and voice over IP. Issues of interest include the analysis and abatement of abuses (such as spam, phishing, identity theft, and privacy invasion) as well as enhancements to and novel applications of electronic messaging.

For more information, please see http://www.ceas.cc/2006/cfp.html.

IFMIP 2006 5th International Forum on Multimedia and Image Processing, Special Sessions on Information Security and Hardware Implementations, Budapest, Hungary, July 25-28, 2006. [posted here 9/7/05]
This special session is within the Multimedia and Image Processing Track (5th International Forum on Multimedia and Image Processing, IFMIP 2006). The IFMIP is going to take place in the World Automation Congress. The scope of this special session is on all views of communication security, and cryptography implementations. The call is addressed to scientists and engineers, who design, develop, and implement information security and cryptography subsystems. We encourage scientists and engineers from both academic and industrial environments to submit their works in order to enhance the knowledge, expertise, and experience of the whole community in information security, cryptography and hardware implementations. The subject areas include, but are not limited to, the following:
- Security for mobile devices and 3G applications
- Reconfigurable processors in cryptography
- Smart cards security
- Computer architectures for public-key and secret-key cryptosystems
- Crypto-Processors for wireless networks
- Cryptography for pervasive computing (e.g., RFID, Bluetooth, etc.)
- True and pseudo random number generators
- Identification and authentication
- New encryption algorithms
- Cryptography and cryptanalysis
- Case studies, surveys
- Architectural optimizations of security schemes and ciphers for wireless communications
- Modular and Galois field arithmetic architectures for security applications

For more information, please see http://wacong.org.

CEC 2006 IEEE CEC 2006 Special Session on Evolutionary Computation in Cryptology and Computer Security, Vancouver, BC, Canada, July 16-21, 2006. [posted here 10/10/05]
Techniques taken from the field of Evolutionary Computation (especially Genetic Algorithms, Genetic Programming, Artificial Immune Systems, but also others) are steadily gaining ground in the area of cryptology and computer security. The special session encourages the submission of novel research at all levels of abstraction (from the design of cryptographic primitives through to the analysis of security aspects of "systems of systems").

For more information, please see http://kolmogorov.seg.inf.uc3m.es/.

DIMVA 2006 3rd GI SIG SIDAR Conference on Detection of Intrusions & Malware, and Vulnerability Assessment, Berlin, Germany, July 13-14, 2006. [posted here 10/10/05]
The special interest group Security - Intrusion Detection and Response (SIDAR) of the German Informatics Society (GI) organizes DIMVA as an annual conference that brings together experts from throughout and outside of Europe to discuss the state of the art in the areas of intrusion detection, malware detection, and vulnerability assessment. The scope of DIMVA is broad and includes, but is not restricted to the following areas:
Vulnerability Assessment:
- Vulnerabilities and exploitation techniques
- Vulnerability detection
- Avoidance of vulnerabilities and software testing
- Reverse engineering
- ROI on vulnerability assessment and management
Intrusion Detection:
- Intrusion techniques
- Intrusion detection and event correlation
- Intrusion response and intrusion prevention
- Benchmarking of intrusion detection and prevention systems
- Incident management and response
Malware:
- Malware techniques
- Malware detection
- Malware prevention
- Benchmarking of malware detection and prevention systems
- Computer and network forensics

For more information, please see http://www.dimva.org/dimva2006.

RFIDSec 2006 Workshop on RFID Security, Graz, Austria, July 12-14, 2006. [posted here 2/13/06]
The Workshop on RFID Security 2006 focuses on approaches to solve security issues in advanced contactless technologies like RFID systems. It stresses implementation aspects imposed by resource constraints. Topics of the workshop include but are not limited to:
- New applications for secure RFID systems
- Privacy-enhancing techniques for RFID
- Cryptographic protocols for RFID (Authentication, Key update, Scalability issues)
- Integration of secure RFID systems (Middleware and security, Public-key Infrastructures)
- Resource-efficient implementation of cryptography (Small-footprint hardware, Low-power architectures)

For more information, please see http://events.iaik.tugraz.at/RFIDSec06/CfP/index.htm.

SOUPS 2006 Symposium On Usable Privacy and Security, Pittsburgh, PA, USA, July 12-14, 2006. [posted here 1/22/06]
The 2006 Symposium on Usable Privacy and Security (SOUPS) will bring together an interdisciplinary group of researchers and practitioners in human computer interaction, security, and privacy. The program will feature technical papers, a poster session, panels and invited talks, discussion sessions, and in-depth sessions (workshops and tutorials). Topics include, but are not limited to:
- innovative security or privacy functionality and design,
- new applications of existing models or technology,
- field studies of security or privacy technology,
- usability evaluations of security or privacy features or security testing of usability features, and
- lessons learned from deploying and using usable privacy and security features.

For more information, please see http://cups.cs.cmu.edu/SOUPS/.

IHW 2006 8th Information Hiding Workshop, Alexandria, VA, USA, July 10-12, 2006. [posted here 11/26/05]
For many years Information Hiding has captured the imagination of researchers. Tools such as digital watermarking and steganography are used to protect information, conceal secrets, and protecting intellectual property. From an investigators perspective, information hiding provides an interesting challenge for digital forensic investigations and steganalysis techniques allows hidden information to be discovered. These are but a small number of related topics and issues. Current research themes include:
- anonymous communications
- covert channels in computer systems
- detection of hidden information (steganalysis)
- digital forensics
- information hiding aspects of privacy
- steganography
- subliminal channels in cryptographic protocols
- watermarking for protection of intellectual property
- other applications of watermarking

For more information, please see http://ih2006.jjtc.com/.

FCC 2006 Workshop on Formal and Computational Cryptography, Venice, Italy, July 9, 2006. [posted here 2/3/06]
Cryptographic protocols are small distributed programs that add security services, like confidentiality or authentication, to network communication. Since the 1980s, two approaches have been developed for analyzing security protocols. One of the approaches relies on a computational model that considers issues of complexity and probability. The other approach relies on a symbolic model of protocol executions in which cryptographic primitives are black boxes.

The workshop focuses on the relation between the symbolic (Dolev-Yao) model and the computational (complexity-theoretic) model. Recent results have shown that in some cases the symbolic analysis is sound with respect to the computational model. A more direct approach which is also investigated considers symbolic proofs in the computational model. Research that proposes formal models sound for quantum security protocols are also relevant. The workshop seeks results in any of these areas.

For more information, please see http://www.lsv.ens-cachan.fr/FCC2006/.

CSFW 2006 19th IEEE Computer Security Foundations Workshop, Venice, Italy, July 5-7, 2006. [posted here 12/7/05]
For nearly two decades, CSFW has brought together a small group of researchers to examine foundational issues in information security. Many seminal papers and techniques were first presented at CSFW. We are interested in new theoretical results in computer security, but also in more exploratory presentations. Exploratory work may examine open questions and raise fundamental concerns about existing theories. Panel proposals are welcome as well as papers. Possible topics include, but are not limited to:
- Authentication
- Information flow
- Security protocols
- Anonymity and Privacy
- Electronic voting
- Network security
- Resource usage control
- Access control
- Trust and trust management
- Security models
- Intrusion detection
- Data and system integrity
- Database security
- Distributed systems security
- Security for mobile computing
- Executable content
- Decidability and complexity
- Formal methods for security
- Language-based security

For more information, please see http://www.dsi.unive.it/CSFW19/.

ACISP 2006 11th Australasian Conference on Information Security and Privacy, Melbourne, Australia, July 3 - 5, 2006. [posted here 1/9/06]
Original papers pertaining to all aspects of information security and privacy are solicited for submission to the 11th Australasian Conference on Information Security and Privacy (ACISP 2006). Papers may present theory, techniques, applications and practical experiences on a variety of topics. Topics of interest include, but are not limited to:
- Cryptology
- Mobile communications security
- Database security
- Authentication and authorization
- Secure operating systems
- Intrusion detection
- Access control
- Security management
- Security protocols
- Network security
- Secure commercial applications
- Privacy Technologies
- Smart cards
- Key management and auditing
- Mobile agent security
- Risk assessment
- Secure electronic commerce
- Privacy and policy issues
- Copyright protection
- Security architectures and models
- Evaluation and certification
- Software protection and viruses
- Computer forensics
- Distributed system security
- Phishing attacks and countermeasures

For more information, please see http://acisp2006.it.deakin.edu.au/.

PET 2006 6th Workshop on Privacy Enhancing Technologies, Robinson College, Cambridge, United Kingdom, June 28-30, 2006. [posted here 10/10/05]
Privacy and anonymity are increasingly important in the online world. Corporations, governments, and other organizations are realizing and exploiting their power to track users and their behavior. Approaches to protecting individuals, groups, but also companies and governments from profiling and censorship include decentralization, encryption, distributed trust, and automated policy disclosure. This 6th workshop addresses the design and realization of such privacy services for the Internet and other communication networks by bringing together anonymity and privacy experts from around the world to discuss recent advances and new perspectives. Suggested topics include but are not restricted to:
- Anonymous communications and publishing systems
- Censorship resistance
- Pseudonyms, identity management, linkability, and reputation
- Data protection technologies
- Location privacy
- Privacy in Ubiquitous Computing Environments
- Policy, law, and human rights relating to privacy
- Privacy and anonymity in peer-to-peer architectures
- Economics of privacy
- Fielded systems and techniques for enhancing privacy in existing systems
- Protocols that preserve anonymity/privacy
- Privacy-enhanced access control or authentication/certification
- Privacy threat models
- Models for anonymity and unobservability
- Attacks on anonymity systems
- Traffic analysis
- Profiling and data mining
- Privacy vulnerabilities and their impact on phishing and identity theft
- Deployment models for privacy infrastructures
- Novel relations of payment mechanisms and anonymity
- Usability issues and user interfaces for PETs
- Reliability, robustness and abuse prevention in privacy systems

For more information, please see http://petworkshop.org/2006/.

WEIS 2006 5th Workshop on the Economics of Information Security, University of Cambridge, England, June 26-28, 2006. [posted here 10/10/05]
One of the most exciting and rapidly-growing fields at the boundary between technology and the social sciences is the economics of information security. Many security and privacy failures are not purely technical: for example, the person best placed to protect a system may be poorly motivated if the costs of system failure fall on others. Many pressing problems, such as spam, are unlikely to be solved by purely technical means, as they have economic and policy aspects too. Building dependable systems also raises questions such as open versus closed systems, the pricing of vulnerabilities and the frequency of patching. The `economics of bugs' are of growing importance to both vendors and users. Original research papers are sought for the Fifth Workshop on the Economics of Information Security. Topics of interest include the dependability of open source and free software, the interaction of networks with crime and conflict, the economics of digital rights management and trusted computing, liability and insurance, reputation, privacy, risk perception, the economics of trust, the return on security investment, and economic perspectives on spam.

For more information, please see http://www.cl.cam.ac.uk/~twm29/WEIS06/.

TSPUC 2006 2nd International Workshop on Trust, Security and Privacy for Ubiquitous Computing, Buffalo, NY, USA, June 26, 2006. [posted here 11/11/05]
This workshop aims at focussing the attention of the research community on the increasing complexity and relevance of trust, privacy and security issues in ubiquitous computing. Papers may present theory, applications or practical experiences on topics including, but not limited to:
- key establishment and key distribution
- access control models, policies and mechanisms
- trust and reputation management
- privacy and identity management
- digital assets management
- context/location aware computation
- self-organizing networks and communities
- intrusion and anomaly detection
- secure user-device interfaces
- distributed consensus in the presence of active adversaries
- analysis/simulation/validation techniques
- handling emergent properties
- phishing - attacks and countermeasures
- case studies

For more information, please see http://www.iit.cnr.it/TSPUC2006/.

EuroPKI 2006 3rd European PKI workshop: theory and practice, Torino, Italy, June 19-20, 2006. [posted here 2/3/06]
The 3rd European PKI workshop: theory and practice is focusing on research and applications on all aspects of public-key certificates and Public Key Infrastructures. Submitted papers may present theory, applications or practical experiences on topics including, but not limited to:
- Modelling and Architecture
- Bridge CA
- Cross Certification
- Directories
- Mobile PKI
- Authentication
- Reliability in PKI
- Certificate Policy
- Privacy
- Fault-Tolerance in PKI
- Privilege Management and PMI
- PKI Performance Evaluation
- eCommerce, eBusiness, eGovernment applications
- Key Management and Recovery
- Certificate Status Information
- Interoperability
- Repository Protocols
- Timestamping
- Verification
- Standards
- Certification Practice Statements
- Legal issues, Policies & Regulations
- Case Studies
- Trust

For more information, please see http://taurus.polito.it/europki2006/.

PLAS 2006 ACM SIGPLAN Workshop on Programming Languages and Analysis for Security, Ottawa, Canada, June 10, 2006. [posted here 1/9/06]
The goal of PLAS 2006 is to provide a forum for researchers and practitioners to exchange and understand ideas and to seed new collaboration on the use of programming language and program analysis techniques that improve the security of software systems. The scope of PLAS includes, but is not limited to:
- Language-based techniques for security
- Program analysis and verification (including type systems and model checking) for security properties
- Compiler-based and program rewriting security enforcement mechanisms
- Security policies for information flow and access control
- High-level specification languages for security properties
- Model-driven approaches to security
- Applications, examples, and implementations of these security techniques

For more information, please see http://www.cis.upenn.edu/~stevez/plas06.html.

VSRW 2006 Voting System Ratings Workshop, Washington DC, USA, June 8-9, 2006. [posted here 4/7/06]
This workshop, co-sponsored by NIST and NSF, and located at George Washington University, will be a follow-up of the highly successful one on Threats to Voting Systems, organized by NIST in October 2005.
Numerous election procedures and supporting technologies have been used over the centuries, yet no formal methodology for examining these exists. This absence is particularly conspicuous today, and the discovery of several security vulnerabilities in commercially available voting systems has led to confusion about the merits of voting systems. A rigorous objective rating framework for comparing and evaluating systems, based on their performance with respect to desirable properties, would expose a rich field of theoretical and practical challenges, and go a long way towards restoring faith in voting technology. This workshop will take the first steps towards an objective rating framework. The Technical Committee calls for submissions that focus on one of:
- Voting System Straw Models: Straw models of one of the following types of voting systems: (a) those with Voter Verifiable Paper Audit Trails (VVPAT), (b) those using optical scan, (c) those using modular architectures ("frogs"), where vote generation is separate from vote casting, and (d) those based on cryptography.
- Privacy Threats and Reliability Vulnerabilities
- Ratings: Measures of system performance (preferably derived from rigorous definitions) with respect to one or more of the following desirable properties: integrity, privacy and reliability.

For more information, please see http://vote.cs.gwu.edu/vsrw2006/.

MOSIDS 2006 Workshop on Management of Security in Dynamic Systems, Held in conjunction with the International Conference on Emerging Trends in Information and Communication Security (ETRICS’06), Freiburg, Germany, June 6-9, 2006. (Submissions due 15 April 2006) [posted here 3/13/06]
This workshop focuses primarily on modern, outstanding approaches to provide security guarantees in dynamic systems, as well as practical experiences on deploying secure ubiquitous computing applications. Thematically, this workshop focuses on, but is not restricted to:
- Scenarios and applications for dynamic systems
- Security architectures and mechanisms for dynamic systems
- Policy languages for changing requirements
- Mapping changing requirements into IT
- Service engineering for secure dynamic systems
- Dependability in spite of change

For more information, please see http://www.etrics.org/workshop_mosids.php.

ACNS 2006 4th International Conference on Applied Cryptography and Network Security , Singapore, June 6-9, 2006. [posted here 7/20/05]
Original papers on all technical aspects of cryptology and network security are solicited for submission to ACNS'06, the 4th annual conference on Applied Cryptography and Network Security. There are two tracks for ACNS: an academic track and an industrial track. The latter has an emphasis on practical applications. The PC will consider moving submissions between tracks if the PC feels that a submission is more appropriate for that track (with author permission). Topics of relevance include but are not limited to:
- Applied cryptography, cryptographic constructions
- Cryptographic applications: payments, fair exchange, time-stamping, auction, voting, polling
- Denial of service: attacks and countermeasures
- Email security, spam prevention
- Fundamental services on network and distributed systems: authentication, data integrity, confidentiality, authorization, non-repudiation, and availability
- Implementation, deployment and management of network security policies
- Integrating security in Internet protocols: routing, naming, TCP/IP, multicast, network management
- Integrating security services with system and application security facilities and protocols: message handling, file transport/access, directories, time synchronization, database management, boot services, mobile computing
- Intellectual property protection: protocols, implementations, metering, watermarking, digital rights management
- Intrusion avoidance, detection, and response: systems, experiences and architectures
- Network perimeter controls: firewalls, packet filters, application gateways
- Public key infrastructure, key management, certification, and revocation
- Securing critical infrastructure: routing protocols, and emergency communication
- Security and privacy for emerging technologies: sensor networks, wireless/mobile (and ad hoc) networks, bluetooth, 802.11, and peer-to-peer systems
- Security of limited devices: light-weight cryptography, efficient protocols and implementations
- Security modeling and protocol design in the context of rational and malicious adversaries
- Usable security and deployment incentives for security technology
- Virtual private networks
- Web security and supporting systems security, such as databases, operating systems, etc.

For more information, please see http://acns2006.i2r.a-star.edu.sg/.

ETRICS 2006 International Conference on Emerging Trends in Information and Communication Security, FREIBURG, GERMANY, June 6-9, 2006. [posted here 10/24/05]
Protecting information and communication systems and services from malicious use is essential for their deployment and acceptance. In addition to applying techniques from traditional security research and security engineering, it is necessary to take into account the vulnerabilities originating from increased mobility at application level and the integration of security requirements into business processes. ETRICS solicits research contributions focusing on emerging trends in security and privacy. Submissions may present foundational research in security and privacy, report experiences from novel applications of security technologies, as well as discuss their changing impact on society and economy. Topics of interest include but are not limited to:
- Access control and secure audit
- Analysis of security protocols
- Anonymity services
- Cryptographic primitives
- Electronic payment systems
- Enforcement of security policies
- Language-based security
- Privacy and identity management
- Secure mobile code
- Secure operating systems
- Security requirements engineering
- Security verification
- Vulnerability and threat analysis

For more information, please see http://www.etrics.org/.

POLICY 2006 7th IEEE International Workshop on Policies for Distributed Systems and Networks, London, Ontario, Canada, June 5-7, 2006. [posted here 11/17/05]
The policy workshop aims to bring together researchers and practitioners working on policy-based systems across a wide range of application areas including policy-based networking, security management, storage area networking, and enterprise systems. Policy 2006 is the 7th in a series of successful workshops that since 1999 have provided a forum for discussion and collaboration between researchers, developers and users of policy-based systems. This year, in addition to the latest research results from the communities working in the areas mentioned above, we encourage contributions on policy-based techniques in support of: On-demand computing/Utility Computing, SLA/Contract based Management, Virtualization and Policy-based collaboration. Topics of interest include, but are not limited to:

Policy Definition and Models:
- Abstractions and languages for policy specification processes
- Methodologies, and tools for discovering, specifying, reasoning about, and refining policy
- Extensions and refinements of policy standards
- Relationships between policies, e.g. hierarchies
- Analyzing policies
- Mapping from policies to management services

Policy Applications:
- Policy models for access-control, resource allocation, systems management, QoS adaptation, intrusion detection and privacy
- Policy based networking, including active networks, mobile systems and e-commerce
- Business rules and organizational modeling
- Trust models and trust management policies
- Policies for pervasive computing
- Case studies of applying policy-based technologies
- Policy-based autonomic computing
- Policy-based utility computing
- SLA/contract based Management
- Policy based collaboration

For more information, please see http://www.csd.uwo.ca/Policy2006.

SUTC 2006 IEEE International Conference on Sensor Networks, Ubiquitous, and Trustworthy Computing, Taichung, Taiwan, June 5-7, 2006. [posted here 11/5/05]
The IEEE International Conference on Sensor Networks, Ubiquitous, and Trustworthy Computing (SUTC2006) is an international forum for researchers to exchange information regarding advancements in the state of the art and practice of sensor networks, ubiquitous and trustworthy computing, as well as to identify the emerging research topics and define the future of sensor networks, ubiquitous and trustworthy computing. The technical program of SUTC2006 will consist of invited talks, paper presentations, and panel discussions. Submissions of high quality papers describing mature results or on-going work are invited. Topics for submission include but are not limited to:
- Sensor network architecture and protocols
- Operating systems
- Routing protocols
- Data storage
- Ubiquitous computing and Ad Hoc networking
- Ubiquitous intelligence and smart spaces
- Embedded chips, sensor, and actuator
- Self-adaptive and self-healing systems
- Topology construction and coverage maintenance
- Energy and mobility management
- Context and location aware applications
- Data gathering, fusion, and dissemination
- Distributed coordination algorithms
- Complexity analysis of algorithms
- QoS, security, privacy, reliability, and social issues
- Trust establishment, negotiation, and management
- Authentication and access control
- Intrusion detection and tolerance
- Design and programming methodologies for wireless systems
- Formal methods for analysis of wireless systems
- Performance evaluation and modeling of mobile and wireless networks
- Simulation languages and systems for wireless systems
- Testing and debugging techniques for wireless systems
- Personel Area Networks
- Database management systems and mobile computing
- User interface technologies
- Applications of wireless sensor networks

For more information, please see http://sutc2006.asia.edu.tw/.

USENIX 2006 USENIX Annual Technical Conference, Boston, MA, USA, May 30-June 3, 2006. [posted here 9/13/05]
The 2005 USENIX Annual Technical Conference General Session Program Committee seeks original and innovative papers that further the knowledge and understanding of modern computing systems, with an emphasis on practical implementations and experimental results. We encourage papers that break new ground or present insightful results based on experience with computer systems. The USENIX conference has a broad scope, and we encourage papers in a wide range of topics in systems, including:
- Architectural interaction
- Benchmarking
- Deployment experience
- Distributed and parallel systems
- Embedded systems
- Energy/power management
- File and storage systems
- Networking and network services
- Operating systems
- Reliability, availability, and scalability
- Security, privacy, and trust
- Self-managing systems
- Usage studies and workload characterization
- Virtualization
- Web technology
- Wireless and mobile systems

For more information, please see http://www.usenix.org/events/usenix06/index.html.

I-NetSec 2006 4th Working Conference on Privacy and Anonymity in Networked and Distributed Systems, Held in conjunction with the 21st IFIP TC-11 International Information Security Conference, Karlstad, Sweden, May 22-24, 2006. [posted here 9/6/05]
Privacy and anonymity are increasingly important aspects in electronic services. The workshop will focus on these aspects in advanced distributed applications, such as m-commerce, agent-based systems, P2P, ... Suggested topics include, but are not restricted to:
- Models for threats to privacy and/or anonymity
- Models and measures for privacy and/or anonymity
- Secure protocols that preserve privacy and/or anonymity
- Anonymous and/or privacy-preserving credential systems
- Privacy, anonymity and peer-to-peer systems
- Privacy, anonymity and mobile agents
- Privacy, anonymity in payment systems
- Privacy, anonymity in pervasive computing applications
- Anonymous communication systems
- Legal issues of anonymity
- Techniques for enhancing privacy in existing systems

For more information, please see http://www.sec2006.org/index.php?INETWS=true.

SEC 2006 21st IFIP TC-11 International Information Security Conference, Karlstad, Sweden, May 22-24, 2006. [posted here 7/12/05]
The IT environment now includes novel, dynamic approaches such as: mobility, wearability, ubiquity, ad hoc use, mind/body orientation, and business/market orientation. This modern environment challenges the whole information security research community to focus on interdisciplinary and holistic disciplines whilst retaining the benefit of previous research efforts. Papers offering research contributions focusing on dynamic environments in addition to other aspects of computer security and privacy are solicited for submission to the 21st IFIP International Information Security Conference. Papers may present theory, applications or practical experiences on security and privacy topics including, but not limited to:
- Mobile or Ubiquitous technologies
- Wireless or Ad-hoc systems
- Changing organizational environments
- Implications for virtual organizations
- Crossing organizational/national boundaries
- Process orientation
- New business models
- Offshoring/Nearshoring and outsourcing
- New markets
- Marketing and awareness
- Biometrics
- E-applications
- DRM & content security
- Applications of cryptography
- Authentication, Authorization, and Access Control
- Data Protection
- Multilateral security
- Identity management
- Privacy and Privacy Enhancing Technologies (PETs)
- Computer forensics
- Internet and web security
- Information hiding
- Sensor networks
- Intrusion detection
- Attacks and malware
- Systems development
- Architectures
- Security management
- Verification, Assurance, Metrics, and Measurements
- Data and system integrity
- Information warfare and Critical infrastructure protection
- Risk analysis and risk management
- Law and ethics
- Education

For more information, please see http://www.sec2006.org/.

Oakland 2006 The 2006 IEEE Symposium on Security and Privacy, The Claremont Resort, Berkeley/Oakland, California, USA, May 21-24, 2006. [posted here 9/12/05]
Since 1980, the IEEE Symposium on Security and Privacy has been the premier forum for the presentation of developments in computer security and electronic privacy, and for bringing together researchers and practitioners in the field. Previously unpublished papers offering novel research contributions in any aspect of computer security or electronic privacy are solicited for submission to the 2005 symposium. Papers may represent advances in the theory, design, implementation, analysis, or empirical evaluation of secure systems, either for general use or for specific application domains. Topics of interest include, but are not limited to, the following:
- Access Control and Audit
- Anonymity and Pseudonymity
- Authentication, including Phishing
- Automated and Large-Scale Attacks
- Biometrics
- Commercial and Industrial Security
- Data Integrity
- Database Security
- Denial of Service
- Distributed Systems Security
- Electronic Privacy
- Information Flow
- Intrusion Detection
- Language-Based Security
- Malicious Code
- Mobile Code and Agent Security
- Network Security
- Peer-to-Peer Security
- Secure Hardware and Smartcards
- Security Protocols
- Security Verification
- Security of Mobile Ad-Hoc Networks

The full call for papers can be found at http://www.ieee-security.org/TC/SP2006/oakland06-cfp.html.

WSSS 2006 IEEE Workshop on Web Services Security, Held in conjunction with the 2006 IEEE Symposium on Security and Privacy, Berkeley, California, USA, May 21, 2006. [posted here 3/13/06]
The advance of Web Services technologies promises to have far reaching effects on the Internet and enterprise networks. Web services based on eXtensible Markup Language (XML), Simple Object Access Protocol (SOAP) and related open standards in the area of Service Oriented Architectures (SOA) allow data and applications to interact without human intervention through dynamic and adhoc connections. However, the security challenges presented by the Web Services approach are formidable. Many of the features that make Web Services attractive are at odds with traditional security models and controls. This workshop will explore the challenges in the area of Web Services Security ranging from security issues in XML, SOAP and UDDI to higher level issues such as advanced metadata, general security policies and service assurance. Topics of interest include, but are not limited to the following:
- Web services and GRID computing security
- Authentication and authorization
- Integrity and transaction management for Web Services
- Use of Web Services in Trusted Computing Platform
- Semantic aware Web Services security
- Privacy and digital identity
- Trust negotiation for Web Services
- Secure web service composition and workflows

For more information, please see http://www.ieee-security.org/Calendar/cfps/cfp-WSSS.html.

Cluster-Sec 2006 2nd International Workshop on Cluster Security, Held in conjunction with the Sixth IEEE/ACM International Symposium on Cluster Computing and the Grid (CCGrid), Singapore, May 16-19, 2006. [posted here 10/24/05]
After successful Internet attacks on HPC centers worldwide, there has been a paradigm shift in cluster security strategies. Clusters are no longer thought of as just a collection of individual computers but rather as an integrated single unit in which any breach may result in a "class break" compromise of the entire cluster. Furthermore, it has also been shown that clusters communicating via grids create dependent risks between clusters such that any cluster compromise may cascade to effect an entire grid. This workshop focuses on stimulating new ideas in order to reshape cluster protection strategies. Papers with demonstrated results will be given priority. A list of potential topics includes but is not limited to the following:
- secure on-demand computing (single machine)
- secure multi-cluster computing (a single job spread across clusters)
- cluster security as an emergent property
- analysis of cluster attacks
- new techniques to protect clusters
- virtualization approach for secure cluster computing
- visualizing cluster security
- commercial grade cluster security
- high availability clusters
- reliability enhancement techniques for large clusters
- fault detection in clusters
- cluster rejuvenation
- cluster failover
- cluster survivability/recoverability
- cluster-specific intrusion detection
- the relationship between cluster security and grid security
- cluster security vulnerabilities
- cluster security best practices
- storage clusters
- storage security on clusters
- storage survivability on clusters

For more information, please see http://www.ncassr.org/projects/cluster-sec/ccgrid06/.

iTrust 2006 4th International Conference on Trust Management, Pisa, Tuscany, Italy, May 16-19, 2006. [posted here 9/13/05]
The iTrust international Conference looks at trust from multidisciplinary perspectives: economic, legal, psychology, philosophy, sociology, as well as information technology. Building upon the work of the IST iTrust working group (http://www.itrust.uoc.gr) and the success of the three previous iTrust International conferences, the aims of iTrust'2006 are to attract a critical mass of experts from industry, government, and academia with a keen interest in the area of trust management. Full technical papers contributing to the issue of trust management are solicited in relevant areas, including but not limited to:
- The legal notion of trust in computer science and engineering
- Requirements and methodologies to ensure that the user can reasonably trust the functioning of software systems
- Trust management frameworks for secure collaborations in dynamic Virtual Organisations
- Design of trust-based architectures and decision-making mechanisms for e-community and e-service interactions
- Trust specification, analysis and reasoning
- Dynamics of trust dispositions and relations
- Realization of prototypes of software architectures and applications
- Trust elements in contract negotiation, execution monitoring, re-negotiation and arbitration
- Legal contribution to trust in technological infrastructures and interactions: the on-line identification of subjects, the evaluation of their reliability, data protection, security, privacy and, confidentiality, commercial transactions, the resolution of disputes, software agents, and management of access to source code
- Trust in interaction and cooperation mediated through computer and network, and the balance of control and intervention
- Research in on-line trust, the trust of the consumer towards the web sites of distribution companies
- Analysis of the relationship between trust and such notions as Confidence, distrust, diffidence, expectation, risk, and reliance

For more information, please see http://www.iit.cnr.it/iTrust2006/.

PSACE 2006 1st International Workshop on Privacy and Security in Agent-based Collaborative Environments, Held in conjunction with the fifth International Joint Conference on Autonomous Agents and Multi-Agent Systems (AAMAS 2006), Future University-Hakodate, Japan, May 9, 2006. [posted here 2/3/06]
PSACE aims to provide a forum to discuss privacy and legal issues raised by multi-agent systems as well as to describe research results regarding privacy technology in distributed collaborative environments. The main topics of interest include but are not limited to:
- Privacy and security for collaboration in distributed environments
- Privacy and security in wireless and ad hoc environments
- Privacy in location-aware and context-aware services
- Security protocols for agent-based collaboration systems
- Assessing impact of distributed collaboration on privacy
- Effect of environment on collaborative strategies
- Effect of negotiation strategies on privacy
- Confidentiality and privacy in critical applications (healthcare application, business-to-business, etc.)
- Applications of privacy in distributed collaborative environments
- Individual privacy retention during collaboration and individual privacy among agent societies and institutions
- Infrastructural support for privacy in distributed collaborative environments: architectures, mechanisms, models/frameworks and implementation
- Privacy issues for agent societies and institutions considered as a group
- Impact of security on the openness and usability of the agent architecture
- Privacy and other socio-legal aspects of collaborative MAS
- Integration of security and privacy mechanisms across multiple agent platforms
- Multi-agent systems and rights management systems for tracking of intellectual property and workflow
- Privacy in pervasive computing
- Privacy and provenance and dissemination
- Privacy in relation to varying degrees of trust and reliability
- Operational schemes and workflows for managing rights and intellectual property
- Agent coalition and privacy preserving
- Privacy preserving distributed data mining

For more information, please see http://secml.otago.ac.nz/privacy2006/.

ACIS 2006 Applied Cryptography and Information Security Workshop, Held in conjunction with International Conference on Computational Science and its Applications (ICCSA 2006) Glasgow, UK, May 8-11, 2006. [posted here 11/11/05]
Applied Cryptography and Information Security are essential elements in this digital era. Commerce activities, business transactions and government services have been, and more and more of them will be, conducted and offered over open computer and communication networks such as Internet. The role of applied cryptography and information security thus becomes more and more important in computer science. Academic research in these two areas often draws the interest from various industries since it carries over the confidence found in the physical world to the electronic world. ACIS '06 provides a platform for researchers, scholars and practitioners to exchange new ideas for solving various open problems in this area. Topics of relevance include but are not limited to the following areas:
- Accountability and audit trail
- Anonymity and pseudonymity
- Authentication and access control
- Data confidentiality and integrity
- Delegation of authority
- Identity-based cryptography
- Pairing-based cryptography
- PKI and its alternatives
- Block ciphers
- Cryptographic primitives
- Hash functions and MAC
- Secure model and protocol
- Digital signature
- Key exchange protocol
- Public key encryption
- Time stamping
- Exposure-resilient cryptography
- Privacy-enhancing technology
- Provable security
- Applications security and malicious codes
- Computer forensics and cybercrime
- Electronic commerce and democracy

For more information, please see http://www.acis06.org/.

SAC-TRECK 2005 21st ACM Symposium on Applied Computing: Trust, Recommendations, Evidence and other Collaboration Know-how Track(TRECK), Dijon, France, April 23-27, 2006. [posted here 5/23/05]
Computational models of trust and mechanisms based on the human notion of trust have been gaining momentum. One reason for this is that traditional security mechanisms are challenged by open, large scale and decentralised environments. The use of an explicit trust management component goes beyond security though. The goal of the ACM SAC 2006 TRECK track remains to review the set of applications that benefit from the use of computational trust. Computational trust has been used in reputation systems, risk management, collaborative filtering, social/business networking services, dynamic coalitions and virtual organisations. The TRECK track covers all computational trust applications, especially those used in the real world. The topics of interest include, but are not limited to:
- Recommender and reputation systems
- Trust-enhanced collaborative applications
- Tangible guarantees given by formal models of trust and risk
- Trust metrics assessment and threat analysis
- Pervasive computational trust and use of context-aware features
- Trade-off between privacy and trust
- Trust/risk-based security frameworks
- Automated collaboration and trust negotiation
- Trust in peer-to-peer systems
- Technical trust evaluation, especially at the identity level
- Impacts of social networks on computational trust
- Evidence gathering and management
- Real-world applications, running prototypes and advanced simulations
- Applicability in large-scale, open and decentralised environments
- Legal and economic aspects related to the use of trust engines
- User-studies and user interfaces of computational trust applications

For more information, please see http://www.trustcomp.org/treck/.

PEP 2006 Workshop on Privacy-Enhanced Personalization, Held in conjunction with the International Conference for Human-Computer Interaction (CHI 2006), Montréal, Canada, April 22-23, 2006. [posted here 11/30/05]
Personalizing people's interaction with computer systems entails gathering considerable amounts of data about them. As numerous recent surveys have consistently demonstrated, computer users are very concerned about their privacy. Moreover, the collection of personal data is also subject to legal regulations in many countries and states. Both user concerns and privacy regulations impact frequently-used personalization methods. This workshop will explore the potential of research on "privacy-enhanced personalization," which aims at reconciling the goals and methods of user modeling and personalization with privacy constraints imposed by individual preferences, conventions and laws. The workshop will look at the following questions:
- How much personal data do individual personalization methods really need? Can we find out in advance or in hindsight what types of data contribute to reasonably successful personalization in a specific application domain, and restrict data collection to these types of data?
- What are motivators for people to disclose personal information, and what motivators are present in what kinds of personalization? How can the presence of such motivating factors be conveyed to users?
- If discrepancies between users' stated privacy attitudes and observed privacy behavior are rampant, what methods should be chosen under what circumstances to conduct empirical research on privacy?
- If privacy decisions are impaired by limited information and bounded rationality, how can we help people make better choices?
- In this context, what is the status of "privacy preferences"?
- How much can we benefit from anonymity or pseudonymity infrastructures and trusted third parties, and are there limits that should be observed?
- Are distributed user models an answer or a problem from a privacy perspective?
- Does personalization in mobile and ubiquitous computing contexts pose additional challenges? How can they be overcome?
- Is client-side personalization a possible answer to privacy concerns and legal restrictions? What technical, legal and business obstacles will have to be overcome?
- What should an ideal legal framework look like from the perspective of privacy-enhanced personalization?

For more information, please see http://www.isr.uci.edu/pep06.

DeSeGov 2006 Workshop on Dependability and Security in e-Government, Held in conjunction with the 1st International Conference on Availability, Reliability and Security (ARES 2006), Vienna, Austria, April 20-22, 2006. [posted here 1/9/06]
The aim of this workshop is to foster a forum for discussing and presenting recent research results on dependability and security in e-Government applications. Scientific rigor and discussions of state of the art of dependability and security in e-Government are strongly encouraged. Besides, innovative research work in progress and studies of dependability aspects of practical e-Government projects and systems implementation are also welcome. Topics of interest include, although not limited to, the following:
- Trust and security: provisions and instruments
- Online availability of public services
- Service survivability and maintainability
- Interoperability of services
- Security in e-democracy (including e-participation and e-voting)
- E-justice (administration and workflow security for legal processes)
- Secure federating information access (from different government and third party agencies)
- Security and reliability in media integration
- Secure e-government and Identity Management
- Security and reliability of Smart Card System
- Availability and reliability of mobile services
- Data protection and data privacy (e.g. e-health and e-education)
- Intrusion detection and prevention
- Anti-spam legislation and solution
- Public-private- partnerships management
- Role-based management and usage restriction

For more information, please see http://www.ares-conf.org/?q=DeSeGov.

ARES 2006 1st International Conference on Availability, Reliability and Security, Held in conjunction with the IEEE 20th International Conference on Advanced Information Networking and Applications (AINA 2006), Vienna, Austria, April 20-22, 2006. [posted here 9/26/05]
ARES 2006 aims at a full and detailed discussion of the research issues of dependability as an integrative concept that covers amongst others availability, safety, confidentiality, integrity, maintainability and security in the different fields of applications. Topics of interest include, but are not limited to:
- Secure Enterprise Architectures
- (Process based) Security Models/Methods
- Risk planning, analysis & awareness
- Availability and Reliability
- Reliability Models
- Failure Prevention
- Dependability Assessment
- Standards, Guidelines and Certification
- Common Criteria Protocol
- Security in Distributed Systems / Distributed Databases
- Dependability in Open Source Software
- Authorization and Authentication
- Dependability Requirement Engineering
- Network Security
- Software Security
- Dependability Modelling and Prediction
- Cryptographic protocols
- Intrusion Detection and Fraud Detection
- Privacy-enhancing technologies
- Security and privacy issues for sensor networks, wireless/mobile devices and applications
- Security and Trust Management in P2P and Grid applications
- Survivability of Computing Systems
- Interoperability aspects
- Security as Quality of Service.
- Information Flow Control
- Dependability Modelling and Prediction
- Tools for Dependable System Design and Evaluation
- Temporal Aspects of Dependability
- Dependability administration
- Dependability Measurement and Analysis
- Dependability Benchmarking
- Trust Models and Trust Management
- Fault/Bug Tolerant Aspects
- Internet Dependability
- E-Commerce Dependability
- Safety Critical Systems
- Software Engineering of Dependable Systems
- Dependability Aspects of Mobile Government (m-Government)
- Dependability Aspects of Electronic Government (e-Government)
- Effectivity of Biometrics
- Security in Electronic Voting
- Security Issues for Ubiquitous Systems
- Availability of Pervasive Computing Systems
- Dependability Aspects for Special Applications (e.g ERP-Systems, Logistics)
- Designing Business Models with security requirements
- Security for Biometrics Applications
- Security in Electronic Payments
- Incident Response and Prevention
- Mobile Resources/Services
- Mobile Security
- VOIP/wireless Security
- Web Security
- RFID Security and Privacy
- User Interfaces and Dependability
- Legal issues
- IPR of Security Technology

For more information, please see http://www.ifs.tuwien.ac.at/ares2006/.

SPC 2006 3rd International Conference on Security in Pervasive Computing, York, UK, April 18-21, 2006. [posted here 5/9/05]
The security of pervasive computing is a critically important area for commerce, the public sector, academia and the individual citizen. Although pervasive computing presents exciting enabling opportunities, the benefits will only be reaped if security aspects can be appropriately addressed. Threats exploiting vulnerabilities of new kinds of user interfaces, displays, operating systems, networks, and wireless communications give rise to new concerns about loss of confidentiality, integrity, privacy, and availability. How can these risks be reduced to an acceptable level? Original research contributions are sought in all areas relating to the security of pervasive computing. Topic include (but are not restricted to):
- Models for access control, authentication and privacy management
- Biometric methods in pervasive computing systems
- Tradeoffs between security and other criteria (e.g. due to deployment on resource constrained devices)
- Protocols for trust management in pervasive computing networks
- Analysis of protocols for pervasive computing
- Hardware security issues for pervasive computing
- Audit and accountability in pervasive systems
- Non-technical implications of pervasive computing

For more information, please see http://www.cs.york.ac.uk/security/spc-2006/spc-2006-cfp.html.

SNDS 2006 2nd International Workshop on Security in Networks and Distributed Systems, Held in conjunction with the IEEE 20th International Conference on Advanced Information Networking and Applications (AINA 2006), Vienna, Austria, April 18-20, 2006. [posted here 26/9/05]
Security is an important issue in the research of networks and distributed systems, ranging from the traditional computer networks to newly proliferated areas like sensor networks, P2P systems, and ubiquitous computing. The security threats exploited the weakness of protocols as well as operating systems, and also extended to attack Internet applications such as database systems and web servers. The attacks, including Distributed Deny of Service, Virus, Buffer Overflows and Worms, are causing more economic damages and arouse more attentions. To achieve a secured distributed system, the cybersecurity aspects, namely, data confidentiality, authentication, nonrepudiation, data integrity, privacy, access control and availability, should be fully attained. This workshop provides a forum for academic and industry professionals to discuss recent progress in the area of network and distributed system security, and includes studies on security attacks that occur in today networks, security mechanisms that are designed to detect, prevent, or recover from a security attack and security services that are available to enhance system security. Topics of interest include, but are not limited to:
- Distributed digital signatures
- Distributed denial of service attacks
- Distributed intrusion detection and protection systems
- Distributed access control and firewalls
- Security in e-commerce and e-business and other applications
- Security in P2P networks and Grid computing
- Security in mobile and pervasive computing
- Security architectures in distributed and parallel systems
- Security theory and tools in distributed and parallel systems
- Ad hoc and sensor network security
- Buffer overflows
- Cryptographic algorithms
- Data privacy and trustiness
- Information hiding and multimedia watermarking in distributed systems
- Key management and authentication
- Mobile codes security
- Network security issues and protocols
- Software security
- World Wide Web Security

For more information, please see http://www.comp.polyu.edu.hk/SNDS06/.

ISPEC 2006 Workshop on Secure Software Engineering Education & Training, Turtle Bay, Oahu, Hawaii, April 18, 2006. [posted here 7/31/05]
Driven by awareness of the rampant Internet-wide explosion in exploitation of software vulnerabilities, a growing market (and potentially regulatory) demand exists for low-defect, secure software. Current commonplace software specification, design, implementation, and testing practices provide users with software containing numerous defects and security vulnerabilities. Industry needs processes that effectively and efficiently incorporate rigorous techniques for producing secure software and practitioners that are motivated, disciplined, and proficient in their execution. These practitioners must come from both the existing workforce and new graduates. While industry clearly plays a central role in changing software production practices, higher education needs to step up to the crucial role it must play if this change – critical to meeting both commercial and national security needs – is to occur by helping create the required workforce through initial and continuing education. This pioneering workshop will consist of a mixture of presentations, panels and discussions, covering a range of select topics, including – identification of workforce skill set requirements, experiences and plans for secure software engineering education and training, instructional and change efforts, and innovative and proven methods in the field.

For more information, please see http://www.jmu.edu/iiia/wsseet/.

IWIA 2006 4th IEEE International Information Assurance Workshop, Royal Holloway, UK, April 13-14, 2006. [posted here 6/14/05]
The IEEE Task Force on Information Assurance is sponsoring a workshop on information assurance in cooperation with the ACM SIGSAC on research and experience in information assurance. The workshop seeks submissions from academia, government, and industry presenting novel research, applications and experience, and policy on all theoretical and practical aspects of IA. Possible topics include, but are not limited to the following:
- Operating System IA & S
- Storage IA & S
- Network IA & S
- IA Standardization Approaches
- Information Sharing in Coalition Settings
- Security Models
- Survivability and Resilient Systems
- Formal Methods and Software Engineering for IA
- Proactive Approaches to IA
- CCITSE Experience and Methodology
- Intrusion Detection, Prediction, and Countermeasures
- Insider Attack Countermeasures
- Specification, Design, Development, and Deployment of IA Mechanisms
- Policy Issues in Information Assurance

For more information, please see http://iwia.org/2006/.

ISPEC 2006 2nd Information Security Practice and Experience Conference, Hangzhou, China, April 11-14, 2006. [posted here 7/9/05]
As applications of information security technologies become pervasive, issues pertaining to their deployment and operation are becoming increasingly important. ISPEC is an annual conference that brings together researchers and practitioners to provide a confluence of new information security technologies, their applications and their integration with IT systems in various vertical sectors. Authors are invited to submit full papers presenting new research results related to information security technologies and applications. Areas of interest include, but are not limited to:
- Applications of cryptography
- Critical infrastructure protection
- Digital rights management
- Economic incentives for deployment of information security systems
- Information security in vertical applications
- Legal and regulatory issues
- Privacy and anonymity
- Risk evaluation and security certification
- Resilience and availability
- Secure system architectures
- Security policy
- Security standards activities
- Trust model and management
- Usability aspects of information security systems

For more information, please see http://ispec2006.i2r.a-star.edu.sg/.

WEBIST 2006 2nd International Conference on Web Information Systems and Technologies, Setúbal, Portugal, April 10-13, 2006. [posted here 8/12/05]
The purpose of the 2nd International Conference on Web Information Systems and Technologies (WEBIST-2006) is to bring together researchers, engineers and practitioners interested in the technological advances and business applications of web-based information systems. The conference has four main track, covering different aspects of Web Information Systems, including Internet Technology, Web Interfaces and Applications, Society, e-Communities, e-Business and, last but not least, e-Learning. WEBIST focuses on real world applications; therefore authors should highlight the benefits of Web Information Systems and Technologies for industry and services, in addition to academic applications. Possible topics include, but are not limited to the following:
AREA 1 - INTERNET TECHNOLOGY
- XML and data management
- Web Security and Privacy
- Intrusion Detection and Response
- Authentication and Access Control
- Grid Computing
- Web Services and Web Engineering
- System Integration
- Databases and Datawarehouses
- Wireless Applications
- Distributed and Parallel Applications
- Protocols and Standards
- Network systems, proxies and servers
AREA 2 - WEB INTERFACES AND APPLICATIONS
- Multimedia and User interfaces
- Accessibility issues and Technology
- User Modeling
- Web Personalization
- Usability and Ergonomics
- Personalized Web Sites and Services
- Portal strategies
- Searching and Browsing
- Ontology and the Semantic Web
- Metadata and Metamodeling
- Web mining
- Digital Libraries
AREA 3: SOCIETY, e-COMMUNITIES and e-BUSINESS
- e-Business and e-Commerce
- e-Payment
- B2B, B2C and C2C
- Knowledge Management
- Social Networks and Organizational Culture
- Social Information Systems
- Communities of practice
- Communities of interest
- Social & Legal Issues
- Tele-Work and Collaboration
- e-Government
AREA 4: e-LEARNING
- e-Learning standards and tools
- Web-based Education
- Web-based Teaching and Learning Technologies
- Designing Learning Activities
- Content-based and Context-based Learning
- Learning Materials Development
- Intelligent Tutoring Systems
- Virtual Learning Communities
- Case-studies and applications
- Competition and Collaboration
- Software tools for e-Learning

For more information, please see http://www.webist.org/.

WIA 2006 Workshop on Information Assurance, Held in conjunction with the 25th IEEE International Performance Computing and Communications Conference (IPCCC), Phoenix, Arizona, April 10-12, 2006. [posted here 10/31/05]
We seek papers that address theoretical, experimental, systems-related and work in-progress in the area of Information Assurance at the network and system levels. We expect to have three types of sessions - the first related to survivability and fault tolerance, the second related to security, and the third related to the interactions between security and survivability. Papers should describe original, previously unpublished work, not currently under review by another conference, workshop, or journal. Papers accepted for presentation will be published in the IPCCC conference proceedings. The workshop will also include invited papers. Topics of interest include, but are not limited to:
- Authorization and access-control
- Web services security
- Database and system security
- Risk analysis and security management
- Security verification/validation
- Wireless LAN Security
- Restoration techniques for networks
- Reliability/Availability of IP networks
- Digital Rights Management
- DoS protection for the Internet
- Cryptographic protocols and Key management
- Intrusion Detection Techniques
- Ad hoc and sensor network security
- Models and architectures for systems security and survivability
- Security and survivability in optical networks
- E/M-commerce security and survivability architectures
- Public policy issues for security and survivability

For more information, please see http://www.sis.pitt.edu/~lersais/WIA2006/.

PKI R&D Workshop 2006 5th Annual PKI R&D Workshop: Making PKI Easy to Use, Gaithersburg, MD, USA, April 4-6, 2006. [posted here 9/7/05]
This workshop considers the full range of public key technology used for security decisions and supporting functionalities, including authentication, authorization, identity (syndication, federation, and aggregation), and trust. This year, the workshop has a particular interest in novel approaches to simplifying the use and management of X.509 digital certificates, both within and across enterprises. This workshop has three goals: (1)Explore the current state of public key technology and emerging trust mechanisms in different domains including web services; grid technologies; encryption functionality; authentication systems, et al., in academia, government and the private sector; (2) Share & discuss lessons learned and scenarios from vendors and practitioners on current deployments; (3) Provide a forum for leading security researchers to explore the issues relevant to the PKI space in areas of security management, identity, trust, policy, authentication, authorization and encryption (e.g., supporting privacy requirements). Topics include (but are not limited to):
- Federated versus Non-Federated trust models
- Standards related to PKI and security decision systems, such as X.509, SPKI/SDSI, PGP, XKMS, XACML, XRML, XML signatures and SAML
- Cryptographic and alternative methods for supporting security decisions, including the characterization and encoding of data
- Intersection of assertion-based systems and PKI
- Human-Computer Interaction (HCI) advances that improve usability of PKI for users and administrators
- Privacy protection and implications
- Use of PKI in emerging technologies (i.e., sensor networks)
- Scalability of security systems
- Security of the components of PKI systems
- Security infrastructures for constrained environments
- Improved human factor designs for security-related interfaces including authorization and policy management, naming, use of multiple private keys, and selective disclosure
- New paradigms in PKI architectures
- Reports of real-world experience with the use and deployment of PKI, including the use of digital certificates with major off-the-shelf application programs, how best to integrate such usage into legacy systems, and future research directions.

For more information, please see http://middleware.internet2.edu/pki06/.

WITS 2006 6th International Workshop on Issues in the Theory of Security, Vienna, Austria, March 25-26, 2006. [posted here 10/24/05]
WITS is the official workshop organised by the IFIP WG 1.7 on "Theoretical Foundations of Security Analysis and Design", established to promote the investigation on the theoretical foundations of security, discovering and promoting new areas of application of theoretical techniques in computer security and supporting the systematic use of formal techniques in the development of security related applications. The members of the WG hold their annual workshop as an open event to which all researchers working on the theory of computer security are invited. This is the sixth meeting of the series, and is organized in cooperation with ACM SIGPLAN and the German Computer Society (GI) working group FoMSESS. Suggested submission topics include:
- formal definition and verification of security aspects, in articular of new properties arising in novel applications
- new techniques for the formal analysis and design of cryptographic protocols and their namifold applications (e.g., electronic commerce)
- information flow modelling and its application to the theory of confidentiality policies, composition of systems, and covert channel analysis
- formal techniques for the analysis and verification of code security, including mobile code security
- formal analysis and design for prevention of denial of service
- security in real-time/probabilistic systems
- language-based security
- formal foundations of policy languages

For more information, please see http://www4.in.tum.de/~wits06/.

AsiaCCS 2006 ACM Symposium on Information, Computer and Communications Security, Taipei, Taiwan, March 21-23, 2006. [posted here 7/31/05]
Papers representing original results in both theory and practice concerning computer and communications security are solicited. Topics of interest include, but are not limited to:
- Access control and authorization
- Applied cryptography
- Authentication, biometrics, smartcards
- Data integrity and audit
- Database security
- Digital Right Management
- Distributed systems security
- E-commerce and mobile e-commerce
- Electronic privacy, anonymity
- Formal verification and testing
- Hardware design
- High speed network
- Information flow
- Intrusion detection and survivability
- Mobile code and mobile agent security
- P2P & ad hoc networks
- RFID applications
- Security protocols
- Viruses and other malicious code
- Watermarking and data hiding
- Wireless communications
- Wireless sensor networks

For more information, please see http://www.iis.sinica.edu.tw/asiaccs06/indexhome.html.

FSE 2006 13th annual Fast Software Encryption workshop, Graz, Austria, March 15-17, 2006. [posted here 7/14/05]
FSE 2006 is the 13th annual Fast Software Encryption workshop, for the fifth year sponsored by the International Association for Cryptologic Research(IACR). Original research papers on symmetric cryptology are invited for submission to FSE 2006. The workshop concentrates on fast and secure primitives for symmetric cryptography, including the design and analysis of block ciphers, stream ciphers, encryption schemes, analysis and evaluation tools, hash functions, and message authentication codes (MACs).

For more information, please see http://fse2006.iaik.tugraz.at/.

ISSSE 2006 IEEE International Symposium on Secure Software Engineering, Washington DC, USA, March 13-15, 2006. [posted here 6/14/05]
Today, security problems involving computers and software are frequent, widespread, and serious. The number and variety of attacks by persons and malicious software from outside organizations, particularly via the Internet, are increasing rapidly, and the amount and consequences of insider attacks remains serious. Over 90% of security incidents reported to the CERT Coordination Center result from defects in software requirements, design, or code. The Symposium covers all aspects of the processes, techniques, technology, people, and knowledgebase that have or need the capability to contribute to producing (more) secure software including their characteristics, interrelationships, creation, sources, transfer, introduction, use, and improvement. Potential topics include:
- Threat modeling and analysis of vulnerabilities
- Secure architectures & design
- Formal specification, designs, policies, and proofs
- Model checking for security
- Coding practices
- Static analysis and other automated support
- Processes for producing secure software
- Testing of security in software
- Certification and accreditation
- Relationships among software correctness, reliability, safety, and security
- Market and legal forces
- Lessons learned
- Ethics and human factors
- Technology transfer

For more information, please see http://www.jmu.edu/iiia/issse/.

TRIDENTCOM 2006 2nd International IEEE/Create-Net Conference on Testbeds and Research Infrastructures for the Development of Networks and Communities, Barcelona, Spain, March 1-3, 2006. [posted here 7/21/05]
Telecommunication infrastructures play a vital role in modern society. The advancements in the range of network service offerings, their performance, quality of service, security, and ubiquity are relentless, despite global economy fluctuations. The demand for high bandwidth network infrastructures is continuously growing within both academic and industrial sectors. To meet these challenges, experimental activities on infrastructures, such as testing, verification, deployment, are pivotal for academic researchers, developers, service managers and providers, as well as for end users. The management of research infrastructures is increasingly dependent on a business model that optimizes their operational price/performance ratio. For example, access to experimental infrastructures for real-life applications by specific user communities would benefit all the stakeholders involved: the end users, because of the experimental evaluation of the provided services, the researchers and infrastructure experimenters, because of the knowledge gained from case-study analysis, and the infrastructure managers, because of the business exploitation of the network.
Research on all aspects of testbed and research infrastructure operation and management will find in Tridentcom its primary forum for focused discussion. High quality papers reporting on original research and on experiment results addressing the above areas are solicited for submission. The main topics of the conference are:
- Next Generation Internet Testbeds
- Next Generation Wireless Network Testbeds
- Next Generation Optical Network Testbeds
- Ubiquitous Network Testbeds
- Wireless Sensor Testbeds
- Testbed Operation & Management for User Communities
- Testbed Operation & Management for Research Communities
- Testbed Cooperation & Integration
- Innovative Measurements Methodologies & Tools
- Traffic Measurements Testbeds
- Software Tools to Support Distributed Testbeds / Virtual Laboratories
- Management of Massive Databases of Experimental Data
- Knowledge & Technology Transfer Procedures
- Security (AAA) Testing on Open Testbeds
- Social Impacts of Infrastructures
- Infrastructure Real-Life Applications
- Business Models for Infrastructure Budgeting & Planning
- Infrastructure Renting & Pricing Policies
- Vendors & Providers Partnerships

For more information, please see http://www.tridentcom.org/.

FC 2006 10th International Conference on Financial Cryptography and Data Security, Anguilla, British West Indies, February 27 - March 2, 2006. [posted here 8/3/05]
At its 10th year edition, Financial Cryptography and Data Security (FC'06) is a well established and major international forum for research, advanced development, education, exploration, and debate regarding security in the context of finance and commerce. Original papers, surveys and presentations on all aspects of financial and commerce security are invited. Submissions must have a visible bearing on financial and commerce security issues, but can be interdisciplinary in nature and need not be exclusively concerned with cryptography or security. Possible topics for submission to the various sessions include, but are not limited to:
- Anonymity and Privacy
- Auctions
- Audit and Auditability
- Authentication and Identification, including Biometrics
- Certification and Authorization
- Commercial Cryptographic Applications
- Commercial Transactions and Contracts
- Digital Cash and Payment Systems
- Digital Incentive and Loyalty Systems
- Digital Rights Management
- Financial Regulation and Reporting
- Fraud Detection
- Game Theoretic Approaches to Security
- Identity Theft, Physhing and Social Engineering
- Infrastructure Design
- Legal and Regulatory Issues
- Microfinance and Micropayments
- Monitoring, Management and Operations
- Reputation Systems
- RFID-Based and Contactless Payment Systems
- Risk Assessment and Management
- Secure Banking and Financial Web Services
- Securing Emerging Computational Paradigms
- Security and Risk Perceptions and Judgments
- Security Economics
- Smart Cards and Secure Tokens
- Trust Management
- Trustability and Trustworthiness
- Underground-Market Economics
- Usability and Acceptance of Security Systems
- User and Operator Interfaces
- Voting system security

For more information, please see http://fc06.ifca.ai/.

Nano-Security 2006 Nano-Security Workshop, Gaithersburg, MD, USA, February 22-23, 2006. [posted here 10/10/05]
As the promise of nanotechnology is realized, researchers at the National Institute of Standards and Technology (NIST) and Southern Methodist University (SMU) recognize the importance of understanding the security issues associated with fabrication and deployment of nano-devices. The focus of the workshop is to: (1) identify new security applications enabled with the availability of nanotechnology components and (2) characterize special security threats and requirements at the nanoscale. The workshop’s main goals include: (1) Characterizing the role of nanoscale components in securing IT systems, (2) Formulating security threats and requirements for nanoscale devices and their applications, and (3) Defining nanosecurity metrology to enable fabrication of secure reliable devices. NIST solicits papers, presentations, case studies, panel proposals, and participation from any interested parties, including researchers, systems architects, vendors, and users. General topics for submissions include, but are not limited to, the following:
- Security applications that use nanotechnology
- Security requirements for nanotechnology applications
- Security characteristics of IT systems involving nanoscale components
- Security implications of nanotechnology
- Potential metrics for nanosecurity

For more information, please see http://www.csrc.nist.gov/pki/Nano-Security/index.html.

NDSS 2006 13th Annual Network and Distributed System Security Symposium, San Diego, CA, USA, February 2-3, 2006. [posted here 8/8/05]
The symposium fosters information exchange among research scientists and practitioners of network and distributed system security services. The target audience includes those interested in practical aspects of network and distributed system security, with a focus on actual system design and implementation (rather than theory). A major goal is to encourage and enable the Internet community to apply, deploy, and advance the state of available security technology. The proceedings are published by the Internet Society. Submissions are solicited in, but not limited to, the following areas:
- Integrating security in Internet protocols: routing, naming, TCP/IP, multicast, network management, and the Web.
- Intrusion prevention, detection, and response: systems, experiences and architectures.
- Privacy and anonymity technologies.
- Network perimeter controls: firewalls, packet filters, application gateways.
- Virtual private networks.
- Security for emerging technologies: sensor networks, specialized testbeds, wireless/mobile (and ad hoc) networks, personal communication systems, RFID systems, peer-to-peer and overlay network systems.
- Secure electronic commerce: e.g., payment, barter, EDI, notarization, timestamping, endorsement, and licensing.
- Supporting security mechanisms and APIs; audit trails; accountability.
- Implementation, deployment and management of network security policies.
- Intellectual property protection: protocols, implementations, metering, watermarking, digital rights management.
- Fundamental services on network and distributed systems: authentication, data integrity, confidentiality, authorization, non-repudiation, and availability.
- Integrating security services with system and application security facilities and protocols: e.g., message handling, file transport/access, directories, time synchronization, data base management, boot services, mobile computing.
- Public key infrastructure, key management, certification, and revocation.
- Special problems and case studies: e.g., tradeoffs between security and efficiency, usability, reliability and cost.
- Security for collaborative applications: teleconferencing and video-conferencing, electronic voting, groupwork, etc.
- Software hardening: e.g., detecting and defending against software bugs (overflows, etc.)
- Security for large-scale systems and critical infrastructures.

For more information, please see http://www.isoc.org/isoc/conferences/ndss/06/index.shtml.

AISW-NetSec 2006 Australasian Information Security Workshop, Hobart, Tasmania, Australia, January 16-19, 2006. [posted here 8/4/05]
The proliferation of new networking technologies and protocols has intensified concerns about confidentiality and authenticity of data. The emerging areas of ubiquitous services, peer-to-peer networks, wireless networking, and mobile ad hoc networks present challenging security problems. Providing security guarantees in these highly vulnerable and dynamic environments requires a combination of traditional techniques with new approaches. The purpose of the workshop is to promote further research interests and activities on network security. It is also aimed at increasing the synergy between academic and industrial researchers working in this area. We are interested in experimental, systems-related, and work-in-progress papers in all aspects of network security. The topics of interest include (but are not limited to):
- Wireless Network Security
- Security of Sensor and Mobile Ad Hoc Networks
- Security of GSM/GPRS/UMTS systems
- RFID security and privacy
- Intrusion Detection Systems
- Firewalls and Application gateways for wireless/mobile networks and pervasive/ubiquitous computing
- Secure group communication in ad-hoc networks
- Protection against spam, spyware, viruses, malicious software
- Secure Routing
- Denial of Service Attacks
- Web Security, Authentication & Authorization in wireless/mobile networks and pervasive/ubiquitous computing
- Security in hybrid (eg. Wired/wireless) networks
- Secure Routing Protocols
- Distributed Firewalls
- Distributed DOS

For more information, please see http://www.titr.uow.edu.au/AISWNS2006/.

DRM 2005 2nd Workshop on Digital Rights Management Impact on Consumer Communications, Held in conjunction with IEEE Consumer Communications and Networking Conference (CCNC 2006), Las Vegas, Nevada, USA, January 10, 2006. [posted here 4/22/05]
Consumers and consumer electronics are increasingly using the Internet for distribution of digital goods, including digital versions of books, articles, music, and images. The ease with which digital goods can be copied and redistributed makes the Internet well suited for unauthorized copying, modification and redistribution. The rapid adoption of new technologies such as high-bandwidth connections, wireless networks, and peer-to-peer networks is accelerating this process. This half-day workshop on Digital Rights Management Impact on Consumer Communications addresses problems faced by rights holders (who seek to protect their intellectual property rights) and by end consumers (who seek to protect their privacy and to preserve access they now enjoy in traditional media under). The workshop seeks submissions on all theoretical and practical aspects of DRM, as well as experimental studies of fielded systems on topics including, but not limited to, those shown below:
- DRM protocols
- architectures for DRM systems
- interoperability
- auditing
- business models for online content distribution
- copyright-law issues, including but not limited to fair use
- digital policy management
- information ownership
- privacy and anonymity
- risk management
- robust identification of digital content
- security issues, including but not limited to authorization, encryption, amper resistance, and watermarking
- threat and vulnerability assessment
- usability aspects of DRM systems
- web services
- CAPEX, OPEX, TCO examples/ estimations/models
- computing environments and platforms for DRM (TCP - Trusted Computing Platform)
- Implementations and case studies

For more information, please see http://www.ieee-ccnc.org/2006/conf_program/drm_workshop/index.htm.

HICSS-39 Security Minitrack 2005 Security and Survivability in Unbounded Networked Systems Minitrack, Part of the Software Technology Track, 39th Hawai'i International Conference on System Sciences (HICSS-39), Kauai, Hawaii, USA, January 4-7, 2006. [posted here 3/14/05]
The physical and logical boundaries of networked computing systems are becoming increasingly difficult to specify. Many applications, ranging from simple distributed databases to grid-based medical image manipulations, are utilizing resources of unbounded environments. For other applications, like the control of critical infrastructures, the bounds of the traditional control infrastructure are fading due to a general desire to have ease of access over the Internet. However, this increases the chances of the applications to be affected by malicious act, e.g. hacking, virus or Trojans. It is thus more important than ever to design mechanisms into the infrastructure and the applications that ensure survivability of critical or essential functionalities.

This minitrack addresses issues of security and survivability in large, non-trivial, unbounded networked computer systems, with an emphasis on recovery and adaptation. It considers systems and networks, including dynamic paradigms based on migratory agents, ad-hoc networks or grid computing. Papers on resistance and recognition that address the need or capability for safety critical software systems to "fail-safe" and "fail-secure" are also desired. Submissions will be sought from researchers in the area of system survivability, software dependability, computer and network security, fault-tolerance and intrusion tolerance, and economic or statistical modeling of secure/survivable systems. Topics include, but are not limited to:
- Survivability in unbounded systems
- Software survivability and its measurement
- Safety critical failure modes
- Network or system intrusion tolerance
- Tolerating attacks in grid computing
- Modeling malicious behavior or attacks
- Survivability and security issues of mobile agent based systems
- Survivability and security issues of ad-hoc networks
- Models for verification of vulnerability to malicious acts
- Models for measurement, evaluation, or validation of survivability
- Software and hardware fault-tolerance
- Design for dependability and/or survivability
- PRA & hybrid fault models accounting for malicious acts and events

For more information, please see http://www.cs.uidaho.edu/~krings/HICSS39.htm.