Contents
PADM 2006
IEEE International Workshop on Privacy Aspects of Data Mining,
Held in conjunction with the 6th IEEE International Conference on Data Mining (ICDM 2006),
Hong Kong, December 18, 2006.
[posted here 7/18/06]
Privacy protection in data mining is a crucial issue that has
captured the attention of many researchers and administrators across
a large number of application domains. Despite such efforts there
are still many open issues that deserve further investigation. The
workshop hopes to gather researchers and practitioners interested in
the privacy aspects of data mining, both by a technical, and a social
and legal point of views. We hope to attract interest from a wide range
of possible data mining subareas, including: web mining, medical data
mining, spatio-temporal data mining, ubiquitous knowledge discovery,
and obviously, privacy-preserving data mining.
The workshop will seek submissions that cover aspects of privacy
protection solutions and threats as they pertain to various data mining
endeavors. The following comprises a sample, but not complete,
listing of topics:
- Biomedical and healthcare data mining research privacy
- Cryptographic tools for privacy preserving data mining
- Inference and disclosure control for data mining
- Learning algorithms for randomized/perturbed data
- Legal and regulatory frameworks for data mining and privacy
- Privacy and anonymity in e-commerce and user profiling
- Privacy aspects of business processes and enterprise management
- Privacy aspects of geographic, spatial, and temporal data
- Privacy aspects of ubiquitous computing systems
- Privacy enhancement technologies in web environments
- Privacy policy infrastructure, enforcement, and analysis
- Privacy preserving link and social network analysis
- Privacy preserving applications for homeland security
- Privacy preserving data integration
- Privacy protection in fraud and identify theft prevention
- Privacy threats due to data mining
- Query systems and access control
- Trust management for data mining
For more information, please see
http://liuppamdm.univ-pau.fr/sws06/.
ICISS 2006
2nd International Conference on Information Systems Security,
Kolkata, India, December 17-21, 2006.
[posted here 3/6/06]
ICISS conference presents a forum for disseminating the latest
research results in Information Systems Security and related
areas. Topics of interest include but are not limited to:
- Authentication and Access Control
- Mobile Code Security
- Key Management and Cryptographic Protocols
- E-Business / E-Commerce Security
- Privacy And Anonymity
- Intrusion Detection and Avoidance
- Security Verification
- Database and Application Security and Integrity
- Digital Rights Management
- Security In P2P, Sensor and Ad Hoc Networks
- Secure Web Services
- Fault Tolerance and Recovery Methods For Security Infrastructure
- Threats, Vulnerabilities and Risk Management
- Commercial and Industrial Security
For more information, please see
http://www.cdcju.org.in/iciss2006/.
CANS 2006
5th International Conference on Cryptology and Network Security,
Suzhou, China, December 8-10, 2006.
[posted here 2/8/06]
The main goal of this conference is to promote research
on all aspects of network security and cryptology. It is
also the goal to build a bridge between research on cryptography
and network security. So, we welcome scientific and academic papers
that focus on this multidisciplinary area.
Areas of interest for CANS '06 include, but are not limited to, the following topics:
- Ad Hoc Network Security
- Access Control for Networks
- Anonymity and internet voting
- Cryptology
- Denial of Service
- Fast Cryptographic Algorithms
- Information Hiding
- Intrusion Detection
- IP Security
- Multicast Security
- PKI
- Phishing
- Router Security
- Secure E-Mail
- Secure protocols (SSH, SSL, ...)
- Spam
- Spyware
- Scanning
For more information, please see
http://cis.sjtu.edu.cn/cans2006/index.htm.
ASIAN 2006
11th Annual Asian Computing Science Conference,
Tokyo, Japan, December 6-8, 2006.
[posted here 7/28/06]
The theme of this year's Annual ASIAN Conference is Secure Software and
related computer security issues. The conference aims at discovering and
promoting new ways to apply theoretical and practical techniques in secure
software analysis, design, development, and operation. Papers are invited
on all aspects of theory, practice, applications, and experiences related
to this theme. Moreover, papers targeting lessons learn from and education
for the development and operation of secure software are particularly welcome.
Topics of interest include but are not limited to:
- Theoretical approaches to secure software
- Formal specification and verification of software
- Programming language semantics
- Static analysis
- Type systems and type theory for secure programming
- Automated deduction and reasoning about secure software
- Model checking for security
- Testing and aspects of security in software
- Secure protocols and networks
- Authentication and cryptography issues
- logic and semantics for protocol analysis
- Dependable and autonomic architectures and design
- Secure OS and middleware
- Artificial intelligence for secure systems
- Secure software engineering
- Education for secure software development
- Security-specific software development practices
- Case analysis and failure analysis for secure software
- Policy and standardization issues for secure software
For more information, please see
http://www.nii.ac.jp/asian2006/.
ICICS 2006
8th International Conference on Information and Communications Security,
Raleigh, NC, USA, December 4-7, 2006.
[posted here 6/8/06]
The 2006 International Conference on Information and Communications Security
(ICICS '06) will be the eighth event in the ICICS conference series,
started in 1997, that brings together researchers and scholars involved
in multiple disciplines of Information and Communications Security in
order to foster exchange of ideas.
ICICS 2006 seeks submissions from academia and industry presenting
novel research on all aspects of information and communications security,
as well as experimental studies of fielded systems.
Topics of interest include, but are not limited to, the following:
- Access Control and Audit
- Anonymity and Pseudonymity
- Authentication
- Automated and Large-Scale Attacks
- Biometrics
- Commercial and Industrial Security
- Data Integrity
- Database security
- Denial of Service
- Distributed Systems Security
- Electronic Privacy
- Information Flow
- Intrusion Detection
- Language-Based Security
- Malicious Code
- Mobile Code and Agent Security
- Network Security
- Peer-to-Peer Security
- Secure Hardware and Smartcards
- Security Protocols
- Security Verification
- Security of Emerging Networks (e.g., Ad-Hoc Networks)
For more information, please see
http://discovery.csc.ncsu.edu/ICICS06/.
WATC 2006
2nd Workshop on Advances in Trusted Computing,
Tokyo, Japan, November 30 - December 1, 2006.
[posted here 6/10/06]
Modern computer systems in large-scale, decentralized, and heterogeneous
environments are now facing the diverse threats such as from viruses and
other malware. Security research seeks to make computers safer and less
vulnerable to those IT threats, and thus more dependable. The goal of
Trusted Computing is to allow computers and servers to offer improved
computer security relative to that what is currently available.
The workshop solicits technical papers offering research contributions
spanning from foundations, theory and tools of trusted computing to
up-to-date issues. The workshop proceedings will be available at the workshop
and via its website. Papers may present theory, applications, or practical
experiences on topics including, but not limited to:
- models and principles for trusted computing
- formal models and verification
- software- or hardware-based approaches
- cryptographic approaches
- remote attestation of trusted devices
- standardization in trusted computing groups
- issues in trusted platform modules
- property-based and semantic attestation
- theory and practice for trusted virtual domains
- privacy and legal issues
- applications and case studies
- compliance and conformance
- trust evaluations of computing systems
- scalability
- applications and use cases
- system and platform architectures
- access control and information flow control
- communications
- virtualization and trusted computing
- trusted client architectures
- integrity-evaluating architectures
- integrity management infrastructures
For more information, please see
http://www.trl.ibm.com/projects/watc/.
TrustCol 2006
Workshop on Trusted Collaboration,
Held in conjunction with the 2nd IEEE International Conference
on Collaborative Computing: Networking, Applications and Worksharing (CollaborateCom 2006),
Atlanta, GA, USA, November 17 - 20, 2006.
[posted here 7/6/06]
The ongoing, rapid developments in information systems technologies
and networking have enabled significant opportunities for streamlining
decision making processes and maximizing productivity through distributed
collaborations that facilitate unprecedented levels of sharing of information
and computational resources. Emerging collaborative environments need to
provide efficient support for seamless integration of heterogeneous technologies
such as mobile devices and infrastructures, web services, grid computing systems,
various operating environments, and diverse COTS products. Such heterogeneity
introduces, however, significant security and privacy challenges for distributed
collaborative applications. Balancing the competing goals of collaboration
and security is difficult because interaction in collaborative systems is
targeted towards making people, information, and resources available to all who
need it whereas information security seeks to ensure the availability, confidentiality,
and integrity of these elements while providing it only to those with proper
trustworthiness. The key goal of this workshop is to foster active interactions
among diverse researchers and practitioners, and generate added momentum towards
research in finding viable solutions to the security and privacy challenges faced
by the current and future collaborative systems and infrastructures.
Topics of interest include, but are not limited to:
- Access control models and mechanisms for collaboration environments
- Security frameworks and architectures for trusted collaboration
- Privacy control in collaborative environments
- Secure middleware for large scale collaborative infrastructures
- Secure dynamic coalition environments
- Secure workflows for collaborative computing
- Secure interoperation in multidomain collaborative environments
- Security and privacy issues in mobile collaborative applications
- Trust models, trust negotiation/management for collaborative systems
- Policy-based management of collaborative workspace
- Secure distributed multimedia collaboration
- Protection models and mechanisms for peer-to-peer collaborative environments
- Delegation, accountability, and information flow control in collaborative applications
- Intrusion detection, recovery and survivability of collaborative systems/infrastructures
- Security of web services and grid technologies for supporting multidomain collaborative applications
- Semantic web technologies for security collaborative infrastructures
For more information, please see
http://www.trustcol.org/.
SSI 2006
8th International Symposium on System and Information Security,
Sao Jose dos Campos, Sao Paulo, Brazil, November 8-10, 2006.
[posted here 8/20/06]
The International Symposium on System and Information Security (SSI) is
organized by Instituto Tecnologico de Aeronautica (ITA) and is the foremost
event of its kind in Latin America. Submission of original papers on all aspects
of computer and network security is invited. Topics of interest
include but are not limited to the following:
- Artificial Intelligence methods in system security
- Authentication, access control and auditing
- Computer forensics
- Cryptography
- Database security
- Dependability
- Digital certificates and Public Key Infrastructure - PKI
- Digital Rights Management
- E-commerce security
- Firewalls and other security tools
- Formal methods in system security
- Internet/Web security
- Intrusion detection and prevention
- Management of enterprise security
- Mobile code and agent security
- Network security
- New security paradigms
- Operating systems security
- Risk/vulnerability analysis, assessment and management
- Security in electronic voting systems
- Security of distributed systems
- Security of emerging technologies
- Security policies
- Secure programming
- Security in P2P and Grid computing
- Threats and information warfare
- Trust management
- User privacy and anonymity
- Viruses and other malicious code
- Wireless and ubiquitous computing security
For more information, please see
http://www.ssi.org.br/english/.
SWS 2006
1st Workshop on Secure Web Services,
Held in conjunction with the 13th ACM Conference on Computer and Communications Security (CCS 2006),
FairFax, VA, USA, November 3, 2006.
[posted here 5/26/06]
Basic security protocols for Web Services, such as XML Security, the
WS-* series of proposals, SAML, and XACML are the basic set of building
blocks enabling Web Services and the nodes of GRID architectures to
interoperate securely. While these building blocks are now firmly in place,
a number of challenges are still to be met for Web services and GRID nodes
to be fully secured and trusted, providing for secure communications
between cross-platform and cross-language Web services. Also, the current
trend toward representing Web services orchestration and choreography via
advanced business process metadata is fostering a further evolution of current
security models and languages, whose key issues include setting and managing
security policies, inter-organizational (trusted partner) security issues and
the implementation of high level business policies in a Web services
environment. The SWS workshop explores these challenges, ranging from
the advancement and best practices of building block technologies such as
XML and Web services security protocols to higher level issues such as
advanced metadata, general security policies, trust establishment, risk
management, and service assurance.
Topics of interest include, but are not limited to, the following:
- Web services and GRID computing security
- Authentication and authorization
- Frameworks for managing, establishing and assessing inter-organizational trust relationships
- Web services exploitation of Trusted Computing
- Semantics-aware Web service security and Semantic Web Secure orchestration of Web services
- Privacy and digital identities support
For more information, please see
http://liuppamdm.univ-pau.fr/sws06/.
DIM 2006
2nd Workshop on Digital Identity Management,
Held in conjunction with the 13th ACM Conference on Computer and Communications Security (CCS 2006),
FairFax, VA, USA, November 3, 2006.
[posted here 5/26/06]
The Second Workshop on Digital Identity Management will explore the relevance
of User Centric Identity Management as an organizing principle for digital
identity. It is designed to bring together practitioners, corporate researchers
and academics to explore the newly emerging “User Centric” technologies for
identity management. The goal of the workshop is to lay the foundation and
agenda for further research and development in this area. Under the broad
umbrella of user-centric identity, we are soliciting papers from researchers
and practitioners on topics including, (but not limited to):
- Basic principles – what makes an identity system user-centric?
- Client-hosted identity
- Consistent UI for identity transactions
- Identity lifecycle management
- Identity Metasystem
- Identity theft prevention
- Privacy-enhancing identity management
- Private Credentials
- Social networks
- Strong authentication
- Unlinkability of Transactions
- URI-based identity systems
For more information, please see
http://www2.pflab.ecl.ntt.co.jp/dim2006/.
VizSEC 2006
3rd Workshop on Visualization for Computer Security,
Held in conjunction with the 13th ACM Conference on Computer and Communications Security (CCS 2006),
FairFax, VA, USA, November 3, 2006.
[posted here 3/29/06]
In many applications, visualization has proven to be very effective to
understanding such high-dimensional data. Thus, there is a growing
interest in the development of visualization methods as alternative or
complementary solutions for pressing cybersecurity problems. Visualization
represents high-dimensional security data in 2D/3D graphics and animations
intended to facilitate quick inferences for situational awareness and/or
focusing of attention on potential security events. In order to promote
the highest intellectual exchange possible, we seek submissions in four
different paper categories, specifically: (1) Tool Update (1-2 pages),
(2) Short Paper (3-5 pages), (3) Long Paper (6-10 pages), and (4) Position
Paper (2-5 pages). All accepted papers will be published in hardcopy ACM
proceedings available the day of the workshop and as well as within the
ACM Digital Library. A list of potential topics includes, but is not
limited to, the following:
- visualization support for Internet security situational awareness
- visualization support for end user security
- visualization for ISP management support (highlighting security)
- visual authentication schemes (graphical passwords, biometrics)
- visualization to enable secure E-commerce
- visualization for secure transactions via web browsers
- visualization support for secure programming
- visualization support for security device management
- visualizing intrusion detection system alarms (NIDS/HIDS)
- visualizing worm/virus propagation
- visualizing routing anomalies
- feature selection
- forensic visualization
- visualizing network traffic for security
- dynamic attack tree creation (graphic)
- usability studies of security visualization tools
- visualizing large volume computer network logs
For more information, please see
http://www.projects.ncassr.org/sift/vizsec/vizsec06/.
STC 2006
1st Workshop on Scalable Trusted Computing,
Held in conjunction with the 13th ACM Conference on Computer and Communications Security (CCS 2006),
FairFax, VA, USA, November 3, 2006.
[posted here 5/26/06]
In a society increasingly dependent on networked information systems,
trusted computing plays a crucial role. Despite significant progress
in trusted computing components, the issue of scalability in trusted
computing and its impact on security are not well-understood. Consequently,
there is a dearth of practical solutions for trusted computing in large-scale
systems. Approaches suitable for small- or medium-scale trusted computing
systems might not be applicable to larger-scale scenarios.
This new workshop is focused on trusted computing in large-scale
systems -- those involving (at the very least) many millions of users
and thousands of third parties with varying degrees of trust.
The workshop is intended to serve as a forum for researchers as well as
practitioners to disseminate and discuss recent advances and emerging issues.
Topics of interest to the workshop include the following:
- models for trusted computing
- principles of trusted computing
- modeling of computing environments, threats, attacks and countermeasures
- limitations, alternatives and tradeoffs regarding trusted computing
- trust in authentications, users and computing services
- hardware based trusted computing
- software based trusted computing
- pros and cons of hardware based approach
- remote attestation of trusted devices
- censorship-freeness in trusted computing
- cryptographic support in trusted computing
- case study in trusted computing
- applications of trusted computing
- intrusion resilience in trusted computing
- access control for trusted computing
- trust of computing systems
- principles for handling scales
For more information, please see
http://www.cs.utsa.edu/~shxu/stc06/.
FMSE 2006
4th Workshop on Formal Methods in Security Engineering: From Specifications to Code,
Held in conjunction with the 13th ACM Conference on Computer and Communications Security (CCS-13),
Fairfax, VA, USA, November 3, 2006.
[posted here 5/26/06]
Information security has become a crucial concern for the commercial
deployment of almost all applications and middleware. Although this is
commonly recognized, the incorporation of security requirements in the
software development process is not yet well understood. The deployment of
security mechanisms is often ad hoc, without a formal security specification
or analysis, and practically always without a formal security validation of
the final product. Progress is being made, but there remains a wide gap
between high-level security models and actual code development.
We seek original research papers addressing foundational issues in formal
methods in security engineering. Topics covered include, but are not
limited to:
- security specification techniques
- formal trust models
- combination of formal techniques with semi-formal techniques such as UML
- formal analyses of specific security properties relevant to software development
- security-preserving composition and refinement of processes
- symbolic and computational models of security protocols
- integration of security aspects into formal development methods and tools
- access control policies
- information flow
- risk management and network security
- formal analysis of firewalls and intrusion detection systems
- trusted computing
- case studies
For more information, please see
http://www.cs.chalmers.se/~dave/FMSE06/.
WORM 2006
4th Workshop on Recurring Malcode,
Held in conjunction with the 13th ACM Conference on Computer and Communications Security (CCS-13),
Fairfax, VA, USA, November 3, 2006.
[posted here 5/15/06]
Internet-wide infectious epidemics have emerged as one of
the leading threats to information security and service availability.
Self-propagating threats, generally termed 'worms', exploit software
weaknesses, hardware limitations, Internet topology, and the open
Internet communication model to compromise large numbers of networked
systems. Internet worms are increasingly being used as delivery
mechanisms for malicious payloads such as spyware, phishing servers,
spam relays, and information espionage. Unfortunately, current
operational practices still face significant challenges in
containing these threats as evidenced by the rise in automated
botnet networks and the continued presence of worms released
years ago. This workshop provides a forum for exchanging
ideas, increasing understanding, and relating experiences
on self-propagating malicious software from a wide range of
communities, including academia, industry, and the government.
We are soliciting papers from researchers and practitioners on
subjects including, but not limited to:
- Automatic worm detection and characterization
- Reactive countermeasures
- Proactive defenses
- Detecting and disrupting botnets and malware command and control
- Threat assessment
- New threats and related challenges
- Measurement studies
- Testbeds & evaluation
- Reverse engineering
- Significant operational experiences
- Analysis of worm/botnet construction, current & future
- Modeling and analysis of propagation dynamics
- Forensic methods of attribution
For more information, please see
http://www.eecs.umich.edu/~farnam/worm2006.html.
CCS 2006
13th ACM Conference on Computer and Communications Security,
Alexandria, VA, USA, October 30 – November 3, 2006.
[posted here 3/15/06]
The conference seeks submissions from academia and industry
presenting novel research on all theoretical and practical
aspects of computer security, as well as case studies and
implementation experiences. Papers should have practical relevance
to the construction, evaluation, application, or operation of
secure systems. Theoretical papers must make convincing argument
for the practical significance of the results. Theory must be
justified by compelling examples illustrating its application.
The primary criterion for appropriateness for CCS is demonstrated
practical relevance. CCS may therefore reject perfectly good
papers that are appropriate for theory-oriented conferences.
Topics of interest include:
- anonymity
- access control
- secure networking
- accounting and audit
- trust models
- key management
- intrusion detection
- authentication
- smartcards
- security location services
- data and application security
- privacy-enhancing technology
- inference/controlled disclosure
- intellectual property protection
- digital rights management
- trust management policies
- phishing and countermeasures
- commercial and industry security
- security management
- database security
- applied cryptography
- peer-to-peer security
- security for mobile code
- cryptographic protocols
- data/system integrity
- information warfare
- identity management
- security in IT outsourcing
For more information, please see
http://www.acm.org/sigs/sigsac/ccs/CCS2006/.
StorageSS 2006
2nd Workshop on Storage Security and Survivability,
Held in conjunction with the 13th ACM Conference on Computer and Communications Security (CCS 2006),
Alexandria, VA, USA, October 30, 2006.
[posted here 5/26/06]
There has been an evolution of protection solutions mirrored in both
the security and survivability research communities: (1) from physical
protection solutions targeting people, (2) to system protection solutions
targeting networked-systems, (3) and now the new emerging paradigm of
information-centric solutions targeting the data itself. This workshop will
focus on stimulating new ideas in order to reshape storage protection strategies.
Clearly, storage security and survivability is a complex, multi-dimensional
problem that changes over time, so a large variety of approaches may be
appropriate including prevention, monitoring, measurements, mitigation,
and recovery. The StorageSS workshop aims to foster a greater exchange
between computer protection researchers/professionals and computer
storage researchers and professionals. A list of potential topics includes
but is not limited to the following:
- storage protection tradeoffs
- storage protection deployment (including case studies)
- smart storage for security/survivability
- analysis of covert storage channels
- storage leak analysis
- mobile storage protection
- novel backup protection techniques
- storage versioning protection techniques
- storage encryption techniques (both key mgmt and crypto algorithms)
- tamper-evident storage protection techniques
- immutable storage protection techniques; provenance
- storage threat models
- storage intrusion detection systems
- storage area network (SAN) security/survivability
- security/survivability for storage over a distance
- security/survivability with Internet storage service providers
- security for long-term / archival storage
- storage security/survivability in an HPC environment
- interaction of storage security/survivability and databases
- privacy issues in remote/hosted storage
For more information, please see
http://www.storagess.org/.
SASN 2006
4th ACM Workshop on Security of Ad Hoc and Sensor Networks,
Held in conjunction with the 13th ACM Conference on Computer and Communications Security (CCS 2006),
Alexandria, VA, USA, October 30, 2006.
[posted here 4/17/06]
Ad hoc and sensor networks are expected to become an integral
part of the future computing landscape.
However, these networks introduce new security challenges due
to their dynamic topology, severe resource constraints,
and absence of a trusted infrastructure. SASN 2006 seeks
submissions from academia and industry presenting novel research
on all aspects of security for ad hoc and sensor networks,
as well as experimental studies of fielded systems.
Topics of interest include, but are not limited to, the following
as they relate to mobile ad hoc networks or sensor networks:
- Security under resource constraints (e.g., energy, bandwidth,
memory, and computation constraints)
- Performance and security tradeoffs
- Secure roaming across administrative domains
- Key management
- Cryptographic Protocols
- Authentication and access control
- Trust establishment, negotiation, and management
- Intrusion detection and tolerance
- Secure location services
- Secure clock distribution
- Privacy and anonymity
- Secure routing
- Secure MAC protocols
- Denial of service
- Prevention of traffic analysis
For more information, please see
http://www.cse.psu.edu/~szhu/SASN2006/.
DRM 2006
6th Workshop on Digital Rights Management,
Held in conjunction with the 13th ACM Conference on Computer and Communications Security (CCS 2006),
Alexandria, VA, USA, October 30, 2006.
[posted here 5/26/06]
Digital Rights Management (DRM) is an area of pressing interest, as
the Internet has become the center of distribution for digital goods of
all sorts. The business potential of digital content distribution is huge,
as are its economic, legal and social implications. DRM, as a technical
interdisciplinary field, is at the heart of controlling the digital content
and assuring authorized, user friendly, safe, well-managed, automated, and
fraud-free distribution. The field of DRM combines cryptographic technology,
software and systems research, information and signal processing methods,
legal, social and policy aspects, as well as business analysis and economics.
Original papers on all aspects of Digital Rights Management are solicited
for submission to DRM 2006, the Sixth ACM Workshop on Digital Rights Management.
Topics of interest include but are not limited to:
- anonymous publishing
- architectures for DRM systems auditing
- business models for online content distribution
- computing environments and platforms for DRM systems
- copyright-law issues, including but not limited to fair use
- digital policy management
- implementations and case studies
- privacy and anonymity
- risk management
- robust identification of digital content
- security issues, including but not limited to authorization, encryption,
tamper resistance, and watermarking
- software related issues
- supporting cryptographic technology including but not limited to traitor tracing, broadcast encryption, obfuscation
- threat and vulnerability assessment
- concrete software patent cases
- usability aspects of DRM systems
- web services related to DRM systems
For more information, please see
http://www.titr.uow.edu.au/DRM2006/.
WPES 2006
5th Workshop on Privacy in the Electronic Society,
Held in conjunction with the 13th ACM Conference on Computer and Communications Security (CCS 2006),
Alexandria, VA, USA, October 30, 2006.
[posted here 5/26/06]
The need for privacy-aware policies, regulations, and techniques has been
widely recognized. This workshop discusses the problems of privacy in the global
interconnected societies and possible solutions.
The workshop seeks submissions from academia and industry presenting novel
research on all theoretical and practical aspects of electronic privacy,
as well as experimental studies of fielded systems. We encourage submissions
from other communities such as law and business that present these communities'
perspectives on technological issues. Topics of interest include, but are
not limited to:
- anonymity, pseudonymity, and unlinkability
- data correlation and leakage attacks
- electronic communication privacy
- information dissemination control
- privacy in health care and public administration
- privacy and confidentiality management
- personally identifiable information
- privacy-aware access control
- privacy in the digital business
- privacy enhancing technologies
- privacy policies
- privacy and anonymity on the Web
- privacy in the electronic records
- public records and personal privacy
- privacy and human rights
- privacy threats
- privacy and virtual identity
- privacy policy enforcement
- privacy and data mining
- privacy vs. security
- user profiling
- wireless privacy
- economics of privacy
For more information, please see
http://freehaven.net/wpes2006/.
QOP 2006
2nd Workshop on Quality of Protection,
Held in conjunction with the 13th ACM Conference on Computer and Communications Security (CCS 2006),
Alexandria, VA, USA, October 30, 2006.
[posted here 5/26/06]
The QoP Workshop intends to discuss how security research can progress
towards a notion of Quality of Protection in Security comparable to the
notion of Quality of Service in Networking, Software Reliability, or
Software Measurements and Metrics in Empirical Software Engineering.
Original submissions are solicited from industry and academic experts to
presents their work, plans and views related to Quality of Protection.
The topics of interest include but are not limited to:
- Case studies
- Security Risk Analysis
- Security Quality Assurance
- Measurement-based decision making and risk management
- Empirical assessment of security architectures and solutions
- Mining data from attacks and vulnerabilities repositories
- Security metrics
- Measurement theory and formal theories of security metrics
- Security measurement and monitoring
- Experimental verification and validation of models
- Simulation and statistical analysis, stochastic modelling
- Reliability analysis
For more information, please see
http://dit.unitn.it/~qop/.
WESII 2006
The Workshop on the Economics of Securing the Information Infrastructure,
Arlington, VA, USA, October 23-24, 2006.
[posted here 2/3/06]
Our information infrastructure suffers from decades-old vulnerabilities,
from the low-level algorithms that select communications routes to the
application-level services on which we are becoming increasingly
dependent. Are we investing enough to protect our infrastructure? How
can we best overcome the inevitable bootstrapping problems that impede
efforts to add security to this infrastructure? Who stands to benefit
and who stands to lose as security features are integrated into these
basic services? How can technology investment decisions best be
presented to policymakers?
We invite infrastructure providers, developers, social scientists,
computer scientists, legal scholars, security engineers, and especially
policymakers to help address these and other related questions.
Suggested topics (not intended to be comprehensive):
- The economics of deploying security into: The Domain Name System (DNS),
BGP & routing infrastrucure, Email & spam prevention, Programming languages,
Legacy code bases, User interfaces, and Operating systems
- Measuring the cost of adding security
- Models of deployment penetration
- Empirical studies of deployment
- Measuring/estimating damages
- Code origin authentication
- Establishing roots of trust
- Identity management infrastructure
- Data archival and warehousing infrastructure
- Securing open source code libraries
- Adding security to/over existing APIs
- Liability and legal issues
- Internet politics
- Antitrust Issues
- Privacy Issues
For more information, please see
http://wesii.econinfosec.org/.
IWSEC 2006
1st International Workshop on Security,
Kyoto, Japan, October 23-24, 2006.
[posted here 3/6/06]
Information society based on a cyber space is facing now to
the diverse threats due to the complexity of its structure in
terms of networking, middleware, agents, P2P applications and
ubiquitous computing with such diverse as commercial, personal,
communal and public usage. What is needed with security research
is to look at the issues from the interdisciplinary viewpoints.
Papers may present theory, applications or practical experiences
on topics including, but not limited to:
- Fundamental Tools for Information Security
- Network and Distributed Systems Security
- Privacy Enhancing Technology
- Secure Living and Working Environments
- Security in Commerce and Government
- Security Management
- Software and System Security
- Protection of Critical Infrastructures
- Testing, Verification and Certification
- Law, Policy, Ethics and Related Technologies
For more information, please see
http://www.iwsec.org/.
CMS 2006
10th Joint IFIP TC6 and TC11 Open Conference on Communications and Multimedia Security,
Heraklion, Greece, October 19-21, 2006.
[posted here 3/27/06]
CMS’2006 is the 10th Conference in the “Communications and Multimedia
Security” series. The series is a joint effort of IFIP Technical
Committees TC6 (Communication Systems) and TC11 (Security and Protection
in Information Processing Systems). The conference provides a forum for
engineers and scientists in information security. State-of-the-art issues
as well as practical experiences and new trends in the areas will be the
topics of interest again, as proven by preceding conferences. This year
the conference will address in particular network and information security
issues. We solicit papers describing original ideas and research results on
topics that include, but are not limited to:
- Applied cryptography
- Biometrics
- Computer emergency / security incident response
- Multimedia systems security
- Critical Information Infrastructure Protection
- Privacy protection
- Digital watermarking
- Identification and authentication
- Identity management
- Information security management
- Intrusion detection
- Mobile communication security
- Network and Information Security
- Risk Management
- Web Services Security
- Wireless Network Security
For more information, please see
http://www.ics.forth.gr/cms06.
NordSec 2006
11th Nordic Workshop on Secure IT-systems,
Linköping, Sweden, October 19-20, 2006.
[posted here 2/13/06]
The NordSec workshops started in 1996 with the aim of bringing
together researchers and practitioners within computer security
in the Nordic countries. The theme of the workshop has been
applied security, i.e. all kinds of security issues that could
encourage interchange and cooperation between the research
community and the industrial/consumer community.
Possible topics include, but are not limited to the following:
- Anonymity and Privacy
- Applied Cryptography
- Computer Crime
- Information Warfare
- E-and M-Business Security
- Inter/Intra/Extranet Security
- Intrusion Detection
- Language-Based Security
- New Firewall Technologies
- New Ideas and Paradigms for Security
- Operating System Security
- Phishing and Anti-Phishing
- PKI and Key Escrow
- Privacy-Preserving Data-Mining
- Security Education and Training
- Security Evaluations and Measurements
- Security Management and Audit
- Security of Commercial Products
- Security Models
- Security Protocols
- Smart Card Applications
- Software Security
- Web Services Security
- Wireless Communication Security
- Trust and trust management
For more information, please see
http://www.ida.liu.se/conferences/nordsec06/.
IMF 2006
International Conference on IT-Incident Management & IT-Forensics,
Stuttgart, Germany, October 18 - 19, 2006.
[posted here 3/20/06]
In order to advance the fields of IT-Incident Management and Forensics,
IMF aims at bringing together experts from throughout the world, to
discuss state of the art in the areas of Incident Management and
IT-Forensics (IMF). IMF promotes collaboration and exchange of ideas
between industry, academia, law-enforcement and other government
bodies. The scope of IMF 2006 is broad and includes, but is not
restricted to the following areas:
IT-Incident Management:
- Purposes of IT-Incident Management
- Trends, Processes and Methods in Incident Management
- Formats and Standardisation in Incident Management
- Tools for Incident Management
- Education and Training in the field of Incident Management Awareness
- Determination, Detection and Evaluation of Incidents
- Procedures for Handling Incidents
- Problems and Challenges while establishing CERTs/ CSIRTs
- Sources of Information/ Information Exchange/ Communities
- Dealing with Vulnerabilities (vulnerability response)
- Current Threats
- Early Warning Systems
- Organisations (Nat. CERT-Associations, FIRST, TERENA/ TI, TF-CSIRT)
IT-Forensics:
- Trends and Challenges within IT-Forensics
- Methods, Processes and Applications for IT-Forensics
(Networks, Operating Systems, Storage Media, ICT-Systems etc.)
- Evidence Protection in IT-Environments
- Standardisation of Evidence Protection Processes
- Data Protection- and other legal implications for IT-Forensics
- Investigation Methods and Processes
- Juristic Relevance of IT-Forensic Investigations
- Tools for IT-Forensics
- Forensic readiness
For more information, please see
http://www.imf-conference.org/.
WSNS 2006
2nd International Workshop on Wireless and Sensor Networks Security,
Held in conjunction with the 3rd IEEE International Conference on Mobile Ad-hoc and Sensor Systems (MASS 2006),
Vancouver, Canada, October 9-12, 2006.
[posted here 5/1/06]
Wireless networks have experienced an explosive growth during the
last few years. Nowadays, there is a large variety of networks spanning from
the well-known cellular networks to non-infrastructure wireless networks
such as mobile ad hoc networks and sensor networks. Security issue is a
central concern for achieving secured communication in these networks.
This one day workshop aims to bring together researchers and practitioners
from wireless and sensor networking, security, cryptography, and
distributed computing communities, with the goals of promoting
discussions and collaborations. We are interested in novel research
on all aspects of security in wireless and sensor networks and tradeoff
between security and performance such as QoS, dependability, scalability,
etc. Topics of interest include, but are not limited to:
- Authentication and Access Control
- Cryptographic Protocol
- Experimental Studies
- Key Management
- Information Hiding
- Intrusion Detection and Response
- Privacy and Anonymity
- Secure Localization and Synchronization
- Security and Performance tradeoff
- Security Policy and Enforcement Issues
- Security Protocols Design, Analysis and Verification
- Secure Routing/MAC
- Surveillance and Monitoring
- Trust Management
For more information, please see
http://www.cs.wcupa.edu/~zjiang/wsns06.htm.
ICS 2006
Workshop on Information and Computer Security,
Held in conjunction with the 8th International Symposium on
Symbolic and Numeric Algorithms for Scientific Computing (SYNASC 2006),
Timisoara, Romania, September 29-30, 2006.
[posted here 5/15/06]
The ICS 2006 Workshop is intended as an international forum for
researchers in all areas of information and computer security. Submissions
of papers presenting original research are invited for the following
workshop tracks:
Formal methods in security
- Decidability and complexity
- Language-based security
- Security models
- Security protocols
- Security verification
Security policies and services
- Authentication
- Anonymity and privacy
- Electronic voting
- Information flow
- Intrusion detection
- Resource usage control
- Security for mobile computing
- Trust management
Cryptology
- Protocols that provide services in application fields
such as e-government, and that are simple enough (or so
precisely defined) as to serve as reasonable targets for
formal analysis tools;
- Cryptographic primitive implementations that can be formally analyzed;
- Work on combinatorial optimization problems that arise in cryptographic
applications and that can be approximately solved using
techniques from formal modeling.
For more information, please see
http://ics.ieat.ro/.
WiSe 2006
ACM Workshop on Wireless Security,
Held in conjunction with ACM MobiCom 2006,
Los Angeles, California, USA, September 29, 2006.
[posted here 5/1/06]
The objective of this workshop is to bring together
researchers from research communities in wireless networking, security,
applied cryptography, and dependability; with the goal of fostering
interaction. With the proliferation of wireless networks, issues related
to secure and dependable operation of such networks are gaining
importance. Topics of interest include, but are not limited to:
- Key management in wireless/mobile environments
- Trust establishment
- Computationally efficient primitives
- Intrusion detection, detection of malicious behavior
- Revocation of malicious parties
- Secure PHY/MAC protocols
- Denial of service
- User privacy, location privacy
- Anonymity, prevention of traffic analysis
- Dependable wireless networking
- Identity theft and phishing in mobile networks
- Charging in wireless networks
- Cooperation in wireless networks
- Vulnerability modeling
- Incentive-aware secure protocol design
- Security in vehicular networks
- Jamming
- Cross-layer design for security
- Monitoring and surveillance
For more information, please see
http://www.ee.washington.edu/research/nsl/wise2006.
SKM 2006
2nd Secure Knowledge Management Workshop,
Brooklyn, NY, USA, September 28-29, 2006.
[posted here 6/15/06]
Knowledge management is the methodology for systematically
gathering, organizing, and disseminating knowledge. It
essentially consists of processes and tools to effectively capture
and share knowledge as well as use the knowledge of individuals
within an organization. Knowledge Management Systems (KMS) promote
sharing information among employees and require security mechanisms
to prevent unauthorized access and misuse. Security is a major issue
revolving around KMS. Topics of interest include, and are not limited to:
- Developing access controls and policies for knowledge management
- Statistical data mining techniques under security and privacy constraints
- Methods for measuring security effectiveness
- Design techniques for secure knowledge systems
- Integration for data management, information management and knowledge management
- Inference control policies for sensitive knowledge manipulation
- Secure knowledge query manipulation languages
- Security and privacy assertion markup languages
- B2B circles of trust
- Return on investment in secure knowledge systems
- Digital policy management
- Secure content management
- Knowledge management for national security
- Security and privacy in knowledge management
- Network security in the context of knowledge management
- Economic issues in securing knowledge
- Trust management
- Human factors in knowledge management
- Security, privacy and economic issues in information sharing
- Intersection of knowledge and security policy management
For more information, please see
http://www.cs.stonybrook.edu/skm2006.
VietCrypt 2006
1st International Conference on Cryptology in Vietnam,
Hanoi, Vietnam, September 25-28, 2006.
[posted here 4/3/06]
Cryptology, the science of information protection blending pure
computing theory with practical aspects, has been a strongly
expanding research area over the last few years. VietCrypt 2006 will
provide an international forum on cryptology for the first time in
Vietnam. It is an opportunity for scientists, researchers, entrepreneurs,
government officers and implementers to exchange novel ideas,
new results and practical experiences. Original papers on all
technical aspects of cryptology are solicited for submission.
For more information, please see
http://www.vietcrypt.org/.
SETA 2006
4th International Conference on Sequences and Their Applications,
Beijing, China, September 24-28, 2006.
[posted here 2/20/06]
Original papers on all technical aspects of
sequences and their applications in communications, cryptography,
and combinatorics are solicited for submission to SETA'06.
Topics of this conference include, but are not limited to,
the following::
- Randomness of sequences
- Correlation (periodic and aperiodic types) and combinatoric aspects of sequences
- Sequences with applications in error-correcting codes
- Sequences over finite fields/rings/function fields, and arrays
- Nonlinear feedback shift register sequences
- Sequences for radar distance range, synchronization, identification,
and hardware testing
- Sequences for wireless CDMA systems, low probability interception,
and spread spectrum communication
- Pseudorandom sequence generators for stream ciphers
- Correlation and transformations of boolean functions
- Pseudorandom number/function generators and their randomness extraction
For more information, please see
http://www.aegean.gr/ISC06.
ESAS 2006
3rd European Workshop on Security and Privacy in Ad hoc and Sensor Networks,
Held in conjunction with the European Symposium on Research in Computer
Security (ESORICS 2006),
Hamburg, Germany, September 20-21, 2006.
[posted here 3/13/06]
The vision of ubiquitous computing has generated a lot of
interest in wireless ad hoc and sensor networks. However,
besides their potential advantages, these new generations
of networks also raise some challenging problems with
respect to security and privacy. The aim of this workshop
is to bring together the network security, cryptography,
and wireless networking communities in order to discuss
these problems and to propose new solutions. The third
ESAS workshop seeks submissions that present original
research on all aspects of security and privacy in wireless
ad hoc and sensor networks. Submission of papers based on
work-in-progress is encouraged. Topics of interest include,
but are not limited to the following:
- Privacy and anonymity
- Prevention of traffic analysis
- Location privacy
- Secure positioning and localization
- Secure MAC protocols
- Secure topology control
- Secure routing
- Secure context aware computing
- Secure in-network processing
- Attack resistant data aggregation
- Cooperation and fairness
- Key management
- Trust establishment
- Embedded security
- Cryptography under resource constraints
- Distributed intrusion detection
For more information, please see
http://www.crysys.hu/ESAS2006/.
STM 2006
2nd International Workshop on Security and Trust Management,
Held in conjunction with ESORICS 2006,
Hamburg, Germany, September 20, 2006.
[posted here 4/12/06]
STM 2006, sponsored by the Security and Trust Management working
group of ERCIM (European Research Consortium in Informatics and
Mathematics, is the second workshop in this series.
The primary focus is on high-quality original
unpublished research, case studies, and implementation experiences.
We encourage submissions discussing the application and deployment
of security technologies in practice. Topics of interest include but
are not limited to:
- semantics and computational models for security and trust
- security and trust management architectures, mechanisms and policies
- networked systems security
- privacy and anonymity
- Identity management
- ICT for securing digital as well as physical assets
- cryptography
For more information, please see
http://www.hec.unil.ch/STM06.
NSPW 2006
New Security Paradigms Workshop,
Schloss Dagstuhl, Germany, September 18-21, 2006.
[posted here 1/24/06]
NSPW is a unique workshop that is devoted to the critical
examination of new paradigms in security. Each year, since 1995,
we examine proposals for new principles upon which information
security can be rebuilt from the ground up. We conduct
extensive, highly interactive discussions of
these proposals, from which we hope both the audience and the authors
emerge with a better understanding of the strengths and weaknesses
of what has been discussed.
NSPW aspires to be the philosophical and intellectual
breeding ground from which a revolution in the science of
information security will emerge.
We solicit and accept papers on any topic in information
security subject to the following caveats:
- Papers that present a significant shift in thinking about
difficult security issues are welcome.
- Papers that build on a recent shift are also welcome.
- Contrarian papers that dispute or call into question accepted
practice or policy in security are also welcome.
- We solicit papers that are not technology-centric, including
those that deal with public policy issues and those that deal with
the psychology and sociology of security theory and practice.
- We discourage papers that represent established or completed
works as well as those that substantially overlap other submitted
or published papers.
- We discourage papers which extend well-established security
models with incremental improvements.
- We encourage a high level of scholarship on the part of
contributors. Authors are expected to be aware of related prior
work in their topic area, even if it predates Google. In the
course of preparing an NSPW paper, it is far better to read an
original source than to cite a text book interpretation of it.
For more information, please see
http://www.nspw.org.
ACEIS 2006
1st Annual Conference on Education in Information Security,
Ames, IA, USA, September 18-19, 2006.
[posted here 3/27/06]
May 2006 will mark the seventh year of the National Centers of
Academic Excellence in Information Assurance Education program.
With 67 centers now in operation in the United States as well as
many efforts internationally, it is time for educators, students,
and employers to join in a scholarly, peer-reviewed effort to
discuss unmet needs, exchange ideas, pedagogical methods, research,
and future plans for education in information security.
The goals of ACEIS '06 are: (1) Disseminate new information assurance
educational research and scholarship and (2) Build a community interested
in information security education across all levels of pedagogy
(K-12 through postgraduate). Example Areas of Interest:
- Educational Methods in Infosec and Assurance
- Instructional theory and methods applied to Infosec and Assurance education
- Student Assessment
- Hardware and Software Tools
- Curricula in Infosec and Assurance
- Papers addressing the body of knowledge in Infosec and Assurance
- Curriculum models for Infosec and Assurance in different disciplines
- Innovative programs or classes
- Industry/government needs in education
- Evaluation and research in Infosec and Assurance Education
- Models for evaluating curricula, courses, instructional methods and students
- Research studies in teaching/learning in Infosec and Assurance
- Panels discussing controversial or timely issues in the area
For more information, please see
http://www.aceis.org/.
ESORICS 2006
11th European Symposium On Research In Computer Security,
Hamburg, Germany, September 18-20, 2006.
[posted here 2/3/06]
Papers offering novel research contributions in any aspect of
computer security are solicited for submission to the Eleventh
European Symposium on Research in Computer Security (ESORICS 2006).
Topics include, but are not limited to:
- access control
- accountability
- applied cryptography
- authentication
- covert channels
- cryptographic protocols
- cybercrime
- data and application security
- denial of service attacks
- digital rights management
- distributed trust management
- formal methods in security
- identity management
- inference control
- information assurance
- information dissemination controls
- information flow controls
- information warfare
- intellectual property protection
- intrusion tolerance
- language-based security
- network security
- peer-to-peer security
- privacy-enhancing technology
- secure electronic commerce
- security as quality of service
- security evaluation
- security management
- security models
- security requirements engineering
- smartcards
- subliminal channels
- system security
- trust models
- trustworthy user devices
For more information, please see
http://www.esorics06.tu-harburg.de/.
LSAD 2006
ACM SIGCOMM workshop on Large Scale Attack Defense,
Held in conjunction with ACM SIGCOMM 2006,
Pisa, Italy, September 11, 2006.
[posted here 3/13/06]
In recent years, we have seen an increasing number of large-scale
attacks, such as severe worms and DDoS attacks, threatening our
systems and networks. Especially, fast spreading attacks present
a serious challenge to today's attack defense systems. Speed,
frequency, and damage potential of these attacks call for automated
response systems. Research in automated defense systems for Internet-wide
attacks is focused on large-scale monitoring infrastructures, such as network
telescopes and honeynets; intrusion detection approaches, such as memory
tainting, network anomaly detection, automated defense strategies, such as
signature generation distribution; and identification and analysis of
future threats, such as obfuscation methods and novel spreading
techniques. The goal of this one day workshop is to explore new directions
in monitoring, analysis, and automated defense systems for existing and
future large-scale attacks. We invite experts from academia and industry,
to discuss and exchange ideas in a broad range of topics.
We are soliciting original papers on topics (including, but not limited
to) listed below.
- Automated attack detection and classification
- Monitoring and measurement studies
- Anomaly detection
- Reactive and proactive defense systems
- Modelling and analysis of propagation dynamics
- Future challenges for attack defense systems
- Vulnerability assessment methods
- Countermeasure evaluation methods
- Honeypot infrastructures
- Honeypot detection and counter-detection
- Forensics
- Malcode analysis
For more information, please see
http://www.acm.org/sigs/sigcomm/sigcomm2006/php/?lsad.
TrustBus 2006
3rd International Conference on Trust, Privacy and Security of Digital Business,
Held in conjunction with the 17th International Conference on Database
and Expert Systems Applications (DEXA 2006),
Krakow, Poland, September 4-8, 2006.
[posted here 11/24/05]
TrustBus’06 will bring together researchers from different disciplines,
developers, and users all interested in the critical success factors
of digital business systems.
We are interested in papers, work-in-progress reports, and industrial
experiences describing advances in all areas of digital business
applications related to trust and privacy, including, but not limited to:
- Anonymity and pseudonymity in business transactions
- Business architectures and underlying infrastructures
- Common practice, legal and regulatory issues
- Cryptographic protocols
- Delivery technologies and scheduling protocols
- Design of businesses models with security requirements
- Economics of Information Systems Security
- Electronic cash, wallets and pay-per-view systems
- Enterprise management and consumer protection
- Identity and Trust Management
- Intellectual property and digital rights management
- Intrusion detection and information filtering
- Languages for description of services and contracts
- Management of privacy & confidentiality
- Models for access control and authentication
- Multimedia web services
- New cryptographic building-blocks for e-business applications
- Online transaction processing
- PKI & PMI
- Public administration, governmental services
- P2P transactions and scenarios
- Real-time Internet E-Services
- Reliability and security of content and data
- Reliable auction, e-procurement and negotiation technology
- Reputation in services provision
- Secure process integration and management
- Security and Privacy models for Pervasive Information Systems
- Security Policies
- Shopping, trading, and contract management tools
- Smartcard technology
- Transactional Models
- Trust and privacy issues in mobile commerce environments
- Usability of security technologies and services
For more information, please see
http://www.icsd.aegean.gr/trustbus06/.
WENS 2006
Workshop on Enterprise Network Security,
held in conjunction with IEEE Communications Society/CreateNet SecureComm 2006,
Baltimore, MD, USA, September 1, 2006.
[posted here 5/15/06]
The introduction of networking to the enterprise has introduced an
explosion of new productivity. However, the connectivity offered by
networking has also introduced significant security issues that can no
longer be easily addressed by control of physical access. Specifically,
management and monitoring of the security or health of internal
LAN/MAN-side services on an enterprise network can often consume
significant portions of the IT resource budget. The focus of this
workshop is to provide a forum for the exploration of issues unique to
the enterprise network. Topics for the workshop include
but are not limited to:
- Network risk assessment
- Rogue device detection (wireless APs)
- Trust inference
- Security visualization
- Security and grid computing
- Obfuscation and privacy mechanisms over the grid
- Intrusion dataset creation
- Case studies
- Security testbeds
For more information, please see
http://gipse.cse.nd.edu/WENS06.
ISC 2006
9th Information Security Conference, Pythagoras, Greece, August 30 - September 2, 2006.
[posted here 11/26/05]
ISC is an annual international conference covering research in
and applications of Information Security. ISC aims to attract
high quality papers in all technical aspects of information security.
Topics of interest include, but are not limited to, the following:
- Access Control
- Accounting and Audit
- Anonymity and Pseudonymity
- Applied Cryptography
- Authentication and Non-repudiation
- Biometrics
- Cryptographic Protocols
- Database and System Security
- Design and Analysis of Cryptographic Algorithms
- Digital Rights Management
- eCommerce, eBusiness and eGovernment Security
- Foundations of Computer Security
- Grid Security
- Identity and Trust Management
- Information Flow
- Information Hiding and Watermarking
- Infrastructure Security
- Intrusion Detection and Prevention
- Mobile, Ad Hoc and Sensor Network Security
- Network and Wireless Network Security
- Peer-to-Peer Network Security
- PKI and PMI
- Privacy
- Security and Privacy Economics
- Security and Privacy in IT Outsourcing
- Security and Privacy in Pervasive and Ubiquitous Computing
- Security Verification
- Security for Mobile Code
- Security Modeling and Architecture
- Trusted Computing
- Security Models for Ambient Intelligence environments
- Usable Security
For more information, please see
http://www.aegean.gr/ISC06.
SecureComm 2006
2nd IEEE Communications Society/CreateNet International Conference on
Security and Privacy for Emerging Areas in Communication Networks,
Baltimore, MD, USA, August 28 - September 1, 2006.
[posted here 1/16/06]
The scope of Securecomm 2006 has been broadened since the inaugural
2005 event. Topics of interest encompass research advances in ALL
areas of secure communications and networking.
Topics in other areas (e.g., formal methods, database security,
secure OS/software, theoretical cryptography, e-commerce) will
be considered only if a clear connection to privacy and/or
security in communication/networking is demonstrated.
Presentations reporting on cutting-edge research results are
supplemented by panels on controversial issues and invited talks on
timely and important topics.
Areas of interest include, but ARE NOT limited to, the following:
- Security & Privacy in Wired, Wireless, Mobile, Hybrid, Sensor,
Ad Hoc networks
- Network Intrusion Detection and Prevention, DoS Countermeasures
- Firewalls, Routers, Filters and Malware detectors
- Public Key Infrastructures and Other Security Architectures
- Secure Web Communication
- Communication Privacy and Anonymity
- Secure/Private E-commerce
- Secure Routing, Naming/Addressing, Network Management
- Security & Privacy in Pervasive and Ubiquitous Computing, e.g., RFIDs
For more information, please see
http://www.securecomm.org.
SECOVAL 2006
2nd IEEE SECURECOMM SECOVAL Workshop: The Value of Security through Collaboration,
Held in conjunction with IEEE/CREATE-NET SECURECOMM 2006,
Baltimore, MD, USA, August 28 - September 1, 2006.
[posted here 3/20/06]
Security is usually centrally managed, for example in a form
of policies duly executed by individual nodes. The SECOVAL workshop
covers the alternative trend of using collaboration and trust to
provide security. Instead of centrally managed security policies,
nodes may use specific knowledge (both local and acquired from other
nodes) to make security-related decisions.
For example, in reputation-based schemes, the reputation of a
given node (and hence its security access rights) can be determined
based on the recommendations of peer nodes.
As systems are being deployed on ever-greater scale without
direct connection to their distant home base, the need for
self-management is rapidly increasing. Interaction after interaction,
as the nodes collaborate, there is the emergence of a digital
ecosystem. By guiding the local decisions of the nodes,
for example, with whom the nodes collaborate, global properties
of the ecosystem where the nodes operate may be guaranteed. Thus,
the security property of the ecosystem may be driven by self-organising
mechanisms. Depending on which local collaboration is preferred,
a more trustworthy ecosystem may emerge.
Topics of interest to the workshop include, but are not limited to:
- Approaches to security through collaboration
- Specificities of security through collaboration
- Trust methodologies, models and metrics
- Interoperability and standardization of trust metrics
- Value and meaning of trust
- Trust-based security decision process
- Security based on reputation and recommendations
- Self-organisation mechanisms for a more secure digital ecosystem
- The role of emergence in dynamic trust models
- Collaborative autonomic computing
- Value and models of networks of collaborators and information sharing
- Threat and risk analysis of security through collaboration
- Attacks due to collaboration and mitigation of these attacks
- Technical trust of the underlying infrastructure used for deployment
- Costs and benefits of trust and collaboration based security compared to other models
- Privacy and legal aspects of security through collaboration
For more information, please see
http://www.trustcomp.org/secoval/.
SBSEG 2006
6th Brazilian Symposium on Information and Computer Systems Security,
Santos, Brazil, August 28 - September 01, 2006.
[posted here 2/27/06]
The 6th Brazilian Symposium on Information and Computer System
Security is an annual event promoted by the Brazilian Computer Society
(SBC). Its main goal is to provide a forum for presenting new research
ideas and other relevant activities in the area of information systems
security. Topics of interest for SBSeg 2006 include but are not
limited to the following:
- cryptographic algorithms and techniques
- legal aspects of data and systems security
- audit and system security assessment
- biometry
- software assurance
- electronic commerce
- computational forensics
- mobile devices, embedded systems and wireless networks
- cryptographic hardware, RFID devices, smart cards
- public-key infrastructure
- data integrity and data confidentiality
- contingency planning and disaster recovery
- autentication techniques
- access control models and techniques
- digital TV, and multimedia content
- standardization
- software piracy
- security policy
- security protocols
- security in grids, P2P and overlay networks
- security in middleware (Java RMI, J2EE, CorbaSec, .Net)
- security in web services (WS-Security, SOAP, XML, XACML)
- distributed systems security
- operating systems security
- secure systems development techniques
- firewall technology
- intrusion detection and other vulnerabilities
- electronic voting
- virus, worms and malicious codes
For more information, please see
http://www.unisantos.br/sbseg2006/english/.
CERTSOFT 2006
International Workshop on Software Certification,
Ontario, Canada, August 26-27, 2006.
[posted here 5/15/06]
Software is currently used to control medical devices,
automobiles, aircraft, manufacturing plants, nuclear
generating stations, space exploration systems, elevators,
electric motors, automated trains, banking transactions,
telecommunications devices and a growing number of devices
in industry and in our homes. Software is also mission critical
for many organizations, even if the software does not control
what happens. Clearly, many of these systems have the potential
to cause physical harm if they malfunction. Even if they do not
cause physical harm, their malfunctions are capable of causing
financial and political chaos. Currently there is no consistent
regulation of software, and society is starting to demand that
software used in critical systems must meet minimum safety,
security and reliability standards. Manufacturers of these
systems are in the unenviable position of not having any clear
guidelines as to what may be regarded as acceptable standards
in these situations. Even where the systems are not mission
critical, software producers and their customers are becoming
interested in methods for assuring quality that may result in
software supplied with guarantees. The purpose of the workshop
is to discuss issues related to software certification.
Possible topics include:
- What is software certification, and what is its relation to system
certification?
- Methods, processes, and tools for developing certified software
- Certifying safety-critical applications
- Certifying embedded systems
- Certifying non-critical but commercially significant applications
- Certification of software components
- Developing standards based on experimental analysis of methods
- Formalization of Regulatory Requirements for Software
- Repositories of assured/verified/validated software components
- Using the Common Criteria for IT Security Evaluation as a model
- Standardization of certification methods used in different industries
- Evolutionary and incremental certification
For more information, please see
http://fm06.mcmaster.ca/certsoft.
NIST-CHW 2006
2nd Cryptographic Hash Workshop,
Santa Barbara, California, USA, August 24-25, 2006.
[posted here 2/27/06]
In response to the SHA-1 vulnerability that was announced in Feb. 2005,
NIST held a Cryptographic Hash Workshop on Oct. 31-Nov. 1, 2005 to solicit
public input on its cryptographic hash function policy and standards. NIST
continues to recommend a transition from SHA-1 to the larger approved hash
functions (SHA-224, SHA-256, SHA-384, and SHA-512). In response to the
workshop, NIST has also decided that it would be prudent in the long-term
to develop an additional hash function through a public competition,
similar to the development process for the block cipher in the Advanced
Encryption Standard (AES). Before initiating the competition, NIST plans
to host several more public
workshops that will focus on hash function research. The next workshop
will be held on August 24-25, 2006, in conjunction with Crypto 2006, with
the following goals:
- Explore potential mathematical principles and structures that can
provide the foundation for cryptographic hash functions;
- Foster accelerated research on the analysis of hash functions,
especially the SHA-2 hash functions;
- Survey the uses of hash functions, and investigate the properties that
are assumed, used, or needed. Identify and articulate the required or
desirable properties for future hash functions.
Topics for submissions should include, but are not limited to, the following:
Mathematical Foundations
- Iterative structures, i.e., Damgård-Merkle or alternatives
- Compression function constructions, e.g. Davies-Meyer
- Hashing modes, e.g. randomized hashing or keyed hashing
- Formal properties
Analysis and Design
- Analysis and design of hash functions and their components
- New cryptanalytic techniques against hash functions
- Security report on existing hash functions, especially SHA-2
- Tools for designing and analyzing compression functions
- Provable properties of compression functions, e.g., reductions to
hard problems.
Practical Uses and Pitfalls
- Uses of hash functions in applications and protocols
- Properties of hash functions that are assumed, required, or
obtained in practice
- Vulnerabilities of hash functions caused by unexpected properties
or misuse
- Desirable properties for future hash functions
For more information, please see
http://www.nist.gov/hash-function.
DFRWS 2006
6th Annual Digital Forensic Research Workshop,
Lafayette, Indiana, USA, August 14-16, 2006.
[posted here 3/13/06]
The purpose of this workshop is to bring together researchers,
practitioners, and educators interested in digital forensics.
We welcome the participation of people in industry, government,
law enforcement, and academia who are interested in advancing the
state of the art in digital forensics by sharing their results,
knowledge, and experiences. The accepted papers will be published
in printed proceedings. We are looking for research papers, demo
proposals, and panel proposals. Major areas of interest include,
but are not limited to, the following topics:
- Incident response and live analysis
- OS and application analysis
- Multimedia analysis
- File system analysis
- Memory analysis
- Network analysis
- Data hiding and recovery
- Event reconstruction
- Large-scale investigations
- Data mining techniques
- Automated searching
- Tool testing and development
- Digital evidence storage formats
- Digital evidence and the law
- Traceback and attribution
- Physical media analysis
- Case studies and trend reports
- Non-traditional approaches to forensic analysis
For more information, please see
http://www.dfrws.org.
SecUbiq 2006
2nd International Workshop on Security in Ubiquitous Computing Systems,
Seoul, Korea, August 1-4, 2006.
[posted here 11/29/05]
Ubiquitous computing technology provides an environment where
users expect to access resources and services anytime and anywhere.
The serious security risks and problems arise because resources
can now be accessed by almost anyone with a mobile device in such
an open model. The security threats exploited the weakness of protocols
as well as operating systems, and also extended to attack ubiquitous
applications. The security issues, such as authentication, access
control, trust management, privacy and anonymity, etc., should be
fully addressed. This workshop provides a forum for academic
and industry professionals to discuss recent progress in the area
of ubiquitous computing system security, and includes studies
on analyses, models and systems, new directions, and novel
applications of established mechanisms approaching the risks and
concerns associated with the utilization and acceptance of
ubiquitous computing devices and systems.
Topics: Topics of interest include, but are not limited to:
- Access control
- Ad hoc and sensor network security
- Buffer overflows
- Commercial and industrial security
- Cryptographic algorithms and protocols
- Data privacy and trustiness
- Digital signatures
- Distributed denial of service attacks
- Information hiding and multimedia watermarking in distributed systems
- Internet and web security
- Intrusion detection and protection systems
- Key management and authentication
- Mobile codes security
- Network security issues and protocols
- Privacy and anonymity
- Privacy issues in the use of smart cards and RFID systems
- Security in e-commerce and e-business and other applications
- Security in P2P networks and Grid computing
- Security in distributed and parallel systems
- Software security
- Trust management
For more information, please see
http://www.sitacs.uow.au/secubiq06/.
DBSEC 2006
20th Annual IFIP WG 11.3 Working Conference on Data and Applications Security,
Sophia Antipolis, France, July 31-August 2, 2006.
[posted here 12/16/05]
The conference provides a forum for presenting original
unpublished research results, practical experiences, and
innovative ideas in data and applications security. Papers and
panel proposals are solicited. The conference is limited to about
forty participants so that ample time for discussion and
interaction may occur. Proceedings will be published by Springer
as the next volume in the Research Advances in Database and
Information Systems Security series.
Papers may present theory, techniques, applications, or practical
experience on topics of interest of IFIP WG11.3:
- Access Control
- Application level attacks and intrusion detection
- Applied cryptography in data security
- Identity theft and countermeasures
- Integrity maintenance
- Intrusion tolerance and trusted recovery
- Knowledge discovery and privacy
- Organizational security
- Privacy and privacy-preserving data management
- Secure transaction processing
- Security assessment, planning and administration
- Secure information integration
- Secure sensor information processing
- Threats, vulnerabilities, and risk management
- Trust management
- Web services/application security
- Secure Semantic Web
Additional topics of interest include but not limited to:
Critical Infrastructure Protection, Cyber Terrorism, Information
Warfare, Database Forensics, Electronic Commerce Security, and
Security in Digital Health Care.
For more information, please see
http://cimic.rutgers.edu/ifip113/2006/.
USENIX Security 2006
15th USENIX Security Symposium, Vancouver, B.C., Canada, July 31–August 4, 2006.
[posted here 10/10/05]
The USENIX Security Symposium brings together researchers,
practitioners, system administrators, system programmers, and others
interested in the latest advances in the security of computer systems
and networks.
All researchers are encouraged to submit papers covering novel
and scientifically significant practical works in security or
applied cryptography.
The Symposium will span five days: a training program will be
followed by a two and one-half day technical program, which will include
refereed papers, invited talks, Work-in-Progress reports, panel
discussions, and Birds-of-a-Feather sessions. New in 2006, a workshop,
titled Hot Topics in Security (HotSec '06), will be held in
conjunction with the main conference. More details will be
announced soon on the USENIX Web site.
For more information, please see
http://www.usenix.org/events/sec06/.
HotSec 2006
1st Workshop on Hot Topics in Security,
Vancouver, B.C., Canada, July 31, 2006.
[posted here 4/7/06]
HotSec is intended as a forum for lively discussion of aggressively
innovative and potentially disruptive ideas in all aspects of systems security.
Surprising results and thought-provoking ideas will be strongly favored;
complete papers with polished results in well-explored research areas are
discouraged. Papers will be selected for their potential to stimulate
discussion in the workshop. Position papers are expected to fit into
one of the following categories:
- Fundamentally new techniques for and approaches to dealing
with current security problems
- New major problems arising from new technologies that are
now being developed or deployed
- Truly surprising results that cause rethinking of previous approaches
While our goal is to solicit ideas that are not completely worked out,
we expect submissions to be supported by some evidence of feasibility
or preliminary quantitative results.
Possible topics of interest include but are not limited to:
- Secure operation, management, and event response of/for
ultra-large-scale systems
- Designing secure large-scale systems and networks
- Self-organizing and self-protecting systems
- Security assurance for non-expert users
- Balancing security and privacy/anonymity
- Interactions between security technology and public policy
For more information, please see
http://www.usenix.org/events/hotsec06/cfp/.
CEAS 2006
3rd Conference on Email and Anti-Spam,
Mountain View, CA, USA, July 27-28, 2006.
[posted here 12/16/05]
The Conference on Email and Anti-Spam (CEAS) invites short and
long paper submissions on research results pertaining to a broad range
of issues in email and Internet communication. Submissions may address
issues relating to any form of electronic messaging, including
traditional email, instant messaging, mobile telephone text messaging,
and voice over IP. Issues of interest include the analysis and
abatement of abuses (such as spam, phishing, identity theft, and
privacy invasion) as well as enhancements to and novel
applications of electronic messaging.
For more information, please see
http://www.ceas.cc/2006/cfp.html.
IFMIP 2006
5th International Forum on Multimedia and Image Processing,
Special Sessions on Information Security and Hardware Implementations,
Budapest, Hungary, July 25-28, 2006. [posted here 9/7/05]
This special session is within the Multimedia and Image Processing
Track (5th International Forum on Multimedia and Image Processing, IFMIP 2006).
The IFMIP is going to take place in the World Automation Congress.
The scope of this special session is on all views of communication security,
and cryptography implementations. The call is addressed to scientists and engineers,
who design, develop, and implement information security and cryptography subsystems.
We encourage scientists and engineers from both academic and industrial
environments to submit their works in order to enhance the knowledge,
expertise, and experience of the whole community in information security,
cryptography and hardware implementations. The subject areas include,
but are not limited to, the following:
- Security for mobile devices and 3G applications
- Reconfigurable processors in cryptography
- Smart cards security
- Computer architectures for public-key and secret-key cryptosystems
- Crypto-Processors for wireless networks
- Cryptography for pervasive computing (e.g., RFID, Bluetooth, etc.)
- True and pseudo random number generators
- Identification and authentication
- New encryption algorithms
- Cryptography and cryptanalysis
- Case studies, surveys
- Architectural optimizations of security schemes and ciphers for wireless communications
- Modular and Galois field arithmetic architectures for security applications
For more information, please see
http://wacong.org.
CEC 2006
IEEE CEC 2006 Special Session on Evolutionary Computation in
Cryptology and Computer Security, Vancouver, BC, Canada, July 16-21, 2006.
[posted here 10/10/05]
Techniques taken from the field of Evolutionary Computation
(especially Genetic Algorithms, Genetic Programming, Artificial
Immune Systems, but also others) are steadily gaining ground in
the area of cryptology and computer security.
The special session encourages the submission of novel research
at all levels of abstraction (from the design of cryptographic
primitives through to the analysis of security aspects of
"systems of systems").
For more information, please see
http://kolmogorov.seg.inf.uc3m.es/.
DIMVA 2006
3rd GI SIG SIDAR Conference on Detection of Intrusions & Malware,
and Vulnerability Assessment, Berlin, Germany, July 13-14, 2006.
[posted here 10/10/05]
The special interest group Security - Intrusion Detection and Response
(SIDAR) of the German Informatics Society (GI) organizes DIMVA as an annual
conference that brings together experts from throughout and outside of
Europe to discuss the state of the art in the areas of intrusion detection,
malware detection, and vulnerability assessment.
The scope of DIMVA is broad and includes, but is not restricted to the
following areas:
Vulnerability Assessment:
- Vulnerabilities and exploitation techniques
- Vulnerability detection
- Avoidance of vulnerabilities and software testing
- Reverse engineering
- ROI on vulnerability assessment and management
Intrusion Detection:
- Intrusion techniques
- Intrusion detection and event correlation
- Intrusion response and intrusion prevention
- Benchmarking of intrusion detection and prevention systems
- Incident management and response
Malware:
- Malware techniques
- Malware detection
- Malware prevention
- Benchmarking of malware detection and prevention systems
- Computer and network forensics
For more information, please see
http://www.dimva.org/dimva2006.
RFIDSec 2006
Workshop on RFID Security,
Graz, Austria, July 12-14, 2006.
[posted here 2/13/06]
The Workshop on RFID Security 2006 focuses on approaches to solve security
issues in advanced contactless technologies like RFID systems. It stresses
implementation aspects imposed by resource constraints.
Topics of the workshop include but are not limited to:
- New applications for secure RFID systems
- Privacy-enhancing techniques for RFID
- Cryptographic protocols for RFID (Authentication, Key update, Scalability issues)
- Integration of secure RFID systems (Middleware and security, Public-key Infrastructures)
- Resource-efficient implementation of cryptography (Small-footprint hardware,
Low-power architectures)
For more information, please see
http://events.iaik.tugraz.at/RFIDSec06/CfP/index.htm.
SOUPS 2006
Symposium On Usable Privacy and Security,
Pittsburgh, PA, USA, July 12-14, 2006.
[posted here 1/22/06]
The 2006 Symposium on Usable Privacy and Security (SOUPS) will
bring together an interdisciplinary group of researchers and
practitioners in human computer interaction, security, and privacy.
The program will feature technical papers, a poster session,
panels and invited talks, discussion sessions, and in-depth
sessions (workshops and tutorials).
Topics include, but are not limited to:
- innovative security or privacy functionality and design,
- new applications of existing models or technology,
- field studies of security or privacy technology,
- usability evaluations of security or privacy features or security
testing of usability features, and
- lessons learned from deploying and using usable privacy and security features.
For more information, please see
http://cups.cs.cmu.edu/SOUPS/.
IHW 2006
