Contents
ICISS 2007
3rd International Conference on Information Systems Security,
Delhi, India, December 16-20, 2007.
[posted here 2/28/07]
After the successful organization of ICISS 2006 at the Indian Statistical Institute,
Kolkata, India, the 3nd conference will be organized by the University of Delhi.
ICISS presents a forum for disseminating the latest research results in
Information Systems Security and related areas. Topics of interest include
but are not limited to:
- Authentication and Access Control
- Mobile Code Security
- Key Management and Cryptographic Protocols
- E-business / E-commerce Security
- Privacy and Anonymity
- Intrusion Detection and Avoidance
- Security Verification
- Network Security
- Database and Application Security and Integrity
- Digital Rights Management
- Security in P2P, Sensor and Ad hoc Networks
- Digital Forensics
- Biometric Security
- Secure Web Services
- Fault Tolerance and Recovery Methods for Security Infrastructure
- Threats, Vulnerabilities and Risk Management
- Commercial and Industrial Security
For more information, please see
http://siis.cse.psu.edu/iciss07/cfp.htm.
ICICS 2007
9th International Conference on Information and Communications Security,
Zhengzhou, Henan Province, China, December 12-15, 2007.
[posted here 6/26/07]
The 2007 International Conference on Information and Communications Security
will be the 9th event in the ICICS conference series, started in 1997, that
brings together individuals involved in multiple disciplines of Information and
Communications Security in order to foster exchange of ideas.
Original papers on all aspects of information and communications security
are solicited for submission to ICICS 2007. Areas of interests include but
not limited to:
- Access Control
- Anti-Virus and Anti-Worms
- Anonymity
- Authentication and Authorization
- Applied Cryptography
- Biometric Security
- Data and System Integrity
- Database Security
- Distributed Systems Security
- Electronic Commerce Security
- Fraud Control
- Grid Security
- Information Hiding and Watermarking
- Intellectual Property Protection
- Intrusion detection
- Key Management and Key Recovery
- Language-based Security
- Operating System Security
- Network Security
- Risk Evaluation and Security Certification
- Security for Mobile Computing
- Security Models
- Security Protocols
- Trusted Computing
For more information, please see
http://www.icics2007.org.cn/.
ACSAC 2007
23rd Annual Computer Security Applications Conference,
Miami Beach, Florida, USA, December 10-14, 2007.
[posted here 3/21/07]
ACSAC is an internationally recognized forum where practitioners, researchers,
and developers in information system security meet to learn and to exchange
practical ideas and experiences. Papers offering novel contributions in any
aspect of computer and application security are solicited. Papers may present
technique, applications, or practical experience, or theory that has a clear
practical impact. Papers are encouraged on technologies and methods that have
been demonstrated to be useful for improving information systems security and
that address lessons from actual application. Topics of interest include,
but are not limited to:
- Access control
- Applied cryptography
- Audit and audit reduction
- Biometrics
- Certification and accreditation
- Database security
- Denial of service protection
- Defensive information warfare
- Electronic commerce security
- Enterprise security
- Firewalls and other boundary control devices
- Forensics
- Identification and authentication
- Identity Management
- Information survivability
- Insider threat protection
- Integrity
- Intellectual property rights protection
- Incident response planning
- Intrusion detection and event correlation
- Malware
- Middleware and distributed systems security
- Mobile and wireless security
- Modeling and simulation related to security
- Operating systems security
- Peer-to-peer security
- Product evaluation criteria and compliance
- Privacy
- Risk/vulnerability assessment
- Secure location services
- Security engineering and management
- Security in IT outsourcing
- Service Oriented Architectures
- Software assurance
- Trust management
- VoIP Security
- Wireless Security
For more information, please see
http://www.acsac.org.
ASIAN 2007
12th Annual Asian Computing Science Conference Focusing on Computer and Network Security,
Carnegie Mellon University, Doha, Qatar, December 9-11, 2007.
[posted here 6/4/07]
The ASIAN conference series provides a forum for researchers throughout Asia
to present cutting-edge results in yearly-themed areas of Computer Science, to
discuss advances in these fields, and to interact with researchers from other continents.
The 2007 edition focuses on computer and network security.
New results in the fields of computer and network security are welcome.
Also welcome are more exploratory presentations, which may examine open questions and raise
fundamental concerns about existing theories and practices.
Topics of interest include, but are not limited to:
- Access control
- Database security
- Privacy and Anonymity
- Cryptographic protocols
- Trust and trust management
- Authentication
- Digital rights management
- Executable content
- Language-based security
- Formal methods for security
- Data and system integrity
- Distributed systems security
- Security for mobile computing
- Wireless network security
- Denial-of-service and prevention
- Intrusion detection and avoidance
- Digital forensics
- Vulnerabilities and risk management
- Secure electronic commerce
- Secure software engineering
For more information, please see
http://www.qatar.cmu.edu/asian07.
Asiacrypt 2007
13th Annual International Conference on the Theory and Application of
Cryptology & Information Security,
Kuching, Sarawak, Malaysia, December 2-6, 2007.
[posted here 3/19/07]
Original research papers on all technical aspects of cryptology are
solicited for submission to ASIACRYPT 2007, the annual International
Conference on Theory and Application of Cryptology and Information Security.
The conference is sponsored by the International Association for Cryptologic
Research (IACR) in cooperation with the Information Security
Research (iSECURES) Lab of Swinburne University of Technology (Sarawak Campus)
and the Sarawak Development Institute (SDI); and financially supported by the
Sarawak Government.
For more information, please see
http://www.swinburne.edu.my/asiacrypt2007.
HASE 2007
10TH IEEE International Symposium on High Assurance Systems Engineering,
Dallas, TX, USA, November 14-16, 2007.
[posted here 6/11/07]
The IEEE International Symposium on High Assurance Systems Engineering is a
forum for discussion of systems and software engineering issues to achieve high
assurance systems. The focus is on integrated approaches for assuring reliability,
availability, integrity, privacy, confidentiality, safety, and real-time of complex
systems and the methods for assessing the assurance levels of the systems to a
high degree of confidence. Technical and experience papers on algorithms, policies,
middleware, tools, and models for high assurance systems development, verification
and validation, and assessment are welcome.
Topics of interests for the symposium include, but are not limited to:
- Design and development of highly reliable, survivable, secure, safe, and time-assured systems
- Integrated system reliability, availability, security, safety, and timing analysis and evaluation methods
- Policies for reliability, safety, security, integrity, privacy, and confidentiality of high assurance systems
- Formal specification, specification validation, testing, and model checking for high assurance systems
- High assurance software architectures and design
- Transformation-based and evolutionary-based system development
- Reconfigurable system design for evolving high assurance requirements
- Dynamic monitoring and adaptation for run-time assurance
- High assurance information/knowledge systems and data grids
- High assurance embedded systems, ubiquitous systems and sensor networks
- High assurance web services
- Extending web service specifications for reliability, safety, security, privacy and other QoS properties
- Assurance techniques for service-oriented systems
- Case studies, experiments and tools for high assurance systems
For more information, please see
http://hase07.utdallas.edu/.
TGC 2007
The Symposium on Trustworthy Global Computing,
Sophia-Antipolis, France, November 5-6, 2007.
[posted here 6/26/07]
The Symposium on Trustworthy Global Computing is an international annual
venue dedicated to safe and reliable computation in global computers.
It focuses on providing tools and frameworks for constructing well-behaved
applications and for reasoning about their behaviour and properties in
models of computation that incorporate code and data mobility over
distributed networks with highly dynamic topologies and heterogeneous
devices. We solicit paper in all areas of global computing,
including (but not limited to):
- theories, models and algorithms for global computing and service
- oriented computing
- language concepts and abstraction mechanisms
- security through verifiable evidence
- information flow and resource usage policies
- verification of cryptographic protocols and their use
- trust, access control and security enforcement mechanisms
- self configuration, adaptation, and dynamic components management
- software principles to support debugging and verification
- test generators, symbolic interpreters, type checkers
- model checkers, theorem provers
- privacy, reliability and business integrity
For more information, please see
http://www-sop.inria.fr/everest/tgc/tgc07.
STC 2007
2nd ACM Workshop on Scalable Trusted Computing,
Held in conjunction with the 14th ACM Conference on Computer and Communications Security (CCS 2007),
Fairfax, VA, USA, November 2, 2007.
[posted here 4/30/07]
In a society increasingly dependent on networked information systems, trusted
computing plays a crucial role. Despite significant progress in trusted computing components,
the issue of scalability in trusted computing and its impact on security are not well-understood.
Consequently, there is a dearth of practical solutions for trusted computing in large-scale systems.
Approaches suitable for small- or medium-scale trusted computing systems might not be applicable
to larger-scale scenarios. This workshop, built on the success of its predecessor (STC'06),
is focused on trusted computing in large-scale systems -- those involving (at the very least)
many millions of users and thousands of third parties with varying degrees of trust.
Topics of interest to the workshop include the following:
- models for trusted computing
- principles of trusted computing
- modeling of computing environments, threats, attacks and countermeasures
- limitations, alternatives and tradeoffs regarding trusted computing
- trust in authentications, users and computing services
- hardware based trusted computing
- software based trusted computing
- pros and cons of hardware based approach
- remote attestation of trusted devices
- censorship-freeness in trusted computing
- cryptographic support in trusted computing
- case study in trusted computing
- applications of trusted computing
- intrusion resilience in trusted computing
- access control for trusted computing
- trust of computing systems
- principles for handling scales
- scalable trust support and service
- trusted embedded computing and systems
- trusted computing in networks and distributed systems
- virtualization and trusted computing
For more information, please see
http://www.cs.utsa.edu/~shxu/stc07/.
CSAW 2007
1st ACM Computer Security Architecture Workshop,
Held in conjunction with the 14th ACM Conference on Computer and Communications Security (CCS 2007),
Fairfax, VA, USA, November 2, 2007.
[posted here 4/23/07]
The Computer Security Architecture Workshop (CSAW)}--pronounced
see-saw--solicits papers on security architectures, their interfaces,
implementations, and implications. The design and evaluation of
Security Architectures is of fundamental
importance to security. And yet, many of our fundamental
architectures were created when security was less appreciated and less
well understood. Since it is notoriously difficult to add security
after the fact, our systems are far too susceptible to attack.
Moreover, architectures, because they are broad based, are difficult
to understand and this is a specialized workshop in which Security
Architecture experts will gather. As far as we know, this workshop is
unique in its focus on Security Architectures.
The workshop topics include, but are not limited to:
- Authorization
- Authentication
- Network security
- Distributed systems
- Operating systems
- Privacy
- Applications and security frameworks
- Specialized applications such as voting systems
- Hardware/software co-design for security
- Analysis of architectures
- System composability (properties, pitfalls, analysis & reasoning)
- Assurance techniques
- Case studies
- Usability issues
For more information, please see
http://www.rites.uic.edu/csaw.
WORM 2007
5th ACM Workshop on Recurring Malcode,
Held in conjunction with the 14th ACM Conference on Computer and Communications Security (CCS 2007),
Fairfax, VA, USA, November 2, 2007.
[posted here 4/16/07]
Internet-wide infectious epidemics have emerged as one of the leading threats to
information security and service availability. Self-propagating threats, often termed
worms, exploit software weaknesses, hardware limitations, Internet topology, and the open
Internet communication model to compromise large numbers of networked systems. Malware
is increasingly used as a beachhead to launch further malicious activities, such as
installing spyware, deploying phishing servers and spam relays, or performing
information espionage. Unfortunately, current operational practices still face
significant challenges in containing these threats as evidenced by the rise in
automated botnet networks and the continued presence of worms released years ago.
The goal of this workshop is to provide a forum for exchanging ideas, increasing the
understanding, and relating experiences on malicious code from a wide range of communities,
including academia, industry, and the government. We are soliciting papers from researchers
and practitioners on subjects including, but not limited to:
- Automatic malcode detection
- Malicious code characterization
- Botnet detection and disruption
- Malcode reverse engineering
- Modeling and analysis of propagation dynamics
- Forensic methods of attribution
- Threat assessment
- Reactive countermeasures
- Proactive malware defenses
- Significant operational experiences
- Measurement studies
- New threats and related challenges
For more information, please see
http://www.auto.tuwien.ac.at/~chris/worm07.html.
DIM 2007
3rd ACM Workshop on Digital Identity Management,
Held in conjunction with the 14th ACM Conference on Computer and Communications Security (CCS 2007),
Fairfax, VA, USA, November 2, 2007.
[posted here 3/16/07]
This year's theme is "Usability Issues for Identity Management." As the Web 2.0 trend exemplifies,
user experiences on the Net are becoming more and more interactive, dynamic, and personalized.
With appropriate control over the number and use of their identity(s), users can enjoy the advantages
of highly sophisticated personal services without the management burden they currently face or
sacrificing their privacy. However, standing in the way of this attractive goal are malicious
identity-motivated attacks (such as phishing & pharming), inadequate user understanding of the
underlying trust models (including the consequences of poorly set security and privacy preferences),
and the complexity of managing how identities are to be used, shared, and delegated.
To address such issues, many technological solutions have been already proposed, both in the
industry and academia, to date with mixed success.
To ensure that the emerging identity management technologies are accepted by end-users,
we must reconcile (or strike the right balance between) two goals that are generally thought
to be contradictory: the usability of the systems on one hand and their security and privacy
on the other. The aim of this workshop is to gather vendors, users, and researchers, in the
areas of identity management, to discuss and provide recommendations for the best approaches
for making implementable and deployable improvements to the usability of identity management.
Topics of particular interest include (but are not limited to):
- User interaction design for identity management
- Social identity
- User centric identity
- Expressing trustworthiness of identity management to users
- Empirical analysis of usability problems with identity management systems
- Evaluation methodologies for usability of identity management systems
- Novel user interface technologies for identity management
- Privacy enhanced user interaction
- User education on identity management
- Elicitation of privacy preferences from end users
- Identity theft prevention
- User-readable privacy policies
- Methodologies and interfaces for managing multiple identities including delegation
- Identity theft prevention
- Privacy-enhancing identity management
- Consistent UI for identity transactions
For more information, please see
http://www2.pflab.ecl.ntt.co.jp/dim2007/.
FMSE 2007
5th ACM Workshop on Formal Methods in Security Engineering: From Specifications to Code,
Held in conjunction with the 14th ACM Conference on Computer and Communications Security (CCS 2007),
Fairfax, VA, USA, November 2, 2007.
[posted here 4/16/07]
Information security has become a crucial concern for the commercial deployment of
almost all applications and middleware. Although this is commonly recognized,
the incorporation of security requirements in the software development process
is not yet well understood. The deployment of security mechanisms is often ad hoc,
without a formal security specification or analysis, and practically always without
a formal security validation of the final product. Progress is being made, but there
remains a wide gap between high-level security models and actual code development.
We seek original research papers addressing foundational issues in formal methods
in security engineering. Topics covered include, but are not limited to:
- security requirements and risk analysis
- access control models, information flow models, and trust models
- specification and analysis of security properties
- stepwise development by refinement and composition
- computationally sound abstraction
- program logics and type systems for security
- other techniques for verification and static analysis
- tool support for the development and analysis of security-critical systems
- design and analysis of security protocols
- security aspects of operating systems and middleware
- case studies
For more information, please see
http://www.fmis.informatik.tu-darmstadt.de/fmse07/.
DRM 2007
7th ACM Workshop on Digital Rights Management,
Held in conjunction with the 14th ACM Conference on Computer and Communications Security (CCS 2007),
Alexandria, VA, USA, October 29, 2007.
[posted here 4/23/07]
Digital Rights Management (DRM) is an interdisciplinary field intersecting with many
different areas including cryptography, software and computer systems design,
information and signal processing, law, policy-making, as well as business analysis
and economics. Currently human intellectual product is predominantly produced in digital
form and as a result the DRM problem ought to be viewed in the broader sense that
spans the full spectrum of human productivity rather than a narrow perspective that
applies it to music or videos. ACM-DRM is an international workshop that looks at the
DRM problem in its broadest possible interpretation and aims to bring together
scientists and scholars from all the related disciplines for an exchange of ideas
and presentation of cutting edge results related to digital content distribution.
Topics of interest include but are not limited to:
- anonymous publishing, privacy and DRM
- architectures for DRM systems
- business models for online content distribution. risk management
- copyright-law issues, including but not limited to fair use
- digital goods and online multiplayer games
- digital policy management
- implementations and case studies
- robust identification of digital content
- security issues, including authorization, encryption, tamper resistance, watermarking, and fingerprinting
- information theory and combinatorics, including marking assumptions and related codes
- supporting cryptographic technology including but not limited to traitor tracing, broadcast encryption, obfuscation
- threat and vulnerability assessment
- trusted computing, attestation, hardware support for DRM, side-channel attacks
- usability aspects of DRM systems
- web services related to DRM systems
For more information, please see
http://www.cse.uconn.edu/~drm2007.
QoP 2007
3rd International Workshop on Quality of Protection,
Held in conjunction with the 14th ACM Conference on Computer and Communications Security (CCS 2007),
Alexandria, VA, USA, October 29, 2007.
[posted here 4/2/07]
In the last few decades, Information Security has gained numerous standards, industrial
certifications, and risk analysis methodologies. However, the field still lacks the strong,
quantitative, measurement-based assurance that we find in other fields. For example, Networking
researchers have created and utilize Quality of Service (QoS), Service Level Agreements (SLAs),
and performance evaluation metrics. Empirical Software Engineering has made similar advances
with software metrics: processes to measure the quality and reliability of software exist
and are appreciated in industry. The goal of the QoP Workshop is to help security research
progress towards a notion of Quality of Protection in Security comparable to the notion of
Quality of Service in Networking, Software Reliability, or Software Measurements and Metrics
in Empirical Software Engineering. The topics of interest include but are not limited to:
- Industrial experience
- Security risk analysis
- Security metrics
- Reliability analysis
- Security quality assurance
- Measurement-based decision making and risk management
- Empirical assessment of security architectures and solutions
- Mining data from attack and vulnerability repositories
- Measurement theory
- Formal theories of security metrics
- Security measurement & monitoring
- Experimental validation of models
- Simulation & statistical analysis
- Stochastic modeling
For more information, please see
http://www.qop-workshop.org/.
WPES 2007
6th ACM Workshop on Privacy in Electronic Society,
Held in conjunction with the 14th ACM Conference on Computer and Communications Security (CCS 2007),
Alexandria, VA, USA, October 29, 2007.
[posted here 6/4/07]
The need for privacy-aware policies, regulations, and techniques has been widely recognized.
This workshop discusses the problems related to privacy in the global interconnected society
and their possible solutions. The workshop seeks submissions from academia and industry
presenting novel research on all theoretical and practical aspects of electronic privacy,
as well as experimental studies of fielded systems. We encourage submissions from other
communities such as law and business that present these communities' perspectives on
technological issues. Topics of interest include, but are not limited to:
- anonymity, pseudonymity, and unlinkability
- privacy and confidentiality management
- business model with privacy requirements
- privacy in the electronic records
- data protection from correlation and leakage attacks
- privacy in health care and public administration
- electronic communication privacy
- public records and personal privacy
- information dissemination control
- privacy and virtual identity
- privacy-aware access control
- personally identifiable information
- privacy in the digital business
- privacy policy enforcement
- privacy enhancing technologies
- privacy and data mining
- privacy policies
- relationships between privacy and security
- privacy and anonymity in Web transactions
- user profiling
- Privacy in social networks
- wireless privacy
- privacy threats
- economics of privacy
- privacy and human rights
For more information, please see
http://www.csc2.ncsu.edu/workshops/wpes07/.
CCS 2007
14th ACM Conference on Computer and Communications Security,
Alexandria, VA, USA, October 29 - November 2, 2007.
[posted here 12/4/06]
The conference seeks submissions from academia and industry presenting novel
research on all theoretical and practical aspects of computer security,
as well as case studies and implementation experiences. Papers should have practical
relevance to the construction, evaluation, application, or operation of secure
systems. Theoretical papers must make convincing argument for the practical
significance of the results. Topics of interest include, but are not limited to:
- access control
- trust models
- smartcards
- key management
- information warfare
- authentication
- anonymity
- applied cryptography
- secure networking
- security management
- accounting and audit
- peer-to-peer security
- database security
- intrusion detection
- electronic fraud relating to phishing
- privacy-enhancing technology
- data and application security
- inference/controlled disclosure
- intellectual property protection
- commercial and industry security
- trust management policies
- digital rights management
- secure location services
- security for mobile code
- cryptographic protocols
- data/system integrity
- identity management
- security in IT outsourcing
For more information, please see
http://www.acm.org/sigs/sigsac/ccs/CCS2007/.
IWSEC 2007
2nd International Workshop on Security,
Nara, Japan, October 29-31, 2007.
[posted here 11/13/06]
The complex structure of networks, middleware, agents, P2P applications
and ubiquitous computing for commercial, personal, communal and public use,
brought forth the advent of information society in the cyberspace.
However the system poses new and diverse threats to the world. It is imperative
for the security researchers to look into the issues from an interdisciplinary
perspective. Papers may present theory, applications or practical experiences
on topics including, but not limited to:
- Fundamental Tools for Information Security
- Network and Distributed Systems Security
- Privacy Enhancing Technology
- Secure Living and Working Environments
- Security in Commerce and Government
- Security Management
- Software and System Security
- Protection of Critical Infrastructures
- Testing, Verification and Certification
- Law, Policy, Ethics and Related Technologies
For more information, please see
http://www.iwsec.org/.
VizSEC 2007
4th Workshop on Visualization for Computer Security,
Held in conjunction with IEEE Vis 2007 and IEEE InfoVis 2007,
Sacramento, California, USA, October 29, 2007.
[posted here 8/13/07]
The VizSEC 2007 Workshop on Visualization for Computer Security will provide
a forum for new research in visualization for computer security.
In many applications, visualization proves very effective to understand large high-dimensional data.
Thus, there is a growing interest in the development of visualization methods as alternative or
complementary solutions to the pressing cyber security problems.
However, while security visualization research has addressed the development of applications,
there has only been limited coverage of user needs and designing visualization to support
those needs. To address this shortcoming, the theme of this year's workshop will be on
applying user-centered design to VizSEC research, focusing on integrating users' needs,
visualization design, and evaluation. We solicit papers that report results on
visualization techniques and systems in solving all aspects of cyber security
problems. Topics include, but are not limited to:
- Visualization of Internet routing for security
- Visualization of packet traces and network flows for security
- Visualization of security vulnerabilities and attack paths
- Visualization of intrusion detection alerts
- Visualization of application processes for security
- Visualization for forensic analysis
- Visualization for correlating events
- Visualization for computer network defense training
- Visualization for offensive information operations
- Visualization for feature selection
- Visualization for detecting anomalous activity
- Deployment and field testing of VizSEC systems
- Evaluation and user testing of VizSEC systems
- User and design requirements for VizSEC systems
- Lessons learned from VizSEC systems development and deployment
For more information, please see
http://vizsec.org/workshop2007/.
StaR_SEC 2007
1st ACM Workshop on Information and Communications Security Standards and Regulations,
Held in conjunction with the 14th ACM Conference on Computer and Communications Security (CCS 2007),
Alexandria, VA, USA, October 29, 2007.
[posted here 4/2/07]
The main objective of the StaR_SEC 2007 Workshop is to explore the security aspects of
standards, regulations and certifications for Information and Communication Systems.
For many years the Security field was somehow isolated in the Information and
Communications Technology arena. Inevitably this isolation has been inherited to
the standards governing the security techniques and mechanisms that are currently
employed. It is therefore important to inform the scientific community about these
problems and facilitate better collaboration on the security aspects of international
standards and regulations. We welcome the submission of papers that address Security
Standards and Regulations activities, including, but not limited to:
- Access Control and Authorization
- Assurance Services
- Auditing and Forensic Information Management
- Authentication, Authorization, and Accounting
- Business Services
- Biometrics Technologies
- Confidentiality and Privacy Services
- Developing Secure Information and Communications Infrastructures
- Digital Rights Management
- eBusiness, eCommerce, eGovernment Security: Establishing Trust and Confidence of Citizens in eTransactions and eServices
- eHealth Security
- Lawful Interception Architectures and Functions
- Legal Issues
- Location Privacy and Secure Localization
- Long-term Archive and Notary Services
- Mail Security
- Methodologies for Authentication and Traceability
- Mobile, Ad hoc and Sensors Networks Security
- Multicast Security
- Network Defense Services
- PKI and PMI environments
- Privacy and Identity Management
- Registration and Authentication Services
- Security and Interoperability
- Security Challenges to the use and deployment of Disruptive Technologies (Trusted Computing, VoIP, WiMAX, RFID, IPv6)
- Securing Critical Information and Communication Infrastructures
- Security issues in Network Event Logging
- Security Policies
- Security Solutions for IP Multimedia Systems
- Standardization Aspects of Electronic Signatures
- Trust Services
- Wireless Security
For more information, please see
http://www.aegean.gr/StaR_SEC_2007.
PADM 2007
6th International Workshop on Privacy Aspects of Data Mining,
Held in conjunction with the IEEE International Conference on Data Mining (ICDM 2007) ,
Omaha, NE, USA, October 28, 2007.
[posted here 5/21/07]
Privacy aspects of data mining have an important impact on many data
analysis applications. The aim of the workshop is to bring together researchers
and practitioners interested in the privacy aspects of data mining, both
by from a technical perspective and from social and legal
perspectives. We hope to attract interest across a wide range of
possible data mining subareas, including: web mining, medical data
mining, spatio-temporal data mining, ubiquitous knowledge discovery,
stream data mining, multimedia mining, and obviously,
privacy-preserving data mining.
Topics of interest to the workshop include the following:
- Cryptographic tools for privacy preserving data mining
- Inference and disclosure control for data mining
- Learning algorithms for randomized/perturbed data
- Legal and regulatory frameworks for data mining and privacy
- Privacy and anonymity in e-commerce and user profiling
- Privacy aspects of business processes and enterprise management
- Privacy aspects of geographic, spatial, and temporal data
- Privacy aspects of ubiquitous computing systems
- Privacy enhancement technologies in web environments
- Privacy policy infrastructure, enforcement, and analysis
- Privacy preserving link and social network analysis
- Privacy preserving applications for homeland security
- Privacy preserving data integration
- Privacy protection in fraud and identify theft prevention
- Privacy threats due to data mining
- Biomedical and healthcare data mining research privacy
- Query systems and access control
- Trust management for data mining
For more information, please see
http://cimic.rutgers.edu/~padm.
NordSec 2007
12th Nordic Workshop on Secure IT Systems,
Reykjavik, Iceland, October 11-12, 2007.
[posted here 2/8/07]
Since 1996, the NordSec workshops have brought together computer security researchers
and practitioners from the Nordic countries, Northern Europe, and elsewhere.
The workshop is focused on applied computer security and is intended to encourage
interchange and cooperation between research and industry. Topics include, but are
not limited to, the following areas of computer security:
- Applied Cryptography
- Commercial Security Policies and Enforcement
- Communication and Network Security
- Computer Crime and Information Warfare
- Hardware and Smart Card Applications
- Internet and Web Security
- Intrusion Detection
- Language-based Techniques for Security
- New Ideas and Paradigms in Security
- Operating System Security
- PKI Systems and Key Escrow
- Privacy and Anonymity
- Security Education and Training
- Security Evaluations and Measurements
- Security Management and Audit
- Security Models
- Security Protocols
- Social-Engineering and Phishing
- Software Security, Attacks, and Defenses
- Trust and Trust Management
For more information, please see
http://www.ru.is/nordsec2007/.
IDMAN 2007
1st IFIP WG 11.6 working conference on Policies & Research in Identity Management,
Rotterdam, The Netherlands, October 11-12, 2007.
[posted here 4/16/07]
Papers offering research contributions focusing on national identity management are
solicited for submission to the 1st IFIP WG-11.6 International Conference on
National Identity Management. Papers may present theory, applications or practical
experiences in the field of national identity management, including, but not necessarily
limited to:
- History
- Law
- Philosophical and ethical aspects
- Economics
- Impact of free travel, weakening national borders and cyberspace on character and importance
- Impact on society and politics
- Impact on e-government and e-government applications
- Quality of national identity management in general
- Quality of national identity data
- Security of national identity management
- Central storage of general and biometric identity data
- Effectiveness of national identity management in fighting terrorism, international crime and human trafficking
- Methods of identification, authentication and authorisation
- Models of identity and access control procedures
- Government PKI
- (Possible) role of pseudonymous and anonymous identity in national identity management
- Electronic IDs
- European and worldwide policies and cooperation
- (Inter)national policies on social security numbers / personalisation IDs
- (Inter)national applications of passport biometrics
- Vulnerabilities of electronic passport protocols
- Multilateral national identity management
- Biometric verification, assurance, metrics and measurements
- Fraud resistance of biometrics
- Data Protection
- Privacy and Privacy Enhancing Technologies (PETs) and national identity management
- (Inter)national threats
- Intelligence
- Fraud and fraud detection
- Impersonation, identity fraud, identity forge and identity theft
- Tracing, monitoring and forensics
- Attacks on national identity and access management infrastructure and procedures
For more information, please see
http://privare.fbk.eur.nl/idman07/.
WSNS 2007
3rd IEEE International Workshop on Wireless and Sensor Networks Security,
Held in conjunction with the 4th IEEE International Conference on Mobile Ad-hoc and Sensor Systems (MASS 2007),
Pisa, Italy, October 8, 2007.
[posted here 3/12/07]
Wireless networks have experienced an explosive growth during the last few years.
Nowadays, there is a large variety of networks spanning from the well-known cellular
networks to non-infrastructure wireless networks such as mobile ad hoc networks and
sensor networks. Security issue is a central concern for achieving secured communication
in these networks. This one day workshop aims to bring together researchers and practitioners
from wireless and sensor networking, security, cryptography, and distributed computing
communities, with the goals of promoting discussions and collaborations. We are interested
in novel research on all aspects of security in wireless and sensor networks and tradeoff
between security and performance such as QoS, dependability, scalability, etc.
Topics include, but not limited to:
- Authentication and Access Control
- Cryptographic Protocol
- Experimental Studies
- Key Management
- Information Hiding
- Intrusion Detection and Response
- Privacy and Anonymity
- Secure Localization and Synchronization
- Security and Performance tradeoff
- Security Policy and Enforcement Issues
- Security Protocols Design, Analysis and Verification
- Secure Routing/MAC
- Surveillance and Monitoring
- Trust Management
For more information, please see
http://www7.informatik.uni-erlangen.de/~dressler/wsns07/.
EC2ND 2007
3rd European Conference on Computer Network Defence,
Heraklion, Crete, Greece, October 4-5, 2007.
[posted here 5/21/07]
The theme of the conference is the protection of computer networks.
The conference will draw participants from academia and industry in Europe and beyond to
discuss hot topics in applied network and systems security.
EC2ND invites submissions presenting novel ideas at an early stage with the intention to
act as a discussion forum and feedback channel for promising, innovative security research.
While our goal is to solicit ideas that are not completely worked out, and might have
challenging and interesting open questions, we expect submissions to be supported by some
evidence of feasibility or preliminary quantitative results.
Topics include but are not limited to:
- Intrusion Detection
- Denial-of-Service
- Privacy Protection
- Security Policies
- Peer-to-Peer and Grid Security
- Network Monitoring
- Web Security
- Vulnerability Management and Tracking
- Network Forensics
- Wireless and Mobile Security
- Cryptography
- Network Discovery and Mapping
- Incident Response and Management
- Malicious Software
- Web Services Security
- Legal and Ethical Issues
For more information, please see
http://2007.ec2nd.org/index.html.
eCrime 2007
2nd APWG eCrime Researchers Summit,
Pittsburgh, PA, USA, October 4-5, 2007.
[posted here 1/22/07]
The second Anti-Phishing Working Group (APWG) eCrime Researchers Summit
will be hosted by Carnegie Mellon CyLab, October 4-5, 2007, in Pittsburgh, PA.
Original papers on all aspects of electronic crime are solicited for submission
to eCrime '07. Topics of relevance include but are not limited to:
- Phishing, pharming, click-fraud, crimeware, extortion and emerging attacks.
- Technical, legal, political, social and psychological aspects of fraud and fraud prevention.
- Techniques to assess the risks and yields of attacks and the success rates of countermeasures.
- Delivery techniques, including spam, voice mail and rank manipulation; and countermeasures.
- Spoofing of different types, and applications to fraud.
- Techniques to avoid detection, tracking and takedown; and ways to block such techniques.
- Honeypot design, datamining, and forensic aspects of fraud prevention.
- Design and evaluation of user interfaces in the context of fraud and network security.
- Best practices related to digital forensics tools and techniques, investigative procedures,
and evidence acquisition, handling and preservation.
For more information, please see
http://www.ecrimeresearch.com/2007/cfp.html.
CRITIS 2007
2nd International Workshop on Critical Information Infrastructures Security,
Benalmadena-Costa, Malaga, Spain, October 3-5, 2007.
[posted here 5/14/07]
CRITI workshop aims at bringing together researchers and professionals from universities,
private companies and Public Administrations interested or involved in all security-related
heterogeneous aspects of Critical Information Infrastructures.
We invite research papers, work-in-progress reports, R&D projects results, surveying
works and industrial experiences describing significant security advances in the
following (non-exclusive) areas of Critical Information Infrastructures for which
we plan to have sessions:
- Code of Practice and Metrics
- Communication Risk & Assurance
- Early Warning Systems
- Economics on CIP
- R&D Agenda
- SCADA and Embedded Security
- National and Cross Border Issues
- Information Sharing and Exchange
- Policy Options Elaboration
- Threats and Attacks Modeling
- Continuity of Services and Resiliency
- Dependable Infrastructure Communications
- Internet-based remote control
- Forensic Techniques
- Incident Response
- Network Survivability
- Trust Models in Critical Scenarios
- Security Logistics
For more information, please see
http://critis07.lcc.uma.es.
SISW 2007
4th International IEEE Security in Storage Workshop,
San Diego, California, USA, September 27, 2007.
[posted here 2/8/07]
Stored information critical to individuals, corporations and governments
must be protected, but the continually changing uses of storage and the
exposure of storage media to adverse conditions make meeting that
challenge increasingly difficult. Example uses include employment of large
shared storage systems for cost reduction and, for convenience, wide use of
transiently-connected storage devices offering significant capacities and
manifested in many forms, often embedded in mobile devices.
Protecting intellectual property, personal records, health records, and
military secrets when media or devices are lost, stolen, or captured
is critical to information owners. To remain or become viable, activities
that rely on storage technology require a comprehensive systems approach
to storage security. This workshop serves as an open forum to discuss storage
threats and the technology and deployment of countermeasures.
The workshop seeks submissions from academia and industry presenting
novel research on all theoretical and practical aspects of designing,
building and managing secure storage systems; possible topics include,
but are not limited to the following:
- Cryptographic Algorithms for Storage
- Cryptanalysis of Systems and Protocols
- Key Management for Sector and File based Storage Systems
- Balancing Usability, Performance and Security concerns
- Unintended Data Recovery
- Attacks on Storage Area Networks and Storage
- Insider Attack Countermeasures Security for Mobile Storage
- Defining and Defending Trust Boundaries in Storage
- Relating Storage Security to Network Security
- Database Encryption
- Search on Encrypted Information
For more information, please see
http://ieeeia.org/sisw/2007/.
ESORICS 2007
12th European Symposium on Research in Computer Security,
Dresden, Germany, September 24-26, 2007.
[posted here 1/22/07]
Papers offering novel research contributions on any aspect of computer security
are solicited for submission to the Twelfth European Symposium on Research
in Computer Security (ESORICS 2007). Organized in a series of European countries,
ESORICS is confirmed as the European research event in computer security.
Papers may present theory, mechanisms, applications, or practical experience on all
traditional or emerging topics relevant for security in computing systems. For example,
the submissions might treat any innovative aspects of one or several topics listed
in the following:
- security architecture and secure components (trusted computing modules, smartcards,
personal computing devices, networks, information systems, applications,
peer-to-peer connections, language-based security, ... )
- access control (authorization, privileges, delegation, revocation, credentials,
authentication, accountability, safety analysis, ... )
- information control (data flows, information flows, inferences,
covert channel analysis, ... )
- applied cryptography (protocol design, protocol verification,
authentication protocols, identity management, key distribution, ... )
- tolerance and survivability (attack models, vulnerability analysis, intrusion detection,
malware collection and analysis, ... )
- security management (requirements engineering, policy specification,
trust evaluation, policy enforcement, ... )
- secure electronic commerce, administration, and government
(digital rights management, intellectual property protection,
privacy-enhancing technologies, e-voting, ... )
- formal methods in security (security models, security verification, ... )
For more information, please see
http://esorics2007.inf.tu-dresden.de/.
NSS 2007
IFIP International Workshop on Network and System Security,
Dalian, China, September 20, 2007.
[posted here 2/28/07]
In recent years, there has been significant increase in Internet attacks, such as DDoS,
viruses, worms, spyware, and malware, etc, causing huge economical and social damage.
While the attack systems have become more easy-to-use, sophisticated, and powerful, interest
has greatly increased in the field of building more effective, intelligent, and active defense
systems which are distributed and networked. We will focus our program on issues related to Network
and System Security, such as authentication, access control, availability, integrity, privacy,
confidentiality, dependability and sustainability of network defense systems. We also welcome
research reports on network attack systems; because we believe only by fully understanding the
attack mechanisms can we perform effective and comprehensive defense. The aim of this workshop is
to provide a leading edge forum to foster interaction between researchers and developers with the
network and system security communities, and to give attendees an opportunity to network with experts
in network and system security. Topics include, but not limited to:
- Active Defense Systems
- Benchmark, Analysis and Evaluation of Security Systems
- Distributed Access Control and Trust Management
- Distributed Attack Systems and Mechanisms
- Distributed Database Security
- Distributed Intrusion Detection/Prevention Systems
- Denial-of-Service Attacks and Countermeasures
- Identity Management and Authentication
- Implementation, Deployment and Management of Security Systems
- Intelligent Defense Systems
- Internet and Network Forensics
- Security Architectures in Distributed Network Systems
- Security for Large-scale Systems and Critical Infrastructures
- Security for P2P systems and Grid Systems
- Security for Ad-Hoc and Sensor Networks
- Security in E-Commerce
- Secure Mobile Agents and Mobile Code
- Security Theory and Tools in Network Systems
- Viruses, Worms, and Other Malicious Code
- World Wide Web Security
For more information, please see
http://nss2007.cqu.edu.au/.
NSPW 2007
New Security Paradigms Workshop,
White Mountain Hotel and Resort, New Hampshire, USA, September 18-21, 2007.
[posted here 4/6/07]
NSPW is a unique workshop that is devoted to the critical examination of new paradigms
in security. Each year, since 1992, we examine proposals for new principles upon which
information security can be rebuilt from the ground up. We conduct extensive, highly
interactive discussions of these proposals, from which we hope both the audience and the
authors emerge with a better understanding of the strengths and weaknesses of what has
been discussed. The New Security Paradigms workshop is dedicated to the proposition that
what Kuhn called "anomalies"---signs that the prevailing paradigm can no longer explain
phenomena observed in the real world---are already visible in the science of information
security, and, indeed, that the anomalies are so obvious and so serious that the
prevailing information security paradigm is or soon will be in crisis. NSPW aspires to
be the philosophical and intellectual breeding ground from which a revolution in the
science of information security will emerge. We solicit and accept papers on any topic in
information security subject to the following caveats:
- Papers that present a significant shift in thinking about difficult security issues are welcome.
- Papers that build on a recent shift are also welcome.
- Contrarian papers that dispute or call into question accepted practice or policy in
security are also welcome.
- We solicit papers that are not technology-centric, including those that deal with public
policy issues and those that deal with the psychology and sociology of security theory and practice.
- We discourage papers that represent established or completed works as well as those that
substantially overlap other submitted or published papers.
- We discourage papers which extend well-established security models with incremental improvements.
- We encourage a high level of scholarship on the part of contributors. Authors are expected to be
aware of related prior work in their topic area, even if it predates Google. In the course of
preparing an NSPW paper, it is far better to read an original source than to cite a text book
interpretation of it.
Our program committee particularly looks for new paradigms, innovative approaches to
older problems, early thinking on new topics, and controversial issues that might not
make it into other conferences but deserve to have their try at shaking and breaking
the mold.
For more information, please see
http://www.nspw.org/current/.
SecureComm 2007
3rd International Conference on Security and Privacy in Communication Networks,
Nice, France, September 17-21, 2007.
[posted here 12/4/06]
Securecomm seeks high-quality research contributions in the form of well-developed full papers.
Topics of interest encompass research advances in ALL areas of secure communications and
networking. Topics in other areas (e.g., formal methods, database security, secure software,
theoretical cryptography) will be considered only if a clear connection to private or secure
communication/networking is demonstrated. Securecomm brings together security and privacy
experts in academia, industry and government as well as practitioners, standards developers
and policy makers. Securecomm also serves as a venue for learning about state-of-the-art in
security and privacy research. Presentations reporting on cutting-edge research results
are supplemented by panels on controversial issues and invited talks on timely and
important topics.
- Security & Privacy in Wired, Wireless, Mobile, Hybrid, Sensor, Ad Hoc networks
- Network Intrusion Detection and Prevention, DoS Countermeasures
- Firewalls, Routers, Filters and Malware detectors
- Public Key Infrastructures and Other Security Architectures
- Secure Web Communication
- Communication Privacy and Anonymity
- Secure/Private E-commerce
- Secure Routing, Naming/Addressing, Network Management
- Security & Privacy in Pervasive and Ubiquitous Computing, e.g., RFIDs
For more information, please see
http://www.securecomm.org/2007/.
SECOVAL 2007
3rd Annual Workshop on the Value of Security through Collaboration in cooperation,
Held in conjunction with the 3rd International Conference on Security and Privacy in Communication Networks (SecureComm 2007),
Nice, France, September 17, 2007.
[posted here 1/31/07]
Security is usually centrally managed, for example in the form of policies duly
executed by individual nodes. The SECOVAL workshop covers the alternative trend of using
collaboration and trust to provide security. Instead of centrally managed security
policies, nodes may use specific knowledge (both local and acquired from other
nodes) to make security-related decisions. For example, in reputation- based schemes, the reputation
of a given node (and hence its security access rights) can be determined based on the
recommendations of peer nodes. As systems are being deployed on ever-greater scale without
direct connection to their distant home base, the need for self- management is rapidly
increasing. Interaction after interaction, as the nodes collaborate, there is the emergence of
a digital ecosystem. By guiding the local decisions of the nodes, for example, with whom the
nodes collaborate, global properties of the ecosystem where the nodes operate may be
guaranteed. Thus, the security property of the ecosystem may be driven by self-organizing
mechanisms. Depending on which local collaboration is preferred, a more trustworthy
ecosystem may emerge.
This year SECOVAL is focusing upon a special research subtopic within the scope of collaborative
security, namely, Privacy and Data Sanitization. Any useful collaboration is at some point sharing
data. Unfortunately, data sharing is one of the greatest hurdles getting in the way of
otherwise beneficial collaborations. Data regarding one's security stance is particularly
sensitive, often indicating ones own security weaknesses. This data could include computer or
network logs of security incidents, architecture documents, or sensitive organizational
information. Even when the data may not compromise the data owner's security stance, sharing
may violate a customer's privacy. Data sanitization techniques such as anonymization and other
mechanisms such as privacy-preserving data mining and statistical data mining try to address
this tension between the need to share information and protect sensitive information and user
privacy. Topics of interest to the workshop include, but are not limited to:
- Legal aspects of privacy and anonymization
- Economic issues of privacy enhancing tech
- Data sanitizing and privacy enhancing tools
- Data sharing and anonymization case studies
- Real-time anonymization issues
- Anonymization policy creation & negotiation
- Data sharing & sanitizing best practices
- Anonymity in Peer-to-Peer networks
- Classification of attacks against anonymization
- Metrics of utility, anonymization strength and information loss
- Anonymization / privacy-preserving algorithms
- Data injection and inference attacks
- Identification of sensitive fields and data
- Privacy-preserving Data Mining
- Statistical databases and protection of sensitive information
- Data mining multiple anonymized data sources
- Consistent pseudonym mappings in multi-party anonymization
- Identification of data sources and types useful to share for collaborative computer security
- Insights from industry and case studies
- Usability issues of current anonymization tools
For more information, please see
http://www.trustcomp.org/secoval/.
MMM–ACNS 2007
International Conference on Mathematical Methods, Models and Architectures
for Computer Networks Security,
St. Petersburg, Russia, September 16-18, 2007.
[posted here 12/4/06]
The First, Second and Third International Workshops "Mathematical Methods, Models
and Architectures for Computer Networks Security" organized in 2001, 2003 and
2005 were very successful. These workshops demonstrated the high interest of the
international scientific community to the theoretical aspects of the
computer network and information security and the need for conducting of such
workshops as on-going series. The proposed MMM-ACNS-2007 Conference is intended
as a next step in this series and will be focused on theoretical problems in the area
under consideration. Its objectives are to bring together leading researchers from
academia and governmental organizations as well as practitioners in the area of
computer networks and information security, facilitating personal interactions
and discussions on various aspects of information technologies in conjunction with
computer network and information security problems arising in large-scale computer
networks engaged in information storing, transmitting, and processing.
Papers may present theory, technique, and applications on topics including
but not restricted to:
- Adaptive security
- Authentication, Authorization and Access Control
- Computer and network forensics
- Covert channels
- Data and application security
- Data mining, machine learning, and bio-inspired approaches for security
- Deception systems and honeypots
- Denial-of-service attacks and countermeasures
- Digital Rights Management
- eCommerce, eBusiness and eGovernment Security
- Firewall Technologies
- Formal analysis of security properties
- Information warfare
- Internet and web security
- Intrusion detection and prevention
- Language-based security
- Network survivability
- New ideas and paradigms for security
- Operating system security
- Risk analysis and risk management
- Security and Privacy in Pervasive and Ubiquitous Computing
- Security for Grid Computing
- Security of emerging technologies (sensor, wireless/mobile, peer-to-peer and overlay networks)
- Security of autonomous agents and multi-agent systems
- Security modeling and simulation
- Security policies
- Security protocols
- Security verification
- Software protection
- Trust management
- Viruses, worms, and other malicious code
- Vulnerability assessment
For more information, please see
http://www.comsec.spb.ru/mmm-acns07/.
CHES 2007
9th Workshop on Cryptographic Hardware and Embedded Systems,
Vienna, Austria, September 10-13, 2007.
[posted here 12/18/06]
The focus of this workshop is on all aspects of cryptographic
hardware and security in embedded systems. The workshop is a forum
for new results from the research community as well as from the
industry. Of special interest are contributions that describe new
methods for secure and efficient hardware implementations, and
high-speed or leak-resistant software for embedded systems, e.g.
smart cards, microprocessors, DSPs, etc. The workshop helps to
bridge the gap between the cryptography research community and the
application areas of cryptography. Consequently, we encourage
submissions from academia, industry, and other organizations. All
submitted papers will be reviewed. The topics of CHES 2007
include but are not limited to:
- Computer architectures for public-key and secret-key cryptosystems
- Reconfigurable computing in cryptography \& FPGAs
- Cryptography for pervasive computing (RFID, sensor networks, etc.)
- Device identification
- Cryptography in wireless applications (mobile phone, LANs, etc.)
- Smart card attacks and architectures
- True and pseudo random number generators
- Embedded security
- Efficient algorithms for embedded processors
- Cryptographic processors and co-processors
- Nonclassical cryptographic technologies
- Security in commercial consumer applications such as pay-TV systems, automotive etc.
- Tamper resistance on the chip and board level
- Special-purpose hardware for cryptanalysis
- Side channel cryptanalysis
- Trusted computing platforms
For more information, please see
http://www.chesworkshop.org/.
RAID 2007
10th International Symposium on Recent Advances in Intrusion Detection,
Gold Coast, Queensland, Australia, September 5-7, 2007.
[posted here 1/8/07]
This symposium, the 10th in an annual series, brings together leading
researchers and practitioners from academia, government, and industry to
discuss issues and technologies related to intrusion detection and defense.
The Recent Advances in Intrusion Detection (RAID) International Symposium series
is intended to further advances in intrusion defense by promoting the exchange of
ideas in a broad range of topics. As in previous years, all topics related to
intrusion detection, prevention and defense systems and technologies are within
scope, including but not limited to the following:
- Intrusion detection and prevention techniques
- High-performance intrusion detection
- Intrusion detection in special environments (e.g., mobile networks)
- IDS cooperation and event correlation
- Formal models and analysis
- Attack response, countermeasures, and intrusion tolerance
- Survivability and self-protection
- Attacks against IDS and evasion
- Insider threat detection and mitigation
- Deception systems and honeypots
- Malicious code detection and containment
- Visualization techniques
- Intrusion detection assessment and benchmarking
- IDS interoperability standards and standardization
- Vulnerability analysis and risk assessment
- Legal and social issues
For more information, please see
http://www.isi.qut.edu.au/go/raid07.
SPatterns 2007
1st International Workshop on Secure Systems Methodologies Using Patterns,
Held in conjunction with the 4th International Conference on Trust, Privacy & Security in Digital Business (TrustBus 2007),
Regensburg, Germany, September 3-7, 2007.
[posted here 1/22/07]
Security patterns have arrived to a stage where there are a significant number
of them, two books about them have been published, and industry is starting to
accept and use them. Analysis and design patterns have been around for about
ten years and have found practical use in many projects. They have been
incorporated into several software development methodologies where less
experienced developers can use them to receive the advice and knowledge of
experts. The situation is not so clear for security patterns because
no accepted methodology exists for their use. This workshop focuses on
secure software methodologies. We seek papers describing individual security
patterns, new methodologies, new aspects of existing methodologies, pattern
languages to use in the methodologies, reference architectures, blueprints,
and related aspects. Experiences in applying the methodologies to real
situations are especially welcome.
For more information, please see
http://www-ifs.uni-regensburg.de/spattern07/.
TrustBus 2007
4th International Conference on Trust, Privacy & Security in Digital Business,
Held in conjunction with the 18th International Conference on Database and Expert Systems Applications (DEXA 2007),
Regensburg, Germany, September 3-7, 2007.
[posted here 12/4/06]
TrustBus’07 will bring together researchers from different disciplines,
developers, and users all interested in the critical success factors of digital
business systems. We are interested in papers, work-in-progress reports, and
industrial experiences describing advances in all areas of digital business
applications related to trust and privacy, including, but not limited to:
- Anonymity and pseudonymity in business transactions
- Business architectures and underlying infrastructures
- Common practice, legal and regulatory issues
- Cryptographic protocols
- Delivery technologies and scheduling protocols
- Design of businesses models with security requirements
- Economics of Information Systems Security
- Electronic cash, wallets and pay-per-view systems
- Enterprise management and consumer protection
- Identity and Trust Management
- Intellectual property and digital rights management
- Intrusion detection and information filtering
- Languages for description of services and contracts
- Management of privacy & confidentiality
- Models for access control and authentication
- Multimedia web services
- New cryptographic building-blocks for e-business applications
- Online transaction processing
- PKI & PMI
- Public administration, governmental services
- P2P transactions and scenarios
- Real-time Internet E-Services
- Reliability and security of content and data
- Reliable auction, e-procurement and negotiation technology
- Reputation in services provision
- Secure process integration and management
- Security and Privacy models for Pervasive Information Systems
- Security Policies
- Shopping, trading, and contract management tools
- Smartcard technology
- Transactional Models
- Trust and privacy issues in mobile commerce environments
- Usability of security technologies and services
For more information, please see
http://www.icsd.aegean.gr/trustbus07/.
WICS 2007
5th International Workshop on Internet Communications Security,
Held in conjunction with the International Conference on Database and Expert Systems Applications (DEXA 2007),
Regensburg, Germany, September 3-7, 2007.
[posted here 1/9/07]
With the advent of Web and its increasing dominant force in industry and
commerce, the Internet has become not only a communications means, but also
a key tool for businesses, research and social development. Nowadays it is
possible for us to file our tax report, buy books and CD's from a vendor in
another continent and even download multimedia content to out TV, thanks to
the use of those information networks. However, the more information is being
transmitted, the more probable is that we are interested in providing that
communication with some type of security (let it be confidentiality,
authenticity, non-repudiation, etc...) Furthermore, with the emergence of
new technologies and devices that are capable of getting access to the Internet,
we are also looking for solutions that allow these devices to secure the
information they transmit in a similar way that it is done with personal
computers. Original research papers on all technical aspects of Internet
security are solicited for submission to WICS 07. Topics of relevance
include but are not limited to:
- Authentication and authorization
- Intrusion detection and response
- Biometrics
- Key management
- Computer Forensics
- Mobile communications security
- Cryptography and its applications
- Network security
- Security Interoperability
- E-Commerce security
- Non repudiation
- Information Assurance
- Security protocols
- Intellectual property protection
- Security for emerging technologies
- Security in new generation technologies for the Internet: VoIP, contact-less smartcards, RFID, ...
For more information, please see
http://aspects.uc3m.es/wics07/.
SecCo 2007
5th International Workshop on Security Issues in Concurrency,
Lisboa, Portugal, September 3, 2007.
[posted here 4/2/07]
Emerging trends in concurrency theory require the definition of models and languages
adequate for the design and management of new classes of applications, mainly to
program either WANs (like Internet) or smaller networks of mobile and portable devices
(which support applications based on a dynamically reconfigurable communication structure).
Due to the openness of these systems, new critical aspects come into play, such as the
need to deal with malicious components or with a hostile environment. Current research
on network security issues (e.g. secrecy, authentication, etc.) usually focuses on
opening cryptographic point-to-point tunnels. Therefore, the proposed solutions in
this area are not always exploitable to support the end-to-end secure interaction
between entities whose availability or location is not known beforehand.
The aim of the workshop is to cover the gap between the security and the concurrency
communities. In particular, we look for papers dealing with security issues
(such as authentication, integrity, privacy, confidentiality, access control, denial
of service, service availability, safety aspects, fault tolerance, trust, language-based
security) in emerging fields like web services, mobile ad-hoc networks, agent-based infrastructures,
peer-to-peer systems, context-aware computing, global/ubiquitous/pervasive computing.
For more information, please see
http://www.dsi.uniroma1.it/~gorla/SecCo07/.
IAS 2007
3rd International Symposium on Information Assurance and Security,
Manchester, United Kingdom, August 29-31, 2007.
[posted here 12/18/06]
Information assurance and security has become an important research issue
in networked and distributed information sharing environments. Finding effective
ways to protect information systems, networks and sensitive data within the
critical information infrastructure is challenging even with the most advanced
technology and trained professionals. The International Symposium on Information
Assurance and Security aims to bring together researchers, practitioners,
developers, and policy makers involved in multiple disciplines of information
security and assurance to exchange ideas and to learn the latest development in
this important field. Previously unpublished work offering novel research and
application contributions in any aspect of information assurance, security and
privacy are solicited for submission to the IAS'07 symposium. Proposals for
workshops, panels and tutorials are also welcome. Topics of interest include,
but are not limited to, the following:
- Agent and Mobile Code Security
- Anonymity and User Privacy
- Authentication and Identity Management
- Authorization and Access Control
- Biometrics Security and Applications
- Computer Forensics
- Cryptographic Protocols
- Data Integrity and Privacy
- Database Security
- Denial of Service and Intrusion Detection
- Distributed System Security
- E-Commerce and E-Government Security
- Fraud Control
- Information Warfare and Cyber-terrorism
- Intellectual Property Protection
- Internet and Web Services Security
- Key Management and Recovery
- New Ideas and Paradigms for Security
- Operating System Security
- Secure Hardware and Smartcards
- Secure Software Technologies
- Security Education and Training
- Security Management and Strategy
- Security Models and Architectures
- Security Verification, Evaluations and Measurements
- Trust Negotiation, Establishment and Management
- Ubiquitous Computing Security
For more information, please see
http://www.ias07.org/.
WISA 2007
8th International Workshop on Information Security Applications,
Jeju Island, Korea, August 27-29, 2007.
[posted here 12/4/06]
The focus of the 8th International Workshop on Information Security Applications
(WISA 2007) is on all technical and practical aspects of cryptographic and
non-cryptographic security applications. The workshop will serve as a forum for
new results from the academic research community as well as from the industry.
The areas of interest include, but are not limited to:
- Internet & Wireless Security
- E-Commerce Protocols
- Access Control & Database Security
- Biometrics & Human Interface
- Network Security & Intrusion Detection
- Security & Trust Management
- Digital Rights Management
- Secure Software & Systems
- Information Hiding & Watermarking
- Information Security Management
- Computer Forensics & Cyber Indication
- Smart Cards & Secure Hardware
- Mobile & Application Security
- Privacy & Anonymity
- Public Key Crypto Applications
- Threats & Information Warfare
- Virus Protection & Applications
- Ubiquitous Computing Security
- Peer-to-Peer Security & Applications
For more information, please see
http://www.wisa.or.kr/.
WDFIA 2007
2nd Annual Workshop on Digital Forensics and Incident Analysis,
Samos, Greece, August 27-28, 2007.
[posted here 3/14/07]
The field of digital forensics is rapidly evolving and continues to gain significance
in both the law enforcement and the scientific community. The field is intrinsically
interdisciplinary, drawing upon fields such as information & communication technologies,
law, social sciences and business administration. The second workshop on digital
forensics and incident analysis, hosted by the University of the Aegean in the island
of Samos, aims to provide a forum for researchers and practitioners focusing on different
aspects of digital forensics and incident analysis to present original, unpublished
research results and innovative ideas. We welcome the submission of papers from the
full spectrum of issues relating to the theory and practice of digital forensics and
incident analysis. Areas of special interest include, but are not limited to:
- Digital forensics tools
- Forensic procedures
- Network forensics
- Network traffic analysis, traceback and attribution
- Legal, ethical and policy issues related to digital forensics
- Integrity of digital evidence and live investigations
- Multimedia analysis
- Incident response and investigation
- Portable electronic device forensics
- Data hiding and recovery
- Data mining and information discovery
- Digital evidence visualisation and communication
- Digital evidence storage and preservation
- Digital forensics case studies
For more information, please see
http://www.aegean.gr/wdfia07.
CRYPTO 2007
27th Annual International Cryptology Conference,
Santa Barbara, California, USA, August 19-23, 2OO7.
[posted here 1/15/07]
Original research papers on all technical aspects of cryptology are solicited
for submission to CRYPTO 2007, the Twenty-Seventh Annual International Cryptology
Conference. CRYPTO 2007 is sponsored by the International Association for Cryptologic
Research (IACR), in cooperation with the IEEE Computer Society Technical Committee on
Security and Privacy, and the Computer Science Department of the
University of California, Santa Barbara.
For more information, please see
http://www.iacr.org/conferences/crypto2007/.
DFRWS 2007
7th Annual Digital Forensic Research Workshop,
Pittsburgh, PA, USA, August 13-15, 2007.
[posted here 2/28/07]
DFRWS brings together leading researchers, developers, practitioners, and educators
interested in advancing the state of the art in digital forensics from around the world.
As the most established venue in the field, DFRWS is the preferred place to present
both cutting- edge research and perspectives on best practices for all aspects of
digital forensics. As an independent organization, we promote open community discussions
and disseminate the results of our work to the widest audience. We invite original contributions
as research papers (long and short), panel proposals, and demo proposals.
All papers are evaluated through a double-blind peer-review process, and those accepted
will be published in printed proceedings by Elsevier. Topics of Interest are:
- Incident response and live analysis
- Digital evidence storage and preservation
- Event reconstruction methods and tools
- File system and memory analysis
- Application analysis
- Network traffic analysis, traceback and attribution
- Embedded systems
- Mobile devices
- Large-scale investigations
- Data mining and information discovery
- Data hiding and recovery
- Multimedia analysis
- Tool testing and development
- Digital evidence and the law
- Case studies and trend reports
- Non-traditional approaches to forensic analysis
For more information, please see
http://www.dfrws.org/.
CNSS 2007
Computer and Network Security Symposium,
Held in conjunction with the International Wireless Communications & Mobile Computing Conference (IWCMC 2007),
Honolulu, Hawaii, USA, August 12-16, 2007.
[posted here 2/28/07]
The main objective of this symposium is to promote further research interests
and activities on computer and network security. It is also aimed at increasing the
synergy between academic and industrial researchers working in this area. We are
interested in theoretic, experimental, and systems-related papers in all aspects
of computer and network security.
Scope of the Computer and Network Security Symposium includes, but is not limited to:
- Novel and emerging secure architecture
- Cryptographic algorithms and applications
- Study of attack strategies, attack modeling
- Key management
- Intrusion detection techniques
- Intrusion response, alarm management, and correlation analysis
- Study of tradeoffs between security and system performance
- Intrusion tolerance systems
- Denial of service
- Distributed system security
- Wireless network security (WiFi, WiMAX, WiMedia and others)
- Sensor network security
- Mobile ad hoc network security
For more information, please see
http://www.cs.ndsu.nodak.edu/~xdu/CNSS_IWCMC07.htm.
PODC 2007
26th Annual ACM SIGACT-SIGOPS Symposium on the Principles of Distributed Computing,
Portland, Oregon, USA, August 12-15, 2007.
[posted here 1/8/07]
PODC 2007 solicits papers on all areas of distributed systems and networking.
We encourage submissions dealing with any aspect of distributed computing,
including theory and practice. The common goal is to shed light on the principles
of distributed computing. Topics of interest include the following
subjects in distributed systems:
- communication and synchronization protocols
- distributed algorithms, analysis, and complexity
- distributed operating systems, middleware platforms, and databases
- economical aspects of distributed computing and selfish agents
- experiments and performance measurements in distributed systems
- fault-tolerance, reliability, availability, and self organization
- high-performance, cluster, and grid computing
- internet, world wide web, and social networks
- location- and context-aware distributed systems
- mobile computing, mobile networks, and mobile agents
- multiprocessor and multi-core architectures and algorithms
- networking: architectures, services, routing, and applications
- peer-to-peer systems, overlay networks, and distributed data management
- security issues in distributed computing, and cryptographic protocols
- sensor, mesh, and ad hoc networks
- shared and transactional memory, and concurrent programming
- specification, semantics, verification, and testing of distributed systems
For more information, please see
http://www.podc.org/podc2007.
USENIX-SECURITY 2007
16th USENIX Security Symposium,
Boston, MA, USA, August 6–10, 2007.
[posted here 10/2/06]
The USENIX Security Symposium brings together researchers, practitioners,
system administrators, system programmers, and others interested in the
latest advances in the security of computer systems and networks.
All researchers are encouraged to submit papers covering novel and scientifically
significant practical works in security or applied cryptography.
Refereed paper submissions are solicited in all areas relating to systems
and network security, including:
- Adaptive security and system management
- Analysis of network and security protocols
- Applications of cryptographic techniques
- Attacks against networks and machines
- Authentication and authorization of users, systems, and applications
- Automated tools for source code analysis
- Cryptographic implementation analysis and construction
- Denial-of-service attacks and countermeasures
- File and filesystem security
- Firewall technologies
- Forensics and diagnostics for security
- Intrusion and anomaly detection and prevention
- Malicious code analysis
- Network infrastructure security
- Operating system security
- Privacy-preserving (and compromising) systems
- Public key infrastructure
- Rights management and copyright protection
- Security architectures
- Security in heterogeneous and large-scale environments
- Security of agents and mobile code
- Security policy
- Self-protecting and healing systems
- Techniques for developing secure systems
- Technologies for trustworthy computing
- Voting systems analysis and security
- Wireless and pervasive/ubiquitous computing security
- World Wide Web security
For more information, please see
http://www.usenix.org/events/sec07/.
EVT 2007
2007 USENIX/ACCURATE Electronic Voting Technology Workshop,
Held in conjunction with the the 16th USENIX Security Symposium (USENIX-Security 2007),
Boston, Massachusetts, USA, August 6, 2007.
[posted here 3/26/07]
In the United States and many other countries, most votes are counted and transported
electronically, but the practical and policy implications of introducing electronic
machines into the voting process are emerging in this new area. Both voting
technology and its regulations are very much in flux, with open concerns including
reliability, robustness, security, human factors, transparency, equality, privacy,
and accessibility. The USENIX/ACCURATE Electronic Voting Technology (EVT) workshop
seeks to bring together researchers from a variety of disciplines, ranging from
computer science and human factors experts through political scientists, legal experts,
election administrators, and voting equipment vendors. EVT will consider papers covering
the gamut of technology as it is used in elections, ranging from voter registration
and vote collection through tabulation and post-election auditing. We are interested
in both future technologies and systems widely used today around the world.
In particular, we welcome papers considering:
- Design and analysis of electronic voting schemes and protocols
- Deployment and lifecycle concerns
- Mitigating threats (including insider threats)
- Usability and accessibility (both for voters and for administrators)
- Legal issues, including how voting systems must comply with the ADA and HAVA or the
effect of intellectual property rights and nondisclosure agreements on voting system
testing, certification, and deployment
- The technology standards process and how it should evolve
For more information, please see
http://www.usenix.org/evt07/cfpa.
IFIPTM 2007
Joint iTrust and PST Conferences on Privacy, Trust Management and Security,
Moncton, New Brunswick, Canada, July 30 - August 2, 2007.
[posted here 1/18/07]
In 2007, the iTrust and PST conferences will join together to provide a truly global
platform for the reporting of research, development, policy and practice in the
interdependent areas of Privacy, Security, and Trust.
Topics of interest for iTrust-PST 2007 include, but are not limited to:
- Privacy Preserving/Enhancing Technologies
- Critical Infrastructure Protection
- Network and Wireless Security
- Operating Systems Security
- Public Safety and Emergency Management
- Intrusion Detection Systems and Technologies
- Secure Software Development and Architecture
- Representations and formalizations of Trust in electronic and physical social systems
- PST challenges in e-services, e.g. e-Health, e-Government, e-Banking, e-Commerce, and e-Marketing
- Information filtering, recommendation, reputation and delivery technologies, spam handling technologies
- Trust technologies, technologies for building trust in e-Business Strategy
- Observations of PST in practice, society, policy and legislation
- Digital Rights Management
- Human Computer Interaction and PST
- Implications of, and technologies for, Lawful Surveillance
- Biometrics, National ID cards, identity theft
- PST in services computing
- Privacy, traceability, and anonymity
- Obligation Systems
- Trust and reputation in self-organizing environments
- Anonymity and privacy vs. accountability
- Access control and capability delegation
- The legal notion of trust in computer science and engineering
- Requirements and methodologies to ensure that the user can reasonably trust the functioning of software systems
- Trust management frameworks for secure collaborations in dynamic Virtual Organizations
- Design of trust-based architectures and decision-making mechanisms for e-community and e-service interactions
- Trust specification, analysis and reasoning
- Dynamics of trust dispositions and relations
- Realization of prototypes of software architectures and applications
- Trust elements in contract negotiation, execution monitoring, re-negotiation and arbitration
- Trust in interaction and cooperation mediated through computer and network, and the balance of control and intervention
- Research in on-line trust, the trust of the consumer towards the web sites of distribution companies
- Analysis of the relationship between trust and such notions as Confidence, distrust, diffidence, expectation, risk, and reliance
For more information, please see
http://pstnet.unb.ca/itrust-pst2007.
SECRYPT 2007
International Conference on Security and Cryptography,
Barcelona, Spain, July 28-31, 2007.
[posted here 12/18/06]
The purpose of SECRYPT 2007 the International Conference on Security and Cryptography
is to bring together researchers, mathematicians, engineers and practitioners interested
on security aspects related to information and communication. Theoretical and practical
advances in the fields of cryptography and coding are a key factor in the growth of
data communications, data networks and distributed computing. In addition to the
mathematical theory and practice of cryptography and coding, SECRYPT also focus on
other aspects of information systems and network security, including applications
in the scope of the knowledge society in general and information systems development
in particular, especially in the context of e-business, internet and global
enterprises. Papers describing original work are invited in any of
the areas listed below:
- Access Control and Intrusion Detection
- Network Security and Protocols
- Cryptographic Techniques and Key Management
- Information Assurance
- Security in Information Systems
For more information, please see
http://www.secrypt.org.
IWSSE 2007
1st IEEE International Workshop on Security in Software Engineering,
Held in conjunction with the 31st Annual International Computer Software and Applications Conference (COMPSAC 2007),
Beijing, China, July 24-27, 2OO7.
[posted here 1/8/07]
The ever growing demand in software security has made it a well recognized
multi-disciplinary sub-area across software engineering, security engineering,
and programming languages. Software security has thus become a fundamental problem
in software engineering, as it mainly focuses on developing secure software and
understanding the security risks and managing these risks throughout the
lifecycle of software. The purpose of the workshop is to bring together researchers
and practitioners in software and application security in order to create a forum
for discussing recent advances in improving security in software engineering and
inspiring research on new methods and techniques to advance security engineering in
industrial practice. Researchers and practitioners worldwide are invited to present
their research expertise and experience, and discuss the issues and challenges in
security from software engineering perspective. Submissions are invited of quality
papers in the following non-exhaustive list of topics:
- Management of software security in industrial practice
- Security requirements and policies
- Abuse cases and threat modeling
- Architecture and design for security
- Model-based security
- Language-based security
- Malicious code prevention and code safety
- Security risk analysis
- Security taxonomy and metrics
- Testing for security
- Application security: detection and protection
- Software piracy and protection
For more information, please see
http://conferences.computer.org/compsac/2007/workshops/IWSSE.html.
SecPerU 2007
3rd International Workshop on Security, Privacy and Trust in Pervasive and Ubiquitous Computing,
Held in conjunction with the EEE International Conference on Pervasive Services (ICPS 2007),
Istanbul, Turkey, July 20, 2007.
[posted here 2/19/07]
Ambient assisted living concept is envisioned through a new paradigm of
interaction inspired by constant provision to information and computational
resources. This provision will be enabled through invisible devices that offer
distributed computing power and spontaneous connectivity. A nomad traversing
residential, working, and advertising environments will seamlessly and constantly be
served by small mobile devices like portables, handheld, embedded or wearable computers.
This paradigm of leaving and interacting introduces new security, trust and privacy
risks. Thus, methods and technology to support confidence in this concept are revisited.
The objectives of the SecPerU2007 Workshop are to develop new security, privacy and
trust concepts for complex application scenarios based on systems like handhelds, phones,
smart cards, sensors, actuators and RF tags, with the emerging technology of ubiquitous
and pervasive computing. We welcome the submission of papers from the full spectrum of
issues related with security, privacy and trust in pervasive and ubiquitous computing.
Papers may focus o
