Cipher
Calls for Papers



IEEE Computer Society's Technical Committee on Security and Privacy


 

Past Conferences and Journal Special Issues

Last Modified:01/02/12

Note: Please contact cipher-cfp@ieee-security.org by email if you have any questions..

Contents

Past journals announcements

Past conferences and other announcements

 
       

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

2003

2002

2001

2000

1999

1998

1997

 

Past Conferences and Other Announcements - 2011

CoSec 2011 3rd IEEE Workshop on Collaborative Security Technologies, Bangalore, India, December 12, 2011. [posted here 09/12/11]
The severity of attacks on networks and critical infrastructures are on the rise over recent years and seem to continue to do so. Surprisingly at times, many of the attacks can be individually simple yet highly damaging due to their large-scale co-ordination and polymorphic replication with continuous self-upgradation using a mix of peer-to-peer and command-and-control architectures. Conventional approaches of single-hosted security defensives are becoming increasingly less effective in the face of such sophisticated and co-ordinated multi-front attacks using bot-nets of compromised always-on, always-connected computers. In contrast, a distributed defense pattern shows promise both in terms of manageability, reduced operating costs and architectural simplicity. This broad area of defense using Collaborative Security technologies works on the principles of sharing (1) information and knowledge for accelerating detection of and response to new attacks and threats; and (2) resources for increasing the efficiency and reducing resource consumption. The 3rd International workshop on Collaborative Security Technologies aims to bring to the forefront innovative approaches that involve the use of collaborative methods for security and privacy. The central theme of this workshop is to focus attention on the collaborative and intelligent approaches towards design of security systems so as to make them more robust and reliable.

For more information, please see http://www.imsaa.org/.

WICT-NDF 2011 World Congress on Information and Communication Technologies, Intrusion Detection and Forensics, Mumbai, India, December 11-14, 2011. [posted here 05/30/11]
Authors are invited to submit original papers containing cutting edge research, novel research vision or work-in-progress in any area of intrusion detection and forensics. All accepted papers will be published in the conference proceedings by IEEE. The track will cover a wide range of topics. Topics of interest include but are not limited to:
- Host and Network based approaches
- Anomaly and specification-based approaches
- Lightweight, data mining and soft computing approaches
- Hybrid Approaches to information discovery and intrusion detection
- Formal Models, Framework and Architectures
- Botnets and vulnerabilities
- Malware, Worm, Virus and Spyware
- Insider attack detection and investigation
- High Performance and Real-Time Environments, including large-scale, high data volume/ high-Speed networks.
- Highly distributed and heterogeneous environments
- Embedded system and small scale environments
- Special environments, including wireless, mobile, sensor networks and smart grid
- Virtual and Cloud Environments
- Social network analysis
- Deception systems and honeypots
- Incident response and live analysis
- Traceback and attribution
- Event reconstruction methods and tools
- Attacks against IDS, IDS protection and tolerance
- Anti-forensics and anti-anti-forensics
- Visualization Techniques
- Performance evaluation, metrics and benchmarking
- Commercial products and their directions
- Test Beds and Datasets

For more information, please see http://www.mirlabs.org/wict11/index.php-c=main&a=show&id=34.htm.

CANS 2011 10th International Conference on Cryptology and Network Security, Sanya, China, December 10-12, 2011. [posted here 06/20/11]
TCANS 2011 welcomes research results on all aspects of applied cryptography and network security. Although papers that blend these two areas are preferred, results within applied cryptography or network security are also of interest. Topics of interest include but are not limited to:
- Access Control
- Anonymity and Pseudonymity and Untraceability
- Authentication and Identification
- Biometrics
- Block and Stream Ciphers
- Cryptographic Algorithms, Protocols and Schemes
- Denial of Service: Attacks and Countermeasures
- Digital Rights Management
- Hash Functions
- Information Hiding and Watermarking
- Internet Security
- Intrusion Detection and Prevention
- Key management
- Peer-to-Peer Security
- Phishing, Spam and Fraud Countermeasures
- PKI-s, Identity and Trust Management
- Public-Key Cryptography
- Secure Hardware
- Security Modeling and Architectures
- Spyware Analysis and Detection
- Wireless, Ad Hoc, Mobile, Cellular and Sensor Network Security

For more information, please see http://www.infosec.sdu.edu.cn/cans2011/cfp.html.

WPLS 2011 Workshop on Physical Layer Security, Held in conjunction with the IEEE Globecom Conference 2011, Houston, Texas, USA, December 9, 2011. [posted here 06/07/11]
There has been a growing interest in recent times in using resources at the Physical Layer for designing novel security techniques that compliment existing cryptographic methods. Such solutions often exploit the unique characteristics of wireless channels in defeating both active and passive adversaries. The Physical–Layer Security Workshop aims to bring together researchers working on various aspects of Physical layer security to present their latest research activity. Prospective Authors are encouraged to submit unpublished contributions in physical-layer security including (but not limited to) the following topics:
- Code design for wiretap channels
- Alignment and structured codes for wiretap channels
- Secrecy capacity of multipath, fading, MIMO channels
- Effects of channel state information on secure communications
- Cooperative secure communications
- Secret key agreement and distillation
- Secret key capacity of wireless channels
- Integration of physical-layer security into wireless systems
- Practical and implementation issues
- Game theoretic Models for PHY-Security

For more information, please see http://www.comm.utoronto.ca/~akhisti/GlobecomWorkshop/.

ACSAC 2011 27th Annual Computer Security Applications Conference, Orlando, Florida, USA, December 5-9, 2011. [posted here 04/25/11]
ACSAC is an internationally recognized forum where practitioners, researchers, and developers in information system security meet to learn and to exchange practical ideas and experiences. If you are developing practical solutions to problems relating to protecting commercial enterprises' or countries' information infrastructures, consider submitting your work to the Annual Computer Security Applications Conference. We are especially interested in submissions that address the application of security technology, the implementation of systems, and lessons learned. Some example topics are:
- Access control
- Assurance
- Audit and audit reduction
- Biometrics
- Boundary control devices
- Certification and accreditation
- Database security
- Denial of service protection
- Distributed systems security
- Electronic commerce security
- Enterprise security management
- Forensics
- Identity management
- Incident response planning
- Insider threat protection
- Integrity
- Intellectual property rights protection
- Intrusion detection and prevention
- Malware
- Mobile and wireless security
- Multimedia security
- Network resiliency
- Operating systems security
- Peer-to-peer security
- Privacy and data protection
- Privilege management
- Product evaluation criteria and compliance
- Risk/vulnerability assessment
- Securing cloud infrastructures
- Security engineering and management
- Security in service oriented architectures
- Security usability
- Software security
- Supply chain risk management
- Trust management
- Virtualization security
- VoIP security
- Web 2.0/3.0 security

For more information, please see http://www.acsac.org/.

WIFS 2011 IEEE Workshop on Information Forensics and Security, Foz do Iguaçu, Brazil, November 29 – December 2, 2011. [posted here 04/11/11]
The IEEE International Workshop on Information Forensics and Security (WIFS) is the primary annual event organized by the IEEE’s Information Forensics and Security Technical Committee (IEEE IFS TC). WIFS is a venue for knowledge exchange that encompasses a broad range of disciplines and facilitates the exchange of ideas between various disparate communities that constitute information security. With this focus, we hope that researchers will identify new opportunities for collaboration across disciplines and gain new perspectives. The conference will feature prominent keynote speakers, tutorials, and lecture sessions. Appropriate topics of interest include, but are not limited to:
- Computer security: intrusion detection, vulnerability analysis, cloud security
- Biometrics: emerging modalities, fuzzy extractors, attacks and countermeasures
- Cryptography for multimedia content: multimedia encryption, signal processing in the encrypted domain, traitor tracing codes
- Data hiding: watermarking, steganography and steganalysis
- Content Protection: conditional access, digital rights management (secure clocks, proximity detection, DRM architectures, DRM interoperability)
- Hardware Security: Identification, PUFS, Anti-counterfeiting
- Forensics Analysis: device identification, data recovery, processing history recovery, validation of forensic evidence
- Network Security: traffic monitoring, intrusion detection, incident response, network tomography, surveillance and traceback
- Usable Security, and usability aspects of security
- Information Theoretical Security
- Privacy: legal, ethical, social, and economical issues, anonymity, social network obfuscation
- (Video) Surveillance: arrays of sensors design and analysis, content tracking, events recognition, large crowd behavior analysis
- Secure Applications: e-Voting, e-Commerce, IPTV, VOD, VoIP, Medical

For more information, please see http://www.wifs11.org.

INTRUST 2011 International Conference on Trusted Systems, Beijing, China, November 27-29, 2011. [posted here 06/20/11]
Building on the success of INTRUST 2009 and INTRUST 2010 (both were held in Beijing, P. R. China), this conference focuses on the theory, technologies and applications of trusted systems. It is devoted to all aspects of trusted computing systems, including trusted modules, platforms, networks, services and applications, from their fundamental features and functionalities to design principles, architecture and implementation technologies. The goal of the conference is to bring academic and industrial researchers, designers, and implementers together with end-users of trusted systems, in order to foster the exchange of ideas in this challenging and fruitful area. INTRUST 2011 solicits original papers on any aspect of the theory, advanced development and applications of trusted computing, trustworthy systems and general trust issues in modern computing systems. The conference will have an academic track and an industrial track. This call for papers is for contributions to both of the tracks. Submissions to the academic track should emphasize theoretical and practical research contributions to general trusted system technologies, while submissions to the industrial track may focus on experiences in the implementation and deployment of real-world systems. Topics of relevance include but are not limited to:
- Fundamental features and functionalities of trusted systems
- Primitives and mechanisms for building a chain of trust
- Design principles and architectures of trusted modules and platforms
- Implementation technologies for trusted modules and platforms
- Cryptographic aspects of trusted systems, including cryptographic algorithms and protocols, and their implementation and application in trusted systems
- Scalable safe network operation in trusted systems
- Mobile trusted systems, such as trusted mobile platforms, sensor networks, mobile (ad hoc) networks, peer-to-peer networks, Bluetooth, etc.
- Storage aspects for trusted systems
- Applications of trusted systems, e.g. trusted email, web services and various e-commerce services
- Trustworthy infrastructures and services for cloud computing
- Trusted intellectual property protection: metering, watermarking, digital rights management and enterprise rights management
- Software protection for trusted systems
- Hardware security for trusted systems
- Authentication and access control for trusted systems
- Key, identity and certificate management for trusted systems
- Privacy aspects for trusted systems
- Attestation aspects for trusted systems, including the measurement and verification of the behaviour of trusted systems
- Standards organizations and their contributions to trusted systems, such as TCG, ISO/IEC, IEEE 802.11, etc.
- Emerging technologies for trusted systems, such as RFID, memory spots, smart cards, etc.
- Trust metrics and robust trust inference in distributed systems
- Usability and reliability aspects for trusted systems
- Trust modeling, economic analysis and protocol design for rational and malicious adversaries
- Virtualisation for trusted systems
- Limitations of trusted systems
- Security analysis of trusted systems, including formal method proofs, provable security and automated analysis
- Security policies for, and management of, trusted systems
- Intrusion resilience and revocation aspects for trusted systems
- Scalability aspects of trusted systems
- Compatibility aspects of trusted systems
- Experiences in building real-world trusted systems
- Socio-economic aspects of trusted systems

For more information, please see http://www.onets.com.cn/intrust11.

TrustCom 2011 10th IEEE International Conference on Trust, Security and Privacy in Computing and Communications, Changsha, China, November 16-18, 2011. [posted here 03/07/11]
With rapid development and increasing complexity of computer and communications systems and networks, user requirements for trust, security and privacy are becoming more and more demanding. However, there is a grand challenge that traditional security technologies and measures may not meet user requirements in open, dynamic, heterogeneous, mobile, wireless, and distributed computing environments. Therefore, we need to build systems and networks in which various applications allow users to enjoy more comprehensive services while preserving trust, security and privacy at the same time. As useful and innovative technologies, trusted computing and communications are attracting researchers with more and more attention. IEEE TrustCom-11 is an international conference for presenting and discussing emerging ideas and trends in trusted computing and communications in computer systems and networks from both the research community as well as the industry.

For more information, please see http://trust.csu.edu.cn/conference/trustcom2011.

TSCloud 2011 1st IEEE International Workshop on Trust and Security in Cloud Computing, Changsha, China, November 16, 2011. [posted here 05/23/11]
The TSCloud workshop tries to bring together researchers with an interest in theoretical foundations and practical approaches to trust and security in cloud computing. The emphasis is on high-impact, novel/adopted theories and paradigms that address mathematical and logical underpinnings in trust and security in cloud computing, e.g. encryption, obfuscation, virtualisation security, governance, accountability, etc. Topics of interest include, but are not limited to:
- Malware detection in cloud computing
- Cryptography and encryption techniques for cloud computing
- Data obfuscation for cloud computing
- Accountability in cloud computing
- Security in virtualised environments
- Governance, regulation and compliance in cloud computing
- Data analytics for security in cloud computing
- Visualization for security in cloud computing
- Cloud computing threat detection techniques
- Trust in cloud services
- Trust reputation systems for cloud computing
- Reports on critical, real-life security and trust use cases in cloud computing
- Secure and trusted workflows in cloud computing
- Position papers on issues in security and trust in cloud computing

For more information, please see http://tscloud.org.

IWSEC 2011 6th International Workshop on Security, Tokyo, Japan, November 8-10, 2011. [posted here 02/07/11]
Original papers on the research and development of various security topics are solicited for submission to IWSEC 2011. Topics of interest for IWSEC 2011 include but are not limited to:
- Foundations of Security
- Security in Networks and Ubiquitous Computing Systems
- Security in Real Life Applications

For more information, please see http://www.iwsec.org/2011/index.html.

eCrime Researchers Summit 2011 6th IEEE eCrime Researchers Summit, Held in conjunction with the 2011 APWG General Meeting, San Diego, CA, USA, November 7-9, 2011. [posted here 05/23/11]
eCRS 2011 will bring together academic researchers, security practitioners, and law enforcement to discuss all aspects of electronic crime and ways to combat it, Topics of interests include (but are not limited to):
- Phishing, rogue-AV, pharming, click-fraud, crimeware, extortion and emerging attacks
- Technical, legal, political, social and psychological aspects of fraud and fraud prevention
- Malware, botnets, ecriminal/phishing gangs and collaboration, or money laundering
- Techniques to assess the risks and yields of attacks and the success rates of countermeasures
- Delivery techniques, including spam, voice mail and rank manipulation; and countermeasures
- Spoofing of different types, and applications to fraud
- Techniques to avoid detection, tracking and takedown; and ways to block such techniques
- Honeypot design, data mining, and forensic aspects of fraud prevention
- Design and evaluation of user interfaces in the context of fraud and network security
- Best practices related to digital forensics tools and techniques, investigative procedures, and evidence acquisition, handling and preservation

For more information, please see http://ecrimeresearch.org.

Q2SWinet 2011 7th Symposium on QoS and Security for Wireless Mobile Networks, Miami Beach, Florida, USA, October 31- November 4, 2011. [posted here 04/11/11]
In recent years, wireless and mobile communication systems have become increasingly popular as an inexpensive and promising means for ubiquitous communications. In this scenario, the QoS provisioning and the management of network security have become crucial tasks to determine the success of future generation wireless mobile networks. Q2SWinet 2011 calls for cutting-edge research achievements on the provisioning of QoS and Security in wireless and mobile networks. Authors are encouraged to submit full papers presenting new research related to theory or practice of all aspects of Quality of Service and Security issues in mobile and wireless systems. Topics include:
- Security in Wireless MANETs, VANETs, Sensor, Mesh and PCS Networks
- Secure PHY, MAC and Routing Protocols
- Secure Cooperation-Based Systems and Services
- Security for Cognitive Radio Networks
- Intrusion Detection in Wireless Ad hoc and Sensor Networks
- Privacy, anonymity and authentication
- Trust Establishment
- Cooperation and Prevention of Non-cooperative Behavior
- Incentive Aware Secure Protocol Design
- QoS for Wireless Multimedia Networks and Systems
- QoS for Wireless/Wired Hybrid Systems
- QoS support and Mobility Management in Wireless Internet
- QoS-Aware Routing for Wireless Networks
- QoS Metrics
- Wireless Network Survivability
- Wireless Systems Reliability
- Field operating tests, Performance Modeling and Simulation Techniques
- Real-time and QoS-aware Wireless Networks

For more information, please see http://q2swinet2011.prism.uvsq.fr/.

SAFECONFIG 2011 4th Symposium on Configuration Analytics and Automation, Arlington, VA, USA, October 31 - November 1, 2011. [posted here 09/12/11]
A typical enterprise network might have hundreds of security appliances such as firewalls, IPSec gateways, IDS/IPS, authentication servers, authorization/RBAC servers and crypto systems. An enterprise network may also have other non-security devices such as routers, name servers, protocol gateways, etc. These must be logically integrated into a security architecture satisfying security goals at and across multiple networks. Logical integration is accomplished by consistently setting thousands of configuration variables and rules on the devices. The configuration must be constantly adapted to optimize protection and block prospective attacks. The configuration must be tuned to balance security with usability. These challenges are compounded by the deployment of mobile devices and ad hoc networks. The resulting security configuration complexity places a heavy burden on both regular users and experienced administrators and dramatically reduces overall network assurability and usability. This workshop will bring together academic as well as industry researchers to exchange experiences, discuss challenges and propose solutions for offering assurable and usable security.

For more information, please see http://www.safeconfig.org/.

Nordsec 2011 16th Nordic Workshop on Secure IT-Systems, Tallinn, Estonia, October 26-28, 2011. [posted here 06/07/11]
The conference welcomes contributions in the form of papers, short papers, and posters. Since 1996, the NordSec conferences have brought together computer security researchers and practitioners from around the world, and particularly from the Nordic countries and Northern Europe. The conference focuses on applied IT security and is intended to encourage interaction between academic and industrial research. Student papers and posters are particularly encouraged. Submissions reporting industrial or governmental experiences are also encouraged and will be given special consideration. Contributions should reflect original research, developments, studies and practical experience within all areas of IT security. With the theme "IT Security in Governance", this year's conference will emphasize policies, strategies and technologies related to the security and sustainability of processes executed by heterogeneous organizations, departments or organizational clusters of all sizes. NordSec 2011 also welcomes contributions over a broad range of topics in IT security, including, but not limited to, the following areas:
- Applied cryptography
- Commercial security policies and their enforcement
- Communication and network security
- Computer crime and information warfare
- Hardware and smart card applications
- Internet and web security
- Intrusion detection
- Language-based techniques for security
- New ideas and paradigms in security
- Operating system security
- Privacy and anonymity
- Security education and training
- Security evaluation and measurement
- Security management and audit
- Security modeling and metrics
- Access control and security models
- Security protocols
- Social engineering and phishing
- Security usability
- Economics, law and social aspects of security
- Software security and malware
- Trust and identity management

For more information, please see http://nordsec2011.cyber.ee.

DSPSR 2011 1st IEEE/IFIP EUC Workshop on Data Management, Security and Privacy in Sensor Networks and RFID, Held in conjunction with the 9th IEEE/IFIP International Conference on Embedded and Ubiquitous Computing (EUC 2011), Melbourne, Australia, October 24-26, 2011. [posted here 05/23/11]
As the real world deployment of wireless sensor networks and RFID systems becomes increasingly common place, the issues of data management, security and privacy of these systems need to be addressed. Sensor networks and RFID make possible innovative applications in important areas such as healthcare, homeland security, early warning systems, emergency response and other time and/or life critical situations. These applications demand that the management of data, the security of these systems from a network and application perspective as well as the privacy of these systems from a user and data perspective are efficient and can be guaranteed. Hence the main motivation for this workshop is to bring together researchers and practitioners working on related areas in wireless sensor networks and RFID to present current research advances. The aim of the workshop is to provide a platform for the discussion of the major research challenges and achievements on the following topics of interest but not limited to:
- Data Fusion and Aggregation
- Information discovery and query processing
- Network Scheduling
- Distributed Information Processing
- Remote reprogramming
- Intrusion detection and response
- Privacy preserving techniques
- Network Resilience and Recovery
- Vulnerability and Cryptanalysis
- Lightweight Cryptography for sensors and RFID
- Security Standards, Frameworks and Protocols
- Security in mobile sensor and RFID systems
- Trust management and related frameworks
- Security policy and management
- Key management techniques
- Security Issues in specific application contexts (e.g., healthcare, military, supply chains)

For more information, please see http://www.deakin.edu.au/~rchell/DSPSR2011.html.

DRM 2011 11th ACM Workshop on Digital Rights Management, Held in conjunction with the ACM CCS 2011, Chicago, IL, USA, October 21, 2011. [posted here 06/06/11]
The ACM Workshop on Digital Rights Management is an international forum that serves as an interdisplinary bridge between areas that can be applied to solving the problem of Intellectual Property protection of digital content. These include: cryptography, software and computer systems design, trusted computing, information and signal processing, intellectual property law, policy-making, as well as business analysis and economics. Its purpose is to bring together researchers from the above fields for a full day of formal talks and informal discussions, covering new results that will spur new investigations regarding the foundations and practices of DRM. Topics of interest include but are not limited to:
- Content identification including digital watermarking and fingerprinting
- Anonymous publishing
- Privacy and DRM
- Architectures for DRM systems
- Security issues, including authorization
- Supporting cryptographic technology including traitor tracing, broadcast encryption
- Software tamper resistance, obfuscation, plagiarism detection
- Trusted computing, attestation, hardware support for DRM
- Usability aspects of DRM systems
- Attacks against DRM systems
- Web services related to DRM systems
- Implementations and case studies
- Regulatory authority for DRM, interoperability
- IP protection
- Business models for online content distribution, risk management
- Copyright-law issues, including but not limited to fair use
- Digital policy management
- DRM and consumer rights, labeling and competition law

For more information, please see http://drm11.cased.de/.

CCSW 2011 ACM Cloud Computing Security Workshop, Held in conjunction with the ACM CCS 2011, Chicago, IL, USA, October 21, 2011. [posted here 04/25/11]
Notwithstanding the latest buzzword (grid, cloud, utility computing, SaaS, etc.), large-scale computing and cloud-like infrastructures are here to stay. How exactly they will look like tomorrow is still for the markets to decide, yet one thing is certain: clouds bring with them new untested deployment and associated adversarial models and vulnerabilities. CCSW aims to bring together researchers and practitioners in all security aspects of cloud-centric and outsourced computing, including (but not limited to):
- practical cryptographic protocols for cloud security
- secure cloud resource virtualization mechanisms
- secure data management outsourcing (e.g., database as a service)
- practical privacy and integrity mechanisms for outsourcing
- foundations of cloud-centric threat models
- secure computation outsourcing
- remote attestation mechanisms in clouds
- sandboxing and VM-based enforcements
- trust and policy management in clouds
- secure identity management mechanisms
- new cloud-aware web service security paradigms and mechanisms
- cloud-centric regulatory compliance issues and mechanisms
- business and security risk models and clouds
- cost and usability models and their interaction with security in clouds
- scalability of security in global-size clouds
- trusted computing technology and clouds
- binary analysis of software for remote attestation and cloud protection
- network security (DOS, IDS etc.) mechanisms for cloud contexts
- security for emerging cloud programming models
- energy/cost/efficiency of security in clouds

For more information, please see http://crypto.cs.stonybrook.edu/ccsw11.

AISec 2011 4th Workshop on Artificial Intelligence and Security, Held in conjunction with ACM CCS 2011, Chicago, IL, USA, October 21, 2011. [posted here 05/09/11]
We invite original research papers describing the use of AI or Machine Learning in security and privacy problems. We also invite position papers discussing the role of AI or Machine Learning in security and privacy. Submitted papers may not substantially overlap papers that have been published or that are simultaneously submitted to a journal or conference with proceedings. Topics of interest include, but are not limited to:
- Adversarial Learning
- Robust Statistics
- Online Learning
- Spam detection
- Botnet detection
- Intrusion detection
- Malware identification
- Privacy-preserving data mining
- Design and analysis of CAPTCHAs
- Phishing detection and prevention
- AI approaches to trust and reputation
- Vulnerability testing through intelligent probing (e.g. fuzzing)
- Content-driven security policy management & access control
- Techniques and methods for generating training and test sets
- Anomalous behavior detection (e.g. for the purposes of fraud prevention, authentication)

For more information, please see http://tsig.fujitsulabs.com/~aisec2011/.

InfoSecHiComNet 2011 International Conference on Security Aspects in Information Technology, High-Performance Computing and Networking, Haldia, Purba Medinipur, West Bengal, India, October 19-22, 2011. [posted here 06/06/11]
The International Conference on Security Aspects in Information Technology, High-Performance Computing and Networking (InfoSecHiComNet 2011) focuses in disseminating the latest research results in all technical and practical aspects of cryptography and security and the impact on security in the developments of the related areas of high performance computing and networks. It consists of the following three tracks: Cryptography, Security Aspects in High-Performance Computing, and Security Aspects in Networks. The conference solicits original technical papers, not previously published and not currently under review for publication elsewhere.

For more information, please see http://infosechicomnet2011.hithaldia.in.

SecIoT 2011 2nd Workshop on the Security of the Internet of Things, Held in conjunction with IEEE iThings 2011, Dalian, China, October 19, 2011. [posted here 05/23/11]
While there are many definitions of the Internet of Things (IoT), all of them revolve around the same central concept: a world-wide network of interconnected objects. These objects will make use of multiple technological building blocks, such as wireless communication, sensors, actuators, and RFID, in order to allow people and things to be connected anytime anyplace, with anything and anyone. However, mainly due to the inherent heterogeneity of this vision and its broad scope, there will not be a single silver bullet security solution that will fulfill all the security requirements of the IoT. Therefore: How we can include security as a core element of the IoT? How the IoT will interact with other security mechanisms of the Future Internet? What security requirements will be truly challenged by the ultimate vision of the IoT? It is precisely the goal of this workshop to bring together researchers and industry experts in areas relevant to the security of the Internet of Things to discuss these and other significant issues. Moreover, this workshop also has the objective to serve as a forum for not only presenting cutting-edge research, but also for debating the role of security and its practical implications in the development of the IoT. Topics of interest for the workshop include the following:
- New security problems in the context of the IoT
- Privacy risks and data management problems
- Identifying, authenticating, and authorizing entities
- Development of trust frameworks for secure collaboration
- New cryptographic primitives for constrained "things"
- Connecting heterogeneous ecosystems and technologies
- Legal Challenges and Governance Issues
- Resilience to external and internal attacks
- Context-Aware Security
- Providing protection to an IP-connected IoT
- Web services security and other application-layer issues
- Distributed policy enforcement and rights management
- Usability of Security and Privacy Technologies in the context of the IoT

For more information, please see http://www.isac.uma.es/seciot11.

STC 2011 6th ACM Workshop on Scalable Trusted Computing, Held in conjunction with the ACM CCS 2011, Chicago, IL, USA, October 17, 2011. [posted here 04/11/11]
Built on the continuous success of ACM STC 2006-2010, this workshop focuses on fundamental technologies of trusted and high assurance computing and its applications in large-scale systems with varying degrees of trust. The workshop is intended to serve as a forum for researchers as well as practitioners to disseminate and discuss recent advances and emerging issues. The workshop solicits two types of original papers that are single-column using at least 11pt fonts. The length of the full-paper submissions is at most 15 pages excluding bibliography, appendix etc. The total number of pages should not be more than 20, whereas the reviewers are not required to read the appendix. The length of short/work-in-progress/position-paper submissions is at most 8 pages excluding bibliography. A paper submitted to this workshop must not be in parallel submission to any other journal, magazine, conference or workshop with proceedings. It is up to the authors to decide whether a submission should be anonymous. Topics of interests include but not limited to:
- security policies and models of trusted computing
- architecture and implementation technologies for trusted platform
- limitations, alternatives and tradeoffs regarding trusted computing
- trusted computing in cloud and data center
- cloud-based attestation services
- trusted smartphone devices and systems
- trust in smart grid, energy, and Internet of Things
- trusted emerging and future Internet infrastructure
- trusted online social network
- trust in authentications, users and computing services
- hardware based trusted computing
- software based trusted computing
- pros and cons of hardware based approach
- remote attestation of trusted devices
- censorship-freeness in trusted computing
- cryptographic support in trusted computing
- case study in trusted computing
- principles for handling scales
- scalable trust supports and services in cloud
- trusted embedded computing and systems
- virtualization and trusted computing

For more information, please see http://www.cs.utsa.edu/~acmstc/stc2011/.

WPES 2011 10th ACM Workshop on Privacy in the Electronic Society, Held in conjunction with the ACM CCS 2011, Chicago, IL, USA, October 17, 2011. [posted here 05/23/11]
The need for privacy-aware policies, regulations, and techniques has been widely recognized. This workshop discusses the problems of privacy in the global interconnected societies and possible solutions. The workshop seeks submissions from academia and industry presenting novel research on all theoretical and practical aspects of electronic privacy, as well as experimental studies of fielded systems. We encourage submissions from other communities such as law and business that present these communities' perspectives on technological issues. Topics of interest include, but are not limited to:
- anonymity, pseudonymity, and unlinkability
- data correlation and leakage attacks
- data security and privacy
- electronic communication privacy
- economics of privacy
- information dissemination control
- personally identifiable information
- privacy-aware access control
- privacy and anonymity in the Web
- privacy in cloud and grid systems
- privacy and confidentiality management
- privacy and data mining
- privacy in the digital business
- privacy in the electronic records
- privacy enhancing technologies
- privacy in health care and public administration
- privacy and human rights
- privacy metrics
- privacy in mobile systems
- privacy in outsourced scenarios
- privacy policies
- privacy vs. security
- privacy in social networks
- privacy threats
- privacy and virtual identity
- public records and personal privacy
- user profiling
- wireless privacy

For more information, please see http://wpes11.rutgers.edu/.

ACM-CCS 2011 18th ACM Conference on Computer and Communications Security, Chicago, IL, USA, October 17-21, 2011. [posted here 02/07/11]
The annual ACM Computer and Communications Security Conference is a leading international forum for information security researchers, practitioners, developers, and users to explore cutting-edge ideas and results, and to exchange techniques, tools, and experiences. The conference seeks submissions from academia, government, and industry presenting novel research on all practical and theoretical aspects of computer and communications security. Papers should have relevance to the construction, evaluation, application, or operation of secure systems. Theoretical papers must make a convincing argument for the practical significance of the results. All topic areas related to computer and communications security are of interest and in scope. Accepted papers will be published by ACM Press in the conference proceedings. Outstanding papers will be invited for possible publication in a special issue of the ACM Transactions on Information and System Security.

For more information, please see http://www.sigsac.org/ccs/CCS2011/.

CRiSIS 2011 6th International Conference on Risks and Security of Internet and Systems, Timisoara, Romania, September 26-28, 2011. [posted here 02/07/11]
The topics addressed by CRiSIS range from the analysis of risks, attacks to networks and system survivability, passing through security models, security mechanisms and privacy enhancing technologies. Prospective authors are invited to submit research results as well as practical experiment or deployment reports. Industrial papers about applications and case studies, such as telemedicine, banking, e-government and critical infrastructure, are also welcome. The list of topics includes but is not limited to:
- Analysis and management of risks
- Attacks and defences
- Attack data acquisition and network monitoring
- Cryptography, Biometrics, Watermarking
- Dependability and fault tolerance of Internet applications
- Distributed systems security
- Embedded system security
- Intrusion detection and Prevention systems
- Hardware-based security and Physical security
- Trust management
- Organizational, ethical and legal issues
- Privacy protection and anonymization
- Security and dependability of operating systems
- Security and safety of critical infrastructures
- Security and privacy of peer-to-peer system
- Security and privacy of wireless networks
- Security models and security policies
- Security of new generation networks, security of VoIP and multimedia
- Security of e-commerce, electronic voting and database systems
- Traceability, metrology and forensics
- Use of smartcards and personal devices for Internet applications
- Web security

For more information, please see http://www.crisis-conference.org/.

MetriSec 2011 7th International Workshop on Security Measurements and Metrics, Held in conjunction with the International Symposium on Empirical Software Engineering and Measurement (ESEM 2011), Banff, Alberta, Canada, September 21, 2011. [posted here 03/07/11]
Quantitative assessment is a major stumbling block for software and system security. Although some security metrics exist, they are rarely adequate. The engineering importance of metrics is intuitive: you cannot consistently improve what you cannot measure. Economics is an additional driver for security metrics: customers are unlikely to pay a premium for security if they are unable to quantify what they receive. The goal of the workshop is to foster research into security measurements and metrics and to continue building the community of individuals interested in this field. This year, MetriSec continues its co-location with ESEM, which offers an opportunity for the security metrics folks to meet the metrics community at large. The organizers solicit original submissions from industry and academic experts on the development and application of repeatable, meaningful measurements in the fields of software and system security. The topics of interest include, but are not limited to:
- Security metrics
- Security measurement and monitoring
- Development of predictive models
- Experimental validation of models
- Formal theories of security metrics
- Security quality assurance
- Empirical assessment of security architectures and solutions
- Mining data from attack and vulnerability repositories: e.g. CVE, CVSS
- Software security metrics
- Static analysis metrics
- Simulation and statistical analysis
- Security risk analysis
- Industrial experience

For more information, please see http://metrisec2011.cs.nku.edu/.

RAID 2011 14th International Symposium on Recent Advances in Intrusion Detection, Menlo Park, CA, USA, September 20-21, 2011. [posted here 01/17/11]
This symposium, the 14th in an annual series, brings together leading researchers and practitioners from academia, government, and industry to discuss issues and technologies related to intrusion detection and defense. The Recent Advances in Intrusion Detection (RAID) International Symposium series furthers advances in intrusion defense by promoting the exchange of ideas in a broad range of topics. As in previous years, all topics related to intrusion detection, prevention and defense systems and technologies are within scope, including but not limited to the following:
- Network and host intrusion detection and prevention
- Anomaly and specification-based approaches
- IDS cooperation and event correlation
- Malware prevention, detection, analysis, containment
- Web application security
- Insider attack detection
- Intrusion response, tolerance, and self-protection
- Operational experiences with current approaches
- Intrusion detection assessment and benchmarking
- Attacks against intrusion detection systems
- Formal models, analysis, and standards
- Deception systems and honeypots
- Vulnerability analysis and forensics
- Adversarial machine learning for security
- Visualization techniques
- High-performance intrusion detection
- Legal, social, and privacy issues
- Network exfiltration detection
- Botnet analysis, detection, and mitigation
- Cyber-physical systems

For more information, please see http://raid2011.org.

SAFECOMP 2011 30th International Conference on Computer Safety, Reliability and Security, Naples, Italy, September 19-21, 2011. [posted here 11/8/10]
SAFECOMP is an annual event covering the state-of-the-art, experience and trends in the areas of safety, security and reliability of critical computer applications. The 2011 Key theme is "Safety and security of computer-based systems and infrastructures: from risk assessment to threat mitigation". Papers are invited in application and industrial sectors as well as research areas. Especially papers on industrial experience and practice are encouraged.

For more information, please see http://www.safecomp2011.unina.it/.

DPM 2011 6th International Workshop on Data Privacy Management, Held in conjunction with the European Symposium on Research in Computer Security (ESORICS 2011), Leuven, Belgium, September 15-16, 2011. [posted here 05/23/11]
The aim of this workshop is to discuss and exchange the ideas related to privacy data management. We invite papers from researchers and practitioners working in privacy, security, trustworthy data systems and related areas to submit their original papers in this workshop. Topics of interest include, but are not limited to the following:
- Privacy Information Management
- Privacy Policy-based Infrastructures and Architectures
- Privacy-oriented Access Control Languages and Models
- Privacy in Trust Management
- Privacy Data Integration
- Privacy Risk Assessment and Assurance
- Privacy Services
- Privacy Policy Analysis
- Lightweight cryptography & Cryptanalysis
- Query Execution over Privacy Sensitive Data
- Privacy Preserving Data Mining
- Hippocratic and Water-marking Databases
- Privacy for Integrity-based Computing
- Privacy Monitoring and Auditing
- Privacy in Social Networks
- Privacy in Ambient Intelligence (AmI) Applications
- Individual Privacy vs. Corporate/National Security
- Code-based Cryptology
- Privacy in computer networks
- Privacy and RFIDs
- Privacy in sensor networks

For more information, please see http://dpm2011.dyndns.org/.

TrustED 2011 1st International Workshop on Trustworthy Embedded Devices, Leuven, Belgium, September 15-16, 2011. [posted here 08/01/11]
This workshop targets selected aspects of cyber-physical systems. Of particular interests are security aspects of smartphones and their interfaces to other embedded devices. We aim at bringing together experts from academia and research institutes, industry and government for discussing and investigating problems, challenges and some recent scientific and technological developments in this field. This includes (but is not limited to) the following topics:
- Smartphone Security (e.g., OS, middleware, hardware)
- Physical Cryptographic and Security Primitives (e.g., PUFs, Signal Fingerprints)
- Hardware Entangled Security
- Embedded System Security (e.g., OS security, Attestation, Control Flow Integrity)
- IP Protection for Embedded Systems
- Distance Bounding
- Privacy Aspects of Embedded Systems (e.g., medical devices, electronic IDs)
- Attacks on Embedded Systems and Reverse Engineering
- Physical and logical convergence (e.g., secure and privacy-preserving facility management

For more information, please see http://trusted.trust.cased.de.

FAST 2011 8th International Workshop on Formal Aspects of Security & Trust, Held in conjunction with the European Symposium on Research in Computer Security (ESORICS 2011), Leuven, Belgium, September 15-16, 2011. [posted here 04/11/11]
The eighth International Workshop on Formal Aspects of Security and Trust aims at continuing the successful efforts of the previous FAST workshops, fostering cooperation among researchers in the areas of security and trust. Computing and network infrastructures have become pervasive, and now support a great deal of economic activity. Thus, society needs suitable security and trust mechanisms. Interactions increasingly span several enterprises and involve loosely structured communities of individuals. Participants in these activities must control interactions with their partners based on trust policies and business logic. Trust-based decisions effectively determine the security goals for shared information and for access to sensitive or valuable resources. FAST focuses on the formal models of security and trust that are needed to state goals and policies for these interactions. We also seek new and innovative techniques for establishing consequences of these formal models. Implementation approaches for such techniques are also welcome.

For more information, please see http://www.iit.cnr.it/FAST2011/Unico.htm.

SETOP 2011 4th International Workshop on Autonomous and Spontaneous Security, Held in conjunction with the European Symposium on Research in Computer Security (ESORICS 2011), Leuven, Belgium, September 15-16, 2011. [posted here 05/23/11]
The SETOP Workshop seeks submissions that present research results on all aspects related to spontaneous and autonomous security. Topics of interest include, but are not limited to the following:
- Security policy deployment
- Self evaluation of risk and impact
- Distributed intrusion detection
- Cryptography & Cryptanalysis
- Autonomous and spontaneous response
- Trust establishment
- Lightweight cryptography
- Selfish behaviour and collaboration enforcement
- Security in autonomous networks
- Security in ad hoc networks
- Security in sensor/RFID networks
- Security of Next Generation Networks
- Security in Cloud Computing
- Security of Service Oriented Architecture
- Security of opportunistic networks
- Privacy in self-organized networks
- Secure localization
- Context aware and ubiquitous computing
- Secure interoperability and negotiation
- Self-organization in secure routing
- Identity management
- Modelling and validation of security

For more information, please see http://setop2011.dyndns.org/.

EuroPKI 2011 8th European Workshop on Public Key Services, Applications and Infrastructures, Held in conjunction with the European Symposium on Research in Computer Security (ESORICS 2011), Leuven, Belgium, September 15-16, 2011. [posted here 03/21/11]
EuroPKI is a successful series of workshops that started in 2004. For the 2011 edition, the scope will cover all research aspects of Public Key Services, Applications and Infrastructures. In particular, we encourage also submissions dealing with any innovative applications of public key cryptography. Submitted papers may present theory, applications or practical experiences on topics including, but not limited to:
- Anonymity and Privacy
- Architecture and Modeling
- Authentication
- Authorization and Delegation
- Case Studies
- Certificates Status
- Certification Policy and Practices
- Credentials
- Cross Certification
- Directories
- eCommerce/eGovernment
- Evaluation
- Fault-Tolerance and reliability
- Federations
- Group signatures
- ID-based schemes
- Identity Management and eID
- Implementations
- Interoperability
- Key Management
- Legal issues
- Long-time archiving
- Mobile PKI
- Multi-signatures
- Policies & Regulations
- Privacy
- Privilege Management
- Protocols
- Repositories
- Risk/attacks
- Standards
- Timestamping
- Trust management
- Trusted Computing
- Ubiquitous scenarios
- Usage Control
- Web services security

For more information, please see http://www.cosic.esat.kuleuven.be/europki2011/.

NSPW 2011 New Security Paradigms Workshop, Marin County, CA, USA, September 12-15, 2011. [posted here 02/21/11]
The New Security Paradigms Workshop (NSPW) is seeking papers that address the current limitations of information security. Today's security risks are diverse and plentiful - botnets, database breaches, phishing attacks, targeted cyber attacks - and yet present tools for combating them are insufficient. To address these limitations, NSPW welcomes unconventional, promising approaches to important security problems and innovative critiques of current security theory and practice. We are particularly interested in perspectives from outside computer security, both from other areas of computer science (such as operating systems, human-computer interaction, databases, programming languages, algorithms) and other sciences that study adversarial relationships such as biology and economics. We discourage papers that offer incremental improvements to security and mature work that is appropriate for standard information security venues.

For more information, please see http://www.nspw.org.

ESORICS 2011 16th European Symposium on Research in Computer Security, Leuven, Belgium, September 12-14, 2011. [posted here 01/17/11]
ESORICS is the annual European research event in Computer Security. The Symposium started in 1990 and has been held in several European countries, attracting a wide international audience from both the academic and industrial communities. Papers offering novel research contributions in computer security are solicited for submission to the Symposium. The primary focus is on original, high quality, unpublished research and implementation experiences. Submitted papers must not substantially overlap with papers that have been published or that are simultaneously submitted to a journal or a conference with proceedings. We encourage submissions of papers discussing industrial research and development. Suggested topics include but are not restricted to:
- Access Control
- Accountability
- Ad hoc Networks
- Anonymity
- Applied Cryptography
- Attacks and Viral Software
- Authentication and Delegation
- Biometrics
- Database Security
- Digital Content Protection
- Distributed Systems Security
- Electronic Payments
- Embedded Systems Security
- Inference Control
- Information Hiding
- Identity Management
- Information Flow Control
- Integrity
- Intrusion Detection
- Formal Security Methods
- Language-Based Security
- Network Security
- Phishing and Spam Prevention
- Privacy
- Risk Analysis and Management
- Secure Electronic Voting
- Security Architectures
- Security Economics
- Security and Privacy Policies
- Security for Mobile Code
- Security in Location Services
- Security in Social Networks
- Security Models
- Security Verification
- Software Security
- Steganography
- Systems Security
- Trust Models and Management
- Trustworthy User Devices
- Web Security
- Wireless Security

For more information, please see https://www.cosic.esat.kuleuven.be/esorics2011/.

SecureComm 2011 7th International Conference on Network Security & Privacy, London, United Kingdom, September 7-9, 2011. [posted here 03/07/11]
SecureComm’11 seeks high-quality research contributions in the form of well developed papers. Topics of interest encompass research advances in ALL areas of secure communications and networking. Topics in other areas (e.g., formal methods, database security, secure software, applied cryptography) will also be considered if a clear connection to private or secure communications/networking is demonstrated. The aim of SecureComm is to bring together security and privacy experts in academia, industry and government as well as practitioners, standards developers and policy makers, in order to engage in a discussion about common goals and explore important research directions in the field. SecureComm also serves as a venue for learning about state-of-the-art in security and privacy research, giving attendees the opportunity to network with experts in the field. Topics include:
- Network Intrusion Detection and Prevention, Firewalls, Packet Filters
- Malware and botnets
- Communication Privacy and Anonymity
- Distributed denial of service
- Public Key Infrastructures, key management, credentials
- Web security
- Secure Routing, Naming/Addressing, Network Management
- Security & Privacy in Pervasive and Ubiquitous Computing, e.g., RFIDs
- Security & Privacy for emerging technologies: VoIP, peer-to-peer and overlay network systems, Web 2.0

For more information, please see http://www.securecomm.org.

IWSSC 2011 1st International Workshop on Securing Services on the Cloud, Held in conjunction with the 5th International Conference on Network and System Security (NSS 2011), Milan, Italy, September 6-8, 2011. [posted here 04/25/11]
The ongoing merge between Service-Oriented Architectures (SOAs) and the Cloud computation paradigm provides a new environment fostering the integration of services located within company boundaries with those on the Cloud. An increasing number of organizations implement their business processes and applications via runtime composition of services made available on the Cloud by external suppliers. This scenario is changing the traditional view of security introducing new service security risks and threats, and requires re-thinking of current development, testing, and verification methodologies. IWSSC 2011 aims to address the security issues related to the deployment of services on the Cloud, along with evaluating their impact on traditional security solutions for software and network systems. The workshop seeks submissions from academia and industry presenting novel research on all theoretical and practical aspects of security of services implemented on the Cloud, as well as experimental studies in Cloud infrastructures, the implementation of services, and lessons learned. Topics of interest include, but are not limited to:
- Security in Cloud services
- Software verification in critical services
- Static code analysis of software services
- Test-based verification of services
- Authentication and access control on the Cloud
- Challenges in moving critical systems to the Cloud
- Cybercrime and cyberterrorism on the Cloud
- Communication confidentiality and integrity
- Data security and privacy on the Cloud
- Formal methods for the Cloud
- Homeland security
- Information assurance and trust management
- Intrusion detection on the Cloud
- Model-based validation of services
- Orchestration and choreography
- RESTful service security
- SOAP security
- Security certification of services
- Security metrics on the Cloud
- Security models and architectures
- Security patterns for the Cloud
- Security protocols on the Cloud

For more information, please see http://sesar.dti.unimi.it/iwssc2011.

NSS 2011 5th International Conference on Network and System Security, Milan, Italy, September 6-8, 2011. [posted here 02/21/11]
NSS is an annual international conference covering research in network and system security. The 5th International Conference on Network and System Security (NSS 2011) will be held in Milan, Italy. The conference seeks submissions from academia, industry, and government presenting novel research on all theoretical and practical aspects of network security, privacy, applications security, and system security. Papers describing case studies, implementation experiences, and lessons learned are also encouraged. Topics of interest include, but are not limited to:
- Active Defense Systems
- Adaptive Defense Systems
- Analysis, Benchmark of Security Systems
- Authentication
- Biometric Security
- Complex Systems Security
- Database and System Security
- Data Protection
- Data/System Integrity
- Distributed Access Control
- Distributed Attack Systems
- Denial-of-Service
- Electronic Communication Privacy
- High Performance Network Virtualization
- High Performance Security Systems
- Hardware Security
- Identity Management
- Intelligent Defense Systems
- Insider Threats
- Intellectual Property Rights Protection
- Internet and Network Forensics
- Intrusion Detection and Prevention
- Key Distribution and Management
- Large-Scale Attacks and Defense
- Malware
- Network Resiliency
- Network Security
- RFID Security and Privacy
- Security Architectures
- Security for Critical Infrastructures
- Security in P2P Systems
- Security in Cloud and Grid Systems
- Security in E-Commerce
- Security in Pervasive/Ubiquitous Computing
- Security and Privacy in Smart Grid
- Security and Privacy in Wireless Networks
- Secure Mobile Agents and Mobile Code
- Security Policy
- Security Protocols
- Security Simulation and Tools
- Security Theory and Tools
- Standards and Assurance Methods
- Trusted Computing
- Trust Management
- World Wide Web Security

For more information, please see http://anss.org.au/nss2011.

EC2ND 2011 7th European Conference on Computer Network Defense, Gothenburg, Sweden, September 6-7, 2011. [posted here 04/11/11]
EC2ND invites submissions presenting novel ideas at an early stage with the intention to act as a discussion forum and feedback channel for promising, innovative security research. While our goal is to solicit ideas that are not completely worked out, and might have challenging and interesting open questions, we expect submissions to be supported by some evidence of feasibility or preliminary quantitative results. This year we are especially interested in papers concerning the protection against attacks in "special environments" (such as the ICT component of the smart grid) or protection against attacks that could cause a large societal impact. Topics include but are not limited to:
- Intrusion Detection
- Denial-of-Service
- Privacy Protection
- Security Policy
- Peer-to-Peer and Grid Security
- Network Monitoring
- Web Security
- Vulnerability Management and Tracking
- Network Forensics
- Wireless and Mobile Security
- Cryptography
- Network Discovery and Mapping
- Incident Response and Management
- Malicious Software
- Web Services Security
- Legal and Ethical Issues

For more information, please see http://2011.ec2nd.org/.

PBD 2011 1st International Workshop on Privacy by Design, Held in conjunction with the Sixth International Conference on Availability, Reliability and Security (ARES 2011), Vienna, Austria, August 22-26, 2011. [posted here 02/21/11]
While data privacy was in the past mainly assured through procedures, laws or static access control policies, these protection mechanisms tend to be ineffective once data is ubiquitously available, outsourced to partially untrusted servers or processed by third parties. In addition, most current approaches towards achieving privacy - such as anonymisation and aggregation - are either incompatible with the increasing complexity of data usage or easy to compromise due to advances in statistical analysis and availability of side-information. Recent research tries to provide technical solutions in order to minimize the exposure of sensitive data while still allowing data-driven business models. For example, cryptographic schemes such as Secure Multiparty Computation, data-centric protection schemes such as Enterprise Rights Management or trusted virtualization technologies may be used to make IT systems intrinsically privacy friendly, finally contributing to the vision of "privacy by design". The aim of the workshop is to bring together researchers, systems engineers and privacy professionals in order to drive the concept of Privacy by Design and discuss implementation aspects as well as the surrounding legal and economic issues. The main topics of interest comprise but are not limited to:
- design issues of privacy-enhanced systems
- cryptographic approaches for privacy
- practical aspects of Secure Multiparty Computation
- data centric security
- Information/Enterprise Rights Management
- privacy-enhanced system architectures
- privacy and biometrics
- privacy in the cloud
- Privacy Enhancing Technologies
- censorship resistance
- economic and legal aspects of privacy
- usability of Privacy Enhancing Technologies

For more information, please see http://www.ares-conference.eu/conf/index.php?option=com_content&view=article&id=53 .

SecSE 2011 5th International Workshop on Secure Software Engineering, Held in conjunction with the ARES 2011, Vienna, Austria, August 22-26, 2011. [posted here 1/31/11]
Software security is about protecting information and ensuring that systems continue to function correctly even when under malicious attack. The traditional approach of securing a system has been to create defensive walls such as intrusion detection systems and firewalls around it, but there are always cracks in these walls, and thus such measures are no longer sufficient by themselves. We need to be able to build better, more robust and more _inherently secure_ systems, and we should strive to achieve these qualities in all software systems, not just in the ones that _obviously_ need special protection. This workshop will focus on techniques, experiences and lessons learned for building secure and dependable software. Suggested topics include, but are not limited to:
- Secure architecture and design
- Security in agile software development
- Aspect-oriented software development for secure software
- Security requirements
- Risk management in software projects
- Secure implementation
- Secure deployment
- Testing for security
- Quantitative measurement of security properties
- Static and dynamic analysis for security
- Verification and assurance techniques for security properties
- Security and usability
- Design and deployment of secure services
- Secure composition and adaptation of services
- Teaching secure software development
- Experience reports on successfully attuning developers to secure software engineering
- Lessons learned

For more information, please see http://www.sintef.org/secse.

WISA 2011 12th International Workshop on Information Security Applications, Jeju Island, Korea, August 22-24, 2011. [posted here 04/11/11]
The focus of this workshop is on all technical and practical aspects of cryptographic and non-cryptographic security applications. The workshop will serve as a forum for new results from the academic research community as well as from the industry. The areas of interest include, but are not limited to:
- Internet & Wireless Security
- E-Commerce Protocols
- Access Control & Database Security
- Biometrics & Human Interface
- Network Security & Intrusion Detection
- Security & Trust Management
- IPTV Security
- Content Protection & Service Security
- Digital Rights Management
- Secure Software & Systems
- Information Hiding
- Digital Forensics
- Secure Hardware
- Cyber Indication & Intrusion Detection
- Multicast & Group Security
- Secure Application Protocols
- Secure Coding
- Smart Cards & Applications
- Mobile Security
- Privacy & Anonymity
- Public Key Crypto Applications
- Threats & Information Warfare
- Virus Protection & Applications
- Ubiquitous Computing Security
- Combating SPAM
- ID Management
- Peer-to-Peer Security
- Information Assurance
- RFID Security & Applications
- Sensor Network Security & Applications
- Common Criteria
- Critical Information Infrastructure Protection
- Video Surveillance Systems
- Smartphone Security

For more information, please see http://www.wisa.or.kr.

SAC 2011 18th International Workshop on Selected Areas in Cryptography, Toronto, Ontario, Canada, August 11-12, 2011. [posted here 02/21/11]
The Workshop on Selected Areas in Cryptography (SAC) is an annual conference dedicated to specific themes in the area of cryptographic system design and analysis. Authors are encouraged to submit original papers related to the themes for the SAC 2011 workshop:
- Design and analysis of symmetric key primitives and cryptosystems, including block and stream ciphers, hash functions, and MAC algorithms.
- Efficient implementations of symmetric and public key algorithms.
- Mathematical and algorithmic aspects of applied cryptology.
- Cryptographic tools and methods for securing clouds.

For more information, please see http://sac2011.ryerson.ca/SAC11_poster.pdf.

USENIX Security 2011 20th USENIX Security Symposium , San Francisco, CA, USA, August 10–12, 2011. [posted here 11/8/10]
The USENIX Security Symposium brings together researchers, practitioners, system administrators, system programmers, and others interested in the latest advances in the security of computer systems and networks. Refereed paper submissions are solicited in all areas relating to systems and network security, including:
- Adaptive security and system management
- Analysis of network and security protocols
- Applications of cryptographic techniques
- Attacks against networks and machines
- Authentication and authorization of users, systems, and applications
- Automated tools for source code analysis
- Botnets
- Cryptographic implementation analysis and construction
- Denial-of-service attacks and countermeasures
- File and filesystem security
- Firewall technologies
- Forensics and diagnostics for security
- Hardware security
- Intrusion and anomaly detection and prevention
- Malicious code analysis, anti-virus, anti-spyware
- Network infrastructure security
- Operating system security
- Privacy-preserving (and compromising) systems
- Public key infrastructure
- Rights management and copyright protection
- Security architectures
- Security in heterogeneous and large-scale environments
- Security policy
- Self-protecting and -healing systems
- Techniques for developing secure systems
- Technologies for trustworthy computing
- Usability and security
- Voting systems analysis and security
- Wireless and pervasive/ubiquitous computing security
- Web security, including client-side and server-side security

For more information, please see https://db.usenix.org/events/sec11/cfp/.

HotSec 2011 6th USENIX Workshop on Hot Topics in Security, Held in conjunction with the 20th USENIX Security Symposium, San Francisco, CA, USA, August 9, 2011. [posted here 02/21/11]
HotSec is renewing its focus by placing singular emphasis on new security ideas and problems. Works reflecting incremental ideas or well understood problems will not be accepted. Cross-discipline papers identifying new security problems or exploring approaches not previously applied to security will be given special consideration. All submissions should propose new directions of research, advocate non-traditional approaches, report on noteworthy experience in an emerging area, or generate lively discussion around an important topic. HotSec takes a broad view of security and privacy and encompasses research on topics including but not limited to:
- Large-scale threats
- Network security
- Hardware security
- Software security
- Physical security
- Programming languages
- Applied cryptography
- Privacy
- Human-computer interaction
- Emerging computing environment
- Sociology
- Economics

For more information, please see http://www.usenix.org/hotsec11/cfpa.

HealthSec 2011 2nd USENIX Workshop on Health Security and Privacy, Held in conjunction with the 20th USENIX Security Symposium, San Francisco, CA, USA, August 9, 2011. [posted here 02/21/11]
The focus of HealthSec '11 is the exploration of security and privacy issues that arise from the exploding quantity of digital personal health information, in both the provider and the patient settings. The Program Committee strongly encourages cross-disciplinary interactions between fields, including, but not limited to, technology, medicine, and policy. Surprising results and thought-provoking ideas will be strongly favored; complete papers with polished results in well-explored research areas are comparatively discouraged. We will select position papers that show potential to stimulate or catalyze further research and explorations of new directions, as well as extended abstracts that explore a specific issue a little more deeply, including preliminary results. Position papers are solicited on topics in all areas relating to healthcare information security and privacy, including:
- Security and privacy models for healthcare information systems
- Industry experience in securing healthcare information systems
- Design and deployment of patient-oriented systems for securely accessing and managing personal health data
- Security and privacy threats against existing and future medical devices--and countermeasures
- Regulatory and policy issues of healthcare information systems
- Privacy of medical information
- Usability issues, especially combined with security constraints
- Threat models for healthcare information systems

For more information, please see http://www.usenix.org/healthsec11/cfpa/.

EVT/WOTE 2011 Electronic Voting Technology Workshop/ Workshop on Trustworthy Elections, Held in conjunction with the 20th USENIX Security Symposium, San Francisco, CA, USA, August 8-9, 2011. [posted here 02/21/11]
USENIX, ACCURATE, and IAVoSS are sponsoring the 2011 Electronic Voting Technology Workshop/Workshop on Trustworthy Elections (EVT/WOTE '11). EVT/WOTE brings together researchers from a variety of disciplines, ranging from computer science and human-computer interaction experts through political scientists, legal experts, election administrators, and voting equipment vendors. Papers should contain original research in any area related to electronic voting technologies and verifiable elections. Example applications include but are not limited to:
- Ballot-box electronic voting systems
- Remote electronic voting systems
- Voter registration systems
- Procedures for ballot auditing
- Cryptographic (or non-cryptographic) verifiable election schemes

For more information, please see http://www.usenix.org/evtwote11/cfpa.

WOOT 2011 5th USENIX Workshop on Offensive Technologies, Held in conjunction with the 20th USENIX Security Symposium, San Francisco, CA, USA, August 8, 2011. [posted here 03/07/11]
Computer security is unique among systems disciplines in that practical details matter and concrete case studies keep the field grounded in practice. WOOT provides a forum for high-quality, peer-reviewed papers discussing tools and techniques for attack. Submissions should reflect the state of the art in offensive computer security technology, either surveying previously poorly known areas or presenting entirely new attacks. Submission topics include but are not limited to:
- Vulnerability research (software auditing, reverse engineering)
- Penetration testing
- Exploit techniques and automation
- Network-based attacks (routing, DNS, IDS/IPS/firewall evasion)
- Reconnaissance (scanning, software, and hardware fingerprinting)
- Malware design and implementation (rootkits, viruses, bots, worms)
- Denial-of-service attacks
- Web and database security
- Weaknesses in deployed systems (VoIP, telephony, wireless, games)
- Practical cryptanalysis (hardware, DRM, etc.)

For more information, please see http://www.usenix.org/woot11/cfpa/.

FOCI 2011 1st Workshop on Free and Open Communications on the Internet, Held in conjunction with the 20th USENIX Security Symposium, San Francisco, CA, USA, August 8, 2011. [posted here 04/25/11]
The first USENIX Workshop on Free and Open Communications on the Internet (FOCI) seeks to bring together researchers and practitioners from both technology and policy who are working on policies or technologies to detect or circumvent practices that inhibit free and open communications on the Internet. The growth of the Internet offers great promise for improving the communication capabilities of many users, but our increasing dependence on networked communications also makes it easier for organizations to control, monitor, or block user communications. ISPs and governments routinely restrict access to Internet content and services, either by censoring access to the information or by degrading the performance of various services (e.g., violating network neutrality). Indeed, although we think of the Internet as enabling the "democratization" of communications, free and open access is at risk: the Open Net Initiative reports that nearly 60 countries censor some access to information on the Internet. Similarly, ISPs can degrade network performance for certain subsets of users for some or all services. For example, some ISPs have been found to routinely block or throttle certain application traffic (e.g., BitTorrent). This growing trend towards blocking, tampering with, or otherwise restricting communications on the Internet calls for better techniques for both monitoring the state of restrictions on Internet content and communications (i.e., improving "transparency") and circumventing attempts to censor, degrade, or or otherwise tamper with Internet communications. In many cases, this technology must be both deniable (i.e., it must allow the user to deny knowledge about using the technology) and robust to blocking.

For more information, please see http://www.usenix.org/events/foci11/cfp/.

CSET 2011 4th Workshop on Cyber Security Experimentation and Test, Held in conjunction with the 20th USENIX Security Symposium, San Francisco, CA, USA, August 8, 2011. [posted here 01/31/11]
The focus of CSET is on the science of cyber security evaluation, as well as experimentation, measurement, metrics, data, and simulations as those subjects relate to computer and network security. The science of cyber security is challenging for a number of reasons:
- Data: There is an absence of data usable by the community. Moreover, there is no clear understanding of what good data would look like if it was obtained, and how the value of data changes over time.
- Realism: Experiments must faithfully recreate the relevant features of the phenomena they investigate in order to obtain correct results, yet data about threats and the Internet landscape is sparse, modeling humans is hard, and issues of scaling (up or down) are not well understood. Hence careful reasoning about "realism" is required.
- Rigor: Repeatability and correctness must be ensured in any scientific experimentation. These can be extremely hard to achieve.
- Risk: Cyber security experiments naturally carry significant risk if not properly contained and controlled. At the same time, these experiments may well require some degree of interaction with the larger world to be useful.

Meeting these challenges requires transformational advance in understanding of the relationship between scientific method and cyber security evaluation, as well as transformational advance in capability of the underlying resources and infrastructure and usability of the data. The 4th Workshop on Cyber Security Experimentation and Test (CSET '11) invites submissions on the science, design, architecture, construction, operation, and use of cyber security data and experiments.

For more information, please see http://www.usenix.org/events/cset11/cfp/.

DFRWS 2011 11th Digital Forensics Research Conference, New Orleans, LA, USA, August 1-3, 2011. [posted here 09/20/10]
DFRWS brings together leading researchers, developers, practitioners, and educators interested in advancing the state of the art in digital forensics from around the world. As the most established venue in the field, DFRWS is the preferred place to present both cutting-edge research and perspectives on best practices for all aspects of digital forensics. As an independent organization, we promote open community discussions and disseminate the results of our work to the widest audience. We invite original contributions as research papers, panel proposals, Work-in-Progress talks, workshop proposals, and demo proposals. Topics of Interest:
- Forensic analysis
- Incident response and live analysis
- Network-based forensics, including network traffic analysis, traceback and attribution
- Event reconstruction methods and tools
- File system and memory analysis
- Application analysis
- Embedded systems
- Small scale and mobile devices
- Large-scale investigations
- Digital evidence storage and preservation
- Data mining and information discovery
- Data hiding and recovery
- Data extraction and reconstruction
- Multimedia analysis
- Database forensics
- Tool testing and development
- Digital evidence and the law
- Anti-forensics and anti-anti-forensics
- Case studies and trend reports
- Malware forensics
- Data visualization in forensic analysis
- Forensics of virtual and cloud environments
- Investigation of insider attacks
- Error rates of forensic methods
- Interpersonal communications and social network analysis
- Non-traditional approaches to forensic analysis

For more information, please see http://www.dfrws.org/.

MobiPST 2011 1st International Workshop on Privacy, Security and Trust in Mobile and Wireless Systems, Held in conjunction with the ICCCN 2011, Maui, Hawaii, July 31, 2011. [posted here 03/21/11]
This workshop aims to bring together the technologists and researchers who share interest in the area of security, privacy and trust in mobile and wireless systems, as well as explore new venues of collaboration. The main purpose is to promote discussions of research and relevant activities in the models and designs of secure, privacy-preserving, or trust architectures, protocols, algorithms, services, and applications, as well as analysis on cyber threat in mobile and wireless systems. It also aims at increasing the synergy between academic and industry professionals working in this area. We plan to seek papers that address theoretical, experimental research, and work in-progress for security, privacy and trust related issues in the context of mobile and wireless systems.

For more information, please see http://ocu-stars.okcu.edu/ksha/mobipst2011.html.

PETS 2011 11th Privacy Enhancing Technologies Symposium, Waterloo, ON, Canada, July 27-29, 2011. [posted here 11/29/10]
Privacy and anonymity are increasingly important in the online world. Corporations, governments, and other organizations are realizing and exploiting their power to track users and their behavior. Approaches to protecting individuals, groups, but also companies and governments, from profiling and censorship include decentralization, encryption, distributed trust, and automated policy disclosure. The 11th Privacy Enhancing Technologies Symposium addresses the design and realization of such privacy services for the Internet and other data systems and communication networks by bringing together anonymity and privacy experts from around the world to discuss recent advances and new perspectives. The symposium seeks submissions from academia and industry presenting novel research on all theoretical and practical aspects of privacy technologies, as well as experimental studies of fielded systems. We encourage submissions with novel technical contributions from other communities such as law, business, and data protection authorities, that present their perspectives on technological issues. Suggested topics include but are not restricted to:
- Anonymous communications and publishing systems
- Attacks on privacy and privacy technologies
- Censorship resistance
- Data protection technologies
- Economics of privacy and PETs
- Fielded systems and techniques for enhancing privacy in existing systems
- Location privacy
- Privacy and anonymity in Peer-to-Peer, Cloud, and Ubiquitous Computing Environments
- Privacy and inference control in databases
- Privacy-enhanced access control or authentication/certification
- Privacy-friendly payment mechanisms for PETs and other services
- Privacy in Online Social Networks
- Privacy policy languages and tools
- Privacy threat models
- Profiling and data mining
- Pseudonyms, identity management, linkability, and reputation
- Reliability, robustness and abuse prevention in privacy systems
- Traffic analysis
- Transparency enhancing tools
- Usability issues and user interfaces for PETs

For more information, please see http://petsymposium.org/2011/.

ID 2011 ACM/Springer International Workshop on Identity: Security, Management & Applications, Kochi, Kerala, India, July 22-24, 2011. [posted here 01/10/11]
2011 ACM/Springer International Workshop on Identity ID 2011: Security, Management & Applications, is designated to meet with researchers, engineers and practitioners from academia, service providers, industry and government working on Identity-based Internet & infrastructure systems. ID 2011 aims to bring to forefront the recent trends in most significant technology topics such as Identity Management (IdM), Cloud Computing, Internet of Things (IoT), Service Oriented Architecture (SoA), Security & Privacy Systems, Access Management, Risk Management, and Role and Policy Management, etc in software, hardware and firmware applications running on private and public networks.

For more information, please see http://www.acc-rajagiri.org/ID2011.html.

VizSec 2011 8th International Symposium on Visualization for Cyber Security, Held in conjunction with the Symposium on Usable Privacy and Security (SOUPS 2011), Pittsburgh, PA, USA, July 20, 2011. [posted here 03/07/11]
The annual symposium joins academic, government, and industry leaders from around the globe to share the latest developments and applications of visualization techniques to address current cyber security challenges. Researchers and practitioners are invited to submit technical papers and panel session proposals that offer a novel contribution to security visualization. Papers are encouraged on new visualization technologies and methods that have been applied and demonstrated to be useful in a range of security domains including, but not limited to, computer forensics, risk assessment, cryptography, malware analysis, and situational awareness.

For more information, please see http://www.vizsec2011.org/.

PST 2011 9th International Conference on Privacy, Security and Trust, Montreal, Quebec, Canada, July 19-21, 2011. [posted here 10/11/10]
PST2011 provides a forum for researchers world-wide to unveil their latest work in privacy, security and trust and to show how this research can be used to enable innovation. PST2011 will include an Innovation Day featuring workshops and tutorials followed by two days of high-quality research papers whose topics include, but are NOT limited to, the following:
- Privacy Preserving / Enhancing Technologies
- Critical Infrastructure Protection
- Network and Wireless Security
- Operating Systems Security
- Intrusion Detection Technologies
- Secure Software Development and Architecture
- PST Challenges in e-Services, e.g. e-Health, e-Government, e Commerce
- Network Enabled Operations
- Digital forensics
- Information Filtering, Data Mining and Knowledge from Data
- National Security and Public Safety
- Security Metrics
- Recommendation, Reputation and Delivery Technologies
- Continuous Authentication
- Trust Technologies, Technologies for Building Trust in e-Business Strategy
- Observations of PST in Practice, Society, Policy and Legislation
- Digital Rights Management
- Identity and Trust management
- PST and Cloud Computing
- Human Computer Interaction and PST
- Implications of, and Technologies for, Lawful Surveillance
- Biometrics, National ID Cards, Identity Theft
- PST and Web Services / SOA
- Privacy, Traceability, and Anonymity
- Trust and Reputation in Self-Organizing Environments
- Anonymity and Privacy vs. Accountability
- Access Control and Capability Delegation
- Representations and Formalizations of Trust in Electronic and Physical Social Systems

For more information, please see http://pstnet.unb.ca/pst2011.

ESAS 2011 6th IEEE International Workshop on Engineering Semantic Agent Systems, Held in conjunction with IEEE COMPSAC 2011, Munich, Germany, July 18-22, 2011. [posted here 02/07/11]
Semantic web technologies render dynamic, heterogeneous, distributed, shared semantic content equally accessible to human reader and software agents. ESAS Workshops Series focuses on concepts, foundations and applications of semantic agent systems and bringing forward better practices of engineering them. Research and technologies related to Semantic Web and agent systems are very much in focus at ESAS. Topics of interest span a wide spectrum of both theory and practice of semantics and agent architectures, including software agents, mobile agents, autonomous semantic agents, context-aware intelligent agents, agents as semantic web services, multi-agent systems, agent communities, cooperation and goal seeking through shared policy and ontology, safety & security in semantic multi-agent information systems, and other QoS issues.

For more information, please see http://compsac.cs.iastate.edu/workshop_details.php?id=32&y.

DBSec 2011 25th Annual WG 11.3 Conference on Data and Applications Security and Privacy, Richmond, Virginia, USA, July 11-13, 2011. [posted here 12/6/10]
The 25th Annual WG 11.3 Conference on Data and Applications Security and Privacy provides a forum for presenting original unpublished research results, practical experiences, and innovative ideas in data and applications security. Both research papers and panel proposals are solicited. Papers may present theory, techniques, applications, or practical experience on topics of relevance to IFIP WG 11.3:
- Access control
- Applied cryptography in data security and privacy
- Identity theft and countermeasures
- Integrity maintenance
- Intrusion detection
- Knowledge discovery and privacy
- Organizational security
- Privacy and privacy-preserving data management
- Secure transaction processing
- Secure information integration
- Secure semantic web
- Secure sensor monitoring
- Secure web services
- Threats, vulnerabilities, and risk management
- Trust management

For more information, please see http://www.egr.vcu.edu/dbsec2011/.

HAISA 2011 International Conference on Human Aspects of Information Security & Assurance, London, United Kingdom, July 7-8, 2011. [posted here 06/06/11]
It is commonly acknowledged that security requirements cannot be addressed by technical means alone, and that a significant aspect of protection comes down to the attitudes, awareness, behaviour and capabilities of the people involved. Indeed, people can potentially represent a key asset in achieving security, but at present, factors such as lack of awareness and understanding, combined with unreasonable demands from security technologies, can dramatically impede their ability to do so. Ensuring appropriate attention and support for the needs of users should therefore be seen as a vital element of a successful security strategy. People at all levels (i.e. from organisations to domestic environments; from system administrators to end-users) need to understand security concepts, how the issues may apply to them, and how to use the available technology to protect their systems. In addition, the technology itself can make a contribution by reducing the demands upon users, simplifying protection measures, and automating a variety of safeguards. With the above in mind, this conference specifically addresses information security issues that relate to people. It concerns the methods that inform and guide users' understanding of security, and the technologies that can benefit and support them in achieving protection. The conference welcomes papers addressing research and case studies in relation to any aspect of information security that pertains to the attitudes, perceptions and behaviour of people, and how human characteristics or technologies may be positively modified to improve the level of protection. Indicative themes include:
- Information security culture
- Awareness and education methods
- Enhancing risk perception
- Public understanding of security
- Usable security
- Psychological models of security software usage
- User acceptance of security policies and technologies
- User-friendly authentication methods
- Biometric technologies and impacts
- Automating security functionality
- Non-intrusive security
- Assisting security administration
- Impacts of standards, policies, compliance requirements
- Organizational governance for information assurance
- Simplifying risk and threat assessment
- Understanding motivations for misuse
- Social engineering and other human-related risks
- Privacy attitudes and practices
- Computer ethics and security

For more information, please see http://www.haisa.org.

DIMVA 2011 8th International Conference on Detection of Intrusions and Malware & Vulnerability Assessment, Amsterdam, The Netherlands, July 7-8, 2011. [posted here 11/8/10]
The annual DIMVA conference serves as a premier forum for advancing the state of the art in intrusion detection, malware detection, and vulnerability assessment. DIMVA's scope includes, but is not restricted to the following areas:
Intrusion Detection
- Novel approaches & new environments
- Insider detection
- Prevention & response
- Data leakage
- Result correlation & cooperation
- Evasion attacks
- Potentials & limitations
- Operational experiences
- Privacy, legal & social aspects
Malware Detection
- Automated analysis, reversing & execution tracing
- Containment & sandboxed operation
- Acquisition of specimen
- Infiltration
- Behavioral models
- Prevention & containment
- Trends & upcoming risks
- Forensics & recovery
- Economic aspects
Vulnerability Assessment
- Vulnerability detection & analysis
- Vulnerability prevention
- Web application security
- Fuzzing techniques
- Classification & evaluation
- Situational awareness

For more information, please see http://www.dimva.org/dimva2011.

ASA 2011 5th International Workshop on Analysis of Security APIs, Paris, France, June 30, 2011. [posted here 02/21/11]
Security APIs allow untrusted code to access sensitive resources in a secure way. Security API analysis is an emerging field of computer security research. The aim of the ASA workshop is to bring together researchers working in security API analysis for a day of presentations and discussions. Since the field is relatively young, polished research papers will not be solicited. Instead, the workshop will follow the format that was highly successful at ASA in 2007-10: prospective participants are invited to submit a short (1-4 page) abstract describing their current work and/or interests in the area. We plan to have two sessions of 20-minute talks by participants, with each session followed by informal discussion. There will also be a workshop dinner in the evening, and subject to confirmation, an invited speaker. The scope of ASA runs from theoretical results and formalisms for API analysis right through to applications and empirical results with security APIs deployed `in the field'. Applications of interest include (but are not limited to) financial applications (e.g. APIs of Hardware Security Modules), smartcard APIs, the Trusted Computing Architecture, and security APIs for web based systems.

For more information, please see http://www.lsv.ens-cachan.fr/~steel/asa5/.

IFIPTM 2011 5th IFIP International Conference on Trust Management, Copenhagen, Denmark, June 29 - July 1, 2011. [posted here 10/12/10]
The mission of the IFIPTM 2011 Conference is to share research solutions to problems of Trust and Trust management, including related Security and Privacy issues, and to identify new issues and directions for future research and development work. IFIPTM 2011 invites submissions presenting novel research on all topics related to Trust, Security and Privacy, including but not limited to those listed below:
Security, trust and privacy
- formal aspects (specification, reasoning and analysis)
- applications and services
- policy management
- in social networks and emerging contexts
- in collaborative applications, crowdsourcing and wiki systems
- ethical, sociological, psychological and legal aspects
- human-computer interaction and usable systems
Trust and reputation management systems
- architectures and models
- metrics and computation
- applications
Identity management and trust
- anonymity, privacy and accountability
- legal aspects
Trustworthy systems
- platforms & Standards
- software and services
- applications

For more information, please see http://www.ifiptm.org/.

CSF 2011 24th IEEE Computer Security Foundations Symposium, Domaine de l'Abbaye des Vaux-de-Cernay, France, June 27-29, 2011. [posted here 12/6/10]
New theoretical results in computer security are welcome. Also welcome are more exploratory presentations, which may examine open questions and raise fundamental concerns about existing theories. Panel proposals are sought as well as papers. Possible topics include, but are not limited to:
- Access control
- Distributed systems security
- Language-based security
- Anonymity and Privacy
- Electronic voting
- Network security
- Authentication
- Executable content
- Resource usage control
- Data and system integrity
- Formal methods for security
- Security for mobile computing
- Database security
- Information flow
- Security models
- Data provenance
- Intrusion detection
- Security protocols
- Decidability and complexity
- Hardware-based security
- Trust and trust management

For more information, please see http://csf2011.inria.fr/.

STM 2011 7th International Workshop on Security and Trust Management, Held in conjunction with IFIPTM 2011, Copenhagen, Denamrk, June 27-28, 2011. [posted here 02/21/11]
STM (Security and Trust Management) is a working group of ERCIM (European Research Consortium in Informatics and Mathematics). STM'11 is the seventh workshop in this series and will be held in Copenhagen, Denmark in conjunction with IFIPTM 2011. Topics of interest include, but are not limited to:
- access control
- cryptography
- digital right management
- economics of security
- key management
- ICT for securing digital as well as physical assets
- identity management
- networked systems security
- privacy and anonymity
- reputation systems and architectures
- security and trust management architectures
- semantics and computational models for security and trust
- trust assessment and negotiation
- trust in mobile code
- trust in pervasive environments
- trust models
- trust management policies
- trusted platforms and trustworthy systems
- trustworthy user devices

For more information, please see http://www.isac.uma.es/stm11.

RFIDsec 2011 7th Workshop on RFID Security , Amherst, MA, USA, June 26-28, 2011. [posted here 02/07/11]
The RFIDSec workshop focuses on security and data-protection issues in advanced contactless technologies like RFID. It stresses implementation aspects imposed by resource constraints. Topics of the workshop include but are not limited to:
- New applications for secure RFID systems
- Data protection and privacy-enhancing techniques for RFID
- Cryptographic protocols for RFID
- Integration of secure RFID systems
- Data mining and other systemic approaches to RFID security
- Resource-efficient implementation of cryptography
- Attacks on RFID systems
- RFID security hardware e.g. RFID with PUF, RFID Trojans, ...

For more information, please see http://rfid-cusp.org/rfidsec/.

TRUST 2011 4th International Conference on Trust and Trustworthy Computing, Pittsburgh, PA, USA, June 22-24, 2011. [posted here 11/8/10]
This conference focuses on trusted and trustworthy computing, both from the technical and social perspectives. The conference itself has two main strands, one devoted to technical aspects and one devoted to socio-economic aspects of trusted computing. The conference solicits original papers on any aspect (technical or social and economic) of the design, application and usage of trusted and trustworthy computing, which concerns a broad range of concepts including trustworthy infrastructures, cloud computing, services, hardware, software and protocols. Topics of interest include, but are not limited to:
Technical Strand
- Architecture and implementation technologies for trusted platforms and trustworthy infrastructures
- Trust, Security and Privacy in embedded systems
- Trust, Security and Privacy in social networks
- Trusted mobile platforms and mobile phone security
- Implementations of trusted computing (hardware and software)
- Applications of trusted computing
- Trustworthy infrastructures and services for cloud computing (including resilience)
- Attestation and integrity verification
- Cryptographic aspects of trusted and trustworthy computing
- Design, implementation and analysis of security hardware, i.e., hardware with cryptographic and security functions, physically unclonable functions (PUFs)
- Intrusion resilience in trusted computing
- Virtualization for trusted platforms
- Secure storage
- Security policy and management of trusted computing
- Access control for trusted platforms
- Privacy aspects of trusted computing
- Verification of trusted computing architectures
- Usability and end-user interactions with trusted platforms
- Limitations of trusted computing
Socio-economic Strand
- Usability and user perceptions of trustworthy systems and risks
- Effects of trustworthy systems upon user, corporate, and governmental behavior
- Economic drivers for trustworthy systems in corporate environment
- The impact of trustworthy systems in enhancing trust in cloud-like infrastructures
- The adequacy of guarantees provided by trustworthy systems for systems critically dependent upon trust, such as elections and government oversight
- The impact of trustworthy systems upon digital forensics, police investigations and court proceedings
- Game theoretical approaches to modeling or designing trustworthy systems
- Approaches to model and simulate scenarios of how trustworthy systems would be used in corporate environments and in personal space
- Experimental economics studies of trustworthiness
- The interplay between privacy, privacy enhancing technologies and trustworthy systems
- Critiques of trustworthy systems

For more information, please see http://www.trust2011.org.

FCS 2011 Workshop on Foundations of Computer Security, Held in conjunction with LICS 2011, Toronto, Ontario, Canada, June 20, 2011. [posted here 01/17/11]
Computer security is an established field of computer science of both theoretical and practical significance. In recent years, there has been increasing interest in logic-based foundations for various methods in computer security, including the formal specification, analysis and design of security protocols and their applications, the formal definition of various aspects of security such as access control mechanisms, mobile code security and denial-of-service attacks, and the modeling of information flow and its application to confidentiality policies, system composition, and covert channel analysis. The aim of the workshop FCS'11 is to provide a forum for continued activity in different areas of computer security, bringing computer security researchers in closer contact with the LICS community and giving LICS attendees an opportunity to talk to experts in computer security, on the one hand, and contribute to bridging the gap between logical methods and computer security foundations, on the other. We are interested both in new results in theories of computer security and also in more exploratory presentations that examine open questions and raise fundamental concerns about existing theories, as well as in new results on developing and applying automated reasoning techniques and tools for the formal specification and analysis of security protocols.

For more information, please see http://www.di.ens.fr/~blanchet/fcs11/.

D-SPAN 2011 2nd IEEE International Workshop on Data Security and PrivAcy in wireless Networks, Held in conjunction with IEEE WoWMoM 2011, Lucca, Italy, June 20, 2011. [posted here 01/17/11]
D-SPAN 2011, the Second International Workshop on Data Security and PrivAcy in wireless Networks (D-SPAN), is focused on defining new problems and developing novel techniques for data security and privacy issues in wireless and mobile networks. With the emergence of data-intensive wireless networks such as wireless sensor networks and data-centric mobile applications such as location-based services, the traditional boundaries between these three disciplines are blurring. This workshop solicits papers from two main categories: (1) papers that consider the security and privacy of data collection, transmission, storage, publishing, and sharing in wireless networks broadly defined, e.g., MANET, cellular, vehicular, ad hoc, cognitive, as well as sensor networks, and (2) papers that use data analytics techniques to address security and privacy problems in wireless networks. The workshop provides a venue for researchers to present new ideas with impact on three communities: wireless networks, databases, and security. The list of topics includes, but not limited to:
- Foundations in wireless security & privacy (game theory, information theory, belief models, etc)
- Location privacy in wireless networks
- Secure data collection and aggregation for wireless sensor networks
- Secure data collection in body-area networks
- Secure data processing in mobile ad-hoc networks (MANET)
- Secure query processing over wireless sensor networks
- Security and privacy of RFID systems
- Security and privacy for data streaming
- Security for cognitive radio networks
- Tradeoffs between Security and Communication Performance

For more information, please see http://home.gwu.edu/~nzhang10/DSPAN2011/.

USENIX-ATC 2011 2011 USENIX Annual Technical Conference, Portland, Oregon, USA, June 15–17, 2011. [posted here 11/22/10]
Authors are invited to submit original and innovative papers to the Refereed Papers Track of the 2011 USENIX Annual Technical Conference. We seek high-quality submissions that further the knowledge and understanding of modern computing systems, with an emphasis on implementations and experimental results. We encourage papers that break new ground or present insightful results based on practical experience with computer systems. USENIX ATC has a broad scope, and specific topics of interest include but are not limited to:
- Architectural interaction
- Cloud computing
- Deployment experience
- Distributed and parallel systems
- Embedded systems
- Energy/power management
- File and storage systems
- Mobile, wireless, and sensor systems
- Networking and network services
- Operating systems
- Reliability, availability, and scalability
- Security, privacy, and trust
- System and network management and troubleshooting
- Usage studies and workload characterization
- Virtualization

For more information, please see http://www.usenix.org/events/atc11/cfp/.

SACMAT 2011 16th ACM Symposium on Access Control Models and Technologies, Innsbruck, Austria, June 15-17, 2011. [posted here 09/20/10]
ACM SACMAT is the premier forum for the presentation of research results and experience reports on leading edge issues of access control, including models, systems, applications, and theory. The aims of the symposium are to share novel access control solutions that fulfil the needs of heterogeneous applications and environments, and to identify new directions for future research and development. SACMAT provides researchers and practitioners with a unique opportunity to share their perspectives with others interested in the various aspects of access control. Papers offering novel research contributions in all aspects of access control are solicited. We solicit proposals for panels and systems demonstrations as well. Topics of Interest:
- Access control models and extensions
- Access control requirements
- Access control design methodology
- Access control mechanisms, systems, and tools
- Access control in distributed and mobile systems
- Access control for innovative applications
- Administration of access control policies
- Delegation
- Identity management
- Policy/Role engineering
- Safety analysis and enforcement
- Standards for access control
- Trust management
- Trust and risk models in access control
- Theoretical foundations for access control models
- Usability in access control systems
- Usage control

For more information, please see http://sacmat.org/.

WiSec 2011 4th ACM Conference on Wireless Network Security, Hamburg, Germany, June 14-17, 2011. [posted here 08/30/10]
As wireless and mobile networking becomes ubiquitous, security and privacy gains in importance. The focus of ACM Conference on Wireless Network Security (ACM WiSec) is on exploring attacks on (and threats facing) wireless communication as well as techniques to address them. Settings of interest include: cellular, metropolitan, mesh, local-area, personal-area, home, vehicular, sensor, ad hoc, satellite, and underwater networks as well as cognitive radio and RFID. Topics of interest include, but are not limited to:
- Naming and addressing vulnerabilities
- Key management in wireless/mobile environments
- Secure neighbor discovery / Secure localization
- Secure PHY and MAC protocols
- Trust establishment
- Intrusion detection, detection of malicious behavior
- Revocation of malicious parties
- Denial of service
- User privacy, location privacy
- Anonymity, unobservability, prevention of traffic analysis
- Identity theft and phishing in mobile networks
- Charging & secure payment
- Cooperation and prevention of non-cooperative behavior
- Economics of wireless security
- Vulnerability and attack modeling
- Incentive-aware secure protocol design
- Jamming/Anti-jamming communication
- Cross-layer design for security
- Monitoring and surveillance
- Cryptographic primitives for wireless communication
- Formal methods for wireless security
- Mobile/wireless platform and systems (OS and application) security

For more information, please see http://www.sigsac.org/wisec/WiSec2011.

ACNS 2011 9th International Conference on Applied Cryptography and Network Security, Nerja, Malaga, Spain, June 7-10, 2011. [posted here 10/18/10]
Original papers on all aspects of applied cryptography as well as computer/network security and privacy are solicited. Topics of interest include, but are not limited, to:
- Applied cryptography and cryptographic protocols
- Cryptographic primitives, e.g., cryptosystems, ciphers and hash functions
- Network security protocols
- Privacy, anonymity and untraceability
- Security for the next-generation Internet
- Internet fraud, e.g., phishing, pharming, spam, and click fraud
- Email and web security
- Public key infrastructures, key management, certification and revocation
- Trust and its metrics
- Usable security and cryptography
- Intellectual property protection and digital rights management
- Modeling and protocol design
- Automated protocols analysis
- Secure virtualization and security in cloud computing
- Security and privacy in sensor, mobile, ad hoc and delay-tolerant networks, p2p systems, as well as wireless (e.g., RFID, Bluetooth) communications

For more information, please see http://www.isac.uma.es/acns2011/.

IFIP-SEC 2011 26th IFIP TC-11 International Information Security Conference, Luzern, Switzerland, June 7-9, 2011. [posted here 09/20/10]
The SEC conferences are in a series of well-established international conferences on Security and Privacy organized annually by the Technical Committee 11 (TC-11) of IFIP (International Federation for Information Processing). IFIP SEC 2011 aims at bringing together primarily researchers, but also practitioners from academia, industry and governmental institutions for elaborating and discussing IT Security and Privacy Challenges that we are facing today and in the future. Papers offering novel and mature research contributions, in any aspect of information security and privacy are solicited for submission to the 26th IFIP TC-11 International Information Security Conference. Papers may present theory, applications, or practical experiences on security and privacy topics including but not limited to:
- Access Control
- Anonymity
- Applications of Cryptography
- Attacks and Malicious Software
- Authentication and Authorization
- Biometrics and Applications
- Critical ICT Resources Protection
- Data and Systems Integrity
- Data Protection
- ECommerce Privacy & Security
- Enterprise Security
- Identity Management
- Information Hiding
- Information Warfare
- Internet and Web Security
- Intrusion Detection
- IT-Forensics
- Mobile Computing Security
- Mobile Networks Security
- Network Security Protocols
- Multilateral Security
- Peer-to-Peer Security
- Privacy Enhancing Technologies
- RFID Privacy & Security
- Risk Analysis and Management
- Secure Electronic Voting
- Secure Sensor Networks
- Secure Systems Development
- Security Architectures
- Security Economics
- Security Education
- Security Management
- Security Metrics
- Semantic Web Privacy & Security
- Smart Cards
- Software Security
- Spam, SPIT, SPIM
- Transparency Enhancing Tools
- Trust Management and Models
- Trusted Computing
- Ubiquitous Privacy & Security
- Usability of Security and Privacy

For more information, please see http://www.sec2011.org/.

POLICY 2011 12th IEEE International Symposium on Policies for Distributed Systems and Networks, Pisa, Italy, June 6-8, 2011. [posted here 11/8/10]
The symposium brings together researchers and practitioners working on policy-based systems across a wide range of application domains including policy-based networking, privacy, trust and security management, autonomic computing, pervasive systems and enterprise systems. POLICY 2011 is the 12th in a series of successful events, which have provided a forum for discussion and collaboration between researchers, developers and users of policy-based systems. In addition to the areas mentioned above, we specifically encourage this year contributions on policy-based techniques in support of Cloud computing and Enterprise Service Oriented applications as well as the use of reasoning, verification and learning techniques in policy-based systems

For more information, please see http://ieee-policy.org.

ICC-CISS 2011 IEEE ICC 2011, Communication and Information Systems Security Symposium, Kyoto, Japan, June 5-9, 2011. [posted here 08/30/10]
With the advent of pervasive computer applications and due to the proliferation of heterogeneous wired and wireless computer and communication networks, security, privacy and trust issues have become paramount. This Symposium will address all aspects of the modeling, design, implementation, deployment, and management of security algorithms, protocols, architectures, and systems. Furthermore, contributions devoted to the evaluation, optimization, or enhancement of security and privacy mechanisms for current technologies, as well as devising efficient security and privacy solutions for emerging areas from physical layer technology to the application layer, are solicited. Topics of interest include, but are not limited to, the following:
- Authentication protocols and message authentication
- Biometric security: technologies, risks, vulnerabilities, bio-cryptography, mobile template protection
- Computer and network forensics
- Cryptanalysis
- DDOS attacks, DNS spoofing, intrusion, localization and countermeasures
- Digital right management: information hiding, watermarking, fingerprinting, and traitor tracing scheme
- Formal trust models, security modeling and protocol design
- Information systems security and security management
- Mobile and Wireless network security, including ad hoc networks, P2P networks, 3G, 4G, sensor networks, Bluetooth, 802.11 family and WiMAX
- Network security metrics and performance
- Operating systems and application security and analysis tools
- Optical network security
- Physical security and hardware/software security
- Privacy and privacy enhancing technologies
- Public-key, symmetric-key, applied crypto, coding-based cryptography
- Quantum cryptography
- Virtual private networks and group security
- VoIP, IPTV, DAB, and other multimedia security
- Vulnerability, exploitation tools and virus analysis
- Web, Cloud, eBusiness, eCommerce, eGovernment security

For more information, please see http://www.ieee-icc.org/2011/.

HOST 2011 4th IEEE International Sympoium on Hardware-Oriented Security and Trust, San Diego, CA, June 5-6, 2011. [posted here 11/8/10]
A wide range of applications, from secure RFID tagging to high-end trusted computing, relies on dedicated and trusted hardware platforms. The security and trustworthiness of such hardware designs are critical to their successful deployment and operation. Recent advances in tampering and reverse engineering show that important challenges lie ahead. For example, secure electronic designs may be affected by malicious circuits, Trojans that alter system operation. Furthermore, dedicated secure hardware implementations are susceptible to novel forms of attack that exploit side-channel leakage and faults. Third, the globalized, horizontal semiconductor business model raises concerns of trust and intellectual-property protection. HOST 2011 is a forum for novel solutions to address these challenges. Innovative test mechanisms may reveal Trojans in a design before they are able to do harm. Implementation attacks may be thwarted using side-channel resistant design or fault-tolerant designs. New security-aware design tools can assist a designer in implementing critical and trusted functionality, quickly and efficiently. HOST 2011 seeks contributions based on, but not limited to, the following topics:
- Trojan detection and isolation
- Implementation Attacks and Countermeasures
- Side channel Analysis and Fault Analysis
- Intellectual Property Protection and Metering
- Tools and Methodologies for Secure Hardware Design
- Hardware Architectures for Cryptography
- Hardware Security Primitives: PUFs and TRNGs
- Applications of Secure Hardware
- Interaction of Secure Hardware and Software

For more information, please see http://www.engr.uconn.edu/HOST/.

WISTP 2011 5th Workshop in Information Security Theory and Practice, Heraklion, Crete, Greece, June 1-3, 2011. [posted here 08/30/10]
Technical enhancements of mobile network infrastructures and the availability of powerful mobile devices are rapidly changing the way in which users interact and communicate in everyday life. These devices include but not limited to PDAs, mobile phones, smart cards, wireless sensors, and RFID tags. Among the main common features of these devices include constraint resources and wireless communications. WISTP 2011 aims to address the security and privacy issues that are increasingly exposed by mobile communications and related services, along with evaluating their impact on individuals, and the society at large. The workshop seeks submissions from academia and industry presenting novel research on all theoretical and practical aspects of security and privacy of mobile and smart devices, as well as experimental studies of fielded systems based on wireless communication, the application of security technology, the implementation of systems, and lessons learned. We encourage submissions from other communities such as law and business that present these communities' perspectives on technological issues. Topics of interest include, but are not limited to:
- Authentication and access control
- Ad hoc networks security and privacy
- Biometrics, national ID cards
- Data security and privacy
- Digital rights management
- Embedded systems security
- Human and psychological aspects of security
- Identity management
- Information assurance and trust management
- Intrusion detection and information filtering
- Lightweight cryptography
- Mobile and ubiquitous network security
- Mobile codes security
- Mobile commerce security
- Mobile devices security
- Privacy enhancing technologies
- RFID systems security
- Secure self-organization and self-configuration
- Security in location services
- Security metrics
- Security models and architectures
- Security of GSM/GPRS/UMTS systems
- Security and privacy policies
- Security protocols
- Smart card security
- Vehicular network security and privacy
- Wireless communication security and privacy
- Wireless sensor network security and privacy

For more information, please see http://www.wistp.org/.

ISPEC 2011 7th Information Security Practice and Experience Conference, Guangzhou, China, May 30 - June 1, 2011. [posted here 10/11/10]
ISPEC is an annual conference that brings together researchers and practitioners to provide a confluence of new information security technologies, their applications and their integration with IT systems in various vertical sectors. Authors are invited to submit full papers presenting new research results related to information security technologies and applications. All submissions must describe original research that is not published or currently under review by another conference or journal. Areas of interest include, but are not limited to:
- Applied cryptography
- Access control
- Digital rights management
- Economic incentives for deployment of information security systems
- Information security in vertical applications
- Network security
- Privacy and anonymity
- Risk evaluation and security certification
- Resilience and availability
- Secure system architectures
- Security policy
- Security protocols
- Trust model and management
- Usability aspects of information security systems

For more information, please see http://ispec2011.jnu.edu.cn/.

PETSE 2011 3rd International Workshop on Privacy Enhanced Technology and Security Engineering, Busan, Korea, May 26-28, 2011. [posted here 01/10/11]
The integration of the advanced wireless technology and Internet tends to increase connections of computing devices. However, in order to achieve such integration, security problems and privacy concerns such as personal information outflows should be considered. Privacy enhanced technology and security engineering are required for technical security and personal information protection. The aim of this workshop is to bring together the researchers from academia and industry as well as practitioners to share ideas, problems and solutions relating to the multifaceted aspects of Privacy Enhanced Technology and Security Engineering.

For more information, please see http://www.ftrai.org/petse2011/.

SGSC 2011 IEEE International Workshop on Smart Grid Security and Communications, Held in conjunction with the 2011 IEEE International Symposium on Parallel and Distributed Processing and Application (ISPA2011), Busan, Korea, May 26-28, 2011. [posted here 11/29/10]
IThe Smart Grid concept arose in response to a combination of external factors that are economic, political, environmental, societal and technical in nature. At the power distribution system level, this concept has motivated the coordination and integration of modern energy, communications, control, and information technologies. However, the downside is that as the grid provides mission-critical services, which need to be secure and reliable. Hence, there is a need for security strategies to protect core infrastructures when transforming conventional power networks to smart grids, for instance, from malicious code and cascading errors. The underlying requirements for a reliable and secure Smart Grid pertain to an adherence to standards, best practices, as well as a high degree of architectural discipline. This workshop serves to unite common research interests in Smart Grid technologies to discuss and address related security issues, and share novel security solutions. Topics of interest include, but are not limited to:
- Security standard for Smart Grid
- Privacy protection in Smart Grid
- Vulnerability analysis & risk management
- Secure key management and access control in Smart Grid
- Power distribution with full cyber security
- Software security relevant to Smart Grid
- Communication security in Smart Grid
- Security of Advanced Metering Infrastructure (AMI)
- Killer applications for Smart Grid
- Reliable self-healing for Smart Grid
- Information communication and control technology for Smart Grid
- Secure routing and interconnectivity for Smart Grid
- Scheduling, resource allocation and optimization methodology
- Power distribution under computation and communication constraints
- Incorporation of demand response, smart appliance and consumer devices
- Consumer-to-consumer power re-distribution and networking

For more information, please see http://sgsc.ee.ccu.edu.tw/.

W2SP 2011 Web 2.0 Security and Privacy 2011 Workshop, Held in conjunction with IEEE Symposium on Security and Privacy (SP 2011), Berkeley, CA, USA, May 26, 2011. [posted here 01/18/11]
W2SP brings together researchers, practitioners, web programmers, policy makers, and others interested in the latest understanding and advances in the security and privacy of the web, browsers and their eco-system. We have had four years of successful W2SP workshops. This year, we will additionally invite selected papers to a special issue of the journal. We are seeking both short position papers (2-4 pages) and longer papers (a maximum of 10 pages). The scope of W2SP 2011 includes, but is not limited to:
- Trustworthy cloud-based services
- Privacy and reputation in social networks
- Security and privacy as a service
- Usable security and privacy
- Security for the mobile web
- Identity management and psuedonymity
- Web services/feeds/mashups
- Provenance and governance
- Security and privacy policies for composible content
- Next-generation browser technology
- Secure extensions and plug-ins
- Advertisement and affiliate fraud
- Measurement study for understanding web security and privacy

For more information, please see http://w2spconf.com/2011/cfp.html.

SADFE 2011 International Workshop on Systematic Approaches to Digital Forensic Engineering, Held in conjunction with the IEEE Symposium on Security and Privacy (SP 2011), Berkeley, CA, USA, May 26, 2011. [posted here 01/10/11]
The SADFE (Systematic Approaches to Digital Forensic Engineering) International Workshop promotes systematic approaches to cyber crime investigations, by furthering the advancement of digital forensic engineering as a disciplined science and practice. Today's digital artifacts permeate our lives and are part of every crime and every case of digital discovery. The field of digital forensics faces many challenges, including scale, scope and presentation of highly technical information in legal venues to nontechnical audiences. Digital evidence may be extant for only nanoseconds or for years; they may consist of a single modified bit, or huge volumes of data; they may be found locally or spread globally throughout a complex digital infrastructure on public or private systems. Following the success of previous SADFE workshops, cyber crime investigations and digital forensics tools will continue to be the key topics of the meeting. We also welcome a broader range of digital forensics papers that do not necessarily involve either crime or digital forensics tools. General attack analysis, the insider threat, insurance and compliance investigations, similar forms of retrospective analysis, and digital discovery are all viable topics. Past speakers and attendees of SADFE have included computer and information scientists, social scientists, digital forensic practitioners, IT professionals, law enforcement, lawyers, and judges. The synthesis of science with practice and the law with technology form the foundation of this conference. SADFE addresses the gap between today's practice and the establishment of digital forensics as a science. To advance the field, SADFE-2011 solicits broad-based, innovative approaches to digital forensic engineering in the following four areas:
- Digital Data and Evidence Management: advanced digital evidence discovery, collection, and storage
- Scientific Principle-based Digital Forensic Processes: systematic engineering processes supporting digital evidence management which are sound on scientific, technical and legal grounds
- Digital Evidence Analytics: advanced digital evidence analysis, correlation, and presentation
- Forensic-support technologies: forensic-enabled and proactive monitoring/response

To honor the outstanding work in digital forensics, the SADFE will provide awards for the highest overall quality papers and posters from the accepted program, as measured by scientific contribution, depth, and impact. A student must be the first author to be eligible for the best student paper award.

For more information, please see http://conf.ncku.edu.tw/sadfe/sadfe11/.

SP 2011 32nd IEEE Symposium on Security & Privacy, The Claremont Resort, Berkeley/Oakland, California, USA, May 22-25, 2011. [posted here 08/16/10]
Since 1980, the IEEE Symposium on Security and Privacy (S&P) has been the premier forum for computer security research, presenting the latest developments and bringing together researchers and practitioners. We solicit previously unpublished papers offering novel research contributions in any aspect of computer security or privacy. Papers may present advances in the theory, design, implementation, analysis, verification, or empirical evaluation of secure systems. Topics of interest include:
- Access control
- Accountability
- Anonymity
- Application security
- Attacks and defenses
- Authentication
- Censorship and censorship-resistance
- Distributed systems security
- Embedded systems security
- Forensics
- Hardware security
- Intrusion detection
- Language-based security
- Malware
- Metrics
- Network security
- Privacy-preserving systems
- Protocol security
- Secure information flow
- Security and privacy policies
- Security architectures
- System security
- Usability and security
- Web security

For more information, please see http://oakland32-submit.cs.ucsb.edu/.

SAR/SSI 2011 International Conference on Network and Information Systems Security, La Rochelle, France, May 18-21, 2011. [posted here 11/8/10]
The SAR-SSI conference series provides a forum for presenting novel research results, practical experiences and innovative ideas in network and information systems security. The goal of SAR-SSI-2011 is fostering exchanges among academic researchers, industry and a wider audience interested in network and information system security. The conference will offer a broad area of events, ranging from panels, tutorials, technical presentations and informal meetings. Prospective authors are encouraged to submit papers describing novel research contributions as well as proposals for tutorials and panels.

For more information, please see http://sarssi-conf.org.

IH 2011 13th Information Hiding Conference, Prague, Czech Republic, May 18-20, 2011. [posted here 12/13/10]
For many years, Information Hiding has captured the imagination of researchers. Digital watermarking and steganography protect information, conceal secrets or are used as core primitives in digital rights management schemes. Steganalysis and forensics pose important challenges to investigators; and privacy techniques try to hide relational information such as the actors' identities in anonymous communication systems. These and other topic share the notion that security is defined by the difficulty to make (or avoid) inference on certain properties of host data, which therefore has to be well understood and modeled. Current research themes include:
- Anonymity and privacy
- Covert/subliminal channels
- Digital rights management
- Fingerprinting and embedding codes
- Multimedia and document security
- Multimedia forensics and counter forensics
- Novel applications of information hiding
- Other data hiding domains (e.g. text, software, etc.)
- Security metrics for information hiding
- Steganography and steganalysis
- Theoretical aspects of information hiding and detection
- Watermarking (algorithms, security, attacks)

For more information, please see http://www.ihconference.org/.

RFIDsec-Asia 2011 Workshop on RFID Security, Wuxi, China, April 6-8, 2011. [posted here 08/30/10]
RFIDsec aims to bridge the gap between cryptographic & security researchers and RFID developers through invited talks and contributed presentations. The RFIDsec Asia workshop is aligned with RFIDSec. RFIDsec’11 Asia provides a forum to address the fundamental issues in theory and practice related to security and privacy issues, designs, standards, and case studies in the development of RFID systems, EPCglobal network, and Internet of Things (IoT). Submissions and interactions from academia, government and industry are welcome and appreciated. Moreover, the workshop plans to organize summit and exhibition for Internet of Things and RFID. Topics of the conference include but not limited to:
- Cryptographic protocols for RFID/IoT: Authentication protocols, Key update mechanisms, Scalability issues
- Integration of secure RFID/IoT systems: RFID security hardware, Middleware and security, (Public-key) Infrastructures, Case studies
- Resource-efficient implementation of cryptography: Small-footprint hardware, Low-power architectures
- Attacks & Countermeasures on RFID/IoT systems
- New applications for secure RFID/IoT systems
- Data protection for RFID/IoT
- Trust Model, data protection and sharing for EPCglobal network
- RFID sensor security
- Context based RFID/IoT security and privacy
- Privacy-enhancing techniques for RFID/IoT
- Privacy-preserving techniques for RFID/IoT
- Legal aspects of RFID/IoT security and privacy
- Risk assessment & management of RFID/IoT security
- Privacy and security challenges for sensor networks/IoT

For more information, please see http://wuxi.ss.pku.edu.cn/~RFIDSec2011/.

LEET 2011 4th USENIX Workshop on Large-Scale Exploits and Emergent Threats, Boston, MA, USA, March 29, 2011. [posted here 12/6/10]
Now in its fourth year, LEET continues to provide a unique forum for the discussion of threats to the confidentiality of our data, the integrity of digital transactions, and the dependability of the technologies we increasingly rely on. We encourage submissions of papers that focus on the malicious activities themselves (e.g., reconnaissance, exploitation, privilege escalation, rootkit installation, attack), our responses as defenders (e.g., prevention, detection, and mitigation), or the social, political, and economic goals driving these malicious activities and the legal and ethical codes guiding our defensive responses. Topics of interest include but are not limited to:
- Infection vectors for malware (worms, viruses, etc.)
- Botnets, command and control channels
- Spyware
- Operational experience
- Forensics
- Click fraud
- Measurement studies
- New threats and related challenges
- Boutique and targeted malware
- Phishing
- Spam
- Underground economy
- Miscreant counterintelligence
- Carding and identity theft
- Denial-of-service attacks
- Hardware vulnerabilities
- Legal issues
- The arms race (rootkits, anti-anti-virus, etc.)
- New platforms (cellular networks, wireless networks, mobile devices)
- Camouflage and detection
- Reverse engineering
- Vulnerability markets and zero-day economics
- Online money laundering
- Understanding the enemy
- Data collection challenges

For more information, please see http://www.usenix.org/events/leet11/cfp/.

IFIP-CIP 2011 5th Annual IFIP WG 11.10 International Conference on Critical Infrastructure Protection, Hanover, New Hampshire, USA, March 23-25, 2011. [posted here 07/30/10]
The IFIP Working Group 11.10 on Critical Infrastructure Protection is an active international community of researchers, infrastructure operators and policy-makers dedicated to applying scientific principles, engineering techniques and public policy to address current and future problems in information infrastructure protection. Following the success of the first four conferences, the Fifth Annual IFIP WG 11.10 International Conference on Critical Infrastructure Protection will again provide a forum for presenting original, unpublished research results and innovative ideas related to all aspects of critical infrastructure protection. Papers and panel proposals are solicited. Submissions will be refereed by members of Working Group 11.10 and other internationally-recognized experts in critical infrastructure protection. Papers and panel submissions will be selected based on their technical merit and relevance to IFIP WG 11.10. The conference will be limited to seventy participants to facilitate interactions among researchers and intense discussions of research and implementation issues. Papers are solicited in all areas of critical infrastructure protection. Areas of interest include, but are not limited to:
- Infrastructure vulnerabilities, threats and risks
- Security challenges, solutions and implementation issues
- Infrastructure sector interdependencies and security implications
- Risk analysis and risk assessment methodologies
- Modeling and simulation of critical infrastructures
- Legal, economic and policy issues related to critical infrastructure protection
- Secure information sharing
- Infrastructure protection case studies
- Distributed control systems/SCADA security
- Telecommunications network security

For more information, please see http://www.ifip1110.org.

SAC-TRECK 2011 26th ACM Symposium on Applied Computing, Track: Trust, Reputation, Evidence and other Collaboration Know-how (TRECK), TaiChung, Taiwan, March 21-25, 2011. [posted here 07/12/10]
The goal of the ACM SAC 2011 TRECK track remains to review the set of applications that benefit from the use of computational trust and online reputation. Computational trust has been used in reputation systems, risk management, collaborative filtering, social/business networking services, dynamic coalitions, virtual organisations and even combined with trusted computing hardware modules. The TRECK track covers all computational trust/reputation applications, especially those used in real-world applications. The topics of interest include, but are not limited to:
- Trust management, reputation management and identity management
- Pervasive computational trust and use of context-awareness
- Mobile trust, context-aware trust
- Web 2.0 reputation and trust
- Trust-based collaborative applications
- Automated collaboration and trust negotiation
- Trade-off between privacy and trust
- Trust/risk-based security frameworks
- Combined computational trust and trusted computing
- Tangible guarantees given by formal models of trust and risk
- Trust metrics assessment and threat analysis
- Trust in peer-to-peer and open source systems
- Technical trust evaluation and certification
- Impacts of social networks on computational trust
- Evidence gathering and management
- Real-world applications, running prototypes and advanced simulations
- Applicability in large-scale, open and decentralised environments
- Legal and economic aspects related to the use of trust and reputation engines
- User-studies and user interfaces of computational trust and online reputation applications

For more information, please see http://www.trustcomp.org/treck/.

SESOC 2011 3rd International Workshop on Security and Social Networking, Held in conjunction with the PerCom 2011, Seattle, WA, USA, March 21, 2011. [posted here 07/26/10]
Future pervasive communication systems aim at supporting social and collaborative communications: the evolving topologies are expected to resemble the actual social networks of the communicating users and information on their characteristics can be a powerful aid for any network operation. New emerging technologies that use information on the social characteristics of their participants raise entirely new privacy concerns and require new reflections on security problems such as trust establishment, cooperation enforcement or key management. The aim of this workshop is to encompass research advances in all areas of security, trust and privacy in pervasive communication systems, integrating the social structure of the network as well. Topics of Interest include:
- all types of emerging privacy concerns
- new aspects of trust
- decentralized social networking services
- availability and resilience
- community based secure communication
- data confidentiality, data integrity
- anonymity, pseudonymity
- new key management approaches
- secure bootstrapping
- security issues in forwarding, routing
- security aspects regarding cooperation
- new approaches to reputation
- new attack paradigms
- social engineering, and phishing
- new requirements for software security
- malware

For more information, please see http://www.sesoc.org.

CSC 2011 Workshop on Cryptography and Security in Clouds, Zurich, Switzerland, March 15-16, 2011. [posted here 12/6/10]
The cloud computing model offers cheap access to a variety of standardized services, but comes with concerns about the correctness, privacy, and integrity of remote data and computations. Cryptographic mechanisms can reduce such trust by allowing the user to protect its data and computations, as well as to verify aspects of remote computation. The aim of this workshop is to bring together researchers and practitioners working in cryptography and security, from academia and industry, who are interested in the security of current and future cloud computing technology. The workshop considers the viewpoint of cloud-service providers as well as the concerns of cloud users. The goal is to create a dialogue about common goals and to discuss solutions for security problems in cloud computing, with emphasis on cryptographic methods. Topics of interest include:
- Data privacy and integrity
- Proofs of storage
- Remote attestation and verification
- Secure outsourcing of computation
- Verification of outsourced computation
- Storage integrity
- Private remote storage
- Obfuscation of programs and data
- Identity management in cloud computing
- Robust generation of cryptographic random bits
- Cryptosystems with conditional decryption (such as searchable encryption or functional encryption)
- Trusted computing
- Virtualization security

For more information, please see http://www.zurich.ibm.com/~cca/csc2011/.

LightSec 2011 Workshop on Lightweight Security & Privacy: Devices, Protocols, and Applications, Istanbul, Turkey, March 14-15, 2011. [posted here 09/20/10]
The main goal of this workshop is to promote and initiate novel research on the security & privacy issues for applications that can be termed as lightweight security, due to the associated constraints on metrics such as available power, energy, computing ability, area, execution time, and memory requirements. Topics of interest include, but are not limited to:
- Design, analysis and implementation of lightweight cryptographic protocols & applications
- Cryptographic hardware development for constrained domains
- Design, analysis and implementation of security & privacy solutions for wireless embedded systems
- Design, analysis and implementation of lightweight privacy-preserving protocols & systems
- Design and analysis of fast and compact cryptographic algorithms
- Wireless network security for low-resource devices
- Low-power crypto architectures
- Fast and compact biometric-based algorithms for authentication and identification
- Scalable protocols and architectures for security and privacy
- Formal methods for analysis of lightweight cryptographic protocols

For more information, please see http://www.light-sec.org.

WECSR 2011 2nd Workshop on Ethics in Computer Security Research, Bay Gardens Beach Resort, St. Lucia, March 4, 2011. [posted here 09/10/10]
Computer security often leads to discovering interesting new problems and challenges. The challenge still remains to follow a path acceptable for Institutional Review Boards at academic institutions, as well as compatible with ethical guidelines for professional societies or government institutions. However, no exact guidelines exist for computer security research yet. This workshop will bring together computer security researchers, practitioners, policy makers, and legal experts. This workshop solicits submissions describing or suggesting ethical and responsible conduct in computer security research. While we focus on setting standards and sharing prior experiences and experiments in computer security research, successful or not, we tap into research behavior in network security, computer security, applied cryptography, privacy, anonymity, and security economics. This workshop will favor discussions among participants, in order to shape the future of ethical standards in the field.

For more information, please see http://www.cs.stevens.edu/~spock/wecsr2011/.

FC 2011 15th International Conference on Financial Cryptography and Data Security, Bay Gardens Beach Resort, St. Lucia, February 28 - March 4, 2011. [posted here 07/19/10]
Financial Cryptography and Data Security is a major international forum for research, advanced development, education, exploration, and debate regarding information assurance, with a specific focus on commercial contexts. The conference covers all aspects of securing transactions and systems. Original works focusing on both fundamental and applied real-world deployments on all aspects surrounding commerce security are solicited. Submissions need not be exclusively concerned with cryptography. Systems security and inter-disciplinary efforts are particularly encouraged.

For more information, please see http://ifca.ai/fc11/.

CODASPY 2011 1st ACM Conference on Data and Application Security and Privacy, San Antonio, TX, USA, February 21-23, 2011. [posted here 05/10/10]
Data and the applications that manipulate data are the crucial assets in today's information age. With the increasing drive towards availability of data and services anytime anywhere, security and privacy risks have increased. New applications such as social networking and social computing provide value by aggregating input from numerous individual users and/or the mobile devices they carry with them and computing new information of value to society and individuals. Data and applications security and privacy has rapidly expanded as a research field with many important challenges to be addressed. The goal of the conference is to discuss novel exciting research topics in data and application security and privacy and to lay out directions for further research and development in this area. The conference seeks submissions from diverse communities, including corporate and academic researchers, open-source projects, standardization bodies, governments, system and security administrators, software engineers and application domain experts.

For more information, please see http://www.codaspy.org/.

CT-RSA 2011 RSA Conference, The Cryptographers' Track, San Francisco, CA, USA, February 14-18, 2011. [posted here 07/19/10]
The RSA Conference is the largest annual computer security event, with over 350 vendors, and thousands of attendees. The Cryptographers' Track (CT-RSA) is a research conference within the RSA Conference. CT- RSA has begun in 2002, and has become an established venue for presenting cryptographic research papers. Original research papers pertaining to all aspects of cryptography are solicited. Submissions may present applications, techniques, theory, and practical experience on topics including, but not limited to:
- public-key encryption
- symmetric-key encryption
- cryptanalysis
- digital signatures
- hash functions
- cryptographic protocols
- tamper-resistance
- fast implementations
- elliptic-curve cryptography
- lattice-based cryptography
- quantum cryptography
- formal security models
- network security
- hardware security
- e-commerce

For more information, please see http://ct-rsa2011.di.uoa.gr.

FSE 2011 18th International Workshop on Fast Software Encryption, Lyngby, Denmark, February 14-16, 2011. [posted here 09/20/10]
FSE 2011 is the 18th annual Fast Software Encryption workshop, for the tenth year sponsored by the International Association for Cryptologic Research (IACR). Original research papers on symmetric cryptology are invited for submission to FSE 2011. The workshop concentrates on fast and secure primitives for symmetric cryptography, including the design and analysis of block ciphers, stream ciphers, encryption schemes, analysis and evaluation tools, hash functions, and message authentication codes (MACs).

For more information, please see http://fse2011.mat.dtu.dk/.

ESSoS 2011 International Symposium on Engineering Secure Software and Systems, Madrid, Spain, February 9-10, 2011. [posted here 03/29/10]
Trustworthy, secure software is a core ingredient of the modern world. Unfortunately, the Internet is too. Hostile, networked environments, like the Internet, can allow vulnerabilities in software to be exploited from anywhere. To address this, high-quality security building blocks (e.g., cryptographic components) are necessary, but insufficient. Indeed, the construction of secure software is challenging because of the complexity of modern applications, the growing sophistication of security requirements, the multitude of available software technologies and the progress of attack vectors. Clearly, a strong need exists for engineering techniques that scale well and that demonstrably improve the software's security properties. The Symposium seeks submissions on subjects related to its goals. This includes a diversity of topics including (but not limited to):
- scalable techniques for threat modeling and analysis of vulnerabilities
- specification and management of security requirements and policies
- security architecture and design for software and systems
- model checking for security
- specification formalisms for security artifacts
- verification techniques for security properties
- systematic support for security best practices
- security testing
- security assurance cases
- programming paradigms, models and DLS's for security
- program rewriting techniques
- processes for the development of secure software and systems
- security-oriented software reconfiguration and evolution
- security measurement
- automated development
- trade-off between security and other non-functional requirements
- support for assurance, certification and accreditation

For more information, please see http://distrinet.cs.kuleuven.be/events/essos2011/.

NDSS 2011 Network & Distributed System Security Symposium, San Diego, California, USA, February 6-9, 2011. [posted here 06/07/10]
The Network and Distributed System Security Symposium fosters information exchange among researchers and practitioners of network and distributed system security. The target audience includes those interested in practical aspects of network and distributed system security, with a focus on actual system design and implementation. A major goal is to encourage and enable the Internet community to apply, deploy, and advance the state of available network and distributed systems security technology. Special emphasis will be made to accept papers in the core theme of network and distributed systems security. Consequently, papers that cover networking protocols and distributed systems algorithms are especially invited to be submitted. Moreover, practical papers in these areas are also very welcome. Submissions are solicited in, but not limited to, the following areas:
- Integrating security in Internet protocols: routing, naming, network management
- High-availability wired and wireless networks
- Security for Cloud Computing
- Future Internet architecture and design
- Security of Web-based applications and services
- Anti-malware techniques: detection, analysis, and prevention
- Security for future home networks, Internet of Things, body-area networks
- Intrusion prevention, detection, and response
- Combating cyber-crime: anti-phishing, anti-spam, anti-fraud techniques
- Privacy and anonymity technologies
- Security for emerging technologies: sensor networks, wireless/mobile (and ad hoc) networks, and personal communication systems
- Security for Vehicular Ad-hoc Networks (VANETs)
- Security for peer-to-peer and overlay network systems
- Security for electronic commerce: e.g., payment, barter, EDI, notarization, timestamping, endorsement, and licensing
- Implementation, deployment and management of network security policies
- Intellectual property protection: protocols, implementations, metering, watermarking, digital rights management
- Public key infrastructures, key management, certification, and revocation
- Special problems and case studies: e.g., tradeoffs between security and efficiency, usability, reliability and cost
- Security for collaborative applications: teleconferencing and video-conferencing
- Security for large-scale systems and critical infrastructures (e.g., electronic voting, smart grid)
- Applying Trustworthy Computing mechanisms to secure network protocols and distributed systems

For more information, please see http://hotcrp.cylab.cmu.edu/ndss11/.

IFIP-DF 2011 7th Annual IFIP WG 11.9 International Conference on Digital Forensics, Orlando, Florida, USA, January 30 – February 2, 2011. [posted here 05/10/10]
The IFIP Working Group 11.9 on Digital Forensics (www.ifip119.org) is an active international community of scientists, engineers and practitioners dedicated to advancing the state of the art of research and practice in the emerging field of digital forensics. The Seventh Annual IFIP WG 11.9 International Conference on Digital Forensics will provide a forum for presenting original, unpublished research results and innovative ideas related to the extraction, analysis and preservation of all forms of electronic evidence. Papers and panel proposals are solicited. All submissions will be refereed by a program committee comprising members of the Working Group. Papers and panel submissions will be selected based on their technical merit and relevance to IFIP WG 11.9. The conference will be limited to approximately sixty participants to facilitate interactions between researchers and intense discussions of critical research issues. Keynote presentations, revised papers and details of panel discussions will be published as an edited volume – the seventh in the series entitled Research Advances in Digital Forensics (Springer) in the summer of 2011. Revised and/or extended versions of selected papers from the conference will be published in special issues of one or more international journals. Technical papers are solicited in all areas related to the theory and practice of digital forensics. Areas of special interest include, but are not limited to:
- Theories, techniques and tools for extracting, analyzing and preserving digital evidence
- Network forensics
- Portable electronic device forensics
- Digital forensic processes and workflow models
- Digital forensic case studies
- Legal, ethical and policy issues related to digital forensics

For more information, please see http://www.ifip119.org.

CCNC-Secuity 2011 8th IEEE Consumer Communications and Networking Conference, Security and Content Protection Track, Las Vegas, NV, USA, January 8-11, 2011. [posted here 06/07/10]
The Security and Content Protection Track focuses on security and privacy issues in all areas of consumer communications and networking. The topics include, but are not limited to:
- Security for Home Networks, PANs & BANS
- Firewalls and Intrusion Detection
- Worm and Malware Defences
- Combating Phishing and Spam
- Secure Configuration
- Consumer-friendly Security Models & Tools
- Portable Devices Disinfection
- Control of Personal Data
- Reputation and Trust Mechanisms
- Authentication, Authority and Auditing for CE
- Copyright and Privacy Protection
- Digital Rights Management
- Streaming and Network Anonymity

For more information, please see http://icsd.i2r.a-star.edu.sg/staff/jianying/ccnc2011-scp.html.