Cipher
Calls for Papers



IEEE Computer Society's Technical Committee on Security and Privacy


 

Past Conferences and Journal Special Issues

Last Modified:12/24/12

Note: Please contact cipher-cfp@ieee-security.org by email if you have any questions..

Contents

Past journals announcements

Past conferences and other announcements

 
       

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

2003

2002

2001

2000

1999

1998

1997

 

Past Conferences and Other Announcements - 2012

ICISS 2012 8th International Conference on Information Systems Security, Guwahati, India, December 15-19, 2012. [posted here 04/09/12]
The conference series ICISS provides a forum for disseminating latest research results in information and systems security. Submissions are encouraged from academia, industry and government addressing theoretical and practical problems in information and systems security and related areas. Research community and academics are invited to submit theoretical and application oriented full and short papers making a significant research contribution on Information Systems Security. Papers with original research and unpublished work are to be submitted. Topics of interest include (but not limited to):
- Application Security
- Formal Methods in Security
- Operating System Security
- Authentication and Access Control
- Intrusion Detection, Prevention & Response
- Privacy and Anonymity
- Biometric Security
- Intrusion Tolerance and Recovery
- Security in P2P, Sensor and Ad Hoc Networks
- Data Security
- Key Management and Cryptographic Protocols
- Software Security
- Digital Forensics and Diagnostics
- Language-based Security
- Vulnerability Detection and Mitigation
- Digital Rights Management
- Malware Analysis and Mitigation
- Web Security
- Distributed System Security
- Network Security

For more information, please see http://www.iitg.ernet.in/iciss2012/.

CSS 2012 4th International Symposium on Cyberspace Safety and Security, Melbourne, Australia, December 12-13, 2012. [posted here 06/25/12]
A large fraction of the population in the world now spends a great deal of time in cyberspace. Cyberspace has become a critical infrastructure that is embedded in almost all other critical infrastructures and enables every movement of human society. It is thus very much in the public interest to have a safe and secure cyberspace. In the past several years, there has been large number of attacks in cyberspace, such as attacks on the Internet, attacks on embedded/real-time computing and control systems, and attacks on dedicated computing facilities. Many research efforts have been made to achieve cyberspace safety and security, such as blocking and limiting the impact of compromise, enabling accountability, promoting deployment of defense systems, and deterring potential attackers and penalizing attackers. In this context, we focus our program on Cyberspace Safety and Security, such as authentication, access control, availability, integrity, privacy, confidentiality, dependability and sustainability issues of cyberspace. The aim of this symposium is to provide a leading edge forum to foster interaction between researchers and developers with the cyberspace safety and security communities, and to give attendees an opportunity to network with experts in this area. The symposium will be a highly focused, professional, high quality, and social event.

For more information, please see http://anss.org.au/css2012.

LISA 2012 26th Large Installation System Administration Conference, San Diego, CA, USA, December 9-14, 2012. [posted here 03/19/12]
The annual LISA conference is the meeting place of choice for system and network administrators and engineers; it is the crossroads of Web operations, DevOps, enterprise computing, educational computing, and research computing. The conference serves as a venue for a lively, diverse, and rich mix of technologists of all specialties and levels of expertise. LISA is the place to teach and learn new skills, debate current issues, and meet industry gurus, colleagues, and friends.

For more information, please see http://www.usenix.org/lisa12/.

MANSEC-CC 2012 1st International workshop on Management and Security technologies for Cloud Computing, Held in conjunction with the 2012 IEEE GLOBECOM, Disneyland Hotel, Anaheim, California, USA, December 3-7, 2012. [posted here 04/30/12]
The last five years Cloud Computing (CC) has generated increasing interest from both industry and academia. The CC, considered a natural evolution of distributed computing and of the widespread adaption of virtualization and SOA, aims to provide as services IT-related capabilities and resources, via the Internet and on-demand, hiding from the resource consumer the underlying technology. However, this new paradigm comes with new challenges and several open issues must be resolved in order to be largely adopted. Ensuring security and quality of service, reliability and accountability, improving large system operation and maintenance are main challenges for this new model. As a result, Security and Management appear as two ecosystems of considerable importance for the CC paradigm, which will further benefit from research and the exploitation of potential synergies. For that reason, the ManSec-CC 2012 workshop aims to provide a central forum where researchers and practitioners from security and management domains of cloud-centric and outsourced computing, will converge and deal with the challenges of the CC paradigm. Topics include but are not limited to:
- Access Control Management
- Artificial Intelligence Approaches to Cloud Computing Management
- Auditing, Monitoring and Scheduling
- Business Continuity and Disaster Recovery
- Cloud Architectures, Infrastructures and Workflows
- Cloud Computing and Network Communications
- Cloud Storage, Data Management and Distribution
- Cloud-centric Regulatory Compliance Issues and Mechanisms
- Copyright Protection in the Cloud
- Denial of Service (DoS) Attacks
- Energy Management in Cloud Environments
- Experimental Platforms that Support Cloud Management Research
- Forensics in Cloud Environments
- Foundations of Cloud Oriented Threat Models
- Intrusion Detection and Prevention
- Legal and Regulatory Frameworks for Clouds
- Management and Security for Cloud-based Services and Applications
- Management of Heterogeneous Clouds
- Management of Large Systems
- Metrics, Techniques, and Experiments for Evaluating Cloud Management Architectures
- Mobility Management in Cloud Environments
- Monitoring, Logging and Auditing
- Network Security Mechanisms for Clouds
- Novel Programming Models for Secure Large Computing
- Performance Evaluation for Security Solutions
- Policy Based Management of Cloud Systems
- Portability, Interoperability and Standards
- Practical Cryptographic Protocols for Cloud Security
- Practical Privacy Mechanisms for Outsourcing
- QoS & Performance Management in Cloud Computing
- Resource Discovery, Management and Registration
- Robust and Reliable Network Architecture
- Scalable and Robust Scheduling on Heterogeneous Architectures
- Scalable Fault Resilience Techniques for Large Computing
- Secure Cloud Resource Virtualization Mechanisms
- Secure Computation and Data Outsourcing
- Secure Payment for Cloud Services
- Secure Resource Allocation and Indexing
- Securing Distributed Data Storage in Cloud
- Security and Privacy Policies
- Security Model for New Services
- Security Risk Assessment Models for Clouds
- Self-configuration, Self-healing, Self-monitoring
- Service Integration and Management
- Service level Agreement and Specifications
- Solutions for Big data;Trust and Identity Management for Clouds
- Trusted Computing Technology and Secure Hardware for Clouds

For more information, please see http://www.icsd.aegean.gr/ccsl/mansec-cc/.

ACSAC 2012 28th Annual Computer Security Applications Conference, Buena Vista Palace Hotel & Spa in the Walt Disney World Resort, Florida, USA, December 3-7, 2012. [posted here 04/09/12]
The Annual Computer Security Applications Conference (ACSAC) is an internationally recognized forum where practitioners, researchers, and developers in information and system security meet to learn and to exchange practical ideas and experiences. If you are developing, researching, or implementing practical security solutions, consider sharing your experience and expertise at ACSAC. We are especially interested in submissions that address the application of security technology, the implementation of systems, and lessons learned. Some example topics are:
- Access control
- Assurance
- Audit
- Biometrics
- Boundary control
- Cloud security
- Cybersecurity
- Denial of service protection
- Distributed systems security
- Electronic commerce security
- Enterprise security management
- Forensics
- Identity management
- Incident response planning
- Insider threat protection
- Integrity
- Intellectual property rights protection
- Intrusion detection and prevention
- Malware
- Mobile and wireless security
- Multimedia security
- Network resiliency
- Operating systems security
- Peer-to-peer security
- Privacy and data protection
- Privilege management
- Product evaluation and compliance
- Resilience
- Security engineering
- Security usability
- Software security
- Supply chain risk
- Trust management
- Virtualization security
- VoIP security
- Web 2.0/3.0 security

For more information, please see http://www.acsac.org.

WIFS 2012 IEEE International Workshop on Information Forensics and Security, Tenerife, Spain, December 2-5, 2012. [posted here 04/09/12]
The IEEE International Workshop on Information Forensics and Security (WIFS) is the primary annual event organized by the IEEE's Information Forensics and Security Technical Committee (IEEE IFS TC). Being the main annual event organized by IEEE IFS TC, the scope of WIFS is broader than other more specific conferences, and it represents the most prominent venue for researchers to exchange ideas and identify potential areas of collaboration. Focusing on these targets, the conference will feature three keynote speakers, up to four tutorials, a track of lecture and poster sessions.

For more information, please see http://www.wifs12.org/.

INSCRYPT 2012 8th China International Conference on Information Security and Cryptology, Beijing, China, November 28 - December 1, 2012. [posted here 07/23/12]
Inscrypt 2012 seeks high-quality research contributions in the form of well developed papers. Topics of interest encompass research advances in ALL areas of information security, cryptology, and their applications:
- Access Control
- Authentication and Authorization
- Biometric security
- Block cipher modes of operation
- Cloud computing security
- Database security
- Digital asset security and protection
- Electronic Commerce Security
- Foundations of Cryptography
- Hash functions and MACs
- Information Hiding and Watermarking
- Intrusion Detection
- Key Management and Key Recovery
- Mobile network Security
- Network Security
- Operating system security
- Privacy protection
- Risk evaluation and security modeling
- Secret Key and Public Key Cryptography
- Security issues in Internet of Things
- Security and Cryptographic Protocols
- Software security and protection
- System security

For more information, please see http://inscrypt2012.im.pwr.wroc.pl/2012/Inscrypt_2012.html.

NSS 2012 6th International Conference on Network and System Security, Wu Yi Shan, Fujian, China, November 21-23, 2012. [posted here 12/12/11]
NSS is an annual international conference covering research in network and system security. The conference seeks submissions from academia, industry, and government presenting novel research on all theoretical and practical aspects of network security, privacy, applications security, and system security. Papers describing case studies, implementation experiences, and lessons learned are also encouraged. Topics of interest include but are not limited to:
- Active Defense Systems
- Hardware Security
- Security in P2P systems
- Adaptive Defense SystemsAnalysis
- Benchmark of Security Systems
- Identity Management
- Intelligent Defense Systems
- Security in Cloud and Grid Systems
- Security in E-Commerce
- Applied Cryptography
- Authentication
- Insider Threats
- Intellectual Property Rights Protection
- Security in Pervasive/Ubiquitous Computing
- Security and Privacy in Smart Grid
- Biometric Security
- Complex Systems Security
- Internet and Network Forensics
- Intrusion Detection and Prevention
- Secure Mobile Agents and Mobile Code
- Security and Privacy in Wireless Networks
- Database and System Security
- Data Protection Key Distribution and Management
- Large-scale Attacks and Defense Security Policy
- Security Protocols
- Data/System Integrity
- Distributed Access Control
- Malware
- Network Resiliency
- Security Simulation and Tools
- Security Theory and Tools
- Distributed Attack Systems
- Network Security
- Standards and Assurance Methods
- Denial-of-Service
- RFID Security and Privacy
- Trusted Computing
- High Performance
- Network Virtualization
- Security Architectures
- Trust Management
- High Performance Security Systems
- Security for Critical Infrastructures
- World Wide Web Security

For more information, please see http://anss.org.au/nss2012/index.html.

HST 2012 12th IEEE Conference on Technologies for Homeland Security, Waltham, MA, USA, November 13-15, 2012. [posted here 02/20/12]
This conference brings together innovators from leading universities, research laboratories, Homeland Security Centers of Excellence, small businesses, system integrators and the end user community and provides a forum to discuss ideas, concepts and experimental results. Produced by IEEE with technical support from DHS S&T, IEEE Biometrics Council, IEEE Boston Section, and IEEE-USA and organizational support from MIT Lincoln Laboratory, Raytheon, Battelle, and MITRE, this year’s event will showcase selected technical papers and posters highlighting emerging technologies in the areas of:
- Cyber Security
- Attack and Disaster Preparation, Recovery, and Response
- Land and Maritime Border Security
- Biometrics & Forensics

For more information, please see http://www.ieee-hst.org/.

RFIDsec-Asia 2012 Workshop on RFID and IoT Security, Taipei, Taiwan, November 8-9, 2012. [posted here 05/14/12]
The workshop series of RFIDsec Asia, the Asia branch of RFIDsec, aims to provide researchers, enterprises and governments a platform to investigate, discuss and propose new solutions on security and privacy issues of RFID/IoT (Internet of Things) technologies and applications. Papers with original research in theory and practical system design concerning RFID/IoT security are solicited. Topics of the workshop include but are not limited to:
- New applications for secure RFID/ IoT systems
- Data integrity and privacy protection techniques for RFID/ IoT
- Attacks and countermeasures on RFID/IoT systems
- Design and analysis on secure RFID/IoT hardware
- Risk assessment and management on RFID/IoT applications
- Trust model, data aggregation and information sharing for EPCglobal network and sensor network
- Resource-efficient implementation of cryptography
- Integration of secure RFID/IoT systems
- Cryptographic protocols for RFID/IoT systems

For more information, please see http://rfidsec2012.cs.ntust.edu.tw.

GameSec 2012 3rd Conference on Decision and Game Theory for Security, Budapest, Hungary, November 5-6, 2012. [posted here 04/09/12]
The conference will explore security as a multifaceted economic problem by considering the complexities of the underlying technical infrastructure, and human and social factors. Securing resources involves decision making on multiple levels and multiple time scales, given the limited resources available to both malicious attackers and administrators defending networked systems. The GameSec conference aims to bring together researchers who are working on the theoretical foundations and behavioral aspects of enhancing security capabilities in a principled manner. Previous GameSec contributions included analytic models based on game, information, communication, optimization, decision, and control theories that were applied to diverse security topics. In addition, we welcome research that highlights the connection between economic incentives and real world security, reputation, trust and privacy problems. The conference is soliciting full and short papers on all economic aspects of security and privacy. Submitted papers will be evaluated based on their significance, originality, technical quality, and exposition. They should clearly establish the research contribution, their relevance to security and privacy, and their relation to prior research. General theoretic contributions are welcome if they discuss potential scenarios of application in the areas of security and privacy.

For more information, please see http://www.gamesec-conf.org.

SPACE 2012 International Conference on Security, Privacy and Applied Cryptography Engineering, Chennai, India, November 2-3, 2012. [posted here 06/25/12]
Original papers are invited on any aspect of Applied Cryptography, Cryptographic Engineering or Engineering aspects of Security. All accepted papers will be published in LNCS series proceedings by Springer. The topics for SPACE 2012 include but are not limited to:
- Symmetric-key algorithms and cryptanalysis
- Cryptographic implementations
- Side channel analysis and countermeasures
- Fault tolerance of cryptosystems
- Physically uncloneable functions
- Public-key schemes and cryptanalysis
- Analysis and design of security protocols
- Security of systems and applications
- High-performance computing in cryptology
- Cryptography in ubiquitous devices
- Trusted computing
- Anonymity and privacy
- Data base security
- Operating system security
- Cloud and grid security
- Network security, botnets, intrusion detection

For more information, please see http://space.cse.iitm.ac.in/.

Nordsec 2012 17th Nordic Conference in Secure IT Systems, Karlskrona, Sweden, October 31 - November 2, 2012. [posted here 03/12/12]
Since 1996, the NordSec conferences have brought together computer security researchers and practitioners from around the world, particular from the Nordic countries and Northern Europe. The conference focuses on applied IT security and is intended to encourage interaction between academic and industrial research. Contributions should reflect original research, developments, studies and practical experience within all areas of IT security. NordSec 2012 welcomes contributions over a broad range of topics in IT security, including, but not limited to, the following areas:
- Applied Cryptography
- Information Warfare & Cyber Security
- Communication & Network Security
- Wireless and Mobile Security
- Computer Crime and Forensics
- Hardware Security
- Virtual Platform Security
- Web and Cloud Security
- Identity Management
- Authentication and Biometrics
- Firewalls and Intrusion Detection
- New Ideas and Paradigms in Security
- Operating System Security
- PKI Systems and Key Escrow
- Privacy & Anonymity
- Security Education and Training
- Security Evaluations and Assurance
- Security Management and Audit
- Social-Engineering and Phishing
- Software and Application Security
- Trust and Reputation Management

For more information, please see http://www.bth.se/com/nordsec2012.nsf/pages/nordsec2012.

NPSec 2012 7th Workshop on Secure Network Protocols, Austin, Texas, USA, October 30, 2012. [posted here 04/09/12]
NPSec focuses on two general areas. The first focus is on the development and analysis of secure or hardened protocols for the operation (establishment and maintenance) of network infrastructure, including such targets as secure multidomain, ad hoc, sensor or overlay networks, or other related target areas. This can include new protocols, enhancements to existing protocols, protocol analysis, and new attacks on existing protocols. The second focus is on employing such secure network protocols to create or enhance network applications. Examples include collaborative firewalls, incentive strategies for multiparty networks, and deployment strategies to enable secure applications. Papers of special merit might be considered for fast track publication in the Computer Communications journal.

For more information, please see http://www.cse.msu.edu/~feichen/NPSec2012/.

ICICS 2012 14th International Conference on Information and Communications Security, Hong Kong, October 29-31, 2012. [posted here 05/14/12]
ICICS brings together individuals involved in multiple disciplines of Information and Communications Security in order to foster exchange of ideas. Original papers on all aspects of information and communications security are solicited for submission to ICICS2012. Areas of interest include, but are not limited to:
- Access control
- Intellectual Property Protection
- Anti-Virus and Anti-Worms
- Intrusion Detection
- Anonymity
- Key Management and Key Recovery
- Authentication and Authorization
- Language-based Security
- Biometric Security
- Operating System Security
- Data and System Integrity
- Network Security
- Database Security
- Risk Evaluation and Security Certification
- Distributed Systems Security
- Security for Mobile Computing
- Electronic Commerce Security
- Security Models
- Fraud Control
- Security Protocols
- Grid Security
- Trusted Computing and trustworthy computing technology
- Information Hiding and Watermarking
- Engineering issues of Cryptographic and Security Systems
- Computer / Digital Forensics

For more information, please see http://www.cs.hku.hk/icics2012/.

eCrime-Summit 2012 7th IEEE eCrime Researchers Summit, Held in conjunction with the 2012 APWG General Meeting, Las Croabas, Puerto Rico, October 23-24, 2012. [posted here 05/28/12]
eCRS 2012 will bring together academic researchers, security practitioners, and law enforcement to discuss all aspects of electronic crime and ways to combat it, Topics of interests include (but are not limited to):
- Case studies of current attack methods, including phishing, malware, rogue antivirus, pharming, crimeware, botnets, and emerging techniques
- Case studies of online advertising fraud, including click fraud, malvertising, cookie stuffing, and affiliate fraud
- Case studies of large-scale take-downs, such as coordinated botnet disruption
- Technical, legal, political, social and psychological aspects of fraud and fraud prevention
- Economics of online crime, including measurement studies of underground economies and models of e-crime
- Uncovering and disrupting online criminal collaboration and gangs
- Financial infrastructure of e-crime, including payment processing and money laundering
- Techniques to assess the risks and yields of attacks and the effectiveness of countermeasures
- Delivery techniques, including spam, voice mail, social network and web search manipulation; and countermeasures
- Techniques to avoid detection, tracking and take-down; and ways to block such techniques
- Best practices for detecting and avoiding damages to critical internet infrastructure, such as DNS and SCADA, from electronic crime activities

For more information, please see http://ecrimeresearch.org.

LCN-SICK 2012 Workshop on Security in Communications Networks, Held in Conjunction with IEEE LCN 2012, Clearwater, FL, USA, October 22-25, 2012. [posted here 03/12/12]
Recent years have seen growth in the number of services and applications that enable groups of people and/or devices to communicate and collaborate in real-time. Often times, these groups are spontaneously formed based on a common interest or objective, have a limited life span and use one or more network technologies to connect group members with available resources and each other. Examples range from multi-player online games and video conferencing to the coordination of first responders at a crime scene or troops in a battlefield. Secure group communication is a difficult problem that needs to be addressed to guarantee the confidentiality, integrity, and availability of these applications. Challenges include user mobility, device heterogeneity, lack of infrastructure, cross domain interactions, as well as dynamic memberships without pre-configuration. The main purpose of this workshop is to promote further research interests and activities on Secure Group Communication. This workshop aims to increase the synergy between academic and industrial researchers working in this area. We are interested in experimental, systems-related, and work-in-progress papers in all aspects of Secure Group Communications.

For more information, please see http://www.sick-workshop.org/.

AISec 2012 5th ACM Workshop on Artificial Intelligence and Security, Held in conjunction with ACM CCS 2012, Sheraton Raleigh Hotel, Raleigh, NC, USA, October 19, 2012. [posted here 05/14/12]
The applications of artificial intelligence, machine learning, and data mining for security and privacy problems continue to grow. One recent trend is the growth of Big Data Analytics and the establishment of Security Information and Event Management systems built to obtain security intelligence and situational awareness. With the advent of cloud computing, every advantage the cloud offers, such as large-scale machine learning and data-driven abuse detection, is being leveraged to improve security. We invite original research papers describing the use of AI or machine learning in security and privacy problems. We also invite position and open problem papers discussing the role of AI or machine learning in security and privacy. Submitted papers of these types may not substantially overlap papers that have been published previously or that are simultaneously submitted to a journal or conference/workshop proceedings. Finally we welcome a new systematization of knowledge category of papers this year, which should distill the AI or machine learning contributions of a previously published series of security papers. Topics of interest include, but are not limited to:
- Adversarial Learning
- Robust Statistics
- Online Learning
- Computer Forensics
- Spam detection
- Botnet detection
- Intrusion detection
- Malware identification
- Big data analytics for security
- Adaptive side-channel attacks
- Privacy-preserving data mining
- Design and analysis of CAPTCHAs
- Phishing detection and prevention
- AI approaches to trust and reputation
- Vulnerability testing through intelligent probing (e.g. fuzzing)
- Content-driven security policy management & access control
- Techniques and methods for generating training and test sets
- Anomalous behavior detection (e.g. for the purposes of fraud prevention, authentication)

For more information, please see http://research.microsoft.com/en-us/events/aisec2012/default.aspx.

STC 2012 7th ACM Workshop on Scalable Trusted Computing, Held in conjunction with ACM CCS 2012, Sheraton Raleigh Hotel, Raleigh, NC, USA, October 19, 2012. [posted here 04/30/12]
Built on the continuous success of ACM STC 2006-2011, this workshop focuses on fundamental technologies of trusted and high assurance computing and its applications in large-scale systems with varying degrees of trust. The workshop is intended to serve as a forum for researchers as well as practitioners to disseminate and discuss recent advances and emerging issues. The workshop solicits two types of original papers: full papers and short/work-in-progress/position-papers. A paper submitted to this workshop must not be in parallel submission to any other journal, magazine, conference or workshop with proceedings. Topics of interests include but not limited to:
- security policies and models of trusted computing
- architecture and implementation technologies for trusted platform
- limitations, alternatives and tradeoffs regarding trusted computing
- trusted computing in cloud and data center
- cloud-based attestation services
- trusted smartphone devices and systems
- trust in smart grid, energy, and Internet of Things
- trusted emerging and future Internet infrastructure
- trusted online social network
- trust in authentications, users and computing services
- hardware based trusted computing
- software based trusted computing
- pros and cons of hardware based approach
- remote attestation of trusted devices
- censorship-freeness in trusted computing
- cryptographic support in trusted computing
- case study in trusted computing
- principles for handling scales
- scalable trust supports and services in cloud
- trusted embedded computing and systems
- virtualization and trusted computing

For more information, please see http://www.cs.utsa.edu/~acmstc/stc2012/.

CCSW 2012 ACM Cloud Computing Security Workshop, Held in conjunction with ACM CCS 2012, Sheraton Raleigh Hotel, Raleigh, NC, USA, October 19, 2012. [posted here 04/30/12]
Notwithstanding the latest buzzword (grid, cloud, utility computing, SaaS, etc.), large-scale computing and cloud-like infrastructures are here to stay. How exactly they will look like tomorrow is still for the markets to decide, yet one thing is certain: clouds bring with them new untested deployment and associated adversarial models and vulnerabilities. It is essential that our community becomes involved at this early stage. The CCSW workshop aims to bring together researchers and practitioners in all security aspects of cloud-centric and outsourced computing, including:
- practical cryptographic protocols for cloud security
- secure cloud resource virtualization mechanisms
- secure data management outsourcing (e.g., database as a service)
- practical privacy and integrity mechanisms for outsourcing
- foundations of cloud-centric threat models
- secure computation outsourcing
- remote attestation mechanisms in clouds
- sandboxing and VM-based enforcements
- trust and policy management in clouds
- secure identity management mechanisms
- new cloud-aware web service security paradigms and mechanisms
- cloud-centric regulatory compliance issues and mechanisms
- business and security risk models and clouds
- cost and usability models and their interaction with security in clouds
- scalability of security in global-size clouds
- trusted computing technology and clouds
- binary analysis of software for remote attestation and cloud protection
- network security (DOS, IDS etc.) mechanisms for cloud contexts
- security for emerging cloud programming models
- energy/cost/efficiency of security in clouds

For more information, please see http://crypto.cs.stonybrook.edu/ccsw12.

SPSM 2012 Workshop on Security and Privacy in Smartphones and Mobile Devices, Held in conjunction with ACM CCS 2012, Sheraton Raleigh Hotel, Raleigh, NC, USA, October 19, 2012. [posted here 06/25/12]
Recognizing smartphone security and privacy as an emerging area, this workshop intends to provide a venue for interested researchers and practitioners to get together and exchange ideas, thus to deepen our understanding to various security and privacy issues on smartphones, specifically the platforms such as iOS and Android. Topics of interests include (but are not limited to) the following subject categories: device/hardware security, OS/Middleware security, application security, authenticating users to devices and services, mobile Web Browsers, usability, privacy, rogue application detection and recovery, vulnerability detection and remediation, secure application development, cloud support for mobile security. We also would like to especially encourage novel paradigms and controversial ideas that are not on the above list. The workshop is to act as a venue for creative debate and interaction in security- and privacy-sensitive areas of computing and communication impacted by smartphones.

For more information, please see http://www.spsm-workshop.org/2012/.

MMM-ACNS 2012 6th International Conference on Mathematical Methods, Models, and Architectures for Computer Network Security, St. Petersburg, Russia, October 17-20, 2012. [posted here 05/14/12]
These conference and workshop bring together leading researchers from academia and governmental organizations as well as practitioners to advance the states of the art and practice in the area of computer networks and information security with a focus on novel theoretical aspects of computer network security, facilitate personal interactions and discussions on various aspects of information technologies in conjunction with computer network and information security problems arising in large-scale computer networks. MMM-ACNS-2012's scope includes, but is not restricted to the following areas:
- Adaptive security
- Anti-malware techniques: detection, analysis, prevention
- Anti-phishing, anti-spam, anti-fraud, anti-botnet techniques
- Applied cryptography
- Authentication, authorization and access control
- Cloud Security
- Computer and network forensics
- Covert channels
- Critical infrastructure protection
- Data and application security
- Data mining, machine learning, and bio-inspired approaches for security
- Deception systems and honeypots
- Denial-of-service attacks and countermeasures
- Digital Rights Management
- eCommerce, eBusiness and eGovernment security
- Embedded system security
- Formal analysis of security properties
- Information warfare
- Internet and web security
- Intrusion prevention, detection, and response
- Language-based security
- Network survivability
- New ideas and paradigms for security
- Operating system security
- Reliability and dependability
- Risks metrics, risk analysis and risk management
- Security and privacy in pervasive and ubiquitous computing
- Security event and information management
- Security for large-scale systems and critical infrastructures
- Security in social networks
- Security of emerging technologies: sensor, wireless/mobile, peer-to-peer and overlay networks
- Security of autonomous agents and multi-agent systems
- Security modeling and simulation
- Security policies
- Security protocols
- Security verification
- Security visualization
- Self-protecting and healing
- Smartphone security
- Software protection
- Trusted computing
- Trust and reputation management
- Vulnerability assessment

For more information, please see http://comsec.spb.ru/mmm-acns12/.

ACM-CCS 2012 19th ACM Conference on Computer and Communications Security, Raleigh, North Carolina, USA, October 16-18, 2012. [posted here 01/23/12]
The annual ACM Computer and Communications Security Conference is a leading international forum for information security researchers, practitioners, developers, and users to explore cutting-edge ideas and results, and to exchange techniques, tools, and experiences. The conference seeks submissions from academia, government, and industry presenting novel research on all practical and theoretical aspects of computer and communications security. Papers should have relevance to the construction, evaluation, application, or operation of secure systems. Theoretical papers must make a convincing argument for the practical significance of the results. All topic areas related to computer and communications security are of interest and in scope. Accepted papers will be published by ACM Press in the conference proceedings. Outstanding papers will be invited for possible publication in a special issue of the ACM Transactions on Information and System Security.

For more information, please see http://www.sigsac.org/ccs/CCS2012/.

BADGERS 2012 ACM Workshop on Building Analysis Datasets and Gathering Experience Returns for Security, Held in conjunction with ACM CCS 2012, Sheraton Raleigh Hotel, Raleigh, NC, USA, October 15, 2012. [posted here 05/14/12]
The BADGERS workshop is concerned with the use of Big Data for security and is intended to report on initiatives for Internet-scale security-related data collection and analysis. It will provide an environment to describe existing real-world, large-scale datasets, and to share with the security community the return on experiences acquired by analyzing such collected data. Furthermore, novel approaches to collect and study such data sets are welcome. Main topics of interest:
- scalable data collection from networks, hosts, or applications
- real-time gathering and aggregation of diverse sets of raw data
- summarization of raw data with respect to security goals
- attack-resilient data collection
- characterization of dataset external validity
- scalability of security analysis with data volume
- scalability of security analysis with concurrent-attack volume
- combined historical and real-time security analysis
- evaluating result accuracy for large datasets
- real-time, incremental anonymization for data sharing
- successful, failed, and novel models of data sharing
- sharing of analysis results and supporting data
- Internet-scale sharing of security knowledge
- legal issues around data collection and sharing

For more information, please see http://www.badgersconf.com/.

WPES 2012 Workshop on Privacy in the Electronic Society, Held in conjunction with ACM CCS 2012, Sheraton Raleigh Hotel, Raleigh, NC, USA, October 15, 2012. [posted here 06/25/12]
The need for privacy-aware policies, regulations, and techniques has been widely recognized. This workshop discusses the problems of privacy in the global interconnected societies and possible solutions. The 2012 Workshop, held in conjunction with the ACM CCS conference, is the eleventh in a yearly forum for papers on all the different aspects of privacy in today's electronic society. The workshop seeks submissions from academia and industry presenting novel research on all theoretical and practical aspects of electronic privacy, as well as experimental studies of fielded systems. We encourage submissions from other communities such as law and business that present these communities' perspectives on technological issues. Topics of interest include, but are not limited to:
- anonymity, pseudonymity, and unlinkability
- data privacy
- economics of privacy
- electronic commerce privacy
- health information privacy
- identity management
- location privacy
- personally identifiable information
- privacy and anonymity in the Web
- privacy and confidentiality management
- privacy and data mining
- privacy and human rights
- privacy enhancing technologies
- privacy in health care and public administration
- privacy in mobile computing
- privacy in pervasive and ubiquitous computing
- privacy in social networks
- privacy in the cloud systems
- privacy in the electronic records
- privacy metrics
- privacy policies
- privacy threats
- privacy vs. security
- privacy-aware access control
- privacy-preserving computation
- public records and personal privacy
- traffic analysis
- unobservability
- usability of privacy technologies
- user profiling
- wireless privacy

For more information, please see http://hatswitch.org/wpes2012/.

SRDS 2012 31st International Symposium on Reliable Distributed Systems, Irvine, California, USA, October 8-11, 2012. [posted here 01/23/12]
The Symposium on Reliable Distributed Systems is a forum for researchers and practitioners interested in distributed systems design, development and evaluation, with emphasis on reliability, availability, safety, security, trust and real time. We welcome original research papers as well as practical experience reports that deal with design, development and experimental results of operational systems. The major areas of interest include, but are not limited to, the following topics:
- Cloud computing and virtualization
- Autonomic, pervasive, and ubiquitous computing
- Secure and trusted storage systems
- Secure and dependable web services
- High-confidence and Safety-critical systems
- Parallel and distributed operating systems
- Distributed objects and middleware systems
- Fault-tolerant and secure sensor networks
- Event-based processing and peer-to-peer infrastructures
- Distributed databases and transaction processing
- Distributed measurement, monitoring, and predictions
- Wireless ad hoc networks
- Electronic commerce and enabling technologies
- Formal methods and foundations for dependable distributed computing
- Analytical or experimental evaluations of dependable distributed systems
- Internet-based systems and applications
- Scalable systems design
- QoS control and assessment
- Trust and scalable system design in social networks
- Social media and privacy issues

For more information, please see http://web.mst.edu/~cswebdb/srds2012/.

SSS 2012 14th International Symposium on Stabilization, Safety, and Security of Distributed Systems, Toronto, Canada, October 1-4, 2012. [posted here 01/16/12]
The SSS symposium is a prestigious international forum for researchers and practitioners in the design and development of fault-tolerant distributed systems with self-* properties, such as self-stabilizing, self-configuring, self-organizing, self-managing, self-repairing, self-healing, self-optimizing, self-adaptive, and self-protecting systems. Research in distributed systems is now at a crucial point in its evolution, marked by the importance of dynamic systems such as cloud networks, social networks, peer-to-peer networks, large-scale wireless sensor networks, mobile ad hoc networks, etc., and many new applications such as grid and web services, banking and e-commerce, e-health and robotics, aerospace and avionics, automotive, industrial process control, etc. have joined the traditional applications of distributed systems.

For more information, please see http://www.cs.uwaterloo.ca/sss2012/.

SADFE 2012 7th International Workshop on Systematic Approaches to Digital Forensics Engineering, Held in conjunction with the United Nations Educational, Scientific and Cultural Organization (UNESCO) Conference - The Memory of the World in the Digital Age: Digitization and Preservation Conference, Vancouver, British Columbia, Canada, September 28, 2012. [posted here 02/20/12]
We invite you to the SADFE-2012 (Systematic Approaches to Digital Forensic Engineering) international conference program in an experimental format. This year we merge SADFE with the UNESCO international conference - "The Memory of the World in the Digital Age: Digitization and Preservation", which will be held from 26 to 28 September, 2012 in Vancouver, British Columbia, Canada, on the theme of preservation of digital information and heritage. In the past, the history was largely hand-written and relied heavily on the authenticity and correctness of the description of events, artifacts, ideas, and behaviors of individuals and governments. As the past is known through its documentary residue, documentary truth is the key to understanding ourselves and building a better world. Digital forensics engineering and digital history preservation share many similar challenges. Provenance, authenticity, integrity, and identity are all at the very center of both digital forensics analysis and world's collective human digital memory. This experimental synergistic format intends to bring together multiple research communities to explore such critical issues. Human society, being enabled by the modern digital technology, is currently at its infancy in terms of collective knowledge/memory formation, preservation, and sharing. This collective digital knowledge and memory will inevitably grow beyond this beginning stage. SADFE-2012 brings in digital forensic engineering expertise as to those verification/investigation issues. Digital knowledge goes beyond just the "digitized" knowledge but also the "originally digital" knowledge from system and network owned and operated by human being. In this respect, digital forensic engineering will play an increasing important role. We welcome papers on forensics and preservation as to criminal and national security investigations, digital memory integrity, general attack analysis, insider threat, insurance and compliance investigations, and similar forms of retrospective analysis touching on data archiving, legal, scientific and mathematical principles finding facts or evidence, for use within a court of law or to aid in understanding the past and digital knowledge in general.

For more information, please see http://conf.ncku.edu.tw/sadfe/.

ProvSec 2012 6th International Conference on Provable Security, Chengdu, China, September 26-28, 2012. [posted here 12/5/11]
Provable security is an important research area in modern cryptography. Cryptographic primitives or protocols without a rigorous proof cannot be regarded as secure even in practice. In fact, there are many schemes that were originally thought as secure but eventually broken, which clearly indicates the need of formal security assurance. With provable security, we are confident in using cryptographic schemes and protocols in various real-world applications. Meanwhile, schemes with provable security sometimes give only theoretical feasibility rather than a practical construction, and correctness of the proofs may be difficult to verify. ProvSec conference thus provides a platform for researchers, scholars and practitioners to exchange new ideas for solving these problems in the provable security area. Topics include all aspects of provable security for cryptographic primitives or protocols, and include but are not limited to the following areas:
- Cryptographic primitives
- Digital signatures
- Formal security model
- Lattice-based security reductions
- Pairing-based provably secure cryptography
- Privacy and anonymity technologies
- Provable secure block ciphers and hash functions
- Secure cryptographic protocols and applications
- Security notions, approaches, and paradigms
- Steganography and steganalysis

For more information, please see http://www.ccse.uestc.edu.cn/provsec/callforpapers.html.

ICDFI 2012 1st International Conference on Digital Forensics and Investigation, Beijing China, September 21-23, 2012. [posted here 05/14/12]
Digital forensics is an emerging research area and is a truly multi-disciplinary subject that involves at least computer science, law and criminal justice. With the advancement of technologies, crime investigation, especially on digital evidence, becomes difficult. This not only poses challenges to computer scientists and law enforcement units on how to identify, preserve and collect digital evidence from different platforms and media such as Internet, mobile phone, cloud system, and emerging storage devices, but also poses challenges to the legal systems on what kind of digital evidence is admissible to courts and what needs to be amended and added in the ordinance. Topics of interests include, but are not limited to the followings:
- Digital forensics tools and applications
- Digital crime investigation
- Privacy and integrity issues in digital forensics
- Identification, authentication and collection of digital evidence
- Computer and network forensics
- Live and memory forensics
- Cyber crime forensics
- Cloud and mobile devices forensics
- Social networking forensics
- Image and video forensics
- Incident response
- Anti-forensic techniques
- Issues in law related to digital forensics

For more information, please see http://secmeeting.ihep.ac.cn.

ISC 2012 15th Information Security Conference, Passau, Sept 19-21, 2012. [posted here 04/09/12]
The ISC conference seeks submissions from academia, industry, and government that present novel research on all theoretical and practical aspects of Information Security. Accepted papers will be published by Springer in the Lecture Notes in Computer Science series. Topics of interest include, but are not limited to:
- access control
- accountability
- anonymity and pseudonymity
- applied cryptography
- authentication
- biometrics
- computer forensics
- cryptographic protocols
- database security
- data/system integrity
- digital right management
- economics of security and privacy
- electronic frauds
- formal methods in security
- identity management
- information dissemination control
- intrusion detection
- insider threats
- IT forensics tools and methods
- malware design
- network security
- privacy
- secure cloud computing
- security and privacy in pervasive/ubiquitous computing
- security for embedded systems
- security for mobile code
- security in IT outsourcing
- security in location services
- security in social networks
- security modeling and architectures
- security of eCommerce, eBusiness and eGovernment
- software security
- trust models and trust management policies
- web security

For more information, please see http://web.sec.uni-passau.de/isc2012/.

NSPW 2012 New Security Paradigms Workshop, Bertinoro, Italy, September 19-21, 2012. [posted here 02/20/12]
The New Security Paradigms Workshop (NSPW) invites papers that address the current limitations of information security. Today's security risks are diverse and plentiful - botnets, database breaches, phishing attacks, targeted cyber attacks - and yet present tools for combating them are insufficient. To address these limitations, NSPW welcomes unconventional, promising approaches to important security problems and innovative critiques of current security theory and practice. We are particularly interested in perspectives from outside computer security, both from other areas of computer science (such as operating systems, human-computer interaction, databases, programming lan- guages, algorithms) and other sciences that study adversarial relationships such as biology and economics. We discourage papers that offer incremental improvements to security and mature work that is appropriate for standard information security venues. To facilitate research interactions, NSPW features informal paper presentations, extended discussions, shared activities, and group meals, all in the spectacular setting of Bertinoro, Italy. By encouraging researchers to think "outside the box" and giving them an opportunity to communicate with open-minded peers, NSPW seeks to foster paradigm shifts in the field of information security.

For more information, please see http://www.nspw.org.

CRITIS 2012 7th International Workshop on Critical Information Infrastructures Security, Radisson Blu Lillehammer Hotel, Turisthotellveien 6, 2609 Lillehammer, Norway, September 17-18, 2012. [posted here 02/20/12]
Critical key sectors of modern economies depend highly on Information and Communication Technologies (ICT). Disruption, disturbance or loss of information flowing through and processed by ICT infrastructures can, as well as incidents in the sector infrastructure itself, lead to various damages such as high economical, material, or ecological impact, loss of vital societal functions and social well-being of people, and in the most unfortunate cases loss of human lives. As a consequence the security, reliability and resilience of these infrastructures are critical for the society. The topic of Critical (Information) Infrastructure Protection (C(I)IP) is therefore a major objective for governments, companies and the research community of the major industrial countries worldwide. The CRITIS'12 conference is the well-established continuation of the series and aims to explore the new challenges posed by C(I)IP bringing together researchers and professionals from academia, industry and governmental agencies interested in all different aspects of C(I)IP. Especially promoted by CRITIS'12 are multi-disciplinary approaches within the scientific communities at national, European and global level. Authors are solicited to contribute to the conference by submitting research papers, work-in-progress reports, R&D project results, surveying works and industrial experiences describing significant advances in C(I)IP.

For more information, please see http://critis12.hig.no.

EUROPKI 2012 9th European PKI Workshop: Research and Applications, Held in conjunction with ESORICS 2012, Pisa, Italy, September 13-14, 2012. [posted here 04/30/12]
The workshop seeks submissions from academia, industry, and government presenting novel research on all aspects of Public Key Services, Applications, and Infrastructures. Topics of interest include, but are not limited to:
- Anonymity
- Architecture and modeling
- Attribute-based access control
- Authentication
- Authorization and delegation
- Certificates management
- Cross certification
- Directories
- eCommerce/eGovernment
- Fault-tolerance and reliability
- Federations
- Group signatures
- ID-based schemes
- Identity management
- Implementations
- Interoperability
- Key management
- Legal issues
- Long-time archiving
- Mobile PKI
- Multi-signatures
- PKI in the Cloud
- Policies and regulations
- Privacy
- Privilege management
- Protocols
- Repositories
- Risk attacks
- Scalability and performance
- Security of PKI systems
- Standards
- Timestamping
- Trust management
- Trusted computing
- Ubiquitous scenarios
- Web services security

For more information, please see http://europki2012.dti.unimi.it.

DPM 2012 7th International Workshop on Data Privacy Management, Co-located with ESORICS 2012, Pisa, Italy, September 12 - 13, 2012. [posted here 04/30/12]
The aim of this workshop is to discuss and exchange the ideas related to privacy data management. We invite papers from researchers and practitioners working in privacy, security, trustworthy data systems and related areas to submit their original papers in this workshop. Topics of interest include, but are not limited to the following:
- Privacy Information Management
- Privacy Policy-based Infrastructures and Architectures
- Privacy-oriented Access Control Languages and Models
- Privacy in Trust Management
- Privacy Data Integration
- Privacy Risk Assessment and Assurance
- Privacy Services
- Privacy Policy Analysis
- Lightweight cryptography & Cryptanalysis
- Query Execution over Privacy Sensitive Data
- Privacy Preserving Data Mining
- Hippocratic and Water-marking Databases
- Privacy for Integrity-based Computing
- Privacy Monitoring and Auditing
- Privacy in Social Networks
- Privacy in Ambient Intelligence (AmI) Applications
- Individual Privacy vs. Corporate/National Security
- Code-based Cryptology
- Privacy in computer networks
- Privacy and RFIDs
- Privacy in sensor networks

For more information, please see http://www-ma4.upc.edu/DPM2012/main.html.

CloudSec 2012 4th International Workshop on Security in Cloud Computing, Held in conjunction with the 41st ICPP, Pittsburgh, PA, USA, September 12, 2012. [posted here 01/02/12]
Cloud Computing has generated interest from both industry and academia since 2007. As an extension of Grid Computing and Distributed Computing, Cloud Computing aims to provide users with flexible services in a transparent manner. Services are allocated in a cloud, which is a collection of devices and resources connected through the Internet. Before this paradigm can be widely accepted, the security, privacy and reliability provided by the services in the cloud must be well established. CloudSec 2012 will bring researchers and experts together to present and discuss the latest developments and technical solutions concerning various aspects of security issues in Cloud Computing. CloudSec 2012 seeks original unpublished papers focusing on theoretical analysis, emerging applications, novel system architecture construction and design, experimental studies, and social impacts of Cloud Computing. Both review/survey papers and technical papers are encouraged. CloudSec 2012 also welcomes short papers related to Security in Cloud Computing, which summarize speculative breakthroughs, work-in-progress, industry featured projects, open problems, new application challenges, visionary ideas, and preliminary studies. The topics include but are not limited to:
- Emerging threats to Cloud-based services
- Security model for new services
- Security in Cloud-aware web service
- Information hiding/encryption in Cloud Computing
- Copyright protection in the Cloud
- Securing distributed data storage in cloud
- Privacy and security in Cloud Computing
- Forensics in Cloud environments
- Robust network architecture
- Cloud Infrastructure Security
- Intrusion detection/prevention
- Denial-of-Service (DoS) attacks and defense
- Robust job scheduling
- Secure resource allocation and indexing
- Secure payment for Cloud-aware services
- User authentication in Cloud-aware services
- Non-Repudiation solutions in the Cloud
- Security for emerging Cloud programming models
- Performance evaluation for security solutions
- Testbed/Simulators for Cloud security research
- Security hardware, i.e. hardware for encryption, etc.
- Detection and prevention of hardware Trojans

For more information, please see http://bingweb.binghamton.edu/~ychen/CloudSec2012.htm.

ESORICS 2012 17th European Symposium on Research in Computer Security, Pisa, Italy, September 10-12, 2012. [posted here 04/09/12]
ESORICS is the annual European research event in Computer Security. The Symposium started in 1990 and has been held in several European countries, attracting a wide international audience from both the academic and industrial communities. Papers offering novel research contributions in computer security are solicited for submission to the Symposium. The primary focus is on original, high quality, unpublished research and implementation experiences. We encourage submissions of papers discussing industrial research and development. Topics of interest include, but are not limited to:
- access control
- accountability
- ad hoc networks
- anonymity
- applied cryptography
- authentication
- biometrics
- database security
- data protection
- digital content protection
- digital forensic
- distributed systems security
- electronic payments
- embedded systems security
- inference control
- information hiding
- identity management
- information flow control
- integrity
- intrusion detection
- formal security methods
- language-based security
- network security
- phishing and spam prevention
- privacy
- risk analysis and management
- secure electronic voting
- security architectures
- security economics
- security metrics
- security models
- security and privacy in cloud scenarios
- security and privacy in complex systems
- security and privacy in location services
- security and privacy for mobile code
- security and privacy in pervasive/ubiquitous computing
- security and privacy policies
- security and privacy in social networks
- security and privacy in web services
- security verification
- software security
- steganography
- systems security
- trust models and management
- trustworthy user devices
- web security
- wireless security

For more information, please see http://www.iit.cnr.it/esorics2012/.

SAEPOG 2012 Secure Autonomous Electric Power Grids Workshop, Co-located with the Sixth IEEE International Conference on Self-Adaptive and Self-Organizing Systems (SASO 2012), Lyon, France, September 10, 2012. [posted here 05/14/12]
Electric energy grids worldwide are becoming smarter and more adaptive to efficiently bring power from a wide variety of production technologies to a broad consumer base. With this increase in complexity and adaptivity we see an ever-increasing demand for predictable power availability and cost-optimizing control of power consumption (and local generation where available) among consumers. “Security” in the grid has many dimensions, from protecting national resources against human adversaries to simply guaranteeing the availability of power to customers. This workshop is concerned with creating autonomous electric power grids that are secure in all senses of the word.

Traditional power management models rely heavily on a centralized authority to dispatch generation and curtail load without any means for consumers to affect the decision process. The increasing dependence on renewable sources of energy invalidates the currently prevailing paradigm “supply follows demand” for energy management, since power generation from wind or solar panels is not controllable and only partially predictable. The resulting new paradigm “demand follows supply” inherently depends on the discovery and exploitation of demand flexibility which implies the necessity of a decentralized energy information system with distributed system intelligence for power management and control. Obviously, distributed control also implies potential security concerns for the system and those who rely on it.

This situation calls for power generation, storage, and distribution systems that are “aware” of the supply and demand situation and can adapt the load automatically, quickly, and stably. This workshop, will examine how autonomous self-adaptive and self-organizing systems may be designed for energy management and control in the future smart grid ranging from national or international high-voltage transportation systems to low-voltage local distribution systems. We will also consider smart combination with other networks like natural gas or thermal grids. We will discuss how existing systems can be made more autonomic (e.g., self-*) and how the designers of new systems can ensure that these systems deliver power within design constraints reliably.

The important management challenge is to create dependable, decentralized control and collaboration of the many stakeholders like transportation system operators, distribution system operators and demand-side managers. This is a highly complex system whose complexity is not determined merely by its size. Future power grids are loosely integrated cyber-physical-human systems that combine traditional power control with smart information, communication, and technology, etc. The daunting security and management challenges that arise from these interdependent couplings will require much research for many years to come.

For more information, please see https://sites.google.com/site/saepog/.

CHES 2012 IACR Workshop on Cryptographic Hardware and Embedded Systems, Leuven, Belgium, September 9-12, 2012. [posted here 11/14/11]
CHES covers new results on all aspects of the design and analysis of cryptographic hardware and software implementations. The workshop builds a bridge between the cryptographic research community and the cryptographic engineering community. With participants from industry, academia, and government organizations, the number of participants has grown to over 300 in recent years. In addition to a track of high-quality presentations, CHES 2012 will offer invited talks, tutorials, a poster session, and a rump session. CHES 2012 especially encourages submissions on the following two subjects: Design Methods to Build Secure and Efficient Hardware or Software, and Leakage Resilient Cryptography Including New Model Definitions and Analysis and the Design of New Cryptosystems. All submitted papers will be reviewed by at least four Program Committee members. The topics of CHES 2012 include but are not limited to:
Cryptographic implementations, including
- Hardware architectures for public-key, secret-key and hash algorithms
- Cryptographic processors and co-processors
- Hardware accelerators for security protocols
- True and pseudorandom number generators
- Physical unclonable functions
- Efficient software implementations of cryptography

Attacks against implementations and countermeasures against these attacks, including
- Side channel attacks and countermeasures
- Fault attacks and countermeasures
- Hardware tampering and tamper-resistance

Tools and methodologies, including
- Computer aided cryptographic engineering
- Verification methods and tools for secure design
- Metrics for the security of embedded systems
- Secure programming techniques
- FPGA design security
- Formal methods for secure hardware

Interactions between cryptographic theory and implementation issues, including
- New and emerging cryptographic algorithms and protocols targeting embedded devices
- Special-purpose hardware for cryptanalysis
- Leakage resilient cryptography

Applications, including
- Cryptography in wireless applications
- Cryptography for pervasive computing
- Hardware IP protection and anti-counterfeiting
- Reconfigurable hardware for cryptography
- Smart card processors, systems and applications
- Security in consumer applications
- Secure storage devices
- Technologies and hardware for content protection
- Trusted computing platforms

For more information, please see http://www.iacr.org/workshops/ches/ches2012/start.php.

SCN 2012 8th Conference on Security and Cryptography for Networks, Amalfi, Italy, September 5-7, 2012. [posted here 04/09/12]
SCN 2012 aims at bringing together researchers in the field of cryptography and information security, practitioners, developers, and users to foster cooperation, exchange techniques, tools, experiences and ideas. The conference seeks submissions from academia, government, and industry presenting novel research on all practical and theoretical aspects of cryptography and information security. The primary focus is on original, high quality, unpublished research of theoretical and practical impact, including concepts, techniques, applications and practical experiences. All topic areas related to cryptography and information security are of interest and in scope. Suggested topics include but are not restricted to:
- Anonymity and Privacy
- Applied Cryptography and Implementations
- Authentication, Identification and Access Control
- Block and Stream Ciphers
- Complexity-Theoretic Cryptography
- Cloud Computing Security
- Cryptanalysis
- Cryptographic Hash Functions
- Cryptographic and Security Protocols
- Digital Signatures and Message Authentication Codes
- Distributed Systems Security
- Formal Security Methods
- Information-Theoretic Security
- Network, Web and Wireless Security
- Public-Key Encryption
- Physical Cryptography
- Security Architectures and Models
- Software and Systems Security

For more information, please see http://scn.dia.unisa.it/.

TrustBus 2012 9th International Conference on Trust, Privacy, and Security in Digital Business, Held in conjunction with DEXA 2012, Vienna University of Technology, Austria, September 3-7, 2012. [posted here 12/9/11]
The advances in the Information and Communication Technologies (ICT) have raised new opportunities for the implementation of novel applications and the provision of high quality services over global networks. The aim is to utilize this information society era’ for improving the quality of life for all citizens, disseminating knowledge, strengthening social cohesion, generating earnings and finally ensuring that organizations and public bodies remain competitive in the global electronic marketplace. Unfortunately, such a rapid technological evolution cannot be problem-free. Concerns are raised regarding the lack of trust’ in electronic procedures and the extent to which information security’ and user privacy’ can be ensured. In answer to these concerns, the 9th International Conference on Trust, Privacy and Security in Digital Business (TrustBus’12) will provide an international forum for researchers and practitioners to exchange information regarding advancements in the state of the art and practice of trust and privacy in digital business. TrustBus’12 will bring together researchers from different disciplines, developers, and users all interested in the critical success factors of digital business systems. We are interested in papers, work-in-progress reports, and industrial experiences describing advances in all areas of digital business applications related to trust and privacy, including, but not limited to:
- Anonymity and pseudonymity in business transactions
- Business architectures and underlying infrastructures
- Common practice, legal and regulatory issues
- Cryptographic protocols
- Delivery technologies and scheduling protocols
- Design of business models with security requirements
- Economics of Information Systems Security
- Electronic cash, wallets and pay-per-view systems
- Enterprise management and consumer protection
- Identity and Trust Management
- Intellectual property and digital rights management
- Intrusion detection and information filtering
- Languages for description of services and contracts
- Management of privacy & confidentiality
- Models for access control and authentication
- Multimedia web services
- New cryptographic building-blocks for e-business applications
- Online transaction processing
- PKI & PMI
- Public administration, governmental services
- P2P transactions and scenarios
- Real-time Internet E-Services
- Reliability and security of content and data
- Reliable auction, e-procurement and negotiation technology
- Reputation in services provision
- Secure process integration and management
- Security and Privacy models for Pervasive Information Systems
- Security Policies
- Shopping, trading, and contract management tools
- Smartcard technology
- Transactional Models
- Trust and privacy issues in mobile commerce environments
- Usability of security technologies and services
- Trust and privacy issues in the cloud

For more information, please see http://www.ds.unipi.gr/trustbus12/.

SecureComm 2012 8th International Conference on Security and Privacy in Communication Networks, Padua, Italy, September 3-5, 2012. [posted here 05/10/12]
Securecomm seeks high-quality research contributions in the form of well-developed papers. Topics of interest encompass research advances in ALL areas of secure communications and networking. Topics in other areas (e.g., formal methods, database security, secure software, theoretical cryptography) will be considered only if a clear connection to private or secure communication/networking is demonstrated.

For more information, please see http://securecomm.org/2012/.

MoCrySEn 2012 1st International Workshop on Modern Cryptography and Security Engineering, Held in conjunction with ARES 2012, Prague, Czech Republic, August 20-24, 2012. [posted here 03/19/12]
MoCrySEn aims to bring together researchers working in theoretical aspects of modern cryptography (including but not restricted to design and analysis of symmetric-key primitives and cryptosystems, block and stream ciphers, hash functions and MAC algorithms, efficient implementations and analysis of code-based cryptosystems, threshold schemes) with professionals working on applied aspects of security engineering, particularly people involved in standardization and in industrial deployment of cryptography (encryption schemes for databases and related security, cryptography in wireless applications, hardware for cryptanalysis, FPGA and smart cards security). The main goal of the workshop is to strengthen the dialogue between these two groups, which is currently perceived to be weak. Ultimately, we aim to make a start on bridging the gap between what academic cryptographers believe should be the goals of cryptographic design and what is actually implemented in the real world. MoCrySEn intends to provide a better understanding of real-world cryptographic issues to the theoretical community, helping to inform their research and set new research challenges for the theoretical community and enable practitioners to develop a clearer view of the current state-of-the-art in cryptographic research and what it offers to practitioners.

For more information, please see http://www.ares-conference.eu/conf/index.php?option=com_content&view=article&id=65&Itemid=120.

WSDF 2012 5th International Workshop on Digital Forensics, Held in conjunction with ARES 2012, Prague, Czech Republic, August 20-24, 2012. [posted here 02/20/12]
Digital forensics is a rapidly evolving field primarily focused on the extraction, preservation and analysis of digital evidence obtained from electronic devices in a manner that is legally acceptable. Research into new methodologies tools and techniques within this domain is necessitated by an ever-increasing dependency on tightly interconnected, complex and pervasive computer systems and networks. The ubiquitous nature of our digital lifestyle presents many avenues for the potential misuse of electronic devices in crimes that directly involve, or are facilitated by, these technologies. The aim of digital forensics is to produce outputs that can help investigators ascertain the overall state of a system. This includes any events that have occurred within the system and entities that have interacted with that system. Due care has to be taken in the identification, collection, archiving, maintenance, handling and analysis of digital evidence in order to prevent damage to data integrity. Such issues combined with the constant evolution of technology provide a large scope of digital forensic research. WSDF aims to bring together experts from academia, industry, government and law enforcement who are interested in advancing the state of the art in digital forensics by exchanging their knowledge, results, ideas and experiences. The aim of the workshop is to provide a relaxed atmosphere that promotes discussion and free exchange of ideas while providing a sound academic backing. The focus of this workshop is not only restricted to digital forensics in the investigation of crime. It also addresses security applications such as automated log analysis, forensic aspects of fraud prevention and investigation, policy and governance.

For more information, please see http://www.ares-conference.eu/conf/index.php?option=com_content&view=article&id=49&Itemid=95.

SecSE 2012 6th International Workshop on Secure Software Engineering, Held in conjunction with ARES 2012, Prague, Czech Republic, August 20-24, 2012. [posted here 02/20/12]
Software security is about protecting information and ensuring that systems continue to function correctly even when under malicious attack. The traditional approach of securing a system has been to create defensive walls such as intrusion detection systems and firewalls around it, but there are always cracks in these walls, and thus such measures are no longer sufficient by themselves. We need to be able to build better, more robust and more "inherently secure" systems, and we should strive to achieve these qualities in all software systems, not just in the ones that "obviously" need special protection. This workshop will focus on techniques, experiences and lessons learned for building secure and dependable software. Suggested topics include, but are not limited to:
- Secure architecture and design
- Security in agile software development
- Aspect-oriented software development for secure software
- Security requirements
- Risk management in software projects
- Secure implementation
- Secure deployment
- Testing for security
- Quantitative measurement of security properties
- Static/dynamic analysis for security
- Verification and assurance techniques for security properties
- Security and usability
- Design and deployment of secure services
- Secure composition and adaptation of services
- Teaching secure software development
- Experience reports on successfully attuning developers to secure software engineering
- Lessons learned

For more information, please see http://www.sintef.org/secse.

WISA 2012 13th International Workshop on Information Security Applications, Jeju Island, Korea, August 16-18, 2012. [posted here 05/14/12]
The focus of this workshop is on all technical and practical aspects of cryptographic and non-cryptographic security applications. The workshop will serve as a forum for new results from the academic research community as well as from the industry. The areas of interest include, but are not limited to:
- Internet & Wireless Security
- E-Commerce Protocols
- Access Control & Database Security
- Biometrics & Human Interface
- Network Security & Intrusion Detection
- Security & Trust Management
- IPTV Security
- Content Protection & Service Security
- Digital Rights Management
- Secure Software & Systems
- Information Hiding
- Digital Forensics
- Secure Hardware
- Cyber Indication & Intrusion Detection
- Multicast & Group Security
- Secure Application Protocols
- Secure Coding
- Smart Cards & Applications
- Mobile Security
- Privacy & Anonymity
- Public Key Crypto Applications
- Threats & Information Warfare
- Virus Protection & Applications
- Ubiquitous Computing Security
- Combating SPAM
- ID Management
- Peer-to-Peer Security
- Information Assurance
- RFID Security & Applications
- Sensor Network Security & Applications
- Common Criteria
- Critical Information Infrastructure Protection
- Video Surveillance Systems
- Healthcare Security

For more information, please see http://www.wisa.or.kr.

USENIX-Security 2012 21st USENIX Security Symposium, Bellevue, WA, USA, August 8-10, 2012. [posted here 01/02/12]
The USENIX Security Symposium brings together researchers, practitioners, system administrators, system programmers, and others interested in the latest advances in the security of computer systems and networks. All researchers are encouraged to submit papers covering novel and scientifically significant practical works in computer security. Refereed paper submissions are solicited in all areas relating to systems and network security, including:
- Analysis of network and security protocols
- Applications of cryptographic techniques
- Attacks with novel insights, techniques, or results
- Authentication and authorization of users, systems, and applications
- Automated tools for source code analysis
- Botnets
- Cryptographic implementation analysis and construction
- Denial-of-service attacks and countermeasures
- Embedded systems security
- File and filesystem security
- Forensics and diagnostics for security
- Hardware security
- Human-computer interaction, security, and privacy
- Intrusion and anomaly detection and prevention
- Malicious code analysis, anti-virus, anti-spyware
- Mobile system security
- Network infrastructure security
- Operating system security
- Privacy-enhancing technologies
- Security architectures
- Security education and training
- Security for critical infrastructures
- Security in heterogeneous and large-scale environments
- Security in ubiquitous computing environments
- Security policy
- Self-protecting and self-healing systems
- Techniques for developing secure systems
- Technologies for trustworthy computing
- Wireless security
- Web security, including client-side and server-side security

For more information, please see http://www.usenix.org/events/sec12/.

HotSec 2012 7th USENIX Workshop on Hot Topics in Security, Bellevue, WA, USA, August 7, 2012. [posted here 04/30/12]
HotSec places its singular emphasis on new ideas and problems. Works reflecting incremental ideas or well understood problems will not be accepted. Cross-discipline papers identifying new security problems or exploring approaches not previously applied to security will be given special consideration. All submissions should propose new directions of research, advocate non-traditional approaches, report on noteworthy experience in an emerging area, or generate lively discussion around an important topic. HotSec takes a broad view of security and privacy and encompasses research on topics including but not limited to:
- Large-scale threats
- Network security
- Hardware security
- Software security
- Physical security
- Programming languages
- Applied cryptography
- Forensics
- Privacy
- Human-computer interaction
- Sociology
- Economics
- Emerging computing environment

For more information, please see http://www.usenix.org/hotsec12.

HealthSec 2012 3rd USENIX Workshop on Health Security and Privacy, Bellevue, WA, USA, August 6-7, 2012. (Submissions due 10 April 2012) [posted here 01/02/12]
The focus of HealthSec '12 will be on the development of new techniques and policies to ensure the privacy and security of next-generation healthcare systems and devices. HealthSec is intended as a forum for lively discussion of aggressively innovative and potentially disruptive ideas on all aspects of medical and health security and privacy. We strongly encourage cross-disciplinary interactions between fields, including, but not limited to, technology, medicine, and policy.

For more information, please see http://www.usenix.org/events/healthsec12/.

USENIX-ATC 2012 3rd USENIX Workshop on Health Security and Privacy, Bellevue, WA, USA, August 6–7, 2012. [posted here 01/02/12]
USENIX ATC has always been the place to present groundbreaking research and cutting-edge practices in a wide variety of technologies and environments. USENIX ATC '12 will be no exception. The Program Committee seeks high-quality submissions that further the knowledge and understanding of modern computing systems, with an emphasis on implementations and experimental results. We encourage papers that break new ground or present insightful results based on practical experience with computer systems.

For more information, please see http://www.usenix.org/events/atc12/.

CSET 2012 5th Workshop on Cyber Security Experimentation and Test, Bellevue, WA, USA, August 6, 2012. [posted here 01/02/12]
The science of cyber security is challenging for a number of reasons. Meeting these challenges requires transformational advances, including understanding of the relationship between scientific method and cyber security evaluation, advancing capabilities of underlying experimental infrastructure, and improving data usability. CSET invites submissions on the science of cyber security evaluation, as well as experimentation, measurement, metrics, data, and simulations as those subjects relate to computer and network security.

For more information, please see http://www.usenix.org/events/cset12/.

SecIoT 2012 Workshop on the Security of the Internet of Things, Munich, Germany, July 30 - August 2, 2012. [posted here 01/16/12]
While there are many definitions of the Internet of Things (IoT), all of them revolve around the same central concept: a world-wide network of interconnected objects. These objects will make use of multiple technological building blocks (e.g. wireless communication, sensors, actuators, RFID) and connectivity paradigms (e.g. cloud-based infrastructures, P2P systems) in order to allow people and things to be connected anytime anyplace, with anything and anyone. However, mainly due to the inherent heterogeneity of this vision and its broad scope, there will not be a single silver bullet security solution that will fulfill all the security requirements of the IoT. Therefore: How can we include security as a core element of the IoT? How will the IoT interact with other security mechanisms of the Future Internet? What security requirements will be truly challenged by the ultimate vision of the IoT? It is precisely the goal of this workshop to bring together researchers and industry experts in areas relevant to the security of the Internet of Things to discuss these and other significant issues. Moreover, this workshop also has the objective to serve as a forum not only for presenting cutting-edge research, but also for debating the role of security and its practical implications in the development of the IoT.

For more information, please see http://www.nics.uma.es/seciot12/.

MobiPST 2012 2nd International Workshop on Privacy, Security and Trust in Mobile and Wireless Systems, München, Germany, July 30, 2012. [posted here 03/12/12]
Recently, mobile wireless devices, such as wireless sensors, smart tags, smart pads, tablets, PDAs and smart phones, have become pervasive and attracted significant interests from academia, industry, and standard organizations. With the support of latest cloud computing technology, these mobile wireless devices will play a more and more important role in computing and communication systems. When these devices become pervasive, security, privacy and trust become critical components for the acceptance of applications build based on these devices. Moreover, several favourable characteristics of mobile and wireless devices, including portability, mobility, and sensitivity, further impose the challenge of security and privacy in those systems. Despite recent advances, many research issues still remain in the design of secure, privacy-preserving, or trust architectures, protocols, algorithms, services, and applications on mobile and wireless systems. For example, when mobile devices have more storage space, high bandwidth, and super sensing capability, more sensitive information will be stored in those devices. On the other hand, operating systems running on those devices are not as powerful and reliable as those on traditional computers. Both OS layer and higher-level layer protocols are expected to enhance the security and preserve the privacy of those devices. With more mobile devices being used in social networks and traditional web-based systems, novel trust models are essential for new applications. New cryptographic algorithms, key distribution schemes and access control policies are also encouraged by considering the special characteristics of mobile and wireless devices. With more and more attacks reported to mobile devices in last two years, threat detection and protection tools are highly expected to improve the security. Other issues such as malware, cyber threat, attack modelling, possible vulnerabilities on the network infrastructure, security analysis, identity management, attack tolerance, security recovery and anonymity techniques also need to be revisited in these critical systems. This workshop aims to bring together the technologists and researchers who share interests in the area of security, privacy and trust in mobile and wireless systems, as well as explore new venues of collaboration. The main purpose is to promote discussions of research and relevant activities in the models and designs of secure, privacy-preserving, or trust architectures, protocols, algorithms, services, and applications, as well as analysis on cyber threat in mobile and wireless systems. It also aims at increasing the synergy between academic and industry professionals working in this area. We plan to seek papers that address theoretical, experimental research, and work in-progress for security, privacy and trust related issues in the context of mobile and wireless systems.

For more information, please see http://ocu-stars.okcu.edu/ksha/mobipst2012.html.

SECRYPT 2012 9th International Conference on Security and Cryptography, Rome, Italy, July 24-27, 2012. [posted here 01/16/12]
SECRYPT is an annual international conference covering research in information and communication security. The conference seeks submissions from academia, industry, and government presenting novel research on all theoretical and practical aspects of data protection, privacy, security, and cryptography. Papers describing the application of security technology, the implementation of systems, and lessons learned are also encouraged.

For more information, please see http://secrypt.icete.org.

LASER 2012 Workshop on Learning from Authoritative Security Experiment Results, Arlington, VA, USA, July 18 - 19, 2012. [posted here 01/16/12]
The goal of this workshop is to provide an outlet for publication of unexpected research results in security -- to encourage people to share not only what works, but also what doesn't. This doesn't mean bad research -- it means research that had a valid hypothesis and methods, but the result was negative. Given the increased importance of computer security, the security community needs to quickly identify and learn from both success and failure.

Journal papers and conferences typically contain papers that report successful experiments that extend our knowledge of the science of security, or assess whether an engineering project has performed as anticipated. Some of these results have high impact; others do not. Unfortunately, papers reporting on experiments with unanticipated results that the experimenters cannot explain, or experiments that are not statistically significant, or engineering efforts that fail to produce the expected results, are frequently not considered publishable, because they do not appear to extend our knowledge. Yet, some of these "failures" may actually provide clues to even more significant results than the original experimenter had intended. The research is useful, even though the results are unexpected.

Useful research includes a well-reasoned hypothesis, a well-defined method for testing that hypothesis, and results that either disprove or fail to prove the hypothesis. It also includes a methodology documented sufficiently so that others can follow the same path. When framed in this way, "unsuccessful" research furthers our knowledge of a hypothesis and testing method. Others can reproduce the experiment itself, vary the methods, and change the hypothesis; the original result provides a place to begin.

As an example, consider an experiment assessing a protocol utilizing biometric authentication as part of the process to provide access to a computer system. The null hypothesis might be that the biometric technology does not distinguish between two different people; in other words, that the biometric element of the protocol makes the approach vulnerable to a masquerade attack. Suppose the null hypothesis is verified. It would still be worth publishing this result. First, it might prevent others from trying the same biometric method. Second, it might lead them to further develop the technology - to determine whether a different style of biometrics would improve matters, or if the environment in which authentication is being attempted makes a difference. For example, a retinal scan may be a failure in recognizing people in a crowd, but successful where the users present themselves one at a time to an admission device with controlled lighting, or when multiple "tries" are included. Third, it might lead to modifying the encompassing protocol so as to make masquerading more difficult for some other reason.

Equally important is research designed to reproduce the results of earlier work. Reproducibility is key to science, to validate or uncover errors or problems in earlier work. Failure to reproduce the results leads to a deeper understanding of the phenomena that the earlier work uncovers.

The workshop focuses on research that has a valid hypothesis and reproducible experimental methodology, but where the results were unexpected or did not validate the hypotheses, where the methodology addressed difficult and/or unexpected issues, or that identified previously unsuspected confounding issues.

We solicit research and position papers addressing these issues, especially (but not exclusively) on the following topics:
- Unexpected research results in experimental security
- Methods, statistical analyses, and designs for security experiments
- Experimental confounds, mistakes, mitigations
- Successes and failures in reproducing the experimental techniques and/or results of earlier work

For more information, please see http://www.cert.org/laser-workshop/.

SAPSE 2012 4th IEEE International Workshop on Security Aspects of Process and Services Engineering, Held in conjunction with the IEEE Signature Conference on Computers, Software, and Applications (COMPSAC 2012), Izmir, Turkey, July 16-20, 2012. [posted here 02/20/12]
The workshop aims to foster cooperation among software practitioners and researchers in order to exchange the latest industrial experience and research ideas on services and processes engineering. Complex software systems are at the core of most business transactions, making the area of processes and services engineering a very attractive field for innovative research and for facing new challenges. Research is devoted to the software engineering of service-oriented applications with the goal of providing effective solutions to the development, deployment and management of the resulting applications. In this scenario, security pla+ys a fundamental role, since the resulting software system is expected to function correctly and resist also to malicious attacks under different changing threat scenarios. New techniques and methodologies are needed to be able to build better, more robust and more trusted systems, where security is taken into account and integrated in the whole design process since the very first stages.

For more information, please see http://compsac.cs.iastate.edu/workshop_details.php?id=48&y.

PETS 2012 12th Privacy Enhancing Technologies Symposium, Vigo, Spain, July 11-13, 2012. [posted here 11/14/11]
Privacy and anonymity are increasingly important in the online world. Corporations, governments, and other organizations are realizing and exploiting their power to track users and their behavior. Approaches to protecting individuals, groups, but also companies and governments, from profiling and censorship include decentralization, encryption, distributed trust, and automated policy disclosure. The 12th Privacy Enhancing Technologies Symposium addresses the design and realization of such privacy services for the Internet and other data systems and communication networks by bringing together anonymity and privacy experts from around the world to discuss recent advances and new perspectives. The symposium seeks submissions from academia and industry presenting novel research on all theoretical and practical aspects of privacy technologies, as well as experimental studies of fielded systems. We encourage submissions with novel technical contributions from other communities such as law, business, and data protection authorities, that present their perspectives on technological issues. As in the past, the proceedings will be published in the Springer Lecture Notes in Computer Science series, and will be available at the event. Suggested topics include but are not restricted to:
- Anonymous communications and publishing systems
- Attacks on privacy and privacy technologies
- Censorship resistance
- Data protection technologies
- Economics of privacy and PETs
- Fielded systems and techniques for enhancing privacy in existing systems
- Location privacy
- Privacy and anonymity in Peer-to-Peer, Cloud, and Ubiquitous Computing Environments
- Privacy and inference control in databases
- Privacy-enhanced access control or authentication/certification
- Privacy-friendly payment mechanisms for PETs and other services
- Privacy in Online Social Networks
- Privacy policy languages and tools
- Privacy threat models
- Profiling and data mining
- Pseudonyms, identity management, linkability, and reputation
- Reliability, robustness and abuse prevention in privacy systems
- Traffic analysis
- Transparency enhancing tools
- Usability issues and user interfaces for PETs

For more information, please see http://petsymposium.org/2012/.

ACISP 2012 17 Australasian Conference on Information Security and Privacy, Wollongong, NSW, Australia, July 9-11, 2012. [posted here 02/06/12]
Original papers pertaining to all aspects of information security and privacy are solicited for submission to the 17th Australasian Conference on Information Security and Privacy (ACISP 2012). Papers may present theory, techniques, applications and practical experiences on a variety of topics. The proceedings will be published by Springer-Verlag as a volume of the Lecture Notes in Computer Science series. We seek submissions from academic and industrial researchers on all theoretical and practical aspects of information security. Suggested topics include, but are not restricted to, the following:
- Cryptography
- Network Security
- Copyright Protection
- Mobile Communications Security
- Secure Commercial Applications
- Security Architectures and Models
- Database Security
- Privacy Technologies
- Authentication and Authorization
- Smartcards
- Software Protection and Malware
- Distributed System Security
- Computer Forensic
- Key Management and Auditing
- Secure Operating System
- Secure Electronic Commerce
- Biometrics
- Secure Cloud Computing

For more information, please see https://ssl.informatics.uow.edu.au/acisp2012/.

STAST 2012 2nd International Workshop on Socio-Technical Aspects of Security and Trust, Co-located with Computer Security Foundation Symposium (CSF 2012), Harvard University, Cambridge, MA, USA, June 29, 2012. [posted here 02/20/12]
The workshop intends to foster an interdisciplinary discussion on how to model and analyse the socio-technical aspects of modern security systems and on how to protect such systems from socio-technical threats and attacks. We welcome experts in computer science, in social and behavioural sciences, philosophy and psychology. Relevant topics include but are not limited to:
- Usability Analysis
- System-User Interfaces
- Psychology of Deception
- Socio-Technical Attacks and Defences
- User Perception of Security and Trust
- Design of Socio-Technical Secure Systems
- Cognitive Aspect in Human Computer Interaction
- Human Practice
- Behavioural Models
- Social Engineering
- Modelling and Analysis of Security
- Ceremonies and Workflows
- Game Theoretical Approaches to Security
- Cyber Crime Science
- Security Properties Specification and Verification
- Threat and Adversary Models
- Social Informatics and Networks
- Effects of Technology on Trust Building Behaviour
- Experiences and Test Cases

For more information, please see http://www.stast2012.uni.lu.

ACNS 2012 10th International Conference on Applied Cryptography and Network Security, Singapore, June 26-29, 2012. [posted here 08/22/11]
The conference seeks submissions from academia, industry, and government presenting novel research on all aspects of applied cryptography as well as network security and privacy. Papers describing novel paradigms, original directions, or non-traditional perspectives are also encouraged. The conference has two tracks: a research track and an industry track. Topics of interest include, but are not limited to:
- Access control
- Applied cryptography
- Automated protocols analysis
- Biometric security and privacy
- Complex systems security
- Critical infrastructure protection
- Cryptographic primitives and protocols
- Database and system security
- Data protection
- Digital rights management
- Email and web security
- Identity management
- Intellectual property protection
- Internet fraud
- Intrusion detection and prevention
- Key management
- Malware
- Network security protocols
- Privacy, anonymity, and untraceability
- Privacy-enhancing technology
- Policies
- Protection for the future Internet
- Security in P2P systems
- Security and privacy in cloud and grid systems
- Security in e-commerce
- Security in pervasive/ubiquitous computing
- Security and privacy in distributed systems
- Security and privacy in smart grids
- Security and privacy in wireless networks
- Security and privacy metrics
- Secure mobile agents and mobile code
- Trust management
- Usability and security

For more information, please see http://icsd.i2r.a-star.edu.sg/acns2012.

DFIS 2012 6th International Symposium on Digital Forensics and Information Security, Vancouver, Canada, June 26-28, 2012. [posted here 01/16/12]
Digital Forensics and Information Security (DFIS) are advanced communication and networking environments where all applications and services are focused on users. In addition, the DFIS has emerged rapidly an exciting new paradigm to provide reliable and comfortable life services. Furthermore, the benefits of DFIS will only be realized if security issues can be appropriately addressed. Specially, forensics for DFIS is very important in the security fields. This workshop is intended to foster state-of-the-art research Digital Forensics and Information Security in the area of DFIS including information and communication technologies, law, social sciences and business administration.

For more information, please see http://web.ftrai.org/dfis2012.

Mobisec 2012 4th International Conference on Security and Privacy in Mobile Information and Communication Systems, Frankfurt, Germany, June 25-27, 2012. [posted here 01/30/12]
MobiSec's focus is the convergence of information and communication technology in mobile scenarios. This convergence is realised in intelligent mobile devices, accompanied by the advent of next-generation communication networks. Privacy and security aspects need to be covered at all layers of mobile networks, from mobile devices, to privacy respecting credentials and mobile identity management, up to machine-to-machine communications. In particular, mobile devices such as Smartphones and Internet Tablets have been very successful in commercialization. However, their security mechanisms are not always able to deal with the growing trend of information-stealing attacks. As mobile communication and information processing becomes a commodity, economy and society require protection of this precious resource. Mobility and trust in networking go hand in hand for future generations of users, who need privacy and security at all layers of technology. In addition, the introduction of new data collection practices and data-flows (e.g. sensing data) from the mobile device makes it more difficult to understand the new security and privacy threats introduced. MobiSec strives to bring together the leading-edge of academia and industry in mobile systems security, as well as practitioners, standards developers and policymakers. Contributions may range from architecture designs and implementations to cryptographic solutions for mobile and resource-constrained devices.

For more information, please see http://mobisec.org/2012.

eGSSN 2012 International Workshop on Trust, Security and Privacy in e-Government, e-Systems & Social Networking, Held in conjunction with the 11th IEEE International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom 2012), Liverpool, UK, June 25-27, 2012. [posted here 02/13/12]
Electronic systems (e-systems) have increased tremendously in recent years. Clear examples of e-systems include e-commerce, e-payment systems, e-government systems and social networks. The incredibly amount of people using these systems make them more vulnerable to receive a great diversity of attacks such as denial of service, hijacking, spoofing, man in the middle, etc. Moreover, the information sensible usually managed in e-systems is another reason for receiving attacks intensively. This workshop aims to identify and explore different issues and challenges related to security aspects in e-systems in general and specially in e-government and social networking. Questions like … how to preserve privacy and anonymity in social network? How to provide a secure authentication for e-government? What is a suitable trust model for e-systems? How to federate social networks? How e-government may manage risk? …are those waiting for answers. This workshop provides an ideal vehicle for bringing together researchers, scientists, engineers, academics and students all around the world to share the latest updates on new security technologies that would shape the next generation of mobile and wireless systems and technology platforms. We are interested in the following topics, but are not limited to:
- Trust Management in e-Government, e-Systems or Social Networks
- Reputation Management in e-Government, e-Systems or Social Networks
- Authentication schemes in e-Government, e-Systems or Social Networks
- Authorization Models in e-Government, e-Systems or Social Networks
- Privacy of e-Government, e-Systems or Social Networks
- Risk Management in e-Government, e-Systems or Social Networks
- Policy-based Management for e-Government, e-Systems or Social Networks
- Security Models for e-Government, e-Systems or Social Networks
- Service Level Agreements about Security in e-Government, e-Systems or Social Networks
- Identity Management in e-Government, e-Systems or Social Networks
- Federation Management in e-Government, e-Systems or Social Networks
- Anonymity in e-Government, e-Systems or Social Networks
- Accounting in e-Government, e-Systems or Social Networks

For more information, please see http://webs.um.es/jmalcaraz/eGSSN12.

SPIoT 2012 2nd IEEE International Symposium on Security and Privacy in Internet of Things, Liverpool, UK, June 25-27, 2012. [posted here 03/12/12]
With the extensive research and development of computer, communication and control technologies, it is possible to connect all things to the Internet such that the so-called Internet of Things (IoT) can be formed. These things may be equipped with devices such as sensors, actuators, and RFID tags, in order to allow people and things to be connected anytime and anywhere, with anything and anyone. IoT will enable collaborations and communications among people and things, and among things themselves, which expand the current Internet and will radically change our personal, corporate, and community environments. When more and more things connect to the Internet, security and privacy issues become more serious, especially in the case that these things are equipped with actuators and can support control. It is essential to consider the security and privacy implications of billions of intelligent things cooperating with real and virtual entities over the Internet. SPIoT 2012 aims at providing a forum for discussing the latest academic and industrial research results in all aspects of security and privacy in IoT.

For more information, please see http://trust.csu.edu.cn/conference/SPIoT2012/.

Mobisec 2012 4th International Conference on Security and Privacy in Mobile Information and Communication Systems, Frankfurt, Germany, June 25-26, 2012. [posted here 05/14/12]
MobiSec's focus is the convergence of information and communication technology in mobile scenarios. This convergence is realised in intelligent mobile devices, accompanied by the advent of next-generation communication networks. Privacy and security aspects need to be covered at all layers of mobile networks, from mobile edge devices, to privacy-respecting credentials and mobile identity management, up to machine-to-machine communications. In particular, mobile edge devices such as Smartphones and Internet Tablets have been very successful in commercialization. However, their security mechanisms are not always able to deal with the growing trend of information-stealing attacks. As mobile communication and information processing becomes a commodity, economy and society require protection of this precious resource. Mobility and trust in networking go hand in hand for future generations of users, who need privacy and security at all layers of technology. In addition, the introduction of new data collection practices and data-flows (e.g. sensing data) from the mobile device makes it more difficult to understand the new security and privacy threats introduced. MobiSec strives to bring together the leading-edge of academia and industry in mobile systems security, as well as practitioners, standards developers and policymakers. Contributions may range from architecture designs and implementations to cryptographic solutions for mobile and resource-constrained devices.

For more information, please see http://mobisec.org/2012.

DSPAN 2012 3rd IEEE Workshop on Data Security and PrivAcy in wireless Networks, Held in conjunction with The Thirteenth International Symposium on a World of Wireless, Mobile and Multimedia Networks (WoWMoM 2012), San Francisco, CA, USA, June 25, 2012. [posted here 01/02/12]
The workshop focuses on defining novel problems and developing novel techniques for data security and privacy issues in wireless and mobile networks. With the emergence of data-intensive wireless networks such as wireless sensor networks and data-centric mobile applications such as location-based services, the traditional boundaries between these three disciplines are blurring. This workshop solicits papers from two main categories: (1) papers that consider the security and privacy of data collection, transmission, storage, publishing,and sharing in wireless networks broadly defined, e.g., MANET,cellular, vehicular, ad hoc, cognitive, as well as sensor networks,and (2) papers that use data analytics techniques to address security and privacy problems in wireless networks. The workshop provides a venue for researchers to present new ideas with impact on three communities wireless networks, databases, and security.

For more information, please see http://www.ee.washington.edu/research/nsl/DSPAN_2012/.

SACMAT 2012 17th ACM Symposium on Access Control Models and Technologies, Newark, NJ, USA, June 20-22, 2012. [posted here 11/14/11]
Papers offering novel research contributions in all aspects of access control are solicited for submission to SACMAT 2012. It is the premier forum for presentation of research results and experience reports on leading edge issues of access control, including models, systems, applications, and theory. The missions of the symposium are to share novel access control solutions that fulfill the needs of heterogeneous applications and environments and to identify new directions for future research and development. SACMAT gives researchers and practitioners a unique opportunity to share their perspectives with others interested in the various aspects of access control. Accepted papers will be presented at the symposium and published by the ACM in the symposium proceedings. Best Paper Award will be presented to the authors of the most outstanding paper at the conference. Topics of interest include but are not limited to:
- Access control models and extensions
- Access control requirements
- Access control design methodology
- Access control mechanisms, systems, and tools
- Access control in distributed and mobile systems
- Access control for innovative applications
- Administration of access control policies
- Delegation
- Identity management
- Policy/Role Engineering
- Safety analysis and enforcement
- Standards for access control
- Trust management
- Trust and risk models in access control
- Theoretical foundations for access control models
- Usability in access control systems
- Usage control

For more information, please see http://www.sacmat.org.

WISTP 2012 6th Workshop on Information Security Theory and Practice, London, UK, June 19-22, 2012. [posted here 12/5/11]
Future ICT technologies, like the concepts of Ambient Intelligence and Internet of Things provide a vision of the Information Society where the emphasis is on surrounding people by intelligent interactive interfaces and objects and on environments that are capable of recognising and reacting to the presence of different individuals in a seamless, unobtrusive and invisible manner. WISTP 2012 aims to address the security and privacy issues that are increasingly exposed by mobile and wireless communications and related services, along with evaluating their impact on business, individuals, and the society. The workshop seeks submissions from academia and industry presenting novel research on all theoretical and practical aspects of security and privacy of mobile and smart devices, as well as experimental studies of fielded systems based on wireless communication, the application of security technology, the implementation of systems, and lessons learned. We encourage submissions from other communities such as law, business and policy that present these communities' perspectives on technological issues. Topics of interest include, but are not limited to:
- Security, Privacy and Trust in the Internet of Things
- Security and Trustworthiness in mobile and wireless networks including Mobile ad hoc networks, RFID systems, Wireless sensor networks and Vehicular networks
- Security, Privacy and Trust in Smart Environments
- Security, Privacy and Trust in Social Networks and Social Worlds
- Trustworthy life-logging
- Security, Privacy and Trust in e-Government and Mobile Commerce including Biometrics and national ID cards
- Human behaviour and psychological aspects of security including User centric security and privacy
- Lightweight cryptography
- Privacy enhancing technologies (PETs)
- Mobile code security
- Mobile devices security
- Smart card security
- Embedded systems security
- Security models and architectures including Security and privacy policies, Authentication and Access Control, and Security protocols

For more information, please see http://www.wistp.org/.

ICDCS-NFSP 2012 1st International Workshop on Network Forensics, Security and Privacy, Held in conjunction with ICDCS 2012, Macau, China, June 18-21, 2012. [posted here 10/31/11]
Cyber space has become an integrated part of human society. At the same time, has also been providing convenient platforms for crimes, such as financial fraud, information phishing, distributed denial of service attacks, and fake message propagation. Especially, the emergence of social networks has introduced significant security and privacy issues to the public. It is a great and new challenge of fighting against criminals in the cyber space. This field involved various disciplines, such as networking, information theory, mathematical modelling, data mining, machine learning, image and voice processing, neural network, pattern recognition, cryptography and forensic criminology. Topics of interest include, but not limited to:
- Anonymous system and forensics
- IP traceback
- Malware detection
- Botnet identification
- Networked video system
- Biometric security and forensics
- Emotion identification via video
- Wireless forensics, security and privacy
- Game theory in forensics, security and privacy
- Data Mining in forensics, security and privacy
- DDoS attacks
- Virus source traceback
- Malware source traceback
- Botmaster traceback
- Distributed systems and forensics
- System security and forensics
- Intrusion detection
- Social networks forensics, security and privacy
- Information theory in network security
- Multimedia in network security

For more information, please see http://www.deakin.edu.au/~syu/nfsp/.

ICDCS-SPCC 2012 3rd International Workshop on Security and Privacy in Cloud Computing, Held in conjunction with ICDCS 2012, Macau, China, June 18-21, 2012. [posted here 10/31/11]
Cloud computing has recently emerged as a new information technology infrastructure. Cloud computing has unique attributes that raise many security and privacy challenges in areas such as data security, recovery, and privacy, as well as legal issues in areas such as regulatory compliance and auditing. In contrast to traditional enterprise IT solutions, where the IT services are under proper physical, logical and personnel controls, cloud computing moves the application software and databases to the servers in large data centers on the Internet, where the management of the data and services are not fully trustworthy. When clients store their data on the server without themselves possessing a copy of it, how the integrity of the data can be ensured if the server is not fully trustworthy? Will encryption solve the data confidentiality problem of sensitive data? How will encryption affect dynamic data operations such as query, insertion, modification, and deletion? Data in the cloud is typically in a shared environment alongside data from other clients. How the data segregation should be done, while data are stored, transmitted, and processed? Due to the fundamental paradigm shift in cloud computing, many security concerns have to be better understood, unanticipated vulnerabilities identified, and viable solutions to critical threats devised, before the wide deployment of cloud computing techniques can take place. We are soliciting both full papers that present relatively complete and mature research results and short position papers that report work-in-progress but inspiring and intriguing new ideas. Topics of interests include (but are not limited to) the following subject categories:
- Secure cloud architecture
- Cloud access control and key management
- Identification and privacy in cloud
- Remote data integrity protection
- Dynamic data operation security
- Software and data segregation security
- Secure management of virtualized resources
- Joint security and privacy aware protocol design
- Failure detection and prediction
- Secure data management in/across data centers
- Availability, recovery and auditing
- Secure wireless cloud

For more information, please see http://www.ece.iit.edu/~ubisec/workshop.htm.

TRUST 2012 5th International Conference on Trust and Trustworthy Computing, Vienna, Austria, June 13-15, 2012. [posted here 01/30/12]
TRUST 2012 is an international conference on the technical and socio-economic aspects of trustworthy infrastructures. It provides an excellent interdisciplinary forum for researchers, practitioners, and decision makers to explore new ideas and discuss experiences in building, designing, using and understanding trustworthy computing systems. The conference solicits original papers on any aspect (technical or social and economic) of the design, application and usage of trusted and trustworthy computing, which concerns a broad range of concepts. Topics of interest include, but are not limited to:
Technical Strand:
- Architecture and implementation technologies for trusted platforms and trustworthy infrastructures
- Trust, Security and Privacy in embedded systems
- Trust, Security and Privacy in social networks
- Trusted mobile platforms and mobile phone security
- Implementations of trusted computing (hardware and software)
- Applications of trusted computing
- Trustworthy infrastructures and resilient services for cloud computing
- Attestation and integrity verification
- Cryptographic aspects of trusted and trustworthy computing
- Design, implementation and analysis of security hardware, i.e., hardware with cryptographic and security functions, physically unclonable functions
- Intrusion resilience in trusted computing
- Virtualization for trusted platforms
- Secure storage
- Security policy and management of trusted computing
- Access control for trusted platforms
- Privacy aspects of trusted computing
- Verification of trusted computing architectures
- Usability and end-user interactions with trusted platforms
- Limitations of trusted computing

Socio-economic Strand: - Usability and user perceptions of trustworthy systems and risks
- Effects of trustworthy systems upon user/corporate/governmental behavior
- Economic drivers for trustworthy systems in corporate environment
- Impact of trustworthy systems in enhancing trust in cloud infrastructures
- The adequacy of guarantees provided by trustworthy systems for systems critically dependent upon trust, such as elections and government oversight
- The impact of trustworthy systems upon digital forensics, police investigations and court proceedings
- Game theoretical approaches to modeling or designing trustworthy systems
- Approaches to model and simulate scenarios of how trustworthy systems would be used in corporate environments and in personal space
- Experimental economics studies of trustworthiness
- Interplay between privacy (enhancing technologies), trustworthy systems
- Critiques of trustworthy systems
For more information, please see http://www.trust.sba-research.org.

SFCS 2012 1st IEEE International Workshop on Security and Forensics in Communication Systems, Held in conjunction with IEEE ICC 2012, Ottawa, Canada, June 10-15, 2012. [posted here 10/10/11]
Digital attacks are continuing to increase at an alarming rate. They target a wide variety of protocols and communication systems ranging from servers and end-user machines to wireless and mobile networks and devices. The absence of supporting evidence and technically sound methods may prevent administrators from: proving the identity of the guilty party, identifying the root vulnerability to prevent a future occurrence of a similar incident, and understanding the attacker’s motivation for an efficient design of security solutions. In this context, digital forensic engineering is emerging as a disciplined science in charge of developing novel scientific and theoretical methods, techniques, and approaches to collect, process, and analyze information retrieved from systems affected by security incidents and generate conclusive descriptions. The SFCS 2012 Workshop will bring together researchers, scientists, engineers and practitioners involved in research in the fields of communication systems security and forensics, to present their latest research findings, ideas, and developments. Topics of interest include, but are not limited to:
- Formal aspects of network security
- Theoretical techniques of digital forensics
- Embedded and handled devices forensic
- Evidence preservation, management, storage, reassembly, and analysis
- Anti-forensics prevention detection and analysis
- Development of Investigation processes and procedures
- Automated analysis of evidence
- Forensics in multimedia and communication protocols
- Security and Investigation techniques in wireless and mobile communication systems
- Risk analysis and management in communication systems
- Social networks security and forensics
- Collaborative and distributed digital investigation
- Hypothetical reasoning in forensics and incident response
- Legal and policy issues in digital forensics
- Intrusion Detection, incident response, and evidence handling
- Vulnerability analysis and assessment, and analysis of malware
- Cryptography and forensics techniques in multimedia communication
- Data hiding, extraction, and recovery techniques
- Techniques for Tracking and traceback of attacks in systems and networks
- Availability, privacy, authentication, and anonymity
- Secure e-services, e-government, e-learning, e-voting, and m-commerce applications
- File systems memory analysis
- Infrastructure protection, and Virtual Private Networks security
- Storage system protection and forensics
- Physical and Biometric security

For more information, please see http://sites.google.com/site/sfcs2012/.

WDFIA 2012 7th International Workshop on Digital Forensics and Incident Analysis, Hersonissos, Crete, Greece, June 6-8, 2012. [posted here 11/21/11]
The field of digital forensics is rapidly evolving and continues to gain significance in both the law enforcement and the scientific community. Being intrinsically interdisciplinary, it draws upon a wide range of subject areas such as information & communication technologies, law, social sciences and business administration. We are pleased to announce the 7th annual workshop on digital forensics and incident analysis graciously hosted at the Creta Maria Convention Centre, Crete, Greece. WDFIA 2012 is supported by IFIP WG 8, and immediately follows the IFIP SEC 2012 international conference at the same venue. The workshop aims to provide a forum for researchers and practitioners to present original, unpublished research results and innovative ideas. We welcome the submission of papers from the full spectrum of issues relating to the theory and practice of digital forensics and incident analysis. Areas of special interest include, but are not limited to:
- Digital forensics tools and applications
- Incident response and investigation
- Forensic standards and procedures
- Portable electronic device forensics
- Network forensics
- Data hiding and recovery
- Network traffic analysis, traceback and attribution
- Data mining and e-discovery and their corporate use
- Legal, ethical and policy issues related to digital forensics
- Digital evidence visualisation and presentation
- Integrity of digital evidence and live investigations
- Digital evidence chain of custody, storage and preservation
- Multimedia analysis
- Digital forensics case studies
- Digital forensics training and education
- Best practices and case studies
- Forensics issues of malicious code
- Anti-forensics

For more information, please see http://www.wdfia.org/.

HAISA 2012 6th International Symposium on Human Aspects of Information Security and Assurance, Hersonissos, Crete, Greece, June 6-8, 2012. [posted here 11/21/11]
It is commonly acknowledged that security requirements cannot be addressed by technical means alone, and that a significant aspect of protection comes down to the attitudes, awareness, behaviour and capabilities of the people involved. Indeed, people can potentially represent a key asset in achieving security, but factors such as lack of awareness and understanding, combined with unreasonable demands from security technologies, can dramatically impede their ability to do so. With this in mind, HAISA 2012 specifically addresses information security issues that relate to people. It concerns the methods that inform and guide users' understanding of security, and the technologies that can benefit and support them in achieving protection. HAISA 2012 welcomes papers addressing research and case studies in relation to any aspect of information security that pertains to the attitudes, perceptions and behaviour of people, and how human characteristics or technologies may be positively modified to improve the level of protection. Indicative themes include:
- Information security culture
- Awareness and education methods
- Enhancing risk perception
- Public understanding of security
- Usable security
- Psychological models of security software usage
- User acceptance of security policies and technologies
- User-friendly authentication methods
- Biometric technologies and impacts
- Automating security functionality Non-intrusive security
- Assisting security administration
- Impacts of standards, policies, compliance requirements
- Organizational governance for information assurance
- Simplifying risk and threat assessment
- Understanding motivations for misuse
- Social engineering and other human-related risks
- Privacy attitudes and practices
- Computer ethics and security

For more information, please see http://haisa.org/.

SEC 2012 27th IFIP International Information Security and Privacy Conference, Creta Maris Hotel, Heraklion, Crete, Greece, June 4-6, 2012. [posted here 08/22/11]
Papers offering novel research contributions in any aspect of computer security are solicited for submission to the 27th IFIP International Information Security and Privacy Conference. The focus is on original, high quality, unpublished research and implementation experiences. Submitted papers must not substantially overlap with papers that have been published or that are simultaneously submitted to a journal or a conference with proceedings. We encourage submissions of papers discussing industrial research and development. Papers should focus on topics which include, but are not limited to, the following:
- Access control
- Accountability
- Anonymity
- Applied Cryptography
- Attacks & Malicious Code
- Authentication & Delegation
- Awareness & Education
- Data Integrity
- Database Security
- Identity Management
- Information Security Culture
- Formal Security Verification
- Mobile Code Security
- Policies & Standards
- Privacy Attitudes & Practices
- Risk Analysis & Management
- Security Architectures
- Security Economics
- Security in Location Services
- Security in Social Networks
- Security Models
- Social Engineering & other Human-related Risks
- System Security
- Usable Security
- Trust Models & Management
- Trust Theories
- Trustworthy User Devices

For more information, please see http://www.sec2012.org.

HOST 2012 IEEE International Symposium on Hardware-oriented Security and Trust, Held in conjunction with the DAC 2012, San Francisco, CA, USA, June 3-4, 2012. [posted here 12/5/11]
A wide range of applications, from secure RFID tagging to high-end trusted computing, relies on dedicated and trusted hardware platforms. The security and trustworthiness of such hardware designs are critical to their successful deployment and operation. Recent advances in tampering and reverse engineering show that important challenges lie ahead. For example, secure electronic designs may be affected by malicious circuits, Trojans that alter system operation. Furthermore, dedicated secure hardware implementations are susceptible to novel forms of attack that exploit side-channel leakage and faults. Third, the globalized, horizontal semiconductor business model raises concerns of trust and intellectual-property protection. HOST 2012 is a forum for novel solutions to address these challenges. Innovative test mechanisms may reveal Trojans in a design before they are able to do harm. Implementation attacks may be thwarted using side-channel resistant design or fault-tolerant designs. New security-aware design tools can assist a designer in implementing critical and trusted functionality, quickly and efficiently. The IEEE International Symposium on Hardware Oriented Security and Trust seeks original contributions in the area of hardware-oriented security. This includes tools, design methods, architectures, and circuits. In addition, novel applications of secure hardware are especially welcome. HOST 2012 seeks contributions based on, but not limited to, the following topics:
- Trojan detection and isolation
- Implementation attacks and countermeasures
- Side channel analysis and fault analysis
- Intellectual property protection and metering
- Tools and methodologies for secure hardware design
- Hardware architectures for cryptography
- Hardware security primitives: PUFs and TRNGs

- Interaction of secure hardware and software

For more information, please see http://www.hostsymposium.org.

TrustED 2012 2nd International Workshop on Trustworthy Embedded Devices, Co-located with the IEEE Symposium on Security & Privacy, San Francisco, CA, U.S.A, May 25, 2012. [posted here 02/06/12]
In TrustED 2012 we consider selected aspects of cyber physical systems and their environments. We aim at bringing together experts from academia and research institutes, industry and government for discussing and investigating problems, challenges and some recent scientific and technological developments in this field. Of particular interests are security aspects of smartphones and their interfaces to other embedded devices. This includes (but is not limited to) the following topics:
- Hardware entangled cryptography
- Foundation, development, and applications of Physical Security Primitives, e.g., Physically Unclonable Functions (PUFs)
- Embedded system security including smart phones
- Trusted Computing for Embedded Systems
- Privacy aspects of embedded systems (e.g., medical devices, electronic IDs)
- Remote Attestation
- IP protection for embedded systems
- Attacks on embedded systems and reverse engineering
- Physical and logical convergence (e.g., secure and privacy-preserving facility management)
- Secure execution environment on mobile devices
- Secure computation on embedded devices
- Attack models for embedded systems
- Smart metering devices

For more information, please see http://trusted.trust.cased.de/.

MoST 2012 Mobile Security Technologies Workshop, Co-located with IEEE Symposium on Security and Privacy 2012, The Westin St. Francis Hotel, San Francisco, CA, USA, May 24, 2012. [posted here 01/02/12]
MoST is co-located with the IEEE Security & Privacy Symposium. Mobile Security Technologies (MoST) brings together researchers, practitioners, policy makers, and hardware and software developers of mobile systems to explore the latest understanding and advances in the security and privacy for mobile devices, applications, and systems. We are seeking both short position papers (2-4 pages) and longer papers (a maximum of 10 pages). The scope of MoST 2012 includes, but is not limited to, security and privacy specifically for mobile devices and services related to:
- Device hardware
- Operating systems
- Middleware
- Mobile web
- Secure and efficient communication
- Secure application development tools and practices
- Privacy
- Vulnerabilities and remediation techniques
- Usable security
- Identity and access control
- Risks in putting trust in the device vs. in the network/cloud
- Special applications, such as medical monitoring and records
- Mobile advertisement
- Secure applications and application markets
- Economic impact of security and privacy technologies

For more information, please see http://www.mostconf.com.

W2SP 2012 Web 2.0 Security & Privacy Workshop, Co-located with IEEE Symposium on Security and Privacy 2012, The Westin St. Francis Hotel, San Francisco, CA, USA, May 24, 2012. [posted here 01/02/12]
W2SP brings together researchers, practitioners, web programmers, policy makers, and others interested in the latest understanding and advances in the security and privacy of the web, browsers and their eco-system. We have had five years of successful W2SP workshops. This year, we will additionally invite selected papers to a special issue of the journal. We are seeking both short position papers (2-4 pages) and longer papers (a maximum of 10 pages). The scope of W2SP 2012 includes, but is not limited to:
- Trustworthy cloud-based services
- Privacy and reputation in social networks
- Security and privacy as a service
- Usable security and privacy
- Security for the mobile web
- Identity management and psuedonymity
- Web services/feeds/mashups
- Provenance and governance
- Security and privacy policies for composible content
- Next-generation browser technology
- Secure extensions and plug-ins
- Advertisement and affiliate fraud
- Measurement study for understanding web security and privacy

For more information, please see http://www.w2spconf.com/2012/.

WSCS 2012 Workshop on Semantic Computing and Security, Co-located with the IEEE Security and Privacy Symposium 2012, The Westin Hotel, San Francisco, CA, USA, May 24, 2012. [posted here 01/16/12]
This workshop follows the successful September 2011 workshop (WSCSP) at the International Semantic Computing Symposium. This new workshop will explore additional topics and allow semantic computing researchers to have more opportunity to interact with security researchers. Semantic Computing technologies derive and use semantics from content, where "content" is wide-ranging: video, audio, text, conversation, software, devices, actions, behavior, etc. Security technology encompasses the specification of secure behavior as well as the detection of insecure behavior over computer networks. The two disciplines come together in this new and interesting combination, in a synergy-seeking, cutting-edge workshop. The delimited notions of semantics used within Security and Privacy provide a well-defined and as yet unstudied domain for semantic modeling, automated semantic interpretation, and inference, with clear practical uses and opportunities for novel and imaginative research. The workshop on Semantic Computing and Security addresses: (1) deriving semantics from data used for security and privacy research; (2) semantic verification of network activity; and (3) inferring the semantics of malicious free-form data, such as email and web pages. Topics of interest include but are not limited to:
- Network dataset curation through semantic derivation
- Semantic MediaWiki for vulnerability sharing and detecting emergent security properties
- Network security semantics, dynamic classification
- Inferred semantics of malicious code
- Semantic verification of network operations
- Semantic specification and analysis of security experiment design
- Semantic analysis of access control policies
- Semantics of data acquisition and computation provenance
- Semantic analysis of malware communication
- Semantics-aware trust management

For more information, please see http://ieee-security.org/TC/SPW2012/wscs-website/wscs.php.

SECOTS 2012 International Symposium on Security in Collaboration Technologies and Systems, Denver, Colorado, USA, May 21 – 25, 2012. [posted here 12/05/11]
This Symposium on Security in Collaboration Technologies and Systems will focus on security issues related to collaboration systems with emphasis on secure and trustworthy distributed environments, Grid and Cloud based resource virtualization and on-demand provisioning, multi-agent systems, mobile and wireless cooperation. The aim is to have a dedicated forum that fosters closer interactions among researchers and users communities, providing an excellent opportunity for them to meet and discuss their ideas. The symposium will address issues related to the security infrastructure and services design, implementation and operation. It intends to address new security challenges and present new ideas and solutions addressing modern security requirements, specific methods of access control that should allow large scale multi-organizational cooperation, use of mobile technologies and smartcards, enabling intrusion detection, system recovery and healing in the context of cooperative systems. The Symposium topics include (but are not limited to) the following:
- Fundamentals and Frameworks for Security in Collaboration Systems
- Intrusion Detection and Attack Response in Collaboration Systems
- Access Control, Reputation and Trust in Collaboration Environments
- Cross Domain Identity and User Attributes Management Systems
- Security Standards
- Encryption and Cryptography Systems Supporting Cooperative Systems
- Privacy Protection for Collaboration Systems
- Trusted Operating Systems for Distributed Environments
- Middleware Security
- Security Metrics and Measures
- Collaborative Security Monitoring Schemes and Systems
- Usability, Social Engineering, and Security
- Security and Information Assurance Education and Curriculum Issues
- Security Models for Cloud Computing
- Security in Collaborative Multi Agent Systems
- Security of Grid and Cluster Architectures Supporting Cooperative Applications
- Security in Workflow Management Systems
- Policy Driven SLA Negotiation
- Security in Mobile and Wireless Networks for Collaboration
- Security Models for Coalition Networks
- Security in Social Networks
- Virtual Organizations and Dynamic Security Associations
- Web Services Security
- Use of Smartcards in the Context of Collaboration

For more information, please see http://cisedu.us/rp/cts12/2-conference/symposia/symposium-2--secots-2012.

SP 2012 33rd IEEE Symposium on Security and Privacy , San Francisco Bay Area, California, USA, May 20-23, 2012. [posted here 08/22/11]
Since 1980, the IEEE Symposium on Security and Privacy has been the premier forum for computer security research, presenting the latest developments and bringing together researchers and practitioners. We solicit previously unpublished papers offering novel research contributions in any aspect of computer security or privacy. Papers may present advances in the theory, design, implementation, analysis, verification, or empirical evaluation of secure systems. Topics of interest include:
- Access control
- Accountability
- Anonymity
- Application security
- Attacks and defenses
- Authentication
- Censorship and censorship-resistance
- Distributed systems security
- Embedded systems security
- Forensics
- Hardware security
- Intrusion detection
- Language-based security
- Malware
- Metrics
- Network security
- Privacy-preserving systems
- Protocol security
- Secure information flow
- Security and privacy policies
- Security architectures
- System security
- Usability and security
- Web security

SYSTEMATIZATION OF KNOWLEDGE PAPERS: Following the success of the previous year's conference, we are also soliciting papers focused on systematization of knowledge. The goal of this call is to encourage work that evaluates, systematizes, and contextualizes existing knowledge. These papers will provide a high value to our community but would otherwise not be accepted because they lack novel research contributions. Suitable papers include survey papers that provide useful perspectives on major research areas, papers that support or challenge long-held beliefs with compelling evidence, or papers that provide an extensive and realistic evaluation of competing approaches to solving specific problems. Submissions will be distinguished by a checkbox on the submission form. They will be reviewed by the full PC and held to the same standards as traditional research papers, except instead of emphasizing novel research contributions the emphasis will be on value to the community. Accepted papers will be presented at the symposium and included in the proceedings.

For more information, please see http://www.ieee-security.org/TC/SP2012/cfp.html.

COSADE 2012 3rd International Workshop on Constructive Side-Channel Analysis and Secure Design, Darmstadt, Germany, May 3-4, 2012. [posted here 09/12/11]
Side-channel analysis (SCA) and implementation attacks have become an important field of research at universities and in the industry. In order to enhance the resistance of cryptographic and security critical implementations within the design phase, constructive attacks and analyzing techniques may serve as a quality metric to optimize the design- and development process. This workshop provides an international platform for researchers, academics, and industry participants to present their work and their current research topics. It is an excellent opportunity to meet experts and to initiate new collaborations and information exchange at a professional level. The workshop will feature both invited presentations and contributed talks.

For more information, please see http://cosade2011.cased.de.

ASIACCS 2012 7th ACM Symposium on Information, Computer and Communications Security, Seoul, Republic of Korea, May 1-3, 2012. [posted here 10/03/11]
ASIACCS is a major international forum for information security researchers, practitioners, developers, and users to explore and exchange the newest cyber security ideas, breakthroughs, findings, techniques, tools, and experiences. We invite submissions from academia, government, and industry presenting novel research on all theoretical and practical aspects of computer and network security. Areas of interest for ASIACCS 2012 include, but are not limited to:
- anonymity
- inference/controlled disclosure
- cryptographic protocols
- access control
- intellectual-property protection
- data/system integrity
- secure networking
- operating system security
- hardware-based security
- cloud security
- digital-rights management
- information warfare
- accounting and audit
- trusted computing
- formal methods for security
- key management
- phishing and countermeasures
- identity management
- intrusion detection
- commercial and industry security
- security in ubiquitous computing, e.g., RFIDs
- authentication
- security management
- smartcards
- web security
- security and privacy for emerging technologies, e.g., VoIP, peer-to-peer and overlay network systems, Web 2.0
- data and application security
- applied cryptography
- malware and botnets
- mobile-computing security
- privacy-enhancing technology
- software security
- wireless security

For more information, please see http://elec.sch.ac.kr/asiaccs/.

LEET 2012 5th USENIX Workshop on Large-Scale Exploits and Emergent Threats, Co-located with NSDI 2012, San Jose, CA, USA, April 24, 2012. [posted here 12/12/11]
Now in its fifth year, LEET continues to provide a unique forum for the discussion of threats to the confidentiality of our data, the integrity of digital transactions, and the dependability of the technologies we increasingly rely on. We encourage submissions of papers that focus on the malicious activities themselves (e.g., reconnaissance, exploitation, privilege escalation, rootkit installation, attack), our responses as defenders (e.g., prevention, detection, and mitigation), or the social, political, and economic goals driving these malicious activities and the legal and ethical codes guiding our defensive responses. Topics of interest include but are not limited to:
- Infection vectors for malware (worms, viruses, etc.)
- Botnets, command, and control channels
- Spyware
- Operational experience and case studies
- Forensics
- Click fraud
- Measurement studies
- New threats and related challenges
- Boutique and targeted malware
- Phishing
- Spam
- Underground economy
- Carding and identity theft
- Miscreant counterintelligence
- Denial-of-service attacks
- Hardware vulnerabilities
- Legal issues
- The arms race (rootkits, anti-anti-virus, etc.)
- New platforms (cellular networks, wireless networks, mobile devices)
- Camouflage and detection
- Reverse engineering
- Vulnerability markets and zero-day economics
- Online money laundering
- Understanding the enemy
- Data collection challenges

For more information, please see http://www.usenix.org/leet12/cfpa.

PSOSM 2012 Workshop on Privacy and Security in Online Social Media, Held in conjunction with the 21st International World Wide Web Conference (WWW 2012), Lyon, France, April 16-20, 2012. [posted here 12/5/11]
With increase in usage of the Internet, there has been an exponential increase in the use of online social media on the Internet. Websites like Facebook, YouTube, Orkut, Twitter and Flickr have changed the way Internet is being used. There is a dire need to investigate, study and characterize privacy and security of online social media from various perspectives (computational, cultural, psychological). Real world scalable systems need to be built to detect and defend security and privacy issues on online social media. The main goals of the workshop are: (1) To create a platform to discuss latest issues, trends, and cutting-edge research approaches in security and privacy in online social media; (2) to bring researchers who are working on issues related to security and privacy on the Internet, and those studying online social media, to discuss the problems that overlap and bring these two areas together. Topics / themes include, but not limited to the following:
- Information privacy disclosure, revelation and its effects in online social networks
- Collateral damage due to information leakage (e.g. through photo tagging) on OSM
- Privacy issues related to location based services on OSM
- Effective and usable privacy setting and policies on OSM
- Anonymization of social network datasets
- Detection and characterization of spam, phishing, frauds, hate crime, abuse, extremism via online social media
- Cyber-bullying, abuse and harassment detection, and prevention strategies
- Identifying and curbing malware, phishing, and botnets on OSM
- Filtering of pornography, viruses, and human trafficking related content or entities on OSM
- Studying the social and economic impact of security and privacy issues on OSM
- Usability (including design flaws) of secure systems on online social media
- Data modeling of human behavior in context of security and privacy threats
- Privacy and security issues in social gaming applications
- Trust systems based on social networks
- Legal and ethical issues for researchers studying security and privacy on OSM
- Information credibility on online social media
- Security and privacy challenges in new entrants in OSM (e.g. Google Plus)
- Effect of OSM on conventional crime (robberies and theft)

For more information, please see http://precog.iiitd.edu.in/psosm_www2012/.

WiSec 2012 ACM Conference on Wireless Network Security, Tucson, Arizona, USA, April 16-18, 2012. [posted here 10/03/11]
As wireless and mobile networking becomes ubiquitous, security and privacy become increasingly critical. The focus of the ACM Conference on Wireless Network Security (ACM WiSec) is on exploring vulnerabilities, threats, and attacks in wireless communications and the techniques needed to address them. Settings of interest include cellular, metropolitan, mesh, local-area, personal-area, home, vehicular, sensor, ad hoc, satellite, cognitive radio, RFID, and underwater networks as well as systems using non-RF wireless communication. The conference is soliciting contributions to topics including but not limited to:
- Key management in wireless/mobile environments
- Secure services (neighbor discovery, localization, etc.)
- Secure PHY and MAC protocols
- Trust establishment
- Intrusion, attack, and malicious behavior detection
- Denial of service
- User and location privacy
- Anonymity, unobservability, prevention of traffic analysis
- Identity theft and phishing in mobile networks
- Charging & secure payment
- Cooperation and mitigating non?cooperative behavior
- Economics of wireless security
- Vulnerability and attack modeling
- Incentive-aware secure protocol design
- Jamming/Anti-jamming communication
- Cross-layer design for security
- Monitoring and surveillance
- Cryptographic primitives for wireless communication
- Theoretical foundations and formal methods for wireless security and privacy
- Security and privacy of mobile OS and mobile applications
- Secure delay- and disruption-tolerant networking
- Secure non-RF wireless communication (e.g., ultrasound, vision, laser)
- Security/privacy in wireless smart grid and smart metering applications
- Security/privacy in wireless network coding
- Security/privacy in wireless/ephemeral social networking
- Security/privacy in mobile/wireless cloud services

For more information, please see http://www.sigsac.org/wisec/WiSec2012/.

ICB 2012 5th International Conference on Biometrics, New Delhi, India, March 30 - April 1, 2012. [posted here 08/01/11]
The 5th International Conference on Biometrics (ICB 2012) will have a broad scope and invites papers that advance biometric technologies, sensor design, feature extraction and matching algorithms, analysis of security and privacy, and evaluation of social impact of biometrics technology. Topics will include biometric systems based on fingerprint, iris, face, voice, gait and other modalities as well as biometric fusion and emerging biometrics based on novel sensing technologies. All submissions must clearly articulate the novelty of the work and must report results on publicly available datasets whenever possible.

For more information, please see http://icb12.iiitd.ac.in.

POST 2012 1st Conference on Principles of Security and Trust, Tallinn, Estonia, March 24 - April 1, 2012. [posted here 08/01/11]
Principles of Security and Trust is a broad forum related to the theoretical and foundational aspects of security and trust. Papers of many kinds are welcome: new theoretical results, practical applications of existing foundational ideas, and innovative theoretical approaches stimulated by pressing practical problems. We seek submissions proposing theories to clarify security and trust within computer science; submissions establishing new results in existing theories; and also submissions raising fundamental concerns about existing theories. We welcome new techniques and tools to automate reasoning within such theories, or to solve security and trust problems. Case studies that reflect the strengths and limitations of foundational approaches are also welcome, as are more exploratory presentations on open questions. Areas of interest include:
- Access control
- Anonymity
- Authentication
- Availability
- Cloud security
- Confidentiality
- Covert channels
- Crypto foundations
- Economic issues
- Information flow
- Integrity
- Languages for security
- Malicious code
- Mobile code
- Models and policies
- Privacy
- Provenance
- Reputation and trust
- Resource usage
- Risk assessment
- Security architectures
- Security protocols
- Trust management
- Web service security

For more information, please see http://web.cs.wpi.edu/~guttman/post12/.

IFIP-CIP 2012 6th Annual IFIP WG 11.10 International Conference on Critical Infrastructure Protection, National Defense University, Fort McNair, Washington, DC, USA, March 19-21, 2012. [posted here 10/03/11]
The IFIP Working Group 11.10 on Critical Infrastructure Protection is an active international community of researchers, infrastructure operators and policy-makers dedicated to applying scientific principles, engineering techniques and public policy to address current and future problems in information infrastructure protection. Following the success of the first five conferences, the Sixth Annual IFIP WG 11.10 International Conference on Critical Infrastructure Protection will again provide a forum for presenting original, unpublished research results and innovative ideas related to all aspects of critical infrastructure protection. Papers and panel proposals are solicited. Submissions will be refereed by members of Working Group 11.10 and other internationally-recognized experts in critical infrastructure protection. Papers and panel submissions will be selected based on their technical merit and relevance to IFIP WG 11.10. The conference will be limited to seventy participants to facilitate interactions among researchers and intense discussions of research and implementation issues. Papers are solicited in all areas of critical infrastructure protection. Areas of interest include, but are not limited to:
- Infrastructure vulnerabilities, threats and risks
- Security challenges, solutions and implementation issues
- Infrastructure sector interdependencies and security implications
- Risk analysis and risk assessment methodologies
- Modeling and simulation of critical infrastructures
- Legal, economic and policy issues related to critical infrastructure protection
- Secure information sharing
- Infrastructure protection case studies
- Distributed control systems/SCADA security
- Telecommunications network security

For more information, please see http://www.ifip1110.org.

PILATES 2012 Workshop on Physically-augmented Security for Wireless Networks, Kaiserslautern, Germany, March 19–21, 2012. [posted here 10/03/11]
The goal of the PILATES'12 workshop is to discuss "workout plans" in the discipline of physically-augmented wireless security. In particular, the focus lies on taking advantage of physical characteristics of wireless communications as well as of physical context in general or side-channels to increase the "fitness" of conventional security protocols. Both single-hop as well as multi-hop wireless networks are in scope of the workshop. The workshop accepts technical papers and extended abstracts with topics of interest that include but are not limited to:
- Security primitives derived from wireless communication
- Physically-augmented cryptographic protocols
- Physically unclonable functions (PUF)
- Wireless threat modeling and security analysis
- Jamming & anti-jamming security protocols
- Secure localization and positioning
- Quantitative evaluation of wireless system security
- Cross-layer approaches to secure wireless communication
- Utilizing multi-* for security (multi-hop, multi-channel, multi-radio, etc.)

For more information, please see http://mmb2012.de/pilates.

USEC 2012 Workshop on Usable Security, Held in conjunction with the Financial Cryptography and Data Security (FC 2012), Divi Flamingo Beach Resort, Bonaire, March 2, 2012. [posted here 09/15/11]
Many aspects of data security combine technical and human factors. If a highly secure system is unusable, users will move their data to less secure but more usable systems. Problems with usability are a major contributor to many high-profile security failures today. However, usable security is not well-aligned with traditional usability for three reasons. First, security is rarely the desired goal of the individual. In fact, security is usually orthogonal and often in opposition to the actual goal. Second, security information is about risk and threats. Such communication is most often unwelcome. Increasing unwelcome interaction is not a goal of usable design. Third, since individuals must trust their machines to implement their desired tasks, risk communication itself may undermine the value of the networked interaction. For the individual, discrete technical problems are all understood under the rubric of online security (e.g., privacy from third parties use of personally identifiable information, malware). A broader conception of both security and usability is therefore needed for usable security. The workshop on Usable Security invites submissions on all aspects of human factors and usability in the context of security. USEC'12 aims to bring together researchers already engaged in this interdisciplinary effort with other researchers in areas such as economics, intelligent interactions, artificial intelligence, theoretical computer science, and modeling. We encourage AI, HCI, security, psychologists, risk analysts, computer scientists, security specialists, business school faculty, and industry experts to submit original research. We particularly encourage collaborative research from authors in multiple fields.

For more information, please see http://infosecon.net/usec12/index.php.

WECSR 2012 3rd Workshop on Ethics in Computer Security Research, Divi Flamingo Resort, Bonaire, March 2, 2012. [posted here 09/01/11]
Computer security often leads to discovering interesting new problems and challenges. The challenge still remains to follow a path acceptable for Institutional Review Boards at academic institutions, as well as compatible with ethical guidelines for professional societies or government institutions. However, no exact guidelines exist for computer security research yet. This workshop will bring together computer security researchers, practitioners, policy makers, and legal experts. This workshop solicits submissions describing or suggesting ethical and responsible conduct in computer security research. While we focus on setting standards and sharing prior experiences and experiments in computer security research, successful or not, we tap into research behavior in network security, computer security, applied cryptography, privacy, anonymity, and security economics. This workshop will favor discussions among participants, in order to shape the future of ethical standards in the field. It will be co-located with the Sixteenth International Conference on Financial Cryptography and Data Security 2012. We solicit submissions in three categories: Position papers, Case studies, and Panel proposals.

For more information, please see http://www.cs.stevens.edu/~spock/wecsr2012/cfp.html.

FC 2012 16th Financial Cryptography and Data Security, Divi Flamingo Beach Resort, Bonaire, February 27 - March 2, 2012. [posted here 06/06/11]
Financial Cryptography and Data Security is a major international forum for research, advanced development, education, exploration, and debate regarding information assurance, with a specific focus on commercial contexts. The conference covers all aspects of securing transactions and systems. Original works focusing on both fundamental and applied real-world deployments on all aspects surrounding commerce security are solicited. Submissions need not be exclusively concerned with cryptography. Systems security and inter-disciplinary works are particularly encouraged. The topics include:
- Anonymity and Privacy
- Auctions and Audits
- Authentication and Identification
- Backup Authentication
- Biometrics
- Certification and Authorization
- Cloud Computing Security
- Commercial Cryptographic Applications
- Contracts and Transactions
- Data Outsourcing Security
- Digital Cash and Payment Systems
- Digital Incentive and Loyalty Systems
- Digital Rights Management
- Fraud Detection
- Game Theoretic Approaches to Security
- Identity Theft
- Information Security
- Infrastructure Design Legal and Regulatory Issues
- Management and Operations
- Microfinance and Micropayments
- Mobile Internet Device Security
- Monitoring
- Phishing and Social Engineering
- Privacy-enhancing Systems
- Reputation Systems
- RFID-Based and Contactless Payment Systems
- Risk Assessment and Management
- Secure Banking and Financial Web Services
- Secure Tokens and Hardware
- Securing Emerging Computational Paradigms
- Security and Risk Perceptions and Judgments
- Security Economics
- Smartcards
- Spam
- Trust Management
- Underground-Market Economics
- Usability
- Virtual Economies
- Voting Systems

For more information, please see http://fc12.ifca.ai/.

CT-RSA 2012 RSA Conference, Cryptographers' Track, San Francisco, February 27-Mar 2, 2012. [posted here 07/04/11]
The RSA Conference is the largest annual information security event, with hundreds of vendors and thousands of attendees. Among the 20 tracks of the RSA conference, the Cryptographers' Track stands out, offering a glimpse of academic research in the field of cryptography. The Cryptographers' Track was founded in 2001, and it has since established its presence in the cryptographic community. To support the academic exchange, RSA conference offers a special academic discount for registration, as well as a waiver for the speakers presenting their papers that were accepted to CT-RSA 2012. Original research papers pertaining to all aspects of cryptography are solicited. Submissions may present applications, techniques, theory, and practical experience on topics including, but not limited to:
- Public-key encryption
- Symmetric-key encryption
- Cryptanalysis
- Digital signatures
- Hash functions
- Cryptographic protocols
- Tamper-resistance
- Efficient implementations
- Elliptic-curve cryptography
- Lattice-based cryptography
- Quantum cryptography
- Formal security models
- Network security
- Hardware security
- E-commerce

For more information, please see http://ctrsa2012.cs.haifa.ac.il/.

ESSoS 2012 4th International Symposium on Engineering Secure Software and Systems, Eindhoven, The Netherlands, February 16 - 17, 2012. [posted here 06/20/11]
Trustworthy, secure software is a core ingredient of the modern world. Unfortunately, the Internet is too. Hostile, networked environments, like the Internet, can allow vulnerabilities in software to be exploited from anywhere. To address this, high-quality security building blocks (e.g., cryptographic components) are necessary, but insufficient. Indeed, the construction of secure software is challenging because of the complexity of modern applications, the growing sophistication of security requirements, the multitude of available software technologies and the progress of attack vectors. Clearly, a strong need exists for engineering techniques that scale well and that demonstrably improve the software's security properties. The goal of this symposium is to bring together researchers and practitioners to advance the states of the art and practice in secure software engineering. The Symposium seeks submissions on subjects related to its goals. This includes a diversity of topics including (but not limited to):
- scalable techniques for threat modeling and analysis of vulnerabilities
- specification and management of security requirements and policies
- security architecture and design for software and systems
- model checking for security
- specification formalisms for security artifacts
- verification techniques for security properties
- systematic support for security best practices
- security testing
- security assurance cases
- programming paradigms, models and DLS's for security
- program rewriting techniques
- processes for the development of secure software and systems
- security-oriented software reconfiguration and evolution
- security measurement
- automated development
- trade-off between security and other non-functional requirements
- support for assurance, certification and accreditation

For more information, please see http://distrinet.cs.kuleuven.be/events/essos2012/.

CODASPY 2012 2nd ACM Conference on Data and Application Security and Privacy, Hilton Palacio Del Rio, San Antonio, Texas, U.S.A, February 8-10, 2012. [posted here 08/01/11]
Data and the applications that manipulate data are the crucial assets in today's information age. With the increasing drive towards availability of data and services anytime anywhere, security and privacy risks have increased. Vast amounts of privacy-sensitive data are being collected today by organizations for a variety of reasons. Unauthorized disclosure, modification, usage or denial of access to these data and corresponding services may result in high human and financial costs. New applications such as social networking and social computing provide value by aggregating input from numerous individual users and/or the mobile devices they carry with them and computing new information of value to society and individuals. To achieve efficiency and effectiveness in traditional domains such as healthcare there is a drive to make these records electronic and highly available. The need for organizations and government agencies to share information effectively is underscored by rapid innovations in the business world that require close collaboration across traditional boundaries and the dramatic failure of old-style approaches to information protection in government agencies in keeping information too secret to connect the dots. Security and privacy in these and other arenas can be meaningfully achieved only in context of the application domain. Data and applications security and privacy has rapidly expanded as a research field with many important challenges to be addressed. The goal of the conference is to discuss novel exciting research topics in data and application security and privacy and to lay out directions for further research and development in this area. The conference seeks submissions from diverse communities, including corporate and academic researchers, open source projects, standardization bodies, governments, system and security administrators, software engineers and application domain experts. Topics include but not limited to:
- Application layer security policies
- Authorization /Access Control for Applications
- Authorization/Access Control for Databases
- Data dissemination controls
- Data forensics
- Enforcement layer security policies
- Privacy preserving techniques
- Private information retrieval
- Search on protected/encrypted data
- Secure auditing
- Secure collaboration
- Secure data provenance
- Secure electronic commerce
- Secure information sharing
- Secure knowledge management
- Secure multiparty computations
- Secure software development
- Securing data/apps on untrusted platforms
- Securing the semantic web
- Security and Privacy in GIS/Spatial Data
- Security and Privacy in Healthcare
- Security policies for databases
- Social computing security and privacy
- Social networking security and privacy
- Trust metrics for application, data and user
- Web application security

For more information, please see http://www.codaspy.org.

NDSS 2012 Network & Distributed System Security Symposium, San Diego, California, USA, February 5-8, 2012. [posted here 05/23/11]
The Network and Distributed System Security Symposium fosters information exchange among research scientists and practitioners of network and distributed system security. The target audience includes those interested in practical aspects of network and distributed system security, with a focus on system design and implementation. A major goal is to encourage and enable the Internet community to apply, deploy, and advance the state of available security technology. Overall, we are looking for not only for solid results but also for crazy out of the box ideas. Areas of interest include (but are not limited to):
- Network perimeter controls: firewalls, packet filters, application gateways
- Network protocol security: routing, naming, network management
- Cloud computing security
- Security issues in Future Internet architecture and design
- Security of web-based applications and services
- Anti-malware techniques: detection, analysis, and prevention
- Secure future home networks, Internet of Things, body-area networks
- Intrusion prevention, detection, and response
- Combating cyber-crime: anti-phishing, anti-spam, anti-fraud techniques
- Privacy and anonymity technologies
- Security for wireless, mobile networks
- Security of personal communication systems
- Vehicular Ad-hoc Network (VANETs) Security
- Security of peer-to-peer and overlay network systems
- Electronic commerce security: e.g., payments, notarization, timestamping
- Network security policies: implementation deployment, management
- Intellectual property protection: protocols, implementations, DRM
- Public key infrastructures, key management, certification, and revocation
- Security for Emerging Technologies
- Special problems and case studies: cost, usability, security vs. efficiency
- Collaborative applications: teleconferencing and video-conferencing
- Smart Grid Security
- Secure Electronic Voting
- Security of large-scale critical infrastructures
- Trustworthy Computing for network protocols and distributed systems
- Network and distributed systems forensics

For more information, please see http://www.isoc.org/isoc/conferences/ndss/12/cfp.shtml.

CCNC-DRM 2012 8th IEEE International Workshop on Digital Rights Management Impact on Consumer Communications, Held in conjunction with the 9th IEEE Consumer Communications & Networking Conference (CCNC 2012), Las Vegas, Nevada, USA, January 14, 2012. [posted here 09/13/11]
Consumers and consumer electronics are increasingly using the Internet for distribution of digital goods, including digital versions of books, articles, music, video, games, software, images and 3D content. The growing popularity of tablets, e-readers and smartphones is introducing new publishing approaches and business models. Digital distribution is now a mature area, but the balance between the protection of content, and flexibility and security for consumers remains a challenge. Organizations are also increasingly concerned with information protection and control within and beyond the corporate perimeter for reasons including traceability, compliance, accountability and persistent management of intangible assets. The ease with which digital goods can be copied and redistributed makes the Internet well suited for unauthorized copying, modification and redistribution. The increasing use of cloud-based storage, along with the rapid adoption of new technologies such as high-bandwidth connections, wireless networks, peer-to-peer networks and surface computing is accelerating this process. This one-day workshop on Digital Rights Management addresses problems faced by all stakeholders in this ecosystem including rights owners - who seek to protect their intellectual property rights and develop innovative business models - and end users - who seek to protect their privacy, enjoy a good user experience and preserve access they benefit from using traditional media.

For more information, please see http://www.ieee-ccnc.org/.

HICSS-DF 2012 45th Annual HAWAI’I International Conference on System Sciences, Software Technology Track, MINITRACK: Digital Forensics – Education, Research, and Practice, Grand Wailea Maui, Hawaii, USA, January 4-7, 2012. [posted here 06/06/11]
This is a call for original papers addressing the area of digital forensics – to include research endeavors, as well as educational and industrial experiences. This minitrack brings together an international collection of papers from academia, industry and law enforcement which address current directions in digital forensics. Digital forensics includes the use of software, computer science, software engineering, and criminal justice procedures to explore and or investigate digital media with the objective of finding evidence to support a criminal or administrative case. It involves the preservation, identification, extraction, and documentation of computer or network evidence. This minitrack is interested in a wide variety of papers which address the following areas as well as others:
- Papers that are "forward thinking" and identify approaches to solving the digital forensics challenges of the future.
- Education papers that describe digital forensics degree programs or the teaching of digital forensics within other programs internationally.
- Papers that address a research agenda that considers practitioner requirements, multiple investigative environments and emphasizes real world usability such as visualization.
- Papers that present an experience report involving the discovery, explanation and presentation of conclusive, persuasive evidence from digital forensics investigation.
- Papers that combine research and practice with an emphasis on network forensics, visualization, and new tools and techniques.

For more information, please see http://www.hicss.hawaii.edu/hicss_45/apahome45.htm.

HICSS-ST 2012 45th Annual HAWAI’I International Conference on System Sciences, Software Technology Track, Grand Wailea Maui, Hawaii, USA, January 4-7, 2012. [posted here 04/25/11]
Modern society is irreversibly dependent on software systems of remarkable scope and complexity. Yet methods for assuring the dependability and quality of these systems have not kept pace with their rapid deployment and evolution. The result has been persistent errors, failures, vulnerabilities, and compromises. Research is required in assurance technologies that can meet the needs of 21st century systems. These technologies must scale beyond present labor-intensive practices that are increasingly overwhelmed by the task at hand. Many organizations in academia, industry, and defense are interested in this subject, but often with a focus on specific subject matter areas. The goal of this Minitrack is to bring together researchers from all areas of system assurance to promote sharing and cross-pollination of promising methods and technologies. We will promote a unified assurance discipline characterized by science foundations and substantial automation that can effectively address the scope and scale of the problem. Assurance research focuses on achieving an acceptable level of trust and confidence through auditable evidence that software systems will function as intended in both benign and threat environments to meet organizational objectives. It addresses all aspects of the system development lifecycle in terms of technical, management, and standards-related issues. The following topics will be included in the Minitrack:
- Advances in specification and design of assured systems
- Advances in software correctness verification
- Advances in software security assurance
- Advances in system testing and certification
- Assurance for embedded systems
- Assurance for hardware components
- Assurance for large-scale infrastructure systems
- Assurance for SOA architectures and cloud computing environments
- Assurance in system maintenance and evolution
- Automated methods for system assurance
- Assurance through computation of software behavior
- Secure coding techniques
- Management of assurance operations
- Processes and metrics for assurance operations
- Business case and ROI development for system assurance
- Supply chain and standards issues in system assurance
- Case studies of system assurance successes
- Formal methods in software assurance
- Curriculum development and education for software assurance

For more information, please see http://www.hicss.hawaii.edu/hicss_45/apahome45.htm.

IFIP-DF 2012 8th Annual IFIP WG 11.9 International Conference on Digital Forensics, University of Pretoria, Pretoria, South Africa, January 3-5, 2012. [posted here 05/09/11]
The IFIP Working Group 11.9 on Digital Forensics (www.ifip119.org) is an active international community of scientists, engineers and practitioners dedicated to advancing the state of the art of research and practice in digital forensics. The Eighth Annual IFIP WG 11.9 International Conference on Digital Forensics will provide a forum for presenting original, unpublished research results and innovative ideas related to the extraction, analysis and preservation of all forms of electronic evidence. Papers and panel proposals are solicited. All submissions will be refereed by a program committee comprising members of the Working Group. Papers and panel submissions will be selected based on their technical merit and relevance to IFIP WG 11.9. The conference will be limited to approximately sixty participants to facilitate interactions between researchers and intense discussions of critical research issues. Keynote presentations, revised papers and details of panel discussions will be published as an edited volume – the eighth in the series entitled Research Advances in Digital Forensics (Springer) in the summer of 2012. Revised and/or extended versions of selected papers from the conference will be published in special issues of one or more international journals. Technical papers are solicited in all areas related to the theory and practice of digital forensics. Areas of special interest include, but are not limited to:
- Theories, techniques and tools for extracting, analyzing and preserving digital evidence
- Network and cloud forensics
- Embedded device forensics
- Digital forensic processes and workflow models
- Digital forensic case studies
- Legal, ethical and policy issues related to digital forensics

For more information, please see http://www.ifip119.org.