Contents

Past Conferences and Other Announcements - 2012

COSADE 2012 3rd International Workshop on Constructive Side-Channel Analysis and Secure Design, Darmstadt, Germany, May 3-4, 2012. [posted here 09/12/11]
Side-channel analysis (SCA) and implementation attacks have become an important field of research at universities and in the industry. In order to enhance the resistance of cryptographic and security critical implementations within the design phase, constructive attacks and analyzing techniques may serve as a quality metric to optimize the design- and development process. This workshop provides an international platform for researchers, academics, and industry participants to present their work and their current research topics. It is an excellent opportunity to meet experts and to initiate new collaborations and information exchange at a professional level. The workshop will feature both invited presentations and contributed talks.

For more information, please see http://cosade2011.cased.de.

ASIACCS 2012 7th ACM Symposium on Information, Computer and Communications Security, Seoul, Republic of Korea, May 1-3, 2012. [posted here 10/03/11]
ASIACCS is a major international forum for information security researchers, practitioners, developers, and users to explore and exchange the newest cyber security ideas, breakthroughs, findings, techniques, tools, and experiences. We invite submissions from academia, government, and industry presenting novel research on all theoretical and practical aspects of computer and network security. Areas of interest for ASIACCS 2012 include, but are not limited to:
- anonymity
- inference/controlled disclosure
- cryptographic protocols
- access control
- intellectual-property protection
- data/system integrity
- secure networking
- operating system security
- hardware-based security
- cloud security
- digital-rights management
- information warfare
- accounting and audit
- trusted computing
- formal methods for security
- key management
- phishing and countermeasures
- identity management
- intrusion detection
- commercial and industry security
- security in ubiquitous computing, e.g., RFIDs
- authentication
- security management
- smartcards
- web security
- security and privacy for emerging technologies, e.g., VoIP, peer-to-peer and overlay network systems, Web 2.0
- data and application security
- applied cryptography
- malware and botnets
- mobile-computing security
- privacy-enhancing technology
- software security
- wireless security

For more information, please see http://elec.sch.ac.kr/asiaccs/.

LEET 2012 5th USENIX Workshop on Large-Scale Exploits and Emergent Threats, Co-located with NSDI 2012, San Jose, CA, USA, April 24, 2012. [posted here 12/12/11]
Now in its fifth year, LEET continues to provide a unique forum for the discussion of threats to the confidentiality of our data, the integrity of digital transactions, and the dependability of the technologies we increasingly rely on. We encourage submissions of papers that focus on the malicious activities themselves (e.g., reconnaissance, exploitation, privilege escalation, rootkit installation, attack), our responses as defenders (e.g., prevention, detection, and mitigation), or the social, political, and economic goals driving these malicious activities and the legal and ethical codes guiding our defensive responses. Topics of interest include but are not limited to:
- Infection vectors for malware (worms, viruses, etc.)
- Botnets, command, and control channels
- Spyware
- Operational experience and case studies
- Forensics
- Click fraud
- Measurement studies
- New threats and related challenges
- Boutique and targeted malware
- Phishing
- Spam
- Underground economy
- Carding and identity theft
- Miscreant counterintelligence
- Denial-of-service attacks
- Hardware vulnerabilities
- Legal issues
- The arms race (rootkits, anti-anti-virus, etc.)
- New platforms (cellular networks, wireless networks, mobile devices)
- Camouflage and detection
- Reverse engineering
- Vulnerability markets and zero-day economics
- Online money laundering
- Understanding the enemy
- Data collection challenges

For more information, please see http://www.usenix.org/leet12/cfpa.

PSOSM 2012 Workshop on Privacy and Security in Online Social Media, Held in conjunction with the 21st International World Wide Web Conference (WWW 2012), Lyon, France, April 16-20, 2012. [posted here 12/5/11]
With increase in usage of the Internet, there has been an exponential increase in the use of online social media on the Internet. Websites like Facebook, YouTube, Orkut, Twitter and Flickr have changed the way Internet is being used. There is a dire need to investigate, study and characterize privacy and security of online social media from various perspectives (computational, cultural, psychological). Real world scalable systems need to be built to detect and defend security and privacy issues on online social media. The main goals of the workshop are: (1) To create a platform to discuss latest issues, trends, and cutting-edge research approaches in security and privacy in online social media; (2) to bring researchers who are working on issues related to security and privacy on the Internet, and those studying online social media, to discuss the problems that overlap and bring these two areas together. Topics / themes include, but not limited to the following:
- Information privacy disclosure, revelation and its effects in online social networks
- Collateral damage due to information leakage (e.g. through photo tagging) on OSM
- Privacy issues related to location based services on OSM
- Effective and usable privacy setting and policies on OSM
- Anonymization of social network datasets
- Detection and characterization of spam, phishing, frauds, hate crime, abuse, extremism via online social media
- Cyber-bullying, abuse and harassment detection, and prevention strategies
- Identifying and curbing malware, phishing, and botnets on OSM
- Filtering of pornography, viruses, and human trafficking related content or entities on OSM
- Studying the social and economic impact of security and privacy issues on OSM
- Usability (including design flaws) of secure systems on online social media
- Data modeling of human behavior in context of security and privacy threats
- Privacy and security issues in social gaming applications
- Trust systems based on social networks
- Legal and ethical issues for researchers studying security and privacy on OSM
- Information credibility on online social media
- Security and privacy challenges in new entrants in OSM (e.g. Google Plus)
- Effect of OSM on conventional crime (robberies and theft)

For more information, please see http://precog.iiitd.edu.in/psosm_www2012/.

WiSec 2012 ACM Conference on Wireless Network Security, Tucson, Arizona, USA, April 16-18, 2012. [posted here 10/03/11]
As wireless and mobile networking becomes ubiquitous, security and privacy become increasingly critical. The focus of the ACM Conference on Wireless Network Security (ACM WiSec) is on exploring vulnerabilities, threats, and attacks in wireless communications and the techniques needed to address them. Settings of interest include cellular, metropolitan, mesh, local-area, personal-area, home, vehicular, sensor, ad hoc, satellite, cognitive radio, RFID, and underwater networks as well as systems using non-RF wireless communication. The conference is soliciting contributions to topics including but not limited to:
- Key management in wireless/mobile environments
- Secure services (neighbor discovery, localization, etc.)
- Secure PHY and MAC protocols
- Trust establishment
- Intrusion, attack, and malicious behavior detection
- Denial of service
- User and location privacy
- Anonymity, unobservability, prevention of traffic analysis
- Identity theft and phishing in mobile networks
- Charging & secure payment
- Cooperation and mitigating non?cooperative behavior
- Economics of wireless security
- Vulnerability and attack modeling
- Incentive-aware secure protocol design
- Jamming/Anti-jamming communication
- Cross-layer design for security
- Monitoring and surveillance
- Cryptographic primitives for wireless communication
- Theoretical foundations and formal methods for wireless security and privacy
- Security and privacy of mobile OS and mobile applications
- Secure delay- and disruption-tolerant networking
- Secure non-RF wireless communication (e.g., ultrasound, vision, laser)
- Security/privacy in wireless smart grid and smart metering applications
- Security/privacy in wireless network coding
- Security/privacy in wireless/ephemeral social networking
- Security/privacy in mobile/wireless cloud services

For more information, please see http://www.sigsac.org/wisec/WiSec2012/.

ICB 2012 5th International Conference on Biometrics, New Delhi, India, March 30 - April 1, 2012. [posted here 08/01/11]
The 5th International Conference on Biometrics (ICB 2012) will have a broad scope and invites papers that advance biometric technologies, sensor design, feature extraction and matching algorithms, analysis of security and privacy, and evaluation of social impact of biometrics technology. Topics will include biometric systems based on fingerprint, iris, face, voice, gait and other modalities as well as biometric fusion and emerging biometrics based on novel sensing technologies. All submissions must clearly articulate the novelty of the work and must report results on publicly available datasets whenever possible.

For more information, please see http://icb12.iiitd.ac.in.

POST 2012 1st Conference on Principles of Security and Trust, Tallinn, Estonia, March 24 - April 1, 2012. [posted here 08/01/11]
Principles of Security and Trust is a broad forum related to the theoretical and foundational aspects of security and trust. Papers of many kinds are welcome: new theoretical results, practical applications of existing foundational ideas, and innovative theoretical approaches stimulated by pressing practical problems. We seek submissions proposing theories to clarify security and trust within computer science; submissions establishing new results in existing theories; and also submissions raising fundamental concerns about existing theories. We welcome new techniques and tools to automate reasoning within such theories, or to solve security and trust problems. Case studies that reflect the strengths and limitations of foundational approaches are also welcome, as are more exploratory presentations on open questions. Areas of interest include:
- Access control
- Anonymity
- Authentication
- Availability
- Cloud security
- Confidentiality
- Covert channels
- Crypto foundations
- Economic issues
- Information flow
- Integrity
- Languages for security
- Malicious code
- Mobile code
- Models and policies
- Privacy
- Provenance
- Reputation and trust
- Resource usage
- Risk assessment
- Security architectures
- Security protocols
- Trust management
- Web service security

For more information, please see http://web.cs.wpi.edu/~guttman/post12/.

IFIP-CIP 2012 6th Annual IFIP WG 11.10 International Conference on Critical Infrastructure Protection, National Defense University, Fort McNair, Washington, DC, USA, March 19-21, 2012. [posted here 10/03/11]
The IFIP Working Group 11.10 on Critical Infrastructure Protection is an active international community of researchers, infrastructure operators and policy-makers dedicated to applying scientific principles, engineering techniques and public policy to address current and future problems in information infrastructure protection. Following the success of the first five conferences, the Sixth Annual IFIP WG 11.10 International Conference on Critical Infrastructure Protection will again provide a forum for presenting original, unpublished research results and innovative ideas related to all aspects of critical infrastructure protection. Papers and panel proposals are solicited. Submissions will be refereed by members of Working Group 11.10 and other internationally-recognized experts in critical infrastructure protection. Papers and panel submissions will be selected based on their technical merit and relevance to IFIP WG 11.10. The conference will be limited to seventy participants to facilitate interactions among researchers and intense discussions of research and implementation issues. Papers are solicited in all areas of critical infrastructure protection. Areas of interest include, but are not limited to:
- Infrastructure vulnerabilities, threats and risks
- Security challenges, solutions and implementation issues
- Infrastructure sector interdependencies and security implications
- Risk analysis and risk assessment methodologies
- Modeling and simulation of critical infrastructures
- Legal, economic and policy issues related to critical infrastructure protection
- Secure information sharing
- Infrastructure protection case studies
- Distributed control systems/SCADA security
- Telecommunications network security

For more information, please see http://www.ifip1110.org.

PILATES 2012 Workshop on Physically-augmented Security for Wireless Networks, Kaiserslautern, Germany, March 19–21, 2012. [posted here 10/03/11]
The goal of the PILATES'12 workshop is to discuss "workout plans" in the discipline of physically-augmented wireless security. In particular, the focus lies on taking advantage of physical characteristics of wireless communications as well as of physical context in general or side-channels to increase the "fitness" of conventional security protocols. Both single-hop as well as multi-hop wireless networks are in scope of the workshop. The workshop accepts technical papers and extended abstracts with topics of interest that include but are not limited to:
- Security primitives derived from wireless communication
- Physically-augmented cryptographic protocols
- Physically unclonable functions (PUF)
- Wireless threat modeling and security analysis
- Jamming & anti-jamming security protocols
- Secure localization and positioning
- Quantitative evaluation of wireless system security
- Cross-layer approaches to secure wireless communication
- Utilizing multi-* for security (multi-hop, multi-channel, multi-radio, etc.)

For more information, please see http://mmb2012.de/pilates.

USEC 2012 Workshop on Usable Security, Held in conjunction with the Financial Cryptography and Data Security (FC 2012), Divi Flamingo Beach Resort, Bonaire, March 2, 2012. [posted here 09/15/11]
Many aspects of data security combine technical and human factors. If a highly secure system is unusable, users will move their data to less secure but more usable systems. Problems with usability are a major contributor to many high-profile security failures today. However, usable security is not well-aligned with traditional usability for three reasons. First, security is rarely the desired goal of the individual. In fact, security is usually orthogonal and often in opposition to the actual goal. Second, security information is about risk and threats. Such communication is most often unwelcome. Increasing unwelcome interaction is not a goal of usable design. Third, since individuals must trust their machines to implement their desired tasks, risk communication itself may undermine the value of the networked interaction. For the individual, discrete technical problems are all understood under the rubric of online security (e.g., privacy from third parties use of personally identifiable information, malware). A broader conception of both security and usability is therefore needed for usable security. The workshop on Usable Security invites submissions on all aspects of human factors and usability in the context of security. USEC'12 aims to bring together researchers already engaged in this interdisciplinary effort with other researchers in areas such as economics, intelligent interactions, artificial intelligence, theoretical computer science, and modeling. We encourage AI, HCI, security, psychologists, risk analysts, computer scientists, security specialists, business school faculty, and industry experts to submit original research. We particularly encourage collaborative research from authors in multiple fields.

For more information, please see http://infosecon.net/usec12/index.php.

WECSR 2012 3rd Workshop on Ethics in Computer Security Research, Divi Flamingo Resort, Bonaire, March 2, 2012. [posted here 09/01/11]
Computer security often leads to discovering interesting new problems and challenges. The challenge still remains to follow a path acceptable for Institutional Review Boards at academic institutions, as well as compatible with ethical guidelines for professional societies or government institutions. However, no exact guidelines exist for computer security research yet. This workshop will bring together computer security researchers, practitioners, policy makers, and legal experts. This workshop solicits submissions describing or suggesting ethical and responsible conduct in computer security research. While we focus on setting standards and sharing prior experiences and experiments in computer security research, successful or not, we tap into research behavior in network security, computer security, applied cryptography, privacy, anonymity, and security economics. This workshop will favor discussions among participants, in order to shape the future of ethical standards in the field. It will be co-located with the Sixteenth International Conference on Financial Cryptography and Data Security 2012. We solicit submissions in three categories: Position papers, Case studies, and Panel proposals.

For more information, please see http://www.cs.stevens.edu/~spock/wecsr2012/cfp.html.

FC 2012 16th Financial Cryptography and Data Security, Divi Flamingo Beach Resort, Bonaire, February 27 - March 2, 2012. [posted here 06/06/11]
Financial Cryptography and Data Security is a major international forum for research, advanced development, education, exploration, and debate regarding information assurance, with a specific focus on commercial contexts. The conference covers all aspects of securing transactions and systems. Original works focusing on both fundamental and applied real-world deployments on all aspects surrounding commerce security are solicited. Submissions need not be exclusively concerned with cryptography. Systems security and inter-disciplinary works are particularly encouraged. The topics include:
- Anonymity and Privacy
- Auctions and Audits
- Authentication and Identification
- Backup Authentication
- Biometrics
- Certification and Authorization
- Cloud Computing Security
- Commercial Cryptographic Applications
- Contracts and Transactions
- Data Outsourcing Security
- Digital Cash and Payment Systems
- Digital Incentive and Loyalty Systems
- Digital Rights Management
- Fraud Detection
- Game Theoretic Approaches to Security
- Identity Theft
- Information Security
- Infrastructure Design Legal and Regulatory Issues
- Management and Operations
- Microfinance and Micropayments
- Mobile Internet Device Security
- Monitoring
- Phishing and Social Engineering
- Privacy-enhancing Systems
- Reputation Systems
- RFID-Based and Contactless Payment Systems
- Risk Assessment and Management
- Secure Banking and Financial Web Services
- Secure Tokens and Hardware
- Securing Emerging Computational Paradigms
- Security and Risk Perceptions and Judgments
- Security Economics
- Smartcards
- Spam
- Trust Management
- Underground-Market Economics
- Usability
- Virtual Economies
- Voting Systems

For more information, please see http://fc12.ifca.ai/.

CT-RSA 2012 RSA Conference, Cryptographers' Track, San Francisco, February 27-Mar 2, 2012. [posted here 07/04/11]
The RSA Conference is the largest annual information security event, with hundreds of vendors and thousands of attendees. Among the 20 tracks of the RSA conference, the Cryptographers' Track stands out, offering a glimpse of academic research in the field of cryptography. The Cryptographers' Track was founded in 2001, and it has since established its presence in the cryptographic community. To support the academic exchange, RSA conference offers a special academic discount for registration, as well as a waiver for the speakers presenting their papers that were accepted to CT-RSA 2012. Original research papers pertaining to all aspects of cryptography are solicited. Submissions may present applications, techniques, theory, and practical experience on topics including, but not limited to:
- Public-key encryption
- Symmetric-key encryption
- Cryptanalysis
- Digital signatures
- Hash functions
- Cryptographic protocols
- Tamper-resistance
- Efficient implementations
- Elliptic-curve cryptography
- Lattice-based cryptography
- Quantum cryptography
- Formal security models
- Network security
- Hardware security
- E-commerce

For more information, please see http://ctrsa2012.cs.haifa.ac.il/.

ESSoS 2012 4th International Symposium on Engineering Secure Software and Systems, Eindhoven, The Netherlands, February 16 - 17, 2012. [posted here 06/20/11]
Trustworthy, secure software is a core ingredient of the modern world. Unfortunately, the Internet is too. Hostile, networked environments, like the Internet, can allow vulnerabilities in software to be exploited from anywhere. To address this, high-quality security building blocks (e.g., cryptographic components) are necessary, but insufficient. Indeed, the construction of secure software is challenging because of the complexity of modern applications, the growing sophistication of security requirements, the multitude of available software technologies and the progress of attack vectors. Clearly, a strong need exists for engineering techniques that scale well and that demonstrably improve the software's security properties. The goal of this symposium is to bring together researchers and practitioners to advance the states of the art and practice in secure software engineering. The Symposium seeks submissions on subjects related to its goals. This includes a diversity of topics including (but not limited to):
- scalable techniques for threat modeling and analysis of vulnerabilities
- specification and management of security requirements and policies
- security architecture and design for software and systems
- model checking for security
- specification formalisms for security artifacts
- verification techniques for security properties
- systematic support for security best practices
- security testing
- security assurance cases
- programming paradigms, models and DLS's for security
- program rewriting techniques
- processes for the development of secure software and systems
- security-oriented software reconfiguration and evolution
- security measurement
- automated development
- trade-off between security and other non-functional requirements
- support for assurance, certification and accreditation

For more information, please see http://distrinet.cs.kuleuven.be/events/essos2012/.

CODASPY 2012 2nd ACM Conference on Data and Application Security and Privacy, Hilton Palacio Del Rio, San Antonio, Texas, U.S.A, February 8-10, 2012. [posted here 08/01/11]
Data and the applications that manipulate data are the crucial assets in today's information age. With the increasing drive towards availability of data and services anytime anywhere, security and privacy risks have increased. Vast amounts of privacy-sensitive data are being collected today by organizations for a variety of reasons. Unauthorized disclosure, modification, usage or denial of access to these data and corresponding services may result in high human and financial costs. New applications such as social networking and social computing provide value by aggregating input from numerous individual users and/or the mobile devices they carry with them and computing new information of value to society and individuals. To achieve efficiency and effectiveness in traditional domains such as healthcare there is a drive to make these records electronic and highly available. The need for organizations and government agencies to share information effectively is underscored by rapid innovations in the business world that require close collaboration across traditional boundaries and the dramatic failure of old-style approaches to information protection in government agencies in keeping information too secret to connect the dots. Security and privacy in these and other arenas can be meaningfully achieved only in context of the application domain. Data and applications security and privacy has rapidly expanded as a research field with many important challenges to be addressed. The goal of the conference is to discuss novel exciting research topics in data and application security and privacy and to lay out directions for further research and development in this area. The conference seeks submissions from diverse communities, including corporate and academic researchers, open source projects, standardization bodies, governments, system and security administrators, software engineers and application domain experts. Topics include but not limited to:
- Application layer security policies
- Authorization /Access Control for Applications
- Authorization/Access Control for Databases
- Data dissemination controls
- Data forensics
- Enforcement layer security policies
- Privacy preserving techniques
- Private information retrieval
- Search on protected/encrypted data
- Secure auditing
- Secure collaboration
- Secure data provenance
- Secure electronic commerce
- Secure information sharing
- Secure knowledge management
- Secure multiparty computations
- Secure software development
- Securing data/apps on untrusted platforms
- Securing the semantic web
- Security and Privacy in GIS/Spatial Data
- Security and Privacy in Healthcare
- Security policies for databases
- Social computing security and privacy
- Social networking security and privacy
- Trust metrics for application, data and user
- Web application security

For more information, please see http://www.codaspy.org.

NDSS 2012 Network & Distributed System Security Symposium, San Diego, California, USA, February 5-8, 2012. [posted here 05/23/11]
The Network and Distributed System Security Symposium fosters information exchange among research scientists and practitioners of network and distributed system security. The target audience includes those interested in practical aspects of network and distributed system security, with a focus on system design and implementation. A major goal is to encourage and enable the Internet community to apply, deploy, and advance the state of available security technology. Overall, we are looking for not only for solid results but also for crazy out of the box ideas. Areas of interest include (but are not limited to):
- Network perimeter controls: firewalls, packet filters, application gateways
- Network protocol security: routing, naming, network management
- Cloud computing security
- Security issues in Future Internet architecture and design
- Security of web-based applications and services
- Anti-malware techniques: detection, analysis, and prevention
- Secure future home networks, Internet of Things, body-area networks
- Intrusion prevention, detection, and response
- Combating cyber-crime: anti-phishing, anti-spam, anti-fraud techniques
- Privacy and anonymity technologies
- Security for wireless, mobile networks
- Security of personal communication systems
- Vehicular Ad-hoc Network (VANETs) Security
- Security of peer-to-peer and overlay network systems
- Electronic commerce security: e.g., payments, notarization, timestamping
- Network security policies: implementation deployment, management
- Intellectual property protection: protocols, implementations, DRM
- Public key infrastructures, key management, certification, and revocation
- Security for Emerging Technologies
- Special problems and case studies: cost, usability, security vs. efficiency
- Collaborative applications: teleconferencing and video-conferencing
- Smart Grid Security
- Secure Electronic Voting
- Security of large-scale critical infrastructures
- Trustworthy Computing for network protocols and distributed systems
- Network and distributed systems forensics

For more information, please see http://www.isoc.org/isoc/conferences/ndss/12/cfp.shtml.

CCNC-DRM 2012 8th IEEE International Workshop on Digital Rights Management Impact on Consumer Communications, Held in conjunction with the 9th IEEE Consumer Communications & Networking Conference (CCNC 2012), Las Vegas, Nevada, USA, January 14, 2012. [posted here 09/13/11]
Consumers and consumer electronics are increasingly using the Internet for distribution of digital goods, including digital versions of books, articles, music, video, games, software, images and 3D content. The growing popularity of tablets, e-readers and smartphones is introducing new publishing approaches and business models. Digital distribution is now a mature area, but the balance between the protection of content, and flexibility and security for consumers remains a challenge. Organizations are also increasingly concerned with information protection and control within and beyond the corporate perimeter for reasons including traceability, compliance, accountability and persistent management of intangible assets. The ease with which digital goods can be copied and redistributed makes the Internet well suited for unauthorized copying, modification and redistribution. The increasing use of cloud-based storage, along with the rapid adoption of new technologies such as high-bandwidth connections, wireless networks, peer-to-peer networks and surface computing is accelerating this process. This one-day workshop on Digital Rights Management addresses problems faced by all stakeholders in this ecosystem including rights owners - who seek to protect their intellectual property rights and develop innovative business models - and end users - who seek to protect their privacy, enjoy a good user experience and preserve access they benefit from using traditional media.

For more information, please see http://www.ieee-ccnc.org/.

HICSS-DF 2012 45th Annual HAWAI’I International Conference on System Sciences, Software Technology Track, MINITRACK: Digital Forensics – Education, Research, and Practice, Grand Wailea Maui, Hawaii, USA, January 4-7, 2012. [posted here 06/06/11]
This is a call for original papers addressing the area of digital forensics – to include research endeavors, as well as educational and industrial experiences. This minitrack brings together an international collection of papers from academia, industry and law enforcement which address current directions in digital forensics. Digital forensics includes the use of software, computer science, software engineering, and criminal justice procedures to explore and or investigate digital media with the objective of finding evidence to support a criminal or administrative case. It involves the preservation, identification, extraction, and documentation of computer or network evidence. This minitrack is interested in a wide variety of papers which address the following areas as well as others:
- Papers that are "forward thinking" and identify approaches to solving the digital forensics challenges of the future.
- Education papers that describe digital forensics degree programs or the teaching of digital forensics within other programs internationally.
- Papers that address a research agenda that considers practitioner requirements, multiple investigative environments and emphasizes real world usability such as visualization.
- Papers that present an experience report involving the discovery, explanation and presentation of conclusive, persuasive evidence from digital forensics investigation.
- Papers that combine research and practice with an emphasis on network forensics, visualization, and new tools and techniques.

For more information, please see http://www.hicss.hawaii.edu/hicss_45/apahome45.htm.

HICSS-ST 2012 45th Annual HAWAI’I International Conference on System Sciences, Software Technology Track, Grand Wailea Maui, Hawaii, USA, January 4-7, 2012. [posted here 04/25/11]
Modern society is irreversibly dependent on software systems of remarkable scope and complexity. Yet methods for assuring the dependability and quality of these systems have not kept pace with their rapid deployment and evolution. The result has been persistent errors, failures, vulnerabilities, and compromises. Research is required in assurance technologies that can meet the needs of 21st century systems. These technologies must scale beyond present labor-intensive practices that are increasingly overwhelmed by the task at hand. Many organizations in academia, industry, and defense are interested in this subject, but often with a focus on specific subject matter areas. The goal of this Minitrack is to bring together researchers from all areas of system assurance to promote sharing and cross-pollination of promising methods and technologies. We will promote a unified assurance discipline characterized by science foundations and substantial automation that can effectively address the scope and scale of the problem. Assurance research focuses on achieving an acceptable level of trust and confidence through auditable evidence that software systems will function as intended in both benign and threat environments to meet organizational objectives. It addresses all aspects of the system development lifecycle in terms of technical, management, and standards-related issues. The following topics will be included in the Minitrack:
- Advances in specification and design of assured systems
- Advances in software correctness verification
- Advances in software security assurance
- Advances in system testing and certification
- Assurance for embedded systems
- Assurance for hardware components
- Assurance for large-scale infrastructure systems
- Assurance for SOA architectures and cloud computing environments
- Assurance in system maintenance and evolution
- Automated methods for system assurance
- Assurance through computation of software behavior
- Secure coding techniques
- Management of assurance operations
- Processes and metrics for assurance operations
- Business case and ROI development for system assurance
- Supply chain and standards issues in system assurance
- Case studies of system assurance successes
- Formal methods in software assurance
- Curriculum development and education for software assurance

For more information, please see http://www.hicss.hawaii.edu/hicss_45/apahome45.htm.

IFIP-DF 2012 8th Annual IFIP WG 11.9 International Conference on Digital Forensics, University of Pretoria, Pretoria, South Africa, January 3-5, 2012. [posted here 05/09/11]
The IFIP Working Group 11.9 on Digital Forensics (www.ifip119.org) is an active international community of scientists, engineers and practitioners dedicated to advancing the state of the art of research and practice in digital forensics. The Eighth Annual IFIP WG 11.9 International Conference on Digital Forensics will provide a forum for presenting original, unpublished research results and innovative ideas related to the extraction, analysis and preservation of all forms of electronic evidence. Papers and panel proposals are solicited. All submissions will be refereed by a program committee comprising members of the Working Group. Papers and panel submissions will be selected based on their technical merit and relevance to IFIP WG 11.9. The conference will be limited to approximately sixty participants to facilitate interactions between researchers and intense discussions of critical research issues. Keynote presentations, revised papers and details of panel discussions will be published as an edited volume – the eighth in the series entitled Research Advances in Digital Forensics (Springer) in the summer of 2012. Revised and/or extended versions of selected papers from the conference will be published in special issues of one or more international journals. Technical papers are solicited in all areas related to the theory and practice of digital forensics. Areas of special interest include, but are not limited to:
- Theories, techniques and tools for extracting, analyzing and preserving digital evidence
- Network and cloud forensics
- Embedded device forensics
- Digital forensic processes and workflow models
- Digital forensic case studies
- Legal, ethical and policy issues related to digital forensics

For more information, please see http://www.ifip119.org.