Contents
ICISS 2012
8th International Conference on Information Systems Security,
Guwahati, India, December 15-19, 2012.
[posted here 04/09/12]
The conference series ICISS provides a forum for disseminating latest research results in information and systems
security. Submissions are encouraged from academia, industry and government addressing theoretical and
practical problems in information and systems security and related areas. Research community and
academics are invited to submit theoretical and application oriented full and short papers making a
significant research contribution on Information Systems Security. Papers with original research
and unpublished work are to be submitted. Topics of interest include (but not limited to):
- Application Security
- Formal Methods in Security
- Operating System Security
- Authentication and Access Control
- Intrusion Detection, Prevention & Response
- Privacy and Anonymity
- Biometric Security
- Intrusion Tolerance and Recovery
- Security in P2P, Sensor and Ad Hoc Networks
- Data Security
- Key Management and Cryptographic Protocols
- Software Security
- Digital Forensics and Diagnostics
- Language-based Security
- Vulnerability Detection and Mitigation
- Digital Rights Management
- Malware Analysis and Mitigation
- Web Security
- Distributed System Security
- Network Security
For more information, please see
http://www.iitg.ernet.in/iciss2012/.
CSS 2012
4th International Symposium on Cyberspace Safety and Security,
Melbourne, Australia, December 12-13, 2012.
[posted here 06/25/12]
A large fraction of the population in the world now spends a
great deal of time in cyberspace. Cyberspace has become a critical
infrastructure that is embedded in almost all other critical
infrastructures and enables every movement of human society.
It is thus very much in the public interest to have a safe and
secure cyberspace. In the past several years, there has been large number
of attacks in cyberspace, such as attacks on the Internet, attacks on
embedded/real-time computing and control systems, and attacks on dedicated
computing facilities. Many research efforts have been made to achieve
cyberspace safety and security, such as blocking and limiting the impact
of compromise, enabling accountability, promoting deployment of defense
systems, and deterring potential attackers and penalizing attackers.
In this context, we focus our program on Cyberspace Safety and Security,
such as authentication, access control, availability, integrity, privacy,
confidentiality, dependability and sustainability issues of cyberspace.
The aim of this symposium is to provide a leading edge forum to foster
interaction between researchers and developers with the cyberspace safety
and security communities, and to give attendees an opportunity to network
with experts in this area. The symposium will be a highly focused,
professional, high quality, and social event.
For more information, please see
http://anss.org.au/css2012.
LISA 2012
26th Large Installation System Administration Conference,
San Diego, CA, USA, December 9-14, 2012.
[posted here 03/19/12]
The annual LISA conference is the meeting place of choice for system
and network administrators and engineers; it is the crossroads of
Web operations, DevOps, enterprise computing, educational computing,
and research computing. The conference serves as a venue for a
lively, diverse, and rich mix of technologists of all specialties
and levels of expertise. LISA is the place to teach and learn new
skills, debate current issues, and meet industry gurus, colleagues,
and friends.
For more information, please see
http://www.usenix.org/lisa12/.
MANSEC-CC 2012
1st International workshop on Management and Security technologies for Cloud Computing,
Held in conjunction with the 2012 IEEE GLOBECOM,
Disneyland Hotel, Anaheim, California, USA, December 3-7, 2012.
[posted here 04/30/12]
The last five years Cloud Computing (CC) has generated increasing interest from both industry
and academia. The CC, considered a natural evolution of distributed computing and of the widespread
adaption of virtualization and SOA, aims to provide as services IT-related capabilities and resources,
via the Internet and on-demand, hiding from the resource consumer the underlying technology.
However, this new paradigm comes with new challenges and several open issues must be resolved in
order to be largely adopted. Ensuring security and quality of service, reliability and accountability,
improving large system operation and maintenance are main challenges for this new model. As a result,
Security and Management appear as two ecosystems of considerable importance for the CC paradigm,
which will further benefit from research and the exploitation of potential synergies. For that reason,
the ManSec-CC 2012 workshop aims to provide a central forum where researchers and practitioners
from security and management domains of cloud-centric and outsourced computing, will converge
and deal with the challenges of the CC paradigm. Topics include but are not limited to:
- Access Control Management
- Artificial Intelligence Approaches to Cloud Computing Management
- Auditing, Monitoring and Scheduling
- Business Continuity and Disaster Recovery
- Cloud Architectures, Infrastructures and Workflows
- Cloud Computing and Network Communications
- Cloud Storage, Data Management and Distribution
- Cloud-centric Regulatory Compliance Issues and Mechanisms
- Copyright Protection in the Cloud
- Denial of Service (DoS) Attacks
- Energy Management in Cloud Environments
- Experimental Platforms that Support Cloud Management Research
- Forensics in Cloud Environments
- Foundations of Cloud Oriented Threat Models
- Intrusion Detection and Prevention
- Legal and Regulatory Frameworks for Clouds
- Management and Security for Cloud-based Services and Applications
- Management of Heterogeneous Clouds
- Management of Large Systems
- Metrics, Techniques, and Experiments for Evaluating Cloud Management Architectures
- Mobility Management in Cloud Environments
- Monitoring, Logging and Auditing
- Network Security Mechanisms for Clouds
- Novel Programming Models for Secure Large Computing
- Performance Evaluation for Security Solutions
- Policy Based Management of Cloud Systems
- Portability, Interoperability and Standards
- Practical Cryptographic Protocols for Cloud Security
- Practical Privacy Mechanisms for Outsourcing
- QoS & Performance Management in Cloud Computing
- Resource Discovery, Management and Registration
- Robust and Reliable Network Architecture
- Scalable and Robust Scheduling on Heterogeneous Architectures
- Scalable Fault Resilience Techniques for Large Computing
- Secure Cloud Resource Virtualization Mechanisms
- Secure Computation and Data Outsourcing
- Secure Payment for Cloud Services
- Secure Resource Allocation and Indexing
- Securing Distributed Data Storage in Cloud
- Security and Privacy Policies
- Security Model for New Services
- Security Risk Assessment Models for Clouds
- Self-configuration, Self-healing, Self-monitoring
- Service Integration and Management
- Service level Agreement and Specifications
- Solutions for Big data;Trust and Identity Management for Clouds
- Trusted Computing Technology and Secure Hardware for Clouds
For more information, please see
http://www.icsd.aegean.gr/ccsl/mansec-cc/.
ACSAC 2012
28th Annual Computer Security Applications Conference,
Buena Vista Palace Hotel & Spa in the Walt Disney World Resort, Florida, USA, December 3-7, 2012.
[posted here 04/09/12]
The Annual Computer Security Applications Conference (ACSAC) is an internationally
recognized forum where practitioners, researchers, and developers in information and
system security meet to learn and to exchange practical ideas and experiences. If
you are developing, researching, or implementing practical security solutions, consider
sharing your experience and expertise at ACSAC. We are especially interested in
submissions that address the application of security technology, the implementation
of systems, and lessons learned. Some example topics are:
- Access control
- Assurance
- Audit
- Biometrics
- Boundary control
- Cloud security
- Cybersecurity
- Denial of service protection
- Distributed systems security
- Electronic commerce security
- Enterprise security management
- Forensics
- Identity management
- Incident response planning
- Insider threat protection
- Integrity
- Intellectual property rights protection
- Intrusion detection and prevention
- Malware
- Mobile and wireless security
- Multimedia security
- Network resiliency
- Operating systems security
- Peer-to-peer security
- Privacy and data protection
- Privilege management
- Product evaluation and compliance
- Resilience
- Security engineering
- Security usability
- Software security
- Supply chain risk
- Trust management
- Virtualization security
- VoIP security
- Web 2.0/3.0 security
For more information, please see
http://www.acsac.org.
WIFS 2012
IEEE International Workshop on Information Forensics and Security,
Tenerife, Spain, December 2-5, 2012.
[posted here 04/09/12]
The IEEE International Workshop on Information Forensics and Security (WIFS)
is the primary annual event organized by the IEEE's Information Forensics and
Security Technical Committee (IEEE IFS TC). Being the main annual event organized
by IEEE IFS TC, the scope of WIFS is broader than other more specific conferences,
and it represents the most prominent venue for researchers to exchange ideas and
identify potential areas of collaboration. Focusing on these targets, the conference
will feature three keynote speakers, up to four tutorials, a track of lecture
and poster sessions.
For more information, please see
http://www.wifs12.org/.
INSCRYPT 2012
8th China International Conference on Information Security and Cryptology,
Beijing, China, November 28 - December 1, 2012.
[posted here 07/23/12]
Inscrypt 2012 seeks high-quality research contributions in the form of well developed
papers. Topics of interest encompass research advances in ALL areas of information security,
cryptology, and their applications:
- Access Control
- Authentication and Authorization
- Biometric security
- Block cipher modes of operation
- Cloud computing security
- Database security
- Digital asset security and protection
- Electronic Commerce Security
- Foundations of Cryptography
- Hash functions and MACs
- Information Hiding and Watermarking
- Intrusion Detection
- Key Management and Key Recovery
- Mobile network Security
- Network Security
- Operating system security
- Privacy protection
- Risk evaluation and security modeling
- Secret Key and Public Key Cryptography
- Security issues in Internet of Things
- Security and Cryptographic Protocols
- Software security and protection
- System security
For more information, please see
http://inscrypt2012.im.pwr.wroc.pl/2012/Inscrypt_2012.html.
NSS 2012
6th International Conference on Network and System Security,
Wu Yi Shan, Fujian, China, November 21-23, 2012.
[posted here 12/12/11]
NSS is an annual international conference covering research in
network and system security. The conference seeks submissions from academia,
industry, and government presenting novel research on all theoretical and
practical aspects of network security, privacy, applications security, and
system security. Papers describing case studies, implementation experiences,
and lessons learned are also encouraged. Topics of interest include but are
not limited to:
- Active Defense Systems
- Hardware Security
- Security in P2P systems
- Adaptive Defense SystemsAnalysis
- Benchmark of Security Systems
- Identity Management
- Intelligent Defense Systems
- Security in Cloud and Grid Systems
- Security in E-Commerce
- Applied Cryptography
- Authentication
- Insider Threats
- Intellectual Property Rights Protection
- Security in Pervasive/Ubiquitous Computing
- Security and Privacy in Smart Grid
- Biometric Security
- Complex Systems Security
- Internet and Network Forensics
- Intrusion Detection and Prevention
- Secure Mobile Agents and Mobile Code
- Security and Privacy in Wireless Networks
- Database and System Security
- Data Protection Key Distribution and Management
- Large-scale Attacks and Defense Security Policy
- Security Protocols
- Data/System Integrity
- Distributed Access Control
- Malware
- Network Resiliency
- Security Simulation and Tools
- Security Theory and Tools
- Distributed Attack Systems
- Network Security
- Standards and Assurance Methods
- Denial-of-Service
- RFID Security and Privacy
- Trusted Computing
- High Performance
- Network Virtualization
- Security Architectures
- Trust Management
- High Performance Security Systems
- Security for Critical Infrastructures
- World Wide Web Security
For more information, please see
http://anss.org.au/nss2012/index.html.
HST 2012
12th IEEE Conference on Technologies for Homeland Security,
Waltham, MA, USA, November 13-15, 2012.
[posted here 02/20/12]
This conference brings together innovators from leading universities, research laboratories,
Homeland Security Centers of Excellence, small businesses, system integrators and the
end user community and provides a forum to discuss ideas, concepts and experimental
results. Produced by IEEE with technical support from DHS S&T, IEEE Biometrics Council, IEEE
Boston Section, and IEEE-USA and organizational support from MIT Lincoln Laboratory,
Raytheon, Battelle, and MITRE, this year’s event will showcase selected technical papers
and posters highlighting emerging technologies in the areas of:
- Cyber Security
- Attack and Disaster Preparation, Recovery, and Response
- Land and Maritime Border Security
- Biometrics & Forensics
For more information, please see
http://www.ieee-hst.org/.
RFIDsec-Asia 2012
Workshop on RFID and IoT Security,
Taipei, Taiwan, November 8-9, 2012.
[posted here 05/14/12]
The workshop series of RFIDsec Asia, the Asia branch of RFIDsec, aims to provide researchers,
enterprises and governments a platform to investigate, discuss and propose new solutions
on security and privacy issues of RFID/IoT (Internet of Things) technologies and applications.
Papers with original research in theory and practical system design concerning RFID/IoT security
are solicited. Topics of the workshop include but are not limited to:
- New applications for secure RFID/ IoT systems
- Data integrity and privacy protection techniques for RFID/ IoT
- Attacks and countermeasures on RFID/IoT systems
- Design and analysis on secure RFID/IoT hardware
- Risk assessment and management on RFID/IoT applications
- Trust model, data aggregation and information sharing for EPCglobal network
and sensor network
- Resource-efficient implementation of cryptography
- Integration of secure RFID/IoT systems
- Cryptographic protocols for RFID/IoT systems
For more information, please see
http://rfidsec2012.cs.ntust.edu.tw.
GameSec 2012
3rd Conference on Decision and Game Theory for Security,
Budapest, Hungary, November 5-6, 2012.
[posted here 04/09/12]
The conference will explore security as a multifaceted economic problem by considering the
complexities of the underlying technical infrastructure, and human and social factors.
Securing resources involves decision making on multiple levels and multiple time scales,
given the limited resources available to both malicious attackers and administrators
defending networked systems. The GameSec conference aims to bring together researchers
who are working on the theoretical foundations and behavioral aspects of enhancing security
capabilities in a principled manner. Previous GameSec contributions included analytic models
based on game, information, communication, optimization, decision, and control theories
that were applied to diverse security topics. In addition, we welcome research that
highlights the connection between economic incentives and real world security, reputation,
trust and privacy problems. The conference is soliciting full and short papers on all
economic aspects of security and privacy. Submitted papers will be evaluated based on
their significance, originality, technical quality, and exposition. They should clearly establish
the research contribution, their relevance to security and privacy, and their relation to prior
research. General theoretic contributions are welcome if they discuss potential scenarios of
application in the areas of security and privacy.
For more information, please see
http://www.gamesec-conf.org.
SPACE 2012
International Conference on Security, Privacy and Applied
Cryptography Engineering,
Chennai, India, November 2-3, 2012.
[posted here 06/25/12]
Original papers are invited on any aspect of Applied Cryptography, Cryptographic
Engineering or Engineering aspects of Security. All accepted papers will be
published in LNCS series proceedings by Springer. The topics for SPACE 2012
include but are not limited to:
- Symmetric-key algorithms and cryptanalysis
- Cryptographic implementations
- Side channel analysis and countermeasures
- Fault tolerance of cryptosystems
- Physically uncloneable functions
- Public-key schemes and cryptanalysis
- Analysis and design of security protocols
- Security of systems and applications
- High-performance computing in cryptology
- Cryptography in ubiquitous devices
- Trusted computing
- Anonymity and privacy
- Data base security
- Operating system security
- Cloud and grid security
- Network security, botnets, intrusion detection
For more information, please see
http://space.cse.iitm.ac.in/.
Nordsec 2012
17th Nordic Conference in Secure IT Systems,
Karlskrona, Sweden, October 31 - November 2, 2012.
[posted here 03/12/12]
Since 1996, the NordSec conferences have brought together computer
security researchers and practitioners from around the world,
particular from the Nordic countries and Northern Europe. The
conference focuses on applied IT security and is intended to encourage
interaction between academic and industrial research. Contributions
should reflect original research, developments, studies and practical
experience within all areas of IT security. NordSec 2012 welcomes
contributions over a broad range of topics in IT security, including,
but not limited to, the following areas:
- Applied Cryptography
- Information Warfare & Cyber Security
- Communication & Network Security
- Wireless and Mobile Security
- Computer Crime and Forensics
- Hardware Security
- Virtual Platform Security
- Web and Cloud Security
- Identity Management
- Authentication and Biometrics
- Firewalls and Intrusion Detection
- New Ideas and Paradigms in Security
- Operating System Security
- PKI Systems and Key Escrow
- Privacy & Anonymity
- Security Education and Training
- Security Evaluations and Assurance
- Security Management and Audit
- Social-Engineering and Phishing
- Software and Application Security
- Trust and Reputation Management
For more information, please see
http://www.bth.se/com/nordsec2012.nsf/pages/nordsec2012.
NPSec 2012
7th Workshop on Secure Network Protocols,
Austin, Texas, USA, October 30, 2012.
[posted here 04/09/12]
NPSec focuses on two general areas. The first focus is on the development and analysis of
secure or hardened protocols for the operation (establishment and maintenance) of network
infrastructure, including such targets as secure multidomain, ad hoc, sensor or overlay
networks, or other related target areas. This can include new protocols, enhancements to
existing protocols, protocol analysis, and new attacks on existing protocols. The second
focus is on employing such secure network protocols to create or enhance network
applications. Examples include collaborative firewalls, incentive strategies for multiparty
networks, and deployment strategies to enable secure applications. Papers of special
merit might be considered for fast track publication in the Computer Communications journal.
For more information, please see
http://www.cse.msu.edu/~feichen/NPSec2012/.
ICICS 2012
14th International Conference on Information and Communications Security,
Hong Kong, October 29-31, 2012.
[posted here 05/14/12]
ICICS brings together individuals involved in multiple disciplines of Information and Communications Security in
order to foster exchange of ideas. Original papers on all aspects of information and communications security
are solicited for submission to ICICS2012. Areas of interest include, but are not limited to:
- Access control
- Intellectual Property Protection
- Anti-Virus and Anti-Worms
- Intrusion Detection
- Anonymity
- Key Management and Key Recovery
- Authentication and Authorization
- Language-based Security
- Biometric Security
- Operating System Security
- Data and System Integrity
- Network Security
- Database Security
- Risk Evaluation and Security Certification
- Distributed Systems Security
- Security for Mobile Computing
- Electronic Commerce Security
- Security Models
- Fraud Control
- Security Protocols
- Grid Security
- Trusted Computing and trustworthy computing technology
- Information Hiding and Watermarking
- Engineering issues of Cryptographic and Security Systems
- Computer / Digital Forensics
For more information, please see
http://www.cs.hku.hk/icics2012/.
eCrime-Summit 2012
7th IEEE eCrime Researchers Summit,
Held in conjunction with the 2012 APWG General Meeting,
Las Croabas, Puerto Rico, October 23-24, 2012.
[posted here 05/28/12]
eCRS 2012 will bring together academic researchers, security practitioners, and law enforcement
to discuss all aspects of electronic crime and ways to combat it, Topics of interests include
(but are not limited to):
- Case studies of current attack methods, including phishing, malware, rogue antivirus,
pharming, crimeware, botnets, and emerging techniques
- Case studies of online advertising fraud, including click fraud, malvertising, cookie
stuffing, and affiliate fraud
- Case studies of large-scale take-downs, such as coordinated botnet disruption
- Technical, legal, political, social and psychological aspects of fraud and fraud prevention
- Economics of online crime, including measurement studies of underground
economies and models of e-crime
- Uncovering and disrupting online criminal collaboration and gangs
- Financial infrastructure of e-crime, including payment processing and money laundering
- Techniques to assess the risks and yields of attacks and the effectiveness of countermeasures
- Delivery techniques, including spam, voice mail, social network and web search
manipulation; and countermeasures
- Techniques to avoid detection, tracking and take-down; and ways to block such techniques
- Best practices for detecting and avoiding damages to critical internet infrastructure, such as
DNS and SCADA, from electronic crime activities
For more information, please see
http://ecrimeresearch.org.
LCN-SICK 2012
Workshop on Security in Communications Networks,
Held in Conjunction with IEEE LCN 2012,
Clearwater, FL, USA, October 22-25, 2012.
[posted here 03/12/12]
Recent years have seen growth in the number of services and applications that enable
groups of people and/or devices to communicate and collaborate in real-time.
Often times, these groups are spontaneously formed based on a common interest or
objective, have a limited life span and use one or more network technologies to connect
group members with available resources and each other. Examples range from multi-player
online games and video conferencing to the coordination of first responders at a crime
scene or troops in a battlefield. Secure group communication is a difficult problem that
needs to be addressed to guarantee the confidentiality, integrity, and availability of
these applications. Challenges include user mobility, device heterogeneity, lack of infrastructure,
cross domain interactions, as well as dynamic memberships without pre-configuration.
The main purpose of this workshop is to promote further research interests and activities on
Secure Group Communication. This workshop aims to increase the synergy between academic
and industrial researchers working in this area. We are interested in experimental, systems-related,
and work-in-progress papers in all aspects of Secure Group Communications.
For more information, please see
http://www.sick-workshop.org/.
AISec 2012
5th ACM Workshop on Artificial Intelligence and Security,
Held in conjunction with ACM CCS 2012,
Sheraton Raleigh Hotel, Raleigh, NC, USA, October 19, 2012.
[posted here 05/14/12]
The applications of artificial intelligence, machine learning, and data mining for security and
privacy problems continue to grow. One recent trend is the growth of Big Data Analytics and
the establishment of Security Information and Event Management systems built to obtain
security intelligence and situational awareness. With the advent of cloud computing, every
advantage the cloud offers, such as large-scale machine learning and data-driven abuse
detection, is being leveraged to improve security. We invite original research papers
describing the use of AI or machine learning in security and privacy problems. We also
invite position and open problem papers discussing the role of AI or machine learning in
security and privacy. Submitted papers of these types may not substantially overlap
papers that have been published previously or that are simultaneously submitted to
a journal or conference/workshop proceedings. Finally we welcome a new systematization
of knowledge category of papers this year, which should distill the AI or machine learning
contributions of a previously published series of security papers. Topics of interest
include, but are not limited to:
- Adversarial Learning
- Robust Statistics
- Online Learning
- Computer Forensics
- Spam detection
- Botnet detection
- Intrusion detection
- Malware identification
- Big data analytics for security
- Adaptive side-channel attacks
- Privacy-preserving data mining
- Design and analysis of CAPTCHAs
- Phishing detection and prevention
- AI approaches to trust and reputation
- Vulnerability testing through intelligent probing (e.g. fuzzing)
- Content-driven security policy management & access control
- Techniques and methods for generating training and test sets
- Anomalous behavior detection (e.g. for the purposes of fraud prevention, authentication)
For more information, please see
http://research.microsoft.com/en-us/events/aisec2012/default.aspx.
STC 2012
7th ACM Workshop on Scalable Trusted Computing,
Held in conjunction with ACM CCS 2012,
Sheraton Raleigh Hotel, Raleigh, NC, USA, October 19, 2012.
[posted here 04/30/12]
Built on the continuous success of ACM STC 2006-2011, this workshop focuses on
fundamental technologies of trusted and high assurance computing and its applications in
large-scale systems with varying degrees of trust. The workshop is intended to serve as a
forum for researchers as well as practitioners to disseminate and discuss recent advances
and emerging issues. The workshop solicits two types of original papers: full papers and
short/work-in-progress/position-papers. A paper submitted to this workshop must not
be in parallel submission to any other journal, magazine, conference or workshop with
proceedings. Topics of interests include but not limited to:
- security policies and models of trusted computing
- architecture and implementation technologies for trusted platform
- limitations, alternatives and tradeoffs regarding trusted computing
- trusted computing in cloud and data center
- cloud-based attestation services
- trusted smartphone devices and systems
- trust in smart grid, energy, and Internet of Things
- trusted emerging and future Internet infrastructure
- trusted online social network
- trust in authentications, users and computing services
- hardware based trusted computing
- software based trusted computing
- pros and cons of hardware based approach
- remote attestation of trusted devices
- censorship-freeness in trusted computing
- cryptographic support in trusted computing
- case study in trusted computing
- principles for handling scales
- scalable trust supports and services in cloud
- trusted embedded computing and systems
- virtualization and trusted computing
For more information, please see
http://www.cs.utsa.edu/~acmstc/stc2012/.
CCSW 2012
ACM Cloud Computing Security Workshop,
Held in conjunction with ACM CCS 2012,
Sheraton Raleigh Hotel, Raleigh, NC, USA, October 19, 2012.
[posted here 04/30/12]
Notwithstanding the latest buzzword (grid, cloud, utility computing, SaaS, etc.), large-scale
computing and cloud-like infrastructures are here to stay. How exactly they will look like tomorrow
is still for the markets to decide, yet one thing is certain: clouds bring with them new untested
deployment and associated adversarial models and vulnerabilities. It is essential that our community
becomes involved at this early stage. The CCSW workshop aims to bring together researchers and
practitioners in all security aspects of cloud-centric and outsourced computing, including:
- practical cryptographic protocols for cloud security
- secure cloud resource virtualization mechanisms
- secure data management outsourcing (e.g., database as a service)
- practical privacy and integrity mechanisms for outsourcing
- foundations of cloud-centric threat models
- secure computation outsourcing
- remote attestation mechanisms in clouds
- sandboxing and VM-based enforcements
- trust and policy management in clouds
- secure identity management mechanisms
- new cloud-aware web service security paradigms and mechanisms
- cloud-centric regulatory compliance issues and mechanisms
- business and security risk models and clouds
- cost and usability models and their interaction with security in clouds
- scalability of security in global-size clouds
- trusted computing technology and clouds
- binary analysis of software for remote attestation and cloud protection
- network security (DOS, IDS etc.) mechanisms for cloud contexts
- security for emerging cloud programming models
- energy/cost/efficiency of security in clouds
For more information, please see
http://crypto.cs.stonybrook.edu/ccsw12.
SPSM 2012
Workshop on Security and Privacy in Smartphones and Mobile Devices,
Held in conjunction with ACM CCS 2012,
Sheraton Raleigh Hotel, Raleigh, NC, USA, October 19, 2012.
[posted here 06/25/12]
Recognizing smartphone security and privacy as an emerging area, this
workshop intends to provide a venue for interested researchers and practitioners
to get together and exchange ideas, thus to deepen our understanding to various
security and privacy issues on smartphones, specifically the platforms such as
iOS and Android. Topics of interests include (but are not limited to) the following
subject categories: device/hardware security, OS/Middleware security, application
security, authenticating users to devices and services, mobile Web Browsers,
usability, privacy, rogue application detection and recovery, vulnerability
detection and remediation, secure application development, cloud support for
mobile security. We also would like to especially encourage novel paradigms
and controversial ideas that are not on the above list. The workshop is to
act as a venue for creative debate and interaction in security- and
privacy-sensitive areas of computing and communication impacted by smartphones.
For more information, please see
http://www.spsm-workshop.org/2012/.
MMM-ACNS 2012
6th International Conference on Mathematical Methods, Models, and Architectures for
Computer Network Security,
St. Petersburg, Russia, October 17-20, 2012.
[posted here 05/14/12]
These conference and workshop bring together leading researchers from academia and governmental
organizations as well as practitioners to advance the states of the art and practice in the area of
computer networks and information security with a focus on novel theoretical aspects of computer
network security, facilitate personal interactions and discussions on various aspects of information
technologies in conjunction with computer network and information security problems arising in
large-scale computer networks. MMM-ACNS-2012's scope includes, but is not restricted to
the following areas:
- Adaptive security
- Anti-malware techniques: detection, analysis, prevention
- Anti-phishing, anti-spam, anti-fraud, anti-botnet techniques
- Applied cryptography
- Authentication, authorization and access control
- Cloud Security
- Computer and network forensics
- Covert channels
- Critical infrastructure protection
- Data and application security
- Data mining, machine learning, and bio-inspired approaches for security
- Deception systems and honeypots
- Denial-of-service attacks and countermeasures
- Digital Rights Management
- eCommerce, eBusiness and eGovernment security
- Embedded system security
- Formal analysis of security properties
- Information warfare
- Internet and web security
- Intrusion prevention, detection, and response
- Language-based security
- Network survivability
- New ideas and paradigms for security
- Operating system security
- Reliability and dependability
- Risks metrics, risk analysis and risk management
- Security and privacy in pervasive and ubiquitous computing
- Security event and information management
- Security for large-scale systems and critical infrastructures
- Security in social networks
- Security of emerging technologies: sensor, wireless/mobile, peer-to-peer
and overlay networks
- Security of autonomous agents and multi-agent systems
- Security modeling and simulation
- Security policies
- Security protocols
- Security verification
- Security visualization
- Self-protecting and healing
- Smartphone security
- Software protection
- Trusted computing
- Trust and reputation management
- Vulnerability assessment
For more information, please see
http://comsec.spb.ru/mmm-acns12/.
ACM-CCS 2012
19th ACM Conference on Computer and Communications Security,
Raleigh, North Carolina, USA, October 16-18, 2012.
[posted here 01/23/12]
The annual ACM Computer and Communications Security Conference is
a leading international forum for information security researchers,
practitioners, developers, and users to explore cutting-edge ideas
and results, and to exchange techniques, tools, and experiences. The
conference seeks submissions from academia, government, and industry
presenting novel research on all practical and theoretical aspects
of computer and communications security. Papers should have relevance
to the construction, evaluation, application, or operation of secure
systems. Theoretical papers must make a convincing argument for the
practical significance of the results. All topic areas related to
computer and communications security are of interest and in scope.
Accepted papers will be published by ACM Press in the conference
proceedings. Outstanding papers will be invited for possible
publication in a special issue of the ACM Transactions on
Information and System Security.
For more information, please see
http://www.sigsac.org/ccs/CCS2012/.
BADGERS 2012
ACM Workshop on Building Analysis Datasets and Gathering Experience Returns for Security,
Held in conjunction with ACM CCS 2012,
Sheraton Raleigh Hotel, Raleigh, NC, USA, October 15, 2012.
[posted here 05/14/12]
The BADGERS workshop is concerned with the use of Big Data for security and is intended
to report on initiatives for Internet-scale security-related data collection and analysis. It
will provide an environment to describe existing real-world, large-scale datasets, and to
share with the security community the return on experiences acquired by analyzing such
collected data. Furthermore, novel approaches to collect and study such data sets are
welcome. Main topics of interest:
- scalable data collection from networks, hosts, or applications
- real-time gathering and aggregation of diverse sets of raw data
- summarization of raw data with respect to security goals
- attack-resilient data collection
- characterization of dataset external validity
- scalability of security analysis with data volume
- scalability of security analysis with concurrent-attack volume
- combined historical and real-time security analysis
- evaluating result accuracy for large datasets
- real-time, incremental anonymization for data sharing
- successful, failed, and novel models of data sharing
- sharing of analysis results and supporting data
- Internet-scale sharing of security knowledge
- legal issues around data collection and sharing
For more information, please see
http://www.badgersconf.com/.
WPES 2012
Workshop on Privacy in the Electronic Society,
Held in conjunction with ACM CCS 2012,
Sheraton Raleigh Hotel, Raleigh, NC, USA, October 15, 2012.
[posted here 06/25/12]
The need for privacy-aware policies, regulations, and techniques has
been widely recognized. This workshop discusses the problems of privacy in
the global interconnected societies and possible solutions. The 2012
Workshop, held in conjunction with the ACM CCS conference, is the eleventh
in a yearly forum for papers on all the different aspects of privacy in
today's electronic society. The workshop seeks submissions from academia and
industry presenting novel research on all theoretical and practical aspects
of electronic privacy, as well as experimental studies of fielded systems.
We encourage submissions from other communities such as law and business that
present these communities' perspectives on technological issues. Topics of
interest include, but are not limited to:
- anonymity, pseudonymity, and unlinkability
- data privacy
- economics of privacy
- electronic commerce privacy
- health information privacy
- identity management
- location privacy
- personally identifiable information
- privacy and anonymity in the Web
- privacy and confidentiality management
- privacy and data mining
- privacy and human rights
- privacy enhancing technologies
- privacy in health care and public administration
- privacy in mobile computing
- privacy in pervasive and ubiquitous computing
- privacy in social networks
- privacy in the cloud systems
- privacy in the electronic records
- privacy metrics
- privacy policies
- privacy threats
- privacy vs. security
- privacy-aware access control
- privacy-preserving computation
- public records and personal privacy
- traffic analysis
- unobservability
- usability of privacy technologies
- user profiling
- wireless privacy
For more information, please see
http://hatswitch.org/wpes2012/.
SRDS 2012
31st International Symposium on Reliable Distributed Systems,
Irvine, California, USA, October 8-11, 2012.
[posted here 01/23/12]
The Symposium on Reliable Distributed Systems is a forum for
researchers and practitioners interested in distributed systems
design, development and evaluation, with emphasis on reliability,
availability, safety, security, trust and real time. We welcome
original research papers as well as practical experience reports
that deal with design, development and experimental results of
operational systems. The major areas of interest include,
but are not limited to, the following topics:
- Cloud computing and virtualization
- Autonomic, pervasive, and ubiquitous computing
- Secure and trusted storage systems
- Secure and dependable web services
- High-confidence and Safety-critical systems
- Parallel and distributed operating systems
- Distributed objects and middleware systems
- Fault-tolerant and secure sensor networks
- Event-based processing and peer-to-peer infrastructures
- Distributed databases and transaction processing
- Distributed measurement, monitoring, and predictions
- Wireless ad hoc networks
- Electronic commerce and enabling technologies
- Formal methods and foundations for dependable distributed computing
- Analytical or experimental evaluations of dependable distributed systems
- Internet-based systems and applications
- Scalable systems design
- QoS control and assessment
- Trust and scalable system design in social networks
- Social media and privacy issues
For more information, please see
http://web.mst.edu/~cswebdb/srds2012/.
SSS 2012
14th International Symposium on Stabilization, Safety, and Security
of Distributed Systems,
Toronto, Canada, October 1-4, 2012.
[posted here 01/16/12]
The SSS symposium is a prestigious international forum for researchers and
practitioners in the design and development of fault-tolerant distributed
systems with self-* properties, such as self-stabilizing, self-configuring,
self-organizing, self-managing, self-repairing, self-healing, self-optimizing,
self-adaptive, and self-protecting systems. Research in distributed systems is now
at a crucial point in its evolution, marked by the importance of dynamic
systems such as cloud networks, social networks, peer-to-peer networks, large-scale
wireless sensor networks, mobile ad hoc networks, etc., and many new applications such
as grid and web services, banking and e-commerce, e-health and robotics,
aerospace and avionics, automotive, industrial process control, etc. have
joined the traditional applications of distributed systems.
For more information, please see
http://www.cs.uwaterloo.ca/sss2012/.
SADFE 2012
7th International Workshop on Systematic Approaches to Digital Forensics Engineering,
Held in conjunction with the United Nations Educational, Scientific and Cultural Organization (UNESCO) Conference
- The Memory of the World in the Digital Age: Digitization and Preservation Conference,
Vancouver, British Columbia, Canada, September 28, 2012.
[posted here 02/20/12]
We invite you to the SADFE-2012 (Systematic Approaches to Digital Forensic Engineering) international
conference program in an experimental format. This year we merge SADFE with the UNESCO international
conference - "The Memory of the World in the Digital Age: Digitization and Preservation", which will be
held from 26 to 28 September, 2012 in Vancouver, British Columbia, Canada, on the theme of preservation
of digital information and heritage. In the past, the history was largely hand-written and relied heavily on
the authenticity and correctness of the description of events, artifacts, ideas, and behaviors of individuals
and governments. As the past is known through its documentary residue, documentary truth is the key to
understanding ourselves and building a better world. Digital forensics engineering and digital history preservation
share many similar challenges. Provenance, authenticity, integrity, and identity are all at the very center of
both digital forensics analysis and world's collective human digital memory. This experimental synergistic
format intends to bring together multiple research communities to explore such critical issues.
Human society, being enabled by the modern digital technology, is currently at its infancy in terms of collective
knowledge/memory formation, preservation, and sharing. This collective digital knowledge and memory will
inevitably grow beyond this beginning stage. SADFE-2012 brings in digital forensic engineering expertise as to
those verification/investigation issues. Digital knowledge goes beyond just the "digitized" knowledge but also the
"originally digital" knowledge from system and network owned and operated by human being. In this respect,
digital forensic engineering will play an increasing important role. We welcome papers on forensics and preservation
as to criminal and national security investigations, digital memory integrity, general attack analysis, insider
threat, insurance and compliance investigations, and similar forms of retrospective analysis touching on
data archiving, legal, scientific and mathematical principles finding facts or evidence, for use within a court
of law or to aid in understanding the past and digital knowledge in general.
For more information, please see
http://conf.ncku.edu.tw/sadfe/.
ProvSec 2012
6th International Conference on Provable Security,
Chengdu, China, September 26-28, 2012.
[posted here 12/5/11]
Provable security is an important research area in modern cryptography.
Cryptographic primitives or protocols without a rigorous proof cannot be
regarded as secure even in practice. In fact, there are many schemes that
were originally thought as secure but eventually broken, which clearly
indicates the need of formal security assurance. With provable security,
we are confident in using cryptographic schemes and protocols in various
real-world applications. Meanwhile, schemes with provable security sometimes
give only theoretical feasibility rather than a practical construction, and
correctness of the proofs may be difficult to verify. ProvSec conference
thus provides a platform for researchers, scholars and practitioners to
exchange new ideas for solving these problems in the provable security area.
Topics include all aspects of provable security for cryptographic primitives
or protocols, and include but are not limited to the following areas:
- Cryptographic primitives
- Digital signatures
- Formal security model
- Lattice-based security reductions
- Pairing-based provably secure cryptography
- Privacy and anonymity technologies
- Provable secure block ciphers and hash functions
- Secure cryptographic protocols and applications
- Security notions, approaches, and paradigms
- Steganography and steganalysis
For more information, please see
http://www.ccse.uestc.edu.cn/provsec/callforpapers.html.
ICDFI 2012
1st International Conference on Digital Forensics and Investigation,
Beijing China, September 21-23, 2012.
[posted here 05/14/12]
Digital forensics is an emerging research area and is a truly multi-disciplinary subject that involves
at least computer science, law and criminal justice. With the advancement of technologies, crime
investigation, especially on digital evidence, becomes difficult. This not only poses challenges to computer
scientists and law enforcement units on how to identify, preserve and collect digital evidence from
different platforms and media such as Internet, mobile phone, cloud system, and emerging storage
devices, but also poses challenges to the legal systems on what kind of digital evidence is admissible
to courts and what needs to be amended and added in the ordinance. Topics of interests include,
but are not limited to the followings:
- Digital forensics tools and applications
- Digital crime investigation
- Privacy and integrity issues in digital forensics
- Identification, authentication and collection of digital evidence
- Computer and network forensics
- Live and memory forensics
- Cyber crime forensics
- Cloud and mobile devices forensics
- Social networking forensics
- Image and video forensics
- Incident response
- Anti-forensic techniques
- Issues in law related to digital forensics
For more information, please see
http://secmeeting.ihep.ac.cn.
ISC 2012
15th Information Security Conference,
Passau, Sept 19-21, 2012.
[posted here 04/09/12]
The ISC conference seeks submissions from academia, industry, and government that
present novel research on all theoretical and practical aspects of Information Security.
Accepted papers will be published by Springer in the Lecture Notes in Computer Science
series. Topics of interest include, but are not limited to:
- access control
- accountability
- anonymity and pseudonymity
- applied cryptography
- authentication
- biometrics
- computer forensics
- cryptographic protocols
- database security
- data/system integrity
- digital right management
- economics of security and privacy
- electronic frauds
- formal methods in security
- identity management
- information dissemination control
- intrusion detection
- insider threats
- IT forensics tools and methods
- malware design
- network security
- privacy
- secure cloud computing
- security and privacy in pervasive/ubiquitous computing
- security for embedded systems
- security for mobile code
- security in IT outsourcing
- security in location services
- security in social networks
- security modeling and architectures
- security of eCommerce, eBusiness and eGovernment
- software security
- trust models and trust management policies
- web security
For more information, please see
http://web.sec.uni-passau.de/isc2012/.
NSPW 2012
New Security Paradigms Workshop,
Bertinoro, Italy, September 19-21, 2012.
[posted here 02/20/12]
The New Security Paradigms Workshop (NSPW) invites papers that address the
current limitations of information security. Today's security risks are diverse and
plentiful - botnets, database breaches, phishing attacks, targeted cyber
attacks - and yet present tools for combating them are insufficient. To address
these limitations, NSPW welcomes unconventional, promising approaches to
important security problems and innovative critiques of current security theory
and practice. We are particularly interested in perspectives from outside computer
security, both from other areas of computer science (such as operating systems,
human-computer interaction, databases, programming lan- guages, algorithms)
and other sciences that study adversarial relationships such as biology and
economics. We discourage papers that offer incremental improvements to
security and mature work that is appropriate for standard information security
venues. To facilitate research interactions, NSPW features informal paper
presentations, extended discussions, shared activities, and group meals, all in
the spectacular setting of Bertinoro, Italy. By encouraging researchers to think
"outside the box" and giving them an opportunity to communicate with
open-minded peers, NSPW seeks to foster paradigm shifts in the field of
information security.
For more information, please see
http://www.nspw.org.
CRITIS 2012
7th International Workshop on Critical Information Infrastructures Security,
Radisson Blu Lillehammer Hotel, Turisthotellveien 6, 2609 Lillehammer, Norway,
September 17-18, 2012.
[posted here 02/20/12]
Critical key sectors of modern economies depend highly on Information and Communication
Technologies (ICT). Disruption, disturbance or loss of information flowing through and
processed by ICT infrastructures can, as well as incidents in the sector infrastructure itself,
lead to various damages such as high economical, material, or ecological impact, loss of vital
societal functions and social well-being of people, and in the most unfortunate cases loss of
human lives. As a consequence the security, reliability and resilience of these infrastructures
are critical for the society. The topic of Critical (Information) Infrastructure Protection
(C(I)IP) is therefore a major objective for governments, companies and the research
community of the major industrial countries worldwide. The CRITIS'12 conference is the
well-established continuation of the series and aims to explore the new challenges posed
by C(I)IP bringing together researchers and professionals from academia, industry and
governmental agencies interested in all different aspects of C(I)IP. Especially promoted
by CRITIS'12 are multi-disciplinary approaches within the scientific communities at
national, European and global level. Authors are solicited to contribute to the conference
by submitting research papers, work-in-progress reports, R&D project results,
surveying works and industrial experiences describing significant advances in C(I)IP.
For more information, please see
http://critis12.hig.no.
EUROPKI 2012
9th European PKI Workshop: Research and Applications,
Held in conjunction with ESORICS 2012,
Pisa, Italy, September 13-14, 2012.
[posted here 04/30/12]
The workshop seeks submissions from academia, industry, and government presenting
novel research on all aspects of Public Key Services, Applications, and Infrastructures.
Topics of interest include, but are not limited to:
- Anonymity
- Architecture and modeling
- Attribute-based access control
- Authentication
- Authorization and delegation
- Certificates management
- Cross certification
- Directories
- eCommerce/eGovernment
- Fault-tolerance and reliability
- Federations
- Group signatures
- ID-based schemes
- Identity management
- Implementations
- Interoperability
- Key management
- Legal issues
- Long-time archiving
- Mobile PKI
- Multi-signatures
- PKI in the Cloud
- Policies and regulations
- Privacy
- Privilege management
- Protocols
- Repositories
- Risk attacks
- Scalability and performance
- Security of PKI systems
- Standards
- Timestamping
- Trust management
- Trusted computing
- Ubiquitous scenarios
- Web services security
For more information, please see
http://europki2012.dti.unimi.it.
DPM 2012
7th International Workshop on Data Privacy Management,
Co-located with ESORICS 2012,
Pisa, Italy, September 12 - 13, 2012.
[posted here 04/30/12]
The aim of this workshop is to discuss and exchange the ideas related to privacy data management.
We invite papers from researchers and practitioners working in privacy, security, trustworthy data
systems and related areas to submit their original papers in this workshop.
Topics of interest include, but are not limited to the following:
- Privacy Information Management
- Privacy Policy-based Infrastructures and Architectures
- Privacy-oriented Access Control Languages and Models
- Privacy in Trust Management
- Privacy Data Integration
- Privacy Risk Assessment and Assurance
- Privacy Services
- Privacy Policy Analysis
- Lightweight cryptography & Cryptanalysis
- Query Execution over Privacy Sensitive Data
- Privacy Preserving Data Mining
- Hippocratic and Water-marking Databases
- Privacy for Integrity-based Computing
- Privacy Monitoring and Auditing
- Privacy in Social Networks
- Privacy in Ambient Intelligence (AmI) Applications
- Individual Privacy vs. Corporate/National Security
- Code-based Cryptology
- Privacy in computer networks
- Privacy and RFIDs
- Privacy in sensor networks
For more information, please see
http://www-ma4.upc.edu/DPM2012/main.html.
CloudSec 2012
4th International Workshop on Security in Cloud Computing,
Held in conjunction with the 41st ICPP,
Pittsburgh, PA, USA, September 12, 2012.
[posted here 01/02/12]
Cloud Computing has generated interest from both industry and academia since 2007.
As an extension of Grid Computing and Distributed Computing, Cloud Computing aims
to provide users with flexible services in a transparent manner. Services are
allocated in a cloud, which is a collection of devices and resources connected
through the Internet. Before this paradigm can be widely accepted, the security,
privacy and reliability provided by the services in the cloud must be well
established. CloudSec 2012 will bring researchers and experts together to present
and discuss the latest developments and technical solutions concerning various
aspects of security issues in Cloud Computing. CloudSec 2012 seeks original
unpublished papers focusing on theoretical analysis, emerging applications,
novel system architecture construction and design, experimental studies, and
social impacts of Cloud Computing. Both review/survey papers and technical
papers are encouraged. CloudSec 2012 also welcomes short papers related to Security
in Cloud Computing, which summarize speculative breakthroughs, work-in-progress,
industry featured projects, open problems, new application challenges, visionary
ideas, and preliminary studies. The topics include but are not limited to:
- Emerging threats to Cloud-based services
- Security model for new services
- Security in Cloud-aware web service
- Information hiding/encryption in Cloud Computing
- Copyright protection in the Cloud
- Securing distributed data storage in cloud
- Privacy and security in Cloud Computing
- Forensics in Cloud environments
- Robust network architecture
- Cloud Infrastructure Security
- Intrusion detection/prevention
- Denial-of-Service (DoS) attacks and defense
- Robust job scheduling
- Secure resource allocation and indexing
- Secure payment for Cloud-aware services
- User authentication in Cloud-aware services
- Non-Repudiation solutions in the Cloud
- Security for emerging Cloud programming models
- Performance evaluation for security solutions
- Testbed/Simulators for Cloud security research
- Security hardware, i.e. hardware for encryption, etc.
- Detection and prevention of hardware Trojans
For more information, please see
http://bingweb.binghamton.edu/~ychen/CloudSec2012.htm.
ESORICS 2012
17th European Symposium on Research in Computer Security,
Pisa, Italy, September 10-12, 2012.
[posted here 04/09/12]
ESORICS is the annual European research event in Computer Security.
The Symposium started in 1990 and has been held in several European countries, attracting
a wide international audience from both the academic and industrial communities.
Papers offering novel research contributions in computer security are solicited for submission
to the Symposium. The primary focus is on original, high quality, unpublished research and
implementation experiences. We encourage submissions of papers discussing industrial
research and development. Topics of interest include, but are not limited to:
- access control
- accountability
- ad hoc networks
- anonymity
- applied cryptography
- authentication
- biometrics
- database security
- data protection
- digital content protection
- digital forensic
- distributed systems security
- electronic payments
- embedded systems security
- inference control
- information hiding
- identity management
- information flow control
- integrity
- intrusion detection
- formal security methods
- language-based security
- network security
- phishing and spam prevention
- privacy
- risk analysis and management
- secure electronic voting
- security architectures
- security economics
- security metrics
- security models
- security and privacy in cloud scenarios
- security and privacy in complex systems
- security and privacy in location services
- security and privacy for mobile code
- security and privacy in pervasive/ubiquitous computing
- security and privacy policies
- security and privacy in social networks
- security and privacy in web services
- security verification
- software security
- steganography
- systems security
- trust models and management
- trustworthy user devices
- web security
- wireless security
For more information, please see
http://www.iit.cnr.it/esorics2012/.
SAEPOG 2012
Secure Autonomous Electric Power Grids Workshop,
Co-located with the Sixth IEEE International Conference on Self-Adaptive and Self-Organizing Systems (SASO 2012),
Lyon, France, September 10, 2012.
[posted here 05/14/12]
Electric energy grids worldwide are becoming smarter and more adaptive to efficiently bring power
from a wide variety of production technologies to a broad consumer base. With this increase in
complexity and adaptivity we see an ever-increasing demand for predictable power availability
and cost-optimizing control of power consumption (and local generation where available) among
consumers. “Security” in the grid has many dimensions, from protecting national resources
against human adversaries to simply guaranteeing the availability of power to customers.
This workshop is concerned with creating autonomous electric power grids that are secure
in all senses of the word.
Traditional power management models rely heavily on a centralized
authority to dispatch generation and curtail load without any means for consumers to affect the
decision process. The increasing dependence on renewable sources of energy invalidates the
currently prevailing paradigm “supply follows demand” for energy management, since power
generation from wind or solar panels is not controllable and only partially predictable.
The resulting new paradigm “demand follows supply” inherently depends on the discovery and
exploitation of demand flexibility which implies the necessity of a decentralized energy information
system with distributed system intelligence for power management and control. Obviously,
distributed control also implies potential security concerns for the system and those who rely on it.
This situation calls for power generation, storage, and distribution systems that are “aware” of the
supply and demand situation and can adapt the load automatically, quickly, and stably. This workshop,
will examine how autonomous self-adaptive and self-organizing systems may be designed for energy
management and control in the future smart grid ranging from national or international high-voltage
transportation systems to low-voltage local distribution systems. We will also consider smart
combination with other networks like natural gas or thermal grids. We will discuss how existing
systems can be made more autonomic (e.g., self-*) and how the designers of new systems can
ensure that these systems deliver power within design constraints reliably.
The important management challenge is to create dependable, decentralized control and collaboration
of the many stakeholders like transportation system operators, distribution system operators and
demand-side managers. This is a highly complex system whose complexity is not determined merely
by its size. Future power grids are loosely integrated cyber-physical-human systems that combine
traditional power control with smart information, communication, and technology, etc. The
daunting security and management challenges that arise from these interdependent couplings
will require much research for many years to come.
For more information, please see
https://sites.google.com/site/saepog/.
CHES 2012
IACR Workshop on Cryptographic Hardware and Embedded Systems,
Leuven, Belgium, September 9-12, 2012.
[posted here 11/14/11]
CHES covers new results on all aspects of the design and analysis of
cryptographic hardware and software implementations. The workshop builds a
bridge between the cryptographic research community and the cryptographic
engineering community. With participants from industry, academia, and
government organizations, the number of participants has grown to over
300 in recent years. In addition to a track of high-quality presentations, CHES 2012
will offer invited talks, tutorials, a poster session, and a rump session.
CHES 2012 especially encourages submissions on the following two subjects:
Design Methods to Build Secure and Efficient Hardware or Software, and
Leakage Resilient Cryptography Including New Model Definitions and Analysis
and the Design of New Cryptosystems. All submitted papers will be reviewed
by at least four Program Committee members. The topics of CHES 2012 include
but are not limited to:
Cryptographic implementations, including
- Hardware architectures for public-key, secret-key and hash algorithms
- Cryptographic processors and co-processors
- Hardware accelerators for security protocols
- True and pseudorandom number generators
- Physical unclonable functions
- Efficient software implementations of cryptography
Attacks against implementations and countermeasures against these attacks,
including
- Side channel attacks and countermeasures
- Fault attacks and countermeasures
- Hardware tampering and tamper-resistance
Tools and methodologies, including
- Computer aided cryptographic engineering
- Verification methods and tools for secure design
- Metrics for the security of embedded systems
- Secure programming techniques
- FPGA design security
- Formal methods for secure hardware
Interactions between cryptographic theory and
implementation issues, including
- New and emerging cryptographic algorithms and protocols
targeting embedded devices
- Special-purpose hardware for cryptanalysis
- Leakage resilient cryptography
Applications, including
- Cryptography in wireless applications
- Cryptography for pervasive computing
- Hardware IP protection and anti-counterfeiting
- Reconfigurable hardware for cryptography
- Smart card processors, systems and applications
- Security in consumer applications
- Secure storage devices
- Technologies and hardware for content protection
- Trusted computing platforms
For more information, please see
http://www.iacr.org/workshops/ches/ches2012/start.php.
SCN 2012
8th Conference on Security and Cryptography for Networks,
Amalfi, Italy, September 5-7, 2012.
[posted here 04/09/12]
SCN 2012 aims at bringing together researchers in the field of cryptography
and information security, practitioners, developers, and users to foster cooperation,
exchange techniques, tools, experiences and ideas. The conference seeks submissions
from academia, government, and industry presenting novel research on all practical
and theoretical aspects of cryptography and information security. The primary focus is
on original, high quality, unpublished research of theoretical and practical impact,
including concepts, techniques, applications and practical experiences.
All topic areas related to cryptography and information security are of interest and in scope.
Suggested topics include but are not restricted to:
- Anonymity and Privacy
- Applied Cryptography and Implementations
- Authentication, Identification and Access Control
- Block and Stream Ciphers
- Complexity-Theoretic Cryptography
- Cloud Computing Security
- Cryptanalysis
- Cryptographic Hash Functions
- Cryptographic and Security Protocols
- Digital Signatures and Message Authentication Codes
- Distributed Systems Security
- Formal Security Methods
- Information-Theoretic Security
- Network, Web and Wireless Security
- Public-Key Encryption
- Physical Cryptography
- Security Architectures and Models
- Software and Systems Security
For more information, please see
http://scn.dia.unisa.it/.
TrustBus 2012
9th International Conference on Trust, Privacy, and Security in Digital Business,
Held in conjunction with DEXA 2012,
Vienna University of Technology, Austria, September 3-7, 2012.
[posted here 12/9/11]
The advances in the Information and Communication Technologies (ICT) have
raised new opportunities for the implementation of novel applications and
the provision of high quality services over global networks. The aim is to
utilize this information society era’ for improving the quality of life
for all citizens, disseminating knowledge, strengthening social cohesion,
generating earnings and finally ensuring that organizations and public
bodies remain competitive in the global electronic marketplace.
Unfortunately, such a rapid technological evolution cannot be problem-free.
Concerns are raised regarding the lack of trust’ in electronic procedures
and the extent to which information security’ and user privacy’ can be
ensured. In answer to these concerns, the 9th International Conference on
Trust, Privacy and Security in Digital Business (TrustBus’12) will provide
an international forum for researchers and practitioners to exchange
information regarding advancements in the state of the art and practice
of trust and privacy in digital business. TrustBus’12 will bring together
researchers from different disciplines, developers, and users all interested
in the critical success factors of digital business systems. We are
interested in papers, work-in-progress reports, and industrial experiences
describing advances in all areas of digital business applications related
to trust and privacy, including, but not limited to:
- Anonymity and pseudonymity in business transactions
- Business architectures and underlying infrastructures
- Common practice, legal and regulatory issues
- Cryptographic protocols
- Delivery technologies and scheduling protocols
- Design of business models with security requirements
- Economics of Information Systems Security
- Electronic cash, wallets and pay-per-view systems
- Enterprise management and consumer protection
- Identity and Trust Management
- Intellectual property and digital rights management
- Intrusion detection and information filtering
- Languages for description of services and contracts
- Management of privacy & confidentiality
- Models for access control and authentication
- Multimedia web services
- New cryptographic building-blocks for e-business applications
- Online transaction processing
- PKI & PMI
- Public administration, governmental services
- P2P transactions and scenarios
- Real-time Internet E-Services
- Reliability and security of content and data
- Reliable auction, e-procurement and negotiation technology
- Reputation in services provision
- Secure process integration and management
- Security and Privacy models for Pervasive Information Systems
- Security Policies
- Shopping, trading, and contract management tools
- Smartcard technology
- Transactional Models
- Trust and privacy issues in mobile commerce environments
- Usability of security technologies and services
- Trust and privacy issues in the cloud
For more information, please see
http://www.ds.unipi.gr/trustbus12/.
SecureComm 2012
8th International Conference on Security and Privacy in Communication Networks,
Padua, Italy, September 3-5, 2012.
[posted here 05/10/12]
Securecomm seeks high-quality research contributions in the form of well-developed papers.
Topics of interest encompass research advances in ALL areas of secure communications
and networking. Topics in other areas (e.g., formal methods, database security, secure
software, theoretical cryptography) will be considered only if a clear connection to
private or secure communication/networking is demonstrated.
For more information, please see
http://securecomm.org/2012/.
MoCrySEn 2012
1st International Workshop on Modern Cryptography and Security Engineering,
Held in conjunction with ARES 2012,
Prague, Czech Republic, August 20-24, 2012.
[posted here 03/19/12]
MoCrySEn aims to bring together researchers working in theoretical aspects of modern
cryptography (including but not restricted to design and analysis of symmetric-key
primitives and cryptosystems, block and stream ciphers, hash functions and MAC
algorithms, efficient implementations and analysis of code-based cryptosystems,
threshold schemes) with professionals working on applied aspects of security
engineering, particularly people involved in standardization and in industrial
deployment of cryptography (encryption schemes for databases and related
security, cryptography in wireless applications, hardware for cryptanalysis,
FPGA and smart cards security). The main goal of the workshop is to
strengthen the dialogue between these two groups, which is currently
perceived to be weak. Ultimately, we aim to make a start on bridging
the gap between what academic cryptographers believe should be the
goals of cryptographic design and what is actually implemented in the
real world. MoCrySEn intends to provide a better understanding of
real-world cryptographic issues to the theoretical community, helping
to inform their research and set new research challenges for the
theoretical community and enable practitioners to develop a clearer
view of the current state-of-the-art in cryptographic research and
what it offers to practitioners.
For more information, please see
http://www.ares-conference.eu/conf/index.php?option=com_content&view=article&id=65&Itemid=120.
WSDF 2012
5th International Workshop on Digital Forensics,
Held in conjunction with ARES 2012,
Prague, Czech Republic, August 20-24, 2012.
[posted here 02/20/12]
Digital forensics is a rapidly evolving field primarily focused on the extraction, preservation and
analysis of digital evidence obtained from electronic devices in a manner that is legally
acceptable. Research into new methodologies tools and techniques within this domain is
necessitated by an ever-increasing dependency on tightly interconnected, complex and
pervasive computer systems and networks. The ubiquitous nature of our digital lifestyle
presents many avenues for the potential misuse of electronic devices in crimes that
directly involve, or are facilitated by, these technologies. The aim of digital forensics is to
produce outputs that can help investigators ascertain the overall state of a system. This
includes any events that have occurred within the system and entities that have
interacted with that system. Due care has to be taken in the identification, collection,
archiving, maintenance, handling and analysis of digital evidence in order to prevent damage
to data integrity. Such issues combined with the constant evolution of technology provide
a large scope of digital forensic research. WSDF aims to bring together experts from academia,
industry, government and law enforcement who are interested in advancing the state of the
art in digital forensics by exchanging their knowledge, results, ideas and experiences. The
aim of the workshop is to provide a relaxed atmosphere that promotes discussion and
free exchange of ideas while providing a sound academic backing. The focus of this workshop
is not only restricted to digital forensics in the investigation of crime. It also addresses
security applications such as automated log analysis, forensic aspects of fraud
prevention and investigation, policy and governance.
For more information, please see
http://www.ares-conference.eu/conf/index.php?option=com_content&view=article&id=49&Itemid=95.
SecSE 2012
6th International Workshop on Secure Software Engineering,
Held in conjunction with ARES 2012,
Prague, Czech Republic, August 20-24, 2012.
[posted here 02/20/12]
Software security is about protecting information and ensuring that systems
continue to function correctly even when under malicious attack. The
traditional approach of securing a system has been to create defensive walls
such as intrusion detection systems and firewalls around it, but there are always
cracks in these walls, and thus such measures are no longer sufficient by
themselves. We need to be able to build better, more robust and more "inherently secure"
systems, and we should strive to achieve these qualities in all software systems, not
just in the ones that "obviously" need special protection. This workshop will focus on
techniques, experiences and lessons learned for building secure and dependable
software. Suggested topics include, but are not limited to:
- Secure architecture and design
- Security in agile software development
- Aspect-oriented software development for secure software
- Security requirements
- Risk management in software projects
- Secure implementation
- Secure deployment
- Testing for security
- Quantitative measurement of security properties
- Static/dynamic analysis for security
- Verification and assurance techniques for security properties
- Security and usability
- Design and deployment of secure services
- Secure composition and adaptation of services
- Teaching secure software development
- Experience reports on successfully attuning developers to
secure software engineering
- Lessons learned
For more information, please see
http://www.sintef.org/secse.
WISA 2012
13th International Workshop on Information Security Applications,
Jeju Island, Korea, August 16-18, 2012.
[posted here 05/14/12]
The focus of this workshop is on all technical and practical aspects of
cryptographic and non-cryptographic security applications. The workshop
will serve as a forum for new results from the academic research community
as well as from the industry. The areas of interest include, but are not limited to:
- Internet & Wireless Security
- E-Commerce Protocols
- Access Control & Database Security
- Biometrics & Human Interface
- Network Security & Intrusion Detection
- Security & Trust Management
- IPTV Security
- Content Protection & Service Security
- Digital Rights Management
- Secure Software & Systems
- Information Hiding
- Digital Forensics
- Secure Hardware
- Cyber Indication & Intrusion Detection
- Multicast & Group Security
- Secure Application Protocols
- Secure Coding
- Smart Cards & Applications
- Mobile Security
- Privacy & Anonymity
- Public Key Crypto Applications
- Threats & Information Warfare
- Virus Protection & Applications
- Ubiquitous Computing Security
- Combating SPAM
- ID Management
- Peer-to-Peer Security
- Information Assurance
- RFID Security & Applications
- Sensor Network Security & Applications
- Common Criteria
- Critical Information Infrastructure Protection
- Video Surveillance Systems
- Healthcare Security
For more information, please see
http://www.wisa.or.kr.
USENIX-Security 2012
21st USENIX Security Symposium,
Bellevue, WA, USA, August 8-10, 2012.
[posted here 01/02/12]
The USENIX Security Symposium brings together researchers, practitioners,
system administrators, system programmers, and others interested in the
latest advances in the security of computer systems and networks.
All researchers are encouraged to submit papers covering novel and
scientifically significant practical works in computer security.
Refereed paper submissions are solicited in all areas relating to
systems and network security, including:
- Analysis of network and security protocols
- Applications of cryptographic techniques
- Attacks with novel insights, techniques, or results
- Authentication and authorization of users, systems, and applications
- Automated tools for source code analysis
- Botnets
- Cryptographic implementation analysis and construction
- Denial-of-service attacks and countermeasures
- Embedded systems security
- File and filesystem security
- Forensics and diagnostics for security
- Hardware security
- Human-computer interaction, security, and privacy
- Intrusion and anomaly detection and prevention
- Malicious code analysis, anti-virus, anti-spyware
- Mobile system security
- Network infrastructure security
- Operating system security
- Privacy-enhancing technologies
- Security architectures
- Security education and training
- Security for critical infrastructures
- Security in heterogeneous and large-scale environments
- Security in ubiquitous computing environments
- Security policy
- Self-protecting and self-healing systems
- Techniques for developing secure systems
- Technologies for trustworthy computing
- Wireless security
- Web security, including client-side and server-side security
For more information, please see
http://www.usenix.org/events/sec12/.
HotSec 2012
7th USENIX Workshop on Hot Topics in Security,
Bellevue, WA, USA, August 7, 2012.
[posted here 04/30/12]
HotSec places its singular emphasis on new ideas and problems. Works reflecting incremental
ideas or well understood problems will not be accepted. Cross-discipline papers identifying new
security problems or exploring approaches not previously applied to security will be given special
consideration. All submissions should propose new directions of research, advocate non-traditional
approaches, report on noteworthy experience in an emerging area, or generate lively discussion
around an important topic. HotSec takes a broad view of security and privacy and
encompasses research on topics including but not limited to:
- Large-scale threats
- Network security
- Hardware security
- Software security
- Physical security
- Programming languages
- Applied cryptography
- Forensics
- Privacy
- Human-computer interaction
- Sociology
- Economics
- Emerging computing environment
For more information, please see
http://www.usenix.org/hotsec12.
HealthSec 2012
3rd USENIX Workshop on Health Security and Privacy,
Bellevue, WA, USA, August 6-7, 2012.
(Submissions due 10 April 2012) [posted here 01/02/12]
The focus of HealthSec '12 will be on the development of new techniques and policies
to ensure the privacy and security of next-generation healthcare systems and devices.
HealthSec is intended as a forum for lively discussion of aggressively innovative
and potentially disruptive ideas on all aspects of medical and health security and
privacy. We strongly encourage cross-disciplinary interactions between fields,
including, but not limited to, technology, medicine, and policy.
For more information, please see
http://www.usenix.org/events/healthsec12/.
USENIX-ATC 2012
3rd USENIX Workshop on Health Security and Privacy,
Bellevue, WA, USA, August 6–7, 2012.
[posted here 01/02/12]
USENIX ATC has always been the place to present groundbreaking research
and cutting-edge practices in a wide variety of technologies and environments.
USENIX ATC '12 will be no exception. The Program Committee seeks high-quality
submissions that further the knowledge and understanding of modern computing
systems, with an emphasis on implementations and experimental results. We
encourage papers that break new ground or present insightful results based
on practical experience with computer systems.
For more information, please see
http://www.usenix.org/events/atc12/.
CSET 2012
5th Workshop on Cyber Security Experimentation and Test,
Bellevue, WA, USA, August 6, 2012.
[posted here 01/02/12]
The science of cyber security is challenging for a number of reasons. Meeting these
challenges requires transformational advances, including understanding of the
relationship between scientific method and cyber security evaluation, advancing
capabilities of underlying experimental infrastructure, and improving data
usability. CSET invites submissions on the science of cyber security evaluation,
as well as experimentation, measurement, metrics, data, and simulations as
those subjects relate to computer and network security.
For more information, please see
http://www.usenix.org/events/cset12/.
SecIoT 2012
Workshop on the Security of the Internet of Things,
Munich, Germany, July 30 - August 2, 2012.
[posted here 01/16/12]
While there are many definitions of the Internet of Things (IoT), all of
them revolve around the same central concept: a world-wide network of
interconnected objects. These objects will make use of multiple
technological building blocks (e.g. wireless communication, sensors,
actuators, RFID) and connectivity paradigms (e.g. cloud-based
infrastructures, P2P systems) in order to allow people and things to
be connected anytime anyplace, with anything and anyone. However,
mainly due to the inherent heterogeneity of this vision and its broad
scope, there will not be a single silver bullet security solution
that will fulfill all the security requirements of the IoT.
Therefore: How can we include security as a core element of the IoT?
How will the IoT interact with other security mechanisms of the Future
Internet? What security requirements will be truly challenged by
the ultimate vision of the IoT? It is precisely the goal of this
workshop to bring together researchers and industry experts in
areas relevant to the security of the Internet of Things to discuss
these and other significant issues. Moreover, this workshop also
has the objective to serve as a forum not only for presenting
cutting-edge research, but also for debating the role of security
and its practical implications in the development of the IoT.
For more information, please see
http://www.nics.uma.es/seciot12/.
MobiPST 2012
2nd International Workshop on Privacy, Security and Trust in Mobile and Wireless Systems,
München, Germany, July 30, 2012.
[posted here 03/12/12]
Recently, mobile wireless devices, such as wireless sensors, smart tags, smart pads, tablets, PDAs
and smart phones, have become pervasive and attracted significant interests from academia,
industry, and standard organizations. With the support of latest cloud computing technology,
these mobile wireless devices will play a more and more important role in computing and
communication systems. When these devices become pervasive, security, privacy and
trust become critical components for the acceptance of applications build based on these
devices. Moreover, several favourable characteristics of mobile and wireless devices,
including portability, mobility, and sensitivity, further impose the challenge of security and
privacy in those systems. Despite recent advances, many research issues still remain in
the design of secure, privacy-preserving, or trust architectures, protocols, algorithms, services,
and applications on mobile and wireless systems. For example, when mobile devices have more
storage space, high bandwidth, and super sensing capability, more sensitive information will be
stored in those devices. On the other hand, operating systems running on those devices are
not as powerful and reliable as those on traditional computers. Both OS layer and higher-level
layer protocols are expected to enhance the security and preserve the privacy of those devices.
With more mobile devices being used in social networks and traditional web-based systems,
novel trust models are essential for new applications. New cryptographic algorithms, key
distribution schemes and access control policies are also encouraged by considering the special
characteristics of mobile and wireless devices. With more and more attacks reported to mobile
devices in last two years, threat detection and protection tools are highly expected to improve
the security. Other issues such as malware, cyber threat, attack modelling, possible vulnerabilities
on the network infrastructure, security analysis, identity management, attack tolerance,
security recovery and anonymity techniques also need to be revisited in these critical systems.
This workshop aims to bring together the technologists and researchers who share interests in the
area of security, privacy and trust in mobile and wireless systems, as well as explore new venues
of collaboration. The main purpose is to promote discussions of research and relevant activities
in the models and designs of secure, privacy-preserving, or trust architectures, protocols,
algorithms, services, and applications, as well as analysis on cyber threat in mobile and
wireless systems. It also aims at increasing the synergy between academic and industry
professionals working in this area. We plan to seek papers that address theoretical, experimental
research, and work in-progress for security, privacy and trust related issues in the context
of mobile and wireless systems.
For more information, please see
http://ocu-stars.okcu.edu/ksha/mobipst2012.html.
SECRYPT 2012
9th International Conference on Security and Cryptography,
Rome, Italy, July 24-27, 2012.
[posted here 01/16/12]
SECRYPT is an annual international conference covering research in
information and communication security.
The conference seeks submissions from academia,
industry, and government presenting novel research on all
theoretical and practical aspects of data protection, privacy,
security, and cryptography. Papers describing the application
of security technology, the implementation of systems, and lessons
learned are also encouraged.
For more information, please see
http://secrypt.icete.org.
LASER 2012
Workshop on Learning from Authoritative Security Experiment Results,
Arlington, VA, USA, July 18 - 19, 2012.
[posted here 01/16/12]
The goal of this workshop is to provide an outlet for publication of
unexpected research results in security -- to encourage people to share
not only what works, but also what doesn't. This doesn't mean bad
research -- it means research that had a valid hypothesis and methods,
but the result was negative. Given the increased importance of computer
security, the security community needs to quickly identify and learn
from both success and failure.
Journal papers and conferences typically contain papers that report successful
experiments that extend our knowledge of the science of security, or assess
whether an engineering project has performed as anticipated. Some of these
results have high impact; others do not. Unfortunately, papers reporting on
experiments with unanticipated results that the experimenters cannot
explain, or experiments that are not statistically significant, or
engineering efforts that fail to produce the expected results, are
frequently not considered publishable, because they do not appear to
extend our knowledge. Yet, some of these "failures" may actually provide
clues to even more significant results than the original experimenter had
intended. The research is useful, even though the results are unexpected.
Useful research includes a well-reasoned hypothesis, a well-defined method
for testing that hypothesis, and results that either disprove or fail to
prove the hypothesis. It also includes a methodology documented sufficiently
so that others can follow the same path. When framed in this way,
"unsuccessful" research furthers our knowledge of a hypothesis and
testing method. Others can reproduce the experiment itself, vary the
methods, and change the hypothesis; the original result provides a
place to begin.
As an example, consider an experiment assessing a protocol utilizing
biometric authentication as part of the process to provide access to a
computer system. The null hypothesis might be that the biometric technology
does not distinguish between two different people; in other words, that
the biometric element of the protocol makes the approach vulnerable to a
masquerade attack. Suppose the null hypothesis is verified. It would still
be worth publishing this result. First, it might prevent others from trying
the same biometric method. Second, it might lead them to further develop
the technology - to determine whether a different style of biometrics
would improve matters, or if the environment in which authentication
is being attempted makes a difference. For example, a retinal scan
may be a failure in recognizing people in a crowd, but successful
where the users present themselves one at a time to an admission device
with controlled lighting, or when multiple "tries" are included. Third,
it might lead to modifying the encompassing protocol so as to make
masquerading more difficult for some other reason.
Equally important is research designed to reproduce the results of
earlier work. Reproducibility is key to science, to validate or
uncover errors or problems in earlier work. Failure to reproduce
the results leads to a deeper understanding of the phenomena that
the earlier work uncovers.
The workshop focuses on research that has a valid hypothesis and
reproducible experimental methodology, but where the results were
unexpected or did not validate the hypotheses, where the methodology
addressed difficult and/or unexpected issues, or that identified
previously unsuspected confounding issues.
We solicit research and position papers addressing these issues,
especially (but not exclusively) on the following topics:
- Unexpected research results in experimental security
- Methods, statistical analyses, and designs for security experiments
- Experimental confounds, mistakes, mitigations
- Successes and failures in reproducing the experimental techniques
and/or results of earlier work
For more information, please see
http://www.cert.org/laser-workshop/.
SAPSE 2012
4th IEEE International Workshop on Security Aspects of Process and Services Engineering,
Held in conjunction with the IEEE Signature Conference on Computers, Software, and Applications (COMPSAC 2012),
Izmir, Turkey, July 16-20, 2012.
[posted here 02/20/12]
The workshop aims to foster cooperation among software practitioners and researchers in
order to exchange the latest industrial experience and research ideas on services and
processes engineering. Complex software systems are at the core of most business transactions,
making the area of processes and services engineering a very attractive field for innovative
research and for facing new challenges. Research is devoted to the software engineering of
service-oriented applications with the goal of providing effective solutions to the development,
deployment and management of the resulting applications. In this scenario, security pla+ys a
fundamental role, since the resulting software system is expected to function correctly and
resist also to malicious attacks under different changing threat scenarios. New techniques
and methodologies are needed to be able to build better, more robust and more trusted
systems, where security is taken into account and integrated in the whole design process
since the very first stages.
For more information, please see
http://compsac.cs.iastate.edu/workshop_details.php?id=48&y.
PETS 2012
12th Privacy Enhancing Technologies Symposium,
Vigo, Spain, July 11-13, 2012.
[posted here 11/14/11]
Privacy and anonymity are increasingly important in the online world.
Corporations, governments, and other organizations are realizing and
exploiting their power to track users and their behavior. Approaches to
protecting individuals, groups, but also companies and governments, from
profiling and censorship include decentralization, encryption, distributed
trust, and automated policy disclosure. The 12th Privacy Enhancing
Technologies Symposium addresses the design and realization of such privacy
services for the Internet and other data systems and communication
networks by bringing together anonymity and privacy experts from
around the world to discuss recent advances and new perspectives.
The symposium seeks submissions from academia and industry presenting novel
research on all theoretical and practical aspects of privacy technologies,
as well as experimental studies of fielded systems. We encourage
submissions with novel technical contributions from other communities
such as law, business, and data protection authorities, that present
their perspectives on technological issues. As in the past, the proceedings
will be published in the Springer Lecture Notes in Computer Science
series, and will be available at the event.
Suggested topics include but are not restricted to:
- Anonymous communications and publishing systems
- Attacks on privacy and privacy technologies
- Censorship resistance
- Data protection technologies
- Economics of privacy and PETs
- Fielded systems and techniques for enhancing privacy in existing systems
- Location privacy
- Privacy and anonymity in Peer-to-Peer, Cloud, and Ubiquitous
Computing Environments
- Privacy and inference control in databases
- Privacy-enhanced access control or authentication/certification
- Privacy-friendly payment mechanisms for PETs and other services
- Privacy in Online Social Networks
- Privacy policy languages and tools
- Privacy threat models
- Profiling and data mining
- Pseudonyms, identity management, linkability, and reputation
- Reliability, robustness and abuse prevention in privacy systems
- Traffic analysis
- Transparency enhancing tools
- Usability issues and user interfaces for PETs
For more information, please see
http://petsymposium.org/2012/.
ACISP 2012
17 Australasian Conference on Information Security and Privacy,
Wollongong, NSW, Australia, July 9-11, 2012.
[posted here 02/06/12]
Original papers pertaining to all aspects of information security and
privacy are solicited for submission to the 17th Australasian Conference
on Information Security and Privacy (ACISP 2012). Papers may present
theory, techniques, applications and practical experiences on a variety
of topics. The proceedings will be published by Springer-Verlag as a
volume of the Lecture Notes in Computer Science series. We seek
submissions from academic and industrial researchers on all
theoretical and practical aspects of information security.
Suggested topics include, but are not restricted to,
the following:
- Cryptography
- Network Security
- Copyright Protection
- Mobile Communications Security
- Secure Commercial Applications
- Security Architectures and Models
- Database Security
- Privacy Technologies
- Authentication and Authorization
- Smartcards
- Software Protection and Malware
- Distributed System Security
- Computer Forensic
- Key Management and Auditing
- Secure Operating System
- Secure Electronic Commerce
- Biometrics
- Secure Cloud Computing
For more information, please see
https://ssl.informatics.uow.edu.au/acisp2012/.
STAST 2012
2nd International Workshop on Socio-Technical Aspects of Security and Trust,
Co-located with Computer Security Foundation Symposium (CSF 2012),
Harvard University, Cambridge, MA, USA, June 29, 2012.
[posted here 02/20/12]
The workshop intends to foster an interdisciplinary discussion on how to
model and analyse the socio-technical aspects of modern security systems
and on how to protect such systems from socio-technical threats and attacks.
We welcome experts in computer science, in social and behavioural sciences,
philosophy and psychology. Relevant topics include but are not limited to:
- Usability Analysis
- System-User Interfaces
- Psychology of Deception
- Socio-Technical Attacks and Defences
- User Perception of Security and Trust
- Design of Socio-Technical Secure Systems
- Cognitive Aspect in Human Computer Interaction
- Human Practice
- Behavioural Models
- Social Engineering
- Modelling and Analysis of Security
- Ceremonies and Workflows
- Game Theoretical Approaches to Security
- Cyber Crime Science
- Security Properties Specification and Verification
- Threat and Adversary Models
- Social Informatics and Networks
- Effects of Technology on Trust Building Behaviour
- Experiences and Test Cases
For more information, please see
http://www.stast2012.uni.lu.
ACNS 2012
10th International Conference on Applied Cryptography and Network Security,
Singapore, June 26-29, 2012.
[posted here 08/22/11]
The conference seeks submissions from academia, industry, and government
presenting novel research on all aspects of applied cryptography as well as network
security and privacy. Papers describing novel paradigms, original
directions, or non-traditional perspectives are also encouraged.
The conference has two tracks: a research track and an industry track.
Topics of interest include, but are not limited to:
- Access control
- Applied cryptography
- Automated protocols analysis
- Biometric security and privacy
- Complex systems security
- Critical infrastructure protection
- Cryptographic primitives and protocols
- Database and system security
- Data protection
- Digital rights management
- Email and web security
- Identity management
- Intellectual property protection
- Internet fraud
- Intrusion detection and prevention
- Key management
- Malware
- Network security protocols
- Privacy, anonymity, and untraceability
- Privacy-enhancing technology
- Policies
- Protection for the future Internet
- Security in P2P systems
- Security and privacy in cloud and grid systems
- Security in e-commerce
- Security in pervasive/ubiquitous computing
- Security and privacy in distributed systems
- Security and privacy in smart grids
- Security and privacy in wireless networks
- Security and privacy metrics
- Secure mobile agents and mobile code
- Trust management
- Usability and security
For more information, please see
http://icsd.i2r.a-star.edu.sg/acns2012.
DFIS 2012
6th International Symposium on Digital Forensics and
Information Security,
Vancouver, Canada, June 26-28, 2012.
[posted here 01/16/12]
Digital Forensics and Information Security (DFIS) are advanced
communication and networking environments where all applications and
services are focused on users. In addition, the DFIS has emerged
rapidly an exciting new paradigm to provide reliable and comfortable
life services. Furthermore, the benefits of DFIS will only be
realized if security issues can be appropriately addressed. Specially,
forensics for DFIS is very important in the security fields. This
workshop is intended to foster state-of-the-art research Digital
Forensics and Information Security in the area of DFIS including
information and communication technologies, law, social sciences
and business administration.
For more information, please see
http://web.ftrai.org/dfis2012.
Mobisec 2012
4th International Conference on Security and Privacy in
Mobile Information and Communication Systems,
Frankfurt, Germany, June 25-27, 2012.
[posted here 01/30/12]
MobiSec's focus is the convergence of information and communication
technology in mobile scenarios. This convergence is realised in
intelligent mobile devices, accompanied by the advent of
next-generation communication networks. Privacy and security
aspects need to be covered at all layers of mobile networks,
from mobile devices, to privacy respecting credentials and mobile
identity management, up to machine-to-machine communications.
In particular, mobile devices such as Smartphones and Internet
Tablets have been very successful in commercialization. However,
their security mechanisms are not always able to deal with the
growing trend of information-stealing attacks. As mobile
communication and information processing becomes a commodity,
economy and society require protection of this precious resource.
Mobility and trust in networking go hand in hand for future
generations of users, who need privacy and security at all layers
of technology. In addition, the introduction of new data
collection practices and data-flows (e.g. sensing data) from the
mobile device makes it more difficult to understand the new security
and privacy threats introduced.
MobiSec strives to bring together the leading-edge of academia and
industry in mobile systems security, as well as practitioners,
standards developers and policymakers. Contributions may range
from architecture designs and implementations to cryptographic
solutions for mobile and resource-constrained devices.
For more information, please see
http://mobisec.org/2012.
eGSSN 2012
International Workshop on Trust, Security and Privacy in
e-Government, e-Systems & Social Networking,
Held in conjunction with the 11th IEEE International Conference on
Trust, Security and Privacy in Computing and Communications (TrustCom 2012),
Liverpool, UK, June 25-27, 2012.
[posted here 02/13/12]
Electronic systems (e-systems) have increased tremendously in recent
years. Clear examples of e-systems include e-commerce, e-payment systems,
e-government systems and social networks. The incredibly amount of people
using these systems make them more vulnerable to receive a great diversity
of attacks such as denial of service, hijacking, spoofing, man in the
middle, etc. Moreover, the information sensible usually managed in e-systems
is another reason for receiving attacks intensively. This workshop aims to
identify and explore different issues and challenges related to security
aspects in e-systems in general and specially in e-government and social
networking. Questions like … how to preserve privacy and anonymity in
social network? How to provide a secure authentication for e-government?
What is a suitable trust model for e-systems? How to federate social
networks? How e-government may manage risk? …are those waiting for
answers. This workshop provides an ideal vehicle for bringing together
researchers, scientists, engineers, academics and students all around
the world to share the latest updates on new security technologies
that would shape the next generation of mobile and wireless systems
and technology platforms. We are interested in the following topics,
but are not limited to:
- Trust Management in e-Government, e-Systems or Social Networks
- Reputation Management in e-Government, e-Systems or Social Networks
- Authentication schemes in e-Government, e-Systems or Social Networks
- Authorization Models in e-Government, e-Systems or Social Networks
- Privacy of e-Government, e-Systems or Social Networks
- Risk Management in e-Government, e-Systems or Social Networks
- Policy-based Management for e-Government, e-Systems or Social Networks
- Security Models for e-Government, e-Systems or Social Networks
- Service Level Agreements about Security in e-Government, e-Systems or
Social Networks
- Identity Management in e-Government, e-Systems or Social Networks
- Federation Management in e-Government, e-Systems or Social Networks
- Anonymity in e-Government, e-Systems or Social Networks
- Accounting in e-Government, e-Systems or Social Networks
For more information, please see
http://webs.um.es/jmalcaraz/eGSSN12.
SPIoT 2012
2nd IEEE International Symposium on Security and Privacy in Internet of Things,
Liverpool, UK, June 25-27, 2012.
[posted here 03/12/12]
With the extensive research and development of computer, communication and control
technologies, it is possible to connect all things to the Internet such that the so-called
Internet of Things (IoT) can be formed. These things may be equipped with devices
such as sensors, actuators, and RFID tags, in order to allow people and things to be
connected anytime and anywhere, with anything and anyone. IoT will enable collaborations
and communications among people and things, and among things themselves, which
expand the current Internet and will radically change our personal, corporate, and community
environments. When more and more things connect to the Internet, security and privacy
issues become more serious, especially in the case that these things are equipped with
actuators and can support control. It is essential to consider the security and privacy
implications of billions of intelligent things cooperating with real and virtual entities over
the Internet. SPIoT 2012 aims at providing a forum for discussing the latest academic
and industrial research results in all aspects of security and privacy in IoT.
For more information, please see
http://trust.csu.edu.cn/conference/SPIoT2012/.
Mobisec 2012
4th International Conference on Security and Privacy in Mobile Information
and Communication Systems,
Frankfurt, Germany, June 25-26, 2012.
[posted here 05/14/12]
MobiSec's focus is the convergence of information and communication technology in mobile
scenarios. This convergence is realised in intelligent mobile devices, accompanied by the
advent of next-generation communication networks. Privacy and security aspects need
to be covered at all layers of mobile networks, from mobile edge devices, to
privacy-respecting credentials and mobile identity management, up to machine-to-machine
communications. In particular, mobile edge devices such as Smartphones and Internet
Tablets have been very successful in commercialization. However, their security mechanisms
are not always able to deal with the growing trend of information-stealing attacks.
As mobile communication and information processing becomes a commodity, economy and
society require protection of this precious resource. Mobility and trust in networking go
hand in hand for future generations of users, who need privacy and security at all layers of
technology. In addition, the introduction of new data collection practices and data-flows
(e.g. sensing data) from the mobile device makes it more difficult to understand the new
security and privacy threats introduced. MobiSec strives to bring together the leading-edge
of academia and industry in mobile systems security, as well as practitioners, standards
developers and policymakers. Contributions may range from architecture designs and
implementations to cryptographic solutions for mobile and resource-constrained devices.
For more information, please see
http://mobisec.org/2012.
DSPAN 2012
3rd IEEE Workshop on Data Security and PrivAcy in wireless Networks,
Held in conjunction with The Thirteenth International Symposium on a World of
Wireless, Mobile and Multimedia Networks (WoWMoM 2012),
San Francisco, CA, USA, June 25, 2012.
[posted here 01/02/12]
The workshop focuses on defining novel problems and developing novel techniques
for data security and privacy issues in wireless and mobile networks. With the
emergence of data-intensive wireless networks such as wireless sensor networks
and data-centric mobile applications such as location-based services, the traditional
boundaries between these three disciplines are blurring. This workshop solicits
papers from two main categories: (1) papers that consider the security and privacy of
data collection, transmission, storage, publishing,and sharing in wireless networks
broadly defined, e.g., MANET,cellular, vehicular, ad hoc, cognitive, as well as sensor
networks,and (2) papers that use data analytics techniques to address security and
privacy problems in wireless networks. The workshop provides a venue for
researchers to present new ideas with impact on three communities wireless
networks, databases, and security.
For more information, please see
http://www.ee.washington.edu/research/nsl/DSPAN_2012/.
SACMAT 2012
17th ACM Symposium on Access Control Models and Technologies,
Newark, NJ, USA, June 20-22, 2012.
[posted here 11/14/11]
Papers offering novel research contributions in all aspects of access control are solicited
for submission to SACMAT 2012. It is the premier forum for presentation of research results and experience
reports on leading edge issues of access control, including models, systems, applications,
and theory. The missions of the symposium are to share novel access control solutions that
fulfill the needs of heterogeneous applications and environments and to identify new
directions for future research and development. SACMAT gives researchers and
practitioners a unique opportunity to share their perspectives with others
interested in the various aspects of access control. Accepted papers will be
presented at the symposium and published by the ACM in the symposium proceedings.
Best Paper Award will be presented to the authors of the most outstanding paper
at the conference. Topics of interest include but are not limited to:
- Access control models and extensions
- Access control requirements
- Access control design methodology
- Access control mechanisms, systems, and tools
- Access control in distributed and mobile systems
- Access control for innovative applications
- Administration of access control policies
- Delegation
- Identity management
- Policy/Role Engineering
- Safety analysis and enforcement
- Standards for access control
- Trust management
- Trust and risk models in access control
- Theoretical foundations for access control models
- Usability in access control systems
- Usage control
For more information, please see
http://www.sacmat.org.
WISTP 2012
6th Workshop on Information Security Theory and Practice,
London, UK, June 19-22, 2012.
[posted here 12/5/11]
Future ICT technologies, like the concepts of Ambient Intelligence and
Internet of Things provide a vision of the Information Society where
the emphasis is on surrounding people by intelligent interactive
interfaces and objects and on environments that are capable of
recognising and reacting to the presence of different individuals
in a seamless, unobtrusive and invisible manner. WISTP 2012 aims to
address the security and privacy issues that are increasingly exposed
by mobile and wireless communications and related services, along with
evaluating their impact on business, individuals, and the society.
The workshop seeks submissions from academia and industry presenting novel
research on all theoretical and practical aspects of security and privacy
of mobile and smart devices, as well as experimental studies of fielded
systems based on wireless communication, the application of security
technology, the implementation of systems, and lessons learned.
We encourage submissions from other communities such as law, business
and policy that present these communities' perspectives on technological
issues. Topics of interest include, but are not limited to:
- Security, Privacy and Trust in the Internet of Things
- Security and Trustworthiness in mobile and wireless networks
including Mobile ad hoc networks, RFID systems,
Wireless sensor networks and Vehicular networks
- Security, Privacy and Trust in Smart Environments
- Security, Privacy and Trust in Social Networks and Social Worlds
- Trustworthy life-logging
- Security, Privacy and Trust in e-Government and Mobile Commerce
including Biometrics and national ID cards
- Human behaviour and psychological aspects of security
including User centric security and privacy
- Lightweight cryptography
- Privacy enhancing technologies (PETs)
- Mobile code security
- Mobile devices security
- Smart card security
- Embedded systems security
- Security models and architectures
including Security and privacy policies,
Authentication and Access Control, and Security protocols
For more information, please see
http://www.wistp.org/.
ICDCS-NFSP 2012
1st International Workshop on Network Forensics, Security and Privacy,
Held in conjunction with ICDCS 2012,
Macau, China, June 18-21, 2012.
[posted here 10/31/11]
Cyber space has become an integrated part of human society. At the same
time, has also been providing convenient platforms for crimes, such as
financial fraud, information phishing, distributed denial of service
attacks, and fake message propagation. Especially, the emergence of
social networks has introduced significant security and privacy issues
to the public. It is a great and new challenge of fighting against
criminals in the cyber space. This field involved various disciplines,
such as networking, information theory, mathematical modelling, data
mining, machine learning, image and voice processing, neural network,
pattern recognition, cryptography and forensic criminology.
Topics of interest include, but not limited to:
- Anonymous system and forensics
- IP traceback
- Malware detection
- Botnet identification
- Networked video system
- Biometric security and forensics
- Emotion identification via video
- Wireless forensics, security and privacy
- Game theory in forensics, security and privacy
- Data Mining in forensics, security and privacy
- DDoS attacks
- Virus source traceback
- Malware source traceback
- Botmaster traceback
- Distributed systems and forensics
- System security and forensics
- Intrusion detection
- Social networks forensics, security and privacy
- Information theory in network security
- Multimedia in network security
For more information, please see
http://www.deakin.edu.au/~syu/nfsp/.
ICDCS-SPCC 2012
3rd International Workshop on Security and Privacy in Cloud Computing,
Held in conjunction with ICDCS 2012,
Macau, China, June 18-21, 2012.
[posted here 10/31/11]
Cloud computing has recently emerged as a new information technology
infrastructure. Cloud computing has unique attributes that raise many security
and privacy challenges in areas such as data security, recovery, and privacy,
as well as legal issues in areas such as regulatory compliance and auditing.
In contrast to traditional enterprise IT solutions, where the IT services
are under proper physical, logical and personnel controls, cloud computing
moves the application software and databases to the servers in large data
centers on the Internet, where the management of the data and services are
not fully trustworthy. When clients store their data on the server without
themselves possessing a copy of it, how the integrity of the data can be
ensured if the server is not fully trustworthy? Will encryption solve the
data confidentiality problem of sensitive data? How will encryption affect
dynamic data operations such as query, insertion, modification, and
deletion? Data in the cloud is typically in a shared environment alongside
data from other clients. How the data segregation should be done, while
data are stored, transmitted, and processed? Due to the fundamental paradigm
shift in cloud computing, many security concerns have to be better
understood, unanticipated vulnerabilities identified, and viable solutions
to critical threats devised, before the wide deployment of cloud computing
techniques can take place. We are soliciting both full papers that present
relatively complete and mature research results and short position papers
that report work-in-progress but inspiring and intriguing new ideas.
Topics of interests include (but are not limited to) the following
subject categories:
- Secure cloud architecture
- Cloud access control and key management
- Identification and privacy in cloud
- Remote data integrity protection
- Dynamic data operation security
- Software and data segregation security
- Secure management of virtualized resources
- Joint security and privacy aware protocol design
- Failure detection and prediction
- Secure data management in/across data centers
- Availability, recovery and auditing
- Secure wireless cloud
For more information, please see
http://www.ece.iit.edu/~ubisec/workshop.htm.
TRUST 2012
5th International Conference on Trust and Trustworthy Computing,
Vienna, Austria, June 13-15, 2012.
[posted here 01/30/12]
TRUST 2012 is an international conference on the technical and
socio-economic aspects of trustworthy infrastructures. It provides
an excellent interdisciplinary forum for researchers, practitioners,
and decision makers to explore new ideas and discuss experiences
in building, designing, using and understanding trustworthy computing
systems. The conference solicits original papers on any aspect
(technical or social and economic) of the design, application and
usage of trusted and trustworthy computing, which concerns a broad
range of concepts. Topics of interest include, but are not limited
to:
Technical Strand:
- Architecture and implementation technologies for trusted platforms
and trustworthy infrastructures
- Trust, Security and Privacy in embedded systems
- Trust, Security and Privacy in social networks
- Trusted mobile platforms and mobile phone security
- Implementations of trusted computing (hardware and software)
- Applications of trusted computing
- Trustworthy infrastructures and resilient services for cloud computing
- Attestation and integrity verification
- Cryptographic aspects of trusted and trustworthy computing
- Design, implementation and analysis of security hardware, i.e.,
hardware with cryptographic and security functions, physically
unclonable functions
- Intrusion resilience in trusted computing
- Virtualization for trusted platforms
- Secure storage
- Security policy and management of trusted computing
- Access control for trusted platforms
- Privacy aspects of trusted computing
- Verification of trusted computing architectures
- Usability and end-user interactions with trusted platforms
- Limitations of trusted computing
Socio-economic Strand:
- Usability and user perceptions of trustworthy systems and risks
- Effects of trustworthy systems upon user/corporate/governmental behavior
- Economic drivers for trustworthy systems in corporate environment
- Impact of trustworthy systems in enhancing trust in cloud infrastructures
- The adequacy of guarantees provided by trustworthy systems for systems
critically dependent upon trust, such as elections and government oversight
- The impact of trustworthy systems upon digital forensics, police
investigations and court proceedings
- Game theoretical approaches to modeling or designing trustworthy systems
- Approaches to model and simulate scenarios of how trustworthy
systems would be used in corporate environments and in personal space
- Experimental economics studies of trustworthiness
- Interplay between privacy (enhancing technologies), trustworthy systems
- Critiques of trustworthy systems
For more information, please see
http://www.trust.sba-research.org.
SFCS 2012
1st IEEE International Workshop on Security and Forensics in
Communication Systems,
Held in conjunction with IEEE ICC 2012,
Ottawa, Canada, June 10-15, 2012.
[posted here 10/10/11]
Digital attacks are continuing to increase at an alarming rate.
They target a wide variety of protocols and communication systems
ranging from servers and end-user machines to wireless and mobile
networks and devices. The absence of supporting evidence and technically sound
methods may prevent administrators from: proving the identity of the
guilty party, identifying the root vulnerability to prevent a future
occurrence of a similar incident, and understanding the
attacker’s motivation for an efficient design of security solutions.
In this context, digital forensic engineering is emerging as a disciplined
science in charge of developing novel scientific and theoretical methods,
techniques, and approaches to collect, process, and analyze information
retrieved from systems affected by security incidents and generate
conclusive descriptions. The SFCS 2012 Workshop will bring together
researchers, scientists, engineers and practitioners
involved in research in the fields of communication systems security
and forensics, to present their latest research findings, ideas,
and developments. Topics of interest include, but are not limited
to:
- Formal aspects of network security
- Theoretical techniques of digital forensics
- Embedded and handled devices forensic
- Evidence preservation, management, storage, reassembly, and
analysis
- Anti-forensics prevention detection and analysis
- Development of Investigation processes and procedures
- Automated analysis of evidence
- Forensics in multimedia and communication protocols
- Security and Investigation techniques in wireless and mobile
communication systems
- Risk analysis and management in communication systems
- Social networks security and forensics
- Collaborative and distributed digital investigation
- Hypothetical reasoning in forensics and incident response
- Legal and policy issues in digital forensics
- Intrusion Detection, incident response, and evidence handling
- Vulnerability analysis and assessment, and analysis of malware
- Cryptography and forensics techniques in multimedia communication
- Data hiding, extraction, and recovery techniques
- Techniques for Tracking and traceback of attacks in systems and networks
- Availability, privacy, authentication, and anonymity
- Secure e-services, e-government, e-learning, e-voting, and
m-commerce applications
- File systems memory analysis
- Infrastructure protection, and Virtual Private Networks security
- Storage system protection and forensics
- Physical and Biometric security
For more information, please see
http://sites.google.com/site/sfcs2012/.
WDFIA 2012
7th International Workshop on Digital Forensics and Incident Analysis,
Hersonissos, Crete, Greece, June 6-8, 2012.
[posted here 11/21/11]
The field of digital forensics is rapidly evolving and continues to gain
significance in both the law enforcement and the scientific community.
Being intrinsically interdisciplinary, it draws upon a wide range of
subject areas such as information & communication technologies, law,
social sciences and business administration. We are pleased to announce
the 7th annual workshop on digital forensics and incident analysis graciously
hosted at the Creta Maria Convention Centre, Crete, Greece. WDFIA 2012 is
supported by IFIP WG 8, and immediately follows the IFIP SEC 2012
international conference at the same venue. The workshop aims to
provide a forum for researchers and practitioners to present original,
unpublished research results and innovative ideas. We welcome the submission
of papers from the full spectrum of issues relating to the theory and
practice of digital forensics and incident analysis. Areas of special
interest include, but are not limited to:
- Digital forensics tools and applications
- Incident response and investigation
- Forensic standards and procedures
- Portable electronic device forensics
- Network forensics
- Data hiding and recovery
- Network traffic analysis, traceback and attribution
- Data mining and e-discovery and their corporate use
- Legal, ethical and policy issues related to digital forensics
- Digital evidence visualisation and presentation
- Integrity of digital evidence and live investigations
- Digital evidence chain of custody, storage and preservation
- Multimedia analysis
- Digital forensics case studies
- Digital forensics training and education
- Best practices and case studies
- Forensics issues of malicious code
- Anti-forensics
For more information, please see
http://www.wdfia.org/.
HAISA 2012
6th International Symposium on Human Aspects of Information Security
and Assurance,
Hersonissos, Crete, Greece, June 6-8, 2012.
[posted here 11/21/11]
It is commonly acknowledged that security requirements cannot be addressed
by technical means alone, and that a significant aspect of protection comes
down to the attitudes, awareness, behaviour and capabilities of the people
involved. Indeed, people can potentially represent a key asset in achieving
security, but factors such as lack of awareness and understanding, combined
with unreasonable demands from security technologies, can dramatically impede
their ability to do so. With this in mind, HAISA 2012 specifically addresses
information security issues that relate to people. It concerns the methods
that inform and guide users' understanding of security, and the technologies
that can benefit and support them in achieving protection. HAISA 2012 welcomes
papers addressing research and case studies in relation to any aspect of
information security that pertains to the attitudes, perceptions and behaviour
of people, and how human characteristics or technologies may be positively
modified to improve the level of protection. Indicative themes include:
- Information security culture
- Awareness and education methods
- Enhancing risk perception
- Public understanding of security
- Usable security
- Psychological models of security software usage
- User acceptance of security policies and technologies
- User-friendly authentication methods
- Biometric technologies and impacts
- Automating security functionality Non-intrusive security
- Assisting security administration
- Impacts of standards, policies, compliance requirements
- Organizational governance for information assurance
- Simplifying risk and threat assessment
- Understanding motivations for misuse
- Social engineering and other human-related risks
- Privacy attitudes and practices
- Computer ethics and security
For more information, please see
http://haisa.org/.
SEC 2012
27th IFIP International Information Security and Privacy Conference,
Creta Maris Hotel, Heraklion, Crete, Greece, June 4-6, 2012.
[posted here 08/22/11]
Papers offering novel research contributions in any aspect of computer
security are solicited for submission to the 27th IFIP International
Information Security and Privacy Conference. The focus is on original,
high quality, unpublished research and implementation experiences.
Submitted papers must not substantially overlap with papers that have
been published or that are simultaneously submitted to a journal or a
conference with proceedings. We encourage submissions of papers discussing
industrial research and development. Papers should focus on topics which
include, but are not limited to, the following:
- Access control
- Accountability
- Anonymity
- Applied Cryptography
- Attacks & Malicious Code
- Authentication & Delegation
- Awareness & Education
- Data Integrity
- Database Security
- Identity Management
- Information Security Culture
- Formal Security Verification
- Mobile Code Security
- Policies & Standards
- Privacy Attitudes & Practices
- Risk Analysis & Management
- Security Architectures
- Security Economics
- Security in Location Services
- Security in Social Networks
- Security Models
- Social Engineering & other Human-related Risks
- System Security
- Usable Security
- Trust Models & Management
- Trust Theories
- Trustworthy User Devices
For more information, please see
http://www.sec2012.org.
HOST 2012
IEEE International Symposium on Hardware-oriented Security and Trust,
Held in conjunction with the DAC 2012,
San Francisco, CA, USA, June 3-4, 2012.
[posted here 12/5/11]
A wide range of applications, from secure RFID tagging to high-end
trusted computing, relies on dedicated and trusted hardware platforms.
The security and trustworthiness of such hardware designs are critical
to their successful deployment and operation. Recent advances in
tampering and reverse engineering show that important challenges lie
ahead. For example, secure electronic designs may be affected by malicious
circuits, Trojans that alter system operation. Furthermore, dedicated
secure hardware implementations are susceptible to novel forms of attack
that exploit side-channel leakage and faults. Third, the globalized,
horizontal semiconductor business model raises concerns of trust and
intellectual-property protection. HOST 2012 is a forum for novel solutions
to address these challenges. Innovative test mechanisms may reveal Trojans
in a design before they are able to do harm. Implementation attacks may be
thwarted using side-channel resistant design or fault-tolerant designs.
New security-aware design tools can assist a designer in implementing
critical and trusted functionality, quickly and efficiently.
The IEEE International Symposium on Hardware Oriented Security and
Trust seeks original contributions in the area of hardware-oriented
security. This includes tools, design methods, architectures, and circuits.
In addition, novel applications of secure hardware are especially
welcome. HOST 2012 seeks contributions based on, but not limited to,
the following topics:
- Trojan detection and isolation
- Implementation attacks and countermeasures
- Side channel analysis and fault analysis
- Intellectual property protection and metering
- Tools and methodologies for secure hardware design
- Hardware architectures for cryptography
- Hardware security primitives: PUFs and TRNGs
- Interaction of secure hardware and software
For more information, please see
http://www.hostsymposium.org.
TrustED 2012
2nd International Workshop on Trustworthy Embedded Devices,
Co-located with the IEEE Symposium on Security & Privacy,
San Francisco, CA, U.S.A, May 25, 2012.
[posted here 02/06/12]
In TrustED 2012 we consider selected aspects of cyber physical
systems and their environments. We aim at bringing together experts
from academia and research institutes, industry and government for
discussing and investigating problems, challenges and some recent
scientific and technological developments in this field. Of particular
interests are security aspects of smartphones and their interfaces to
other embedded devices. This includes (but is not limited to) the
following topics:
- Hardware entangled cryptography
- Foundation, development, and applications of Physical
Security Primitives, e.g., Physically Unclonable Functions (PUFs)
- Embedded system security including smart phones
- Trusted Computing for Embedded Systems
- Privacy aspects of embedded systems (e.g., medical devices,
electronic IDs)
- Remote Attestation
- IP protection for embedded systems
- Attacks on embedded systems and reverse engineering
- Physical and logical convergence (e.g., secure and
privacy-preserving facility management)
- Secure execution environment on mobile devices
- Secure computation on embedded devices
- Attack models for embedded systems
- Smart metering devices
For more information, please see
http://trusted.trust.cased.de/.
MoST 2012
Mobile Security Technologies Workshop,
Co-located with IEEE Symposium on Security and Privacy 2012,
The Westin St. Francis Hotel, San Francisco, CA, USA, May 24, 2012.
[posted here 01/02/12]
MoST is co-located with the IEEE Security & Privacy Symposium.
Mobile Security Technologies (MoST) brings together researchers,
practitioners, policy makers, and hardware and software developers
of mobile systems to explore the latest understanding and advances
in the security and privacy for mobile devices, applications, and systems.
We are seeking both short position papers (2-4 pages) and longer papers
(a maximum of 10 pages). The scope of MoST 2012 includes, but is not limited
to, security and privacy specifically for mobile devices and services
related to:
- Device hardware
- Operating systems
- Middleware
- Mobile web
- Secure and efficient communication
- Secure application development tools and practices
- Privacy
- Vulnerabilities and remediation techniques
- Usable security
- Identity and access control
- Risks in putting trust in the device vs. in the network/cloud
- Special applications, such as medical monitoring and records
- Mobile advertisement
- Secure applications and application markets
- Economic impact of security and privacy technologies
For more information, please see
http://www.mostconf.com.
W2SP 2012
Web 2.0 Security & Privacy Workshop,
Co-located with IEEE Symposium on Security and Privacy 2012,
The Westin St. Francis Hotel, San Francisco, CA, USA, May 24, 2012.
[posted here 01/02/12]
W2SP brings together researchers, practitioners, web programmers, policy
makers, and others interested in the latest understanding and advances in
the security and privacy of the web, browsers and their eco-system. We have
had five years of successful W2SP workshops. This year, we will additionally
invite selected papers to a special issue of the journal.
We are seeking both short position papers (2-4 pages) and longer papers (a maximum of 10 pages).
The scope of W2SP 2012 includes, but is not limited to:
- Trustworthy cloud-based services
- Privacy and reputation in social networks
- Security and privacy as a service
- Usable security and privacy
- Security for the mobile web
- Identity management and psuedonymity
- Web services/feeds/mashups
- Provenance and governance
- Security and privacy policies for composible content
- Next-generation browser technology
- Secure extensions and plug-ins
- Advertisement and affiliate fraud
- Measurement study for understanding web security and privacy
For more information, please see
http://www.w2spconf.com/2012/.
WSCS 2012
Workshop on Semantic Computing and Security,
Co-located with the IEEE Security and Privacy Symposium 2012,
The Westin Hotel, San Francisco, CA, USA, May 24, 2012.
[posted here 01/16/12]
This workshop follows the successful September 2011 workshop (WSCSP) at
the International Semantic Computing Symposium. This new workshop will
explore additional topics and allow semantic computing researchers
to have more opportunity to interact with security researchers.
Semantic Computing technologies derive and use semantics from content,
where "content" is wide-ranging: video, audio, text, conversation,
software, devices, actions, behavior, etc. Security technology
encompasses the specification of secure behavior as well as the
detection of insecure behavior over computer networks. The two
disciplines come together in this new and interesting combination,
in a synergy-seeking, cutting-edge workshop. The delimited notions
of semantics used within Security and Privacy provide a well-defined
and as yet unstudied domain for semantic modeling, automated
semantic interpretation, and inference, with clear practical
uses and opportunities for novel and imaginative research.
The workshop on Semantic Computing and Security addresses: (1)
deriving semantics from data used for security and privacy research;
(2) semantic verification of network activity; and (3)
inferring the semantics of malicious free-form data, such as
email and web pages. Topics of interest include but are
not limited to:
- Network dataset curation through semantic derivation
- Semantic MediaWiki for vulnerability sharing and detecting
emergent security properties
- Network security semantics, dynamic classification
- Inferred semantics of malicious code
- Semantic verification of network operations
- Semantic specification and analysis of security experiment design
- Semantic analysis of access control policies
- Semantics of data acquisition and computation provenance
- Semantic analysis of malware communication
- Semantics-aware trust management
For more information, please see
http://ieee-security.org/TC/SPW2012/wscs-website/wscs.php.
SECOTS 2012
International Symposium on Security in Collaboration Technologies and Systems,
Denver, Colorado, USA, May 21 – 25, 2012.
[posted here 12/05/11]
This Symposium on Security in Collaboration Technologies and Systems will focus on
security issues related to collaboration systems with emphasis on secure and
trustworthy distributed environments, Grid and Cloud based resource virtualization
and on-demand provisioning, multi-agent systems, mobile
and wireless cooperation. The aim is to have a dedicated forum that fosters
closer interactions among researchers and users communities, providing an excellent
opportunity for them to meet and discuss their ideas. The symposium will
address issues related to the security infrastructure and services design,
implementation and operation. It intends to address new security challenges
and present new ideas and solutions addressing modern security requirements,
specific methods of access control that should allow
large scale multi-organizational cooperation, use of mobile technologies
and smartcards, enabling intrusion detection, system recovery and healing
in the context of cooperative systems. The Symposium topics include
(but are not limited to) the following:
- Fundamentals and Frameworks for Security in Collaboration Systems
- Intrusion Detection and Attack Response in Collaboration Systems
- Access Control, Reputation and Trust in Collaboration Environments
- Cross Domain Identity and User Attributes Management Systems
- Security Standards
- Encryption and Cryptography Systems Supporting Cooperative Systems
- Privacy Protection for Collaboration Systems
- Trusted Operating Systems for Distributed Environments
- Middleware Security
- Security Metrics and Measures
- Collaborative Security Monitoring Schemes and Systems
- Usability, Social Engineering, and Security
- Security and Information Assurance Education and Curriculum Issues
- Security Models for Cloud Computing
- Security in Collaborative Multi Agent Systems
- Security of Grid and Cluster Architectures Supporting Cooperative Applications
- Security in Workflow Management Systems
- Policy Driven SLA Negotiation
- Security in Mobile and Wireless Networks for Collaboration
- Security Models for Coalition Networks
- Security in Social Networks
- Virtual Organizations and Dynamic Security Associations
- Web Services Security
- Use of Smartcards in the Context of Collaboration
For more information, please see
http://cisedu.us/rp/cts12/2-conference/symposia/symposium-2--secots-2012.
SP 2012
33rd IEEE Symposium on Security and Privacy ,
San Francisco Bay Area, California, USA, May 20-23, 2012.
[posted here 08/22/11]
Since 1980, the IEEE Symposium on Security and Privacy has been the
premier forum for computer security research, presenting the latest
developments and bringing together researchers and practitioners.
We solicit previously unpublished papers offering novel research
contributions in any aspect of computer security or privacy. Papers
may present advances in the theory, design, implementation, analysis,
verification, or empirical evaluation of secure systems.
Topics of interest include:
- Access control
- Accountability
- Anonymity
- Application security
- Attacks and defenses
- Authentication
- Censorship and censorship-resistance
- Distributed systems security
- Embedded systems security
- Forensics
- Hardware security
- Intrusion detection
- Language-based security
- Malware
- Metrics
- Network security
- Privacy-preserving systems
- Protocol security
- Secure information flow
- Security and privacy policies
- Security architectures
- System security
- Usability and security
- Web security
SYSTEMATIZATION OF KNOWLEDGE PAPERS: Following the success of the
previous year's conference, we are also soliciting
papers focused on systematization of knowledge. The goal of this call is to
encourage work that evaluates, systematizes, and contextualizes existing
knowledge. These papers will provide a high value to our community but would
otherwise not be accepted because they lack novel research
contributions. Suitable papers include survey papers that provide useful
perspectives on major research areas, papers that support or challenge long-held
beliefs with compelling evidence, or papers that provide an extensive and
realistic evaluation of competing approaches to solving specific
problems. Submissions will be distinguished by a checkbox on the submission
form. They will be reviewed by the full PC and held to the same standards as
traditional research papers, except instead of emphasizing novel research
contributions the emphasis will be on value to the community. Accepted papers
will be presented at the symposium and included in the proceedings.
For more information, please see
http://www.ieee-security.org/TC/SP2012/cfp.html.
COSADE 2012
3rd International Workshop on Constructive Side-Channel Analysis
and Secure Design,
Darmstadt, Germany, May 3-4, 2012.
[posted here 09/12/11]
Side-channel analysis (SCA) and implementation attacks have become
an important field of research at universities and in the industry.
In order to enhance the resistance of cryptographic and security
critical implementations within the design phase, constructive
attacks and analyzing techniques may serve as a quality metric to
optimize the design- and development process. This workshop
provides an international platform for researchers, academics,
and industry participants to present their work and their current
research topics. It is an excellent opportunity to meet experts
and to initiate new collaborations and information exchange at
a professional level. The workshop will feature both invited
presentations and contributed talks.
For more information, please see
http://cosade2011.cased.de.
ASIACCS 2012
7th ACM Symposium on Information, Computer and Communications Security,
Seoul, Republic of Korea, May 1-3, 2012.
[posted here 10/03/11]
ASIACCS is a major international forum for information security
researchers, practitioners, developers, and users to explore and
exchange the newest cyber security ideas, breakthroughs, findings,
techniques, tools, and experiences. We invite submissions from
academia, government, and industry presenting novel research on all
theoretical and practical aspects of computer and network security.
Areas of interest for ASIACCS 2012 include, but are not limited to:
- anonymity
- inference/controlled disclosure
- cryptographic protocols
- access control
- intellectual-property protection
- data/system integrity
- secure networking
- operating system security
- hardware-based security
- cloud security
- digital-rights management
- information warfare
- accounting and audit
- trusted computing
- formal methods for security
- key management
- phishing and countermeasures
- identity management
- intrusion detection
- commercial and industry security
- security in ubiquitous computing, e.g., RFIDs
- authentication
- security management
- smartcards
- web security
- security and privacy for emerging technologies, e.g.,
VoIP, peer-to-peer and overlay network systems, Web 2.0
- data and application security
- applied cryptography
- malware and botnets
- mobile-computing security
- privacy-enhancing technology
- software security
- wireless security
For more information, please see
http://elec.sch.ac.kr/asiaccs/.
LEET 2012
5th USENIX Workshop on Large-Scale Exploits and Emergent Threats,
Co-located with NSDI 2012,
San Jose, CA, USA, April 24, 2012.
[posted here 12/12/11]
Now in its fifth year, LEET continues to provide a unique forum for
the discussion of threats to the confidentiality of our data, the
integrity of digital transactions, and the dependability of the
technologies we increasingly rely on. We encourage submissions of
papers that focus on the malicious activities themselves (e.g.,
reconnaissance, exploitation, privilege escalation, rootkit installation,
attack), our responses as defenders (e.g., prevention, detection,
and mitigation), or the social, political, and economic goals driving
these malicious activities and the legal and ethical codes guiding our
defensive responses. Topics of interest include but are not
limited to:
- Infection vectors for malware (worms, viruses, etc.)
- Botnets, command, and control channels
- Spyware
- Operational experience and case studies
- Forensics
- Click fraud
- Measurement studies
- New threats and related challenges
- Boutique and targeted malware
- Phishing
- Spam
- Underground economy
- Carding and identity theft
- Miscreant counterintelligence
- Denial-of-service attacks
- Hardware vulnerabilities
- Legal issues
- The arms race (rootkits, anti-anti-virus, etc.)
- New platforms (cellular networks, wireless networks,
mobile devices)
- Camouflage and detection
- Reverse engineering
- Vulnerability markets and zero-day economics
- Online money laundering
- Understanding the enemy
- Data collection challenges
For more information, please see
http://www.usenix.org/leet12/cfpa.
PSOSM 2012
Workshop on Privacy and Security in Online Social Media,
Held in conjunction with the 21st International World Wide Web Conference (WWW 2012),
Lyon, France, April 16-20, 2012.
[posted here 12/5/11]
With increase in usage of the Internet, there has been an exponential increase
in the use of online social media on the Internet. Websites like Facebook,
YouTube, Orkut, Twitter and Flickr have changed the way Internet is being
used. There is a dire need to investigate, study and characterize privacy
and security of online social media from various perspectives
(computational, cultural, psychological). Real world scalable systems
need to be built to detect and defend security and privacy issues on
online social media. The main goals of the workshop are: (1) To create
a platform to discuss latest issues, trends, and cutting-edge research
approaches in security and privacy in online social media; (2) to bring
researchers who are working on issues related to security and privacy on
the Internet, and those studying online social media, to discuss the
problems that overlap and bring these two areas together.
Topics / themes include, but not limited to the following:
- Information privacy disclosure, revelation and its effects in
online social networks
- Collateral damage due to information leakage (e.g. through
photo tagging) on OSM
- Privacy issues related to location based services on OSM
- Effective and usable privacy setting and policies on OSM
- Anonymization of social network datasets
- Detection and characterization of spam, phishing, frauds, hate crime,
abuse, extremism via online social media
- Cyber-bullying, abuse and harassment detection, and prevention strategies
- Identifying and curbing malware, phishing, and botnets on OSM
- Filtering of pornography, viruses, and human trafficking
related content or entities on OSM
- Studying the social and economic impact of security and
privacy issues on OSM
- Usability (including design flaws) of secure systems on
online social media
- Data modeling of human behavior in context of security and
privacy threats
- Privacy and security issues in social gaming applications
- Trust systems based on social networks
- Legal and ethical issues for researchers studying security
and privacy on OSM
- Information credibility on online social media
- Security and privacy challenges in new entrants in
OSM (e.g. Google Plus)
- Effect of OSM on conventional crime (robberies and theft)
For more information, please see
http://precog.iiitd.edu.in/psosm_www2012/.
WiSec 2012
ACM Conference on Wireless Network Security,
Tucson, Arizona, USA, April 16-18, 2012.
[posted here 10/03/11]
As wireless and mobile networking becomes ubiquitous, security and
privacy become increasingly critical. The focus of the ACM Conference
on Wireless Network Security (ACM WiSec) is on exploring vulnerabilities,
threats, and attacks in wireless communications and the techniques
needed to address them. Settings of interest include cellular,
metropolitan, mesh, local-area, personal-area, home, vehicular, sensor,
ad hoc, satellite, cognitive radio, RFID, and underwater networks as
well as systems using non-RF wireless communication.
The conference is soliciting contributions to topics including but
not limited to:
- Key management in wireless/mobile environments
- Secure services (neighbor discovery, localization, etc.)
- Secure PHY and MAC protocols
- Trust establishment
- Intrusion, attack, and malicious behavior detection
- Denial of service
- User and location privacy
- Anonymity, unobservability, prevention of traffic analysis
- Identity theft and phishing in mobile networks
- Charging & secure payment
- Cooperation and mitigating non?cooperative behavior
- Economics of wireless security
- Vulnerability and attack modeling
- Incentive-aware secure protocol design
- Jamming/Anti-jamming communication
- Cross-layer design for security
- Monitoring and surveillance
- Cryptographic primitives for wireless communication
- Theoretical foundations and formal methods for wireless
security and privacy
- Security and privacy of mobile OS and mobile applications
- Secure delay- and disruption-tolerant networking
- Secure non-RF wireless communication (e.g., ultrasound, vision, laser)
- Security/privacy in wireless smart grid and smart metering applications
- Security/privacy in wireless network coding
- Security/privacy in wireless/ephemeral social networking
- Security/privacy in mobile/wireless cloud services
For more information, please see
http://www.sigsac.org/wisec/WiSec2012/.
ICB 2012
5th International Conference on Biometrics,
New Delhi, India, March 30 - April 1, 2012.
[posted here 08/01/11]
The 5th International Conference on Biometrics (ICB 2012) will have a
broad scope and invites papers that advance biometric technologies,
sensor design, feature extraction and matching algorithms, analysis of
security and privacy, and evaluation of social impact of biometrics
technology. Topics will include biometric systems based on fingerprint,
iris, face, voice, gait and other modalities as well as biometric fusion
and emerging biometrics based on novel sensing technologies. All
submissions must clearly articulate the novelty of the work and must
report results on publicly available datasets whenever possible.
For more information, please see
http://icb12.iiitd.ac.in.
POST 2012
1st Conference on Principles of Security and Trust,
Tallinn, Estonia, March 24 - April 1, 2012.
[posted here 08/01/11]
Principles of Security and Trust is a broad forum related to the theoretical
and foundational aspects of security and trust. Papers of many kinds
are welcome: new theoretical results, practical applications of existing
foundational ideas, and innovative theoretical approaches stimulated by
pressing practical problems. We seek submissions proposing theories to clarify
security and trust within computer science; submissions establishing new
results in existing theories; and also submissions raising fundamental
concerns about existing theories. We welcome new techniques and tools to
automate reasoning within such theories, or to solve security and trust
problems. Case studies that reflect the strengths and limitations of
foundational approaches are also welcome, as are more exploratory presentations
on open questions. Areas of interest include:
- Access control
- Anonymity
- Authentication
- Availability
- Cloud security
- Confidentiality
- Covert channels
- Crypto foundations
- Economic issues
- Information flow
- Integrity
- Languages for security
- Malicious code
- Mobile code
- Models and policies
- Privacy
- Provenance
- Reputation and trust
- Resource usage
- Risk assessment
- Security architectures
- Security protocols
- Trust management
- Web service security
For more information, please see
http://web.cs.wpi.edu/~guttman/post12/.
IFIP-CIP 2012
6th Annual IFIP WG 11.10 International Conference on
Critical Infrastructure Protection,
National Defense University, Fort McNair, Washington, DC, USA,
March 19-21, 2012.
[posted here 10/03/11]
The IFIP Working Group 11.10 on Critical Infrastructure Protection is an
active international community of researchers, infrastructure operators
and policy-makers dedicated to applying scientific principles, engineering
techniques and public policy to address current and future problems in
information infrastructure protection. Following the success of the
first five conferences, the Sixth Annual IFIP WG 11.10 International
Conference on Critical Infrastructure Protection will again provide
a forum for presenting original, unpublished research results and
innovative ideas related to all aspects of critical infrastructure
protection. Papers and panel proposals are solicited. Submissions
will be refereed by members of Working Group 11.10 and other
internationally-recognized experts in critical infrastructure protection.
Papers and panel submissions will be selected based on their technical
merit and relevance to IFIP WG 11.10. The conference will be limited
to seventy participants to facilitate interactions among researchers
and intense discussions of research and implementation issues.
Papers are solicited in all areas of critical infrastructure protection.
Areas of interest include, but are not limited to:
- Infrastructure vulnerabilities, threats and risks
- Security challenges, solutions and implementation issues
- Infrastructure sector interdependencies and security implications
- Risk analysis and risk assessment methodologies
- Modeling and simulation of critical infrastructures
- Legal, economic and policy issues related to critical infrastructure protection
- Secure information sharing
- Infrastructure protection case studies
- Distributed control systems/SCADA security
- Telecommunications network security
For more information, please see
http://www.ifip1110.org.
PILATES 2012
Workshop on Physically-augmented Security for Wireless Networks,
Kaiserslautern, Germany, March 19–21, 2012.
[posted here 10/03/11]
The goal of the PILATES'12 workshop is to discuss "workout plans" in
the discipline of physically-augmented wireless security.
In particular, the focus lies on taking advantage of physical
characteristics of wireless communications as well as of physical
context in general or side-channels to increase the "fitness" of
conventional security protocols. Both single-hop as well as
multi-hop wireless networks are in scope of the workshop. The
workshop accepts technical papers and extended abstracts with
topics of interest that include but are not limited to:
- Security primitives derived from wireless communication
- Physically-augmented cryptographic protocols
- Physically unclonable functions (PUF)
- Wireless threat modeling and security analysis
- Jamming & anti-jamming security protocols
- Secure localization and positioning
- Quantitative evaluation of wireless system security
- Cross-layer approaches to secure wireless communication
- Utilizing multi-* for security (multi-hop, multi-channel, multi-radio, etc.)
For more information, please see
http://mmb2012.de/pilates.
USEC 2012
Workshop on Usable Security,
Held in conjunction with the Financial Cryptography and Data Security (FC 2012),
Divi Flamingo Beach Resort, Bonaire, March 2, 2012.
[posted here 09/15/11]
Many aspects of data security combine technical and human factors.
If a highly secure system is unusable, users will move their data to
less secure but more usable systems. Problems with usability are a major
contributor to many high-profile security failures today.
However, usable security is not well-aligned with traditional usability
for three reasons. First, security is rarely the desired goal of the individual.
In fact, security is usually orthogonal and often in opposition to the actual goal.
Second, security information is about risk and threats. Such communication is
most often unwelcome. Increasing unwelcome interaction is not a goal of usable
design. Third, since individuals must trust their machines to implement their
desired tasks, risk communication itself may undermine the value of the
networked interaction. For the individual, discrete technical problems are all
understood under the rubric of online security (e.g., privacy from third parties
use of personally identifiable information, malware). A broader conception of
both security and usability is therefore needed for usable security.
The workshop on Usable Security invites submissions on all aspects of human
factors and usability in the context of security. USEC'12 aims to bring
together researchers already engaged in this interdisciplinary effort with
other researchers in areas such as economics, intelligent interactions,
artificial intelligence, theoretical computer science, and modeling. We
encourage AI, HCI, security, psychologists, risk analysts, computer scientists,
security specialists, business school faculty, and industry experts to
submit original research. We particularly encourage collaborative research
from authors in multiple fields.
For more information, please see
http://infosecon.net/usec12/index.php.
WECSR 2012
3rd Workshop on Ethics in Computer Security Research,
Divi Flamingo Resort, Bonaire, March 2, 2012.
[posted here 09/01/11]
Computer security often leads to discovering interesting new problems and
challenges. The challenge still remains to follow a path acceptable for
Institutional Review Boards at academic institutions, as well as compatible
with ethical guidelines for professional societies or government institutions.
However, no exact guidelines exist for computer security research yet. This workshop
will bring together computer security researchers, practitioners, policy makers, and
legal experts. This workshop solicits submissions describing or suggesting ethical
and responsible conduct in computer security research. While we focus on setting
standards and sharing prior experiences and experiments in computer security research,
successful or not, we tap into research behavior in network security, computer
security, applied cryptography, privacy, anonymity, and security economics.
This workshop will favor discussions among participants, in order to shape
the future of ethical standards in the field. It will be co-located with
the Sixteenth International Conference on Financial Cryptography and Data
Security 2012. We solicit submissions in three categories: Position papers,
Case studies, and Panel proposals.
For more information, please see
http://www.cs.stevens.edu/~spock/wecsr2012/cfp.html.
FC 2012
16th Financial Cryptography and Data Security,
Divi Flamingo Beach Resort, Bonaire, February 27 - March 2, 2012.
[posted here 06/06/11]
Financial Cryptography and Data Security is a major international
forum for research, advanced development, education, exploration, and
debate regarding information assurance, with a specific focus on
commercial contexts. The conference covers all aspects of securing
transactions and systems. Original works focusing on both fundamental
and applied real-world deployments on all aspects surrounding
commerce security are solicited. Submissions need not be exclusively
concerned with cryptography. Systems security and inter-disciplinary
works are particularly encouraged. The topics include:
- Anonymity and Privacy
- Auctions and Audits
- Authentication and Identification
- Backup Authentication
- Biometrics
- Certification and Authorization
- Cloud Computing Security
- Commercial Cryptographic Applications
- Contracts and Transactions
- Data Outsourcing Security
- Digital Cash and Payment Systems
- Digital Incentive and Loyalty Systems
- Digital Rights Management
- Fraud Detection
- Game Theoretic Approaches to Security
- Identity Theft
- Information Security
- Infrastructure Design Legal and Regulatory Issues
- Management and Operations
- Microfinance and Micropayments
- Mobile Internet Device Security
- Monitoring
- Phishing and Social Engineering
- Privacy-enhancing Systems
- Reputation Systems
- RFID-Based and Contactless Payment Systems
- Risk Assessment and Management
- Secure Banking and Financial Web Services
- Secure Tokens and Hardware
- Securing Emerging Computational Paradigms
- Security and Risk Perceptions and Judgments
- Security Economics
- Smartcards
- Spam
- Trust Management
- Underground-Market Economics
- Usability
- Virtual Economies
- Voting Systems
For more information, please see
http://fc12.ifca.ai/.
CT-RSA 2012
RSA Conference, Cryptographers' Track,
San Francisco, February 27-Mar 2, 2012.
[posted here 07/04/11]
The RSA Conference is the largest annual information security event, with
hundreds of vendors and thousands of attendees. Among the 20 tracks of the
RSA conference, the Cryptographers' Track stands out, offering a glimpse of
academic research in the field of cryptography. The Cryptographers' Track
was founded in 2001, and it has since established its presence in the
cryptographic community. To support the academic exchange, RSA conference
offers a special academic discount for registration, as well as a waiver for
the speakers presenting their papers that were accepted to CT-RSA 2012.
Original research papers pertaining to all aspects of cryptography are
solicited. Submissions may present applications, techniques, theory, and
practical experience on topics including, but not limited to:
- Public-key encryption
- Symmetric-key encryption
- Cryptanalysis
- Digital signatures
- Hash functions
- Cryptographic protocols
- Tamper-resistance
- Efficient implementations
- Elliptic-curve cryptography
- Lattice-based cryptography
- Quantum cryptography
- Formal security models
- Network security
- Hardware security
- E-commerce
For more information, please see
http://ctrsa2012.cs.haifa.ac.il/.
ESSoS 2012
4th International Symposium on Engineering Secure Software and Systems,
Eindhoven, The Netherlands, February 16 - 17, 2012.
[posted here 06/20/11]
Trustworthy, secure software is a core ingredient of the modern world.
Unfortunately, the Internet is too. Hostile, networked environments,
like the Internet, can allow vulnerabilities in software to be exploited
from anywhere. To address this, high-quality security building blocks
(e.g., cryptographic components) are necessary, but insufficient.
Indeed, the construction of secure software is challenging because of
the complexity of modern applications, the growing sophistication of
security requirements, the multitude of available software technologies
and the progress of attack vectors. Clearly, a strong need exists for
engineering techniques that scale well and that demonstrably improve
the software's security properties. The goal of this symposium is to
bring together researchers and practitioners to advance the states of
the art and practice in secure software engineering. The Symposium seeks
submissions on subjects related to its goals. This includes a diversity
of topics including (but not limited to):
- scalable techniques for threat modeling and analysis of vulnerabilities
- specification and management of security requirements and policies
- security architecture and design for software and systems
- model checking for security
- specification formalisms for security artifacts
- verification techniques for security properties
- systematic support for security best practices
- security testing
- security assurance cases
- programming paradigms, models and DLS's for security
- program rewriting techniques
- processes for the development of secure software and systems
- security-oriented software reconfiguration and evolution
- security measurement
- automated development
- trade-off between security and other non-functional requirements
- support for assurance, certification and accreditation
For more information, please see
http://distrinet.cs.kuleuven.be/events/essos2012/.
CODASPY 2012
2nd ACM Conference on Data and Application Security and Privacy,
Hilton Palacio Del Rio, San Antonio, Texas, U.S.A, February 8-10, 2012.
[posted here 08/01/11]
Data and the applications that manipulate data are the crucial assets
in today's information age. With the increasing drive towards availability
of data and services anytime anywhere, security and privacy risks have
increased. Vast amounts of privacy-sensitive data are being collected today
by organizations for a variety of reasons. Unauthorized disclosure,
modification, usage or denial of access to these data and corresponding
services may result in high human and financial costs. New applications
such as social networking and social computing provide value by aggregating
input from numerous individual users and/or the mobile devices they carry
with them and computing new information of value to society and individuals.
To achieve efficiency and effectiveness in traditional domains such as
healthcare there is a drive to make these records electronic and highly
available. The need for organizations and government agencies to share
information effectively is underscored by rapid innovations in the business
world that require close collaboration across traditional boundaries and
the dramatic failure of old-style approaches to information protection in
government agencies in keeping information too secret to connect the dots.
Security and privacy in these and other arenas can be meaningfully achieved
only in context of the application domain. Data and applications security
and privacy has rapidly expanded as a research field with many important
challenges to be addressed. The goal of the conference is to discuss
novel exciting research topics in data and application security and
privacy and to lay out directions for further research and development
in this area. The conference seeks submissions from diverse communities,
including corporate and academic researchers, open source projects,
standardization bodies, governments, system and security administrators,
software engineers and application domain experts.
Topics include but not limited to:
- Application layer security policies
- Authorization /Access Control for Applications
- Authorization/Access Control for Databases
- Data dissemination controls
- Data forensics
- Enforcement layer security policies
- Privacy preserving techniques
- Private information retrieval
- Search on protected/encrypted data
- Secure auditing
- Secure collaboration
- Secure data provenance
- Secure electronic commerce
- Secure information sharing
- Secure knowledge management
- Secure multiparty computations
- Secure software development
- Securing data/apps on untrusted platforms
- Securing the semantic web
- Security and Privacy in GIS/Spatial Data
- Security and Privacy in Healthcare
- Security policies for databases
- Social computing security and privacy
- Social networking security and privacy
- Trust metrics for application, data and user
- Web application security
For more information, please see
http://www.codaspy.org.
NDSS 2012
Network & Distributed System Security Symposium,
San Diego, California, USA, February 5-8, 2012.
[posted here 05/23/11]
The Network and Distributed System Security Symposium fosters information exchange
among research scientists and practitioners of network and distributed system
security. The target audience includes those interested in practical aspects of
network and distributed system security, with a focus on system design and
implementation. A major goal is to encourage and enable the Internet community
to apply, deploy, and advance the state of available security technology.
Overall, we are looking for not only for solid results but also for crazy out
of the box ideas. Areas of interest include (but are not limited to):
- Network perimeter controls: firewalls, packet filters, application gateways
- Network protocol security: routing, naming, network management
- Cloud computing security
- Security issues in Future Internet architecture and design
- Security of web-based applications and services
- Anti-malware techniques: detection, analysis, and prevention
- Secure future home networks, Internet of Things, body-area networks
- Intrusion prevention, detection, and response
- Combating cyber-crime: anti-phishing, anti-spam, anti-fraud techniques
- Privacy and anonymity technologies
- Security for wireless, mobile networks
- Security of personal communication systems
- Vehicular Ad-hoc Network (VANETs) Security
- Security of peer-to-peer and overlay network systems
- Electronic commerce security: e.g., payments, notarization, timestamping
- Network security policies: implementation deployment, management
- Intellectual property protection: protocols, implementations, DRM
- Public key infrastructures, key management, certification, and revocation
- Security for Emerging Technologies
- Special problems and case studies: cost, usability, security vs. efficiency
- Collaborative applications: teleconferencing and video-conferencing
- Smart Grid Security
- Secure Electronic Voting
- Security of large-scale critical infrastructures
- Trustworthy Computing for network protocols and distributed systems
- Network and distributed systems forensics
For more information, please see
http://www.isoc.org/isoc/conferences/ndss/12/cfp.shtml.
CCNC-DRM 2012
8th IEEE International Workshop on Digital Rights Management
Impact on Consumer Communications,
Held in conjunction with the 9th IEEE Consumer Communications &
Networking Conference (CCNC 2012),
Las Vegas, Nevada, USA, January 14, 2012.
[posted here 09/13/11]
Consumers and consumer electronics are increasingly using the Internet
for distribution of digital goods, including digital versions of
books, articles, music, video, games, software, images and 3D content.
The growing popularity of tablets, e-readers and smartphones is
introducing new publishing approaches and business models. Digital
distribution is now a mature area, but the balance between the protection
of content, and flexibility and security for consumers remains a challenge.
Organizations are also increasingly concerned with information protection
and control within and beyond the corporate perimeter for reasons
including traceability, compliance, accountability and persistent
management of intangible assets. The ease with which digital goods
can be copied and redistributed makes the Internet well suited for
unauthorized copying, modification and redistribution. The increasing
use of cloud-based storage, along with the rapid adoption of new
technologies such as high-bandwidth connections, wireless networks,
peer-to-peer networks and surface computing is accelerating this
process. This one-day workshop on Digital Rights Management addresses
problems faced by all stakeholders in this ecosystem including rights
owners - who seek to protect their intellectual property rights and
develop innovative business models - and end users - who seek to
protect their privacy, enjoy a good user experience and preserve
access they benefit from using traditional media.
For more information, please see
http://www.ieee-ccnc.org/.
HICSS-DF 2012
45th Annual HAWAI’I International Conference on System Sciences,
Software Technology Track,
MINITRACK: Digital Forensics – Education, Research, and Practice,
Grand Wailea Maui, Hawaii, USA, January 4-7, 2012.
[posted here 06/06/11]
This is a call for original papers addressing the area of digital forensics –
to include research endeavors, as well as educational and industrial
experiences. This minitrack brings together an international collection
of papers from academia, industry and law enforcement which address
current directions in digital forensics. Digital forensics includes
the use of software, computer science, software engineering, and
criminal justice procedures to explore and or investigate digital
media with the objective of finding evidence to support a criminal
or administrative case. It involves the preservation, identification,
extraction, and documentation of computer or network evidence. This
minitrack is interested in a wide variety of papers which address
the following areas as well as others:
- Papers that are "forward thinking" and identify approaches to solving
the digital forensics challenges of the future.
- Education papers that describe digital forensics degree programs or the
teaching of digital forensics within other programs internationally.
- Papers that address a research agenda that considers practitioner requirements,
multiple investigative environments and emphasizes real world usability
such as visualization.
- Papers that present an experience report involving the discovery, explanation
and presentation of conclusive, persuasive evidence from digital forensics investigation.
- Papers that combine research and practice with an emphasis on network
forensics, visualization, and new tools and techniques.
For more information, please see
http://www.hicss.hawaii.edu/hicss_45/apahome45.htm.
HICSS-ST 2012
45th Annual HAWAI’I International Conference on System Sciences,
Software Technology Track,
Grand Wailea Maui, Hawaii, USA, January 4-7, 2012.
[posted here 04/25/11]
Modern society is irreversibly dependent on software systems of remarkable scope
and complexity. Yet methods for assuring the dependability and quality of these
systems have not kept pace with their rapid deployment and evolution. The result
has been persistent errors, failures, vulnerabilities, and compromises. Research
is required in assurance technologies that can meet the needs of 21st century
systems. These technologies must scale beyond present labor-intensive practices
that are increasingly overwhelmed by the task at hand. Many organizations in
academia, industry, and defense are interested in this subject, but often
with a focus on specific subject matter areas. The goal of this Minitrack
is to bring together researchers from all areas of system assurance to
promote sharing and cross-pollination of promising methods and technologies.
We will promote a unified assurance discipline characterized by science
foundations and substantial automation that can effectively address the
scope and scale of the problem. Assurance research focuses on achieving an
acceptable level of trust and confidence through auditable evidence
that software systems will function as intended in both benign and
threat environments to meet organizational objectives. It addresses
all aspects of the system development lifecycle in terms of technical,
management, and standards-related issues. The following topics will
be included in the Minitrack:
- Advances in specification and design of assured systems
- Advances in software correctness verification
- Advances in software security assurance
- Advances in system testing and certification
- Assurance for embedded systems
- Assurance for hardware components
- Assurance for large-scale infrastructure systems
- Assurance for SOA architectures and cloud computing environments
- Assurance in system maintenance and evolution
- Automated methods for system assurance
- Assurance through computation of software behavior
- Secure coding techniques
- Management of assurance operations
- Processes and metrics for assurance operations
- Business case and ROI development for system assurance
- Supply chain and standards issues in system assurance
- Case studies of system assurance successes
- Formal methods in software assurance
- Curriculum development and education for software assurance
For more information, please see
http://www.hicss.hawaii.edu/hicss_45/apahome45.htm.
IFIP-DF 2012
8th Annual IFIP WG 11.9 International Conference on Digital Forensics,
University of Pretoria, Pretoria, South Africa, January 3-5, 2012.
[posted here 05/09/11]
The IFIP Working Group 11.9 on Digital Forensics (www.ifip119.org) is
an active international community of scientists, engineers and
practitioners dedicated to advancing the state of the art of research
and practice in digital forensics. The Eighth Annual IFIP WG 11.9
International Conference on Digital Forensics will provide a forum
for presenting original, unpublished research results and innovative
ideas related to the extraction, analysis and preservation of all
forms of electronic evidence. Papers and panel proposals are solicited.
All submissions will be refereed by a program committee comprising
members of the Working Group. Papers and panel submissions will be
selected based on their technical merit and relevance to IFIP WG 11.9.
The conference will be limited to approximately sixty participants to
facilitate interactions between researchers and intense discussions
of critical research issues. Keynote presentations, revised papers
and details of panel discussions will be published as an edited volume –
the eighth in the series entitled Research Advances in Digital Forensics
(Springer) in the summer of 2012. Revised and/or extended versions of
selected papers from the conference will be published in special issues
of one or more international journals. Technical papers are solicited in
all areas related to the theory and practice of digital forensics.
Areas of special interest include, but are not limited to:
- Theories, techniques and tools for extracting, analyzing and
preserving digital evidence
- Network and cloud forensics
- Embedded device forensics
- Digital forensic processes and workflow models
- Digital forensic case studies
- Legal, ethical and policy issues related to digital forensics
For more information, please see
http://www.ifip119.org.
