Cipher
Calls for Papers



IEEE Computer Society's Technical Committee on Security and Privacy


 

Past Conferences and Journal Special Issues

Last Modified:01/04/16

Note: Please contact cipher-cfp@ieee-security.org by email if you have any questions..

Contents

 

Past Conferences and Other Announcements - 2015

ICISS 2015 11th International Conference on Information Systems Security, Kolkata, India, December 16-20, 2015. [posted here 02/02/15]
The conference series ICISS (International Conference on Information Systems Security), held annually, provides a forum for disseminating latest research results in information and systems security. ICISS 2015, the eleventh conference in this series, will be held under the aegis of the Society for Research in Information Security and Privacy (SRISP). Submissions are encouraged from academia, industry and government, addressing theoretical and practical problems in information and systems security and related areas. Topics of interest include but are not limited to:
- Access and Usage Control
- Application Security
- Authentication and Audit
- Biometric Security
- Cloud Security
- Cryptographic Protocols
- Cyber-physical Systems Security
- Data Security and Privacy
- Digital Forensics
- Digital Rights Management
- Distributed Systems Security
- Formal Models in Security
- Identity Management
- Intrusion Detection and Prevention
- Intrusion Tolerance and Recovery
- Key Management
- Language-based Security
- Malware Analysis and Mitigation
- Network Security
- Operating Systems Security
- Privacy and Anonymity
- Secure Data Streams
- Security and Usability
- Security Testing
- Sensor and Ad Hoc Network Security
- Smartphone Security
- Software Security
- Usable Security
- Vulnerability Detection and Mitigation
- Web Security

For more information, please see http://www.iciss.org.in.

CANS 2015 14th International Conference on Cryptology and Network Security, Morocco, Marrakesh, December 8-12, 2015. [posted here 03/30/15]
Papers offering novel research contributions are solicited. The conference focus is on original, high-quality, unpublished research and implementation results. Especially encouraged are submissions of papers suggesting novel paradigms, original directions, or non-traditional perspectives. Also of particular interest this year are papers on network security, from modeling, measurement, engineering, and attack perspectives. Submitted papers must not substantially overlap with papers that have been published or that are submitted in parallel to a journal or a conference with formally published proceedings. Topics of Interest:
- Access Control for Networks
- Adware, Malware, and Spyware
- Anonymity & Pseudonymity
- Authentication, Identification
- Cloud Security
- Cryptographic Algorithms & Protocols
- Denial of Service Protection
- Embedded System Security
- Identity & Trust Management
- Internet Security
- Key Management
- Mobile Code Security
- Multicast Security
- Network Security
- Peer-to-Peer Security
- Security Architectures
- Security in Social Networks
- Sensor Network Security
- Virtual Private Networks
- Wireless and Mobile Security

For more information, please see http://www.cans2015.org/.

ICSS 2015 Industrial Control System Security Workshop, Held in conjunction with 31st Annual Computer Security Applications Conference (ACSAC), Los Angeles, California, USA, December 7-11, 2015. [posted here 08/03/15]
Supervisory control and data acquisition (SCADA) and industrial control systems monitor and control a wide range of industrial and infrastructure processes such as water treatment, power generation and transmission, oil and gas refining and steal manufacturing. Such systems are usually built using a variety of commodity computer and networking components, and are becoming increasingly interconnected with corporate and other Internet-visible networks. As a result, they face significant threats from internal and external actors. For example, Stuxnet malware was specifically written to attack SCADA systems that alone caused multi-million dollars damages in 2010. The critical requirement for high availability in SCADA and industrial control systems, along with the use of resource constrained computing devices, legacy operating systems and proprietary software applications limits the applicability of traditional information security solutions. The goal of this workshop is to explore new security techniques that are applicable in the control systems context. Papers of interest including (but not limited to) the following subject categories are solicited:
- Intrusion detection and prevention
- Malware
- Vulnerability analysis of control systems protocols
- Digital forensics
- Virtualization
- Application security
- Performance impact of security methods and tools in control systems

For more information, please see http://acsac.org/2015/workshops/icss/.

Globecom-CISS 2015 IEEE Globecom 2015, Communication & Information System Security Symposium, San Diego, CA, USA, December 6-10, 2015. [posted here 02/09/15]
As communication and information systems become more indispensable to the society, their security has also become extremely critical. This symposium welcomes manuscripts on all aspects of the modeling, design, implementation, deployment, and management of security algorithms, protocols, architectures, and systems. Furthermore, contributions devoted to the evaluation, optimization, or enhancement of security and privacy mechanisms for current technologies, as well as devising efficient security and privacy solutions for emerging areas, from physical-layer technology up to cyber security, are solicited. The Communication & Information Systems Security Symposium seeks original contributions in the following topical areas, plus others that are not explicitly listed but are closely related:
- Anonymous communication, metrics and performance
- Attack, detection and prevention
- Authentication protocols and key management
- Availability and survivability of secure services and systems
- Biometric security: technologies, risks, vulnerabilities, bio-cryptography, mobile template protection
- Cloud, data center and distributed systems security
- Computer and network forensics
- Cryptography for network security
- Cyber security
- Digital rights management
- Firewall technologies
- Formal trust models, security modeling, and design of secure protocols
- Information systems security and security management
- Internet security and privacy
- Malware detection and damage recovery
- Network security metrics and performance
- Operating systems and application security
- Physical security and hardware/software security
- Post-quantum network security
- Privacy and privacy-enhancing technologies
- Security and privacy for mobile and wireless networks
- Security for cloud computing and networking
- Security for mobile and wireless networks
- Security for next-generation networks
- Security in virtual machine environments
- Security tools for communication and information systems
- Trustworthy computing
- Wired systems and optical network security

For more information, please see http://globecom2015.ieee-globecom.org/sites/globecom2015.ieee-globecom.org/files/u42/GC15_TPC_CFP_CISS_-_Communication_&_Information_System_Security.pdf.

ProvSec 2015 9th International Conference on Provable Security, Kanazawa, Japan, November 24-26, 2015. [posted here 06/08/15]
All aspects of provable security for cryptographic primitives or protocols, include but are not limited to the following areas:
- Asymmetric provably secure cryptography
- Cryptographic primitives
- Lattice-based cryptography and security reductions
- Leakage-resilient cryptography
- Pairing-based provably secure cryptography
- Privacy and anonymity technologies
- Provable secure block ciphers and hash functions
- Secure cryptographic protocols and applications
- Security notions, approaches, and paradigms
- Steganography and steganalysis

For more information, please see https://security-lab.jaist.ac.jp/provsec2015/.

NSS 2015 9th International Conference on Network and System Security, New York City, NY, USA, November 3-5, 2015. [posted here 01/05/15]
NSS is an annual international conference covering research in network and system security. The conference seeks submissions from academia, industry, and government presenting novel research on all theoretical and practical aspects of network security, privacy, applications security, and system security. Papers describing case studies, implementation experiences, and lessons learned are also encouraged. Topics of interest include but are not limited to:
- Active Defense Systems
- Adaptive Defense Systems
- Applied Cryptography
- Analysis, Benchmark of Security Systems
- Authentication
- Biometric Security
- Complex Systems Security
- Database and System Security
- Data Protection
- Data/System Integrity
- Distributed Access Control
- Distributed Attack Systems
- Denial-of-Service
- High Performance Network Virtualization
- Hardware Security
- High Performance Security Systems
- Identity Management
- Intelligent Defense Systems
- Insider Threats
- Intellectual Property Rights Protection
- Internet and Network Forensics
- Intrusion Detection and Prevention
- Key Distribution and Management
- Large-scale Attacks and Defense
- Malware
- Network Resiliency
- Network Security
- RFID Security and Privacy
- Security Architectures
- Security for Critical Infrastructures
- Security in P2P systems
- Security in Cloud and Grid Systems
- Security in E-Commerce
- Security in Pervasive/Ubiquitous Computing
- Security and Privacy in Smart Grid
- Security and Privacy in Wireless Networks
- Security Policy
- Secure Mobile Agents and Mobile Code
- Security Theory and Tools
- Standards and Assurance Methods
- Trusted Computing
- Trust Management
- World Wide Web Security

For more information, please see http://anss.org.au/nss2015/index.htm.

SPeH 2015 IEEE International Workshop on Security and Privacy in eHealthcare, Held in conjunction with the 40th IEEE Conference on Local Networks (LCN), Clearwater, Florida, USA, October 26-29, 2015. [posted here 03/23/15]
The First IEEE International Workshop on Security and Privacy in eHealthcare (SPeH 2015) will address research in security and privacy of applications and tools in eHealthcare and provide a unique forum to present and discuss the key issues and innovative solutions to address the security and privacy concerns in eHealthcare. The major focus of the workshop will include, but not limited to the following:
- Authentication in wireless body networks
- Secure wireless network communication
- Data security and privacy in eHealthcare
- Secure connectivity in wearable devices
- eHealthcare security challenges in cloud
- Trustworthy wearable sensing devices

For more information, please see http://csusap.csu.edu.au/~tzia/SPeH.htm.

C&TC 2015 5th International Symposium on Cloud Computing, Trusted Computing and Secure Virtual Infrastructures - Cloud and Trusted Computing, Rhodes, Greece, October 26-28, 2015. [posted here 03/30/15]
Current and future software needs to remain focused towards the development and deployment of large and complex intelligent and networked information systems, required for internet-based and intranet-based systems in organizations. Today software covers a very wide range of application domains as well as technology and research issues. This has found realization through Cloud Computing. Vital element in such networked information systems are the notions of trust, security, privacy and risk management. The conference solicits submissions from both academia and industry presenting novel research in the context of Cloud Computing, presenting theoretical and practical approaches to cloud trust, security, privacy and risk management. The conference will provide a special focus on the intersection between cloud and trust bringing together experts from the two communities to discuss on the vital issues of trust, security, privacy and risk management in Cloud Computing. Potential contributions could cover new approaches, methodologies, protocols, tools, or verification and validation techniques. We also welcome review papers that analyze critically the current status of trust, security, privacy and risk management in the cloud. Papers from practitioners who encounter trust, security, privacy and risk management problems and seek understanding are also welcome.

For more information, please see http://www.onthemove-conferences.org/index.php/cloud-trust-15.

FPS 2015 8th International Symposium on Foundations & Practice of Security, Clermont-Ferrand, France, October 26-28, 2015. [posted here 03/23/15]
This conference, the 8th in an annual series, provides a forum for researchers world-wide working in security, privacy, trustworthy data systems and related areas. The aim of FPS is to discuss and exchange theoretical and practical ideas that address security issues in inter-connected systems. It aims to provide scientific presentations as well as to establish links, promote scientific collaboration, joint research programs, and student exchanges between institutions involved in this important and fast moving research field. We also invite papers from researchers and practitioners working in security, privacy, trustworthy data systems and related areas to submit their original papers. The main topics, but not limited to, include:
- Computer and Network Security
- Formal foundations in Information or Operational Security
- Security of Service Oriented Architectures
- Information Theoretic Security
- Security of Cloud Computing
- Security Management and Security Policies
- Policy-based Security Architectures
- Security of P2P systems
- Security & Privacy on Social Networks
- Access Control Languages
- Data Mining & Watermarking
- Cryptography & Cryptanalysis
- Threat Analysis and Trust Management
- Privacy & Sensitive Data Management
- Policy-based Distributed Information Systems
- Security in Sensor Networks and RFIDs
- Security of Cloud Computing, Grid Computing
- Security of Distributed Embedded Middleware
- Distributed Security Protocols & Policies
- Security and Privacy in Digital Currencies
- Malware, Botnet and Advanced Persistent Threats
- Code Reverse Engineering and Vulnerability Exploitation
- Side Channel & Physical Attacks
- Social Engineering

For more information, please see http://confiance-numerique.clermont-universite.fr/fps2015/.

CPS-SPC 2015 1st ACM Cyber-Physical Systems Security and PrivaCy Workshop, Held in conjunction with the 22nd ACM Conference on Computer and Communications Security (ACM CCS 2015), Denver, Colorado, USA, October 16, 2015. [posted here 05/11/15]
Cyber-physical systems (CPS) integrate computing and communication capabilities with monitoring and control of entities in the physical world. These systems are usually composed by a set of networked agents, including sensors, actuators, control processing units, and communication devices. While some forms of CPS are already in use, the widespread growth of wireless embedded sensors and actuators is creating several new applications — in areas such as medical devices, automotive, and smart infrastructure — and increasing the role that the information infrastructure plays in existing control systems — such as in the process control industry or the power grid. Many CPS applications are safety-critical: their failure can cause irreparable harm to the physical system under control and to the people who depend on it. In particular, the protection of our critical infrastructures that rely on CPS, such as the electric power transmission and distribution, industrial control systems, oil and natural gas systems, water and waste-water treatment plants, healthcare devices, and transportation networks play a fundamental and large-scale role in our society — and their disruption can have a significant impact to individuals, and nations at large. Similarly, because many CPS systems collect sensor data non-intrusively, users of these systems are often unaware of their exposure. Therefore in addition to security, CPS systems must be designed with privacy considerations. To address some of these issues, we invite original research papers on the security and/or privacy of cyber-physical systems. We seek submissions from multiple interdisciplinary backgrounds representative of CPS, including but not limited to the following:
- intrusion detection for CPS
- privacy in CPS
- network security for CPS
- control theory and mathematical foundations for secure CPS
- embedded systems and IoT security and privacy
- real-time systems
- game theory applied to CPS
- human factors and humans in the loop
- reliability and safety
- economics of security and privacy in CPS

CPS domains of interest include:
- manufacturing
- industrial control systems
- Supervisory Control and Data Acquisition (SCADA) systems
- power grid and smart grid
- robotics
- unmanned aerial vehicles
- transportation systems
- healthcare and medical devices
- automotive
- abstract theoretical CPS domains that involve sensing and actuation

For more information, please see https://sites.google.com/site/2015cpsspc/.

CCSW 2015 ACM Cloud Computing Security Workshop, Held in conjunction with the 22nd ACM Conference on Computer and Communications Security (ACM CCS 2015), Denver, Colorado, USA, October 16, 2015. [posted here 05/11/15]
The CCSW workshop brings together researchers and practitioners in all security and privacy aspects of cloud-centric and outsourced computing, including:
- practical cryptographic protocols for cloud security
- outsourced privacy-preserving computation
- secure cloud resource virtualization mechanisms
- secure data management outsourcing (e.g., database as a service)
- practical privacy and integrity mechanisms for outsourcing
- privacy-enhancing technologies for the cloud
- foundations of cloud-centric threat models
- secure computation outsourcing
- remote attestation mechanisms in clouds
- sandboxing and VM-based enforcements
- trust and policy management in clouds
- secure identity management mechanisms
- new cloud-aware web service security paradigms and mechanisms
- cloud-centric regulatory compliance issues and mechanisms
- business and security risk models and clouds
- cost and usability models and their interaction with security in clouds
- scalability of security in global-size clouds
- trusted computing technology and clouds
- binary analysis of software for remote attestation and cloud protection
- network security (DOS, IDS etc.) mechanisms for cloud contexts
- security for emerging cloud programming models
- energy/cost/efficiency of security in clouds
- security for software defined networking

For more information, please see http://ccsw.ics.uci.edu/15/.

ACM-CCS 2015 22nd ACM Conference on Computer and Communications Security, Denver, Colorado, USA, October 12-16, 2015. [posted here 02/02/15]
The ACM Conference on Computer and Communications Security (CCS) is the flagship annual conference of the Special Interest Group on Security, Audit and Control (SIGSAC) of the Association for Computing Machinery (ACM). The conference brings together information security researchers, practitioners, developers, and users from all over the world to explore cutting-edge ideas and results. It provides an environment to conduct intellectual discussions. From its inception, CCS has established itself as a high standard research conference in its area.

For more information, please see http://www.sigsac.org/ccs/CCS2015.

SafeConfig 2015 8th Workshop on Automated Decision Making for Active Cyber Defense, Collocated with ACM CCS 2015, Denver, Colorado, USA, October 12, 2015. [posted here 04/27/15]
The high growth of cyber connectivity significantly increases the potential and sophistication of cyber-attacks. The new capabilities based on active cyber defense (ACD) are required to offer automated, intelligently-driven, agile, and resilient cyber defense. Both accurate "sense-making" based security analytics of the system artifacts (e.g., traces, configurations, logs, incident reports, alarms and network traffic), and provably-effective "decision-making" based on robust reasoning are required to enable ACD for cyber security and resiliency. Cyber security requires automated and scalable analytics in order to normalize, model, integrate, and analyze large and complex data to make correct decisions on time about security measures against threats. The automated decision making goals is to determine and improve the security and resiliency of cyber systems and services. As the current technology moves toward ‘smart’ cyber-physical infrastructures as well as open networking platforms (e.g., software defined networking and virtual/cloud computing), the need for large-scale security analytics and automation for decision making significantly increases. This workshop offers a unique opportunity by bringing together researchers from academia, industry as well as government agencies to discuss the challenges listed above, to exchange experiences, and to propose joint plans for promoting research and development in this area. SafeConfig is a one day forum that includes invited talks, technical presentations of peer-reviewed papers, poster/demo sessions, and joint panels on research collaboration. SafeConfig was started in 2009 and has been continuously running since then. It provides a distinct forum to explore theoretical foundations, algorithmic advances, modeling, and evaluation of configuration related challenges for large scale cyber and cyberphysical systems.

For more information, please see http://www.cyberdna.uncc.edu/safeconfig/2015/cfp.html.

WISCS 2015 2nd ACM Workshop on Information Sharing and Collaborative Security, Held in conjunction with 22nd ACM Conference on Computer and Communications Security (CCS 2015), Denver, Colorado, USA, October 12, 2015. [posted here 06/08/15]
Sharing of cyber-security related information is believed to greatly enhance the ability of organizations to defend themselves against sophisticated attacks. If one organization detects a breach sharing associated security indicators (such as attacker IP addresses, domain names, file hashes etc.) provides valuable, actionable information to other organizations. The analysis of shared security data promises novel insights into emerging attacks. Sharing higher level intelligence about threat actors, the tools they use and mitigations provides defenders with much needed context for better preparing and responding to attacks. In the US and the EU major efforts are underway to strengthen information sharing. Yet, there are a number of technical and policy challenges to realizing this vision. Which information exactly should be shared? How can privacy and confidentiality be protected? How can we create high-fidelity intelligence from shared data that minimizes false positives? The 2nd Workshop on Information Sharing and Collaborative Security (WISCS 2015) aims to bring together experts and practitioners from academia, industry and government to present innovative research, case studies, and legal and policy issues. The workshop solicits original research papers in these areas, both full and short papers. Workshop proceedings will be published in the ACM Digital Library. Topics of interest for the workshop include, but are not limited to:
- Collaborative intrusion detection
- Case studies of information sharing
- Domain name and IP address blacklists
- Collaborative approaches to spear?phishing, DDoS and other attacks
- Privacy and confidentiality
- Data deidentification
- Cryptographic protocols for collaborative security
- Scalable security analysis on shared data
- Ontologies and standards for sharing security data
- UX and behavioral aspects of collaborating
- Policy and legal issues
- Surveillance issues
- Trust models
- Attacks on information sharing
- Economics of security collaboration

For more information, please see https://sites.google.com/site/wiscs2015/.

WPES 2015 Workshop on Privacy in the Electronic Society, Held in conjunction with the 22nd ACM Conference on Computer and Communications Security (ACM CCS 2015), Denver, Colorado, USA, October 12, 2015. (Submission Due 10 June 2015) [posted here 05/25/15]
The increased power and interconnectivity of computer systems available today create the ability to store and process large amounts of data, resulting in networked information accessible from anywhere at any time. It is becoming easier to collect, exchange, access, process, and link information. This global scenario has inevitably resulted in an increasing degree of awareness with respect to privacy. Privacy issues have been the subject of public debates, and the need for privacy-aware policies, regulations, and techniques has been widely recognized. The goal of this workshop is to discuss the problems of privacy in the global interconnected societies and possible solutions to them. The workshop seeks submissions from academia and industry presenting novel research on all theoretical and practical aspects of electronic privacy, as well as experimental studies of fielded systems. We encourage submissions from other communities such as law and business that present these communities' perspectives on technological issues.

For more information, please see https://wpes15.cs.umn.edu/.

WISCS 2015 2nd Workshop on Information Sharing and Collaborative Security, Held in conjunction with the 22nd ACM Conference on Computer and Communications Security (ACM CCS 2015), Denver, Colorado, USA, October 12, 2015. [posted here 04/20/15]
Sharing of cyber-security related information is believed to greatly enhance the ability of organizations to defend themselves against sophisticated attacks. If one organization detects a breach sharing associated security indicators (such as attacker IP addresses, domain names, file hashes etc.) provides valuable, actionable information to other organizations. The analysis of shared security data promises novel insights into emerging attacks. Sharing higher level intelligence about threat actors, the tools they use and mitigations provides defenders with much needed context for better preparing and responding to attacks. In the US and the EU major efforts are underway to strengthen information sharing. Yet, there are a number of technical and policy challenges to realizing this vision. Which information exactly should be shared? How can privacy and confidentiality be protected? How can we create high-fidelity intelligence from shared data that minimizes false positives? The 2nd Workshop on Information Sharing and Collaborative Security (WISCS 2015) aims to bring together experts and practitioners from academia, industry and government to present innovative research, case studies, and legal and policy issues. Topics of interest for the workshop include, but are not limited to:
- Collaborative intrusion detection
- Case studies of information sharing
- Domain name and IP address blacklists
- Collaborative approaches to spear-phishing, DDoS and other attacks
- Privacy and confidentiality
- Data deidentification
- Cryptographic protocols for collaborative security
- Access control for shared information
- Scalable security analysis on shared data
- Ontologies and standards for sharing security data
- UX and behavioral aspects of collaboration
- Policy and legal issues
- Surveillance issues
- Trust models
- Attacks on information sharing
- Economics of security collaboration

For more information, please see https://sites.google.com/site/wiscs2015/.

IWDW 2015 14th International Workshop on Digital Forensics and Watermarking, Tokyo, Japan, October 7-10, 2015. [posted here 05/18/15]
The 14th IWDW, International Workshop on Digital-forensics and Watermarking (IWDW 2015) is a premier forum for researchers and practitioners working on novel research, development and applications of digital watermarking and forensics techniques for multimedia security. We invite submissions of high-quality original research papers. The topics include, but are not limited to:
- Mathematical modeling of embedding and detection
- Information theoretic, stochastic aspects of data hiding
- Security issues, including attacks and counter-attacks
- Combination of data hiding and cryptography
- Optimum watermark detection and reliable recovery
- Copyright protection, DRM, and forensic watermarking
- Large-scale experimental tests and benchmarking
- New statistical and perceptual models of multimedia content
- Estimation of watermark capacity
- Reversible data hiding
- Data hiding in special media
- Data hiding and authentication
- Steganography and steganalysis
- Channel coding techniques for watermarking
- Digital multimedia forensics and anti-forensics
- Visual cryptography and secret image sharing

For more information, please see http://iwdw2015.tokyo/.

CRITIS 2015 10th International Conference on Critical Information Infrastructures Security, Berlin, Germany, October 5-7, 2015. [posted here 03/09/15]
CRITIS 2015 has four foci. Topic category 1, Resilience and protection of cyber-physical systems, covers advances in the classical CIIP sectors telecommunication, cyber systems and electricity infrastructures. Topic category 2 focuses on advances in C(I)IP policies and best practices in C(I)IP specifically from stakeholders' perspectives. In topic category 3, general advances in C(I)IP, we are explicitly inviting contributions from additional infrastructure sectors like energy, transport, and smart built infrastructure) and cover also cross-sector CI(I)P aspects. In 2013, the CRITIS series of conferences has started to foster contributions from young experts and researchers ("Young CRITIS"), and in 2014 this has been reinforced by the first edition of the CIPRNet Young CRITIS Award (CYCA). We will continue both activities at CRITIS 2015, since our demanding multi-disciplinary field of research requires open-minded talents.

For more information, please see http://www.critis2015.org.

SPC 2015 1st Workshop on Security and Privacy in the Cloud, Held in conjunction with the IEEE Conference on Communications and Network Security (CNS 2015), Florence, Italy, September 30, 2015. [posted here 05/11/15]
The workshop seeks submissions from academia, industry, and government presenting novel research, as well as experimental studies, on all theoretical and practical aspects of security, privacy, and data protection in cloud scenarios. Topics of interest include, but are not limited to:
- Anonymity in cloud scenarios
- Applied cryptography in cloud scenarios
- Data and application security
- Data and system integrity
- Data availability in outsourcing scenarios
- Data protection
- Efficient access to outsourced data
- Key management in cloud scenarios
- Privacy
- Privacy of accesses
- Secure computation over encrypted data
- Security and trust metrics
- Security and privacy in crowdsourcing
- Security and privacy in multi-clouds and federated clouds
- Security and privacy in data outsourcing
- Security and privacy in the Internet of Things
- Security and privacy of big data
- Security and privacy of distributed computations
- Security and privacy policies
- Selective information sharing
- Threats, vulnerabilities, and risk management

For more information, please see http://www.zurich.ibm.com/spc2015/.

SPiCy 2015 1st Workshop on Security and Privacy in Cybermatics, Held in conjuction with IEEE Conference on Communications and Networks Security (IEEE-CNS 2015), Florence, Italy, September 30, 2015. [posted here 05/25/15]
In the modern age Cybermatics is differentiating itself by designing the physical and social places into the cyber space to accomplish the union of three spaces: (i) Physical Cyberworld, (ii) Social Cyberworld, and (iii) Thinking Cyberworld. In the cyber space, everywhere cyber-nodes are significantly independent from the space-time limitations that exist in the physical space. Along with the development of intelligent systems, Cybermatics has brought a wide area of open issues during the cyber interaction, physical perception, social correlation, and cognitive thinking. Currently, Cybermatics is still in its initial stage, and it is expected that Cybermatics will lead industrialization and IT applications to a new level and will significantly change the way of producing, living, and even thinking of the mankind. Cybermatics will transform how we interact with and control the physical world around us, just in the same way as the Internet transformed how we interact and communicate with one another and revolutionized how and where we access information. Cyber-physical systems are subject to threats stemming from increasing dependence on computer and communication technologies. Cyber security threats exploit the increased complexity and connectivity of critical infrastructure systems, placing the Nation's security, economy, public safety, and health at risk. This workshop aims to represent an opportunity for cyber security researchers, practitioners, policy makers, and users to exchange ideas, research findings, techniques and tools, raise awareness, and share experiences related to all practical and theoretical aspects of Cybermatics security issues. Capturing security and privacy requirements in the early stages of system development is essential for creating sufficient public confidence in order to facilitate the adoption of novel systems of Cybermatics such as cyber-physical-social (CPS) systems, cyber-physical-social-thinking (CPST) systems, and cyber-physical-thinking (CPT) systems. However, security and privacy requirements are often not handled properly due to their wide variety of facets and aspects which make them difficult to formulate. The workshop seeks submissions from academia, industry, and government presenting novel research on all theoretical and as well as practical aspects of Cybermatics.

For more information, please see http://spicy2015.di.unimi.it.

CNS 2015 3rd IEEE Conference on Communications and Network Security, Florence, Italy, September 28-30, 2015. [posted here 01/19/15]
IEEE Conference on Communications and Network Security (CNS) is a new conference series in IEEE Communications Society (ComSoc) core conference portfolio and the only ComSoc conference focusing solely on cyber security. IEEE CNS is also a spin-off of IEEE INFOCOM, the premier ComSoc conference on networking. The goal of CNS is to provide an outstanding forum for cyber security researchers, practitioners, policy makers, and users to exchange ideas, techniques and tools, raise awareness, and share experience related to all practical and theoretical aspects of communications and network security. Building on the success of the past two years' conferences, IEEE CNS 2015 seeks original high-quality technical papers from academia, government, and industry. Topics of interest encompass all practical and theoretical aspects of communications and network security, all the way from the physical layer to the various network layers to the variety of applications reliant on a secure communication substrate. Submissions with main contribution in other areas, such as information security, software security, system security, or applied cryptography, will also be considered if a clear connection to secure communications/networking is demonstrated. Particular topics of interest include, but are not limited to:
- Anonymization and privacy in communication systems
- Biometric authentication and identity management
- Computer and network forensics
- Data and application security
- Data protection and integrity
- Availability of communications, survivability of networks in the presence of attacks
- Key management and PKI for networks
- Information-theoretic security
- Intrusion detection and prevention
- Location privacy
- Mobile security
- Outsourcing of network and data communication services
- Physical layer security methods, cross-layer methods for enhancing security
- Secure routing, network management
- Security for critical infrastructures
- Security metrics and performance evaluation
- Security and privacy for big data
- Security and privacy in body area networks
- Security and privacy in content delivery network
- Security and privacy in cloud computing and federated cloud
- Security and privacy in crowdsourcing
- Security and privacy in the Internet of Things
- Security and privacy in multihop wireless networks: ad hoc, mesh, sensor, vehicular and RFID networks
- Security and privacy in peer-to-peer networks and overlay networks
- Security and privacy in single-hop wireless networks: Wi-Fi, Wi-Max
- Security and privacy in smart grid, cognitive radio networks, and disruption/delay tolerant networks
- Security and privacy in social networks
- Security and privacy in pervasive and ubiquitous computing
- Social, economic and policy issues of trust, security and privacy
- Traffic analysis
- Usable security for networked computer systems
- Vulnerability, exploitation tools, malware, botnet, DDoS attacks
- Web, e-commerce, m-commerce, and e-mail security

For more information, please see http://cns2015.ieee-cns.org/.

ESORICS 2015 20th European Symposium on Research in Computer Security, Vienna, Austria, September 23-25, 2015. [posted here 01/12/15]
ESORICS is the annual European research event in Computer Security. The Symposium started in 1990 and has been held in several European countries, attracting a wide international audience from both the academic and industrial communities. Papers offering novel research contributions in computer security are solicited for submission to the Symposium. The primary focus is on original, high quality, unpublished research and implementation experiences. We encourage submissions of papers discussing industrial research and development. Topics of interest include, but are not limited to:
- access control
- accountability
- ad hoc networks
- anonymity
- applied cryptography
- authentication
- biometrics
- database security
- data protection
- digital content protection
- digital forensic
- distributed systems security
- electronic payments
- embedded systems security
- inference control
- information hiding
- identity management
- information flow control
- integrity
- intrusion detection
- formal security methods
- language-based security
- network security
- phishing and spam prevention
- privacy
- risk analysis and management
- secure electronic voting
- security architectures
- security economics
- security metrics
- security models
- security and privacy in cloud scenarios
- security and privacy in complex systems
- security and privacy in location services
- security and privacy for mobile code
- security and privacy in pervasive/ubiquitous computing
- security and privacy policies
- security and privacy in social networks
- security and privacy in web services
- security verification
- software security
- steganography
- systems security
- trust models and management
- trustworthy user devices
- web security
- wireless security

For more information, please see http://www.esorics2015.sba-research.org.

DPM 2015 10th International Workshop on Data Privacy Management, Co-located with ESORICS 2015, Vienna, Austria, September 21-22, 2015. [posted here 04/06/15]
Organizations are increasingly concerned about the privacy of information that they manage (several people have filed lawsuits against organizations violating the privacy of customer's data). Thus, the management of privacy-sensitive information is very critical and important for every organization. This poses several challenging problems, such as how to translate the high-level business goals into system-level privacy policies, administration of privacy-sensitive data, privacy data integration and engineering, privacy access control mechanisms, information-oriented security, and query execution on privacy-sensitive data for partial answers. The aim of this workshop is to discuss and exchange the ideas related to privacy data management. We invite papers from researchers and practitioners working in privacy, security, trustworthy data systems and related areas to submit their original papers in this workshop.

For more information, please see http://deic.uab.cat/conferences/dpm/dpm2015/.

ISC 2015 18th Information Security Conference, Trondheim, Norway, September 9-11, 2015. [posted here 03/23/15]
The Information Security Conference (ISC), which started as a workshop (ISW) in 1997,is a well-established and highly reputable international conference that is held yearly. It has been held in five different continents. The conference seeks submissions on novel theoretical and practical results in:
- access control
- accountability
- anonymity and pseudonymity
- applied cryptography
- authentication
- biometrics
- computer forensics
- critical infrastructure security
- cryptographic protocols
- database security
- data protection
- data/system integrity
- digital right management
- economics of security and privacy
- electronic frauds
- embedded security
- formal methods in security
- identity management
- information dissemination control
- information hiding & watermarking
- intrusion detection
- network security
- peer-to-peer security
- privacy
- secure group communications
- security in information flow
- security for Internet of Things
- security for mobile code
- secure cloud computing
- security in location services
- security modelling & architectures
- security and privacy in social networks
- security and privacy in pervasive and ubiquitous computing
- security of eCommerce, eBusiness and eGovernment
- security models for ambient intelligence environments
- trust models and trust policies

For more information, please see http://isc2015.item.ntnu.no.

NSPW 2015 New Security Paradigms Workshop () , Twente, The Netherlands, September 8-11, 2015. [posted here 03/23/15]
Since 1992, the New Security Paradigms Workshop (NSPW) has offered a unique forum for computer security/information security research involving high-risk, high-opportunity paradigms, perspectives and positions. NSPW seeks embryonic, disruptive, and unconventional ideas that bene?t from early feedback. The ideas are almost always not yet proven, and sometimes infeasible to validate to the extent expected in traditional forums. Submissions typically address current limitations of computer/information security, directly challenge long-held beliefs or the very foundations of security, or view problems from an entirely novel angle leading to new solution paradigms. NSPW seeks ideas pushing the boundaries of science and engineering beyond what would typically be considered mainstream; papers that would be strong candidates in "conventional" computer/information security venues are, as a rule of thumb, a poor ?t for NSPW. We welcome papers with perspectives that augment traditional computer/information security, both from other computer science disciplines and other sciences that study adversarial relationships (e.g., biology, economics, the social sciences). For NSPW 2015, we especially welcome papers from ?rst-time NSPW authors. The workshop itself is highly interactive with presentations by authors prepared for in-depth discussions, and ample opportunity to exchange views with open-minded peers. NSPW is also distinguished by its deep-rooted tradition of positive feedback, collegiality, and encouragement.

For more information, please see http://www.nspw.org/2015/cfp.

TrustBus 2015 12th International Conference on Trust, Privacy, and Security in Digital Business, Valencia, Spain, September 1-2, 2015. [posted here 02/16/15]
TrustBus'2015 will bring together researchers from different disciplines, developers, and users all interested in the critical success factors of digital business systems. We are interested in papers, work-in-progress reports, and industrial experiences describing advances in all areas of digital business applications related to trust and privacy, including, but not limited to:
- Anonymity and pseudonymity in business transactions
- Business architectures and underlying infrastructures
- Common practice, legal and regulatory issues
- Cryptographic protocols
- Delivery technologies and scheduling protocols
- Design of businesses models with security requirements
- Economics of Information Systems Security
- Electronic cash, wallets and pay-per-view systems
- Enterprise management and consumer protection
- Identity and Trust Management
- Intellectual property and digital rights management
- Intrusion detection and information filtering
- Languages for description of services and contracts
- Management of privacy & confidentiality
- Models for access control and authentication
- Multimedia web services
- New cryptographic building-blocks for e-business applications
- Online transaction processing
- PKI & PMI
- Public administration, governmental services
- P2P transactions and scenarios
- Real-time Internet E-Services
- Reliability and security of content and data
- Reliable auction, e-procurement and negotiation technology
- Reputation in services provision
- Secure process integration and management
- Security and Privacy models for Pervasive Information Systems
- Security Policies
- Shopping, trading, and contract management tools
- Smartcard technology
- Transactional Models
- Trust and privacy issues in mobile commerce environments
- Usability of security technologies and services

For more information, please see http://www.ds.unipi.gr/trustbus15/.

EUSIPCO 2015 23rd European Signal Processing Conference, Information Forensics and Security Track, Nice, Cote d' Azur, France, August 31 - September 4, 2015. [posted here 12/15/14]
EUSIPCO is the flagship conference of the European Association for Signal Processing (EURASIP). EUSIPCO 2015 will feature world-class speakers, oral and poster sessions, keynotes, exhibitions, demonstrations and tutorials and is expected to attract in the order of 600 leading researchers and industry figures from all over the world. The Information Forensics and Security Track addresses all works whereby security is achieved through a combination of techniques from cryptography, computer security, machine learning and multimedia signal processing.

For more information, please see http://www.eusipco2015.org.

WSDF 2015 8th International Workshop on Digital Forensics, Held in conjunction with the 10th International Conference on Availability, Reliability and Security (ARES 2015), Toulouse, France, August 24-28, 2015. [posted here 02/09/15]
Digital forensics is a rapidly evolving field primarily focused on the extraction, preservation and analysis of digital evidence obtained from electronic devices in a manner that is legally acceptable. Research into new methodologies tools and techniques within this domain is necessitated by an ever-increasing dependency on tightly interconnected, complex and pervasive computer systems and networks. The ubiquitous nature of our digital lifestyle presents many avenues for the potential misuse of electronic devices in crimes that directly involve, or are facilitated by, these technologies. The aim of digital forensics is to produce outputs that can help investigators ascertain the overall state of a system. This includes any events that have occurred within the system and entities that have interacted with that system. Due care has to be taken in the identification, collection, archiving, maintenance, handling and analysis of digital evidence in order to prevent damage to data integrity. Such issues combined with the constant evolution of technology provide a large scope of digital forensic research. WSDF aims to bring together experts from academia, industry, government and law enforcement who are interested in advancing the state of the art in digital forensics by exchanging their knowledge, results, ideas and experiences. The aim of the workshop is to provide a relaxed atmosphere that promotes discussion and free exchange of ideas while providing a sound academic backing. The focus of this workshop is not only restricted to digital forensics in the investigation of crime. It also addresses security applications such as automated log analysis, forensic aspects of fraud prevention and investigation, policy and governance.

For more information, please see http://www.ares-conference.eu/conference/workshops/wsdf-2015/.

RT2ND 2015 International Workshop on Risk and Trust in New Network Developments, Held in conjunction with the 10th International Conference on Availability, Reliability and Security (ARES 2015), Toulouse, France, August 24-28, 2015. [posted here 02/09/15]
The drive of being connected anywhere and anytime, the convenience of smart services, and advances in embedded computing have recently pushed new network developments. Several factors have contributed to this development, e.g., hardware advances (devices are smaller, more powerful, and batteries last longer), the heterogeneity of end-points (a range of devices and “intelligent things”), different architectures (networks of networks, self-configuring, opportunistic and ad-hoc networks), enhancements in technology (mobile, wireless, Bluetooth, RFID, NFC) and the ever more networked society (devices are increasingly affordable and ubiquitous). Such developments have created new network paradigms such as Vehicular Networks, Body Area Networks, Personal Area Networks, Smart Camera Networks, Virtualized Networks, Service-oriented Networks, Home Area Networks, and Named Data Networks. Novelties in network architectures, technologies and applications raise numerous challenges in terms of risk and trust, and in the trade-off between them. This workshop aims to bring together researchers and practitioners, and foment discussion on risk and trust in emerging networks and how to best defend against their misuse. We encourage different types of contributions – surveys, technical and empirical contributions.

For more information, please see http://www.ares-conference.eu/conference/workshops/rt2nd-2015/.

ECTCM 2015 3rd International Workshop on Emerging Cyberthreats and Countermeasures, Held in conjunction with the 10th International Conference on Availability, Reliability and Security (ARES 2015), Toulouse, France, August 24-28, 2015. [posted here 02/16/15]
The 3rd International Workshop on Emerging Cyberthreats and Countermeasures aims at bringing together researchers and practitioners working in different areas related to cybersecurity. In the elapsed year 2014 bleeding hearts, shocked shells, poodles and several more shocking vulnerabilities in essential parts of our IT (security) infrastructure emerged. We want to contribute to all technical, organizational and social facets of this problem. Contributions demonstrating current vulnerabilities and threats as well as new countermeasures are warmly welcome.

For more information, please see http://www.ares-conference.eu/conference/workshops/wsdf-2015/.

TRUST 2015 8th International Conference on Trust & Trustworthy Computing, Heraklion, Crete, Greece, August 24-26, 2015. [posted here 03/30/15]
TRUST 2015 is an international conference on the technical and socio-economic aspects of trustworthy infrastructures. It provides an excellent interdisciplinary forum for researchers, practitioners, and decision makers to explore new ideas and discuss experiences in building, designing, using and understanding trustworthy computing systems.TRUST 2015 solicits original papers on any aspect (technical, social or socio-economic) of the design, application and usage of trusted and trustworthy computing. Papers can address design, application and usage of trusted and trustworthy computing in a broad range of concepts including, but not limited to, trustworthy infrastructures, cloud computing, services, hardware, software and protocols.

For more information, please see http://www.ics.forth.gr/trust2015/.

WISTP 2015 9th WISTP International Conference on Information Security Theory and Practice, Crete, Greece, August 24-25, 2015. [posted here 02/23/15]
Future ICT technologies, such as the concepts of Ambient Intelligence, Cyber-physical Systems, and Internet of Things provide a vision of the Information Society in which: a) people and physical systems are surrounded with intelligent interactive interfaces and objects, and b) environments are capable of recognising and reacting to the presence of different individuals or events in a seamless, unobtrusive, and invisible manner. The success of future ICT technologies will depend on how secure these systems are and to what extent they protect the privacy of individuals and individuals trust them. In 2007, Workshop in Information Security Theory and Practice (WISTP) was created as a forum for bringing together researchers and practitioners in related areas and to encourage interchange and cooperation between the research community and the industrial/consumer community. Based on the growing interest of the participants, 2015 edition is becoming a conference - The 9th WISTP International Conference on Information Security Theory and Practice (WISTP'2015). WISTP 2015 seeks original submissions from academia and industry presenting novel research on all theoretical and practical aspects of security and privacy, as well as experimental studies of fielded systems, the application of security technology, the implementation of systems, and lessons learned. We encourage submissions from other communities such as law, business, and policy that present these communities' perspectives on technological issues. Topics of interest include, but are not limited to:
- Security and Privacy in Smart Devices
- Security and Privacy in Networks
- Security and Privacy in Architectures, Protocols, Policies, Systems and Applications

For more information, please see http://www.wistp.org.

WISA 2015 16th International Workshop on Information Security Applications, Jeju Island, Korea, August 20-22, 2015. [posted here 04/06/15]
The primary focus of WISA 2015 is on systems and network security, and the secondary focus is on all other technical and practical aspects of security applications. The workshop will serve as a forum for new results from the academic research community as well as from the industry. The areas of interest include, but are not limited to:
- Analysis of network and security protocols
- Applications of cryptographic techniques
- Automated tools for source code/binary analysis
- Critical infrastructure security
- Digital Forensics
- Exploit techniques and automation
- HCI security and privacy
- Malware analysis
- Network-based attacks
- Operating system security
- Security policy
- Storage and file system security
- Trustworthy computing
- Web security
- Anonymity and censorship-resistant technologies
- Authentication and authorization
- Botnet defense
- Denial-of-service attacks and countermeasures
- Embedded systems security
- Hardware and physical security
- Intrusion detection and prevention
- Mobile/wireless/cellular system security
- Network infrastructure security
- Practical cryptanalysis (hardware, DRM, etc.)
- Side channel attacks and countermeasures
- Techniques for developing secure systems
- Vulnerability research

For more information, please see http://www.wisa.or.kr.

IFIP-Summer School on Privacy and Identity Management 2015 10th IFIP Summer School on Privacy and Identity Management - Time for a Revolution?, Edinburgh, Scotland, August 16-21, 2015. [posted here 02/16/15]
The Summer School takes a holistic approach to society and technology and supports interdisciplinary exchange through keynote and plenary lectures, tutorials, workshops, and research paper presentations. In particular, participants' contributions that combine technical, legal, regulatory, socio-economic, social or societal, political, ethical, anthropological, philosophical, or psychological perspectives are welcome. The school seeks contributions in the form of research papers, tutorials, and workshop proposals from all disciplines (e.g., computer science, informatics, economics, ethics, law, psychology, sociology, political and other social sciences, surveillance studies, business and public management), and is especially inviting contributions from students who are at the stage of preparing either a master's or a PhD thesis. Topics of interest include, but are not limited to:
- big data analysis, biometrics, cloud computing, virtuality, data and visual analytics
- concepts of anonymity, pseudonymity, identity in different disciplines or cultures
- cybercrime and cybersecurity
- data breaches, data retention and law enforcement
- digital rights and net neutrality
- digital participation, participatory design, ethically-informed design, co-creation and co-ollaboration, ecosystems, and social actors' engagement in design
- health informatics, informed consent, and data-sharing
- impact of legislative or regulatory initiatives on privacy
- impact of technology on social exclusion/digital divide/social and cultural aspects
- privacy and identity management (services, technologies, infrastructures, usability aspects, legal and socio-economic aspects)
- privacy-by-design, privacy-by-default, and privacy impact assessment
- privacy-enhancing technologies (PETs), privacy standardisation, and privacy issues relating to eIDs
- profiling and tracking technologies
- public attitudes to (national) security and privacy
- roadmap towards increased privacy protection, use of PETs and privacy by design as a standard procedure
- semantics, web security, and privacy
- social accountability, social, legal and ethical aspects of technology and the Internet specifically
- social care, community care, integrated care and opportunities for as well as threats to individual and community privacy
- social networks, social computing, crowdsourcing and social movements
- surveillance, video surveillance, sensor networks, and the Internet of Things
- transparency-enhancing technologies (TETs)
- trust management and reputation systems
- ubiquitous and usable privacy and identity management

For more information, please see http://www.ifip-summerschool.org/.

WPES 2015 Workshop on Privacy-Preserving Information Retrieval, Held in conjunction with the ACM SIGIR conference, Santiago de Chile, August 13, 2015. [posted here 05/25/15]
We look forward to your ideas and solutions to the cross-discipline research on privacy and information retrieval. The submissions should be about but not limited to the following research areas:
- Privacy-related information retrieval models
- Privacy in social media, micro blog, and people search
- Evaluation for privacy-preserving IR
- Leak of sensitive information in natural languages
- Privacy in location-based services, recommender systems, and other IR works on mobile app
- Privacy preserving IR work for healthcare and other domains

For more information, please see http://privacypreservingir.org.

USENIX-Security 2015 24th USENIX Security Symposium, Washington, D.C., USA, August 12-14, 2015. [posted here 11/17/14]
The USENIX Security Symposium brings together researchers, practitioners, system administrators, system programmers, and others interested in the latest advances in the security and privacy of computer systems and networks. All researchers are encouraged to submit papers covering novel and scientifically significant practical works in computer security. Refereed paper submissions are solicited in all areas relating to systems research in security and privacy, including but not limited to:
- Systems security
- Cryptographic implementation analysis and construction, applied cryptography
- Programming language security
- Web security
- Hardware security
- Network security
- Privacy-enhancing technologies, anonymity
- Human-computer interaction, security, and privacy
- Social issues and security
- Security analysis
- Security measurement studies

For more information, please see https://www.usenix.org/conference/usenixsecurity15.

SOUPS 2015 Symposium On Usable Privacy and Security, Ottawa, Canada, July 22-24, 2015. [posted here 12/01/14]
The 2015 Symposium on Usable Privacy and Security (SOUPS) will bring together an interdisciplinary group of researchers and practitioners in human computer interaction, security, and privacy. We invite authors to submit original papers describing research or experience in all areas of usable privacy and security. We welcome a variety of research methods, including both qualitative and quantitative approaches. Topics include, but are not limited to:
- innovative security or privacy functionality and design
- new applications of existing models or technology
- field studies of security or privacy technology
- usability evaluations of new or existing security or privacy features
- security testing of new or existing usability features
- longitudinal studies of deployed security or privacy features
- studies of administrators or developers and support for security and privacy
- the impact of organizational policy or procurement decisions, and
- lessons learned from the deployment and use of usable privacy and security features
- reports of replicating previously published studies and experiments
- reports of failed usable security studies or experiments, with the focus on the lessons learned from such experience

For more information, please see http://cups.cs.cmu.edu/soups/.

PST 2015 International Conference on Privacy, Security and Trust, Izmir, Turkey, July 21-23, 2015. [posted here 02/16/15]
This conference, the thirteenth in an annual series, provides a forum for researchers world-wide to unveil their latest work in privacy, security and trust and to show how this research can be used to enable innovation. High-quality papers in all PST related areas that, at the time of submission, are not under review and have not already been published or accepted for publications elsewhere are solicited. PST2015 topics include, but are NOT limited to, the following:
- Privacy Preserving / Enhancing Technologies
- Critical Infrastructure Protection
- Network and Wireless Security
- Operating Systems Security
- Intrusion Detection Technologies
- Secure Software Development and Architecture
- PST Challenges in e-Services, e.g. e-Health, e-Government, e-Commerce
- Network Enabled Operations
- Digital forensics
- Information Filtering, Data Mining and Knowledge from Data
- National Security and Public Safety
- Cryptographic Techniques for Privacy Preservation
- Security Metrics
- Recommendation, Reputation and Delivery Technologies
- Privacy, Traceability, and Anonymity
- Trust and Reputation in Self-Organizing Environments
- Anonymity and Privacy vs. Accountability
- Access Control and Capability Delegation

For more information, please see http://pst2015.yasar.edu.tr/.

SECRYPT 2015 12th International Conference on Security and Cryptography, Colmar, Alsace, France, July 20 - 22, 2015. [posted here 11/17/14]
SECRYPT is an annual international conference covering research in information and communication security. The conference seeks submissions from academia, industry, and government presenting novel research on all theoretical and practical aspects of data protection, privacy, security, and cryptography. Papers describing the application of security technology, the implementation of systems, and lessons learned are also encouraged. Papers describing new methods or technologies, advanced prototypes, systems, tools and techniques and general survey papers indicating future directions are also encouraged. Topics of interest include:
- Access Control
- Applied Cryptography
- Biometrics Security and Privacy
- Critical Infrastructure Protection
- Data Integrity
- Data Protection
- Database Security and Privacy
- Digital Forensics
- Digital Rights Management
- Ethical and Legal Implications of Security and Privacy
- Formal Methods for Security
- Human Factors and Human Behavior Recognition Techniques
- Identification, Authentication and Non-repudiation
- Identity Management
- Information Hiding
- Information Systems Auditing
- Insider Threats and Countermeasures
- Intellectual Property Protection
- Intrusion Detection & Prevention
- Management of Computing Security
- Network Security
- Organizational Security Policies
- Peer-to-Peer Security
- Personal Data Protection for Information Systems
- Privacy
- Privacy Enhancing Technologies
- Reliability and Dependability
- Risk Assessment
- Secure Software Development Methodologies
- Security and Privacy for Big Data
- Security and privacy in Complex Systems
- Security and Privacy in Crowdsourcing
- Security and Privacy in IT Outsourcing
- Security and Privacy in Location-based Services
- Security and Privacy in Mobile Systems
- Security and Privacy in Pervasive/Ubiquitous Computing
- Security and Privacy in Smart Grids
- Security and Privacy in Social Networks
- Security and Privacy in the Cloud
- Security and Privacy in Web Services
- Security and Privacy Policies
- Security Area Control
- Security Deployment
- Security Engineering
- Security in Distributed Systems
- Security Information Systems Architecture
- Security Management
- Security Metrics and Measurement
- Security Protocols
- Security requirements
- Security Verification and Validation
- Sensor and Mobile Ad Hoc Network Security
- Service and Systems Design and QoS Network Security
- Software Security
- Trust management and Reputation Systems
- Ubiquitous Computing Security
- Wireless Network Security

For more information, please see http://www.secrypt.icete.org.

CAV 2015 27th International Conference on Computer Aided Verification, San Francisco, California, USA, July 18-24 2015. [posted here 10/06/14]
CAV 2015 is the 27th in a series dedicated to the advancement of the theory and practice of computer-aided formal analysis methods for hardware and software systems. CAV considers it vital to continue spurring advances in hardware and software verification while expanding to new domains such as biological systems and computer security. The conference covers the spectrum from theoretical results to concrete applications, with an emphasis on practical verification tools and the algorithms and techniques that are needed for their implementation. The proceedings of the conference will be published in the Springer LNCS series. A selection of papers will be invited to a special issue of Formal Methods in System Design and the Journal of the ACM. Topics of interest include but are not limited to:
- Algorithms and tools for verifying models and implementations
- Hardware verification techniques
- Deductive, compositional, and abstraction techniques for verification
- Program analysis and software verification
- Verification methods for parallel and concurrent hardware/software systems
- Testing and run-time analysis based on verification technology
- Applications and case studies in verification
- Decision procedures and solvers for verification
- Mathematical and logical foundations of practical verification tools
- Verification in industrial practice
- Algorithms and tools for system synthesis
- Hybrid systems and embedded systems verification
- Verification techniques for security
- Formal models and methods for biological systems

For more information, please see http://i-cav.org/2015/.

FCS 2015 Workshop on Foundations of Computer Security, Held in conjunction with IEEE CSF 2015, Verona, Italy, July 13, 2015. [posted here 03/02/15]
Computer security is an established field of both theoretical and practical significance. In recent years, there has been sustained interest in the formal foundations of methods used in computer security. The aim of the FCS 2015 workshop is to provide a forum for continued activity in this area. The scope of FCS 2015 includes, but is not limited to, the formal specification, analysis, and design of cryptographic protocols and their applications; the formal definition of various aspects of security such as access control mechanisms, mobile code security and denial-of-service attacks; the modelling of information flow and its application to confidentiality policies, system composition, and covert channel analysis. We are interested both in new theoretical results in computer security and also in more exploratory presentations that examine open questions and raise fundamental concerns about existing theories, as well as in new results on developing and applying automated reasoning techniques and tools for the formal specification and analysis of security protocols. We thus solicit submission of papers both on mature work and on work in progress. Please note that FCS has no published proceedings. Presenting a paper at the workshop should not preclude submission to or publication in other venues. Papers presented at the workshop will be made publicly available, but this will not constitute an official proceedings.

For more information, please see http://software.imdea.org/~bkoepf/FCS15/.

DIMVA 2015 12th International Conference on Detection of Intrusions and Malware & Vulnerability Assessment, Milano, Italy, July 9-10, 2015. [posted here 12/15/14]
The annual DIMVA conference serves as a premier forum for advancing the state of the art in intrusion detection, malware detection, and vulnerability assessment. Each year, DIMVA brings together international experts from academia, industry, and government to present and discuss novel research in these areas. This year, due to the increased threats against critical infrastructures and industrial control systems, we encourage submissions in these areas. Specifically, we welcome strong technical contributions that consider the cross-area obstacles (e.g., privacy, societal and legal aspects) that arise when deploying protection measures in the real world.

For more information, please see http://www.dimva2015.it.

HAISA 2015 International Symposium on Human Aspects of Information Security & Assurance, Lesvos, Greece, July 1-3, 2015. [posted here 01/12/15]
It is commonly acknowledged that security requirements cannot be addressed by technical means alone, and that a significant aspect of protection comes down to the attitudes, awareness, behaviour and capabilities of the people involved. Indeed, people can potentially represent a key asset in achieving security, but at present, factors such as lack of awareness and understanding, combined with unreasonable demands from security technologies, can dramatically impede their ability to do so. Ensuring appropriate attention and support for the needs of users should therefore be seen as a vital element of a successful security strategy. People at all levels (i.e. from organisations to domestic environments; from system administrators to end-users) need to understand security concepts, how the issues may apply to them, and how to use the available technology to protect their systems. In addition, the technology itself can make a contribution by reducing the demands upon users, simplifying protection measures, and automating a variety of safeguards. With the above in mind, this symposium specifically addresses information security issues that relate to people. It concerns the methods that inform and guide users' understanding of security, and the technologies that can benefit and support them in achieving protection. The symposium welcomes papers addressing research and case studies in relation to any aspect of information security that pertains to the attitudes, perceptions and behaviour of people, and how human characteristics or technologies may be positively modified to improve the level of protection. Indicative themes include:
- Information security culture
- Awareness and education methods
- Enhancing risk perception
- Public understanding of security
- Usable security
- Psychological models of security software usage
- User acceptance of security policies and technologies
- User-friendly authentication methods
- Biometric technologies and impacts
- Automating security functionality
- Non-intrusive security
- Assisting security administration
- Impacts of standards, policies, compliance requirements
- Organizational governance for information assurance
- Simplifying risk and threat assessment
- Understanding motivations for misuse
- Social engineering and other human-related risks
- Privacy attitudes and practices
- Computer ethics and security

For more information, please see http://haisa.org/.

PETS 2015 15th Privacy Enhancing Technologies Symposium, Philadelphia, PA, USA, June 30 - July 2, 2015. [posted here 09/22/14]
The annual Privacy Enhancing Technologies Symposium (PETS) brings together privacy and anonymity experts from around the world to discuss recent advances and new perspectives. PETS addresses the design and realization of privacy services for the Internet and other data systems and communication networks. Papers should present novel practical and/or theoretical research into the design, analysis, experimentation, or fielding of privacy-enhancing technologies. While PETS has traditionally been home to research on anonymity systems and privacy-oriented cryptography, we strongly encourage submissions in a number of both well-established and some emerging privacy-related topics.

*** New starting this year ***: Papers will undergo a journal-style reviewing process and be published in the Proceedings on Privacy Enhancing Technologies (PoPETs). PoPETs, a scholarly journal for timely research papers on privacy, has been established as a way to improve reviewing and publication quality while retaining the highly successful PETS community event. PoPETs will be published by De Gruyter Open (http://degruyteropen.com/), the world's second largest publisher of Open Access academic content, and part of the De Gruyter group (http://www.degruyter.com/), which has over 260 years of publishing history. Authors can submit papers to one of several submission deadlines during the year. Papers are provided with major/minor revision decisions on a predictable schedule, where we endeavor to assign the same reviewers to major revisions. Authors can address the concerns of reviewers in their revision and rebut reviewer comments before a final decision on acceptance is made. Papers accepted for publication by May 15th will be presented at that year's symposium. Note that accepted papers must be presented at PETS. Suggested topics include but are not restricted to:
- Behavioural targeting
- Building and deploying privacy-enhancing systems
- Crowdsourcing for privacy
- Cryptographic tools for privacy
- Data protection technologies
- Differential privacy
- Economics of privacy and game-theoretical approaches to privacy
- Forensics and privacy
- Human factors, usability and user-centered design for PETs
- Information leakage, data correlation and generic attacks to privacy
- Interdisciplinary research connecting privacy to economics, law, ethnography, psychology, medicine, biotechnology
- Location and mobility privacy
- Measuring and quantifying privacy
- Obfuscation-based privacy
- Policy languages and tools for privacy
- Privacy and human rights
- Privacy in ubiquitous computing and mobile devices
- Privacy in cloud and big-data applications
- Privacy in social networks and microblogging systems
- Privacy-enhanced access control, authentication, and identity management
- Profiling and data mining
- Reliability, robustness, and abuse prevention in privacy systems
- Surveillance
- Systems for anonymous communications and censorship resistance
- Traffic analysis
- Transparency enhancing tools

For more information, please see https://www.petsymposium.org/2015/.

SPE 2015 IEEE 5th International Workshop on Security and Privacy Engineering, Co-located with 11th IEEE World Congress on Services (SERVICES 2015), New York, NY, USA, June 27 - July 2, 2015. [posted here 02/23/15]
Built upon the success of spectrum of conferences within the IEEE World Congress on Services and the Security and Privacy Engineering workshop, IEEE Security and Privacy Engineering (SPE 2015) theme is a unique place to exchange ideas of engineering secure systems in the context of service computing, cloud computing, and big data analytics. The emphasis on engineering in security and privacy of services differentiates the theme from other traditional prestigious security and privacy workshops, symposiums, and conferences. The practicality and value realization are examined by practitioners from leading industries as well as scientists from academia. In line with the engineering spirit, we solicit original papers presenting real solutions and visions on building secure service systems that can be applied to government procurement, digital medical records, cloud environments, social networking for business purposes, multimedia application, mobile commerce, education, and the like. Potential contributions could cover, but are not limited to, methodologies, protocols, tools, or verification and validation techniques. We also welcome review papers that analyze critically the status of current Security and Privacy (S&P) in a specific area. Papers from practitioners who encounter security and privacy problems and seek understanding are also welcome. Topics of interests of SPE 2015 include, but are not limited to:
- S&P Engineering of Service-Based Applications
- Security Engineering of Service Compositions
- Practical Approaches to Security Engineering of Services
- Privacy-Aware Service Engineering
- Industrial and Real Use Cases in S&P Engineering of (Cloud) Services
- S&P Engineering of Cloud Services
- Auditing and Assessment
- Assurance and Certification
- Cloud Transparency
- Security Management and Governance
- Privacy Enforcement in Clouds and Services
- Cybersecurity Issues of Clouds and Services
- Validation and Verification of S&P in Clouds and Services
- Applied Cryptography for S&P in Clouds and Services
- S&P Testing in Clouds and Services
- Security and Privacy Modeling
- Socio-Economics and Compliance
- Education and Awareness
- Big Data S&P Engineering
- Mobile Cloud S&P Engineering
- S&P Engineering into futuristic blue skies

For more information, please see http://sesar.di.unimi.it/SPE2015/.

PTDCS 2015 Workshop on Privacy by Transparency in Data-Centric Services, Held in conjunction with the 18th International Conference on Business Information Systems (BIS 2015), Poznan, Poland, June 24-26, 2015. [posted here 02/02/15]
Big Data has developed into a key factor of the economy that benefits users and providers of data-centric services. However, the analysis of growing volumes of users data in data-centric services also presents significant privacy challenges. The objective of this workshop is to bring researchers and practitioners together to explore transparency-based mechanisms, such as dashboards, economic explanations of the use of privacy and value of data, as well as user behavior. In particular, the goal of this workshop is to set thematic milestones for the technical development of transparency mechanisms on the one hand, and on the other, trace ways in which technical progress, users and industry could profit from transparency. A major focus will be set on Transparency-Enhancing Technologies (TET) and, in particular, Privacy Dashboards. Topics of interest include, but are not limited to:
- Accountability in Data-Centric Services
- Economics of TET
- Privacy Dashboards
- Privacy Economics
- Privacy Policy Specification and Negotiation
- Privacy in Socio-Technical Systems
- Privacy-Enabled Business Models
- Requirements for TET
- Transparent Behavioral Targeting
- Transparent Usage Control

For more information, please see http://bis.kie.ue.poznan.pl/bis2015/workshops/ptdcs-2015/.

WiSec 2015 8th ACM Conference on Security and Privacy in Wireless and Mobile Networks, New York City, NY, USA, June 22-26, 2015. [posted here 11/17/14]
ACM WiSec is the leading ACM and SIGSAC conference dedicated to all aspects of security and privacy in wireless and mobile and mobile networks and their applications. In addition to the traditional ACM WiSec topics of physical, link, and network layer security, we welcome papers focusing on the security and privacy of mobile software platforms, usable security and privacy, biometrics, cryptography, and the increasingly diverse range of mobile or wireless applications such as Internet of Things, and Cyber-Physical Systems. The conference welcomes both theoretical as well as systems contributions. Topics of interest include, but are not limited to:
- Mobile malware and platform security
- Security & Privacy for Smart Devices (e.g., Smartphones)
- Wireless and mobile privacy and anonymity
- Secure localization and location privacy
- Cellular network fraud and security
- Jamming attacks and defenses
- Key extraction, agreement, or distribution
- Theoretical foundations, cryptographic primitives, and formal methods
- NFC and smart payment applications
- Security and privacy for mobile sensing systems
- Wireless or mobile security and privacy in health, automotive, avionics, or smart grid applications
- Self-tracking/Quantified Self Security and Privacy
- Physical Tracking Security and Privacy
- Usable Mobile Security and Privacy
- Economics of Mobile Security and Privacy
- Bring Your Own Device (BYOD) Security

For more information, please see http://www.sigsac.org/wisec/WiSec2015/.

WEIS 2015 14th Annual Workshop on the Economic of Information Security, Delft University of Technology, The Netherlands, June 22-23, 2015. [posted here 01/05/15]
The Workshop on the Economics of Information Security (WEIS) is the leading forum for interdisciplinary scholarship on information security and privacy, combining expertise from the fields of economics, social science, business, law, policy, and computer science. Prior workshops have explored the role of incentives between attackers and defenders of information systems, identified market failures surrounding Internet security, quantified risks of personal data disclosure, and assessed investments in cyber-defense. WEIS 2015 will build on past efforts using empirical and analytic tools not only to understand threats, but also to strengthen security and privacy through novel evaluations of available solutions. We encourage economists, computer scientists, legal scholars, business school researchers, security and privacy specialists, as well as industry experts to submit their research and participate by attending the workshop. Suggested topics include (but are not limited to) empirical and theoretical studies of:
- Optimal investment in information security
- Models and analysis of online crime
- Risk management and cyber-insurance
- Security standards and regulation
- Cyber-security and privacy policy
- Cyber-defense strategy and game theory
- Security and privacy models and metrics
- Economics of privacy and anonymity
- Behavioral security and privacy
- Vulnerability discovery, disclosure, and patching
- Incentives for information sharing and cooperation
- Incentives regarding pervasive monitoring threats

For more information, please see http://weis2015.econinfosec.org/.

RFIDSec 2015 11th Workshop on RFID Security, Co-located with ACM WiSec 2015, New York City, NY, USA, June 22-23, 2015. [posted here 11/17/14]
The RFIDSec workshop is the premier international venue on the latest technological advances in security and privacy in Radio Frequency Identification (RFID). The 11th edition of RFIDSec continues the effort to broaden the scope towards solutions for security and privacy in related constrained environments: Internet of Things, NFC devices, Wireless Tags, and more. Attendees from academia, industry and government can network with a broad range of international experts. The workshop will include both invited and contributed talks. We invite researchers to submit their latest results in Security and Privacy for RFID as well as for associated technologies. Topics of interest include:
- Implementations of cryptography and protocols with constrained resources in terms of energy, power, computation resources and memory footprint
- Lightweight cryptography and cryptographic protocols
- Efficient and secure processor architectures for constrained environments
- Tamper and reverse-engineering resistant designs for constrained platforms
- Side-channel and fault attacks as well as countermeasures
- Novel implementations of cryptography to support privacy and untraceability
- Cross-layer engineering of constrained secure implementations within secure systems
- Novel technologies and applications such as NFC, IC anti-counterfeiting, and Internet of Things
- Design issues related to scalability, large-scale deployment and management of secure tags

For more information, please see http://rfidsec2015.iaik.tugraz.at/.

MSPN 2015 International Conference on Mobile, Secure and Programmable Networking, Paris, France, June 15-17, 2015. [posted here 02/23/15]
The rapid deployment of new infrastructures based on network virtualization and Cloud computing triggers new applications and services that in turn generate new constraints such as security and/or mobility. The International Conference on Mobile, Secure and Programmable Networking aims at providing a top forum for researchers and practitioners to present and discuss new trends in networking infrastructures, security, services and applications while focusing on virtualization and Cloud computing for networks, network programming, Software Defined Networks (SDN) and their security. Position papers are also welcome and should be clearly marked as such. Authors are invited to submit complete unpublished papers, which are not under review in any other conference or journal, including, but not limited to, the following topic areas:
- Software Defined Networks (tools, software, concepts)
- Virtualization and Cloud computing
- Networks and Cloud computing
- Mobile computing and Mobile Cloud computing
- Security, Privacy and Trust in Networks, Services and Applications
- Green computing and networking
- Ubiquitous Computing and Sensor Networks
- System design and testbeds
- Cross-Layer Design and Optimization
- Quality of service
- Modeling and performance evaluation
- 4G and 5G networks
- Social networks
- Cooperative networking and Self-Organizing networks
- Distributed sensing, actuation, and control in cyber-physical systems
- Internet of Things
- Vehicular networks and Connected Car
- Crowdsourcing
- Datacenter networking
- Location-based Services
- Web-services and SOA

For more information, please see http://cedric.cnam.fr/workshops/mspn2015/.

DAC-Security Track 2015 Design Automation Conference, San Francisco, CA, USA, June 7-11, 2015. [posted here 10/13/14]
Security primitives and protocols are typically built upon the notion of a "secret" key or code stored in a protected place. A common presumption in software, data, and systems security is that as long as the secret is in the hardware, their method is invulnerable to attacks and exploits. However this is not true. These systems are vulnerable to a variety of hardware-centric attacks: side channel analysis, reverse engineering, IP piracy, hardware Trojans and counterfeiting. Furthermore, a host of hardware-based threats are emerging due to the globalization of Integrated Circuit (IC) and embedded system design. Consequently, designers and users of ICs, Intellectual Property (IP) and embedded systems are beginning to re-assess their trust in these systems. Overall, there is an urgent need to create, analyze, evaluate, and improve the hardware base of the contemporary security solutions. The Security Track at DAC seeks to highlight and celebrate the emergence of security and trust as an important dimension of Hardware and Embedded Systems Design (side-by-side with power, performance, and reliability).

For more information, please see https://dac.com/submission-categories/hardware-and-software-security.

ACNS 2015 13th International Conference on Applied Cryptography and Network Security, New York, NY, USA, June 2-5, 2015. [posted here 11/03/14]
The 13th International Conference on Applied Cryptography and Network Security (ACNS 2015) seeks submissions presenting novel research on all technical aspects of applied cryptography, network and computer security, and privacy. This includes submissions on traditional cryptography and security areas (e.g., symmetric or public key cryptography, network security, privacy and anonymity), emerging areas (e.g., security and privacy for big data, outsourced computation, or digital currency), and new paradigms or non-traditional perspectives. Submissions may focus on new visions, definitions, security and privacy metrics, provably secure protocols, impossibility results, attacks, industrial challenges, case studies, experimental reports related to implementation and deployment of real-world systems or policies, or any other original research advancing the state of the art.

For more information, please see http://acns2015.cs.columbia.edu/.

SACMAT 2015 20th ACM Symposium on Access Control Models and Technologies, Vienna, Austria, June 1-3, 2015. [posted here 01/05/15]
The ACM Symposium on Access Control Models and Technologies (SACMAT) is the premier forum for the presentation of research results and experience reports on leading edge issues of access control, including models, systems, applications, and theory. The aims of the symposium are to share novel access control solutions that fulfil the needs of heterogeneous applications and environments, and to identify new directions for future research and development. SACMAT provides researchers and practitioners with a unique opportunity to share their perspectives with others interested in the various aspects of access control. Papers offering novel research contributions in all aspects of access control are solicited for submission to the 20th ACM Symposium on Access Control Models and Technologies (SACMAT 2015). Accepted papers will be presented at the symposium and published by the ACM in the symposium proceedings. Topics of interest include but are not limited to:
- Access Intelligence
- Administration
- Applications
- Attribute-based systems
- Authentication
- Big data
- Biometrics
- Cloud computing
- Cryptographic approaches
- Cyber-physical systems
- Databases and data management
- Design methodology
- Distributed and mobile systems
- Economic models and game theory
- Enforcement
- Hardware enhanced
- Identity management
- Mechanisms, systems, and tools
- Models and extensions
- Obligations
- Policy engineering and analysis
- Requirements
- Risk
- Safety analysis
- Standards
- Theoretical foundations
- Trust management
- Usability

For more information, please see http://www.sacmat.org/.

eCrime 2015 10th Symposium on Electronic Crime Research, Held in conjunction with the 2015 APWG General Meeting and the fifth eCrime Sync-up, Barcelona, Spain, May 26-29, 2015. [posted here 12/22/14]
eCrime 2015 consists of 4 days of keynote presentations, technical and practical sessions and interactive panels, which will allow academic researchers, security practitioners, and law enforcement to discuss and exchange ideas, experiences and lessons learnt in all aspects of electronic crime and ways to combat it. This time the main topic of the conference will be "Mobile Devices Security", since Barcelona is the Mobile World Capital. Topics of interests include (but are not limited to):
- Case studies of current attack methods, including intrusion, phishing, smishing, malware, rogue antivirus, pharming, crimeware, botnets, and emerging threats to mobile devices.
- Case studies of online advertising fraud, including click fraud, malvertising, cookie stuffing, and affiliate fraud, as well as mobile App privacy risks prevention.
- Case studies of large-scale take-downs, such as coordinated botnet disruption
- Technical, legal, political, social and psychological aspects of fraud and fraud prevention
- Economics of online crime, including measurement studies of underground economies and models of e-crime, social engineering linked to use of mobile devices as first or second authentication factor.
- Applied Innovations in the use of authentication systems in eBanking and other sectors: biometry, soft and hard-token devices as mobile phones, tablets and others. Privacy aware mobile authentication and mobile identity management, BYOD security, mobile device management, encryption, etc.
- Uncovering and disrupting online criminal collaboration and gangs
- Financial infrastructure of e-crime, including payment processing and money laundering, and the impact of increasing success of mobile payment methods.
- Techniques to assess the risks and yields of attacks and the effectiveness of countermeasures. Metrics standards and conventions in the establishment of tests of efficacy.
- Delivery techniques, including DNS manipulation, mobile App, spam, voice mail, social network and web browser search manipulation, specific mobile devices security hardening; and countermeasures
- Techniques to avoid detection, tracking and take-down; and ways to block such techniques
- Mobile malware and mobile infrastructure security configuration and best practices to improve security and prevent infection.
- Mobile devices forensic analysis tools.
- Best practices for detecting and avoiding damages to critical internet infrastructure, such as DNS and SCADA, from electronic crime activities, including mobile phone infrastructure.

For more information, please see https://apwg.org/apwg-events/ecrime2015/cfp.

MoST 2015 Mobile Security Technologies Workshop, an event of the IEEE Computer Society's Security and Privacy Workshops (SPW 2015), Held in conjunction with the 34th IEEE Symposium on Security and Privacy (IEEE SP 2015), The Fairmont Hotel, San Jose, CA, USA, May 21, 2015. [posted here 01/12/15]
Mobile Security Technologies (MoST) brings together researchers, practitioners, policy makers, and hardware and software developers of mobile systems to explore the latest understanding and advances in the security and privacy for mobile devices, applications, and systems. The scope of MoST 2015 includes, but is not limited to, security and privacy specifically for mobile devices and services related to:
- Device hardware
- Operating systems
- Middleware
- Mobile web
- Secure and efficient communication
- Secure application development tools and practices
- Privacy
- Vulnerabilities and remediation techniques
- Usable security
- Identity and access control
- Risks in putting trust in the device vs. in the network/cloud
- Special applications, such as medical monitoring and records
- Mobile advertisement
- Secure applications and application markets
- Economic impact of security and privacy technologies

For more information, please see http://ieee-security.org/TC/SPW2015/MoST/.

LangSec 2015 2nd Workshop on Language-Theoretic Security, Held in conjunction with IEEE Symposium on Security and Privacy (SP 2015), San Jose, CA, USA, May 21, 2015. [posted here 10/06/14]
LangSec workshop solicits contributions related to the growing area of language-theoretic security. LangSec offers a coherent explanation for the "science of insecurity" as more than an ad hoc collection of software mistakes or design flaws. This explanation is predicated on the connection between fundamental computability principles and the continued existence of software flaws. LangSec posits that the only path to trustworthy software that takes untrusted inputs is treating all valid or expected inputs as a formal language and treating the respective input-handling routines as a recognizer for that language. The LangSec approach to system design is primarily concerned with achieving practical assurance: development that is rooted in fundamentally sound computability theory, but is expressed as efficient and practical systems components. One major objective of the workshop is to develop and share this viewpoint with attendees and the broader systems security community to help establish a foundation for research based on LangSec principles. The overall goal of the workshop is to bring more clarity and focus to two complementary areas: (1) practical software assurance and (2) vulnerability analysis (identification, characterization, and exploit development). The LangSec community views these activities as related and highly structured engineering disciplines and seeks to provide a forum to explore and develop this relationship.

For more information, please see http://spw15.langsec.org/index.html.

IWPE 2015 1st International Workshop on Privacy Engineering, Held in conjunction with IEEE Symposium on Security and Privacy (SP 2015), San Jose, CA, USA, May 21, 2015. [posted here 10/06/14]
Ongoing news reports regarding global surveillance programs, massive personal data breaches in corporate databases, and notorious examples of personal tragedies due to privacy violations have intensified societal demands for privacy-friendly systems. In response, current legislative and standardization processes worldwide aim to strengthen individual’s privacy by introducing legal and organizational frameworks that personal data collectors and processors must follow. However, in practice, these initiatives alone are not enough to guarantee that organizations and software developers will be able to identify and adopt appropriate privacy engineering techniques in their daily practices. Even if so, it is difficult to systematically evaluate whether the systems they develop using such techniques comply with legal frameworks, provide necessary technical assurances, and fulfill users’ privacy requirements. It is evident that research is needed in developing techniques that can aid the translation of legal and normative concepts, as well as user expectations into systems requirements. Furthermore, methods that can support organizations and engineers in developing (socio-)technical systems that address these requirements is of increasing value to respond to the existing societal challenges associated with privacy. While there is a consensus on the benefits of an engineering approach to privacy, concrete proposals for processes, models, methodologies, techniques and tools that support engineers and organizations in this endeavor are few and in need of immediate attention. To cover this gap, the topics of the International Workshop on Privacy Engineering (IWPE'15) focus on all the aspects surrounding privacy engineering, ranging from its theoretical foundations, engineering approaches, and support infrastructures, to its practical application in projects of different scale. IWPE’15 welcomes papers that focus on novel solutions on the recent developments in the general area of privacy engineering. Topics of interests include, but are not limited to:
- Integration of law and policy compliance into the development process
- Privacy impact assessment
- Privacy risk management models
- Privacy breach recovery Methods
- Technical standards, heuristics and best practices for privacy engineering
- Privacy engineering in technical standards
- Privacy requirements elicitation and analysis methods
- User privacy and data protection requirements
- Management of privacy requirements with other system requirements
- Privacy requirements operationalization
- Privacy engineering strategies and design patterns
- Privacy architectures
- Privacy engineering and databases
- Privacy engineering in the context of interaction design and usability
- Privacy testing and evaluation methods
- Validation and verification of privacy requirements
- Engineering Privacy Enhancing Technologies
- Models and approaches for the verification of privacy properties
- Tools supporting privacy engineering
- Teaching and training privacy engineering
- Adaptations of privacy engineering into specific software development processes
- Pilots and real-world applications
- Privacy engineering and accountability
- Organizational, legal, political and economic aspects of privacy engineering

For more information, please see http://ieee-security.org/TC/SPW2015/IWPE/.

GenoPri 2015 2nd International Workshop on Genome Privacy and Security, Held in conjunction with IEEE Symposium on Security and Privacy (SP 2015), San Jose, CA, USA, May 21, 2015. [posted here 10/06/14]
Over the past several decades, genome sequencing technologies have evolved from slow and expensive systems that were limited in access to a select few scientists and forensics investigators to high-throughput, relatively low-cost tools that are available to consumers. A consequence of such technical progress is that genomics has become one of the next major challenges for privacy and security because (1) genetic diseases can be unveiled, (2) the propensity to develop specific diseases (such as Alzheimer’s) can be revealed, (3) a volunteer, accepting to have his genomic code made public, can leak substantial information about his ethnic heritage and the genomic data of his relatives (possibly against their will), and (4) complex privacy issues can arise if DNA analysis is used for criminal investigations and medical purposes. As genomics is increasingly integrated into healthcare and "recreational" services (e.g., ancestry testing), the risk of DNA data leakage is serious for both individuals and their relatives. Failure to adequately protect such information could lead to a serious backlash, impeding genomic research, that could affect the well-being of our society as a whole. This prompts the need for research and innovation in all aspects of genome privacy and security, as suggested by the non-exhaustive list of topics below:
- Privacy-preserving analysis of and computation on genomic data
- Security and privacy metrics for the leakage of genomic data
- Cross-layer attacks to genome privacy
- Access control for genomic data
- Differentiated access rights for medical professionals
- Quantification of genome privacy
- De-anonymization attacks against genomic databases
- Efficient cryptographic techniques for enhancing security/privacy of genomic data
- Privacy enhancing technologies for genomic data
- Implications of synthetic DNA for privacy
- Applications of differential privacy to the protection of genomic data
- Storage and long-term safety of genomic data
- Secure sharing of genomic data between different entities
- Trust in genomic research and applications
- Social and economic issues for genome privacy and security
- Ethical and legal issues in genomics
- Studies of policy efforts in genomics
- User studies and perceptions
- Social and economic issues for genome privacy
- Studies of issues and challenges with informed consent
- Privacy issues in transcriptomics and proteomics
- Systematization-of-knowledge of genome privacy and security research

For more information, please see http://www.genopri.org/.

W2SP 2015 Web 2.0 Security and Privacy Workshop, Held in conjunction with IEEE Symposium on Security and Privacy (SP 2015), San Jose, CA, USA, May 21, 2015. [posted here 10/06/14]
W2SP brings together researchers, practitioners, web programmers, policy makers, and others interested in the latest understanding and advances in the security and privacy of the web, browsers, cloud, mobile and their eco-system. We have had eight years of successful W2SP workshops. The scope of W2SP 2015 includes, but is not limited to:
- Analysis of Web, Cloud and Mobile Vulnerabilities
- Forensic Analysis of Web, Cloud and Mobile Systems
- Security Analysis of Web, Cloud and Mobile Systems
- Advances in Penetration Testing
- Advances in (SQL/code) Injection Attacks
- Trustworthy Cloud-based, Web and Mobile services
- Privacy and Reputation in Web (e.g. Social Networks), Cloud, Mobile Systems
- Security and Privacy as a Service
- Usable Security and Privacy
- Security and Privacy Solutions for the Web, Cloud and Mobile
- Identity Management, Pseudonymity and Anonymity
- Security/Privacy Web Services/Feeds/Mashups
- Provenance and Governance
- Security and Privacy Policy Management for the Web, Cloud and Mobile
- Next-Generation Web/Mobile Browser Technology
- Security/Privacy Extensions and Plug-ins
- Online Privacy and Security frameworks
- Advertisement and Affiliate fraud
- Studies on Understanding Web/Cloud/Mobile Security and Privacy
- Technical Solutions for Security and Privacy legislation
- Solutions for connecting the Business, Legal, Technical and Social aspects on Web/Cloud/Mobile Security and Privacy
- Technologies merging Economics with Security/Privacy
- Innovative Security/Privacy Solutions for Industry Verticals
- Formal methods in Security

For more information, please see http://ieee-security.org/TC/SPW2015/W2SP/cfp.html.

SP 2015 36th IEEE Symposium on Security and Privacy, San Jose, CA, USA, May 18-20, 2015. [posted here 09/22/14]
Since 1980, the IEEE Symposium on Security and Privacy has been the premier forum for computer security research, presenting the latest developments and bringing together researchers and practitioners. We solicit previously unpublished papers offering novel research contributions in any aspect of security or privacy. Papers may present advances in the theory, design, implementation, analysis, verification, or empirical evaluation and measurement of secure systems. Topics of interest include:
- Access control
- Accountability
- Anonymity
- Application security
- Attacks and defenses
- Authentication
- Censorship and censorship-resistance
- Cloud security
- Distributed systems security
- Embedded systems security
- Forensics
- Hardware security
- Intrusion detection
- Malware
- Metrics
- Mobile security and privacy
- Language-based security
- Network security
- Privacy-preserving systems
- Protocol security
- Secure information flow
- Security and privacy policies
- Security architectures
- System security
- Usable security and privacy
- Web security and privacy

This topic list is not meant to be exhaustive; S&P is interested in all aspects of computer security and privacy. Papers without a clear application to security or privacy, however, will be considered out of scope and may be rejected without full review. Given the rapidly expanding and maturing security and privacy community, we hope to increase the acceptance rate of papers that are more far-reaching and risky, as long as those papers also show sufficient promise for creating interesting discussions and questioning widely-held beliefs.

Systematization of Knowledge Papers: Following the success of recent years’ conferences, we are also soliciting papers focused on systematization of knowledge (SoK). The goal of this call is to encourage work that evaluates, systematizes, and contextualizes existing knowledge. Such work can provide a high value to our community but may not be accepted because of a lack of novel research contributions. Suitable papers are those that provide important new insights on established, major research areas or support or challenge long-held beliefs with compelling evidence. Papers that survey research areas without providing such insights are not appropriate. Submissions will be distinguished by the prefix “SoK:” in the title and a checkbox on the submission form. They will be reviewed by the full PC and held to the same standards as traditional research papers, except instead of emphasizing novel research contributions the emphasis will be on value to the community. Accepted papers will be presented at the symposium and included in the proceedings.

For more information, please see http://www.ieee-security.org/TC/SP2015/.

TELERISE 2015 1st International Workshop on TEchnical and LEgal aspects of data pRIvacy and SEcurity, Co-located with ICSE 2015, Florence, Italy, May 18, 2015. [posted here 12/15/14]
Information sharing is essential for today's business and societal transactions. Nevertheless, such a sharing should not violate the security and privacy requirements dictated by Law, by internal regulations of organisations, and by data subjects. An effectual, rapid, and unfailing electronic data sharing among different parties, while protecting legitimate rights on these data, is a key issue with several shades. Among them, how to translate the high-level law obligations, business constraints, and users' requirements into system-level privacy policies, providing efficient and practical solutions for policy definition and enforcement. TELERISE aims at providing a forum for researchers and engineers, in academia and industry, to foster an exchange of research results, experiences, and products in the area of privacy preserving and secure data management, from a technical and legal perspective. The ultimate goal is to conceive new trends and ideas on designing, implementing, and evaluating solutions for privacy-preserving information sharing, with an eye to cross-relations between ICT and regulatory aspects of data management. Topics of interest are (but not limited to):
- Model-based and experimental assessment of data protection
- Privacy in identity management and authentication
- Modelling and analysis languages for representation, visualization, specification of legal regulations
- Technical, legal and user requirements for data protection
- User-friendly authoring tools to edit privacy preferences
- IT infrastructures for privacy and security policies management
- IT infrastructure for supporting privacy and security policies evolution
- Privacy and security policies conflict analysis and resolution strategies
- Electronic Data Sharing Agreements Representation: Languages and Management Infrastructure
- Cross-relations between privacy-preserving technical solutions and legal regulations
- Privacy aware access and usage control
- Privacy and security policies enforcement mechanisms
- Privacy preserving data allocation and storage
- Software systems compliance with applicable laws and regulations
- Heuristic for pattern identification in law text
- Empirical analysis of consumer's awareness of privacy and security policies

For more information, please see http://www.iit.cnr.it/telerise2015/.

EDFC 2015 National Conference on Ethics and Digital Forensics, Arlington, VA, USA, May 13-15, 2015. [posted here 12/01/14]
The National Science Foundation (NSF) and Alabama Cyber Research Consortium (ALCRC) are hosting the first interdisciplinary conference on professional ethics and digital forensics: Professional Ethics and Digital Forensics: An Interdisciplinary Conference. This conference will provide opportunities for both academics and practitioners to address a pressing issue in digital forensics: the lack of unifying ethical standards, procedures and guidelines for routine activities, such as digital forensic analysis, cybercrime case processing, and data mining/surveillance. This conference will also explore cyber ethics from the following interdisciplinary perspectives: Digital Forensic Investigations, Social and Behavioral Sciences, Jurisprudence, and Cyber Education and Awareness.

For more information, please see http://edfc.thecenter.uab.edu.

ISPEC 2015 11th International Conference on Information Security Practice and Experience, Beijing, China, May 5-8, 2014. [posted here 10/13/14]
ISPEC is an annual conference that brings together researchers and practitioners to provide a confluence of new information security technologies, their applications and their integration with IT systems in various vertical sectors. Conference Topics include:
- Access control
- Network security
- Applied cryptography
- Privacy and anonymity
- Availability, resilience, and usability
- Risk evaluation and security certification
- Big data and Cloud security
- Security for cyber-physical systems
- Cryptanalysis
- Security of smart cards and RFID systems
- Embedded system security
- Security policy
- Database security
- Security protocols
- Digital Forensics
- Security systems
- Digital rights management
- Smart Grid Security
- Information security in vertical applications
- Smartphone Security
- Intrusion detection
- Trust model and management
- Multimedia security
- Trusted computing

For more information, please see http://icsd.i2r.a-star.edu.sg/ispec2015/.

HOST 2015 IEEE International Symposium on Hardware Oriented Security and Trust, Washington DC Metro Area, USA, May 5-7, 2015. [posted here 08/25/14]
The focus of modern computational and communication systems has been shifting from effective sharing of well-protected, scarce, and expensive resources to large-scale information exchange among a plurality of users that communicate using protected mobile devices and sensors, which can be placed in potentially hostile environments. Additionally, integrated circuit synthesis and manufacturing techniques are now complex and distributed with a number of potential security vulnerabilities. Security has emerged as a metric of paramount importance. The scope of system security now includes, in addition to encrypted communication, properties such as privacy, anonymity, and trust. The starting and ending points for all system and application vulnerabilities and defense mechanisms are hardware. The initial impetus was provided by government agencies and individual efforts, but recently a number of coordinated research projects have been undertaken by essentially all hardware and system companies. The IEEE International Symposium on Hardware Oriented Security and Trust (HOST) aims to facilitate the rapid growth of hardware-based security research and development. HOST seeks original contributions in the area of hardware and system security. Relevant research topics include techniques, tools, design/test methods, architectures, circuits, and applications of secure hardware. HOST 2015 invites contributions that are related to, but not limited by, the following topics:
- Hardware Trojan attacks and detection techniques
- Hardware-based security primitives (PUFs, PPUFs, HRNG)
- Security, privacy, and trust protocols using hardware security primitives
- Trusted information flow
- Trusted design using untrusted tools
- Trusted manufacturing including split manufacturing
- Remote integrated circuits enabling and disabling and IP watermarking
- Undeniable hardware metering techniques
- Techniques and metrics for hardware system data confidentiality and hardware design confidentiality, integrity, and authenticity
- Reverse engineering and hardware obfuscation
- Side-channel attacks and techniques for their prevention
- Supply chain risks mitigation including counterfeit detection & avoidance
- Hardware tampering attacks
- Hardware authentication techniques
- Hardware techniques that ensure software and/or system security
- Trusted remote sensing and computing
- Hardware attestation techniques

For more information, please see http://www.hostsymposium.org.

HotSpot 2015 3rd Workshop on Hot Issues in Security Principles and Trust, London, UK, April 18, 2015. [posted here 12/01/14]
This workshop is intended to be a less formal counterpart to the Principles of Security and Trust (POST) conference at ETAPS, and with an emphasis on "hot topics", both of security and of its theoretical foundations and analysis. Like POST, the themes are:
- theory of computer security
- formal specification, analysis and design of security systems
- automated reasoning for security analysis

For more information, please see http://www.lucavigano.com/HotSpot2015/.

ASIACCS 2015 10th ACM Symposium on Information, Computer and Communications Security, Singapore, April 14-17, 2015. [posted here 06/21/14]
ASIACCS is a major international forum for information security researchers, practitioners, developers, and users to explore and exchange the newest cyber security ideas, breakthroughs, findings, techniques, tools, and experiences. We invite submissions from academia, government, and industry presenting novel research on all theoretical and practical aspects of computer and network security. Areas of interest for ASIACCS 2015 include, but are not limited to:
- Access control
- Accounting and audit
- Applied cryptography
- Authentication
- Cloud computing security
- Cyber-physical security
- Data and application security
- Digital forensics
- Embedded systems security
- Formal methods for security
- Hardware-based security
- Intrusion detection
- Key management
- Malware and botnets
- Mobile computing security
- Network security
- Operating system security
- Privacy-enhancing technology
- Security architectures
- Security metrics
- Software security
- Smart grid security
- Threat modelling
- Trusted computing
- Usable security and privacy
- Web security
- Wireless security

For more information, please see http://icsd.i2r.a-star.edu.sg/asiaccs15.

HST 2015 14th annual IEEE Symposium on Technologies for Homeland Security, Boston, Massachusetts, USA, April 14-16, 2015. [posted here 05/26/14]
This symposium brings together innovators from leading academic, industry, business, Homeland Security Centers of Excellence, and government programs to provide a forum to discuss ideas, concepts, and experimental results. This year’s event will once again showcase selected technical paper and posters highlighting emerging technologies in the areas of:
- Cyber Security
- Biometrics & Forensics
- Land and Maritime Border Security
- Attack and Disaster Preparation, Recovery, and Response

For more information, please see http://ieee-hst.org/.

IoTPTS 2015 Workshop on IoT Privacy, Trust, and Security, Held in conjunction with ASIACCS 2015, Singapore, April 14, 2015. [posted here 09/22/14]
The Internet of Things (IoT) is the next great technology frontier. At a basic level, IoT refers simply to networked devices, but the IoT vision is a complex ecosystem that ranges from cloud backend services and big-data analytics to home, public, industrial, and wearable sensor devices and appliances. Architectures for these systems are in the formative stages, and now is the time to ensure privacy, trust, and security are designed into these systems from the beginning. We encourage submissions on all aspects of IoT privacy, trust, and security. Topic of interest include (but are not limited) to the following areas:
- Privacy and IoT data
- Privacy attacks for IoT
- Trust management and device discoverability for IoT
- Usability of privacy and security systems in IoT
- User risk perceptions and modeling for IoT
- Policy Management and enforcement for IoT
- Authentication and access control for users for IoT
- Cryptography for IoT
- Attack detection and remediation for IoT
- Security architectures for IoT systems and applications

For more information, please see https://sites.google.com/site/iotpts/.

CPSS 2015 1st Cyber-Physical System Security Workshop, Held in conjunction with ACM AsiaCCS 2015, Singapore, April 14, 2015. [posted here 10/13/14]
Cyber-Physical Systems (CPS) consist of large-scale interconnected systems of heterogeneous components interacting with their physical environments. There are a multitude of CPS devices and applications being deployed to serve critical functions in our lives. The security of CPS becomes extremely important. This workshop will provide a platform for professionals from academia, government, and industry to discuss how to address the increasing security challenges facing CPS. Besides invited talks, we also seek novel submissions describing theoretical and practical security solutions to CPS. Papers that are pertinent to the security of embedded systems, SCADA, smart grid, and critical infrastructure networks are all welcome, especially in the domains of energy and transportation. Topics of interest include, but are not limited to:
- Adaptive attack mitigation for CPS
- Authentication and access control for CPS
- Availability, recovery and auditing for CPS
- Data security and privacy for CPS
- Embedded systems security
- EV charging system security
- Intrusion detection for CPS
- Key management in CPS
- Legacy CPS system protection
- Lightweight crypto and security
- SCADA security
- Security of industrial control systems
- Smart grid security
- Threat modeling for CPS
- Urban transportation system security
- Vulnerability analysis for CPS
- Wireless sensor network security

For more information, please see http://icsd.i2r.a-star.edu.sg/cpss15.

AsiaCCS-SCC 2015 3rd International Workshop on Security in Cloud Computing, Held in conjunction with ACM AsiaCCS 2015, Singapore, April 14, 2015. [posted here 12/18/14]
Cloud computing has emerged as today's most exciting computing paradigm shift in information technology. With the efficient sharing of abundant computing resources in the cloud, users can economically enjoy the on-demand high quality cloud applications and services without committing large capital outlays locally. While the cloud benefits are compelling, its unique attributes also raise many security and privacy challenges in areas such as data security, recovery, privacy, access control, trusted computing, as well as legal issues in areas such as regulatory compliance, auditing, and many others. This workshop aims to bring together the research efforts from both the academia and industry in all security aspects related to cloud computing. We encourage submissions on all theoretical and practical aspects, as well as experimental studies of deployed systems. Topics of interests include (but are not limited to) the following subject categories:
- Secure cloud architecture
- Cloud Cryptography
- Cloud access control and key management
- Identification and privacy in cloud
- Integrity assurance for data outsourcing
- Integrity and verifiable computation
- Computation over encrypted data
- Software and data segregation security
- Secure management of virtualized resources
- Trusted computing technology
- Joint security and privacy aware protocol design
- Failure detection and prediction
- Secure data management within and across data centers
- Availability, recovery and auditing
- Secure computation outsourcing
- Secure mobile cloud

For more information, please see http://conference.cs.cityu.edu.hk/asiaccsscc.

ESSoS 2015 6th International Symposium on Engineering Secure Software and Systems, Milan, Italy, March 4-6, 2015. [posted here 06/23/14]
Trustworthy, secure software is a core ingredient of the modern world. So is the Internet. Hostile, networked environments, like the Internet, can allow vulnerabilities in software to be exploited from anywhere. To address this, high-quality security building blocks (e.g., cryptographic components) are necessary, but insufficient. Indeed, the construction of secure software is challenging because of the complexity of modern applications, the growing sophistication of security requirements, the multitude of available software technologies and the progress of attack vectors. Clearly, a strong need exists for engineering techniques that scale well and that demonstrably improve the software's security properties. The goal of this symposium, which will be the sixth in the series, is to bring together researchers and practitioners to advance the states of the art and practice in secure software engineering. Being one of the few conference-level events dedicated to this topic, it explicitly aims to bridge the software engineering and security engineering communities, and promote cross-fertilization. The symposium will feature two days of technical program. In addition to academic papers, the symposium encourages submission of high-quality, informative industrial experience papers about successes and failures in security software engineering and the lessons learned. Furthermore, the symposium also accepts short idea papers that crisply describe a promising direction, approach, or insight. Paper submissions are solicited in all areas relating to secure software and secure systems research, including but not limited to:
- Cloud security, virtualization for security
- Mobile devices security
- Automated techniques for vulnerability discovery and analysis
- Model checking for security
- Binary code analysis, reverse-engineering
- Programming paradigms, models, and domain-specific languages for security
- Operating system security
- Verification techniques for security properties
- Malware: detection, analysis, mitigation
- Security in critical infrastructures
- Security economics
- Security by design
- Static and dynamic code analysis for security
- Web applications security
- Program rewriting techniques for security
- Security measurements
- Empirical secure software engineering
- Security-oriented software reconfiguration and evolution
- Computer forensics
- Processes for the development of secure software and systems
- Human-computer interaction for security
- Security testing
- Embedded software security

For more information, please see https://distrinet.cs.kuleuven.be/events/essos/2015/calls-papers.html.

SPA 2015 International Workshop on Security and Privacy Analytics, Co-located with ACM CODASPY 2015, San Antonio, TX, USA, March 2-4, 2015. [posted here 10/13/14]
Increasingly, sophisticated techniques from machine learning, data mining, statistics and natural language processing are being applied to challenges in security and privacy fields. However, experts from these areas have no medium where they can meet and exchange ideas so that strong collaborations can emerge, and cross-fertilization of these areas can occur. Moreover, current courses and curricula in security do not sufficiently emphasize background in these areas and students in security and privacy are not emerging with deep knowledge of these topics. Hence, we propose a workshop that will address the research and development efforts in which analytical techniques from machine learning, data mining, natural language processing and statistics are applied to solve security and privacy challenges ("security analytics"). Submissions of papers related to methodology, design, techniques and new directions for security and privacy that make significant use of machine learning, data mining, statistics or natural language processing are welcome. Furthermore, submissions on educational topics and systems in the field of security analytics are also highly encouraged. The workshop will focus on, but not limited to, the following areas:
- Natural Language Processing for security/privacy
- Data Mining techniques for security/privacy
- Machine learning for security/privacy
- Statistics for security/privacy
- Inference Control
- Privacy-preserving data mining
- Security of machine learning
- Security of data mining
- Security of natural language processing
- Case studies
- Educational topics and courses

For more information, please see http://capex.cs.uh.edu/?q=secanalysis2015.

CODASPY 2015 5th ACM Conference on Data and Application Security and Privacy, San Antonio, Texas, USA, March 2-4 2015. [posted here 07/21/14]
Data and applications security and privacy has rapidly expanded as a research field with many important challenges to be addressed. The goal of the ACM Conference on Data and Applications Security (CODASPY) is to discuss novel, exciting research topics in data and application security and privacy and to lay out directions for further research and development in this area. The conference seeks submissions from diverse communities, including corporate and academic researchers, open-source projects, standardization bodies, governments, system and security administrators, software engineers and application domain experts. Topics of interest include, but are not limited to:
- Application-layer security policies
- Access control for applications
- Access control for databases
- Data-dissemination controls
- Data forensics
- Enforcement-layer security policies
- Privacy-preserving techniques
- Private information retrieval
- Search on protected/encrypted data
- Secure auditing
- Secure collaboration
- Secure data provenance
- Secure electronic commerce
- Secure information sharing
- Secure knowledge management
- Secure multiparty computations
- Secure software development
- Securing data/apps on untrusted platforms
- Securing the semantic web
- Security and privacy in GIS/spatial data
- Security and privacy in healthcare
- Security policies for databases
- Social computing security and privacy
- Social networking security and privacy
- Trust metrics for applications, data, and users
- Usable security and privacy
- Web application security

For more information, please see http://www.codaspy.org/.

ICISSP 2015 1st International Conference on Information Systems Security and Privacy, ESEO, Angers, Loire Valley, France, February 9-11, 2015. [posted here 06/30/14]
The International Conference on Information Systems Security and Privacy aims at creating a meeting point of researchers and practitioners that address security and privacy challenges that concern information systems, especially in organizations, including not only technological issues but also social issues. The conference welcomes papers of either practical or theoretical nature, presenting research or applications addressing all aspects of security and privacy, such as methods to improve the accuracy of data, encryption techniques to conceal information in transit and avoid data breaches, identity protection, biometrics, access control policies, location information and mobile systems privacy, transactional security, social media privacy control, web and email vulnerabilities, trust management, compliance violations in organizations, security auditing, and so on. Cloud computing, big data, and other IT advances raise added security and privacy concerns to organizations and individuals, thus creating new research opportunities. Each of these topic areas is expanded below but the sub-topics list is not exhaustive. Papers may address one or more of the listed sub-topics, although authors should not feel limited by them. Unlisted but related sub-topics are also acceptable, provided they fit in one of the following main topic areas:
- Data and Software Security
- Trust
- Privacy and Confidentiality
- Mobile Systems Security
- Biometric Authentication

For more information, please see http://www.icissp.org/.

NDSS 2015 Network and Distributed System Security Symposium, San Diego, California, USA, February 8-11, 2015. [posted here 07/21/14]
The Network and Distributed System Security Symposium fosters information exchange among researchers and practitioners of network and distributed system security. The target audience includes those interested in practical aspects of network and distributed system security, with a focus on actual system design and implementation. A major goal is to encourage and enable the Internet community to apply, deploy, and advance the state of available network and distributed systems security technologies. The Proceedings are published by the Internet Society. Submissions are solicited in, but not limited to, the following areas:
- Anti-malware techniques: detection, analysis, and prevention
- Combating cyber-crime: anti-phishing, anti-spam, anti-fraud techniques
- Future Internet architecture and design
- High-availability wired and wireless networks
- Implementation, deployment and management of network security policies
- Integrating security in Internet protocols: routing, naming, network management
- Intellectual property protection: protocols, implementations, metering, watermarking, digital rights management
- Intrusion prevention, detection, and response
- Privacy and anonymity technologies
- Public key infrastructures, key management, certification, and revocation
- Special problems and case studies: e.g., tradeoffs between security and efficiency, usability, reliability and cost
- Security for collaborative applications: teleconferencing and video-conferencing
- Security for cloud computing
- Security for emerging technologies: sensor/wireless/mobile/personal networks and systems
- Security for future home networks, Internet of Things, body-area networks
- Security for large-scale systems and critical infrastructures (e.g., electronic voting, smart grid)
- Security for peer-to-peer and overlay network systems
- Security for Vehicular Ad-hoc Networks (VANETs)
- Security of Web-based applications and services
- Trustworthy Computing mechanisms to secure network protocols and distributed systems
- Usable security and privacy

For more information, please see http://www.internetsociety.org/events/ndss-symposium-2015.

NDSS-USEC 2015 NDSS Workshop on Usable Security, San Diego, California, USA, February 8, 2015. [posted here 10/27/14]
The Workshop on Usable Security invites submissions on all aspects of human factors and usability in the context of security and privacy. USEC 2015 aims to bring together researchers already engaged in this interdisciplinary effort with other computer science researchers in areas such as visualization, artificial intelligence and theoretical computer science as well as researchers from other domains such as economics or psychology. We particularly encourage collaborative research from authors in multiple fields. Topics include, but are not limited to:
- Evaluation of usability issues of existing security and privacy models or technology
- Design and evaluation of new security and privacy models or technology
- Impact of organizational policy or procurement decisions
- Lessons learned from designing, deploying, managing or evaluating security and privacy technologies
- Foundations of usable security and privacy
- Methodology for usable security and privacy research
- Ethical, psychological, sociological and economic aspects of security and privacy technologies

For more information, please see http://www.internetsociety.org/events/ndss-symposium-2015/usec-workshop-call-papers.

SENT 2015 NDSS Workshop on Security of Emerging Networking Technologies, San Diego, California, USA, February 8, 2015. [posted here 10/20/14]
The NDSS Workshop on Security of Emerging Networking Technologies is an annual workshop for researchers in security and networking. SENT seeks both technical and position papers on the various aspects of secure networking with a "transformational" aspect: if deployed, the system would dramatically transform the way current networks operate. Topics include future internet architectures, cellular networks, smart user devices, software-defined networks, and cyber-physical systems as well as the corresponding challenges in terms of security and privacy, incremental deployment, and any legal and public-policy concerns. The goal of the workshop is to bring together academic and industry researchers to discuss emerging problems, challenges, and potential solutions. Early work that aims to stimulate the discussions is strongly encouraged.

For more information, please see http://sent2015.inf.ethz.ch.

WEARABLE-S&P 2015 1st Workshop on Wearable Security and Privacy, Held in conjunction with Financial Crypto (FC 2015), Isla Verde, Puerto Rico, January 30, 2015. [posted here 09/22/14]
This workshop focuses on the unique challenges of security and privacy for wearable devices. The demand for a variety of technologies in wearable devices has increased in recent years. Products ranging from Google glass, to EEG brainwave signal readers, to heart rate monitors, have opened up many new applications, but also give rise to concerns involving security and privacy. This workshop seeks papers addressing the unique challenges of security and privacy for wearable computing devices. Suggested topics include (but are not limited to) empirical and theoretical studies of:
- Novel biometrics
- Behavioral biometrics
- Multi-factor authentication with wearable sensors
- Usability of wearable authentication
- Robustness of wearable authentication systems
- Wearable payment systems
- Bio-cryptographic security protocols
- Attacks against wearable systems
- User impact of attacks on wearable systems
- Access control for wearable data sharing
- User testing of wearable security features
- Economics of security for wearable technologies
- Body worn cameras and sousveillance
- Augmented reality security and privacy
- Privacy of pervasive eye-tracking
- Understanding user privacy concerns for wearable technologies
- User testing of privacy features for wearable technologies
- Privacy notifications for wearable recording devices
- Economics of privacy for wearable technologies

For more information, please see http://sensible.berkeley.edu/WEARABLE-S&P15/.

ACSW-AISC 2015 Australasian Information Security Conference, Held as part of Australasian Computer Science Week, Sydney, Australia, January 27-30, 2015. [posted here 04/28/14]
AISC aims at promoting research on all aspects of information security and increasing communication between academic and industrial researchers working in this area. We seek submissions from academic and industrial researchers on all theoretical and practical aspects of information security. Suggested topics include, but are not restricted to: access control; anonymity and pseudonymity; cryptography and cryptographic protocols; database security; identity management and identity theft; intrusion detection and prevention; malicious software; network security; privacy enhancing technologies; and trust and risk.

For more information, please see http://homepages.ecs.vuw.ac.nz/Users/Ian/ACSW_AISC2015.

FC 2015 19th International Conference on Financial Cryptography and Data Security, San Juan, Puerto Rico, January 26-30, 2015. [posted here 08/18/14]
Financial Cryptography and Data Security is a major international forum for research, advanced development, education, exploration, and debate regarding information assurance, with a specific focus on financial, economic and commercial transaction security. Original works focusing on securing commercial transactions and systems are solicited; fundamental as well as applied real-world deployments on all aspects surrounding commerce security are of interest. Submissions need not be exclusively concerned with cryptography. Systems security, economic or behavioral perspectives, and, more generally, inter-disciplinary efforts are particularly encouraged. Topics of interests include, but are not limited to:
- Access Control
- Anonymity and Privacy
- Applied Cryptography
- Auctions and Mechanisms
- Authentication and Identification
- Behavioral Aspects of Security and Privacy
- Biometrics
- Certification and Audits
- Cloud Computing and Data Outsourcing Security
- Commercial Cryptographic Applications
- Contactless Payment and Ticketing Systems
- Cryptographic Currencies
- Digital Cash and Payment Systems
- Digital Rights Management
- Economics of Security and Privacy
- Electronic Commerce Security
- Electronic Crime and Underground Markets
- Fraud Detection and Forensics
- Game Theory for Security and Privacy
- Identity Theft
- Insider Threats
- Legal and Regulatory Issues
- Microfinance and Micropayments
- Mobile Systems Security and Privacy
- Phishing and Social Engineering
- Reputation Systems
- Risk Assessment and Management
- Secure Banking and Financial Services
- Smart Contracts and Financial Instruments
- Smartcards, Secure Tokens and Secure Hardware
- Social Networks Security and Privacy
- Trust Management
- Usability and Security
- Virtual Goods and Virtual Economies
- Voting Systems
- Web Security

For more information, please see http://fc15.ifca.ai/.

IFIP119-DF 2015 11th Annual IFIP WG 11.9 International Conference on Digital Forensics, Orlando, Florida, USA, January 26-28, 2015. [posted here 06/16/14]
The IFIP Working Group 11.9 on Digital Forensics (www.ifip119.org) is an active international community of scientists, engineers and practitioners dedicated to advancing the state of the art of research and practice in digital forensics. The Eleventh Annual IFIP WG 11.9 International Conference on Digital Forensics will provide a forum for presenting original, unpublished research results and innovative ideas related to the extraction, analysis and preservation of all forms of electronic evidence. Papers and panel proposals are solicited. All submissions will be refereed by a program committee comprising members of the Working Group. Papers and panel submissions will be selected based on their technical merit and relevance to IFIP WG 11.9. The conference will be limited to approximately sixty participants to facilitate interactions between researchers and intense discussions of critical research issues. Keynote presentations, revised papers and details of panel discussions will be published as an edited volume - the eleventh volume in the well-known Research Advances in Digital Forensics book series (Springer, Heidelberg, Germany) during the summer of 2015. Technical papers are solicited in all areas related to the theory and practice of digital forensics. Areas of special interest include, but are not limited to:
- Theories, techniques and tools for extracting, analyzing and preserving digital evidence
- Network and cloud forensics
- Embedded device forensics
- Digital forensic processes and workflow models
- Digital forensic case studies
- Legal, ethical and policy issues related to digital forensics

For more information, please see http://www.ifip119.org.

CS2 2015 2nd Workshop on Cryptography and Security in Computing Systems, Co-located with HiPEAC 2015 Conference, Amsterdam, The Netherlands, January 19-21, 2015. [posted here 08/18/14]
The wide diffusion of embedded systems, including multi-core, many-core, and reconfigurable platforms, poses a number of challenges related to the security of the operation of such systems, as well as of the information stored in them. Malicious adversaries can leverage unprotected communication to hijack cyber-physical systems, resulting in incorrect and potentially highly dangerous behaviours, or can exploit side channel information leakage to recover secret information from a computing system. Untrustworthy third party software and hardware can create openings for such attacks, which must be detected and removed or countered. The prevalence of multi/many core systems opens additional issues such as NoC security. Finally, the complexity on modern and future embedded and mobile systems leads to the need to depart from manual planning and deployment of security features. Thus, design automation tools will be needed to design and verify the security features of new hardware/software systems. The workshop is a venue for security and cryptography experts to interact with the computer architecture and compilers community, aiming at cross-fertilization and multi-disciplinary approaches to security in computing systems. Topics of interest include, but are not limited to:
- Compiler and Runtime Support for Security
- Cryptography in Embedded and Reconfigurable Systems
- Design Automation and Verification of Security
- Efficient Cryptography through Multi/Many core Systems
- Fault Attacks and Countermeasures, including interaction with Fault Tolerance
- Passive Side Channel Attacks and Countermeasures
- Hardware Architecture and Extensions for Cryptography
- Hardware/Software Security Techniques
- Hardware Trojans and Reverse Engineering
- Physical Unclonable Functions
- Privacy in Embedded Systems
- Security of Embedded and Cyber-Physical Systems
- Security of Networks-on-Chips and Multi-core Architectures
- Trusted computing

For more information, please see http://www.cs2.deib.polimi.it.