Cipher
Calls for Papers



IEEE Computer Society's Technical Committee on Security and Privacy


 

Past Conferences and Journal Special Issues

Last Modified:12/18/17

Note: Please contact cipher-cfp@ieee-security.org by email if you have any questions..

Contents

 

Past Journal Announcements

Information & Communications Technology Express, Special Issue on Critical Infrastructure (CI) & Smart Grid Cyber Security, (Submission Due 1 December 2017) [posted here 04/10/17]
Guest Editors: Leandros A. Maglaras (De Montfort University, UK), Ki-Hyung Kim (Ajou University, Korea), Helge Janicke (De Montfort University, UK), Mohamed Amine Ferrag, Guelma University, Algeria), Artemios G. Voyiatzis (SBA Research, Austria), Pavlina Fragkou (T.E.I of Athens, Greece), Athanasios Maglaras (T.E.I. of Thessaly, Greece), and Tiago J. Cruz (University of Coimbra, Portugal).

Cyber-physical systems are becoming vital to modernizing the national critical infrastructure (CI) systems. A smart grid is an energy transmission and distribution network enhanced through digital control, monitoring, and telecommunications capabilities. It provides a real-time, two-way flow of energy and information to all stakeholders in the electricity chain, from the generation plant to the commercial, industrial, and residential end user. Each smart grid subsystem and its associated assets require specific security functions and solutions. For example, the solution to secure a substation is not the same as the solution to secure demand response and home energy management systems. Usual cyber security technologies and best practices—such as antivirus, firewalls, intrusion prevention systems, network security design, defense in depth, and system hardening—are necessary to protect the smart grid. However, history showed they are only part of the solution. Owing to the rapid increase of sophisticated cyber threats with exponentially destructive effects advanced cyber security technologies must be developed. The title of this special issue of ICT Express is therefore coined concisely as "Special Issue on CI & Smart Grid Cyber Security". This special issue focuses on innovative methods and techniques in order to address unique security issues relating to CI and smart grids. Original submissions reflecting latest research observation and achievement in the following areas are invited:
- Hardware Security Solutions
- Incident response
- Real-time threat intelligence
- Situation Awareness
- Security information and event management (SIEM) systems
- Machine Learning Techniques
- Safety-Security Interactions
- System Vulnerabilities
- Cyber Security Engineering
- Human Awareness & Training
- Intrusion Detection Systems
- Trust and privacy
- Malware Analysis
- Behavioral Modeling
- Secure Communication Protocols
- Malware analysis
- Network security and protocols
- Hardware enforced virtualization

For more information, please see https://www.journals.elsevier.com/ict-express/call-for-papers/special-issue-on-ci-smart-grid-cyber-security.

Security and Communication Networks journal, Special Issue on Cybersecurity in the Internet of Things, (Submission Due 27 October 2017) [posted here 08/21/17]
Guest Editors: Félix Gómez-Mármol (University of Murcia, Murcia, Spain), Patricia Arias-Cabarcos (Universität Mannheim, Mannheim, Germany), Vijay Varadharajan (University of Newcastle, Newcastle, Australia).

With the settlement of smartphones and tablets in modern societies, as well as the proliferation of an astronomic amount of other electronic devices such as wearables, e-Health sensors, electrical appliances, or vehicles (amidst others), all provided with Internet connection, all potentially dealing with sensitive information, and most of them mobile in essence, we are witnessing today the real advent of the Internet of Things (IoT). This new paradigm brings along many indubitable advantages, but also a nonnegligible number of security threats that should not go underestimated. Besides increasing in number, those threats are becoming more sophisticated and harmful (as it is the case of advanced persistent threats, or APTs), making it unfeasible for a human administrator to manually protect each and every device within the constellation of gadgets, artefacts, and computer systems of the IoT. Moreover, an alarming amount of the new solutions envisaged for the IoT pay higher attention to usability aspects, recklessly ignoring substantial security protection mechanisms, making the IoT an ideal playground for malicious hacking activities. Hence, it is imperative to find solutions aiming at the integral protection of the plethora of vulnerable devices within the IoT. Working on those solutions will help the wider adoption of these new technologies and help users to entrust them. Thus, this Special Issue seeks high-quality original papers presenting innovative solutions dealing with cybersecurity in the field of IoT. In particular, novel techniques and mechanisms aimed at the security and privacy protection of these environments are welcome. Likewise, we encourage review articles describing and analyzing the current state of the art in this field. Papers with a strong cryptographic background will not be considered as part of this special issue. Papers will be evaluated based on their originality, presentation, relevance, and contribution to the field of cybersecurity in the IoT, as well as their suitability to the special issue, and for their overall quality. The submitted papers have to describe original research which has not been published nor currently under review by other journals or conferences. Guest editors will make an initial determination of the suitability and scope of all submissions. Papers that either lack originality and clarity in presentation or fall outside the scope of the special issue will not be sent for review and authors will be promptly informed in such cases. Potential topics include but are not limited to the following:
- Intrusion detection and prevention systems
- Malware analysis
- Privacy-preserving solutions
- Countermeasures solutions
- Seamless security solutions
- Threats and vulnerabilities
- Botnets analysis
- BYOD security
- Identity management
- Authorization and access control
- Trust and reputation management
- Machine learning-based solutions
- Security Information event management

For more information, please see https://www.hindawi.com/journals/scn/si/932024/cfp/.

Elsevier Online Social Networks and Media Journal, Special Issue on Information and Opinion Diffusion in Online Social Networks and Media, (Submission Due 1 October 2017) [posted here 07/31/17]
Guest Editors: Marco Conti (IIT-CNR, Italy) and Andrea Passarella (IIT-CNR, Italy).

Online Social Networks are a massively successful phenomenon, used by billions of users to interact. Nowadays, information diffusion in Online Social Networks and Media (OSNEM) has a major role, among many others, for recommendation systems, advertising, and political campaigns. Moverover, the way information circulates in OSNEM impacts on the formation of opinions and on the social roles of users and their influence on others. OSNEM are extensively used for spreading information, opinions and ideas, but also to propagate fake news and rumors. Therefore, prevention of spam, bots and fake accounts, information leakage, trustworthiness of information and trust between users are relevant research issues associated with information diffusion. This special issue seeks contributions pushing the state of the art in all facets of information and opinion diffusion in online social networks and media. We solicit manuscripts where quantitative and/or data-driven approach is used to investigate information and opinion diffusion in OSNEM. Topics include, but are not limited to:
- Dynamics of trends, information and opinion diffusion in OSNEM
- Recommendations and advertising in OSNEM
- Spread of news, topics, and opinions
- Trust, reputation, privacy in OSNEM information and opinion diffusion
- Rumors and fake news spreading in OSNEM
- Bots and fake users detection
- Influence analysis and social influence
- Identification of diffusion sources and influencers
- Methods to modify/control/maximise information and opinion diffusion
- Measurements of information and opinion diffusion in OSNEM
- Models of information and opinion diffusion
- Data-driven approaches to study information and opinion diffusion in OSNEM

For more information, please see http://www.journals.elsevier.com/online-social-networks-and-media/.

Security and Communication Networks journal, Special Issue on User Authentication in the IoE Era: Attacks, Challenges, Evaluation, and New Designs, (Submission Due 1 September 2017) [posted here 04/24/17]
Guest Editors: Ding Wang (Peking University, Beijing, China), Shujun Li (University of Surrey, Guildford, UK), and Qi Jiang (University of Waterloo, Ontario, Canada and Xidian University, Xi'an, China).

We are venturing into the new era of Internet of Everything (IoE) where smaller and smarter computing devices have begun to be integrated into the cyber-physical-social environments in which we are living our lives. Despite its great potential, IoE also exposes devices and their users to new security and privacy threats, such as attacks emanating from the Internet that can impact human users' health and safety. User authentication, as a first line of defense, has been widely deployed to prevent unauthorized access and, in many cases, is also the primary line of defense. However, conventional user authentication mechanisms are not capable of addressing these new challenges. Firstly, it is not possible to directly utilize many Internet-centric security solutions because of the inherent characteristics of IoE devices (e.g., their limited computational capabilities and power supply). Secondly, IoE devices may lack conventional user interfaces, such as keyboards, mice, and touch screens, so that many traditional solutions simply cannot be applied. In summary, the subjects of user authentication in IoE are compelling, yet largely underexplored, and new technologies are needed by both the industry and academia. This special issue aims to provide a venue for researchers to disseminate their recent research ideas and results about user authentication in IoE. Potential topics include but are not limited to the following:
- Lightweight authentication
- Password-based authentication
- Biometric-based authentication
- Multi-factor authentication
- Continuous/implicit authentication
- Authentication for fog/edge computing
- Authentication for cloud computing
- Anonymous authentication
- Privacy enhancing technologies for authentication
- New paradigms for user authentication
- Attacks on authentication for IoE devices
- Human aspects of authentication in IoE
- Foundational principles for authentication
- Evaluation metrics for authentication schemes

For more information, please see https://www.hindawi.com/journals/scn/si/908453/cfp/.

Ad Hoc Networks, Special Issue on Security of IoT-enabled Infrastructures in Smart Cities, (Submission Due 1 September 2017) [posted here 04/10/17]
Guest Editors: Steven Furnell (Plymouth University, United Kingdom), Abbas M. Hassan (Al Azhar University, Qena, Egypt), and Theo Tryfonas (University of Bristol, United Kingdom).

Internet of Things (IoT) is a paradigm that involves a network of physical objects containing embedded technologies to collect, communicate, sense, and interact with their internal states or the external environment through wireless or wired connections. IoT uses unique addressing schemes and network infrastructures to create new application or services. Smart cities are developed urban environments where any citizen can use any service anywhere and anytime. IoT has become a generator of smart cities aiming at overcoming the problems inherent in traditional urban developments. The nature of IoT information exchange among the connected objects “Things” and remote locations for data storage and data processing gives the ability to collect numerous amounts of data about individuals, and other things in the smart city. Hence, these data can be passed to malicious or have vulnerabilities such as man-in-the-middle attack or denial-of-service (DoS) attacks. Therefore, collected and transferred bands of data via IoT infrastructure would affect the national security and privacy. Driven by the concept that IoT is the major builder in the coming smart cities, security and privacy have become inevitable requirements not only for personal safety, but also for assuring the sustainability of the ubiquitous city. Although, there are available researches that address the security challenges in IoT data, this special issue aims to address the security and privacy challenges emerging from deploying IoT in smart cities with a special emphasize on the IoT device, infrastructures, networking, and protocols. In addition, the special issue provides an up-to-date statement of the current research progresses in IoT security, privacy challenges, and mitigation approaches for protecting the individuals’ safety and the sustainability of the smart city. The topics of interest include but are not limited to:
- Innovative techniques for IoT infrastructure security
- Internet of Things (IoT) devices and protocols security
- Cross-domain trust management in smart communities
- Cloud computing-based security solutions for IoT data
- Security and privacy frameworks for IoT-based smart cities
- Critical infrastructures resilience and security in smart cities
- Biometric modalities involved in IoT security for smart cities
- Security challenges and mitigation approaches for smart cities
- Cyber attacks detection and prevention systems for IoT networks
- Interoperable security for urban planning and applications
- Ethics, legal, and social considerations in IoT security

For more information, please see https://www.journals.elsevier.com/ad-hoc-networks/call-for-papers/special-issue-on-security-of-iot-enabled-infrastructures-in.

Security and Communication Networks journal, Special Issue on Emerging and Unconventional: New Attacks and Innovative Detection Techniques, (Submission Due 28 July 2017) [posted here 03/20/17]
Guest Editors: Luca Caviglione (National Research Council of Italy,Italy), Wojciech Mazurczyk (Warsaw University of Technology & FernUniversität in Hagen, Poland), Steffen Wendzel (Fraunhofer FKIE, Germany), and Sebastian Zander (Murdoch University, Australia).

In the last years, advancements of the information and communication technologies have spawned a variety of innovative paradigms, such as cloud and fog computing, the Internet of Things (IoT), or complex vehicle-to-vehicle frameworks. As a consequence, the cybersecurity panorama is now getting populated with complex, emerging, and unconventional attacks, which require deep investigation and proper understanding. For example, the diffusion of online social networks brought social engineering to the next level, while IoT led to a completely new set of hazards also endangering the user at a physical level. Modern threats also exploit a variety of advanced methods to increase their stealthiness in order to remain unnoticed for long periods, as well as reduce the effectiveness of many digital forensics techniques and detection tools. Therefore, new and emerging technologies changed the modern cybersecurity landscape, which nowadays is populated by novel attacks and also requires innovative detection and prevention methods. In this perspective, the special issue aims at investigating the most advanced and innovative forms of attacks and scenarios, for instance, considering automotive or building automation settings. To complete the picture, a relevant attention will be given to works dealing with innovative forms of detection and forensics analysis, which are mandatory to counteract sophisticated malware able to hide or take advantage of unconventional and complex scenarios. This issue accepts high quality papers containing novel original research results and review articles of exceptional merit covering the most cutting-edge cybersecurity threats and countermeasures. Potential topics include but are not limited to the following:
- Novel advanced and persistent threats aiming at automotive and smart buildings/cities
- Security issues and profiling hazards in smart buildings/cities
- IoT and device specific attacks, for example, battery drain attacks or attacks on IoT routing protocols
- Hazards taking advantage from social media, for example, social bots and new social engineering attacks
- Information hiding threats to counteract forensics tools and analysis
- Network steganography for data exfiltration and new information-hiding-capable threats
- Energy-based detection of slow and hidden attacks, including low-attention rising threats for mobile and handheld devices
- Scalable countermeasures for preventing steganography in big-data-like sources
- Novel threats targeting vehicles and cloud and software defined networking technologies
- Bioinspired attacks and detection mechanisms
- Ransomware: novel trends, characteristics, and detection
- Moving Target Defense (MTD) solutions against infections

For more information, please see https://www.hindawi.com/journals/scn/si/761087/cfp/.

Elsevier Computer Networks, Special Issue on Security and Performance of Software-defined Networks and Functions Virtualization, (Submission Due 30 June 2017) [posted here 06/23/17]
Guest Editors: David Hausheer (Otto von Guericke University Magdeburg, Germany), Oliver Hohlfeld (RWTH Aachen, Germany), Stefan Schmid (Aalborg University & TU Berlin, Denmark and Germany), and Guofei Gu (Texas A&M University, U.S.A).

Software-defined Networking (SDN) and Network Functions Virtualization (NFV) are envisioned to massively change network management by enabling a more flexible management of complex networks. While the aim of SDN is to split the control and data plane and to introduce open interfaces between these layers, NFV abstracts network functions from dedicated hardware to virtual machines running on commodity hardware. Consequently, applying SDN/NFV is claimed to have a high business advantage in terms of cost savings and additional revenue sources for network operators, new opportunities for solution providers, and opening new business models. However, major performance challenges arise when realizing SDN/NFV given the overheads imposed by software and virtualization stacks. At the same time, e.g., the outsourcing of network control or the relocation of network functions to cloud services create new challenges on data privacy and network security. This special issue of the Computer Networks Journal solicits original, high-quality papers that present, analyze and discuss solutions to improve the security and privacy in SDN/NFV, mechanisms to achieve high packet processing performances in virtualized environments, as well as performance benchmarking aspects and standards. Related topics, such as new security mechanisms enabled by SDN/NFV (e.g. mitigation of DDoS attacks), validation, verification and certification of network functions, design of energy efficient NFV networks, new algorithms controlling the function placement, as well as new services offerings enabled by SDN/NFV (e.g. to improve the end-user experience), techno-economic aspects (e.g. new pricing and business models), and others are also within the scope of the special issue.

For more information, please see https://www.journals.elsevier.com/computer-networks/call-for-papers/special-issue-on-security-and-performance-of-software-define.

IET Networks, Special Issues on Security architecture and technologies for 5G, (Submission Due 30 June 2017) [posted here 05/08/17]
Guest Editors: Hongke Zhang (Beijing Jiaotong University, China), Chi-Yuan Chen (National Ilan University, Taiwan), Shui Yu (Deakin University, Australia), and Wei Quan (Beijing Jiaotong University, China).

5G security challenges come from many aspects. Firstly, secure network architectures are required as the basis for 5G to support a huge number of connected devices. Secondly, 5G will migrate or bring in many promising network technologies, such as Software Defined Networking (SDN), Network Functions Virtualization (NFV), Information Centric Network (ICN), Device to Device (D2D), Network Slicing, Cloud Computing/Fog Computing and so on. These technologies should also provide security guarantee for 5G architecture. Thirdly, more and more user data and network traffic will be carried in the 5G network. Big Data Security should be considered to protect these data, including the data privacy, data sources, data analytics and so on. Fourthly, 5G will promote many interesting applications, which also require secure supports, such as Vehicular Network, Internet of Energy (IoE) and VR/AR. We call for survey and research papers in the 5G security scope. We aim to provide a platform for researchers to further explore the security issues, technologies, architecture for 5G networks.

For more information, please see http://digital-library.theiet.org/files/IET_NET_CFP_SEC.pdf.

IEEE Security & Privacy Magazine, Special issue on Digital Forensics, (Submission Due 1 March 2017) [posted here 08/22/16]
Guest Editors: Wojciech Mazurczyk (Warsaw University of Technology & FernUniversität in Hagen, Poland), Steffen Wendzel (Fraunhofer FKIE, Germany), Luca Caviglione (National Research Council of Italy, Italy), and Simson L. Garfinkel (National Institute of Standards and Technology, USA)

Modern societies are becoming increasingly dependent on open networks where commercial activities, business transactions, and government services are delivered. Despite the benefits, these networks have led to new cyberthreats and cybersecurity issues. Abuse of and mistrust for telecommunications and computer network technologies have significant socioeconomic impacts on global enterprises as well as individuals. Cybercriminal activities such as fraud often require the investigations that span across international borders. In addition, they’re often subject to different jurisdictions and legal systems. The increased intricacy of the communication and networking infrastructure complicates investigation of such activities. Clues of illegal digital activities are often buried in large volumes of data that makes crime detection and evidence collection difficult. This poses new challenges for law enforcement and compels computer societies to utilize digital forensics to combat the growing number of cybercrimes. Forensic professionals must be fully prepared to gather effective digital evidence. Forensic techniques must keep pace with new technologies; therefore, digital forensics is becoming more important for law enforcement and information and network security. This multidisciplinary area includes several fields, including law, computer science, finance, networking, data mining, and criminal justice. It faces diverse challenges and issues in terms of the efficiency of digital evidence processing and related forensic procedures. This special issue aims to collect the most relevant ongoing research efforts in digital forensics field. Topics include, but aren’t limited to:
- real-world case studies, best practices, and readiness;
- challenges and emerging trends;
- digital forensic triage;
- antiforensics and anti-antiforensics approaches;
- networking incident response, investigation, and evidence handling;
- network forensics and traffic analysis;
- detecting illegal sites and traffic (for instance, child abuse/exploitation);
- malware and targeted attacks including analysis and attribution;
- information-hiding techniques (network stenography, covert channels, and so on);
- stealth communication through online games and its detection;
- use and implications of machine learning in digital forensics;
- big data and digital forensics;
- network traffic fingerprinting and attacks;
- cybercrimes design, detection, and investigation;
- cybercrime issues and solutions from a digital forensics perspective;
- nontraditional forensic scenarios and approaches (for instance, vehicles, SCADA, automation and control);
- social networking forensics;
- cloud forensics;
- law enforcement and digital forensics; and
- digital forensics for incident response, research, policy compliance enforcement, and so on.

For more information, please see https://www.computer.org/web/computingnow/spcfp6.

Journal of Visual Communication and Image Representation, Special Issue on Data-driven Multimedia Forensics and Security, (Submission Due 28 February 2017) [posted here 11/14/16]
Guest Editors: Anderson Rocha (University of Campinas, Brazil), Shujun Li (Universityof Surrey, UK), C.-C. Jay Kuo (University of Southern California, US), Alessandro Piva (University of Florence, Italy), and Jiwu Huang (Shenzhen University, China)

In the last decade a large number of multimedia forensic and security techniques have been proposed to evaluate integrity of multimedia data. However, most of these solutions adopt very limiting and simplifying working conditions, being more appropriate for laboratorial tests than for real-world deployment. Unfortunately, with big data requirements on the table, the stakes are higher now. Forensics and security experts are no longer required to provide the society with solutions for specific cases. Instead, we need to cope with shear amounts of data and in different operational and acquisition conditions. In addition to the traditional multimedia forensics and security research around integrity and authentication, digital images and videos have also been the core components in other related application domains, e.g. biometrics, image and video based information hiding, image and video collection forensics, automatic child porn detection, digital triage of image and video evidence, attacks on image and video-based CAPTCHAs, etc. A common feature of the above listed multimedia forensics and security problems is that they can all be solved by machine learning techniques driven by training data. In recent years, some new and powerful modeling and machine learning paradigms have been developed that allow us to glean over massive amounts of data and directly extract useful information for proper decision making, thus creating new techniques to solve those multimedia forensics and security problems with improved performance. This Special Issue invites researchers in all related fields (including but not limited to image and video signal processing, machine learning, computer vision and pattern recognition, cyber security, digital forensics) to join us in a quest for pinpointing the next-generation image and video forensics and security solutions of tomorrow, capable of processing image and video data using the recently-developed deep learning paradigm and other new modelling and learning techniques. ALL submissions must highlight their machine-learning based approach and discuss how their solutions deal with large collections of data. The core data used in your work should be visual data (images and videos). Video data may also include RGB, IR, and depth data. The topics of interest of this Special Issue are listed below. The list is not exhaustive and prospective authors should contact the editors in case of any question. Submissions can contemplate original research, serious dataset collection and benchmarking, or critical surveys. Example Topics of Interest:
- Attacks on visual CAPTCHAs
- Biometrics and counter-spoofing
- Content-protection and counter-protection
- Counter forensics
- Cyber threat analysis for image and video data
- Forensic data fusion (if at least one source contains images and videos)
- Image and video collection forensics
- Incident response related to image and video data
- Multimedia evidence recovery and validation
- Multimedia forensics (forgery detection, attribution, CGI classification)
- Multimedia provenance (phylogeny, digital triage of multimedia evidence)
- Sensitive content detection (porn and child porn detection, violence detection)
- Surveillance for forensics and security applications
- Visual analytics for forensics and security applications
- Visual information hiding: designs and attacks

For more information, please see http://www.journals.elsevier.com/journal-of-visual-communication-and-image-representation.

Elsevier Digital Communications and Networks, Special Issue on Big Data Security and Privacy, (Submission Due 15 February 2017) [posted here 1/23/17]
Guest Editors: Shui Yu (Deakin University, Australia), Peter Muller (IBM Zurich Research Laboratory, Switzerland), and Albert Zomaya (University of Sydney, Australia).

As human beings are deep into the Information Age, we have been witnessing the rapid development of Big Data. Huge amounts of data from sensors, individual archives, social networks, Internet of Things, enterprise and Internet are collected, shared and analyzed. Security and Privacy is one of the most concerned issues in Big Data. Big Data definitely desires the security and privacy protection all through the collection, transmission and analysis procedures. The features of Big Data such as Veracity, Volume, Variety and dynamicity bring new challenges to security and privacy protection. To protect the confidentiality, integrity and availability, traditional security measures such as cryptography, log/event analysis, intrusion detection/prevention and access control have taken a new dimension. To protect the privacy, new pattern of measures such as privacy-preserved data analysis need to be explored. There is a lot of work to be done in this emerging field. The purpose of this special issue is to make the security and privacy communities realizing the challenges and tasks that we face in Big Data. We focus on exploring the security and privacy aspects of Big Data as supporting and indispensable elements of the emerging Big Data research. The areas of interest include, but are not limited to, the following:
- Security technologies for collecting of Big Data
- Cryptography and Big Data
- Intrusion detection and transmission surveillance of Big Data
- Storage and system security for Big Data
- Big Data forensics
- Integrity protection and authentication of Big Data
- Access control of Big Data
- Privacy aware analysis and retrieval of Big Data
- Privacy aware data fusion of Big Data

For more information, please see https://www.journals.elsevier.com/digital-communications-and-networks/call-for-papers/big-data-security-and-privacy.

IEEE Security and Privacy, Special Issue on Blockchain Security and Privacy, (Submission Due 1 February 2017) [posted here 12/5/16]
Guest Editors: Ghassan Karame (NEC Laboratories Europe, Germany), and Srdjan Capkun (ETH Zurich, Switzerland)

The blockchain emerged as a novel distributed consensus scheme that allows transactions, and any other data, to be securely stored and verified without a centralized authority. For some time, the notion of blockchain was tightly coupled with Bitcoin, a well-known proof of work hash-based mechanism. Today, there are more than one hundred alternate blockchains. Some are simple variants of Bitcoin, whereas others significantly differ in their design and provide different functional and security guarantees. This shows that the research community is in search of a simple, scalable, and deployable blockchain technology. Various reports further point to an increased interest in the use of blockchains across many applications and a significant investment by different industries in their development. The blockchain will likely induce considerable change to a large number of systems and businesses. Distributed trust, and therefore security and privacy, is at the core of the blockchain technologies and has the potential to either make them a success or cause them to fail. This special issue aims to collect the most relevant ongoing research efforts in blockchain security and privacy. Topics include, but aren’t limited to:
- Platforms for decentralized consensus (Bitcoin, Ethereum, Stellar, Ripple, Open Blockchain, etc.)
- New threat models and attacks on existing blockchain technologies
- Defenses and countermeasures
- Simple payment verification modes and lightweight blockchain clients
- Anonymity and privacy issues and measures to enhance anonymity and privacy
- Proof-of-work, -stake, -burn, and other consensus alternatives
- Scalability issues and solutions
- Incentive mechanisms for blockchains
- Economic, monetary, legal, ethical, and societal aspects
- Applicability of the technology in financial markets
- Regulation and law enforcement
- Fraud detection and financial crime prevention
- Case studies (for instance, of adoption, attacks, forks, and scams)
- New applications

For more information, please see https://www.computer.org/security-and-privacy/2016/11/21/blockchain-security-and-privacy-call-for-papers/.

Advances in Multimedia journal, Special Issue on Emerging Challenges and Solutions for Multimedia Security, (Submission Due 2 December 2016) [posted here 08/22/16]
Guest Editors: Wojciech Mazurczyk (Warsaw University of Technology, Poland), Artur Janicki (Warsaw University of Technology, Poland), Hui Tian (National Huaqiao University, China), and Honggang Wang (University of Massachusetts Dartmouth, USA)

Today’s world’s societies are becoming more and more dependent on open networks such as the Internet, where commercial activities, business transactions, government services, and entertainment services are realized. This has led to the fast development of new cyber threats and numerous information security issues which are exploited by cyber criminals. The inability to provide trusted secure services in contemporary computer network technologies could have a tremendous socioeconomic impact on global enterprises as well as on individuals. In the recent years, rapid development in digital technologies has been augmented by the progress in the field of multimedia standards and the mushrooming of multimedia applications and services penetrating and changing the way people interact, communicate, work, entertain, and relax. Multimedia services are becoming more significant and popular and they enrich humans’ everyday life. Currently, the term multimedia information refers not only to text, image, video, or audio content but also to graphics, flash, web, 3D data, and so forth. Multimedia information may be generated, processed, transmitted, retrieved, consumed, or shared in various environments. The lowered cost of reproduction, storage, and distribution, however, also invites much motivation for large-scale commercial infringement. The above-mentioned issues have generated new challenges related to protection of multimedia services, applications, and digital content. Providing multimedia security is significantly different from providing typical computer information security, since multimedia content usually involves large volumes of data and requires interactive operations and real-time responses. Additionally, ensuring digital multimedia security must also signify safeguarding of the multimedia services. Different services require different methods for content distribution, payment, interaction, and so forth. Moreover, these services are also expected to be “smart” in the environment of converged networks, which means that they must adapt to different network conditions and types as multimedia information can be utilized in various networked environments, for example, in fixed, wireless, and mobile networks. All of these make providing security for multimedia even harder to perform. This special issue intends to bring together diversity of international researchers, experts, and practitioners who are currently working in the area of digital multimedia security. Researchers both from academia and industry are invited to contribute their work for extending the existing knowledge in the field. The aim of this special issue is to present a collection of high-quality research papers that will provide a view on the latest research advances not only on secure multimedia transmission and distribution but also on multimedia content protection. Potential topics include, but are not limited to:
- Emerging technologies in digital multimedia security
- Digital watermarking
- Fingerprinting in multimedia signals
- Digital media steganology (steganography and steganalysis)
- Information theoretic analysis of secure multimedia systems
- Security/privacy in multimedia services
- Multimedia and digital media forensics
- Quality of Service (QoS)/Quality of Experience (QoE) and their relationships with security
- Security of voice and face biometry
- Multimedia integrity verification and authentication
- Multimedia systems security
- Digital rights management
- Digital content protection
- Tampering and attacks on original information
- Content identification and secure content delivery
- Piracy detection and tracing
- Copyright protection and surveillance
- Forgery detection
- Secure multimedia networking
- Multimedia network protection, privacy, and security
- Secure multimedia system design, trusted computing, and protocol security

For more information, please see http://www.hindawi.com/journals/am/si/561923/cfp/.

IEEE MultiMedia, Special Issue on Cybersecurity for Cyber-Enabled Multimedia Applications, (Submission Due 1 December 2016) [posted here 08/01/16]
Guest Editors: Qun Jin (Waseda University, Japan), Yong Xiang (Deakin University, Australia), Guozi Sun (Nanjing University of Posts and Telecommunications, China), Yao Liu (University of South Florida, USA), and Chin-Chen Chang (Feng Chia University, Taiwan)

With the rapid popularity of social network applications and advanced digital devices, the past few years have witnessed the explosive growth of multimedia big data in terms of both scale and variety. Such increasing multimedia data determines a new way of communication — seamless network connection, the joyfulness user experience, and free information sharing. Meanwhile, security issues related to such multimedia big data have arisen, and an urgent demand for novel technologies has emerged to deal with copyright protection, multimedia forgery detection, and cybersecurity, especially for cyber-enabled multimedia applications. Although many promising solutions have been proposed recently, it is still challenging for the multimedia community to effectively and efficiently handle security challenges over large-scale multimedia data, especially when the scale comes up from tens of thousands to tens of millions or even billions. This special issue aims to bring together the greatest research efforts in cybersecurity for cyber-enabled multimedia applications to specifically deal with the security challenges in the multimedia big data era. The main goals are to investigate novel ideas and research work of cybersecurity issues with multimedia big data; find or develop effective and efficient techniques and methods in computer vision, multimedia processing, and sensor networks for specific cybersecurity tasks, such as data hiding, and forensics; survey the progress of this area in the past years; and explore interesting and practical cyber-enabled multimedia applications. Submissions should be unpublished and present innovative research work offering contributions either from a methodological or application point of view. Topics of interest include, but are not limited to, the following:
- Emerging fundamental issues in multimedia big data security
- Text, audio, images, and video data hiding
- Multimedia steganography and corresponding steganalysis
- Multimedia watermarking, fingerprinting, and hashing
- Multimedia forensics and data source identification
- Cryptography, secret sharing, and biometrics
- Multimedia network security, privacy, and protection
- Multimedia big data trust management and access control
- Secure covert communications and cybersecurity
- Secure cyber-enabled multimedia applications in health, education, and so on

For more information, please see https://www.computer.org/web/computingnow/mmcfp4.

IEEE Communications Magazine, Feature Topic on Traffic Measurements for Cyber Security, (Submission Due 1 October 2016) [posted here 6/20/16]
Guest Editors: Wojciech Mazurczyk (Warsaw University of Technology, Poland), Koji Nakao (KDDI / NICT, Japan), Maciej Korczyski (Delft University of Technology, The Netherlands), Engin Kirda (Northeastern University, USA), Cristian Hesselman (SIDN Labs, The Netherlands), and Katsunari Yoshioka (Yokohama National University, Japan)

In today's world, societies are becoming more and more dependent on open networks such as the Internet - where commercial activities, business transactions and government services are realized. This has led to the fast development of new cyber threats and numerous information security issues which cyber criminals exploit. The inability to provide trusted secure services in contemporary computer network technologies has a tremendous unfavorable socio-economic impact on global enterprises as well as individuals.

Current communication networks are increasingly becoming pervasive, complex, and ever-evolving due to factors like enormous growth in the number of network users, continuous appearance of network applications, increasing amount of data transferred, and diversity of user behaviors. Understanding and measuring traffic in such networks is a not only difficult yet vital task for network management but recently also for cyber security purposes.

Network traffic measuring and monitoring can, enable the analysis of the spreading of malicious software and its capabilities or can help us understand the nature of various network threats including those that exploit users' behavior and other user's sensitive information. On the other hand, network traffic investigation can also help us assess the effectiveness of the existing countermeasures or contribute to building new, better ones. Recently, traffic measurements have been utilized in the area of economics of cyber security e.g. to assess ISP "badness" or to estimate the revenue of cyber criminals.

The aim of this feature topic is to bring together the research accomplishments by academic and industry researchers. The other goal is to show the latest research results in the field of cyber security and understand how traffic measurements can influence it. We encourage prospective authors to submit related distinguished research papers on the subject of both theoretical approaches and practical case reviews.

This special issue presents some of the most relevant ongoing research in cyber security seen from the traffic measurements perspective. Topics include, but are not limited to the following:
- Measurements for network incidents response, investigation and evidence handling
- Measurements for network anomalies detection
- Measurements for economics of cyber security
- Network traffic analysis to discover the nature and evolution of the cyber security threats
- Measurements for assessing the effectiveness of the threats detection/prevention methods and countermeasures
- Novel passive, active and hybrid measurements techniques for cyber security purposes
- Traffic classification and topology discovery tools for monitoring the evolving status of the network from the cyber security perspective
- Correlation of measurements across multiple layers, protocols or networks for cyber security purposes
- Novel visualization approaches to detect network attacks and other threats
- Analysis of network traffic to provide new insights about network structure and behavior from the security perspective
- Measurements of network protocol and applications behavior and its impact on cyber security and users' privacy
- Measurements related to network security and privacy

For more information, please see http://www.comsoc.org/commag/cfp/traffic-measurements-cyber-security.

IEICE Transactions on Information and Systems, Special Section on Information and Communication System Security, (Submission Due 25 August 2016) [posted here 6/20/16]
Guest Editors: Yasunori Ishihara (Osaka University, Japan), Atsushi Kanai (Hosei University, Japan), Kazuomi Oishi (Shizuoka Institute of Science and Technology, Japan), and Yoshiaki Shiraishi (Kobe University, Japan)

The IEICE Transactions on Information and Systems, which is included in SCIE (Science Citation Index Expanded), announces that it will publish a special section entitled "Special Section on Information and Communication System Security" in August, 2017. The major topics include, but are not limited to:
- Security Technologies on AdHoc Network, P2P, Sensor Network, RFID, Wireless Network, Mobile Network, Home Network, Cloud, Database System, SNS
- Access Control, Content Security, DRM, CDN, Privacy Protection, E-Commerce, PKI, Security Architecture, Security Protocol, Security Implementation Technology, Secure OS, Security Evaluation/Authentication

For more information, please see http://www.ieice.org/~icss/CFP/ICSS-Ieice-2017e.pdf.

IEEE Transactions on Computers, Special Section on Secure Computer Architectures. (Submission Due 30 May 2016) [posted here 12/7/15]
Editors: Ruby Lee (Princeton University, USA), Patrick Schaumont (Virginia Tech, USA), Ron Perez (Cryptography Research Inc., USA), and Guido Bertoni (ST Microelectronics, USA).

Nowadays, computer architectures are profoundly affected by a new security landscape, caused by the dramatic evolution of information technology over the past decade. First, secure computer architectures have to support a wide range of security applications that extend well beyond the desktop environment, and that also include handheld, mobile and embedded architectures, as well as high-end computing servers. Second, secure computer architectures have to support new applications of information security and privacy, as well as new information security standards. Third, secure computer architectures have to be protected and be tamper-resistant at multiple abstraction levels, covering network, software, and hardware. This Special Section from Transactions on Computers aims to capture this evolving landscape of secure computing architectures, to build a vision of opportunities and unresolved challenges. It is expected that contributed submissions will place emphasis on secure computing in general and on engineering and architecture design aspects of security in particular. IEEE Transactions on Computers seeks original manuscripts for a Special Section on Secure Computer Architectures tentatively scheduled to appear in the July 2017 issue. The topics of interest for this special section include:
- Cryptographic Primitives
- Homomorphic Computing and Multiparty Computing
- Scalability Issues of Server-level Secure Computing
- High Performance/Low Power Cryptography
- Oblivious RAM
- Side-Channel Analysis
- Side-channel attacks and defenses
- Hardware Trojans and Backdoors
- Hardware Vulnerabilities - Counters, Caches, Shared Memory
- Computing Architectures for Isolation
- Smartphone Security
- Embedded Systems Security
- Secure Processors and Systems
- Hardware Security
- Secure Virtualization and Memory Safety
- Security Simulation, Testing, Validation and Verification
- Metrics for Tamper Resistance
- Security Metrics
- Standards in Secure Computing
- Instruction-Sets for Security and Cryptography
- Dedicated and Protected Storage
- Secure Computer Interfaces

For more information, please see http://www.computer.org/cms/Computer.org/transactions/cfps/cfp_tcsi_sca.pdf.

Call for Book Chapters: Empirical Research for Software Security: Foundations and Experience, Taylor & Francis Group, LLC. (Submission Due 15 May 2016) [posted here 1/11/16]
This book introduces the reader to using empirical research methods in exploring software security challenges. These methods include data analytics, questionnaires, interviews, and surveys that produce evidence for or against given claims. The book provides the foundations for using these empirical methods of collecting evidence about tools, techniques, methods, and processes for developing secure software using practical examples. Developing secure software requires the integration of methods, such as threat modeling and risk assessment and the integration of tools, such as security testing and code analysis tools into the development process. The design of such methods and processes is in general an artistic endeavor that is based on the shared expert knowledge, claims, and opinions. Empirical research methods allow extracting knowledge and insights from the data that organizations collect from their processes and tools and from the opinions of the experts who practice these processes and methods. This knowledge extraction contributes to maturing the design and adaptation of these techniques, methods, and processes. Example of the topics of interest include:
- The science of secure software
- Survey of threat modeling techniques
- Empirical research in software security
- The fundamentals of data analytics for secure software
- Assessment of the challenges of developing secure software using the agile approach
- Assessment of the usability of security code analysis tools
- The impact of security assessment on the developers' security awareness
- The efficiency of security training
- Combinatorial testing for software security

For more information, please see https://www.sit.fraunhofer.de/de/ijsse/?no_cache=1.

IEEE Cloud Computing, Special Issue on Cloud Security. (Submission Due 29 February 2016) [posted here 1/11/16]
Editors: Peter Mueller (IBM Zurich Research Laboratory, Switzerland), Chin-Tser Huang (University of South Carolina, USA), Shui Yu (Deakin University, Australia), Zahir Tari (RMIT University, Australia), and Ying-Dar Lin (National Chiao Tung University, Taiwan).

Many critical applications - from medical, financial, and big data applications to applications with real-time constraints - are being migrated to cloud platforms. It's been predicted that the bulk of future IT infrastructure spending will be on cloud platforms and applications, and nearly half of all large enterprises are planning cloud deployments by the end of 2017. However, cloud computing systems and services are also major targets for cyberattackers. Because the cloud infrastructure is always, to a certain degree, an open and shared resource, it's subject to malicious attacks from both insiders and outsiders. Side-channel attacks, identity hijacking, and distribution of malicious code have all been observed. Thus, centralized management of security in cloud environments needs to be carefully analyzed and maintained. These vulnerabilities point to the importance of protecting cloud platforms, infrastructures, hosted applications, and information data, and create demand for much higher-level cloud security management than is available today. This calls for comprehensive vulnerability analyses and massive theoretical and practical innovation in security technologies. This special issue aims to address these needs. Areas of interest for the special issue include, but are not limited to:
- Access control mechanisms for clouds
- Cloud security management
- Colluding attacks over multiple clouds
- Distributed denial of service in clouds
- Information retrieval on encrypted data in clouds
- Information sharing and data protection in clouds
- Intrusion detection in clouds
- Privacy policy framework for clouds
- Secure applications distributed over clouds
- Secure big data in clouds
- Security architectures for mobile cloud computing
- Security in software-defined networks.
- Security protocols for cloud computing
- Trust computing for meshed cloud services
- Virtualization of security in clouds

For more information, please see http://www.computer.org/cloudcomputing.

IEEE Computer, Special Issue on Supply Chain Security for Cyber-Infrastructure. (Submission Due 1 February 2016) [posted here 12/14/15]
Editors: Domenic Forte (University of Florida, USA), Swarup Bhunia (University of Florida, USA), Ron Perez (Cryptography Research Inc., USA), and Yongdae Kim, Korea Advanced Institute of Science and Technology, Korea).

Design, fabrication, assembly, distribution, system integration, and disposal of today's electronic components, systems, and software involve multiple untrusted parties. Recent reports demonstrate that this long and globally distributed supply chain is vulnerable to counterfeiting (cloning, overproduction, recycling, etc.) and malicious design modification (such as Trojan attacks). The issues associated with counterfeit components include security and reliability risks to critical systems, profit and reputation loss for intellectual property owners, and the discouragement of innovation in system development. Recent bugs such as Heartbleed have shown that flaws in open source and third-party code can have a tremendous impact, including the leakage of sensitive and personal data. While awareness in the hardware supply chain has increased in recent years, the scope of the problem has continued to grow and evolve. Data from the Government and Industry Data Exchange Program and Information Handling Services Inc. indicates a sixfold and fourfold increase, respectively, in reported counterfeit components over the last four years. Existing solutions fail to provide adequate protection against supply chain security issues, and many are too intrusive and expensive to be practical for industry use. Most focus on protecting custom digital integrated circuits (ICs) such as processors and field-programmable gate arrays. However, many other large and small electronic systems and components are just as susceptible to recycling, cloning, and tampering, but have not been adequately addressed. Meanwhile, recent reports by the Business Software Alliance highlight the widespread use of unlicensed software in emerging markets, which account for the majority of PCs in use globally. Furthermore, the software distribution model has shifted from purchases made in stores to those made online, creating even more opportunities for hackers to manipulate code and/or spread malware. This special issue is intended to raise awareness of supply chain issues, highlight new attacks, point out the existing solutions, and encourage fresh protection approaches. It will focus on supply chain security, as well as comprehensive, cost effective, and easy-to-use solutions. We solicit articles on topics related to security in all parts of the hardware and software supply chain. While articles that focus on specific supply chain security gaps are acceptable, those that address problems with all steps of the supply chain and/or hardware-software integration are strongly encouraged. Example topics include, but are not limited to, the following:
- Analysis of supply chain vulnerabilities and trends
- Risk-based analysis for counterfeit electronics, pirated software, and/or malicious hardware and software
- Quantitative metrics for hardware and software supply chain security
- Security at hardware-software integration boundaries
- Hardware and software reverse engineering and anti-reverse engineering
- Hardware and software Trojan detection, prevention, and recovery
- Provenance for counterfeit electronics and unlicensed software
- Secure software delivery and digital rights management
- Primitives, sensors, and tests for counterfeit electronics detection
- Novel solutions for analog and mixed-signal counterfeit ICs
- Hardware metering at device and system levels
- Tracking and tracing of electronic devices and systems

For more information, please see http://www.computer.org/web/computingnow/cocfp8.

ACM Transactions on Internet Technology, Special Issue on Internet of Things (IoT): Secure Service Delivery. (Submission Due 30 November 2015) [posted here 04/27/15]
Editors: Elisa Bertino (Purdue University, USA), Kim-Kwang Raymond Choo (University of South Australia, Australia), Dimitrios Georgakopoulos (RMIT University, Australia), and Surya Nepal (CSIRO, Australia).

The aim of this special section is to bring together cutting-edge research with particular emphasis on novel and innovative techniques to ensure the security and privacy of IoT services and users. We solicit research contributions and potential solutions for IoT-based secure service delivery anywhere and at any time. This special section emphasizes service-level considerations. Topics of interest include, but are not limited to:
- Security of IoT
- IoT Service Architectures and Platforms
- Real-Time IoT Service Security Analytics and Forensics
- Organizational Privacy and Security Policies
- Governance for IoT Services
- Social Aspects of IoT Security
- Security and Privacy Threats to IoT Services and Users
- Accountability and Trust Management
- Legal Considerations and Regulations
- Case Studies and Applications

For more information, please see http://toit.acm.org/CfP/ACM-ToIT-CfP-IoT-Security.pdf.

IEEE Communication Magazine, Feature Topic on Bio-inspired Cyber Security for Communications and Networking. (Submission Due 1 November 2015) [posted here 06/29/15]
Editors: Wojciech Mazurczyk (Warsaw University of Technology, Poland), Sean Moore (Centripetal Networks, USA), Errin W. Fulp (Wake Forest University, USA), Hiroshi Wada (Unitrends, Australia), and Kenji Leibnitz (National Institute of Information and Communications Technology, Japan).

Nature is Earth’s most amazing invention machine for solving problems and adapting to significant environmental changes. Its ability to address complex, large-scale problems with robust, adaptable, and efficient solutions results from many years of selection, genetic drift and mutations. Thus, it is not surprising that inventors and researchers often look to natural systems for inspiration and methods for solving problems in human-created artificial environments. This has resulted in the development of evolutionary algorithms including genetic algorithms and swarm algorithms, and of classifier and pattern-detection algorithms, such as neural networks, for solving hard computational problems.

A natural evolutionary driver is to survive long enough to create a next-generation of descendants and ensure their survival. One factor in survival is an organism’s ability to defend against attackers, both predators and parasites, and against rapid changes in environmental conditions. Analogously, networks and communications systems use cyber security to defend their assets against cyber criminals, hostile organizations, hackers, activists, and sudden changes in the network environment (e.g., DDoS attacks). Many of the defense methods used by natural organisms may be mapped to cyber space to implement effective cyber security. Some examples include immune systems, invader detection, friend vs. foe, camouflage, mimicry, evasion, etc. Many cyber security technologies and systems in common use today have their roots in bio-inspired methods, including anti-virus, intrusion detection, threat behavior analysis, attribution, honeypots, counterattack, and the like. As the threats evolve to evade current cyber security technologies, similarly the bio-inspired security and defense technologies evolve to counter the threat.

The goal of this feature topic is twofold: (1) to survey the current academic and industry research in bio-inspired cyber security for communications and networking, so that the ComSoc community can understand the current evolutionary state of cyber threats, defenses, and intelligence, and can plan for future transitions of the research into practical implementations; and (2) to survey current academic and industry system projects, prototypes, and deployed products and services (including threat intelligence services) that implement the next generation of bio-inspired methods. Please note that we recognize that in some cases, details may be limited or obscured for security reasons. Topics of interests include, but are not limited to:
- Bio-inspired anomaly & intrusion detection
- Adaptation algorithms for cyber security & networking
- Biometrics related to cyber security & networking
- Bio-inspired security and networking algorithms & technologies
- Biomimetics related to cyber security & networking
- Bio-inspired cyber threat intelligence methods and systems
- Moving-target techniques
- Network Artificial Immune Systems
- Adaptive and Evolvable Systems
- Neural networks, evolutionary algorithms, and genetic algorithms for cyber security & networking
- Prediction techniques for cyber security & networking
- Information hiding solutions (steganography, watermarking) and detection for network traffic
- Cooperative defense systems
- Bio-inspired algorithms for dependable networks

For more information, please see http://www.comsoc.org/commag/cfp/bio-inspired-cyber-security-communications-and-networking.

WileySecurity and Communication Networks journal, Special Issue on Cyber Crime. (Submission Due 20 October 2015) [posted here 06/29/15]
Editors: Wojciech Mazurczyk (Warsaw University of Technology, Poland), Krzysztof Szczypiorski (Warsaw University of Technology, Poland), Zoran Duric (George Mason University, USA), and Dengpan Ye (Wuhan University, China).

Today's world's societies are becoming more and more dependent on open networks such as the Internet - where commercial activities, business transactions and government services are realized. This has led to the fast development of new cyber threats and numerous information security issues which are exploited by cyber criminals. The inability to provide trusted secure services in contemporary computer network technologies has a tremendous socio-economic impact on global enterprises as well as individuals. Moreover, the frequently occurring international frauds impose the necessity to conduct the investigation of facts spanning across multiple international borders. Such examination is often subject to different jurisdictions and legal systems. A good illustration of the above being the Internet, which has made it easier to perpetrate traditional crimes. It has acted as an alternate avenue for the criminals to conduct their activities, and launch attacks with relative anonymity. The increased complexity of the communications and the networking infrastructure is making investigation of the crimes difficult. Traces of illegal digital activities are often buried in large volumes of data, which are hard to inspect with the aim of detecting offences and collecting evidence. Nowadays, the digital crime scene functions like any other network, with dedicated administrators functioning as the first responders. This poses new challenges for law enforcement policies and forces the computer societies to utilize digital forensics to combat the increasing number of cybercrimes. Forensic professionals must be fully prepared in order to be able to provide court admissible evidence. To make these goals achievable, forensic techniques should keep pace with new technologies. The aim of this special issue is to bring together the research accomplishments provided by the researchers from academia and the industry. The other goal is to show the latest research results in the field of digital forensics and to present the development of tools and techniques which assist the investigation process of potentially illegal cyber activity. We encourage prospective authors to submit related distinguished research papers on the subject of both: theoretical approaches and practical case reviews. This special issue presents some of the most relevant ongoing research in cyber crime. Topics include, but are not limited to the following:
- Cyber crimes: evolution, new trends and detection/prevention
- Cyber crime related investigations
- Network forensics: tools and applications, case studies and best practices
- Privacy issues in network forensics
- Social networking forensics
- Network traffic analysis, traceback and attribution
- Network incidents response, investigation and evidence handling
- Identification, authentication and collection of digital evidence in networking environment
- Anti-forensic techniques and methods
- Stealthiness improving techniques: information hiding, steganography/steganalysis and covert/subliminal channels
- Watermarking and intellectual property theft
- Network anomalies detection

For more information, please see http://onlinelibrary.wiley.com/journal/10.1002/%28ISSN%291939-0122.

Elsevier Computer Networks, Special issue on Recent Advances in Physical-Layer Security. (Submission Due 15 October 2015) [posted here 07/13/15]
Editors: Gerhard Hancke (City University of Hong Kong, Hong Kong), Aikaterini Mitrokotsa (Chalmers University of Technology, Sweden), Reihaneh Safavi-Naini (University of Calgary, Canada), and Damien Sauveron (University of Limoges, France).

Physical-layer security is emerging as a promising approach for supporting new and existing security services. Aspects of the physical layer have the potential to provide security services that challenges the capabilities of conventional cryptographic mechanisms, such as relay attacks, ad-hoc key establishment and key-less secure communication. This special issue aims to further scientific research into both theoretical and practical approaches to physical-layer security. It will accept original research papers that report latest results and advances in this area, and will also invite review articles that focus on the state-of-the-art, highlighting trends and challenges. The papers will be peer reviewed and will be selected on the basis of their quality and relevance to the topic of this special issue. We would particularly like to encourage submissions that present strong experimental and/or practical implementation results. Topics include (but are not limited to):
- Determining physical proximity of devices (distance-bounding protocols, location limited channels, etc.)
- Device fingerprinting based on communication features (frequency/data clock skew/transients, etc.)
- Noisy channels ('friendly' jamming) approaches for security
- Jamming ('unfriendly') resistance
- Secret-key generation and agreement over wireless channels
- Cross-layer security mechanisms incorporating cryptography and physical layer aspects for low-resource devices like RFID (efficient schemes, simplified signal processing requirements, etc.)
- Experimental results on practical implementations of physical layer security techniques

For more information, please see http://www.journals.elsevier.com/computer-networks/call-for-papers/special-issue-on-recent-advances-in-physical-layer-security/.

Pervasive and Mobile Computing, Special Issue on Mobile Security, Privacy and Forensics. (Submission Due 30 September 2015) [posted here 05/11/15]
Editors: Kim-Kwang Raymond Choo (University of South Australia, Australia), Lior Rokach (Ben-Gurion University of the Negev Beer-Sheva, Israel), and Claudio Bettini (University of Milan, Italy)

This special issue will focus on cutting edge research from both academia and industry on the topic of mobile security, privacy and forensics, with a particular emphasis on novel techniques to secure user data and/or obtain evidential data from mobile devices in crimes that make use of sophisticated and secure technologies. Topics of interest include:
- Advanced mobile security features
- Anti-anti mobile forensics
- Data visualization in mobile forensics
- Economics of mobile user security and privacy
- Information security awareness of mobile users
- Mobile app security
- Mobile cloud security
- Mobile device security
- Mobile app forensic and anti-forensic techniques
- Mobile device forensic and anti-forensic techniques
- Mobile evidence preservation and examination
- Mobile information leakage detection and prevention
- Mobile malware
- Mobile network security
- Mobile threat identification, detection and prevention
- Mobile user anonymity
- Privacy in geo-social networks
- Privacy in mobile context-aware services
- Privacy for mobile smart objects
- Trust models for mobile devices and services
- Usability of mobile privacy and security technologies

For more information, please see http://www.journals.elsevier.com/pervasive-and-mobile-computing/call-for-papers/special-issue-on-mobile-security-privacy-and-forensics/.

IET Information Security, Special Issue on Lightweight and Energy-Efficient Security Solutions for Mobile Computing Devices. (Submission Due 14 September 2015) [posted here 07/13/15]
Editors: Nele Mentens (KU Leuven, Belgium), Damien Sauveron (University of Limoges, France), José María Sierra Cámara (Universidad Carlos III Madrid, Spain), Shiuh-Jeng Wang (Central Police University, Taiwan, R.O.C.), and Isaac Woungang (Ryerson University, Canada).

In the modern life, computing devices are becoming more and more mobile and embedded, meaning that they are vulnerable to power limitation and low resources. In this context, the needs of lightweight and energy-efficient security solutions to secure communication as well as applications in which they are involved are inescapable. The targeted mobile devices are small and low computational ones such as RFID, Contactless Smart Card, Wireless Sensors Nodes, to name a few. The aim of this Special Issue is to publish state-of-the-art research results in recent advances in Lightweight and Energy-Efficient Security Solutions for Mobile and Pervasive Computing Devices.

For more information, please see http://digital-library.theiet.org/files/IET_IFS_SI_CFP.pdf.

IEICE Transactions on Information and Systems, Special Issue on Information and Communication System Security. (Submission Due 10 September 2015) [posted here 04/20/15]
Editors: Abhishek Parakh (University of Nebraska, Omaha, USA) and Zhiwei Wang (Nanjing University of Posts and Telecommunications, P.R. China).

Mobile devices, such as smart tags, smart pads, tablets, PDAs, smart phones and wireless sensors, have become pervasive and attract significant interest from academia, industry, and standard organizations. With the latest cloud computing technology, those mobile devices will play a more and more important role in computing and communication. When those devices become pervasive, security become critical components for the acceptance of applications build based on those devices. Moreover, several favorable characteristics of mobile devices, including portability, mobility and sensitivity, further increase the challenges of security in these systems. However due to rapid development and applications, security in mobile systems involves different challenges. This special issue aims to bring together works of technologists and researchers who share an interest in the area of security in mobile systems, and to explore new venues of collaboration. Its main purpose is to promote discussions about research and relevant activities in the models and designs of secure, privacy-preserving, trusted architectures, security protocols, cryptographic algorithms, services and applications, as well as to analyse cyber threat in mobile systems. It also aims at increasing the synergy between academic and industry professionals working in this area. We seek papers that address theoretical, experimental research, and works-in-progress for security-related issues in the context of mobile systems. Suitable topics include the following in relation to security:
- Cryptography for mobile systems
- Mobile local area networks
- Mobile mesh networks
- Mobile ad-hoc networks
- Vehicular networks
- Mobile social networks
- Mobile smart grid
- Mobile RFID-based systems
- Mobile cloud
- Mobile cyber-physical systems
- Internet of things
- Location-based service systems
- Mobile healthcare systems
- Big data for mobile computing

For more information, please see http://www.journals.elsevier.com/computers-and-electrical-engineering/call-for-papers/challenges-and-solutions-in-mobile-systems-security/.

Elsevier Future Generation Computer Systems, Special issue on Security, Privacy and Trust of the User-centric Solutions. (Submission Due 1 September 2015) [posted here 07/13/15]
Editors: Raja Naeem Akram (University of London, United Kingdom), Hsiao-Hwa Chen (National Cheng Kung University, Taiwan), Javier Lopez (University of Malaga, Spain), Damien Sauveron (University of Limoges, France), and Laurence T. Yang (St. Francis Xavier University, Canada).

In future computing environments, due to the ongoing development of pervasive and smart technologies, movement towards user-centric solutions must be paramount. The frameworks for everyday personal computing devices, including smartphones, smart cards and sensors, are becoming user-centric instead of issuer-centric. User-centric solutions can target a wide range of applications, ranging from individual devices communicating with other connected devices, through to data-sharing in cloud computing and open grids on very powerful computing systems. User-centric solutions address the devices themselves and the ways in which they communicate, i.e., the networks and the end-user applications. The key factor in the success of user-centric solutions is the peace of mind of users. To achieve this the security, privacy and trust in the user-centric ecosystem for any device must be ensured. This special issue aims to further scientific research within the field of security, privacy and trust for user-centric solutions. It will accept original research papers that report the latest results and advances in this area. It also invites review articles that focus on the state of the art in security, privacy and trust solutions for user-centric devices, network and applications, highlighting trends and challenges. The papers will be peer reviewed and will be selected on the basis of their quality and relevance to the topic of this special issue. Topics include (but are not limited to):
- Security, Privacy and Trust of User-centric Devices (Smartphones, PDA, RFID, Sensors, Smart Cards, Smart Cameras, Smart Objects), User-centric Networks (Mobile Ad hoc Networks, M2M Networks, Urban Networks, Wireless Sensor Networks),and User-centric Applications (Cloud Computing, Data Provenance, Smart Grids
- Technologies used to enhance Security, Privacy and Trust in User-centric solutions (NFC, IPv6, TPM)
- Societal issues related to Security, Privacy and Trust in User-centric solutions (HCI, User interactions)

For more information, please see http://www.journals.elsevier.com/future-generation-computer-systems/call-for-papers/special-issue-on-security-privacy-and-trust-of-the-user-cent/.

Journal of Computer and System Sciences, Special Issue on Cyber Security in the Critical Infrastructure: Advances and Future Directions. (Submission Due 31 August 2015) [posted here 02/02/15]
Editors: Jemal Abawajy (Deakin University, Australia), Kim-Kwang Raymond Choo (University of South Australia, Australia), and Rafiqul Islam (Charles Sturt University, Australia).

This special issue invites original research papers that reports on state-of-the-art and recent advancements in securing our critical infrastructure and cyberspace, with a particular emphasis on novel techniques to build resilient critical information infrastructure. Topics of interest include but are not limited to:
- Cyber security mitigation techniques for critical infrastructures such as banking and finance, communications, emergency services, energy, food chain, health, mass gatherings, transport and water
- Cyber threat modelling and analysis
- Cyber forensics
- Visual analytics and risk management techniques for cyber security
- Cyber security test beds, tools, and methodologies

For more information, please see http://www.journals.elsevier.com/journal-of-computer-and-system-sciences/call-for-papers/cyber-security-in-the-critical-infrastructure-advances-and-f/.

IEEE Transactions on Services Computing, Special Issue on Security and Dependability of Cloud Systems and Services. (Submission Due 31 May 2015) [posted here 02/16/15]
Editors: Marco Vieira (University of Coimbra, Portugal) and Stefano Russo (Università di Napoli Federico II, Italy).

Service-based cloud systems are being used in business-, mission- and safety-critical scenarios to achieve operational goals. Their characteristics of complexity, heterogeneity, and fast-changing dynamics bring difficult challenges to the research and industry communities. Among them, security and dependability (Sec. & Dep.) have been widely identified as increasingly relevant issues. Crucial aspects to be addressed include: metrics, techniques and tools for assessing Sec. & Dep.; modeling and evaluation of the impact of accidental and malicious threats; failure and recovery analysis; Sec. & Dep. testing, testbeds, benchmarks; infrastructure interdependencies, interoperability in presence of Sec. & Dep. guarantees. The objective of this Special Issue is to bring together sound original contributions from researchers and practitioners on methodologies, techniques and tools to assess or improve the security and dependability of cloud systems and services. Suggested topics include, but are not limited to:
- Design, deployment and management of secure and dependable cloud systems and services
- Secure and dependable Service-Oriented Architecture (SOA)
- Secure and dependable Big Data services
- Specification and design methodologies (e.g., model-driven, component-based)
- Modeling and simulation of security and dependability of cloud systems and services
- Metrics for quantifying services dependability and security
- Dependability and security benchmarking of cloud systems
- Verification and validation (V&V) for dependability and security evaluation of services
- Formal verification, testing, analytical and experimental evaluation of services
- Off-line versus on-line dependability and security services assessment
- Protocols and network technologies for dependable and secure mobile cloud applications
- Virtualization for dependable cloud networks
- Future Internet architectures and protocols for mobile cloud computing
- Design and use of supporting tools for creating dependable and secure services
- Case studies illustrating challenges and solutions in designing secure and dependable cloud systems and services

For more information, please see http://www.computer.org/cms/Computer.org/transactions/cfps/cfp_tscsi_sdcss.pdf.

IEICE Transactions on Information and Systems, Special Issue on Information and Communication System Security. (Submission Due 22 May 2015) [posted here 01/19/15]
Editors: Toshihiro Yamauchi (Okayama University, Japan), Yasunori Ishihara (Osaka University, Japan), and Atsushi Kanai (Hosei University, Japan).

The major topics include, but are not limited to:
- Security Technologies on AdHoc Network, P2P, Sensor Network, RFID, Wireless Network, Mobile Network, Home Network, Cloud, and SNS
- Access Control, Content Security, DRM, CDN, Privacy Protection, E-Commerce, PKI, Security Architecture, Security Protocol, Security Implementation, Technologies, Secure OS, Security Evaluation/Authentication

For more information, please see http://www.ieice.org/~icss/index.en.html.

Elsevier Future Generation Computer Systems, Special Issue on Cloud Cryptography: State of the Art and Recent Advances. (Submission Due 1 May 2015) [posted here 01/19/15]
Editors: Kim-Kwang Raymond Choo (University of South Australia, Australia), Josep Domingo-Ferrer (Universitat Rovira i Virgili, Catalonia), and Lei Zhang (East China Normal University, China)

Cloud computing is widely used by organisations and individuals. Despite the popularity of cloud computing, cloud security is still an area needing further research. A particularly promising approach to achieve security in this new computing paradigm is through cryptography, but traditional cryptographic techniques are not entirely suitable for cloud implementation due to computational efficiency limitations and other constraints. This special issue is dedicated to providing both scientists and practitioners with a forum to present their recent research on the use of novel cryptography techniques to improve the security of the underlying cloud architecture or ecosystem, particularly research that integrates both theory and practice. For example, how do we design an efficient cloud cryptography system that offers enhanced security without compromising on usability and performance? An efficient fully homomorphic encryption scheme might be an option. Such a scheme should guarantee that the cloud service provider is unable to view the content of the data he stores (thereby ensuring data confidentiality to users). However, sufficiently efficient fully homomorphic encryption is not yet available. We encourage authors to be exploratory in their submissions – that is, to report on advances beyond the state of the art in research and development of cryptographic techniques that result in secure and efficient means of ensuring security and privacy of cloud data. Topics of interest include but are not limited to:
- Anonymity
- Access control
- Cloud key agreement
- Distributed authentication and authority
- Implementation of cryptographic schemes
- Homomorphic encryption
- Multi-cloud security
- Privacy-preserving provisioning
- Remote proofs of storage
- Searchable encryption
- Secure computation

For more information, please see http://www.journals.elsevier.com/future-generation-computer-systems/call-for-papers/special-issue-on-cloud-cryptography-state-of-the-art-and-rec/.

IEEE Transactions on Cloud Computing, Special Issue on Cloud Security Engineering. (Submission Due 31 March 2015) [posted here 02/02/15]
Editors: Kim-Kwang Raymond Choo (University of South Australia, Australia), Omer Rana (Cardiff University, UK), and Muttukrishnan Rajarajan (City University London, UK).

As the use of cloud computing grows throughout society in general, it is essential that cloud service providers and cloud service users ensure that security and privacy safeguards are in place. There is, however, no perfect security and when a cybersecurity incident occurs, digital investigation will require the identification, preservation and analysis of evidential data. This special issue is dedicated to the identification of techniques that enable security mechanisms to be engineered and implemented in Cloud-based systems. A key focus will be on the integration of theoretical foundations with practical deployment of security strategies that make Cloud systems more secure for both end users and providers - enabling end users to increase the level of trust they have in Cloud providers - and conversely for Cloud service providers to provide greater guarantees to end users about the security of their services and data. Significant effort has been invested in performance engineering of Cloud-based systems, with a variety of research-based and commercial tools that enable autoscaling of Cloud systems, mechanisms for supporting Service Level Agreement-based provisioning and adaptation and more recently for supporting energy management of large scale data centres. This special issue will be devoted to understanding whether a similar engineering philosophy can be extended to support security mechanisms, and more importantly, whether experience from the performance engineering community (who often need to carry out analysis on large log files) can be carried over into the security domain. We encourage authors to be exploratory in their papers - reporting on novel use of performance engineering tools that could be repurposed for supporting security management and vice versa. Topics of interest include:
- Advanced security features
- Anonymity
- Cloud forensic and anti-forensic techniques and implementations
- Cloud privacy
- Cloud-based honeypots
- Cloud-based intrusion detection and prevention systems
- Distributed authentication and authentication
- Implementation of cryptographic and key management strategies in clouds (e.g. homomorphic encryption for cloud computing)
- Multi-Cloud security provisioning
- Real time analysis of security (log) data for alert generation
- Remote collection of evidence (e.g. from cloud servers)
- Security-focused Service Level Agreements

For more information, please see http://www.computer.org/cms/Computer.org/transactions/cfps/cfp_tccsi_cse.pdf.

IEEE Cloud Computing, Special Issue on Legal Clouds: How to Balance Privacy with Legitimate Surveillance and Lawful Data Access. (Submission Due 1 March 2015) [posted here 01/19/15]
Editors: Kim-Kwang Raymond Choo (University of South Australia, Australia), and Rick Sarre (University of South Australia, Australia)

This special issue will focus on cutting edge research from both academia and industry on the topic of balancing cloud user privacy with legitimate surveillance and lawful data access, with a particular focus on cross-disciplinary research. For example, how can we design technologies that will enhance "guardianship" and the "deterrent" effect in cloud security at the same time as reducing the "motivations" of cybercriminals? Topics of interest include but are not limited to:
- Advanced cloud security
- Cloud forensics and anti-forensics
- Cloud incident response
- Cloud information leakage detection and prevention
- Enhancing and/or preserving cloud privacy
- Cloud surveillance
- Crime prevention strategies
- Legal issues relating to surveillance
- Enhancing privacy technology for cloud-based apps

For more information, please see http://www.computer.org/portal/web/computingnow/call-for-paper-cloud-computing-july-august.

International Journal of Distributed Sensor Networks, Special Issue on Intrusion Detection and Security Mechanisms for Wireless Sensor Networks, May 2015, (Submission Due 12 December 2014) [posted here 10/14/14]

Editor: S. Khan (Kohat University of Science and Technology, Pakistan), Jaime Lloret Mauri (Polytechnic University of Valencia, Spain), and Sandra Sendra (Universidade da Beira Interior, Covilh, Portugal)

Wireless sensor networks are gaining significant interest from academia and industry. Wireless sensor networks are multihop, self-organizing, self-healing, and distributed in nature. These characteristics also increase vulnerability and expose sensor networks to various kinds of security attacks. Advanced security mechanisms and intrusion detection systems (IDSs) can play an important role in detecting and preventing security attacks. This special issue aims to gather recent advances in the area of security aspect of wireless sensor networks. Research and review articles that focus on the challenges and the state-of-the-art solutions are welcomed. The papers will be peer reviewed and will be selected on the basis of their quality and relevance to the topic of this special issue. Potential topics include, but are not limited to:
- Intrusion detection systems
- Secure neighbor discovery, localization, and mobility
- Security architectures, deployments, and solutions
- Denial of service attacks and countermeasures
- Intrusion prevention techniques
- Adaptive defense systems
- Trust establishment and privacy
- Confidentiality, integrity, and availability assurance
- Authentication and access control
- Secure routing protocols
- Cryptography, encryption algorithms, and key management schemes
- Experimental validation and experiences with testbed and/or deployment

For more information, please see http://www.hindawi.com/journals/ijdsn/si/125478/cfp/.

Elsevier Computer Communications Journal, Special Issue on Security and Privacy in Unified Communications: Challenges and Solutions, 2015, (Submission Due 31 October 2014) [posted here 07/14/14]

Editor: Georgios Karopoulos (Joint Research Centre (JRC), Italy), Georgios Portokalidis (Stevens Institute of Technology, USA), Josep Domingo-Ferrer (Universitat Rovira i Virgili, Catalonia), Ying-Dar Lin (National Chiao Tung University (NCTU), Taiwan), Dimitris Geneiatakis (Joint Research Centre (JRC), Italy), and Georgios Kambourakis (University of the Aegean, Greece)

Unified Communications (UC) merge different communication technologies, types of products, and services, from various manufacturers, operators, and countries, following diverse policies and standards. Specifically, in the context of UC, a range of communication tools are integrated in a way that both corporations and individuals are able to manage all their communications in one entity instead of doing it disjointly. It is therefore said that UC bridges the opening between the various computer related communication technologies and Voice over IP (VoIP). However, this high level of heterogeneity expands the risks related to security and privacy that stakeholders should deal with. To eliminate or even prevent the increasing threats to end-users and operators, it is important to explore this growing and timely research topic. This feature topic will benefit the research community towards identifying challenges and disseminating the latest methodologies and solutions to UC security and privacy issues. Its objective is to publish high-quality articles presenting open issues, algorithms, protocols, policies, frameworks, standards, and solutions for UC related to security and privacy. Only technical papers describing previously unpublished, original, state-of-the-art research, and not currently under review by a conference or a journal will be considered. Reviews and case studies which address state-of-art research and state-of-practice industry experiences are also welcomed. We solicit papers in a variety of topics related to unified communications security and privacy, including, but not limited to:
- Authorization and access control for UC services
- Denial of service prevention schemes for UC
- Reliability and availability issues on UC
- Penetration testing, intrusion detection and prevention
- End-to-end security solutions
- Cryptographic protocols for UC
- Voice security
- Signaling security and privacy
- Multimedia application security and privacy analysis
- Multimedia communication platforms vulnerabilities and attacks
- Security and privacy in mobile communication services
- Smartphone multimedia apps security and privacy
- Social networking security and privacy
- Testbed and case studies for secure and private UC services
- Trust establishment in UC
- IP Multimedia Subsystem (IMS) security
- Privacy and identity management
- Privacy enhancing technologies for UC
- Privacy models for UC
- Security and privacy assessment for UC
- Security policies
- Auditing, verification, and validation of UC services
- Risk analysis and management
- Cyber-security issues affecting UC
- Protection of UC as a Critical Information Infrastructure
- VoIP peering security issues

For more information, please see http://www.journals.elsevier.com/computer-communications/call-for-papers/special-issue-on-security-and-privacy-in-unified-communicati/.

IEEE Transactions on Dependable and Secure Computing, Special Issue on Cyber Crime, 2015, (Submission Due 1 October 2014) [posted here 04/28/14]

Editor: Wojciech Mazurczyk (Warsaw University of Technology, Poland), Thomas J. Holt (School of Criminal Justice, Michigan State University, USA) and Krzysztof Szczypiorski (Warsaw University of Technology, Poland)

Cyber crimes reflect the evolution of criminal practices that have adapted to the world of information and communication technologies. Cybercriminality has become a curse of the modern world with the potential to affect every one nationally and/or internationally. Individuals, companies, governments and institutions may become victims as well as (involuntary) helpers of cyber criminals. The inability to provide cyber-security can potentially have a tremendous socio-economic impact on global enterprises as well as individuals. The aim of this special issue is to bring together the research accomplishments provided by the researchers from academia and the industry. The other goal is to show the latest research results in the field of cyber crime. Prospective authors will be encouraged to submit related distinguished research papers on the subject of both: theoretical approaches and practical case reviews. Topics of interest include, but are not limited to:
- Cyber-crime science
- Emerging cybercriminals techniques and countermeasures
- Cyber forensics and anti-forensic procedures, techniques, tools and analysis
- Cyber crime investigations & incident response
- Active and passive cyber crime defense techniques, tools and mechanisms
- Cybersecurity testbeds, tools, methodologies
- Cyber threat modeling analysis, cyber risk and vulnerability assessment
- Cyber warfare & cyber terrorism
- Cybersecurity economic modeling and metrics
- Cybersecurity standards, policy, law, and regulation
- Legal, ethical and policy issues related to cyber crime
- Human and behavioral issues in cyber crime
- Network traffic analysis and modelling for cyber crime science
- Deviant activities and crime patterns
- Insider threat detection and prevention
- Misuse of personal data and the right to online privacy

For more information, please see http://www.computer.org/cms/Computer.org/transactions/cfps/cfp_tdscsi_cc.pdf.

Wiley Security and Communication Networks (SCN), Special Issue on Security and Privacy in Internet of Things: Methods, Architectures and Solutions, Summer/Autumn, 2015, (Submission Due 30 September 2014) [posted here 08/18/14]

Editor: Guangjie Han (Hohai University, China), Lei Shu (Guangdong University of Petrochemical Technology, China), Sammy Chan (City University of Hong Kong, Hong Kong, China), and Jiankun Hu (University of New South Wales at the Australian Defence Force Academy, Australia).

Internet of Things (IoT) is a rapidly developing research area cross various technological fields including computer science, electronic engineering, mobile and wireless communications, embedded systems, etc. Many technologies serve as the building blocks of this new paradigm, such as wireless sensor networks (WSN), RFID, cloud services, machine-to-machine interfaces (M2M), and so on. IoT will allow billions of objects in the physical world as well as virtual environments to exchange data with each other in an autonomous way so as to create smart environments such as automotive, healthcare, logistics, environmental monitoring, and many others. However, IoT introduces new challenges for the security of systems and processes and the privacy of individuals. Protecting the information in IoT is a complex and difficult task. IoT requires global connectivity and accessibility which means anyone can access in anytime and anyway. It results in that the number of attack vectors available to malicious attackers might become staggering. Furthermore, the inherent complexity of the IoT, where multiple heterogeneous entities located in different contexts can exchange information with each other, further complicates the design and deployment of efficient, interoperable and scalable security mechanisms. The ubiquitous and clouding computing also makes the problem of privacy leakage get urgent. As a result, there is an increasing demand for development of new security and privacy approaches to guarantee the security, privacy, integrity and availability of resources in IoTs. This special issue aims to bring together state-of-the-art contributions on Internet of Things Security and Privacy: discover the existing IoT security challenges, introduce threats and attacker models that can be applied to IoT architectures, design methods of secure IoT applications and architectures, collect quality research proposals with a solid background in both theoretical and practical aspects. Original, unpublished contributions are solicited in all aspects of this discipline. Suitable topics include but are not limited to the following in the context of IoT:
- Cyber security in the IoT
- Secure policy, model and architecture for the IoT
- Security and privacy for the IoT network and systems
- Secure communication technologies for the IoT
- Security and privacy in cloud computing applied to the IoT
- Security and privacy in sensor networks applied to the IoT
- Security and privacy in parallel and distributed systems applied to the IoT
- Intrusion detection and avoidance techniques for the IoT
- Identity, authentication, authorization and accounting techniques for the IoT
- Threat and vulnerability modeling for the IoT
- Lightweight cryptographic solutions for the IoT
- Key agreement, distribution and management techniques for the IoT
- Privacy and anonymity techniques for the IoT
- Trust establishment, negotiation and management techniques for the IoT
- Trusted network computing, operating systems, software and applications for the IoT
- Risk and reputation management techniques for the IoT
- Secure network protocols and frameworks for the IoT
- Secure access control technologies and frameworks for the IoT
- Secure solutions for realization of IoT
- Privacy-preserving IoT applications

For more information, please see http://onlinelibrary.wiley.com/doi/10.1002/sec.1065/full.

IEEE Transactions on Cloud Computing, Special Issue on Security and Privacy Protection on Clouds, 2nd Quarter, 2015, (Submission Due 15 September 2014) [posted here 09/08/14]

Editor: Meikang Qiu (Pace University, USA) and Sun-Yuan Kung (Princeton University, USA)

The emerging paradigm of cloud computing provides a new way to address the constraints of limited energy, capabilities, and resources. Researchers and practitioners have embraced cloud computing as a new approach that has the potential for a profound impact in our daily life and world economy. However, security and privacy protection is a critical concern in the development and adoption of cloud computing. To avoid system fragility and defend against vulnerabilities exploration from cyber attacker, various cyber security techniques and tools have been developed for cloud systems. This special issue will focus on the challenging topic-"Security and Privacy Protection on Clouds" and invites the state-of-the-art research results to be submitted here. This special issue calls for original, high-quality, high-impact research papers related to the following broad topics, but are not limited to:
- Cloud Security in New Paradigms
- Mobile cloud security
- Mobile cloud privacy protection
- Cloud hacking and virus protection
- Cloud browser security
- Next generation fire wall for clouds
- Cloud monitoring
- Cloud incident response
- Digital forensics in clouds
- Big data security in clouds
- Cloud data center security
- Database security for cloud systems
- Social engineering in clouds
- Insider threats and models in clouds
- Advance spear phishing in clouds
- Cloud threat intelligence for cloud systems
- Reliability and fault tolerance for cloud systems
- Cloud-based tele-health and medical security and privacy protection
- Hardware-related security in clouds
- Security and performance trade-off
- Energy-aware security in clouds
- Infrastructure security for clouds

For more information, please see http://www.computer.org/cms/Computer.org/transactions/cfps/cfp_tccsi_sppc.pdfl.

Journal of Computer Security, Special Issue on Security and High Performance Computing Systems, 2015, (Submission Due 15 September 2014) [posted here 06/23/14]

Editor: Luca Spalazzi (Università di Ancona, Italy) and Luca Viganò (King's College London, UK)

Providing high performance computing and security is a challenging task. On the one hand, Internet, operating systems and distributed environments currently suffer from poor security support and cannot resist common attacks. On the other hand, adding security measures typically degrades performance. The relationships between security and high performance computing systems thus raise a number of problems and challenges that are of interest for this special issue, such as (but not limited to) the following ones: (1). How to enforce security requirements in high performance computing systems. For instance, which kind of obfuscation techniques can enforce privacy in a cloud storage, or how grid security can be verified at design-time (formal verification) or at run-time (run-time verification). In this case, safety properties can also be addressed, such as availability and fault tolerance for high performance computing systems. (2). How to use high performance computing systems to solve security problems. For instance, a grid computation can break an encryption code, and a cluster can support high performance intrusion detection or a distributed formal verification system. More generally, this topic addresses every efficient use of a high performance computing systems to improve security. (3). The tradeoffs between maintaining high performance and achieving security in computing systems and solutions to balance the two objectives. In all these directions, various formal analyses, as well as performance analyses or monitoring techniques can be conducted to show the efficiency of a security infrastructure. The special issue seeks submissions from academia and industry presenting novel research on all theoretical and practical aspects of computer and network security, as well as case studies and implementation experiences. Papers should have practical relevance to the construction, evaluation, application, or operation of secure systems. The topics of interest include (but are not limited to) the following:
- Access Control
- Accounting and Audit
- Anonymity
- Applied Cryptography
- Authentication
- Cloud Security
- Commercial and Industry Security
- Cryptographic Protocols
- Data and Application Security
- Data/System Integrity
- Database Security
- Digital Rights Management
- Formal Verification of Secure Systems
- Identity Management
- Inference/Controlled Disclosure
- Information Warfare
- Intellectual Property Protection
- Intrusion and Attack Detection
- Intrusion and Attack Response
- Key Management
- Privacy-Enhancing Technology
- Secure Networking
- Secure System Design
- Security Monitoring & Management
- Security for Mobile Code
- Security for Specific Domains (e.g., E-Government, E-Business, P2P)
- Security in IT Outsourcing
- Security in Mobile and Wireless Networks
- Security in Untrusted & Adversarial Environments and Systems
- Security in Operating Systems
- Security Location Services
- Security of Grid and Cluster Architectures
- Security Visualization
- Smartcards
- Trust Management Policies
- Trust Models
- Web Security
- Web Services Security

For more information, please see http://www.gii.it/news/call-for-papers/137-jcs-special-issue.html.

IEEE Transactions on Emerging Topics in Computing, Emerging topics in Cyber Security, 2015, (Submission Due 1 September 2014) [posted here 03/31/14]

Editor: Giorgio Di Natale (LIRMM, France) and Stefano Zanero (Politecnico di Milano, Italy)

Cyber Security is a topic which is getting a very high level of attention from researchers, decision makers, policy makers and from the general public. The value of digital information is growing dramatically. Physical systems coupled with computing devices (so-called cyber-physical systems) carry out functions that are fundamental for our society. Protecting these emerging critical digital infrastructures is an increasingly relevant objective from a military and political point of view. For this reason, the IEEE Transactions on Emerging Topics in Computing (TETC) seek original manuscripts for a Special Issue on Emerging Topics in Cyber Security, scheduled to appear in the first issue of 2015. TETC is the newest Transactions of the IEEE Computer Society, and it uses an Open Access model exclusively. Papers may present advances in the theory, design, implementation, analysis, verification, or empirical evaluation and measurement of cyber security systems, to deal with emerging computing technologies and applications. Given the the peculiar nature of TETC, we are seeking in particular papers that are more "far-reaching" than is usual for journal submissions, as long as they show promise for opening up new areas of study, or questioning long-held beliefs and tenets of the cybersecurity field.

For more information, please see http://www.computer.org/cms/Computer.org/transactions/cfps/cfp_tetcsi_cbs.pdf.

ACM Transactions on Embedded Computing Systems, Special Issue on Embedded Platforms for Cryptography in the Coming Decade, First Quarter 2015, (Submission Due 1 July 2014) [posted here 03/03/14]

Editor: Patrick Schaumont (Virginia Tech, USA), Máire O'Neill (Queen's University Belfast, UK), and Tim Güneysu (Ruhr University Bochum, Germany)

Cryptography has made great strides in capability and variety over the past few years, enabling a broad range of new applications and extending the reach of security deep into the embedded world. A few examples include lightweight primitives that provide information security for a fraction of the energy and cost of traditional primitives; lattice-based crypto-engines that provide an alternative to public-key operations in a post-quantum-computing world; cryptographic sponges that can be configured as universal crypto-kernels; anonymous signatures that support electronic cash in portable, compact form factors; and homomorphic primitives and zero-knowledge proofs that allow privacy-friendly interaction of devices with the all-knowing cloud. These novel forms of cryptography will drive the embedded information infrastructure, and they will become a necessity to mix and merge our virtual life with our real life in a trustworthy and scalable manner. However, this is not your father's cryptography, and its efficient implementation needs new research efforts. It is based on different mathematical structures, novel transformations and data organizations, and in many cases its computational complexity is significantly higher than that of traditional cryptographic operations. For several primitives, such as for post-quantum cryptography and homomorphic computing, the optimal implementation strategies are still an open area of research. Furthermore, threats against these novel forms of cryptography, such as side-channel analysis or fault injection, are unexplored. This special issue of ACM Transactions on Embedded Computing Systems solicits state-of-the-art research results and surveys in embedded system engineering for these novel cryptographic primitives. The issue will cover both hardware and software implementations for performance-optimized, resource-constrained, energy-efficient platforms. Of special interest are implementations that demonstrate novel applications for cryptographic primitives. A few examples of topics of interest for the special issue include:
- Post-quantum Primitives for Constrained Platforms (RFID, microcontroller)
- Lattice-based Cryptography in Embedded Platforms
- Embedded Implementations that interact with the Homomorphic Cloud
- Custom-instruction Extensions and Hardware Primitives for Post-quantum Cryptography
- Performance Comparisons and Benchmarks for Multi-party Computation
- Privacy-friendly Cryptography in Embedded Platforms
- Privacy-friendly Car Electronics and Public-transport Infrastructure
- Implementations of Electronic Cash
- Implementations of Electronic Passports
- Hardware Acceleration of Privacy-friendly Cryptographic Primitives
- Implementations of Unified Cryptographic Primitives (eg Authenticated Encryption)
- Implementations of Leakage-resilient Cryptography

For more information, please see http://acmtecs.acm.org/special-issues/14/embcrypt2014.html.

Elsevier Information Systems, Special Issue on Information Integrity in Smart Grid Systems, 2014, (Submission Due 1 July 2014) [posted here 03/03/14]

Editor: Al-Sakib Khan Pathan (International Islamic University Malaysia, Malaysia), Zubair Muhammad Fadlullah (Tohoku University, Japan), Mostafa M. Fouda (Benha University, Egypt), Muhammad Mostafa Monowar (King AbdulAziz University, Saudi Arabia), and Philip Korn (AT&T Labs Research, USA)

The smart grid is an electronically controlled electrical grid that connects power generation, transmission, distribution, and consumers using information and communication technology. One of the key characteristics of the smart grid is its support for bi-directional information flow between the consumer of electricity and the utility provider. A critical twist on the current electrical grid system, this kind of two-way interaction would allow electricity to be generated in real-time based on consumer demands and power requests. While the system would allow users to get more control over electricity use and supply, many security issues are raised to ensure information privacy of the users as well as authorization procedures for electricity use. Security loopholes in the system could, in fact, aggravate the electricity supply system instead of improving it. The quality of the information from billing and accounting is also a major concern. With this Special Issue, we open the door to encourage researchers to discuss issues related to information integrity and security services in the smart grid, particularly from the communication point of view to construct energy, control, and information processing systems for the smart grid. Any topic related to information integrity and security services in the smart grid, particularly from the communications and data management point of view, is to be considered. The topics include but are not limited to:
- Data quality in the smart grid
- Secure smart metering
- Secure Advanced Metering Infrastructure (AMI) communication and management
- Privacy protection in smart grid
- Smart grid security database architecture and models
- Security services for smart grid
- User authentication, access control for smart grid
- Hardware design for information protection in smart grid
- Simulation and performance analysis of smart grid security operations

For more information, please see http://www.journals.elsevier.com/information-systems/call-for-papers/special-issue-on-information-integrity-in-smart-grid-systems/.

IEEE Transactions on Information Forensics and Security, Special Issue on Biometric Spoofing and Countermeasures, April 2015, (Submission Due 1 June 2014) [posted here 02/03/14]

Editor: Nicholas Evans (EURECOM, France), Sébastien Marcel (Idiap Research Institute, Switzerland), Arun Ross (Michigan State University, USA), and Stan Z. Li (Chinese Academy of Sciences, China)

While biometrics technology has revolutionized approaches to person authentication and has evolved to play a critical role in personal, national and global security, the potential for the technology to be fooled or 'spoofed' is widely acknowledged. Efforts to study such threats and to develop countermeasures are now well underway resulting in some promising solutions. While progress with respect to each biometric modality has attained varying degrees of maturity, there are some notable shortcomings in research methodologies. Current spoofing studies focus on specific, known attacks. Existing countermeasures designed to detect and deflect such attacks are often based on unrealistic a priori knowledge and typically learned using training data produced using exactly the same spoofing method that is to be detected. Current countermeasures thus have questionable application in practical scenarios where the nature of the attack can never be known. This special issue will focus on the latest research on the topic of biometric spoofing and countermeasures, with a particular emphasis on novel methodologies and generalized spoofing countermeasures that have the potential to protect biometric systems against varying or previously unseen attacks. The aim is to further the state-of-the-art in this field, to stimulate interactions between the biometrics and information forensic communities, to encourage the development of reliable methodologies in spoofing and countermeasure assessment and solutions, and to promote the development of generalized countermeasures. Papers on biometric obfuscation (e.g., fingerprint or face alteration) and relevant countermeasures will also be considered in the special issue. Novel contributions related to both traditional biometric modalities such as face, iris, fingerprint, and voice, and other modalities such as vasculature and electrophysiological signals will be considered. The focus includes, but is not limited to, the following topics related to spoofing and anti-spoofing countermeasures in biometrics:
- vulnerability analysis with an emphasis on previously unconsidered spoofing attacks;
- theoretical models for attack vectors;
- advanced machine learning and pattern recognition algorithms for anti-spoofing;
- information theoretic approaches to quantify spoofing vulnerability;
- spoofing and anti-spoofing in mobile devices;
- generalized countermeasures;
- challenge-response countermeasures;
- sensor-based solutions to spoof attacks;
- biometric obfuscation schemes;
- information forensic approaches to spoofing detection;
- new evaluation protocols, datasets, and performance metrics;
- reproducible research (public databases, open source software and experimental setups).

For more information, please see http://www.signalprocessingsociety.org/uploads/email/biometric_spoofing.html.

IEEE Security & Privacy, Special issue on Key Trends in Cryptography, January/February 2015, (Abstract Due 15 March 2014, and Final Submission Due 1 May 2014) [posted here 01/13/14]

Editor: Hilarie Orman (purplestreak.com, USA) and Charles Pfleeger (pfleeger.com, USA)

Cryptography has advanced from an arcane craft to a mathematical discipline with established principles, widely-accepted standards, and daily use in Internet and many other computer applications. Yet its actual utility and future are clouded topics that hit at two widely separated poles: the limits of computation and the role of government. Articles for this special issue of IEEE Security & Privacy magazine will cover recent research trends in cryptology and their implications for emerging computing techniques (such as cloud computing), collaboration between researchers and governments in defining cryptographic standards, how physics and mathematics shape and limit cryptology, and how cryptology implements privacy and security in an interconnected world. Potential articles for this issue might address:
- Is cryptology an ongoing research area? What are the remaining challenges that have not been solved by public key systems and the AES cipher?
- What new cryptographic methods are on the horizon? How could techniques such as homomorphic encryption affect computers and applications? What synergies do new methods have with emerging technologies such as cloud computing, digital commerce, tablets and cellphones, personal health and safety systems, etc.?
- What are the known or potential failures of cryptology? Are mathematical advances eroding the fundamental "hard problems" such as discrete logarithms or factoring? How can one be sure that a system employing cryptographic techniques is implemented securely? Is it better to use specialized hardware instead of software? Should cryptographic software be open source? How will advances in computing hardware, such as graphics processors, affect the use of cryptography?
- Is quantum key distribution a realistic method for day-to-day applications? Is quantum computing a serious threat to the strength of cryptography? Do quantum principles have wider application to cryptology? When are these technologies likely to move from research to proof-of-concept to widespread use?
- As more and more small devices contain general purpose computers and wireless communication, should they also employ cryptography? What physical constraints such as size, power demand, ruggedness or heat dissipation affect the ability to integrate cryptography in all devices? If device-based cryptography is readily available, will it be used? Will it be used appropriately?
- Is there such a thing as "user-friendly cryptography"? How much of the arcane side of cryptography can be shielded from the user without weakening its impact? Do users care whether they employ cryptography or at what strength? Do users worry about traffic interception by criminals, businesses, or governments?
- How and why does the U.S. government develop standards for cryptography? What standards are being developed now? How have the Snowden disclosures affected that process? Are there non-governmental approaches to developing these standards?
- What are the scientific and political limits to actual secrecy and privacy? Malware, man-the-middle attacks, hardware Trojans, collusion by businesses and governments – in this environment, what protection is available to end users?

For more information, please see http://www.computer.org/portal/web/computingnow/spcfp1.

IEEE Pervasive Computing, Special issue on Pervasive Privacy and Security, January–March 2015, (Submission Due 1 March 2014) [posted here 01/13/14]

Editor: Sunny Consolvo (Google, USA), Jason Hong (Carnegie Mellon University, USA), and Marc Langheinrich (University of Lugano, Switzerland)

Society is increasingly relying on pervasive computing technologies in all domains. However, with the growing adoption of these technologies, we are also seeing more and more issues related to privacy and security. The aim of this special issue is to explore technologies related to all aspects of privacy and security in pervasive computing. Relevant topics for this special issue include, but are not limited to, the following:
- Privacy and security for pervasive computing domains, such as smart homes, smart cars, healthcare, urban computing, and more
- Privacy and security for pervasive computing technologies, such as smartphones, wireless sensors, wearable computers, RFIDs, cameras, and more
- New methods, techniques, or architectures for collecting, processing, managing, and sharing sensed data in a way that balances privacy, security, and utility
- New approaches for managing privacy and security in pervasive computing domains, both for end-users and for organizations offering services
- User interfaces for conveying to users what data is being sensed and gathered
- User studies probing people's attitudes and behaviors towards privacy and security in pervasive computing domains and/or involving pervasive computing technologies
- Tools, platforms, and user models to help developers improve privacy and security in ubicomp systems
- Experiences with privacy and security for deployed ubicomp systems
- More streamlined ways of authenticating to pervasive computing environments, or using pervasive computing technologies to improve authentication in general
- Security on low-power computing devices
- Establishing trust in pervasive hardware
- Combining privacy with accuracy in location sensing
- Coping with physical threats to pervasive hardware
- Pervasive surveillance and privacy
- technology and policy issues
- New business processes and models involving ubicomp privacy and security
- Incorporating privacy and security into the design and development process of pervasive applications (aka "privacy-by-design")

For more information, please see http://www.computer.org/portal/web/computingnow/pccfp1.

Journal of Cyber Security and Mobility, Special issue on Next generation mobility network security, July 2014, (Submission Due 1 March 2014) [posted here 09/02/13]

Editor: Roger Piqueras Jover (AT&T Security Research Center)

The Long Term Evolution (LTE) is the newly adopted standard technology to offer enhanced capacity and coverage for mobility networks, providing advanced multimedia services beyond traditional voice and short messaging traffic for billions of users. This new cellular communication system introduces a substantial redesign of the network architecture resulting in the new eUTRAN (Enhanced Universal Terrestrial Radio Access Network) and the EPC (Enhanced Packet Core). In this context, the LTE Radio Access Network (RAN) is built upon a redesigned physical layer and based on an Orthogonal Frequency Division Multiple Access (OFDMA) modulation, features robust performance in challenging multipath environments and substantially improves capacity. Moreover, a new all-IP core architecture is designed to be more flexible and flatter. In parallel, the cyber-security landscape has changed drastically over the last few years. It is now characterized by large scale security threats such as massive Distributed Denial of Service Attacks (DDoS), the advent of the Advanced Persistent Threat (APT) and the surge of mobile malware and fraud. These new threats illustrate the importance of strengthening the resiliency of mobility networks against security attacks, ensuring this way full mobility network availability. In this context, however, the scale of the threat is not the key element anymore and traditionally overlooked low range threats, such as radio jamming, should also be included in security studies. This special issue of the Journal of Cyber Security and Mobility addresses research advances in mobility threats and new security applications/architectures for next generation mobility networks. The main topics of interest of this issue include, but are not limited to, the following:
- LTE RAN security
- OFDM/OFDMA radio jamming
- Secure wireless communications under malicious interference/jamming
- Mobility security threats based on interoperability with legacy networks
- LTE EPC security
- Mobile malware/botnet impact on RAN/EPC
- Femtocell security threats
- Detection of attacks against mobility networks
- Self Organizing Network (SON) security applications
- WiFi-cellular interoperability threats and security
- Mobile device baseband security

For more information, please see http://www.ee.columbia.edu/~roger/call.pdf.

IEEE Internet of Things Journal, Special Issue on Security for IoT: the State of the Art, October 2014, (Submission Due 15 February 2014) [posted here 01/13/14]

Editor: Kui Ren (University at Buffalo, USA), Pierangela Samarati (University of Milan, Italy), Peng Ning (NCSU, Raleigh & Samsung Mobile, USA), Marco Gruteser (Rutgers University, USA), and Yunhao Liu (Tsinghua University, China)

The Internet is becoming more and more ubiquitous. One central element of this trend is the existence of a massive network of interconnected wired/wireless physical objects/things/sensors/devices, which can interact in a rich set of manners through a worldwide communication and information infrastructure and provide value added services. The vision of such an Internet of Things (IoT) system, supported by industrial companies and governments globally, has the potential to mark an evolution that will surely have a great impact on our environments and our lives. Yet, the realization of a ubiquitous IoT also poses a number of challenges where security is among the top concerns. The globally interconnected physical objects inevitably result in a potentially enormous attack surface that can be easily exploited if without adequate protection. To enable strong security foundations for the ubiquitous IoT, plenty of factors need to be taken into account. Examples are data security, privacy, access control, information assurance, trust management, secure services interoperability, seamless integration, system heterogeneity, scalability, and mobility. This special issue solicits high-quality original research results about IoT that pertain to state-of-the-art security and privacy issues in various pervasive and ubiquitous scenarios. We encourage submissions on theoretical, practical, as well as experimental studies, from both academia and industry, related to all aspects of security for IoT. Topics of interests include (but are not limited to) the following categories:
- Secure IoT architecture
- IoT access control and key management
- Identification and privacy for IoT
- Smart phone enabled secure smart systems
- New cryptographic primitives for IoT
- Manage trust for IoT service interoperability
- Security on heterogeneous ecosystems
- Context-aware security design
- Data security and privacy in the IoT
- Intrusion detection and defense for IoT
- Joint security&privacy aware protocol design
- Failure detection, prediction, and recovery
- Secure data management within IoT
- Trusted computing technology and IoT
- Availability, recovery and auditing
- IoT related web services security
- Secure cyber-physical system
- Biometrics for the IoT

For more information, please see http://iot-journal.weebly.com/uploads/1/8/8/0/18809834/ieee_iot_journal_si_iot_security_cfp.pdf.

Elsevier Information Science, Special Issue on Security, Privacy and trust in network-based Big Data, December 2014, (Submission Due 25 January 2014) [posted here 01/13/14]

Editor: Xiaohong Jiang (Future University Hakodate, Japan), Hua Wang (University of Southern Queensland, Australia), and Georgios Kambourakis (University of the Aegean, Greece)

The aim of the special issue is to present leading edge work concerning privacy protection issues and security challenges in the rapidly emerging field of network-based Big Data. Research that addresses organisational and enterprise solutions for privacy protection and information security in Big Data environments will also be presented. Both papers dealing with fundamental theory, techniques, applications, and practical experiences concerning secure Big Data will be considered. The scope of the special issue includes (but is not limited to):

- Security modeling and threat in Big Data
- Auditing in network-based Big Data
- Access control mechanisms for Big Data systems
- Secure Big Data resource virtualisation mechanisms
- Secure Big Data management outsourcing (e.g., database as a service)
- Practical privacy and integrity mechanisms for outsourcing
- Foundations of cloud-centric threat models for Big Data
- Trust and policy management
- Secure identity management mechanisms
- New Big Data web service security paradigms and mechanisms
- Business and security risk models and clouds
- Cost and usability models and their interaction with security in Big Data systems
- Remote data integrity protection
- Data-centric security and data classification
- Secure Big Data in wireless environment
- Risk analysis and risk management

For more information, please see http://www.journals.elsevier.com/information-sciences/call-for-papers/security-privacy-and-trust-in-network-based-big-data/.

IEEE Security and Privacy Magazine, Special Issue on Security for Energy Sector Control Systems, November/December 2014, (Submission Due 1 January 2014) [posted here 09/27/13]

Editor: Sean Peisert (Lawrence Berkeley National Laboratory and University of California, Davis, USA) and Jonathan Margulies (National Institute of Standards and Technology, USA)

Control systems used in the energy sector present unusual security and reliability challenges: The installed base is often decades old, systems are commonly installed in adverse physical conditions, bandwidth and communication reliability can be very low, with tight performance timelines, and, most important, failure can result in destruction of critical physical systems or loss of life. This special issue seeks articles that can help lead to solutions that can be shown to improve the security and reliability of power systems, including control systems related to generation, transmission, distribution, and consumption or use, such as in industrial plant operations, commercial buildings, or homes. Such solutions might be purely technical, or could be social, policy-related, or some combination. Articles should address questions such as:

- Very few techniques from "traditional" computer security and information technology (IT) can be shown to demonstrably improve security and reliability of the systems they seek to protect.
--- Are there techniques that exist for control systems that make the problem more tractable?
--- Are there challenges that make the problem even worse? How can those be surmounted?
- How can safety engineering traditionally used with control systems be married with computer security techniques traditionally used in IT?
- How do current policies, laws, and regulations help or hinder security for power-related controls systems? What policy changes might be useful to improving control system security & reliability?
- What privacy problems or solutions exist in relation to electric power control systems?
We welcome case studies, experience reports, practices, research results, and standards reports. Our readers are eager to hear about industry experiences, especially resulting from empirical studies that help us learn how past successes and failures should inform new technology or practices. We are also interested in failures, either in research, development, or operations, that can convey valuable learning experience.

For more information, please see http://www.computer.org/portal/web/computingnow/spcfp6.

IEEE Computers, Special Issue on Methodologies and Solutions for Mobile Application Security, June 2014, (Submission Due 15 December 2013) [posted here 09/02/13]

Editors: Ying-Dar Lin (National Chiao Tung University, Hsinchu, Taiwan), Chun-Ying Huang (National Taiwan Ocean University, Taiwan), Matthew Wright (University of Texas at Arlington), and Georgios Kambourakis (University of the Aegean, Greece)

With the ubiquitous use of mobile devices, mobile application security has become an important research topic. Compared with personal computers or servers, mobile devices store much more sensitive personal information and are thus attractive targets for attackers seeking financial gain. Because these devices are always online and have a restricted user interface, it is easier for attackers to hide their malicious activities. This special issue aims to present high-quality articles describing security algorithms, protocols, policies, and frameworks for applications running on modern mobile platforms such as Android, iOS, and Windows Mobile. Only submissions describing previously unpublished, original, state-of-the-art research that are not currently under review by a conference or journal will be considered. Appropriate topics include, but are not limited to, the following:
- app and app store security and privacy
- benchmarking and evaluation of mobile security solutions
- bots on mobile devices
- cloud security and privacy, as related to mobile devices
- mobile device forensics
- security and privacy in mobile device operating systems and middleware
- mobile malware collection, statistics, and analysis
- mobile services and social networking security
- reverse engineering and automated analysis of mobile malware
- security for smart payment applications, including near-field communication
- standardization efforts related to developing and vetting mobile apps
- testbeds and case studies for mobile platforms
- traffic monitoring and detection algorithms for mobile platforms
- usability of approaches for mobile security and privacy
- virtualization solutions for mobile security
- Web browser security on mobile devices

For more information, please see http://www.computer.org/portal/web/computingnow/cocfp6.

Elsevier Computers & Electrical Engineering, Special Issue on Recent Advances in Security and Privacy in Distributed Communications, June 2014, (Submission Due 15 November 2013) [posted here 07/29/2013]

Editors: Felix Gomez Marmol (NEC Laboratories Europe, Germany), Jose M. Alcaraz Calero (University of the West of Scotland, United Kingdom), and Gregorio Martinez Perez (University of Murcia, Spain)

Security services need to be considered as part of most communication proposals being discussed nowadays in distributed communication environments. Additionally, in the last few years, privacy has been gaining interest from both the designers and the customers of security solutions, thus being considered now as a key aspect for them. For a good security and/or privacy design, one needs to be informed of the latest advances in this field, this being the main objective of this special issue. This special issue is intended to report the most recent research works on distributed communications related to security and privacy, particularly in the following fields:
- Anonymity
- Authentication
- Authorization and access control
- Critical Infrastructure Protection (CIP)
- Cybersecurity and cyberwarfare
- Data integrity and protection
- Data security and data privacy
- Dependability of cloud systems
- Identity management
- Intrusion detection and prevention
- End-to-end security solutions
- Privacy enhancing technologies
- Risk analysis and management
- Secure and private data storage and processing in the cloud
- Security policies
- Threats and vulnerabilities
- Trust and reputation management in distributed scenarios

For more information, please see http://www.journals.elsevier.com/computers-and-electrical-engineering/call-for-papers/security-and-privacy-in-distributed-communications/.

IEEE Transactions on Reliability, Special Issue on Trustworthy Computing, 2014, (Submission Due 1 November 2013) [posted here 04/01/2013]

Editor: Shiuhpyng Winston Shieh (National Chiao Tung University, Taiwan)

Trustworthy Computing (TC) has been applied to software-enabled computing systems and networks that are inherently secure, private, available, and reliable. As the fast growing mobile cloud computing emerges to cover smart phones, tablets, smart TV, and cloud computing platforms, these ubiquitous computing devices poses new challenges to trustworthy computing. Cloud computing offers organizations of all sizes the ability to embrace and implement new applications at far less cost than traditional approaches. Organizations that move workloads to the cloud take advantage of the capabilities of their cloud providers to ensure continuous availability of services. However, the ever-growing complexity of such systems and the software that controls them not only makes it much more difficult to guarantee their quality, but also introduces more vulnerability for malicious attacks, intrusion, and data loss. To address these needs, this special section calls for novel applications of emerging techniques for trustworthy computing of information, software, systems, networks. Reviews and case studies which address state-of-art research and state-of-practice industry experiences are also welcomed. The topics of interest include, but are not limited to:
- Security, reliability, privacy, and availability issues in computing systems and networks
- Trustworthy computing in small or large systems, such as mobile devices, embedded systems, cloud computing platforms, and internet of things
- Information, system, and software assurance
- Auditing, verification, validation
- Security testing, evaluation, and measurement
- Data protection, maintenance, recovery, and risk assessment
- Authentication, authorization, access control, and accounting
- Penetration analysis, intrusion detection and prevention
- Malware behavior analysis, and software vulnerability discovery
- Hardware techniques facilitating trustworthy computing, such as Trusted Platform Module (TPM)
- Trustworthy operating systems and applications
- Cloud Computing
- Mobile Computing
- Software defined networking (SDN)
- Cryptographic techniques

For more information, please see http://rs.ieee.org/images/files/newsletters/2013/1_2013/CFP3.htm.

Elsevier Journal of Information Security and Applications, Special Issue on Threat Detection, Analysis and Defense, July 2014, (Submission Due 30 September 2013) [posted here 09/02/2013]

Editors: Alan Woodward (Charteris plc, United Kingdom), Konrad Rieck (University of Göttingen, Germany), Andrew Rogoyski (Roke Manor Research Ltd, United Kingdom), and Shujun Li (University of Surrey, United Kingdom)

The majority of organizations in the commercial and government sectors now use digital Information Technology (IT) to store and process data that is sensitive in some way. Sensitive data ranges from individuals’ confidential details to valuable intellectual property to market sensitive information or even state secrets. At the same time, the commercialization of the Internet in the mid-1990s has resulted in the Internet becoming the de facto electronic channel over which organizations now interact with each other. Even where systems are not directly connected to the Internet, there are often indirect channels being inadvertently created to reach apparently disconnected systems. The increase in connectivity has bought about new threats and that threat continues to evolve as connectivity evolves with developments such as mobile devices. This special issue is intended to bring forth the recent advancements in the detection, modeling, monitoring, analysis and defense of various threats posed to sensitive data and security systems from unauthorized or other inappropriate access. Areas to be covered include but are not limited to:
- Monitoring – Novel tools and techniques for monitoring mounting threats including monitoring of ongoing attacks
- Detection solutions – Innovations in the detection of intrusion, malware and its activity, including post-attack forensics on secure devices
- Infrastructure – Improvements in network traffic security analysis for identification of threats
- Threat modelling – Advances in the tools, technologies and processes used in anticipating attacks and understanding what assets it is most important to protect
- Emergent problems – New threats resulting from new business models for transfer of value, from gold-farming to Paypal, or new forms of payment such as Bitcoin
- Security designs – Innovations in security architectures, approaches and systems responding to specific emerging threats

For more information, please see http://www.journals.elsevier.com/journal-of-information-security-and-applications/call-for-papers/special-issue-on-threat-detection-analysis-and-defense/.

International Journal of Distributed Sensor Networks, Special Issue on Intrusion Detection and Security Mechanisms for Wireless Sensor Networks, July 2013, (Submission Due 1 April 2013) [posted here 02/11/2013]

Editors: S. Khan (Kohat University of Science and Technology, Pakistan), Jaime Lloret (Polytechnic University of Valencia, Spain), and Jonathan Loo (Middlesex University, UK)

Wireless sensor networks are gaining significant interest from academia and industry. Wireless sensor networks are multihop, self-organizing, self-healing, and distributed in nature. These characteristics also increase vulnerability and expose sensor networks to various kinds of security attacks. Advance security mechanisms and intrusion detection systems (IDSs) can play an important role in detecting and preventing security attacks. This special issue aims to gather recent advances in the area of security aspect of wireless sensor networks. It welcomes research and review articles that focus on the challenges and the state-of-the-art solutions. The papers will be peer reviewed and will be selected on the basis of their quality and relevance to the topic of this special issue. Potential topics include, but are not limited to:
- Intrusion detection systems
- Secure neighbor discovery, localization, and mobility
- Security architectures, deployments, and solutions
- Denial of service attacks and countermeasures
- Intrusion prevention techniques
- Adaptive defense systems
- Trust establishment and privacy
- Confidentiality, integrity, and availability assurance
- Authentication and access control
- Secure routing protocols
- Cryptography, encryption algorithms, and key management schemes
- Experimental validation and experiences with testbed and/or deployment

For more information, please see http://www.hindawi.com/journals/ijdsn/si/430493/cfp/.

Elsevier Computer Communications Journal, Special Issue on Opportunistic Networking, Fall 2013 (TBD), (Submission Due 10 February 2013) [posted here 01/21/2013]

Editors: Chiara Boldrini (IIT-CNR, Italy), Kyunghan Lee (Ulsan National Institute of Science and Technology, Korea), Melek Onen (EURECOM, France), Joerg Ott (Aalto University, Finland), and Elena Pagani (Universita' degli Studi di Milano, Italy)

The widespread availability of mobile portable devices enriched with a variety of sensing capabilities, coupled with the impelling need of communication anytime and anywhere, has rapidly raised the interest towards new approaches to communications between users. Opportunistic networks are an instance of the delay tolerant paradigm applied to networks made up of users' portable devices (such as smartphones and tablets). As such, they are able to cope with challenged network conditions that are often present in real life, such as high node mobility, variable connectivity, and disconnections, which would impair communications in traditional Mobile Ad Hoc Networks. In this scenario, user mobility becomes one of the main drivers to enable message delivery. In fact, according to the store-carry-and-forward paradigm, user devices store messages and carry them around while they move in the network, exchanging them upon encounter with other nodes, and eventually delivering them to their destination or to interested users. This new communication paradigm enables legacy applications in challenged scenarios, as well as it paves the way to innovative solutions. While opportunistic networks initially received attention to support communication where an infrastructure is not available (for disaster recovery or in rural areas), nowadays a number of applications can be envisaged ranging from content sharing, through mobile social networking, to participatory and urban sensing. All these applications rely on data forwarding amongst devices. As a consequence, two aspects become relevant, that is, the need for mechanisms guaranteeing trusted and secure communications while preserving users' privacy (in the absence of infrastructure and sometimes even end-to-end connectivity), and incentive mechanisms able to boost the participation in the network. This Special Issue of Computer Communications seeks contributions pushing the state of the art in Opportunistic Networking. Topics of interest include (but are not limited to) the following:
- Mobility measurements and models, mobility trace analysis
- Measurements, models, and analysis for user behaviors on mobile devices
- Unicast and multicast routing
- Transport, congestion control, and reliability issues
- Content dissemination, content caching, service composition, opportunistic computing
- Trust, security & privacy in opportunistic forwarding, incentive mechanisms, reputation systems, and key management
- Application support and middleware for opportunistic networks
- New applications and services relying on opportunistic networking
- Systems and experience for real-world deployments

For more information, please see http://www.journals.elsevier.com/computer-communications/call-for-papers/special-issue-on-opportunistic-networking/.

IEEE Transactions on Network and Service Management, Special Issue on Management of Cloud Services, Fall 2013, (Submission Due 31 January 2013) [posted here 01/21/2013]

Editors: Gregorio Martinez (University of Murcia, Spain), Roy Campbell (University of Illinois, USA), and Jose M. Alcaraz Calero (Hewlett-Packard Laboratories, UK)

Cloud computing is becoming recognized as a revolutionary new way to use computing and storage services more efficiently. Revenues for public cloud services for one company, Amazon Web Services, have reached almost $1 billion a year. Yet cloud computing is challenging traditional management methods as it encompasses the business support, provisioning, configuration, portability, and interoperability of cloud providers supporting cloud consumers and brokers as outlined in the NIST Cloud Computing Reference Architecture. Business support includes the management of customers, contracts, and inventory as well as accounting, billing, reporting, auditing, pricing, and rating. Provisioning and configuration must consider rapid provisioning, resource changing, monitoring, reporting, metering, and service level agreements (SLA). Portability and interoperability concerns both efficient and inexpensive data and application migration across multiple cloud environments. This can include data portability, data object migration, bulk data transfer; a unified management interface to support service interoperability across multiple cloud providers; and the migration of applications, services, machine images or virtual machine instances from one cloud provider to another. Cloud provisions like multi-tenancy, interoperability, scalability, reliability, efficiency, support of on-demand service composition, privacy, security and advanced audit are posing a set of challenges to the management field still largely to be addressed. This special issue is intending to serve as a work of reference compiling the major achievements in the management of cloud services with emphasis on the field of network and service management. The final objective is to make cloud services and technologies more mature so as to boost and to facilitate a higher widespread uptake of cloud systems in the industry. Topics of interest, include, but are not limited to the following:
- Cloud service orchestration, APIs and usage control
- Cloud service auditing, monitoring, and metering
- Design of components of a management as a service layer
- Management of cloud federations
- Mobility management in cloud scenarios
- Multi-cloud applications
- New models and paradigms for cloud service management
- Novel and emerging standards for interoperability between clouds
- QoS/QoE and SLA management in the cloud
- Secure and private management of cloud data

For more information, please see http://www.comsoc.org/tnsm/.

International Journal of Cloud Computing, Special Issue on Information Assurance and System Security in Cloud Computing, Fall 2013, (Submission Due 30 January 2013) [posted here 10/08/2012]

Editors: Yu Chen (Binghamton University, USA), Kai Hwang (University of Southern California, USA), Wei-Shinn Ku (Auburn University, USA), and Douglas Summerville (Binghamton University, USA)

Cloud computing has attracted interest from both industry and academia since 2007, which has been recognized as the new paradigm of IT industry. Cloud computing provides users with flexible services in a transparent manner. Services are allocated in a “cloud”, which is a collection of devices and resources connected through the Internet. Before this paradigm can be widely accepted, the security, privacy and reliability provided by the services in the cloud must be well established. The special issue seeks original unpublished papers focusing on various aspects of security issues in cloud computing environments. Aiming at presenting and discussing the latest developments, this special issue welcomes papers addressing theoretical analysis, emerging applications, novel system architecture construction and design, experimental studies, and social impacts of cloud computing. Both review/survey papers and technical papers are encouraged. The topics include but are not limited to:
- Emerging threats to Cloud-based services
- Security model for new services
- Security in Cloud-aware web service
- Information hiding/encryption in Cloud Computing
- Copyright protection in the Cloud
- Securing distributed data storage in cloud
- Privacy and security in Cloud Computing
- Forensics in Cloud environments
- Robust Cloud network architecture
- Cloud Infrastructure Security
- Intrusion detection/prevention
- Denial-of-Service (DoS) attacks and defense
- Robust job scheduling
- Secure resource allocation and indexing
- Secure payment for Cloud-aware services
- User authentication in Cloud-aware services
- Non-Repudiation solutions in the Cloud
- Security for emerging Cloud programming models
- Performance evaluation for security solutions
- Testbed/Simulators for Cloud security research
- Hardware-based Security solutions, i.e. hardware for encryption, etc.
- Detection and prevention of hardware Trojans

For more information, please see http://www.inderscience.com/info/ingeneral/cfp.php?id=1991.

Springer International Journal of Information Security journal, Special Issue on Security in Cloud Computing, Fall 2013, (Submission Due 10 November 2012) [posted here 07/23/2012]

Editors: Stefanos Gritzalis (University of the Aegean, Greece), Chris Mitchell (Royal Holloway, University of London, UK), Bhavani Thuraisingham (University of Texas at Dallas, USA), and Jianying Zhou (Institute for Infocomm Research, Singapore)

This special issue of the International Journal of Information Security aims at providing researchers and professionals with insights on the state-of-the-art in Security in Cloud Computing. It will publish original, novel and high quality research contributions from industry, government, business, and academia. Topics of interest may include (but are not limited to) one or more of the following themes:
- Auditing in Cloud Computing
- Business and security risk models
- Cloud Infrastructure Security
- Cloud-centric security modeling and threats
- Copyright protection in the Cloud era
- Cryptography in the Cloud era
- Emerging threats in Cloud-based services
- Forensics in Cloud environments
- Legal and regulatory issues in the Cloud era
- Multi-tenancy related security/privacy issues
- Performance evaluation for security solutions
- Privacy in Cloud computing
- Secure identity management mechanisms
- Secure job deployment and scheduling
- Secure virtualization and resource allocation mechanisms
- Securing distributed data storage in the Cloud
- Security and privacy in big data management
- Security and privacy in mobile Cloud
- Security and privacy requirements engineering in the Cloud
- Security for emerging Cloud programming models
- Security management in the Cloud
- Security modelling and threats in Cloud computing
- Trust and policy management in the Cloud
- User authentication and access control in Cloud-aware services

For more information, please see http://www.springer.com/computer/security+and+cryptology/journal/10207.

IEEE Network Magazine, Special Issue on Security in Cognitive Radio Networks, May 2013, (Submission Due 1 October 2012) [posted here 04/30/2012]

Editors: Kui Ren (Illinois Institute of Technology, USA), Haojin Zhu (Shanghai Jiao Tong University, USA), Zhu Han (University of Houston, USA), and Radha Poovendran (University of Washington, USA)

Cognitive radio (CR) is an emerging advanced radio technology in wireless access, with many promising benefits including dynamic spectrum sharing, robust cross-layer adaptation, and collaborative networking. Based on a software-defined radio (SDR), cognitive radios are fully programmable and can sense their environment and dynamically adapt their transmission frequencies, power levels, modulation schemes, and networking protocols for improving network and application performance. It is anticipated that cognitive radio technology will be the next wave of innovation in information and communications technologies. Although the recent years have seen major and remarkable developments in the field of cognitive networking technologies, the security aspects of cognitive radio networks have attracted less attention so far. Due to the particular characteristics of the CR system, entirely new classes of security threats and challenges are introduced such as licensed user emulation, selfish misbehaviors and unauthorized use of spectrum bands. These new types of attacks take the advantage the inherent characteristics of CR, and could severely disrupt the basic functionalities of CR systems. Therefore, for achieving successful deployment of CR technologies in practice, there is a critical need for new security designs and implementations to make CR networks secure and robust against these new attacks. Topics of interest include, but are not limited to:
- General security architecture for CR networks
- Cross-layer security design of CR networks
- Secure routing in multi-hop CR networks
- Physical layer security for CR networks
- Geo-location for security in CR networks
- Defending and mitigating jamming-based DoS attacks in CR networks
- Defending against energy depletion attacks in resource-constrained CR networks
- Attack modeling, prevention, mitigation, and defense in CR systems, including primary user emulation attacks, authentication methods of primary users, spectrum sensing data falsification, spectrum misusage and selfish misbehaviors and unauthorized use of spectrum bands
- Methods for detecting, isolating and expelling misbehaving cognitive nodes
- Security policies, standards and regulations for CR networks
- Implementation and testbed for security evaluation in CR systems
- Privacy protection in CR networks
- Security issues for database-based CR networks
- Security in CR networks for the smart grid
- Intrusion detection systems in CR networks

For more information, please see http://www.comsoc.org/files/Publications/Magazines/ni/cfp/cfpnetwork0513.htm.

IEEE Transactions on Parallel and Distributed Systems, Special Issue on Trust, Security and Privacy in Parallel and Distributed Systems, September 2013, (Submission Due 16 September 2012) [posted here 08/13/2012]

Editors: Xu Li (Inria Lille - Nord Europe, France), Patrick McDaniel (Pennsylvania State University, USA), Radha Poovendran (University of Washington, USA), and Guojun Wang (Central South University, China)

In modern computing paradigms, most computing systems, e.g. cluster computing, grid computing, cloud computing, the Internet, telecommunication networks, Cyber-Physical Systems (CPS), and Machine-to-Machine communication networks (M2M), are parallel and distributed systems. While providing improved expandability, manageability, efficiency and reliability, parallel and distributed systems increase their security weaknesses to an unprecedented scale. As the system devices are widely connected, their vulnerabilities are shared by the entire system. Because asks are allocated to, and information is exchanged among the system devices that may belong to different users, trust, security and privacy issues have yet to be resolved. The purpose of the proposed Special Issue of IEEE Transactions on Parallel and Distributed Systems is to publish recent advances in trust, security and privacy for emerging parallel and distributed systems, with emphasis on the following aspects, but certainly not limited to:
- Trust: policy semantics, metrics and models; trusted computing platform; trusted network computing; trusted operating systems; trusted software and applications; trust in cloud computing/CPS/M2M/social networks; trust in e-commerce and e-government; trust in mobile and wireless communications; risk and reputation management; survivable computer systems/networks; and trust management.
- Security related issues: computer security; network security; database security; Web applications security; security policy, model and architecture; authentication, authorization and accounting; security in cloud computing/CPS/M2M/social networks; security in mobile and wireless communications; security in parallel and distributed systems; and miscellaneous security issues.
- Privacy related issues: privacy in Web-based applications and services; privacy in database systems; privacy in e-commerce and e-government; privacy in network deployment and management; privacy in cloud computing/CPS/M2M/social networks; privacy in mobile and wireless communications; privacy in parallel and distributed systems; and miscellaneous privacy issues.

For more information, please see http://ieeexplore.ieee.org/stamp/stamp.jsp?arnumber=06189839.

Elsevier Information Security Technical Report, Special Issues on Media Content and Software Protection, July 2013, (Submission Due 15 September 2012) [posted here 09/04/2012]

Editors: Sabu Emmanuel (Nanyang Technological University, Singapore), Mohan S. Kankanhalli (National University of Singapore, Singapore), and Tony Thomas (Indian Institute of Information Technology and Management, India)

Owing to the advances in digital and networking technologies, media is now usually created, recorded, stored and distributed in the digital form. Sometimes digital media needs to be protected from unauthorized usage/ distribution and sometimes it is to be used as evidence in the court of law. However, media in digital form is neither safe from unauthorized distributions nor can be automatically considered as being authentic. Digital media can be easily replicated and distributed through networks or through stored media. They can be easily edited using digital media editing tools and thus the evidence can be forged. Thus protecting digital media against unauthorized copying and distribution as well as detecting forgery using forensics techniques are of great importance and challenge in media research. Like media content, software protection has also recently attracted tremendous commercial interest, from major software vendors to content providers including the movie and music recording industries. Software security and protection play an important role in software engineering. Attacks such as piracy, reverse engineering and tampering can exploit the weaknesses of poorly protected software. Hence, it is vital to develop techniques for threat analysis, evaluation standards, metrics and new software protection mechanisms that can protect software from various threats and attacks. Media and software protection techniques are intended to protect the rights of the owners in scenarios in which the participants often have conflicting goals and interests. This adversarial situation introduces many interesting new twists on classical problems in security. This special issue on Media Content and Software Protection is intended to bring forth the recent advancements in this area. Original and unpublished contributions covering and not limited to the following and related issues concerned with media content and software protection are solicited:
- Digital Rights Management
- Digital Watermarking
- Encryption Mechanisms for Media and Software Protection
- Security Mechanisms for Surveillance Data
- Multimedia and Software Ownership, Identification and Filtering
- Digital Content Fingerprinting and Near Copy Detection
- Copyright Protection of Text, Audio, Image, Video, Graphics and Ebooks
- Digital Content Protection in Social Networks and Peer-to-Peer Networks
- Digital Media Forensics: Forgery Detection and Device Characterization & Identification
- Software Watermarking
- Software Obfuscation Techniques
- Software Protection Based on Virtual Machine
- Software Protection Metrics and Measurements
- Platform Dependency and Impact on Software Protection Techniques
- Software Protection on Evolving Platforms
- Software Protection Supporting Technologies
- Trusted Hardware Approaches for Media and Software Protection

For more information, please see http://www.journals.elsevier.com/information-security-technical-report/call-for-papers/special-issue-on-media-content-and-software-protection/.

IEEE Signal Processing Magazine, Special Issue on Signal Processing for Cyber-security and Privacy, April 2013, (Submission Due 30 August 2012) [posted here 08/20/2012]

Editors: Lalitha Sankar (Arizona State University, USA), H. Vincent Poor (Princeton University, USA), Mérouane Debbah (Supelec, Gif-sur-Yvette, France), Kannan Ramchandran (University of California Berkeley, USA), and Wade Trappe (Rutgers University, USA)

Information technology and electronic communications have been rapidly applied to many spheres of human activity, including commerce, medicine and social networking. This has led to the creation of massive electronic repositories for distributed information storage and processing, which enables access by a large number of authorized users. The need for timely access to electronic data makes it imperative to guarantee the security and privacy of this data. Traditionally, electronic data security has been ensured via cryptographic techniques, but these distributed data systems require security and privacy mechanisms at all levels of the system. Thus, providing precise guarantees on the security and privacy of electronic information requires leveraging a range of information processing techniques beyond traditional cryptography to ensure secure distributed storage and access mechanisms. The problems of information exchange, interaction, and access lend themselves to fundamental information processing abstractions and theoretical analysis. The tools of rate-distortion theory, distributed compression algorithms, distributed storage codes, machine learning for feature identification and suppression, and compressive sensing and sampling theory are fundamental and can be applied to precisely formulate and quantify the tradeoff between utility and privacy in a variety of domains. Thus, while rate-distortion theory and information-theoretic security can provide fundamental bounds on privacy and security leakage of distributed data systems, the information and signal processing techniques of compressive sensing, machine learning, and graphical models are the key ingredients necessary to achieve these performance limits in a variety of applications involving streaming data (smart grid, intelligent data collection), distributed data storage (cloud), and interactive data applications across a number of platforms. This special issue seeks to provide a venue for ongoing research in information and signal processing for security and privacy applications across a wide variety of domains, including communication media (e.g. ranging from wireless networks at the edge to optical backbones at the core of the Internet), to computer systems (e.g. ranging from traditional computer architectures to distributed systems, including cloud computing). Topics of Interest include (but are not limited to):
- Signal processing for information-theoretic security
- Data mining and analysis for anomaly and intrusion detection
- Forensic analysis: device identification, recovery of lost/corrupted information
- Information processing in the encrypted domain
- Security in distributed storage systems
- Codes for security in distributed storage and cloud computing
- Location privacy and obfuscation of mobile device positioning
- Physical layer security methods: confidentiality and authentication
- Secure identity management
- Formalized models for adversaries and threats
- Techniques to achieve covert or stealthy communication
- Stochastic models for large data repositories and for streaming data in cyber-physical systems

For more information, please see http://www.signalprocessingsociety.org/uploads/email/SPM_SI.html.

IEEE Internet Computing, Track Articles on Computer Crime, 2012, (Submission will be accepted for this track from 15 July 2011 to 15 July 2012) [posted here 05/23/11]

Editors: Nasir Memon (New York University, USA) and Oliver Spatscheck (AT&T, USA)

As the Internet has grown and extended its reach into every part of people’s lives, it shouldn’t be surprising that criminals have seized the opportunity to expand their activities into this new realm. This has been fostered in particular by the fact that the Internet was designed as an open and trusting environment. Unfortunately many of these architectural choices are fundamental to the Internet’s success and current architecture and are therefore hard to overcome. Computer crime ranges from rather simple crimes such as theft of intellectual property or computer and network resources to complex cooperate espionage or even cyber terrorism. This special track for Internet Computing seeks original articles that cover computer crime as it relates to the Internet. Appropriate topics include:
- trends and classification of criminal activities on the Internet;
- computer crime prevention, including approaches implemented in user interfaces, end user systems, networks, or server infrastructure;
- case studies of criminal activities;
- computer forensics;
- impact assessments of criminal activities on the Internet; and
- new architectures to prevent Internet crime
Track articles run one per issue for a single calendar year. Articles will be run in the order in which they are accepted for publication.

For more information, please see http://www.computer.org/portal/web/computingnow/cfptrack.

IEEE Network Magazine, Special Issue on Cyber Security of Networked Critical Infrastructures, January 2013, (Submission Due 1 June 2012) [posted here 12/5/11]

Editors: Saeed Abu-Nimeh (Damballa Inc., USA), Ernest Foo (Queensland University of Technology Australia, Australia), Igor Nai Fovino (Global Cyber Security Center, Italy), Manimaran Govindarasu (Iowa State University, USA), and Tommy Morris (Mississippi State University, USA)

The daily lives of millions of people depend on processing information and material through a network of critical infrastructures. Critical infrastructures include agriculture and food, water, public health, emergency services, government, the defense industrial base, information and telecommunications, energy, transportation and shipping, banking and finance, chemical industry and hazardous materials, post, national monuments and icons, and critical manufacturing. Disruption or disturbance of critical infrastructures can lead to economical and human losses. Additionally, the control network of most critical installations is integrated with broader information and communication systems, including the company business network. Most maintenance services on process control equipment are performed remotely. Further, the cyber security of critical infrastructure systems has come into focus recently as more of these systems are exposed to the Internet. Therefore, Critical Infrastructure Protection (CIP) has become a topic of interest for academics, industries, governments, and researchers in the recent years. A common theme among critical infrastructure is the dependence upon secure cyber systems for command and control. This special issue will focus on network aspects that impact the cyber security of Critical Infrastructure Protection and Resilience. Tutorial based manuscripts which cover recent advances in one or more of the topic areas below are requested. Topics may include (but are not limited to):
- Security of supervisory control and data acquisition (SCADA) systems
- Security of the smart grid
- Cyber security of industrial control systems
- Security of complex and distributed critical infrastructures
- DNS and Internet Security (as critical infrastructures)
- Security metrics, benchmarks, and data sets
- Attack modeling, prevention, mitigation, and defense
- Early warning and intrusion detection systems
- Self-healing and self-protection systems
- Advanced forensic methodologies
- Cyber-physical systems security approaches and algorithms
- Critical infrastructure security policies, standards and regulations
- Vulnerability and risk assessment methodologies for distributed critical infrastructures
- Simulation and testbeds for the security evaluation of critical infrastructures

For more information, please see http://dl.comsoc.org/livepubs/ni/info/cfp/cfpnetwork0113.htm.

IEEE Transactions on Information Forensics and Security, Special Issue on Privacy and Trust Management in Cloud and Distributed Systems, June 1, 2013, (Submission Due 31 May 2012) [posted here 03/12/12]

Editors: Karl Aberer (École Polytechnique Fédérale de Lausanne, Switzerland), Sen-ching Samson Cheung (University of Kentucky, USA), Jayant Haritsa (Indian Institute of Science, India), Bill Horne (Hewlett-Packard Laboratories, USA), Kai Hwang (University of Southern California, USA), and Yan (Lindsay) Sun (University of Rhode Island, USA)

With the increasing drive towards availability of data and services anytime anywhere, privacy risks have significantly increased. Unauthorized disclosure, modification, usage, or uncontrolled access to privacy-sensitive data may result in high human and financial costs. In the distributed computing environments, trust plays a crucial role in mitigating the privacy risk by guaranteeing meaningful interactions, data sharing, and communications. Trust management is a key enabling technology for security and privacy enhancement. While privacy preservation and trust management are already challenging problems, it is imperative to explore how privacy-oriented and trust-oriented approaches can integrate to bring new solutions in safeguarding information sharing and protecting critical cyber-infrastructure. Furthermore, there are questions about whether existing trust models and privacy preserving schemes are robust against attacks. This Call for Papers invites researchers to contribute original articles that cover a broad range of topics related to privacy preservation and trust management in cloud and distributed systems, with a focus on emerging networking contexts such as social media, cloud computing, and power grid systems. Example topics include but are not limited to:
- Privacy Enhanced Technology: privacy preserving data mining, publishing, and disclosure; access control, anonymity, audit, and authentication; applied cryptography, cryptanalysis, and digital signatures in PET; abuse cases and threat modeling; theoretical models and formal methods; application of physical security for privacy enhancement.
- Trust and Reputation Management: trust management architectures and trust models; quantitative metrics and computation; security of trust management protocols/systems; evaluation and test bed; trust related privacy enhancement solutions.
- Privacy and Trust in Emerging Complex Systems including: social networking; cloud computing; power grid systems; sensor networks; Internet of Things; multimedia surveillance networks.
- Other Related Topics such as trust and privacy policies; human factors and usability; censorship; economics of trust and privacy; behavior modeling.

For more information, please see http://www.signalprocessingsociety.org/uploads/special_issues_deadlines/privacy_policy.pdf.

IEEE Network Magazine, Special Issue on Computer Network Visualization, November/December 2012 issue. (Submission Due 1 May 2012) [posted here 04/09/12]

Editors: John Goodall (Oak Ridge National Lab, USA), John Gerth (Stanford University, USA), and Florian Mansmann (University of Konstanz, Germany)

Computer networks are dynamic, growing, and continually evolving. As complexity grows, it becomes harder to effectively communicate to human decision-makers the results of methods and metrics for monitoring networks, classifying traffic, and identifying malicious or abnormal events. Network administrators and security analysts require tools that help them understand, reason about, and make decisions about the information their analytic systems produce. To this end, information visualization and visual analytics hold great promise for making the information accessible, usable, and actionable by taking advantage of the human perceptual abilities. Information visualization techniques help network administrators and security analysts to quickly recognize patterns and anomalies; visually integrate heterogeneous data sources; and provide context for critical events. This special issue seeks original articles examining the state of the art, open issues, research results, evaluations of visualization and visual analytic tools, and future research directions in computer network visualization and visual analytics. All submissions should be written to be understandable and appealing to a general audience. Research papers should contain a substantial amount of tutorial content and minimal mathematics. Topics of interest include, but are not limited to:
- Uses of visualization for network status monitoring and situational awareness
- Visualization methods employed in the classification of network traffic and its analysis
- Visualization methods enhancing network intrusion detection and anomaly detection
- Visualization methods for the analysis of network threats (e.g. botnets)
- Visualization methods for the analysis of network routing
- Methods for integrating analytics and visualization together for network analysis tasks
- Methods for visually integrating heterogeneous data sources to support network analysis tasks
- Case studies of open source visualization tools in network analysis tasks
- Evaluations of network visualization tools in situ

For more information, please see http://dl.comsoc.org/livepubs/ni/.

IEEE Signal Processing Magazine, Special Issue on Signal Processing in the Encrypted Domain: when Cryptography Meets Signal Processing, March, 2013, (Submission Due 15 April 2012) [posted here 03/12/12]

Editors: M. Barni (University of Siena, Italy), T. Kalker (Huawei, USA), and S. Katzenbeisser (Techn. Universität Darmstadt, Germany)

Computing with signals that are encrypted or otherwise hidden (often referred to as S.P.E.D. for signal processing in the encrypted domain) is a fascinating challenge that has caught the attention of a large number of researchers. In the last 5 years theoretical and practical advances in this field have been impressive, thus contributing to bring S.P.E.D. technology closer to real life requirements. As a matter of fact, the usage of S.P.E.D. techniques in real-world applications starts being viable, at least in cases where a suitable trade-off between efficiency and security is possible. The goal of this special issue is to introduce the readers of the Signal Processing Magazine to this new exciting and challenging discipline, providing them with the basic primitives S.P.E.D. relies on, and presenting the latest developments in the field, with particular attention to the role that the signal processing community may play in this field. Tutorial and survey papers, as well as papers illustrating the applications of S.P.E.D. techniques in in selected scenarios are solicited.

For more information, please see http://www.signalprocessingsociety.org/uploads/Publications/SPM/cryptography.pdf.

Wiley Security and Communication networks, Special Issue on Trust and Security in Cloud Computing, 2012, (Submission Due 14 January 2012) [posted here 12/5/11]

Editors: Ryan K L Ko (HP Labs, Singapore), Markus Kirchberg (HP Labs, Singapore), Bu Sung Lee (Nanyang Technological University, Singapore)

This special issue focuses on the research challenges and issues in trust and security in cloud computing. It aims to collect contributions by researchers from both academia and industry, showthe latest research results and methodologies addressing top concerns in trust and security in cloud computing, and provide valuable information to researchers as well as practitioners, standards developers and policymakers. Topics of interest include, but are not limited to:
- Malware detection in cloud computing
- Cryptography and encryption techniques for cloud computing
- Privacy in cloud computing
- Data obfuscation for cloud computing
- Accountability in cloud computing
- Security in virtualized environments
- Governance, regulation and compliance in cloud computing
- Data analytics for security in cloud computing
- Visualization for security in cloud computing
- Cloud computing threat detection techniques
- Trust in cloud services
- Trust reputation systems for cloud computing
- Reports on critical, real-life security and trust use cases in cloud computing
- Secure and trusted workflows in cloud computing
- Attacks and disaster preparation, recovery, and response
- Application and practical experiences
- Data security, privacy, retention and recovery
- Position papers on issues in security and trust in cloud computing

For more information, please see http://onlinelibrary.wiley.com/doi/10.1002/sec.369/full.

Elsevier Computer Networks, Special Issue on Botnet Activity: Analysis, Detection and Shutdown, 2012, (Submission Due 19 December 2011) [posted here 09/12/11]

Editors: Ronaldo Salles (Military Institute of Engineering, Brazil), Guofei Gu (Texas A&M University, USA), Thorsten Holz (Ruhr-University Bochum, Germany), and Morton Swimmer (Trend Micro Deutschland, Germany)

Large scale attacks and criminal activities experienced in recent years have exposed the Internet to serious security breaches, and alarmed the world regarding cyber crime. In the center of this problem are the so called botnets -- collections of infected zombie machines (bots) controlled by the botmaster to perpetrate malicious activities and massive attacks. Some recent botnets are composed of millions of infected machines, making use of this attack vector inevitably harmfully. Hence, it is paramount to detect, analyze and shutdown such overlay networks before they become active. This special issue of Computer Networks is intended to foster the dissemination of high quality research in all aspects regarding botnet activity, detection and countermeasures. The objective of this special issue is to publish papers presenting detection algorithms, traffic monitoring and identification, protocols and architectures, as well as botnet modeling, behavior, simulation, statistics, dissemination, analysis, preventive procedures and possible countermeasures. Only technical papers describing previously unpublished, original, state-of-the-art research, and not currently under review by a conference or journal will be considered. We solicit papers in a variety of topics related to botnet research including, but not limited to:
- Traffic Monitoring and Detection Algorithms
- Data Collection, Statistics and Analysis
- Modeling Behavior and Simulation
- Protocols and Architectures (IRC, HTTP, P2P, etc)
- Firewalls and IDS
- Cyber Crime Case Studies
- Reverse Engineering and Automated Analysis of Bots
- Honeypots and Honeynets
- New Platforms: Cellular and Wireless networks, Mobile devices, TV, etc.
- Legal Issues and Countermeasures
- Underground Markets, Vulnerability Markets and Zero-day Economics
- Mini-Botnets

For more information, please see http://www.elsevierscitech.com/dronsite/CFP_SIonBotnetActivity.pdf.

IEEE Systems Journal, Special Issue on Security and Privacy in Complex Systems, 2012, (Submission Due 1 October 2011) [posted here 07/04/11]

Editors: Sushil Jajodia (George Mason University, USA) and Pierangela Samarati (Universita` degli Studi di Milano, Italy)

Today's information society relies on a globally interconnected infrastructure composed of diverse and widely distributed systems. It is of utmost importance to ensure proper protection to such complex systems, or systems-of-systems, to ensure security, privacy, and availability of the infrastructure as well as of resources and information it provides and manages. The problem is far from trivial, due to the criticality and the social impact of the applications and services relying on this global infrastructure, as well as the complexity given by the co-existence and co-operation of, possibly heterogeneous, component systems. The goal of this special issue is to collect high-quality contributions on security and privacy in complex systems and systems-of-systems. We solicit submissions from academia, industry, and government presenting novel and original research on all theoretical and practical aspects of security and privacy in complex systems. The focus of the special issue spans security and privacy theory, technology, methodology, and applications in complex systems. Submitted papers should therefore explicitly address issues in the complex system scenario. Topics of interest include, but are not limited, to the ones listed below provided that they are treated with specific focus on the complex system scenario:
- access control
- anonymity
- applied cryptography
- authentication
- biometric security and privacy
- cyber warfare and security
- complex systems security
- computer forensics
- critical infrastructure protection
- data and application security
- data protection
- data/system integrity
- dependability, reliability, and availability
- formal methods for security and privacy
- human factors in security and privacy
- identity management
- insider threats
- intrusion detection and prevention
- knowledge extraction/representation for security
- legal and ethical issues
- middleware security
- network security
- operating systems security and privacy
- protection from cyberhacking
- security engineering
- secure environments and applications
- secure interoperability
- security and privacy metrics
- security and privacy policies
- security and privacy in cloud computing
- security and privacy in ad hoc networks
- security and privacy in e-services
- security and privacy in grid computing
- security and privacy in mobile systems
- security and privacy in monitoring systems
- security and privacy in industrial systems
- security and privacy in pervasive/ubiquitous computing
- security and privacy in sensor networks
- security and privacy in smart grid and distributed generation systems
- security and privacy in social applications and networks
- security and privacy in wireless sensor networks
- security architectures
- security management in complex scenarios
- social implications of security and privacy
- surveillance systems
- threats, vulnerabilities, and risk management
- transportation systems
- trust management
- usable security for complex systems
- verification and validation of complex systems
- web service security

For more information, please see http://isj.engineering.utsa.edu/special.php?issue=spc.

Elsevier Computers & Electrical Engineering, Special Issue on Recent Advances in Security and Privacy in Distributed Communications, September 2012, (Submission Due 30 September 2011) [posted here 06/20/11]

Editors: Gregorio Martinez (University of Murcia, Spain), Felix Gomez Marmol (NEC Laboratories Europe, Germany), and Jose M. Alcaraz Calero (Hewlett-Packard Laboratories, United Kingdom)

Security services need to be considered as part of most communication proposals being discussed nowadays in distributed communication environments. Additionally, in the last few years, privacy has been gaining interest from both the designers and the customers of security solutions, thus being considered now as a key aspect for them. For a good security and/or privacy design, one needs to be informed of the latest advances in this field, this being the main objective of this special issue. This special issue is intended to report the most recent research works related to security and privacy, particularly in the following fields:
- Anonymity
- Authentication
- Authorization and access control
- Critical Infrastructure Protection (CIP)
- Data integrity and protection
- Identity Management
- Intrusion detection and prevention
- End-to-end security solutions
- Privacy enhancing technologies
- Risk analysis and management
- Security policies
- Threats and vulnerabilities
- Trust and reputation management in distributed scenarios

For more information, please see http://www.elsevierscitech.com/cfp/CEE-SI-Recent-Advances-Security-Privacy.pdf.

International Journal of Information Security, Special Issue on SCADA and Control System Security, 2012, (Submission Due 21 August 2011) [posted here 05/23/11]

Editor: Irfan Ahmed (Queensland University of Technology, Australia), Martin Naedele (ABB Corporate Research, Switzerland), Charles Palmer (Dartmouth College, USA), Ryoichi Sasaki (Tokyo Denki University, Japan), Bradley Schatz (Queensland University of Technology, Australia), and Andrew West (Invensys Operations Management, Australia)

Supervisory control and data acquisition (SCADA) and industrial control systems monitor and control a wide range of industrial and infrastructure processes such as manufacturing production lines, water treatment, fuel production and electricity distribution. Such systems are usually built using a variety of commodity computer and networking components, and are becoming increasingly interconnected with corporate and other Internet-visible networks. As a result, they face significant threats from internal and external actors. For example, the now famous Stuxnet (which is a Windows-specific computer worm containing a rootkit and four zero-day attacks) was specifically written to attack SCADA systems that alone caused multi-million dollars damages in 2010. The critical requirement for high availability in SCADA and industrial control systems, along with the use of bespoke, resource constrained computing devices, legacy operating systems and proprietary software applications limits the applicability of traditional information security solutions. Thus, research focusing on devising security solutions that are applicable in the control systems context is imperative, as evidenced by the increased focus on the problem by governments worldwide. This Special Issue aims to present the latest developments, trends and research solutions addressing security of the computers and networks used in SCADA and other industrial control systems. The topics of interest include but not limited to, intrusion detection and prevention, malware, vulnerability analysis of control systems protocols, digital forensics, application security and performance impact of security methods and tools in control systems. This list is not exhaustive and other relevant topics will be considered.

For more information, please see http://springerlink.com/content/c228708131853np8/fulltext.pdf.

Wiley Security and Communication Networks Journal, Special Issue on Applications of Machine Learning Techniques to Intrusion Detection and Digital Forensics, 2012, (Submission Due 15 August 2011) [posted here 06/20/11]

Editor: Ajith Abraham (Norwegian University of Science and Technology, Norway), Anjali Sardana (Indian Institute of Technology Roorkee, India), ManPyo Hong (Ajou University, South Korea), Irfan Ahmed (Queensland University of Technology, Australia), Rafael Accorsi (University of Freiburg, Germany)

The security of computers and their networks is a major concern. As the computing devices become more pervasive and connected (such as from personal computer running a simple desktop application to embedded systems controlling a critical infrastructure), they face versatile and unknown threats ranging from sophisticated malwares, to less prevalent but still serious attacks like Web site defacement, denial of service attacks, financial fraud and network break-ins. They are both critical and costly and required to be detected in-time. Moreover, the detection of intrusions often leads to the forensic investigation requiring the acquisition of massive volume of data and their analysis. The manual effort to deal with the problems is costly and time consuming and thus, brings the need of machine learning techniques that are often used to efficiently and reliably perform this labour intensive work. In this special issue, we plan to present the cutting edge research focusing on intrusion detection and digital forensics with the application of machine learning techniques. The Journal is soliciting submissions based on an open call for papers covering areas that are included but not limited to the following:
- Detection of known or unknown exploitable vulnerabilities
- Detection of known or unknown attacks
- Deception systems and honeypots
- Smart phone and Digital Forensics
- Network and host intrusion detection
- Anomaly and specification-based approaches
- Application security
- Spam, botnets, viruses, malwares
- Web security
- Log analysis
- Forensic analysis of large datasets
- Online forensic analysis
- Forensic analysis of social networks
- 3D forensic scene model generation and analysis
- Network forensics
- Data acquisition

For more information, please see http://onlinelibrary.wiley.com/doi/10.1002/sec.344/full.

Security and Communication Networks (SCN), Special Issue on Security and Privacy in Ubiquitous Computing, 2012, (Submission Due 20 May 2011) [posted here 01/31/11]

Editor: Ali Miri (Ryerson University, Canada), Nen-Fu Huang (National Tsing Hua University, Taiwan, ROC), and Abderrahim Benslimane (University of Avignon, France)

The research area of mobile computing has become more important following the recent widespread drive towards mobile ad hoc networks, wireless sensor networks and vehicular ad hoc network tracking technologies and their applications. The availability of high bandwidth 3G infrastructures and the pervasive deployment of low cost WiFi infrastructures and WiMAX to create hotspots around the world serve to accelerate the development of mobile computing towards ubiquitous computing. Security and privacy in converged computing systems are considered an important part of these systems, and pose challenging open problems. This special issue will focus on the research challenges and issues in security and privacy in ubiquitous computing. Manuscripts regarding novel algorithms, architectures, implementations and experiences are welcome. Topics include but are not limited to:
- Secure architectures for converged communication networks
- Multi-hop authentication and authorization
- Context-aware security in computing
- Security management of mobile data
- Security for ubiquitous multimedia communication
- Secure user interactions and ubiquitous services
- Security and privacy in location based services
- Security and privacy in mobile social networks
- Trust management in ubiquitous services
- Security in home networks
- Homeland security and surveillance
- Trusted cloud computing
- Secure group communication/multicast
- Secure machine-to-machine communication
- Security in portable devices and wearable computers
- Privacy protection in distributed data mining
- Energy efficient intrusion detection schemes in mobile computing

For more information, please see http://www3.interscience.wiley.com/journal/114299116/home.

Security and Communication Networks (SCN), Special Issue on Protecting the Internet of Things, 2011-12, (Submission Due 15 April 2011) [posted here 04/11/11]

Editor: Jim Clarke (Waterford Institute of Technology, Ireland), Stefanos Gritzalis (University of the Aegean, Greece), Rodrigo Roman (University of Malaga, Spain), and Jianying Zhou (Institute for Infocomm Research, Singapore)

The central element of the vision of the Internet of Things (IoT) is the existence of a network of interconnected objects (from books to cars, from electrical appliances to food) that will be able not only to obtain information from their surroundings and interact with the physical world, but also to use existing Internet standards to provide services. However, security is extremely important for achieving this goal. As this worldwide network of interconnected objects can be exploited anywhere by anyone and anytime, it is necessary to enhance it with strong security foundations able to give birth to a world-changing paradigm. This special issue is proposed to cover research results and innovation case studies on security for the Internet of Things. Topics include but are not limited to:

- Secure architectures for converged communication networks
- Multi-hop authentication and authorization
- Context-aware security in computing
- Security management of mobile data
- Security for ubiquitous multimedia communication
- Secure user interactions and ubiquitous services
- Security and privacy in location based services
- Security and privacy in mobile social networks
- Trust management in ubiquitous services
- Security in home networks
- Homeland security and surveillance
- Trusted cloud computing
- Secure group communication/multicast
- Secure machine-to-machine communication
- Security in portable devices and wearable computers
- Privacy protection in distributed data mining
- Energy efficient intrusion detection schemes in mobile computing

For more information, please see http://www3.interscience.wiley.com/journal/114299116/home.

International Journal of Secure Software Engineering, Special Issue on Lessons Learned in Engineering Secure & Dependable Web Applications, January/February 2012, (Submission Due 7 March 2011) [posted here 01/17/11]

Editor: Martin Gilje Jaatun (SINTEF ICT, Norway), Edgar Weippl (SBA Research, Austria), and Riccardo Scandariato (KU Leuven, Belgium)

Software is an integral part of everyday life, and we expect and depend upon software systems to perform correctly. Software security is about ensuring that systems continue to function correctly also under malicious attack. As most systems now are web-enabled, the number of attackers with access to the system increases dramatically and thus the threat scenario changes. The traditional approach to secure a system includes putting up defense mechanisms such as Intrusion Detection Systems and firewalls, but such measures are no longer sufficient by themselves. We need to be able to build better, more robust and thus more secure systems. Even more importantly, however, we should strive to achieve these qualities in all software systems, not just the ones that need special protection. This special issue will focus on techniques, experiences and lessons learned for engineering secure and dependable software for the web. Suggested topics include, but are not limited to:
- Secure architecture and design
- Security in agile software development
- Aspect-oriented software development for secure software
- Security requirements
- Risk management in software projects
- Secure implementation
- Secure deployment
- Testing for security
- Quantitative measurement of security properties
- Static and dynamic analysis for security
- Verification and assurance techniques for security properties
- Lessons learned
- Security and usability
- Teaching secure software development
- Experience reports on successfully attuning developers to secure software engineering

For more information, please see http://www.sislab.no/ijsse.

IEEE Security and Privacy Magazine, Special Issue on Living with Insecurity, November/December 2011, (Submission Due 23 February 2011) [posted here 11/30/10]

Editor: Deborah A. Frincke (PNNL, USA) and Bill Arbaugh (University of Maryland, USA)

Many approaches to security start with the assumption that there is a trustworthy and secure base on which one can build, perhaps based on some provably correct hardware platform. In contrast, this issue seeks papers that start with the opposite assumption. While a computing environment in which all of our devices are reliable and secure sounds appealing, that is not the world in which we live. For the foreseeable future, we will be living and working in an environment of vulnerable, unreliable systems, where we still wrestle with definitions of what it even means to be secure. This special edition focuses on how we can live with insecurity, how our devices and systems can support users at home and at work, when the underlying base is potentially compromised and users themselves may be untrustworthy or unfocused on security. In this themed issue we are particularly interested in papers that address the implications of building software and hardware upon an admittedly untrustworthy basis, across the full spectrum of design, development, testing, use, and maintenance of digitally based systems. We are also interested in policy and regulatory issues related to our topic. Potential topics and questions related to living with security include:
- effects on system design, development, testing, maintenance, procurement
- organizational implications for business risk, organization
- liability, privacy support
- ways to assist the home user in determining the risk
- factors within a particular computing environment implications for user interfaces and user behavior
- means for synthesizing trustworthy islands or subspaces within untrustworthy environments
- implications for assessing business risk or corporate liability when systems are acknowledged to be potentially compromised
- parallels with other domains in which some desired attribute is acknowledged to be unattainable in practice that could assist us with living with insecurity’
- methods for distinguishing relatively dangerous neighborhoods in cyberspace from relatively benign ones

For more information, please see http://www.computer.org/portal/web/computingnow/spcfp6.

Cybercrime and Cloud Forensics: Applications for Investigation Processes (Call for Chapters), (Chapter proposal submission Due 3 December 2010) [posted here 11/8/10]

Editor: Cyril Onwubiko (Research Series Ltd, London, UK) and Thomas Owens (Brunel University, London, UK)

Cloud computing has the potential to become one of the most transformative developments in how information technology services are created, delivered, and accessed. However, cloud computing represents both opportunity and crisis for cybercrime investigation and digital forensics. With the rise of cyber attacks and various crimes in the highly complex multi-jurisdictional and multi-tenant cloud environments, there is an urgent need to extend the applications of investigation processes into the Cloud. This book will introduce the new area of cloud forensics and collect research and case studies on current, state-of-the-art applications for investigation processes in cloud computing environments. Chapters may address cloud forensics applications from the perspectives of cloud providers, cloud customers, security architects, law enforcement agencies, research institutes, etc. This book will serve as a reference for cloud communities, digital forensics practitioners, researchers who wish to understand current issues, advancing research, and technical innovations in the field of cloud forensics. Recommended topics include, but are NOT limited to the following:
Cloud customers (enterprise, government, etc.)
- Cloud adoption
- Usage scenarios
- Forensic demand/usage
- Forensic capability
- Sample crime/policy violation cases
- Sample investigation cases/scenarios/processes
Cloud providers
- The evolution of cloud computing
- Future of cloud computing
- Cloud services
- Forensic demand/usage
- Forensic capability
- Sample crime/policy violation cases
- Sample investigation cases/scenarios/processes
Law Enforcement
- Digital forensics and law
- Current state of art of cyber law
- International collaboration in battling cyber crime
- Cloud computing and law
- Multi-jurisdiction issues
- Multi-tenancy issues
- Service level agreement and cloud forensics
- Digital evidence and cloud evidence and evidence admission
- Cyber policing
- Sample crime cases
- Sample investigation cases/scenarios/processes
Digital Forensics Practice and Research
- History and development of digital forensics
- The rise of cybercrime
- Cloud computing a new battlefield
- Sample crime cases
- Digital forensic process
- Applications of digital forensic process in cloud computing
- Challenges in applying current digital forensic best practices to cloud computing
- Future of cloud forensics
- Sample investigation cases/scenarios/processes
Security Architecture and Forensic Awareness
- Public cloud
- Private cloud
- Hybrid cloud
- Infrastructure as a Service
- Platform as a Service
- Software as a Service
- Forensics as a Service
- Ethical hacking

For more information, please see http://igi-global.com/AuthorsEditors/AuthorEditorResources/CallForBookChapters/CallForChapterDetails.aspx?CallForContentId=41b320c0-7dd0-489c-b996-c5a9dcf81cb4.

Situational Awareness in Computer Network Defense: Principles, Methods and Applications (Call for Chapters), (Chapter proposal submission Due 15 November 2010) [posted here 10/11/10]

Editor: Cyril Onwubiko (Research Series Ltd, London, UK) and Thomas Owens (Brunel University, London, UK)

This book will provide security practitioners, academia and organizations insights into practical and applied solutions, frameworks, technologies, and implementations, for situational awareness in computer networks. The book will present situational awareness solutions in computer network defence (CND) currently being researched or deployed in book chapters contributed by leading researchers and practitioners in the field. The key objective is to fill a gap that exists in the way CND and security is being approached by formalizing the use of situational awareness in computer network security and defence. This will be achieved by providing contributions to situational awareness in network security and CND made through research, the prescription of formal concepts, and implementations. The book will supplement chapters on the theoretical (research) aspects of situational awareness in CND with discussion of their real-world implications and where applicable their implementations. The theoretical chapters will be complemented by chapters that address existing solutions for situational awareness in CND and the issues associated with them. Recommended topics include, but are not limited to the following:
- Theoretical Underpinnings of Situational Awareness
- Analysis of Situational Awareness in Computer Networks
- Functional Requirements of Situational Awareness for Computer Network Security
- Situational Assessment and Human Factors
- Situational Assessment and Decision Marking
- Situational Understanding in Command and Control Networks (CCN)
- Situational Awareness in Military Operations
- Situational Awareness in C4ISR (Command, Control, Communications, Computers, Intelligence, Surveillance and Reconnaissance)
- Computer Network Defence (CND)
- Computer Network Operations
- Usefulness of Data Fusion for Security Incident Analysis
- Security incident analysis - Data Association and Correlation
- Security Information Visualization
- Security Monitoring
- Implementing Situational Awareness Systems
- Emerging Applications of Situational Awareness Solutions
- Incident Response and Management and Emergency Preparedness
- Computer Security Incident Response Teams (CSIRT)
- Information Security Metrics and Measurement
- Digital Forensics
- Forensics and Investigation Issues
- Digital Forensic Information Analysis
- Enterprise Information Security Policies, Standards and Procedures
- Risk Management, Governance and Compliance
- National and Critical Infrastructure Security Issues
- Trust, Privacy and Anonymity Issues
- Application Security, Audits and Penetration Testing
- Information Security
- Risk Assessment & Management
- Information Security Management Frameworks
- Security Event and Information Management
- Risks posed by Wireless Networks, including through the use of Mobile Computing, Smartphones & Apps in a CND environment

For more information, please see http://www.igi-global.com/AuthorsEditors/AuthorEditorResources/CallForBookChapters/CallForChapterDetails.aspx?CallForContentId=216a3334-f89b-4bd3-9681-208c67e34285.

IEEE Network, Special Issue on Network Traffic Monitoring and Analysis, May 2011. (Submission Due 15 November 2010) [posted here 07/12/10]

Guest editor: Wei Wang (University of Luxembourg, Luxembourg), Xiangliang Zhang (University of Paris-sud 11, France), Wenchang Shi (Renmin University of China, China), Shiguo Lian (France Telecom R&D Beijing, China), and Dengguo Feng (Chinese Academy of Sciences, China)

Modern computer networks are increasingly complex and ever-evolving. Understanding and measuring such a network is a difficult yet vital task for network management and diagnosis. Network traffic monitoring, analysis and anomaly detection provides useful tools in understanding network behavior and in determining network performance and reliability so as to effectively troubleshoot and resolve the issues in practice. Network traffic monitoring and anomaly detection also provides a basis for prevention and reaction in network security, as intrusions, attacks, worms, and other kinds of malicious behaviors can be detected by traffic analysis and anomaly detection. This special issue seeks original articles examining the state of the art, open issues, research results, tool evaluation, and future research directions in network monitoring, analysis and anomaly detection. Possible topics include:
- Network traffic analysis and classification
- Traffic sampling and signal processing methods
- Network performance measurements
- Network anomaly detection and troubleshooting
- Network security threats and countermeasures
- Network monitoring and traffic measurement systems
- Real environment experiments and testbeds

For more information, please see http://dl.comsoc.org/livepubs/ni/info/cfp/cfpnetwork0511.htm.

Future Generation Computer System, Special Issue on Trusting Software Behavior, 3rd Quarter, 2011. (Submission Due 15 October 2010) [posted here 08/16/10]

Guest editor: Gyungho Lee (Korea University, Korea)

With proliferation of computing in virtually every aspect of modern society (i.e., smart grid, robotic surgery systems, smart phones, etc), trusting software behavior goes with much more profound side effects beyond mere malfunctioning of the system. Trustworthiness of software behavior that controls such critical systems and devices is an essential aspect we need to measure, evaluate and establish. With bugs and intentional compromises through the process of software design, development, deployment and use, software behavior trustworthiness is shaky in terms of empirical basis as well as in terms of theoretical basis. This special section in a forthcoming issue of the Future Generation Computer System (FGCS) journal is to put together the current state-of-the art in measuring, evaluating and fostering trustworthiness for software behavior in diverse contexts of modern and future computing environment. Original technical articles are solicited in all aspects of Trusting Software Behavior. Topics for this special section include, but are not limited to:
- Definitions of and measures for software trustworthiness
- Approaches on evaluation of software trustworthiness
- Techniques and software tools to enhance software trustworthiness
- Trust management
- Architecture support for enhancing software trustworthiness
- Case studies performed on industrial systems

For more information, please see http://ees.elsevier.com/fgcs.

IEEE Transactions on Information Forensics and Security, Special Issue on Using the Physical Layer for Securing the Next Generation of Communication Systems, June 1, 2011. (Submission Due 15 September 2010) [posted here 04/12/10]

Guest editor: Vincent Poor (Princeton University, USA), Wade Trappe (Rutgers University, USA), Aylin Yener (Pennsylvania State University,USA), Hisato Iwai (Doshisha University, Japan), Joao Barros (University of Porto, Portugal), and Paul Prucnal (Princeton University, USA)

Communication technologies are undergoing a renaissance as there is a movement to explore new, clean slate approaches for building communication networks. Although future Internet efforts promise to bring new perspectives on protocol designs for high-bandwidth, access-anything from anywhere services, ensuring that these new communication systems are secure will also require a re-examination of how we build secure communication infrastructures. Traditional approaches to building and securing networks are tied tightly to the concept of protocol layer separation. For network design, routing is typically considered separately from link layer functions, which are considered independently of transport layer phenomena or even the applications that utilize such functions. Similarly, in the security arena, MAC-layer security solutions (e.g. WPA2 for 802.11 devices) are typically considered as point-solutions to address threats facing the link layer, while routing and transport layer security issues are dealt with in distinct, non-integrated protocols like IPSEC and TLS. The inherent protocol separation involved in security solutions is only further highlighted by the fact that the physical layer is generally absent from consideration. This special issue seeks to provide a venue for ongoing research area in physical layer security across all variety of communication media, ranging from wireless networks at the edge to optical backbones at the core of the network. The scope of this special issue will be interdisciplinary, involving contributions from experts in the areas of cryptography, computer security, information theory, signal processing, communications theory, and propagation theory. In particular, the areas of interest include, but are not limited to, the following:
- Information-theoretic formulations for confidentiality and authentication
- Generalizations of Wyner’s wiretap problem to wireless and optical systems
- Physical layer techniques for disseminating information
- Techniques to extract secret keys from channel state information
- Secrecy of MIMO and multiple-access channels
- Physical layer methods for detecting and thwarting spoofing and Sybil attacks
- Techniques to achieve covert or stealthy communication at the physical layer
- Quantum cryptography
- Modulation recognition and forensics
- Security and trustworthiness in cooperative communication
- Fast encryption using physical layer properties
- Attacks and threat analyses targeted at subverting physical layer communications

For more information, please see http://www.signalprocessingsociety.org/publications/periodicals/forensics/forensics-authors-info/.

IEEE Internet Computing, Special Issue on Security and Privacy in Social Networks, May/June 2011. (Submission Due 1 September 2010) [posted here 07/12/10]

Guest editor: Gail-Joon Ahn (Arizona State University, USA), Mohamed Shehab (UNC Charlotte, USA), and Anna Squicciarini (Penn State University, USA)

Social networks where people exchange personal and public information have enabled users to connect with their friends, coworkers, colleagues, family and even with strangers. Several social networking sites have developed to facilitate such social interactions and sharing activities on the Internet over the past several years. The popularity of social networking sites on the Internet introduces the use of mediated­communication into the relationship development process. Also, online social networks have recently emerged as a promising area of research with a vast reach and application space. Users post information on their profiles to share and interact with their other friends in the social network. Social networks are not limited to simple entertaining applications; instead several critical businesses have adopted social networks to attract new customer spaces and to provide new services. The current trends of social networks are indirectly requiring users to become system and policy administrators for protecting their content in this social setting. This is further complicated by the rapid growth rate of social networks and by the continuous adoption of new services on social networks. Furthermore, the use of personal information in social networks raises entirely new privacy concerns and requires new insights on security problems. Several studies and recent news have highlighted the increasing risk of misuse of personal data processed by online social networking applications and the lack of awareness among the user population. The security needs of social networks are still not well understood and are not fully defined. Nevertheless it is clear these will be quite different from classic security requirements. It is important to bring a depth of security experience from multiple security domains and technologies to this field as well as depth and breadth of knowledge about social networks. The aim of this special issue is to encompass research advances in all areas of security and privacy in social networks. We welcome contributions relating to novel technologies and methodologies for securely building and managing social networks and relevant secure applications as well as to cross-cutting issues. Topics of interest: include but are not limited to:
- Access control and identity management
- Delegation and secure collaboration
- Information flow, diffusion and auditing
- Malware analysis in social networks
- Privacy challenges and mechanism
- Risk assessment and management
- Secure social-network application development and methodologies
- Secure object tagging, bookmarking and annotations
- Trust and reputation management
- Usability driven security mechanisms

For more information, please see http://www.public.asu.edu/~gahn1/icsn2011.htm.

Wiley Security and Communication Networks (SCN), Special Issue on Defending Against Insider Threats and Internal Data Leakage, 2011. (Submission Due 31 August 2010) [posted here 04/12/10]

Guest editor: Elisa Bertino (Purdue university, USA), Gabriele Lenzini (SnT-Univ. of Luxembourg, Luxembourg), Marek R. Ogiela (AGH University of Science & Technology, Poland), and Ilsun You (Korean Bible University, Korea)

This special issue collects scientific studies and works reporting on the most recent challenges and advances in security technologies and management systems about protecting an organization's information from corporate malicious activities. It aims to be the showcase for researchers that address the problems on how to prevent the leakage of organizations' information caused by insiders. The contributions to this special issue can conduct state-of-the-art surveys and case-analyses of practical significance, which, we wish, will support and foster further research and technology improvements related to this important subject. Papers on practical as well as on theoretical topics are invited. Topics include (but are not limited to):
- Theoretical foundations and algorithms for addressing insider threats
- Insider threat assessment and modeling
- Security technologies to prevent, detect and avoid insider threats
- Validating the trustworthiness of staff
- Post-insider threat incident analysis
- Data breach modeling and mitigation techniques
- Authentication and identification
- Certification and authorization
- Database security
- Device control system
- Digital forensic system
- Digital right management system
- Fraud detection
- Network access control system
- Intrusion detection
- Keyboard information security
- Information security governance
- Information security management systems
- Risk assessment and management
- Log collection and analysis
- Trust management
- Secure information splitting and sharing algorithms
- Steganography and subliminal channels
- IT compliance (audit)
- Continuous auditing
- Socio-Technical Engineering Attack to Security and Privacy

For more information, please see http://isyou.hosting.paran.com/mist10/SCN-SI-10.pdf.

IEEE Software, Special Issue on Software Protection, March, 2011. (Submission Due 1 August 2010) [posted here 06/07/10]

Guest editor: Paolo Falcarin (University of East London, UK), Christian Collberg (University of Arizona, USA), Mikhail Atallah (Purdue University, USA), and Mariusz Jakubowski (Microsoft Research)

Software protection is an area of growing importance in software engineering and security: leading-edge researchers have developed several pioneering approaches for preventing or resisting software piracy and tampering, building a heterogeneous body of knowledge spanning different topics: obfuscation, information hiding, reverse engineering, source/binary code transformation, operating systems, networking, encryption, and trusted computing. IEEE Software seeks submissions for a special issue on software protection. We seek articles that present proven mechanisms and strategies to mitigate one or more of the problems faced by software protection. These strategies should offer practitioners appropriate methods, approaches, techniques, guidelines, and tools to support evaluation and integration of software protection techniques into their software products. Possible topics include:
- Analysis of legal, ethical, and usability aspects of software protection
- Best practices and lesson learned while dealing with different relevant threats
- Case studies on success and/or failure in applying software protections
- Code obfuscation and reverse-engineering complexity
- Computing with encrypted functions and data
- Protection of authorship: watermarking and fingerprinting
- Remote attestations and network-based approaches
- Security evaluation of software protection's effectiveness
- Software protection methods used by malware (viruses, rootkits, worms, and botnets)
- Source and binary code protections
- Tamper-resistant software: mobile, self-checking, and self-modifying code
- Tools to implement or defeat software protections
- Trusted computing or other hardware-assisted protection
- Virtualization and protections based on operating systems

For more information, please see http://www.computer.org/portal/web/computingnow/swcfp2.

Journal of Network and Computer Applications, Special Issue on Trusted Computing and Communications, 2nd Quarter, 2011. (Submission Due 1 August 2010) [posted here 05/24/10]

Guest editor: Laurence T. Yang (St. Francis Xavier University, Canada) and Guojun Wang (Central South University, China)

With the rapid development and the increasing complexity of computer and communications systems and networks, traditional security technologies and measures can not meet the demand for integrated and dynamic security solutions. As a challenging and innovative research field, trusted computing and communications target computer and communications systems and networks that are available, secure, reliable, controllable, dependable, and so on. In a word, they must be trustworthy. If we view the traditional security as identity trust, the broader field of trusted computing and communications also includes behavior trust of systems and networks. In fact, trusted computing and communications have become essential components of various distributed services, applications, and systems, including self-organizing networks, social networks, semantic webs, e-commence, and e-government. Research areas of relevance would therefore include, but not only limited to, the following topics:
- Trusted computing platform and paradigm
- Trusted systems and architectures
- Trusted operating systems
- Trusted software
- Trusted database
- Trusted services and applications
- Trust in e-commerce and e-government
- Trust in mobile and wireless networks
- Trusted communications and networking
- Reliable and fault-tolerant computer systems/networks
- Survivable computer systems/networks
- Autonomic and dependable computer systems/networks

For more information, please see http://www.elsevier.com/locate/jnca.

International Journal of Information Technologies and Systems Approach, Special Issue on Privacy and Security Issues in IT, 2011. (Submission Due 30 June 2010) [posted here 02/08/10]

Guest editor: Frank Stowell (University of Portsmouth, England) and Vasilis Katos Democritus (University of Thrace, Greece)

The topic of this special issue is motivated by the ease of collection, processing and dissemination of personal data and the concern about the unintended use or misuse of these data. Monitoring technologies are a fundamental component in IS security that serve as a policy violation detection mechanism but the expanding scope of ICT now means that it is not just the client that is affected but often the wider community e.g. CCTV monitoring as what may have been designed for specific end-users now impacts itself upon the majority. Monitoring has turned into systematic surveillance of emails, telephone usage and through CCTV general citizen activities. In a society where privacy is a fundamental human right the antagonism between privacy and security is a research issue of significance IS researchers as IS itself constitutes the means for feeding such antagonism between security and the privacy of the individual. This special issue invites a range of topics related to Privacy and the associated security issues created by the technology. Topics to be discussed in this special issue include (but are not limited to) the following:
- Privacy preservation technologies for the citizen
- Methodologies for analysing privacy requirements of an Information System
- Protection of biometric data
- Analysis and development of a systems view of security and its impact upon individual privacy
- The Economics of security and privacy
- The behavioural impact of monitoring and surveillance technologies
- Opportunities and threats in emerging applications utilizing personal data
- Privacy-centric systems

For more information, please see http://www.igi-global.com/journals/details.asp?ID=6720&v=callForPapersSpecial.

International Journal of Secure Software Engineering (IJSSE), Special Issue on Software Security Engineering Education, March/April 2011. (Submission Due 15 June 2010) [posted here 04/19/10]

Guest editor: Nancy R. Mead (Carnegie Mellon University, U.S.A) and Dan Shoemaker (University of Detroit Mercy, U.S.A)

We can improve software security by improving how we teach software security engineering. However, the problem with teaching correct software security engineering practice is that software security practices could be relevant in a number of places within the Software Engineering Body of Knowledge (SWEBOK). Consequently, secure software assurance content might legitimately fit into many different places in the software engineering education process and, in that respect, could be taught many different ways.

This disjointed approach is not an acceptable method for systematically disseminating secure software engineering practice. There should be coordination and, when possible, standardization of the way that educators promulgate secure software assurance content. Otherwise, we run the risk of producing software engineers with potentially conflicting understandings of the same concepts. Unfortunately, there are two practical barriers to achieving coordinated and standardized software security engineering teaching. First, it is not absolutely clear what specific knowledge and skills should be taught and in what places. Second, there are currently no validated methods for delivering that knowledge once it has been identified. As a result, we are seeking insights in this special issue of the journal about how to confront the challenges of ensuring suitable and appropriate teaching of software security engineering content in higher education. This special issue is designed for software professionals and educators to explore innovative approaches to software security engineering education. The following are some suggested topics, as they relate to software security engineering:
- curricula –undergraduate, graduate, or training
- course materials
- model delivery methods
- student capstone projects and practical experience
- model syllabi
- learning models or unique learning interventions
- distance or asynchronous delivery technologies or approaches
- business or assurance
- cases case study methodologies
- cross-disciplinary collaborations
- literature reviews or supporting materials
- PowerPoint presentations

For more information, please see http://www.igi-global.com/ijsse.

Springer Transactions on Computational Science, Special Issue on Security in Computing, November/December 2010. (Submission Due 30 April 2010) [posted here 02/08/10]

Guest editor: Edward David Moreno (UFS Federal University of Sergipe, Brazil)

This special issue on Security in Computing in the Springer Journal of TCS focuses on novel hardware implementation, new architectures, software solutions, novel applications, cryptographic algorithms and security protocols will become increasingly critical to good system performance, low-power and security. Original papers are solicited for this special issue. Particular emphases will be put on recent innovations about security in the mobile and embedded computing domains. Suggested topics include, but are not limited to:
- Secure Architectures and Design
- Security Evaluation and Testing
- Cryptographic Algorithms and Techniques
- Security policies, protocols and standards
- Public- and symmetric-key cryptography in constrained environments such as RFID and smart cards
- Security in Distributed and pervasive Systems, Grid Computing, P2P systems, Web services, Digital TV, Mobile Devices, Embedded Systems and Wireless Networks
- Applications of Biometry and Biometric Systems in Security
- Authentication and Authorization Models and Techniques
- Application case studies of ICs for secure embedded computing
- Formal verification of security properties and security protocols
- Systems and Software Certification Methodologies
- Relationships among software correctness, reliability, usability, safety, and security

For more information, please see http://www.springer.com/computer/lncs?SGWID=0-164-6-151275-0.

Journal of Communications, Special Issue on Recent Advances on Controlling Unwanted Internet Traffic, November 2010. (Submission Due 30 March 2010) [posted here 02/22/10]

Guest editor: Zhenhai Duan (Florida State University, USA), Yingfei Dong (University of Hawaii, USA), and David H.-C. Du (University of Minnesota, USA)

One of the key challenges facing today's Internet is the proliferation of unwanted Internet traffic such as spam, phishing scam, worm, virus, and Distributed Denial of Services (DDoS) attacks. They raise serious concerns over the suitability of the Internet for supporting critical infrastructures including communication, finance, energy distribution, and transportation in its current form. Building trustworthy networks to effectively control unwanted Internet traffic is a grand challenge faced by the networking community and has a profound impact on the future development of the Internet. In this special issue, we solicit original work on identifying new research and development challenges and developing new architectures, protocols, and techniques to control unwanted Internet traffic. Specific topics include, but are not limited to, the followings:
- Accountable Internet architecture and protocol
- IP spoofing control and IP traceback
- Application-layer traffic traceback, e.g. VoIP traceback
- Worm and virus propagation modeling and control
- Botnet detection and control
- Spam control
- Phishing scam analysis and control
- Novel applications of virtual machine technique in unwanted traffic control

For more information, please see http://www.academypublisher.com/jcm/si/jcmsi_racuit.html.

Security and Communication Networks, Special Issue on Security in Computer and Cyber-Physical Systems, December 2010. (Submission Due 28 February 2010) [posted here 2/8/10]

Guest editor: Johnson P. Thomas (Oklahoma State University, USA), Xiaolin Li (Oklahoma State University, USA), Hai Jin (Huazhong University of Science and Technology, China), Fabrizio Baiardi (University of Pisa, Italy), Vijay Varadharajan (Macquarie University, Australia)

Pure computing and communications systems are limited to individual computing devices or networked systems which may communicate through a wired or wireless medium. These networked systems may be fixed or mobile. Cyber Physical systems integrate the physical world with computing systems. Such infrastructure includes transportation systems, control systems, power grids, power plants/refineries as well as health/medical monitoring systems. Original contributions on the security of pure computing and communication systems as well as cyber-physical systems are solicited in all areas of security in computer and cyber-physical systems and networks, including but not limited to:
- Security protocols and architectures
- Key distribution and key management
- Formal analysis of security properties and guarantees including provably-secure cryptographic protocols
- Intrusion detection systems, including self-diagnostics
- Automatic diagnosis and response to attacks
- Privacy, anonymity, and trust mechanism
- Human-centered systems
- Ad Hoc and wireless sensor networks
- Computer and wireless networks
- Cluster, grid, and cloud systems
- Application areas including automotive systems, aerospace systems, public utility infrastructure, biomedical devices/systems, civil engineering structures, transportation infrastructure

For more information, please see http://www.interscience.wiley.com/security.

Journal of Computer Security, Special Issue on RFID System Security, 4th Quarter, 2010. (Submission Due 22 February 2010) [posted here 11/23/09]

Guest editor: Yingjiu Li (Singapore Management University, Singapore) and Jianying Zhou (Institute for Infocomm Research, Singapore)

Besides selected papers (after significant extensions) from the 2010 Workshop on RFID Security (RFIDsec'10 Asia), other papers representing original research in the theory and practice concerning RFID system security are solicited for this special issue in Journal of Computer Security (IOS Press). Topics of interest include, but are not limited to:
- New applications for secure RFID systems
- Data protection and privacy-enhancing techniques for RFID
- Cryptographic protocols for RFID (Authentication protocols, Key update mechanisms, Scalability issues)
- Integration of secure RFID systems (Middleware and security, Public-key infrastructures)
- Resource-efficient implementation of cryptography (Small-footprint hardware, Low-power architectures)
- Attacks on RFID systems such as RFID malwares
- RFID security hardware such as RFID with PUF
- Trust model, data protection and sharing for EPCglobal Network

For more information, please see http://icsd.i2r.a-star.edu.sg/staff/jianying/JCS_CFP_final.pdf.

International Journal of Secure Software Engineering (IJSSE), Special Issue on Software Safety & Dependability – the Art of Engineering Trustworthy Software, January 2011. (Submission Due 1 February 2010) [posted here 10/5/09]

Guest editor: Lei Wu (University of Houston-Clear Lake, Houston, Texas, U.S.A) and Yi Feng (Algoma University, Sault Ste. Marie, Ontario, Canada)

Software Safety is an element of the total safety program. It optimizes system safety & dependability in the design, development, use, and maintenance of software systems and their integration with safety critical application systems in an operational environment. Increasing size and complexity of software systems makes it harder to ensure their dependability. At the same time, the issues of safety become more critical as we more and more rely on software systems in our daily life. These trends make it necessary to support software engineers with a set of techniques and tools for developing dependable, trustworthy software. Software safety cannot be allowed to function independently of the total effort. Both simple and highly integrated multiple systems are experiencing an extraordinary growth in the use of software to monitor and/or control safety-critical subsystems or functions. A software specification error, design flaw, or the lack of generic safety-critical requirements can contribute to or cause a system failure or erroneous human decision. To achieve an acceptable level of dependability goals for software used in critical applications, software safety engineering must be given primary emphasis early in the requirements definition and system conceptual design process. Safety-critical software must then receive continuous management emphasis and engineering analysis throughout the development and operational lifecycles of the system. In this special issue, we are seeking insights in how we can confront the challenges of software safety & dependability issues in developing dependable, trustworthy software systems. Some suggested areas include, but not limited to
- Safety consistent with mission requirements
- Secure software engineering with software security & trustworthy software development
- State-of-arts literature review of technology dealing with software system security
- Identify and analysis of safety-critical functionality of complex systems
- Intrusion detection, security management , applied cryptography
- Derive hazards and design safeguards for mitigations
- Safety-Critical functions design and preliminary hazards analysis
- Identification, evaluation, and elimination techniques for hazards associated with the system and its software, throughout the lifecycle
- Complexity of safety critical interfaces, software components
- Sound secure software engineering principles that apply to the design of the software-user interface to minimize the probability of human error
- Failure & hazard models, including hardware, software, human and system are addressed in the design of the software
- Software testing techniques targeting at software safety issues at different levels of testing

For more information, please see http://www.igi-global.com/journals/details.asp?id=34297.

IEEE Security & Privacy, Special Issue on Privacy-Preserving Sharing of Sensitive Information, July/August 2010. (Submission Due 15 November 2009) [posted here 6/29/09]

Guest editor: Sal Stolfo (Columbia University, USA) and Gene Tsudik (UC Irvine, USA)

Privacy-Preserving Sharing of Sensitive Information (PPSSI) is motivated by the increasing need for organizations or people who don't fully trust each other to share sensitive information. Many types of organizations must often collect, analyze, and disseminate data rapidly and accurately without exposing sensitive information to wrong or untrusted parties. For example, census-takers collect private data with the understanding that it won't be released in a form traceable to the individual who provided it. Companies might be willing to divulge sensitive financial data to organizations that release only aggregate data for an industry sector. A hospital might share patient information with a state health agency but only to allow the latter to determine the number (and not the identities) of uninsured patients. While statistical methods for protecting data have been in use for decades, they're not foolproof and they generally involve a trusted third party to produce privacy-preserving statistical digests. More recently, techniques employing secure multi-party function evaluation, encrypted keywords, and private information retrieval have been studied and, in a few cases, deployed, However there are no practical tools and technologies to guarantee data privacy, especially, whenever organizations have certain common goals and require exchanges of data. To this end, the objective of PPSSI technology is to enable multiple entities to cooperate and share information without exposing more than what is necessary to complete a common task. Potential submission topics include (but are not limited to) the following:
- PPSSI requirements and policy enforcement; prospective policies governing PPSSI, including formal models and policy languages as well as trust models.
- Data “cleaning” and obfuscation techniques.
- Cryptographic protocols; innovative constructs, their performance and implementation issues, for example, private information retrieval, searching over encrypted data and private set operations.
- Data management; storage and data management issues arising in PPSSI settings.
- Secure hardware; architectures and technologies in support of PPSSI

For more information, please see http://www.ics.uci.edu/~gts/PPSSIcfp.pdf.

Elsevier Computer Communications, Special Issue on Multimedia Networking and Security in Convergent Networks, Summer 2010. (Submission Due 1 November 2009) [posted here 7/6/09]

Guest editor: Chang Wen Chen (University at Buffalo, USA), Stefanos Gritzalis (University of the Aegean, Greece), Pascal Lorenz (University of Haute Alsace, France), and Shiguo Lian (France Telecom R&D Beijing, China)

Authors are invited to submit detailed technical manuscripts reporting recent developments in the topics related to the special issue. Note the special emphasis on convergent and heterogeneous networks – this special issue is devoted to exploring the challenges and solutions for multimedia communication and security in convergent network environments. The new challenge in network management is to deal with heterogeneous client capabilities as well as dynamic end-to-end resources availability, and to ensure satisfactory service quality for every client. The new challenge in secure communication is to solve the privacy and security issues becoming increasingly important topics in network convergence. Some suggested topics include but are not limited to:
- Heterogeneous multimedia networking
- Cross-layer multimedia adaptation
- Inter-network multimedia adaptation
- QoS control in network convergence
- Interactive Mobile TV based on network convergence
- Mobile community based on network convergence
- Smart home networks based on network convergence
- Telematics systems based on network convergence
- E-healthcare systems based on network convergence
- Privacy preserving in network convergence
- Multimedia content security in network convergence
- Digital rights management in network convergence
- Content tracking and filtering in network convergence
- Intrusion detection and prevention in network convergence
- Other networking or security issues in network convergence

For more information, please see http://www.elsevier.com/locate/comcom .

Springer Requirements Engineering journal, Special Issue on Digital Privacy: Theory, Policies and Technologies, Summer 2010. (Submission Due 31 October 2009) [posted here 7/20/09]

Guest editor: Annie I. Anton (North Carolina State University, USA), Travis D. Breaux (Institute for Defense Analyses, USA), Stefanos Gritzalis (University of the Aegean, Greece), and John Mylopoulos (University of Trento, Italy)

This special issue of the Requirements Engineering journal aims at providing researchers and professionals with insights on the state-of-the-art in Digital Privacy from the views of Theory, Policies and Technologies. Topics of interest may include one or more of the following (but are not limited to) themes:
- Compliance of system policies to privacy requirements
- Methods, tools and techniques for realizing privacy requirements
- Alignment of system policies to privacy requirements
- Alignment of privacy requirements to privacy laws, regulations and standards
- Agent-oriented privacy engineering
- Verification and validation of privacy requirements
- Integrating privacy requirements in system engineering
- Formal methods on privacy
- Privacy policies and human rights
- Privacy policy enforcement
- Privacy policies for companies engaging in eCommerce
- Privacy policies in the digital business
- Privacy enhancing technologies and systems

For more information, please see http://www.springer.com/computer/programming/journal/766.

Journal of System Architecture, Special Issue on Security and Dependability Assurance of Software Architectures, Spring 2010. (Submission Due 15 October 2009) [posted here 6/8/09]

Guest editor: Ernesto Damiani (Università degli Studi di Milano, Italy), Sigrid Gürgens (Fraunhofer Institute for Secure Information Technology, Germany), Antonio Maña (Universidad de Málaga, Spain), George Spanoudakis (City University, London, UK), and Claudio A. Ardagna (Università degli Studi di Milano, Italy)

The JSA special issue will focus in particular on context, methodologies, techniques, and tools for V&V of software architectures, with particular focus on supporting assurance and compliance, as well as security and dependability certification, for evolving and long-lived systems. Authors are invited to submit papers on a variety of topics, including but not limited to:
- foundations and new perspectives of V&V mechanisms and security certifications
- solutions, tools, frameworks for S&D assurance and certification
- new and/or existing certification processes and tools suitable for challenging contexts (e.g., telecommunications, mobile, real time, process control, and embedded systems), and/or experience with them
- new and/or existing modelling techniques which are particularly suited to evolving systems, and/or experience with them
- tools and case studies that integrate techniques from different areas, such as V&V mechanisms, including static verification, dynamic verification, testing, product and process certification, empirical software engineering, modeling of evolving and distributed systems

For more information, please see http://ees.elsevier.com/jsa/.

International Journal of Communication Networks and Information Security, Special Issue on Composite and Integrated Security Solutions for Wireless Sensor Networks, Spring 2010. (Submission Due 1 September 2009) [posted here 5/25/09]

Guest editor: Riaz Ahmed Shaikh (Kyung Hee University, Korea), Al-Sakib Khan Pathan (Kyung Hee University, Korea), Jaime Lloret (Polytechnic University of Valencia, Spain)

This special issue is devoted to composite and integrated security solutions for Wireless Sensor Networks (WSNs). In WSNs, researchers have so far focused on the individual aspects (cryptography, privacy or trust) of security that are capable of providing protection against specific types of attacks. However, efforts on achieving completeness via a composite and integrated solution are lacking. That is ultimately necessary to attain because of its wide applicability in various sensitive applications, such as health-care, military, habitat monitoring, etc. The objective of this special issue is to gather recent advances in the area of composite and integrated security solutions of wireless sensor networks. This special issue covers topics that include, but are not limited to:
- Adaptive and Intelligent Defense Systems
- Authentication and Access control
- Data security and privacy
- Denial of service attacks and countermeasures
- Identity, Route and Location Anonymity schemes
- Intrusion detection and prevention techniques
- Cryptography, encryption algorithms and Key management schemes
- Secure routing schemes
- Secure neighbor discovery and localization
- Trust establishment and maintenance
- Confidentiality and data integrity
- Security architectures, deployments and solutions

For more information, please see http://ijcnis.kust.edu.pk/announcement.

Information Systems Frontiers, Special Issue on Security Management and Technologies for Protecting Against Internal Data Leakages, Spring or Summer 2010. (Submission Due 14 August 2009) [posted here 2/2/09]

Guest editor: David Chadwick (University of Kent, UK), Hang Bae Chang (Daejin University, South Korea), Ilsun You (Korean Bible University, South Korea), and Seong-Moo Yoo (University of Alabama in Huntsville, USA)

During the past decades, information security developments have been mainly concerned with preventing illegal attacks by outsiders, such as hacking, virus propagation, and spyware. However, according to a recent Gartner Research Report, information leakage caused by insiders who are legally authorized to have access to some corporate information is increasing dramatically. These leakages can cause significant damages such as weakening the competitiveness of companies (and even countries). Information leakage caused by insiders occurs less frequently than information leakage caused by outsiders, but the financial damage is much greater. Countermeasures in terms of physical, managerial, and technical aspects are necessary to construct an integral security management system to protect companies' major information assets from unauthorized internal attackers. The objective of this special issue is to showcases the most recent challenges and advances in security technologies and management systems to prevent leakage of organizations' information caused by insiders. It may also include state-of-the-art surveys and case analyses of practical significance. We expect that the special issue will be a trigger for further research and technology improvements related to this important subject. Topics(include but are not limited to):
- Theoretical foundations and algorithms for addressing insider threats
- Insider threat assessment and modeling
- Security technologies to prevent, detect and avoid insider threats
- Validating the trustworthiness of staff
- Post-insider threat incident analysis
- Data breach modeling and mitigation techniques
- Registration, authentication and identification
- Certification and authorization
- Database security
- Device control system
- Digital forensic system
- -Digital right management system
- Fraud detection
- Network access control system
- Intrusion detection
- Keyboard information security
- Information security governance
- Information security management systems
- Risk assessment and management
- Log collection and analysis
- Trust management
- IT compliance (audit) and continuous auditing

For more information, please see http://www.som.buffalo.edu/isinterface/ISFrontiers/forthcoming1/InfoSec09-SI-CFP.pdf.

IEEE Design and Test of Computers, Special Issue on Verifying Physical Trustworthiness of Integrated Circuits and Systems, January/February 2010. (Submission Due 1 August 2009) [posted here 6/8/09]

Guest editor: Mohammad Tehranipoor (University of Connecticut, USA) and Farinaz Koushanfar (Rice University, USA)

The emergence of a globalized, horizontal semiconductor business model raises a set of concerns involving the security and trust of the information systems on which modern society is increasingly reliant for mission-critical functionality. Hardware security and trust issues span a broad range including threats related to the malicious insertion of Trojan circuits designed, e.g., to act as a silicon time bomb to disable a chip, to intellectual property (IP) and integrated circuit (IC) piracy, to untrusted 3rd party IPs, to attacks designed to extract encryption keys and IP from a chip, and to malicious system disruption and diversion. Trojans can be inserted into a circuit or system developed by 3rd party IP vendor, system integrator, or foundry. Topics of interest include (but are not limited to):
- Trojan detection and isolation
- Authenticating foundry of origin
- Watermarking
- IC Metering
- FPGA design security
- Physical unclonable functions (PUFs)
- Hardware intrusion detection and prevention
- Scan-chain encryption

For more information, please see http://www.engr.uconn.edu/~tehrani/CFP-D&T-SI.pdf.

IEICE Transactions on Information and Systems, Special Section on Trust, Security and Privacy for Pervasive Applications, March 2010. (Submission Due 1 July 2009) [posted here 6/15/09]

Guest editor: Guojun Wang (Central South University, China), Laurence T. Yang (St. Francis Xavier University, Canada), and Kouichi Sakurai (Kyushu University, Japan)

The objective of this special section is to publish recent progress focusing on the trust, security, privacy, and related issues such as technical, social and cultural implications for pervasive devices, services, networks, applications and systems. Topics of interest include (but are not limited to):
- Trust, Security and Privacy (TSP) metrics and architectures for pervasive computing
- Trust and Risk management in pervasive environment
- Security and privacy protection in pervasive environment
- Security and privacy in mobile and wireless communications for databases
- Safety and user experiences in pervasive environment
- TSP-aware social and cultural implications in pervasive environment
- Cryptographic devices for pervasive computing
- Biometric authentication for pervasive devices
- Security for embedded software and systems
- TSP-aware middleware design for pervasive services
- TSP-aware case studies on pervasive applications/systems
- Cryptographic technologies, including Key management and authentication, in pervasive applications/systems
- Access control, anonymity, reliability and fault tolerance in pervasive applications/systems
- Audit and accountability in pervasive applications/systems
- Miscellaneous issues in pervasive devices, services, applications, and systems

For more information, please see http://www.ieice.org/eng/s_issue/cfp/2010_3ED.pdf.

IEEE Transactions on Software Engineering (TSE), Special Issue on Exception Handling: From Requirements to Software Maintenance, November 2009. (Submission Due 1 May 2009) [posted here 11/24/08]

Guest editor: Alessandro Garcia (Lancaster University, UK), Valerie Issarny (INRIA, France), and Alexander Romanovsky (Newcastle University, UK)

With the complexity of contemporary software systems increasingly growing, we still have much to learn on how software engineering practice can contribute to improving specification, design, testing, and evolution of exception handling. Our body of knowledge on effective exception handling in software projects is still limited and fragmented. It is not surprising that recent field studies have identified that error handling design in industrial applications typically exhibits poor quality independently of the underlying programming language and application domain. A holistic application of software engineering principles and techniques can certainly improve the treatment of exception handling across the software lifecycle. In this context, one of the underlying motivations of this special issue is to revisit the research directions involving exception handling in software engineering after one decade the first successful issue on this topic has appeared in IEEE TSE. This special issue will serve as a key reference for researchers, practitioners and educators to understand the most recent innovations, trends, experiences and concerns involving exception handling aspects in software engineering. We invite submissions approaching exception handling on all areas of software development and maintenance, such as model-driven development, requirements engineering, refactoring, software evolution, reverse engineering, contemporary modularity techniques (e.g., aspect-oriented programming and feature-oriented programming), and formal methods. The special issue is intended to cover a wide range of topics, from theoretical foundations to empirical studies, with all of them presenting innovative ideas on the interplay of exception handling and software engineering. Topics of interest include (but are not limited to) the following:
- Exceptions in software processes
- Empirical studies of exception handling
- Exception documentation
- Exception handling and requirements engineering
- Exception handling and architectural design
- Design patterns and anti-patterns, architectural styles, and good programming practice cookbooks
- Static analysis and testing of exception handling
- Refactoring and evolution of exception handling code
- Exceptions and variability management
- Comparative studies of innovative exception handling techniques and conventional ones
- Exception handling and contemporary modularization techniques (e.g., aspect-oriented programming and feature-oriented programming)
- Exception handling and variability mechanisms
- Metrics and quality models for abnormal behaviour
- Exception handling and middleware design
- Model-driven engineering for exception handling
- Exception handling in multi-agent systems
- Development of predictive models of defect rates
- Checked versus unchecked exceptions

For more information, please see http://www.computer.org/portal/cms_docs_transactions/transactions/tse/CFP/cfp_tse_eh_web.pdf.

Journal of Communications and Networks, Special Issue on Securing Wireless Networking, December 2009. (Submission Due 29 April 2009) [posted here 3/23/09]

Guest editor: Adrian Perrig (Carnegie Mellon University, USA), Wade Trappe (Rutgers University, USA), Virgil Gligor (Carnegie Mellon University, USA), Radha Poovendran (University of Washington, USA), and Heejo Lee (Korea University, Korea)

Wireless technologies have had a significant impact on computing and communication technologies in the past decade, and we are thus now progressing to the new “anytime-anywhere” service model of the mobile Internet. Unfortunately, the affordability and availability of wireless technologies that makes them so attractive, also makes them an enticing target for security threats. As new wireless technologies continue to emerge, many of which will be highly flexible and programmable, it will be easier than ever before for adversaries to acquire the equipment and the means to launch new security or privacy attacks. The challenge facing the security community is to achieve security in spite of the fact that in a wireless network as an open “broadcast” network, security associations must be made even when no trust relationships existed previously. The purpose of this special issue is to facilitate the exchange of cutting-edge research in security for new wireless systems (e.g., cognitive radios, RFID, industrial control systems, and vehicular networks), as well as the privacy issues associated with these emerging technologies. Since new communication systems are being developed across multiple communities, ranging from academic to government to industry, from application development to the development of fundamental networking and hardware technologies, this journal issue is intended to provide a forum for cross-pollination of ideas that will advance the awareness of wireless security issues and ultimately lead to more secure system designs. We solicit papers covering topics that include, but are not limited to:
- Vulnerability and attack modeling
- Secure neighbor discovery and localization
- Trust establishment and maintenance
- Intrusion detection and prevention
- Denial of service
- User privacy, location privacy, and anonymity
- Incentive-aware secure protocol design
- Jamming/anti-jamming communication
- Cross-layer design for security
- Cryptographic primitives for wireless communication
- Key management in wireless/mobile environments
- Mobile platform and systems security

For more information, please see http://jcn.or.kr/home/journal/call_for_papers.asp?globalmenu=3.

Elsevier Journal on Computer Networks, Special Issue on Performance Sensitive Security for Very Large Scale Collaboration, December 2009. (Submission Due 18 March 2009) [posted here 1/16/09]

Guest editor: Deborah A. Frincke (PNNL, University of Washington, USA), Frank Siebenlist (Argonne National Laboratory, University of Chicago, USA), and Mine Altunay (Fermi National Laboratory, USA)

It is anticipated that this trend towards very large-scale collaboration will continue and that these virtual organizations will become increasingly complex and diverse. Exascale computing is predicted by some to be a necessity to support scientific as well as business activities by 2018. It will be important for security solutions to scale equally well, so that the collaboration is enriched by usable, management-friendly, performance-sensitive security solutions, rather than hindered by them. In this special issue, we emphasize research approaches that show promise in providing performance sensitive security for very large scale collaboration. Performance sensitivity here refers both to traditional computer performance measures as well as the usability of the security solution being proposed – collaboration should be supported, rather than hindered, by the security solutions. Topics of interest include, but are not limited to:
- Security for very large datasets (petascale through exascale), where very large scale data sets can be shared without loss of important security properties, such as integrity, confidentiality.
- Secure remote access to unique instrumentation; e.g., where scientists and the computer-based instrumentation they use are geographically and organizationally dispersed.
- Security validation techniques that can provide some measure of assurance that a shared infrastructure meets the collaboration’s and the individual organization’s security requirements.
- New architectures and methods supporting shared intrusion detection/prevention, situational awareness, threat containment and/or response needed to defend geographically and organizationally dispersed shared computational resources, including shared code.
- User privilege and user trust negotiation within very large federated environments, both for brief access (minutes) and for long term access (years)

For more information, please see http://home.fnal.gov/~maltunay/ComNet.html.

ACM Transactions on Autonomous and Adaptive Systems (TAAS), Special Issue on Adaptive Security Systems, 2010. (Submission Due 15 March 2009) [posted here 9/29/08]

Guest editor: Yang Xiang (Central Queensland University, Australia) and Wanlei Zhou (Deakin University, Australia)

This special issue on Adaptive Security Systems in ACM TAAS focuses on autonomous and adaptive security system theories, technologies, and reallife applications. Original papers are solicited for this special issue. Suggested topics include, but are not limited to:
Adaptive Security System Theories
- Adaptive security architectures, algorithms, and protocols
- Autonomic learning mechanisms in security systems
- Intelligent attack systems and mechanisms
- Interactions between autonomic nodes of security systems
- Modeling of adaptive attack and defense mechanisms
- Theories in adaptive security systems
Adaptive Security System Technologies
- Adaptive security systems design
- Adaptive security systems implementation
- Adaptive intrusion detection/prevention systems
- Self-organizing identity management and authentication
- Adaptive defense against large-scale attacks
- Simulation and tools for adaptive security systems
Adaptive Security System Applications
- Benchmark, analysis and evaluation of adaptive security systems
- Distributed autonomous access control and trust management
- Autonomous denial-of-service attacks and countermeasures
- Autonomous wireless security systems
- Autonomous secure mobile agents and middleware
- Adaptive defense against viruses, worms, and other malicious codes

For more information, please see http://nss.cqu.edu.au/FCWViewer/getFile.do?id=23880.

IEEE Transactions on Information Forensics and Security, Special Issue on Electronic Voting, December 2009. (Submission Due 22 February 2009) [posted here 10/13/08]

Guest editor: Ronald L. Rivest (MIT, USA, Lead Guest Editor), David Chaum (Voting Systems Institute, USA), Bart Preneel (Katholieke Universiteit Leuven, Belgium), Aviel D. Rubin (Johns Hopkins University, USA), Donald G. Saari (University of California at Irvine, USA), and Poorvi L. Vora (The George Washington University, USA)

Following the discovery of a wide variety of flaws in electronic voting technology used in the US and other parts of the world, there has recently been a spurt of research activity related to electronic voting. The activity has been broad, ranging from the design of voting systems that specify what information is collected from voters and how it is used to determine one or many winners, through the development of cryptographic vote counting systems and the experimental security analysis of deployed voting systems, the experimental study of the usability of voting systems, to the development of methods for identifying election fraud. Most of the work has of necessity been interdisciplinary, involving contributions from experts in the areas of cryptography, computer security, information theory, political science, statistics, usability, game theory, mathematical modeling, etc. This special issue aims to provide an overview of the research area of electronic voting, with a focus on original results. The scope includes both remote and polling-place voting, and the areas of interest include, but are not limited to, the following:
- Voting theory, including voting models
- Cryptographic voting systems
- Formal security analysis of voting systems
- Experimental security analysis of voting systems
- Evaluations and ratings of voting systems
- Usability and accessibility of voting systems
- History of voting technology
- Components building-blocks of voting systems, such as anonymous voting channels and secure bulletin boards
- Fraud/anomaly detection in elections
- Political districting and the allocation of voting technology

For more information, please see http://vote.cs.gwu.edu/cfp.html.

Security and Communication Networks Journal (Wiley), Special Issue on Security and Trust Management for Dynamic Coalitions, TBD. (Submission Due 30 November 2008) [posted here 10/13/08]

Guest editor: Theo Dimitrakos (British Telecommunications plc, UK), Fabio Martinelli (Institute of Informatics and Telematics, National Research Council, Italy), and Bruce Schneier (British Telecommunications plc, USA)

There is an increasing interest and deployment of technologies that allow cooperation among entities that may act collectively. These entities may form dynamic coalitions where entities may leave and join, may show mobility aspects (either logical or physical), and may act in a collective manner. Examples of these coalitions can be found in the digital world, including: a) Crowds of users walking on the streets with advanced context aware converged telecommunication devices; b) A group of robots, manned and unmanned vehicles equipped with processors, sensors, smartphones, etc. interacting with each other, with their environment, and with a command or a control node, such as the command and control site of a defence coalition or a civil traffic control; c) A set of organizations (possibly virtual) sharing some resource for service provisions, or so called Virtual Organisations; d) Collaborative processes that use resources and services offered by partners in a Virtual Organisation; and e) Web 2.0 mash-ups and composite Web Services that are composed of services and applications offered by different service providers over a public network. These dynamic coalitions involve several technologies as peer to peer systems (P2P), mobile ad hoc networks (MANETs), and service oriented architectures such as those realised in GRID computing and Web Services Frameworks. There are several research areas identified as follows: a) Security in dynamic coalitions; b) trust in dynamic coalitions; c) security and trust interplay; and 4) secure processes and service composition. This special issue is proposed to cover research results and innovation case studies on security and trust management on dynamic coalitions. Topics of interest include but are not limited to:
- Semantics and computational models for security and trust in dynamic coalitions
- Context-based security and trust management architectures, mechanisms and policies
- Privacy and anonymity issues in trust negotiation
- Enforcing cooperation in dynamic coalitions
- Reputation and recommendation models and architectures for dynamic coalitions
- Usage control models, languages and architectures in dynamic coalitions
- Cryptographic models and mechanisms for dynamic coalitions
- Security protocols for group management
- Security for Service Oriented Architectures and Infrastructures
- Collaboration and Virtual Organization life-cycle management in dynamic coalitions
- Federated Identity Management in dynamic coalitions
- Distributed Access Control and administrative delegation in dynamic coalitions
- Policy verification and validation in order to predict the impact of changes to an infrastructure in order to support the life-cycle of a dynamic coalition
- QoS monitoring, evaluation and reporting in dynamic coalitions
- Auditing in dynamic coalitions
- Trust and security in ICT Governance and service management for dynamic coalitions
- Security frameworks for dynamic service composition
- Security frameworks for Web 2.0 service and application mash-ups
- Security and trust adaptation in dynamic coalitions
- Information management in dynamic coalitions including research in techniques for self-protecting information sets
- Trust and security aspects of Operational Support Systems (OSS) for the converged telecommunications infrastructure that underpins dynamic coalitions

For more information, please see http://www.iit.cnr.it/staff/fabio.martinelli/STM-DC.pdf.

Ad Hoc Networks Journal, Special Issue on Privacy and Security in Wireless Sensor and Ad Hoc Networks, June 2009. (Submission Due 3 November 2008) [posted here 10/27/08]

Guest editor: Wensheng Zhang (Iowa State University, USA), Sencun Zhu (The Pennsylvania State University, USA), and Guohong Cao (The Pennsylvania State University, USA)

Wireless sensor and ad hoc networks have many applications in military, homeland security and other areas. Security is critical for such networks deployed in a hostile environment. In civilian applications, however, privacy concerns of these networks could become a more serious impediment to their popular adoption. Providing privacy and security in wireless sensor and ad hoc networks is more challenging than those in traditional wired networks because wireless communications use shared medium and thus are vulnerable to many attacks. Providing privacy and security in sensor networks is further complicated by the network scale, the highly constrained system resources and the difficulty of dealing with node compromises. The main purpose of this special issue is to promote further research interests and activities on privacy and security in wireless sensor and ad hoc networks. We are interested in analytical, experimental, and systems-related papers in various aspects of privacy and security in wireless sensor and ad hoc networks. Topics of interest include:
- Key distribution and management
- Privacy issues in wireless sensor networks
- Security and Privacy issues in vehicular networks
- Location privacy and source anonymity
- Secure localization and secure routing protocols
- Trust management
- Secure data aggregation
- Authentication and authorization
- Study of attack strategies, attack modeling
- Study of tradeoffs between security and system performance
- Denial of service attacks and prevention
- Cross layer security and privacy attacks and solutions

For more information, please see http://www.elsevier.com/framework_products/promis_misc/ADHOC_CFP_privacysecurity.pdf.

EURASIP Journal on Wireless Communications and Networking, Special Issue on Wireless Physical Layer Security, April 1, 2009. (Submission Due 1 October 2008) [posted here 5/19/08]

Guest editors: Mérouane Debbah (Supélec, France), Hesham El-Gamal (Ohio State University, USA), H. Vincent Poor (Princeton University, USA), and Shlomo Shamai (Technion, Israel)

Security is a critical issue in multiuser wireless networks in which secure transmissions are becoming increasingly difficult to obtain in highly mobile and distributed environments. In his seminal works of the late 1940s, Shannon formalized the concepts of capacity (as a transmission efficiency measure) and equivocation (as a measure of secrecy). Together with Wyner's fundamental formulation of the wiretap channel in the 1970s, this work laid the groundwork for the area of wireless physical area security. Interest in this area has exploded in recent years, motivated by the rise of wireless networking in general and by the increasing interest in large mobile networks with light infrastructure, which are extremely difficult to secure by traditional methods.

The objective of this special issue (whose preparation is carried out under the auspices of the EC Network of Excellence in Wireless Communications NEWCOM++) is to gather recent advances in the area of wireless physical layer security from the theoretical, such as the analysis of the secrecy capacity of various channel models, to more practical interests such as the development of codes and other communication schemes that can provide security in real networks. Suitable topics for this special issue dedicated to physical layer security include but are not limited to:
- Opportunistic secrecy
- The wiretap channel with feedback
- Authentication over the wiretap channel
- Information theoretic secrecy of fading channels
- Secrecy through public discussion
- Wireless key distribution
- Multiuser channels with secrecy constraints
- MIMO wiretap channels
- Relay-eavesdropper channel
- Scheduling for secure communications
- Secure communication with jamming
- Game theoretic approaches for secrecy
- Codes for secure transmission
- Secure compression
- Cognitive approaches for secrecy
- Physical Secrecy and Common Randomness
- Secrecy with channel uncertainty

For more information, please see http://www.hindawi.com/journals/wcn/si/wpls.html.

Wiley's Security and Communication Networks Journal, Special Issue on Security in Mobile Wireless Networks, 4th quarter of 2009. (Submission Due 30 September 2008) [posted here 4/28/08]

Guest editors: Abderrahim Benslimane (University of Avignon, France) Chadi Assi (Concordia University, Montreal, Canada), Stamatios V. Kartalopoulos (University of Oklahoma, USA), and Fred Nen-Fu Huang (National Tsing Hua University, Taiwan)

Security has become a primary concern in order to provide protected communication in mobile networks. Unlike the wired networks, the unique characteristics of mobile networks pose a number of nontrivial challenges to security design, such as open peer-to-peer network architecture, shared wireless medium, stringent resource constraints, highly dynamic network topology and absence of a trusted infrastructure. Ubiquitous roaming impacts on a radio access system by requiring that it supports handover between neighbouring cells and different networks. Also, mobile networks are more exposed to interferences than wired networks. There are several components that contribute to this: adjacent channels, co-channels, Doppler shifts, multipath, and fading. This SI aims to identify and explore the different issues and challenges related to security aspects in mobile networks. What are the impacts (benefits or inconvenience) of mobility on security? What are the appropriate mobility models to have a good level of security? Are Classical IDS approaches appropriate for mobile environments? How can be managed security when Mobility pattern and/or behaviour prediction? The complete security solution should span both layers, and encompass all three security components of prevention, detection, and reaction. Topics of interest include, but are not limited to, the following as they relate to mobile networks:
- Secure mobile PHY/MAC protocols
- Secure mobile routing protocols
- Security under resource constraints (e.g., energy, bandwidth, memory, and computation constraints)
- Performance and security tradeoffs in mobile networks
- Secure roaming across administrative domains
- Key management in mobile scenarios
- Cryptographic Protocols
- Authentication and access control in mobile networks
- Intrusion detection and tolerance in mobile network
- Trust establishment, negotiation, and management
- Secure mobile location services
- Secure clock distribution
- Privacy and anonymity
- Denial of service in mobile networks
- Prevention of traffic analysis

For more information, please see http://www3.interscience.wiley.com/cgi-bin/fulltext/120841529/HTMLSTART.

Wiley's Security and Communication Networks Journal, Special Issue on Security in Mobile Wireless Networks, March - April 2009. (Submission Due 25 September 2008) [posted here 9/22/08]

Guest editor: Edward David Moreno (UEA - University of Amazonas State, Brazil)

This special issue on Security in Computing in the Springer Journal of TCS focuses on novel hardware implementation, new architectures, software solutions, novel applications, cryptographic algorithms and security protocols will become increasingly critical to good system performance, low-power and security. Original papers are solicited for this special issue. Particular emphases will be put on recent innovations about security in the mobile and embedded computing domains. Suggested topics include, but are not limited to:
- Secure Architectures and Design
- Security Evaluation and Testing
- Cryptographic Algorithms and Techniques
- Security policies, protocols and standards
- Public- and symmetric-key cryptography in constrained environments such as RFID and smart cards
- Security in Distributed and pervasive Systems, Grid Computing, P2P systems, Web services, Digital TV, Mobile Devices, Embedded Systems and Wireless Networks.
- Applications of Biometry and Biometric Systems in Security
- Authentication and Authorization Models and Techniques
- Application case studies of ICs for secure embedded computing.
- Formal verification of security properties and security protocols
- Systems and Software Certification Methodologies
- Relationships among software correctness, reliability, usability, safety, and security

For more information, please see http://www.springer.com/computer/lncs?SGWID=0-164-6-151275-0.

Springer Transactions on Computational Science, Special Issue on Security in Computing, March, 2009. (Submission Due 5 September 2008) [posted here 8/4/08]

Guest editors: Edward David Moreno (UEA Univ. of Amazonas State, Brazil)

This special issue on Security in Computing in the Springer Journal of TCS focuses on novel hardware implementation, new architectures, software solutions, novel applications, cryptographic algorithms and security protocols will become increasingly critical to good system performance, low-power and security. Original papers are solicited for this special issue. Particular emphases will be put on recent innovations about security in the mobile and embedded computing domains. Suggested topics include, but are not limited to:
- Secure Architectures and Design
- Security Evaluation and Testing
- Cryptographic Algorithms and Techniques
- Security policies, protocols and standards
- Public- and symmetric-key cryptography in constrained environments such as RFID and smart cards
- Security in Distributed and pervasive Systems, Grid Computing, P2P systems, Web services, Digital TV, Mobile Devices, Embedded Systems and Wireless Networks
- Applications of Biometry and Biometric Systems in Security
- Authentication and Authorization Models and Techniques
- Application case studies of ICs for secure embedded computing
- Formal verification of security properties and security protocols
- Systems and Software Certification Methodologies
- Relationships among software correctness, reliability, usability, safety, and security

For more information, please see http://www.springer.com/computer/lncs?SGWID=0-164-6-151275-0.

IEEE Network Magazine, Special Issue on Recent Developments in Network Intrusion Detection, 1st quarter of 2009. (Submission Due 1 August 2008) [posted here 6/11/08]

Guest editors: Thomas M. Chen (Swansea University, UK), Judy Fu (Motorola Labs, USA), Liwen He (BT Group, Chief Technology Office, UK), and Tim Strayer (BBN Technologies, USA)

Internet-connected computers are constantly exposed to a variety of possible attacks through exploits, social engineering, password cracking, and malicious software. Networks allow intruders to reach a large number of potential targets quickly and remotely with relatively low risk of traceability. Public attention on cyber attacks has grown with post-9/11 concerns over vulnerabilities of critical infrastructures and new regulations increasing accountability of organizations for loss of private data. Concerns have also been heightened by the prevalence of hidden spyware and bots among PC users.

Existing network-based intrusion detection methods depend on monitoring traffic and detecting evidence of attacks through known signatures or anomalous traffic behavior. However, intruders are continually changing their techniques to try new attack vectors and new ways to evade defenses. Network intrusion detection is challenged to adapt with new capabilities to recognize and respond to current attack methods.

The goal of this special issue of IEEE Network is to share new research developments in network intrusion detection. Papers should add to current understanding of new attack vectors, advances in packet collection and analysis, and state-of-the-art techniques for recognizing, tracing, and responding to attacks. Papers should contain substantial tutorial content and be understandable to a broad general audience, not only security experts. Topics of interest include:
- novel attacks and exploits
- novel methods for traffic data collection and anomaly detection
- network forensic techniques and best practices
- intrusion prevention systems
- deep packet inspection and classification at very high speeds/throughputs
- event correlation
- attack traceback and router support
- automatic signature generation
- detection of low intensity stealthy intrusions

For more information, please see http://www.comsoc.org/dl/net/ntwrk/special.html.

ACM Transactions on Reconfigurable Technology and Systems, Special Issue on Security in Reconfigurable Systems Design, 2009. (Submission Due 23 May 2008) [posted here 5/5/08]

Guest editors: Patrick Schaumont (Virginia Tech, USA), Alex K. Jones (University of Pittsburgh, USA), and Steve Trimberger (Xilinx, USA)

The secure operation of computer systems and networks continues to be an important research topic for a variety of applications and infrastructures. Increasingly, these security concerns are extending from the software information-processing domain into the hardware domain and in particular into the reconfigurable computing research community. From a design perspective, security forms a separate dimension in design alongside of constraints on area, performance, and power. By carefully considering security issues in the design of reconfigurable hardware, security can become a basic property of the system implementation rather than being addressed as an afterthought. This special issue of ACM Transactions on Reconfigurable Technology and Systems solicits papers in the areas of secure design technologies and architectures for reconfigurable devices and novel applications for reconfigurable platforms. Topics of interest include but are not limited to the following areas:
Design Technologies and Architectures:
- Protection of hardware design intellectual property (e.g. FPGA bitstream).
- Side-channel resistant and fault-resistant design mechanisms.
- The use of Physically Unclonable Functions for authentication and anti-counterfeiting.
- Architectural techniques to mitigate the tradeoffs between power, performance, and area with system security.
- Methods for creating device-unique identifiers from device fabrication properties.
- Architectures that improve component isolation and resistance to physical attacks.
- Secure and formally verifiable/equivalent design automation techniques for reconfigurable hardware.
Novel Applications:
- Improving the performance or power consumption of software implementations of security algorithms using reconfigurable hardware.
- Acceleration to increase feasibility of brute force attacks on cryptographic algorithms.
- Use of physical partitioning of subsystems to improve secure system design.
- Use of reconfigurable architecture features for resistance to physical attacks.
- Prototyping of novel trusted computing primitives.

For more information, please see http://trets.cse.sc.edu/TRETS-Security-SI.pdf.

Wiley InterScience Security and Communication Networks Journal, Special Issue on Clinical Information Systems (CIS) Security, July/August 2008. (Submission Due 10 February 2008) [posted here 11/5/07]

Guest editors: Theodore Stergiou (KPMG Kyriacou Advisors AE, Greece), Dimitrios Delivasilis (Incrypto Ltd., Greece), Mark S Leeson (University of Warwick, UK), and Ray Yueh-Min Huang (National Cheng-Kung University, Taiwan, R.O.C.)

Managing records of patient care has become an increasingly complex issue with the widespread use of advanced technologies. The vast amount of information for every routine care must be securely processed over different data bases. Clinical Information Systems (CIS) address the need for a computerized approach in managing personal health information. Hospitals and public or private health insurance organizations are continuously upgrading their database and data management systems to more sophisticated architectures. The possible support of the large patient archives and the flexibility of a CIS in providing up-to-date patient information and worldwide doctors’ collaboration, have leveraged the research on CIS both in academic and government domains. At the same time, it has become apparent that patients require more control over their clinical data, either being results of clinical examinations or medical history. Due to the large amount of information that can be found on the Internet and the free access to medical practitioners and hospitals worldwide, patients may choose to communicate their information so as to obtain several expert opinions regarding their conditions. Given the sensitive nature of the information stored and inevitably in transit, security has become an issue of outmost necessity. Numerous EU and US research projects have been launched to address security in CIS (e.g. EUROMED, ISHTAR, RESHEN), whereas regulatory compliance to acts such as the HIPAA has become an obligation for centers moving to CIS. This Special Issue will serve as a venue for both academia and industry individuals and groups working in this fast-growing research area to share their experiences and state-of-the-art work with the readers. The topics of interest in this Special Issue include, but are not limited to:
- Authentication techniques for CIS
- Authorization mechanisms and approaches for patient-centric data
- Public Key Infrastructures to support diverse clinical information environments and networks
- Cryptographic protocols for use to secure patient-centric data
- Secure communication protocols for the communication of clinical data
- Wireless sensor networks security
- Body sensor networks security
- CIS Database security
- Interoperability across diverse CIS environments (national and multilateral)
- Government and international regulatory and compliance requirements

For more information, please see http://www3.interscience.wiley.com/cgi-bin/jtoc/114299116/.

Elsevier Computer Standards and Interfaces, Special issue on Information and Communications Security, Privacy and Trust: Standards and Regulations, Summer 2008. (Submission Due 30 January 2008) [posted here 9/3/07]

Guest editors: Bhavani Thuraisingham (University of Texas at Dallas, USA) and Stefanos Gritzalis (niversity of the Aegean, Greece)

Most of the research and development work carried out by universities, research centers and private companies today, is based, in some way or another, on international standards or pre-standards that have been produced under the auspices of recognized standardization bodies. On top of that, many market sectors have recognized standardization as a prerequisite for the provision of high quality services and products, thus triggering a large number of multi-sectoral voluntary standards. For many years the Security field was somehow isolated in the Information and Communications Technology arena. Inevitably this isolation has been inherited to the standards governing the security, privacy, and trust techniques and mechanisms that are currently employed. It is therefore important to inform the scientific community about these problems and facilitate better collaboration on the security, privacy, and trust aspects of international standards and regulations.

We welcome the submission of papers that: provide information about activities and progress of security, privacy, and trust standardization work; focus on critical comments on standards and standardization activities; discuss actual projects results; disseminate experiences and case studies in the application and exploitation of established and emerging standards, methods and interfaces. The areas of interest may include, but not limited, to:
- Access Control and Authorization
- Assurance Services
- Auditing and Forensic Information Management
- Authentication, Authorization, and Accounting
- Business Services
- Confidentiality and Privacy Services
- Digital Rights Management
- eBusiness, eCommerce, eGovernment Security: Establishing Trust and Confidence of Citizens in eTransactions and eServices
- eHealth Security
- Lawful Interception Architectures and Functions
- Legal and Regulation Issues
- Network Defense Services
- Privacy and Identity Management
- Securing Critical Information and Communication Infrastructures
- Security Challenges to the use and deployment of Disruptive Technologies (Trusted Computing, VoIP, WiMAX, RFID, IPv6)
- Security issues in Network Event Logging
- Standardization Aspects of Electronic Signatures
- Trust Services
- Wireless, Mobile, Ad hoc and Sensors Networks Security, Privacy, and Trust

For more information, please see http://www.elsevier.com/wps/find/journaldescription.cws_home/505607/description#description.

An edited volume of IOS Press Cryptology and Information Security Series on Identity-Based Cryptography, August 2008. (Submission Due 15 November 2007) [posted here 10/8/07]

Guest editors: Marc Joye (Thomson R&D France) and Gregory Neven (Katholieke Universiteit Leuven, Belgium)

First introduced by Shamir as early as in 1984, identity-based cryptography has seen a revival in public interest in recent years due to the introduction of bilinear maps to cryptography. This edited volume intends to give an overview of the state-of-the-art of the theory and practice related to identity-based cryptography. The targeted audience includes beginning students in the field, interested researchers from other fields as well as industry practitioners. High-quality contributions will be invited on all aspects of identity-based cryptography, including (but not necessarily limited to) the following topics:
- mathematics underlying ID-based cryptography, and in particular bilinear maps
- ID-based encryption, signatures, authentication, signcryption, key exchange and other primitives
- certificateless encryption
- pairing-based schemes with new properties
- theory and security notions related to ID-based cryptography
- real-world applications and implementations
- efficient software or hardware implementations of pairing-based cryptography
- security policies and enforcement
- impact of ID-based cryptography on organizational structures
- legal and regulatory issues

For more information, please see http://www.neven.org/IBCbook.html.

IEEE Transactions on Information Forensics and Security, Special issue on Statistical Methods for Network Security and Forensics, September 2008. (Submission Due 15 October 2007) [posted here 9/27/07]

Guest editors: Muriel Medard (MIT, USA), Christina Fragouli (EPFL, Switzerland), Wenke Lee (Georgia Tech, USA), Roy Maxion (Carnegie-Mellon University, USA), Sal Stolfo (Columbia University, USA), and Lang Tong (Cornell University, USA)

Recently, probabilistic methods have gained importance in various aspects of network security and forensics. Such methods are at the forefront of recent advances in intrusion detection, but also underlie distributed detection and estimation for sensor networks and information-theoretic approaches to network security. In the context of intrusion detection, statistical pattern recognition is a core problem which can be addressed using methods from Bayesian theory, learning theory, graphical models, and data mining. Data acquisition, processing, and inference in sensor networks also l everages a substantial body of literature on statistical estimation, detection, and classification theory. At the same time, new developments in network information theory have led to renewed interest in classical aspects of information-theoretic security, such as wiretapping, as well as new areas of work, such as network coding applications to security. Many advances in network information theory revolve around wireless networks and sensor networks, areas in which a shared medium and rich, variable topologies, create particularly challenging problems. Information theory has proven useful both for determining the fundamental performance limits of such systems, including jamming and novel countermeasures, e.g., coding techniques in networks. The goals of the special issue are to provide the reader with an overview of the state of the art in this field, and to collect significant research results. Possible topics for papers submitted to the special issue include, but are not limited to:
- Intrusion, masquerade, and anomality detection
- Network scaling issues
- Network surveillance
- Dynamic models for mobile ad-hoc networks
- Distributed sensing, estimation, detection, and classification
- Information theory for secrecy in wireless networks
- Advances in the wiretap channel
- Eavesdropping and jamming in wireless networks
- Network information theory for Byzantine attacks
- Security aspects of network coding

For more information, please see http://www.itsoc.org/cfp/TIFS-CFP-SI08-extended.pdf.

EURASIP Journal on Advances in Signal Processing, Special issue on Signal Processing Applications in Network Intrusion Detection Systems, March, 2008. (Submission Due 1 September 2007) [posted here 6/11/07]

Guest editors: Chin-Tser Huang (University of South Carolina, USA), Rocky K. C. Chang (The Hong Kong Polytechnic University, Hong Kong), and Polly Huang (National Taiwan University, Taiwan)

Signal processing techniques have found applications in NIDSs because of their ability to detect novel intrusions and attacks, which cannot be achieved by signature-based NIDS. It has been shown that network traffic possesses the property of self-similarity. Therefore, the objective of NIDS based on signal processing techniques is to profile the pattern of normal network traffic or application-level behavior and model intrusions or unwanted traffic as anomalies. Wavelets, entropy analysis, and data mining techniques are examples in this regard. However, the major challenges of the signal processing-based approaches lie in the adaptive modeling of normal network traffic and the high false alarm rate due to the inaccuracy of the modeled normal traffic pattern. The emergence of a variety of wireless networks and the mobility of nodes in such networks only add to the complexity of the problems. The goal of this special issue is to introduce state-of-the-art techniques and encourage research regarding various aspects in the application of signal processing techniques to network intrusion detection systems. In particular, the special issue encourages novel solutions that improve the accuracy and adaptivity of intrusion detection and addresses the automation of intrusion classification and correlation. Topics of interest include (but are not limited to):
- Data-mining-based IDS
- Multirate filtering and wavelets
- Monte Carlo methods integration
- Anomalous network traffic modeling
- Anomalous application-level behavior modeling
- Performance analysis and evaluation
- Real-time analysis techniques
- Intrusion correlation
- Automated detection and classification of intrusions and anomalies
- Clustering-based IDS
- Sampling techniques in intrusion detection
- Data streaming algorithms for traffic analysis
- Adaptive detection techniques
- Data fusion in distributed intrusion detection

For more information, please see http://www.hindawi.com/journals/asp/si/anids.pdf.

IEEE Communications Magazine, Special Issue on Security in Mobile Ad Hoc and Sensor Networks, February 2008. (Submission Due 1 July 2007) [posted here 4/9/07]

Guest editors: Stamatios V. Kartalopoulos (The University of Oklahoma, USA), Hsiao-Hwa Chen (National Sun Yat-Sen University, Taiwan), Mário Freire (University of Beira Interior, Portugal), Liwen He (BT Group Chief Technology Office, UK), and Pramode Verma (The University of Oklahoma, USA)

The increase of wireless and mobile devices and the recent advancement in wireless and mobile ad hoc and sensor networks technologies/applications in a large variety of environments, such as homes, business places, emergency situations, disaster recoveries and people on the move is unprecedented. These activities over different network systems have brought security concerns on an unprecedented scale. Security is an important issue for wireless and mobile ad hoc and sensor networks (MASNETs) especially for the security-sensitive applications such as in military, homeland security, financial institutions and many other areas. Such security threats take advantage of protocol weaknesses in mobile ad hoc and sensor networks as well as operating systems’ vulnerabilities to attack network applications. Theses attacks involve, for example, distributed denials of services, buffer overflows, viruses, and worms, where they will cause an increasingly greater damage to the operation of mobile ad hoc and sensor networks. With regard to such security aspects, there is an increasing demand for measures to guarantee and fully attain the authentication, confidentiality, data integrity, privacy, access control, non repudiation, and availability of mobile ad hoc and sensor networks. This Special Issue will serve as a venue for both academia and industry individuals and groups working in this fast-growing research area to share their experiences and state-of-the-art work with the readers. The topics of interest in this Feature Topic include:
- Novel and emerging secure architecture
- Study of attack strategies, attack modeling
- Power constraint security schemes
- Key management in MASNETs
- Broadcast authentication
- Secure routing protocols
- Secure location discovery
- Secure clock synchronization
- Study of attack strategies, attack modeling in MASNETs
- Security management, emergency contingency planning, identify theft
- Protection, risk, vulnerabilities, attacks, authorization/authentication
- Security and trust in web-services-based applications in MASNETs
- Denial of service attacks and prevention
- Secure group communication/multicast
- Distributed security schemes

For more information, please see http://www.comsoc.org/pubs/commag/cfpcommag0208.pdf.

IEEE Software, Special Issue on Security for the Rest of Us: An Industry Perspective on the Secure Software Challenge, January/February 2008. (Submission Due 1 July 2007) [posted here 3/16/07]

Guest editors: Konstantin Beznosov (University of British Columbia, Canada) and Brian Chess (Fortify Software)

The public need for good software security becomes more acute every day. Typical activities—including selecting, purchasing, and consuming services and products, conducting business, and holding national elections—increasingly depend on secure software. While security was once a specialty of interest to only a small number of developers, it's now a critical topic for almost all software developers, project managers, and decision makers. The world's software industry includes thousands of software vendors from humongous enterprises to one-person shops, and the industry as a whole must face the software security challenge. This special issue will report on the state of practice and recent advances related to software security in a wide range of industrial application domains. It will explore practical and pragmatic ways of engineering secure software that can be applied by a wide range of development teams. The issue will report on:
- Practical tools and methods for detecting or preventing security-relevant defects
- Practical approaches to incorporating security as part of different stages of the software development process (requirements, architecture, design, implementation, testing, etc.)
- The economic motivation for creating secure software
- Attacks and vulnerabilities: common ways that security fails in modern industrial software

For more information, please see http://www.computer.org/portal/site/software/menuitem.538c87f5131e26244955a4108bcd45f3/index.jsp?&pName=software_level1&path=software/content&file=edcal.xml&xsl=article.xsl&.

International Journal of Electronic Commerce (IJEC), Special Issue on Click Fraud, January 2008. (Submission Due 15 May 2007) [posted here 5/3/07]

Guest editors: LMohammad Mahdian (Yahoo Research Labs), Jan Pedersen (Yahoo! Inc), and Kerem Tomak (Yahoo! Inc)

The primary goal of this special issue of International Journal of Electronic Commerce is to foster research on the interplay between economics, computer science, marketing, data mining and electronic commerce technology development in click quality and click fraud. We seek papers and proposals that address various aspects of click fraud, including search relevance, economics of click fraud, e-business, formal and legal issues with the aim of providing a balanced mix of presentations from these different perspectives. The subject of click quality is highly relevant to the investigation of quick fraud. Papers may encompass any or all of the following: theoretical analyses, modelling, simulation, and empirical studies. Authors may examine different aspects of sponsored search and online advertisement in any of a variety of possible contexts. Special topics of interest include, but are not limited to, the following:
- Click Fraud
- Impression Fraud
- Click Quality
- Design of mechanisms to increase click quality
- Data mining and machine learning algorithms for detecting click fraud
- Standards for click quality
- Use of algorithmic mechanism design in sponsored search
- Contextual online advertising
- Localized/geographic search
- Search engine marketing and optimization
- Alternative models for sponsored search
- Game theoretic modelling and analysis of fraud
- Evaluating fraud-resistance of ranking mechanisms
- Fraud in pay-per-conversion systems
- Click and impression quality in brand advertising
- Fraud detection for web ranking algorithms
- Other types of online fraud
- Legal aspects of click fraud

For more information, please see http://www.gvsu.edu/business/ijec/special.html.

Security Journal of Universal Computer Science (JUCS), Special Issue on Cryptography in Computer System, February 2008. (Submission Due 1 May 2007) [posted here 7/18/06]

Guest editors: Liqun Chen (Hewlett-Packard Labs, UK), Ed Dawson (Queensland University of Technology, Australia), Xuejie Lai (Shanghai Jiao Tong University, China), Masahiro Mambo (Tsukuba University, Japan), Atsuko Miyaji (JAIST, Japan), Yi Mu (University of Wollongong, Australia), David Pointcheval (Ecole Normale Supérieure, France), Bart Preneel (Katholieke Universiteit Leuven, Belgium), Nigel Smart (Bristol University, UK), Willy Susilo (University of Wollongong, Australia), Huaxiong Wang (Macquarie University, Australia), and Duncan Wong (City University of Hong Kong, China)

Cryptography has been playing an important role to ensure the security and reliability of modern computer systems. Since high speed and broad bandwidth have been becoming the keywords for modern computer systems, new cryptographic methods and tools must follow up in order to adapt to these new and emerging technologies. This Special Issue aims to provide a platform for security researchers to present their newly developed cryptographic technologies in computer systems. Areas of interest for this special journal issue include, but are not limited to, the following topics:
- Authentication
- Cryptographic algorithms and their applications
- Cryptanalysis
- Email security
- Electronic commerce
- Data integrity
- Fast cryptographic algorithms and their applications
- Identity-based cryptography
- IP security
- Key management
- Multicast security
- Computer network security
- Privacy protection
- Security in Peer-to-Peer networks
- Security in sensor networks
- Smartcards

For more information, please see http://www.sitacs.uow.edu.au/jucs/.

EURASIP Journal on Information Security, Special Issue on Signal Processing in the Encrypted Domain, 4th Quarter, 2007. (Submission Due 1 March 2007) [posted here 10/9/06]

Guest editors: Alessandro Piva (University of Florence, Italy) and Stefan Katzenbeisser (Philips Research Europe, The Netherlands)

Recent advances in digital signal processing enabled a number of new services in various application domains, ranging from enhanced multimedia content production and distribution to advanced healthcare systems for continuous health monitoring. At the heart of these services lies the ability to securely manipulate “valuable” digital signals in order to satisfy security requirements such as intellectual property management, authenticity, privacy, and access control. This special issue solicits papers exploring the application of signal processing to encrypted content, both from a theoretical and practical point of view. Topics of interest include, among others:
- Cryptographic primitives and protocols for signal processing operations
- Secure matching and analysis of signals
- Searching on encrypted signals
- Cryptographic techniques for real-valued or fuzzy data
- Secure watermark embedding and detection
- Next-generation secure content management
- Privacy through secure signal processing
- Transcoding of encrypted content
- Design and evaluation of encryption schemes specifically tailored towards signals

For more information, please see http://www.hindawi.com/GetPage.aspx?journal=is&page=SPED.

International Journal of Smart Home (IJSH), Special Issue on Advances in Smart Home Security, May/June, 2007. (Submission Due 31 January 2007) [posted here 11/20/06]

Guest editors: Kuan-Ching Li (Providence University, Taiwan), Jiyoung Lim (Korean Bible University, South Korea), Lam For Kwok (City University of Hong Kong, HK), Qi Shi (Liverpool John Moores University, UK)

With the proliferation of the Internet technology and electronic devices, Smart Home Environments (SHE) have received significant attention in the last few decades. With a great potential to revolutionize our lives, SHE also poses new research challenges. This special issue focuses on addressing various aspects of security in SHE. We expect that it will be a trigger for further related research and technology improvements in this important subject. The topics of interest include, but are not limited to:
- Security issues and privacy for SHE
- Trust management and user-friendly security interfaces for SHE
- Key/identity management in SHE
- Access control and security policies in SHE
- Authentication and authorization in SHE
- Network architectures and protocols for security in SHE
- Ubiquitous/pervasive platform and middleware for security in SHE
- Design of businesses models with security requirements for SHE
- Services and applications for security in SHE
- Content protection and digital rights management for SHE
- Intelligent sensor network/RFID for security in SHE
- Intrusion detection and computer forensics for SHE
- Emerging standards and technologies for security in SHE
- Commercial and industrial security in SHE
- Case studies, prototypes and experiences

For more information, please see http://www.sersc.org/index.files/Journal8.htm.

International Journal of Computer Research (IJCR), Special Issue on Advances in Ad Hoc Network Security, 4th Quarter, 2007. (Submission Due 1 January 2007) [posted here 12/11/06]

Guest editors: Nikos Komninos (Athens Information Technology)

Ad hoc networks are becoming an integral part of the computing landscape. However, these networks introduce new security challenges due to their dynamic topology, severe resource constraints, and absence of a trusted infrastructure. This International Journal of Computer Research (IJCR) special issue seeks submissions from academia and industry presenting novel research on all aspects of security for ad hoc networks, as well as experimental studies of fielded systems. Topics of interest include, but are not limited to, the following as they relate to mobile ad hoc networks:
- Key management
- Intrusion detection and tolerance
- Secure location services
- Secure clock distribution
- Privacy and anonymity
- Performance and security tradeoffs
- Secure roaming across administrative domains
- Denial of service
- Prevention of traffic analysis
- Trust establishment, negotiation, and management
- Secure routing
- Secure MAC protocols
- Cryptographic Protocols
- Authentication and access control

For more information, please see http://www.ait.gr/special_issue/.

Elsevier Computer Communications Journal, Special Issue on Security on Wireless Ad Hoc and Sensor Networks, 3rd Quarter of 2007. (Submission Due 15 December 2006) [posted here 9/3/06]

Guest editors: Sghaier Guizani (University of Moncton, Canada), Hsiao-Hwa Chen (National Sun Yat-Sen University, Taiwan), Peter Mueller (IBM Zurich Research Laboratory, Switzerland)

The increase of wireless and mobile devices and the recent advancement in wireless and mobile ad hoc and sensor networks technologies/applications in a large variety of environments, such as homes, business places, emergency situations, disaster recoveries and people on the move is unprecedented. These activities over different network systems have brought security concerns on an unprecedented scale. Security is an important issue for wireless and mobile ad hoc and sensor networks (MANETs) especially for the security-sensitive applications such as in military, homeland security, financial institutions and many other areas. Such security threats take advantage of protocol weaknesses as well as operating systems' vulnerabilities to attack Internet applications. Theses attacks involve, for example, distributed denials of services, buffer overflows, viruses, and worms, where they cause an increasingly greater technical and economic damage.

With regard to such cyber security aspects, there is an increasing demand for measures to guarantee and fully attain the authentication, confidentiality, data integrity, privacy, access control, non repudiation, and availability of system services. This Special Issue will serve as a venue for both academia and industry individuals and groups working in this fast-growing research area to share their experiences and state-of-the-art work with the readers. The topics of interest include, but are not limited to:
- Novel and emerging secure architecture
- Study of attack strategies, attack modeling
- Security analysis methodologies
- Wireless and mobile security
- Key management
- Commercial and industrial security
- Broadcast authentication
- Secure routing protocols
- Secure location discovery
- Secure clock synchronization
- Novel and emerging secure architectures
- Cryptographic algorithms and applications
- Study of attack strategies, attack modeling
- Study of tradeoffs between security and system performance
- Security management, emergency contingency planning, identify theft
- Access control, wireless access control, broadband access control
- Protection, risk, vulnerabilities, attacks, authorization/authentication
- Security and trust in web-services-based applications
- Denial of service attacks and prevention
- Secure group communication/multicast
- Implementations and performance analysis
- Distributed security schemes

For more information, please see http://authors.elsevier.com/journal/comcom.

International Journal of Information and Computer Security, Special Issue on Security and Privacy Aspects of Data Mining, 2006. (Submission Due 5 April 2006) [posted here 2/7/05]

Guest editors: Stan Matwin (University of Ottawa, Canada), LiWu Chang (Naval Research Laboratory, USA), Rebecca N. Wright (Stevens Institute of Technology, USA), and Justin Zhan (University of Ottawa, Canada)

Rapid growth of information technologies nowadays has brought tremendous opportunities for data sharing and integration, and also demands for privacy protection. Privacy-preserving data mining, a new multi-disciplinary field in information security, broadly refers to the study of how to assure data privacy without compromising the confidentiality and quality of data. Although techniques, such as random perturbation techniques, secure multi-party computation based approaches, cryptographic-based methods, and database inference control have been developed, many of the key problems still remain open in this area. Especially, new privacy and security issues have been identified, and the scope of this problem has been expanded. How does the privacy and security issue affect the design of information mining algorithm? What are the metrics for measuring privacy? What impacts will this research impose on diverse areas of counter-terrorism, distributed computation, and privacy law legislation? This special issue aims to provide an opportunity for presenting recent advances as well as new research directions in all issues related to privacy-preserving data mining.

This special issue is inviting original contributions that are not previously published or currently under review by other journals. We welcome both theoretical and empirical research using quantitative or qualitative methods. Areas of interest include but not limited to:
- Access control techniques and secure data models
- Privacy-preserving data mining
- Privacy-preserving Information Retrieval
- Trust management for information mining
- Inference/disclosure related information mining
- Privacy enhancement technologies in web environments
- Privacy guarantees and usability of perturbation and randomization techniques
- Analysis of confidentiality control methods
- Privacy policy analysis
- Privacy-preserving data integration
- Privacy policy infrastructure
- Privacy-preserving query systems
- Identify theft protection
- Privacy-aware access control
- Privacy policy languages and enforcement mechanisms

For more information, please see http://www.site.uottawa.ca/~zhizhan/psdmspecialissue2006/index.htm.

International Journal of Networks and Security (IJSN), Special Issue on Cryptography in Networks, December 2006. (Submission due 1 April 2006) [posted here 10/31/05]

Guest editors: Liqun Chen (Hewlett-Packard Labs, UK), Guang Gong (University of Waterloo, Canada), Atsuko Miyaji (JAIST, Japan), Phi Joong Lee (Pohang Univ. of Science & Technology, Korea), Yi Mu (Univ. of Wollongong, Australia), David Pointcheval (Ecole Normale Supérieure, France), Josef Pieprzyk (Macquarie Univ., Australia), Tsuyoshi Takagi (Future Univ. - Hakodate, Japan), Jennifer Seberry (Univ. of Wollongong, Australia), Willy Susilo (Univ. of Wollongong, Australia), and Huaxiong Wang (Macquarie Uni., Australia)

Cryptography plays a key role in network security. Advances of cryptography can make computer networks more secure. Computer technologies have been pushing forward computer networks for high speed and broad bandwidth. Therefore, new cryptographic methods and tools must follow up in order to adapt to these new technologies. Recent attacks on computer networks, especially on IEEE 802.11 and IEEE 802.15, are increasing, since underlying radio communication medium for wireless network provides serious exposure to attacks against wireless networks. Security must be enforced to suit the emerging technologies. This Special Issue aims to provide a platform for security researchers to present their newly developed cryptographic technologies in network security. Areas of interest for this special journal issue include, but are not limited to, the following topics:
- Ad hoc network security
- Anonymity in networks
- Authentication in network and wireless systems
- Cryptographic algorithms and their applications to network security
- Cryptanalysis of network security schemes
- Encryption in network and wireless systems
- Email security
- Data integrity
- Fast cryptographic algorithms and their applications
- Identity-based cryptography in network and mobile applications
- IP security
- Key management
- Multicast security
- Mobile and wireless system security
- Privacy protection
- Security group communications
- Security in internet and WWW
- Security in Peer-to-Peer networks
- Secure routing protocols
- Security in sensor networks

For more information, please see http://www.uow.edu.au/~ymu/ijsn/.

Journal of Computer Security (JCS), Special Issue on Security of Ad Hoc and Sensor Networks, 2006. (Submission Due 1 April 2006) [posted here 11/30/05]

Guest editors: Peng Ning (NC State University) and Wenliang Du (Syracuse University)

Ad hoc and sensor networks are expected to become an integral part of the future computing landscape. However, these networks introduce new security challenges due to their dynamic topology, severe resource constraints, and absence of a trusted infrastructure. This Journal of Computer Security (JCS) special issue seeks submissions from academia and industry presenting novel research on all aspects of security for ad hoc and sensor networks, as well as experimental studies of fielded systems.

Topics of interest include, but are not limited to, the following as they relate to mobile ad hoc networks or sensor networks:
- Security under resource constraints (e.g., energy, bandwidth, memory, and computation constraints)
- Performance and security tradeoffs
- Secure roaming across administrative domains
- Key management
- Cryptographic Protocols
- Authentication and access control
- Intrusion detection and tolerance
- Trust establishment, negotiation, and management
- Secure location services
- Secure clock distribution
- Privacy and anonymity
- Secure routing
- Secure MAC protocols
- Denial of service
- Prevention of traffic analysis

For more information, please see http://discovery.csc.ncsu.edu/JCS-SASN06/.

Journal of Machine Learning Research, Special Issue on Machine Learning for Computer Security, 2006. (Submission due 15 March 2006) [posted here 11/11/05]

Guest editors: Philip Chan (Florida Tech) and Richard Lippmann (MIT Lincoln Lab)

As computers have become more ubiquitous and connected, their security has become a major concern. Of interest to this special issue is research that demonstrates how machine learning (or data mining) techniques can be used to improve computer security. This includes efforts directed at improving security of networks, hosts, and individual applications or computer programs. Research can have many goals including, but not limited to, authenticating users, characterizing the system being protected, detecting known or unknown vulnerabilities that could be exploited, using software repositories as training data to find software bugs, preventing attacks, detecting known and novel attacks when they occur, analyzing recently detected attacks, responding to attacks, predicting attacker actions and goals, performing forensic analysis of compromised systems, and analyzing activities seen in honey pots and network "telescopes" or "black holes."

Of special interest are studies that use machine learning techniques, carefully describe their approach, evaluate performance in a realistic environment, and compare performance to existing accepted approaches. Studies that use machine learning techniques or extend current techniques to address difficult security-related problems are of most interest.

It is expected that studies will have to address many classic machine learning issues including feature selection, feature construction, incremental/online learning, noise in the data, skewed data distributions, distributed learning, correlating multiple models, and efficient processing of large amounts of data.

For more information, please see http://www.cs.fit.edu/~pkc/mlsec/.

Theoretical Computer Science (TCS), Special Issue of on Automated Reasoning for Security Protocol Analysis, 4th quarter, 2006. (Submission due 13 November 2005) [posted here 8/15/05]

Guest editors: Pierpaolo Degano (Universita` di Pisa, Italy) and Luca Vigano` (ETH Zurich, Switzerland)

In connection with The Second Workshop on Automated Reasoning for Security Protocol Analysis (ARSPA'05), which took place as a satellite event of ICALP'05, we are guest-editing a Special Issue of Theoretical Computer Science devoted to original papers on formal security protocol specification, analysis and verification. Contributions are welcomed on the following topics and related ones:
- Automated analysis and verification of security protocols
- Languages, logics, and calculi for the design and specification of security protocols
- Verification methods: accuracy, efficiency
- Decidability and complexity of cryptographic verification problems
- Synthesis and composition of security protocols
- Integration of formal security specification, refinement and validation techniques in development methods and tools

For more information, please see http://www.avispa-project.org/arspa/tcs-index.html.

International Journal of Security and Networks (IJSN), Special Issue on Security Issues in Sensor Networks, Middle 2006. (Submission due 15 October 2005) [posted here 7/9/05]

Guest editors: Yang Xiao (University of Memphis), Xiaohua Jia (City University of Hong Kong, Hong Kong), Bo Sun (Lamar University), and Xiaojiang Du (North Dakota State University)

Security in Sensor networks differ from those in other traditional networks with many aspects such as limited memory space, limited computation capability, etc. Therefore, sensor network security has some unique features which do not exist in other networks. The need to address security issues, and provide timely, solid technical contributions of security solutions in sensor networks establishes the motivation behind this special issue. This special issue is dedicated to sensor network security. A paper should have security in sensor networks as the focus. Specific areas of interest include, but not limit to:
- Key Managements in sensor networks
- Secure Routing in secure networks
- Light weight Encryption and authentication in Sensor networks
- Attacks and solutions in Sensor networks
- Other areas which are related to both security and sensor networks

For more information, please see http://www.cs.memphis.edu/~yxiao/IJSN_Snesor_Security.html.

EURASIP Journal on Wireless Communications and Networking, Special Issue on Wireless Network Security, 3rd Quarter, 2006. (Submission due 1 October 2005) [posted here 6/28/05]

Guest editors: Yang Xiao (University of Memphis), Yi-Bing Lin (National Chiao Tung University, Taiwan), and Ding-Zhu Du (University of Minnesota)

Recent advances in wireless network technologies have rapidly developed in recent years, as evidenced by wireless location area networks (WLANs), wireless personal area networks (WPANs), wireless metropolitan area networks (WMANs), and wireless wide area networks (WWANs), that is, cellular networks. A major impediment to their deployment, however, is wireless network security. For example, the lack of data confidentiality in wired equivalent privacy (WEP) protocol has been proven, and newly adopted standards such as IEEE 802.11i robust secruity network (RSN) and IEEE 802.15.3a ultra-wideband (UWB) are not fully tested and, as such, may expose unforeseen security vulnerabilities. The effort to improve wireless network security is linked with many technical challenges including compatibility with legacy wireless networks, complexity in implementation, and cost/performance trade-offs. The need to address wireless network security and to provide timely, solid technical contributions establishes the motivation behind this special issue. This special issue will focus on novel and functional ways to improve wireless network security. Papers that do not focus on wireless network security will not be reviewed. Specific areas of interest in WLANs, WPANs, WMANs, and WWANs include, but are not limited to:
- Attacks, security mechanisms, and security services
- Authentication
- Access control
- Data confidentiality
- Data integrity
- Nonrepudiation
- Encryption and decryption
- Key management
- Fraudulent usage
- Wireless network security performance evaluation
- Wireless link layer security
- Tradeoff analysis between performance and security
- Authentication and authorization for mobile service network
- Wireless security standards (IEEE 802.11, IEEE 802.15, IEEE 802.16, 3GPP, and 3GPP2)

For more information, please see http://www.hindawi.com/journals/wcn/si/wns.html.

International Journal on Information and Computer Security (IJICS), Special Issue on Nature-Inspired Computation in Cryptology and Computer Security, October 2006. (Submission due 30 September 2005) [posted here 5/30/05]

Guest editors: John A. Clark (York University, UK) and Julio Cesar Hernandez (Universidad Carlos III de Madrid, Spain)

Techniques taken from the field of nature-inspired computation (e.g. Genetic Algorithms, Genetic Programming, Simulated Annealing, and Artificial Immune Systems) are steadily gaining ground in the area of cryptology and computer security. In recent years, nature inspired algorithms have been proposed, for example, for the design and analysis of a number of new cryptographic primitives, ranging from pseudorandom number generators to block ciphers, in the cryptanalysis of state-of-the-art cryptosystems, in the design of security protocols and in the detection of network attack patterns, to name but a few. There is a growing interest from the cryptographic and computer security communities towards nature-inspired techniques. This has occurred partly as a result of these recent successes, but also because the nature of systems is changing in a way which means traditional computer security techniques will not meet the full range of tasks at hand. The increasing distribution, scale, autonomy and mobility of emerging systems is forcing us to seek inspiration from nature to help deal with the challenges ahead. There is a general feeling that the area is ripe for further research, with dedicated conference sessions only beginning to emerge (e.g. the Conference on Evolutionary Computation special sessions in 2003, 2004 and 2005). This special issue of the IJICS solicits the submission of research papers in this general area. Suitable topics include (but are not limited to) the use of nature-inspired techniques for:
- Intrusion detection
- System security management
- Security authentication technologies
- The design of cryptographic primitives
- The cryptanalysis of stream, block and public key encryption algorithms (and other security-related algorithms, e.g. watermarking algorithms)
- The design or analysis of security protocols

For more information, please see http://www.cs.york.ac.uk/security/NatureInspiredSecuritySpecialIssue.html.

International Journal of Information and Computer Security, Special Issue on Systems Assurance, 2006. (Submission due 15 September 2005) [posted here 8/27/05]

Guest editor: Steve J. Chapin (Syracuse University)

Systems Assurance comprises related areas of computer security, information assurance, public policy, management, communications, and complex systems. In this context, “system” means more than computer systems; it denotes a large-scale, complex system that is critically affected by human action. While classic technical approaches to computer security play a role in systems assurance, they are only a part of a holistic approach to real solutions. Topics of interest include, but are not limited to:
- Trust in large-scale systems
- Formal models of complex systems
- Policy management
- Distributed system security
- Autonomic systems and computing
- Economics models of complex systems
- Assurance in decentralized (e.g., peer-to-peer) systems
- Information assurance and public policy
- Management of assured systems
- Building trustworthy systems from untrusted components
- Reputation management
- Artificial life concepts in system assurance

For more information, please see http://www.inderscience.com/ijics.

Journal of High Speed Networking, Special issue on Managing Security Polices: Modeling, Verification and Configuration, February/March 2006. (Submission due 1 September 2005) [posted here 6/9/05]

Guest editors: Ehab Al-Shaer (DePaul University), Clifford Neuman (University of Southern California), Dinesh C Verma (IBM Watson Research Center), Hong Li (Intel IT Research), and Anthony Chung (DePaul University)

The importance of effective network security policy management has been significantly increasing in the past few years. Network security perimeter devices such as Firewalls, IPSec gateways, Intrusion Detection and Prevention Systems operate based on locally configured policies. However, the complexity of managing security polices, particularly in enterprise networks that usually have heterogeneous devices and polices, has become a main challenge for deploying effective security. Yet these policies are not necessarily independent as they interact with each other to form the global security policy. It is a common practice to configure security policies on each of the perimeter devices manually and in isolation from each other due to different administrative domains, roles and personnel, among other reasons. As a result, rule conflicts and policy inconsistencies may be introduced in the system, leading to serious security breach and network vulnerability. Moreover, enterprise networks continuously grow in size and complexity, and they are in a constant state of change (in topologies, devices, protocols, and vulnerabilities), resulting in frequent changes in security policies. All these make policy enforcement, modification, verification, and evaluation intractable tasks.

This special issue is seeking solutions that offer seamless policy management with provable security in heterogeneous multi-vender network security environments. This special issue solicits original and unpublished contributions addressing security policy management issues. Topics of particular interest are automated policy management, dynamic policy-based security, security policy verification and distribution, and policy unification that improve the state-of-the-art in this area. Examples of selected topics include but are not limited to:
- Policy modeling and verification using formal methods
- Conflict discovery and resolution
- High-speed security policy analysis
- Frameworks for policy testing, assessment, comparison and evaluation.
- Dynamic policy-based security management
- Adaptive security polices
- Policy visualization
- Distributed policy editing, delegation and distribution
- Policy translation: from high-to-low level and vice versa
- Data mining for policy inspection, evaluation and enhancement
- Policy-management for wireless and mobile networks
- Novel policy management architectures
- Automatic security policy management in heterogonous network environment
- Implementation and Case Studies of Security Policy Management System
- Management of Interactions between Security Policies and other policies.
- Security policy languages and management for multi-device, multi-protocol and multi-vendor
- System intelligence to enable automated policy management: monitoring, event/data correlation and root-cause analysis

For more information, please see http://www.mnlab.cs.depaul.edu/events/JHSN-policy/.

IEEE Journal on Selected Areas in Communications, High-speed Network Security -- Architecture, Algorithms, and Implementation, 4th Quarter 2006. (Submission due 1 September 2005) [posted here 1/12/05]

Guest editors: H. Jonathan Chao (Polytechnic University), Wing Cheong Lau (Qualcomm), Bin Liu (Tsinghua University), Peter Reiher (University of California at Los Angeles), and Rajesh Talpade (Telcordia Technologies)

While the recent proliferation of broadband wireline and wireless networking technologies have substantially increased the available network capacity and enabled a wide-range of feature-rich high-speed communication services, security remains a major concern. Large-scale, high-profile system exploits and network attacks have become common recurring events that increasingly threaten the proper functioning and continual success of the communication infrastructure and services. One key aspect of mitigating such increasing threats is to develop new security/defense architectures, systems, methodologies and algorithms which can scale together with the communications infrastructure in terms of operating speed, operational simplicity and manageability, etc. The aim of this issue is to bring together the work done by researchers and practitioners in understanding the theoretical, architectural, system, and implementation issues related to all aspects of security in high-speed networks. We seek original, previously unpublished and completed contributions not currently under review by another journal. Areas of interest include but are not limited to the following topics related to high-speed network security:
- High-speed Intrusion Detection, Prevention (IDS/IPS) Systems, and malicious behavior detection
- High-speed Distributed Denial of Service (DDoS) attacks, prevention and defense systems
- High-speed network monitoring, metering, traceback and pushback mechanisms
- High-speed firewall, packet filtering and cross-layer defense coordination
- Support of authentication, confidentiality, authorization, non-repudiation in high-speed networks
- Security group communications/multicast
- Secure and scalable content-delivery networks
- Support for automated security policy configuration and realization
- Forensic methodologies for high-speed networks
- Automated attack characterization and containment in high-speed networks
- Testbeds for high-speed network security

For more information, please see http://www.argreenhouse.com/society/J-SAC/Calls/network_security.html.

International Journal of Wireless and Mobile Computing (IJWMC), Special Issue on Security of Computer Network and Mobile Systems, Issue 1, 2006. (Submission due 30 June 2005) [posted here 2/14/05]

Guest editors: Feng Bao (Institute for Infocomm Research, Singapore), Colin Boyd (QUT, Australia), Dieter Gollmann (TU Hamburg, Germany), Kwangjo Kim (ICU, Korea), Kaoru Kurosawa (Ibaraki Univ., Japan), Masahiro Mambo (Tsukuba Univ., Japan), Chris Mitchell (RHUL, UK), Yi Mu (Univ. of Wollongong, Australia), Phillip Rogaway (UC Davis, USA), Willy Susilo(Univ. of Wollongong, Australia), Vijay Varadharajan (Macquarie Univ., Australia), Moti Yung (Columbia Univ., USA), and Fangguo Zhang (Sun Yat-Sen Univ., China)

Computer networks play an important role on connecting resources and people. Advances of computer technology have been pushing forward computer networks for high speed and broad bandwidth. Security must be enforced to suit the emerging technologies. With the emergence of wireless technologies, such as IEEE 802.11 and Bluetooth, mobile users are enabled to connect to each other wirelessly. It can be realized with or without any networking infrastructure (ad-hoc mode). Wireless access networks are rapidly becoming a part of our everyday life. However, the security concerns remain a serious impediment to widespread adoption. The underlying radio communication medium for wireless network provides serious exposure to attacks against wireless networks. Research on security in computer networks and mobile systems covers many issues. There are many open issues to be solved. Areas of interest for this special journal issue include, but are not limited to, the following topics:
- Ad hoc network security
- Authentication in network and wireless systems
- Cryptographic algorithms and applications
- Denial of service
- Distributed system security
- Encryption in network and wireless systems
- Fast cryptographic algorithms and their applications
- Firewall and distributed access control
- Identity-based cryptography in network and mobile applications
- Intrusion Detection and Response
- Key management
- Multicast security
- Mobile Communications Security
- Privacy Protection
- Wireless security and algorithms
- Secure routing protocols
- Security in Peer-to-Peer networks

For more information, please see http://www.sitacs.uow.edu.au/ijwmc/.

IEEE Internet Computing   Special Security for P2P and Ad Hoc Networks Issue, November/December 2005. (Submission due 1 April 2005) [posted here 11/14/04]

Guest editors: Shiuhpyng Shieh (National Chiao Tung University) and Dan Wallach (Rice University)

As the number of individual computing devices and the demand for mobility continue to grow, peer-to-peer (P2P) systems and ad hoc networks will become increasingly popular.  Indeed, they are likely to become integral to the future computing and networking infrastructure.

P2P systems create application-level virtual networks with their own routing mechanisms; they enable large numbers of computers to share information and resources directly, without dedicated central servers. Ad hoc networks allow mobile hosts, mobile devices, and sensor nodes to communicate when no fixed infrastructure is available.

Although P2P systems and ad hoc networks make communication and resource sharing more convenient, however, they also introduce new security challenges due to inherent aspects such as dynamic topologies and membership, unreliability, severe resource constrains, and the absence of a trusted infrastructure.

To explore these issues, IC invites contributions for a special issue on security for P2P and ad hoc networks. Appropriate topics include, but are not limited to:
- key management,
- authentication,
- access control,
- privacy and anonymity,
- secure routing,
- secure MAC protocols,
- performance and security trade-offs,
- intrusion detection and tolerance, and
- denial of service.

For more information, please see http://www.computer.org/internet/call4ppr.htm.

Digital Crime and Forensic Science in Cyberspace   Call for Chapter Proposals. (Submission due 5 January 2005) [posted here 12/13/04]

For more information, please see http://www.di.uoa.gr/~nkolok/Idea.html.

IEEE Internet Computing   Special Homeland Security Issue November/December 2004. [posted here 02/18/04]

Guest Editors

    Michael Reiter - Carnegie Mellon University
    Pankaj Rohatgi - IBM T.J. Watson Research Center

"Homeland security" is a major concern for governments worldwide, which must protect their populations and the critical infrastructures that support them, including power systems, communications, government and military functions, and food and water supplies. In this special issue, we seek contributions describing the role of Internet and information technologies in homeland security, both as an infrastructure to be protected and as a tool for enabling the defense of other critical infrastructures.

On one hand, information technology can be used for mitigating risk and enabling effective responses to disasters of natural or human origin. However, its suitability for this role is plagued by questions ranging from dependability concerns to the risks that some technologies -- surveillance, profiling, information aggregation, and so on -- pose to privacy and civil liberties.

On the other hand, information technology is itself an infrastructure to be protected. This includes not only the Internet infrastructure but also the complex systems that control critical infrastructure such as energy, transportation, and manufacturing. While control systems have traditionally been proprietary and closed, the trend toward the use of standard computer and networking technologies coupled with the use of more open networks for communication makes these systems increasingly vulnerable to catastrophic attacks and failures.

We invite researchers and information technologists to submit original articles on the use of Internet and information technologies for homeland security and on the protection of critical technology assets. Of particular interest are articles that describe technology within the context of an actual deployment or initiative in homeland security. Indeed, articles focusing on these larger initiatives or the policy debates surrounding them are also welcome, provided that they offer a strong technology component. Articles detailing technology without a compelling application to homeland security are discouraged. Commercial advertisements will be rejected.

Relevant topics include, but are not limited to:

    * Identification, authentication, biometrics, and access Control;
    * Survivable/rapidly deployable emergency command and control infrastructure;
    * Risk assessment and recovery planning;
    * Sensor network based early-warning systems;
    * Surveillance, data aggregation, and mining technologies and associated privacy issues;
    * Controlled sharing of sensitive information among organizations;
    * Information and cybersecurity;
    * High-availability, resilient, and survivable infrastructure design; and
    * Detection and response to vulnerabilities and attacks on the Internet and on IT components in critical infrastructure.

For more information, please see http://www.computer.org/internet/call4ppr.htm
 
 

IEEE Computer special issue on high-speed Internet security, Editors: Simon Shim (San Jose State University), Li Gong (Sun Microsystems), Avi Rubin (The Johns Hopkins University), and Linley Gwennap (the Linley Group). (submissions due January 5, 2004) [posted here 8/27/03]

The growth of high-speed Internet service has strained the limits of existing network security measures. The CERT Coordination Center of the Software Engineering Institute at Carnegie Mellon University indicates that the number of reported security-breach incidents in the first half of 2003 climbed to 76,404-compared to the 82,094 incidents reported for the entire year in 2002. The IEEE Computer special issue will focus on strategies for maintaining robust security standards in ever-faster network environments. Proposed topics include but are not limited to Internet security architecture, security servers, virtual private networks, grid computing security, and XML security. In addition to papers on these topics, Computer solicits case studies and first-hand experiences with high-speed Internet security solutions. Submission guidelines are available at www.computer.org/computer/author.htm. Send inquiries to the guest editors at sishim@email.sjsu.edu, li.gong@sun.com, rubin@jhu.edu, and linleyg@linley group.com. Send .pdf files by 5 January 2004 to computer-ma@computer.org.

Journal of the Association for Logic Programming, TPLP Special Issue on Specification, Analysis and Verification of Reactive Systems, Editors: Giorgio Delzanno (University of Genova, Italy), Sandro Etalle (University of Twente and CWI Amsterdam, the Netherlands), and Maurizio Gabbrielli (University of Bologna, Italy). (submissions due November 15, 2003) [posted here 8/16/03]
The huge increase in interconnectivity we have witnessed in the last decade has boosted the development of systems which are often large-scale, distributed, time-critical, and possibly acting in an unreliable or malicious environment. These systems require solid formal techniques for their specification, analysis and verification. The topics of interest include but are not limited to: Specification languages and rapid prototyping, Analysis, and Validation, as applied to Security, Mobility, Interaction, and Open and Parameterized Systems. More details on the topics of interest can be found at a www.cs.utwente.nl/~etalle/specialissue.html.

Journal of Digital Libraries (JDL), Special Issue on Security, Editors: Vijay Atluri (Rutgers University, atluri@andromeda.rutgers.edu) and Indrakshi Ray (Colorado State University, iray@cs.colostate.edu). (submissions due November 1, 2003) [posted here 7/2/03]
Recent technological advancements have resulted in a phenomenal growth in digital libraries. Often, professionals in the government, military, and commercial sectors make critical decisions based on data obtained from digital libraries. These users rely on the correctness, availability, and secrecy of the data stored in digital libraries. Consequently, security issues are of great concern to both researchers and practitioners involved with digital libraries. Recognizing the importance of the research in this area, "The International Journal on Digital Libraries" is organizing a special issue on security. The primary focus of this special issue will be on high-quality original unpublished research, case studies, as well as implementation experiences in the area pertaining to security issues in digital libraries. Suggested topics include but are not limited to:
    - Authorization and Access Control                        - Digital Watermarking
    - Authentication                                                        - Electronic Payment
    - Encryption technologies for digital libraries      - Intellectual Property Protection
    - Key management in digital libraries                     - Multimedia Security
    - Computer Security and Public Policy                  - Privacy and Anonymity
    - Copy Protection and Prevention                           - Security Management
    - Data/System Availability                                        - Steganography
    - Data/System Integrity                                             - Usage Accounting
More information about the journal can be found at http://cimic.rutgers.edu/~jdl/.

IEEE Security & Privacy, George Cybenko, Editor. Theme: Understanding Privacy, Nov/Dec 2003 Issue. (submissions due July 31, 2003) [posted here 3/20/03]
Privacy is a growing concern in today's networked world. The Nov./Dec. issue of IEEE Security & Privacy will be devoted to privacy—its technological, commercial, and social aspects. Papers dealing with the following privacy-related topics are welcome:
  - identity theft and related abuses;
  - consumer and business practices and trends affecting privacy;
  - information ownership, competing claims, unresolved ambiguity;
  - legal and criminal issues;
  - privacy leakage case studies;
  - relationships and trade-offs between security and privacy;
  - privacy-enhancing technologies;
  - relationships between privacy management and digital rights management;
  - formal models and definitions of privacy; and
  - database issues in privacy protection.
Feature articles should be no longer than 6,000 words (tables and figures count as 250 words each). Be sure to include all author names, professional affiliations, mailing addresses, daytime telephone numbers, and email addresses. Send one word-processed file and one PostScript or PDF file to security@computer.org.

FORMATEX, a Spanish technological organization, in collaboration with the Computer Science and Physics Department of the University of Extremadura (Spain) is now editing a volume within our Information Society book series, on Techno-Legal aspects of Information Society. Some of the topics covered by this edition are: Security of Information Systems, Networking, E-commerce, Networks and Liberties, Informatic crimes, Public security vs. secret communications, Legal protection of software and digital contents, Digital Libraries, Rights Management in the Digital Era, Electronic signature, Electronic means of payment, Ethical issues, Law and Computer Science, Cryptography, Legal Expert Systems, Teleworking, e-Government, Cybersquatting, Typosquatting etc, Domain names and Trademarks, Thesaurus and documental techniques, Law Databases, Law in Internet. The Call for Papers' website is available at www.formatex.org/isbook/callforpaper.htm with details on deadlines, manuscripts format, etc. Submissions are due November 25, 2002.

IEEE Journal on Selected Areas in Communications, Special issue on Design and Analysis Techniques for Security Assurance.  Publication: 1st quarter 2003.  Editors: Li Gong (SUN Microsystems), Joshua Guttman (The MITRE Corp), Peter Ryan (Carnegie Mellon University), and Steve Schneider (University of London).  Submission deadline is March 1, 2002.   [posted here 7/26/01]
Information security plays a dominant and increasingly critical role in society. It is therefore essential that we have effective tools and techniques to design and evaluate secure systems and demonstrate that they meet their security requirements. The application of rigorous methods to the specification, modeling, analysis, and design of security-critical systems has made considerable strides in recent years, and the field is rapidly gaining in maturity. The scope of this issue will range over all rigorous, mathematically well founded, approaches to all aspects of security system development. This issue is intended to gather together the leading edge approaches in this area. Papers are solicited in the following areas:
     * Security protocol analysis
     * Computer security models and policies
     * Information flow
     * Secure architectures
     * Mobility
     * Tools for security analysis
     * Languages
     * Logics
     * Static/typechecking techniques
     * Smartcards
Original, unpublished contributions and invited articles will be considered for the issue. The paper should be no longer than 20 double-spaced pages, excluding illustrations and graphs and follow the IEEE J-SAC manuscript format described in the Information for Authors. Authors wishing to submit papers should send an electronic version (postscript or PDF files ONLY) to Steve Schneider at S.Schneider@rhul.ac.uk by March 1, 2002. 

Information and Security: An International Journal.  Special issue on agent-based technologies.  Publication:  May 31, 2002.  Editor:  Petya Ivanova (Center for National Security and Defense Research, Bulgarian Academy of Sciences).  Submission date:  abstract and intent to submit a paper - February 28, 2002; final papers - March 31, 2002.   [posted here 2/12/02]
The field of autonomous agents and multi-agent systems is an exciting and rapidly expanding area of research and development. In the last few years, there has been a growing interest in the application of agent-based systems to various security-related and military domains. In this special issue of Information & Security we shall present the results achieved in this area, discuss the benefits (and drawbacks) that agent-based systems may bring to the military and the broader security community, and provide a list of research and practical challenges that should be tackled in the near future so that the full potential of agent-based systems is realized. Topics include, but are not limited to:
   - General and specific architectures of agents in different settings and environments
   - Cooperation and competition; coordination and collaboration 
   - Negotiation, consensus development, conflict detection and resolution 
   - Communication protocols and languages (communication standards) 
   - Intelligent cognitive activities jointly realized by multiple agents, e.g., distributed problem solving, planning, learning, and decision making 
   - Emergent behavior and organizational intelligence 
   - Organizational structuring and dynamics 
   - Mobile agents as general-purpose framework for distributed applications 
   - Performance issues; security, reliability, and robustness 
   - Agents and the interoperability of heterogeneous systems 
   - Human-agent interaction and interfaces 
   - Architectures, environments and languages for mobile and secure information services 
   - Agent capability requirements in military applications
We intend to present successful applications of agents and multi-agent systems in the following domains:
   - Military decision support systems and complex problem-solving 
   - Military training and education 
   - Collection and organization of knowledge available on the Internet 
   - Information retrieval, dissemination, and monitoring across multiple applications
For instructions and additional information on manuscript preparation, see: www.isn.ethz.ch/publihouse/InfoSecurity. Questions can be addressed to infosec@mbox.digsys.bg.

Computer Communications, Special issue on Network Security. Publication: spring 2002.  Editors: Brian Neil Levine, University of Massachusetts, and Clay Shields, Purdue University.  Submission deadline is October 5, 2001.   [posted here 2/20/01]
The Internet has become the cornerstone for the proliferation of networking technology. The quality of the security and privacy of the services, protocols, and infrastructure that make up the Internet is a key factor in its continued growth and survivability. This special issue will collect and archive the state of the art in Network Security for existing and future network technologies, publishing research that explores: The security of infrastructure and systems that form the network (such as routers, application-level proxies, and servers); The security of protocols and services that work end-to-end (such as DNS, HTTP, multimedia conferencing and virtual environments, and e-commerce); Protocols that protect the privacy of users on the network. An emphasis on deployable systems and the inclusion of an analysis of their network performance in the presence of security mechanisms is ideal. Areas of interest include, but are not limited to:
   -  Network privacy and anonymity 
   -  Multicast and group-communication security
   -  Intrusion detection and response
   -  Network traceback 
   -  Integrating security in Internet protocols 
   -  Security analysis of Internet protocols 
   -  Network performance evaluation of network security protocols;
   -  Denial-of-service attacks and counter measures 
   -  Virtual private networks 
   -  Security for wireless networks and technologies 
Through the publication of this special issue, we wish to bring together researchers from the security and networking communities that have not previously had a common forum in which to share methodologies and techniques.  Instructions for submitting a paper are given at signl.cs.umass.edu/comcom.  Information on Computer Communications can be found at www.troubador.co.uk/comcom/fp.htm and www.troubador.co.uk/comcom/fp.htm.

 

IEEE Internet Computing, Special Issue on Peer-to-Peer Networking.  Guest editor: Li Gong, Sun Microsystems.  Publication date: January/February 2002.  Submissions due June 1, 2001.   [posted here 2/20/01]
The term peer-to-peer networking is applied to a wide range of technologies that greatly increase the utilization of information, bandwidth, and computing resources in the Internet. Frequently, these P2P technologies adopt a network-based computing style that neither excludes nor inherently depends on centralized control points. Apart from improving performance in terms of information discovery, content delivery, and information processing, such a style also can enhance the overall reliability and fault-tolerance of the computing system. This special issue of Internet Computing will showcase significant developments in the general area of peer-to-peer networking. Topics of interest include (but are not limited to):
     1. Peer naming, discovery, and organization 
     2. Peer-based communication and information sharing 
     3. Systems support for peer-to-peer networking 
     4. Security support for peer-to-peer networking 
     5. Peer-based network infrastructure including operating systems 
     6. Peer-based services and applications
Ideally, submissions will report advances that (a) use a simple and elegant solution to solve a seemingly complicated problem, (b) have a solid theoretical foundation but a realistic implementation path, and (c) are readily deployable over currently existing Internet infrastructure. We discourage strictly theoretical or mathematical papers on modeling of peer-to-peer computing. If you are uncertain about your submission in terms of scope, please provide an abstract to the guest editor for clarification before submission.  (note: the complete call for papers has not been posted on the IEEE web site yet.  We will update this Cipher entry when the URL is known.  In the interim, you may choose to contact the guest editor, Dr. Li Gong at li.gong@sun.com)

IEEE Computer, Special issue on embedded system security.  Guest editors: William A. Arbaugh, University of Maryland, and Leendert Van Doorn, IBM Research.  Submission deadline is March 15, 2001.   [posted here 12/18/00]
Embedded systems range from personal digital assistants to disk controllers and from home thermostats to microwave regulators.  These near-ubiquitous devices are often networked and thus present security challenges similar to those already of concern on the Internet.  This special issue will consider the security and privacy that networked embedded systems present.  Submissions are sought on all topics relating to embedded system security including risk analysis, privacy issues, software security architectures, security requirements for embedded operating systems, embedded cryptographic devices, using embedded devices to build secure systems, and secure firmware upgrades.  For further information see www.cs.umd.edu/~waa/ieee-cfp.html.

Internet Computing , Call for papers on "Widely Deployed Internet Security Solutions", November/December 2000, Guest Editors: Li Gong and Ravi Sandhu. (Submissions due: April 28, 2000)  [posted here January 28, 2000].
The goal of this special issue is two-fold. One is to reflect on security technology that have made into mainstream products and have been widely deployed within the past decade. An interesting perspective is why these solutions were picked over other competing solutions and what made them more attractive and acceptable. The other part of the goal is to access the state of the art in security research and technology with the hope that these investigations point to what may be deployed in the next decade. Topics of Interest include (but are not limited to) descriptions of and perspectives (historic, legal, etc.) on:
              *  Security solutions that are widely deployed 
              *  Security solutions that were once fashionable but no longer in use 
              *  Prevailing security solutions that are becoming obsolete 
              *  Emerging security solutions that are likely to be widely deployed 
We welcome submissions regarding security solutions covering all aspect of computing, including operating systems, networking, databases, distributed systems, human-computer interaction, the web, the Internet, information appliances, and wireless communication. However, we discourage abstract theory/idea papers, especially pure cryptography theory or crypto protocol papers. Our focus is on security solutions that were, are, or will be widely deployed.  Submission instructions can be found on the journal web page at church.computer.org/internet/call4ppr.htm.

 

IEEE Software, Call for Articles & Reviewers, Malicious Information Technology: The Software vs. The People Publication: Sept./Oct. 2000. Guest Editors: Nancy Mead (nrm@sei.cmu.edu) and Jeffrey Voas (jmvoas@rstcorp.com). (Submissions due: April 1, 2000) [posted here November 3, 1999].
Software was intended to improve the quality of human life by doing tasks more quickly, reliably, and efficiently. But today, a "software vs. people" showdown appears eminent. Software is increasingly becoming a threat to people, organizations, and nations. For example, the spread of the Melissa virus illustrates the ease with which systems can be penetrated and the ubiquity of the consequences; the Melissa virus caused many companies to shut down their EMail systems for days or even weeks. The origin of these threats stems from a variety of problems. One problem is negligent development practices that lead to defective software. Security vulnerabilities that occur as a result of negligent development practices (e.g., commercial Web browsers allowing unauthorized individuals to access confidential data) are likely to be discovered by rogue individuals with malicious intentions. Other security vulnerabilities are deliberately programmed into software (e.g., logic bombs, Trojan Horses, and Easter eggs). Regardless of the reason why information systems are vulnerable, the end result can be disastrous and widespread. Because of the increased danger that malicious software now poses, we seek original articles on the following specific issues:


 

*  Intrusion detection


 

*  Information survivability


 

*  Federal critical infrastructure protection plans


 

*  Federal laws prohibiting encryption exports vs. US corporations


 

*  State-of-the-practice in security testing


 

*  The Internet's "hacker underground"


 

*  Corporate information insurance


 

*  Penalties for those convicted of creating viruses


 

*  Case studies in information security and survivability

Authors: Submit one electronic copy in RTF interchange or MS-Word format and one PostScript or PDF version to the magazine assistant at software@computer.org. Articles must not exceed 5,400 words including tables and figures, which count for 200 words each. For detailed author guidelines, see www.computer.org/software/edguide.htm. Reviewers: Please e-mail your contact information and areas of interest to a guest editor.

 

Journal of Theoretical Computer Science, special issue on Dependable Computing. Guest Editor: Gilles Motet. (Submissions due: December 20, 1999) [posted here October 15, 1999].
Papers should be sent as attached rtf, postscript or pdf files to Guest Editor: Gilles Motet / LESIA DGEI, INSA, 135, avenue de Rangueil / 31077 Toulouse cedex 4 / France. Email: Gilles.Motet@insa-tlse.fr. More information can be found at: wwwdge.insa-tlse.fr/~lesia/tcs-call-for-paper.html.

 

Computer Communications Journal, special issue on Advances in Research and Application of Network Security, first quarter 2000. Guest Editors: Dr. M. Merabti (John Moores University, UK), Dr. Q. Shi (John Moores University, UK), and Dr. Rolf Oppliger (Swiss Federal Office of information Technology & Systems) (full papers due September 1, 1999) [posted here June 15, 1999].
The special issue aims to publish original research results of both theoretical and practical significance. Topics of interest include, but are not limited to

  • Security architectures and protocols

  • Intrusion detection

  • Authentication and key management

  • Authorisation and access control

  • Secure electronic commerce

  • Privacy and anonymity

  • Mobile code and web security

  • Mobile communication security

  • Security analysis

The deadline for receipt of four copies of full manuscripts is September 1, 1999. Please, refer to URL www.crlpublishing.co.uk/crl/COMCOM/fp.htm#anchor448658 to get further information.

 

International Journal of Computer Systems: Science & Engineering Special Issue on Developing Fault-Tolerant Systems with Ada. (Abstracts due June 1, 1999; full papers due: June 15, 1999) [posted here: 2/5/99].
An electronic version of the abstract is to be sent to A. Romanovsky at: alexander.romanovsky@ncl.ac.uk (phone:+44 191 222 8135; fax: +44 191 222 8232) by June 1, 1999. Full submissions are to be forwarded by June 15, 1999 to one of the guest editors (electronic submissions are encouraged): A. Romanovsky or A.J. Wellings at andy@minster.cs.york.ac.uk More information: www.cs.ncl.ac.uk/people/alexander.romanovsky/home.formal/ftada.html.

 

ACM Transactions on Software Engineering and Methodology Special issue on Software Engineering and Security. Guest Editors: Premkumar Devanbu (devanbu@cs.ucdavis.edu, UC Davis) and Stuart Stubblebine, (stubblebine@cs.columbia.edu). (DEADLINE EXTENDED TO JUNE 1, 1999) [posted here: 12/14/98].
Software system security issues are no longer only of primary concern to military, government or infrastructure systems. Every palmtop, desktop and TV set-top box contains or will soon contain networked software. This software must preserve desired security properties (authenticity, privacy, integrity) of activities ranging from electronic commerce, electronic messaging, and browsing. From being a peripheral concern of a limited and specialized group of engineers, security has become a central concern for a wide range of software professionals. In addition, software is no longer a monolithic shrink-wrapped product created by a single development organization with a well-defined software process. Instead, it is composed of components constructed by many different vendors following different practices. Indeed, software may even contain elements that arrive and are linked in just prior to execution. Customers need assurance that constituent components and mobile code have certain desirable properties; this need conflicts with the need for vendors to protect their proprietary information. The issue of providing assurance without full disclosure has been studied in security research, and needs to be applied to this problem. To provide a focus for these and other interactions between security and software engineering, ACM TOSEM will bring out a special issue dedicated to the intersection of concerns between the two fields. We solicit submissions that address the following issues and sub-areas:

  • How can security be used to address problems in distributed software development? How does one build trust and control in the distributed enactment of software processes while protecting intellectual property?

  • Trust in software process; Trust in software tools; Trusted (distributed) configuration management.

  • Can conventional, standard software engineering techniques be used to achieve verifiably higher levels of security in heterogeneous, distributed systems? What new software engineering techniques are needed?

  • Formal Verified implementations of security protocols; Traceability of correctness into implementation; Testing of security protocols; Specification of Secure Systems; Domain specific languages for Secure systems; Static/Dynamic Analysis for System Security; Security Testing (property-based, coverage-based, etc.); Configuring trusted systems; Evolving Legacy Systems for greater security.

  • Intellectual Property Protection: can security techniques be used to protect the valuable investments in software?

  • Reverse engineering counter measures; Software watermarking and copy protection; Combination Software and Hardware-based techniques.

Additional information about submitting papers can be found at www.cs.columbia.edu/~stu/tosem.html.

 

IEEE Network Magazine, Special Issue on Network Security (Nov/Dec 1999). Guest Editors: Bulent Yener, Bell Labs, Lucent Technologies (yener@research.bell-labs.com), and Patrick Dowd, Laboratory for Telecommunications Sciences, United States Department of Defense (p.dowd@ieee.org). (Submission deadline: June 1, 1999) [posted here: 3/15/99].
Network and Internet security has become a crucial requirement for both users and service providers. The Internet is a commercial infrastructure where sensitive and confidential personal and business data are carried over public networks. Although security is often treated as an after-thought, this attitude is changing. Security within an application needs to be considered as a fundamental element of the application, treated analogously to Quality of Service (QoS) considerations. Security is often viewed as a one-size-fits-all paradigm, but this is difficult to sustain due to the eclectic collection of communications mediums that compose the Internet infrastructure. The danger of a cookie-cutter strategy is that security will contend with performance since it is not suited to the environment. As the QoS requirements of applications and the physical layer properties internetworking become more diverse, agile but robust and consistent security solutions are needed. This is difficult, since custom solutions typically have difficulty surviving in a mass market, yet flexibility is needed for security use to become ubiquitous. We are interested in tutorial-oriented research papers that describe real services, software systems and experiments. Work-in-progress papers describing the state of on-going research projects in Internet security are encouraged. Research papers should demonstrate the feasibility of the approach and describe the state of realization. Case studies and applied papers should discuss the key factors that made the system work and should also mention the pitfalls and problems encountered and how they may be overcome. Topics of interest include:


 

* Intrusion detection

* Authentication


 

* Mobile code and agent security

* Privacy and anonymity


 

* Key management

* Access control and Firewalls


 

* Wireless, mobile network security

* Secure multicasting


 

* Data integrity

* Security verification


 

* Security protocols

* Policy modeling


 

* Commercial security

* Electronic commerce


 

* Security management


 

If you are unsure if your work falls within the scope of this special issue, please send an abstract to one of the guest editors. We would be happy to review it and provide feedback. Complete details on how to submit a paper are provided at www.comsoc.org/socstr/techcom/ntwrk/special/yener_dowd.html.

 

 

IEEE Internet Computing, Special Issue on Survivable, High-Confidence Distributed Systems (November/December 1999). Guest Editor: Mike Reiter, Bell Labs (reiter@research.bell-labs.com) (Submission deadline: 12 May 1999) [posted here: 3/1/99].
As the world moves toward increasing reliance on computing networks, it is essential to find ways of building distributed systems that perform reliably under a wide range of circumstances that may include both accidents and malicious attacks. A "survivable" system is one that can make meaningful progress even when some (human or computer) components fail to behave as expected, and particularly when they behave in a way as to undermine the correct operation of the system as a whole. Survivable systems may combine techniques for detecting, masking, and adapting to such failures and attacks, at the network level, a middleware layer, or in the higher-level distributed application of interest. This issue examines the state of the art in the design, implementation, and analysis of survivable distributed systems and networks. Topics of interest include, but are not limited to:

  • Survivable networking infrastructures and routing protocols

  • Distributed algorithms for surviving attacks on system components

  • Tools and middleware for simplifying the development of survivable distributed systems

  • Survivable data storage and dissemination

  • Application-specific survivability techniques, e.g., in the arenas of electronic commerce or electronic voting

  • Case studies demonstrating survivability characteristics (or the lack thereof) of critical systems

  • Enhancing the survivability of legacy systems

  • Techniques for evaluating the survivability of a system

  • Achieving failure diversity in a monocultural system, i.e., one with a common

  • computing platform/OS throughout

  • Survivable applications built on untrustworthy platforms

Acceptable papers can describe novel scientific advances in survivability, document experiences in developing or deploying survivable systems, or provide a survey of the state of the art in this area. The call-for-papers is located at www.computer.org/internet/call4ppr.htm.

 

A special issue of IEEE Transactions on Software Engineering , Special Issue on Current Trends in Exception Handling, (abstracts due: February 15, 1999; papers: March 1, 1999) [posted here December 8, 1998].
This special issue invites papers with focus on research results, experience reports, and brief survey/tutorials on emerging research challenges related to exception handling in (but not limited to) the following areas:

  • Models and paradigms for exception handling

  • Language facilities for exception handling: Functional languages; Procedural languages; OO languages

  • Exception mechanisms and their applications

  • Application specific problems: Asynchronous systems and concurrent programming; Mobile code execution in distributed systems; Real-time and safety critical systems; Databases and transaction management systems; Distributed collaboration systems; Fault-tolerant computing; Security in high confidence systems; Interactive systems; Operating systems and middleware

  • Validation of exception handling: Reasoning about exceptions and their handling in specific application areas; (General) testing techniques for exceptions and their handling

  • Case studies and experiences in large-scale systems

An electronic version of the abstract should be sent to A. Romanovsky at: alexander.romanovsky@ncl.ac.uk Full submissions should be forwarded to one of the guest editors (electronic submissions are encouraged). More information can be found at www.cs.ncl.ac.uk/people/alexander.romanovsky/home.formal/se.html.

 

A special issue of IEEE Journal on Selected Areas in Communications (JSAC) Special Issue on Network Security. Publication date: January, 2000. Guest Editors: Hilarie Orman, Ueli Maurer, Stephen Kent, and Stephen Bellovin. (submissions due: February 5, 1999) [posted here September 16, 1998].
This special issue of JSAC will be devoted to recent research results that describe or forecast significant changes in the feasibility of delivering security solutions (such as major improvements in cryptographic efficiency), or describe progress in areas that have been especially difficult, or are relevant to newer technologies, such as optical or mobile wireless communication. Of special interest are papers that relate their results to use on the Internet today or to use on next generation networks. Papers are solicited in the following areas: Cryptography-based network systems, such as secure private networks and transactional security; Public-key infrastructures; Applying new cryptographic methods to network communication; New cryptographic protocols supporting secure network systems; Anonymous communication; Recent cryptographic theory advances; Optical network security; Mobile wireless network security; Formal analysis of network security systems; Trends in network-based attacks; Secure group communication; Policy expression and enforcement. Papers in strongly related areas, especially those involving novel technologies, are also encouraged. Manuscripts to be considered for submission should be sent by email to Hilarie Orman (ho@cs.arizona.edu) by February 5, 1999. The manuscripts must be in Postscript, viewable in ghostscript, or six copies can be sent by mail; contact Hilarie Orman well prior to the deadline for the mailing address. Please note the IEEE formatting requirements; information for authors can be found at: gump.bellcore.com:5000/Guidelines/info.html The JSAC home page is at gump.bellcore.com:5000.

 

A special issue of IEEE Computer , A baseline on security strategies for the emerging broadband environment. Guest Editors: Dr. Patrick Dowd, and Dr. John McHenry. (submissions due: January 15, 1999) [posted here December 8, 1999].
This special issue will focus attention on the integration of networking and endpoint security. It will pull together both IP and ATM networking security strategies and examine methods that will allow homes and offices to safely explore the opportunities provided by a "connected" environment. Topics including the emerging broadband networking environment, IP and ATM security, integrated security strategies, and security analysis are of particular interest. Only electronic submissions (postscript, Adobe Acrobat, MS Word, or Framemaker) will be considered - paper copies will not be accepted. Please contact one of the guest editors if you have any questions. GUEST EDITORS: Dr. Patrick W. Dowd, University of Maryland, Department of Electrical Engineering, A.V. Williams Building, College Park, MD 20742, and Dr. John McHenry, U.S. Department of Defense, National Security Agency, Suite 6512, Ft Meade, MD 20755-6512.

 

IEEE Communications Magazine Feature Topic Issue on The Provision of Communication Services over Hybrid Networks (publication: July 1999). Guest Editors: Jean-Pierre Hubaux and David Nagel. (submissions due: January 5, 1999) [posted here December 11, 1999].
This Feature Topic Issue is devoted to the architecture and provision of services over hybrid networks. Topics of interest include:

  • Creation of hybrid services

  • Deployment of hybrid services

  • Operation and management of hybrid services

  • Validation of hybrid services

  • Middleware for hybrid services

  • Network planning and dimensioning

  • New hybrid services: access to Internet services from cellular terminals, access to the PSTN from a mobile IP phone, hybrid call centers,...

  • Traffic control and performance issues related to hybrid services

  • Security of hybrid services

  • Billing of hybrid services

  • Hybrid services involving other access networks (cable, ATM, WLANs,...)

  • Mobility-related services

  • Terminals for hybrid services

  • Computer Telephony Integration services

  • Partial replacement of telecom equipment by Internet technology for the control and/or transport of voice services

  • Dependability and scalability of hybrid services

Tutorial and survey papers will be considered for acceptance. Research papers will be considered as well, provided that they are understandable and informative for non specialists of the area covered by this issue. Although the Feature Topic Issue is essentially devoted to technical aspects, prospective authors are also encouraged to address economic and/or regulatory questions. Authors are requested to send e-mail by January 5 to both guest editors (see below), giving a URL where the guest-editors can review the article, preferably in HTML format with GIF artwork (postscript or pdf format is also accepted). Potential authors may wish to consult the author information and guidelines, which are given at pubs.comsoc.org/ci1/. Note: there is currently a call for papers for a joint Feature Topic Issue of Internet IEEE Network and IEEE Internet magazines on Internet telephony, to be edited by Henning Schulzrinne. There are some commonalities between the two Feature Topic Issues. However, the focus of each of them is different, and appropriate coordination efforts will be made to avoid overlaps. Guest Editors: Jean-Pierre Hubaux, Swiss Fed. Inst. of Technology, Lausanne, On leave at the Univ. of California, Berkeley, until January 9, 1999, EECS Dept, 267 Cory Hall, Berkeley,CA 94720, USA, tel: + 1-510-642-9719, fax: + 1-510-642-2845, hubaux@diva.EECS.Berkeley.EDU. And: David Nagel, President, AT&T Labs, AT&T Labs, 295 North Maple Avenue, Basking Ridge, NJ 07920, USA, tel: + 1-908-221-2903, dnagel@att.com.

 

A special issue of Distributed and Parallel Databases: An International Journal Kluwer Academic Publishers, Special issue Editors: Vijay Atluri and Pierangela Samarati. (submissions due: September 30, 1998) [posted here: July 6, 1998]
Recognizing the importance of the research in computer security, Distributed and Parallel Databases: An International Journal is organizing a special issue on security. The primary focus of this special issue will be on high-quality original unpublished research, case studies, as well as implementation experiences in any area of computer and communication security. Suggested topics include but are not limited to: Accounting and Audit, Authorization and Access Control, Authentication, Applied Cryptography, Computer Security and Public Policy, Data/System Integrity, Electronic Commerce and Virtual Banking, Information Warfare, Intrusion Detection, Intellectual Property Protection, Privacy and Anonymity, Security for Digital Libraries, Security in Data and Knowledge Bases, Security in Data Warehouses, Security in Workflow Systems, Security in Mobile and Wireless Systems, Security Management, Secure Networking and Protocols. Manuscripts must be written in English and should include a cover page with title, name and address (including e-mail address) of author(s), an abstract, and a list of identifying keywords. Manuscripts must be submitted as Postscript files via electronic mail to Prof. Vijay Atluri at atluri@andromeda.rutgers.edu. In addition, send five hard copies of your submission to: Melissa Parsons, Journals Editorial Office, Kluwer Academic Publishers, 101 Philip Drive, Norwell, MA 02061, USA; tel: (+1)781-871-6600; fax: (+1)781-878-0449; e-mail: mparsons@wkap.com.

 

A special issue of Software Practice & Experience on Experiences with Computer and Network Security. Guest editor: Gene Spafford (spaf@cs.purdue.edu). (submissions due: July 1, 1998) [Posted here: May 13, 1998]
Contact the editor for submission details. Papers describing both `systems' and `applications' software in any computing environment are acceptable. Typical topics include software design and implementation, case studies, studies describing the evolution of software systems, critical appraisals of systems, and the practical aspects of software engineering. Theoretical discussions can be included, but should illuminate the practical aspects of the work, or indicate directions that might lead to better practical systems. This special issue is specifically devoted to issues of computer and network security software. We are seeking high-quality articles relating to the above-mentioned themes. This includes papers on at least the following topics: access control systems, auditing systems and analysis, misuse and intrusion detection systems, applications of cryptography, secure messaging systems, information protection systems, security of mobile code, security of browsers and related technology, security testing and assurance, firewall construction and testing, experiences with new security programming paradigms, development and experience with "hacking tools", experiences with patching security flaws

 

The Journal of Computer Security, JCS Special Issue on Research in Intrusion Detection. Editor: Phillip A. Porras (porras@csl.sri.com) (Submissions due: July 15, 1998) [posted here: June 29, 1998]
This special issue seeks papers that describe research beyond the scope or orthogonal to what the commercial intrusion-detection community is producing. The intent is to capture results from key efforts in the field, and to understand the directions and motivations that are driving current and future research in this area. Papers are solicited on all aspects of intrusion detection, including the extension of intrusion-detection techniques to new problem domains, as well as the application of other techniques to intrusion detection. A complete list of topics is given in the call-for-papers at www.csl.sri.com/jcs-ids-call.html. Submissions should be received by July 15, but earlier submissions are encouraged. Manuscripts must be in English (dbl-spaced; 12 pt.). Each copy should have a cover page with title, name and address (including e-mail address) of author(s), an abstract of no more than 200 words, and a list of identifying keywords. Editor: Phillip A. Porras / Computer Science Laboratory / SRI International/ 333 Ravenswood Avenue / Menlo Park CA 94025 / phone: 650-859-3232 / fax: 650-859-2844 / porras@csl.sri.com. The Journal of Computer Security is an archival journal published quarterly. Its purpose is to present research and development results of lasting significance in the theory, design, implementation, analysis and application of secure computer systems. The Journal of Computer Security represents today a main forum for ideas about the meaning and implications of security and privacy, particularly those with important consequences for the technical community.

 

IEEE Internet Computing A special issue of IEEE Internet Computing, November/December 1998, (submissions due: May 12, 1998) [Posted here: March 3, 1998]
Executable content systems like Java, DNA (ActiveX), JavaScript, Postscript, Word Macros, and so on have had a fundamental impact on computer security. The very concept of executable content involves fetching and running data from a most-likely untrusted site. Often, this happens behind the scenes without the client being aware of the details. For example, when a Web user requests a page with a Java applet embedded in it, the Java byte code is automatically downloaded and begins to execute on a virtual machine in the user's browser. This special issue will be devoted to security implications of mobile code. In particular, we are interested in articles discussing: Code signing technologies, including models for permissions, capabilities, and principals; Proof-carrying code and security policy resolution; Implications of existing protocols such as SSL on proxy scanning, intrusion detection, and firewalling; Handling denial of service; Design of secure interfaces for devices such as smart cards; Security policy creation and management issues; Injecting security into the software development process. URL for submission process information: computer.org/internet/

 

SIGMBOILE Mobile Computing and Communications Review, Volume 2, Issue 2. (Submissions due: November 15, 1997) [posted here: 10/1/97].
The wireless communication revolution is bringing fundamental changes to telecommunication and computing. Wide-area cellular systems and wireless LANs promise to make integrated networks a reality and provide fully distributed and ubiquitous mobile computing and communications, thus bringing an end to the tyranny of geography. Furthermore, services for the mobile user are maturing and are poised to change the nature and scope of communication. This publication serves to enhance the ability of ACM SIGMOBILE members to keep up-to-date in this rapidly moving field, as well as serve as a major focal point for the discussion of new directions of portable computation and mobile networks for both the research and market-driven communities. Papers on original research are solictited. Please see the complete call for papers for a list of topics of interest. Paper submission will be handled electronically. Authors should Email a PostScript version of their full paper to: editors_sigmobile@acm.org Detailed submission instructions can be found on the MC2R web page http://www.acm.org/sigmobile/MC2R

 

Special Issue of IEEE Personal Communications Magazine on Mobile Systems and the Web (submissions are due November 1, 1997).
The information revolution that the pundits have been predicting seems finally to be upon us. Instantaneous access to information, which has always been dreamed of, is being realized today with the advent of the World Wide Web. Browsing (surfing) the web is becoming an increasingly common activity for computer users from all domains of life. A web browser probably represents the most ubiquitous interface mechanism to computers today, in terms of the number of people who are comfortable in using it. Web access from mobile platforms would truly represent an example of ubiquitous computing, realising the vision of computing anytime, anywhere and by everyone. However, the reality is that HTTP is not a mobile friendly protocol, and extremely wasteful of bandwidth. The current model of browsing the web is also open to criticism along the same lines. In general, the problems are one of resource constrained browsing platforms connecting to the network via thin pipes that are prone to disconnection. To facilitate web browsing from mobile platforms, it is important to understand these limitations and devise techniques and methodologies which will help alleviate these problems. The special issue will be devoted to articles which describe such techniques. A representative list (not all inclusive) of topics would include the following as they impact web browsing from wireless platforms:
* granularity reduction of multimedia data for wireless links
* information location and filtering
* prefetching and caching
* delayed fetching
* location dependent data
* improvements in HTTP protocol
* anticipatory caching
More information about submitting a paper can be found in the call-for-papers.

 

IEEE Network Magazine Special Issue on PCS Network Management has a call for papers for topics on Internet computing. (Submissions due October 25, 1997.) [posted here 7/7/97]
Personal communications services (PCS) provide communication services anywhere, anytime, with anybody, and in any form. To implement these communications concepts, extremely sophisticated network management which integrates many diverse technologies are required. This special issue focuses on the research and development of advanced PCS network management techniques. A complete list of topics can be found in the call for papers. Authors are invited to submit postscript files of their papers to liny@csie.nctu.edu.tw or sohraby@lucent.com. Papers should not exceed twenty double spaced pages in length, excluding figures and diagrams.

 

IEEE Network Magazine Special Issue on Active and Programmable Networks has a call for papers for topics on Internet computing. (Submissions due November 10, 1997.) [posted here 7/8/97]
New networking concepts, building on recent advances in mobile software, have been proposed with the purposes of accelerating services and enhancing network management. An active network can give a high degree of control to users to customize their network services dynamically. Users can in effect "program" their services by injecting mobile programs in special packets that are executed at network elements. These mobile programs can carry out management and control functions as well, without the need for pre-programming network elements. Such software-intensive networks rely on agreement on a basic instruction set or primitives rather than consensus on specific protocols and services. This special issue of IEEE Network will present an overview of research in this area which is still in the early stages. A complete list of topics can be found in the call for papers. Authors are invited to submit hardcopies or electronic files of their papers to tchen@gte.com. Papers should not exceed twenty double spaced pages in length, excluding figures and diagrams. More information for potential authors is available at the IEEE Network Home Page http://www.comsoc.org/socstr/techcom/ntwrk/.

 

IEEE Internet Computing Magazine has a call for papers for topics on Internet computing. (submissions due July 9, 1997)
IEEE Internet Computing is a new bimonthly magazine from the IEEE Computer Society designed to help the engineer productively use the ever expanding technologies and resources of the Internet. Internet Computing and IC on-line will provide developers and users with the latest advances in Internet-based computer applications and supporting technologies such as the World Wide Web, Java programming, and Internet-based agents. Through the use of peer-reviewed articles as well as essays, interviews, and roundtable discussions, IC will address the Internet's widening impact on engineering practice and society. Topics include system engineering issues such as agents, agent message protocols, engineering ontologies, web scaling, intelligent search, on-line catalogs, distributed document authoring, electronic design notebooks, electronic libraries, security, remote instruction, distributed project management, reusable service access and validation, electronic commerce, and Intranets. Author guidelines are available at http://www.computer.org/pubs/internet/auguide.htm Upcoming themes include: Agents (submissions due March 15, 1997), Intranets (submissions due May 7, 1997), and Internet Economics (submissions due July 9, 1997).

 

Theory and Applications of Object Systems (TAPOS): special issue on Objects, Databases, and the WWW (submissions due May 31, 1997).
As the Internet and the WWW become preferred media for broadcasting, content dissemination, data access, personal communications, distance education, electronic commerce, and other as yet unforeseen applications, it becomes urgent to explore the interactions between these new media and other well established technologies for information access. This special issue will focus on the interaction among object technology, database systems, and the WWW. The following is a non-exhaustive list of topics of interest: Object technology on the web; Accessing databases through the web; The web as a database; Developing web-centered applications; and Applications. A complete list of topics of interest alog with submission instructions can be found in the call for papers.

 

Journal of Telecommunication Systems, call for papers for a special issue on multimedia systems. (submissions due April 15, 1997).
Multimedia systems and applications have attracted significant attention during the last few years. The ability to deliver audio and video to end-users, in addition to data, has created possibilities which will revolutionize industries ranging from education and advertising, with applications such as digital libraries, distant learning, expert advice and real-time video clip playback, to tele-collaboration, electronic commerce and entertainment, with such applications as video-conferencing, telecommuting, video-on-demand, etc. The Journal of Telecommunication Systems is planning a special issue on multimedia to address this emerging technology. The issue will address all issues of multimedia systems with special focus on issues related to networking and telecommunication systems. Papers are solicited for this issue in the following areas (but not limited to): Multimedia information processing compression/decompression); Multimedia storage and retrieval; Network issues (QoS, protocols, performance/modeling, etc); Telecommunication systems requirements for multimedia; Telecommunication systems architecture and implementation; Security issues; End-to-end multimedia system architecture; and Multimedia applications and application design. More information is available in the call for papers and on the journal web page.

 

ACM Mobile Computing and Communications Review.
The wireless communication revolution is bringing fundamental changes to telecommunication and computing. Wide-area cellular systems and wireless LANs promise to make integrated networks a reality and provide fully distributed and ubiquitous mobile computing and communications, thus bringing an end to the tyranny of geography. Furthermore, services for the mobile user are maturing and are poised to change the nature and scope of communication. This publication serves to enhance the ability of ACM SIGMOBILE members to keep up-to-date in this rapidly moving field, as well as serve as a major focal point for the discussion of new directions of portable computation and mobile networks for both the research and market-driven communities. Specific topics of interest include security, scalability and reliability issues for mobile/wireless systems. More information can be found at the web page.

 

Journal of Intelligent Information Systems (JIIS).
Special Issue on Data Mining. As a young, promising research area with broad applications, data mining and knowledge discovery in databases has attracted great interest in the research communities of database systems, machine learning, statistics, high performance computing, information retrieval, data visualization, and many others. Security and social impact of data mining is a topic of interest. Five hard copies of the paper, with the length limited to 20 pages, should be submitted by November 1, 1996 to the conference chair . Also see web page.

 

Special Issue of the Journal on Special Topics in Mobile Networking and Applications .
Journal Web page. This special issue will concentrate on the problems associated with mobile and wireless networking in the Internet, primarily at the network layer and above. Internet security issues are a relevant topic. Authors should email an electronic Postscript copy of their paper to one of the guest editors by November 15, 1996. Submissions should be limited to 20 double spaced pages, excluding figures, graphs, and illustrations. Submissions can be sent to perk@watson.ibm.com.

 

IEEE Software
Papers are solicited for a special issue of IEEE Software to focus on security and privacy concerns and their impact on software development. The full announcement has all details. The goal of this special issue is to:

  • advise programmers, practitioners, developers, and managers of the security implications of their development work;

  • encourage companies and researchers whose products and technologies have security implications to address those requirements, by giving examples of how others have addressed these requirements and where to go for advice and guidance;

  • showcase positive achievements in developing secure applications.

Papers must be of high quality, original, unpublished, and not submitted elsewhere. Authors should submit an abstract of approximately 200-500 words to Charles P. Pfleeger by October 20, 1996, and the complete article by November 15, 1996. Comments will be returned to the authors before the end of February 1997. If at all possible, prospective authors should submit the abstract by e-mail, as this abstract will be used to schedule reviewers (also by e-mail). The complete article can be submitted either electronically (in ASCII, MSWord format, or postscript) or by hardcopy. In the case of hardcopy submissions, 8 copies must be provided.

 

JCS Special issue on WWW security .
The special issue of the Journal of Computer Security will be focused on research and development efforts leading to identify requirements and viable solutions for WWW security. Two kinds of papers will be considered: regular papers presenting new research results, and short papers describing ongoing projects. Editors of the special issue: Elisa Bertino, Gianpaolo Rossi, and Pierangela Samarati, Dipartimento di Scienze dell'Informazione, Universita' di Milano, Via Comelico, 39/41, 20135-Milano, Italy; phone: +39-2-55006227/257/272; fax: +39-2-55006253; e-mail: bertino,rossi,samarati@dsi.unimi.it. More information at http://www.dsi.unimi.it/Users/jcs-www.

 

Distributed Systems Engineering Journal
Special Issue on Future Directions for Internet Technology. Contributions are invited on all aspects of where the Internet is going technically including security. Guest editors: Dr Brian E. Carpenter (brian@dxcoms.cern.ch, WWW) and Prof J Crowcroft (J.Crowcroft@cs.ucl.ac.uk, WWW).

 

ACM Journal, Wireless Networks
special issue on Personal Communications. Personal communications provide communication services anywhere, anytime, with anybody, and in any form. To implement the personal communications concepts, extremely sophisticated systems which integrate many diverse technologies are required. This special focuses on the research and development of advanced PCS technologies.

 

Journal of Computer-Mediated Communication (JCMC)
a quarterly electronic journal, has issued a call for papers for a special issue on electronic commerce, including issues related to security and privacy. The call for papers can be found at http://cwis.usc.edu/dept/annenberg/steincfp.html.