Cipher
Calls for Papers


IEEE Computer Society's Technical Committee on Security and Privacy


 

Past Conferences and Journal Special Issues

Last Modified:01/16/12

Note: Please contact cipher-cfp@ieee-security.org by email if you have any questions..

Contents

Past journals announcements

Past conferences and other announcements

 
       

2012

2011

2010

2009

2008

2007

2006

2005

2004

2003

2002

2001

2000

1999

1998

1997

 

Past Journal Announcements

Wiley Security and Communication networks, Special Issue on Trust and Security in Cloud Computing, 2012, (Submission Due 14 January 2012) [posted here 12/5/11]

Editors: Ryan K L Ko (HP Labs, Singapore), Markus Kirchberg (HP Labs, Singapore), Bu Sung Lee (Nanyang Technological University, Singapore)

This special issue focuses on the research challenges and issues in trust and security in cloud computing. It aims to collect contributions by researchers from both academia and industry, showthe latest research results and methodologies addressing top concerns in trust and security in cloud computing, and provide valuable information to researchers as well as practitioners, standards developers and policymakers. Topics of interest include, but are not limited to:
- Malware detection in cloud computing
- Cryptography and encryption techniques for cloud computing
- Privacy in cloud computing
- Data obfuscation for cloud computing
- Accountability in cloud computing
- Security in virtualized environments
- Governance, regulation and compliance in cloud computing
- Data analytics for security in cloud computing
- Visualization for security in cloud computing
- Cloud computing threat detection techniques
- Trust in cloud services
- Trust reputation systems for cloud computing
- Reports on critical, real-life security and trust use cases in cloud computing
- Secure and trusted workflows in cloud computing
- Attacks and disaster preparation, recovery, and response
- Application and practical experiences
- Data security, privacy, retention and recovery
- Position papers on issues in security and trust in cloud computing

For more information, please see http://onlinelibrary.wiley.com/doi/10.1002/sec.369/full.

Elsevier Computer Networks, Special Issue on Botnet Activity: Analysis, Detection and Shutdown, 2012, (Submission Due 19 December 2011) [posted here 09/12/11]

Editors: Ronaldo Salles (Military Institute of Engineering, Brazil), Guofei Gu (Texas A&M University, USA), Thorsten Holz (Ruhr-University Bochum, Germany), and Morton Swimmer (Trend Micro Deutschland, Germany)

Large scale attacks and criminal activities experienced in recent years have exposed the Internet to serious security breaches, and alarmed the world regarding cyber crime. In the center of this problem are the so called botnets -- collections of infected zombie machines (bots) controlled by the botmaster to perpetrate malicious activities and massive attacks. Some recent botnets are composed of millions of infected machines, making use of this attack vector inevitably harmfully. Hence, it is paramount to detect, analyze and shutdown such overlay networks before they become active. This special issue of Computer Networks is intended to foster the dissemination of high quality research in all aspects regarding botnet activity, detection and countermeasures. The objective of this special issue is to publish papers presenting detection algorithms, traffic monitoring and identification, protocols and architectures, as well as botnet modeling, behavior, simulation, statistics, dissemination, analysis, preventive procedures and possible countermeasures. Only technical papers describing previously unpublished, original, state-of-the-art research, and not currently under review by a conference or journal will be considered. We solicit papers in a variety of topics related to botnet research including, but not limited to:
- Traffic Monitoring and Detection Algorithms
- Data Collection, Statistics and Analysis
- Modeling Behavior and Simulation
- Protocols and Architectures (IRC, HTTP, P2P, etc)
- Firewalls and IDS
- Cyber Crime Case Studies
- Reverse Engineering and Automated Analysis of Bots
- Honeypots and Honeynets
- New Platforms: Cellular and Wireless networks, Mobile devices, TV, etc.
- Legal Issues and Countermeasures
- Underground Markets, Vulnerability Markets and Zero-day Economics
- Mini-Botnets

For more information, please see http://www.elsevierscitech.com/dronsite/CFP_SIonBotnetActivity.pdf.

IEEE Systems Journal, Special Issue on Security and Privacy in Complex Systems, 2012, (Submission Due 1 October 2011) [posted here 07/04/11]

Editors: Sushil Jajodia (George Mason University, USA) and Pierangela Samarati (Universita` degli Studi di Milano, Italy)

Today's information society relies on a globally interconnected infrastructure composed of diverse and widely distributed systems. It is of utmost importance to ensure proper protection to such complex systems, or systems-of-systems, to ensure security, privacy, and availability of the infrastructure as well as of resources and information it provides and manages. The problem is far from trivial, due to the criticality and the social impact of the applications and services relying on this global infrastructure, as well as the complexity given by the co-existence and co-operation of, possibly heterogeneous, component systems. The goal of this special issue is to collect high-quality contributions on security and privacy in complex systems and systems-of-systems. We solicit submissions from academia, industry, and government presenting novel and original research on all theoretical and practical aspects of security and privacy in complex systems. The focus of the special issue spans security and privacy theory, technology, methodology, and applications in complex systems. Submitted papers should therefore explicitly address issues in the complex system scenario. Topics of interest include, but are not limited, to the ones listed below provided that they are treated with specific focus on the complex system scenario:
- access control
- anonymity
- applied cryptography
- authentication
- biometric security and privacy
- cyber warfare and security
- complex systems security
- computer forensics
- critical infrastructure protection
- data and application security
- data protection
- data/system integrity
- dependability, reliability, and availability
- formal methods for security and privacy
- human factors in security and privacy
- identity management
- insider threats
- intrusion detection and prevention
- knowledge extraction/representation for security
- legal and ethical issues
- middleware security
- network security
- operating systems security and privacy
- protection from cyberhacking
- security engineering
- secure environments and applications
- secure interoperability
- security and privacy metrics
- security and privacy policies
- security and privacy in cloud computing
- security and privacy in ad hoc networks
- security and privacy in e-services
- security and privacy in grid computing
- security and privacy in mobile systems
- security and privacy in monitoring systems
- security and privacy in industrial systems
- security and privacy in pervasive/ubiquitous computing
- security and privacy in sensor networks
- security and privacy in smart grid and distributed generation systems
- security and privacy in social applications and networks
- security and privacy in wireless sensor networks
- security architectures
- security management in complex scenarios
- social implications of security and privacy
- surveillance systems
- threats, vulnerabilities, and risk management
- transportation systems
- trust management
- usable security for complex systems
- verification and validation of complex systems
- web service security

For more information, please see http://isj.engineering.utsa.edu/special.php?issue=spc.

Elsevier Computers & Electrical Engineering, Special Issue on Recent Advances in Security and Privacy in Distributed Communications, September 2012, (Submission Due 30 September 2011) [posted here 06/20/11]

Editors: Gregorio Martinez (University of Murcia, Spain), Felix Gomez Marmol (NEC Laboratories Europe, Germany), and Jose M. Alcaraz Calero (Hewlett-Packard Laboratories, United Kingdom)

Security services need to be considered as part of most communication proposals being discussed nowadays in distributed communication environments. Additionally, in the last few years, privacy has been gaining interest from both the designers and the customers of security solutions, thus being considered now as a key aspect for them. For a good security and/or privacy design, one needs to be informed of the latest advances in this field, this being the main objective of this special issue. This special issue is intended to report the most recent research works related to security and privacy, particularly in the following fields:
- Anonymity
- Authentication
- Authorization and access control
- Critical Infrastructure Protection (CIP)
- Data integrity and protection
- Identity Management
- Intrusion detection and prevention
- End-to-end security solutions
- Privacy enhancing technologies
- Risk analysis and management
- Security policies
- Threats and vulnerabilities
- Trust and reputation management in distributed scenarios

For more information, please see http://www.elsevierscitech.com/cfp/CEE-SI-Recent-Advances-Security-Privacy.pdf.

International Journal of Information Security, Special Issue on SCADA and Control System Security, 2012, (Submission Due 21 August 2011) [posted here 05/23/11]

Editor: Irfan Ahmed (Queensland University of Technology, Australia), Martin Naedele (ABB Corporate Research, Switzerland), Charles Palmer (Dartmouth College, USA), Ryoichi Sasaki (Tokyo Denki University, Japan), Bradley Schatz (Queensland University of Technology, Australia), and Andrew West (Invensys Operations Management, Australia)

Supervisory control and data acquisition (SCADA) and industrial control systems monitor and control a wide range of industrial and infrastructure processes such as manufacturing production lines, water treatment, fuel production and electricity distribution. Such systems are usually built using a variety of commodity computer and networking components, and are becoming increasingly interconnected with corporate and other Internet-visible networks. As a result, they face significant threats from internal and external actors. For example, the now famous Stuxnet (which is a Windows-specific computer worm containing a rootkit and four zero-day attacks) was specifically written to attack SCADA systems that alone caused multi-million dollars damages in 2010. The critical requirement for high availability in SCADA and industrial control systems, along with the use of bespoke, resource constrained computing devices, legacy operating systems and proprietary software applications limits the applicability of traditional information security solutions. Thus, research focusing on devising security solutions that are applicable in the control systems context is imperative, as evidenced by the increased focus on the problem by governments worldwide. This Special Issue aims to present the latest developments, trends and research solutions addressing security of the computers and networks used in SCADA and other industrial control systems. The topics of interest include but not limited to, intrusion detection and prevention, malware, vulnerability analysis of control systems protocols, digital forensics, application security and performance impact of security methods and tools in control systems. This list is not exhaustive and other relevant topics will be considered.

For more information, please see http://springerlink.com/content/c228708131853np8/fulltext.pdf.

Wiley Security and Communication Networks Journal, Special Issue on Applications of Machine Learning Techniques to Intrusion Detection and Digital Forensics, 2012, (Submission Due 15 August 2011) [posted here 06/20/11]

Editor: Ajith Abraham (Norwegian University of Science and Technology, Norway), Anjali Sardana (Indian Institute of Technology Roorkee, India), ManPyo Hong (Ajou University, South Korea), Irfan Ahmed (Queensland University of Technology, Australia), Rafael Accorsi (University of Freiburg, Germany)

The security of computers and their networks is a major concern. As the computing devices become more pervasive and connected (such as from personal computer running a simple desktop application to embedded systems controlling a critical infrastructure), they face versatile and unknown threats ranging from sophisticated malwares, to less prevalent but still serious attacks like Web site defacement, denial of service attacks, financial fraud and network break-ins. They are both critical and costly and required to be detected in-time. Moreover, the detection of intrusions often leads to the forensic investigation requiring the acquisition of massive volume of data and their analysis. The manual effort to deal with the problems is costly and time consuming and thus, brings the need of machine learning techniques that are often used to efficiently and reliably perform this labour intensive work. In this special issue, we plan to present the cutting edge research focusing on intrusion detection and digital forensics with the application of machine learning techniques. The Journal is soliciting submissions based on an open call for papers covering areas that are included but not limited to the following:
- Detection of known or unknown exploitable vulnerabilities
- Detection of known or unknown attacks
- Deception systems and honeypots
- Smart phone and Digital Forensics
- Network and host intrusion detection
- Anomaly and specification-based approaches
- Application security
- Spam, botnets, viruses, malwares
- Web security
- Log analysis
- Forensic analysis of large datasets
- Online forensic analysis
- Forensic analysis of social networks
- 3D forensic scene model generation and analysis
- Network forensics
- Data acquisition

For more information, please see http://onlinelibrary.wiley.com/doi/10.1002/sec.344/full.

Security and Communication Networks (SCN), Special Issue on Security and Privacy in Ubiquitous Computing, 2012, (Submission Due 20 May 2011) [posted here 01/31/11]

Editor: Ali Miri (Ryerson University, Canada), Nen-Fu Huang (National Tsing Hua University, Taiwan, ROC), and Abderrahim Benslimane (University of Avignon, France)

The research area of mobile computing has become more important following the recent widespread drive towards mobile ad hoc networks, wireless sensor networks and vehicular ad hoc network tracking technologies and their applications. The availability of high bandwidth 3G infrastructures and the pervasive deployment of low cost WiFi infrastructures and WiMAX to create hotspots around the world serve to accelerate the development of mobile computing towards ubiquitous computing. Security and privacy in converged computing systems are considered an important part of these systems, and pose challenging open problems. This special issue will focus on the research challenges and issues in security and privacy in ubiquitous computing. Manuscripts regarding novel algorithms, architectures, implementations and experiences are welcome. Topics include but are not limited to:
- Secure architectures for converged communication networks
- Multi-hop authentication and authorization
- Context-aware security in computing
- Security management of mobile data
- Security for ubiquitous multimedia communication
- Secure user interactions and ubiquitous services
- Security and privacy in location based services
- Security and privacy in mobile social networks
- Trust management in ubiquitous services
- Security in home networks
- Homeland security and surveillance
- Trusted cloud computing
- Secure group communication/multicast
- Secure machine-to-machine communication
- Security in portable devices and wearable computers
- Privacy protection in distributed data mining
- Energy efficient intrusion detection schemes in mobile computing

For more information, please see http://www3.interscience.wiley.com/journal/114299116/home.

Security and Communication Networks (SCN), Special Issue on Protecting the Internet of Things, 2011-12, (Submission Due 15 April 2011) [posted here 04/11/11]

Editor: Jim Clarke (Waterford Institute of Technology, Ireland), Stefanos Gritzalis (University of the Aegean, Greece), Rodrigo Roman (University of Malaga, Spain), and Jianying Zhou (Institute for Infocomm Research, Singapore)

The central element of the vision of the Internet of Things (IoT) is the existence of a network of interconnected objects (from books to cars, from electrical appliances to food) that will be able not only to obtain information from their surroundings and interact with the physical world, but also to use existing Internet standards to provide services. However, security is extremely important for achieving this goal. As this worldwide network of interconnected objects can be exploited anywhere by anyone and anytime, it is necessary to enhance it with strong security foundations able to give birth to a world-changing paradigm. This special issue is proposed to cover research results and innovation case studies on security for the Internet of Things. Topics include but are not limited to:

- Secure architectures for converged communication networks
- Multi-hop authentication and authorization
- Context-aware security in computing
- Security management of mobile data
- Security for ubiquitous multimedia communication
- Secure user interactions and ubiquitous services
- Security and privacy in location based services
- Security and privacy in mobile social networks
- Trust management in ubiquitous services
- Security in home networks
- Homeland security and surveillance
- Trusted cloud computing
- Secure group communication/multicast
- Secure machine-to-machine communication
- Security in portable devices and wearable computers
- Privacy protection in distributed data mining
- Energy efficient intrusion detection schemes in mobile computing

For more information, please see http://www3.interscience.wiley.com/journal/114299116/home.

International Journal of Secure Software Engineering, Special Issue on Lessons Learned in Engineering Secure & Dependable Web Applications, January/February 2012, (Submission Due 7 March 2011) [posted here 01/17/11]

Editor: Martin Gilje Jaatun (SINTEF ICT, Norway), Edgar Weippl (SBA Research, Austria), and Riccardo Scandariato (KU Leuven, Belgium)

Software is an integral part of everyday life, and we expect and depend upon software systems to perform correctly. Software security is about ensuring that systems continue to function correctly also under malicious attack. As most systems now are web-enabled, the number of attackers with access to the system increases dramatically and thus the threat scenario changes. The traditional approach to secure a system includes putting up defense mechanisms such as Intrusion Detection Systems and firewalls, but such measures are no longer sufficient by themselves. We need to be able to build better, more robust and thus more secure systems. Even more importantly, however, we should strive to achieve these qualities in all software systems, not just the ones that need special protection. This special issue will focus on techniques, experiences and lessons learned for engineering secure and dependable software for the web. Suggested topics include, but are not limited to:
- Secure architecture and design
- Security in agile software development
- Aspect-oriented software development for secure software
- Security requirements
- Risk management in software projects
- Secure implementation
- Secure deployment
- Testing for security
- Quantitative measurement of security properties
- Static and dynamic analysis for security
- Verification and assurance techniques for security properties
- Lessons learned
- Security and usability
- Teaching secure software development
- Experience reports on successfully attuning developers to secure software engineering

For more information, please see http://www.sislab.no/ijsse.

IEEE Security and Privacy Magazine, Special Issue on Living with Insecurity, November/December 2011, (Submission Due 23 February 2011) [posted here 11/30/10]

Editor: Deborah A. Frincke (PNNL, USA) and Bill Arbaugh (University of Maryland, USA)

Many approaches to security start with the assumption that there is a trustworthy and secure base on which one can build, perhaps based on some provably correct hardware platform. In contrast, this issue seeks papers that start with the opposite assumption. While a computing environment in which all of our devices are reliable and secure sounds appealing, that is not the world in which we live. For the foreseeable future, we will be living and working in an environment of vulnerable, unreliable systems, where we still wrestle with definitions of what it even means to be secure. This special edition focuses on how we can live with insecurity, how our devices and systems can support users at home and at work, when the underlying base is potentially compromised and users themselves may be untrustworthy or unfocused on security. In this themed issue we are particularly interested in papers that address the implications of building software and hardware upon an admittedly untrustworthy basis, across the full spectrum of design, development, testing, use, and maintenance of digitally based systems. We are also interested in policy and regulatory issues related to our topic. Potential topics and questions related to living with security include:
- effects on system design, development, testing, maintenance, procurement
- organizational implications for business risk, organization
- liability, privacy support
- ways to assist the home user in determining the risk
- factors within a particular computing environment implications for user interfaces and user behavior
- means for synthesizing trustworthy islands or subspaces within untrustworthy environments
- implications for assessing business risk or corporate liability when systems are acknowledged to be potentially compromised
- parallels with other domains in which some desired attribute is acknowledged to be unattainable in practice that could assist us with living with insecurity’
- methods for distinguishing relatively dangerous neighborhoods in cyberspace from relatively benign ones

For more information, please see http://www.computer.org/portal/web/computingnow/spcfp6.

Cybercrime and Cloud Forensics: Applications for Investigation Processes (Call for Chapters), (Chapter proposal submission Due 3 December 2010) [posted here 11/8/10]

Editor: Cyril Onwubiko (Research Series Ltd, London, UK) and Thomas Owens (Brunel University, London, UK)

Cloud computing has the potential to become one of the most transformative developments in how information technology services are created, delivered, and accessed. However, cloud computing represents both opportunity and crisis for cybercrime investigation and digital forensics. With the rise of cyber attacks and various crimes in the highly complex multi-jurisdictional and multi-tenant cloud environments, there is an urgent need to extend the applications of investigation processes into the Cloud. This book will introduce the new area of cloud forensics and collect research and case studies on current, state-of-the-art applications for investigation processes in cloud computing environments. Chapters may address cloud forensics applications from the perspectives of cloud providers, cloud customers, security architects, law enforcement agencies, research institutes, etc. This book will serve as a reference for cloud communities, digital forensics practitioners, researchers who wish to understand current issues, advancing research, and technical innovations in the field of cloud forensics. Recommended topics include, but are NOT limited to the following:
Cloud customers (enterprise, government, etc.)
- Cloud adoption
- Usage scenarios
- Forensic demand/usage
- Forensic capability
- Sample crime/policy violation cases
- Sample investigation cases/scenarios/processes
Cloud providers
- The evolution of cloud computing
- Future of cloud computing
- Cloud services
- Forensic demand/usage
- Forensic capability
- Sample crime/policy violation cases
- Sample investigation cases/scenarios/processes
Law Enforcement
- Digital forensics and law
- Current state of art of cyber law
- International collaboration in battling cyber crime
- Cloud computing and law
- Multi-jurisdiction issues
- Multi-tenancy issues
- Service level agreement and cloud forensics
- Digital evidence and cloud evidence and evidence admission
- Cyber policing
- Sample crime cases
- Sample investigation cases/scenarios/processes
Digital Forensics Practice and Research
- History and development of digital forensics
- The rise of cybercrime
- Cloud computing a new battlefield
- Sample crime cases
- Digital forensic process
- Applications of digital forensic process in cloud computing
- Challenges in applying current digital forensic best practices to cloud computing
- Future of cloud forensics
- Sample investigation cases/scenarios/processes
Security Architecture and Forensic Awareness
- Public cloud
- Private cloud
- Hybrid cloud
- Infrastructure as a Service
- Platform as a Service
- Software as a Service
- Forensics as a Service
- Ethical hacking

For more information, please see http://igi-global.com/AuthorsEditors/AuthorEditorResources/CallForBookChapters/CallForChapterDetails.aspx?CallForContentId=41b320c0-7dd0-489c-b996-c5a9dcf81cb4.

Situational Awareness in Computer Network Defense: Principles, Methods and Applications (Call for Chapters), (Chapter proposal submission Due 15 November 2010) [posted here 10/11/10]

Editor: Cyril Onwubiko (Research Series Ltd, London, UK) and Thomas Owens (Brunel University, London, UK)

This book will provide security practitioners, academia and organizations insights into practical and applied solutions, frameworks, technologies, and implementations, for situational awareness in computer networks. The book will present situational awareness solutions in computer network defence (CND) currently being researched or deployed in book chapters contributed by leading researchers and practitioners in the field. The key objective is to fill a gap that exists in the way CND and security is being approached by formalizing the use of situational awareness in computer network security and defence. This will be achieved by providing contributions to situational awareness in network security and CND made through research, the prescription of formal concepts, and implementations. The book will supplement chapters on the theoretical (research) aspects of situational awareness in CND with discussion of their real-world implications and where applicable their implementations. The theoretical chapters will be complemented by chapters that address existing solutions for situational awareness in CND and the issues associated with them. Recommended topics include, but are not limited to the following:
- Theoretical Underpinnings of Situational Awareness
- Analysis of Situational Awareness in Computer Networks
- Functional Requirements of Situational Awareness for Computer Network Security
- Situational Assessment and Human Factors
- Situational Assessment and Decision Marking
- Situational Understanding in Command and Control Networks (CCN)
- Situational Awareness in Military Operations
- Situational Awareness in C4ISR (Command, Control, Communications, Computers, Intelligence, Surveillance and Reconnaissance)
- Computer Network Defence (CND)
- Computer Network Operations
- Usefulness of Data Fusion for Security Incident Analysis
- Security incident analysis - Data Association and Correlation
- Security Information Visualization
- Security Monitoring
- Implementing Situational Awareness Systems
- Emerging Applications of Situational Awareness Solutions
- Incident Response and Management and Emergency Preparedness
- Computer Security Incident Response Teams (CSIRT)
- Information Security Metrics and Measurement
- Digital Forensics
- Forensics and Investigation Issues
- Digital Forensic Information Analysis
- Enterprise Information Security Policies, Standards and Procedures
- Risk Management, Governance and Compliance
- National and Critical Infrastructure Security Issues
- Trust, Privacy and Anonymity Issues
- Application Security, Audits and Penetration Testing
- Information Security
- Risk Assessment & Management
- Information Security Management Frameworks
- Security Event and Information Management
- Risks posed by Wireless Networks, including through the use of Mobile Computing, Smartphones & Apps in a CND environment

For more information, please see http://www.igi-global.com/AuthorsEditors/AuthorEditorResources/CallForBookChapters/CallForChapterDetails.aspx?CallForContentId=216a3334-f89b-4bd3-9681-208c67e34285.

IEEE Network, Special Issue on Network Traffic Monitoring and Analysis, May 2011. (Submission Due 15 November 2010) [posted here 07/12/10]

Guest editor: Wei Wang (University of Luxembourg, Luxembourg), Xiangliang Zhang (University of Paris-sud 11, France), Wenchang Shi (Renmin University of China, China), Shiguo Lian (France Telecom R&D Beijing, China), and Dengguo Feng (Chinese Academy of Sciences, China)

Modern computer networks are increasingly complex and ever-evolving. Understanding and measuring such a network is a difficult yet vital task for network management and diagnosis. Network traffic monitoring, analysis and anomaly detection provides useful tools in understanding network behavior and in determining network performance and reliability so as to effectively troubleshoot and resolve the issues in practice. Network traffic monitoring and anomaly detection also provides a basis for prevention and reaction in network security, as intrusions, attacks, worms, and other kinds of malicious behaviors can be detected by traffic analysis and anomaly detection. This special issue seeks original articles examining the state of the art, open issues, research results, tool evaluation, and future research directions in network monitoring, analysis and anomaly detection. Possible topics include:
- Network traffic analysis and classification
- Traffic sampling and signal processing methods
- Network performance measurements
- Network anomaly detection and troubleshooting
- Network security threats and countermeasures
- Network monitoring and traffic measurement systems
- Real environment experiments and testbeds

For more information, please see http://dl.comsoc.org/livepubs/ni/info/cfp/cfpnetwork0511.htm.

Future Generation Computer System, Special Issue on Trusting Software Behavior, 3rd Quarter, 2011. (Submission Due 15 October 2010) [posted here 08/16/10]

Guest editor: Gyungho Lee (Korea University, Korea)

With proliferation of computing in virtually every aspect of modern society (i.e., smart grid, robotic surgery systems, smart phones, etc), trusting software behavior goes with much more profound side effects beyond mere malfunctioning of the system. Trustworthiness of software behavior that controls such critical systems and devices is an essential aspect we need to measure, evaluate and establish. With bugs and intentional compromises through the process of software design, development, deployment and use, software behavior trustworthiness is shaky in terms of empirical basis as well as in terms of theoretical basis. This special section in a forthcoming issue of the Future Generation Computer System (FGCS) journal is to put together the current state-of-the art in measuring, evaluating and fostering trustworthiness for software behavior in diverse contexts of modern and future computing environment. Original technical articles are solicited in all aspects of Trusting Software Behavior. Topics for this special section include, but are not limited to:
- Definitions of and measures for software trustworthiness
- Approaches on evaluation of software trustworthiness
- Techniques and software tools to enhance software trustworthiness
- Trust management
- Architecture support for enhancing software trustworthiness
- Case studies performed on industrial systems

For more information, please see http://ees.elsevier.com/fgcs.

IEEE Transactions on Information Forensics and Security, Special Issue on Using the Physical Layer for Securing the Next Generation of Communication Systems, June 1, 2011. (Submission Due 15 September 2010) [posted here 04/12/10]

Guest editor: Vincent Poor (Princeton University, USA), Wade Trappe (Rutgers University, USA), Aylin Yener (Pennsylvania State University,USA), Hisato Iwai (Doshisha University, Japan), Joao Barros (University of Porto, Portugal), and Paul Prucnal (Princeton University, USA)

Communication technologies are undergoing a renaissance as there is a movement to explore new, clean slate approaches for building communication networks. Although future Internet efforts promise to bring new perspectives on protocol designs for high-bandwidth, access-anything from anywhere services, ensuring that these new communication systems are secure will also require a re-examination of how we build secure communication infrastructures. Traditional approaches to building and securing networks are tied tightly to the concept of protocol layer separation. For network design, routing is typically considered separately from link layer functions, which are considered independently of transport layer phenomena or even the applications that utilize such functions. Similarly, in the security arena, MAC-layer security solutions (e.g. WPA2 for 802.11 devices) are typically considered as point-solutions to address threats facing the link layer, while routing and transport layer security issues are dealt with in distinct, non-integrated protocols like IPSEC and TLS. The inherent protocol separation involved in security solutions is only further highlighted by the fact that the physical layer is generally absent from consideration. This special issue seeks to provide a venue for ongoing research area in physical layer security across all variety of communication media, ranging from wireless networks at the edge to optical backbones at the core of the network. The scope of this special issue will be interdisciplinary, involving contributions from experts in the areas of cryptography, computer security, information theory, signal processing, communications theory, and propagation theory. In particular, the areas of interest include, but are not limited to, the following:
- Information-theoretic formulations for confidentiality and authentication
- Generalizations of Wyner’s wiretap problem to wireless and optical systems
- Physical layer techniques for disseminating information
- Techniques to extract secret keys from channel state information
- Secrecy of MIMO and multiple-access channels
- Physical layer methods for detecting and thwarting spoofing and Sybil attacks
- Techniques to achieve covert or stealthy communication at the physical layer
- Quantum cryptography
- Modulation recognition and forensics
- Security and trustworthiness in cooperative communication
- Fast encryption using physical layer properties
- Attacks and threat analyses targeted at subverting physical layer communications

For more information, please see http://www.signalprocessingsociety.org/publications/periodicals/forensics/forensics-authors-info/.

IEEE Internet Computing, Special Issue on Security and Privacy in Social Networks, May/June 2011. (Submission Due 1 September 2010) [posted here 07/12/10]

Guest editor: Gail-Joon Ahn (Arizona State University, USA), Mohamed Shehab (UNC Charlotte, USA), and Anna Squicciarini (Penn State University, USA)

Social networks where people exchange personal and public information have enabled users to connect with their friends, coworkers, colleagues, family and even with strangers. Several social networking sites have developed to facilitate such social interactions and sharing activities on the Internet over the past several years. The popularity of social networking sites on the Internet introduces the use of mediated­communication into the relationship development process. Also, online social networks have recently emerged as a promising area of research with a vast reach and application space. Users post information on their profiles to share and interact with their other friends in the social network. Social networks are not limited to simple entertaining applications; instead several critical businesses have adopted social networks to attract new customer spaces and to provide new services. The current trends of social networks are indirectly requiring users to become system and policy administrators for protecting their content in this social setting. This is further complicated by the rapid growth rate of social networks and by the continuous adoption of new services on social networks. Furthermore, the use of personal information in social networks raises entirely new privacy concerns and requires new insights on security problems. Several studies and recent news have highlighted the increasing risk of misuse of personal data processed by online social networking applications and the lack of awareness among the user population. The security needs of social networks are still not well understood and are not fully defined. Nevertheless it is clear these will be quite different from classic security requirements. It is important to bring a depth of security experience from multiple security domains and technologies to this field as well as depth and breadth of knowledge about social networks. The aim of this special issue is to encompass research advances in all areas of security and privacy in social networks. We welcome contributions relating to novel technologies and methodologies for securely building and managing social networks and relevant secure applications as well as to cross-cutting issues. Topics of interest: include but are not limited to:
- Access control and identity management
- Delegation and secure collaboration
- Information flow, diffusion and auditing
- Malware analysis in social networks
- Privacy challenges and mechanism
- Risk assessment and management
- Secure social-network application development and methodologies
- Secure object tagging, bookmarking and annotations
- Trust and reputation management
- Usability driven security mechanisms

For more information, please see http://www.public.asu.edu/~gahn1/icsn2011.htm.

Wiley Security and Communication Networks (SCN), Special Issue on Defending Against Insider Threats and Internal Data Leakage, 2011. (Submission Due 31 August 2010) [posted here 04/12/10]

Guest editor: Elisa Bertino (Purdue university, USA), Gabriele Lenzini (SnT-Univ. of Luxembourg, Luxembourg), Marek R. Ogiela (AGH University of Science & Technology, Poland), and Ilsun You (Korean Bible University, Korea)

This special issue collects scientific studies and works reporting on the most recent challenges and advances in security technologies and management systems about protecting an organization's information from corporate malicious activities. It aims to be the showcase for researchers that address the problems on how to prevent the leakage of organizations' information caused by insiders. The contributions to this special issue can conduct state-of-the-art surveys and case-analyses of practical significance, which, we wish, will support and foster further research and technology improvements related to this important subject. Papers on practical as well as on theoretical topics are invited. Topics include (but are not limited to):
- Theoretical foundations and algorithms for addressing insider threats
- Insider threat assessment and modeling
- Security technologies to prevent, detect and avoid insider threats
- Validating the trustworthiness of staff
- Post-insider threat incident analysis
- Data breach modeling and mitigation techniques
- Authentication and identification
- Certification and authorization
- Database security
- Device control system
- Digital forensic system
- Digital right management system
- Fraud detection
- Network access control system
- Intrusion detection
- Keyboard information security
- Information security governance
- Information security management systems
- Risk assessment and management
- Log collection and analysis
- Trust management
- Secure information splitting and sharing algorithms
- Steganography and subliminal channels
- IT compliance (audit)
- Continuous auditing
- Socio-Technical Engineering Attack to Security and Privacy

For more information, please see http://isyou.hosting.paran.com/mist10/SCN-SI-10.pdf.

IEEE Software, Special Issue on Software Protection, March, 2011. (Submission Due 1 August 2010) [posted here 06/07/10]

Guest editor: Paolo Falcarin (University of East London, UK), Christian Collberg (University of Arizona, USA), Mikhail Atallah (Purdue University, USA), and Mariusz Jakubowski (Microsoft Research)

Software protection is an area of growing importance in software engineering and security: leading-edge researchers have developed several pioneering approaches for preventing or resisting software piracy and tampering, building a heterogeneous body of knowledge spanning different topics: obfuscation, information hiding, reverse engineering, source/binary code transformation, operating systems, networking, encryption, and trusted computing. IEEE Software seeks submissions for a special issue on software protection. We seek articles that present proven mechanisms and strategies to mitigate one or more of the problems faced by software protection. These strategies should offer practitioners appropriate methods, approaches, techniques, guidelines, and tools to support evaluation and integration of software protection techniques into their software products. Possible topics include:
- Analysis of legal, ethical, and usability aspects of software protection
- Best practices and lesson learned while dealing with different relevant threats
- Case studies on success and/or failure in applying software protections
- Code obfuscation and reverse-engineering complexity
- Computing with encrypted functions and data
- Protection of authorship: watermarking and fingerprinting
- Remote attestations and network-based approaches
- Security evaluation of software protection's effectiveness
- Software protection methods used by malware (viruses, rootkits, worms, and botnets)
- Source and binary code protections
- Tamper-resistant software: mobile, self-checking, and self-modifying code
- Tools to implement or defeat software protections
- Trusted computing or other hardware-assisted protection
- Virtualization and protections based on operating systems

For more information, please see http://www.computer.org/portal/web/computingnow/swcfp2.

Journal of Network and Computer Applications, Special Issue on Trusted Computing and Communications, 2nd Quarter, 2011. (Submission Due 1 August 2010) [posted here 05/24/10]

Guest editor: Laurence T. Yang (St. Francis Xavier University, Canada) and Guojun Wang (Central South University, China)

With the rapid development and the increasing complexity of computer and communications systems and networks, traditional security technologies and measures can not meet the demand for integrated and dynamic security solutions. As a challenging and innovative research field, trusted computing and communications target computer and communications systems and networks that are available, secure, reliable, controllable, dependable, and so on. In a word, they must be trustworthy. If we view the traditional security as identity trust, the broader field of trusted computing and communications also includes behavior trust of systems and networks. In fact, trusted computing and communications have become essential components of various distributed services, applications, and systems, including self-organizing networks, social networks, semantic webs, e-commence, and e-government. Research areas of relevance would therefore include, but not only limited to, the following topics:
- Trusted computing platform and paradigm
- Trusted systems and architectures
- Trusted operating systems
- Trusted software
- Trusted database
- Trusted services and applications
- Trust in e-commerce and e-government
- Trust in mobile and wireless networks
- Trusted communications and networking
- Reliable and fault-tolerant computer systems/networks
- Survivable computer systems/networks
- Autonomic and dependable computer systems/networks

For more information, please see http://www.elsevier.com/locate/jnca.

International Journal of Information Technologies and Systems Approach, Special Issue on Privacy and Security Issues in IT, 2011. (Submission Due 30 June 2010) [posted here 02/08/10]

Guest editor: Frank Stowell (University of Portsmouth, England) and Vasilis Katos Democritus (University of Thrace, Greece)

The topic of this special issue is motivated by the ease of collection, processing and dissemination of personal data and the concern about the unintended use or misuse of these data. Monitoring technologies are a fundamental component in IS security that serve as a policy violation detection mechanism but the expanding scope of ICT now means that it is not just the client that is affected but often the wider community e.g. CCTV monitoring as what may have been designed for specific end-users now impacts itself upon the majority. Monitoring has turned into systematic surveillance of emails, telephone usage and through CCTV general citizen activities. In a society where privacy is a fundamental human right the antagonism between privacy and security is a research issue of significance IS researchers as IS itself constitutes the means for feeding such antagonism between security and the privacy of the individual. This special issue invites a range of topics related to Privacy and the associated security issues created by the technology. Topics to be discussed in this special issue include (but are not limited to) the following:
- Privacy preservation technologies for the citizen
- Methodologies for analysing privacy requirements of an Information System
- Protection of biometric data
- Analysis and development of a systems view of security and its impact upon individual privacy
- The Economics of security and privacy
- The behavioural impact of monitoring and surveillance technologies
- Opportunities and threats in emerging applications utilizing personal data
- Privacy-centric systems

For more information, please see http://www.igi-global.com/journals/details.asp?ID=6720&v=callForPapersSpecial.

International Journal of Secure Software Engineering (IJSSE), Special Issue on Software Security Engineering Education, March/April 2011. (Submission Due 15 June 2010) [posted here 04/19/10]

Guest editor: Nancy R. Mead (Carnegie Mellon University, U.S.A) and Dan Shoemaker (University of Detroit Mercy, U.S.A)

We can improve software security by improving how we teach software security engineering. However, the problem with teaching correct software security engineering practice is that software security practices could be relevant in a number of places within the Software Engineering Body of Knowledge (SWEBOK). Consequently, secure software assurance content might legitimately fit into many different places in the software engineering education process and, in that respect, could be taught many different ways.

This disjointed approach is not an acceptable method for systematically disseminating secure software engineering practice. There should be coordination and, when possible, standardization of the way that educators promulgate secure software assurance content. Otherwise, we run the risk of producing software engineers with potentially conflicting understandings of the same concepts. Unfortunately, there are two practical barriers to achieving coordinated and standardized software security engineering teaching. First, it is not absolutely clear what specific knowledge and skills should be taught and in what places. Second, there are currently no validated methods for delivering that knowledge once it has been identified. As a result, we are seeking insights in this special issue of the journal about how to confront the challenges of ensuring suitable and appropriate teaching of software security engineering content in higher education. This special issue is designed for software professionals and educators to explore innovative approaches to software security engineering education. The following are some suggested topics, as they relate to software security engineering:
- curricula –undergraduate, graduate, or training
- course materials
- model delivery methods
- student capstone projects and practical experience
- model syllabi
- learning models or unique learning interventions
- distance or asynchronous delivery technologies or approaches
- business or assurance
- cases case study methodologies
- cross-disciplinary collaborations
- literature reviews or supporting materials
- PowerPoint presentations

For more information, please see http://www.igi-global.com/ijsse.

Springer Transactions on Computational Science, Special Issue on Security in Computing, November/December 2010. (Submission Due 30 April 2010) [posted here 02/08/10]

Guest editor: Edward David Moreno (UFS Federal University of Sergipe, Brazil)

This special issue on Security in Computing in the Springer Journal of TCS focuses on novel hardware implementation, new architectures, software solutions, novel applications, cryptographic algorithms and security protocols will become increasingly critical to good system performance, low-power and security. Original papers are solicited for this special issue. Particular emphases will be put on recent innovations about security in the mobile and embedded computing domains. Suggested topics include, but are not limited to:
- Secure Architectures and Design
- Security Evaluation and Testing
- Cryptographic Algorithms and Techniques
- Security policies, protocols and standards
- Public- and symmetric-key cryptography in constrained environments such as RFID and smart cards
- Security in Distributed and pervasive Systems, Grid Computing, P2P systems, Web services, Digital TV, Mobile Devices, Embedded Systems and Wireless Networks
- Applications of Biometry and Biometric Systems in Security
- Authentication and Authorization Models and Techniques
- Application case studies of ICs for secure embedded computing
- Formal verification of security properties and security protocols
- Systems and Software Certification Methodologies
- Relationships among software correctness, reliability, usability, safety, and security

For more information, please see http://www.springer.com/computer/lncs?SGWID=0-164-6-151275-0.

Journal of Communications, Special Issue on Recent Advances on Controlling Unwanted Internet Traffic, November 2010. (Submission Due 30 March 2010) [posted here 02/22/10]

Guest editor: Zhenhai Duan (Florida State University, USA), Yingfei Dong (University of Hawaii, USA), and David H.-C. Du (University of Minnesota, USA)

One of the key challenges facing today's Internet is the proliferation of unwanted Internet traffic such as spam, phishing scam, worm, virus, and Distributed Denial of Services (DDoS) attacks. They raise serious concerns over the suitability of the Internet for supporting critical infrastructures including communication, finance, energy distribution, and transportation in its current form. Building trustworthy networks to effectively control unwanted Internet traffic is a grand challenge faced by the networking community and has a profound impact on the future development of the Internet. In this special issue, we solicit original work on identifying new research and development challenges and developing new architectures, protocols, and techniques to control unwanted Internet traffic. Specific topics include, but are not limited to, the followings:
- Accountable Internet architecture and protocol
- IP spoofing control and IP traceback
- Application-layer traffic traceback, e.g. VoIP traceback
- Worm and virus propagation modeling and control
- Botnet detection and control
- Spam control
- Phishing scam analysis and control
- Novel applications of virtual machine technique in unwanted traffic control

For more information, please see http://www.academypublisher.com/jcm/si/jcmsi_racuit.html.

Security and Communication Networks, Special Issue on Security in Computer and Cyber-Physical Systems, December 2010. (Submission Due 28 February 2010) [posted here 2/8/10]

Guest editor: Johnson P. Thomas (Oklahoma State University, USA), Xiaolin Li (Oklahoma State University, USA), Hai Jin (Huazhong University of Science and Technology, China), Fabrizio Baiardi (University of Pisa, Italy), Vijay Varadharajan (Macquarie University, Australia)

Pure computing and communications systems are limited to individual computing devices or networked systems which may communicate through a wired or wireless medium. These networked systems may be fixed or mobile. Cyber Physical systems integrate the physical world with computing systems. Such infrastructure includes transportation systems, control systems, power grids, power plants/refineries as well as health/medical monitoring systems. Original contributions on the security of pure computing and communication systems as well as cyber-physical systems are solicited in all areas of security in computer and cyber-physical systems and networks, including but not limited to:
- Security protocols and architectures
- Key distribution and key management
- Formal analysis of security properties and guarantees including provably-secure cryptographic protocols
- Intrusion detection systems, including self-diagnostics
- Automatic diagnosis and response to attacks
- Privacy, anonymity, and trust mechanism
- Human-centered systems
- Ad Hoc and wireless sensor networks
- Computer and wireless networks
- Cluster, grid, and cloud systems
- Application areas including automotive systems, aerospace systems, public utility infrastructure, biomedical devices/systems, civil engineering structures, transportation infrastructure

For more information, please see http://www.interscience.wiley.com/security.

Journal of Computer Security, Special Issue on RFID System Security, 4th Quarter, 2010. (Submission Due 22 February 2010) [posted here 11/23/09]

Guest editor: Yingjiu Li (Singapore Management University, Singapore) and Jianying Zhou (Institute for Infocomm Research, Singapore)

Besides selected papers (after significant extensions) from the 2010 Workshop on RFID Security (RFIDsec'10 Asia), other papers representing original research in the theory and practice concerning RFID system security are solicited for this special issue in Journal of Computer Security (IOS Press). Topics of interest include, but are not limited to:
- New applications for secure RFID systems
- Data protection and privacy-enhancing techniques for RFID
- Cryptographic protocols for RFID (Authentication protocols, Key update mechanisms, Scalability issues)
- Integration of secure RFID systems (Middleware and security, Public-key infrastructures)
- Resource-efficient implementation of cryptography (Small-footprint hardware, Low-power architectures)
- Attacks on RFID systems such as RFID malwares
- RFID security hardware such as RFID with PUF
- Trust model, data protection and sharing for EPCglobal Network

For more information, please see http://icsd.i2r.a-star.edu.sg/staff/jianying/JCS_CFP_final.pdf.

International Journal of Secure Software Engineering (IJSSE), Special Issue on Software Safety & Dependability – the Art of Engineering Trustworthy Software, January 2011. (Submission Due 1 February 2010) [posted here 10/5/09]

Guest editor: Lei Wu (University of Houston-Clear Lake, Houston, Texas, U.S.A) and Yi Feng (Algoma University, Sault Ste. Marie, Ontario, Canada)

Software Safety is an element of the total safety program. It optimizes system safety & dependability in the design, development, use, and maintenance of software systems and their integration with safety critical application systems in an operational environment. Increasing size and complexity of software systems makes it harder to ensure their dependability. At the same time, the issues of safety become more critical as we more and more rely on software systems in our daily life. These trends make it necessary to support software engineers with a set of techniques and tools for developing dependable, trustworthy software. Software safety cannot be allowed to function independently of the total effort. Both simple and highly integrated multiple systems are experiencing an extraordinary growth in the use of software to monitor and/or control safety-critical subsystems or functions. A software specification error, design flaw, or the lack of generic safety-critical requirements can contribute to or cause a system failure or erroneous human decision. To achieve an acceptable level of dependability goals for software used in critical applications, software safety engineering must be given primary emphasis early in the requirements definition and system conceptual design process. Safety-critical software must then receive continuous management emphasis and engineering analysis throughout the development and operational lifecycles of the system. In this special issue, we are seeking insights in how we can confront the challenges of software safety & dependability issues in developing dependable, trustworthy software systems. Some suggested areas include, but not limited to
- Safety consistent with mission requirements
- Secure software engineering with software security & trustworthy software development
- State-of-arts literature review of technology dealing with software system security
- Identify and analysis of safety-critical functionality of complex systems
- Intrusion detection, security management , applied cryptography
- Derive hazards and design safeguards for mitigations
- Safety-Critical functions design and preliminary hazards analysis
- Identification, evaluation, and elimination techniques for hazards associated with the system and its software, throughout the lifecycle
- Complexity of safety critical interfaces, software components
- Sound secure software engineering principles that apply to the design of the software-user interface to minimize the probability of human error
- Failure & hazard models, including hardware, software, human and system are addressed in the design of the software
- Software testing techniques targeting at software safety issues at different levels of testing

For more information, please see http://www.igi-global.com/journals/details.asp?id=34297.

IEEE Security & Privacy, Special Issue on Privacy-Preserving Sharing of Sensitive Information, July/August 2010. (Submission Due 15 November 2009) [posted here 6/29/09]

Guest editor: Sal Stolfo (Columbia University, USA) and Gene Tsudik (UC Irvine, USA)

Privacy-Preserving Sharing of Sensitive Information (PPSSI) is motivated by the increasing need for organizations or people who don't fully trust each other to share sensitive information. Many types of organizations must often collect, analyze, and disseminate data rapidly and accurately without exposing sensitive information to wrong or untrusted parties. For example, census-takers collect private data with the understanding that it won't be released in a form traceable to the individual who provided it. Companies might be willing to divulge sensitive financial data to organizations that release only aggregate data for an industry sector. A hospital might share patient information with a state health agency but only to allow the latter to determine the number (and not the identities) of uninsured patients. While statistical methods for protecting data have been in use for decades, they're not foolproof and they generally involve a trusted third party to produce privacy-preserving statistical digests. More recently, techniques employing secure multi-party function evaluation, encrypted keywords, and private information retrieval have been studied and, in a few cases, deployed, However there are no practical tools and technologies to guarantee data privacy, especially, whenever organizations have certain common goals and require exchanges of data. To this end, the objective of PPSSI technology is to enable multiple entities to cooperate and share information without exposing more than what is necessary to complete a common task. Potential submission topics include (but are not limited to) the following:
- PPSSI requirements and policy enforcement; prospective policies governing PPSSI, including formal models and policy languages as well as trust models.
- Data “cleaning” and obfuscation techniques.
- Cryptographic protocols; innovative constructs, their performance and implementation issues, for example, private information retrieval, searching over encrypted data and private set operations.
- Data management; storage and data management issues arising in PPSSI settings.
- Secure hardware; architectures and technologies in support of PPSSI

For more information, please see http://www.ics.uci.edu/~gts/PPSSIcfp.pdf.

Elsevier Computer Communications, Special Issue on Multimedia Networking and Security in Convergent Networks, Summer 2010. (Submission Due 1 November 2009) [posted here 7/6/09]

Guest editor: Chang Wen Chen (University at Buffalo, USA), Stefanos Gritzalis (University of the Aegean, Greece), Pascal Lorenz (University of Haute Alsace, France), and Shiguo Lian (France Telecom R&D Beijing, China)

Authors are invited to submit detailed technical manuscripts reporting recent developments in the topics related to the special issue. Note the special emphasis on convergent and heterogeneous networks – this special issue is devoted to exploring the challenges and solutions for multimedia communication and security in convergent network environments. The new challenge in network management is to deal with heterogeneous client capabilities as well as dynamic end-to-end resources availability, and to ensure satisfactory service quality for every client. The new challenge in secure communication is to solve the privacy and security issues becoming increasingly important topics in network convergence. Some suggested topics include but are not limited to:
- Heterogeneous multimedia networking
- Cross-layer multimedia adaptation
- Inter-network multimedia adaptation
- QoS control in network convergence
- Interactive Mobile TV based on network convergence
- Mobile community based on network convergence
- Smart home networks based on network convergence
- Telematics systems based on network convergence
- E-healthcare systems based on network convergence
- Privacy preserving in network convergence
- Multimedia content security in network convergence
- Digital rights management in network convergence
- Content tracking and filtering in network convergence
- Intrusion detection and prevention in network convergence
- Other networking or security issues in network convergence

For more information, please see http://www.elsevier.com/locate/comcom .

Springer Requirements Engineering journal, Special Issue on Digital Privacy: Theory, Policies and Technologies, Summer 2010. (Submission Due 31 October 2009) [posted here 7/20/09]

Guest editor: Annie I. Anton (North Carolina State University, USA), Travis D. Breaux (Institute for Defense Analyses, USA), Stefanos Gritzalis (University of the Aegean, Greece), and John Mylopoulos (University of Trento, Italy)

This special issue of the Requirements Engineering journal aims at providing researchers and professionals with insights on the state-of-the-art in Digital Privacy from the views of Theory, Policies and Technologies. Topics of interest may include one or more of the following (but are not limited to) themes:
- Compliance of system policies to privacy requirements
- Methods, tools and techniques for realizing privacy requirements
- Alignment of system policies to privacy requirements
- Alignment of privacy requirements to privacy laws, regulations and standards
- Agent-oriented privacy engineering
- Verification and validation of privacy requirements
- Integrating privacy requirements in system engineering
- Formal methods on privacy
- Privacy policies and human rights
- Privacy policy enforcement
- Privacy policies for companies engaging in eCommerce
- Privacy policies in the digital business
- Privacy enhancing technologies and systems

For more information, please see http://www.springer.com/computer/programming/journal/766.

Journal of System Architecture, Special Issue on Security and Dependability Assurance of Software Architectures, Spring 2010. (Submission Due 15 October 2009) [posted here 6/8/09]

Guest editor: Ernesto Damiani (Universitŕ degli Studi di Milano, Italy), Sigrid Gürgens (Fraunhofer Institute for Secure Information Technology, Germany), Antonio Mańa (Universidad de Málaga, Spain), George Spanoudakis (City University, London, UK), and Claudio A. Ardagna (Universitŕ degli Studi di Milano, Italy)

The JSA special issue will focus in particular on context, methodologies, techniques, and tools for V&V of software architectures, with particular focus on supporting assurance and compliance, as well as security and dependability certification, for evolving and long-lived systems. Authors are invited to submit papers on a variety of topics, including but not limited to:
- foundations and new perspectives of V&V mechanisms and security certifications
- solutions, tools, frameworks for S&D assurance and certification
- new and/or existing certification processes and tools suitable for challenging contexts (e.g., telecommunications, mobile, real time, process control, and embedded systems), and/or experience with them
- new and/or existing modelling techniques which are particularly suited to evolving systems, and/or experience with them
- tools and case studies that integrate techniques from different areas, such as V&V mechanisms, including static verification, dynamic verification, testing, product and process certification, empirical software engineering, modeling of evolving and distributed systems

For more information, please see http://ees.elsevier.com/jsa/.

International Journal of Communication Networks and Information Security, Special Issue on Composite and Integrated Security Solutions for Wireless Sensor Networks, Spring 2010. (Submission Due 1 September 2009) [posted here 5/25/09]

Guest editor: Riaz Ahmed Shaikh (Kyung Hee University, Korea), Al-Sakib Khan Pathan (Kyung Hee University, Korea), Jaime Lloret (Polytechnic University of Valencia, Spain)

This special issue is devoted to composite and integrated security solutions for Wireless Sensor Networks (WSNs). In WSNs, researchers have so far focused on the individual aspects (cryptography, privacy or trust) of security that are capable of providing protection against specific types of attacks. However, efforts on achieving completeness via a composite and integrated solution are lacking. That is ultimately necessary to attain because of its wide applicability in various sensitive applications, such as health-care, military, habitat monitoring, etc. The objective of this special issue is to gather recent advances in the area of composite and integrated security solutions of wireless sensor networks. This special issue covers topics that include, but are not limited to:
- Adaptive and Intelligent Defense Systems
- Authentication and Access control
- Data security and privacy
- Denial of service attacks and countermeasures
- Identity, Route and Location Anonymity schemes
- Intrusion detection and prevention techniques
- Cryptography, encryption algorithms and Key management schemes
- Secure routing schemes
- Secure neighbor discovery and localization
- Trust establishment and maintenance
- Confidentiality and data integrity
- Security architectures, deployments and solutions

For more information, please see http://ijcnis.kust.edu.pk/announcement.

Information Systems Frontiers, Special Issue on Security Management and Technologies for Protecting Against Internal Data Leakages, Spring or Summer 2010. (Submission Due 14 August 2009) [posted here 2/2/09]

Guest editor: David Chadwick (University of Kent, UK), Hang Bae Chang (Daejin University, South Korea), Ilsun You (Korean Bible University, South Korea), and Seong-Moo Yoo (University of Alabama in Huntsville, USA)

During the past decades, information security developments have been mainly concerned with preventing illegal attacks by outsiders, such as hacking, virus propagation, and spyware. However, according to a recent Gartner Research Report, information leakage caused by insiders who are legally authorized to have access to some corporate information is increasing dramatically. These leakages can cause significant damages such as weakening the competitiveness of companies (and even countries). Information leakage caused by insiders occurs less frequently than information leakage caused by outsiders, but the financial damage is much greater. Countermeasures in terms of physical, managerial, and technical aspects are necessary to construct an integral security management system to protect companies' major information assets from unauthorized internal attackers. The objective of this special issue is to showcases the most recent challenges and advances in security technologies and management systems to prevent leakage of organizations' information caused by insiders. It may also include state-of-the-art surveys and case analyses of practical significance. We expect that the special issue will be a trigger for further research and technology improvements related to this important subject. Topics(include but are not limited to):
- Theoretical foundations and algorithms for addressing insider threats
- Insider threat assessment and modeling
- Security technologies to prevent, detect and avoid insider threats
- Validating the trustworthiness of staff
- Post-insider threat incident analysis
- Data breach modeling and mitigation techniques
- Registration, authentication and identification
- Certification and authorization
- Database security
- Device control system
- Digital forensic system
- -Digital right management system
- Fraud detection
- Network access control system
- Intrusion detection
- Keyboard information security
- Information security governance
- Information security management systems
- Risk assessment and management
- Log collection and analysis
- Trust management
- IT compliance (audit) and continuous auditing

For more information, please see http://www.som.buffalo.edu/isinterface/ISFrontiers/forthcoming1/InfoSec09-SI-CFP.pdf.

IEEE Design and Test of Computers, Special Issue on Verifying Physical Trustworthiness of Integrated Circuits and Systems, January/February 2010. (Submission Due 1 August 2009) [posted here 6/8/09]

Guest editor: Mohammad Tehranipoor (University of Connecticut, USA) and Farinaz Koushanfar (Rice University, USA)

The emergence of a globalized, horizontal semiconductor business model raises a set of concerns involving the security and trust of the information systems on which modern society is increasingly reliant for mission-critical functionality. Hardware security and trust issues span a broad range including threats related to the malicious insertion of Trojan circuits designed, e.g., to act as a silicon time bomb to disable a chip, to intellectual property (IP) and integrated circuit (IC) piracy, to untrusted 3rd party IPs, to attacks designed to extract encryption keys and IP from a chip, and to malicious system disruption and diversion. Trojans can be inserted into a circuit or system developed by 3rd party IP vendor, system integrator, or foundry. Topics of interest include (but are not limited to):
- Trojan detection and isolation
- Authenticating foundry of origin
- Watermarking
- IC Metering
- FPGA design security
- Physical unclonable functions (PUFs)
- Hardware intrusion detection and prevention
- Scan-chain encryption

For more information, please see http://www.engr.uconn.edu/~tehrani/CFP-D&T-SI.pdf.

IEICE Transactions on Information and Systems, Special Section on Trust, Security and Privacy for Pervasive Applications, March 2010. (Submission Due 1 July 2009) [posted here 6/15/09]

Guest editor: Guojun Wang (Central South University, China), Laurence T. Yang (St. Francis Xavier University, Canada), and Kouichi Sakurai (Kyushu University, Japan)

The objective of this special section is to publish recent progress focusing on the trust, security, privacy, and related issues such as technical, social and cultural implications for pervasive devices, services, networks, applications and systems. Topics of interest include (but are not limited to):
- Trust, Security and Privacy (TSP) metrics and architectures for pervasive computing
- Trust and Risk management in pervasive environment
- Security and privacy protection in pervasive environment
- Security and privacy in mobile and wireless communications for databases
- Safety and user experiences in pervasive environment
- TSP-aware social and cultural implications in pervasive environment
- Cryptographic devices for pervasive computing
- Biometric authentication for pervasive devices
- Security for embedded software and systems
- TSP-aware middleware design for pervasive services
- TSP-aware case studies on pervasive applications/systems
- Cryptographic technologies, including Key management and authentication, in pervasive applications/systems
- Access control, anonymity, reliability and fault tolerance in pervasive applications/systems
- Audit and accountability in pervasive applications/systems
- Miscellaneous issues in pervasive devices, services, applications, and systems

For more information, please see http://www.ieice.org/eng/s_issue/cfp/2010_3ED.pdf.

IEEE Transactions on Software Engineering (TSE), Special Issue on Exception Handling: From Requirements to Software Maintenance, November 2009. (Submission Due 1 May 2009) [posted here 11/24/08]

Guest editor: Alessandro Garcia (Lancaster University, UK), Valerie Issarny (INRIA, France), and Alexander Romanovsky (Newcastle University, UK)

With the complexity of contemporary software systems increasingly growing, we still have much to learn on how software engineering practice can contribute to improving specification, design, testing, and evolution of exception handling. Our body of knowledge on effective exception handling in software projects is still limited and fragmented. It is not surprising that recent field studies have identified that error handling design in industrial applications typically exhibits poor quality independently of the underlying programming language and application domain. A holistic application of software engineering principles and techniques can certainly improve the treatment of exception handling across the software lifecycle. In this context, one of the underlying motivations of this special issue is to revisit the research directions involving exception handling in software engineering after one decade the first successful issue on this topic has appeared in IEEE TSE. This special issue will serve as a key reference for researchers, practitioners and educators to understand the most recent innovations, trends, experiences and concerns involving exception handling aspects in software engineering. We invite submissions approaching exception handling on all areas of software development and maintenance, such as model-driven development, requirements engineering, refactoring, software evolution, reverse engineering, contemporary modularity techniques (e.g., aspect-oriented programming and feature-oriented programming), and formal methods. The special issue is intended to cover a wide range of topics, from theoretical foundations to empirical studies, with all of them presenting innovative ideas on the interplay of exception handling and software engineering. Topics of interest include (but are not limited to) the following:
- Exceptions in software processes
- Empirical studies of exception handling
- Exception documentation
- Exception handling and requirements engineering
- Exception handling and architectural design
- Design patterns and anti-patterns, architectural styles, and good programming practice cookbooks
- Static analysis and testing of exception handling
- Refactoring and evolution of exception handling code
- Exceptions and variability management
- Comparative studies of innovative exception handling techniques and conventional ones
- Exception handling and contemporary modularization techniques (e.g., aspect-oriented programming and feature-oriented programming)
- Exception handling and variability mechanisms
- Metrics and quality models for abnormal behaviour
- Exception handling and middleware design
- Model-driven engineering for exception handling
- Exception handling in multi-agent systems
- Development of predictive models of defect rates
- Checked versus unchecked exceptions

For more information, please see http://www.computer.org/portal/cms_docs_transactions/transactions/tse/CFP/cfp_tse_eh_web.pdf.

Journal of Communications and Networks, Special Issue on Securing Wireless Networking, December 2009. (Submission Due 29 April 2009) [posted here 3/23/09]

Guest editor: Adrian Perrig (Carnegie Mellon University, USA), Wade Trappe (Rutgers University, USA), Virgil Gligor (Carnegie Mellon University, USA), Radha Poovendran (University of Washington, USA), and Heejo Lee (Korea University, Korea)

Wireless technologies have had a significant impact on computing and communication technologies in the past decade, and we are thus now progressing to the new “anytime-anywhere” service model of the mobile Internet. Unfortunately, the affordability and availability of wireless technologies that makes them so attractive, also makes them an enticing target for security threats. As new wireless technologies continue to emerge, many of which will be highly flexible and programmable, it will be easier than ever before for adversaries to acquire the equipment and the means to launch new security or privacy attacks. The challenge facing the security community is to achieve security in spite of the fact that in a wireless network as an open “broadcast” network, security associations must be made even when no trust relationships existed previously. The purpose of this special issue is to facilitate the exchange of cutting-edge research in security for new wireless systems (e.g., cognitive radios, RFID, industrial control systems, and vehicular networks), as well as the privacy issues associated with these emerging technologies. Since new communication systems are being developed across multiple communities, ranging from academic to government to industry, from application development to the development of fundamental networking and hardware technologies, this journal issue is intended to provide a forum for cross-pollination of ideas that will advance the awareness of wireless security issues and ultimately lead to more secure system designs. We solicit papers covering topics that include, but are not limited to:
- Vulnerability and attack modeling
- Secure neighbor discovery and localization
- Trust establishment and maintenance
- Intrusion detection and prevention
- Denial of service
- User privacy, location privacy, and anonymity
- Incentive-aware secure protocol design
- Jamming/anti-jamming communication
- Cross-layer design for security
- Cryptographic primitives for wireless communication
- Key management in wireless/mobile environments
- Mobile platform and systems security

For more information, please see http://jcn.or.kr/home/journal/call_for_papers.asp?globalmenu=3.

Elsevier Journal on Computer Networks, Special Issue on Performance Sensitive Security for Very Large Scale Collaboration, December 2009. (Submission Due 18 March 2009) [posted here 1/16/09]

Guest editor: Deborah A. Frincke (PNNL, University of Washington, USA), Frank Siebenlist (Argonne National Laboratory, University of Chicago, USA), and Mine Altunay (Fermi National Laboratory, USA)

It is anticipated that this trend towards very large-scale collaboration will continue and that these virtual organizations will become increasingly complex and diverse. Exascale computing is predicted by some to be a necessity to support scientific as well as business activities by 2018. It will be important for security solutions to scale equally well, so that the collaboration is enriched by usable, management-friendly, performance-sensitive security solutions, rather than hindered by them. In this special issue, we emphasize research approaches that show promise in providing performance sensitive security for very large scale collaboration. Performance sensitivity here refers both to traditional computer performance measures as well as the usability of the security solution being proposed – collaboration should be supported, rather than hindered, by the security solutions. Topics of interest include, but are not limited to:
- Security for very large datasets (petascale through exascale), where very large scale data sets can be shared without loss of important security properties, such as integrity, confidentiality.
- Secure remote access to unique instrumentation; e.g., where scientists and the computer-based instrumentation they use are geographically and organizationally dispersed.
- Security validation techniques that can provide some measure of assurance that a shared infrastructure meets the collaboration’s and the individual organization’s security requirements.
- New architectures and methods supporting shared intrusion detection/prevention, situational awareness, threat containment and/or response needed to defend geographically and organizationally dispersed shared computational resources, including shared code.
- User privilege and user trust negotiation within very large federated environments, both for brief access (minutes) and for long term access (years)

For more information, please see http://home.fnal.gov/~maltunay/ComNet.html.

ACM Transactions on Autonomous and Adaptive Systems (TAAS), Special Issue on Adaptive Security Systems, 2010. (Submission Due 15 March 2009) [posted here 9/29/08]

Guest editor: Yang Xiang (Central Queensland University, Australia) and Wanlei Zhou (Deakin University, Australia)

This special issue on Adaptive Security Systems in ACM TAAS focuses on autonomous and adaptive security system theories, technologies, and reallife applications. Original papers are solicited for this special issue. Suggested topics include, but are not limited to:
Adaptive Security System Theories
- Adaptive security architectures, algorithms, and protocols
- Autonomic learning mechanisms in security systems
- Intelligent attack systems and mechanisms
- Interactions between autonomic nodes of security systems
- Modeling of adaptive attack and defense mechanisms
- Theories in adaptive security systems
Adaptive Security System Technologies
- Adaptive security systems design
- Adaptive security systems implementation
- Adaptive intrusion detection/prevention systems
- Self-organizing identity management and authentication
- Adaptive defense against large-scale attacks
- Simulation and tools for adaptive security systems
Adaptive Security System Applications
- Benchmark, analysis and evaluation of adaptive security systems
- Distributed autonomous access control and trust management
- Autonomous denial-of-service attacks and countermeasures
- Autonomous wireless security systems
- Autonomous secure mobile agents and middleware
- Adaptive defense against viruses, worms, and other malicious codes

For more information, please see http://nss.cqu.edu.au/FCWViewer/getFile.do?id=23880.

IEEE Transactions on Information Forensics and Security, Special Issue on Electronic Voting, December 2009. (Submission Due 22 February 2009) [posted here 10/13/08]

Guest editor: Ronald L. Rivest (MIT, USA, Lead Guest Editor), David Chaum (Voting Systems Institute, USA), Bart Preneel (Katholieke Universiteit Leuven, Belgium), Aviel D. Rubin (Johns Hopkins University, USA), Donald G. Saari (University of California at Irvine, USA), and Poorvi L. Vora (The George Washington University, USA)

Following the discovery of a wide variety of flaws in electronic voting technology used in the US and other parts of the world, there has recently been a spurt of research activity related to electronic voting. The activity has been broad, ranging from the design of voting systems that specify what information is collected from voters and how it is used to determine one or many winners, through the development of cryptographic vote counting systems and the experimental security analysis of deployed voting systems, the experimental study of the usability of voting systems, to the development of methods for identifying election fraud. Most of the work has of necessity been interdisciplinary, involving contributions from experts in the areas of cryptography, computer security, information theory, political science, statistics, usability, game theory, mathematical modeling, etc. This special issue aims to provide an overview of the research area of electronic voting, with a focus on original results. The scope includes both remote and polling-place voting, and the areas of interest include, but are not limited to, the following:
- Voting theory, including voting models
- Cryptographic voting systems
- Formal security analysis of voting systems
- Experimental security analysis of voting systems
- Evaluations and ratings of voting systems
- Usability and accessibility of voting systems
- History of voting technology
- Components building-blocks of voting systems, such as anonymous voting channels and secure bulletin boards
- Fraud/anomaly detection in elections
- Political districting and the allocation of voting technology

For more information, please see http://vote.cs.gwu.edu/cfp.html.

Security and Communication Networks Journal (Wiley), Special Issue on Security and Trust Management for Dynamic Coalitions, TBD. (Submission Due 30 November 2008) [posted here 10/13/08]

Guest editor: Theo Dimitrakos (British Telecommunications plc, UK), Fabio Martinelli (Institute of Informatics and Telematics, National Research Council, Italy), and Bruce Schneier (British Telecommunications plc, USA)

There is an increasing interest and deployment of technologies that allow cooperation among entities that may act collectively. These entities may form dynamic coalitions where entities may leave and join, may show mobility aspects (either logical or physical), and may act in a collective manner. Examples of these coalitions can be found in the digital world, including: a) Crowds of users walking on the streets with advanced context aware converged telecommunication devices; b) A group of robots, manned and unmanned vehicles equipped with processors, sensors, smartphones, etc. interacting with each other, with their environment, and with a command or a control node, such as the command and control site of a defence coalition or a civil traffic control; c) A set of organizations (possibly virtual) sharing some resource for service provisions, or so called Virtual Organisations; d) Collaborative processes that use resources and services offered by partners in a Virtual Organisation; and e) Web 2.0 mash-ups and composite Web Services that are composed of services and applications offered by different service providers over a public network. These dynamic coalitions involve several technologies as peer to peer systems (P2P), mobile ad hoc networks (MANETs), and service oriented architectures such as those realised in GRID computing and Web Services Frameworks. There are several research areas identified as follows: a) Security in dynamic coalitions; b) trust in dynamic coalitions; c) security and trust interplay; and 4) secure processes and service composition. This special issue is proposed to cover research results and innovation case studies on security and trust management on dynamic coalitions. Topics of interest include but are not limited to:
- Semantics and computational models for security and trust in dynamic coalitions
- Context-based security and trust management architectures, mechanisms and policies
- Privacy and anonymity issues in trust negotiation
- Enforcing cooperation in dynamic coalitions
- Reputation and recommendation models and architectures for dynamic coalitions
- Usage control models, languages and architectures in dynamic coalitions
- Cryptographic models and mechanisms for dynamic coalitions
- Security protocols for group management
- Security for Service Oriented Architectures and Infrastructures
- Collaboration and Virtual Organization life-cycle management in dynamic coalitions
- Federated Identity Management in dynamic coalitions
- Distributed Access Control and administrative delegation in dynamic coalitions
- Policy verification and validation in order to predict the impact of changes to an infrastructure in order to support the life-cycle of a dynamic coalition
- QoS monitoring, evaluation and reporting in dynamic coalitions
- Auditing in dynamic coalitions
- Trust and security in ICT Governance and service management for dynamic coalitions
- Security frameworks for dynamic service composition
- Security frameworks for Web 2.0 service and application mash-ups
- Security and trust adaptation in dynamic coalitions
- Information management in dynamic coalitions including research in techniques for self-protecting information sets
- Trust and security aspects of Operational Support Systems (OSS) for the converged telecommunications infrastructure that underpins dynamic coalitions

For more information, please see http://www.iit.cnr.it/staff/fabio.martinelli/STM-DC.pdf.

Ad Hoc Networks Journal, Special Issue on Privacy and Security in Wireless Sensor and Ad Hoc Networks, June 2009. (Submission Due 3 November 2008) [posted here 10/27/08]

Guest editor: Wensheng Zhang (Iowa State University, USA), Sencun Zhu (The Pennsylvania State University, USA), and Guohong Cao (The Pennsylvania State University, USA)

Wireless sensor and ad hoc networks have many applications in military, homeland security and other areas. Security is critical for such networks deployed in a hostile environment. In civilian applications, however, privacy concerns of these networks could become a more serious impediment to their popular adoption. Providing privacy and security in wireless sensor and ad hoc networks is more challenging than those in traditional wired networks because wireless communications use shared medium and thus are vulnerable to many attacks. Providing privacy and security in sensor networks is further complicated by the network scale, the highly constrained system resources and the difficulty of dealing with node compromises. The main purpose of this special issue is to promote further research interests and activities on privacy and security in wireless sensor and ad hoc networks. We are interested in analytical, experimental, and systems-related papers in various aspects of privacy and security in wireless sensor and ad hoc networks. Topics of interest include:
- Key distribution and management
- Privacy issues in wireless sensor networks
- Security and Privacy issues in vehicular networks
- Location privacy and source anonymity
- Secure localization and secure routing protocols
- Trust management
- Secure data aggregation
- Authentication and authorization
- Study of attack strategies, attack modeling
- Study of tradeoffs between security and system performance
- Denial of service attacks and prevention
- Cross layer security and privacy attacks and solutions

For more information, please see http://www.elsevier.com/framework_products/promis_misc/ADHOC_CFP_privacysecurity.pdf.

EURASIP Journal on Wireless Communications and Networking, Special Issue on Wireless Physical Layer Security, April 1, 2009. (Submission Due 1 October 2008) [posted here 5/19/08]

Guest editors: Mérouane Debbah (Supélec, France), Hesham El-Gamal (Ohio State University, USA), H. Vincent Poor (Princeton University, USA), and Shlomo Shamai (Technion, Israel)

Security is a critical issue in multiuser wireless networks in which secure transmissions are becoming increasingly difficult to obtain in highly mobile and distributed environments. In his seminal works of the late 1940s, Shannon formalized the concepts of capacity (as a transmission efficiency measure) and equivocation (as a measure of secrecy). Together with Wyner's fundamental formulation of the wiretap channel in the 1970s, this work laid the groundwork for the area of wireless physical area security. Interest in this area has exploded in recent years, motivated by the rise of wireless networking in general and by the increasing interest in large mobile networks with light infrastructure, which are extremely difficult to secure by traditional methods.

The objective of this special issue (whose preparation is carried out under the auspices of the EC Network of Excellence in Wireless Communications NEWCOM++) is to gather recent advances in the area of wireless physical layer security from the theoretical, such as the analysis of the secrecy capacity of various channel models, to more practical interests such as the development of codes and other communication schemes that can provide security in real networks. Suitable topics for this special issue dedicated to physical layer security include but are not limited to:
- Opportunistic secrecy
- The wiretap channel with feedback
- Authentication over the wiretap channel
- Information theoretic secrecy of fading channels
- Secrecy through public discussion
- Wireless key distribution
- Multiuser channels with secrecy constraints
- MIMO wiretap channels
- Relay-eavesdropper channel
- Scheduling for secure communications
- Secure communication with jamming
- Game theoretic approaches for secrecy
- Codes for secure transmission
- Secure compression
- Cognitive approaches for secrecy
- Physical Secrecy and Common Randomness
- Secrecy with channel uncertainty

For more information, please see http://www.hindawi.com/journals/wcn/si/wpls.html.

Wiley's Security and Communication Networks Journal, Special Issue on Security in Mobile Wireless Networks, 4th quarter of 2009. (Submission Due 30 September 2008) [posted here 4/28/08]

Guest editors: Abderrahim Benslimane (University of Avignon, France) Chadi Assi (Concordia University, Montreal, Canada), Stamatios V. Kartalopoulos (University of Oklahoma, USA), and Fred Nen-Fu Huang (National Tsing Hua University, Taiwan)

Security has become a primary concern in order to provide protected communication in mobile networks. Unlike the wired networks, the unique characteristics of mobile networks pose a number of nontrivial challenges to security design, such as open peer-to-peer network architecture, shared wireless medium, stringent resource constraints, highly dynamic network topology and absence of a trusted infrastructure. Ubiquitous roaming impacts on a radio access system by requiring that it supports handover between neighbouring cells and different networks. Also, mobile networks are more exposed to interferences than wired networks. There are several components that contribute to this: adjacent channels, co-channels, Doppler shifts, multipath, and fading. This SI aims to identify and explore the different issues and challenges related to security aspects in mobile networks. What are the impacts (benefits or inconvenience) of mobility on security? What are the appropriate mobility models to have a good level of security? Are Classical IDS approaches appropriate for mobile environments? How can be managed security when Mobility pattern and/or behaviour prediction? The complete security solution should span both layers, and encompass all three security components of prevention, detection, and reaction. Topics of interest include, but are not limited to, the following as they relate to mobile networks:
- Secure mobile PHY/MAC protocols
- Secure mobile routing protocols
- Security under resource constraints (e.g., energy, bandwidth, memory, and computation constraints)
- Performance and security tradeoffs in mobile networks
- Secure roaming across administrative domains
- Key management in mobile scenarios
- Cryptographic Protocols
- Authentication and access control in mobile networks
- Intrusion detection and tolerance in mobile network
- Trust establishment, negotiation, and management
- Secure mobile location services
- Secure clock distribution
- Privacy and anonymity
- Denial of service in mobile networks
- Prevention of traffic analysis

For more information, please see http://www3.interscience.wiley.com/cgi-bin/fulltext/120841529/HTMLSTART.

Wiley's Security and Communication Networks Journal, Special Issue on Security in Mobile Wireless Networks, March - April 2009. (Submission Due 25 September 2008) [posted here 9/22/08]

Guest editor: Edward David Moreno (UEA - University of Amazonas State, Brazil)

This special issue on Security in Computing in the Springer Journal of TCS focuses on novel hardware implementation, new architectures, software solutions, novel applications, cryptographic algorithms and security protocols will become increasingly critical to good system performance, low-power and security. Original papers are solicited for this special issue. Particular emphases will be put on recent innovations about security in the mobile and embedded computing domains. Suggested topics include, but are not limited to:
- Secure Architectures and Design
- Security Evaluation and Testing
- Cryptographic Algorithms and Techniques
- Security policies, protocols and standards
- Public- and symmetric-key cryptography in constrained environments such as RFID and smart cards
- Security in Distributed and pervasive Systems, Grid Computing, P2P systems, Web services, Digital TV, Mobile Devices, Embedded Systems and Wireless Networks.
- Applications of Biometry and Biometric Systems in Security
- Authentication and Authorization Models and Techniques
- Application case studies of ICs for secure embedded computing.
- Formal verification of security properties and security protocols
- Systems and Software Certification Methodologies
- Relationships among software correctness, reliability, usability, safety, and security

For more information, please see http://www.springer.com/computer/lncs?SGWID=0-164-6-151275-0.

Springer Transactions on Computational Science, Special Issue on Security in Computing, March, 2009. (Submission Due 5 September 2008) [posted here 8/4/08]

Guest editors: Edward David Moreno (UEA Univ. of Amazonas State, Brazil)

This special issue on Security in Computing in the Springer Journal of TCS focuses on novel hardware implementation, new architectures, software solutions, novel applications, cryptographic algorithms and security protocols will become increasingly critical to good system performance, low-power and security. Original papers are solicited for this special issue. Particular emphases will be put on recent innovations about security in the mobile and embedded computing domains. Suggested topics include, but are not limited to:
- Secure Architectures and Design
- Security Evaluation and Testing
- Cryptographic Algorithms and Techniques
- Security policies, protocols and standards
- Public- and symmetric-key cryptography in constrained environments such as RFID and smart cards
- Security in Distributed and pervasive Systems, Grid Computing, P2P systems, Web services, Digital TV, Mobile Devices, Embedded Systems and Wireless Networks
- Applications of Biometry and Biometric Systems in Security
- Authentication and Authorization Models and Techniques
- Application case studies of ICs for secure embedded computing
- Formal verification of security properties and security protocols
- Systems and Software Certification Methodologies
- Relationships among software correctness, reliability, usability, safety, and security

For more information, please see http://www.springer.com/computer/lncs?SGWID=0-164-6-151275-0.

IEEE Network Magazine, Special Issue on Recent Developments in Network Intrusion Detection, 1st quarter of 2009. (Submission Due 1 August 2008) [posted here 6/11/08]

Guest editors: Thomas M. Chen (Swansea University, UK), Judy Fu (Motorola Labs, USA), Liwen He (BT Group, Chief Technology Office, UK), and Tim Strayer (BBN Technologies, USA)

Internet-connected computers are constantly exposed to a variety of possible attacks through exploits, social engineering, password cracking, and malicious software. Networks allow intruders to reach a large number of potential targets quickly and remotely with relatively low risk of traceability. Public attention on cyber attacks has grown with post-9/11 concerns over vulnerabilities of critical infrastructures and new regulations increasing accountability of organizations for loss of private data. Concerns have also been heightened by the prevalence of hidden spyware and bots among PC users.

Existing network-based intrusion detection methods depend on monitoring traffic and detecting evidence of attacks through known signatures or anomalous traffic behavior. However, intruders are continually changing their techniques to try new attack vectors and new ways to evade defenses. Network intrusion detection is challenged to adapt with new capabilities to recognize and respond to current attack methods.

The goal of this special issue of IEEE Network is to share new research developments in network intrusion detection. Papers should add to current understanding of new attack vectors, advances in packet collection and analysis, and state-of-the-art techniques for recognizing, tracing, and responding to attacks. Papers should contain substantial tutorial content and be understandable to a broad general audience, not only security experts. Topics of interest include:
- novel attacks and exploits
- novel methods for traffic data collection and anomaly detection
- network forensic techniques and best practices
- intrusion prevention systems
- deep packet inspection and classification at very high speeds/throughputs
- event correlation
- attack traceback and router support
- automatic signature generation
- detection of low intensity stealthy intrusions

For more information, please see http://www.comsoc.org/dl/net/ntwrk/special.html.

ACM Transactions on Reconfigurable Technology and Systems, Special Issue on Security in Reconfigurable Systems Design, 2009. (Submission Due 23 May 2008) [posted here 5/5/08]

Guest editors: Patrick Schaumont (Virginia Tech, USA), Alex K. Jones (University of Pittsburgh, USA), and Steve Trimberger (Xilinx, USA)

The secure operation of computer systems and networks continues to be an important research topic for a variety of applications and infrastructures. Increasingly, these security concerns are extending from the software information-processing domain into the hardware domain and in particular into the reconfigurable computing research community. From a design perspective, security forms a separate dimension in design alongside of constraints on area, performance, and power. By carefully considering security issues in the design of reconfigurable hardware, security can become a basic property of the system implementation rather than being addressed as an afterthought. This special issue of ACM Transactions on Reconfigurable Technology and Systems solicits papers in the areas of secure design technologies and architectures for reconfigurable devices and novel applications for reconfigurable platforms. Topics of interest include but are not limited to the following areas:
Design Technologies and Architectures:
- Protection of hardware design intellectual property (e.g. FPGA bitstream).
- Side-channel resistant and fault-resistant design mechanisms.
- The use of Physically Unclonable Functions for authentication and anti-counterfeiting.
- Architectural techniques to mitigate the tradeoffs between power, performance, and area with system security.
- Methods for creating device-unique identifiers from device fabrication properties.
- Architectures that improve component isolation and resistance to physical attacks.
- Secure and formally verifiable/equivalent design automation techniques for reconfigurable hardware.
Novel Applications:
- Improving the performance or power consumption of software implementations of security algorithms using reconfigurable hardware.
- Acceleration to increase feasibility of brute force attacks on cryptographic algorithms.
- Use of physical partitioning of subsystems to improve secure system design.
- Use of reconfigurable architecture features for resistance to physical attacks.
- Prototyping of novel trusted computing primitives.

For more information, please see http://trets.cse.sc.edu/TRETS-Security-SI.pdf.

Wiley InterScience Security and Communication Networks Journal, Special Issue on Clinical Information Systems (CIS) Security, July/August 2008. (Submission Due 10 February 2008) [posted here 11/5/07]

Guest editors: Theodore Stergiou (KPMG Kyriacou Advisors AE, Greece), Dimitrios Delivasilis (Incrypto Ltd., Greece), Mark S Leeson (University of Warwick, UK), and Ray Yueh-Min Huang (National Cheng-Kung University, Taiwan, R.O.C.)

Managing records of patient care has become an increasingly complex issue with the widespread use of advanced technologies. The vast amount of information for every routine care must be securely processed over different data bases. Clinical Information Systems (CIS) address the need for a computerized approach in managing personal health information. Hospitals and public or private health insurance organizations are continuously upgrading their database and data management systems to more sophisticated architectures. The possible support of the large patient archives and the flexibility of a CIS in providing up-to-date patient information and worldwide doctors’ collaboration, have leveraged the research on CIS both in academic and government domains. At the same time, it has become apparent that patients require more control over their clinical data, either being results of clinical examinations or medical history. Due to the large amount of information that can be found on the Internet and the free access to medical practitioners and hospitals worldwide, patients may choose to communicate their information so as to obtain several expert opinions regarding their conditions. Given the sensitive nature of the information stored and inevitably in transit, security has become an issue of outmost necessity. Numerous EU and US research projects have been launched to address security in CIS (e.g. EUROMED, ISHTAR, RESHEN), whereas regulatory compliance to acts such as the HIPAA has become an obligation for centers moving to CIS. This Special Issue will serve as a venue for both academia and industry individuals and groups working in this fast-growing research area to share their experiences and state-of-the-art work with the readers. The topics of interest in this Special Issue include, but are not limited to:
- Authentication techniques for CIS
- Authorization mechanisms and approaches for patient-centric data
- Public Key Infrastructures to support diverse clinical information environments and networks
- Cryptographic protocols for use to secure patient-centric data
- Secure communication protocols for the communication of clinical data
- Wireless sensor networks security
- Body sensor networks security
- CIS Database security
- Interoperability across diverse CIS environments (national and multilateral)
- Government and international regulatory and compliance requirements

For more information, please see http://www3.interscience.wiley.com/cgi-bin/jtoc/114299116/.

Elsevier Computer Standards and Interfaces, Special issue on Information and Communications Security, Privacy and Trust: Standards and Regulations, Summer 2008. (Submission Due 30 January 2008) [posted here 9/3/07]

Guest editors: Bhavani Thuraisingham (University of Texas at Dallas, USA) and Stefanos Gritzalis (niversity of the Aegean, Greece)

Most of the research and development work carried out by universities, research centers and private companies today, is based, in some way or another, on international standards or pre-standards that have been produced under the auspices of recognized standardization bodies. On top of that, many market sectors have recognized standardization as a prerequisite for the provision of high quality services and products, thus triggering a large number of multi-sectoral voluntary standards. For many years the Security field was somehow isolated in the Information and Communications Technology arena. Inevitably this isolation has been inherited to the standards governing the security, privacy, and trust techniques and mechanisms that are currently employed. It is therefore important to inform the scientific community about these problems and facilitate better collaboration on the security, privacy, and trust aspects of international standards and regulations.

We welcome the submission of papers that: provide information about activities and progress of security, privacy, and trust standardization work; focus on critical comments on standards and standardization activities; discuss actual projects results; disseminate experiences and case studies in the application and exploitation of established and emerging standards, methods and interfaces. The areas of interest may include, but not limited, to:
- Access Control and Authorization
- Assurance Services
- Auditing and Forensic Information Management
- Authentication, Authorization, and Accounting
- Business Services
- Confidentiality and Privacy Services
- Digital Rights Management
- eBusiness, eCommerce, eGovernment Security: Establishing Trust and Confidence of Citizens in eTransactions and eServices
- eHealth Security
- Lawful Interception Architectures and Functions
- Legal and Regulation Issues
- Network Defense Services
- Privacy and Identity Management
- Securing Critical Information and Communication Infrastructures
- Security Challenges to the use and deployment of Disruptive Technologies (Trusted Computing, VoIP, WiMAX, RFID, IPv6)
- Security issues in Network Event Logging
- Standardization Aspects of Electronic Signatures
- Trust Services
- Wireless, Mobile, Ad hoc and Sensors Networks Security, Privacy, and Trust

For more information, please see http://www.elsevier.com/wps/find/journaldescription.cws_home/505607/description#description.

An edited volume of IOS Press Cryptology and Information Security Series on Identity-Based Cryptography, August 2008. (Submission Due 15 November 2007) [posted here 10/8/07]

Guest editors: Marc Joye (Thomson R&D France) and Gregory Neven (Katholieke Universiteit Leuven, Belgium)

First introduced by Shamir as early as in 1984, identity-based cryptography has seen a revival in public interest in recent years due to the introduction of bilinear maps to cryptography. This edited volume intends to give an overview of the state-of-the-art of the theory and practice related to identity-based cryptography. The targeted audience includes beginning students in the field, interested researchers from other fields as well as industry practitioners. High-quality contributions will be invited on all aspects of identity-based cryptography, including (but not necessarily limited to) the following topics:
- mathematics underlying ID-based cryptography, and in particular bilinear maps
- ID-based encryption, signatures, authentication, signcryption, key exchange and other primitives
- certificateless encryption
- pairing-based schemes with new properties
- theory and security notions related to ID-based cryptography
- real-world applications and implementations
- efficient software or hardware implementations of pairing-based cryptography
- security policies and enforcement
- impact of ID-based cryptography on organizational structures
- legal and regulatory issues

For more information, please see http://www.neven.org/IBCbook.html.

IEEE Transactions on Information Forensics and Security, Special issue on Statistical Methods for Network Security and Forensics, September 2008. (Submission Due 15 October 2007) [posted here 9/27/07]

Guest editors: Muriel Medard (MIT, USA), Christina Fragouli (EPFL, Switzerland), Wenke Lee (Georgia Tech, USA), Roy Maxion (Carnegie-Mellon University, USA), Sal Stolfo (Columbia University, USA), and Lang Tong (Cornell University, USA)

Recently, probabilistic methods have gained importance in various aspects of network security and forensics. Such methods are at the forefront of recent advances in intrusion detection, but also underlie distributed detection and estimation for sensor networks and information-theoretic approaches to network security. In the context of intrusion detection, statistical pattern recognition is a core problem which can be addressed using methods from Bayesian theory, learning theory, graphical models, and data mining. Data acquisition, processing, and inference in sensor networks also l everages a substantial body of literature on statistical estimation, detection, and classification theory. At the same time, new developments in network information theory have led to renewed interest in classical aspects of information-theoretic security, such as wiretapping, as well as new areas of work, such as network coding applications to security. Many advances in network information theory revolve around wireless networks and sensor networks, areas in which a shared medium and rich, variable topologies, create particularly challenging problems. Information theory has proven useful both for determining the fundamental performance limits of such systems, including jamming and novel countermeasures, e.g., coding techniques in networks. The goals of the special issue are to provide the reader with an overview of the state of the art in this field, and to collect significant research results. Possible topics for papers submitted to the special issue include, but are not limited to:
- Intrusion, masquerade, and anomality detection
- Network scaling issues
- Network surveillance
- Dynamic models for mobile ad-hoc networks
- Distributed sensing, estimation, detection, and classification
- Information theory for secrecy in wireless networks
- Advances in the wiretap channel
- Eavesdropping and jamming in wireless networks
- Network information theory for Byzantine attacks
- Security aspects of network coding

For more information, please see http://www.itsoc.org/cfp/TIFS-CFP-SI08-extended.pdf.

EURASIP Journal on Advances in Signal Processing, Special issue on Signal Processing Applications in Network Intrusion Detection Systems, March, 2008. (Submission Due 1 September 2007) [posted here 6/11/07]

Guest editors: Chin-Tser Huang (University of South Carolina, USA), Rocky K. C. Chang (The Hong Kong Polytechnic University, Hong Kong), and Polly Huang (National Taiwan University, Taiwan)

Signal processing techniques have found applications in NIDSs because of their ability to detect novel intrusions and attacks, which cannot be achieved by signature-based NIDS. It has been shown that network traffic possesses the property of self-similarity. Therefore, the objective of NIDS based on signal processing techniques is to profile the pattern of normal network traffic or application-level behavior and model intrusions or unwanted traffic as anomalies. Wavelets, entropy analysis, and data mining techniques are examples in this regard. However, the major challenges of the signal processing-based approaches lie in the adaptive modeling of normal network traffic and the high false alarm rate due to the inaccuracy of the modeled normal traffic pattern. The emergence of a variety of wireless networks and the mobility of nodes in such networks only add to the complexity of the problems. The goal of this special issue is to introduce state-of-the-art techniques and encourage research regarding various aspects in the application of signal processing techniques to network intrusion detection systems. In particular, the special issue encourages novel solutions that improve the accuracy and adaptivity of intrusion detection and addresses the automation of intrusion classification and correlation. Topics of interest include (but are not limited to):
- Data-mining-based IDS
- Multirate filtering and wavelets
- Monte Carlo methods integration
- Anomalous network traffic modeling
- Anomalous application-level behavior modeling
- Performance analysis and evaluation
- Real-time analysis techniques
- Intrusion correlation
- Automated detection and classification of intrusions and anomalies
- Clustering-based IDS
- Sampling techniques in intrusion detection
- Data streaming algorithms for traffic analysis
- Adaptive detection techniques
- Data fusion in distributed intrusion detection

For more information, please see http://www.hindawi.com/journals/asp/si/anids.pdf.

IEEE Communications Magazine, Special Issue on Security in Mobile Ad Hoc and Sensor Networks, February 2008. (Submission Due 1 July 2007) [posted here 4/9/07]

Guest editors: Stamatios V. Kartalopoulos (The University of Oklahoma, USA), Hsiao-Hwa Chen (National Sun Yat-Sen University, Taiwan), Mário Freire (University of Beira Interior, Portugal), Liwen He (BT Group Chief Technology Office, UK), and Pramode Verma (The University of Oklahoma, USA)

The increase of wireless and mobile devices and the recent advancement in wireless and mobile ad hoc and sensor networks technologies/applications in a large variety of environments, such as homes, business places, emergency situations, disaster recoveries and people on the move is unprecedented. These activities over different network systems have brought security concerns on an unprecedented scale. Security is an important issue for wireless and mobile ad hoc and sensor networks (MASNETs) especially for the security-sensitive applications such as in military, homeland security, financial institutions and many other areas. Such security threats take advantage of protocol weaknesses in mobile ad hoc and sensor networks as well as operating systems’ vulnerabilities to attack network applications. Theses attacks involve, for example, distributed denials of services, buffer overflows, viruses, and worms, where they will cause an increasingly greater damage to the operation of mobile ad hoc and sensor networks. With regard to such security aspects, there is an increasing demand for measures to guarantee and fully attain the authentication, confidentiality, data integrity, privacy, access control, non repudiation, and availability of mobile ad hoc and sensor networks. This Special Issue will serve as a venue for both academia and industry individuals and groups working in this fast-growing research area to share their experiences and state-of-the-art work with the readers. The topics of interest in this Feature Topic include:
- Novel and emerging secure architecture
- Study of attack strategies, attack modeling
- Power constraint security schemes
- Key management in MASNETs
- Broadcast authentication
- Secure routing protocols
- Secure location discovery
- Secure clock synchronization
- Study of attack strategies, attack modeling in MASNETs
- Security management, emergency contingency planning, identify theft
- Protection, risk, vulnerabilities, attacks, authorization/authentication
- Security and trust in web-services-based applications in MASNETs
- Denial of service attacks and prevention
- Secure group communication/multicast
- Distributed security schemes

For more information, please see http://www.comsoc.org/pubs/commag/cfpcommag0208.pdf.

IEEE Software, Special Issue on Security for the Rest of Us: An Industry Perspective on the Secure Software Challenge, January/February 2008. (Submission Due 1 July 2007) [posted here 3/16/07]

Guest editors: Konstantin Beznosov (University of British Columbia, Canada) and Brian Chess (Fortify Software)

The public need for good software security becomes more acute every day. Typical activities—including selecting, purchasing, and consuming services and products, conducting business, and holding national elections—increasingly depend on secure software. While security was once a specialty of interest to only a small number of developers, it's now a critical topic for almost all software developers, project managers, and decision makers. The world's software industry includes thousands of software vendors from humongous enterprises to one-person shops, and the industry as a whole must face the software security challenge. This special issue will report on the state of practice and recent advances related to software security in a wide range of industrial application domains. It will explore practical and pragmatic ways of engineering secure software that can be applied by a wide range of development teams. The issue will report on:
- Practical tools and methods for detecting or preventing security-relevant defects
- Practical approaches to incorporating security as part of different stages of the software development process (requirements, architecture, design, implementation, testing, etc.)
- The economic motivation for creating secure software
- Attacks and vulnerabilities: common ways that security fails in modern industrial software

For more information, please see http://www.computer.org/portal/site/software/menuitem.538c87f5131e26244955a4108bcd45f3/index.jsp?&pName=software_level1&path=software/content&file=edcal.xml&xsl=article.xsl&.

International Journal of Electronic Commerce (IJEC), Special Issue on Click Fraud, January 2008. (Submission Due 15 May 2007) [posted here 5/3/07]

Guest editors: LMohammad Mahdian (Yahoo Research Labs), Jan Pedersen (Yahoo! Inc), and Kerem Tomak (Yahoo! Inc)

The primary goal of this special issue of International Journal of Electronic Commerce is to foster research on the interplay between economics, computer science, marketing, data mining and electronic commerce technology development in click quality and click fraud. We seek papers and proposals that address various aspects of click fraud, including search relevance, economics of click fraud, e-business, formal and legal issues with the aim of providing a balanced mix of presentations from these different perspectives. The subject of click quality is highly relevant to the investigation of quick fraud. Papers may encompass any or all of the following: theoretical analyses, modelling, simulation, and empirical studies. Authors may examine different aspects of sponsored search and online advertisement in any of a variety of possible contexts. Special topics of interest include, but are not limited to, the following:
- Click Fraud
- Impression Fraud
- Click Quality
- Design of mechanisms to increase click quality
- Data mining and machine learning algorithms for detecting click fraud
- Standards for click quality
- Use of algorithmic mechanism design in sponsored search
- Contextual online advertising
- Localized/geographic search
- Search engine marketing and optimization
- Alternative models for sponsored search
- Game theoretic modelling and analysis of fraud
- Evaluating fraud-resistance of ranking mechanisms
- Fraud in pay-per-conversion systems
- Click and impression quality in brand advertising
- Fraud detection for web ranking algorithms
- Other types of online fraud
- Legal aspects of click fraud

For more information, please see http://www.gvsu.edu/business/ijec/special.html.

Security Journal of Universal Computer Science (JUCS), Special Issue on Cryptography in Computer System, February 2008. (Submission Due 1 May 2007) [posted here 7/18/06]

Guest editors: Liqun Chen (Hewlett-Packard Labs, UK), Ed Dawson (Queensland University of Technology, Australia), Xuejie Lai (Shanghai Jiao Tong University, China), Masahiro Mambo (Tsukuba University, Japan), Atsuko Miyaji (JAIST, Japan), Yi Mu (University of Wollongong, Australia), David Pointcheval (Ecole Normale Supérieure, France), Bart Preneel (Katholieke Universiteit Leuven, Belgium), Nigel Smart (Bristol University, UK), Willy Susilo (University of Wollongong, Australia), Huaxiong Wang (Macquarie University, Australia), and Duncan Wong (City University of Hong Kong, China)

Cryptography has been playing an important role to ensure the security and reliability of modern computer systems. Since high speed and broad bandwidth have been becoming the keywords for modern computer systems, new cryptographic methods and tools must follow up in order to adapt to these new and emerging technologies. This Special Issue aims to provide a platform for security researchers to present their newly developed cryptographic technologies in computer systems. Areas of interest for this special journal issue include, but are not limited to, the following topics:
- Authentication
- Cryptographic algorithms and their applications
- Cryptanalysis
- Email security
- Electronic commerce
- Data integrity
- Fast cryptographic algorithms and their applications
- Identity-based cryptography
- IP security
- Key management
- Multicast security
- Computer network security
- Privacy protection
- Security in Peer-to-Peer networks
- Security in sensor networks
- Smartcards

For more information, please see http://www.sitacs.uow.edu.au/jucs/.

EURASIP Journal on Information Security, Special Issue on Signal Processing in the Encrypted Domain, 4th Quarter, 2007. (Submission Due 1 March 2007) [posted here 10/9/06]

Guest editors: Alessandro Piva (University of Florence, Italy) and Stefan Katzenbeisser (Philips Research Europe, The Netherlands)

Recent advances in digital signal processing enabled a number of new services in various application domains, ranging from enhanced multimedia content production and distribution to advanced healthcare systems for continuous health monitoring. At the heart of these services lies the ability to securely manipulate “valuable” digital signals in order to satisfy security requirements such as intellectual property management, authenticity, privacy, and access control. This special issue solicits papers exploring the application of signal processing to encrypted content, both from a theoretical and practical point of view. Topics of interest include, among others:
- Cryptographic primitives and protocols for signal processing operations
- Secure matching and analysis of signals
- Searching on encrypted signals
- Cryptographic techniques for real-valued or fuzzy data
- Secure watermark embedding and detection
- Next-generation secure content management
- Privacy through secure signal processing
- Transcoding of encrypted content
- Design and evaluation of encryption schemes specifically tailored towards signals

For more information, please see http://www.hindawi.com/GetPage.aspx?journal=is&page=SPED.

International Journal of Smart Home (IJSH), Special Issue on Advances in Smart Home Security, May/June, 2007. (Submission Due 31 January 2007) [posted here 11/20/06]

Guest editors: Kuan-Ching Li (Providence University, Taiwan), Jiyoung Lim (Korean Bible University, South Korea), Lam For Kwok (City University of Hong Kong, HK), Qi Shi (Liverpool John Moores University, UK)

With the proliferation of the Internet technology and electronic devices, Smart Home Environments (SHE) have received significant attention in the last few decades. With a great potential to revolutionize our lives, SHE also poses new research challenges. This special issue focuses on addressing various aspects of security in SHE. We expect that it will be a trigger for further related research and technology improvements in this important subject. The topics of interest include, but are not limited to:
- Security issues and privacy for SHE
- Trust management and user-friendly security interfaces for SHE
- Key/identity management in SHE
- Access control and security policies in SHE
- Authentication and authorization in SHE
- Network architectures and protocols for security in SHE
- Ubiquitous/pervasive platform and middleware for security in SHE
- Design of businesses models with security requirements for SHE
- Services and applications for security in SHE
- Content protection and digital rights management for SHE
- Intelligent sensor network/RFID for security in SHE
- Intrusion detection and computer forensics for SHE
- Emerging standards and technologies for security in SHE
- Commercial and industrial security in SHE
- Case studies, prototypes and experiences

For more information, please see http://www.sersc.org/index.files/Journal8.htm.

International Journal of Computer Research (IJCR), Special Issue on Advances in Ad Hoc Network Security, 4th Quarter, 2007. (Submission Due 1 January 2007) [posted here 12/11/06]

Guest editors: Nikos Komninos (Athens Information Technology)

Ad hoc networks are becoming an integral part of the computing landscape. However, these networks introduce new security challenges due to their dynamic topology, severe resource constraints, and absence of a trusted infrastructure. This International Journal of Computer Research (IJCR) special issue seeks submissions from academia and industry presenting novel research on all aspects of security for ad hoc networks, as well as experimental studies of fielded systems. Topics of interest include, but are not limited to, the following as they relate to mobile ad hoc networks:
- Key management
- Intrusion detection and tolerance
- Secure location services
- Secure clock distribution
- Privacy and anonymity
- Performance and security tradeoffs
- Secure roaming across administrative domains
- Denial of service
- Prevention of traffic analysis
- Trust establishment, negotiation, and management
- Secure routing
- Secure MAC protocols
- Cryptographic Protocols
- Authentication and access control

For more information, please see http://www.ait.gr/special_issue/.

Elsevier Computer Communications Journal, Special Issue on Security on Wireless Ad Hoc and Sensor Networks, 3rd Quarter of 2007. (Submission Due 15 December 2006) [posted here 9/3/06]

Guest editors: Sghaier Guizani (University of Moncton, Canada), Hsiao-Hwa Chen (National Sun Yat-Sen University, Taiwan), Peter Mueller (IBM Zurich Research Laboratory, Switzerland)

The increase of wireless and mobile devices and the recent advancement in wireless and mobile ad hoc and sensor networks technologies/applications in a large variety of environments, such as homes, business places, emergency situations, disaster recoveries and people on the move is unprecedented. These activities over different network systems have brought security concerns on an unprecedented scale. Security is an important issue for wireless and mobile ad hoc and sensor networks (MANETs) especially for the security-sensitive applications such as in military, homeland security, financial institutions and many other areas. Such security threats take advantage of protocol weaknesses as well as operating systems' vulnerabilities to attack Internet applications. Theses attacks involve, for example, distributed denials of services, buffer overflows, viruses, and worms, where they cause an increasingly greater technical and economic damage.

With regard to such cyber security aspects, there is an increasing demand for measures to guarantee and fully attain the authentication, confidentiality, data integrity, privacy, access control, non repudiation, and availability of system services. This Special Issue will serve as a venue for both academia and industry individuals and groups working in this fast-growing research area to share their experiences and state-of-the-art work with the readers. The topics of interest include, but are not limited to:
- Novel and emerging secure architecture
- Study of attack strategies, attack modeling
- Security analysis methodologies
- Wireless and mobile security
- Key management
- Commercial and industrial security
- Broadcast authentication
- Secure routing protocols
- Secure location discovery
- Secure clock synchronization
- Novel and emerging secure architectures
- Cryptographic algorithms and applications
- Study of attack strategies, attack modeling
- Study of tradeoffs between security and system performance
- Security management, emergency contingency planning, identify theft
- Access control, wireless access control, broadband access control
- Protection, risk, vulnerabilities, attacks, authorization/authentication
- Security and trust in web-services-based applications
- Denial of service attacks and prevention
- Secure group communication/multicast
- Implementations and performance analysis
- Distributed security schemes

For more information, please see http://authors.elsevier.com/journal/comcom.

International Journal of Information and Computer Security, Special Issue on Security and Privacy Aspects of Data Mining, 2006. (Submission Due 5 April 2006) [posted here 2/7/05]

Guest editors: Stan Matwin (University of Ottawa, Canada), LiWu Chang (Naval Research Laboratory, USA), Rebecca N. Wright (Stevens Institute of Technology, USA), and Justin Zhan (University of Ottawa, Canada)

Rapid growth of information technologies nowadays has brought tremendous opportunities for data sharing and integration, and also demands for privacy protection. Privacy-preserving data mining, a new multi-disciplinary field in information security, broadly refers to the study of how to assure data privacy without compromising the confidentiality and quality of data. Although techniques, such as random perturbation techniques, secure multi-party computation based approaches, cryptographic-based methods, and database inference control have been developed, many of the key problems still remain open in this area. Especially, new privacy and security issues have been identified, and the scope of this problem has been expanded. How does the privacy and security issue affect the design of information mining algorithm? What are the metrics for measuring privacy? What impacts will this research impose on diverse areas of counter-terrorism, distributed computation, and privacy law legislation? This special issue aims to provide an opportunity for presenting recent advances as well as new research directions in all issues related to privacy-preserving data mining.

This special issue is inviting original contributions that are not previously published or currently under review by other journals. We welcome both theoretical and empirical research using quantitative or qualitative methods. Areas of interest include but not limited to:
- Access control techniques and secure data models
- Privacy-preserving data mining
- Privacy-preserving Information Retrieval
- Trust management for information mining
- Inference/disclosure related information mining
- Privacy enhancement technologies in web environments
- Privacy guarantees and usability of perturbation and randomization techniques
- Analysis of confidentiality control methods
- Privacy policy analysis
- Privacy-preserving data integration
- Privacy policy infrastructure
- Privacy-preserving query systems
- Identify theft protection
- Privacy-aware access control
- Privacy policy languages and enforcement mechanisms

For more information, please see http://www.site.uottawa.ca/~zhizhan/psdmspecialissue2006/index.htm.

International Journal of Networks and Security (IJSN), Special Issue on Cryptography in Networks, December 2006. (Submission due 1 April 2006) [posted here 10/31/05]

Guest editors: Liqun Chen (Hewlett-Packard Labs, UK), Guang Gong (University of Waterloo, Canada), Atsuko Miyaji (JAIST, Japan), Phi Joong Lee (Pohang Univ. of Science & Technology, Korea), Yi Mu (Univ. of Wollongong, Australia), David Pointcheval (Ecole Normale Supérieure, France), Josef Pieprzyk (Macquarie Univ., Australia), Tsuyoshi Takagi (Future Univ. - Hakodate, Japan), Jennifer Seberry (Univ. of Wollongong, Australia), Willy Susilo (Univ. of Wollongong, Australia), and Huaxiong Wang (Macquarie Uni., Australia)

Cryptography plays a key role in network security. Advances of cryptography can make computer networks more secure. Computer technologies have been pushing forward computer networks for high speed and broad bandwidth. Therefore, new cryptographic methods and tools must follow up in order to adapt to these new technologies. Recent attacks on computer networks, especially on IEEE 802.11 and IEEE 802.15, are increasing, since underlying radio communication medium for wireless network provides serious exposure to attacks against wireless networks. Security must be enforced to suit the emerging technologies. This Special Issue aims to provide a platform for security researchers to present their newly developed cryptographic technologies in network security. Areas of interest for this special journal issue include, but are not limited to, the following topics:
- Ad hoc network security
- Anonymity in networks
- Authentication in network and wireless systems
- Cryptographic algorithms and their applications to network security
- Cryptanalysis of network security schemes
- Encryption in network and wireless systems
- Email security
- Data integrity
- Fast cryptographic algorithms and their applications
- Identity-based cryptography in network and mobile applications
- IP security
- Key management
- Multicast security
- Mobile and wireless system security
- Privacy protection
- Security group communications
- Security in internet and WWW
- Security in Peer-to-Peer networks
- Secure routing protocols
- Security in sensor networks

For more information, please see http://www.uow.edu.au/~ymu/ijsn/.

Journal of Computer Security (JCS), Special Issue on Security of Ad Hoc and Sensor Networks, 2006. (Submission Due 1 April 2006) [posted here 11/30/05]

Guest editors: Peng Ning (NC State University) and Wenliang Du (Syracuse University)

Ad hoc and sensor networks are expected to become an integral part of the future computing landscape. However, these networks introduce new security challenges due to their dynamic topology, severe resource constraints, and absence of a trusted infrastructure. This Journal of Computer Security (JCS) special issue seeks submissions from academia and industry presenting novel research on all aspects of security for ad hoc and sensor networks, as well as experimental studies of fielded systems.

Topics of interest include, but are not limited to, the following as they relate to mobile ad hoc networks or sensor networks:
- Security under resource constraints (e.g., energy, bandwidth, memory, and computation constraints)
- Performance and security tradeoffs
- Secure roaming across administrative domains
- Key management
- Cryptographic Protocols
- Authentication and access control
- Intrusion detection and tolerance
- Trust establishment, negotiation, and management
- Secure location services
- Secure clock distribution
- Privacy and anonymity
- Secure routing
- Secure MAC protocols
- Denial of service
- Prevention of traffic analysis

For more information, please see http://discovery.csc.ncsu.edu/JCS-SASN06/.

Journal of Machine Learning Research, Special Issue on Machine Learning for Computer Security, 2006. (Submission due 15 March 2006) [posted here 11/11/05]

Guest editors: Philip Chan (Florida Tech) and Richard Lippmann (MIT Lincoln Lab)

As computers have become more ubiquitous and connected, their security has become a major concern. Of interest to this special issue is research that demonstrates how machine learning (or data mining) techniques can be used to improve computer security. This includes efforts directed at improving security of networks, hosts, and individual applications or computer programs. Research can have many goals including, but not limited to, authenticating users, characterizing the system being protected, detecting known or unknown vulnerabilities that could be exploited, using software repositories as training data to find software bugs, preventing attacks, detecting known and novel attacks when they occur, analyzing recently detected attacks, responding to attacks, predicting attacker actions and goals, performing forensic analysis of compromised systems, and analyzing activities seen in honey pots and network "telescopes" or "black holes."

Of special interest are studies that use machine learning techniques, carefully describe their approach, evaluate performance in a realistic environment, and compare performance to existing accepted approaches. Studies that use machine learning techniques or extend current techniques to address difficult security-related problems are of most interest.

It is expected that studies will have to address many classic machine learning issues including feature selection, feature construction, incremental/online learning, noise in the data, skewed data distributions, distributed learning, correlating multiple models, and efficient processing of large amounts of data.

For more information, please see http://www.cs.fit.edu/~pkc/mlsec/.

Theoretical Computer Science (TCS), Special Issue of on Automated Reasoning for Security Protocol Analysis, 4th quarter, 2006. (Submission due 13 November 2005) [posted here 8/15/05]

Guest editors: Pierpaolo Degano (Universita` di Pisa, Italy) and Luca Vigano` (ETH Zurich, Switzerland)

In connection with The Second Workshop on Automated Reasoning for Security Protocol Analysis (ARSPA'05), which took place as a satellite event of ICALP'05, we are guest-editing a Special Issue of Theoretical Computer Science devoted to original papers on formal security protocol specification, analysis and verification. Contributions are welcomed on the following topics and related ones:
- Automated analysis and verification of security protocols
- Languages, logics, and calculi for the design and specification of security protocols
- Verification methods: accuracy, efficiency
- Decidability and complexity of cryptographic verification problems
- Synthesis and composition of security protocols
- Integration of formal security specification, refinement and validation techniques in development methods and tools

For more information, please see http://www.avispa-project.org/arspa/tcs-index.html.

International Journal of Security and Networks (IJSN), Special Issue on Security Issues in Sensor Networks, Middle 2006. (Submission due 15 October 2005) [posted here 7/9/05]

Guest editors: Yang Xiao (University of Memphis), Xiaohua Jia (City University of Hong Kong, Hong Kong), Bo Sun (Lamar University), and Xiaojiang Du (North Dakota State University)

Security in Sensor networks differ from those in other traditional networks with many aspects such as limited memory space, limited computation capability, etc. Therefore, sensor network security has some unique features which do not exist in other networks. The need to address security issues, and provide timely, solid technical contributions of security solutions in sensor networks establishes the motivation behind this special issue. This special issue is dedicated to sensor network security. A paper should have security in sensor networks as the focus. Specific areas of interest include, but not limit to:
- Key Managements in sensor networks
- Secure Routing in secure networks
- Light weight Encryption and authentication in Sensor networks
- Attacks and solutions in Sensor networks
- Other areas which are related to both security and sensor networks

For more information, please see http://www.cs.memphis.edu/~yxiao/IJSN_Snesor_Security.html.

EURASIP Journal on Wireless Communications and Networking, Special Issue on Wireless Network Security, 3rd Quarter, 2006. (Submission due 1 October 2005) [posted here 6/28/05]

Guest editors: Yang Xiao (University of Memphis), Yi-Bing Lin (National Chiao Tung University, Taiwan), and Ding-Zhu Du (University of Minnesota)

Recent advances in wireless network technologies have rapidly developed in recent years, as evidenced by wireless location area networks (WLANs), wireless personal area networks (WPANs), wireless metropolitan area networks (WMANs), and wireless wide area networks (WWANs), that is, cellular networks. A major impediment to their deployment, however, is wireless network security. For example, the lack of data confidentiality in wired equivalent privacy (WEP) protocol has been proven, and newly adopted standards such as IEEE 802.11i robust secruity network (RSN) and IEEE 802.15.3a ultra-wideband (UWB) are not fully tested and, as such, may expose unforeseen security vulnerabilities. The effort to improve wireless network security is linked with many technical challenges including compatibility with legacy wireless networks, complexity in implementation, and cost/performance trade-offs. The need to address wireless network security and to provide timely, solid technical contributions establishes the motivation behind this special issue. This special issue will focus on novel and functional ways to improve wireless network security. Papers that do not focus on wireless network security will not be reviewed. Specific areas of interest in WLANs, WPANs, WMANs, and WWANs include, but are not limited to:
- Attacks, security mechanisms, and security services
- Authentication
- Access control
- Data confidentiality
- Data integrity
- Nonrepudiation
- Encryption and decryption
- Key management
- Fraudulent usage
- Wireless network security performance evaluation
- Wireless link layer security
- Tradeoff analysis between performance and security
- Authentication and authorization for mobile service network
- Wireless security standards (IEEE 802.11, IEEE 802.15, IEEE 802.16, 3GPP, and 3GPP2)

For more information, please see http://www.hindawi.com/journals/wcn/si/wns.html.

International Journal on Information and Computer Security (IJICS), Special Issue on Nature-Inspired Computation in Cryptology and Computer Security, October 2006. (Submission due 30 September 2005) [posted here 5/30/05]

Guest editors: John A. Clark (York University, UK) and Julio Cesar Hernandez (Universidad Carlos III de Madrid, Spain)

Techniques taken from the field of nature-inspired computation (e.g. Genetic Algorithms, Genetic Programming, Simulated Annealing, and Artificial Immune Systems) are steadily gaining ground in the area of cryptology and computer security. In recent years, nature inspired algorithms have been proposed, for example, for the design and analysis of a number of new cryptographic primitives, ranging from pseudorandom number generators to block ciphers, in the cryptanalysis of state-of-the-art cryptosystems, in the design of security protocols and in the detection of network attack patterns, to name but a few. There is a growing interest from the cryptographic and computer security communities towards nature-inspired techniques. This has occurred partly as a result of these recent successes, but also because the nature of systems is changing in a way which means traditional computer security techniques will not meet the full range of tasks at hand. The increasing distribution, scale, autonomy and mobility of emerging systems is forcing us to seek inspiration from nature to help deal with the challenges ahead. There is a general feeling that the area is ripe for further research, with dedicated conference sessions only beginning to emerge (e.g. the Conference on Evolutionary Computation special sessions in 2003, 2004 and 2005). This special issue of the IJICS solicits the submission of research papers in this general area. Suitable topics include (but are not limited to) the use of nature-inspired techniques for:
- Intrusion detection
- System security management
- Security authentication technologies
- The design of cryptographic primitives
- The cryptanalysis of stream, block and public key encryption algorithms (and other security-related algorithms, e.g. watermarking algorithms)
- The design or analysis of security protocols

For more information, please see http://www.cs.york.ac.uk/security/NatureInspiredSecuritySpecialIssue.html.

International Journal of Information and Computer Security, Special Issue on Systems Assurance, 2006. (Submission due 15 September 2005) [posted here 8/27/05]

Guest editor: Steve J. Chapin (Syracuse University)

Systems Assurance comprises related areas of computer security, information assurance, public policy, management, communications, and complex systems. In this context, “system” means more than computer systems; it denotes a large-scale, complex system that is critically affected by human action. While classic technical approaches to computer security play a role in systems assurance, they are only a part of a holistic approach to real solutions. Topics of interest include, but are not limited to:
- Trust in large-scale systems
- Formal models of complex systems
- Policy management
- Distributed system security
- Autonomic systems and computing
- Economics models of complex systems
- Assurance in decentralized (e.g., peer-to-peer) systems
- Information assurance and public policy
- Management of assured systems
- Building trustworthy systems from untrusted components
- Reputation management
- Artificial life concepts in system assurance

For more information, please see http://www.inderscience.com/ijics.

Journal of High Speed Networking, Special issue on Managing Security Polices: Modeling, Verification and Configuration, February/March 2006. (Submission due 1 September 2005) [posted here 6/9/05]

Guest editors: Ehab Al-Shaer (DePaul University), Clifford Neuman (University of Southern California), Dinesh C Verma (IBM Watson Research Center), Hong Li (Intel IT Research), and Anthony Chung (DePaul University)

The importance of effective network security policy management has been significantly increasing in the past few years. Network security perimeter devices such as Firewalls, IPSec gateways, Intrusion Detection and Prevention Systems operate based on locally configured policies. However, the complexity of managing security polices, particularly in enterprise networks that usually have heterogeneous devices and polices, has become a main challenge for deploying effective security. Yet these policies are not necessarily independent as they interact with each other to form the global security policy. It is a common practice to configure security policies on each of the perimeter devices manually and in isolation from each other due to different administrative domains, roles and personnel, among other reasons. As a result, rule conflicts and policy inconsistencies may be introduced in the system, leading to serious security breach and network vulnerability. Moreover, enterprise networks continuously grow in size and complexity, and they are in a constant state of change (in topologies, devices, protocols, and vulnerabilities), resulting in frequent changes in security policies. All these make policy enforcement, modification, verification, and evaluation intractable tasks.

This special issue is seeking solutions that offer seamless policy management with provable security in heterogeneous multi-vender network security environments. This special issue solicits original and unpublished contributions addressing security policy management issues. Topics of particular interest are automated policy management, dynamic policy-based security, security policy verification and distribution, and policy unification that improve the state-of-the-art in this area. Examples of selected topics include but are not limited to:
- Policy modeling and verification using formal methods
- Conflict discovery and resolution
- High-speed security policy analysis
- Frameworks for policy testing, assessment, comparison and evaluation.
- Dynamic policy-based security management
- Adaptive security polices
- Policy visualization
- Distributed policy editing, delegation and distribution
- Policy translation: from high-to-low level and vice versa
- Data mining for policy inspection, evaluation and enhancement
- Policy-management for wireless and mobile networks
- Novel policy management architectures
- Automatic security policy management in heterogonous network environment
- Implementation and Case Studies of Security Policy Management System
- Management of Interactions between Security Policies and other policies.
- Security policy languages and management for multi-device, multi-protocol and multi-vendor
- System intelligence to enable automated policy management: monitoring, event/data correlation and root-cause analysis

For more information, please see http://www.mnlab.cs.depaul.edu/events/JHSN-policy/.

IEEE Journal on Selected Areas in Communications, High-speed Network Security -- Architecture, Algorithms, and Implementation, 4th Quarter 2006. (Submission due 1 September 2005) [posted here 1/12/05]

Guest editors: H. Jonathan Chao (Polytechnic University), Wing Cheong Lau (Qualcomm), Bin Liu (Tsinghua University), Peter Reiher (University of California at Los Angeles), and Rajesh Talpade (Telcordia Technologies)

While the recent proliferation of broadband wireline and wireless networking technologies have substantially increased the available network capacity and enabled a wide-range of feature-rich high-speed communication services, security remains a major concern. Large-scale, high-profile system exploits and network attacks have become common recurring events that increasingly threaten the proper functioning and continual success of the communication infrastructure and services. One key aspect of mitigating such increasing threats is to develop new security/defense architectures, systems, methodologies and algorithms which can scale together with the communications infrastructure in terms of operating speed, operational simplicity and manageability, etc. The aim of this issue is to bring together the work done by researchers and practitioners in understanding the theoretical, architectural, system, and implementation issues related to all aspects of security in high-speed networks. We seek original, previously unpublished and completed contributions not currently under review by another journal. Areas of interest include but are not limited to the following topics related to high-speed network security:
- High-speed Intrusion Detection, Prevention (IDS/IPS) Systems, and malicious behavior detection
- High-speed Distributed Denial of Service (DDoS) attacks, prevention and defense systems
- High-speed network monitoring, metering, traceback and pushback mechanisms
- High-speed firewall, packet filtering and cross-layer defense coordination
- Support of authentication, confidentiality, authorization, non-repudiation in high-speed networks
- Security group communications/multicast
- Secure and scalable content-delivery networks
- Support for automated security policy configuration and realization
- Forensic methodologies for high-speed networks
- Automated attack characterization and containment in high-speed networks
- Testbeds for high-speed network security

For more information, please see http://www.argreenhouse.com/society/J-SAC/Calls/network_security.html.

International Journal of Wireless and Mobile Computing (IJWMC), Special Issue on Security of Computer Network and Mobile Systems, Issue 1, 2006. (Submission due 30 June 2005) [posted here 2/14/05]

Guest editors: Feng Bao (Institute for Infocomm Research, Singapore), Colin Boyd (QUT, Australia), Dieter Gollmann (TU Hamburg, Germany), Kwangjo Kim (ICU, Korea), Kaoru Kurosawa (Ibaraki Univ., Japan), Masahiro Mambo (Tsukuba Univ., Japan), Chris Mitchell (RHUL, UK), Yi Mu (Univ. of Wollongong, Australia), Phillip Rogaway (UC Davis, USA), Willy Susilo(Univ. of Wollongong, Australia), Vijay Varadharajan (Macquarie Univ., Australia), Moti Yung (Columbia Univ., USA), and Fangguo Zhang (Sun Yat-Sen Univ., China)

Computer networks play an important role on connecting resources and people. Advances of computer technology have been pushing forward computer networks for high speed and broad bandwidth. Security must be enforced to suit the emerging technologies. With the emergence of wireless technologies, such as IEEE 802.11 and Bluetooth, mobile users are enabled to connect to each other wirelessly. It can be realized with or without any networking infrastructure (ad-hoc mode). Wireless access networks are rapidly becoming a part of our everyday life. However, the security concerns remain a serious impediment to widespread adoption. The underlying radio communication medium for wireless network provides serious exposure to attacks against wireless networks. Research on security in computer networks and mobile systems covers many issues. There are many open issues to be solved. Areas of interest for this special journal issue include, but are not limited to, the following topics:
- Ad hoc network security
- Authentication in network and wireless systems
- Cryptographic algorithms and applications
- Denial of service
- Distributed system security
- Encryption in network and wireless systems
- Fast cryptographic algorithms and their applications
- Firewall and distributed access control
- Identity-based cryptography in network and mobile applications
- Intrusion Detection and Response
- Key management
- Multicast security
- Mobile Communications Security
- Privacy Protection
- Wireless security and algorithms
- Secure routing protocols
- Security in Peer-to-Peer networks

For more information, please see http://www.sitacs.uow.edu.au/ijwmc/.

IEEE Internet Computing   Special Security for P2P and Ad Hoc Networks Issue, November/December 2005. (Submission due 1 April 2005) [posted here 11/14/04]

Guest editors: Shiuhpyng Shieh (National Chiao Tung University) and Dan Wallach (Rice University)

As the number of individual computing devices and the demand for mobility continue to grow, peer-to-peer (P2P) systems and ad hoc networks will become increasingly popular.  Indeed, they are likely to become integral to the future computing and networking infrastructure.

P2P systems create application-level virtual networks with their own routing mechanisms; they enable large numbers of computers to share information and resources directly, without dedicated central servers. Ad hoc networks allow mobile hosts, mobile devices, and sensor nodes to communicate when no fixed infrastructure is available.

Although P2P systems and ad hoc networks make communication and resource sharing more convenient, however, they also introduce new security challenges due to inherent aspects such as dynamic topologies and membership, unreliability, severe resource constrains, and the absence of a trusted infrastructure.

To explore these issues, IC invites contributions for a special issue on security for P2P and ad hoc networks. Appropriate topics include, but are not limited to:
- key management,
- authentication,
- access control,
- privacy and anonymity,
- secure routing,
- secure MAC protocols,
- performance and security trade-offs,
- intrusion detection and tolerance, and
- denial of service.

For more information, please see http://www.computer.org/internet/call4ppr.htm.

Digital Crime and Forensic Science in Cyberspace   Call for Chapter Proposals. (Submission due 5 January 2005) [posted here 12/13/04]

For more information, please see http://www.di.uoa.gr/~nkolok/Idea.html.

IEEE Internet Computing   Special Homeland Security Issue November/December 2004. [posted here 02/18/04]

Guest Editors

    Michael Reiter - Carnegie Mellon University
    Pankaj Rohatgi - IBM T.J. Watson Research Center

"Homeland security" is a major concern for governments worldwide, which must protect their populations and the critical infrastructures that support them, including power systems, communications, government and military functions, and food and water supplies. In this special issue, we seek contributions describing the role of Internet and information technologies in homeland security, both as an infrastructure to be protected and as a tool for enabling the defense of other critical infrastructures.

On one hand, information technology can be used for mitigating risk and enabling effective responses to disasters of natural or human origin. However, its suitability for this role is plagued by questions ranging from dependability concerns to the risks that some technologies -- surveillance, profiling, information aggregation, and so on -- pose to privacy and civil liberties.

On the other hand, information technology is itself an infrastructure to be protected. This includes not only the Internet infrastructure but also the complex systems that control critical infrastructure such as energy, transportation, and manufacturing. While control systems have traditionally been proprietary and closed, the trend toward the use of standard computer and networking technologies coupled with the use of more open networks for communication makes these systems increasingly vulnerable to catastrophic attacks and failures.

We invite researchers and information technologists to submit original articles on the use of Internet and information technologies for homeland security and on the protection of critical technology assets. Of particular interest are articles that describe technology within the context of an actual deployment or initiative in homeland security. Indeed, articles focusing on these larger initiatives or the policy debates surrounding them are also welcome, provided that they offer a strong technology component. Articles detailing technology without a compelling application to homeland security are discouraged. Commercial advertisements will be rejected.

Relevant topics include, but are not limited to:

    * Identification, authentication, biometrics, and access Control;
    * Survivable/rapidly deployable emergency command and control infrastructure;
    * Risk assessment and recovery planning;
    * Sensor network based early-warning systems;
    * Surveillance, data aggregation, and mining technologies and associated privacy issues;
    * Controlled sharing of sensitive information among organizations;
    * Information and cybersecurity;
    * High-availability, resilient, and survivable infrastructure design; and
    * Detection and response to vulnerabilities and attacks on the Internet and on IT components in critical infrastructure.

For more information, please see http://www.computer.org/internet/call4ppr.htm
 
 

IEEE Computer special issue on high-speed Internet security, Editors: Simon Shim (San Jose State University), Li Gong (Sun Microsystems), Avi Rubin (The Johns Hopkins University), and Linley Gwennap (the Linley Group). (submissions due January 5, 2004) [posted here 8/27/03]

The growth of high-speed Internet service has strained the limits of existing network security measures. The CERT Coordination Center of the Software Engineering Institute at Carnegie Mellon University indicates that the number of reported security-breach incidents in the first half of 2003 climbed to 76,404-compared to the 82,094 incidents reported for the entire year in 2002. The IEEE Computer special issue will focus on strategies for maintaining robust security standards in ever-faster network environments. Proposed topics include but are not limited to Internet security architecture, security servers, virtual private networks, grid computing security, and XML security. In addition to papers on these topics, Computer solicits case studies and first-hand experiences with high-speed Internet security solutions. Submission guidelines are available at www.computer.org/computer/author.htm. Send inquiries to the guest editors at sishim@email.sjsu.edu, li.gong@sun.com, rubin@jhu.edu, and linleyg@linley group.com. Send .pdf files by 5 January 2004 to computer-ma@computer.org.

Journal of the Association for Logic Programming, TPLP Special Issue on Specification, Analysis and Verification of Reactive Systems, Editors: Giorgio Delzanno (University of Genova, Italy), Sandro Etalle (University of Twente and CWI Amsterdam, the Netherlands), and Maurizio Gabbrielli (University of Bologna, Italy). (submissions due November 15, 2003) [posted here 8/16/03]
The huge increase in interconnectivity we have witnessed in the last decade has boosted the development of systems which are often large-scale, distributed, time-critical, and possibly acting in an unreliable or malicious environment. These systems require solid formal techniques for their specification, analysis and verification. The topics of interest include but are not limited to: Specification languages and rapid prototyping, Analysis, and Validation, as applied to Security, Mobility, Interaction, and Open and Parameterized Systems. More details on the topics of interest can be found at a www.cs.utwente.nl/~etalle/specialissue.html.

Journal of Digital Libraries (JDL), Special Issue on Security, Editors: Vijay Atluri (Rutgers University, atluri@andromeda.rutgers.edu) and Indrakshi Ray (Colorado State University, iray@cs.colostate.edu). (submissions due November 1, 2003) [posted here 7/2/03]
Recent technological advancements have resulted in a phenomenal growth in digital libraries. Often, professionals in the government, military, and commercial sectors make critical decisions based on data obtained from digital libraries. These users rely on the correctness, availability, and secrecy of the data stored in digital libraries. Consequently, security issues are of great concern to both researchers and practitioners involved with digital libraries. Recognizing the importance of the research in this area, "The International Journal on Digital Libraries" is organizing a special issue on security. The primary focus of this special issue will be on high-quality original unpublished research, case studies, as well as implementation experiences in the area pertaining to security issues in digital libraries. Suggested topics include but are not limited to:
    - Authorization and Access Control                        - Digital Watermarking
    - Authentication                                                        - Electronic Payment
    - Encryption technologies for digital libraries      - Intellectual Property Protection
    - Key management in digital libraries                     - Multimedia Security
    - Computer Security and Public Policy                  - Privacy and Anonymity
    - Copy Protection and Prevention                           - Security Management
    - Data/System Availability                                        - Steganography
    - Data/System Integrity                                             - Usage Accounting
More information about the journal can be found at http://cimic.rutgers.edu/~jdl/.

IEEE Security & Privacy, George Cybenko, Editor. Theme: Understanding Privacy, Nov/Dec 2003 Issue. (submissions due July 31, 2003) [posted here 3/20/03]
Privacy is a growing concern in today's networked world. The Nov./Dec. issue of IEEE Security & Privacy will be devoted to privacy—its technological, commercial, and social aspects. Papers dealing with the following privacy-related topics are welcome:
  - identity theft and related abuses;
  - consumer and business practices and trends affecting privacy;
  - information ownership, competing claims, unresolved ambiguity;
  - legal and criminal issues;
  - privacy leakage case studies;
  - relationships and trade-offs between security and privacy;
  - privacy-enhancing technologies;
  - relationships between privacy management and digital rights management;
  - formal models and definitions of privacy; and
  - database issues in privacy protection.
Feature articles should be no longer than 6,000 words (tables and figures count as 250 words each). Be sure to include all author names, professional affiliations, mailing addresses, daytime telephone numbers, and email addresses. Send one word-processed file and one PostScript or PDF file to security@computer.org.

FORMATEX, a Spanish technological organization, in collaboration with the Computer Science and Physics Department of the University of Extremadura (Spain) is now editing a volume within our Information Society book series, on Techno-Legal aspects of Information Society. Some of the topics covered by this edition are: Security of Information Systems, Networking, E-commerce, Networks and Liberties, Informatic crimes, Public security vs. secret communications, Legal protection of software and digital contents, Digital Libraries, Rights Management in the Digital Era, Electronic signature, Electronic means of payment, Ethical issues, Law and Computer Science, Cryptography, Legal Expert Systems, Teleworking, e-Government, Cybersquatting, Typosquatting etc, Domain names and Trademarks, Thesaurus and documental techniques, Law Databases, Law in Internet. The Call for Papers' website is available at www.formatex.org/isbook/callforpaper.htm with details on deadlines, manuscripts format, etc. Submissions are due November 25, 2002.

IEEE Journal on Selected Areas in Communications, Special issue on Design and Analysis Techniques for Security Assurance.  Publication: 1st quarter 2003.  Editors: Li Gong (SUN Microsystems), Joshua Guttman (The MITRE Corp), Peter Ryan (Carnegie Mellon University), and Steve Schneider (University of London).  Submission deadline is March 1, 2002.   [posted here 7/26/01]
Information security plays a dominant and increasingly critical role in society. It is therefore essential that we have effective tools and techniques to design and evaluate secure systems and demonstrate that they meet their security requirements. The application of rigorous methods to the specification, modeling, analysis, and design of security-critical systems has made considerable strides in recent years, and the field is rapidly gaining in maturity. The scope of this issue will range over all rigorous, mathematically well founded, approaches to all aspects of security system development. This issue is intended to gather together the leading edge approaches in this area. Papers are solicited in the following areas:
     * Security protocol analysis
     * Computer security models and policies
     * Information flow
     * Secure architectures
     * Mobility
     * Tools for security analysis
     * Languages
     * Logics
     * Static/typechecking techniques
     * Smartcards
Original, unpublished contributions and invited articles will be considered for the issue. The paper should be no longer than 20 double-spaced pages, excluding illustrations and graphs and follow the IEEE J-SAC manuscript format described in the Information for Authors. Authors wishing to submit papers should send an electronic version (postscript or PDF files ONLY) to Steve Schneider at S.Schneider@rhul.ac.uk by March 1, 2002. 

Information and Security: An International Journal.  Special issue on agent-based technologies.  Publication:  May 31, 2002.  Editor:  Petya Ivanova (Center for National Security and Defense Research, Bulgarian Academy of Sciences).  Submission date:  abstract and intent to submit a paper - February 28, 2002; final papers - March 31, 2002.   [posted here 2/12/02]
The field of autonomous agents and multi-agent systems is an exciting and rapidly expanding area of research and development. In the last few years, there has been a growing interest in the application of agent-based systems to various security-related and military domains. In this special issue of Information & Security we shall present the results achieved in this area, discuss the benefits (and drawbacks) that agent-based systems may bring to the military and the broader security community, and provide a list of research and practical challenges that should be tackled in the near future so that the full potential of agent-based systems is realized. Topics include, but are not limited to:
   - General and specific architectures of agents in different settings and environments
   - Cooperation and competition; coordination and collaboration 
   - Negotiation, consensus development, conflict detection and resolution 
   - Communication protocols and languages (communication standards) 
   - Intelligent cognitive activities jointly realized by multiple agents, e.g., distributed problem solving, planning, learning, and decision making 
   - Emergent behavior and organizational intelligence 
   - Organizational structuring and dynamics 
   - Mobile agents as general-purpose framework for distributed applications 
   - Performance issues; security, reliability, and robustness 
   - Agents and the interoperability of heterogeneous systems 
   - Human-agent interaction and interfaces 
   - Architectures, environments and languages for mobile and secure information services 
   - Agent capability requirements in military applications
We intend to present successful applications of agents and multi-agent systems in the following domains:
   - Military decision support systems and complex problem-solving 
   - Military training and education 
   - Collection and organization of knowledge available on the Internet 
   - Information retrieval, dissemination, and monitoring across multiple applications
For instructions and additional information on manuscript preparation, see: www.isn.ethz.ch/publihouse/InfoSecurity. Questions can be addressed to infosec@mbox.digsys.bg.

Computer Communications, Special issue on Network Security. Publication: spring 2002.  Editors: Brian Neil Levine, University of Massachusetts, and Clay Shields, Purdue University.  Submission deadline is October 5, 2001.   [posted here 2/20/01]
The Internet has become the cornerstone for the proliferation of networking technology. The quality of the security and privacy of the services, protocols, and infrastructure that make up the Internet is a key factor in its continued growth and survivability. This special issue will collect and archive the state of the art in Network Security for existing and future network technologies, publishing research that explores: The security of infrastructure and systems that form the network (such as routers, application-level proxies, and servers); The security of protocols and services that work end-to-end (such as DNS, HTTP, multimedia conferencing and virtual environments, and e-commerce); Protocols that protect the privacy of users on the network. An emphasis on deployable systems and the inclusion of an analysis of their network performance in the presence of security mechanisms is ideal. Areas of interest include, but are not limited to:
   -  Network privacy and anonymity 
   -  Multicast and group-communication security
   -  Intrusion detection and response
   -  Network traceback 
   -  Integrating security in Internet protocols 
   -  Security analysis of Internet protocols 
   -  Network performance evaluation of network security protocols;
   -  Denial-of-service attacks and counter measures 
   -  Virtual private networks 
   -  Security for wireless networks and technologies 
Through the publication of this special issue, we wish to bring together researchers from the security and networking communities that have not previously had a common forum in which to share methodologies and techniques.  Instructions for submitting a paper are given at signl.cs.umass.edu/comcom.  Information on Computer Communications can be found at www.troubador.co.uk/comcom/fp.htm and www.troubador.co.uk/comcom/fp.htm.

 

IEEE Internet Computing, Special Issue on Peer-to-Peer Networking.  Guest editor: Li Gong, Sun Microsystems.  Publication date: January/February 2002.  Submissions due June 1, 2001.   [posted here 2/20/01]
The term peer-to-peer networking is applied to a wide range of technologies that greatly increase the utilization of information, bandwidth, and computing resources in the Internet. Frequently, these P2P technologies adopt a network-based computing style that neither excludes nor inherently depends on centralized control points. Apart from improving performance in terms of information discovery, content delivery, and information processing, such a style also can enhance the overall reliability and fault-tolerance of the computing system. This special issue of Internet Computing will showcase significant developments in the general area of peer-to-peer networking. Topics of interest include (but are not limited to):
     1. Peer naming, discovery, and organization 
     2. Peer-based communication and information sharing 
     3. Systems support for peer-to-peer networking 
     4. Security support for peer-to-peer networking 
     5. Peer-based network infrastructure including operating systems 
     6. Peer-based services and applications
Ideally, submissions will report advances that (a) use a simple and elegant solution to solve a seemingly complicated problem, (b) have a solid theoretical foundation but a realistic implementation path, and (c) are readily deployable over currently existing Internet infrastructure. We discourage strictly theoretical or mathematical papers on modeling of peer-to-peer computing. If you are uncertain about your submission in terms of scope, please provide an abstract to the guest editor for clarification before submission.  (note: the complete call for papers has not been posted on the IEEE web site yet.  We will update this Cipher entry when the URL is known.  In the interim, you may choose to contact the guest editor, Dr. Li Gong at li.gong@sun.com)

IEEE Computer, Special issue on embedded system security.  Guest editors: William A. Arbaugh, University of Maryland, and Leendert Van Doorn, IBM Research.  Submission deadline is March 15, 2001.   [posted here 12/18/00]
Embedded systems range from personal digital assistants to disk controllers and from home thermostats to microwave regulators.  These near-ubiquitous devices are often networked and thus present security challenges similar to those already of concern on the Internet.  This special issue will consider the security and privacy that networked embedded systems present.  Submissions are sought on all topics relating to embedded system security including risk analysis, privacy issues, software security architectures, security requirements for embedded operating systems, embedded cryptographic devices, using embedded devices to build secure systems, and secure firmware upgrades.  For further information see www.cs.umd.edu/~waa/ieee-cfp.html.

Internet Computing , Call for papers on "Widely Deployed Internet Security Solutions", November/December 2000, Guest Editors: Li Gong and Ravi Sandhu. (Submissions due: April 28, 2000)  [posted here January 28, 2000].
The goal of this special issue is two-fold. One is to reflect on security technology that have made into mainstream products and have been widely deployed within the past decade. An interesting perspective is why these solutions were picked over other competing solutions and what made them more attractive and acceptable. The other part of the goal is to access the state of the art in security research and technology with the hope that these investigations point to what may be deployed in the next decade. Topics of Interest include (but are not limited to) descriptions of and perspectives (historic, legal, etc.) on:
              *  Security solutions that are widely deployed 
              *  Security solutions that were once fashionable but no longer in use 
              *  Prevailing security solutions that are becoming obsolete 
              *  Emerging security solutions that are likely to be widely deployed 
We welcome submissions regarding security solutions covering all aspect of computing, including operating systems, networking, databases, distributed systems, human-computer interaction, the web, the Internet, information appliances, and wireless communication. However, we discourage abstract theory/idea papers, especially pure cryptography theory or crypto protocol papers. Our focus is on security solutions that were, are, or will be widely deployed.  Submission instructions can be found on the journal web page at church.computer.org/internet/call4ppr.htm.

 

IEEE Software, Call for Articles & Reviewers, Malicious Information Technology: The Software vs. The People Publication: Sept./Oct. 2000. Guest Editors: Nancy Mead (nrm@sei.cmu.edu) and Jeffrey Voas (jmvoas@rstcorp.com). (Submissions due: April 1, 2000) [posted here November 3, 1999].
Software was intended to improve the quality of human life by doing tasks more quickly, reliably, and efficiently. But today, a "software vs. people" showdown appears eminent. Software is increasingly becoming a threat to people, organizations, and nations. For example, the spread of the Melissa virus illustrates the ease with which systems can be penetrated and the ubiquity of the consequences; the Melissa virus caused many companies to shut down their EMail systems for days or even weeks. The origin of these threats stems from a variety of problems. One problem is negligent development practices that lead to defective software. Security vulnerabilities that occur as a result of negligent development practices (e.g., commercial Web browsers allowing unauthorized individuals to access confidential data) are likely to be discovered by rogue individuals with malicious intentions. Other security vulnerabilities are deliberately programmed into software (e.g., logic bombs, Trojan Horses, and Easter eggs). Regardless of the reason why information systems are vulnerable, the end result can be disastrous and widespread. Because of the increased danger that malicious software now poses, we seek original articles on the following specific issues:


 

*  Intrusion detection


 

*  Information survivability


 

*  Federal critical infrastructure protection plans


 

*  Federal laws prohibiting encryption exports vs. US corporations


 

*  State-of-the-practice in security testing


 

*  The Internet's "hacker underground"


 

*  Corporate information insurance


 

*  Penalties for those convicted of creating viruses


 

*  Case studies in information security and survivability

Authors: Submit one electronic copy in RTF interchange or MS-Word format and one PostScript or PDF version to the magazine assistant at software@computer.org. Articles must not exceed 5,400 words including tables and figures, which count for 200 words each. For detailed author guidelines, see www.computer.org/software/edguide.htm. Reviewers: Please e-mail your contact information and areas of interest to a guest editor.

 

Journal of Theoretical Computer Science, special issue on Dependable Computing. Guest Editor: Gilles Motet. (Submissions due: December 20, 1999) [posted here October 15, 1999].
Papers should be sent as attached rtf, postscript or pdf files to Guest Editor: Gilles Motet / LESIA DGEI, INSA, 135, avenue de Rangueil / 31077 Toulouse cedex 4 / France. Email: Gilles.Motet@insa-tlse.fr. More information can be found at: wwwdge.insa-tlse.fr/~lesia/tcs-call-for-paper.html.

 

Computer Communications Journal, special issue on Advances in Research and Application of Network Security, first quarter 2000. Guest Editors: Dr. M. Merabti (John Moores University, UK), Dr. Q. Shi (John Moores University, UK), and Dr. Rolf Oppliger (Swiss Federal Office of information Technology & Systems) (full papers due September 1, 1999) [posted here June 15, 1999].
The special issue aims to publish original research results of both theoretical and practical significance. Topics of interest include, but are not limited to

  • Security architectures and protocols

  • Intrusion detection

  • Authentication and key management

  • Authorisation and access control

  • Secure electronic commerce

  • Privacy and anonymity

  • Mobile code and web security

  • Mobile communication security

  • Security analysis

The deadline for receipt of four copies of full manuscripts is September 1, 1999. Please, refer to URL www.crlpublishing.co.uk/crl/COMCOM/fp.htm#anchor448658 to get further information.

 

International Journal of Computer Systems: Science & Engineering Special Issue on Developing Fault-Tolerant Systems with Ada. (Abstracts due June 1, 1999; full papers due: June 15, 1999) [posted here: 2/5/99].
An electronic version of the abstract is to be sent to A. Romanovsky at: alexander.romanovsky@ncl.ac.uk (phone:+44 191 222 8135; fax: +44 191 222 8232) by June 1, 1999. Full submissions are to be forwarded by June 15, 1999 to one of the guest editors (electronic submissions are encouraged): A. Romanovsky or A.J. Wellings at andy@minster.cs.york.ac.uk More information: www.cs.ncl.ac.uk/people/alexander.romanovsky/home.formal/ftada.html.

 

ACM Transactions on Software Engineering and Methodology Special issue on Software Engineering and Security. Guest Editors: Premkumar Devanbu (devanbu@cs.ucdavis.edu, UC Davis) and Stuart Stubblebine, (stubblebine@cs.columbia.edu). (DEADLINE EXTENDED TO JUNE 1, 1999) [posted here: 12/14/98].
Software system security issues are no longer only of primary concern to military, government or infrastructure systems. Every palmtop, desktop and TV set-top box contains or will soon contain networked software. This software must preserve desired security properties (authenticity, privacy, integrity) of activities ranging from electronic commerce, electronic messaging, and browsing. From being a peripheral concern of a limited and specialized group of engineers, security has become a central concern for a wide range of software professionals. In addition, software is no longer a monolithic shrink-wrapped product created by a single development organization with a well-defined software process. Instead, it is composed of components constructed by many different vendors following different practices. Indeed, software may even contain elements that arrive and are linked in just prior to execution. Customers need assurance that constituent components and mobile code have certain desirable properties; this need conflicts with the need for vendors to protect their proprietary information. The issue of providing assurance without full disclosure has been studied in security research, and needs to be applied to this problem. To provide a focus for these and other interactions between security and software engineering, ACM TOSEM will bring out a special issue dedicated to the intersection of concerns between the two fields. We solicit submissions that address the following issues and sub-areas:

  • How can security be used to address problems in distributed software development? How does one build trust and control in the distributed enactment of software processes while protecting intellectual property?

  • Trust in software process; Trust in software tools; Trusted (distributed) configuration management.

  • Can conventional, standard software engineering techniques be used to achieve verifiably higher levels of security in heterogeneous, distributed systems? What new software engineering techniques are needed?

  • Formal Verified implementations of security protocols; Traceability of correctness into implementation; Testing of security protocols; Specification of Secure Systems; Domain specific languages for Secure systems; Static/Dynamic Analysis for System Security; Security Testing (property-based, coverage-based, etc.); Configuring trusted systems; Evolving Legacy Systems for greater security.

  • Intellectual Property Protection: can security techniques be used to protect the valuable investments in software?

  • Reverse engineering counter measures; Software watermarking and copy protection; Combination Software and Hardware-based techniques.

Additional information about submitting papers can be found at www.cs.columbia.edu/~stu/tosem.html.

 

IEEE Network Magazine, Special Issue on Network Security (Nov/Dec 1999). Guest Editors: Bulent Yener, Bell Labs, Lucent Technologies (yener@research.bell-labs.com), and Patrick Dowd, Laboratory for Telecommunications Sciences, United States Department of Defense (p.dowd@ieee.org). (Submission deadline: June 1, 1999) [posted here: 3/15/99].
Network and Internet security has become a crucial requirement for both users and service providers. The Internet is a commercial infrastructure where sensitive and confidential personal and business data are carried over public networks. Although security is often treated as an after-thought, this attitude is changing. Security within an application needs to be considered as a fundamental element of the application, treated analogously to Quality of Service (QoS) considerations. Security is often viewed as a one-size-fits-all paradigm, but this is difficult to sustain due to the eclectic collection of communications mediums that compose the Internet infrastructure. The danger of a cookie-cutter strategy is that security will contend with performance since it is not suited to the environment. As the QoS requirements of applications and the physical layer properties internetworking become more diverse, agile but robust and consistent security solutions are needed. This is difficult, since custom solutions typically have difficulty surviving in a mass market, yet flexibility is needed for security use to become ubiquitous. We are interested in tutorial-oriented research papers that describe real services, software systems and experiments. Work-in-progress papers describing the state of on-going research projects in Internet security are encouraged. Research papers should demonstrate the feasibility of the approach and describe the state of realization. Case studies and applied papers should discuss the key factors that made the system work and should also mention the pitfalls and problems encountered and how they may be overcome. Topics of interest include:


 

* Intrusion detection

* Authentication


 

* Mobile code and agent security

* Privacy and anonymity


 

* Key management

* Access control and Firewalls


 

* Wireless, mobile network security

* Secure multicasting


 

* Data integrity

* Security verification


 

* Security protocols

* Policy modeling


 

* Commercial security

* Electronic commerce


 

* Security management


 

If you are unsure if your work falls within the scope of this special issue, please send an abstract to one of the guest editors. We would be happy to review it and provide feedback. Complete details on how to submit a paper are provided at www.comsoc.org/socstr/techcom/ntwrk/special/yener_dowd.html.

 

 

IEEE Internet Computing, Special Issue on Survivable, High-Confidence Distributed Systems (November/December 1999). Guest Editor: Mike Reiter, Bell Labs (reiter@research.bell-labs.com) (Submission deadline: 12 May 1999) [posted here: 3/1/99].
As the world moves toward increasing reliance on computing networks, it is essential to find ways of building distributed systems that perform reliably under a wide range of circumstances that may include both accidents and malicious attacks. A "survivable" system is one that can make meaningful progress even when some (human or computer) components fail to behave as expected, and particularly when they behave in a way as to undermine the correct operation of the system as a whole. Survivable systems may combine techniques for detecting, masking, and adapting to such failures and attacks, at the network level, a middleware layer, or in the higher-level distributed application of interest. This issue examines the state of the art in the design, implementation, and analysis of survivable distributed systems and networks. Topics of interest include, but are not limited to:

  • Survivable networking infrastructures and routing protocols

  • Distributed algorithms for surviving attacks on system components

  • Tools and middleware for simplifying the development of survivable distributed systems

  • Survivable data storage and dissemination

  • Application-specific survivability techniques, e.g., in the arenas of electronic commerce or electronic voting

  • Case studies demonstrating survivability characteristics (or the lack thereof) of critical systems

  • Enhancing the survivability of legacy systems

  • Techniques for evaluating the survivability of a system

  • Achieving failure diversity in a monocultural system, i.e., one with a common

  • computing platform/OS throughout

  • Survivable applications built on untrustworthy platforms

Acceptable papers can describe novel scientific advances in survivability, document experiences in developing or deploying survivable systems, or provide a survey of the state of the art in this area. The call-for-papers is located at www.computer.org/internet/call4ppr.htm.

 

A special issue of IEEE Transactions on Software Engineering , Special Issue on Current Trends in Exception Handling, (abstracts due: February 15, 1999; papers: March 1, 1999) [posted here December 8, 1998].
This special issue invites papers with focus on research results, experience reports, and brief survey/tutorials on emerging research challenges related to exception handling in (but not limited to) the following areas:

  • Models and paradigms for exception handling

  • Language facilities for exception handling: Functional languages; Procedural languages; OO languages

  • Exception mechanisms and their applications

  • Application specific problems: Asynchronous systems and concurrent programming; Mobile code execution in distributed systems; Real-time and safety critical systems; Databases and transaction management systems; Distributed collaboration systems; Fault-tolerant computing; Security in high confidence systems; Interactive systems; Operating systems and middleware

  • Validation of exception handling: Reasoning about exceptions and their handling in specific application areas; (General) testing techniques for exceptions and their handling

  • Case studies and experiences in large-scale systems

An electronic version of the abstract should be sent to A. Romanovsky at: alexander.romanovsky@ncl.ac.uk Full submissions should be forwarded to one of the guest editors (electronic submissions are encouraged). More information can be found at www.cs.ncl.ac.uk/people/alexander.romanovsky/home.formal/se.html.

 

A special issue of IEEE Journal on Selected Areas in Communications (JSAC) Special Issue on Network Security. Publication date: January, 2000. Guest Editors: Hilarie Orman, Ueli Maurer, Stephen Kent, and Stephen Bellovin. (submissions due: February 5, 1999) [posted here September 16, 1998].
This special issue of JSAC will be devoted to recent research results that describe or forecast significant changes in the feasibility of delivering security solutions (such as major improvements in cryptographic efficiency), or describe progress in areas that have been especially difficult, or are relevant to newer technologies, such as optical or mobile wireless communication. Of special interest are papers that relate their results to use on the Internet today or to use on next generation networks. Papers are solicited in the following areas: Cryptography-based network systems, such as secure private networks and transactional security; Public-key infrastructures; Applying new cryptographic methods to network communication; New cryptographic protocols supporting secure network systems; Anonymous communication; Recent cryptographic theory advances; Optical network security; Mobile wireless network security; Formal analysis of network security systems; Trends in network-based attacks; Secure group communication; Policy expression and enforcement. Papers in strongly related areas, especially those involving novel technologies, are also encouraged. Manuscripts to be considered for submission should be sent by email to Hilarie Orman (ho@cs.arizona.edu) by February 5, 1999. The manuscripts must be in Postscript, viewable in ghostscript, or six copies can be sent by mail; contact Hilarie Orman well prior to the deadline for the mailing address. Please note the IEEE formatting requirements; information for authors can be found at: gump.bellcore.com:5000/Guidelines/info.html The JSAC home page is at gump.bellcore.com:5000.

 

A special issue of IEEE Computer , A baseline on security strategies for the emerging broadband environment. Guest Editors: Dr. Patrick Dowd, and Dr. John McHenry. (submissions due: January 15, 1999) [posted here December 8, 1999].
This special issue will focus attention on the integration of networking and endpoint security. It will pull together both IP and ATM networking security strategies and examine methods that will allow homes and offices to safely explore the opportunities provided by a "connected" environment. Topics including the emerging broadband networking environment, IP and ATM security, integrated security strategies, and security analysis are of particular interest. Only electronic submissions (postscript, Adobe Acrobat, MS Word, or Framemaker) will be considered - paper copies will not be accepted. Please contact one of the guest editors if you have any questions. GUEST EDITORS: Dr. Patrick W. Dowd, University of Maryland, Department of Electrical Engineering, A.V. Williams Building, College Park, MD 20742, and Dr. John McHenry, U.S. Department of Defense, National Security Agency, Suite 6512, Ft Meade, MD 20755-6512.

 

IEEE Communications Magazine Feature Topic Issue on The Provision of Communication Services over Hybrid Networks (publication: July 1999). Guest Editors: Jean-Pierre Hubaux and David Nagel. (submissions due: January 5, 1999) [posted here December 11, 1999].
This Feature Topic Issue is devoted to the architecture and provision of services over hybrid networks. Topics of interest include:

  • Creation of hybrid services

  • Deployment of hybrid services

  • Operation and management of hybrid services

  • Validation of hybrid services

  • Middleware for hybrid services

  • Network planning and dimensioning

  • New hybrid services: access to Internet services from cellular terminals, access to the PSTN from a mobile IP phone, hybrid call centers,...

  • Traffic control and performance issues related to hybrid services

  • Security of hybrid services

  • Billing of hybrid services

  • Hybrid services involving other access networks (cable, ATM, WLANs,...)

  • Mobility-related services

  • Terminals for hybrid services

  • Computer Telephony Integration services

  • Partial replacement of telecom equipment by Internet technology for the control and/or transport of voice services

  • Dependability and scalability of hybrid services

Tutorial and survey papers will be considered for acceptance. Research papers will be considered as well, provided that they are understandable and informative for non specialists of the area covered by this issue. Although the Feature Topic Issue is essentially devoted to technical aspects, prospective authors are also encouraged to address economic and/or regulatory questions. Authors are requested to send e-mail by January 5 to both guest editors (see below), giving a URL where the guest-editors can review the article, preferably in HTML format with GIF artwork (postscript or pdf format is also accepted). Potential authors may wish to consult the author information and guidelines, which are given at pubs.comsoc.org/ci1/. Note: there is currently a call for papers for a joint Feature Topic Issue of Internet IEEE Network and IEEE Internet magazines on Internet telephony, to be edited by Henning Schulzrinne. There are some commonalities between the two Feature Topic Issues. However, the focus of each of them is different, and appropriate coordination efforts will be made to avoid overlaps. Guest Editors: Jean-Pierre Hubaux, Swiss Fed. Inst. of Technology, Lausanne, On leave at the Univ. of California, Berkeley, until January 9, 1999, EECS Dept, 267 Cory Hall, Berkeley,CA 94720, USA, tel: + 1-510-642-9719, fax: + 1-510-642-2845, hubaux@diva.EECS.Berkeley.EDU. And: David Nagel, President, AT&T Labs, AT&T Labs, 295 North Maple Avenue, Basking Ridge, NJ 07920, USA, tel: + 1-908-221-2903, dnagel@att.com.

 

A special issue of Distributed and Parallel Databases: An International Journal Kluwer Academic Publishers, Special issue Editors: Vijay Atluri and Pierangela Samarati. (submissions due: September 30, 1998) [posted here: July 6, 1998]
Recognizing the importance of the research in computer security, Distributed and Parallel Databases: An International Journal is organizing a special issue on security. The primary focus of this special issue will be on high-quality original unpublished research, case studies, as well as implementation experiences in any area of computer and communication security. Suggested topics include but are not limited to: Accounting and Audit, Authorization and Access Control, Authentication, Applied Cryptography, Computer Security and Public Policy, Data/System Integrity, Electronic Commerce and Virtual Banking, Information Warfare, Intrusion Detection, Intellectual Property Protection, Privacy and Anonymity, Security for Digital Libraries, Security in Data and Knowledge Bases, Security in Data Warehouses, Security in Workflow Systems, Security in Mobile and Wireless Systems, Security Management, Secure Networking and Protocols. Manuscripts must be written in English and should include a cover page with title, name and address (including e-mail address) of author(s), an abstract, and a list of identifying keywords. Manuscripts must be submitted as Postscript files via electronic mail to Prof. Vijay Atluri at atluri@andromeda.rutgers.edu. In addition, send five hard copies of your submission to: Melissa Parsons, Journals Editorial Office, Kluwer Academic Publishers, 101 Philip Drive, Norwell, MA 02061, USA; tel: (+1)781-871-6600; fax: (+1)781-878-0449; e-mail: mparsons@wkap.com.

 

A special issue of Software Practice & Experience on Experiences with Computer and Network Security. Guest editor: Gene Spafford (spaf@cs.purdue.edu). (submissions due: July 1, 1998) [Posted here: May 13, 1998]
Contact the editor for submission details. Papers describing both `systems' and `applications' software in any computing environment are acceptable. Typical topics include software design and implementation, case studies, studies describing the evolution of software systems, critical appraisals of systems, and the practical aspects of software engineering. Theoretical discussions can be included, but should illuminate the practical aspects of the work, or indicate directions that might lead to better practical systems. This special issue is specifically devoted to issues of computer and network security software. We are seeking high-quality articles relating to the above-mentioned themes. This includes papers on at least the following topics: access control systems, auditing systems and analysis, misuse and intrusion detection systems, applications of cryptography, secure messaging systems, information protection systems, security of mobile code, security of browsers and related technology, security testing and assurance, firewall construction and testing, experiences with new security programming paradigms, development and experience with "hacking tools", experiences with patching security flaws

 

The Journal of Computer Security, JCS Special Issue on Research in Intrusion Detection. Editor: Phillip A. Porras (porras@csl.sri.com) (Submissions due: July 15, 1998) [posted here: June 29, 1998]
This special issue seeks papers that describe research beyond the scope or orthogonal to what the commercial intrusion-detection community is producing. The intent is to capture results from key efforts in the field, and to understand the directions and motivations that are driving current and future research in this area. Papers are solicited on all aspects of intrusion detection, including the extension of intrusion-detection techniques to new problem domains, as well as the application of other techniques to intrusion detection. A complete list of topics is given in the call-for-papers at www.csl.sri.com/jcs-ids-call.html. Submissions should be received by July 15, but earlier submissions are encouraged. Manuscripts must be in English (dbl-spaced; 12 pt.). Each copy should have a cover page with title, name and address (including e-mail address) of author(s), an abstract of no more than 200 words, and a list of identifying keywords. Editor: Phillip A. Porras / Computer Science Laboratory / SRI International/ 333 Ravenswood Avenue / Menlo Park CA 94025 / phone: 650-859-3232 / fax: 650-859-2844 / porras@csl.sri.com. The Journal of Computer Security is an archival journal published quarterly. Its purpose is to present research and development results of lasting significance in the theory, design, implementation, analysis and application of secure computer systems. The Journal of Computer Security represents today a main forum for ideas about the meaning and implications of security and privacy, particularly those with important consequences for the technical community.

 

IEEE Internet Computing A special issue of IEEE Internet Computing, November/December 1998, (submissions due: May 12, 1998) [Posted here: March 3, 1998]
Executable content systems like Java, DNA (ActiveX), JavaScript, Postscript, Word Macros, and so on have had a fundamental impact on computer security. The very concept of executable content involves fetching and running data from a most-likely untrusted site. Often, this happens behind the scenes without the client being aware of the details. For example, when a Web user requests a page with a Java applet embedded in it, the Java byte code is automatically downloaded and begins to execute on a virtual machine in the user's browser. This special issue will be devoted to security implications of mobile code. In particular, we are interested in articles discussing: Code signing technologies, including models for permissions, capabilities, and principals; Proof-carrying code and security policy resolution; Implications of existing protocols such as SSL on proxy scanning, intrusion detection, and firewalling; Handling denial of service; Design of secure interfaces for devices such as smart cards; Security policy creation and management issues; Injecting security into the software development process. URL for submission process information: computer.org/internet/

 

SIGMBOILE Mobile Computing and Communications Review, Volume 2, Issue 2. (Submissions due: November 15, 1997) [posted here: 10/1/97].
The wireless communication revolution is bringing fundamental changes to telecommunication and computing. Wide-area cellular systems and wireless LANs promise to make integrated networks a reality and provide fully distributed and ubiquitous mobile computing and communications, thus bringing an end to the tyranny of geography. Furthermore, services for the mobile user are maturing and are poised to change the nature and scope of communication. This publication serves to enhance the ability of ACM SIGMOBILE members to keep up-to-date in this rapidly moving field, as well as serve as a major focal point for the discussion of new directions of portable computation and mobile networks for both the research and market-driven communities. Papers on original research are solictited. Please see the complete call for papers for a list of topics of interest. Paper submission will be handled electronically. Authors should Email a PostScript version of their full paper to: editors_sigmobile@acm.org Detailed submission instructions can be found on the MC2R web page http://www.acm.org/sigmobile/MC2R

 

Special Issue of IEEE Personal Communications Magazine on Mobile Systems and the Web (submissions are due November 1, 1997).
The information revolution that the pundits have been predicting seems finally to be upon us. Instantaneous access to information, which has always been dreamed of, is being realized today with the advent of the World Wide Web. Browsing (surfing) the web is becoming an increasingly common activity for computer users from all domains of life. A web browser probably represents the most ubiquitous interface mechanism to computers today, in terms of the number of people who are comfortable in using it. Web access from mobile platforms would truly represent an example of ubiquitous computing, realising the vision of computing anytime, anywhere and by everyone. However, the reality is that HTTP is not a mobile friendly protocol, and extremely wasteful of bandwidth. The current model of browsing the web is also open to criticism along the same lines. In general, the problems are one of resource constrained browsing platforms connecting to the network via thin pipes that are prone to disconnection. To facilitate web browsing from mobile platforms, it is important to understand these limitations and devise techniques and methodologies which will help alleviate these problems. The special issue will be devoted to articles which describe such techniques. A representative list (not all inclusive) of topics would include the following as they impact web browsing from wireless platforms:
* granularity reduction of multimedia data for wireless links
* information location and filtering
* prefetching and caching
* delayed fetching
* location dependent data
* improvements in HTTP protocol
* anticipatory caching
More information about submitting a paper can be found in the call-for-papers.

 

IEEE Network Magazine Special Issue on PCS Network Management has a call for papers for topics on Internet computing. (Submissions due October 25, 1997.) [posted here 7/7/97]
Personal communications services (PCS) provide communication services anywhere, anytime, with anybody, and in any form. To implement these communications concepts, extremely sophisticated network management which integrates many diverse technologies are required. This special issue focuses on the research and development of advanced PCS network management techniques. A complete list of topics can be found in the call for papers. Authors are invited to submit postscript files of their papers to liny@csie.nctu.edu.tw or sohraby@lucent.com. Papers should not exceed twenty double spaced pages in length, excluding figures and diagrams.

 

IEEE Network Magazine Special Issue on Active and Programmable Networks has a call for papers for topics on Internet computing. (Submissions due November 10, 1997.) [posted here 7/8/97]
New networking concepts, building on recent advances in mobile software, have been proposed with the purposes of accelerating services and enhancing network management. An active network can give a high degree of control to users to customize their network services dynamically. Users can in effect "program" their services by injecting mobile programs in special packets that are executed at network elements. These mobile programs can carry out management and control functions as well, without the need for pre-programming network elements. Such software-intensive networks rely on agreement on a basic instruction set or primitives rather than consensus on specific protocols and services. This special issue of IEEE Network will present an overview of research in this area which is still in the early stages. A complete list of topics can be found in the call for papers. Authors are invited to submit hardcopies or electronic files of their papers to tchen@gte.com. Papers should not exceed twenty double spaced pages in length, excluding figures and diagrams. More information for potential authors is available at the IEEE Network Home Page http://www.comsoc.org/socstr/techcom/ntwrk/.

 

IEEE Internet Computing Magazine has a call for papers for topics on Internet computing. (submissions due July 9, 1997)
IEEE Internet Computing is a new bimonthly magazine from the IEEE Computer Society designed to help the engineer productively use the ever expanding technologies and resources of the Internet. Internet Computing and IC on-line will provide developers and users with the latest advances in Internet-based computer applications and supporting technologies such as the World Wide Web, Java programming, and Internet-based agents. Through the use of peer-reviewed articles as well as essays, interviews, and roundtable discussions, IC will address the Internet's widening impact on engineering practice and society. Topics include system engineering issues such as agents, agent message protocols, engineering ontologies, web scaling, intelligent search, on-line catalogs, distributed document authoring, electronic design notebooks, electronic libraries, security, remote instruction, distributed project management, reusable service access and validation, electronic commerce, and Intranets. Author guidelines are available at http://www.computer.org/pubs/internet/auguide.htm Upcoming themes include: Agents (submissions due March 15, 1997), Intranets (submissions due May 7, 1997), and Internet Economics (submissions due July 9, 1997).

 

Theory and Applications of Object Systems (TAPOS): special issue on Objects, Databases, and the WWW (submissions due May 31, 1997).
As the Internet and the WWW become preferred media for broadcasting, content dissemination, data access, personal communications, distance education, electronic commerce, and other as yet unforeseen applications, it becomes urgent to explore the interactions between these new media and other well established technologies for information access. This special issue will focus on the interaction among object technology, database systems, and the WWW. The following is a non-exhaustive list of topics of interest: Object technology on the web; Accessing databases through the web; The web as a database; Developing web-centered applications; and Applications. A complete list of topics of interest alog with submission instructions can be found in the call for papers.

 

Journal of Telecommunication Systems, call for papers for a special issue on multimedia systems. (submissions due April 15, 1997).
Multimedia systems and applications have attracted significant attention during the last few years. The ability to deliver audio and video to end-users, in addition to data, has created possibilities which will revolutionize industries ranging from education and advertising, with applications such as digital libraries, distant learning, expert advice and real-time video clip playback, to tele-collaboration, electronic commerce and entertainment, with such applications as video-conferencing, telecommuting, video-on-demand, etc. The Journal of Telecommunication Systems is planning a special issue on multimedia to address this emerging technology. The issue will address all issues of multimedia systems with special focus on issues related to networking and telecommunication systems. Papers are solicited for this issue in the following areas (but not limited to): Multimedia information processing compression/decompression); Multimedia storage and retrieval; Network issues (QoS, protocols, performance/modeling, etc); Telecommunication systems requirements for multimedia; Telecommunication systems architecture and implementation; Security issues; End-to-end multimedia system architecture; and Multimedia applications and application design. More information is available in the call for papers and on the journal web page.

 

ACM Mobile Computing and Communications Review.
The wireless communication revolution is bringing fundamental changes to telecommunication and computing. Wide-area cellular systems and wireless LANs promise to make integrated networks a reality and provide fully distributed and ubiquitous mobile computing and communications, thus bringing an end to the tyranny of geography. Furthermore, services for the mobile user are maturing and are poised to change the nature and scope of communication. This publication serves to enhance the ability of ACM SIGMOBILE members to keep up-to-date in this rapidly moving field, as well as serve as a major focal point for the discussion of new directions of portable computation and mobile networks for both the research and market-driven communities. Specific topics of interest include security, scalability and reliability issues for mobile/wireless systems. More information can be found at the web page.

 

Journal of Intelligent Information Systems (JIIS).
Special Issue on Data Mining. As a young, promising research area with broad applications, data mining and knowledge discovery in databases has attracted great interest in the research communities of database systems, machine learning, statistics, high performance computing, information retrieval, data visualization, and many others. Security and social impact of data mining is a topic of interest. Five hard copies of the paper, with the length limited to 20 pages, should be submitted by November 1, 1996 to the conference chair . Also see web page.

 

Special Issue of the Journal on Special Topics in Mobile Networking and Applications .
Journal Web page. This special issue will concentrate on the problems associated with mobile and wireless networking in the Internet, primarily at the network layer and above. Internet security issues are a relevant topic. Authors should email an electronic Postscript copy of their paper to one of the guest editors by November 15, 1996. Submissions should be limited to 20 double spaced pages, excluding figures, graphs, and illustrations. Submissions can be sent to perk@watson.ibm.com.

 

IEEE Software
Papers are solicited for a special issue of IEEE Software to focus on security and privacy concerns and their impact on software development. The full announcement has all details. The goal of this special issue is to:

  • advise programmers, practitioners, developers, and managers of the security implications of their development work;

  • encourage companies and researchers whose products and technologies have security implications to address those requirements, by giving examples of how others have addressed these requirements and where to go for advice and guidance;

  • showcase positive achievements in developing secure applications.

Papers must be of high quality, original, unpublished, and not submitted elsewhere. Authors should submit an abstract of approximately 200-500 words to Charles P. Pfleeger by October 20, 1996, and the complete article by November 15, 1996. Comments will be returned to the authors before the end of February 1997. If at all possible, prospective authors should submit the abstract by e-mail, as this abstract will be used to schedule reviewers (also by e-mail). The complete article can be submitted either electronically (in ASCII, MSWord format, or postscript) or by hardcopy. In the case of hardcopy submissions, 8 copies must be provided.

 

JCS Special issue on WWW security .
The special issue of the Journal of Computer Security will be focused on research and development efforts leading to identify requirements and viable solutions for WWW security. Two kinds of papers will be considered: regular papers presenting new research results, and short papers describing ongoing projects. Editors of the special issue: Elisa Bertino, Gianpaolo Rossi, and Pierangela Samarati, Dipartimento di Scienze dell'Informazione, Universita' di Milano, Via Comelico, 39/41, 20135-Milano, Italy; phone: +39-2-55006227/257/272; fax: +39-2-55006253; e-mail: bertino,rossi,samarati@dsi.unimi.it. More information at http://www.dsi.unimi.it/Users/jcs-www.

 

Distributed Systems Engineering Journal
Special Issue on Future Directions for Internet Technology. Contributions are invited on all aspects of where the Internet is going technically including security. Guest editors: Dr Brian E. Carpenter (brian@dxcoms.cern.ch, WWW) and Prof J Crowcroft (J.Crowcroft@cs.ucl.ac.uk, WWW).

 

ACM Journal, Wireless Networks
special issue on Personal Communications. Personal communications provide communication services anywhere, anytime, with anybody, and in any form. To implement the personal communications concepts, extremely sophisticated systems which integrate many diverse technologies are required. This special focuses on the research and development of advanced PCS technologies.

 

Journal of Computer-Mediated Communication (JCMC)
a quarterly electronic journal, has issued a call for papers for a special issue on electronic commerce, including issues related to security and privacy. The call for papers can be found at http://cwis.usc.edu/dept/annenberg/steincfp.html.