Cipher Upcoming Conferences

Cipher
Calls for Papers

IEEE Computer Society's Technical Committee on Security and Privacy

Home

Cipher Newsletter

Cipher Calendar

Calls for Papers

Call-for-Papers Submission Guidelines

Upcoming Conferences (submission date has passed)

Past conferences and journal special issues

Calls for Papers

Last Modified:01/30/12

Upcoming Conferences and Workshops

Note: The submission date has passed.

February 2012

NDSS 2012 Network & Distributed System Security Symposium, San Diego, California, USA, February 5-8, 2012. [posted here 05/23/11]
The Network and Distributed System Security Symposium fosters information exchange among research scientists and practitioners of network and distributed system security. The target audience includes those interested in practical aspects of network and distributed system security, with a focus on system design and implementation. A major goal is to encourage and enable the Internet community to apply, deploy, and advance the state of available security technology. Overall, we are looking for not only for solid results but also for crazy out of the box ideas. Areas of interest include (but are not limited to):
- Network perimeter controls: firewalls, packet filters, application gateways
- Network protocol security: routing, naming, network management
- Cloud computing security
- Security issues in Future Internet architecture and design
- Security of web-based applications and services
- Anti-malware techniques: detection, analysis, and prevention
- Secure future home networks, Internet of Things, body-area networks
- Intrusion prevention, detection, and response
- Combating cyber-crime: anti-phishing, anti-spam, anti-fraud techniques
- Privacy and anonymity technologies
- Security for wireless, mobile networks
- Security of personal communication systems
- Vehicular Ad-hoc Network (VANETs) Security
- Security of peer-to-peer and overlay network systems
- Electronic commerce security: e.g., payments, notarization, timestamping
- Network security policies: implementation deployment, management
- Intellectual property protection: protocols, implementations, DRM
- Public key infrastructures, key management, certification, and revocation
- Security for Emerging Technologies
- Special problems and case studies: cost, usability, security vs. efficiency
- Collaborative applications: teleconferencing and video-conferencing
- Smart Grid Security
- Secure Electronic Voting
- Security of large-scale critical infrastructures
- Trustworthy Computing for network protocols and distributed systems
- Network and distributed systems forensics

For more information, please see http://www.isoc.org/isoc/conferences/ndss/12/cfp.shtml.

CODASPY 2012 2nd ACM Conference on Data and Application Security and Privacy, Hilton Palacio Del Rio, San Antonio, Texas, U.S.A, February 8-10, 2012. [posted here 08/01/11]
Data and the applications that manipulate data are the crucial assets in today's information age. With the increasing drive towards availability of data and services anytime anywhere, security and privacy risks have increased. Vast amounts of privacy-sensitive data are being collected today by organizations for a variety of reasons. Unauthorized disclosure, modification, usage or denial of access to these data and corresponding services may result in high human and financial costs. New applications such as social networking and social computing provide value by aggregating input from numerous individual users and/or the mobile devices they carry with them and computing new information of value to society and individuals. To achieve efficiency and effectiveness in traditional domains such as healthcare there is a drive to make these records electronic and highly available. The need for organizations and government agencies to share information effectively is underscored by rapid innovations in the business world that require close collaboration across traditional boundaries and the dramatic failure of old-style approaches to information protection in government agencies in keeping information too secret to connect the dots. Security and privacy in these and other arenas can be meaningfully achieved only in context of the application domain. Data and applications security and privacy has rapidly expanded as a research field with many important challenges to be addressed. The goal of the conference is to discuss novel exciting research topics in data and application security and privacy and to lay out directions for further research and development in this area. The conference seeks submissions from diverse communities, including corporate and academic researchers, open source projects, standardization bodies, governments, system and security administrators, software engineers and application domain experts. Topics include but not limited to:
- Application layer security policies
- Authorization /Access Control for Applications
- Authorization/Access Control for Databases
- Data dissemination controls
- Data forensics
- Enforcement layer security policies
- Privacy preserving techniques
- Private information retrieval
- Search on protected/encrypted data
- Secure auditing
- Secure collaboration
- Secure data provenance
- Secure electronic commerce
- Secure information sharing
- Secure knowledge management
- Secure multiparty computations
- Secure software development
- Securing data/apps on untrusted platforms
- Securing the semantic web
- Security and Privacy in GIS/Spatial Data
- Security and Privacy in Healthcare
- Security policies for databases
- Social computing security and privacy
- Social networking security and privacy
- Trust metrics for application, data and user
- Web application security

For more information, please see http://www.codaspy.org.

ESSoS 2012 4th International Symposium on Engineering Secure Software and Systems, Eindhoven, The Netherlands, February 16 - 17, 2012. [posted here 06/20/11]
Trustworthy, secure software is a core ingredient of the modern world. Unfortunately, the Internet is too. Hostile, networked environments, like the Internet, can allow vulnerabilities in software to be exploited from anywhere. To address this, high-quality security building blocks (e.g., cryptographic components) are necessary, but insufficient. Indeed, the construction of secure software is challenging because of the complexity of modern applications, the growing sophistication of security requirements, the multitude of available software technologies and the progress of attack vectors. Clearly, a strong need exists for engineering techniques that scale well and that demonstrably improve the software's security properties. The goal of this symposium is to bring together researchers and practitioners to advance the states of the art and practice in secure software engineering. The Symposium seeks submissions on subjects related to its goals. This includes a diversity of topics including (but not limited to):
- scalable techniques for threat modeling and analysis of vulnerabilities
- specification and management of security requirements and policies
- security architecture and design for software and systems
- model checking for security
- specification formalisms for security artifacts
- verification techniques for security properties
- systematic support for security best practices
- security testing
- security assurance cases
- programming paradigms, models and DLS's for security
- program rewriting techniques
- processes for the development of secure software and systems
- security-oriented software reconfiguration and evolution
- security measurement
- automated development
- trade-off between security and other non-functional requirements
- support for assurance, certification and accreditation

For more information, please see http://distrinet.cs.kuleuven.be/events/essos2012/.

CT-RSA 2012 RSA Conference, Cryptographers' Track, San Francisco, February 27-Mar 2, 2012. [posted here 07/04/11]
The RSA Conference is the largest annual information security event, with hundreds of vendors and thousands of attendees. Among the 20 tracks of the RSA conference, the Cryptographers' Track stands out, offering a glimpse of academic research in the field of cryptography. The Cryptographers' Track was founded in 2001, and it has since established its presence in the cryptographic community. To support the academic exchange, RSA conference offers a special academic discount for registration, as well as a waiver for the speakers presenting their papers that were accepted to CT-RSA 2012. Original research papers pertaining to all aspects of cryptography are solicited. Submissions may present applications, techniques, theory, and practical experience on topics including, but not limited to:
- Public-key encryption
- Symmetric-key encryption
- Cryptanalysis
- Digital signatures
- Hash functions
- Cryptographic protocols
- Tamper-resistance
- Efficient implementations
- Elliptic-curve cryptography
- Lattice-based cryptography
- Quantum cryptography
- Formal security models
- Network security
- Hardware security
- E-commerce

For more information, please see http://ctrsa2012.cs.haifa.ac.il/.

FC 2012 16th Financial Cryptography and Data Security, Divi Flamingo Beach Resort, Bonaire, February 27 - March 2, 2012. [posted here 06/06/11]
Financial Cryptography and Data Security is a major international forum for research, advanced development, education, exploration, and debate regarding information assurance, with a specific focus on commercial contexts. The conference covers all aspects of securing transactions and systems. Original works focusing on both fundamental and applied real-world deployments on all aspects surrounding commerce security are solicited. Submissions need not be exclusively concerned with cryptography. Systems security and inter-disciplinary works are particularly encouraged. The topics include:
- Anonymity and Privacy
- Auctions and Audits
- Authentication and Identification
- Backup Authentication
- Biometrics
- Certification and Authorization
- Cloud Computing Security
- Commercial Cryptographic Applications
- Contracts and Transactions
- Data Outsourcing Security
- Digital Cash and Payment Systems
- Digital Incentive and Loyalty Systems
- Digital Rights Management
- Fraud Detection
- Game Theoretic Approaches to Security
- Identity Theft
- Information Security
- Infrastructure Design Legal and Regulatory Issues
- Management and Operations
- Microfinance and Micropayments
- Mobile Internet Device Security
- Monitoring
- Phishing and Social Engineering
- Privacy-enhancing Systems
- Reputation Systems
- RFID-Based and Contactless Payment Systems
- Risk Assessment and Management
- Secure Banking and Financial Web Services
- Secure Tokens and Hardware
- Securing Emerging Computational Paradigms
- Security and Risk Perceptions and Judgments
- Security Economics
- Smartcards
- Spam
- Trust Management
- Underground-Market Economics
- Usability
- Virtual Economies
- Voting Systems

For more information, please see http://fc12.ifca.ai/.

March 2012

WECSR 2012 3rd Workshop on Ethics in Computer Security Research, Divi Flamingo Resort, Bonaire, March 2, 2012. [posted here 09/01/11]
Computer security often leads to discovering interesting new problems and challenges. The challenge still remains to follow a path acceptable for Institutional Review Boards at academic institutions, as well as compatible with ethical guidelines for professional societies or government institutions. However, no exact guidelines exist for computer security research yet. This workshop will bring together computer security researchers, practitioners, policy makers, and legal experts. This workshop solicits submissions describing or suggesting ethical and responsible conduct in computer security research. While we focus on setting standards and sharing prior experiences and experiments in computer security research, successful or not, we tap into research behavior in network security, computer security, applied cryptography, privacy, anonymity, and security economics. This workshop will favor discussions among participants, in order to shape the future of ethical standards in the field. It will be co-located with the Sixteenth International Conference on Financial Cryptography and Data Security 2012. We solicit submissions in three categories: Position papers, Case studies, and Panel proposals.

For more information, please see http://www.cs.stevens.edu/~spock/wecsr2012/cfp.html.

USEC 2012 Workshop on Usable Security, Held in conjunction with the Financial Cryptography and Data Security (FC 2012), Divi Flamingo Beach Resort, Bonaire, March 2, 2012. [posted here 09/15/11]
Many aspects of data security combine technical and human factors. If a highly secure system is unusable, users will move their data to less secure but more usable systems. Problems with usability are a major contributor to many high-profile security failures today. However, usable security is not well-aligned with traditional usability for three reasons. First, security is rarely the desired goal of the individual. In fact, security is usually orthogonal and often in opposition to the actual goal. Second, security information is about risk and threats. Such communication is most often unwelcome. Increasing unwelcome interaction is not a goal of usable design. Third, since individuals must trust their machines to implement their desired tasks, risk communication itself may undermine the value of the networked interaction. For the individual, discrete technical problems are all understood under the rubric of online security (e.g., privacy from third parties use of personally identifiable information, malware). A broader conception of both security and usability is therefore needed for usable security. The workshop on Usable Security invites submissions on all aspects of human factors and usability in the context of security. USEC'12 aims to bring together researchers already engaged in this interdisciplinary effort with other researchers in areas such as economics, intelligent interactions, artificial intelligence, theoretical computer science, and modeling. We encourage AI, HCI, security, psychologists, risk analysts, computer scientists, security specialists, business school faculty, and industry experts to submit original research. We particularly encourage collaborative research from authors in multiple fields.

For more information, please see http://infosecon.net/usec12/index.php.

PILATES 2012 Workshop on Physically-augmented Security for Wireless Networks, Kaiserslautern, Germany, March 19�21, 2012. [posted here 10/03/11]
The goal of the PILATES'12 workshop is to discuss "workout plans" in the discipline of physically-augmented wireless security. In particular, the focus lies on taking advantage of physical characteristics of wireless communications as well as of physical context in general or side-channels to increase the "fitness" of conventional security protocols. Both single-hop as well as multi-hop wireless networks are in scope of the workshop. The workshop accepts technical papers and extended abstracts with topics of interest that include but are not limited to:
- Security primitives derived from wireless communication
- Physically-augmented cryptographic protocols
- Physically unclonable functions (PUF)
- Wireless threat modeling and security analysis
- Jamming & anti-jamming security protocols
- Secure localization and positioning
- Quantitative evaluation of wireless system security
- Cross-layer approaches to secure wireless communication
- Utilizing multi-* for security (multi-hop, multi-channel, multi-radio, etc.)

For more information, please see http://mmb2012.de/pilates.

IFIP-CIP 2012 6th Annual IFIP WG 11.10 International Conference on Critical Infrastructure Protection, National Defense University, Fort McNair, Washington, DC, USA, March 19-21, 2012. [posted here 10/03/11]
The IFIP Working Group 11.10 on Critical Infrastructure Protection is an active international community of researchers, infrastructure operators and policy-makers dedicated to applying scientific principles, engineering techniques and public policy to address current and future problems in information infrastructure protection. Following the success of the first five conferences, the Sixth Annual IFIP WG 11.10 International Conference on Critical Infrastructure Protection will again provide a forum for presenting original, unpublished research results and innovative ideas related to all aspects of critical infrastructure protection. Papers and panel proposals are solicited. Submissions will be refereed by members of Working Group 11.10 and other internationally-recognized experts in critical infrastructure protection. Papers and panel submissions will be selected based on their technical merit and relevance to IFIP WG 11.10. The conference will be limited to seventy participants to facilitate interactions among researchers and intense discussions of research and implementation issues. Papers are solicited in all areas of critical infrastructure protection. Areas of interest include, but are not limited to:
- Infrastructure vulnerabilities, threats and risks
- Security challenges, solutions and implementation issues
- Infrastructure sector interdependencies and security implications
- Risk analysis and risk assessment methodologies
- Modeling and simulation of critical infrastructures
- Legal, economic and policy issues related to critical infrastructure protection
- Secure information sharing
- Infrastructure protection case studies
- Distributed control systems/SCADA security
- Telecommunications network security

For more information, please see http://www.ifip1110.org.

POST 2012 1st Conference on Principles of Security and Trust, Tallinn, Estonia, March 24 - April 1, 2012. [posted here 08/01/11]
Principles of Security and Trust is a broad forum related to the theoretical and foundational aspects of security and trust. Papers of many kinds are welcome: new theoretical results, practical applications of existing foundational ideas, and innovative theoretical approaches stimulated by pressing practical problems. We seek submissions proposing theories to clarify security and trust within computer science; submissions establishing new results in existing theories; and also submissions raising fundamental concerns about existing theories. We welcome new techniques and tools to automate reasoning within such theories, or to solve security and trust problems. Case studies that reflect the strengths and limitations of foundational approaches are also welcome, as are more exploratory presentations on open questions. Areas of interest include:
- Access control
- Anonymity
- Authentication
- Availability
- Cloud security
- Confidentiality
- Covert channels
- Crypto foundations
- Economic issues
- Information flow
- Integrity
- Languages for security
- Malicious code
- Mobile code
- Models and policies
- Privacy
- Provenance
- Reputation and trust
- Resource usage
- Risk assessment
- Security architectures
- Security protocols
- Trust management
- Web service security

For more information, please see http://web.cs.wpi.edu/~guttman/post12/.

ICB 2012 5th International Conference on Biometrics, New Delhi, India, March 30 - April 1, 2012. [posted here 08/01/11]
The 5th International Conference on Biometrics (ICB 2012) will have a broad scope and invites papers that advance biometric technologies, sensor design, feature extraction and matching algorithms, analysis of security and privacy, and evaluation of social impact of biometrics technology. Topics will include biometric systems based on fingerprint, iris, face, voice, gait and other modalities as well as biometric fusion and emerging biometrics based on novel sensing technologies. All submissions must clearly articulate the novelty of the work and must report results on publicly available datasets whenever possible.

For more information, please see http://icb12.iiitd.ac.in.

April 2012

WiSec 2012 ACM Conference on Wireless Network Security, Tucson, Arizona, USA, April 16-18, 2012. [posted here 10/03/11]
As wireless and mobile networking becomes ubiquitous, security and privacy become increasingly critical. The focus of the ACM Conference on Wireless Network Security (ACM WiSec) is on exploring vulnerabilities, threats, and attacks in wireless communications and the techniques needed to address them. Settings of interest include cellular, metropolitan, mesh, local-area, personal-area, home, vehicular, sensor, ad hoc, satellite, cognitive radio, RFID, and underwater networks as well as systems using non-RF wireless communication. The conference is soliciting contributions to topics including but not limited to:
- Key management in wireless/mobile environments
- Secure services (neighbor discovery, localization, etc.)
- Secure PHY and MAC protocols
- Trust establishment
- Intrusion, attack, and malicious behavior detection
- Denial of service
- User and location privacy
- Anonymity, unobservability, prevention of traffic analysis
- Identity theft and phishing in mobile networks
- Charging & secure payment
- Cooperation and mitigating non?cooperative behavior
- Economics of wireless security
- Vulnerability and attack modeling
- Incentive-aware secure protocol design
- Jamming/Anti-jamming communication
- Cross-layer design for security
- Monitoring and surveillance
- Cryptographic primitives for wireless communication
- Theoretical foundations and formal methods for wireless security and privacy
- Security and privacy of mobile OS and mobile applications
- Secure delay- and disruption-tolerant networking
- Secure non-RF wireless communication (e.g., ultrasound, vision, laser)
- Security/privacy in wireless smart grid and smart metering applications
- Security/privacy in wireless network coding
- Security/privacy in wireless/ephemeral social networking
- Security/privacy in mobile/wireless cloud services

For more information, please see http://www.sigsac.org/wisec/WiSec2012/.

May 2012

ASIACCS 2012 7th ACM Symposium on Information, Computer and Communications Security, Seoul, Republic of Korea, May 1-3, 2012. [posted here 10/03/11]
ASIACCS is a major international forum for information security researchers, practitioners, developers, and users to explore and exchange the newest cyber security ideas, breakthroughs, findings, techniques, tools, and experiences. We invite submissions from academia, government, and industry presenting novel research on all theoretical and practical aspects of computer and network security. Areas of interest for ASIACCS 2012 include, but are not limited to:
- anonymity
- inference/controlled disclosure
- cryptographic protocols
- access control
- intellectual-property protection
- data/system integrity
- secure networking
- operating system security
- hardware-based security
- cloud security
- digital-rights management
- information warfare
- accounting and audit
- trusted computing
- formal methods for security
- key management
- phishing and countermeasures
- identity management
- intrusion detection
- commercial and industry security
- security in ubiquitous computing, e.g., RFIDs
- authentication
- security management
- smartcards
- web security
- security and privacy for emerging technologies, e.g., VoIP, peer-to-peer and overlay network systems, Web 2.0
- data and application security
- applied cryptography
- malware and botnets
- mobile-computing security
- privacy-enhancing technology
- software security
- wireless security

For more information, please see http://elec.sch.ac.kr/asiaccs/.

COSADE 2012 3rd International Workshop on Constructive Side-Channel Analysis and Secure Design, Darmstadt, Germany, May 3-4, 2012. [posted here 09/12/11]
Side-channel analysis (SCA) and implementation attacks have become an important field of research at universities and in the industry. In order to enhance the resistance of cryptographic and security critical implementations within the design phase, constructive attacks and analyzing techniques may serve as a quality metric to optimize the design- and development process. This workshop provides an international platform for researchers, academics, and industry participants to present their work and their current research topics. It is an excellent opportunity to meet experts and to initiate new collaborations and information exchange at a professional level. The workshop will feature both invited presentations and contributed talks.

For more information, please see http://cosade2011.cased.de.

SP 2012 33rd IEEE Symposium on Security and Privacy , San Francisco Bay Area, California, USA, May 20-23, 2012. [posted here 08/22/11]
Since 1980, the IEEE Symposium on Security and Privacy has been the premier forum for computer security research, presenting the latest developments and bringing together researchers and practitioners. We solicit previously unpublished papers offering novel research contributions in any aspect of computer security or privacy. Papers may present advances in the theory, design, implementation, analysis, verification, or empirical evaluation of secure systems. Topics of interest include:
- Access control
- Accountability
- Anonymity
- Application security
- Attacks and defenses
- Authentication
- Censorship and censorship-resistance
- Distributed systems security
- Embedded systems security
- Forensics
- Hardware security
- Intrusion detection
- Language-based security
- Malware
- Metrics
- Network security
- Privacy-preserving systems
- Protocol security
- Secure information flow
- Security and privacy policies
- Security architectures
- System security
- Usability and security
- Web security

SYSTEMATIZATION OF KNOWLEDGE PAPERS: Following the success of the previous year's conference, we are also soliciting papers focused on systematization of knowledge. The goal of this call is to encourage work that evaluates, systematizes, and contextualizes existing knowledge. These papers will provide a high value to our community but would otherwise not be accepted because they lack novel research contributions. Suitable papers include survey papers that provide useful perspectives on major research areas, papers that support or challenge long-held beliefs with compelling evidence, or papers that provide an extensive and realistic evaluation of competing approaches to solving specific problems. Submissions will be distinguished by a checkbox on the submission form. They will be reviewed by the full PC and held to the same standards as traditional research papers, except instead of emphasizing novel research contributions the emphasis will be on value to the community. Accepted papers will be presented at the symposium and included in the proceedings.

For more information, please see http://www.ieee-security.org/TC/SP2012/cfp.html.

SECOTS 2012 International Symposium on Security in Collaboration Technologies and Systems, Denver, Colorado, USA, May 21 � 25, 2012. [posted here 12/05/11]
This Symposium on Security in Collaboration Technologies and Systems will focus on security issues related to collaboration systems with emphasis on secure and trustworthy distributed environments, Grid and Cloud based resource virtualization and on-demand provisioning, multi-agent systems, mobile and wireless cooperation. The aim is to have a dedicated forum that fosters closer interactions among researchers and users communities, providing an excellent opportunity for them to meet and discuss their ideas. The symposium will address issues related to the security infrastructure and services design, implementation and operation. It intends to address new security challenges and present new ideas and solutions addressing modern security requirements, specific methods of access control that should allow large scale multi-organizational cooperation, use of mobile technologies and smartcards, enabling intrusion detection, system recovery and healing in the context of cooperative systems. The Symposium topics include (but are not limited to) the following:
- Fundamentals and Frameworks for Security in Collaboration Systems
- Intrusion Detection and Attack Response in Collaboration Systems
- Access Control, Reputation and Trust in Collaboration Environments
- Cross Domain Identity and User Attributes Management Systems
- Security Standards
- Encryption and Cryptography Systems Supporting Cooperative Systems
- Privacy Protection for Collaboration Systems
- Trusted Operating Systems for Distributed Environments
- Middleware Security
- Security Metrics and Measures
- Collaborative Security Monitoring Schemes and Systems
- Usability, Social Engineering, and Security
- Security and Information Assurance Education and Curriculum Issues
- Security Models for Cloud Computing
- Security in Collaborative Multi Agent Systems
- Security of Grid and Cluster Architectures Supporting Cooperative Applications
- Security in Workflow Management Systems
- Policy Driven SLA Negotiation
- Security in Mobile and Wireless Networks for Collaboration
- Security Models for Coalition Networks
- Security in Social Networks
- Virtual Organizations and Dynamic Security Associations
- Web Services Security
- Use of Smartcards in the Context of Collaboration

For more information, please see http://cisedu.us/rp/cts12/2-conference/symposia/symposium-2--secots-2012.

June 2012

HOST 2012 IEEE International Symposium on Hardware-oriented Security and Trust, Held in conjunction with the DAC 2012, San Francisco, CA, USA, June 3-4, 2012. [posted here 12/5/11]
A wide range of applications, from secure RFID tagging to high-end trusted computing, relies on dedicated and trusted hardware platforms. The security and trustworthiness of such hardware designs are critical to their successful deployment and operation. Recent advances in tampering and reverse engineering show that important challenges lie ahead. For example, secure electronic designs may be affected by malicious circuits, Trojans that alter system operation. Furthermore, dedicated secure hardware implementations are susceptible to novel forms of attack that exploit side-channel leakage and faults. Third, the globalized, horizontal semiconductor business model raises concerns of trust and intellectual-property protection. HOST 2012 is a forum for novel solutions to address these challenges. Innovative test mechanisms may reveal Trojans in a design before they are able to do harm. Implementation attacks may be thwarted using side-channel resistant design or fault-tolerant designs. New security-aware design tools can assist a designer in implementing critical and trusted functionality, quickly and efficiently. The IEEE International Symposium on Hardware Oriented Security and Trust seeks original contributions in the area of hardware-oriented security. This includes tools, design methods, architectures, and circuits. In addition, novel applications of secure hardware are especially welcome. HOST 2012 seeks contributions based on, but not limited to, the following topics:
- Trojan detection and isolation
- Implementation attacks and countermeasures
- Side channel analysis and fault analysis
- Intellectual property protection and metering
- Tools and methodologies for secure hardware design
- Hardware architectures for cryptography
- Hardware security primitives: PUFs and TRNGs

- Interaction of secure hardware and software

For more information, please see http://www.hostsymposium.org.

SEC 2012 27th IFIP International Information Security and Privacy Conference, Creta Maris Hotel, Heraklion, Crete, Greece, June 4-6, 2012. [posted here 08/22/11]
Papers offering novel research contributions in any aspect of computer security are solicited for submission to the 27th IFIP International Information Security and Privacy Conference. The focus is on original, high quality, unpublished research and implementation experiences. Submitted papers must not substantially overlap with papers that have been published or that are simultaneously submitted to a journal or a conference with proceedings. We encourage submissions of papers discussing industrial research and development. Papers should focus on topics which include, but are not limited to, the following:
- Access control
- Accountability
- Anonymity
- Applied Cryptography
- Attacks & Malicious Code
- Authentication & Delegation
- Awareness & Education
- Data Integrity
- Database Security
- Identity Management
- Information Security Culture
- Formal Security Verification
- Mobile Code Security
- Policies & Standards
- Privacy Attitudes & Practices
- Risk Analysis & Management
- Security Architectures
- Security Economics
- Security in Location Services
- Security in Social Networks
- Security Models
- Social Engineering & other Human-related Risks
- System Security
- Usable Security
- Trust Models & Management
- Trust Theories
- Trustworthy User Devices

For more information, please see http://www.sec2012.org.

SFCS 2012 1st IEEE International Workshop on Security and Forensics in Communication Systems, Held in conjunction with IEEE ICC 2012, Ottawa, Canada, June 10-15, 2012. [posted here 10/10/11]
Digital attacks are continuing to increase at an alarming rate. They target a wide variety of protocols and communication systems ranging from servers and end-user machines to wireless and mobile networks and devices. The absence of supporting evidence and technically sound methods may prevent administrators from: proving the identity of the guilty party, identifying the root vulnerability to prevent a future occurrence of a similar incident, and understanding the attacker�s motivation for an efficient design of security solutions. In this context, digital forensic engineering is emerging as a disciplined science in charge of developing novel scientific and theoretical methods, techniques, and approaches to collect, process, and analyze information retrieved from systems affected by security incidents and generate conclusive descriptions. The SFCS 2012 Workshop will bring together researchers, scientists, engineers and practitioners involved in research in the fields of communication systems security and forensics, to present their latest research findings, ideas, and developments. Topics of interest include, but are not limited to:
- Formal aspects of network security
- Theoretical techniques of digital forensics
- Embedded and handled devices forensic
- Evidence preservation, management, storage, reassembly, and analysis
- Anti-forensics prevention detection and analysis
- Development of Investigation processes and procedures
- Automated analysis of evidence
- Forensics in multimedia and communication protocols
- Security and Investigation techniques in wireless and mobile communication systems
- Risk analysis and management in communication systems
- Social networks security and forensics
- Collaborative and distributed digital investigation
- Hypothetical reasoning in forensics and incident response
- Legal and policy issues in digital forensics
- Intrusion Detection, incident response, and evidence handling
- Vulnerability analysis and assessment, and analysis of malware
- Cryptography and forensics techniques in multimedia communication
- Data hiding, extraction, and recovery techniques
- Techniques for Tracking and traceback of attacks in systems and networks
- Availability, privacy, authentication, and anonymity
- Secure e-services, e-government, e-learning, e-voting, and m-commerce applications
- File systems memory analysis
- Infrastructure protection, and Virtual Private Networks security
- Storage system protection and forensics
- Physical and Biometric security

For more information, please see http://sites.google.com/site/sfcs2012/.

ICDCS-SPCC 2012 3rd International Workshop on Security and Privacy in Cloud Computing, Held in conjunction with ICDCS 2012, Macau, China, June 18-21, 2012. [posted here 10/31/11]
Cloud computing has recently emerged as a new information technology infrastructure. Cloud computing has unique attributes that raise many security and privacy challenges in areas such as data security, recovery, and privacy, as well as legal issues in areas such as regulatory compliance and auditing. In contrast to traditional enterprise IT solutions, where the IT services are under proper physical, logical and personnel controls, cloud computing moves the application software and databases to the servers in large data centers on the Internet, where the management of the data and services are not fully trustworthy. When clients store their data on the server without themselves possessing a copy of it, how the integrity of the data can be ensured if the server is not fully trustworthy? Will encryption solve the data confidentiality problem of sensitive data? How will encryption affect dynamic data operations such as query, insertion, modification, and deletion? Data in the cloud is typically in a shared environment alongside data from other clients. How the data segregation should be done, while data are stored, transmitted, and processed? Due to the fundamental paradigm shift in cloud computing, many security concerns have to be better understood, unanticipated vulnerabilities identified, and viable solutions to critical threats devised, before the wide deployment of cloud computing techniques can take place. We are soliciting both full papers that present relatively complete and mature research results and short position papers that report work-in-progress but inspiring and intriguing new ideas. Topics of interests include (but are not limited to) the following subject categories:
- Secure cloud architecture
- Cloud access control and key management
- Identification and privacy in cloud
- Remote data integrity protection
- Dynamic data operation security
- Software and data segregation security
- Secure management of virtualized resources
- Joint security and privacy aware protocol design
- Failure detection and prediction
- Secure data management in/across data centers
- Availability, recovery and auditing
- Secure wireless cloud

For more information, please see http://www.ece.iit.edu/~ubisec/workshop.htm.

ICDCS-NFSP 2012 1st International Workshop on Network Forensics, Security and Privacy, Held in conjunction with ICDCS 2012, Macau, China, June 18-21, 2012. [posted here 10/31/11]
Cyber space has become an integrated part of human society. At the same time, has also been providing convenient platforms for crimes, such as financial fraud, information phishing, distributed denial of service attacks, and fake message propagation. Especially, the emergence of social networks has introduced significant security and privacy issues to the public. It is a great and new challenge of fighting against criminals in the cyber space. This field involved various disciplines, such as networking, information theory, mathematical modelling, data mining, machine learning, image and voice processing, neural network, pattern recognition, cryptography and forensic criminology. Topics of interest include, but not limited to:
- Anonymous system and forensics
- IP traceback
- Malware detection
- Botnet identification
- Networked video system
- Biometric security and forensics
- Emotion identification via video
- Wireless forensics, security and privacy
- Game theory in forensics, security and privacy
- Data Mining in forensics, security and privacy
- DDoS attacks
- Virus source traceback
- Malware source traceback
- Botmaster traceback
- Distributed systems and forensics
- System security and forensics
- Intrusion detection
- Social networks forensics, security and privacy
- Information theory in network security
- Multimedia in network security

For more information, please see http://www.deakin.edu.au/~syu/nfsp/.

SACMAT 2012 17th ACM Symposium on Access Control Models and Technologies, Newark, NJ, USA, June 20-22, 2012. [posted here 11/14/11]
Papers offering novel research contributions in all aspects of access control are solicited for submission to SACMAT 2012. It is the premier forum for presentation of research results and experience reports on leading edge issues of access control, including models, systems, applications, and theory. The missions of the symposium are to share novel access control solutions that fulfill the needs of heterogeneous applications and environments and to identify new directions for future research and development. SACMAT gives researchers and practitioners a unique opportunity to share their perspectives with others interested in the various aspects of access control. Accepted papers will be presented at the symposium and published by the ACM in the symposium proceedings. Best Paper Award will be presented to the authors of the most outstanding paper at the conference. Topics of interest include but are not limited to:
- Access control models and extensions
- Access control requirements
- Access control design methodology
- Access control mechanisms, systems, and tools
- Access control in distributed and mobile systems
- Access control for innovative applications
- Administration of access control policies
- Delegation
- Identity management
- Policy/Role Engineering
- Safety analysis and enforcement
- Standards for access control
- Trust management
- Trust and risk models in access control
- Theoretical foundations for access control models
- Usability in access control systems
- Usage control

For more information, please see http://www.sacmat.org.

July 2012
August 2012

USENIX-ATC 2012 3rd USENIX Workshop on Health Security and Privacy, Bellevue, WA, USA, August 6�7, 2012. [posted here 01/02/12]
USENIX ATC has always been the place to present groundbreaking research and cutting-edge practices in a wide variety of technologies and environments. USENIX ATC '12 will be no exception. The Program Committee seeks high-quality submissions that further the knowledge and understanding of modern computing systems, with an emphasis on implementations and experimental results. We encourage papers that break new ground or present insightful results based on practical experience with computer systems.

For more information, please see http://www.usenix.org/events/atc12/.