Cipher Upcoming Conferences
Cipher
Calls for Papers


IEEE Computer Society's Technical Committee on Security and Privacy


 


Calls for Papers

Last Modified:5/12/08

Upcoming Conferences and Workshops

Note: The submission date has passed.

May 2008

WISTP 2008 Workshop in Information Security Theory and Practices 2008: Smart Devices, Convergence and Next Generation Networks, Sevilla, Spain, May 13-16, 2008. [posted here 12/17/07]
With the rapid technological development of information technologies and with the transition from the common to the next generation networks, computer systems and especially embedded systems are becoming more mobile and ubiquitous, increasingly interfacing with the physical world. Ensuring the security of these complex and yet, resource constraint systems has emerged as one of the most pressing challenges. Another important challenge is related to the convergence of these new technologies. The aim of this second workshop is to bring together researchers and practitioners in related areas and to encourage interchange and cooperation between the research community and the industrial/consumer community. Topics of interest include, but are not limited to:
Smart Devices
- Biometrics, National ID cards
- Embedded Systems Security and TPMs
- Interplay of TPMs and Smart Cards
- Mobile Codes Security
- Mobile Devices Security
- New Applications for Secure RFID Systems
- RFID Systems Security
- Smart Card Security
- Smart Devices Applications
- Wireless Sensor Node Security
Convergence: Security Architectures, Protocols, Policies and Management for Mobility
- Critical Infrastructure (e.g. for Medical or Military Applications) Security
- Digital Rights Management (DRM)
- Distributed Systems and Grid Computing Security
- Industrial and Multimedia Applications
- Information Assurance and Trust Management
- Intrusion Detection and Information Filtering
- Localization Systems Security (Tracking of People and Goods)
- M2M (Machine to Machine), H2M (Human to Machine) and M2H (Machine to Human) Security
- Mobile Commerce Security
- Public Administration and Governmental Services
- Privacy Enhancing Technologies
- Security Models and Architecture
- Security Policies (Human-Computer Interaction and Human Behavior Impact)
- Security Protocols (for Identification and Authentication, Confidentiality and Privacy, and Integrity)
- Security Measurements
Next Generation Networks
- Ad Hoc Networks Security
- Delay-Tolerant Network Security
- Domestic Network Security
- Peer-to-Peer Networks Security
- Security Issues in Mobile and Ubiquitous Networks
- Security of GSM/GPRS/UMTS Systems
- Sensor Networks Security
- Vehicular Network Security
- Wireless Communication Security: Bluetooth, NFC, WiFi, WiMAX, WiMedia, others

For more information, please see http://wistp2008.xlim.fr/.

Oakland 2008 29th IEEE Symposium on Security and Privacy, The Claremont Resort, Berkeley/Oakland, California, USA, May 18-21, 2008. [posted here 8/13/07]
Since 1980, the IEEE Symposium on Security and Privacy has been the premier forum for the presentation of developments in computer security and electronic privacy, and for bringing together researchers and practitioners in the field. Previously unpublished papers offering novel research contributions in any aspect of computer security or electronic privacy are solicited for submission to the 2008 symposium. Papers may represent advances in the theory, design, implementation, analysis, or empirical evaluation of secure systems, either for general use or for specific application domains. The Symposium is also open to the submission of co-located half-day or one-day workshops. Topics of particular interest include, but are not limited to:
- Access control and audit
- Anonymity and pseudonymity
- Application-level security
- Biometrics
- Cryptographic protocols
- Database security
- Denial of service
- Distributed systems security
- Formal methods for security
- Information flow
- Intrusion detection and prevention
- Language-based security
- Malicious code prevention
- Network security
- Operating system security
- Peer-to-peer security
- Privacy
- Risk analysis
- Secure hardware and smartcards
- Security engineering
- Security policy
- User authentication

For more information, please see http://www.ieee-security.org/TC/SP2008/oakland08.html.

SADFE 2008 3rd International Workshop on Systematic Approaches to Digital Forensic Engineering, Held in conjunction with the 2008 IEEE Symposium on Security and Privacy (SP 2008), The Claremont Resort, Oakland, CA, USA, May 22, 2008. [posted here 1/14/08]
The SADFE (Systematic Approaches to Digital Forensic Engineering) International Workshop promotes systematic approaches to cyber crime investigation, by furthering the advancement of digital forensic engineering as a disciplined practice. Digital forensic engineering is characterized by the application of scientific and mathematical principles to the investigation and establishment of facts or evidence, either for use within a court of law or to aid understanding of cyber crimes or cyber-enabled crimes. To advance the state of the art, SADFE 2008 solicits broad-based, innovative digital forensic engineering technology, techno-legal and practice-related submissions in the following four areas:
- Digital Data and Evidence Management: advanced digital evidence discovery, collection, and storage.
- Principle-based Digital Forensic Processes: systematic engineering processes supporting digital evidence management which are sound on scientific, technical and legal grounds.
- Digital Evidence Analytics: advanced digital evidence analysis, correlation, and presentation.
- Forensic-support technologies: forensic-enabled and proactive monitoring/response.

For more information, please see http://conf.ncku.edu.tw/sadfe/sadfe08/.

W2SP 2008 2nd Workshop on Web 2.0 Security and Privacy, Held in conjunction with the 2008 IEEE Symposium on Security and Privacy (SP 2008), The Claremont Resort, Oakland, CA, USA, May 22, 2008. [posted here 1/14/08]
The goal of this one day workshop is to bring together researchers and practitioners from academia and industry to focus on understanding Web 2.0 security and privacy issues, and establishing new collaborations in these areas. Web 2.0 is about connecting people and amplifying the power of working together. The mixing of technology and social interaction is occurring in the context of a wave of technologies supporting rapid development of these interpersonal and business interactions. Many of the new web technologies rely on the composition of content and services from multiple sources, resulting in complex technology compositions (mash-ups). The content composition trend is likely to continue. The lure of these technologies is the promise of simpler ways to compose software service and content, at lower cost. However, there are issues with respect to management of identities, reputation, privacy, anonymity, transient and long term relationships, and composition of function and content, both on the server side and at the client (web browser). While the security and privacy issues are not new, these issues are increasingly becoming acute as the technologies are adopted and adapted to appeal to wider audiences. Some of these technologies deliberately bypass existing security mechanisms. This workshop is intended to discuss the limitations of the current technologies and explore alternatives. The scope of W2SP 2008 includes, but is not limited to:
- Identity, privacy, reputation and anonymity
- End-to-end security architectures
- Security of content composition
- Security and privacy policy definition and modeling of content composition
- Provenance and governance
- Usable security and privacy models
- Static and dynamic analysis for security
- Security as a service
- Click fraud
- Software as a service
- Web services/feeds/mashups
- Next generation browser technology

For more information, please see http://www.ieee-security.org/TC/SP2008/oakland08.html.

SSDU 2008 2nd International Symposium on Service, Security and its Data management technologies in Ubi-comp, Held in conjunction with the 3rd International Conference on Grid and Pervasive Computing (GPC 2008), Kunming, China, May 25-28, 2008. [posted here 1/14/08]
Ubiquitous Computing (Ubi-comp) is emerging rapidly as an exciting new paradigm with user-centric environment to provide computing and communication services at any time and anywhere. In order to realize their advantages, it requires integrating security, services and data management to be suitable for Ubi-com. However, there are still many problems and major challenges awaiting for us to solve such as the security risks in ubiquitous resource sharing, which could be occurred when data resources are connected and accessed by anyone in Ubi-com. Therefore, it will be needed to explore more secure and intelligent mechanism in Ubi-com. Topics include:
- Context-Awareness and its Data mining for Ubi-com service
- Human-Computer Interface and Interaction for Ubi-com
- Smart Homes and its business model for Ubi-com service
- Intelligent Multimedia Service and its Data management for Ubi-com
- USN / RF-ID for Ubi-com service
- Network security issues, protocols, data security in Ubi-com
- Database protection for Ubi-com
- Privacy Protection and Forensic in Ubi-com
- Multimedia Security in Ubi-com
- Authentication and Access control for data protection in Ubi-com
- Service, Security and its Data management for U-commerce
- New novel mechanism and Applications for Ubi-com

For more information, please see http://grid.hust.edu.cn/gpc2008/.

June 2008

ACNS 2008 6th International Conference on Applied Cryptography and Network Security, New York, New York, USA, June 3-6, 2008. [posted here 8/13/07]
ACNS is an annual conference concentrating on current developments that advance the areas of applied cryptography and its application to systems and network security. Original papers on all aspects of applied cryptography and network security are solicited for submission to ACNS'08. Topics of relevance include but are not limited to:
- Applied cryptography and provably-secure cryptographic protocols
- Design and analysis of efficient cryptographic primitives: public-key and symmetric-key cryptosystems, block ciphers, and hash functions
- Network security protocols
- Techniques for anonymity; trade-offs between anonymity and utility
- Integrating security into the next-generation Internet: DNS security, routing, naming, denial-of-service attacks, TCP/IP, secure multicast
- Economic fraud on the Internet: phishing, pharming, spam, and click fraud
- Email and web security
- Public key infrastructure, key management, certification, and revocation
- Security and privacy for emerging technologies: sensor networks, mobile (ad hoc) networks, peer-to-peer networks, bluetooth, 802.11, RFID
- Trust metrics and robust trust inference in distributed systems
- Security and usability
- Intellectual property protection: metering, watermarking, and digital rights management
- Modeling and protocol design for rational and malicious adversaries
- Automated analysis of protocols

For more information, please see http://acns2008.cs.columbia.edu/.

SHPCS 2008 Workshop on Security and High Performance Computing Systems, Held in conjunction with the 2008 International Conference on High Performance Computing & Simulation (HPCS 2008) and the 22nd European Conference on Modelling and Simulation (ECMS 2008), Nicosia, Cyprus, June 3-6, 2008. [posted here 12/10/07]
This workshop addresses relationships between security and high performance systems in three directions. First, it considers how to add security properties (authentication, confidentiality, integrity, non-repudiation, access control) to high performance computing systems. Second, it covers how to use high performance computing systems to solve security problems. Third, it investigates the tradeoffs between maintaining high performance and achieving security in computing systems and solutions to balance the two objectives. In all these directions, various performance analyses or monitoring techniques can be conducted to show the efficiency of a security infrastructure. This workshop covers (but is not limited to) the following topics:
- Access Control
- Accounting and Audit
- Anonymity
- Applied Cryptography
- Authentication
- Commercial and Industry Security
- Cryptographic Protocols
- Data and Application Security
- Data/System Integrity
- Database Security
- Digital Rights Management
- Formal Verification of Secure Systems
- Identity Management
- Inference/Controlled Disclosure
- Information Warfare
- Intellectual Property Protection
- Intrusion and Attack Detection
- Intrusion and Attack Response
- Key Management
- Privacy-Enhancing Technology
- Secure Networking
- Secure System Design
- Security Management
- Security for Mobile Code
- Security for Specific Domains (e.g., E-Government, E-Business, P2P)
- Security in IT Outsourcing
- Security in Mobile and Wireless Networks
- Security in Operating Systems
- Security Location Services
- Security of Grid and Cluster Architectures
- Smartcards
- Trust Management Policies
- Trust Models

For more information, please see http://www.diiga.univpm.it/~spalazzi/nicosia/.

NYS-IA 2008 3rd Annual Symposium on Information Assurance, Albany, NY, USA, June 4-5, 2008. [posted here 1/7/08]
Authors are invited to submit original and unpublished papers to the 3rd Annual Symposium on Information Assurance, which will be jointly held with the 11th Annual NYS Cyber Security Conference. This two day event attracts practitioners, researchers, and vendors providing opportunities for business and intellectual engagement among attendees. The conference program will be organized into topics not limited to:
- Security Policy Implementation & Compliance
- Computer & Network Forensics
- Information Security Risk Management
- Network Security and Intrusion Detection
- Economics of Information Security
- Reverse Engineering of Viruses and Worms
- Security Metrics for Evaluating Security
- Botnet Detection and Prevention
- Computer Crime Data Analytics
- Security in Wireless and Ad hoc Networks
- Internet-based Terrorism and Espionage
- Adaptive & Resilient Security Models
- Digital Rights Management
- Biological Models of Security
- Privacy & Security
- Distributed Systems Security
- Security Glossaries and Ontologies
- Database Security and Data Integrity
- Trust Modeling and Management
- Curriculum Development in Information Security

For more information, please see http://www.albany.edu/iasymposium.

PLAS 2008 3rd ACM SIGPLAN Workshop on Programming Languages and Analysis for Security, Tucson, Arizona, USA, June 8, 2008. [posted here 2/25/08]
PLAS aims to provide a forum for exploring and evaluating ideas on the use of programming language and program analysis techniques to improve the security of software systems. Strongly encouraged are proposals of new, speculative ideas; evaluations of new or known techniques in practical settings; and discussions of emerging threats and important problems. The scope of PLAS includes, but is not limited to:
- Language-based techniques for security
- Verification of security properties in software
- Automated introduction and/or verification of security enforcement mechanisms
- Program analysis techniques for discovering security vulnerabilities
- Compiler-based security mechanisms, such as host-based intrusion detection and in-line reference monitors
- Specifying and enforcing security policies for information flow and access control
- Model-driven approaches to security
- Applications, examples, and implementations of these techniques

For more information, please see http://research.ihost.com/plas2008/.

ICDCS 2008 28th International Conference on Distributed Computing Systems, Beijing, China, June 17-20, 2008. [posted here 8/13/07]
ICDCS is an IEEE Computer Society sponsored premier conference with a wide coverage of topics in Distributed Computing. It has a long history of significant achievements and worldwide visibility. The conference provides a forum for engineers and scientists in academia, industry and government to present their latest research findings in any aspects of distributed and parallel computing. Topics of particular interest include, but are not limited to:
- Theoretical Foundations
- Data Management and Data Centers
- Distributed Cyber-Physical Systems
- Reliability and Dependability
- Security and Privacy
- Network Architectures and Protocols
- Operating Systems and Middleware
- Cyber-Infrastructure for Distributed Computing
- Sensor Networks and Applications
- Wireless and Mobile Computing
- Multimedia Systems
- Web-Based Distributed Computing

For more information, please see http://www.engin.umd.umich.edu/icdcs/.

IFIP-TM 2008 Joint iTrust and PST conferences on Privacy, Trust Management and Security, Trondheim, Norway, June 18-20, 2008. [posted here 10/15/07]
The mission of the IFIPTM 2008 conference is to share research solutions to problems of Trust, Security and Privacy and to identify new issues and directions for future research and development work. IFIPTM 2008 invites research submissions on all topics related to Trust, Security and Privacy, including but not limited to those listed below:
- Security and trust for composite applications
- Trust models, formalization, specification, analysis and reasoning
- Engineering of trustworthy and secure software
- The ethics, sociology and psychology of trust
- Security management and usability issues including security configuration
- Trust management frameworks for secure collaborations
- Language security
- Security and privacy for software as a service (SaaS)
- Security and trust for Web 2.0 mashups
- Legal issues related to the management of trust
- Semantically-aware security management
- Adaptive security policy management
- Security, trust and privacy for service oriented architectures
- Mobile security
- Anonymity and privacy vs. accountability
- Critical infrastructure protection, public safety and emergency management
- Intrusion detection systems and technologies
- Operating systems security
- Network security (anti-virus, anti-DoS-tools, firewalls etc.)
- Privacy and identity management in e-services
- Biometrics, national ID cards, identity theft
- Distributed trust and reputation management systems
- Human computer interaction and privacy, security & trust
- Applications of trust and reputation management in e-services

For more information, please see http://www.ntnu.no/videre/konferanse/IFIPTM08/.

W2Trust 2008 Web 2.0 Trust Workshop (No Proceedings), Held in conjunction with the IFIP-TM 2008, Trondheim, Norway, June 21, 2008. [posted here 3/31/08]
Web 2.0 has emerged as the adopted suite of technologies by developers, users and business. The new web 2.0 paradigm provides the technology that enables government, businesses and users to interact and integrate services and data and benefit The Wisdom of the Crowds. Because of strong collaborative nature of Web 2.0 applications, mechanisms for trust management are crucial for its healthy development. Trust in Web 2.0 opens several new vistas for researchers and practitioners. In particular, approaches to trust management designed for Web 1.0 need to be revisited. In Web 1.0 Trust was mostly related to e-commerce and security of the portal. The main trust issues were related to the website content, and authenticity of the source which posted data. With the advent of the Web 2.0 the issue of trust has shifted from the people or companies that run a site to focus more on the people that populate it. This new technology in fact enables users to interact and collaborate seamlessly. For example, using social networks users are engaging with each other at a one to one level in several ways, for business, pleasure, for knowledge sharing and so forth. The predominant issue is now whether one can trust the people on a site, since the content is being generated by anyone and then being rated by anyone. How to ensure that what other users write is true, authentic and will not misused is an open challenge. Trust evaluations are however fundamental to help users making the best decisions when sharing resources and data. Thus, the success of Web 2.0 strongly depends on the development of efficient, adequate and scalable trust models. We solicit papers, case studies, and participation from researchers, systems architects, vendor engineers, and users. Suggested topics include but are not limited to:
- Secure Mashup Technologies
- Trust in Data Aggregation and Integration
- Trust in Service Oriented Architecture
- Security in Social Networks
- Trust in New Technologies Such as AJAX
- Trust models in Social Networks
- Web Services Security
- Trust in Grid Environments

For more information, please see http://www.sis.uncc.edu/~mshehab/W2Trust/index.html.

USENIX 2008 2008 USENIX Annual Technical Conference, Boston, MA, USA, June 22-27, 2008. [posted here 12/24/07]
Authors are invited to submit original and innovative papers to the Refereed Papers Track of the 2008 USENIX Annual Technical Conference. We seek high-quality submissions that further the knowledge and understanding of modern computing systems, with an emphasis on implementations and experimental results. We encourage papers that break new ground or present insightful results based on practical experience. The USENIX conference has a broad scope; specific topics of interest include but are not limited to:
- Architectural interaction
- Deployment experience
- Distributed and parallel systems
- Embedded systems
- Energy/power management
- File and storage systems
- Networking and network services
- Operating systems
- Reliability, availability, and scalability
- Security, privacy, and trust
- System and network management and troubleshooting
- Usage studies and workload characterization
- Virtualization
- Web technology
- Wireless, sensor, and mobile systems

For more information, please see http://www.usenix.org/events/usenix08/.

CSF 2008 21st IEEE Computer Security Foundations Symposium, Pittsburgh, PA, USA, June 23-25, 2008. [posted here 10/22/07]
The IEEE Computer Security Foundations (CSF) series brings together researchers in computer science to examine foundational issues in computer security. Over the past two decades, many seminal papers and techniques have been presented first at CSF. The CiteSeer Impact page (http://citeseer.ist.psu.edu/impact.html ) lists CSF as 38th out of more than 1200 computer science venues, top 3.11% in impact based on citation frequency. New theoretical results in computer security are welcome. Also welcome are more exploratory presentations, which may examine open questions and raise fundamental concerns about existing theories. Panel proposals are sought as well as papers. Possible topics include, but are not limited to:
- Access control
- Anonymity and Privacy
- Authentication
- Data and system integrity
- Database security
- Decidability and complexity
- Distributed systems security
- Electronic voting
- Executable content
- Formal methods for security
- Information flow
- Intrusion detection
- Language-based security
- Network security
- Resource usage control
- Security for mobile computing
- Security models
- Security protocols
- Trust and trust management

For more information, please see http://www.cylab.cmu.edu/CSF2008/.

ATC 2008 5th International Conference on Autonomic and Trusted Computing, Oslo, Norway, June 23-25, 2008. [posted here 10/29/07]
Computing systems including hardware, software, communication and networks are growing dramatically in both scale and heterogeneity, becoming overly complex. Such complexity is getting even more critical with the ubiquitous permeation of embedded devices and other pervasive systems. To cope with the growing and ubiquitous complexity, Autonomic Computing (AC) focuses on self-manageable computing and communication systems that exhibit self-awareness, self-configuration, self-optimization, self-healing, self-protection and other self-x operations to the maximum extent possible without human intervention or guidance. Organic Computing (OC) additionally emphasizes natural-analogue concepts like self-organization and controlled emergence. Trusted/Trustworthy Computing (TC) aims at making computing and communication systems as well as services available, predictable, traceable, controllable, assessable, sustainable, dependable, persist-able, security/privacy protect-able, etc. ATC-08 addresses the most innovative research and development in these challenging areas and includes all technical aspects related to autonomic/organic computing (AC/OC) and trusted computing (TC). Topics of interest include, but are not limited to:
- AC/OC Theory and Models ( Nervous/organic models, negotiation, cooperation, competition, self-organization, emergence, etc.)
- AC/OC Architectures and Systems (Autonomic elements & their relationship, frameworks, middleware, observer/controller architectures, etc.)
- AC/OC Components and Modules (Memory, storage, database, device, server, proxy, software, OS, I/O, etc.)
- AC/OC Communication and Services (Networks, self-organized net, web service, grid, P2P, semantics, agent, transaction, etc.)
- AC/OC Tools and Interfaces (Tools/interfaces for AC/OC system development, test, monitoring, assessment, supervision, etc.)
- Trust Models and Specifications (Models and semantics of trust, distrust, mistrust, over-trust, cheat, risk, reputation, reliability, etc.)
- Trust-related Security and Privacy (Trust-related secure architecture, framework, policy, intrusion detection/awareness, protocols, etc.)
- Trusted Reliable and Dependable Systems (Fault-tolerant systems, hardware redundancy, robustness, survivable systems, failure recovery, etc.)
- Trustworthy Services and Applications (Trustworthy Internet/web/grid/P2P e-services, secured mobile services, novel applications, etc.)
- Trust Standards and Non-Technical Issues (Trust standards and issues related to personality, ethics, sociology, culture, psychology, economy, etc.)

For more information, please see http://www.ux.uis.no/atc08/.

WEIS 2008 Workshop on the Economics of Information Security, Hanover, New Hampshire, USA, June 25-27, 2008. [posted here 2/18/08]
The 2008 Workshop on the Economics of Information Security invites original research papers focused on the economics of information security and the economics of privacy. We encourage economists, computer scientists, business school researchers, law scholars, security and privacy specialists, as well as industry experts to submit their research and attend the Workshop. Suggested topics include (but are not limited to) empirical and theoretical economic studies of:
- Optimal investment in information security
- Privacy, confidentiality and anonymity
- Cybertrust and reputation systems
- Intellectual property protection
- Information access and provisioning
- Risk management and cyberinsurance
- Security standards and regulation
- Behavioral security and privacy
- Cyberterrorism policy
- Organizational security and metrics
- Psychology of risk and security
- Phishing, spam, and cybercrime
- Vulnerability discovery, disclosure, and patching

For more information, please see http://weis2008.econinfosec.org.

FCC 2008 4th Workshop on Formal and Computational Cryptography, Carnegie Mellon University, Pittsburgh, PA, USA, June 26, 2008. [posted here 4/28/08]
Since the 1980s, two approaches have been developed for analyzing security protocols. One of the approaches is based on a computational model that considers issues of computational complexity and probability. Messages are modeled as bitstrings and security properties are defined in a strong form, in essence guaranteeing security with high probability against all probabilistic polynomial-time attacks. However, it is difficult to prove security of large, complex protocols in this model. The other approach relies on a symbolic model of protocol execution in which messages are modelled using a term algebra and cryptographic primitives are treated as perfect black-boxes, e.g. the only way to decrypt a ciphertext is to use the corresponding decryption key. This abstraction enables significantly simpler and often automated analysis of complex protocols. Since this model places strong constraints on the attacker, a fundamental question is whether such an analysis implies the strong security properties defined in the computational model. This workshop focuses on approaches that combine and relate symbolic and computational protocol analysis. Over the last few years, there has been a spate of research results in this area. One set of results establish correspondence theorems between the two models, in effect showing that for a certain class of protocols and properties, security in the symbolic model implies security in the computational model. In other work, researchers use language-based techniques such as process calculi and protocol logics to reason directly about the computational model. Several projects are investigating ways of mechanizing computationally sound proofs of protocols. T he workshop seeks results in this area of computationally sound protocol analysis: foundations and tools.

For more information, please see http://www.di.ens.fr/~blanchet/fcc08/.

ICIMP 2008 3rd International Conference on Internet Monitoring and Protection, Bucharest, Romania, June 29 - July 5, 2008. [posted here 12/10/07]
The International Conference on Internet Monitoring and Protection (ICIMP 2008) initiates a series of special events targeting security, performance, vulnerabilities in Internet, as well as disaster prevention and recovery. Dedicated events focus on measurement, monitoring and lessons learnt in protecting the user. ICIMP 2008 Tracks include:
- TRASI: Internet traffic surveillance and interception
- IPERF: Internet performance
- RTSEC: Security for Internet-based real-time systems
- DISAS: Disaster prevention and recovery
- EMERG: Networks and applications emergency services
- MONIT: End-to-end sampling, measurement, and monitoring
- REPORT: Experiences & lessons learnt in securing networks and applications
- USSAF: User safety, privacy, and protection over Internet
- SYVUL: Systems vulnerabilities
- SYDIA: Systems diagnosis
- CYBER-FRAUD: Cyber fraud
- BUSINESS: Business continuity
- RISK: Risk assessment
- TRUST: Privacy and trust in pervasive communications
- RIGHT: Digital rights management
- BIOTEC: Biometric techniques

For more information, please see http://www.iaria.org/conferences2008/ICIMP08.html.

July 2008

HAISA 2008 2nd International Conference on Human Aspects of Information Security & Assurance, Plymouth, United Kingdom, July 8-10, 2008. [posted here 9/17/07]
The symposium welcomes papers addressing research and case studies in relation to any aspect of information security that pertains to the attitudes, perceptions and behaviour of people, and how human characteristics or technologies may be positively modified to improve the level of protection. Indicative themes include:
- Information security culture
- Awareness and education methods
- Enhancing risk perception
- Public understanding of security
- Usable security
- Psychological models of security software usage
- User acceptance of security policies and technologies
- User-friendly authentication methods
- Biometric technologies and impacts
- Automating security functionality
- Non-intrusive security
- Assisting security administration
- Impacts of standards, policies, compliance requirements
- Organizational governance for information assurance
- Simplifying risk and threat assessment
- Understanding motivations for misuse
- Social engineering and other human-related risks
- Privacy attitudes and practices
- Computer ethics and security

For more information, please see http://www.haisa.org.

ACSF 2008 3rd Conference on Advances in Computer Security and Forensics, Liverpool, UK, July 10-11, 2008. [posted here 3/3/08]
The purpose of this conference is to bring together academics, researchers, IT managers, system administrators, security specialists, forensic practitioners and other interested parties to share the latest developments in research and applications from both fields. The conference affords academics, researchers and practitioners the opportunity to share views and experiences in these fields. The topics below are for guidance only and not as an exhaustive list:
- Incident Response and Management
- Legal issues in computer forensics
- Mobile phone and PDA forensics
- Collecting digital evidence
- Network forensics
- Computer forensics case studies
- Storage media and file forensic techniques
- Multimedia source identification
- Data carving and data mining
- Fraud investigation techniques
- Intrusion Detection Systems
- Wireless and ad hoc network security
- Mobile agents for secure systems
- Mobile device and mobile phone security
- Network Security
- Viruses, hostile code and Denial of Service
- Trusted computing
- Trust and resilience
- Privacy and anonymity
- Access control, auditing and accountability

For more information, please see http://www.cms.livjm.ac.uk/acsf3/.

DIMVA 2008 5th Conference on Detection of Intrusions and Malware & Vulnerability Assessment, Paris, France, July 10-11, 2008. [posted here 11/19/07]
The annual DIMVA conference serves as a premier forum for advancing the state of the art in intrusion detection, malware detection, and vulnerability assessment. Each year DIMVA brings together international experts from academia, industry and government to present and discuss novel research in these areas. DIMVA is organized by the special interest group Security - Intrusion Detection and Response of the German Informatics Society (GI). DIMVA's scope includes, but is not restricted to the following areas:
Intrusion Detection
- Approaches
- Implementations
- Prevention and response
- Result correlation
- Evaluation
- Potentials and limitations
- Operational experiences
- Evasion and other attacks
- Legal and social aspects
Malware
- Techniques
- Detection
- Prevention and containment
- Evaluation
- Trends and upcoming risks
- Forensics and recovery
Vulnerability Assessment
- Vulnerabilities
- Vulnerability detection
- Vulnerability prevention
- Classification and evaluation

For more information, please see http://www.dimva.org/dimva2008/.

IFIP-DAS 2008 22nd Annual IFIP WG 11.3 Working Conference on Data and Applications Security, London, UK, July 13-16, 2008. [posted here 12/10/07]
The 22nd Annual IFIP WG 11.3 Working Conference on Data and Applications Security provides a forum for presenting original unpublished research results, practical experiences, and innovative ideas in data and applications security. Papers and panel proposals are also solicited. Proceedings will be published by Springer as the next volume in the Research Advances in Database and Information Systems Security series. Papers may present theory, techniques, applications, or practical experience on topics of relevance to IFIP WG 11.3:
- Access Control
- Applied cryptography in data security
- Identity theft and countermeasures
- Integrity maintenance
- Intrusion detection
- Knowledge discovery and privacy
- Organizational security
- Privacy and privacy-preserving data management
- Secure transaction processing
- Secure information integration
- Secure Semantic Web
- Secure sensor monitoring
- Secure Web Services
- Threats, vulnerabilities, and risk management
- Trust management

For more information, please see http://seclab.dti.unimi.it/~ifip113/2008/.

ACISP 2008 13th Australasian Conference on Information Security and Privacy, Wollongong, Australia, July 14-16, 2008. [posted here 9/10/07]
ACISP 2008 is the main computer security and cryptography conference organized in Australia that provides an avenue for discussion and exchange of ideas for researchers from academia and industry. Original papers pertaining to all aspects of information security and privacy are solicited for submission to the ACISP 2008. Papers may present theory, techniques, applications and practical experiences on a variety of topics. Topics of interest include, but are not limited to:
- access control
- authentication and identi?cation
- authorization
- biometrics
- computer forensics
- copyright protection
- cryptography
- database security
- electronic surveillance
- evaluation and certification
- intrusion detection
- key management
- key establishment protocols
- legal and privacy issues
- mobile system security
- network and communication security
- secure electronic commerce
- secure operating systems
- secure protocols
- smart cards
- malware and viruses

For more information, please see http://www.uow.edu.au/conferences/acisp%202008/index.html.

DEON 2008 9th International Conference on Deontic Logic in Computer Science, Luxembourg, July 15-18, 2008. [posted here 12/10/07]
The biennial DEON conferences are designed to promote interdisciplinary cooperation amongst scholars interested in linking the formal-logical study of normative concepts and normative systems with computer science, artificial intelligence, philosophy, organization theory and law. DEON2008 has a special focus on logical approaches to deontic notions in computer science in security and trust, encompassing applications in e-commerce as well as traditional areas of computer security. Topics of interest in this special theme include, but are not limited to:
- digital rights management
- electronic contracts, including service level agreements and digital media licenses
- authorization
- access control
- security
- privacy policies
- business processes
- regulatory compliance

For more information, please see http://deon2008.uni.lu.

SMPE 2008 2nd International Symposium on Security and Multimodality in Pervasive Environments, Held in conjunction with the 5th ACM Annual International Conference on Mobile and Ubiquitous Systems: Computing, Networking and Services (MOBIQUITOUS 2008), Trinity College Dublin, Ireland, July 21-25, 2008. [posted here 2/4/08]
Pervasive computing environments present specific peculiarities with respect to aspects like security and multimodality. As a matter of fact, the accessibility level of a virtual environment can definitively be improved by natural interfaces and multimodal interaction systems, which offer users the freedom to select from multiple modes of interaction with services and permit to break down barriers about human-computer interaction making communication intuitive and spontaneous. On the other hand, while enlarging and easing the ways to access to the environment, security threads arise and the environment must be properly equipped in order to protect itself from malicious attacks and/or from wrong actions performed by inexpert users. Topics include:
- Trust and reputation management in UE
- Security applications and services in pervasive
- Security model for pervasive computing
- Intelligent multimedia security services in pervasive computing
- Key management and authentication in pervasive computing
- Network security issues and protocols in pervasive computing
- Access control and privacy protection in pervasive computing
- Security Standard for next pervasive computing
- Security in Human Centred Environments
- Natural interfaces security issues
- Advanced multimodal interfaces
- Human oriented interfaces
- Multimodal mobile and ubiquitous services
- Methods for multimodal integration
- Middleware services for multimodal and pervasive applications
- Context-Awareness in multimodal applications
- Multimodal analysis and recognition of contex
- Next ubiquitous and immersive environments
- Virtual reality and ubiquitous computing
- Usability and accessibility in ubiquitous applications
- Applications and scenarios
- Others: Commercial or Industrial Issue in pervasive computing

For more information, please see http://www.na.icar.cnr.it/smpe08/.

SOUPS 2008 Symposium On Usable Privacy and Security, Carnegie Mellon University, Pittsburgh, PA, USA, July 23-25, 2008. [posted here 10/15/07]
The 2008 Symposium on Usable Privacy and Security (SOUPS) will bring together an interdisciplinary group of researchers and practitioners in human computer interaction, security, and privacy. The program will feature technical papers, a poster session, panels and invited talks, discussion sessions, and in-depth sessions (workshops and tutorials). We invite authors to submit original papers describing research or experience in all areas of usable privacy and security. Topics include, but are not limited to:
- innovative security or privacy functionality and design
- new applications of existing models or technology
- field studies of security or privacy technology
- usability evaluations of security or privacy features or security testing of usability features
- lessons learned from deploying and using usable privacy and security features

For more information, please see http://cups.cs.cmu.edu/SOUPS/.

EVT 2008 USENIX/ACCURATE Electronic Voting Technology Workshop, Held in conjunction with the 17th USENIX Security Symposium, San Jose, CA, USA, July 28-29, 2008. [posted here 2/11/08]
EVT '08 seeks to bring together researchers from a variety of disciplines, ranging from computer science and human-computer interaction experts through political scientists, legal experts, election administrators, and voting equipment vendors. EVT seeks to publish original research on important problems in all aspects of electronic voting. We welcome papers on voting topics including but not limited to:
- Voter registration and pre-voting
- Vote collection
- Vote tabulation
- Post-election auditing
- Design, implementation, and evaluation of new voting technologies and protocols
- Scientific evaluations of existing voting technologies
- System testing methodologies
- Deployment and lifecycle issues
- Threat mitigation
- Usability
- Accessibility
- Legal issues, including ADA, HAVA, intellectual property, and nondisclosure agreements on voting system evaluations
- Issues with and evolution of voting technology standards

For more information, please see http://www.usenix.org/evt08/cfpa.

USENIX-Security 2008 17th USENIX Security Symposium, San Jose, California, USA, July 28-August 1, 2008. [posted here 10/1/07]
On behalf of the 17th USENIX Security Symposium (USENIX Security '08) program committee, we are inviting you to submit high-quality papers in all areas relating to systems and network security. Please note that the USENIX Security Symposium is primarily a systems security conference. Papers whose contributions are primarily new cryptographic algorithms or protocols, cryptanalysis, electronic commerce primitives, etc., may not be appropriate for this conference. Refereed paper submissions are solicited in all areas relating to systems and network security, including:
- Adaptive security and system management
- Analysis of network and security protocols
- Applications of cryptographic techniques
- Attacks against networks and machines
- Authentication and authorization of users, systems, and applications
- Automated tools for source code analysis
- Botnets
- Cryptographic implementation analysis and construction
- Denial-of-service attacks and countermeasures
- File and filesystem security
- Firewall technologies
- Forensics and diagnostics for security
- Intrusion and anomaly detection and prevention
- Malicious code analysis, anti-virus, anti-spyware
- Network infrastructure security
- Operating system security
- Privacy-preserving (and -compromising) systems
- Public key infrastructure
- Rights management and copyright protection
- Security architectures
- Security in heterogeneous and large-scale environments
- Security policy
- Self-protecting and healing systems
- Techniques for developing secure systems
- Technologies for trustworthy computing
- Usability and security
- Voting systems analysis and security
- Wireless and pervasive/ubiquitous computing security
- Web security

For more information, please see http://www.usenix.org/sec08/cfpa/.

IWSSE 2008 2nd International Workshop on Security in Software Engineering, Held in conjunction with the IEEE COMPSAC 2008, Turku, July 28 – August 1, 2008. [posted here 1/15/08]
Secure software engineering has become an emerging interdisciplinary area across software engineering, programming languages, and security engineering. Secure software engineering focuses on developing secure software and understanding the security risks and managing these risks throughout the life-cycle of software. The purpose of the workshop is to bring together researchers and practitioners who work closely in this area to create a forum for reporting and discussing recent advances in improving security in software engineering and inspiring collaborations and innovations on new methods and techniques to advance software security in our practices. Researchers and practitioners worldwide are invited to present their research expertise and experience, and discuss the issues and challenges in security from software engineering perspective. Submissions of quality papers in the following non-exhaustive list of topics are invited:
- Management of software security in industrial practice
- Security requirements and policies
- Abuse cases and threat modeling
- Architecture and design for security
- Model-based security
- Language-based security
- Malicious code prevention and code safety
- Security risk analysis
- Security taxonomy and metrics
- Testing for security
- Application security: detection and protection
- Software piracy and protection

For more information, please see http://www.sis.pitt.edu/%7Elersais/IWSSE/IWSSE08.html.

August 2008

ICITS 2008 International Conference on Information Theoretic Security, Calgary, Canada, August 10-13, 2008. [posted here 11/26/07]
This is the second conference in a series of conferences that is aimed to bring together the leading researchers in the area of information and quantum theoretic security. This series of conferences is a successor to the 2005 IEEE Information Theory Workshop on Theory and Practice in Information-Theoretic Security (ITW 2005). The first ICITS conference was held in Madrid, after Eurocrypt 2007. Conference proceedings will be published by Springer Verlag in the Lecture Notes in Computer Science. The topics of interest are on work on any aspect of information theoretical security, this means security based on information theory. This includes, but is not limited to the following topics:
- Information theoretic analysis of security
- Private and Reliable Networks
- Anonymity
- Public Key Cryptosystems using Codes
- Authentication Codes
- Quantum Cryptography
- Conventional Cryptography using Codes
- Quantum Information Theory
- Fingerprinting
- Randomness extraction
- Ideal Ciphers
- Secret Sharing
- Information Hiding
- Secure Multiparty Computation
- Key Distribution
- Traitor Tracing
- Oblivious Transfer
- Data hiding and Watermarking

For more information, please see http://iqis.org/events/icits2008.

DFRWS 2008 8th Annual Digital Forensic Research Workshop, Baltimore, MD, USA, August 11-13, 2008. [posted here 12/17/07]
DFRWS brings together leading researchers, developers, practitioners, and educators interested in advancing the state of the art in digital forensics from around the world. As the most established venue in the field, DFRWS is the preferred place to present both cutting-edge research and perspectives on best practices for all aspects of digital forensics. As an independent organization, we promote open community discussions and disseminate the results of our work to the widest audience. We invite original contributions as research papers, panel proposals, Work-in-Progress talks, and demo proposals. All papers are evaluated through a double-blind peer-review process, and those accepted will be published in printed proceedings by Elsevier. Topics of Interest include:
- Incident response and live analysis
- Network-based forensics, including network traffic analysis, traceback and attribution
- Event reconstruction methods and tools
- File system and memory analysis
- Application analysis
- Embedded systems
- Small scale and mobile devices
- Large-scale investigations
- Digital evidence storage and preservation
- Data mining and information discovery
- Data hiding and recovery
- File extraction from data blocks (“file carving”)
- Multimedia analysis
- Tool testing and development
- Digital evidence and the law
- Anti-forensics and anti-anti-forensics
- Case studies and trend reports
- Non-traditional approaches to forensic analysis

For more information, please see http://www.dfrws.org/2008/.

PODC 2008 27th Annual ACM SIGACT-SIGOPS Symposium on the Principles of Distributed Computing, Toronto, Canada, August 18-21, 2008. [posted here 11/26/07]
PODC solicits papers on all areas of distributed systems. We encourage submissions dealing with any aspect of distributed computing from the theoretical or experimental viewpoints. The common goal is to improve understanding of principles underlying distributed computing. Topics of interest include the following subjects in distributed systems:
- distributed algorithms: design and analysis
- communication networks: architectures, services, protocols, applications
- multiprocessor and multi-core architectures and algorithms
- shared and transactional memory, synchronization protocols, concurrent programming
- fault-tolerance, reliability, availability, self organization
- Internet applications, social networks, recommender systems
- distributed operating systems, middleware platforms, databases
- distributed computing with selfish agents
- peer-to-peer systems, overlay networks, distributed data management
- high-performance, cluster, and grid computing
- mobile computing, autonomous agents, location- and context-aware distributed systems
- security in distributed computing, cryptographic protocols
- sensor, mesh, and ad hoc networks
- specification, semantics, verification, and testing of distributed systems

For more information, please see http://www.podc.org/podc2008.

September 2008

Pairing 2008 2nd International Conference on Pairing-based Cryptography, Egham, UK, September 1-3, 2008. [posted here 11/12/07]
Pairing-based cryptography is an extremely active area of research which has allowed elegant solutions to a number of long-standing open problems in cryptography (such as efficient identity-based encryption). New developments continue to be made at a rapid pace. The aim of "Pairing" conference is thus to bring together leading researchers and practitioners from academia and industry, all concerned with problems related to pairing-based cryptography. Authors are invited to submit papers describing their original research on all aspects of pairing-based cryptography, including, but not limited to the following topics:
Area I: Novel cryptographic protocols
- ID-based and certificateless cryptosystems
- Broadcast encryption, signcryption etc
- Short/multi/aggregate/group/ring/threshold/blind signatures
- Designed confirmer or undeniable signatures
- Identification/authentication schemes
- Key agreement
Area II: Mathematical foundations
- Weil, Tate, Eta, and Ate pairings
- Security consideration of pairings
- Other pairings and applications of pairings in mathematics
- Generation of pairing friendly curves
- (Hyper-) Elliptic curve cryptosystems
- Number theoretic algorithms
- Addition algorithms in divisor groups
Area III: SW/HW implementation
- Secure operating systems
- Efficient software implementation
- FPGA or ASIC implementation
- Smart card implementation
- RFID security
- Middleware security
- Side channel and fault attacks
Area IV: Applied security
- Novel security applications
- Secure ubiquitous computing
- Security management
- PKI models
- Application to network security
- Grid computing
- Internet and web security
- E-business or E-commerce security

For more information, please see http://www.pairing-conference.org/.

SEC 2008 23rd International Information Security Conference, Co-located with IFIP World Computer Congress 2008, Milan, Italy, September 8-10, 2008. [posted here 9/27/07]
The conference seeks submissions from academia and industry presenting novel research on all theoretical and practical aspects of computer security, as well as case studies and implementation experiences. Papers should have practical relevance to the construction, evaluation, application, or operation of secure systems. Theoretical papers must make convincing argument for the practical significance of the results. Topics of interest include, but are not limited to:
- access control
- accounting and audit
- anonymity
- applied cryptography
- authentication
- computer forensics
- cryptographic protocols
- database security
- data protection
- data/system integrity
- digital rights management
- electronic frauds
- identity management
- information warfare
- intrusion detection
- key management
- law and ethics
- peer-to-peer security
- privacy-enhancing technology
- secure location services
- secure networking
- security education
- security management
- smartcards
- commercial and industry security
- data and application security
- inference/controlled disclosure
- risk analysis and risk management
- intellectual property protection
- security in IT outsourcing
- security for mobile code
- trust management
- trust models

For more information, please see http://sec2008.dti.unimi.it.

CARDIS 2008 8th Smart Card Research and Advanced Application Conference, Royal Holloway, University of London, Egham, Surrey, UK, September 8-11, 2008. [posted here 11/26/07]
Since 1994, CARDIS has been the foremost international conference dedicated to smart card research and applications. Submissions across a broad range of smart card development phases are encouraged, from exploratory research and proof-of-concept studies to practical applications and deployment of smart card technology. As a response to the growing development of contactless applications and RFID systems, a special interest is also devoted to low cost cryptographic mechanisms and physical security of constrained devices. Topics of interest include, but are not limited to:
- From smart cards to smart devices (hardware, form factor, display)
- Software environments for smart cards and devices (OS, VM, API)
- Smart cards and devices networking and high-level data models
- Smart cards and devices applications, development and deployment
- Person representation and biometrics using smart technologies
- Identity, privacy and trust issues for smart technologies
- High-speed, small-footprint implementations of cryptographic algorithms
- Attacks and countermeasures in hardware and software
- Cryptographic protocols for smart cards and devices
- Biometrics and smart cards
- Formal modeling of environments and applications
- Interplay of TPMs and smart cards
- Security of RFID systems

For more information, please see http://www.scc.rhul.ac.uk/CARDIS/.

SCN 2008 6th Conference on Security and Cryptography for Networks, Amalfi, Italy, September 10-12, 2008. [posted here 3/31/08]
Security and privacy are increasing concerns in computer networks such as the Internet. The availability of fast, reliable, and cheap electronic communication offers the opportunity to perform electronically and in a distributed way a wide range of transactions of a most diverse nature. SCN 2008 aims at bringing together researchers in the field of cryptography and security in communication networks to foster cooperation and exchange of ideas. Original papers on all technical aspects of cryptography and security are solicited for submission to SCN 2008. Topics of interest are (but not limited to):
- Anonymity
- Implementations
- Authentication
- Symmetric-Key Cryptography
- Complexity-based Cryptography
- Privacy
- Cryptanalysis
- Cryptographic Protocols
- Digital Signatures
- Public-Key Cryptography
- Hash Functions
- Survey and state of the art
- Identification

For more information, please see http://scn.dia.unisa.it/.

VizSEC 2008 5th Workshop on Visualization for Cyber Security, Held in conjunction with the 11th International Symposium on Recent Advances in Intrusion Detection (RAID 2008), Cambridge, MA USA, September 15, 2008. [posted here 3/24/08]
As a result of previous VizSec workshops, we have seen both the application of existing visualization techniques to security problems and the development of novel security visualization approaches. However, VizSec research has focused on helping human analysts to detect anomalies and patterns, particularly in computer network defense. Other communities, led by researchers from the RAID Symposia, have researched automated methods for detecting anomalies and malicious activity. The theme for this year's workshop will be on bridging the gap between visualization and automation, such as leveraging the power of visualization to create rules for intrusion detection and defense systems. We also solicit papers that report results on visualization techniques and systems in solving all aspects of cyber security problems, including:
- Visualization of Internet routing
- Visualization of packet traces and network flows
- Visualization of intrusion detection alerts
- Visualization of attack tracks
- Visualization of security vulnerabilities
- Visualization of attack paths
- Visualization of application processes
- Visualization for forensic analysis
- Visualization for correlating events
- Visualization for computer network defense training
- Visualization for offensive information operations
- Visualization for building rules
- Visualization for feature selection
- Visualization for cryptology
- Visualization for detecting anomalous activity
- Deployment and field testing of VizSec systems
- Evaluation and user testing of VizSec systems
- User and design requirements for VizSec systems
- Lessons learned from development and deployment of VizSec systems

For more information, please see http://vizsec.org/workshop2008/.

RAID 2008 11th International Symposium on Recent Advances in Intrusion Detection, Cambridge, Massachusetts, USA, September 15-17, 2008. [posted here 1/7/08]
This symposium, the 11th in an annual series, brings together leading researchers and practitioners from academia, government, and industry to discuss issues and technologies related to intrusion detection and defense. The Recent Advances in Intrusion Detection (RAID) International Symposium series furthers advances in intrusion defense by promoting the exchange of ideas in a broad range of topics. As in previous years, all topics related to intrusion detection, prevention and defense systems and technologies are within scope, including but not limited to the following:
- Network and host intrusion detection and prevention
- Anomaly and specification-based approaches
- IDS cooperation and event correlation
- Malware prevention, detection, analysis and containment
- Web application security
- Insider attack detection
- Intrusion response, tolerance, and self protection
- Operational experience and limitations of current approaches
- Intrusion detection assessment and benchmarking
- Attacks against IDS including DoS, evasion, and IDS discovery
- Formal models, analysis, and standards
- Deception systems and honeypots
- Vulnerability analysis, risk assessment, and forensics
- Adversarial machine learning for security
- Visualization techniques
- Special environments, including mobile and sensor networks
- High-performance intrusion detection
- Legal, social, and privacy issues
- Network exfiltration detection
- Botnet analysis, detection, and mitigation

For more information, please see http://www.ll.mit.edu/IST/RAID2008/.

ISC 2008 Information Security Conference, Taipei, Taiwan, September 15-18, 2008. [posted here 1/7/08]
ISC aims to attract high quality papers in all technical aspects of information security. The topics of interest of ISC include, but are not limited to, the following:
- Access Control
- Accounting and Audit
- Anonymity and Pseudonymity
- Applied Cryptography
- Attacks and Prevention of Online Fraud
- Authentication and Non-repudiation
- Biometrics
- Cryptographic Protocols and Functions
- Database and System Security
- Design and Analysis of Cryptographic Algorithms
- Digital Rights Management
- Economics of Security and Privacy
- Formal Methods in Security
- Foundations of Computer Security
- Identity and Trust Management
- Information Hiding and Watermarking
- Infrastructure Security
- Intrusion Detection, Tolerance and Prevention
- Mobile, Ad Hoc and Sensor Network Security
- Network and Wireless Network Security
- Peer-to-Peer Network Security
- PKI and PMI
- Private Searches
- Security and Privacy in Pervasive/Ubiquitous Computing
- Security in Information Flow
- Security for Mobile Code
- Security of Grid Computing
- Security of eCommerce, eBusiness and eGovernment
- Security Modeling and Architectures
- Security Models for Ambient Intelligence environments
- Trusted Computing
- Usable Security
- Special Session on AES

For more information, please see http://isc08.twisc.org/.

WIFISEC 2008 1st International workshop on Wireless and Mobile Security, Held in conjunction with the 2nd IEEE International Conference and Exhibition on Next Generation Mobile Applications, Services, and Technologies (NGMAST 2008), Cardiff, Wales, UK, September 16-19, 2008. [posted here 3/10/08]
As Mobile and Wireless networks are becoming increasingly prevalent, the problem of ensuring that those networks are secure is an increasingly important issue. The issue of securing the different types of mobile and wireless networks, their operation and use is the focus of this workshop. Mobile and Wireless Networking environments eliminate many of the problems associated with traditional wired networks. However, the security and privacy risks introduced by such environments need to be addressed by exploiting appropriate security measures and techniques. Topics include but are not limited to:
- Key Management in wireless/mobile environments
- Intrusion detection, detection of malicious behaviour
- Denial of service
- User privacy, location privacy
- Authentication and Access control
- Anonymity, prevention of traffic analysis
- Dependable wireless networking
- Identity theft and phising in mobile networks
- Charging in wireless networks
- Security in vehicular networks
- Cross-layer design for security
- Monitoring and surveillance
- Identity theft and ciphering in mobile networks
- Vulnerability and attacker modelling
- Incentive-aware secure protocol design
- Routing Path Security in Ad-Hoc Networks
- Public Cryptography in Wireless Networks

For more information, please see http://www.comp.glam.ac.uk/wifisec/.

SecureComm 2008 4th International Conference on Security and Privacy for Communication Networks, Istanbul, Turkey, September 22-25, 2008. [posted here 3/3/08]
Securecomm seeks high-quality research contributions in the form of well developed papers. Topics of interest encompass research advances in ALL areas of secure communications and networking. Topics in other areas (e.g., formal methods, database security, secure software, theoretical cryptography) will be considered only if a clear connection to private or secure communication/networking is demonstrated. Securecomm brings together security and privacy experts in academia, industry and government as well as practitioners, standards developers and policy makers. Topics of interest include, but are not limited to, the following:
- Security & Privacy in Wired, Wireless, Mobile, Hybrid, Sensor, Ad Hoc networks
- Network Intrusion Detection and Prevention, Firewalls, Packet Filters
- Malware and botnets
- Communication Privacy and Anonymity
- Distributed denial of service
- Public Key Infrastructures, key management, credentials
- Web security
- Secure Routing, Naming/Addressing, Network Management
- Security & Privacy in Pervasive and Ubiquitous Computing, e.g., RFIDs
- Security & Privacy for emerging technologies: VoIP, peer-to-peer and overlay network systems, Web 2.0

For more information, please see http://www.securecomm.org.

NSPW 2008 New Security Paradigm Workshop, Olympic Valley, CA, USA, September 22-25, 2008. [posted here 1/14/08]
The computers of the world are under siege. Denial of service attacks plague commercial sites, large and small. Major companies are hacked for consumer credit card numbers. Phishing attacks for personal information are commonplace, and million-machine botnets are a reality. Our tools for combating these threats--cryptography, firewalls, access controls, vulnerability scanners, malware and intrusion detectors--are insufficient. We need radical new solutions, but most security researchers propose only incremental improvements. Since 1992, the New Security Paradigm Workshop (NSPW) has been a home for research that addresses the fundamental limitations of current work in information security. NSPW welcomes papers that present a significant shift in thinking about difficult security issues, build on such a recent shift, offer a contrarian view of accepted practice or policy, or address non-technological aspects of security. Our program committee particularly looks for new approaches to information security, early thinking on new topics, innovative solutions to long-time problems, and controversial issues which might not be accepted at other conferences but merit a hearing. We discourage papers that represent completed or established works, or offer incremental improvements to well-established models. NSPW expects a high level of scholarship from contributors, including awareness of prior work produced before the World Wide Web.

For more information, please see http://www.nspw.org.

October 2008

ESORICS 2008 13th European Symposium on Research in Computer Security, Malaga, Spain, October 6-8, 2008. [posted here 1/18/08]
Papers offering novel research contributions in any aspect of computer security are solicited for submission to the Thirteenth European Symposium on Research in Computer Security (ESORICS 2008). Organized in a series of European countries, ESORICS is confirmed as the European research event in computer security. The symposium started in 1990 and has been held on alternate years in different European countries and attracts an international audience from both the academic and industrial communities. From 2002 it has been held yearly. The Symposium has established itself as one of the premiere, international gatherings on Information Assurance. Papers may present theory, technique, applications, or practical experience on topics including:
- Access control
- Anonymity
- Authentication
- Authorization and delegation
- Cryptographic protocols
- Data integrity
- Dependability
- Information flow control
- Smartcards
- System security
- Digital right management
- Accountability
- Applied cryptography
- Covert channels
- Cybercrime
- Denial of service attacks
- Formal methods in security
- Inference control
- Information warfare
- Steganography
- Transaction management
- Data and application security
- Intellectual property protection
- Intrusion tolerance
- Peer-to-peer security
- Language-based security
- Network security
- Non-interference
- Privacy-enhancing technology
- Pseudonymity
- Subliminal channels
- Trustworthy user devices
- Identity management
- Security as quality of service
- Secure electronic commerce
- Security administration
- Security evaluation
- Security management
- Security models
- Security requirements engineering
- Security verification
- Survivability
- Information dissemination control
- Trust models and trust management policies

For more information, please see http://www.isac.uma.es/esorics08.

WDFIA 2008 3rd International Annual Workshop on Digital Forensics and Incident Analysis, Held in conjunction with the 13th European Symposium on Research in Computer Security (ESORICS 2008), University of Malaga, Malaga, Spain, October 9, 2008. [posted here 2/18/08]
The field of digital forensics is rapidly evolving and continues to gain significance in both the law enforcement and the scientific community. Being intrinsically interdisciplinary, it draws upon a wide range of subject areas such as information & communication technologies, law, social sciences and business administration. The workshop aims to provide a forum for researchers and practitioners to present original, unpublished research results and innovative ideas. We welcome the submission of papers from the full spectrum of issues relating to the theory and practice of digital forensics and incident analysis. Areas of special interest include, but are not limited to:
- Digital forensics tools and applications
- Incident response and investigation
- Forensic standards and procedures
- Portable electronic device forensics
- Network forensics
- Data hiding and recovery
- Network traffic analysis, traceback and attribution
- Data mining and e-discovery and their corporate use
- Legal, ethical and policy issues related to digital forensics
- Digital evidence visualisation and presentation
- Integrity of digital evidence and live investigations
- Digital evidence chain of custody, storage and preservation
- Multimedia analysis
- Digital forensics case studies
- The Trojan defence
- Forensics issues of malicious code
- Best practices and case studies
- Anti-forensics

For more information, please see http://www.aegean.gr/wdfia08.

NSS 2008 IFIP International Workshop on Network and System Security, Shanghai, China, October 18-19, 2008. [posted here 3/24/08]
While the attack systems have become more easy-to-use, sophisticated, and powerful, interest has greatly increased in the field of building more effective, intelligent, adaptive, active and high performance defense systems which are distributed and networked. We will focus our program on issues related to Network and System Security, such as authentication, access control, availability, integrity, privacy, confidentiality, dependability and sustainability of computer networks and systems. The aim of this workshop is to provide a leading edge forum to foster interaction between researchers and developers with the network and system security communities, and to give attendees an opportunity to interact with experts in academia, industry and governments. NSS 2008 will feature new results, challenging research questions, novel approaches and innovative directions in network and system security. Contributions are solicited in all areas of network and system security research and applications. Topics include, but not limited to:
- Active Defense Systems
- Adaptive Defense Systems
- Benchmark, Analysis and Evaluation of Security Systems
- Distributed Access Control and Trust Management
- Distributed Attack Systems and Mechanisms
- Distributed Intrusion Detection/Prevention Systems
- Denial-of-Service Attacks and Countermeasures
- High Performance Security Systems
- Identity Management and Authentication
- Implementation, Deployment and Management of Security Systems
- Intelligent Defense Systems
- Internet and Network Forensics
- Large-scale Attacks and Defense
- RFID Security and Privacy
- Security Architectures in Distributed Network Systems
- Security for Critical Infrastructures
- Security for P2P systems and Grid Systems
- Security in E-Commerce
- Security and Privacy in Wireless Networks
- Secure Mobile Agents and Mobile Code
- Security Simulation and Tools
- Security Theory and Tools in Network Systems
- Viruses, Worms, and Other Malicious Code
- World Wide Web Security

For more information, please see http://nss.cqu.edu.au.

CCS 2008 15th ACM Conference on Computer and Communications Security, Alexandria, Virginia, USA, October 27-31, 2008. [posted here 3/24/08]
The annual ACM Computer and Communications Security Conference is a leading international forum for information security researchers, practitioners, developers, and users to explore cutting-edge ideas and results, and to exchange techniques, tools, and experiences. We invite submissions from academia, government, and industry presenting novel research on all theoretical and practical aspects of computer security, as well as case studies and implementation experiences.

The conference seeks submissions from academia, government, and industry presenting novel research on all theoretical and practical aspects of computer and communications security, as well as case studies and implementation experiences. Papers should have relevance to the construction, evaluation, application, or operation of secure systems. Theoretical papers must make a convincing argument for the practical significance of the results. All topics related to computer and communications security are of interest. Authors interested in submitting but unsure if their topic is in scope should assume that it probably is in scope but should contact the program chairs if further guidance is desired.

For more information, please see http://www.sigsac.org/ccs/CCS2008/.

AISec 2008 1st ACM Workshop on AISec, Held in conjunction with the 15th ACM Conference on Computer and Communication Security (CCS 2008), Alexandria, VA, USA, October 27, 2008. [posted here 3/3/08]
The ubiquitous nature of information and communication today is often cited as the cause of many security and privacy problems including identity and reputation management, viruses/worms and phishing/pharming. There is strong evidence, however, that this abundance of information and communication has at least as many security and privacy benefits as costs. Consider for example, the use of machine learning algorithms to detect network intrusions, crowd-based approaches to anonymous communication and the use of data mining algorithms to determine content sanitization. All of these efforts benefit from recent advances in AI, which have often been driven by increases in the amount of available data. To fully realize the security and privacy benefits of today's ubiquitous information, the security community needs expertise in the tools and techniques for managing that information, namely, artificial intelligence technology, and the AI community needs an understanding of security and privacy problems. To facilitate an exchange of ideas between these two communities, we are holding the first workshop in "AISec" in conjunction with the 15th ACM Conference on Computer and Communications Security (CCS), the new field of security and privacy solutions that leverage AI technologies. The topics of interest include but are not limited to:
- Spam detection
- Fraud detection
- Botnet detection
- Intrusion detection
- Malware identification
- Insider threat detection
- Privacy-preserving data mining
- Inference detection and control
- Phishing detection and prevention
- Design and analysis of CAPTCHAs
- AI approaches to trust and reputation
- Machine learning techniques for optimizing user experience
- Vulnerability testing through intelligent probing (e.g. fuzzing)
- Content-driven security policy management & access control
- Techniques and methods for generating training and test set

For more information, please see http://www.aisec.info.

November 2008

STM 2008 4th International Workshop on Security and Trust Management, Held in conjunction with the IFIP TM 2008, Trondheim, Norway, November 25-27, 2008. [posted here 4/14/08]
STM08 is the fourth international workshop under the auspices of the Security and Trust Management working group of ERCIM (European Research Consortium in Informatics and Mathematics). STM 2008 has at least the following aims: (1) To investigate the foundations and applications of security and trust in ICT; (2) To study the deep interplay between trust management and common security issues such as confidentiality, integrity and availability; (3) To identify and promote new areas of research connected with security management, e.g. dynamic and mobile coalition management (e.g., P2P, MANETs, Web/GRID services); (4) To identify and promote new areas of research connected with trust management, e.g. reputation, recommendation, collaboration etc.; and (5)To provide a platform for presenting and discussing emerging ideas and trends. Topics of interest include but are not limited to:
- Semantics and computational models for security and trust
- Security and trust management architectures, mechanisms and policies
- Software engineering for security, trust and privacy
- Networked systems security
- Privacy and anonymity
- Identity management
- ICT for securing digital as well as physical assets
- Cryptography

For more information, please see http://www.isac.uma.es/stm08.

IWSEC 2008 3rd International Workshop on Security, Kagawa, Japan, November 25-27, 2008. [posted here 1/17/08]
The aim of IWSEC2008 is to contribute to security research and development addressing the topics from traditional theory and tools on security to other up-to-date issues. Topics include but are not limited to:
- Cryptography
- Authorization and Access Control
- Biometrics
- Information Hiding
- Quantum Security
- Network and Distributed Systems Security
- Privacy Enhancing Technology
- Security Issues in Ubiquitous/Pervasive Computing
- Security Management
- Software and System Security
- Protection of Critical Infrastructure
- Digital Forensics
- Economics and Other Scientific Approaches for Security

For more information, please see http://www.iwsec.org.

Globecom-CCNS 2008 Computer and Communications Network Security Symposium, Held in conjunction with the IEEE Global Communications Conference (GLOBECOM 2008), New Orleans, LA, USA, November 30 - December 4, 2008. [posted here 1/7/08]
The Computer and Communications Network Security Symposium will address all aspects of the modelling, design, implementation,deployment, and management of computer/network security algorithms, protocols,architectures, and systems. Furthermore, contributions devoted to the evaluation, optimization, or enhancement of security mechanisms for current technologies as well as devising efficient security and privacy solutions for emerging technologies are solicited. Topics of interest include:
- Secure PHY, MAC, Routing and Upper Layer Protocols
- Secure Cross Layer Design
- Authentication Protocols and Services Authorization
- Confidentiality
- Data and System Integrity
- Availability of Secure Services
- Key Distribution and Management
- PKI and Security Management
- Trust Models and Trust Establishment
- Identity Management and Access Control
- Deployment and Management of Computer/Network Security Policies
- Monitoring Design for Security
- Distributed Intrusion Detection Systems and Countermeasures
- Traffic Filtering and Firewalling
- IPv6 security, IPSec
- Virtual Private Networks (VPNs)
- Prevention, Detection and Reaction Design
- Revocation of Malicious Parties
- Light-Weight Cryptography
- Quantum Cryptography and QKD
- Applications of Cryptography and Cryptanalysis in communications security
- Security and Mobility
- Mobile Code Security
- Network traffic Analysis Techniques
- Secure Naming and Addressing (Privacy and Anonymity)
- Application/Network Penetration Testing
- Advanced Cryptographic Testbeds
- Network Security Metrics and Performance Evaluation
- Operating System(OS) Security and Log Analysis Tools
- Security Modelling and Protocol Design
- Security Specification Techniques
- Self-Healing Networks
- Smart Cards and Secure Hardware
- Biometric Security: Technologies, Risks and Vulnerabilities
- Information Hiding and Watermarking
- Vulnerability, Exploitation Tools, and Virus/Worm Analysis
- Distributed Denial-Of-Service (DDOS) Attacks and Countermeasures
- DNS Spoofing and Security
- Critical infrastructure Security
- Single- and Multi-Source Intrusion Detection and Response (Automation)
- Web, E-commerce, M-commerce, and E-mail Security
- New Design for Unknown Attacks Detection

For more information, please see http://www.comsoc.org/confs/globecom/2008/symposium/compcom.html.