Calls for Papers

Last Modified:03/08/10

Upcoming Conferences and Workshops

Note: The submission date has passed.

IFIP-CIP 2010 4th Annual IFIP WG 11.10 International Conference on Critical Infrastructure Protection, Fort McNair, Washington, DC, USA, March 14–17, 2010. [posted here 7/13/09]
The IFIP Working Group 11.10 on Critical Infrastructure Protection is an active international community of researchers, infrastructure operators and policy-makers dedicated to applying scientific principles, engineering techniques and public policy to address current and future problems in information infrastructure protection. Following the success of the first three conferences, the Fourth Annual IFIP WG 11.10 International Conference on Critical Infrastructure Protection will again provide a forum for presenting original, unpublished research results and innovative ideas related to all aspects of critical infrastructure protection. Papers are solicited in all areas of critical infrastructure protection. Areas of interest include, but are not limited to:
- Infrastructure vulnerabilities, threats and risks
- Security challenges, solutions and implementation issues
- Infrastructure sector interdependencies and security implications
- Risk analysis and risk assessment methodologies
- Modeling and simulation of critical infrastructures
- Legal, economic and policy issues
- Secure information sharing
- Infrastructure protection case studies
- Distributed control systems/SCADA security
- Telecommunications network security

For more information, please see http://www.ifip1110.org.

WiSec 2010 3rd ACM Conference on Wireless Network Security, Stevens Institute of Technology, Hoboken, NJ, USA, March 22-24, 2010. [posted here 6/8/09]
As wireless networks become ubiquitous, their security gains in importance. The ACM Conference on Wireless Network Security (WiSec) aims at exploring attacks on wireless networks as well as techniques to thwart them. The considered networks encompass cellular, metropolitan, local area, vehicular, ad hoc, satellite, underwater, cognitive radio, and sensor networks, as well as RFID. Topics of interest include, but are not limited to:
- Naming and addressing vulnerabilities
- Key management in wireless/mobile environments
- Secure neighbor discovery / Secure localization
- Secure PHY and MAC protocols
- Trust establishment
- Intrusion detection, detection of malicious behavior
- Revocation of malicious parties
- Denial of service
- User privacy, location privacy
- Anonymity, prevention of traffic analysis
- Identity theft and phishing in mobile networks
- Charging
- Cooperation and prevention of non-cooperative behavior
- Economics of wireless security
- Vulnerability and attack modeling
- Incentive-aware secure protocol design
- Jamming/Anti-jamming communication
- Cross-layer design for security
- Monitoring and surveillance
- Cryptographic primitives for wireless communication
- Formal methods for wireless security
- Mobile platform and systems (OS and application) security

For more information, please see http://www.sigsac.org/wisec/WiSec2010.

SAC-CF 2010 25th ACM Symposium on Applied Computing, Computer Forensics Track, Sierre, Switzerland, March 22-26, 2010. [posted here 5/25/09]
With the exponential growth of computer users, the number of criminal activities that involves computers has increased tremendously. The field of Computer Forensics has gained considerable attention in the past few years. It is clear that in addition to law enforcement agencies and legal personnel, the involvement of computer savvy professionals is vital for any digital incident investigation. Unfortunately, there are not many well-qualified computer crime investigators available to meet this demand. An approach to solve this problem is to develop state-of-the-art research and development tools for practitioners in addition to creating awareness among computer users. The primary goal of this track will be to provide a forum for researchers, practitioners, and educators interested in Computer Forensics in order to advance research and educational methods in this increasingly challenging field. We expect that people from academia, industry, government, and law enforcement will share their previously unpublished ideas on research, education, and practice through this track. We solicit original, previously unpublished papers in the following general (non-exhaustive) list of topics:
- Incident Response and Live Data Analysis
- Operating System and Application Analysis
- File System Analysis
- Network Evidence Collection
- Network Forensics
- Data Hiding and Recovery
- Digital Image Forensics
- Event Reconstruction and Tracking
- Forensics in Untrusted Environments
- Hardware Assisted Forensics
- Legal, Ethical and Privacy Issues
- Attributing Malicious Cyber Activity
- Design for Forensic Evaluation
- Visualization for Forensics

For more information, please see http://comp.uark.edu/~bpanda/sac2010cfp.pdf.

SAC-TRECK 2010 25th ACM Symposium on Applied Computing, Trust, Reputation, Evidence and other Collaboration Know-how Track (TRECK), Sierre, Switzerland, March 22-26, 2010. [posted here 5/25/09]
Computational models of trust and online reputation mechanisms have been gaining momentum. The goal of the ACM SAC 2010 TRECK track remains to review the set of applications that benefit from the use of computational trust and online reputation. Computational trust has been used in reputation systems, risk management, collaborative filtering, social/business networking services, dynamic coalitions, virtual organisations and even combined with trusted computing hardware modules. The TRECK track covers all computational trust/reputation applications, especially those used in real-world applications. The topics of interest include, but are not limited to:
- Recommender and reputation systems
- Trust management, reputation management and identity management
- Pervasive computational trust and use of context-awareness
- Mobile trust, context-aware trust
- Web 2.0 reputation and trust
- Trust-based collaborative applications
- Automated collaboration and trust negotiation
- Trade-off between privacy and trust
- Trust/risk-based security frameworks
- Combined computational trust and trusted computing
- Tangible guarantees given by formal models of trust and risk
- Trust metrics assessment and threat analysis
- Trust in peer-to-peer and open source systems
- Technical trust evaluation and certification
- Impacts of social networks on computational trust
- Evidence gathering and management
- Real-world applications, running prototypes and advanced simulations
- Applicability in large-scale, open and decentralised environments
- Legal and economic aspects related to the use of trust and reputation engines
- User-studies and user interfaces of computational trust and online reputation applications

For more information, please see http://www.trustcomp.org/treck/.

SAC-SEC 2010 25th ACM Symposium on Applied Computing, Computer Security Track, Sierre, Switzerland, March 22-26, 2010. [posted here 8/24/09]
The Security Track reaches its ninth edition this year, thus appearing among the most established tracks in the Symposium. The list of issues remains vast, ranging from protocols to workflows. Topics of interest include but are not limited to:
- software security (protocols, operating systems, etc.)
- hardware security (smartcards, biometric technologies, etc.)
- mobile security (properties for/from mobile agents, etc.)
- network security (anti-virus, anti-hacker, anti-DoS tools, firewalls, real-time monitoring, etc.)
- alternatives to cryptography (steganography, etc.)
- security-specific software development practices (vulnerability testing, fault-injection resilience, etc.)
- privacy and anonimity (trust management, pseudonimity, identity management, etc.)
- safety and dependability issues (reliability, survivability, etc.)
- cyberlaw and cybercrime (copyrights, trademarks, defamation, intellectual property, etc.)
- security management and usability issues (security configuration, policy management, usability trials etc.)
- workflow and service security (business processes, web services, etc.)

For more information, please see http://www.dmi.unict.it/~giamp/sac/10cfp.html.

SAC-ISRA 2010 25th ACM Symposium on Applied Computing, Information Security Research and Applications Track, Sierre, Switzerland, March 22-26, 2010. [posted here 6/8/09]
As society becomes more reliant on information systems, networks, and mobile communication, we become more vulnerable to security incidents. Our critical infrastructures for energy, communication, and transportation are interconnected via the Internet, bringing with this the efficiencies and economies of scale and the risk associated with open networks. It has turned out that economic and societal interests go beyond technical security, as they also relate to organizational and behavioral security facets. This track provides a venue for holistic security issues related to detecting, mitigating and preventing the threat of attacks against information and communication systems. It brings together security researchers from the areas of computer science, information systems and systems science who are otherwise spread over multiple conferences. Papers that address improving the security of information system- reliant organizations from threats through technical, organizational, or behavioral change are encouraged. These may include simulation studies, case-based research, empirical studies, and other applications of quantitative and qualitative methods. Topics include, but are not limited to:
- Internet security
- Economics of information security
- Identifying modes of misuse
- Applications of access policies
- Analysis of known and unknown modes of attack
- Detecting and mitigating insider threats
- Modeling risks and approaches to mitigation
- Teaching and training security and business managers about information security
- Creating channels and techniques to share confidential information
- Modeling and theory building of security issues
- Insider threats
- Social and business security policy
- Intrusion detection/prevention
- Electronic commerce security and privacy
- Secure software development
- Electronic voting
- Security metrics
- Risk and fraud assessment
- Trust
- Process Control Systems / SCADA security

For more information, please see http://www.albany.edu/~er945/CfP_SAC2010_ISRA.html.

SESOC 2010 International Workshop on SECurity and SOCial Networking, Mannheim, Germany, March 29 - April 2 2010. [posted here 7/27/09]
Future pervasive communication systems aim at supporting social and collaborative communications: the evolving topologies are expected to resemble the actual social networks of the communicating users and information on their characteristics can be a powerful aid for any network operation. New emerging technologies that use information on the social characteristics of their participants raise entirely new privacy concerns and require new reflections on security problems such as trust establishment, cooperation enforcement or key management. The aim of this workshop is to encompass research advances in all areas of security, trust and privacy in pervasive communication systems, integrating the social structure of the network as well. Topics of interest include:
- new aspects of trust
- privacy concerns
- availability and resilience
- community based secure communication
- data confidentiality, data integrity
- anonymity, pseudonymity
- key management
- secure bootstrapping
- security issues in forwarding, routing
- security aspects regarding cooperation
- new reputation systems
- new attack paradigms
- new requirements for software security
- malware

For more information, please see http://www.sesoc.org.

AH 2010 1st ACM Augmented Human International Conference, Megève ski resort, France, April 2-4, 2010. [posted here 10/5/09]
The AH international conference focuses on scientific contributions towards augmenting humans capabilities through technology for increased well-being and enjoyable human experience. The topics of interest include, but are not limited to:
- Augmented and Mixed Reality
- Internet of Things
- Augmented Sport
- Sensors and Hardware
- Wearable Computing
- Augmented Health
- Augmented Well-being
- Smart artifacts & Smart Textiles
- Augmented Tourism and Games
- Ubiquitous Computing
- Bionics and Biomechanics
- Training/Rehabilitation Technology
- Exoskeletons
- Brain Computer Interface
- Augmented Context-Awareness
- Augmented Fashion
- Safety, Ethics and Legal Aspects
- Security and Privacy Aspects

For more information, please see http://www.augmented-human.com/.

EuroSec 2010 European Workshop on System Security, Held in conjunction with the Annual ACM SIGOPS EuroSys conference, Paris, France, April 13, 2010. [posted here 11/30/09]
The workshop aims to bring together researchers, practitioners, system administrators, system programmers, and others interested in the latest advances in the security of computer systems and networks. The focus of the workshop is on novel, practical, systems-oriented work. EuroSec seeks contributions on all aspects of systems security. Topics of interest include (but are not limited to):
- Operating systems security
- Web/network/distributed systems security
- New attacks and evasion techniques
- Hardware architectures
- Trusted computing and its applications
- Identity management, anonymity
- Small trusted computing bases
- Mobile systems security
- Measuring security
- Malicious code analysis and detection
- Systems-based forensics
- Systems work on fighting spam/phishing

For more information, please see http://www.iseclab.org/eurosec-2010/.

WISTP 2010 4th Workshop on Information Security Theory and Practice, Passau, Germany, April 13-14, 2010. [posted here 10/5/09]
The impact of pervasive and smart devices on our daily lives is ever increasing, and the rapid technological development of information technologies ensures that this impact is constantly changing. It is imperative that these complex and resource constrained technologies are not vulnerable to attack. This workshop will consider the full impact of the use of pervasive and smart technologies on individuals, and society at large, with regard to the security and privacy of the systems that make use of them. The workshop seeks submissions from academia and industry presenting novel research on all theoretical and practical aspects of security and privacy of pervasive systems and smart devices, as well as experimental studies of fielded systems. We encourage submissions that address the application of security technology, the implementation of systems, and lessons learned. We encourage submissions from other communities such as law and business that present these communities' perspectives on technological issues. Topics of interest include, but are not limited to:
- Access control
- Ad hoc networks security
- Anonymity
- Biometrics, national ID cards
- Data and application security and privacy
- Data protection
- Delay-tolerant network security
- Digital rights management (DRM) in pervasive environments
- Domestic network security
- Embedded systems security and TPMs
- Human and psychological aspects of security
- Human-computer interaction and human behavior impact for security
- Identity management
- Information assurance and trust management
- Interplay of TPMs and smart cards
- Intrusion detection and information filtering
- Mobile codes security
- Mobile commerce security
- Mobile devices security
- New applications for secure RFID systems
- Peer-to-peer security
- Privacy enhancing technologies
- RFID and NFC systems security
- Secure self-organization and self-configuration
- Security in location services
- Security issues in mobile and ubiquitous networks
- Security metrics
- Security models and architecture
- Security of GSM/GPRS/UMTS systems
- Security policies
- Security protocols
- Sensor networks security
- Smart card security
- Smart devices applications
- Vehicular network security
- Wireless communication security
- Wireless sensor node security

For more information, please see http://www.wistp.org/.

IDtrust 2010 9th Symposium on Identity and Trust on the Internet, Gaithersburg, Maryland, USA, April 13-15, 2010. [posted here 11/2/09]
IDtrust is looking for papers related to all parts of the public-key mediated authentication and access control problem. All software systems, from enterprise data centers to small businesses and consumer-facing applications, must make access control decisions for protected data. IDtrust is a venue for the discussion of the complete access control process (authentication, authorization, provisioning and security decision workflow), addressing questions such as: "What are the authorization strategies that will succeed in the next decade?" "What technologies exist to address complex requirements today?" "What research is academia and industry pursuing to solve the problems likely to show up in the next few years?" Identity as used here refers to not just the principal identifier, but also to attributes and claims. Topics of interest include, but are not limited to:
- Analysis of existing identity management protocols and ceremonies (SAML, Liberty, CardSpace, OpenID, and PKI-related protocols)
- Analysis or extension of identity metasystems, frameworks, and systems (Shibboleth, Higgins, etc.)
- Design and analysis of new access control protocols and ceremonies
- Cloud/grid computing implications on authorization and authentication
- Assembly of requirements for access control protocols and ceremonies involving strong identity establishment
- Reports of real-world experience with the use and deployment of identity and trust applications for broad use on the Internet (where the population of users is diverse) and within enterprises who use the Internet (where the population of users may be more limited), how best to integrate such usage into legacy systems, and future research directions. Reports may include use cases, business case scenarios, requirements, best practices, implementation and interoperability reports, usage experience, etc.
- User-centric identity, delegation, reputation
- Identity and Web 2.0, secure mash-ups, social networking, trust fabric and mechanisms of “invited networks”
- Identity management of devices from RFID tags to cell phones; Host Identity Protocol (HIP)
- Federated approaches to trust
- Standards related to identity and trust, including X.509, S/MIME, PGP, SPKI/SDSI, XKMS, XACML, XRML, and XML signatures
- Intersection of policy-based systems, identity, and trust; identity and trust policy enforcement, policy and attribute mapping and standardization
- Attribute management, attribute-based access control
- Trust path building and certificate validation in open and closed environments
- Analysis and improvements to the usability of identity and trust systems for users and administrators, including usability design for authorization and policy management, naming, signing, verification, encryption, use of multiple private keys, and selective disclosure
- Identity and privacy
- Levels of trust and assurance
- Trust infrastructure issues of scalability, performance, adoption, discovery, and interoperability
- Use of PKI in emerging technologies (e.g., sensor networks, disaggregated computers, etc.)
- Application domain requirements: web services, grid technologies, document signatures, (including signature validity over time), data privacy, etc.

For more information, please see http://middleware.internet2.edu/idtrust/2010/.

ASIACCS 2010 5th ACM Symposium on Information, Computer and Communications Security, Beijing, China, April 13-16, 2010. [posted here 6/29/09]
ASIACCS is a major international forum for information security researchers, practitioners, developers, and users to explore and exchange the latest cyber-security ideas, breakthroughs, findings, techniques, tools, and experiences. We invite submissions from academia, government, and industry presenting novel research on all theoretical and practical aspects of computer and network security. Topics of interest include, but are not limited to:
- anonymity
- access control
- secure networking
- accounting and audit
- key management
- intrusion detection
- authentication
- smartcards
- data and application security
- Malware and botnets
- privacy-enhancing technology
- software security
- inference/controlled disclosure
- intellectual-property protection
- digital-rights management
- trusted computing
- phishing and countermeasures
- commercial and industry security
- security management
- web security
- applied cryptography
- mobile-computing security
- cryptographic protocols
- data/system integrity
- information warfare
- formal methods for security
- identity management
- security in ubiquitous computing, e.g., RFIDs
- security and privacy for emerging technologies, e.g., VoIP, peer-to-peer and overlay network systems, Web 2.0

For more information, please see http://www.dacas.cn/asiaccs2010.

SMPE 2010 4th International Symposium on Security and Multimodality in Pervasive Environments, Perth, Australia, April 20-23, 2010. [posted here 10/26/09]
Pervasive computing environments (PE) present specific peculiarities with respect to aspects like security and multimodality. As a matter of fact, the accessibility level of a virtual environment can definitively be improved by natural interfaces and multimodal interaction systems, which offer users the freedom to select from multiple modes of interaction with services and permit to break down barriers about human-computer interaction making communication intuitive and spontaneous. On the other hand, while enlarging and easing the ways to access to the environment, security threads arise and the environment must be properly equipped in order to protect itself from malicious attacks and/or from wrong actions performed by inexpert users. Topics of Interest include:
- Trust and reputation management in PE
- Security applications and services in pervasive computing
- Security model for pervasive computing
- Intelligent multimedia security services in pervasive computing
- Key management and authentication in pervasive computing
- Network security issues and protocols in pervasive computing
- Access control and privacy protection in pervasive computing
- Security Standard for next pervasive computing
- Security in Human Centred Environments
- Natural interfaces security issues
- Advanced multimodal interfaces
- Human oriented interfaces
- Multimodal mobile and ubiquitous services
- Methods for multimodal integration
- Middleware services for multimodal and pervasive applications
- Context-Awareness in multimodal applications
- Multimodal analysis and recognition of contex
- Next ubiquitous and immersive environments
- Virtual reality and ubiquitous computing
- Usability and accessibility in ubiquitous applications
- Applications and scenarios
- Others: Commercial or Industrial Issue in pervasive computing

For more information, please see http://www.ftrg.org/smpe2010.

ICISA-Security 2010 International Conference on Information Science and Applications, Security & Privacy Track, Seoul, Korea, April 21-23, 2010. [posted here 11/23/09]
The goal of this conference is to bring together researchers from academia and practitioners from industry who are involved in Information Science and Applications Issues as well as share ideas, problems, and solutions related to those issues. This conference will provide a forum where researchers will present recent research results, describe emerging technologies and new research problems and directions related to Information Science and Applications Issues. The conference seeks contributions presenting novel research results in all aspects of information and security and applications. Topics of interest may include one or more of the following (but are not limited to) themes in the Security and Privacy track are:
- Infrastructure Security
- Multimedia Security
- Software Security
- Privacy Masking

For more information, please see http://global.kcis.kr/icisa2010/.

LEET 2010 3rd USENIX Workshop on Large-Scale Exploits and Emergent Threats: Botnets, Spyware, Worms, and More, Held in conjunction with the 7th USENIX Symposium on Networked Systems Design and Implementation (NSDI 2010), San Jose, CA, USA, April 27, 2010. [posted here 9/21/09]
LEET aims to provide a unique forum for the discussion of threats to the confidentiality of our data, the integrity of digital transactions, and the dependability of the technologies we increasingly rely on. We encourage submissions of papers that focus on the malicious activities themselves (e.g., reconnaissance, exploitation, privilege escalation, rootkit installation, attack), our responses as defenders (e.g., prevention, detection, and mitigation), or the social, political, and economic goals driving these malicious activities and the legal and ethical codes guiding our defensive responses. Topics of interest include but are not limited to:
- Infection vectors for malware (worms, viruses, etc.)
- Botnets, command, and control channels
- Spyware
- Operational experience
- Forensics
- Click fraud
- Measurement studies
- New threats and related challenges
- Boutique and targeted malware
- Phishing
- Spam
- Underground markets
- Carding and identity theft
- Miscreant counterintelligence
- Denial-of-service attacks
- Hardware vulnerabilities
- Legal issues
- The arms race (rootkits, anti–anti-virus, etc.)
- New platforms (cellular networks, wireless networks, mobile devices)
- Camouflage and detection
- Reverse engineering
- Vulnerability markets and zero-day economics
- Online money laundering
- Understanding the enemy
- Data collection challenges

For more information, please see http://www.usenix.org/events/leet10/cfp/.

SP 2010 31st IEEE Symposium on Security and Privacy, The Claremont Resort, Oakland, CA, USA, May 16–19, 2010. [posted here 7/13/09]
Since 1980, the IEEE Symposium on Security and Privacy has been the premier forum for computer security research, presenting the latest developments and bringing together researchers and practitioners. We solicit previously unpublished papers offering novel research contributions in any aspect of computer security or privacy. Papers may present advances in the theory, design, implementation, analysis, verification, or empirical evaluation of secure systems. S&P is interested in all aspects of computer security and privacy. Papers without a clear application to security or privacy, however, will be considered out of scope and may be rejected without full review.

*Systematization of Knowledge Papers*: In addition to the standard research papers, we are also soliciting papers focused on systematization of knowledge. The goal of this call is to encourage work that evaluates, systematizes, and contextualizes existing knowledge. These papers will provide a high value to our community but would otherwise not be accepted because they lack novel research contributions. Suitable papers include survey papers that provide useful perspectives on major research areas, papers that support or challenge long-held beliefs with compelling evidence, or papers that provide an extensive and realistic evaluation of competing approaches to solving specific problems. Submissions will be distinguished by a checkbox on the submission form. They will be reviewed by the full PC and held to the same standards as traditional research papers, except instead of emphasizing novel research contributions the emphasis will be on value to the community. Accepted papers will be presented at the symposium and included in the proceedings.

*Workshops*: The Symposium is also soliciting submissions for colocated workshops. Workshop proposals should be sent by Friday, 21 August 2009 by email to Carrie Gates (carrie.gates@ca.com). Workshops may be half-day or full-day in length. Submissions should include the workshop title, a short description of the topic of the workshop, and biographies of the organizers.

For more information, please see http://oakland10.cs.virginia.edu/cfp.html.

SADFE 2010 5th International Workshop on Systematic Approaches to Digital Forensic Engineering, Held in conjunction with the IEEE Symposium on Security and Privacy (SP 2010), Oakland, CA, USA, May 20, 2010. [posted here 11/23/09]
The SADFE (Systematic Approaches to Digital Forensic Engineering) Workshop promotes systematic approaches to computer investigations, by furthering the advancement of digital forensic engineering as a disciplined science and practice. Most previous SADFE papers have emphasized cyber crime investigations and digital forensics tools. While these are still key topics of the meeting, we also welcome digital forensics papers that do not necessarily involve either crime or digital forensics tools. General attack analysis, the insider threat, insurance and compliance investigations, similar forms of retrospective analysis, and digital discovery are all viable topics. Digital forensic engineering is the application of scientific principles to the collection and analysis of digital artifacts, either for use within the legal system or to aid in understanding past events with the goal of improving computer system security.

For more information, please see http://conf.ncku.edu.tw/sadfe/sadfe10/.

MOBISEC 2010 2nd International ICST Conference on Security and Privacy in Mobile Information and Communication Systems, Catania, Sicily, May 26-28, 2010. [posted here 10/26/09]
The focus of MOBISEC 2010 is the convergence of information and communication technology in mobile scenarios. This convergence is realised in intelligent mobile devices, accompanied by the advent of converged, and next-generation, communication networks. As mobile communication and information processing becomes a commodity, economy and society require protection of this precious resource. Mobility and trust in networking go hand in hand for future generations of users, who need privacy and security at all layers of technology. MobiSec strives to bring together the leading-edge of academia and industry in mobile systems security, as well as practitioners, standards developers and policymakers. Topics of interest include, but are not limited to the following focus areas, as applied to mobile ICT:
- Security architectures for next-generation, new-generation and converged communication networks
- Trusted mobile devices, hardware security
- Network resilience
- Threat analyses for mobile systems
- Multi-hop authentication and trust
- Non-repudiation of communication
- Context-aware and data-centric security
- Protection and safety of distributed mobile data
- Mobile application security
- Security for voice and multimedia communication
- Machine-to-machine communication security
- Trust in autonomic and opportunistic communication
- Location based applications security and privacy
- Security for the networked home environment
- Security and privacy for mobile communities
- Mobile emergency communication, public safety
- Lawful interception and mandatory data retention
- Security of mobile agents and code
- Identity management
- Embedded security

For more information, please see http://mobisec.org/.

WEIS 2010 9th Workshop on the Economics of Information Security, Harvard University, Cambridge, MA, USA, June 7-8, 2010. [posted here 11/9/09]
The Workshop on the Economics of Information Security (WEIS) is the leading forum for interdisciplinary scholarship on information security, combining expertise from the fields of economics, social science, business, law, policy and computer science. Prior workshops have explored the role of incentives between attackers and defenders, identified market failures dogging Internet security, and assessed investments in cyber-defense. This workshop will build on past efforts using empirical and analytic tools to not only understand threats, but also strengthen security through novel evaluations of available solutions. How should information risk be modeled given the constraints of rare incidence and high interdependence? How do individuals’ and organizations’ perceptions of privacy and security color their decision making? How can we move towards a more secure information infrastructure and code base while accounting for the incentives of stakeholders? We encourage economists, computer scientists, business school researchers, legal scholars, security and privacy specialists, as well as industry experts to submit their research and attend the workshop. Suggested topics include (but are not limited to) empirical and theoretical studies of:
- Optimal investment in information security
- Online crime (including botnets, phishing and spam)
- Models and analysis of online crime
- Risk management and cyberinsurance
- Security standards and regulation
- Cybersecurity policy
- Privacy, confidentiality and anonymity
- Behavioral security and privacy
- Security models and metrics
- Psychology of risk and security
- Vulnerability discovery, disclosure, and patching
- Cyberwar strategy and game theory
- Incentives for information sharing and cooperation

For more information, please see http://weis2010.econinfosec.org/cfp.html.

CISSE 2010 14th Colloquium for Information Systems Security Education, Baltimore, MD, USA, June 7-9, 2010. [posted here 10/12/09]
This Colloquium, the fourteenth in an ongoing annual series, brings together leading figures from academia, government, and industry to address the national need for security and assurance of our information and communications infrastructure. The Colloquium solicits participation from practitioners, students, educators, and researchers. The topics areas should discuss course or lab development, Information Assurance (IA) curricula, standards, best practices, existing or emerging programs, trends, and future vision, as well as related issues. This includes the following general topics:
- Assessment of need (e.g. how many information security workers/ researchers/ faculty are needed?)
- Integrating information assurance topics in existing graduate or undergraduate curricula
- Experiences with course or laboratory development
- Alignment of curriculum with existing information assurance education standards
- Emerging programs or centers in information assurance
- Best practices
- Vision for the future
- Tools, demonstrations, case studies, course modules, shareware, and worked examples that participants (and others) can use to help educate people in computer security.

For more information, please see http://www.cisse.info.

SACMAT 2010 15th ACM Symposium on Access Control Models and Technologies, Pittsburgh, PA, USA, June 9-11, 2010. [posted here 10/5/09]
Papers offering novel research contributions in all aspects of access control are solicited for submission to the ACM Symposium on Access Control Models and Technologies (SACMAT). The missions of the symposium are to share novel access control solutions that fulfill the needs of heterogeneous applications and environments and to identify new directions for future research and development. SACMAT gives researchers and practitioners a unique opportunity to share their perspectives with others interested in the various aspects of access control. Topic of Interest include:
- Access control models and extensions
- Access control requirements
- Access control design methodology
- Access control mechanisms, systems, and tools
- Access control in distributed and mobile systems
- Access control for innovative applications
- Administration of access control policies
- Delegation
- Identity management
- Policy/Role Engineering
- Safety analysis and enforcement
- Standards for access control
- Trust management
- Trust models
- Theoretical foundations for access control models
- Usage control

For more information, please see http://www.sacmat.org/.

D-SPAN 2010 1st International Workshop on Data Security and PrivAcy in wireless Networks, Held in conjunction with WoWMoM 2010, Montreal, QC, Canada, June 14, 2010. [posted here 12/21/09]
This workshop is focused on defining new problems and developing novel techniques for data security and privacy issues in wireless and mobile networks. With the emergence of data-intensive wireless networks such as wireless sensor networks and data-centric mobile applications such as location-based services, the traditional boundaries between these three disciplines are blurring. This workshop solicits papers from two main categories: (1) papers that consider the security and privacy of data collection, transmission, storage, publishing, and sharing in wireless networks broadly defined, e.g., MANET, cellular, vehicular, ad hoc, cognitive, as well as sensor networks, and (2) papers that use data analytics techniques to address security and privacy problems in wireless networks. The workshop provides a venue for researchers to present new ideas with impact on three communities – wireless networks, databases, and security. The list of topics includes, but not limited to:
- Fundamental theory of a security network science
- Key exchange, distribution and management in wireless networks
- Location privacy in wireless networks
- Secure data collection and aggregation for wireless sensor networks
- Secure data collection in body-area networks
- Secure data processing in mobile ad-hoc networks (MANET)
- Secure query processing over wireless sensor networks
- Security and privacy of RFID systems
- Security and privacy for data streaming
- Security for cognitive radio networks
- Tradeoffs between Security and Communication Performance

For more information, please see http://home.gwu.edu/~nzhang10/DSPAN2010/.

IFIP-TM 2010 4th IFIP International Conference on Trust Management, Morioka, Japan, June 16-18, 2010. [posted here 7/27/09]
The mission of the IFIPTM 2010 Conference is to share research solutions to problems of Trust and Trust management, including related Security and Privacy issues, and to identify new issues and directions for future research and development work. IFIPTM 2010 invites submissions presenting novel research on all topics related to Trust, Security and Privacy, including but not limited to those listed below:
- Trust models, formalization, specification, analysis and reasoning
- Reputation systems and architectures
- Engineering of trustworthy and secure software
- Ethics, sociology and psychology of trust
- Security management and usability issues including security configuration
- Trust management frameworks for secure collaborations
- Language security
- Security, trust and privacy for service oriented architectures and composite applications
- Security, trust and privacy for software as a service (SaaS)
- Security, trust and privacy for Web 2.0 Mashups
- Security, privacy, and trust as a service
- Legal issues related to the management of trust
- Semantically-aware security management
- Adaptive security policy management
- Mobile security
- Anonymity and privacy vs. accountability
- Critical infrastructure protection, public safety and emergency management
- Privacy and identity management in e-services
- Biometrics, national ID cards, identity theft
- Robustness of trust and reputation systems
- Distributed trust and reputation management systems
- Human computer interaction aspects of privacy, security & trust
- Applications of trust and reputation management in e-services
- Trusted platforms and trustworthy systems

For more information, please see http://www.ifip-tm2010.org/.

DBSec 2010 24th Annual IFIP WG 11.3 Working Conference on Data and Applications Security, Rome, Italy, June 21-23, 2010. [posted here 11/30/09]
DBSec is an annual international conference covering research in data and applications security and privacy. The 24th Annual IFIP WG 11.3 Working Conference on Data and Applications Security (DBSec 2010) will be held in Rome, Italy. The conference seeks submissions from academia, industry, and government presenting novel research on all theoretical and practical aspects of data protection, privacy, and applications security. Topics of interest include, but are not limited to:
- access control
- anonymity
- applied cryptography in data security
- authentication
- data and system integrity
- data protection
- database security
- digital rights management
- identity management
- intrusion detection
- knowledge discovery and privacy
- methodologies for data and application security
- network security
- organizational security
- privacy
- secure cloud computing
- secure distributed systems
- secure information integration
- secure Web services
- security and privacy in IT outsourcing
- security and privacy in location-based services
- security and privacy in P2P scenarios and social networks
- security and privacy in pervasive/ubiquitous computing
- security and privacy policies
- security management
- security metrics
- threats, vulnerabilities, and risk management
- trust and reputation systems
- trust management
- wireless and mobile security

For more information, please see http://dbsec2010.dti.unimi.it.

Trust 2010 3rd International Conference on Trust and Trustworthy Computing, Berlin, Germany, June 21-23, 2010. [posted here 11/23/09]
Building on the success of Trust 2009 (held at Oxford, UK) and Trust 2008 (Villach, Austria), this conference focuses on trusted and trustworthy computing, both from the technical and social perspectives. The conference itself will have two main strands, one devoted to technical aspects and one devoted to the socio-economic aspects of trusted computing. This call for papers is for contributions to the technical strand - a separate call is issued for contributions to the socio-economic strand of the conference. The conference solicits original papers on any aspect of the design and application of trusted and trustworthy computing, which concerns a broad range of concepts including trustworthy infrastructures, services, hardware, software and protocols. Topics of interest include, but are not limited to:
- Architecture and implementation technologies for trusted platforms and trustworthy infrastructures
- Mobile trusted computing
- Implementations of trusted computing (covering both hardware and software)
- Applications of trusted computing
- Trustworthy infrastructures and services for cloud computing
- Attestation and possible variants (e.g., property-based attestation, runtime attestation)
- Cryptographic aspects of trusted computing
- Security hardware, i.e., hardware with cryptographic and security functions, including physically unclonable functions (PUFs)
- Hardware Trojans (detection, prevention)
- Intrusion resilience in trusted computing
- Virtualisation for trusted platforms
- Security policy and management of trusted computing
- Access control for trusted platforms
- Privacy aspects of trusted computing
- Verification of trusted computing architectures
- End-user interactions with trusted platforms
- Limitations of trusted computing

For more information, please see http://www.trust2010.org/.

OWASP-AppSec-Research 2010 OWASP AppSec Research 2010, Stockholm, Sweden, June 21-24, 2010. [posted here 12/14/09]
OWASP AppSec Research focuses on web application security and invites both academia and industry. The conference features a full-paper research track published by Springer-Verlag (LNCS) as well as industry talks and demos. OWASP (the Open Web Application Security Project) is an open community dedicated to enabling organizations to develop, purchase, and maintain applications that can be trusted. We encourage the publication and presentation of new tools, new methods, empirical data, novel ideas, and lessons learned in the following areas:
- Web application security
- Security aspects of new/emerging web technologies/paradigms (mashups, web 2.0, offline support, etc)
- Security in web services, REST, and service oriented architectures
- Security in cloud-based services
- Security of frameworks (Struts, Spring, ASP.Net MVC etc)
- New security features in platforms or languages
- Next-generation browser security
- Security for the mobile web
- Secure application development (methods, processes etc)
- Threat modeling of applications
- Vulnerability analysis (code review, pentest, static analysis etc)
- Countermeasures for application vulnerabilities
- Metrics for application security
- Application security awareness and education

For more information, please see http://www.owasp.org/index.php/OWASP_AppSec_Research_2010_-_Stockholm,_Sweden.

ACNS 2010 8th International Conference on Applied Cryptography and Network Security, Beijing, China, June 22-25, 2010. [posted here 9/13/09]
Original papers on all aspects of applied cryptography and network security are solicited for submission to ACNS '10. Topics of relevance include but are not limited to:
- Applied cryptography and provably-secure cryptographic protocols
- Design and analysis of efficient cryptographic primitives: public-key and symmetric-key cryptosystems, block ciphers, and hash functions
- Network security protocols
- Techniques for anonymity; trade-offs between anonymity and utility
- Integrating security into the next-generation Internet: DNS security, routing, naming, denial-of-service attacks, TCP/IP, secure multicast
- Economic fraud on the Internet: phishing, pharming, spam, and click fraud
- Email and web security
- Public key infrastructure, key management, certification, and revocation
- Security and privacy for emerging technologies: sensor networks, mobile (ad hoc) networks, peer-to-peer networks, bluetooth, 802.11, RFID
- Trust metrics and robust trust inference in distributed systems
- Security and usability
- Intellectual property protection and digital rights management
- Modeling and protocol design for rational and malicious adversaries
- Automated analysis of protocols

For more information, please see http://www.tcgchina.org/acns2010/.

ICDCS-SPCC 2010 1st International Workshop on Security and Privacy in Cloud Computing, Held in conjunction with the IEEE International Conference on Distributed Computing Systems (ICDCS 2010), Genoa, Italy, June 25, 2010. [posted here 01/12/10]
Cloud computing has recently emerged as a new information technology infrastructure. In cloud computing, information is permanently stored in large data centers on the Internet and temporarily accessed and cached on clients that include desktops and portable PCs, sensors, etc. With the "cloud" as a metaphor for the Internet, cloud computing promises to deliver massively scalable IT-enabled data, software, and hardware capabilities as a service to external clients using Internet technologies. Cloud computing has been envisioned as the key technology to achieve economies of scale in the deployment and operation of IT solutions. Cloud computing has unique attributes that raise many security and privacy challenges in areas such as data security, recovery, and privacy, as well as legal issues in areas such as regulatory compliance and auditing. In contrast to traditional enterprise IT solutions, where the IT services are under proper physical, logical and personnel controls, cloud computing moves the application software and databases to the servers in large data centers on the Internet, where the management of the data and services are not fully trustworthy. When clients store their data on the server without themselves possessing a copy of it, how the integrity of the data can be ensured if the server is not fully trustworthy? Will encryption solve the data confidentiality problem of sensitive data? How will encryption affect dynamic data operations such as query, insertion, modification, and deletion? Data in the cloud is typically in a shared environment alongside data from other clients. How the data segregation should be done, while data are stored, executed, and transmitted? How the virtulized resources is being managed and secured in the cloud? Due to the fundamental paradigm shift in cloud computing, many security concerns have to be better understood, unanticipated vulnerabilities identified, and viable solutions to critical threats devised, before the wide deployment of cloud computing techniques can take place. Topics of interests include (but are not limited to) the following subject categories:
- Secure management of virtualized cloud resources
- Secure network architecture for cloud computing
- Joint security and privacy aware cloud protocol design
- Access control and key management
- Trust and policy management in clouds
- Identification and privacy in cloud
- Remote data integrity protection
- Secure computation outsourcing
- Dynamic data operation security
- Software and data segregation security
- Failure detection and prediction
- Secure data management within and across data centers
- Availability, recovery and auditing
- Secure wireless cloud

For more information, please see http://www.ece.iit.edu/~ubisec/workshop.htm.

SHPCS 2010 5th Workshop on Security and High Performance Computing Systems, Held in conjunction with the 6th International Wireless Communications and Mobile Computing Conference (IWCMC 2010), Caen, Normandy, France, June 28 - July 2, 2010. [posted here 12/28/09]
Providing high performance computing and security is a challenging task. Internet, operating systems and distributed environments currently suffer from poor security support and cannot resist common attacks. Adding security measures typically degrade performance. This workshop addresses relationships between security and high performance computing systems in three directions. First, it considers how to add security properties (authentication, confidentiality, integrity, non-repudiation, access control) to high performance computing systems. In this case, safety properties can also be addressed, such as availability and fault tolerance for high performance computing systems. Second, it covers how to use high performance computing systems to solve security problems. For instance, a grid computation can break an encryption code, or a cluster can support high performance intrusion detection. More generally, this topic addresses every efficient use of a high performance computing systems to improve security. Third, it investigates the tradeoffs between maintaining high performance and achieving security in computing systems and solutions to balance the two objectives. In all these directions, various performance analyses or monitoring techniques can be conducted to show the efficiency of a security infrastructure. The workshop seeks submissions from academia and industry presenting novel research on all theoretical and practical aspects of computer and network security, as well as case studies and implementation experiences. Papers should have practical relevance to the construction, evaluation, application, or operation of secure systems. The Workshop topics include (but are not limited to) the following:
- Access Control
- Accounting and Audit
- Anonymity
- Applied Cryptography
- Authentication
- Cloud Security
- Commercial and Industry Security
- Cryptographic Protocols
- Data and Application Security
- Data/System Integrity
- Database Security
- Digital Rights Management
- Formal Verification of Secure Systems
- Identity Management
- Inference/Controlled Disclosure
- Information Warfare
- Intellectual Property Protection
- Intrusion and Attack Detection
- Intrusion and Attack Response
- Key Management
- Privacy-Enhancing Technology
- Secure Networking
- Secure System Design
- Security Monitoring & Management
- Security for Mobile Code
- Security for Specific Domains (e.g., E-Government, E-Business, P2P)
- Security in IT Outsourcing
- Security in Mobile and Wireless Networks
- Security in Untrusted & Adversarial Environments and Systems
- Security in Operating Systems
- Security Location Services
- Security of Grid and Cluster Architectures
- Security Visualization
- Smartcards
- Trust Management Policies
- Trust Models
- Web Security
- Web Services Security

For more information, please see http://leibniz.diiga.univpm.it/~spalazzi/caen/.

TSP 2010 3rd IEEE International Symposium on Trust, Security and Privacy for Emerging Applications, Bradford, UK, June 29-July 1, 2010. [posted here 11/23/09]
Satisfying user requirements for trust, security and privacy in an efficient way is one of the first considerations for almost all emerging applications, using emerging technologies such as pervasive computing, peer to peer computing, grid computing, cloud computing, virtualization and, mobile and wireless technologies. Challenges arise as emerging applications evolve to provide more scalable and comprehensive services. One of the biggest challenges is that traditional security technologies and measures may not meet user requirements in open, dynamic, heterogeneous, and distributed computing environments. Therefore, we need to build networks and systems in which emerging applications allow users to enjoy more scalable and comprehensive services while preserving trust, security and privacy at the same time. TSP-10 aims at bringing together researchers and practitioners in the world working on trust, security, privacy, and related issues such as technical, social, and cultural implications for all emerging devices, services, applications, networks, and systems, and providing a forum for them to present and discuss emerging ideas and trends in this highly challenging research area.

For more information, please see http://trust.csu.edu.cn/conference/tsp2010/Call_for_Papers.htm.

DIMVA 2010 7th Conference on Detection of Intrusions and Malware & Vulnerability Assessment, Bonn, Germany, July 8-9, 2010. [posted here 11/30/09]
The annual DIMVA conference serves as a premier forum for advancing the state of the art in intrusion detection, malware detection, and vulnerability assessment. DIMVA’s scope includes, but is not restricted to the following areas:
Intrusion Detection
- Novel approaches & new environments
- Insider detection
- Prevention and response
- Data leakage
- Result correlation & cooperation
- Evasion attacks
- Potentials & limitations
- Operational experiences
- Privacy, legal & social aspects
Malware
- Automated analysis, reversing & execution tracing
- Containment & sandboxed operation
- Acquisition of specimen
- Infiltration
- Behavioral models
- Prevention & containment
- Trends & upcoming risks
- Forensics & recovery
- Economic aspects
Vulnerability Assessment
- Vulnerability detection & analysis
- Vulnerability prevention
- Web application security
- Fuzzing techniques
- Classification & evaluation
- Situational awareness

For more information, please see http://www.dimva.org/dimva2010.

SOUPS 2010 Symposium On Usable Privacy and Security, Redmond, WA, USA, July 14-16, 2010. [posted here 10/12/09]
The 2010 Symposium on Usable Privacy and Security (SOUPS) will bring together an interdisciplinary group of researchers and practitioners in human computer interaction, security, and privacy. We invite authors to submit original papers describing research or experience in all areas of usable privacy and security. Topics include, but are not limited to:
- innovative security or privacy functionality and design
- new applications of existing models or technology
- field studies of security or privacy technology
- usability evaluations of new or existing security or privacy features
- security testing of new or existing usability features
- longitudinal studies of deployed security or privacy features
- the impact of organizational policy or procurement decisions
- lessons learned from the deployment and use of usable privacy and security features

For more information, please see http://cups.cs.cmu.edu/SOUPS/.

POLICY 2010 IEEE International Symposium on Policies for Distributed Systems and Networks, Fairfax, Virginia, USA, July 21-23, 2010. [posted here 01/11/10]
The symposium brings together researchers and practitioners working on policy-based systems across a range of application areas including policy-based networking, privacy and security management, storage area networking, and enterprise systems. POLICY 2010 has grown out of a highly successful series of workshops and this is recognized by the elevation of the event to an IEEE symposium. POLICY 2010 invites novel contributions on all aspects of policy-based management. Topics of interest include (but are not limited to):
- Privacy and Security
- Policy Models and Languages
- Policy Applications

For more information, please see http://www.ieee-policy.org.

SECRYPT 2010 5th International Conference on Security and Cryptography, Athens, Greece, July 26-28, 2010. [posted here 01/12/10]
SECRYPT is an annual international conference covering research in information and communication security. The 5th International Conference on Security and Cryptography will be held in Athens, Greece. The conference seeks submissions from academia, industry, and government presenting novel research on all theoretical and practical aspects of data protection, privacy, applications security, and cryptography. Papers describing the application of security technology, the implementation of systems, and lessons learned are also encouraged. Areas of interest include, but are not limited to:
- Data and Application Security and Privacy
- Access Control and Intrusion Detection
- Network Security and Protocols
- Cryptographic Techniques and Key Management
- Information Assurance
- Security in Information Systems and Software Engineering

For more information, please see http://www.secrypt.icete.org.

USENIX-Security 2010 19th USENIX Security Symposium, Washington, DC, USA, August 11–13, 2010. [posted here 12/7/09]
The USENIX Security Symposium brings together researchers, practitioners, system administrators, system programmers, and others interested in the latest advances in the security of computer systems and networks. All researchers are encouraged to submit papers covering novel and scientifically significant practical works in security or applied cryptography.

For more information, please see http://www.usenix.org/events/sec10/cfp/.

MMM-ACNS 2010 5th International Conference on Mathematical Methods, Models, and Architectures for Computer Networks Security, St. Petersburg, Russia, September 6-9, 2010. [posted here 01/12/10]
MMM-ACNS-2010 aims at bringing together leading researchers from academia and governmental organizations as well as practitioners to advance the states of the art and practice in the area of computer networks and information security with a focus on novel theoretical aspects of computer network security, facilitate personal interactions and discussions on various aspects of information technologies in conjunction with computer network and information security problems arising in large-scale computer networks. MMM-ACNS-2010’s scope includes, but is not restricted to the following areas:
- Adaptive security
- Anti-malware techniques: detection, analysis, prevention
- Anti-phishing, anti-spam, anti-fraud, anti-botnet techniques
- Authentication, Authorization and Access Control
- Computer and network forensics
- Covert channels
- Critical infrastructure protection
- Data and application security
- Data mining, machine learning, and bio-inspired approaches for security
- Deception systems and honeypots
- Denial-of-service attacks and countermeasures
- Digital Rights Management
- eCommerce, eBusiness and eGovernment security
- Formal analysis of security properties
- Information warfare
- Internet and web security
- Intrusion prevention, detection, and response
- Language-based security
- Network survivability
- New ideas and paradigms for security
- Operating system security
- Security and privacy in pervasive and ubiquitous computing
- Security event processing and predictive security monitoring
- Security for cloud computing
- Security for large-scale systems and critical infrastructures
- Security of emerging technologies: sensor, wireless/mobile, peer-to-peer and overlay networks
- Security of autonomous agents and multi-agent systems
- Security modeling and simulation
- Security policies
- Security protocols
- Security verification
- Self-protecting and healing
- Software protection
- Trusted computing
- Trust and reputation management
- Vulnerability assessment, risk analysis and risk management

For more information, please see http://comsec.spb.ru/mmm-acns10/.

IFIP-TC9-HCC9 2010 IFIP TC-9 HCC-9 Stream on Privacy and Surveillance, Held in conjunction with the IFIP World Computer Congress 2010, Brisbane, Australia, September 20-23, 2010. [posted here 12/28/09]
New technical and legal developments pose greater and greater privacy dilemmas. Governments have in the recent years increasingly established and legalised surveillance schemes in form of data retention, communication interception or CCTVs for the reason of fighting terrorism or serious crimes. Surveillance Monitoring of individuals is also a threat in the private sector: Private organisations are for instance increasingly using profiling and data mining techniques for targeted marketing, analysing customer buying predictions or social sorting. Work place monitoring practices allow surveillance of employees. Emerging pervasive computing technologies, where individuals are usually unaware of a constant data collection and processing in their surroundings, will even heighten the problem that individuals are effectively losing control over their personal spheres. At a global scale, Google Earth and other corporate virtual globes may have dramatic consequences for the tracking and sorting of individuals. With CCTV, the controlling power of surveillance is in few hands. With live, high resolution imagery feeds from space in the near future, massive surveillance may soon be available to everybody, a development whose consequences we do not yet grasp. New means of surveillance are also enabled by social networks, in which individuals are publishing many intimate personal details about themselves and others. Such social networks are today already frequently analysed by employers, marketing industry, law enforcement or social engineering. The aim of this conference stream is to discuss and analyse such privacy risks of surveillance for humans and society as well as countermeasures for protecting the individuals’ rights to informational self-determination from multi-disciplinary perspectives. We are therefore especially inviting the submissions of papers addressing privacy aspects in relation to topics such as (but not limited to):
- Surveillance technologies
- Corporate virtual globes (Google Earth and Microsoft Virtual Earth)
- Profiling & data mining
- Ambient Intelligence, RFID
- GPS, Location-Based Services
- Social Network Analysis
- ID cards
- Biometrics
- Data sharing
- Visual surveillance
- Workplace monitoring
- Communication interception
- Data retention
- Anonymity & Pseudonymity
- Privacy-enhancing technologies
- Privacy-enhancing Identity Management

For more information, please see http://www.wcc2010.org/migrated/HCC92010/HCC92010_cfp.html.