Cipher Upcoming Conferences
Cipher
Calls for Papers



IEEE Computer Society's Technical Committee on Security and Privacy


 


Calls for Papers

Last Modified:03/20/17

Upcoming Conferences and Workshops

Note: The submission date has passed.

March 2017

DFRWS-EU 2017 DFRWS digital forensics EU conference, Lake Constance, Germany, March 21-23, 2017. [posted here 7/25/16]
This year two premier research conferences in Europe, the DFRWS digital forensics conference (DFRWS EU 2017) and the International Conference on IT Security Incident Management & IT Forensics (IMF 2017) are brought together. Established in 2001, DFRWS has become the premier digital forensics conference, dedicated to solving real world challenges, and pushing the envelope of what is currently possible in digital forensics. Since 2003, IMF has established itself as one of the premier venues for presenting research on IT security incident response and management and IT forensics. While the first IMF conference was organized to establish a research forum for German speaking researchers and practitioners from the field, it soon became an International conference attracting many experts across Europe. IMF 2017, being the 10th Conference, is also an important mile stone in bringing the two worlds of IT security incident response and management and forensics together. Both DFRWS and IMF organise informal collaborative environments each year that bring together leading researchers, practitioners, industry, tool developers, academics, law enforcement, and other government bodies from around the globe to tackle current and emerging challenges in their fields. The co-hosting of the two events will help generate new discussions and ideas by bringing together two strong research communities: DFRWS’s community encompassing a broad range of topics in digital forensics, and IMF’s community focusing on IT security incident response and management.

For more information, please see http://www.dfrws.org/conferences/dfrws-eu-2017.

CODASPY 2017 7th ACM Conference on Data and Application Security and Privacy Scottsdale, Arizona, USA, March 22-24 2017. [posted here 9/5/16]
Data and applications security and privacy has rapidly expanded as a research field with many important challenges to be addressed. The goal ofthe ACM Conference on Data and Applications Security (CODASPY) is to discuss novel, exciting research topics in data and application security and privacy, and to lay out directions for further research and development in this area. The conference seeks submissions from diverse communities, including corporate and academic researchers, open-source projects, standardization bodies, governments, system and security administrators, software engineers and application domain experts. Topics of interest include, but are not limited to:
- Application-layer security policies
- Access control for applications
- Access control for databases
- Data-dissemination controls
- Data forensics
- Enforcement-layer security policies
- Privacy-preserving techniques
- Private information retrieval
- Search on protected/encrypted data
- Secure auditing
- Secure collaboration
- Secure data provenance
- Secure electronic commerce
- Secure information sharing
- Secure knowledge management
- Secure multiparty computation
- Secure software development
- Securing data/apps on untrusted platforms
- Securing the semantic web
- Security and privacy in GIS/spatial data
- Security and privacy in healthcare
- Security and privacy in the Internet of Things
- Security policies for databases
- Social computing security and privacy
- Social networking security and privacy
- Trust metrics for applications, data, and users
- Usable security and privacy
- Web application security

For more information, please see http://www.codaspy.org/.

IWSPA 2017 3rd ACM International Workshop on Security and Privacy Analytics, Co-located with ACM CODASPY 2017, Scottsdale, Arizona, USA, March 24, 2017. [posted here 10/17/16]
Increasingly, sophisticated techniques from machine learning, data mining, statistics and natural language processing are being applied to challenges in security and privacy fields. However, experts from these areas have no medium where they can meet and exchange ideas so that strong collaborations can emerge, and cross-fertilization of these areas can occur. Moreover, current courses and curricula in security do not sufficiently emphasize background in these areas and students in security and privacy are not emerging with deep knowledge of these topics. Hence, we propose a workshop that will address the research and development efforts in which analytical techniques from machine learning, data mining, natural language processing and statistics are applied to solve security and privacy challenges (“security analytics”). Submissions of papers related to methodology, design, techniques and new directions for security and privacy that make significant use of machine learning, data mining, statistics or natural language processing are welcome. Furthermore, submissions on educational topics and systems in the field of security analytics are also highly encouraged.

For more information, please see http://capex.cs.uh.edu/?q=content/international-workshop-security-and-privacy-analytics-2017.

INTRICATE-SEC 2017 5th International Workshop on Security Intricacies in Cyber-Physical Systems and Services, Taipei, Taiwan, March 27-29, 2017. [posted here 5/16/16]
Cyber-physical systems (CPS) are ubiquitous in critical infrastructures such as electrical power generation, transmission, and distribution networks, water management, and transportation, but also in both industrial and home automation. For flexibility, convenience, and efficiency, CPS are increasingly supported by commodity hardware and software components that are deliberately interconnected using open standard general purpose information and communication technology (ICT). The long life-cycles of CPS and increasingly incremental changes to these systems require novel approaches to the composition and inter-operability of services provided. The paradigm of service-oriented architectures (SoA) has successfully been used in similar long-lived and heterogeneous software systems. However, adapting the SoA paradigm to the CPS domain requires maintaining the security, reliability and privacy properties not only of the individual components but also, for complex interactions and service orchestrations that may not even exist during the initial design and deployment of an architecture. An important consideration therefore is the design and analysis of security mechanisms and architectures able to handle cross domain inter-operability over multiple domains involving components with highly heterogeneous capabilities. The INTRICATE-SEC workshop aims to provide a platform for academics, industry, and government professionals to communicate and exchange ideas on provisioning secure CPS and Services.

For more information, please see https://goo.gl/562zhD.

April 2017

CPSS 2017 3rd ACM Cyber-Physical System Security Workshop, Abu Dhabi, UAE, April 2, 2017. [posted here 10/10/16]
Cyber-Physical Systems (CPS) consist of large?scale interconnected systems of heterogeneous components interacting with their physical environments. There are a multitude of CPS devices and applications being deployed to serve critical functions in our lives. The security of CPS becomes extremely important. This workshop will provide a platform for professionals from academia, government, and industry to discuss how to address the increasing security challenges facing CPS. Besides invited talks, we also seek novel submissions describing theoretical and practical security solutions to CPS. Papers that are pertinent to the security of embedded systems, SCADA, smart grid, and critical infrastructure networks are all welcome, especially in the domains of energy and transportation. Topics of interest include, but are not limited to:
- Authentication and access control for CPS
- Autonomous vehicle security
- Availability, recovery and auditing for CPS
- Data security and privacy for CPS
- Embedded systems security
- EV charging system security
- Industrial control system security
- Intrusion detection for CPS
- IoT security
- Key management in CPS
- Legacy CPS system protection
- Lightweight crypto and security
- Risk assessment for CPS
- SCADA security
- Security architectures for CPS
- Smart grid security
- Threat modeling for CPS
- Urban transportation system security
- Vulnerability analysis for CPS
- Wireless sensor network security

For more information, please see http://icsd.i2r.a-star.edu.sg/cpss17/.

IoTPTS 2017 3rd International Workshop on IoT Privacy, Trust, and Security, Held in conjunction with the 12th ACM Symposium on Information, Computer and Communications Security (ASIACCS 2017), Abu Dhabi, UAE, April 2, 2017. [posted here 11/21/16]
The Internet of Things (IoT) is the next great technology frontier. At a basic level, IoT refers simply to networked devices, but the IoT vision is a complex ecosystem that ranges from cloud backend services and big-data analytics to home, public, industrial, and wearable sensor devices and appliances. Architectures for these systems are in the formative stages, and now is the time to ensure privacy, trust, and security are designed into these systems from the beginning. We encourage submissions on all aspects of IoT privacy, trust, and security. Topics of interest include (but are not limited) to the following areas:
- Privacy and IoT data
- Privacy attacks for IoT
- Trust management and device discoverability for IoT
- Usability of privacy and security systems in IoT
- User risk perceptions and modeling for IoT
- Policy Management and enforcement for IoT
- Authentication and access control for users for IoT
- Cryptography for IoT
- Attack detection and remediation for IoT
- Security architectures for IoT systems and applications

For more information, please see https://sites.google.com/site/iotpts2017/.

SCC 2017 5th International Workshop on Security in Cloud Computing, Held in conjunction with the 12th ACM Symposium on Information, Computer and Communications Security (ASIACCS 2017), Abu Dhabi, UAE, April 2, 2017. [posted here 12/5/16]
Cloud computing has emerged as today's most exciting computing paradigm shift in information technology. With the efficient sharing of abundant computing resources in the cloud, users can economically enjoy the on-demand high quality cloud applications and services without committing large capital outlays locally. While the cloud benefits are compelling, its unique attributes also raise many security and privacy challenges in areas such as data security, recovery, privacy, access control, trusted computing, as well as legal issues in areas such as regulatory compliance, auditing, and many others. To implement secure and privacy-aware environments which can provide on-demand computing and high-quality service for cloud users is extremely urgent. This workshop is intended to bring together researchers, developers, and practitioners in security, privacy and mobile computing communities. We encourage submissions on all theoretical and practical aspects, as well as experimental studies of deployed systems. Topics of interests include (but are not limited to) the following subject categories:
- Secure cloud architecture
- Cloud Cryptography
- Cloud access control and key management
- Identification and privacy in cloud
- Integrity assurance for data outsourcing
- Integrity and verifiable computation
- Computation over encrypted data
- Software and data segregation security
- Secure management of virtualized resources
- Trusted computing technology
- Joint security and privacy aware protocol design
- Failure detection and prediction
- Secure data management within and across data centers
- Availability, recovery and auditing
- Secure computation outsourcing
- Secure mobile cloud

For more information, please see https://conference.cs.cityu.edu.hk/asiaccsscc/.

ASIACCS 2017 ACM Symposium on Information, Computer and Communications Security, Abu Dhabi, United Arab Emirates, April 2-6, 2017. [posted here 8/22/16]
Building on the success of ACM Conference on Computer and Communications Security (CCS), the ACM Special Interest Group on Security, Audit, and Control (SIGSAC) formally established the annual ACM Asia Conference on Computer and Communications Security (ASIACCS). Topics of interest include but are not limited to:
- Access control
- Accounting and audit
- Applied cryptography
- Authentication
- Big data security and privacy
- Biometrics
- Blockchain and alternatives
- Cloud computing security
- Computer forensics
- Cyber-physical security
- Data and application security
- Embedded systems security
- Formal methods for security
- Hardware-based security & applications
- IoT security & privacy
- Key management
- Malware and botnets
- Mobile computing security
- Network security
- Operating system security
- Practical post-quantum security
- Privacy-enhancing technology
- Runtime attacks and defenses
- Secure computation
- Security architectures
- Security of critical infrastructures
- Security metrics
- Software security
- Threat modeling
- Trusted computing
- Usable security and privacy
- Web security
- Wireless security and privacy

For more information, please see http://asiaccs2017.com/.

WWW 2017 WWW Security and Privacy Track, Perth, Australia, April 3-7, 2017. [posted here 9/5/16]
The Security and Privacy track at the International World Wide Web Conference offers researchers working on security, privacy, trust, and abuse of trust to present their work to the broad community of researchers, with myriad backgrounds and interests, who will be attending the 2017 World Wide Web Conference. Relevant topics include:
- Human and usability factors in Web security & privacy
- Measurement of online crime/underground economics
- Tracking, profiling, and countermeasures against them
- Measurement, analysis, and circumvention of Web censorship
- Browser security
- Authentication and authorization for Web-based services
- Social network security and privacy
- Security and privacy of web protocols
- Abusive content such as online harassments, spam, and fake reviews
- Privacy-enhancing technologies for the Web
- Legal, ethical, policy issues of Web security and privacy
- Security for Web services (e.g., blogs, Web feed, wikis, social networks)
- Applications of cryptography to the web
- Security in Web-based electronic commerce (e-cash, auctions, etc.)
- Security and privacy for intelligent assistants

For more information, please see http://www.www2017.com.au/call-for-papers/security-and-privacy.php.

WoC 2017 3rd IEEE International Workshop on Container Technologies and Container Clouds, Held in conjunction with IEEE International Conference on Cloud Engineering (IC2E 2017), Vancouver, Canada, April 4-7, 2017. [posted here 10/31/16]
Containers are a lightweight OS-level virtualization abstraction primarily based on namespace isolation and control groups. In the recent years, container-based virtualization for applications has gained immense popularity thanks to the success of technologies like Docker. Container packaging mechanisms like Docker, LXD and Rkt, as well as management frameworks like Kubernetes, Mesos, etc., are witnessing widespread adoption in the industry today. Container technologies have eliminated the feature parity between development and production environment by enabling developers to package applications and their dependencies as a single unit that can be run across diverse operating environments. Though containers provide a great amount of flexibility and portability from a developer's perspective, there are several important challenges that need to be addressed by the infrastructure provider, in order to run these virtualized applications in a cloud environment. The second workshop on container technologies and container clouds solicits contributions in this area from researchers and practitioners in both the academia and industry. The workshop welcomes submissions describing unpublished research, position papers as well as deployment experiences on various topics related to containers as outlined below:
- Security, isolation and performance of containers
- Network architectures for multi-host container deployments
- Orchestration models for cloud scale deployments
- High availability systems for containerized workloads
- Leveraging hardware support for containers and containerized workloads
- Migrating and optimizing traditional workloads for containers
- Operational issues surrounding management of large clusters of containers
- Container use cases and challenges for HPC, Big Data and IoT applications
- Other topics relevant to containers

For more information, please see http://researcher.watson.ibm.com/researcher/view_group.php?id=7476.

WAHC 2017 5th Workshop on Encrypted Computing and Applied Homomorphic Cryptography, Held in conjunction with Financial Cryptography & Data Security (FC 2017, Sliema, Malta, April 7, 2017. [posted here 12/5/16]
Secure computation is becoming a key feature of future information systems. Distributed network applications and cloud architectures are at danger because lots of personal consumer data is aggregated in all kinds of formats and for various purposes. Industry and consumer electronics companies are facing massive threats like theft of intellectual property and industrial espionage. Public infrastructure has to be secured against  sabotage and manipulation. A possible solution is encrypted computing: Data can be processed on remote, possibly insecure resources, while program code and data is encrypted all the time. This allows to outsource the computation of confidential information independently from the trustworthiness or the security level of the remote system. The technologies and techniques discussed in this workshop are a key to extend the range of applications that can be securely outsourced. The goal of the workshop is to bring together researchers with practitioners and industry to present, discuss and to share the latest progress in the field. We want to exchange ideas that address real-world problems with practical approaches and solutions.

For more information, please see https://www.dcsec.uni-hannover.de/wahc17.html.

HotSpot 2017 5th Workshop on Hot Issues in Security Principles and Trust, Affiliated with ETAPS 2017, Uppsala, Sweden, April 23, 2017. [posted here 12/5/16]
This workshop is intended to be a less formal counterpart to the Principles of Security and Trust (POST) conference at ETAPS with an emphasis on “hot topics”, both of security and of its theoretical foundations and analysis. Submissions about new and emerging topics (for example, those that have not appeared prominently in conferences and workshops until now) are particularly encouraged. Submissions of preliminary, tentative work are also encouraged. This workshop is organized by IFIP WG 1.7: Theoretical Foundations of Security Analysis and Design.

For more information, please see https://infsec.uni-trier.de/events/hotspot2017.

WICSPIT 2017 Workshop on Innovative CyberSecurity and Privacy for Internet of Things: Strategies, Technologies, and Implementations, Held in conjunction with the International Conference on Internet of Things, Big Data and Security (IoTBDS 2017), Porto, Portugal, April 24 - 26, 2017. [posted here 1/23/17]
Cyber-attackers are steadily getting more creative and ambitious in their exploits and causing real-world damage (e.g., the German steel mill hack in 2014, the Ukrainian Power Grid hack in 2015). Proprietary and personally identifiable information are vulnerable to leakage as well (e.g., the Sony hack in 2014, the US Office of Personnel Management in 2014). The Internet of Things (IoT), a platform which allows everything to process information, communicate data, and analyze context opens up new vulnerabilities for both security and privacy. Smart buildings and smart cities, for example, will collect and process data for millions of individuals. Industrial systems, which were never intended to be linked via common protocols, are recognized as suddenly being open to security threats that can limit service availability and possibly cause considerable damage. Autonomous systems allowed to operate with minimal oversight are ripe targets for cyber-attacks. Data stored and processed in confidence in the cloud may be subject to exfiltration, leading to public embarrassment or the exposure of proprietary information. As cyber-events increase in number and severity, security engineers must incorporate innovative cybersecurity strategies and technologies to safeguard their systems and confidential information. A strategy to address a cybersecurity vulnerability, once identified, must understand the nature of the vulnerability and how to mitigate it. The “security tax” or “privacy tax” (system and service degradation) caused by the implementation of the mitigating security technologies may be so great that the end user bypasses the technologies and processes meant to ensure the system’s security and privacy. A practical reality of the adoption of IoT is that it will require integration of new technologies with existing systems and infrastructure, which will continue to expose new security and privacy vulnerabilities; re-engineering may be required. The human element of IoT, the user, must be considered, and how the user and the IoT system interact to optimize system security and user privacy must be defined. Cyber-attackers and cyber victims are often in different countries, the transnational nature of many cyber-events necessitate the consideration of public policy and legal concerns as well. This workshop aims to showcase new and emerging strategies and technologies for forecasting, mitigating, countering, and attributing cyber-events that threaten security and privacy within the realm of IoT. The institutional benefits of IoT adoption are clear, however security and privacy concerns are constantly coming to light. As organizations—both public and private, large and small—adopt new IoT technologies, we hope that this workshop can serve as an opening conversation between government, industry, and academia for the purpose of addressing those concerns.

For more information, please see http://iotbds.org/WICSPIT.aspx.

IEEE EuroSP 2017 2nd IEEE European Symposium on Security and Privacy, Paris, France, April 26-28, 2017. [posted here 7/4/16]
The IEEE European Symposium on Security and Privacy (EuroS&P) is the European sister conference of the established IEEE S&P symposium. It is a premier forum for computer security research, presenting the latest developments and bringing together researchers and practitioners. We solicit previously unpublished papers offering novel research contributions in any aspect of security or privacy. Papers may present advances in the theory, design, implementation, analysis, verification, or empirical evaluation and measurement of secure systems. Papers that shed new light on past results by means of sound of theory or thorough experimentation are also welcome. Topics of interest include:
- Access control
- Accountability
- Anonymity
- Application security
- Cryptography with applied relevance to security and privacy
- Attacks and defenses
- Authentication
- Censorship and censorship-resistance
- Cloud security
- Distributed systems security
- Embedded systems security
- Forensics
- Formal methods for security
- Hardware security
- Human aspects of security and privacy
- Intrusion detection
- Malware
- Metrics
- Mobile security and privacy
- Language-based security
- Network security
- Privacy-preserving systems
- Protocol security
- Secure information flow
- Security and privacy policies
- Security architectures
- System security
- Web security and privacy

For more information, please see http://www.ieee-security.org/TC/EuroSP2017/cfp.php.

S&B 2017 IEEE Security and Privacy on the Blockchain, Held in conjunction with the IEEE EuroS&P and EuroCrypt 2017 Conferences, Paris, France, April 29, 2017. [posted here 11/28/16]
The Security and Privacy on the Blockchain Workshop is the first IEEE forum for research on the security and privacy properties of blockchains as a solution for transactional systems, co-located with EuroCrypt and EuroS&P. We solicit previously unpublished papers offering novel contributions in both Bitcoin and wider blockchain research. Papers may present advances in the theory, design, implementation, analysis, verification, or empirical evaluation and measurement of existing systems. Papers that shed new light on past or informally known results by means of sound formal theory or thorough empirical analysis are welcome. Topics of Interest include:
- Novel attacks on blockchain technologies
- Improvements to core blockchain cryptographic primitives
- Compact ring signatures
- Compact range proofs
- Privacy-Preserving Signature Aggregation
- (De) anonymization of blockchain records
- Improvements of SNARKs for blockchain technologies
- Formal verification of smart contracts
- The security of SPV models
- Game theoretic analysis of proof-of-work
- Relevant Systematization of Knowledge papers
- Security and privacy trade-offs related to scalability and decentralization

For more information, please see http://prosecco.gforge.inria.fr/ieee-blockchain2016.

SEMS 2017 IEEE Workshop on Security for Embedded and Mobile Systems, Held in conjunction with IEEE Euro S&P 2017 and EUROCRYPT 2017, Paris, France, April 30, 2017. [posted here 12/5/16]
Embedded and mobile devices that provide security and crypto functionalities and manage private and confidential data are omnipresent in our daily lives. Examples of such devices range from smart cards and RFID tags, to mobile phones, tablets, and IoT devices. Ensuring the security and privacy of these devices is a challenging problem, as witnessed by recent breaking of crypto and security systems used in mobile phones, car keys, and RFID-enabled cards. Typical threats to extract the keys include side-channel and fault analysis. Additionally, the vulnerabilities of the devices imply also privacy concerns. The operating systems supporting some of those devices, particularly mobile phones and tablets, but also IoT ones, have become very complex. Various sorts of malware present a constant threat for users. Although measures like application sandboxing take place, they also open the court for new attacks by constantly collecting and organizing sensitive information about the user. We especially encourage novel ideas exploiting architecture-specific or novel "out of the box" attacks combining ideas from different communities, e.g., malware detection or privacy violation using side-channels. The workshop seeks submissions from academia and industry presenting novel research results on the following topics of interest:
- Security architectures for embedded and mobile systems
- Physical (side-channel and fault) attacks on embedded and mobile systems
- Hardware security of mobile devices
- (mobile) Malware detection and prevention
- Machine learning applications to highlight possible threats to user privacy
- Privacy-preserving issues for mobile devices
- Secure localization and location privacy for mobile devices
- Security and privacy in the Internet of Things
- Secure execution environments (e.g., TrustZone, TPMs) on mobile devices
- Sensor spoofing attacks

For more information, please see http://sems2017.cs.ru.nl/index.shtml.

May 2017

HOST 2017 IEEE International Symposium on Hardware Oriented Security and Trust, McLean, VA, USA, May 1-5, 2017. [posted here 8/15/16]
IEEE International Symposium on Hardware Oriented Security and Trust (HOST) aims to facilitate the rapid growth of hardware-based security research and development. HOST highlights new results in the area of hardware and system security. Relevant research topics include techniques, tools, design/test methods, architectures, circuits, and applications of secure hardware. HOST 2017 invites original contributions related to, but not limited by, the following topics:
- Hardware Trojan attacks and detection techniques
- Hardware techniques to facilitate software and/or system security
- Hardware-based security primitives (PUFs, RNGs)
- System-on-chip (SoC) security
- Side-channel attacks and protection
- Security, privacy, and trust protocols
- Metrics, policies, and standards related to hardware security
- Hardware IP trust (watermarking, metering, trust verification)
- Trusted manufacturing including split manufacturing and 3D ICs
- Security analysis and protection of Internet of Things (IoT)
- Secure and efficient implementation of crypto algorithms
- Reverse engineering and hardware obfuscation
- Supply chain risks mitigation (e.g., counterfeit detection & avoidance)
- Hardware tampering attacks and protection
- Applications of hardware security to secure system development

For more information, please see http://www.hostsymposium.org.

WACC 2017 International Workshop on Assured Cloud Computing and QoS aware Big Data, Held in conjunction with 17th IEEE/ACM International Symposium on Cluster, Cloud and Grid Computing (CCGRID 2017), Madrid, Spain, May 14-17, 2017. [posted here 11/14/16]
WACC draws together researchers, practitioners, and thought leaders from government, industry, and academia. The workshop provides a forum of dialogue centered upon the development and advancement of an effort to design, implement, and evaluate dependable cloud architectures that can provide assurances with respect to security, reliability, and timeliness of computations (or services). Some new “assured” target applications include, but are not limited to, dependable Big Data applications and streaming, data analytics and its tools, real-time computations for monitoring, control of cyber-physical systems such as power systems, and mission critical computations for rescue and recovery. The technical emphasis of WACC is design, implementation, and evaluation of cloud services, data analytics tools, and security solutions to enable dependable Big Data applications. Research on cloud services, ICT-skilled data scientists and application developers can find complementary solutions and partnerships to evaluate and integrate additional solutions. Data scientists can find new tools that could address existing needs.

For more information, please see http://www.eubra-bigsea.eu/WACC_2017.

SP 2017 38th IEEE Symposium on Security and Privacy, San Jose, CA, USA, May 22-24, 2017. [posted here 9/5/16]
Since 1980 in Oakland, the IEEE Symposium on Security and Privacy has been the premier forum for computer security research, presenting the latest developments and bringing together researchers and practitioners. We solicit previously unpublished papers offering novel research contributions in any aspect of security or privacy. Papers may present advances in the theory, design, implementation, analysis, verification, or empirical evaluation and measurement of secure systems. Topics of interest include:
- Access control and authorization
- Accountability
- Anonymity
- Application security
- Attacks and defenses
- Authentication
- Censorship resistance
- Cloud security
- Distributed systems security
- Economics of security and privacy
- Embedded systems security
- Forensics
- Hardware security
- Intrusion detection and prevention
- Malware and unwanted software
- Mobile and Web security and privacy
- Language-based security
- Network and systems security
- Privacy technologies and mechanisms
- Protocol security
- Secure information flow
- Security and privacy for the Internet of Things
- Security and privacy metrics
- Security and privacy policies
- Security architectures
- Usable security and privacy

This topic list is not meant to be exhaustive; S&P is interested in all aspects of computer security and privacy. Papers without a clear application to security or privacy, however, will be considered out of scope and may be rejected without full review.

Systematization of Knowledge Papers: As in past years, we solicit systematization of knowledge (SoK) papers that evaluate, systematize, and contextualize existing knowledge, as such papers can provide a high value to our community. Suitable papers are those that provide an important new viewpoint on an established, major research area, support or challenge long-held beliefs in such an area with compelling evidence, or present a convincing, comprehensive new taxonomy of such an area. Survey papers without such insights are not appropriate. Submissions will be distinguished by the prefix “SoK:” in the title and a checkbox on the submission form. They will be reviewed by the full PC and held to the same standards as traditional research papers, but they will be accepted based on their treatment of existing work and value to the community, and not based on any new research results they may contain. Accepted papers will be presented at the symposium and included in the proceedings.

For more information, please see http://www.ieee-security.org/TC/SP2017/.

SPW-Workshop 2016 SPW 2017 Security and Privacy Workshops, Held in conjunction with the 38th IEEE Symposium on Security and Privacy (SP 2017), San Jose, CA, USA, May 25, 2017. [posted here 08/22/16]
Since 1980, the IEEE Symposium on Security and Privacy (SP) has been the premier forum for the presentation of developments in computer security and electronic privacy, and for bringing together researchers and practitioners in the field. To expand opportunities for scientific exchanges, the IEEE CS Technical Committee on Security and Privacy created the Security and Privacy Workshops (SPW). The typical purpose of such a workshop is to cover a specific aspect of security and privacy in more detail, making it easy for the participants to attend IEEE SP and a specialized workshop at SPW with just one trip. Furthermore, the co-location offers synergies for the organizers. The number of workshops and attendees has grown steadily during recent years. Workshops can be annual events, one time events, or aperiodic. The Security and Privacy Workshops in 2017 will be held on Thursday, May 25. All workshops will occur on that day. Up to six workshops will be hosted by SPW.

For more information, please see http://www.ieee-security.org/TC/SP2017/cfworkshops.html.

MOST 2017 Mobile Security Technologies Workshop, Co-located with the 38th IEEE Symposium on Security and Privacy (IEEE S&P 2017), San Jose, CA, USA, May 25, 2017. [posted here 12/5/16]
The ACM TURC 2017 (Security and Privacy Track) conference is a new leading international forum for academia, government, and industry to present novel research results in all practical and theoretical aspects of computer and communications security. Papers should be related to the construction, evaluation, application, or operation of secure systems. All topic areas related to computer and communications security are of interest and in scope. The ACM TURC 2017 (Security and Privacy Track) is technically supported by ACM SIGSAC in China (Pending Approval). Topics of interest include but are not limited to the following:
- Access control
- Accounting and audit
- Applied cryptography
- Authentication
- Big data security and privacy
- Biometrics
- Blockchain and alternatives
- Cloud computing security
- Computer forensics
- Cyber-physical security
- Data and application security
- Embedded systems security
- Formal methods for security
- Hardware-based security and applications
- IoT security and privacy
- Key management
- Malware and botnets
- Mobile computing security
- Network security
- Operating system security
- Practical post-quantum security
- Privacy-enhancing technology
- Runtime attacks and defenses
- Secure computation
- Security architectures
- Security of critical infrastructures
- Security metrics
- Software security
- Trusted computing
- Usable security and privacy
- Web security
- Wireless security and privacy

For more information, please see http://ieee-security.org/TC/SPW2017/MoST/.

BioSTAR 2017 International Workshop on Bio-inspired Security, Trust, Assurance and Resilience, Co-located with the 38th IEEE Symposium on Security and Privacy (IEEE S&P 2017), San Jose, CA, USA, May 25, 2017. [posted here 10/24/16]
As computing and communication systems continue to expand and offer new services, these advancements require more dynamic, diverse, and interconnected computing infrastructures. Unfortunately, defending and maintaining resilient and trustworthy operation of these complex systems are increasingly difficult challenges. Conventional approaches to Security, Trust, Assurance and Resilience (STAR for short) are often too narrowly focused and cannot easily scale to manage large, coordinated and persistent attacks in these environments. Designs found in nature are increasingly used as a source of inspiration for STAR and related networking and intelligence solutions for complex computing and communication environments. Nature's footprint is present in the world of Information Technology, where there are an astounding number of computational bio-inspired techniques. These well-regarded approaches include genetic algorithms, neural networks, ant algorithms, immune systems just to name a few. For example several networking management and security technologies have successfully adopted some of nature's approaches, such as swarm intelligence, artificial immune systems, sensor networks, moving target defense, diversity-based software design, etc. Nature has also developed an outstanding ability to recognize individuals or foreign objects and adapt/evolve to protect a group or a single organism. Solutions that incorporate these nature-inspired characteristics often have improved performance and/or provided new capabilities beyond more traditional methods. The aim of this workshop is to bring together the research accomplishments provided by the researchers from academia and the industry. The other goal is to show the latest research results in the field of nature-inspired STAR aspects in computing and communications. Topics of interests include, but are not limited to:
- Nature-inspired anomaly and intrusion detection
- Adaptation algorithms
- Biometrics
- Nature-inspired algorithms and technologies for STAR
- Biomimetics
- Artificial Immune Systems
- Adaptive and Evolvable Systems
- Machine Learning, neural networks, genetic algorithms for STAR
- Nature-inspired analytics and prediction
- Cognitive systems
- Sensor and actuator networks and systems
- Information hiding solutions (steganography, watermarking) for network traffic
- Cooperative defense systems
- Cloud-supported nature-inspired STAR
- Theoretical development in heuristics
- Management of decentralized networks
- Nature-inspired algorithms for dependable networks
- Platforms for STAR services
- Diversity in computing and communications
- Survivable and sustainable systems
- STAR management systems
- Autonomic cyber defenses

For more information, please see http://biostar.cybersecurity.bio/.

WTMC 2017 2nd International Workshop on Traffic Measurements for Cybersecurity, Co-located with the 38th IEEE Symposium on Security and Privacy (IEEE S&P 2017), San Jose, CA, USA, May 25, 2017. [posted here 10/24/16]
Current communication networks are increasingly becoming pervasive, complex, and ever-evolving due to factors like enormous growth in the number of network users, continuous appearance of network applications, increasing amount of data transferred, and diversity of user behaviors. Understanding and measuring traffic in such networks is a difficult yet vital task for network management but recently also for cybersecurity purposes. Network traffic measuring and monitoring can, for example, enable the analysis of the spreading of malicious software and its capabilities or can help to understand the nature of various network threats including those that exploit users’ behavior and other user’s sensitive information. On the other hand network traffic investigation can also help to assess the effectiveness of the existing countermeasures or contribute to building new, better ones. Recently, traffic measurements have been utilized in the area of economics of cybersecurity e.g. to assess ISP or to estimate the revenue of cyber criminals. The aim of this workshop is to bring together the research accomplishments provided by the researchers from academia and the industry. The other goal is to show the latest research results in the field of cybersecurity and understand how traffic measurements can influence it. We encourage prospective authors to submit related distinguished research papers on the subject of both: theoretical approaches and practical case reviews. This workshop presents some of the most relevant ongoing research in cybersecurity seen from the traffic measurements perspective. The workshop will be accessible to both non-experts interested in learning about this area and experts interesting in hearing about new research and approaches. Topics of interest include, but are not limited to:
- Measurements for network incidents response, investigation and evidence handling
- Measurements for network anomalies detection
- Measurements for economics of cybersecurity
- Network traffic analysis to discover the nature and evolution of the cybersecurity threats
- Measurements for assessing the effectiveness of the threats detection/prevention methods and countermeasures
- Novel passive, active and hybrid measurements techniques for cybersecurity purposes
- Traffic classification and topology discovery tools for monitoring the evolving status of the network from the cybersecurity perspective
- Correlation of measurements across multiple layers, protocols or networks for cybersecurity purposes
- Novel visualization approaches to detect network attacks and other threats
- Analysis of network traffic to provide new insights about network structure and behavior from the security perspective
- Measurements of network protocol and applications behavior and its impact on cybersecurity and users' privacy
- Measurements related to network security and privacy

For more information, please see http://wtmc.info.

IWPE 2017 3rd International Workshop on Privacy Engineering, Co-located with IEEE Symposium on Security and Privacy (SP 2017), San Jose, CA, USA, May 25, 2017. [posted here 11/7/16]
Ongoing news reports regarding global surveillance programs, massive personal data breaches in corporate databases, and notorious examples of personal tragedies due to privacy violations have intensified societal demands for privacy-friendly systems. In response, current legislative and standardization processes worldwide aim to strengthen individual’s privacy by introducing legal, organizational and technical frameworks that personal data collectors and processors must follow. However, in practice, these initiatives alone are not enough to guarantee that organizations and software developers will be able to identify and adopt appropriate privacy engineering techniques in their daily practices. Even if so, it is difficult to systematically evaluate whether the systems they develop using such techniques comply with legal frameworks, provide necessary technical assurances, and fulfill users’ privacy requirements. It is evident that research is needed in developing techniques and tools that can aid the translation of legal and normative concepts, as well as user expectations into systems requirements. Furthermore, methods that can support organizations and engineers in developing (socio-)technical systems that address these requirements is of increasing value to respond to the existing societal challenges associated with privacy. In this context, privacy engineering research is emerging as an important topic. Engineers are increasingly expected to build and maintain privacy-preserving and data-protection compliant systems in different ICT domains such as health, energy, transportation, social computing, law enforcement, public services; based on different infrastructures such as cloud, grid, or mobile computing and architectures. While there is a consensus on the benefits of an engineering approach to privacy, concrete proposals for models, methods, techniques and tools that support engineers and organizations in this endeavor are few and in need of immediate attention. To cover this gap, the topics of the International Workshop on Privacy Engineering (IWPE'17) focus on all the aspects surrounding privacy engineering, ranging from its theoretical foundations, engineering approaches, and support infrastructures, to its practical application in projects of different scale. Specifically, we are seeking the following kinds of papers: (1) technical papers that illustrate the engineering or application of a novel formalism, method or other research finding (e.g., a privacy enhancing protocol) with preliminary evaluation; (2) experience and practice papers that describe a case study, challenge or lessons learned from in a specific domain; (3) early evaluations of tools and other infrastructure that support engineering tasks in privacy requirements, design, implementation, testing, etc.; (4) interdisciplinary studies or critical reviews of existing privacy engineering concepts, methods, tools and frameworks; or (5) vision papers that take a clear position informed by evidence based on a thorough literature review. IWPE’17 welcomes papers that focus on novel solutions on the recent developments in the general area of privacy engineering. Topics of interests include, but are not limited to:
- Integrating law and policy compliance into the development process
- Privacy impact assessment during software development
- Privacy risk management models
- Privacy breach recovery Methods
- Technical standards, heuristics and best practices for privacy engineering
- Privacy engineering in technical standards
- Privacy requirements elicitation and analysis methods
- User privacy and data protection requirements
- Management of privacy requirements with other system requirements
- Privacy requirements elicitation and analysis techniques
- Privacy engineering strategies and design patterns
- Privacy-preserving architectures
- Privacy engineering and databases, services, and the cloud
- Privacy engineering in networks
- Engineering techniques for fairness, transparency, and privacy in databases
- Privacy engineering in the context of interaction design and usability
- Privacy testing and evaluation methods
- Validation and verification of privacy requirements
- Privacy Engineering and design
- Engineering Privacy Enhancing Technologies (PETs)
- Integration of PETs into systems
- Models and approaches for the verification of privacy properties
- Tools and formal languages supporting privacy engineering
- Teaching and training privacy engineering
- Adaptations of privacy engineering into specific software development processes
- Pilots and real-world applications
- Evaluation of privacy engineering methods, technologies and tools
- Privacy engineering and accountability
- Privacy engineering and business processes
- Privacy engineering and manageability of data in (large) enterprises
- Organizational, legal, political and economic aspects of privacy engineering

For more information, please see http://ieee-security.org/TC/SPW2017/IWPE/.

IFIPSEC 2017 32nd IFIP TC-11 SEC 2017 International Information Security and Privacy Conference, Rome, Italy, May 29-31, 2017. [posted here 10/24/16]
The IFIP SEC conference is the flagship event of the International Federation for Information Processing (IFIP) Technical Committee 11 on Security and Privacy Protection in Information Processing Systems (TC-11, www.ifiptc11.org). Previous SEC conferences were held in Ghent (Belgium) 2016, Hamburg (Germany) 2015, Marrakech (Morroco) 2014, Auckland (New Zealand) 2013, Heraklion (Greece) 2012, Lucerne (Switzerland) 2011, and Brisbane (Australia) 2010. We seek submissions from academia, industry, and government presenting novel research on all theoretical and practical aspects of security and privacy protection in ICT Systems. Topics of interest include, but are not limited to:
- Access control and authentication
- Applied cryptography
- Audit and risk analysis
- Biometrics
- Big data security and privacy
- Cloud security and privacy
- Critical infrastructure protection
- Cyber-physical systems security
- Data protection
- Data and applications security
- Digital forensics
- Human aspects of security and privacy
- Identity management
- Information security education
- Information security management
- Information technology mis-use and the law
- Managing information security functions
- Mobile security
- Multilateral security
- Network & distributed systems security
- Privacy protection and Privacy-by-design
- Privacy enhancing technologies
- Security and privacy in crowdsourcing
- Security and privacy in pervasive systems
- Security and privacy in the Internet of Things
- Security and privacy policies
- Surveillance and counter-surveillance
- Trust management
- Usable security

For more information, please see http://ifipsec.org/2017/.

June 2017
July 2017

IVSW 2017 2nd International Verification and Security Workshop, Thessaloniki, Greece, July 3-5, 2017. [posted here 1/23/17]
Issues related to verification and security are increasingly important in modern electronic systems. In particular, the huge complexity of electronic systems has led to growth in quality, reliability and security needs in several application domains as well as pressure for low cost products. There is a corresponding increasing demand for cost-effective verification techniques and security solutions. These needs have increased dramatically with the increased complexity of electronic systems and the fast adoption of these systems in all aspects of our daily lives. The goal of IVSW is to bring industry practitioners and researchers from the fields of verification, validation, test, reliability and security to exchange innovative ideas and to develop new methodologies for solving the difficult challenges facing us today in various SoC design environments.   The workshop seeks submissions from academia and industry presenting novel research results on the following topics of interest:
- Verification challenges of IoT
- High-level test generation for functional verification
- Emulation techniques and FPGA prototyping
- Triage and debug methodologies
- Silicon debugging
- Low-power verification
- Formal techniques and their applications
- Verification coverage
- Performance validation and characterization
- Design for Verifiability (DFV)
- Memory and coherency verification
- ESL design and Virtual Platforms
- Security verification
- Design for security
- Hardware Security IP
- Secure circuit design
- Fault-based attacks and counter measures
- Security solutions for analog/mixed signal circuits
- Security Applications in automotive, railway, avionics and space
- Internet of Things (IoT) security considerations
- Data analytics in verification and security
- Security EDA tools
- Hardware/software security and verification

For more information, please see http://tima.imag.fr/conferences/ivsw/ivsw17/.

ACNS 2017 15th International Conference on Applied Cryptography and Network Security, Kanazawa, Japan, July 10-12, 2017. [posted here 12/12/16]
ACNS is an annual conference focusing on innovative research and current developments that advance the areas of applied cryptography, cyber security and privacy. Both academic research works with high relevance to real-world problems as well as developments in industrial and technical frontiers fall within the scope of the conference. Submissions may focus on the modelling, design, analysis (including security proofs and attacks), development (e.g. implementations), deployment (e.g. system integration), and maintenance (including performance measurements, usability studies) of algorithms / protocols / standards / implementations / technologies / devices / systems, standing in close relation with applied cryptography, cyber security and privacy, while advancing or bringing new insights to the state of the art.

For more information, please see https://cy2sec.comm.eng.osaka-u.ac.jp/acns2017/.

SOUPS 2017 13th Symposium on Usable Privacy and Security, Santa Clara, CA, USA, July 12–14, 2017. [posted here 11/21/16]
The 2017 Symposium on Usable Privacy and Security (SOUPS) will bring together an interdisciplinary group of researchers and practitioners in human computer interaction, security, and privacy. We invite authors to submit previously unpublished papers describing research or experience in all areas of usable privacy and security. We welcome a variety of research methods, including both qualitative and quantitative approaches. Topics include, but are not limited to:
- Innovative security or privacy functionality and design
- Field studies of security or privacy technology
- Usability evaluations of new or existing security or privacy features
- Security testing of new or existing usability features
- Longitudinal studies of deployed security or privacy features
- Studies of administrators or developers and support for security and privacy
- The impact of organizational policy or procurement decisions
- Lessons learned from the deployment and use of usable privacy and security features

For more information, please see https://www.usenix.org/conference/soups2017/call-for-papers.

DBSec 2017 31st Annual IFIP WG 11.3 Conference on Data and Applications Security and Privacy, Philadelphia, PA, USA, July 17-19, 2017. [posted here 1/2/17]
DBSec is an annual international conference covering research in data and applications security and privacy. The 31st Annual IFIP WG 11.3 Conference on Data and Applications Security and Privacy (DBSec 2017) will be held in Philadelphia, PA, USA. The conference seeks submissions from academia, industry, and government presenting novel research on all theoretical and practical aspects of data protection, privacy, and applications security. Topics of interest include, but are not limited to:
- access control 
- anonymity
- applied cryptography in data security 
- authentication
- big data security 
- data and system integrity
- data protection 
- database security 
- digital rights management 
- identity management  
- intrusion detection
- knowledge discovery and privacy
- methodologies for data and application security 
- network security 
- organizational security 
- privacy  
- secure cloud computing
- secure distributed systems 
- secure information integration 
- secure Web services  
- security and privacy in crowdsourcing
- security and privacy in IT outsourcing 
- security and privacy in the Internet of Things 
- security and privacy in location-based services
- security and privacy in P2P scenarios and social networks
- security and privacy in pervasive/ubiquitous computing
- security and privacy policies
- security management
- security metrics
- threats, vulnerabilities, and risk management
- trust and reputation systems
- trust management
- wireless and mobile security

For more information, please see https://dbsec2017.ittc.ku.edu/.

WiSec 2017 10th ACM Conference on Security and Privacy in Wireless and Mobile Networks, Boston, MA, USA, July 18-20, 2017. [posted here 12/19/16]
ACM WiSec is the leading ACM and SIGSAC conference dedicated to all aspects of security and privacy in wireless and mobile networks and their applications. In addition to the traditional ACM WiSec topics of physical, link, and network layer security, we welcome papers focusing on the security and privacy of mobile software platforms, usable security and privacy, biometrics, cryptography, and the increasingly diverse range of mobile or wireless applications such as Internet of Things, and Cyber-Physical Systems. The conference welcomes both theoretical as well as systems contributions. Topics of interest include, but are not limited to:
- Security & privacy for smart devices (e.g., smartphones)
- Wireless and mobile privacy and anonymity
- Secure localization and location privacy
- Cellular network fraud and security
- Jamming attacks and defenses
- Key management (agreement or distribution) for wireless or mobile systems
- Information-theoretic security schemes for wireless systems
- Theoretical and formal approaches for wireless and mobile security
- Cryptographic primitives for wireless and mobile security
- NFC and smart payment applications
- Security and privacy for mobile sensing systems
- Wireless or mobile security for emerging applications (e.g, privacy in health, automotive, avionics, smart grid, or IoT applications)
- Physical tracking security and privacy
- Usable mobile security and privacy
- Economics of mobile security and privacy
- Bring Your Own Device (BYOD) security
- Mobile malware and platform security
- Security for cognitive radio and dynamic spectrum access systems
- Security protocols for wireless networking

For more information, please see http://wisec2017.ccs.neu.edu/.

PETS 2017 17th Privacy Enhancing Technologies Symposium, Minneapolis, MN, USA, July 18 – 21, 2017. [posted here 8/8/16]
The annual Privacy Enhancing Technologies Symposium (PETS) brings together privacy experts from around the world to present and discuss recent advances and new perspectives on research in privacy technologies. Papers undergo a journal-style reviewing process and accepted papers are published in Proceedings on Privacy Enhancing Technologies (PoPETs), a scholarly, open access journal. Submitted papers should present novel practical and/or theoretical research into the design, analysis, experimentation, or fielding of privacy-enhancing technologies. While PETS/PoPETs has traditionally been home to research on anonymity systems and privacy-oriented cryptography, we strongly encourage submissions on a number of both well-established and emerging privacy-related topics, for which examples are provided below. PoPETs also solicits submissions for Systematization of Knowledge (SoK) papers. These are papers that critically review, evaluate, and contextualize work in areas for which a body of prior literature exists, and whose contribution lies in systematizing the existing knowledge in that area.

For more information, please see https://petsymposium.org/.

August 2017

DSC 2017 IEEE Conference on Dependable and Secure Computing, Taipei, Taiwan, August 7-10, 2017. [posted here 10/24/16]
The IEEE Conference on Dependable and Secure Computing solicits papers, posters, practices, and experiences for presenting innovative research results, problem solutions, and new challenges in the field of dependable and secure computing. The whole spectrum of IT systems and application areas, including hardware design and software systems, with stringent relevant to dependability and security concerns are of interest to DSC. Authors are invited to submit original works on research and practice of creating, validating, deploying, and maintaining dependable and secure systems. The conference has two tracks for research papers, the "Computer Systems, Networks, and Software" track and the "System Electronics, VLSI, and CAD" track. In addition to research papers, the DSC conference will also include a submission category for experience and practice papers on new findings in the two aforementioned categories. The PC will evaluate a submission to the experience and practice track with the understanding that it predominantly contributes to the VLSI/CAD design knowhow or the extension of the community's knowledge about how the security protection of known techniques fares in real-world operations. Authors have to submit a short paper along with slides and an optional supplemental video to demonstrate the implementation and/or the practicability of the work.

For more information, please see http://dsc17.cs.nctu.edu.tw/.

USENIX Security 2017 26th USENIX Security Symposium, Vancouver, Canada, August 16–18, 2017. [posted here 1/23/17]
The USENIX Security Symposium brings together researchers, practitioners, system administrators, system programmers, and others interested in the latest advances in the security and privacy of computer systems and networks. All researchers are encouraged to submit papers covering novel and scientifically significant practical works in computer security. USENIX Security is interested in all aspects of computing systems security and privacy. Papers without a clear application to security or privacy, however, will be considered out of scope and may be rejected without full review.

For more information, please see https://www.usenix.org/conference/usenixsecurity17/call-for-papers.

CSF 2017 30th IEEE Computer Security Foundations Symposium, Co-located with CRYPTO 2017, Santa Barbara, California, USA, August 22-25, 2017. [posted here 12/12/16]
The Computer Security Foundations Symposium is an annual conference for researchers in computer security. CSF seeks papers on foundational aspects of computer security, such as formal security models, relationships between security properties and defenses, principled techniques and tools for design and analysis of security mechanisms, as well as their application to practice. While CSF welcomes submissions beyond the topics listed below, the main focus of CSF is foundational security: submissions that lack foundational aspects risk rejection. This year, CSF will use a light form of double-blind reviewing. New results in computer security are welcome. We also encourage challenge/vision papers, which may describe open questions and raise fundamental concerns about security.

For more information, please see http://csf2017.tecnico.ulisboa.pt/.