Lost Treasures of Computer Security & Privacy (IEEE Security & Privacy
Magazine special issue September/October 2012)

Final submissions due to ScholarOne: 1 March 2012
Please email the guest editors a brief description of the article you
plan to submit by 1 February 2012.

Since the release of the “Anderson Report” (Computer Security
Technology Planning Study, October 1972), researchers have published
tens of thousands of computer security papers. Many papers repeat
results from earlier research, or fail to learn from earlier attempts
that floundered. With the plethora of research needed to advance
computer security, we must learn from the past to avoid wasted effort.
Unfortunately, key security insights often remain hidden among
rambling technical reports or obscured by government policies and
regulations that have fallen from favor.

Many efforts to improve security have focused on measurement,
including government-led efforts such as the “Orange Book”) and the
Common Criteria. While metric efforts have improved our security,
economic pressures foster the discovering of loopholes that severely
hamper metric efforts over the long term. Similarly, technologies such
as formal methods have improved the assurance of secure systems, but
not to the level envisioned in the early days of computer security.

This special issue of IEEE Security & Privacy will address key lessons
from the past 50 years—not merely to recapitulate them, but to learn
from them. We solicit articles from individuals and organizations

    What we’ve learned from successful and unsuccessful attempts to
define standards for measuring security.
    Summaries of solid computer security science lost because of
building with unpopular metric definitions, or business failures.
    Lessons learned from looking back over 50 years of computer
security research.

Potential submission topics include (but are not limited to):

    Tracing the evolution of computer security ideas in use today back
to their early origins and the core science behind them.
    A summary of lessons learned from successful and failed security
projects, and why they succeeded or failed.
    Summarizing the results of key historic research, separating the
wheat from the chaff with 50 years of hindsight.
    Analysis of the science of computer security as a science, such as
what papers get cited most frequently.
    Best papers then and now – what happened to that promising
technology given a best paper award several decades ago?
    Computer security red herrings – what research areas produced
numerous papers, but never appeared in commercial products?
    Most influential papers – what papers changed the way people
thought about computer security or anecdotally what papers changed the
way you thought about computer security?
    What concepts/metaphors best teach core computer security concepts
to new security practitioners?
    What computer security papers/presentations influenced you, but no
one else seemed to get?
    What security concepts and technologies sprang full blown into the
commercial marketplace without a clear tie to research, and why? How
did bypassing research help or hurt their effectiveness and adoption?

This special issue strives to make key computers security insights and
concepts available and easily digestible by a new generation of
computer security researchers. This special issue seeks condensed
knowledge about the gems of core computer security science, not
historical surveys.

For more info, see http://www.computer.org/portal/web/computingnow/spcfp6