Call for Papers: IEEE Security & Privacy Magazine Special Issue on: ** Privacy-Preserving Sharing of Sensitive Information ** Expected Publication Date: July/August 2010 Submission Deadline: 15 November 2009 Guest Editors: Sal Stolfo (Columbia University) Gene Tsudik (UC Irvine) Privacy-Preserving Sharing of Sensitive Information (PPSSI) is motivated by the increasing need for organizations or people who don't fully trust each other to share sensitive information. Many types of organizations must often collect, analyze, and disseminate data rapidly and accurately without exposing sensitive information to wrong or untrusted parties. For example, census-takers collect private data with the understanding that it won't be released in a form traceable to the individual who provided it. Companies might be willing to divulge sensitive financial data to organizations that release only aggregate data for an industry sector. A hospital might share patient information with a state health agency but only to allow the latter to determine the number (and not the identities) of uninsured patients. While statistical methods for protecting data have been in use for decades, they're not foolproof and they generally involve a trusted third party to produce privacy-preserving statistical digests. More recently, techniques employing secure multi-party function evaluation, encrypted keywords, and private information retrieval have been studied and, in a few cases, deployed, However there are no practical tools and technologies to guarantee data privacy, especially, whenever organizations have certain common goals and require exchanges of data. To this end, the objective of PPSSI technology is to enable multiple entities to cooperate and share information without exposing more than what is necessary to complete a common task. Potential submission topics include (but are not limited to) the following: o PPSSI requirements and policy enforcement; prospective policies governing PPSSI, including formal models and policy languages as well as trust models. o Data "cleaning" and obfuscation techniques. o Cryptographic protocols; innovative constructs, their performance and implementation issues, for example, private information retrieval, searching over encrypted data and private set operations. o Data management; storage and data management issues arising in PPSSI settings. o Secure hardware; architectures and technologies in support of PPSSI In general, we welcome articles that address innovative conceptual, implementation, and experimental results relevant to PPSSI. Articles addressing requirements, especially from potential users of PPSSI technology, are encouraged as well. Articles describing products or narrow/specific applications as well as largely theoretical articles are discouraged. Submissions will be subject to the peer-review methodology for refereed papers. Articles should be 6,000 words, maximum, with a maximum of 15 references. Articles should be understandable to a broad audience of people interested in security and privacy. The writing should be down to earth, practical, and original. Authors should not assume that the audience will have specialized experience in a particular subfield. All accepted articles will be edited according to the IEEE Computer Society style guide. Submit your papers to Manuscript Central at https://mc.manuscriptcentral.com/cs-ieee.