Call for Papers: IEEE Security & Privacy Magazine Special Issue on:

** Privacy-Preserving Sharing of Sensitive Information **

Expected Publication Date: July/August 2010
Submission Deadline: 15 November 2009

Guest Editors:
Sal Stolfo (Columbia University)
Gene Tsudik (UC Irvine)

Privacy-Preserving Sharing of Sensitive Information (PPSSI) is motivated 
by the increasing need for organizations or people who don't fully trust 
each other to share sensitive information.

Many types of organizations must often collect, analyze, and disseminate 
data rapidly and accurately without exposing sensitive information to 
wrong or untrusted parties. For example, census-takers collect private 
data with the understanding that it won't be released in a form 
traceable to the individual who provided it. Companies might be willing 
to divulge sensitive financial data to organizations that release only 
aggregate data for an industry sector. A hospital might share patient 
information with a state health agency but only to allow the latter to 
determine the number (and not the identities) of uninsured patients. 
While statistical methods for protecting data have been in use for 
decades, they're not foolproof and they generally involve a trusted 
third party to produce privacy-preserving statistical digests.

More recently, techniques employing secure multi-party function 
evaluation, encrypted keywords, and private information retrieval have 
been studied and, in a few cases, deployed, However there are no 
practical tools and technologies to guarantee data privacy, especially, 
whenever organizations have certain common goals and require exchanges 
of data. To this end, the objective of PPSSI technology is to enable 
multiple entities to cooperate and share information without exposing 
more than what is necessary to complete a common task.

Potential submission topics include (but are not limited to) the following:
 o  PPSSI requirements and policy enforcement; prospective policies 
    governing PPSSI, including formal
    models and policy languages as well as trust models.
 o  Data "cleaning" and obfuscation techniques.
 o  Cryptographic protocols; innovative constructs, their performance and 
    implementation issues, for example, private information retrieval,
    searching over encrypted data and private set operations.
 o  Data management; storage and data management issues arising in PPSSI 
 o  Secure hardware; architectures and technologies in support of PPSSI

In general, we welcome articles that address innovative conceptual, 
implementation, and experimental results relevant to PPSSI. Articles 
addressing requirements, especially from potential users of PPSSI 
technology, are encouraged as well. Articles describing products or 
narrow/specific applications as well as largely theoretical articles are 

Submissions will be subject to the peer-review methodology for refereed 
papers. Articles should be 6,000 words, maximum, with a maximum of 15 
references. Articles should be understandable to a broad audience of 
people interested in security and privacy. The writing should be down to 
earth, practical, and original. Authors should not assume that the 
audience will have specialized experience in a particular subfield. All 
accepted articles will be edited according to the IEEE Computer Society 
style guide. Submit your papers to Manuscript Central at