Cipher E60, May 18, 2004, New CFPS

DIMACS Workshop on Security Analysis of Protocols, Piscataway, NJ, USA, June 7-9, 2004. (submissions due ASAP, pre-register by May 20)
The analysis of cryptographic protocols is a fundamental and challenging area of network security research. Traditionally, there have been two main approaches, the logic approach aimed at developing (automated) tools for the formal veri.cation of protocols and the complexity theory approach that characterizes protocol security as a set of computational tasks and proves protocol security via reduction to the strength of the underlying cryptographic functions. Although these two lines of work share a common goal, there has been little commonality between them.

The goal of this workshop is to generally promote work on security analysis of protocols and foster cooperative research combining the logical and complexity-based approaches. The workshop will include tutorials on the basics of each approach and will allow representatives from both communities to talk about their current work.

Topics

- Analysis methods involving computational complexity

- Game-theoretic approaches

- Methods based on logic and symbolic computation

- Probabilistic methods

- Model checking and symbolic search

- Formal proof systems

- Decision procedures and lower bounds

- Anything else that sounds like a great idea

Participation:

The workshop will be open for the public. If you'd like to give a presentation please send a title and abstract to the organizers as soon as possible. Also, we intend this to be a participatory and interactive meeting so we hope you will be able to contribute to the meeting even without giving an announced talk.

For more information, see: http://dimacs.rutgers.edu/Workshops/Protocols

VANET2004 First ACM Workshop on Vehicular Ad Hoc Networks (held in conjunction with ACM MobiCom 2004), Loews Philadelphia Hotel, Philadelphia, PA, USA, October 1, 2004. (submissions due 24 May 2004)

Creating high-performance, highly scalable, and secure VANET technologies presents an extraordinary challenge to the wireless research community. Yet, certain limitations commonly assumed in ad hoc networks are mitigated in VANET. For example, VANET may marshal relatively large computational resources. Ample and recharging power sources can be assumed. Mobility patterns are constrained by road paths and driving speed restrictions. VANET represents high resource/performance wireless technology. As such, VANET can use significantly different approaches than sensor networks. VANET applications will include on-board active safety systems leveraging vehicle-vehicle or roadside-vehicle networking. These systems may assist drivers in avoiding collisions. Non-safety applications include real-time traffic congestion and routing information, high-speed tolling, mobile infotainment, and many others.

We invite papers from researchers on all aspects of vehicular ad hoc networks, such as new applications, networking protocols, security paradigms, network management technologies, power control, modulation, coding, channel modeling, etc. The session will bring together visionary researchers for an exciting exchange of ideas.

For more info, please see: http://www.path.berkeley.edu/vanet/

SecCo2004 2nd International Workshop on Security Issues in Coordination Models, Languages and Systems, London, United Kingdom. August 30, 2004. (submissions due 31 May 2004)

Coordination models, languages and middlewares, which advocate a distinct separation between the internal behaviour of the entities and their interaction, represent a promising approach. However, due to the openness of these systems, new critical aspects come into play, such as the need to deal with malicious components or with a hostile environment. Current research on network security issues (eg. secrecy, authentication, etc.) usually focuses on opening cryptographic point-to-point tunnels. Therefore, the proposed solutions in this area are not always exploitable to support the end-to-end secureinteraction between entities whose availability or location is not known beforehand.

Topics of interest include, but are not limited to:

   Theoretical foundations, specification, analysis,  case-studies,
   applications for
   authentication                            coordination models
   integrity                                 web service technology
   privacy                                   mobile ad-hoc networks
   confidentiality                           agent-based infrastructures
   access control           -in-             peer-to-peer systems
   denial of service                         global computing
   service availability                      context-aware computing
   safety aspects                            component-based systems
   fault tolerance                           ubiquitous/pervasive computing

For more information, please see: http://cs.unibo.it/secco04

PDCS 2004 International Workshop on Security in Parallel and Distributed Systems (in conjunction with the 17th International Conference on Parallel and Distributed Computing Systems), San Francisco, CA, USA, September 15-17,2004. (submissions due May 31, 2004)

In recent years, interest has increased in the field of security of parallel and distributed systems, which include the control mechanisms, mobile code security, denial-of-service attacks, trust management, modeling of information flow and its application to confidentiality policies, system composition, and covert channel analysis. We will focus our program on issues related to important properties of system security, such as measurability, sustainability, affordability, and usability in parallel and distributed systems.

Topics ofinterest include:

. Distributed Access Control and Trust Management

. Key Management and Authentication

. Privacy and Anonymity

. Benchmark and Security Analysis

. Security for Peer to Peer systems and Grid Computing Systems

. Secure Multicast and Broadcast

. Secure multiparty and two-party computations

. Computer and Network Forensics

. Denial-of-service Attacks and Countermeasures

. Secure E-Commerce/E-Business

. Security Verification

. Distributed Database Security

. Digital Rights Management

. Secure Mobile Agents and Mobile Code

. Intrusion detection

. Security in ad-hoc and sensor networks

. World Wide Web Security

More information can be found at the conference web site at http://securityworkshop.ece.iastate.edu

VLDB2004 Workshop "Secure Data Management in a Connected World", Royal York Hotel, Toronto, Canada, August 30, 2004. (submissions due 31 May 2004)
Aim of the workshop is to bring together people from the security research community and data management research community in order to exchange ideas on the secure management of data in the context of emerging networked services and applications. The workshop will provide forum for discussing practical experiences and theoretical research efforts that can help in solving these critical problems in secure data management. Authors from both academia and industry are invited to submit papers presenting novel research on the topics of interest.

Topics of interest include (but are not limited to) the following:

- Data Hiding - Secure Storage - Secure Data Management in File Systems - Digital Rights Management - Data Encryption - Search on Encrypted Data - Metadata and Security - XML Security - Multimedia Security and Privacy - Authorization and Access Control Techniques - Security and Privacy Management - Privacy Enhanced Data Management (indexing, access control) - Private Information Retrieval - User Profiling and Privacy - Privacy Preserving Data Mining - Statistical Database Security - Security and Privacy Requirements for Ambient Applications - Information Dissemination Control - Protection of Personally Identifiable Information

For further info, please see http://www.extra.research.philips.com/sdm-workshop/

June 2004

CT-RSA '05 RSA Conference 2005, Cryptographers' Track, February 14-18, 2005, San Francisco, CA, USA. (submissions due 1 June 2004)
The RSA Conference is the largest, regularly staged computer security event. The Cryptographers' Track (CT-RSA) is a research conference within the RSA Conference. CT-RSA 2005 will be the fifth year of the Cryptographers' Track, which has become an established venue for presenting practical research results related to cryptography and data security.

Original research papers pertaining to all aspects of cryptography as well as tutorials are solicited. Submissions may present theory, techniques, applications and practical experience on topics including, but not limited to: fast implementations, secure electronic commerce, network security and intrusion detection, formal security models, comparison and assessment, tamper-resistance, certification and time-stamping, cryptographic data formats and standards, encryption and signature schemes, public-key infrastructure, protocols, elliptic-curve cryptography, cryptographic algorithm design and cryptanalysis, discrete logarithm and factorization techniques, lattice reduction, and provable security.

More information can be found at http://www.rsasecurity.com/rsalabs/cfp_ct_rsa05.html

ACSAC 20 The 20th Annual Computer Security Applications Conference, Hilton Tucson El Conquistador, Tucson, AZ, USA, December 6-10, 2004. (submissions due 1 June 2004)
The 19th Annual Computer Security Applications Conference is an internationally recognized conference that provides a forum for experts in information system security to exchange practical ideas about solving real problems. Papers and proposals that address the application of technology, the implementation of systems, and lessons learned will be given special consideration. The ACSAC Program Committee is looking for papers, panels, forums, case studies presentations, tutorials, workshops, and works in progress that address practical solutions to problems related to protecting commercial enterprises or government information infrastructures.

A list of topics of interest along with other conference information can be found at www.acsac.org.

SCN'04 Fourth Conference on Security in Communication Networks, Amalfi, Italy, September 8-10, 2004. (submissions due 7 June 2004)
The Fourth Conference on Security in Communication Networks (SCN '04) will be held in Amalfi (Italy) on September 8-10 2004. SCN '04 aims at bringing together researchers in the field of security in communication networks to foster cooperation and exchange of ideas. Original papers on all technical aspects of cryptology and network security are solicited for submission to SCN04. Topics of interest are (but not limited to):

    Anonymity                          Implementations
    Authentication                     Key Distribution
    Block Ciphers                      Operating Systems Security
    Complexity-based Cryptography      Privacy
    Cryptanalysis                      Protocols
    Digital Signatures                 Public Key Encryption
    Hash Functions                     Secret Sharing
    Identification                     Survey and state of the art

For more information, please see http://www.dia.unisa.it/conferences/SCN04/
HICSS2005 Security and Survivability of Networked Systems (minitrack at HICSS2005), Hawai'i, USA, January 3-6, 2005. (submissions due 15 June 2004)
Minitrack description:
Malicious attacks on computing systems and networks have grown steadily over the last decade and have reached epidemic proportions. Despite much progress in security research, the numbers of reported vulnerabilities and incidents are increasing. We are fully embracing computer and network technology in all aspects of our daily lives, and even to control our critical infrastructures, where failures could result in loss of life or have huge financial and environmental consequences. We need to our increase research efforts in this arena.

This minitrack focuses on security and survivability in networked computer systems. Of special interest are contributions that address survival, tolerance, recovery or masking of malicious attacks. Submissions will be sought from researchers in the area of system survivability, fault-tolerance and intrusion tolerance, software dependability, computer and network security, and economic or statistical modeling of secure/survivable systems.

Topics include, but are not limited to:

- System or software survivability

- Safety critical failure modes

- Network or system intrusion tolerance

- Modeling malicious behavior or attacks

- Survivability and security issues of mobile agent based systems

- Survivability and security issues of ad-hoc networks

- Mathematical models for verification of vulnerability to malicious acts

- Models for measurement/evaluation/validation of survivability

- Software and hardware fault tolerance

- Design for dependability and/or survivability

- PRA and hybrid fault models accounting for malicious acts

For more information see: http://www.cs.uidaho.edu/~krings/HICSS38.htm

SAPS'04 Workshop on Specification and Automated Processing of Security Requirements, Linz, Austria, September 20-25, 2004. (submissions due 10 June 2004)
This workshop is being held as part of the 19th IEEE International Conference on Automated Software Engineering. The exchange of concepts, prototypes, research ideas, and other results which contribute to the academic arena and also benefit business and industrial communities, is of particular interest.

Original papers are solicited for submission to the workshop related (but not limited) to the following topics of interest:

- Security requirements specification and analysis

- Formal semantics for security requirements

- Integration of Security engineering into software engineering processes

- Automated tools supporting integrated security engineering and software engineering processes

- Security in programming languages

- Automatic tools for secure software development

- Automatic analysis/enforcement of security policies

- Definition and analysis of security-related semantic models

- Tools for formal analysis of security properties

- Specification, characterisation and integration of security components and patterns

For more information, please see: http://www.lcc.uma.es/SAPS04

WISA 2004 The 5th International Workshop on Information Security Applications, Ramada Plaza, Jeju Island, Korea, August 23-25, 2003. (submissions due 25 June 2004)
The 5th International Workshop on Information Security Applications (WISA 2004) will be held in Jeju Island, Korea on August 23-25, 2004. It is sponsored by the Korea Institute of Information and Cryptology (KIISC), Electronics & Telecommunications Research Institute (ETRI), and Ministry of Information and Communication (MIC). The focus of this workshop is on all technical and practical aspects of cryptographic and non-cryptographic security applications. The workshop will serve as a forum for new results from the academic research community as well as from the industry.

The areas of interest include, but are not limited to:

. Internet & Wireless Security       . Cyber Indication & Intrusion Detection
. E-Commerce Protocols               . Smart Cards & Secure Hardware
. Access Control & Database Security . Mobile Security
. Biometrics & Human Interface       . Privacy & Anonymity
. Network Security Protocols         . Public Key Crypto Applications
. Security & Trust Management        . Threats & Information Warfare
. Digital Rights Management          . Virus Protection
. Secure Software & Systems          . Ubiquitous Computing Security
. Information Hiding                 . Peer-to-Peer Security

More information can be found at http://dasan.sejong.ac.kr/~wisa04

SASN, ACM Workshop on Security of Ad Hoc and Sensor Networks, Wyndham City Hotel, Washington, DC, October 25, 2004. (submissions due 2 July 2004)
This workshop seeks submissions from academia and industry presenting novel research on all aspects of security for ad hoc and sensor networks, as well as experimental studies of fielded systems. Submission of papers based on work-in-progress is encouraged. Topics of interest include, but are not limited to, the following as they relate to wireless networks,mobile ad hoc networks, or sensor networks:

- Security under resource constraints, e.g., energy, bandwidth, memory, and computation constraints

- Performance and security tradeoffs

- Secure roaming across administrative domains

- Key management

- Cryptographic protocols

- Authentication and access control

- Trust establishment, negotiation, and management

- Intrusion detection and tolerance

- Secure location services

- Privacy and anonymity

- Secure routing

- Secure MAC protocols

- Denial of service

- Prevention of traffic analysis

For more info, see http://www.cs.gmu.edu/sasn

NORDSEC2004 9th Nordic Workshop on Secure IT Systems, Espoo, Finland, November 4-5, 2004. (submissions due 2 August 2004) The NORDSEC workshops started in 1996 with the aim of bringing researchers and practitioners within computer security in the Nordic countries. The theme of the workshop has been applied security, i.e. all kinds of security issues that could encourage interchange and cooperation between the research community and the industrial/consumer community. Possible topics include, but are not limited to the following:

- Privacy and Privacy Enhancing Technologies

- Wireless Communication Security

- Inter/Intra/Extranet Security

- Security Protocol Modeling and Analysis

- E-and M-Business Security

- New Firewall Technologies

- Secure Infrastructures; TTP, PKI, Key Escrow/Recovery

- Computer Crime and Information Warfare

- Detecting Attacks, Intrusions and Computer Misuse

- Smart Card Applications

- Security Management and Audit

- Security Evaluations and Measurements

- Security in Commercial off-the-shelf Products, COTS

- Operating System Security

- Security Models

- New Ideas and Paradigms for Security

- Security Education and Training

- Quality of Service or Software Engineering in Relation to Security

The workshop will consist of paper sessions, panel discussions and invited talks. For a complete call for papers, see http://www.tml.hut.fi/Nordsec2004/call_for_papers.html

FC'05 Ninth International Conference on Financial Cryptography and Data Security, Roseau, The Commonwealth Of Dominica, February 28-March 3, 2005 (submissions due 10 September 2004)
Financial Cryptography and Data Security (FC'05) is the premier international forum for research, advanced development, education, exploration, and debate regarding security in the context of finance and commerce. We have augmented our conference title and expanded our scope to cover all aspects of securing transactions and systems. These aspects include a range of technical areas such as: cryptography, payment systems, secure transaction architectures, software systems and tools, user and operator interfaces, fraud prevention, payment systems, secure IT infrastructure, and analysis methodologies. Our focus will also encompass legal, financial, business and policy aspects. Material both on theoretical (fundamental) aspects of securing systems and on secure applications and real-world deployments will be considered.

Original papers and presentations on all aspects of financial and commerce security are invited. Submissions must have a visible bearing on financial and commerce security issues, but can be interdisciplinary in nature and need not be exclusively concerned with cryptography or security. Possible topics for submission to the various sessions include, but are not limited to:

- Anonymity and Privacy

- Auctions

- Audit and Auditability

- Authentication and Identification, including Biometrics

- Certification and Authorization

- Commercial Cryptographic Applications

- Commercial Transactions and Contracts

- Digital Cash and Payment Systems

- Digital Incentive and Loyalty Systems

- Digital Rights Management

- Financial Regulation and Reporting

- Fraud Detection

- Game Theoretic Approaches to Security

- Infrastructure Design

- Legal and Regulatory Issues

- Microfinance and Micropayments

- Monitoring, Management and Operations

- Reputation Systems

- RFID-Based and Contactless Payment Systems

- Risk Assessment and Management

- Secure Banking

- Secure Financial Web Services

- Securing Emerging Computational Paradigms

- Security and Risk Perceptions and Judgments

- Security Economics

- Smart Cards and Secure Tokens

- Trust Management

- Trustability and Trustworthiness

- Underground-Market Economics

- Usability and Acceptance of Security Systems

- User and Operator Interfaces

For more info, please see http://www.ifca.ai/fc05/

November 2004

IWIA 2005 Third IEEE International Information Assurance Workshop, Washington D.C., USA, March 31-April 1, 2005. (submissions due 8 November 2004)
The IEEE Task Force on Information Assurance is sponsoring a workshop on information assurance in cooperation with the ACM SIGSAC on research and experience in information assurance. The workshop seeks submissions from academia, government, and industry presenting novel research, applications and experience, and policy on all theoretical and practical aspects of IA.

Possible topics include, but are not limited to the following:

- Operating System IA & S

- Storage IA & S

- Network IA & S

- IA Standardization Approaches

- Information Sharing in Coalition Settings

- Security Models

- Survivability and Resilient Systems

- Formal Methods and Software Engineering for IA

- Survivability and Resilient Systems

- Formal Methods and Software Engineering for IA

- Proactive Approaches to IA

- CCITSE Experience and Methodology

- Intrusion Detection, Prediction, and Countermeasures

- Insider Attack Countermeasures

- Specification, Design, Development, and Deployment of IA Mechanisms

- Policy Issues in Information Assurance

More information can be found on the workshop web page at http://iwia.org/2005/