Commentary and Opinion
Review of Financial Cryptography, the Workshop Real-life Cryptographic protocols and Standardization, and the Workshop on Ethics in Computer Security Research (St. Lucia, February 28-March 4, 2011) by Omar Choudary
Hilarie Orman's review of Surveillance or Security? The Risks Posed by New Wiretapping Technologies by Susan Landau
Richard Austin's review of Windows Registry Forensics: Advanced Digital Forensic Analysis of the Windows Registry by Harlan Carvey
Listing of academic positions available by
New, Posted February 2011
The University of Texas at Dallas
Until position filled
Cipher calendar announcements are on Twitter; follow "ciphernews"
new calls or announcements added since Cipher E100 (the calls-for-papers and the calendar announcements may differ slightly in content or time of update):
Conference and Workshop Announcements
SADFE 2011 International Workshop on Systematic Approaches to Digital Forensic Engineering, Held in conjunction with the IEEE Symposium on Security and Privacy (SP 2011), Berkeley, CA, USA, May 26, 2011. (Submissions due 15 March 2011)
The SADFE (Systematic Approaches to Digital Forensic Engineering) International Workshop promotes systematic approaches to cyber crime investigations, by furthering the advancement of digital forensic engineering as a disciplined science and practice. Today's digital artifacts permeate our lives and are part of every crime and every case of digital discovery. The field of digital forensics faces many challenges, including scale, scope and presentation of highly technical information in legal venues to nontechnical audiences. Digital evidence may be extant for only nanoseconds or for years; they may consist of a single modified bit, or huge volumes of data; they may be found locally or spread globally throughout a complex digital infrastructure on public or private systems. Following the success of previous SADFE workshops, cyber crime investigations and digital forensics tools will continue to be the key topics of the meeting. We also welcome a broader range of digital forensics papers that do not necessarily involve either crime or digital forensics tools. General attack analysis, the insider threat, insurance and compliance investigations, similar forms of retrospective analysis, and digital discovery are all viable topics. Past speakers and attendees of SADFE have included computer and information scientists, social scientists, digital forensic practitioners, IT professionals, law enforcement, lawyers, and judges. The synthesis of science with practice and the law with technology form the foundation of this conference. SADFE addresses the gap between today's practice and the establishment of digital forensics as a science. To advance the field, SADFE-2011 solicits broad-based, innovative approaches to digital forensic engineering in the following four areas:
To honor the outstanding work in digital forensics, the SADFE will provide awards for the highest overall quality papers and posters from the accepted program, as measured by scientific contribution, depth, and impact. A student must be the first author to be eligible for the best student paper award.
STM 2011 7th International Workshop on Security and Trust Management, Held in conjunction with IFIPTM 2011, Copenhagen, Denamrk, June 27-28, 2011. (Submissions due 18 March 2011)
STM (Security and Trust Management) is a working group of ERCIM (European Research Consortium in Informatics and Mathematics). STM'11 is the seventh workshop in this series and will be held in Copenhagen, Denmark in conjunction with IFIPTM 2011. Topics of interest include, but are not limited to:
PST 2011 9th International Conference on Privacy, Security and Trust, Montreal, Quebec, Canada, July 19-21, 2011. (Submissions due 20 March 2011)
PST2011 provides a forum for researchers world-wide to unveil their latest work in privacy, security and trust and to show how this research can be used to enable innovation. PST2011 will include an Innovation Day featuring workshops and tutorials followed by two days of high-quality research papers whose topics include, but are NOT limited to, the following:
ESORICS 2011 16th European Symposium on Research in Computer Security, Leuven, Belgium, September 12-14, 2011. (Submissions due 21 March 2011)
ESORICS is the annual European research event in Computer Security. The Symposium started in 1990 and has been held in several European countries, attracting a wide international audience from both the academic and industrial communities. Papers offering novel research contributions in computer security are solicited for submission to the Symposium. The primary focus is on original, high quality, unpublished research and implementation experiences. Submitted papers must not substantially overlap with papers that have been published or that are simultaneously submitted to a journal or a conference with proceedings. We encourage submissions of papers discussing industrial research and development. Suggested topics include but are not restricted to:
ESAS 2011 6th IEEE International Workshop on Engineering Semantic Agent Systems, Held in conjunction with IEEE COMPSAC 2011, Munich, Germany, July 18-22, 2011. (Submissions due 22 March 2011)
Semantic web technologies render dynamic, heterogeneous, distributed, shared semantic content equally accessible to human reader and software agents. ESAS Workshops Series focuses on concepts, foundations and applications of semantic agent systems and bringing forward better practices of engineering them. Research and technologies related to Semantic Web and agent systems are very much in focus at ESAS. Topics of interest span a wide spectrum of both theory and practice of semantics and agent architectures, including software agents, mobile agents, autonomous semantic agents, context-aware intelligent agents, agents as semantic web services, multi-agent systems, agent communities, cooperation and goal seeking through shared policy and ontology, safety & security in semantic multi-agent information systems, and other QoS issues.
W2SP 2011 Web 2.0 Security and Privacy 2011 Workshop, Held in conjunction with IEEE Symposium on Security and Privacy (SP 2011), Berkeley, CA, USA, May 26, 2011. (Submissions due 25 March 2011)
W2SP brings together researchers, practitioners, web programmers, policy makers, and others interested in the latest understanding and advances in the security and privacy of the web, browsers and their eco-system. We have had four years of successful W2SP workshops. This year, we will additionally invite selected papers to a special issue of the journal. We are seeking both short position papers (2-4 pages) and longer papers (a maximum of 10 pages). The scope of W2SP 2011 includes, but is not limited to:
FCS 2011 Workshop on Foundations of Computer Security, Held in conjunction with LICS 2011, Toronto, Ontario, Canada, June 20, 2011. (Submissions due 29 March 2011)
Computer security is an established field of computer science of both theoretical and practical significance. In recent years, there has been increasing interest in logic-based foundations for various methods in computer security, including the formal specification, analysis and design of security protocols and their applications, the formal definition of various aspects of security such as access control mechanisms, mobile code security and denial-of-service attacks, and the modeling of information flow and its application to confidentiality policies, system composition, and covert channel analysis. The aim of the workshop FCS'11 is to provide a forum for continued activity in different areas of computer security, bringing computer security researchers in closer contact with the LICS community and giving LICS attendees an opportunity to talk to experts in computer security, on the one hand, and contribute to bridging the gap between logical methods and computer security foundations, on the other. We are interested both in new results in theories of computer security and also in more exploratory presentations that examine open questions and raise fundamental concerns about existing theories, as well as in new results on developing and applying automated reasoning techniques and tools for the formal specification and analysis of security protocols.
RAID 2011 14th International Symposium on Recent Advances in Intrusion Detection, Menlo Park, CA, USA, September 20-21, 2011. (Submissions due 31 March 2011)
This symposium, the 14th in an annual series, brings together leading researchers and practitioners from academia, government, and industry to discuss issues and technologies related to intrusion detection and defense. The Recent Advances in Intrusion Detection (RAID) International Symposium series furthers advances in intrusion defense by promoting the exchange of ideas in a broad range of topics. As in previous years, all topics related to intrusion detection, prevention and defense systems and technologies are within scope, including but not limited to the following:
VizSec 2011 8th International Symposium on Visualization for Cyber Security, Held in conjunction with the Symposium on Usable Privacy and Security (SOUPS 2011), Pittsburgh, PA, USA, July 20, 2011. (Submissions due 1 April 2011)
The annual symposium joins academic, government, and industry leaders from around the globe to share the latest developments and applications of visualization techniques to address current cyber security challenges. Researchers and practitioners are invited to submit technical papers and panel session proposals that offer a novel contribution to security visualization. Papers are encouraged on new visualization technologies and methods that have been applied and demonstrated to be useful in a range of security domains including, but not limited to, computer forensics, risk assessment, cryptography, malware analysis, and situational awareness.
NSPW 2011 New Security Paradigms Workshop, Marin County, CA, USA, September 12-15, 2011. (Submissions due 4 April 2011)
The New Security Paradigms Workshop (NSPW) is seeking papers that address the current limitations of information security. Today's security risks are diverse and plentiful - botnets, database breaches, phishing attacks, targeted cyber attacks - and yet present tools for combating them are insufficient. To address these limitations, NSPW welcomes unconventional, promising approaches to important security problems and innovative critiques of current security theory and practice. We are particularly interested in perspectives from outside computer security, both from other areas of computer science (such as operating systems, human-computer interaction, databases, programming languages, algorithms) and other sciences that study adversarial relationships such as biology and economics. We discourage papers that offer incremental improvements to security and mature work that is appropriate for standard information security venues.
HealthSec 2011 2nd USENIX Workshop on Health Security and Privacy, Held in conjunction with the 20th USENIX Security Symposium, San Francisco, CA, USA, August 9, 2011. ( Position Paper Submissions due 5 April 2011)
The focus of HealthSec '11 is the exploration of security and privacy issues that arise from the exploding quantity of digital personal health information, in both the provider and the patient settings. The Program Committee strongly encourages cross-disciplinary interactions between fields, including, but not limited to, technology, medicine, and policy. Surprising results and thought-provoking ideas will be strongly favored; complete papers with polished results in well-explored research areas are comparatively discouraged. We will select position papers that show potential to stimulate or catalyze further research and explorations of new directions, as well as extended abstracts that explore a specific issue a little more deeply, including preliminary results. Position papers are solicited on topics in all areas relating to healthcare information security and privacy, including:
ASA 2011 5th International Workshop on Analysis of Security APIs, Paris, France, June 30, 2011. (Position Paper Submissions due 8 April 2011)
Security APIs allow untrusted code to access sensitive resources in a secure way. Security API analysis is an emerging field of computer security research. The aim of the ASA workshop is to bring together researchers working in security API analysis for a day of presentations and discussions. Since the field is relatively young, polished research papers will not be solicited. Instead, the workshop will follow the format that was highly successful at ASA in 2007-10: prospective participants are invited to submit a short (1-4 page) abstract describing their current work and/or interests in the area. We plan to have two sessions of 20-minute talks by participants, with each session followed by informal discussion. There will also be a workshop dinner in the evening, and subject to confirmation, an invited speaker. The scope of ASA runs from theoretical results and formalisms for API analysis right through to applications and empirical results with security APIs deployed `in the field'. Applications of interest include (but are not limited to) financial applications (e.g. APIs of Hardware Security Modules), smartcard APIs, the Trusted Computing Architecture, and security APIs for web based systems.
CSET 2011 4th Workshop on Cyber Security Experimentation and Test, Held in conjunction with the 20th USENIX Security Symposium, San Francisco, CA, USA, August 8, 2011. (Submissions due 18 April 2011)
The focus of CSET is on the science of cyber security evaluation, as well as experimentation, measurement, metrics, data, and simulations as those subjects relate to computer and network security. The science of cyber security is challenging for a number of reasons:
EVT/WOTE 2011 Electronic Voting Technology Workshop/ Workshop on Trustworthy Elections, Held in conjunction with the 20th USENIX Security Symposium, San Francisco, CA, USA, August 8-9, 2011. (Submissions due 20 April 2011)
USENIX, ACCURATE, and IAVoSS are sponsoring the 2011 Electronic Voting Technology Workshop/Workshop on Trustworthy Elections (EVT/WOTE '11). EVT/WOTE brings together researchers from a variety of disciplines, ranging from computer science and human-computer interaction experts through political scientists, legal experts, election administrators, and voting equipment vendors. Papers should contain original research in any area related to electronic voting technologies and verifiable elections. Example applications include but are not limited to:
PBD 2011 1st International Workshop on Privacy by Design, Held in conjunction with the Sixth International Conference on Availability, Reliability and Security (ARES 2011), Vienna, Austria, August 22-26, 2011. (Submissions due 24 April 2011)
While data privacy was in the past mainly assured through procedures, laws or static access control policies, these protection mechanisms tend to be ineffective once data is ubiquitously available, outsourced to partially untrusted servers or processed by third parties. In addition, most current approaches towards achieving privacy - such as anonymisation and aggregation - are either incompatible with the increasing complexity of data usage or easy to compromise due to advances in statistical analysis and availability of side-information. Recent research tries to provide technical solutions in order to minimize the exposure of sensitive data while still allowing data-driven business models. For example, cryptographic schemes such as Secure Multiparty Computation, data-centric protection schemes such as Enterprise Rights Management or trusted virtualization technologies may be used to make IT systems intrinsically privacy friendly, finally contributing to the vision of "privacy by design". The aim of the workshop is to bring together researchers, systems engineers and privacy professionals in order to drive the concept of Privacy by Design and discuss implementation aspects as well as the surrounding legal and economic issues. The main topics of interest comprise but are not limited to:
IWSEC 2011 6th International Workshop on Security, Tokyo, Japan, November 8-10, 2011. (Submissions due 26 April 2011)
Original papers on the research and development of various security topics are solicited for submission to IWSEC 2011. Topics of interest for IWSEC 2011 include but are not limited to:
WOOT 2011 5th USENIX Workshop on Offensive Technologies, Held in conjunction with the 20th USENIX Security Symposium, San Francisco, CA, USA, August 8, 2011. (Submissions due 2 May 2011)
Computer security is unique among systems disciplines in that practical details matter and concrete case studies keep the field grounded in practice. WOOT provides a forum for high-quality, peer-reviewed papers discussing tools and techniques for attack. Submissions should reflect the state of the art in offensive computer security technology, either surveying previously poorly known areas or presenting entirely new attacks. Submission topics include but are not limited to:
HotSec 2011 6th USENIX Workshop on Hot Topics in Security, Held in conjunction with the 20th USENIX Security Symposium, San Francisco, CA, USA, August 9, 2011. (Submissions due 5 May 2011)
HotSec is renewing its focus by placing singular emphasis on new security ideas and problems. Works reflecting incremental ideas or well understood problems will not be accepted. Cross-discipline papers identifying new security problems or exploring approaches not previously applied to security will be given special consideration. All submissions should propose new directions of research, advocate non-traditional approaches, report on noteworthy experience in an emerging area, or generate lively discussion around an important topic. HotSec takes a broad view of security and privacy and encompasses research on topics including but not limited to:
ACM-CCS 2011 18th ACM Conference on Computer and Communications Security, Chicago, IL, USA, October 17-21, 2011. (Submissions due 6 May 2011)
The annual ACM Computer and Communications Security Conference is a leading international forum for information security researchers, practitioners, developers, and users to explore cutting-edge ideas and results, and to exchange techniques, tools, and experiences. The conference seeks submissions from academia, government, and industry presenting novel research on all practical and theoretical aspects of computer and communications security. Papers should have relevance to the construction, evaluation, application, or operation of secure systems. Theoretical papers must make a convincing argument for the practical significance of the results. All topic areas related to computer and communications security are of interest and in scope. Accepted papers will be published by ACM Press in the conference proceedings. Outstanding papers will be invited for possible publication in a special issue of the ACM Transactions on Information and System Security.
SAC 2011 18th International Workshop on Selected Areas in Cryptography, Toronto, Ontario, Canada, August 11-12, 2011. (Submissions due 9 May 2011)
The Workshop on Selected Areas in Cryptography (SAC) is an annual conference dedicated to specific themes in the area of cryptographic system design and analysis. Authors are encouraged to submit original papers related to the themes for the SAC 2011 workshop:
CRiSIS 2011 6th International Conference on Risks and Security of Internet and Systems, Timisoara, Romania, September 26-28, 2011. (Submissions due 10 May 2011)
The topics addressed by CRiSIS range from the analysis of risks, attacks to networks and system survivability, passing through security models, security mechanisms and privacy enhancing technologies. Prospective authors are invited to submit research results as well as practical experiment or deployment reports. Industrial papers about applications and case studies, such as telemedicine, banking, e-government and critical infrastructure, are also welcome. The list of topics includes but is not limited to:
NSS 2011 5th International Conference on Network and System Security, Milan, Italy, September 6-8, 2011. (Submissions due 11 May 2011)
NSS is an annual international conference covering research in network and system security. The 5th International Conference on Network and System Security (NSS 2011) will be held in Milan, Italy. The conference seeks submissions from academia, industry, and government presenting novel research on all theoretical and practical aspects of network security, privacy, applications security, and system security. Papers describing case studies, implementation experiences, and lessons learned are also encouraged. Topics of interest include, but are not limited to:
SecureComm 2011 7th International Conference on Network Security & Privacy, London, United Kingdom, September 7-9, 2011. (Submissions due 16 May 2011)
SecureComm2011 seeks high-quality research contributions in the form of well developed papers. Topics of interest encompass research advances in ALL areas of secure communications and networking. Topics in other areas (e.g., formal methods, database security, secure software, applied cryptography) will also be considered if a clear connection to private or secure communications/networking is demonstrated. The aim of SecureComm is to bring together security and privacy experts in academia, industry and government as well as practitioners, standards developers and policy makers, in order to engage in a discussion about common goals and explore important research directions in the field. SecureComm also serves as a venue for learning about state-of-the-art in security and privacy research, giving attendees the opportunity to network with experts in the field. Topics include:
Security and Communication Networks (SCN), Special Issue on Security and Privacy in Ubiquitous Computing, 2012, (Submission Due 20 May 2011)
Editor: Ali Miri (Ryerson University, Canada),
Nen-Fu Huang (National Tsing Hua University, Taiwan, ROC),
and Abderrahim Benslimane (University of Avignon, France)
The research area of mobile computing has become more important following the recent widespread drive towards mobile ad hoc networks, wireless sensor networks and vehicular ad hoc network tracking technologies and their applications. The availability of high bandwidth 3G infrastructures and the pervasive deployment of low cost WiFi infrastructures and WiMAX to create hotspots around the world serve to accelerate the development of mobile computing towards ubiquitous computing. Security and privacy in converged computing systems are considered an important part of these systems, and pose challenging open problems. This special issue will focus on the research challenges and issues in security and privacy in ubiquitous computing. Manuscripts regarding novel algorithms, architectures, implementations and experiences are welcome. Topics include but are not limited to:
MetriSec 2011 7th International Workshop on Security Measurements and Metrics, Held in conjunction with the International Symposium on Empirical Software Engineering and Measurement (ESEM 2011), Banff, Alberta, Canada, September 21, 2011. (Submissions due 30 May 2011)
Quantitative assessment is a major stumbling block for software and system security. Although some security metrics exist, they are rarely adequate. The engineering importance of metrics is intuitive: you cannot consistently improve what you cannot measure. Economics is an additional driver for security metrics: customers are unlikely to pay a premium for security if they are unable to quantify what they receive. The goal of the workshop is to foster research into security measurements and metrics and to continue building the community of individuals interested in this field. This year, MetriSec continues its co-location with ESEM, which offers an opportunity for the security metrics folks to meet the metrics community at large. The organizers solicit original submissions from industry and academic experts on the development and application of repeatable, meaningful measurements in the fields of software and system security. The topics of interest include, but are not limited to:
TrustCom 2011 10th IEEE International Conference on Trust, Security and Privacy in Computing and Communications, Changsha, China, November 16-18, 2011. (Submissions due 30 June 2011)
With rapid development and increasing complexity of computer and communications systems and networks, user requirements for trust, security and privacy are becoming more and more demanding. However, there is a grand challenge that traditional security technologies and measures may not meet user requirements in open, dynamic, heterogeneous, mobile, wireless, and distributed computing environments. Therefore, we need to build systems and networks in which various applications allow users to enjoy more comprehensive services while preserving trust, security and privacy at the same time. As useful and innovative technologies, trusted computing and communications are attracting researchers with more and more attention. IEEE TrustCom-11 is an international conference for presenting and discussing emerging ideas and trends in trusted computing and communications in computer systems and networks from both the research community as well as the industry.
Staying in touch....
Changing your email address? Please send updates to email@example.com
IEEE Computer Society's Technical Committee on Security and Privacy
|TC home page||TC Officers|
|How to join the TC||TC publications available online|
|TC Publications for sale||Cipher past issues archive|