Commentary and Opinion
Richard Austin's review of Network Security Through Data Analysis: Building Situational Awareness by Michael Collins
NewsBits: Announcements and correspondence from readers (please contribute!)
We are delighted to announce that the recipient of the 2013 Microsoft Research Verified Software Milestone Award is Roope Kaivola from Intel Corporation (Oregon, USA), for the Intel Core i7 verification project. While formal methods were applied within a number of areas of the Core i7 project, the award is being given in recognition for Kaivola's role as intellectual leader of the core execution cluster as well as his leadership of the verification team.
The formal presentation of the Award will be made to Roope at POPL 2014, which takes place in San Diego - January 22-24.
"Microsoft Research is delighted to celebrate the advances made in verified software with the Intel Core i7 Project. It is a real milestone when formal verification is used as the primary validation and coverage driven testing was entirely dropped. We salute Roope Kaivola and his team for some twenty person years of verification work, one of the most ambitious formal verification efforts in the hardware industry to date."The full award citation is provided along with further details of the award process at the Verified Software Initiative website.
Dr. Judith Bishop, Principal Research Director,
Computer Science, Microsoft Research, Redmond
Listing of academic positions available by
New since Cipher 118:
Posted Mar 2014
Lancaster University, UK (Security Research Centre)
Senior Lecturer (Associate Professor in North American System) in Security
Deadline for applications: 30 May, 2014, website
Conference and Workshop Announcements
Cipher calendar announcements are on Twitter; follow "ciphernews"
new calls or announcements added since Cipher E118 (the calls-for-papers and the calendar announcements may differ slightly in content or time of update):
CNS 2014 2nd IEEE Conference on Communications and Network Security, San Francisco, CA, USA, October 29-31, 2014. (Submissions Due 7 March 2014)
IEEE Conference on Communications and Network Security (CNS) is a new conference series in IEEE Communications Society (ComSoc) core conference portfolio and the only ComSoc conference focusing solely on cyber security. IEEE CNS is a spin-off of IEEE INFOCOM, the premier ComSoc conference on networking. The goal of CNS is to provide an outstanding forum for cyber security researchers, practitioners, policy makers, and users to exchange ideas, techniques and tools, raise awareness, and share experience related to all practical and theoretical aspects of communications and network security. Building on the success of last year's inaugural conference, IEEE CNS 2014 seeks original high-quality technical papers from academia, government, and industry. Topics of interest encompass all practical and theoretical aspects of communications and network security, all the way from the physical layer to the various network layers to the variety of applications reliant on a secure communication substrate. Submissions with main contribution in other areas, such as information security, software security, system security, or applied cryptography, will also be considered if a clear connection to secure communications/networking is demonstrated.
PST 2014 12th Annual Conference on Privacy, Security and Trust, Toronto, Canada, July 23-24, 2014. (Submissions Due March 24, 2014)
PST2014 provides a forum for researchers world-wide to unveil their latest work in privacy, security and trust and to show how this research can be used to enable innovation. PST2014 topics include, but are NOT limited to, the following:
SHPCS 2014 9th Workshop on Security and High Performance Computing Systems, Held in conjunction with the International Conference on High Performance Computing & Simulation (HPCS 2014), Bologna, Italy, July 21 - July 25, 2014. (Submissions Due 28 March 2014)
Providing high performance computing and security is a challenging task. Internet, operating systems and distributed environments currently suffer from poor security support and cannot resist common attacks. Adding security measures typically degrade performance. This workshop addresses relationships between security and high performance computing systems in three directions. First, it considers how to add security properties (authentication, confidentiality, integrity, non-repudiation, access control) to high performance computing systems and how they can be formally verified both at design-time (formal verification) and at run-time (run-time verification). In this case, safety properties can also be addressed, such as availability and fault tolerance for high performance computing systems. Second, it covers how to use high performance computing systems to solve security problems. For instance, a grid computation can break an encryption code, a cluster can support high performance intrusion detection or a distributed formal verification system. More generally, this topic addresses every efficient use of a high performance computing systems to improve security. Third, it investigates the tradeoffs between maintaining high performance and achieving security in computing systems and solutions to balance the two objectives. In all these directions, various formal analyses, as well as performance analyses or monitoring techniques can be conducted to show the efficiency of a security infrastructure. The workshop seeks submissions from academia and industry presenting novel research on all theoretical and practical aspects of computer and network security, as well as case studies and implementation experiences. Papers should have practical relevance to the construction, evaluation, application, or operation of secure systems.
SPE 2014 4th International Workshop on Security and Privacy Engineering, Co-located with IEEE SERVICES 2014, Anchorage, Alaska, USA, June 27 - July 2, 2014. (Submissions Due 29 March 2014)
Built upon the success of spectrum of conferences within the IEEE World Congress on Services, the Security and Privacy Engineering (SPE 2014) workshop is a unique place to exchange ideas of engineering secure systems in the context of service computing, cloud computing, and big data analytics. The emphasis on engineering in security and privacy of services differentiates the workshop from other traditional prestigious security and privacy workshops, symposiums, and conferences. The practicality and value realization are examined by practitioners from leading industries as well as scientists from academia. In line with the engineering spirit, we solicit original papers on building secure service systems that can be applied to government procurement, digital medical records, cloud environments, social networking for business purposes, multimedia application, mobile commerce, education, and the like. Potential contributions could cover, but are not limited to, methodologies, protocols, tools, or verification and validation techniques. We also welcome review papers that analyze critically the status of current Security and Privacy (S&P) in a specific area. Papers from practitioners who encounter security and privacy problems and seek understanding are also welcome.
ECTCM 2014 2nd International Workshop on Emerging Cyberthreats and Countermeasures, Co-located with International Conference on Availability, Reliability and Security (ARES 2014), Fribourg, Switzerland, September 8-12, 2014. (Submissions Due 31 March 2014)
ECTCM aims at bringing together researchers and practitioners working in different areas related to cybersecurity. All unveilings regarding massive worldwide online surveillance in the past year led to a somewhat changed cyber world. We want to contribute to the current discussions about all technical aspects of this problem. Therefore this years' workshop focuses on new Targeted Attacks, Malware and all aspects of Privacy. Contributions demonstrating current weaknesses and threats as well as new countermeasures are warmly welcome.
RAID 2014 17th International Symposium on Research in Attacks, Intrusions and Defenses, Gothenburg, Sweden, September 24-26, 2014. (Submissions Due 1 April 2014)
The 17th International Symposium on Research in Attacks, Intrusions and Defenses aims at bringing together leading researchers and practitioners from academia, government, and industry to discuss novel research contributions related to any area of computer and information security. As in previous years, all topics related to intrusion detection and prevention are within scope. In addition, topics of interest also include but are not limited to:
SecATM 2014 International Workshop on Security in Air Traffic Management and other Critical Infrastructures, Held in conjunction with ARES 2014, University of Fribourg, Switzerland, September 9-12, 2014. (Submissions Due 1 April 2014)
Global air traffic management (ATM) is evolving from siloed, local, proprietary systems to interconnected wide-area information systems. There is rapid development, as demonstrated by the US NextGen and the European Single European Sky ATM Research programme. Increased automation and interconnection also translates into increased security risks, and this workshop will focus on security of next-generation air traffic management systems and similar critical information infrastructures. Throughout the recent years the understanding was developed that the security. Suggested topics include, but are not limited to the following in ATM and related critical infrastructures:
ESORICS 2014 19th European Symposium on Research in Computer Security, Wroclaw, Poland, September 7-11, 2014. (Submissions Due 2 April 2014)
ESORICS (European Symposium on Research in Computer Security) is the premier European research conference in computer security. ESORICS started in 1990 and has been held in several European countries, attracting an international audience from both the academic and industrial communities. ESORICS 2014, the 19th symposium in the series, will be held in Poland at the Institute of Mathematics and Computer Science, Wroclaw University of Technology. Papers offering novel research contributions in all aspects of computer security are solicited for submission to ESORICS 2014. The primary focus is on original, high quality, unpublished research, but submissions describing implementation experiences and industrial research and development are also encouraged. All topics related to security, privacy and trust in computer systems and networks are of interest and in scope. Purely theoretical papers, e.g. in cryptography, must be explicit about the relevance of the theory to the security of IT systems.
NSPW 2014 New Security Paradigms Workshop, Victoria, British Columbia, Canada, September 15-18, 2014. (Submissions Due 11 April 2014)
The New Security Paradigms Workshop (NSPW) invites papers that address the current limitations of information security. By encouraging participants to think 'outside the box' and giving them an opportunity to interact with open-minded peers, NSPW seeks to foster paradigm shifts in the field of information security. NSPW is a highly interactive venue, with informal paper presentations, lively, extended discussions, shared activities, and group meals, all in the spectacular setting of Victoria, British Columbia, Canada. Most of the papers accepted to NSPW push the boundaries of science and engineering beyond what would be considered mainstream in more traditional security conferences. We are particularly interested in perspectives that augment traditional computer security, both from other areas of computer science and other sciences that study adversarial relationships such as biology, economics, and the social sciences.
LISA 2014 28th Large Installation System Administration Conference, Seattle, WA, USA, November 9'14, 2014. (Submissions Due 14 April 2014)
USENIX's Large Installation System Administration (LISA) conference - now in its 28th year - is the premier meeting place for professionals who make computing work across a variety of industries. If you're an IT operations professional, site-reliability engineer, system administrator, architect, software engineer, researcher, or otherwise involved in ensuring that IT services are effectively delivered to others - this is your conference, and we'd love to have you here. At LISA, systems theory meets operational practice. This is the best environment for you to talk about what you've been working on with other professionals'both in industry and in academia. Giving a presentation at LISA is the path to real-world impact by highlighting your team's or project's achievements. We are actively soliciting talks in areas such as cloud computing, creating a positive ops culture, software-defined networking, large-scale computing, distributed systems, security, analytics, visualization, and IT management methods - but we will consider exciting, engaging talks on any topic relevant to LISA attendees.
PLAS 2014 9th ACM SIGPLAN Workshop on Programming Languages and Analysis for Security, Uppsala, Sweden, July 29, 2014. (Submissions Due 20 April 2014)
PLAS aims to provide a forum for exploring and evaluating ideas on the use of programming language and program analysis techniques to improve the security of software systems. Strongly encouraged are proposals of new, speculative ideas, evaluations of new or known techniques in practical settings, and discussions of emerging threats and important problems. The scope of PLAS includes, but is not limited to:
OSDI 2014 11th USENIX Symposium on Operating Systems Design and Implementation, Broomfield, CO, USA, October 6'8, 2014. (Submissions Due 24 April 2014)
The 11th USENIX Symposium on Operating Systems Design and Implementation seeks to present innovative, exciting research in computer systems. OSDI brings together professionals from academic and industrial backgrounds in what has become a premier forum for discussing the design, implementation, and implications of systems software. The OSDI Symposium emphasizes innovative research as well as quantified or insightful experiences in systems design and implementation. OSDI takes a broad view of the systems area and solicits contributions from many fields of systems practice, including, but not limited to, operating systems, file and storage systems, distributed systems, cloud computing, mobile systems, secure and reliable systems, embedded systems, virtualization, networking as it relates to operating systems, management and troubleshooting of complex systems. We also welcome work that explores the interface to related areas such as computer architecture, networking, programming languages, and databases. We particularly encourage contributions containing highly original ideas, new approaches, and/or groundbreaking results.
IEEE Security & Privacy, Special issue on Key Trends in Cryptography, January/February 2015, (Submissions Due 1 May 2014)
Editor: Hilarie Orman (purplestreak.com, USA) and
Charles Pfleeger (pfleeger.com, USA)
Cryptography has advanced from an arcane craft to a mathematical discipline with established principles, widely-accepted standards, and daily use in Internet and many other computer applications. Yet its actual utility and future are clouded topics that hit at two widely separated poles: the limits of computation and the role of government. Articles for this special issue of IEEE Security & Privacy magazine will cover recent research trends in cryptology and their implications for emerging computing techniques (such as cloud computing), collaboration between researchers and governments in defining cryptographic standards, how physics and mathematics shape and limit cryptology, and how cryptology implements privacy and security in an interconnected world. Potential articles for this issue might address:
TGC 2014 9th Symposium on Trustworthy Global Computing, Co-located with Concur 2014, Rome, Italy, September 5-6, 2014. (Submissions Due 2 May 2014)
The Symposium on Trustworthy Global Computing is an international annual venue dedicated to secure and reliable computation in the so-called global computers, i.e., those computational abstractions emerging in large-scale infrastructures such as service-oriented architectures, autonomic systems, and cloud computing. The TGC series focuses on providing frameworks, tools, algorithms, and protocols for rigorously designing, verifying, and implementing open-ended, large-scaled applications. The related models of computation incorporate code and data mobility over distributed networks that connect heterogeneous devices and have dynamically changing topologies. We solicit papers in all areas of global computing, including (but not limited to):
NordSec 2014 19th Nordic Conference on Secure IT Systems, Troms', Norway, October 15-17, 2014. (Submissions Due 6 May 2014)
NordSec addresses a broad range of topics within IT security with the aims of bringing together computer security researchers and encourage interaction between academia and industry. In 2014 the conference has special focus on Security and Privacy for Cloud Computing and Big Data. Contributions within, but not limited to, the following areas are welcome:
ACC 2014 IEEE International Workshop on Autonomic Cloud Cybersecurity, Held in conjunction with the IEEE International Conference on Cloud and Autonomic Computing (CAC 2014), London, UK, September 8, 2014. (Submissions Due 7 May 2014)
Cloud computing services offer cost effective, scalable, and reliable outsourced platforms. Cloud adoption is becoming rapidly ubiquitous; therefore, private and sensitive data is being moved into the cloud. This move is introducing new security and privacy challenges, which should be diligently addressed in order to avoid severe security repercussions. The focus of this workshop is to offer a discussion forum about autonomous cybersecurity systems, which offer viable and well-suited solutions for cloud threat prediction, detection, mitigation, and prevention. The workshop is part of the IEEE International Conference on Cloud and Autonomic Computing (CAC 2014), and is collocated with The 8th IEEE Self-Adaptive and Self-Organizing System Conference and The 14th IEEE Peer-to-Peer Computing Conference. We are soliciting original and unpublished results of ongoing research projects, emerging trends, uses cases, and implementation experiences in autonomous cloud cybersecurity systems and solutions. The topics covered include, but are not limited to:
ACM-CCS 2014 21st ACM Conference on Computer and Communications Security, The Scottsdale Plaza Resort, Scottsdale, Arizona, USA, November 3-7, 2014. (Submissions Due 16 May 2014)
The conference seeks submissions from academia, government, and industry presenting novel research results in all practical and theoretical aspects of computer and communications security. Papers should be related to the construction, evaluation, application, or operation of secure systems. Theoretical papers must make a convincing argument for the relevance of the results to secure systems. All topic areas related to computer and communications security are of interest and in scope. Accepted papers will be published by ACM Press in the conference proceedings. Outstanding papers will be invited for possible publication in a special issue of the ACM Transactions on Information and System Security. Further concrete instructions and submissions rules and regulations will be published in the Call for Papers which will be accessible via the conference web page.
IEEE Transactions on Information Forensics and Security, Special Issue on Biometric Spoofing and Countermeasures, April 2015, (Submissions Due 1 June 2014)
Editor: Nicholas Evans (EURECOM, France),
S'bastien Marcel (Idiap Research Institute, Switzerland),
Arun Ross (Michigan State University, USA),
and Stan Z. Li (Chinese Academy of Sciences, China)
While biometrics technology has revolutionized approaches to person authentication and has evolved to play a critical role in personal, national and global security, the potential for the technology to be fooled or 'spoofed' is widely acknowledged. Efforts to study such threats and to develop countermeasures are now well underway resulting in some promising solutions. While progress with respect to each biometric modality has attained varying degrees of maturity, there are some notable shortcomings in research methodologies. Current spoofing studies focus on specific, known attacks. Existing countermeasures designed to detect and deflect such attacks are often based on unrealistic a priori knowledge and typically learned using training data produced using exactly the same spoofing method that is to be detected. Current countermeasures thus have questionable application in practical scenarios where the nature of the attack can never be known. This special issue will focus on the latest research on the topic of biometric spoofing and countermeasures, with a particular emphasis on novel methodologies and generalized spoofing countermeasures that have the potential to protect biometric systems against varying or previously unseen attacks. The aim is to further the state-of-the-art in this field, to stimulate interactions between the biometrics and information forensic communities, to encourage the development of reliable methodologies in spoofing and countermeasure assessment and solutions, and to promote the development of generalized countermeasures. Papers on biometric obfuscation (e.g., fingerprint or face alteration) and relevant countermeasures will also be considered in the special issue. Novel contributions related to both traditional biometric modalities such as face, iris, fingerprint, and voice, and other modalities such as vasculature and electrophysiological signals will be considered. The focus includes, but is not limited to, the following topics related to spoofing and anti-spoofing countermeasures in biometrics:
CANS 2014 13th International Conference on Cryptology and Network Security, Aldemar Royal Mare Resort, Heraklion Crete, Greece, October 22-24, 2014. (Submissions Due 10 June 2014)
Papers offering novel research contributions are solicited for submission to the 13rd International Conference on Cryptology and Network Security (CANS-2014). The focus is on original, high quality, unpublished research and implementation experiences. We encourage submissions of papers suggesting novel paradigms, original directions, or non-traditional perspectives. Submitted papers must not substantially overlap with papers that have been published or that are submitted in parallel to a journal or a conference with formally published proceedings. Topics include (but not limited to):
Elsevier Information Systems, Special Issue on Information Integrity in Smart Grid Systems, 2014, (Submissions Due 1 July 2014)
Editor: Al-Sakib Khan Pathan (International Islamic University Malaysia, Malaysia),
Zubair Muhammad Fadlullah (Tohoku University, Japan),
Mostafa M. Fouda (Benha University, Egypt),
Muhammad Mostafa Monowar (King AbdulAziz University, Saudi Arabia),
and Philip Korn (AT&T Labs Research, USA)
The smart grid is an electronically controlled electrical grid that connects power generation, transmission, distribution, and consumers using information and communication technology. One of the key characteristics of the smart grid is its support for bi-directional information flow between the consumer of electricity and the utility provider. A critical twist on the current electrical grid system, this kind of two-way interaction would allow electricity to be generated in real-time based on consumer demands and power requests. While the system would allow users to get more control over electricity use and supply, many security issues are raised to ensure information privacy of the users as well as authorization procedures for electricity use. Security loopholes in the system could, in fact, aggravate the electricity supply system instead of improving it. The quality of the information from billing and accounting is also a major concern. With this Special Issue, we open the door to encourage researchers to discuss issues related to information integrity and security services in the smart grid, particularly from the communication point of view to construct energy, control, and information processing systems for the smart grid. Any topic related to information integrity and security services in the smart grid, particularly from the communications and data management point of view, is to be considered. The topics include but are not limited to:
ACM Transactions on Embedded Computing Systems, Special Issue on Embedded Platforms for Cryptography in the Coming Decade, First Quarter 2015, (Submissions Due 1 July 2014)
Editor: Patrick Schaumont (Virginia Tech, USA),
Máire O'Neill (Queen's University Belfast, UK),
and Tim Güneysu (Ruhr University Bochum, Germany)
Cryptography has made great strides in capability and variety over the past few years, enabling a broad range of new applications and extending the reach of security deep into the embedded world. A few examples include lightweight primitives that provide information security for a fraction of the energy and cost of traditional primitives; lattice-based crypto-engines that provide an alternative to public-key operations in a post-quantum-computing world; cryptographic sponges that can be configured as universal crypto-kernels; anonymous signatures that support electronic cash in portable, compact form factors; and homomorphic primitives and zero-knowledge proofs that allow privacy-friendly interaction of devices with the all-knowing cloud. These novel forms of cryptography will drive the embedded information infrastructure, and they will become a necessity to mix and merge our virtual life with our real life in a trustworthy and scalable manner. However, this is not your father's cryptography, and its efficient implementation needs new research efforts. It is based on different mathematical structures, novel transformations and data organizations, and in many cases its computational complexity is significantly higher than that of traditional cryptographic operations. For several primitives, such as for post-quantum cryptography and homomorphic computing, the optimal implementation strategies are still an open area of research. Furthermore, threats against these novel forms of cryptography, such as side-channel analysis or fault injection, are unexplored. This special issue of ACM Transactions on Embedded Computing Systems solicits state-of-the-art research results and surveys in embedded system engineering for these novel cryptographic primitives. The issue will cover both hardware and software implementations for performance-optimized, resource-constrained, energy-efficient platforms. Of special interest are implementations that demonstrate novel applications for cryptographic primitives. A few examples of topics of interest for the special issue include:
Staying in touch....
IEEE Computer Society's Technical Committee on Security and Privacy
|TC home page||TC Officers|
|How to join the TCSP||TC publications available online|
|TC Publications for sale||Cipher past issues archive|