Electronic CIPHER, Issue 120, May 27, 2014 _/_/_/_/ _/_/_/ _/_/_/_/ _/ _/ _/_/_/_/ _/_/_/_/ _/ _/ _/ _/ _/ _/ _/ _/ _/ _/ _/ _/_/_/_/ _/_/_/_/ _/_/ _/_/_/_/ _/ _/ _/ _/ _/ _/ _/ _/ _/_/_/_/ _/_/_/ _/ _/ _/ _/_/_/_/ _/ _/ ============================================================================ Newsletter of the IEEE Computer Society's TC on Security and Privacy Electronic Issue 120 May 27, 2014 Hilarie Orman, Editor Sven Dietrich, Assoc. Editor cipher-editor @ ieee-security.org cipher-assoc-editor @ ieee-security.org Richard Austin Yong Guan Book Review Editor Calendar Editor cipher-bookrev @ ieee-security.org cipher-cfp @ ieee-security.org ============================================================================ The newsletter is also at http://www.ieee-security.org/cipher.html Cipher is published 6 times per year Contents: * Letter from the Editor * Commentary and Opinion and News o Richard Austin's review of "Data-Driven Security: Analysis, Visualization and Dashboards", by Jay Jacobs and Bob Rudis o Book reviews, Conference Reports and Commentary and News items from past Cipher issues are available at the Cipher website * List of Computer Security Academic Positions, by Cynthia Irvine * Conference and Workshop Announcements o Upcoming calls-for-papers and events * Staying in Touch o Information for subscribers and contributors o Recent address changes * Links for the IEEE Computer Society TC on Security and Privacy o Becoming a member of the TC o TC Officers o TC publications for sale ==================================================================== Letter from the Editor ==================================================================== Dear Readers: Last week the Security and Privacy Symposia and its associated workshops gathered a record number of attendees in San Jose. The new location for the conference, the Fairmont Hotel, was spacious and comfortable, reminiscent of the "old days" at the Claremont Hotel in Berkeley/Oakland. As usual, the research papers were a gamut of excellent explorations of security from several viewpoints: attack, defense, analysis, new applications, and "systemization of knowledge". The award-winning papers covered "Frankencerts", multiparty computation using BitCoin, and a tour de force Linux exploitation including a real-time demonstration. The poster session and short talks provided attendees with a daylong immersion in cutting-edge thinking in computer security. There were seven workshops on the days preceding the conference, and these continue to be a popular and effective way to explore new concepts in depth. Language security, for example, had its debut appearance with several papers and healthy attendance. This month Richard Austin reviews a book that offers some answers about what to do with all the data accumulated through security monitoring. Big data is creating needle-in-a-haystack problems for all of us, and it's good to have some needle identifying software on the case. We will be seeking more conference reports and news summaries for future issues of Cipher. If you attend a security event this summer, consider submitting a short write-up of the highlights to this editor. "Can't wait to get back to San Jose", Hilarie Orman cipher-editor @ ieee-security.org ==================================================================== Commentary and Opinion ==================================================================== Book reviews from past issues of Cipher are archived at http://www.ieee-security.org/Cipher/BookReviews.html, and conference reports are archived at http://www.ieee-security.org/Cipher/ConfReports.html ____________________________________________________________________ Book Review By Richard Austin May 22, 2014 Data-Driven Security: Analysis, Visualization and Dashboards by Jay Jacobs and Bob Rudis ____________________________________________________________________ Wiley 2014. ISBN ISBN 978-1-118-79372-5 amazon.com USD 39.89 Table of Contents: http://www.wiley.com/WileyCDA/WileyTitle/productCd-1118793722.html The recognition that our security infrastructure is creating a vast ocean of data that is largely untapped is, I'm glad to see, starting to gain the attention it deserves. We all know that this data must somehow be sifted, correlated and transformed into information that is presented to decision makers in a timely fashion to support better decision-making. However, just how that sifting, etc., is to be done is a perplexing question that is far too often "answered" by our going on a shopping spree without first understanding what we're shopping for (e.g., buying a "security dashboard" without first defining what information that dashboard should present to which audience and in what form). But, how are we to define requirements when we're not sure what is even possible? Perhaps we don't even know what kinds of questions have answers lurking in our sea of data. Jacobs and Rubin assert that we can learn a lot by leveraging freely available tools such as R and Python to explore the data we have, construct visualizations that reveal relationships and prepare dashboards that effectively communicate the results of our analysis. They earn many kudos by opening with the observation that a data analysis adventure should always begin with a question. In other words, analysis is not done for the sake of analysis and that principle is a powerful antidote against producing yet another collection of pretty pictures and glitzy web pages that look very nice but tell us nothing we want to know. The presentation is very much "learn by doing" and guides the reader through analyzing security-relevant data such as AlienVault's IP Reputation database, Symantec's data on ZeroAccess infections, and Verizon's VERIS Community database of data breaches (VCDB). Readers can either copy the relevant code from the text (recommended) or download it from the book's website. As each analysis is carried out, the authors provide background, high-level introductory material on the methods behind the code and sage advice on why things are done in particular ways. The writing is lively with a touch of whimsy that keeps the reader engaged (e.g., would you have suspected a significant correlation between UFO sightings and ZeroAccess infections?). The book is printed in color which really brings the graphics to life and enables the authors to explain how color selection, palettes, etc., contribute to visual impact. A core strength of the book is its emphasis on communication as the goal of the process. A superb technical analysis is worse than useless unless it is meaningfully communicated to the person that can act on its results. Chapter 10, Designing Effective Security Dashboards, is easily worth the price of the book with its exploration of the challenging world of the ultimate one-page summary. The book's shortcoming lie in its wide scope. The depth of presentation had to be limited to keep the book to a reasonable length (somewhat over 350 pages). The authors compensate by providing a good set of references for each chapter to support further study and a closing chapter with links to in-depth background. Unless you have strong skills in Python or R, you will need a good book on the language to help you branch out from the canned examples into your own data. For R, I recommend Jared Lander's "R for Everyone: Advanced Analytics and Graphics" (ISBN 978-0-321-88803-7). This is a technical book that will require a solid investment of time and effort to work through (including the external references that match your interests). However, at the end of that investment, you will have developed an appreciation for how data can be transformed into information using freely available tools and, most importantly, how to use graphics in effectively communicating what you have learned from that information. Definitely a recommended read whether you use these techniques in production or as guidance in evaluating commercial tools. ---------------------------------------------------------------------- It has been said "Be careful, for writing books is endless, and much study wears you out" so Richard Austin (http://cse.spsu.edu/raustin2) fearlessly samples the wares of the publishing houses and opines as to which might most profitably occupy your scarce reading time. He welcomes your thoughts and comments via raustin at ieee dot org ==================================================================== Listing of academic positions available by Cynthia Irvine ==================================================================== http://cisr.nps.edu/jobscipher.html Recent postings: Posted May 2014 Imperial College London, UK Research Assistant / Research Associate in 'Intelligent Cloud Protection at Run-Time' (Two Posts) Deadline for applications: 3 June, 2014 (Midnight BST) http://goo.gl/TOcM6r Posted May 2014 Radboud University Nijmegen, the Netherlands Assistant Professor in Networking/Network Security Deadline for applications: 21 May, 2014 http://www.ru.nl/vacatures/details/details_vacature_0?recid=533574 Posted Mar 2014 Mondragon Unibertsitatea Arrasate-Mondragon (Spain) Faculty of Engineering, Electronics and Computing Department Goiru Kalea, 2, 20500 Arrasate-Mondragon (Spain) Tel: +34 943 253324 / Fax: +34 943791536 http://mukom.mondragon.edu/infosec/ Posted Mar 2014 Lancaster University, UK (Security Research Centre) Lancaster, UK Senior Lecturer (Associate Professor in North American System) in Security Deadline for applications: 30 May, 2014 https://hr-jobs.lancs.ac.uk/Vacancy.aspx?ref=A900 -------------- This job listing is maintained as a service to the academic community. If you have an academic position in computer security and would like to have in it included on this page, send the following information: Institution, City, State, Position title, date position announcement closes, and URL of position description to: irvine@cs.nps.navy.mil ==================================================================== News Briefs ==================================================================== No new news this time. News briefs from past issues of Cipher are archived at http://www.ieee-security.org/Cipher/NewsBriefs.html ==================================================================== Conference and Workshop Announcements Upcoming Calls-For-Papers and Events ==================================================================== The complete Cipher Calls-for-Papers is located at http://www.ieee-security.org/CFP/Cipher-Call-for-Papers.html The Cipher event Calendar is at http://www.ieee-security.org/Calendar/cipher-hypercalendar.html Cipher calendar entries are announced on Twitter; follow ciphernews ____________________________________________________________________ Cipher Event Calendar ____________________________________________________________________ 5/28/14: SAC, Conference on Selected Areas in Cryptography, Concordia University, Montreal, Quebec, Canada; http://users.encs.concordia.ca/~youssef/SAC2014-WebSite/; Submissions are due 6/ 1/14: IEEE Transactions on Information Forensics and Security, Special Issue on Biometric Spoofing and Countermeasures; http://www.signalprocessingsociety.org/uploads/email/biometric_spoofing.html; Submissions are due 6/ 1/14: M2MSec, International Workshop on Security and Privacy in Machine-to-Machine Communications, Held in conjunction with IEEE Conference on Communications and Network Security (CNS 2014), San Francisco, CA, USA; http://www.m2m-sec.org/; Submissions are due 6/ 1/14: LightSEC, 3rd International Workshop on Lightweight Cryptography for Security & Privacy, Istanbul, Turkey; http://www.light-sec.org; Submissions are due 6/ 2/14: SIN, 7th International Conference on the Security of Information and Networks, Glasgow, UK; http://www.sinconf.org/sin2014/; Submissions are due 6/ 2/14- 6/ 4/14: IFIP-SEC, 29th IFIP TC-11 SEC 2014 International Conference ICT Systems Security and Privacy Protection, Marrakech, Morocco; http://www.ensa.ac.ma/sec2014/ 6/ 6/14: eCrime, 9th Symposium on Electronic Crime Research, Held in conjunction with the 2014 APWG General Meeting, Birmingham, Alabama, USA; http://ecrimeresearch.org/events/ecrime2014; Submissions are due 6/ 6/14: TrustED, 4th International Workshop on Trustworthy Embedded Devices, Co-located with the ACM Conference on Computer & Communications Security (CCS 2014), Scottsdale, Arizona, USA; http://www.trusted-workshop.de; Submissions are due 6/ 6/14: SLSS, International Workshop on System Level Security of Smartphones, Held in conjunction with SecureComm 2014, Beijing, China; http://www.dacas.cn/slss2014; Submissions are due 6/10/14: CANS, 13th International Conference on Cryptology and Network Security, Aldemar Royal Mare Resort, Heraklion Crete, Greece; http://www.ics.forth.gr/cans2014; Submissions are due 6/13/14: STM, 10th International Workshop on Security and Trust Management, Held in conjunction with ESORICS 2014, Wroclaw, Poland; http://stm14.uni.lu/; Submissions are due 6/20/14: ProvSec, 8th International Conference on Provable Security, Hong Kong; http://home.ie.cuhk.edu.hk/~provsec14; Submissions are due 6/23/14- 6/24/14: WEIS, 13th Annual Workshop on the Economics of Information Security, Pennsylvania State University, PA, USA; http://weis2014.econinfosec.org/ 6/23/14- 6/25/14: WISTP, 8th Workshop in Information Security Theory and Practice, Heraklion, Greece; http://www.wistp.org/ 6/25/14: ISC, 17th Information Security Conference, Hong Kong; http://isc14.ie.cuhk.edu.hk; Submissions are due 6/25/14- 6/27/14: SACMAT, 19th ACM Symposium on Access Control Models and Technologies, London, Ontario, Canada; http://www.sacmat.org 6/27/14- 7/ 2/14: SPE, 4th International Workshop on Security and Privacy Engineering, Co-located with IEEE SERVICES 2014, Anchorage, Alaska, USA; http://sesar.dti.unimi.it/SPE2014/ 6/30/14: LASER, Workshop on Learning from Authoritative Security Experiment Results, Arlington, Virginia, USA; http://www.laser-workshop.org; Submissions are due 6/30/14- 7/ 3/14: DASec, 1st International Workshop on Big Data Analytics for Security, Held in conjunction with ICDCS 2014, Madrid, Spain; http://www.dis.uniroma1.it/~dasec/ 7/ 1/14: Elsevier Information Systems, Special Issue on Information Integrity in Smart Grid Systems; http://www.journals.elsevier.com/information-systems/call-for-papers/special-issue-on-information-integrity-in-smart-grid-systems/; Submissions are due 7/ 1/14: ACM Transactions on Embedded Computing Systems, Special Issue on Embedded Platforms for Cryptography in the Coming Decade; http://acmtecs.acm.org/special-issues/14/embcrypt2014.html; Submissions are due 7/ 1/14: MTD, 1st ACM Workshop on Moving Target Defense, Held in conjunction with the 21st ACM Conference on Computer and Communications Security (ACM-CCS 2014), Scottsdale, Arizona, USA; http://csis.gmu.edu/MTD2014; Submissions are due 7/ 1/14: WISCS, 1st ACM Workshop on Information Sharing and Collaborative Security, Held in conjunction with the 21st ACM Conference on Computer and Communications Security (ACM-CCS 2014), Scottsdale, Arizona, USA; https://sites.google.com/site/wiscs2014/; Submissions are due 7/ 9/14- 7/11/14: SOUPS, Symposium On Usable Privacy and Security, In-cooperation with USENIX, Menlo Park, CA, USA; http://cups.cs.cmu.edu/soups/ 7/10/14: SKM, International Conference on Secure Knowledge Management, BITS Pilani, Dubai; http://www.bits-dubai.ac.ae/skm2014/index.html; Submissions are due 7/10/14- 7/11/14: DIMVA, 11th International Conference on Detection of Intrusions and Malware & Vulnerability Assessment, Royal Holloway London, Egham, UK; http://www.dimva.org/dimva2014 7/15/14: HST, 14th annual IEEE Symposium on Technologies for Homeland Security, Boston, Massachusetts, USA; http://ieee-hst.org/; Submissions are due 7/16/14- 7/18/14: PETS, 14th Privacy Enhancing Technologies Symposium, Amsterdam, Netherlands; http://petsymposium.org/ 7/19/14- 7/22/14: CSF, 27th IEEE Computer Security Foundations Symposium, Vienna University of Technology, Vienna, Austria; http://csf2014.di.univr.it/ 7/21/14- 7/23/14: RFIDSec, 10th Workshop on RFID Security, Co-located with ACM WiSec 2014, Oxford, United Kingdom; http://rfidsec2014.cis.uab.edu/ 7/21/14- 7/25/14: WiSec, 7th ACM Conference on Security and Privacy in Wireless and Mobile Networks, Oxford, United Kingdom; http://www.sigsac.org/wisec/WiSec2014/ 7/21/14- 7/25/14: SHPCS, 9th Workshop on Security and High Performance Computing Systems, Held in conjunction with the International Conference on High Performance Computing & Simulation (HPCS 2014), Bologna, Italy; http://hpcs2014.cisedu.info/ 7/23/14- 7/24/14: PST, 12th Annual Conference on Privacy, Security and Trust, Toronto, Canada; http://pst2014.ryerson.ca 7/29/14: PLAS, 9th ACM SIGPLAN Workshop on Programming Languages and Analysis for Security, Uppsala, Sweden; http://researcher.ibm.com/researcher/view_project.php?id=5237 8/ 1/14: VizSec, 11th Visualization for Cyber Security, Paris, France; http://www.vizsec.org; Submissions are due 8/14/14- 8/15/14: SAC, Conference on Selected Areas in Cryptography, Concordia University, Montreal, Quebec, Canada; http://users.encs.concordia.ca/~youssef/SAC2014-WebSite/ 8/18/14: ACSW-AISC, Australasian Information Security Conference, Held as part of Australasian Computer Science Week, Sydney, Australia; http://homepages.ecs.vuw.ac.nz/Users/Ian/ACSW_AISC2015; Submissions are due 8/30/14: BDSP, 1st IEEE International Workshop on Big Data Security and Privacy, Washington DC, USA; http://www.bigdatasecurityprivacyworkshop.com; Submissions are due 9/ 1/14: IEEE Transactions on Emerging Topics in Computing, Emerging topics in Cyber Security; http://www.computer.org/cms/Computer.org/transactions/cfps/cfp_tetcsi_cbs.pdf; Submissions are due 9/ 1/14- 9/ 2/14: LightSEC, 3rd International Workshop on Lightweight Cryptography for Security & Privacy, Istanbul, Turkey; http://www.light-sec.org 9/ 6/14- 9/ 6/14: TGC, 9th Symposium on Trustworthy Global Computing, Co-located with Concur 2014, Rome, Italy; http://www.cs.le.ac.uk/events/tgc2014/ 9/ 7/14- 9/11/14: ESORICS, 19th European Symposium on Research in Computer Security, Wroclaw, Poland; http://esorics2014.pwr.wroc.pl/index.html 9/ 8/14: ACC, IEEE International Workshop on Autonomic Cloud Cybersecurity, Held in conjunction with the IEEE International Conference on Cloud and Autonomic Computing (CAC 2014), London, UK; http://sesar.dti.unimi.it/ACC2014 9/ 8/14- 9/12/14: ECTCM, 2nd International Workshop on Emerging Cyberthreats and Countermeasures, Co-located with International Conference on Availability, Reliability and Security (ARES 2014), Fribourg, Switzerland; http://www.ectcm.net/ 9/ 9/14- 9/11/14: SIN, 7th International Conference on the Security of Information and Networks, Glasgow, UK; http://www.sinconf.org/sin2014/ 9/ 9/14- 9/12/14: SecATM, International Workshop on Security in Air Traffic Management and other Critical Infrastructures, Held in conjunction with ARES 2014, University of Fribourg, Switzerland; http://www.secatm.org 9/10/14- 9/11/14: STM, 10th International Workshop on Security and Trust Management, Held in conjunction with ESORICS 2014, Wroclaw, Poland; http://stm14.uni.lu/ 9/15/14- 9/18/14: NSPW, New Security Paradigms Workshop, Victoria, British Columbia, Canada; http://www.nspw.org/2014/cfp 9/23/14: SLSS, International Workshop on System Level Security of Smartphones, Held in conjunction with SecureComm 2014, Beijing, China; http://www.dacas.cn/slss2014 9/23/14- 9/25/14: eCrime, 9th Symposium on Electronic Crime Research, Held in conjunction with the 2014 APWG General Meeting, Birmingham, Alabama, USA; http://ecrimeresearch.org/events/ecrime2014 9/24/14- 9/26/14: RAID, 17th International Symposium on Research in Attacks, Intrusions and Defenses, Gothenburg, Sweden; http://www.raid2014.eu/cfp.html 10/ 1/14: IEEE Transactions on Dependable and Secure Computing, Special Issue on Cyber Crime; http://www.computer.org/cms/Computer.org/transactions/cfps/cfp_tdscsi_cc.pdf; Submissions are due 10/ 6/14-10/ 8/14: OSDI, 11th USENIX Symposium on Operating Systems Design and Implementation, Broomfield, CO, USA; https://www.usenix.org/conference/osdi14/call-for-papers 10/ 9/14-10/10/14: ProvSec, 8th International Conference on Provable Security, Hong Kong; http://home.ie.cuhk.edu.hk/~provsec14 10/12/14-10/14/14: ISC, 17th Information Security Conference, Hong Kong; http://home.ie.cuhk.edu.hk/~provsec14 10/15/14-10/16/14: LASER, Workshop on Learning from Authoritative Security Experiment Results, Arlington, Virginia, USA; http://www.laser-workshop.org 10/15/14-10/17/14: NordSec, 19th Nordic Conference on Secure IT Systems, Tromso/, Norway; http://site.uit.no/nordsec2014/ 10/22/14-10/24/14: CANS, 13th International Conference on Cryptology and Network Security, Aldemar Royal Mare Resort, Heraklion Crete, Greece; http://www.ics.forth.gr/cans2014 10/27/14-10/30/14: BDSP, 1st IEEE International Workshop on Big Data Security and Privacy, Washington DC, USA; http://www.bigdatasecurityprivacyworkshop.com 10/29/14-10/31/14: CNS, 2nd IEEE Conference on Communications and Network Security, San Francisco, CA, USA; http://ieee-cns.org 10/29/14: M2MSec, International Workshop on Security and Privacy in Machine-to-Machine Communications, Held in conjunction with IEEE Conference on Communications and Network Security (CNS 2014), San Francisco, CA, USA; http://www.m2m-sec.org/ 11/ 3/14: TrustED, 4th International Workshop on Trustworthy Embedded Devices, Co-located with the ACM Conference on Computer & Communications Security (CCS 2014), Scottsdale, Arizona, USA; http://www.trusted-workshop.de 11/ 3/14: MTD, 1st ACM Workshop on Moving Target Defense, Held in conjunction with the 21st ACM Conference on Computer and Communications Security (ACM-CCS 2014), Scottsdale, Arizona, USA; http://csis.gmu.edu/MTD2014 11/ 3/14: WISCS, 1st ACM Workshop on Information Sharing and Collaborative Security, Held in conjunction with the 21st ACM Conference on Computer and Communications Security (ACM-CCS 2014), Scottsdale, Arizona, USA; https://sites.google.com/site/wiscs2014/ 11/ 3/14-11/ 7/14: ACM-CCS, 21st ACM Conference on Computer and Communications Security, The Scottsdale Plaza Resort, Scottsdale, Arizona, USA; http://www.sigsac.org/ccs/CCS2014/ 11/ 9/14-11/14/14: LISA, 28th Large Installation System Administration Conference, Seattle, WA, USA; https://www.usenix.org/sites/default/files/lisa14cfp_102813.pdf 11/10/14: VizSec, 11th Visualization for Cyber Security, Paris, France; http://www.vizsec.org 12/ 8/14-12/ 9/14: SKM, International Conference on Secure Knowledge Management, BITS Pilani, Dubai; http://www.bits-dubai.ac.ae/skm2014/index.html 1/27/15- 1/30/15: ACSW-AISC, Australasian Information Security Conference, Held as part of Australasian Computer Science Week, Sydney, Australia; http://homepages.ecs.vuw.ac.nz/Users/Ian/ACSW_AISC2015 4/14/15- 4/16/15: HST, 14th annual IEEE Symposium on Technologies for Homeland Security, Boston, Massachusetts, USA; http://ieee-hst.org/ ____________________________________________________________________ Journal, Conference and Workshop Calls-for-Papers (new since Cipher E119) ___________________________________________________________________ SAC 2014 Conference on Selected Areas in Cryptography, Concordia University, Montreal, Quebec, Canada, August 14-15, 2014. (Submission Due 28 May 2014) http://users.encs.concordia.ca/~youssef/SAC2014-WebSite/ Authors are encouraged to submit original papers related to the following themes for the SAC 2014 conference. Note that the first three are traditional SAC areas and the fourth topic is intended to be the special focus for this year's conference: - Design and analysis of symmetric key primitives and cryptosystems, including block and stream ciphers, hash function, MAC algorithms, cryptographic permutations, and Authenticated Encryption Schemes - Efficient implementations of symmetric and public key algorithms - Mathematical and algorithmic aspects of applied cryptology - Algorithms for cryptography, cryptanalysis and their complexity analysis ------------------------------------------------------------------------- IEEE Transactions on Information Forensics and Security, Special Issue on Biometric Spoofing and Countermeasures, April 2015, (Submission Due 1 June 2014) http://www.signalprocessingsociety.org/uploads/email/biometric_spoofing.html Editor: Nicholas Evans (EURECOM, France), Sébastien Marcel (Idiap Research Institute, Switzerland), Arun Ross (Michigan State University, USA), and Stan Z. Li (Chinese Academy of Sciences, China) While biometrics technology has revolutionized approaches to person authentication and has evolved to play a critical role in personal, national and global security, the potential for the technology to be fooled or 'spoofed' is widely acknowledged. Efforts to study such threats and to develop countermeasures are now well underway resulting in some promising solutions. While progress with respect to each biometric modality has attained varying degrees of maturity, there are some notable shortcomings in research methodologies. Current spoofing studies focus on specific, known attacks. Existing countermeasures designed to detect and deflect such attacks are often based on unrealistic a priori knowledge and typically learned using training data produced using exactly the same spoofing method that is to be detected. Current countermeasures thus have questionable application in practical scenarios where the nature of the attack can never be known. This special issue will focus on the latest research on the topic of biometric spoofing and countermeasures, with a particular emphasis on novel methodologies and generalized spoofing countermeasures that have the potential to protect biometric systems against varying or previously unseen attacks. The aim is to further the state-of-the-art in this field, to stimulate interactions between the biometrics and information forensic communities, to encourage the development of reliable methodologies in spoofing and countermeasure assessment and solutions, and to promote the development of generalized countermeasures. Papers on biometric obfuscation (e.g., fingerprint or face alteration) and relevant countermeasures will also be considered in the special issue. Novel contributions related to both traditional biometric modalities such as face, iris, fingerprint, and voice, and other modalities such as vasculature and electrophysiological signals will be considered. The focus includes, but is not limited to, the following topics related to spoofing and anti-spoofing countermeasures in biometrics: - vulnerability analysis with an emphasis on previously unconsidered spoofing attacks; - theoretical models for attack vectors; - advanced machine learning and pattern recognition algorithms for anti-spoofing; - information theoretic approaches to quantify spoofing vulnerability; - spoofing and anti-spoofing in mobile devices; - generalized countermeasures; - challenge-response countermeasures; - sensor-based solutions to spoof attacks; - biometric obfuscation schemes; - information forensic approaches to spoofing detection; - new evaluation protocols, datasets, and performance metrics; - reproducible research (public databases, open source software and experimental setups). ------------------------------------------------------------------------- M2MSec 2014 International Workshop on Security and Privacy in Machine-to-Machine Communications, Held in conjunction with IEEE Conference on Communications and Network Security (CNS 2014), San Francisco, CA, USA, October 29, 2014. (Submission Due 1 June 2014) http://www.m2m-sec.org/ The First International Workshop on Security and Privacy in Machine-to-Machine Communications (M2MSec'14) aims to foster innovative research and discuss about security and privacy challenges, solutions, implementations, and standardization in emerging M2M communication systems. Papers from academic researchers, industry practitioners, and government institutions offering novel research contributions in all theoretical and practical aspects of security and privacy in M2M communications are solicited for submission to M2MSec'14. The scope of this workshop covers all aspects of security and privacy in M2M communications and particular topics of interest include, but are not limited to: - Threat and vulnerability analysis in M2M communications - Attacks and countermeasures in M2M communications - System architecture for security and privacy in M2M communications - Physical layer security in M2M communications - Cross layer design for security and privacy in M2M communications - Security and privacy in smart grid, RFID, near field communications (NFC), bluetooth, wireless sensor networks, body area networks, e-health, vehicular ad-hoc networks - Lightweight cryptographic primitives and protocols - Trust and assurance in M2M communications - Hardware security module and platform for M2M communications - Identity and credential management in M2M communications - Standardization for M2M communications - Cloud computing and M2M communications - Device-to-Device (D2D) networks such as LTE-direct - Pervasive sensing Networks, including mobile crowdsourcing, participatory sensing - Novel attacks resulting in IoT environments - Data mining, cleaning and analysis techniques for IoT - Real world deployment and experiences - Prototype IoT systems and applications ------------------------------------------------------------------------- LightSEC 2014 3rd International Workshop on Lightweight Cryptography for Security & Privacy, Istanbul, Turkey, September 1-2, 2014. (Submission Due 1 June 2014) http://www.light-sec.org LightSEC 2014 promotes and initiates novel research on the security & privacy issues for applications that can be termed as lightweight security, due to the associated constraints on metrics such as available power, energy, computing ability, area, execution time, and memory requirements. As such applications are becoming ubiquitous, providing an immense value to society, they are also affecting a greater portion of the public & leading to a plethora of economical & security and privacy related concerns. Topics of interest include: - Design, analysis and implementation of lightweight cryptographic protocols - Cryptographic hardware development for constrained domains - Security & privacy solutions for wireless embedded systems - Lightweight privacy-preserving protocols & systems - Design and analysis of fast and compact cryptographic algorithms - Wireless network security for low-resource devices - Low-power crypto architectures - Scalable protocols and architectures for security and privacy - Formal methods for analysis of lightweight cryptographic protocols - Security and privacy issues in RFID and NFC - Embedded systems security - PUF based crypto protocols - Security of ubiquitous and pervasive computing - Side channel analysis and countermeasures on lightweight devices - Efficient and scalable cryptographic protocols for the Next Generation Secure Cloud ------------------------------------------------------------------------- SIN 2014 7th International Conference on the Security of Information and Networks, Glasgow, UK, September 9-11, 2014. (Submission Due 2 June 2014) http://www.sinconf.org/sin2014/ The 7th International Conference on Security of Information and Networks (SIN 2014) provides an international forum for presentation of research and applications of security in information and networks. SIN 2014 features contributed as well as invited papers, special sessions, workshops, and tutorials on theory and practice. Its drive is to convene a high quality, well-attended, and up-to-date conference on scientific and technical issues of security in information, networks, and systems. Topics of interest include (but are not limited to): - Access control and intrusion detection - Cyber Physical Systems - Autonomous and adaptive security - Security tools and development platforms - Computational intelligence techniques in security - Security ontology, models, protocols & policies - Computer network defense - Standards, guidelines and certification - Cryptographic techniques and key management - Security-aware software engineering - Industrial applications of security - Trust and privacy - Information assurance - Cyber Warfare (attacks and defenses) - Next generation network architectures - Malware analysis - Network security and protocols - Security challenges in Mobile/Embedded Systems ------------------------------------------------------------------------- eCrime 2014 9th Symposium on Electronic Crime Research, Held in conjunction with the 2014 APWG General Meeting, Birmingham, Alabama, USA, September 23-25, 2014. (Submission Due 6 June 2014) http://ecrimeresearch.org/events/ecrime2014 The eCrime Symposium consists of two full days which bring together academic researchers, security practitioners, and law enforcement to discuss all aspects of electronic crime and ways to combat it. Topics of interest include (but are not limited to): - Emerging attack methods - Online advertising fraud - Large-scale take-downs - Economics of online crime - Technical, legal, political aspects of online fraud - Assessing the risks and yields of modern attacks - Defending critical internet infrastructure ------------------------------------------------------------------------- TrustED 2014 4th International Workshop on Trustworthy Embedded Devices, Co-located with the ACM Conference on Computer & Communications Security (CCS 2014), Scottsdale, Arizona, USA, November 3, 2014. (Submission Due 6 June 2014) http://www.trusted-workshop.de TrustED considers selected security and privacy aspects of cyber physical systems and their environments. We aim to bring together experts from academia, research institutions, industry, and government to discuss problems, challenges, and recent scientific and technological advances in this field. In particular, we strongly encourage industry participation and submissions. The workshop topics include, but are not limited to: - Embedded system security - Privacy aspects of embedded systems (e.g., medical devices, electronic IDs) - Physical and logical convergence (e.g., secure and privacy-preserving facility management) - Hardware entangled cryptography - Foundation, development, and applications of physical security primitives (e.g., physical unclonable functions - PUFs) - Remote attestation and integrity verification - IP protection for embedded systems - Reverse engineering - Secure execution environments (e.g., TrustZone, TPMs) on mobile devices - New protection paradigms for trustworthy embedded systems ------------------------------------------------------------------------- SLSS 2014 International Workshop on System Level Security of Smartphones, Held in conjunction with SecureComm 2014, Beijing, China, September 23, 2014. (Submission Due 6 June 2014) http://www.dacas.cn/slss2014 This workshop will discuss various aspects of system level security of smartphones, and stitch together the aspects into holistic and deep understandings. Some specific aspects include system metadata abuse, .so level rootkits in Android, finer-grained protection domains, cross-layer vulnerability analysis, and context-aware access control. Through the workshop, some new vulnerabilities and attack on Android/IOS systems could be revealed, and some security design principles of next generation smartphone Operating Systems could be identified. The workshop will be more discussion oriented than regular workshops, it will include a few selected presentations, each with a 15 minutes speech and 45 minutes discussion. Research contributions are solicited in all aspects related to system level security of smartphones, including but not limited to: - System level vulnerabilities of Android/ IOS system, for example cross-layer vulnerability analysis, service vulnerabilities, etc. - New attacks on Android/IOS systems, for example metadata-based attack, .so level rootkits, etc. - Design of next generation secure smartphone systems, for example finer-grained protection domains, context-aware access control, etc. ------------------------------------------------------------------------- CANS 2014 13th International Conference on Cryptology and Network Security, Aldemar Royal Mare Resort, Heraklion Crete, Greece, October 22-24, 2014. (Submission Due 10 June 2014) http://www.ics.forth.gr/cans2014 Papers offering novel research contributions are solicited for submission to the 13rd International Conference on Cryptology and Network Security (CANS-2014). The focus is on original, high quality, unpublished research and implementation experiences. We encourage submissions of papers suggesting novel paradigms, original directions, or non-traditional perspectives. Submitted papers must not substantially overlap with papers that have been published or that are submitted in parallel to a journal or a conference with formally published proceedings. Topics include (but not limited to): - Access Control for Networks Mobile Code Security - Anonymity & Pseudonymity Multicast Security - Attacks & Malicious Code Network Security - Authentication, Identification Peer-to-Peer Security - Block & Stream Ciphers Public Key Cryptography - Cloud Security Security Modeling - Cryptographic Algorithms Security Architectures - Cryptographic Protocols Security in Location Services - Denial of Service Protection Security in Social Networks - Embedded Platform Security Sensor Network Security - Hash Functions Spam & SPIT Protection - Identity & Trust Management Spyware Analysis and Detection - (Future) Internet Security Virtual Private Networks - Key Management Wireless and Mobile Security ------------------------------------------------------------------------- STM 2014 10th International Workshop on Security and Trust Management, Held in conjunction with ESORICS 2014, Wroclaw, Poland, September 10-11, 2014. (Submission Due 13 June 2014) http://stm14.uni.lu/ The workshop seeks submissions from academia, industry, and government presenting novel research on all theoretical and practical aspects of security and trust in ICTs. Topics of interest include, but are not limited to: - Access control - Anonymity - Applied cryptography - Authentication - Complex systems security - Data and application security - Data protection - Data/system integrity - Digital right management - Economics of security and privacy - E-services - Formal methods for security and trust - Identity management - Legal and ethical issues - Networked systems security - Operating systems security - Privacy - Security and trust metrics - Security and trust policies - Security and trust management architectures - Security and trust in cloud environments - Security and trust in grid computing - Security and trust in pervasive computing - Security and trust in social networks - Social implications of security and trust - Trust assessment and negotiation - Trust in mobile code - Trust models - Trust management policies - Trust and reputation systems - Trusted platforms - Trustworthy systems and user devices - Web services security ------------------------------------------------------------------------- ProvSec 2014 8th International Conference on Provable Security, Hong Kong, October 9-10, 2014. (Submission Due 20 June 2014) http://home.ie.cuhk.edu.hk/~provsec14 Provable security is an important research area in modern cryptography. Cryptographic primitives or protocols without a rigorous proof cannot be regarded as secure in practice. In fact, there are many schemes that were originally thought as secure but eventually broken, which clearly indicates the need of formal security assurance. With provable security, we are confident in using cryptographic schemes and protocols in various real-world applications. Meanwhile, schemes with provable security sometimes give only theoretical feasibility rather than a practical construction, and correctness of the proofs may be difficult to verify. ProvSec conference thus provides a platform for researchers, scholars and practitioners to exchange new ideas for solving these problems in the provable security area. All aspects of provable security for cryptographic primitives or protocols, include but are not limited to the following areas: - Asymmetric provably secure cryptography - Cryptographic primitives - Lattice-based security reductions - Leakage-resilient cryptography - Pairing-based provably secure cryptography - Privacy and anonymity technologies - Provable secure block ciphers and hash functions - Secure cryptographic protocols and applications - Security notions, approaches, and paradigms - Steganography and steganalysis ------------------------------------------------------------------------- ISC 2014 17th Information Security Conference, Hong Kong, October 12-14, 2014. (Submission Due 25 June 2014) http://isc14.ie.cuhk.edu.hk The Information Security Conference (ISC), which started as a workshop (ISW) in 1997, is one of the first conferences bringing together computer security and cryptographers. It has been held in 5 different continents. Its proceedings are published by Springer. Potential topics to be addressed by submissions include, but are not limited to: - applied information security in the context of: eBusiness, eCommerce, eGovernment - computer security, e.g.: access control, database security, e-voting, formal methods, intrusion detection, trust models, watermarking - cryptography, e.g.: anonymity, authentication, e-voting, fingerprinting, key management, privacy - general topics: anonymity, authentication, biometrics, insider threats, location services, network security, privacy - hardware aspects and embedded systems, - management aspects of security: economic aspects, digital right management, dissemination control, identity management, incident response, trust management - security (aspects) of: cloud computing, outsourcing IT, pervasive computing, social networks, user-friendliness - software issues: malware, mobile code aspects, operating system security, predicting malware, software security, web security ------------------------------------------------------------------------- LASER 2014 2014 Workshop on Learning from Authoritative Security Experiment Results, Arlington, Virginia, USA, October 15-16, 2014. (Submission Due 30 June 2014) http://www.laser-workshop.org The LASER workshop invites papers that strive to exemplify the practice of science in cyber security. The goal of this series of workshops, now in its third year, is to address the practice of good science. We encourage participants who want to help others improve their practice and participants who want to improve their own practice. LASER seeks to foster a dramatic change in the paradigm of cyber security research and experimentation. Participants will find LASER to be a constructive and highly interactive venue featuring informal paper presentations and extended discussions. LASER welcomes papers that are: - Exemplars of the practice of science in cyber security - Promising works-in-progress that would benefit from expert feedback ------------------------------------------------------------------------- Elsevier Information Systems, Special Issue on Information Integrity in Smart Grid Systems, 2014, (Submission Due 1 July 2014) http://www.journals.elsevier.com/information-systems/call-for-papers/ special-issue-on-information-integrity-in-smart-grid-systems/ Editor: Al-Sakib Khan Pathan (International Islamic University Malaysia, Malaysia), Zubair Muhammad Fadlullah (Tohoku University, Japan), Mostafa M. Fouda (Benha University, Egypt), Muhammad Mostafa Monowar (King AbdulAziz University, Saudi Arabia), and Philip Korn (AT&T Labs Research, USA) The smart grid is an electronically controlled electrical grid that connects power generation, transmission, distribution, and consumers using information and communication technology. One of the key characteristics of the smart grid is its support for bi-directional information flow between the consumer of electricity and the utility provider. A critical twist on the current electrical grid system, this kind of two-way interaction would allow electricity to be generated in real-time based on consumer demands and power requests. While the system would allow users to get more control over electricity use and supply, many security issues are raised to ensure information privacy of the users as well as authorization procedures for electricity use. Security loopholes in the system could, in fact, aggravate the electricity supply system instead of improving it. The quality of the information from billing and accounting is also a major concern. With this Special Issue, we open the door to encourage researchers to discuss issues related to information integrity and security services in the smart grid, particularly from the communication point of view to construct energy, control, and information processing systems for the smart grid. Any topic related to information integrity and security services in the smart grid, particularly from the communications and data management point of view, is to be considered. The topics include but are not limited to: - Data quality in the smart grid - Secure smart metering - Secure Advanced Metering Infrastructure (AMI) communication and management - Privacy protection in smart grid - Smart grid security database architecture and models - Security services for smart grid - User authentication, access control for smart grid - Hardware design for information protection in smart grid - Simulation and performance analysis of smart grid security operations ------------------------------------------------------------------------- ACM Transactions on Embedded Computing Systems, Special Issue on Embedded Platforms for Cryptography in the Coming Decade, First Quarter 2015, (Submission Due 1 July 2014) http://acmtecs.acm.org/special-issues/14/embcrypt2014.html Editor: Patrick Schaumont (Virginia Tech, USA), Ma'ire O'Neill (Queen's University Belfast, UK), and Tim Gu:neysu (Ruhr University Bochum, Germany) Cryptography has made great strides in capability and variety over the past few years, enabling a broad range of new applications and extending the reach of security deep into the embedded world. A few examples include lightweight primitives that provide information security for a fraction of the energy and cost of traditional primitives; lattice-based crypto-engines that provide an alternative to public-key operations in a post-quantum-computing world; cryptographic sponges that can be configured as universal crypto-kernels; anonymous signatures that support electronic cash in portable, compact form factors; and homomorphic primitives and zero-knowledge proofs that allow privacy-friendly interaction of devices with the all-knowing cloud. These novel forms of cryptography will drive the embedded information infrastructure, and they will become a necessity to mix and merge our virtual life with our real life in a trustworthy and scalable manner. However, this is not your father's cryptography, and its efficient implementation needs new research efforts. It is based on different mathematical structures, novel transformations and data organizations, and in many cases its computational complexity is significantly higher than that of traditional cryptographic operations. For several primitives, such as for post-quantum cryptography and homomorphic computing, the optimal implementation strategies are still an open area of research. Furthermore, threats against these novel forms of cryptography, such as side-channel analysis or fault injection, are unexplored. This special issue of ACM Transactions on Embedded Computing Systems solicits state-of-the-art research results and surveys in embedded system engineering for these novel cryptographic primitives. The issue will cover both hardware and software implementations for performance-optimized, resource-constrained, energy-efficient platforms. Of special interest are implementations that demonstrate novel applications for cryptographic primitives. A few examples of topics of interest for the special issue include: - Post-quantum Primitives for Constrained Platforms (RFID, microcontroller) - Lattice-based Cryptography in Embedded Platforms - Embedded Implementations that interact with the Homomorphic Cloud - Custom-instruction Extensions and Hardware Primitives for Post-quantum Cryptography - Performance Comparisons and Benchmarks for Multi-party Computation - Privacy-friendly Cryptography in Embedded Platforms - Privacy-friendly Car Electronics and Public-transport Infrastructure - Implementations of Electronic Cash - Implementations of Electronic Passports - Hardware Acceleration of Privacy-friendly Cryptographic Primitives - Implementations of Unified Cryptographic Primitives (eg Authenticated Encryption) - Implementations of Leakage-resilient Cryptography ------------------------------------------------------------------------- MTD 2014 1st ACM Workshop on Moving Target Defense, Held in conjunction with the 21st ACM Conference on Computer and Communications Security (ACM-CCS 2014), Scottsdale, Arizona, USA, November 3, 2014. (Submission Due 1 July 2014) http://csis.gmu.edu/MTD2014 The static nature of current computing systems has made them easy to attack and harder to defend. Adversaries have an asymmetric advantage in that they have the time to study a system, identify its vulnerabilities, and choose the time and place of attack to gain the maximum benefit. The idea of moving-target defense (MTD) is to impose the same asymmetric disadvantage on the attacker by making systems dynamic and harder to predict. With a constantly changing system and its ever adapting attack surface, the attacker will have to deal with a great deal of uncertainty just like defenders do today. The ultimate goal is to level the cybersecurity playing field for defenders versus attackers. This workshop seeks to bring together researchers from academia, government, and industry to report on the latest research efforts on moving-target defense, and to have productive discussion and constructive debate on this topic. We solicit submissions on original research in the broad area of MTD, with possible topics such as those listed below. Since this is still a research area in a nascent stage, the list should only be used as a reference. We welcome all works that fall under the broad scope of moving target defense, including research that shows negative results. Topics include: - System randomization - Artificial diversity - Cyber maneuver - Bio-inspired defenses - Dynamic network configuration - Moving target in the cloud - System diversification techniques - Dynamic compilation techniques - Adaptive defenses - Analytical models for MTD - Large-scale MTD (using multiple techniques) ------------------------------------------------------------------------- WISCS 2014 1st ACM Workshop on Information Sharing and Collaborative Security, Held in conjunction with the 21st ACM Conference on Computer and Communications Security (ACM-CCS 2014), Scottsdale, Arizona, USA, November 3, 2014. (Submission Due 1 July 2014) https://sites.google.com/site/wiscs2014/ Sharing of security related information is believed to greatly enhance the ability of organizations to defend themselves against sophisticated attacks. If one organization detects a breach the automated sharing of observed security indicators (such as IP addresses, domain names etc.) provide valuable, actionable information to others. Through analyzing shared data it seems possible to get much better insights into emerging attacks. Sharing higher level intelligence about campaigns, threat actors and mitigations is also of great interest. Both in the US and the EU there are major efforts underway to strengthen information sharing. Yet there are a number of technical and policy challenges to realizing this vision. Which information exactly should be shared? How can privacy and confidentiality be protected? How can we create high-fidelity intelligence from shared data without getting overwhelmed by false positives? The first Workshop on Information Sharing and Collaborative Security (WISCS 2014) aims to bring together experts and practitioners from academia, industry and government to present innovative research, case studies, and legal and policy issues. Topics of interest for the workshop include, but are not limited to: - Collaborative intrusion detection - Case studies for information sharing - Domain name and IP address blacklisting - Collaborative approaches to spear-phishing and DDoS attacks - Data deidentification - Privacy and confidentiality - Cryptographic protocols for collaborative security - Scalability of security analysis on shared data - Ontologies and standards for sharing security data - Human factors in collaboration - Policy and legal issues - Surveillance issues - Trust models - Attacks on information sharing - Economics of security collaboration ------------------------------------------------------------------------- SKM 2014 International Conference on Secure Knowledge Management, BITS Pilani, Dubai, December 8-9, 2014. (Submission Due 10 July 2014) http://www.bits-dubai.ac.ae/skm2014/index.html The conference on Secure Knowledge Management will bring together researchers and practitioners from academia, industry and government to raise the awareness and share recent advances in knowledge management. The conference will provide a venue to discuss and develop the next set of challenges in knowledge management that needs to be tackled by the community. Topics of interest include, but are not limited to: - Secure Languages (Secure Knowledge Query Manipulation Language, Security Assertion Markup Language, B2B Circles of Trust) - Return on Investment in Secure Knowledge Systems - Digital Rights Management (Digital Policy Management) - Secure Content Management (Secure Content Management in Authorized Domains, Secure Content Delivery, Content Trust Index) - Knowledge Management for National Security - Security in B2B marketplace - Security and Privacy in Online Social Media - Wireless security in the context of Knowledge Management - Data Mining for Fraud Detection (Financial Fraud Detection, Network Intrusion Detection) - Risk Assessment - Secure Knowledge Management in Distributed Systems - Trust and Privacy in Knowledge management systems - Security, Privacy, and Trustworthiness in Semantic web - Secure Knowledge management in Big-data applications like Healthcare, finance, cloud etc. ------------------------------------------------------------------------- HST 2015 14th annual IEEE Symposium on Technologies for Homeland Security, Boston, Massachusetts, USA, April 14-16, 2015. (Submission Due 15 July 2014) http://ieee-hst.org/ This symposium brings together innovators from leading academic, industry, business, Homeland Security Centers of Excellence, and government programs to provide a forum to discuss ideas, concepts, and experimental results. This year's event will once again showcase selected technical paper and posters highlighting emerging technologies in the areas of: - Cyber Security - Biometrics & Forensics - Land and Maritime Border Security - Attack and Disaster Preparation, Recovery, and Response ------------------------------------------------------------------------- VizSec 2014 11th Visualization for Cyber Security, Paris, France, November 10, 2014. (Submission Due 1 August 2014) http://www.vizsec.org The 11th Visualization for Cyber Security (VizSec) is a forum that brings together researchers and practitioners from academia, government, and industry to address the needs of the cyber security community through new and insightful visualization and analysis techniques. VizSec provides an excellent venue for fostering greater exchange and new collaborations on a broad range of security- and privacy-related topics. Full papers describing novel contributions in security visualization are solicited. Papers may present techniques, applications, practical experience, theory, analysis, or experiments and evaluations. We encourage the submission of papers on technologies and methods that promise to improve cyber security practices, including, but not limited to: - Situation awareness and/or understanding - Incident handling including triage, exploration, correlation, and response - Computer forensics - Recording and reporting results of investigations - Reverse engineering and malware analysis - Multiple data source analysis - Analyzing information requirements for computer network defense - Evaluation and/or user testing of VizSec systems - Criteria for assessing the effectiveness of cyber security visualizations (whether from a security goal perspective or a human factors perspective) - Modeling system and network behavior - Modeling attacker and defender behavior - Studying risk and impact of cyber attacks - Predicting future attacks or targets - Security metrics and education - Software security - Mobile application security - Social networking privacy and security ------------------------------------------------------------------------- ACSW-AISC 2015 Australasian Information Security Conference, Held as part of Australasian Computer Science Week, Sydney, Australia, January 27-30, 2015. (Submission Due 18 August 2014) http://homepages.ecs.vuw.ac.nz/Users/Ian/ACSW_AISC2015 AISC aims at promoting research on all aspects of information security and increasing communication between academic and industrial researchers working in this area. We seek submissions from academic and industrial researchers on all theoretical and practical aspects of information security. Suggested topics include, but are not restricted to: access control; anonymity and pseudonymity; cryptography and cryptographic protocols; database security; identity management and identity theft; intrusion detection and prevention; malicious software; network security; privacy enhancing technologies; and trust and risk. ------------------------------------------------------------------------- BDSP 2014 1st IEEE International Workshop on Big Data Security and Privacy, Washington DC, USA, October 27-30, 2014. (Submission Due 30 August 2014) http://www.bigdatasecurityprivacyworkshop.com Big Data is characterized by the integration of a significant amount of data, of varying modalities or types, at a pace that cannot be handled by traditional data management systems. This has sparked innovation in the collection, processing and storage of this data. The analytic systems built to leverage Big Data have yielded (and hold even greater promise to uncover) remarkable insights that enable a host of new applications that were not thought possible prior to the era of Big Data. However, with this capacity to contribute to and benefit the greater good comes the responsibility to protect the subjects referenced in the data sets. In this context, the old adage is correct - "With great power, comes great responsibility". Ultimately, the data subjects own the data and they stand to suffer most significantly from the data's compromise. Thus, there needs to be advances in techniques for 1) ingesting Big Data in a secure and privacy-preserving, 2) performing Big Data analysis in a secure environment and in a privacy-preserving manner, and 3) storing and enforcing retention policy securely (and in private modes) for Big Data systems. If these solutions are not in place, then the willingness of people to contribute their data to be included in a Big Data system decreases. Additionally, Big Data professionals need to perform risk analyses, as they relate to security and privacy, to get a realistic view of the safety of the landscape. There is a lot of work to be done in this emerging field. This workshop is a venue for researchers and practitioners to come together and tackle them in a supportive and stimulating environment. ------------------------------------------------------------------------- IEEE Transactions on Emerging Topics in Computing, Emerging topics in Cyber Security, 2015, (Submission Due 1 September 2014) http://www.computer.org/cms/Computer.org/transactions/cfps/cfp_tetcsi_cbs.pdf Editor: Giorgio Di Natale (LIRMM, France) and Stefano Zanero (Politecnico di Milano, Italy) Cyber Security is a topic which is getting a very high level of attention from researchers, decision makers, policy makers and from the general public. The value of digital information is growing dramatically. Physical systems coupled with computing devices (so-called cyber-physical systems) carry out functions that are fundamental for our society. Protecting these emerging critical digital infrastructures is an increasingly relevant objective from a military and political point of view. For this reason, the IEEE Transactions on Emerging Topics in Computing (TETC) seek original manuscripts for a Special Issue on Emerging Topics in Cyber Security, scheduled to appear in the first issue of 2015. TETC is the newest Transactions of the IEEE Computer Society, and it uses an Open Access model exclusively. Papers may present advances in the theory, design, implementation, analysis, verification, or empirical evaluation and measurement of cyber security systems, to deal with emerging computing technologies and applications. Given the the peculiar nature of TETC, we are seeking in particular papers that are more "far-reaching" than is usual for journal submissions, as long as they show promise for opening up new areas of study, or questioning long-held beliefs and tenets of the cybersecurity field. ------------------------------------------------------------------------- IEEE Transactions on Dependable and Secure Computing, Special Issue on Cyber Crime, 2015, (Submission Due 1 October 2014) http://www.computer.org/cms/Computer.org/transactions/cfps/cfp_tdscsi_cc.pdf Editor: Wojciech Mazurczyk (Warsaw University of Technology, Poland), Thomas J. Holt (School of Criminal Justice, Michigan State University, USA), and Krzysztof Szczypiorski (Warsaw University of Technology, Poland) Cyber crimes reflect the evolution of criminal practices that have adapted to the world of information and communication technologies. Cybercriminality has become a curse of the modern world with the potential to affect every one nationally and/or internationally. Individuals, companies, governments and institutions may become victims as well as (involuntary) helpers of cyber criminals. The inability to provide cyber-security can potentially have a tremendous socio-economic impact on global enterprises as well as individuals. The aim of this special issue is to bring together the research accomplishments provided by the researchers from academia and the industry. The other goal is to show the latest research results in the field of cyber crime. Prospective authors will be encouraged to submit related distinguished research papers on the subject of both: theoretical approaches and practical case reviews. Topics of interest include, but are not limited to: - Cyber-crime science - Emerging cybercriminals techniques and countermeasures - Cyber forensics and anti-forensic procedures, techniques, tools and analysis - Cyber crime investigations & incident response - Active and passive cyber crime defense techniques, tools and mechanisms - Cybersecurity testbeds, tools, methodologies - Cyber threat modeling analysis, cyber risk and vulnerability assessment - Cyber warfare & cyber terrorism - Cybersecurity economic modeling and metrics - Cybersecurity standards, policy, law, and regulation - Legal, ethical and policy issues related to cyber crime - Human and behavioral issues in cyber crime - Network traffic analysis and modelling for cyber crime science - Deviant activities and crime patterns - Insider threat detection and prevention - Misuse of personal data and the right to online privacy ==================================================================== Information on the Technical Committee on Security and Privacy ==================================================================== ____________________________________________________________________ Information for Subscribers and Contributors ____________________________________________________________________ SUBSCRIPTIONS: Two options, each with two options: 1. To receive the full ascii CIPHER issues as e-mail, send e-mail to cipher-admin@ieee-security.org (which is NOT automated) with subject line "subscribe". OR send a note to cipher-request@mailman.xmission.com with the subject line "subscribe" (this IS automated - thereafter you can manage your subscription options, including unsubscribing, yourself) 2. To receive a short e-mail note announcing when a new issue of CIPHER is available for Web browsing send e-mail to cipher-admin@ieee-security.org (which is NOT automated) with subject line "subscribe postcard". OR send a note to cipher-postcard-request@mailman.xmission.com with the subject line "subscribe" (this IS automated - thereafter you can manage your subscription options, including unsubscribing, yourself) To remove yourself from the subscription list, send e-mail to cipher-admin@ieee-security.org with subject line "unsubscribe" or "unsubscribe postcard" or, if you have subscribed directly to the xmission.com mailing list, use your password (sent monthly) to unsubscribe per the instructions at http://mailman.xmission.com/cgi-bin/mailman/listinfo/cipher or http://mailman.xmission.com/cgi-bin/mailman/listinfo/cipher-postcard Those with access to hypertext browsers may prefer to read Cipher that way. It can be found at URL http://www.ieee-security.org/cipher.html CONTRIBUTIONS: to cipher @ ieee-security.org are invited. Cipher is a NEWSletter, not a bulletin board or forum. It has a fixed set of departments, defined by the Table of Contents. Please indicate in the subject line for which department your contribution is intended. Calendar and Calls-for-Papers entries should be sent to cipher-cfp @ ieee-security.org and they will be automatically included in both departments. To facilitate the semi-automated handling, please send either a text version of the CFP or a URL from which a text version can be easily obtained. For Calendar entries, please include a URL and/or e-mail address for the point-of-contact. For Calls for Papers, please submit a one paragraph summary. See this and past issues for examples. ALL CONTRIBUTIONS CONSIDERED AS PERSONAL COMMENTS; USUAL DISCLAIMERS APPLY. All reuses of Cipher material should respect stated copyright notices, and should cite the sources explicitly; as a courtesy, publications using Cipher material should obtain permission from the contributors. ____________________________________________________________________ Recent Address Changes ____________________________________________________________________ Address changes from past issues of Cipher are archived at http://www.ieee-security.org/Cipher/AddressChanges.html _____________________________________________________________________ How to become <> a member of the IEEE Computer Society's TC on Security and Privacy _____________________________________________________________________ You may easily join the TC on Security & Privacy by completing the on-line for at IEEE at https://www.ieee.org/membership-catalog/productdetail/showProductDetailPage.html?product=CMYSP728 ______________________________________________________________________ TC Publications for Sale ______________________________________________________________________ The proceedings of previous conferences are available from the Computer Society's Digital Library. IEEE Security and Privacy Symposium IEEE CS Press ____________________________________________________________________________ TC Officers and SP Steering Committee ____________________________________________________________________________ Chair: Security and Privacy Symposium Chair Emeritus: Patrick McDaniel Robin Sommer Computer Science and Engineering http://www.icir.org/robin Pennsylvania State University 360 A IST Building University Park, PA 16802 (814) 863-3599 mcdaniel@cse.psu.edu Vice Chair: Treasurer: Ulf Lindqvist Yong Guan SRI International 3219 Coover Hall Menlo Park, CA Department of Electrical and Computer ulf.lindqvist@sri.com Engineering Iowa State University, Ames, IA 50011 (515) 294-8378 yguan (at) iastate.edu Newsletter Editor and Security and Privacy Symposium, 2014 Chair: TC Awards Chair: Greg Shannon Hilarie Orman CERT Purple Streak, Inc. oakland14-chair@ieee-security.org 500 S. Maple Dr. Woodland Hills, UT 84653 cipher-editor@ieee-security.org ________________________________________________________________________ BACK ISSUES: Cipher is archived at: http://www.ieee-security.org/cipher.html Cipher is published 6 times per year