Commentary and Opinion
Richard Austin's review of Data and Goliath: The hidden battles to capture your data and control your world by Bruce Schneier
Announcements and correspondence (please contribute!)
Listing of academic positions available by
Nothing new since last Cipher.
Conference and Workshop Announcements
Cipher calendar announcements are on Twitter; follow "ciphernews"
new calls or announcements added since Cipher E124 (the calls-for-papers and the calendar announcements may differ slightly in content or time of update):
SECRYPT 2015 12th International Conference on Security and Cryptography, Colmar, Alsace, France, July 20 - 22, 2015. (Submission Due 17 March 2015)
SECRYPT is an annual international conference covering research in information and communication security. The conference seeks submissions from academia, industry, and government presenting novel research on all theoretical and practical aspects of data protection, privacy, security, and cryptography. Papers describing the application of security technology, the implementation of systems, and lessons learned are also encouraged. Papers describing new methods or technologies, advanced prototypes, systems, tools and techniques and general survey papers indicating future directions are also encouraged. Topics of interest include:
MSPN 2015 International Conference on Mobile, Secure and Programmable Networking, Paris, France, June 15-17, 2015. (Submission Due 20 March 2015)
The rapid deployment of new infrastructures based on network virtualization and Cloud computing triggers new applications and services that in turn generate new constraints such as security and/or mobility. The International Conference on Mobile, Secure and Programmable Networking aims at providing a top forum for researchers and practitioners to present and discuss new trends in networking infrastructures, security, services and applications while focusing on virtualization and Cloud computing for networks, network programming, Software Defined Networks (SDN) and their security. Position papers are also welcome and should be clearly marked as such. Authors are invited to submit complete unpublished papers, which are not under review in any other conference or journal, including, but not limited to, the following topic areas:
PTDCS 2015 Workshop on Privacy by Transparency in Data-Centric Services, Held in conjunction with the 18th International Conference on Business Information Systems (BIS 2015), Poznan, Poland, June 24-26, 2015. (Submission Due 22 March 2015)
Big Data has developed into a key factor of the economy that benefits users and providers of data-centric services. However, the analysis of growing volumes of users data in data-centric services also presents significant privacy challenges. The objective of this workshop is to bring researchers and practitioners together to explore transparency-based mechanisms, such as dashboards, economic explanations of the use of privacy and value of data, as well as user behavior. In particular, the goal of this workshop is to set thematic milestones for the technical development of transparency mechanisms on the one hand, and on the other, trace ways in which technical progress, users and industry could profit from transparency. A major focus will be set on Transparency-Enhancing Technologies (TET) and, in particular, Privacy Dashboards. Topics of interest include, but are not limited to:
TrustBus 2015 12th International Conference on Trust, Privacy, and Security in Digital Business, Valencia, Spain, September 1-2, 2015. (Submission Due 22 March 2015)
TrustBus'2015 will bring together researchers from different disciplines, developers, and users all interested in the critical success factors of digital business systems. We are interested in papers, work-in-progress reports, and industrial experiences describing advances in all areas of digital business applications related to trust and privacy, including, but not limited to:
HAISA 2015 International Symposium on Human Aspects of Information Security & Assurance, Lesvos, Greece, July 1-3, 2015. (Submission Due 31 March 2015)
It is commonly acknowledged that security requirements cannot be addressed by technical means alone, and that a significant aspect of protection comes down to the attitudes, awareness, behaviour and capabilities of the people involved. Indeed, people can potentially represent a key asset in achieving security, but at present, factors such as lack of awareness and understanding, combined with unreasonable demands from security technologies, can dramatically impede their ability to do so. Ensuring appropriate attention and support for the needs of users should therefore be seen as a vital element of a successful security strategy. People at all levels (i.e. from organisations to domestic environments; from system administrators to end-users) need to understand security concepts, how the issues may apply to them, and how to use the available technology to protect their systems. In addition, the technology itself can make a contribution by reducing the demands upon users, simplifying protection measures, and automating a variety of safeguards. With the above in mind, this symposium specifically addresses information security issues that relate to people. It concerns the methods that inform and guide users' understanding of security, and the technologies that can benefit and support them in achieving protection. The symposium welcomes papers addressing research and case studies in relation to any aspect of information security that pertains to the attitudes, perceptions and behaviour of people, and how human characteristics or technologies may be positively modified to improve the level of protection. Indicative themes include:
ECTCM 2015 3rd International Workshop on Emerging Cyberthreats and Countermeasures, Held in conjunction with the 10th International Conference on Availability, Reliability and Security (ARES 2015), Toulouse, France, August 24-28, 2015. (Submission Due 31 March 2015)
The 3rd International Workshop on Emerging Cyberthreats and Countermeasures aims at bringing together researchers and practitioners working in different areas related to cybersecurity. In the elapsed year 2014 bleeding hearts, shocked shells, poodles and several more shocking vulnerabilities in essential parts of our IT (security) infrastructure emerged. We want to contribute to all technical, organizational and social facets of this problem. Contributions demonstrating current vulnerabilities and threats as well as new countermeasures are warmly welcome.
IEEE Transactions on Cloud Computing, Special Issue on Cloud Security Engineering. (Submission Due 31 March 2015)
Editors: Kim-Kwang Raymond Choo (University of South Australia, Australia),
Omer Rana (Cardiff University, UK),
and Muttukrishnan Rajarajan (City University London, UK).
As the use of cloud computing grows throughout society in general, it is essential that cloud service providers and cloud service users ensure that security and privacy safeguards are in place. There is, however, no perfect security and when a cybersecurity incident occurs, digital investigation will require the identification, preservation and analysis of evidential data. This special issue is dedicated to the identification of techniques that enable security mechanisms to be engineered and implemented in Cloud-based systems. A key focus will be on the integration of theoretical foundations with practical deployment of security strategies that make Cloud systems more secure for both end users and providers - enabling end users to increase the level of trust they have in Cloud providers - and conversely for Cloud service providers to provide greater guarantees to end users about the security of their services and data. Significant effort has been invested in performance engineering of Cloud-based systems, with a variety of research-based and commercial tools that enable autoscaling of Cloud systems, mechanisms for supporting Service Level Agreement-based provisioning and adaptation and more recently for supporting energy management of large scale data centres. This special issue will be devoted to understanding whether a similar engineering philosophy can be extended to support security mechanisms, and more importantly, whether experience from the performance engineering community (who often need to carry out analysis on large log files) can be carried over into the security domain. We encourage authors to be exploratory in their papers - reporting on novel use of performance engineering tools that could be repurposed for supporting security management and vice versa. Topics of interest include:
Globecom-CISS 2015 IEEE Globecom 2015, Communication & Information System Security Symposium, San Diego, CA, USA, December 6-10, 2015. (Submission Due 1 April 2015)
As communication and information systems become more indispensable to the society, their security has also become extremely critical. This symposium welcomes manuscripts on all aspects of the modeling, design, implementation, deployment, and management of security algorithms, protocols, architectures, and systems. Furthermore, contributions devoted to the evaluation, optimization, or enhancement of security and privacy mechanisms for current technologies, as well as devising efficient security and privacy solutions for emerging areas, from physical-layer technology up to cyber security, are solicited. The Communication & Information Systems Security Symposium seeks original contributions in the following topical areas, plus others that are not explicitly listed but are closely related:
RT2ND 2015 International Workshop on Risk and Trust in New Network Developments, Held in conjunction with the 10th International Conference on Availability, Reliability and Security (ARES 2015), Toulouse, France, August 24-28, 2015. (Submission Due 1 April 2015)
The drive of being connected anywhere and anytime, the convenience of smart services, and advances in embedded computing have recently pushed new network developments. Several factors have contributed to this development, e.g., hardware advances (devices are smaller, more powerful, and batteries last longer), the heterogeneity of end-points (a range of devices and "intelligent things"), different architectures (networks of networks, self-configuring, opportunistic and ad-hoc networks), enhancements in technology (mobile, wireless, Bluetooth, RFID, NFC) and the ever more networked society (devices are increasingly affordable and ubiquitous). Such developments have created new network paradigms such as Vehicular Networks, Body Area Networks, Personal Area Networks, Smart Camera Networks, Virtualized Networks, Service-oriented Networks, Home Area Networks, and Named Data Networks. Novelties in network architectures, technologies and applications raise numerous challenges in terms of risk and trust, and in the trade-off between them. This workshop aims to bring together researchers and practitioners, and foment discussion on risk and trust in emerging networks and how to best defend against their misuse. We encourage different types of contributions - surveys, technical and empirical contributions.
WSDF 2015 8th International Workshop on Digital Forensics, Held in conjunction with the 10th International Conference on Availability, Reliability and Security (ARES 2015), Toulouse, France, August 24-28, 2015. (Submission Due 1 April 2015)
Digital forensics is a rapidly evolving field primarily focused on the extraction, preservation and analysis of digital evidence obtained from electronic devices in a manner that is legally acceptable. Research into new methodologies tools and techniques within this domain is necessitated by an ever-increasing dependency on tightly interconnected, complex and pervasive computer systems and networks. The ubiquitous nature of our digital lifestyle presents many avenues for the potential misuse of electronic devices in crimes that directly involve, or are facilitated by, these technologies. The aim of digital forensics is to produce outputs that can help investigators ascertain the overall state of a system. This includes any events that have occurred within the system and entities that have interacted with that system. Due care has to be taken in the identification, collection, archiving, maintenance, handling and analysis of digital evidence in order to prevent damage to data integrity. Such issues combined with the constant evolution of technology provide a large scope of digital forensic research. WSDF aims to bring together experts from academia, industry, government and law enforcement who are interested in advancing the state of the art in digital forensics by exchanging their knowledge, results, ideas and experiences. The aim of the workshop is to provide a relaxed atmosphere that promotes discussion and free exchange of ideas while providing a sound academic backing. The focus of this workshop is not only restricted to digital forensics in the investigation of crime. It also addresses security applications such as automated log analysis, forensic aspects of fraud prevention and investigation, policy and governance.
PST 2015 International Conference on Privacy, Security and Trust, Izmir, Turkey, July 21-23, 2015. (Submission Due 1 April 2015)
This conference, the thirteenth in an annual series, provides a forum for researchers world-wide to unveil their latest work in privacy, security and trust and to show how this research can be used to enable innovation. High-quality papers in all PST related areas that, at the time of submission, are not under review and have not already been published or accepted for publications elsewhere are solicited. PST2015 topics include, but are NOT limited to, the following:
10th IFIP Summer School on Privacy and Identity Management - Time for a Revolution?, Edinburgh, Scotland, August 16-21, 2015. (Submission Due 1 April 2015)
The Summer School takes a holistic approach to society and technology and supports interdisciplinary exchange through keynote and plenary lectures, tutorials, workshops, and research paper presentations. In particular, participants' contributions that combine technical, legal, regulatory, socio-economic, social or societal, political, ethical, anthropological, philosophical, or psychological perspectives are welcome. The school seeks contributions in the form of research papers, tutorials, and workshop proposals from all disciplines (e.g., computer science, informatics, economics, ethics, law, psychology, sociology, political and other social sciences, surveillance studies, business and public management), and is especially inviting contributions from students who are at the stage of preparing either a master's or a PhD thesis. Topics of interest include, but are not limited to:
SPE 2015 IEEE 5th International Workshop on Security and Privacy Engineering, Co-located with 11th IEEE World Congress on Services (SERVICES 2015), New York, NY, USA, June 27 - July 2, 2015. (Submission Due 1 April 2015)
Built upon the success of spectrum of conferences within the IEEE World Congress on Services and the Security and Privacy Engineering workshop, IEEE Security and Privacy Engineering (SPE 2015) theme is a unique place to exchange ideas of engineering secure systems in the context of service computing, cloud computing, and big data analytics. The emphasis on engineering in security and privacy of services differentiates the theme from other traditional prestigious security and privacy workshops, symposiums, and conferences. The practicality and value realization are examined by practitioners from leading industries as well as scientists from academia. In line with the engineering spirit, we solicit original papers presenting real solutions and visions on building secure service systems that can be applied to government procurement, digital medical records, cloud environments, social networking for business purposes, multimedia application, mobile commerce, education, and the like. Potential contributions could cover, but are not limited to, methodologies, protocols, tools, or verification and validation techniques. We also welcome review papers that analyze critically the status of current Security and Privacy (S&P) in a specific area. Papers from practitioners who encounter security and privacy problems and seek understanding are also welcome. Topics of interests of SPE 2015 include, but are not limited to:
ESORICS 2015 20th European Symposium on Research in Computer Security, Vienna, Austria, September 23-25, 2015. (Submission Due 4 April 2015)
ESORICS is the annual European research event in Computer Security. The Symposium started in 1990 and has been held in several European countries, attracting a wide international audience from both the academic and industrial communities. Papers offering novel research contributions in computer security are solicited for submission to the Symposium. The primary focus is on original, high quality, unpublished research and implementation experiences. We encourage submissions of papers discussing industrial research and development. Topics of interest include, but are not limited to:
WISTP 2015 9th WISTP International Conference on Information Security Theory and Practice, Crete, Greece, August 24-25, 2015. (Submission Due 10 April 2015)
Future ICT technologies, such as the concepts of Ambient Intelligence, Cyber-physical Systems, and Internet of Things provide a vision of the Information Society in which: a) people and physical systems are surrounded with intelligent interactive interfaces and objects, and b) environments are capable of recognising and reacting to the presence of different individuals or events in a seamless, unobtrusive, and invisible manner. The success of future ICT technologies will depend on how secure these systems are and to what extent they protect the privacy of individuals and individuals trust them. In 2007, Workshop in Information Security Theory and Practice (WISTP) was created as a forum for bringing together researchers and practitioners in related areas and to encourage interchange and cooperation between the research community and the industrial/consumer community. Based on the growing interest of the participants, 2015 edition is becoming a conference - The 9th WISTP International Conference on Information Security Theory and Practice (WISTP'2015). WISTP 2015 seeks original submissions from academia and industry presenting novel research on all theoretical and practical aspects of security and privacy, as well as experimental studies of fielded systems, the application of security technology, the implementation of systems, and lessons learned. We encourage submissions from other communities such as law, business, and policy that present these communities' perspectives on technological issues. Topics of interest include, but are not limited to:
FCS 2015 Workshop on Foundations of Computer Security, Held in conjunction with IEEE CSF 2015, Verona, Italy, July 13, 2015. (Submission Due 10 April 2015)
Computer security is an established field of both theoretical and practical significance. In recent years, there has been sustained interest in the formal foundations of methods used in computer security. The aim of the FCS 2015 workshop is to provide a forum for continued activity in this area. The scope of FCS 2015 includes, but is not limited to, the formal specification, analysis, and design of cryptographic protocols and their applications; the formal definition of various aspects of security such as access control mechanisms, mobile code security and denial-of-service attacks; the modelling of information flow and its application to confidentiality policies, system composition, and covert channel analysis. We are interested both in new theoretical results in computer security and also in more exploratory presentations that examine open questions and raise fundamental concerns about existing theories, as well as in new results on developing and applying automated reasoning techniques and tools for the formal specification and analysis of security protocols. We thus solicit submission of papers both on mature work and on work in progress. Please note that FCS has no published proceedings. Presenting a paper at the workshop should not preclude submission to or publication in other venues. Papers presented at the workshop will be made publicly available, but this will not constitute an official proceedings.
NSS 2015 9th International Conference on Network and System Security, New York City, NY, USA, November 3-5, 2015. (Submission Due 15 April 2015)
NSS is an annual international conference covering research in network and system security. The conference seeks submissions from academia, industry, and government presenting novel research on all theoretical and practical aspects of network security, privacy, applications security, and system security. Papers describing case studies, implementation experiences, and lessons learned are also encouraged. Topics of interest include but are not limited to:
CNS 2015 3rd IEEE Conference on Communications and Network Security, Florence, Italy, September 28-30, 2015. (Submission Due 24 April 2015)
IEEE Conference on Communications and Network Security (CNS) is a new conference series in IEEE Communications Society (ComSoc) core conference portfolio and the only ComSoc conference focusing solely on cyber security. IEEE CNS is also a spin-off of IEEE INFOCOM, the premier ComSoc conference on networking. The goal of CNS is to provide an outstanding forum for cyber security researchers, practitioners, policy makers, and users to exchange ideas, techniques and tools, raise awareness, and share experience related to all practical and theoretical aspects of communications and network security. Building on the success of the past two years' conferences, IEEE CNS 2015 seeks original high-quality technical papers from academia, government, and industry. Topics of interest encompass all practical and theoretical aspects of communications and network security, all the way from the physical layer to the various network layers to the variety of applications reliant on a secure communication substrate. Submissions with main contribution in other areas, such as information security, software security, system security, or applied cryptography, will also be considered if a clear connection to secure communications/networking is demonstrated. Particular topics of interest include, but are not limited to:
Editors: Kim-Kwang Raymond Choo (University of South Australia, Australia),
Josep Domingo-Ferrer (Universitat Rovira i Virgili, Catalonia),
and Lei Zhang (East China Normal University, China)
Cloud computing is widely used by organisations and individuals. Despite the popularity of cloud computing, cloud security is still an area needing further research. A particularly promising approach to achieve security in this new computing paradigm is through cryptography, but traditional cryptographic techniques are not entirely suitable for cloud implementation due to computational efficiency limitations and other constraints. This special issue is dedicated to providing both scientists and practitioners with a forum to present their recent research on the use of novel cryptography techniques to improve the security of the underlying cloud architecture or ecosystem, particularly research that integrates both theory and practice. For example, how do we design an efficient cloud cryptography system that offers enhanced security without compromising on usability and performance? An efficient fully homomorphic encryption scheme might be an option. Such a scheme should guarantee that the cloud service provider is unable to view the content of the data he stores (thereby ensuring data confidentiality to users). However, sufficiently efficient fully homomorphic encryption is not yet available. We encourage authors to be exploratory in their submissions - that is, to report on advances beyond the state of the art in research and development of cryptographic techniques that result in secure and efficient means of ensuring security and privacy of cloud data. Topics of interest include but are not limited to:
CRITIS 2015 10th International Conference on Critical Information Infrastructures Security, Berlin, Germany, October 5-7, 2015. (Submission Due 10 May 2015)
CRITIS 2015 has four foci. Topic category 1, Resilience and protection of cyber-physical systems, covers advances in the classical CIIP sectors telecommunication, cyber systems and electricity infrastructures. Topic category 2 focuses on advances in C(I)IP policies and best practices in C(I)IP specifically from stakeholders' perspectives. In topic category 3, general advances in C(I)IP, we are explicitly inviting contributions from additional infrastructure sectors like energy, transport, and smart built infrastructure) and cover also cross-sector CI(I)P aspects. In 2013, the CRITIS series of conferences has started to foster contributions from young experts and researchers ("Young CRITIS"), and in 2014 this has been reinforced by the first edition of the CIPRNet Young CRITIS Award (CYCA). We will continue both activities at CRITIS 2015, since our demanding multi-disciplinary field of research requires open-minded talents.
ACM-CCS 2015 22nd ACM Conference on Computer and Communications Security, Denver, Colorado, USA, October 12-16, 2015. (Submission Due 15 May 2015)
The ACM Conference on Computer and Communications Security (CCS) is the flagship annual conference of the Special Interest Group on Security, Audit and Control (SIGSAC) of the Association for Computing Machinery (ACM). The conference brings together information security researchers, practitioners, developers, and users from all over the world to explore cutting-edge ideas and results. It provides an environment to conduct intellectual discussions. From its inception, CCS has established itself as a high standard research conference in its area.
IEICE Transactions on Information and Systems, Special Issue on Information and Communication System Security. (Submission Due 22 May 2015)
Editors: Toshihiro Yamauchi (Okayama University, Japan),
Yasunori Ishihara (Osaka University, Japan),
and Atsushi Kanai (Hosei University, Japan).
The major topics include, but are not limited to:
IEEE Transactions on Services Computing, Special Issue on Security and Dependability of Cloud Systems and Services. (Submission Due 31 May 2015)
Editors: Marco Vieira (University of Coimbra, Portugal)
and Stefano Russo (Università di Napoli Federico II, Italy).
Service-based cloud systems are being used in business-, mission- and safety-critical scenarios to achieve operational goals. Their characteristics of complexity, heterogeneity, and fast-changing dynamics bring difficult challenges to the research and industry communities. Among them, security and dependability (Sec. & Dep.) have been widely identified as increasingly relevant issues. Crucial aspects to be addressed include: metrics, techniques and tools for assessing Sec. & Dep.; modeling and evaluation of the impact of accidental and malicious threats; failure and recovery analysis; Sec. & Dep. testing, testbeds, benchmarks; infrastructure interdependencies, interoperability in presence of Sec. & Dep. guarantees. The objective of this Special Issue is to bring together sound original contributions from researchers and practitioners on methodologies, techniques and tools to assess or improve the security and dependability of cloud systems and services. Suggested topics include, but are not limited to:
ICISS 2015 11th International Conference on Information Systems Security, Kolkata, India, December 16-20, 2015. (Submission Due 29 July 2015)
The conference series ICISS (International Conference on Information Systems Security), held annually, provides a forum for disseminating latest research results in information and systems security. ICISS 2015, the eleventh conference in this series, will be held under the aegis of the Society for Research in Information Security and Privacy (SRISP). Submissions are encouraged from academia, industry and government, addressing theoretical and practical problems in information and systems security and related areas. Topics of interest include but are not limited to:
Editors: Jemal Abawajy (Deakin University, Australia), Kim-Kwang Raymond Choo (University of South Australia, Australia), and Rafiqul Islam (Charles Sturt University, Australia). This special issue invites original research papers that reports on state-of-the-art and recent advancements in securing our critical infrastructure and cyberspace, with a particular emphasis on novel techniques to build resilient critical information infrastructure. Topics of interest include but are not limited to:
Staying in touch....
IEEE Computer Society's Technical Committee on Security and Privacy
|TC home page||TC Officers|
|How to join the TCSP||TC publications available online|
|TC Publications for sale||Cipher past issues archive|