Commentary and Opinion and News
Richard Austin's review
of Phishing Dark Waters: The Offensive and Defensive Use of Malicious E-mails by
Christopher Hadnagy and Michele Fincher
Announcements and correspondence from readers (please contribute!)
Richard Austin's review of Phishing Dark Waters: The Offensive and Defensive Use of Malicious E-mails by Christopher Hadnagy and Michele Fincher
NewsBits: Announcements and correspondence from readers (please contribute!)
Listing of academic positions available by
New since Cipher E132:
Posted Jul 2016
Lancaster University, UK (Security Research Centre)
Lecturer (Assistant Professor in North American System) in Cyber Security
Application deadline: 30 September 2016
Posted Jul 2016
Lancaster University, UK (Security Research Centre)
Senior Research Associate/Research Associate - Human Aspects of Security in the Internet of Things
Application deadline: 21 August 2016
Posted Jul 2016
Lancaster University, UK (Security Research Centre)
Senior Research Associate/Research Associate - Dynamically Adaptive Security Policies
Application deadline: 21 August 2016
Posted Jun 2016
University of Twente
Enschede, The Netherlands
Assistant Professor in Systems Security
Application deadline: 5 August 2016
Conference and Workshop Announcements
Cipher calendar announcements are on Twitter; follow "ciphernews"
new calls or announcements added since Cipher E132 (the calls-for-papers and the calendar announcements may differ slightly in content or time of update):
WISCS 2016 3rd ACM Workshop on Information Sharing and Collaborative Security, Held in conjunction with 23rd ACM Conference on Computer and Communications Security (CCS 2016), Hofburg Palace, Vienna, Austria, October 24, 2016. (Submission Due 22 July 2016)
Sharing of cyber-security related information is believed to greatly enhance the ability of organizations to defend themselves against sophisticated attacks. If one organization detects a breach sharing associated security indicators (such as attacker IP addresses, domain names, file hashes etc.) provides valuable, actionable information to other organizations. The analysis of shared security data promises novel insights into emerging attacks. Sharing higher level intelligence about threat actors, the tools they use and mitigations provides defenders with much needed context for better preparing and responding to attacks. In the US and the EU major efforts are underway to strengthen information sharing. Yet, there are a number of technical and policy challenges to realizing this vision. Which information exactly should be shared? How can privacy and confidentiality be protected? How can we create high-fidelity intelligence from shared data without getting overwhelmed by false positives? The 3rd Workshop on Information Sharing and Collaborative Security (WISCS 2016) aims to bring together experts and practitioners from academia, industry and government to present innovative research, case studies, and legal and policy issues. The workshop solicits original research papers in these areas, both full and short papers.
WIFS 2016 8th IEEE International Workshop on Information Forensics and Security, Abu Dhabi, UAE, December 4-7, 2016. (Submission Due 24 July 2016)
WIFS is the flagship workshop on information forensics and security organised by IEEE signal processing society. Its major objective is to bring together researchers from relevant disciplines to exchange latest results and to discuss emerging challenges in different areas of information security. Topics of interest include, but are not limited to:
TrustED 2016 6th International Workshop on Trustworthy Embedded Devices, Held in conjunction with 23rd ACM Conference on Computer and Communications Security (CCS 2016), Hofburg Palace, Vienna, Austria, October 28, 2016. (Submission Due 27 July 2016)
TrustED considers selected security and privacy (S&P) aspects of cyber physical systems and their environments, which influence trust and trust establishment in such environments. A major theme of TrustED 2016 will be security and privacy aspects of the Internet of Things Paradigm. The IoTs promises to make reality Mark Weisser's vision of ubiquitous computation set out in his 1991 influential paper. Yet to make such vision successful, it is widely acknowledged that security of super large distributed systems has to be guaranteed and the privacy of the collected data protected. Submissions exploring new paradigms to assure security and privacy in the IoTs are thus strongly encouraged. The workshop topics include but are not limited to:
CCSW 2016 8th ACM Cloud Computing Security Workshop, Held in conjunction with 23rd ACM Conference on Computer and Communications Security (CCS 2016), Hofburg Palace, Vienna, Austria, October 28, 2016. (Submission Due 27 July 2016)
Cloud computing is a dominant trend in computing for the foreseeable future; e.g., major cloud operators are now estimated to house over a million machines each and to host substantial (and growing) fractions of our IT and web infrastructure. CCSW is a forum for bringing together researchers and practitioners to discuss the implications of this trend to the security of cloud operators, tenants, and the larger Internet community. We invite submissions on new threats, countermeasures, and opportunities brought about by the move to cloud computing, with a preference for unconventional approaches, as well as measurement studies and case studies that shed light on the security implications of clouds.
CPS-SPC 2016 2nd ACM Workshop on Cyber-Physical Systems Security & Privacy, Held in conjunction with 23rd ACM Conference on Computer and Communications Security (CCS 2016), Hofburg Palace, Vienna, Austria, October 28, 2016. (Submission Due 27 July 2016)
Cyber-Physical Systems (CPS) integrate computing and communication capabilities with monitoring and control of entities in the physical world. These systems are usually composed of a set of networked agents, including sensors, actuators, control processing units, and communication devices. While some forms of CPS are already in use, the widespread growth of wireless embedded sensors and actuators is creating several new applications in areas such as medical devices, autonomous vehicles, and smart infrastructure, and is increasing the role that the information infrastructure plays in existing control systems such as in the process control industry or the power grid. Many CPS applications are safety-critical: their failure can cause irreparable harm to the physical system under control, and to the people who depend, use or operate it. In particular, critical cyber-physical infrastructures such as the electric power generation, transmission and distribution grids, oil and natural gas systems, water and waste-water treatment plants, and transportation networks play a fundamental and large-scale role in our society and their disruption can have a significant impact to individuals, and nations at large. Securing these CPS infrastructures is therefore vitally important. Similarly because many CPS systems collect sensor data non-intrusively, users of these systems are often unaware of their exposure. Therefore in addition to security, CPS systems must be designed with privacy considerations. To address some of these issues, we invite original research papers on the security and/or privacy of Cyber-Physical Systems. We seek submissions from multiple interdisciplinary backgrounds tackling security and privacy issues in CPS.
ICISS 2016 12th International Conference on Information Systems Security, Jaipur, India, December 16-20, 2016. (Submission Due 29 July 2016)
The ICISS Conference held annually, provides a forum for disseminating latest research results in information and systems security. Like previous years, proceedings of the conference will be published as part of the Springer Verlag series of Lecture Notes in Computer Science. Submissions are encouraged from academia, industry and government, addressing theoretical and practical problems in information and systems security and related areas. Topics of interest include but are not limited to:
IEEE EuroSP 2017 2nd IEEE European Symposium on Security and Privacy, Paris, France, April 26-28, 2017. (Submission Due 4 August 2016)
The IEEE European Symposium on Security and Privacy (EuroS&P) is the European sister conference of the established IEEE S&P symposium. It is a premier forum for computer security research, presenting the latest developments and bringing together researchers and practitioners. We solicit previously unpublished papers offering novel research contributions in any aspect of security or privacy. Papers may present advances in the theory, design, implementation, analysis, verification, or empirical evaluation and measurement of secure systems. Papers that shed new light on past results by means of sound of theory or thorough experimentation are also welcome. Topics of interest include:
NDSS 2017 Network and Distributed System Security Symposium, San Diego, California, USA, February 26 - March 1, 2017. (Submission Due 12 August 2016)
The Network and Distributed System Security Symposium fosters information exchange among researchers and practitioners of network and distributed system security. The target audience includes those interested in practical aspects of network and distributed system security, with a focus on actual system design and implementation. A major goal is to encourage and enable the Internet community to apply, deploy, and advance the state of available security technologies. Technical papers and panel proposals are solicited. All submissions will be reviewed by the Program Committee and accepted submissions will be published by the Internet Society in the Proceedings of NDSS 2017. The Proceedings will be made freely accessible from the Internet Society webpages. Furthermore, permission to freely reproduce all or parts of papers for noncommercial purposes is granted provided that copies bear the Internet Society notice included in the first page of the paper. The authors are therefore free to post the camera-ready versions of their papers on their personal pages and within their institutional repositories. Reproduction for commercial purposes is strictly prohibited and requires prior consent. Submissions are solicited in, but not limited to, the following areas:
GenoPri 2016 3rd International Workshop on Genome Privacy and Security, Held in conjunction with the AMIA 2016 Annual Symposium, Chicago, IL, USA, November 12, 2016. (Submission Due 22 August 2016)
Over the past several decades, genome sequencing technologies have evolved from slow and expensive systems that were limited in access to a select few scientists and forensics investigators to high-throughput, relatively low-cost tools that are available to consumers. A consequence of such technical progress is that genomics has become one of the next major challenges for privacy and security because (1) genetic diseases can be unveiled, (2) the propensity to develop specific diseases (such as Alzheimer's) can be revealed, (3) a volunteer, accepting to have his genomic code made public, can leak substantial information about his ethnic heritage and the genomic data of his relatives (possibly against their will), and (4) complex privacy issues can arise if DNA analysis is used for criminal investigations and medical purposes. As genomics is increasingly integrated into healthcare and "recreational" services (e.g., ancestry testing), the risk of DNA data leakage is serious for both individuals and their relatives. Failure to adequately protect such information could lead to a serious backlash, impeding genomic research, that could affect the well-being of our society as a whole. This prompts the need for research and innovation in all aspects of genome privacy and security, as suggested by the non-exhaustive list of topics on the workshop website.
IEICE Transactions on Information and Systems, Special Section on Information and Communication System Security, (Submission Due 25 August 2016)
Guest Editors: Yasunori Ishihara (Osaka University, Japan), Atsushi Kanai (Hosei University, Japan),
Kazuomi Oishi (Shizuoka Institute of Science and Technology, Japan),
and Yoshiaki Shiraishi (Kobe University, Japan)
The IEICE Transactions on Information and Systems, which is included in SCIE (Science Citation Index Expanded), announces that it will publish a special section entitled "Special Section on Information and Communication System Security" in August, 2017. The major topics include, but are not limited to:
IFIP 119 DF 2017 13th Annual IFIP WG 11.9 International Conference on Digital Forensics, Orlando, Florida, USA, January 30-February 1, 2017. (Submission Due 16 September 2016)
The IFIP Working Group 11.9 on Digital Forensics (www.ifip119.org) is an active international community of scientists, engineers and practitioners dedicated to advancing the state of the art of research and practice in digital forensics. The Thirteenth Annual IFIP WG 11.9 International Conference on Digital Forensics will provide a forum for presenting original, unpublished research results and innovative ideas related to the extraction, analysis and preservation of all forms of electronic evidence. Papers and panel proposals are solicited. All submissions will be refereed by a program committee comprising members of the Working Group. Papers and panel submissions will be selected based on their technical merit and relevance to IFIP WG 11.9. The conference will be limited to approximately sixty participants to facilitate interactions between researchers and intense discussions of critical research issues. Keynote presentations, revised papers and details of panel discussions will be published as an edited volume - the eleventh volume in the well-known Research Advances in Digital Forensics book series (Springer, Heidelberg, Germany) during the summer of 2017. Technical papers are solicited in all areas related to the theory and practice of digital forensics. Areas of special interest include, but are not limited to:
IEEE Communications Magazine, Feature Topic on Traffic Measurements for Cyber Security, (Submission Due 1 October 2016)
Guest Editors: Wojciech Mazurczyk (Warsaw University of Technology, Poland),
Koji Nakao (KDDI / NICT, Japan), Maciej Korczyski (Delft University of Technology, The Netherlands),
Engin Kirda (Northeastern University, USA), Cristian Hesselman (SIDN Labs, The Netherlands),
and Katsunari Yoshioka (Yokohama National University, Japan)
In today's world, societies are becoming more and more dependent on open networks such as the Internet - where commercial activities, business transactions and government services are realized. This has led to the fast development of new cyber threats and numerous information security issues which cyber criminals exploit. The inability to provide trusted secure services in contemporary computer network technologies has a tremendous unfavorable socio-economic impact on global enterprises as well as individuals.
Current communication networks are increasingly becoming pervasive, complex, and ever-evolving due to factors like enormous growth in the number of network users, continuous appearance of network applications, increasing amount of data transferred, and diversity of user behaviors. Understanding and measuring traffic in such networks is a not only difficult yet vital task for network management but recently also for cyber security purposes.
Network traffic measuring and monitoring can, enable the analysis of the spreading of malicious software and its capabilities or can help us understand the nature of various network threats including those that exploit users' behavior and other user's sensitive information. On the other hand, network traffic investigation can also help us assess the effectiveness of the existing countermeasures or contribute to building new, better ones. Recently, traffic measurements have been utilized in the area of economics of cyber security e.g. to assess ISP "badness" or to estimate the revenue of cyber criminals.
The aim of this feature topic is to bring together the research accomplishments by academic and industry researchers. The other goal is to show the latest research results in the field of cyber security and understand how traffic measurements can influence it. We encourage prospective authors to submit related distinguished research papers on the subject of both theoretical approaches and practical case reviews.
This special issue presents some of the most relevant ongoing research in cyber security seen from the traffic measurements perspective. Topics include, but are not limited to the following:
INTRICATE-SEC 2017 5th International Workshop on Security Intricacies in Cyber-Physical Systems and Services, Taipei, Taiwan, March 27-29, 2017. (Submission Due 1 October 2016)
Cyber-physical systems (CPS) are ubiquitous in critical infrastructures such as electrical power generation, transmission, and distribution networks, water management, and transportation, but also in both industrial and home automation. For flexibility, convenience, and efficiency, CPS are increasingly supported by commodity hardware and software components that are deliberately interconnected using open standard general purpose information and communication technology (ICT). The long life-cycles of CPS and increasingly incremental changes to these systems require novel approaches to the composition and inter-operability of services provided. The paradigm of service-oriented architectures (SoA) has successfully been used in similar long-lived and heterogeneous software systems. However, adapting the SoA paradigm to the CPS domain requires maintaining the security, reliability and privacy properties not only of the individual components but also, for complex interactions and service orchestrations that may not even exist during the initial design and deployment of an architecture. An important consideration therefore is the design and analysis of security mechanisms and architectures able to handle cross domain inter-operability over multiple domains involving components with highly heterogeneous capabilities. The INTRICATE-SEC workshop aims to provide a platform for academics, industry, and government professionals to communicate and exchange ideas on provisioning secure CPS and Services.
The Technical Committee on Security and Privacy
Staying in touch....
Changing your email address? Please send updates to email@example.com
IEEE Computer Society's Technical Committee on Security and Privacy
|TC home page||TC Officers|
|How to join the TCSP (or other TCs)||Open Access Proceedings|
|Cipher past issues archive|