Electronic CIPHER, Issue 151, September 23, 2019 _/_/_/_/ _/_/_/ _/_/_/_/ _/ _/ _/_/_/_/ _/_/_/_/ _/ _/ _/ _/ _/ _/ _/ _/ _/ _/ _/ _/_/_/_/ _/_/_/_/ _/_/ _/_/_/_/ _/ _/ _/ _/ _/ _/ _/ _/ _/_/_/_/ _/_/_/ _/ _/ _/ _/_/_/_/ _/ _/ ============================================================================ Newsletter of the IEEE Computer Society's TC on Security and Privacy Electronic Issue 151 September 23, 2019 Hilarie Orman, Editor Sven Dietrich, Assoc. Editor cipher-editor @ ieee-security.org cipher-assoc-editor @ ieee-security.org Sven Dietrich Yong Guan Book Review Editor Calendar Editor cipher-bookrev @ ieee-security.org cipher-cfp @ ieee-security.org ============================================================================ The newsletter is also at http://www.ieee-security.org/cipher.html Cipher is published 6 times per year Contents: * Letter from the Editor * Commentary and Opinion and News o News items - Read my contacts! - Elections security, sure, whatever - Auditable Elections, Free Technology o Book reviews, Conference Reports and Commentary and News items from past Cipher issues are available at the Cipher website * List of Computer Security Academic Positions, by Cynthia Irvine * Conference and Workshop Announcements o Upcoming calls-for-papers and events * Staying in Touch o Information for subscribers and contributors o Recent address changes * Links for the IEEE Computer Society TC on Security and Privacy o Becoming a member of the TC o TC Officers o TC publications for sale ==================================================================== Letter from the Editor ==================================================================== Dear Readers: Next year's conference season for IEEE TCSP events will certainly feature the usual stellar lineup of research. The submission deadline for the European Security and Privacy Symposium is November 20, so if you want to have a chance at that venue, get the papers ready now. The flagship event, the Security and Privacy Symposium, has a rolling deadline, but to have the paper included in the 2020 proceedings, time is tight. To meet that deadline, the authors will have to respond to any reviewer recommendations with a couple of months. Workshop proposals for that symposium are due at the end of September. The venerable Computer Security Foundations Symposium has two deadlines: fall and winter. The fall deadline for the 2020 symposium is October 4, and the winter deadline is February 7, 2020. We have two news articles about security for elections. The US presidential election in 2020 is the subject of great concern because of problems surrounding the 2016 election. Policy, politics, and technology need to find common ground to make elections safe again. Autumn in the Cloud When the frost is on the punkin and the comm ports all have locks, And you hear the hard drive spinning while seeking data blocks, And the fan blades all are whirring cooling memories in their zones, And no alarms are beeping, and there's silence on their tones; It's them's the times a sysadmin is feeling at his best, With the rising sun to greet him from a night of peaceful rest, As he reads the logs devoid of any probes or DDoS knocks, When the frost is on the punkin and the comm ports all have locks. (With apologies to James Whitcomb Riley) Hilarie Orman cipher-editor @ ieee-security.org ==================================================================== News Briefs ==================================================================== Read my contacts A flaw in iOS 13 can expose your contact details, even though Apple was alerted about the problem in July https://www.cnn.com/2019/09/19/tech/apple-ios13-vulnerability/index.html CNN Business By Donie O'Sullivan September 19, 2019 Summary: A researcher based in the Canary Islands alerted Apple to a flaw in iOS 13 that allows anyone who has physical possession of a device to read the contacts list without needing a passcode or facial recognition. He talked to Apple about the problem, and he became concerned that the company would not release an immediate fix. Therefore, he went public with the information. Apple has a scheduled update to iOS 13 on September 24. --------------------- Election Security, sure, whatever After Resisting, McConnell and Senate G.O.P. Back Election Security Funding https://www.nytimes.com/2019/09/19/us/politics/mcconnell-election-security.html The New York Times By Carl Hulse Sept. 19, 2019 Summary: The US Senate has proposed $250M to to reassure the public that the states will have the resources they needed to protect the integrity of their elections. After rejecting similar measures as being partisan, Senate Majority Leader Mitch McConnell backed a new proposal, saying that it was safe from feared Federal regulation that Democrats might have imposed. --------------------- Auditable Elections, Free Technology https://www.wraltechwire.com/2019/05/06/election-guard-microsoft-unveils-software-it-says-will-safeguard-elections/ 'Election Guard:' Microsoft unveils software it says will safeguard elections WRAL Techwire by Staff, wire reports May 6, 2019 Summary: Microsoft announced a software suite intended as a tool for safeguarding the integrity of paper-based US elections. The blogpost by Tom Burt, Corporate Vice President, Customer Security & Trust at Microsoft, described the suite as a tool that can be used by the existing election community. The open source system uses cryptography to ensure that an election audit can be carried out with confidence in the result. Microsoft will provide a deeply discounted version of the Office 365 application suite for political parties and campaigns. The product, Election Guard, is based on ideas developed by Microsoft's senior cryptographer, Josh Benaloh. He has been working on election security technology for 30 years. --------------------- News briefs from past issues of Cipher are archived at http://www.ieee-security.org/Cipher/NewsBriefs.html ==================================================================== Listing of academic positions available by Cynthia Irvine ==================================================================== Nothing new since Cipher E150 http://cisr.nps.edu/jobscipher.html -------------- This job listing is maintained as a service to the academic community. If you have an academic position in computer security and would like to have in it included on this page, send the following information: Institution, City, State, Position title, date position announcement closes, and URL of position description to: irvine@cs.nps.navy.mil ==================================================================== Conference and Workshop Announcements ==================================================================== The complete Cipher Calls-for-Papers is located at http://www.ieee-security.org/CFP/Cipher-Call-for-Papers.html The Cipher event Calendar is at http://www.ieee-security.org/Calendar/cipher-hypercalendar.html Cipher calendar entries are announced on Twitter; follow ciphernews Requests for inclusion in the list should sent per instructions: http://www.ieee-security.org/Calendar/submitting.html ____________________________________________________________________ Cipher Event Calendar ____________________________________________________________________ Calendar of Security and Privacy Related Events maintained by Hilarie Orman Date (Month/Day/Year), Event, Locations, web page for more info. 9/23/19- 9/27/19: ESORICS, 24th European Symposium on Research in Computer Security, Luxembourg; https://esorics2019.uni.lu 9/23/19- 9/25/19: RAID, International Symposium on Research in Attacks, Intrusions and Defenses, Beijing, China; http://www.raid-2019.org/callForPapers.html 9/23/19- 9/25/19: CRITIS, 14th International Conference on Critical Information Infrastructures Security, Linkoping, Sweden; https://critis2019.on.liu.se/ 9/23/19- 9/27/19: ETAA, 2nd International Workshop on Emerging Technologies for Authorization and Authentication, Held in conjunction with ESORICS 2019, Luxemburg; https://www.iit.cnr.it/etaa2019/index.html 9/23/19- 9/27/19: CyberICPS, 5th Workshop on the Security of Industrial Control Systems and of Cyber-Physical Systems, Luxembourg, Luxembourg; https://www.ds.unipi.gr/cybericps2019/ 9/25/19- 9/27/19: SecDev, IEEE Secure Development Conference, McLean, VA, USA; https://secdev.ieee.org/ 9/26/19- 9/27/19: DPM, 14th International Workshop on Data Privacy Management Held in conjunction with ESORICS 2019, Luxemburg; http://deic.uab.cat/conferences/dpm/dpm2019/ 9/30/19: IFIP11.9-DF, 16th Annual IFIP WG 11.9 International Conference on Digital Forensics, New Delhi, India; http://www.ifip119.org/ Submissions are due 9/30/19: ICSS, 5th Industrial Control System Security Workshop, Held in conjunction with the Annual Computer Security Applications Conference (ACSAC 2019), San Juan, Puerto Rico; https://www.acsac.org/2019/workshops/icss/ICSS_2019_CFP.pdf Submissions are due 10/ 1/19: SP, 41st IEEE Symposium on Security and Privacy, San Francisco, CA, USA; https://www.ieee-security.org/TC/SP2020/ Monthly submission deadline 10/13/19: WISTP, 13th WISTP International Conference on Information Security Theory and Practice, Paris, France; http://www.wistp.org Submissions are due 10/23/19-10/25/19: SecureComm, 15th EAI International Conference on Security and Privacy in Communication Networks, Orlando, FL, USA; http://securecomm.org 10/30/19-11/ 1/19: GameSec, 10th Conference on Decision and Game Theory for Security, Stockholm, Sweden; http://www.gamesec-conf.org/index.php 11/ 1/19: SP, 41st IEEE Symposium on Security and Privacy, San Francisco, CA, USA; https://www.ieee-security.org/TC/SP2020/ Monthly submission deadline 11/11/19-11/15/19: ACM-CCS, 26th ACM Conference on Computer and Communications Security, London, United Kingdom; http://www.sigsac.org/ccs/CCS2019/ 11/15/19: USENIX-Security, 29th USENIX Security Symposium, Boston, MA, USA; https://www.usenix.org/conference/usenixsecurity20/call-for-papers Submissions are due 11/15/19: HOST, 13th IEEE International Symposium on Hardware Oriented Security and Trust, San Jose, CA, USA; http://www.hostsymposium.org/ Submissions are due 11/18/19-11/20/19: IDSC, IEEE Conference on Dependable and Secure Computing, Hangzhou, China; https://conference.cs.cityu.edu.hk/dsc2019/ 11/20/19: EuroSP, 5th IEEE European Symposium on Security and Privacy, Genova, Italy; https://www.ieee-security.org/TC/EuroSP2020/ Submissions are due 11/26/19-11/28/19: ISPEC, 15th International Conference on Information Security Practice and Experience, Kuala Lumpur, Malaysia; http://ccs.research.utar.edu.my/ispec2019/ 11/30/19: Springer Special Issue, Human-centric Computing and Information Sciences, Thematic Issue on Security, trust and privacy for Human-centric Internet of Things; https://toit.acm.org/pdf/ACM-ToIT-CfP-Decentralized_Blockchain_Applications.pdf Submissions are due 11/30/19: PETS, 20th Privacy Enhancing Technologies Symposium, Montreal, Canada; https://petsymposium.org Submissions are due 12/ 1/19: SP, 41st IEEE Symposium on Security and Privacy, San Francisco, CA, USA; https://www.ieee-security.org/TC/SP2020/ Monthly submission deadline 12/ 7/19-12/ 8/19: BlockSys, International Conference on Blockchain and Trustworthy Systems, Guangzhou, China; http://blocksys.info/ 12/10/19: ICSS, 5th Industrial Control System Security Workshop, Held in conjunction with the Annual Computer Security Applications Conference (ACSAC 2019), San Juan, Puerto Rico; https://www.acsac.org/2019/workshops/icss/ICSS_2019_CFP.pdf 12/10/19-12/11/19: WISTP, 13th WISTP International Conference on Information Security Theory and Practice, Paris, France; http://www.wistp.org 12/16/19-12/19/19: ICISS, 15th International Conference on Information Systems Security, Hyderabad, India; http://idrbt.ac.in/ICISS-2019/ 1/ 1/20: SP, 41st IEEE Symposium on Security and Privacy, San Francisco, CA, USA; https://www.ieee-security.org/TC/SP2020/ Monthly submission deadline 1/ 6/20- 1/ 8/20: IFIP11.9-DF, 16th Annual IFIP WG 11.9 International Conference on Digital Forensics, New Delhi, India; http://www.ifip119.org/ 2/15/20: USENIX-Security, 29th USENIX Security Symposium, Boston, MA, USA; https://www.usenix.org/conference/usenixsecurity20/call-for-papers Submissions are due 2/20/20: SACMAT, 25th ACM Symposium on Access Control Models and Technologies Barcelona, Spain; http://www.sacmat.org/ Submissions are due 2/23/20- 2/26/20: NDSS, Network and Distributed System Security Symposium, San Diego, CA, USA; https://www.ndss-symposium.org/ndss2020/call-for-papers/ 2/29/20: PETS, 20th Privacy Enhancing Technologies Symposium, Montreal, Canada; https://petsymposium.org Submissions are due 5/ 4/20- 5/ 7/20: HOST, 13th IEEE International Symposium on Hardware Oriented Security and Trust, San Jose, CA, USA; http://www.hostsymposium.org/ 5/18/20- 5/20/20: SP, 41st IEEE Symposium on Security and Privacy, San Francisco, CA, USA; https://www.ieee-security.org/TC/SP2020/ 6/10/20- 6/12/20: SACMAT, 25th ACM Symposium on Access Control Models and Technologies, Barcelona, Spain; http://www.sacmat.org/ 6/16/20- 6/18/20: EuroSP, 5th IEEE European Symposium on Security and Privacy Genova, Italy; https://www.ieee-security.org/TC/EuroSP2020/ 7/14/20- 7/18/20: PETS, 20th Privacy Enhancing Technologies Symposium, Montreal, Canada; https://petsymposium.org 8/12/20- 8/14/20: USENIX-Security, 29th USENIX Security Symposium, Boston, MA, USA; https://www.usenix.org/conference/usenixsecurity20/call-for-papers ____________________________________________________________________ Journal, Conference and Workshop Calls-for-Papers (new since Cipher E150) ___________________________________________________________________ SP 2020 41st IEEE Symposium on Security and Privacy, San Francisco, CA, USA, May 18-20, 2020. (Submissions Due first day of each month) https://www.ieee-security.org/TC/SP2020/ Since 1980 in Oakland, the IEEE Symposium on Security and Privacy has been he premier forum for computer security research, presenting the latest developments and bringing together researchers and practitioners. We solicit previously unpublished papers offering novel research contributions in any aspect of security or privacy. Papers may present advances in the theory, design, implementation, analysis, verification, or empirical evaluation and measurement of secure systems. Topics of interest include: - Access control and authorization - Anonymity - Application security - Attacks and defenses - Authentication - Blockchains and distributed ledger security - Censorship resistance - Cloud security - Cyber physical systems security - Distributed systems security - Economics of security and privacy - Embedded systems security - Forensics - Hardware security - Intrusion detection and prevention - Malware and unwanted software - Mobile and Web security and privacy - Language-based security - Machine learning and AI security - Network and systems security - Privacy technologies and mechanisms - Protocol security - Secure information flow - Security and privacy for the Internet of Things - Security and privacy metrics - Security and privacy policies - Security architectures - Usable security and privacy - Trustworthy computing - Web security This topic list is not meant to be exhaustive; S&P is interested in all aspects of computer security and privacy. Papers without a clear application to security or privacy, however, will be considered out of scope and may be rejected without full review. Systematization of Knowledge Papers As in past years, we solicit systematization of knowledge (SoK) papers that evaluate, systematize, and contextualize existing knowledge, as such papers can provide a high value to our community. Suitable papers are those that provide an important new viewpoint on an established, major research area, support or challenge long-held beliefs in such an area with compelling evidence, or present a convincing, comprehensive new taxonomy of such an area. Survey papers without such insights are not appropriate. Submissions will be distinguished by the prefix ÒSoK:Ó in the title and a checkbox on the submission form. They will be reviewed by the full PC and held to the same standards as traditional research papers, but they will be accepted based on their treatment of existing work and value to the community, and not based on any new research results they may contain. Accepted papers will be presented at the symposium and included in the proceedings. Workshops The Symposium is also soliciting submissions for co-located workshops. Further details on submissions can be found at https://www.ieee-security.org/TC/SP2020/workshops.html. Ongoing Submissions To enhance the quality and timeliness of the scientific results presented as part of the Symposium, and to improve the quality of our reviewing process, IEEE S&P now accepts paper submissions 12 times a year, on the first of each month. The detailed process can be found at the conference call-for-papers page. ------------------------------------------------------------------------- IFIP11.9-DF 2020 16th Annual IFIP WG 11.9 International Conference on Digital Forensics, New Delhi, India, January 6-8, 2020. (Submissions Due 30 September 2019) http://www.ifip119.org/ The IFIP Working Group 11.9 on Digital Forensics (www.ifip119.org) is an active international community of scientists, engineers and practitioners dedicated to advancing the state of the art of research and practice in digital forensics. The Sixteenth Annual IFIP WG 11.9 International Conference on Digital Forensics will provide a forum for presenting original, unpublished research results and innovative ideas related to the extraction, analysis and preservation of all forms of electronic evidence. Papers and panel proposals are solicited. All submissions will be refereed by a program committee comprising members of the Working Group. Papers and panel submissions will be selected based on their technical merit and relevance to IFIP WG 11.9. The conference will be limited to approximately 100 participants to facilitate interactions between researchers and intense discussions of critical research issues. Keynote presentations, revised papers and details of panel discussions will be published as an edited volume - the sixteenth volume in the well-known Research Advances in Digital Forensics book series (Springer, Cham, Switzerland) during the summer of 2020. Technical papers are solicited in all areas related to the theory and practice of digital forensics. Areas of special interest include, but are not limited to: - Theories, techniques and tools for extracting, analyzing and preserving digital evidence - Enterprise and cloud forensics - Embedded device forensics - Internet of Things forensics - Digital forensic processes and workflow models - Digital forensic case studies - Legal, ethical and policy issues related to digital forensics ------------------------------------------------------------------------- ICSS 2019 5th Industrial Control System Security Workshop, Held in conjunction with the Annual Computer Security Applications Conference (ACSAC 2019), San Juan, Puerto Rico, December 10, 2019. (Submissions Due 30 September 2019) https://www.acsac.org/2019/workshops/icss/ICSS_2019_CFP.pdf Supervisory control and data acquisition (SCADA) and industrial control systems (ICS) monitor and control a wide range of industrial and infrastructure processes such as water treatment, power generation and transmission, oil and gas refining and steel manufacturing. Furthermore, the Industrial Internet of Things (IIoT) is rapidly expanding the interconnectivity of ICS environments and introducing many new threats. These environments have been identified as a key target of more generic threats (ransomware), along with more recent tailored nation-state threats targeting safety instrumented systems (Trisis). The critical requirement for high availability in SCADA and industrial control systems, along with the use of resource-constrained computing devices, legacy operating systems, and proprietary software applications limits the applicability of traditional information security solutions. The goal of this workshop is to explore new techniques to improve the security-critical control systems in the face of emerging threats. ------------------------------------------------------------------------- WISTP 2019 13th WISTP International Conference on Information Security Theory and Practice, Paris, France, December 10-11, 2019. (Submissions Due 13 October 2019) http://www.wistp.org The 13th WISTP International Conference on Information Security Theory and Practice (WISTP 2019) seeks original submissions from academia and industry presenting novel research on all theoretical and practical aspects of security and privacy, as well as experimental studies of fielded systems, the application of security technology, the implementation of systems, and lessons learned. We encourage submissions from other communities such as law, business, and policy that present these communities' perspectives on technological issues. ------------------------------------------------------------------------- USENIX-Security 2020 29th USENIX Security Symposium, Boston, MA, USA, August 12-14, 2020. (Submissions Due 15 May 2019, 23 August 2019, 15 November 2019, and 15 February 2020) https://www.usenix.org/conference/usenixsecurity20/call-for-papers The USENIX Security Symposium brings together researchers, practitioners, system administrators, system programmers, and others interested in the latest advances in the security and privacy of computer systems and networks. All researchers are encouraged to submit papers covering novel and scientifically significant practical works in computer security. The Symposium will span three days with a technical program including refereed papers, invited talks, posters, panel discussions, and Birds-of-a-Feather sessions. Co-located events will precede the Symposium on August 10 and 11. ------------------------------------------------------------------------- HOST 2020 13th IEEE International Symposium on Hardware Oriented Security and Trust, San Jose, CA, USA, May 4-7, 2020. (Submissions Due 15 August 2019 and 15 November 2019) http://www.hostsymposium.org/ IEEE International Symposium on Hardware Oriented Security and Trust (HOST) aims to facilitate the rapid growth of hardware-based security research and development, and to highlight new results in the area of hardware security. HOST 2020 invites original contributions in all areas of overlap between hardware and security. This includes but is not limited to the following: HARDWARE - Security primitives - Computer-aided design (CAD) tools - Emerging and nanoscale devices - Trojans and backdoors - Side-channel attacks and mitigation - Fault injection and mitigation - (Anti-)Reverse engineering and physical attacks - Anti-tamper - Anti-counterfeit ARCHITECTURE - Trusted execution environments - Cache-side channel attacks and mitigation - Privacy-preserving computation - System-on-chip (SoC)/platform security - FPGA and reconfigurable fabric security - Cloud computing - Smart phones and smart devices SYSTEM - Internet-of-things (IoT) security - Sensors and sensor network security - Smart grid security - Automotive/autonomous vehicle security - Cyber-physical system security - (Adversarial) Machine learning and cyber deception ------------------------------------------------------------------------- EuroSP 2020 5th IEEE European Symposium on Security and Privacy, Genova, Italy, June 16-18, 2020. (Submissions Due 20 November 2019) https://www.ieee-security.org/TC/EuroSP2020/ The IEEE European Symposium on Security and Privacy (Euro S&P) is the European sister conference of the established IEEE S&P symposium. It is a premier forum for computer security research, presenting the latest developments and bringing together researchers and practitioners. We solicit previously unpublished papers offering novel research contributions in security or privacy. The emphasis is on building or attacking real systems, even better if actually deployed, rather than presenting purely theoretical results. Papers may present advances in the design, implementation, analysis, verification, or empirical evaluation and measurement of secure systems. Papers that shed new light on past results by means of sound theory or through experimentation are also welcome. Topics of interest include: - Access control - Accountability - AI-based security- or privacy-enhancing tools - Anonymity - Application security - Attacks and defenses - Authentication - Blockchain - Censorship and censorship-resistance - Cloud security - Cryptography with applied relevance to security and privacy - Distributed systems security - Embedded systems security - Forensics - Formal methods for security - Hardware security - Human aspects of security and privacy - Intrusion detection - IoT security and privacy - Language-based security - Malware - Measurement relevant to security and privacy - Metrics - Mobile security and privacy - Network security - Privacy-enhancing technologies - Protocol security - Secure information flow - Security and privacy policies - Security architectures - Security of AI - Security usability - System security - Web security and privacy ------------------------------------------------------------------------- Springer Human-centric Computing and Information Sciences, Thematic Issue on Security, trust and privacy for Human-centric Internet of Things, (Submissions Due 30 November 2019) https://toit.acm.org/pdf/ACM-ToIT-CfP-Decentralized_Blockchain_Applications.pdf Guest Editors: Kim-Kwang Raymond Choo (University of Texas at San Antonio, USA), Uttam Ghosh (Vanderbilt University, USA), Deepak Tosh (University of Texas El Paso, USA), Reza M. Parizi (Kennesaw State University, USA), and Ali Dehghantanha (University of Guelph, Canada). Cyber-physical system (CPS) integrates both cyber world and man-made physical world using sensors, actuators and other Internet of Things (IoT) devices, to achieve stability, security, reliability, robustness, and efficiency in a tightly coupled environment. Prevalence of such cyber-physical ecosystem (inherently of distributed nature) imposes exacting demands on architect models and necessitates the design of distributed solutions and other novel approaches. This is essential in order to suitably address the security and privacy concerns since CPS ecosystem involves humans as a part of its core. Blockchain technology offers a distributed and scalable solution to maintain a tamper-resistant ledger, which does not require a central authority. Thus, it can best fit the need of distributed solution to above mentioned security issues in CPS. However, the challenge in integrating Blockchain with CPS is yet to be addressed, which requires various cyber-physical nodes to work effectively and collaboratively in an asynchronous environment. The goal of this special issue is to bring together researchers from different sectors to focus on understanding security challenges and attack surfaces of modern cyber-physical systems, and architect innovative solutions with the help of cutting-edge blockchain related technologies. Potential topics include but are not limited to following: - Blockchain and mobile systems - Security of transportation system using blockchain - Use of blockchain to support mobile smart services and applications - Blockchain in edge and cloud computing - Blockchain schemes for decentralized secure transaction - Distributed ledger and consensus schemes for CPS - Performance optimization of blockchain and decentralized schemes - Energy aware protocols and blockchain applications - Fault tolerance and blockchain for CPS - Decentralized (mobile) processing, computing, and storage infrastructure - Blockchain for Software-defined networking based CPS - Cybersecurity, protection, integrity, trust and privacy issues for SDN-based CPS - Blockchain and smart contracts for CPS security ------------------------------------------------------------------------- PETS 2020 20th Privacy Enhancing Technologies Symposium, Montreal, Canada, July 14-18, 2020. (Submissions Due 31 May 2019, 31 August 2019, 30 November 2019, and 29 February 2020) https://petsymposium.org The annual Privacy Enhancing Technologies Symposium (PETS) brings together privacy experts from around the world to present and discuss recent advances and new perspectives on research in privacy technologies. The 20th PETS event will be organised by Concordia University and the Universite du Quebec a Montreal and held in Montreal, Canada, on a date in 2020 yet to be determined. Papers undergo a journal-style reviewing process, and accepted papers are published in the journal Proceedings on Privacy Enhancing Technologies (PoPETs). PoPETs, a scholarly, open-access journal for research papers on privacy, provides high-quality reviewing and publication while also supporting the successful PETS community event. PoPETs is published by Sciendo, part of De Gruyter, which has over 260 years of publishing history. PoPETs does not have article processing charges (APCs) or article submission charges. Authors can submit papers to PoPETs four times a year, every three months, and are notified of the decisions about two months after submission. In addition to accept and reject decisions, papers may receive resubmit with major revisions decisions, in which case authors are invited to revise and resubmit their article to one of the following two issues. We endeavor to assign the same reviewers to revised submissions. Each paper accepted in the PoPETs 2020 volume must be presented in person at the PETS 2020 symposium. ------------------------------------------------------------------------- SACMAT 2020 25th ACM Symposium on Access Control Models and Technologies, Barcelona, Spain, June 10-12, 2020. (Submissions Due 20 February 15 2020) http://www.sacmat.org/ The organizing committee of the 25th ACM Symposium on Access Control Models and Technologies (SACMAT 2020) invites contributions on all aspects of access control. The symposium will provide participants the opportunity to present work at different levels of development, from early work on promising ideas to fully developed technical results as well as system demonstrations. The symposium will feature a Best Paper Award. The program will include keynote talks, research paper presentations, demos, a panel, and a poster session. Papers offering novel research contributions are solicited for submission. Accepted papers will be presented at the symposium and published by the ACM in the symposium proceedings. In addition to the regular research track, this year SACMAT will again host a special track: Blue Sky/Vision Track. Researchers are invited to submit papers describing promising new ideas and challenges of interest to the community as well as access control needs emerging from other fields. We are particularly looking for potentially disruptive and new ideas which can shape the research agenda for the next 10 years. We encourage submissions that present ideas that may have not been completely developed and experimentally evaluated. ------------------------------------------------------------------------- ==================================================================== Information on the Technical Committee on Security and Privacy ==================================================================== ____________________________________________________________________ Information for Subscribers and Contributors ____________________________________________________________________ SUBSCRIPTIONS: Two options, each with two options: 1. To receive the full ascii CIPHER issues as e-mail, send e-mail to cipher-admin@ieee-security.org (which is NOT automated) with subject line "subscribe". OR send a note to cipher-request@mailman.xmission.com with the subject line "subscribe" (this IS automated - thereafter you can manage your subscription options, including unsubscribing, yourself) 2. To receive a short e-mail note announcing when a new issue of CIPHER is available for Web browsing send e-mail to cipher-admin@ieee-security.org (which is NOT automated) with subject line "subscribe postcard". OR send a note to cipher-postcard-request@mailman.xmission.com with the subject line "subscribe" (this IS automated - thereafter you can manage your subscription options, including unsubscribing, yourself) To remove yourself from the subscription list, send e-mail to cipher-admin@ieee-security.org with subject line "unsubscribe" or "unsubscribe postcard" or, if you have subscribed directly to the xmission.com mailing list, use your password (sent monthly) to unsubscribe per the instructions at http://mailman.xmission.com/cgi-bin/mailman/listinfo/cipher or http://mailman.xmission.com/cgi-bin/mailman/listinfo/cipher-postcard Those with access to hypertext browsers may prefer to read Cipher that way. It can be found at URL http://www.ieee-security.org/cipher.html CONTRIBUTIONS: to cipher @ ieee-security.org are invited. Cipher is a NEWSletter, not a bulletin board or forum. It has a fixed set of departments, defined by the Table of Contents. Please indicate in the subject line for which department your contribution is intended. Calendar and Calls-for-Papers entries should be sent to cipher-cfp @ ieee-security.org and they will be automatically included in both departments. To facilitate the semi-automated handling, please send either a text version of the CFP or a URL from which a text version can be easily obtained. For Calendar entries, please include a URL and/or e-mail address for the point-of-contact. For Calls for Papers, please submit a one paragraph summary. See this and past issues for examples. ALL CONTRIBUTIONS CONSIDERED AS PERSONAL COMMENTS; USUAL DISCLAIMERS APPLY. All reuses of Cipher material should respect stated copyright notices, and should cite the sources explicitly; as a courtesy, publications using Cipher material should obtain permission from the contributors. ____________________________________________________________________ Recent Address Changes ____________________________________________________________________ Address changes from past issues of Cipher are archived at http://www.ieee-security.org/Cipher/AddressChanges.html _____________________________________________________________________ How to become <> a member of the IEEE Computer Society's TC on Security and Privacy _____________________________________________________________________ You may easily join the TC on Security & Privacy (or other TCs) by completing the on-line form at IEEE at https://www.computer.org/web/tandc/technical-committees ______________________________________________________________________ TC Conference Publications Online ______________________________________________________________________ The proceedings of previous conferences are available from the Computer Society's Digital Library. IEEE Security and Privacy Symposium IEEE Computer Security Foundations IEEE Europenan Security and Privacy Symposium From 2012 onward, these are available without charge from the digital library 12 months after the conference. ____________________________________________________________________________ TC Officers and SP Steering Committee ____________________________________________________________________________ Chair: Security and Privacy Symposium Chair Emeritus: Sean Peisert Mark Gondree UC Davis and Sonoma State University Lawrence Berkeley oakland19-chair@ieee-security.org National Laboratory speisert@ucdavis.edu Vice Chair: Treasurer: Ulfar Erlingsson Yong Guan Manager, Security Research 3219 Coover Hall Google Department of Electrical and Computer tcchair at ieee-security.org Engineering Iowa State University, Ames, IA 50011 yguan (at) iastate.edu Newsletter Editor Security and Privacy Symposium, 2020 Chair: Hilarie Orman Gabriela Ciocarlie Purple Streak, Inc. SRI International 500 S. Maple Dr. oakland20-chair@ieee-security.org Woodland Hills, UT 84653 cipher-editor@ieee-security.org TC Awards Chair EJ Jung UCSF ejun2 @ usfca.edu https://www.usfca.edu/faculty/eunjin-ej-jung ____________________________________________________________________________ BACK ISSUES: Cipher is archived at: http://www.ieee-security.org/cipher.html Cipher is published 6 times per year