Calls for Papers


(see the Cipher Calendar for events sorted in date order)

Last Modified: 05/12/03  



Special Issues of Journals and Handbooks



IEEE Security & Privacy, George Cybenko, Editor. Theme: Understanding Privacy, Nov/Dec 2003 Issue. (submissions due July 31, 2003) [posted here 3/20/03]
Privacy is a growing concern in today's networked world. The Nov./Dec. issue of IEEE Security & Privacy will be devoted to privacy—its technological, commercial, and social aspects. Papers dealing with the following privacy-related topics are welcome:
  - identity theft and related abuses;
  - consumer and business practices and trends affecting privacy;
  - information ownership, competing claims, unresolved ambiguity;
  - legal and criminal issues;
  - privacy leakage case studies;
  - relationships and trade-offs between security and privacy;
  - privacy-enhancing technologies;
  - relationships between privacy management and digital rights management;
  - formal models and definitions of privacy; and
  - database issues in privacy protection.
Feature articles should be no longer than 6,000 words (tables and figures count as 250 words each). Be sure to include all author names, professional affiliations, mailing addresses, daytime telephone numbers, and email addresses. Send one word-processed file and one PostScript or PDF file to


Conference and Workshop Call for Papers



ACNS'03   First MiAn International Conference on Applied Cryptography and Network Security, Kunming, China, October 16-19, 2003. (Extended deadline: May 18, 2003) [posted here 1/19/03]
The first MiAn International Conference on Applied Cryptography and Network Security (ACNS’03) will be held in Kunming, China on October 16-19, 2003, organized by MiAn (ONETS) Pte Ltd and in cooperation with the local government. Original paper on all aspects of applied cryptography and network security are solicited for submission to the conference. Areas of interests include but not restricted to: Biometric Security Applications, Cryptographic and Anti-cryptographic Analysis, Cryptographic Applications, Data Recovery and Coding, Differential Power Attacks, Efficient Implementation, Firewall and Intrusion Detection, GPRS and CDMA Security, Identification and Entity Authentication, Key Management Techniques, Network Protocol and Analysis, PKI/PMI and Bridge CA, Secure e-commerce and e-government, Security Management and Strategy, Smart Card Security, Verification and Testing of Secure Systems, Virus and Worms, VPN and SVN, WLAN and Bluetooth Security. More information can be found at the conference web page at


IICIS'2003  Sixth IFIP TC-11 WG 11.5 Working Conference on Integrity and Internal Control in Information Systems, Lausanne, Switzerland, November 13-14, 2003. (submissions due May 2, 2003) [posted here 1/11/03]
Confidentiality, integrity and availability are high-level objectives of IT security. The IFIP TC-11 Working Group 11.5 has been charged with exploring the area of the integrity objective within IT security and the relationship between integrity in information systems and the overall internal control systems that are established in organizations to support corporate governance codes. The goals for this conference are to find an answer to the following questions: what is the status quo of research and development in the area of integrity and internal control; where are the gaps between business needs on the one hand and research and development on the other and what needs to be done to bridge these gaps; and what precisely do business managers need to have confidence in the integrity of their information systems and their data. Topics of interest include:
   - integrity and internal control in Enterprise Resource Planning systems
   - integrity and internal control in e- and m-commerce applications and infrastructure
   - integrity and internal control in financial systems
   - developments in internal control concepts and the impact on integrity requirements
   - integrity standards
   - methods for dealing with incomplete or inconsistent information
   - efficient methods for checking integrity
   - integrity requirements necessary to implement an internal control structure within an organization
   - integrity of archival data
   - integrity and authentication of digital documents
   - trustworthy computation
More information and the full call-for-papers can be found on the conference web site at


CCS2003 The 10th ACM Conference on Computer and Communications Security, Washington, DC, USA, October 27-31, 2003. (submissions due May 9, 2003) [posted here 3/22/03]
Papers offering novel research contributions in any aspect of computer security are solicited. The primary focus is on high-quality original unpublished research, case studies, and implementation experiences. Papers should have practical relevance to the construction, evaluation, application, or operation of secure systems. Theoretical papers must make convincing argument for the practical significance of the results. Theory must be justified by compelling examples illustrating its application. The primary criterion for appropriateness for CCS is demonstrated practical relevance. CCS can therefore reject perfectly good papers that are appropriate for theory-oriented conferences. Topics of interest include:
   - access control                             - accounting and audit
   - security for mobile code           - data/ system integrity
   - cryptographic protocols             - intrusion detection
   - key management                          - security management
   - information warfare                    - security verification
   - authentication                              - database and system security
   - applied cryptography                  - smart-cards and secure PDAs
   - e-business/ e-commerce            - inference/ controlled disclosure
   - privacy and anonymity                 - intellectual property protection
   - secure networking                        - commercial and industry security
More information can be found at


ICICS'03 5th International Conference on Information and Communications Security, Huhehaote City, Inner-Mongolia, China, October 10-13, 2003. (submissions due May 15, 2003) [posted here 1/19/03]
Information and communication security is a challenging topic at the best of times. This conference series brings together researchers and scholars to examine important issues in this area. Original papers on all aspects of information and communications security are solicited for submission to ICICS2003. Areas of interests include but not limited to: Access control, Anonymity, Authentication and Authorization, Biometric Security, Data and System Integrity, Database Security, Distributed Systems Security, Electronic Commerce Security, Fraud Control, Information Hiding and Watermarking, Intellectual Property Protection, Intrusion detection, Key Management and Key Recovery, Language-based Security, Operating System Security, Network Security, Risk Evaluation and Security Certification, Security for Mobile Computing, Security Models, Security Protocols, Virus and Worms. More information can be found on the conference web page at


WiSe 2003 Workshop on Wireless Security (in conjunction with MobiCom 2003), San Diego, CA, USA, September 19, 2003. (submissions due May 27, 2003) [posted here 4/20/03]
The objective of this workshop is to bring together researchers from research communities in wireless networking, security, applied cryptography, and dependability; with the goal of fostering interaction. With the proliferation of wireless networks, issues related to secure and dependable operation of such networks are gaining importance. Topics of interest include, but are not limited to:
   -  Key management in wireless/mobile environments
   -  Trust establishment
   -  Intrusion detection, detection of malicious behaviour
   -  Revocation of malicious parties
   -  Secure PHY/MAC/routing protocols
   -  Secure location determination
   -  Denial of service
   -  User privacy
   -  Anonymity, prevention of traffic analysis
   -  Dependable wireless networking
   -  Monitoring and surveillance
More information can be found on the conference web site at


Adaptive and Resilient Computing Security (ARCS), Santa Fe Institute Workshop, SFI, NM, November 5-6, 2003. (submissions due June 1, 2003) [posted here 2/3/03]
This workshop is the second in the series and will focus on the theme of adaptive defence of information and computing networks. The aim is to stimulate novel approaches to securing the information infrastructure. In particular the workshop will consider long-term developments and research issues relating to the defence of information networks. The driving scientific motivation for this workshop is to further our understanding of adaptive and self-organising mechanisms that can be applied to the development of resilient and robust information networks. In particular it will provide a forum for commercial and academic researchers to exchange concepts and issues within this domain. Following a highly successful first event, this workshop will be based on two specific sub-themes. These are:
   - Bio-inspired Defence Systems
   - Adaptive Security Mechanisms
Some of the specific problems, which will be addressed, include:
   - Design of self-healing networks
   - Optimization versus robustness
   - Machine learning and defence strategies
   - Dynamic stability in large-scale networks
   - Self & non-self recognition, Immunology models
If interested please submit an extended 4 page abstract to Dr. Robert Ghanea-Hercock / BTexact technologies, Adastral Park, Admin 2, Martlesham, Suffolk, UK. Email:


Security and Survivability of Networked Systems (in conjunction with HICSS-37), Big Island, Hawaii, USA, January 5-8, 2004. (submissions due June 1, 2003) [posted here 5/12/03]
This minitrack focuses on security and survivability in large, non-trivial, networked computer systems. Of special interest are contributions that address survival, tolerance, recovery or masking of malicious attacks. Submissions will be sought from researchers in the area of system survivability, software dependability, computer and network security, fault-tolerance and intrusion tolerance, and economic or statistical modeling of secure/survivable systems. Topics include, but are not limited to:
  -  System or software survivability
  -  Safety critical failure modes
  -  Network or system intrusion tolerance
  -  Modeling malicious behavior or attacks
  -  Mathematical models for verification of vulnerability to malicious acts
  -  Models for measurement, evaluation, or validation of survivability
  -  Software and hardware fault tolerance
  -  Design for dependability and/or survivability
  -  PRA and hybrid fault models accounting for malicious acts and events
More information can be found at


ACSAC 19 The 19th Annual Computer Security Applications Conference, Las Vegas, Nevada USA, December 8-12, 2003. (submissions due June 1, 2003) [posted here 3/8/03]
The 19th Annual Computer Security Applications Conference is an internationally recognized conference that provides a forum for experts in information system security to exchange practical ideas about solving real problems. Papers and proposals that address the application of technology, the implementation of systems, and lessons learned will be given special consideration. The ACSAC Program Committee is looking for papers, panels, forums, case studies presentations, tutorials, workshops, and works in progress that address practical solutions to problems related to protecting commercial enterprises or government information infrastructures. A list of topics of interest along with other conference information can be found at


FMSE 2003 Formal Methods in Security Engineering: From Specifications to Code, Washington, D.C., USA, October 30, 2003. (submissions due June 10, 2003) [posted here 3/28/03]
Information security has become a crucial concern for the commercial deployment of almost all applications and middleware. Despite this commonly recognized fact, the incorporation of security requirements in the software development process is not yet well understood. The deployment of security mechanisms is often done in an ad-hoc manner only, without a formal security specification, often without a thorough security analysis and almost necessarily without a formal security validation of the final product. That is, a process is lacking for making the transition from high-level security models and policies through development to code. We aim to bring together researchers and practitioners from both the security and the software engineering communities, from academia and industry, who are working on applying formal methods to designing and validating large-scale systems. We are seeking submissions addressing foundational issues in:
   - security specification techniques
   - formal trust models
   - combination of formal techniques with semi-formal techniques like UML
   - formal analyses of specific security properties relevant to software development
   - security-preserving composition and refinement of processes
   - faithful abstractions of cryptographic primitives and protocols in process abstractions
   - integration of formal security specification, refinement and validation techniques in development methods and tools
More information can be found at


WPES 2003 2nd Workshop on Privacy in the Electronic Society, Washington, D.C., USA, October 30, 2003. (submissions due June 10, 2003) [posted here 4/14/03]
Privacy issues have been the subject of public debates and the need for privacy-aware policies, regulations, and techniques has been widely recognized. Goal of this workshop is to discuss the problems of privacy in the global interconnected societies and possible solutions to it. The workshop seeks submissions from academia and industry presenting novel research on all theoretical and practical aspects of electronic privacy, as well as experimental studies of fielded systems. We encourage submissions from other communities such as law and business that present these communities' perspectives on technological issues. Topics of interest include, but are not limited to:
   - anonymity, pseudonymity, and unlinkability
   - business model with privacy requirements
   - data protection from correlation and leakage attacks
   - electronic communication privacy
   - information dissemination control
   - privacy-aware access control
   - privacy in the digital business
   - privacy enhancing technologies
   - privacy policies and human rights
   - privacy and anonymity in Web transactions
   - privacy threats
   - privacy and confidentiality management
   - privacy in the electronic records
   - privacy in health care and public administration
   - public records and personal privacy
   - privacy and virtual identity
   - personally identifiable information
   - privacy policy enforcement
   - privacy and data mining
   - relationships between privacy and security
   - user profiling
   - wireless privacy
More information about the conference can be found at


WISA 2003 The 4th International Workshop on Information Security Applications, Jeju Island, Korea, August 25-27, 2003. (submissions due June 27, 2003) [posted here 3/28/03]
The areas of interest include, but are not limited to:
   - Internet Security - Cyber Indication and Intrusion Detection
   - E-Commerce and Financial Cryptosystems          - Smart Cards and Secure Hardware
   - Access Control and Database Security                  - Network Security, VPNs and Firewalls
   - Mobile Security                                                       - Biometrics and Human Interfaces
   - Applied Cryptography                                              - Privacy and Anonymity
   - Public Key Cryptography / Key Management       - Security Management
   - Threats and Information Warfare                            - Digital Rights Management
   - Virus Protection                                                       - Secure Software, Systems and Applications
Additional information can be found on the conference web page at


Nordsec2003 Nordic Workshop on Secure IT Systems, Gjøvik University College, Norway, October 15-17, 2003. (submissions due June 30, 2003) [posted here 4/20/03]
The NORDSEC workshops started in 1996 with the aim of bringing together researchers and practitioners within computer security in the Nordic countries. The theme of the workshops have been applied security, i.e., all kinds of security issues that could encourage interchange and cooperation between the research community and the industrial/consumer community. Possible topics include, but are not limited to the following:
   - Privacy and Privacy Enhancing Technologies
   - Wireless Communication Security
   - Inter/Intra/Extranet Security
   - Security Protocol Modelling and Analysis
   - E-and M-Business Security
   - New Firewall Technologies
   - Secure Infrastructures; TTP, PKI, Key Escrow/Recovery
   - Computer Crime and Information Warfare
   - Detecting Attacks, Intrusions and Computer Misuse
   - Smart Card Applications
   - Security Management and Audit
   - Security Evaluations and Measurements
   - Security in Commercial off-the-shelf Products, COTS
   - Operating System Security
   - Security Models
   - New Ideas and Paradigms for Security
   - Security Education and Training
   - Quality of Service or Software Engineering in Relation to Security
More information can be found at


The Workshop on Rapid Malcode (in association with 10th ACM Conference on Computer and Communications Security), Washington, D.C., October 27, 2003. (submissions due July 1, 2003) [posted here 3/20/03]
In the last several years, Internet-wide infectious epidemics have emerged as one of the leading threats to information security and service availability. The vehicle for these outbreaks, malicious codes called "worms", leverage the combination of software monocultures and the uncontrolled Internet communication model to quickly compromise large numbers of hosts. Current operational practices have not been able to manage these threats effectively and the research community is only now beginning to address this area. The goal of this workshop is to bring together ideas, understanding and experience bearing on the worm problem from a wide range of communities including academia, industry and the government. We are soliciting papers from researchers and practitioners on subjects including, but not limited to:
  - Modeling and analysis of propagation dynamics
  - Automatic detection, characterization, and prediction
  - Analysis of worm construction, current & future
  - Propagation strategies (fast & obvious vs slow and stealthy)
  - Reactive countermeasures
  - Proactive defenses
  - Threat assessment
  - Forensic methods of attribution
  - Significant operational experiences
More information can be found at


2003 ACM Workshop on Survivable and Self-Regenerative Systems (in association with the 10th ACM Conference on Computer and Communications Security), George Mason University, Fairfax VA, October 31, 2003  (submissions due July 9, 2003)  [posted here 5/13/03]
One of the key areas of current research in the fields of computer and communication security is survivability, where the objective is to survive attacks that exploit inevitable security vulnerabilities, rather than to strictly prevent or detect intrusions or vulnerabilities. Survivability research has explored the intersection of Fault Tolerance and Security, and recently, the notion of using self-regenerative capabilities in the context of survivability has generated a significant interest in the community. This workshop aims to provide a venue for scholars in this area to exchange ideas and to explore research issues involving survivable and self-regenerative systems. Papers offering original research contributions in any aspect of this emerging field are solicited for submission to this workshop. Topics of interest include, but are not limited to, the following:
  - Survivable Systems & Networks
  - Self-Regenerative Systems & Networks
  - Use of Self-Healing Techniques in Surviving Attacks
  - Security vs. Fault Tolerance in building survivable and self-regenerative systems
  - Use of Self-Stabilization Techniques in Surviving Attacks
  - Role of Formal Models in Survivable and Self-Regenerative Systems
  - Self-Adapting and Self-Securing Systems and Techniques
  - Measuring and Quantifying Survivability and Self-Regeneration
  - Role of Redundancy, Diversity, Unpredictability and Deception in Survivable and
     Self-Regenerative Systems
  - Impact of Detection Accuracy and Latency on Survivability and Self-Regeneration
More information can be found at


SASN 2003   Workshop on Security of Ad Hoc and Sensor Networks, Washington, D.C., USA, October 31, 2003. (submissions due July 18, 2003)  [posted here 5/13/03]
Ad hoc and sensor networks are expected to become an integral part of the future computing landscape. However, these networks introduce new security challenges due to their dynamic topology, severe resource constraints, and absence of a trusted infrastructure. This workshop seeks submissions from academia and industry presenting novel research on all aspects of security for ad hoc and sensor networks, as well as experimental studies of fielded systems. Submission of papers based on work-in-progress is encouraged. Topics of interest include, but are not limited to, the following as they relate to wireless networks, mobile ad hoc networks, or sensor networks:
   - Security under resource constraints, e.g., energy, bandwidth, memory, and computation constraints
   - Performance and security tradeoffs
   - Secure roaming across administrative domains
   - Key management
   - Authentication and access control
   - Trust establishment, negotiation, and management
   - Intrusion detection and tolerance
   - Secure location services
   - Privacy and anonymity
   - Secure routing
   - Secure MAC protocols
   - Denial of service
   - Prevention of traffic analysis
More information can be found at


TCC'2004   The First Theory of Cryptography Conference, Cambridge MA, USA, February 18-20, 2004. (submissions due August 27, 2003) [posted here 3/1/03]
Papers presenting original research on theoretical and foundational aspects of cryptography are sought. The Theory of Cryptography deals with the paradigms, approaches and techniques used to conceptualize, define and provide solutions to natural cryptographic problems. Consequently, research in this area includes:
  - The study of known paradigms (resp. approaches and techniques), directed towards
     a better understanding and utilization of the latter.
  - Discovery of new paradigms (resp. approaches and techniques) that overcome inherent
     or seemingly inherent limitations of the existing paradigms.
  - Formulation of new cryptographic problems and treating them using known or new
     paradigms (resp. approaches and techniques).
The importance of the Theory of Cryptography is widely recognized by now. This area has contributed much to the practice of cryptography and secure systems as well as to the theory of computation at large. The Theory of Cryptography Conference is a new venue dedicated to the dissemination of results in the area. The conference will provide a meeting place for researchers and be instrumental in shaping the identity of the Theory of Cryptography. More information can be found at


FC'04   Financial Cryptography, Key West, Florida, USA, February 9-12, 2004. (submissions due September 1, 2003) [posted here 4/28/03]
Original papers and presentations on all aspects of financial-data security and secure digital commerce are solicited for submission to the Eighth Annual Conference on Financial Cryptography (FC '04). FC '04 will bring together researchers and practitioners in the financial, legal, cryptologic, and data-security fields to foster cooperation and exchange of ideas. In addition to novel scientific research as in previous years, the program for FC ‘04 will include sessions on digital finance and economics and on secure financial systems and digital-cash architectures. For the systems and finance sessions, submissions must have a visible bearing on financial-security issues, but need not be exclusively concerned with cryptography or security. A complete list of topics along with instructions for submitting a paper can be found on the conference web page at


PKC'04   2004 International Workshop on Practice and Theory in Public Key Cryptography, Singapore, March 1-4, 2004. (submissions due September 20, 2003) [posted here 1/19/03]
For the last few years the International Workshop on Practice and Theory in Public Key Cryptography PKC is the main annual workshop focusing on research on all aspects of public key cryptography. The first workshop was organized in 1998 in Japan. Other PKCs have taken place in Australia, France, Japan, South Korea and USA. PKC has attracted papers from famous international authors in the area. Submissions in all areas related to applications and theory in public key cryptography are welcome, including but not limited to the following areas:
   - Theory of public key cryptography
   - Design of new public key cryptosystems
   - Analysis of public key cryptosystems
   - Efficient implementation of public key cryptographic algorithms
   - Applications of public key cryptography and PKI
More information can be found on the conference web page at


MMM-ACNS-2003   The Second International Workshop "Mathematical Methods, Models and Architectures for Computer Networks Security", September 20-24, 2003, St. Petersburg, Russia.  [posted here 3/1/03]
The objective of the 2003 workshop is to bring together leading researchers from academia and governmental organizations as well as practitioners in the area of computer networks and information security and facilitate personal interactions and discussions on various aspects of information technologies in conjunction with security problems arising in large-scale computer networks engaged in information storing, transmitting, and processing. The complete call for papers, with a list of topics of interest and information on local arrangements can be found on the work shop web page at

Upcoming Conferences and Workshops
(the submission date has passed)



The 2003 IEEE Symposium on Security and Privacy, Oakland, California, USA, May 11-14, 2003.  [posted here 9/17/02]
Since 1980, the IEEE Symposium on Security and Privacy has been the premier forum for the presentation of developments in computer security and electronic privacy, and for bringing together researchers and practitioners in the field. Previously unpublished papers offering novel research contributions in any aspect of computer security or electronic privacy are solicited for submission to the 2003 symposium. Papers may represent advances in the theory, design, implementation, analysis, or empirical evaluation of secure systems, either for general use or for specific application domains. Topics of interest include, but are not limited to, the following:
   - Commercial and Industrial Security Electronic Privacy
   - Mobile Code and Agent Security Distributed Systems Security
   - Network Security Anonymity
   - Data Integrity Access Control and Audit
   - Information Flow Security Verification
   - Viruses and Other Malicious Code Security Protocols
   - Authentication Biometrics
   - Smartcards Peer-to-Peer Security
   - Intrusion Detection Database Security
   - Language-Based Security Denial of Service
   - Security of Mobile Ad-Hoc Networks
The full call for papers can be found at For any questions, please contact the program chairs, at


IRMA 2003  Information Resources Management Association International Conference, Philadelphia, PA, USA, May 18-21, 2003  [posted here 7/29/02]
The theme of the conference is: Information Technology and Organizations: Trends, Issues, Challenges and Solutions.  The conference is made up of 45 tracks and includes an Information Security Management track.  Papers may be full length or research-in-progress.  Panel, workshop, tutorial, and symposium proposals are also welcomed.  Further details on the conference and individual tracks are available at


WWW2003  The Twelfth International World Wide Web Conference, Security & Privacy Track, Budapest, Hungary, May 20-24, 2003   [posted here 7/17/02]
The Security and Privacy Track at WWW2003 is soliciting papers on all computer scientific aspects of security and privacy as they relate to the Web in general, or more specifically to Web standards. ("Security and Privacy" is a new track to the International WWW Conference this year; last year this topic area was combined with "E-Commerce" into a single track.) We invite papers describing both theoretical and experimental research including (but not limited to) the following topics:
  -  Active content security
 -  Anonymity, pseudonymity & identity management
 -  Data center security
 -  Digital rights management
 -  Digital signatures
 -  Intrusion detection for e-commerce
 -  Mobile code security
 -  Public key infrastructure
 -  Security in content distribution networks
 -  Trust management
 -  User interfaces for security and privacy
 -  Web server and caching denial of service protection
 -  Web services security
 -  XML security and privacy
More information may be found on the conference web page at


WEIS2003   Workshop on Economics and Information Security, University of Maryland, College Park, MD, USA, May 29-30, 2003.  [posted here 2/15/03]
A fundamental concern in today's information environment is information security. However, since information security requires the use of scarce resources, an equally important concern is the efficient allocation of funds to information security activities. Thus, questions like the following are continually being asked: Do we spend enough on protecting our computer systems? How should funds that are being spent on information security be most efficiently allocated among specific information security activities? Recognition of the importance of research that integrates economics and information security was highlighted at the Workshop on Economics and Information Security held at UC- Berkeley, in May 2002. The success of that Workshop has lead to an annual event, the second of which will be held at the University of Maryland at College Park. If you would like to present a paper at the Workshop, submit a detailed abstract (PDF format preferred) to Dr. Martin P. Loeb, General Chair by e-mail at ( by March 15, 2003. Approximately 20 papers will be selected for presentation and total workshop participants will be limited to 50. Notification of acceptance for the program will be sent by April 6, 2003.


CISSE 2003   7th Colloquium for Information Systems Security Education, Washington DC, June 1-5, 2003.  [posted here 12/10/02]
This colloquium, the seventh in an ongoing annual series, will bring together leading figures from academia, government, and industry to address the national need for security and assurance of our information and communications infrastructure. The colloquium solicits papers from practitioners, students, educators, and researchers. The papers should discuss course or lab development, INFOSEC curricula, standards, best practices, existing or emerging programs, trends, and future vision, as well as related issues. We are especially interested in novel approaches to teaching information security as well as what should be taught. This includes the following general topics:
  -  Assessment of need (e.g. how many information security workers/ researchers/ faculty are needed?)
  -  Integrating information assurance topics in existing graduate or undergraduate curricula
  -  Experiences with course or laboratory development
  -  Alignment of curriculum with existing information assurance education standards
  -  Emerging programs or centers in information assurance
  -  Late breaking topics
  -  Best practices
  -  Vision for the future
We particularly encourage papers that discuss tools, demonstrations, case studies, course modules, shareware, and worked examples that participants (and others) can use to help educate people in computer security. Papers reporting work in progress are also welcomed, especially if enough information to evaluate the work will be available at the time of the colloquium. The complete call for papers can be found at and the conference web site is at


SACMAT'03  18th ACM Symposium on Access Control Models and Technologies, Como, Italy, June 2-3, 2003.   [posted here 9/27/02]
The mission of the symposium is to share novel access control solutions that fulfill the needs of interesting applications and to identify new directions for future research and development work. SACMAT gives researchers and practitioners a unique opportunity to share their perspectives with others interested in the various aspects of access control. Areas of interest include:
  -  Access control within the context of emerging standards
  -  Access control models and extensions
  -  Access control for innovative applications
  -  Methodologies and tools for access control policy design
  -  Administration of access policies
  -  Authorization management
  -  Access control mechanisms, systems and tools
  -  Access control in distributed and mobile systems
  -  Safety analysis and enforcement
  -  Theoretical foundations for access control models
See the Web page at for detailed calls for papers, panels, tutorials and other useful information.


IEEE Electro/Information Technology Conference, June 5-6, 2003, Indianapolis, Indiana, USA.  [posted here 10/5/02]
Academic, industrial, and government researchers are invited to submit papers reporting both theoretical and applied research in topic areas broadly divided into four tracks: Information Technology Systems and Applications, Communications, Digital Signal Processing, and Professional Activities. Please visit the conference Web site at for information on announcement, registration, and preliminary program as they become available. The site also includes a Sample Paper under Call For Papers.


4th Annual IEEE Information Assurance Workshop, United States Military Academy, West Point, New York, June 18-20, 2003.  [posted here 12/15/02]
The workshop is designed to provide a forum for Information Assurance researchers and practitioners to share their research and experiences. Attendees hail from industry, government, and academia. The focus of this workshop is on innovative, new technologies designed to address important Information Assurance issues. Papers will be divided into two broad categories. Approximately 2/3 of the papers will focus on innovative new research in Information Assurance. The remaining 1/3 of the papers will be recent experience and lessons learned from Information Assurance practitioners. Areas of particular interest at this workshop include, but are not limited to:
   - Innovative intrusion detection and response methodologies
   - Information warfare
   - Information Assurance education and professional development
   - Secure software technologies
   - Computer forensics
More details can be found at:


FCS'03   LICS Satellite Workshop on Foundations of Computer Security, Ottawa, Canada, June 26-27, 2003.  [posted here 1/3/03]
Computer security is an established field of Computer Science of both theoretical and practical significance. In recent years, there has been increasing interest in logic-based foundations for various methods in computer security, including the formal specification, analysis and design of cryptographic protocols and their applications, the formal definition of various aspects of security such as access control mechanisms, mobile code security and denial-of-service attacks, and the modeling of information flow and its application to confidentiality policies, system composition, and covert channel analysis. The aim of this workshop is to provide a forum for continued activity in this area, to bring computer security researchers in contact with the LICS community, and to give LICS attendees an opportunity to talk to experts in computer security. We are interested both in new results in theories of computer security and also in more exploratory presentations that examine open questions and raise fundamental concerns about existing theories. Possible topics include, but are not limited to:
    Formal specification                                               cryptographic protocols and applications
    Foundations of verification                                     confidentiality and authentication
    Logic-based design                                                  integrity and privacy
    Information flow analysis                                        availability and denial of service
    Security models                         --for--                    security policies
    Language-based security                                          covert channels
    Static analysis                                                            mobile code
    Composition issues                                                  intrusion detection
    Statistical methods malicious code                        confinement
More information can be found at the workshop web page:


PoDSy2003 Workshop on Principles of Dependable Systems (in conjunction with The International Conference on Dependable Systems and Networks), San Francisco, CA, USA, June 22,2003 (TBC).  [posted here 1/19/02]
In this workshop we wish to bring together researchers and practitioners from both the fault-tolerance and security communities to discuss foundational topics (and related applied experiences) on the similarities and differences between both areas. The main research challenges in this context are to formulate consistent and mutually understandable notions of the relevant dependable system properties, to identify suitable models for studying these properties, and to assess fundamental abstractions of systems which are both fault-tolerant and secure. In this direction, papers are solicited which address foundational issues around the "principles" of dependable systems. Contributions of interest will address topics related to, but not limited by, the following:
   - Relationship between areas of fault-tolerance and security
   - Relationship between fault-tolerance and security properties
   - Metrics for fault-tolerance and security
   - Specification, modeling and analysis of fault-tolerant and secure systems
   - Using fault-tolerance techniques to achieve security
   - Using security techniques to achieve fault-tolerance
   - Verification and validation of fault-tolerant and secure systems
   - Experiences with fault-tolerant and secure systems
More information can be found on the workshop web page at


WISP 2003   Workshop on Issues in Security and Petri Nets, Eindhoven (NL), June 23, 2003.  [posted here 2/7/03]
The first international Workshop on Issues in Security and Petri Nets (WISP) intends to promote research about theoretical foundations of security analysis and design with Petri Nets as system model. Hence, original papers as well as surveys on the use of Petri Nets for security issues are particularly welcome. Also original papers on security issues in other system models are welcome, provided that they either present new results or offer a new perspective to well-known problems. Suggested submission topics include:
   - comparison and classification of security models
   - formal definition and verification of the various aspects of security:
           confidentiality, integrity, authentication and availability
   - tools and techniques for the formal analysis of cryptographic protocols and their applications
   - information flow security and related theories
   - security issues in probabilistic and real-time models
   - mobile code security
   - applications to electronic commerce
   - case studies
   - surveys on security results in Petri Nets and related open problems
   - surveys on analysis techniques for Petri Nets that could be used for security analysis
More information can be found on the conference web page at


Special session on Web Services Security, First International Conference on Web Services (ICWS'03), Las Vegas, Nevada, USA, June 23-26, 2003.  [posted here 12/15/02]
As is the case in many other applications, the information processed in Web services might be commercially sensitive and it is similarly important to protect this information against security threats such as disclosure to unauthorized parties. This technical session mainly focuses on different theoretical and technical approaches to handle the security issues in Web services. More information can be found on the conference web page at


WISE 3/ WECS 5 Third World Conference on Information Security Education and, Workshop on Education in Computer Security, Naval Postgraduate School, Monterey California, USA, June 26-28, 2003.  [posted here 9/17/02]
IFIP Working Group 11.8 -Information Security Education and the Workshop on Education in Computer Security invite you to contribute to their activities by submitting papers for presentation at their conference to be held at the Naval Postgraduate School in Monterey California, USA. The conference aims to address interested researchers and educators from universities, schools, industry or government. The theme for the conference is Teaching the Role of Information Assurance in Critical Infrastructure Protection. Relevant topics include, but are not limited to the following:
   - New Programs in Information Security and Privacy Education
   - Training the Cyberwarrior
   - Information Security Education in Non-Academic Contexts
   - Computer Security and Infrastructure Protection
   - Education of Citizens in Information Security
   - Information Security Education in Schools
   - Teaching Cyber Ethics
   - Education in Computer Forensics and the Law
   - Education in Electronic Commerce Security
   - Education of Information Security Professionals
   - Teaching Information Systems Auditing
   - International Standards of Security Education
   - Evaluation of Security Education
   - Programs to Raise Information Security Awareness
   - Holistic Approaches in Information Security Education
   - Practical and Experimental approaches to Information Security Education
   - Information Security Distance Learning and Web-based teaching
The conference web site can be found at


SecCo 2003   1st International Workshop on Security Issues in Coordination Models, Languages and Systems (affiliated with ICALP 2003), Eindhoven, the Netherlands, June 28-29, 2003.  [posted here 12/19/02]
Coordination models and languages, which advocate a distinct separation between the internal behaviour of the entities and their interaction, represent a promising approach.  However, due to the openness of these systems, new critical aspects come into play, such as the need to deal with malicious components or with a hostile environment.  Current research on network security issues (e.g. secrecy, authentication, etc.) usually focuses on opening cryptographic tunnels between fully trusted entities. For this to work the structure of the system must be known beforehand. Therefore, the proposed solutions in this area are not always exploitable in this new scenario. The aim of the workshop is to cover the gap between the security and the coordination communities.  More precisely, we intend to promote the exchange of ideas, focus on common interests, gain in understanding/deepening of central research questions, etc. Topics of interest include, but are not limited to: Theoretical foundations, specification, analysis, case-studies, applications for:
   -  authentication                                                coordination models
   -  integrity                                                         open-distributed systems
   -  privacy                                                            mobile ad-hoc networks
   -  confidentiality                                               agent-based infrastructures
   -  access control                    -in-                     peer-to-peer systems
   -  denial of service                                            global computing
   -  service availability                                         context-aware computing
   -  safety aspects                                                 component-based systems
  -   fault tolerance                                                ubiquitous computing
More information can be found at


ECIW 2003   European Conference on Information Warfare and Security, University of Reading, United Kingdom, June 30-July 1, 2003.  [posted here 12/3/02]
The second European Conference on Information Warfare and Security (ECIW) is an opportunity for academics, practitioners and consultants from Europe and elsewhere who are involved in the study, management, development and implementation of systems and concepts to combat information warfare or to improve information systems security to come together and exchange ideas.  The conference in July 2003 is seeking qualitative, experience-based and quantitative papers as well as case studies and reports of work in progress from academics, information systems practitioners, consultants and government departments.  Topics may include, but are not limited to, e-Intelligence/counter-intelligence, Perception management, Information warfare theory, Electro-magnetic pulse weapons, Information, computer and network security, Cryptography, Physical security, Security policy, Information warfare policy, Information warfare techniques, Hacking, Infra-structure warfare, National security policy, Corporate defence mechanisms, Security for small to medium enterprises, Cyber Terrorism, Ethical, Political and Social Issues relating to Information Warfare, Information warfare and security education, Legal issues concerned with information warfare and e-Crime, Cyber-terrorism. In addition to multiple streams of papers, the conference committee are inviting proposals for workshops and tutorials on topics related to Information Warfare and research methods applicable to this field. The full call-for-papers and registration details can be found


CSFW16 16th IEEE Computer Security Foundations Workshop, Asilomar, Pacific Grove, CA, USA, June 30-July 2, 2003.  [posted here 10/5/02]
This workshop series brings together researchers in computer science to examine foundational issues in computer security. We are interested both in new results in theories of computer security and also in more exploratory presentations that examine open questions and raise fundamental concerns about existing theories. Both papers and panel proposals are welcome. Possible topics include, but are not limited to:
  - Access control          - Authentication                   - Data and system integrity
  - Database security      - Network security              - Distributed systems security
  - Anonymity                 - Intrusion detection            - Security for mobile computing
  - Security protocols    - Security models                - Decidability issues
  - Privacy                       - Executable content           - Formal methods for security
  - Information flow       - Language-based security
Information on submitting papers and panel proposals can be found on the workshop web page at


CEC2003   Special session at the Congress on Evolutionary Computation, Canberra, Australia, December 8-12, 2003. (submissions due July 7, 2003) [posted here 5/11/03]
There is a growing interest from the computer security community toward Evolutionary Computation techniques, as a result of these recent successes, but there still are a number of open problems in the field that should be addressed. This special session will try to do it by asking for submissions in all areas of evolutionary computation dealing with applications to computer security, and by giving the interested researchers an opportunity to review the current state-of-art of the topic, exchange recent ideas, and explore promising new directions. We would like to invite your participation in the special session Evolutionary Computation in Computer Security at the CEC-2003, an opportunity to meet leading researchers in the field, exchange ideas and initiate collaborations. Relevant topics include, but are not limited to Cellular automata, Genetic Algorithms, Genetic Programming, Classifier Systems, Simulated Annealing, Evolutionary Strategies, Tabu Search,Bio-inspired systems, etc. in:
   - Design of cryptographic primitives, including: pseudo-random number generators,
      block ciphers, stream ciphers, hash functions, S-Boxes, etc...
   - Analysis and/or cryptoanalysis of cryptographic primitives
   - Cryptography
   -  Improvement of cryptographic primitives
   - Network security
   - Intrusion detection systems
   - Host security
More information can be found at


ACISP 2003   The Eighth Australasian Conference on Information Security and Privacy, Wollongong, Australia, July 9-11, 2003.  [posted here 2/15/03]
Original papers pertaining to all aspects of computer systems and information security are solicited for submission to the Eighth Australasian Conference on Information Security and Privacy (ACISP 2003). Papers may present theory, techniques, applications and practical experiences on a variety of topics including:
   - Cryptology                                                          - Mobile communications security
   - Authentication and authorization                      - Secure operating systems
   - Access control                                                   - Security management
   - Network security                                               - Secure commercial applications
   - Smart cards                                                         - Key management and auditing
   - Risk assessment                                                 - Secure electronic commerce
   - Copyright protection                                          - Security architectures and models
   - Mobile agents security                                       - Evaluation and certification
   - Software protection and viruses                         - Privacy and policy issues
   - Security protocols                                               - Computer forensics
   - Distributed system security                                - Intrusion detection
   - Database security More information can be found on the conference web page at


Security in Distributed Computing (special track of the 22nd Annual ACM SIGACT-SIGOPS Symposium on Principles of Distributed Systems), Boston, Massachusetts, USA, July 13-16, 2003.   [posted here 10/15/02]
We are soliciting research contributions on the design, specification, implementation, application and theory of secure distributed computing. We welcome submissions on any topic in the intersection of security and distributed computing, including but not limited to:
   - Secure multiparty and two-party computations
   - Secret sharing and verifiable secret sharing
   - Resiliency to corruptions: distributed, forward and proactive security
   - Security, privacy and anonymity in the Internet and in mobile communication systems
   - Secure/security protocols and distributed algorithms
   - Secure multicast and broadcast
   - Denial of service (clogging) and its prevention
   - Non-repudiation, certification and time stamping protocols
   - Distribution of intellectual property and its (copyright) protection
   - Secure distributed marketplaces, auctions, and gambling
   - Cryptographic protocols, including: authentication, key management, etc.
   - Secure electronic commerce, banking and payment protocols
   - Security for Peer to Peer computing
   - Secure bandwidth reservation and QOS
   - Distributed access control and trust management
   - Secure mobile agents and mobile code
   - Security for Storage Area Networks
The special track is an integral part of PODC; see for additional information.


ECOOP 2003   Workshop on Exception Handling in Object Oriented Systems: towards Emerging Application Areas and New Programming Paradigms, Darmstadt, Germany, July 21-25, 2003.  [posted here 1/3/03]
The workshop will provide a forum for discussing the unique requirements for exception handling in the existing and emerging applications, including pervasive computing, ambient intelligence, the Internet, e-science, self-repairing systems, collaboration environments. We invite submissions on research in all areas of exception handling related to object oriented systems, in particular: formalisation, distributed and concurrent systems, practical experience, mobile object systems, new paradigms (e.g. object oriented workflows, transactions, multithreaded programs), design patterns and frameworks, practical languages (Java, Ada 95, Smalltalk, Beta), open software architectures, aspect oriented programming, fault tolerance, component-based technologies. We encourage participants to report their experiences of both benefits and obstacles in using exception handling, reporting, practical results in using advanced exception handling models and the best practice in applying exception handling for developing modern applications in the existing practical settings. To participate in the workshop, the prospective attendees are required to submit 4-7 page position papers (in the LNCS format) to Alexander Romanovsky ( by April 25. Additional information can be found on the workshop web page:


USENIX Security 2003 12th USENIX Security Symposium, Washington, DC, USA August 4-8, 2003 [posted here 9/17/02]
The USENIX Security Symposium brings together researchers, practitioners, system administrators, system programmers, and others interested in the latest advances in security of computer systems. Refereed paper submissions are being solicited in all areas relating to systems and network security, including:
  - Adaptive security and system management
  - Analysis of malicious code
  - Analysis of network and security protocols
  - Applications of cryptographic techniques
  - Attacks against networks and machines
  - Automated tools for source code analysis
  - Authentication and authorization of users, systems, and applications
  - Denial-of-service attacks
  - File and file system security
  - Firewall technologies
  - Intrusion detection
  - Privacy preserving (and compromising) systems
  - Public key infrastructure
  - Rights management and copyright protection
  - Security in heterogeneous and large-scale environments
  - Security of agents and mobile code
  - Security of Internet voting systems
  - Techniques for developing secure systems
  - World Wide Web security
Since USENIX Security is primarily a systems security conference, papers regarding new cryptographic algorithms or protocols, or electronic commerce primitives, are in general discouraged.


IFIP WG11.2 2003   7th Annual IFIP WG 11.3 Working Conference on Data and Applications Security Estes Park, Colorado, U.S.A., August 4-6, 2003  [posted here 1/3/03]
The conference provides a forum for presenting original unpublished research results, practical experiences, and innovative ideas in data and applications security. Papers and panel proposals are solicited. Topics of interest include but is not limited to:
   - Critical Infrastructure Protection
   - Cyber Terrorism
   - Information Warfare
   - Intrusion Protection
   - Damage assessment and repair
   - Database Forensics
   - PTN security
   - Electronic Commerce Security.
More information about the conference can be found at


ECC 2003 The 7th Workshop on Elliptic Curve Cryptography, University of Waterloo, Waterloo, Ontario, Canada, August 11-13, 2003 [posted here 2/15/03]
ECC 2003 is the seventh in a series of annual workshops dedicated to the study of elliptic curve cryptography and related areas. The main themes of ECC 2003 will be:
   - The discrete logarithm.
   - Efficient parameter generation and point counting.
   - Provably secure cryptographic protocols.
   - Efficient software and hardware implementation.
   - Side-channel attacks.
   - Deployment of elliptic curve cryptography.
There will be approximately 15 invited lectures (and no contributed talks), with the remaining time used for informal discussions. There will be both survey lectures as well as lectures on latest research developments. More information can be found at


NSPW 2003   New Security Paradigms Workshop, Centro Stefano Francini, Ascona, Switzerland, August 18-21, 2003.  [posted here 2/22/03]
For eleven years the New Security Paradigms Workshop has provided a stimulating and highly interactive forum for innovative approaches to computer security.  In order to preserve the small, focused nature of the workshop, participation is limited to authors of accepted papers and conference organizers. NSPW is highly interactive in nature. Authors are encouraged to present ideas that might be considered risky in some other forum. All participants are charged with providing feedback in a constructive manner. The resulting brainstorming environment has proven to be an excellent medium for furthering the development of these ideas. The proceedings, which are published after the workshop, have consistently benefited from the inclusion of workshop feedback. Because we expect new paradigms, we accept wide-ranging topics in information security. Papers that present a significant shift in thinking about difficult security issues or builds on a previous shift are welcomed. Our program committee particularly looks for new paradigms, innovative approaches to older problems, early thinking on new topics, and controversial issues that might not make it into other conferences but deserve to have their try at shaking and breaking the mold. More information can be found on the conference web page at


ICET'03   The 2003 International Conference on Emerging Technologies, Minneapolis, Minnesota, USA, August 25-26, 2003.  [posted here 3/9/03]
The goal of this conference is to foster cross-disciplinary interaction in emerging technologies that are approaching sufficient maturity for initial commercialization. By providing insights from academia, research, industry, and funding communities the conference will foster discussions on interactions of emerging technologies, and the insights that can be harvested from other disciplines. Major areas of interest for this conference are: Trusted and Reliable Systems; Interconnected Computing; and Integrated Bio/hardware/software Systems. More information is available at


First International Mobile IPR Workshop: Rights Management of Information Products on the Mobile Internet, Helsinki, Finland, August 27-28, 2003.  [posted here 3/23/03]
MobileIPR Workshop welcomes papers on all aspects of rights management related to information products such as music, electronic books, videos, multimedia, games, or software distributed on the Mobile Internet commercially or otherwise. Relevant topics include, but are not limited to:
   - Digital rights management (DRM) and technical tools to protect and manage rights,
        e.g. cryptographic systems, watermarking, rights expression languages, and rights
        management databases.
   - Intellectual property rights (IPR) copyright, database right, patent, and trademark.
   - Privacy in relation to rights management, including protection of confidential information.
   - Contracts, especially open source licensing models in software and content production.
   - Societal and policy issues, including the effect of non-governmental organizations and
        citizens activism.
   - Control of information products - economic and ethical rationales too.
   - Business models related to rights management.
   - User-contributed content and rights management.
   - Rights management in peer-to-peer, super-distribution, and other new distribution models.
   - Related enabling technologies and their impact on digital rights management.
We welcome both full and short (experience) papers as well as extended abstracts that address different aspects of rights management. More information can be found on the workshop web page at


TrustBus'03   Trust and Privacy in Digital Business (in conjunction with DEXA 2003), Prague, Czech Republic, September 1-5, 2003.  [posted here 12/23/02]
The purpose of this workshop is twofold: First, all issues of digital business, focusing on trust and privacy problems will be discussed. In particular, we are interested in papers that deal with trust and privacy, confidence and security, reliability and consistency, fairness and legality, and other issues critical for the success of future digital business. Second, the workshop should be a forum for the exchange of results and ongoing work performed in R&D projects, either on a national or international level.  We invite papers, work-in-progress reports, industrial experiences describing advances in all areas of digital business applications, including, but not limited to:
  - Privacy & confidentiality management
  - Trust architectures and underlying infrastructures
  - Electronic cash, wallets and pay-per-view systems
  - Businesses models with security requirements
  - Enterprise management and consumer protection
  - Trust and privacy issues in mobile environments
  - Global security architectures and infrastructures
  - Protocols and transactional models
  - Trustful management and negotiation
  - Public administration, governmental services
  - Anonymous or pseudonymous access to Web services
  - Reliability and security of content and data
  - Intellectual property rights, watermarking and fingerprinting
  - Common practice, legal and regulatory issues
  - Trust issues in E-Services, E-Voting and E-Polling
  - PKI, biometrics, smart cards
  - Intrusion detection and information filtering
More information can be found on the conference web page at


7th International Conference on Knowledge-Based Intelligent Information & Engineering Systems (special session on Artificial Intelligence Applications to Information Security), St Anne's College, University of Oxford, U.K., September 3-5, 2003.   [posted here 11/11/02]
In spite of the efforts from Information Security researchers, there are still a considerable number of unsolved problems that may benefit from the application of Artificial Intelligence techniques. The increasing awareness in solving such problems has resulted in a concerted effort of Artificial Intelligence and Information Security researchers. Therefore, AI techniques like agents, evolutionary computation, neural networks, cellular automata, classic and fuzzy logic and machine learning may play an important role in specific problems concerning Information Security. We particularly encourage the discussion of the following topics:
   - Semantic analysis of cryptologic protocols,
   - Security of mobile agents,
   - Security through agents,
   - Representation and use of trust induced by PKIs,
   - Optimisation heuristics in cryptanalysis
   - Machine Learning techniques in cryptanalysis - AI techniques in cryptology
   - Any other work addressing information security problems by means of AI techniques
This session aims at bringing together members from the two research communities, information security and artificial intelligence. Consequently, discussion papers, conceptual papers, theoretical papers and application papers will be welcomed. Please visit the conference web site at for more detail on the topics of interest as well as general conference information.


RAID'2003   Sixth International Symposium on Recent Advances in Intrusion Detection, Pittsburgh, PA, USA, September 8-10, 2003  [posted here 3/20/03]
The RAID International Symposium series is intended to further advances in intrusion detection by promoting the exchange of ideas in a broad range of topics. Paper submission and panel proposals are invited on the following types of topics:
  - Assessing, measuring, and classifying intrusion-detection systems
  - IDS cooperation and integration
  - IDS interoperability standards and standardization
  - IDSs in high-performance and real-time environments
  - Vulnerabilities and attacks
  - Innovative Approaches
  - Practical Considerations
More information can be found on the conference web page at


CHES 2003   Workshop on Cryptographic Hardware and Embedded Systems, Cologne, Germany, September 8-10, 2003.  [posted here 12/6/02]
The focus of this workshop is on all aspects of cryptographic hardware and security in embedded systems. The workshop will be a forum of new results from the research community as well as from the industry. Of special interest are contributions that describe new methods for efficient hardware implementations and high-speed software for embedded systems, e.g., smart cards, microprocessors, DSPs, etc. We hope that the workshop will help to fill the gap between the cryptography research community and the application areas of cryptography. Consequently, we encourage submissions from academia, industry, and other organizations. All submitted papers will be reviewed.  The topics of CHES 2002 include but are not limited to:
    - Computer architectures for public-key and secret-key cryptosystems
    - Efficient algorithms for embedded processors
    - Reconfigurable computing in cryptography
    - Cryptographic processors and co-processors
    - Cryptography in wireless applications (mobile phone, LANs, etc.)
    - Security in pay-TV systems
    - Smart card attacks and architectures
    - Tamper resistance on the chip and board level
    - True and pseudo random number generators
    - Special-purpose hardware for cryptanalysis
    - Embedded security
    - Device identification
Additional information can be found on the conference web page at


ETFA'2003   The 9th IEEE International Conference on Emerging Technologies and Factory Automation (Special session on IT Security for Automation Systems), September 16-19, 2003, Lisbon, Portugal.  [posted here 2/22/03]
Due to the increased interconnection between plant-floor systems and enterprise-level computer systems up to and including public networks like the Internet, and based on Internet protocols (HTTP/TCP/IP), IT security issues and concerns have also reached the domains of automation IT systems and automation communication networks. IT security needs, constraints, and mechanisms for automation systems are in various ways different from those of the office computing environment, which creates the necessity, but also the opportunity, for novel approaches. For this special session papers are solicited which are concerned with:
  • Specific security needs of automation systems, e.g. with respect to security objectives, usage scenarios, system topologies/architectures or operating environment.
  • Specific security mechanisms, devices, processes, protocols and architectures for automation systems.
  • IT security audits for automation devices and systems.

More information can be found at



SEFM'2003   International Conference on Software Engineering and Formal Methods, Brisbane, Australia, September 22-27, 2003.  [posted here 3/20/03]
The objective of the conference is to bring together practitioners and researchers from academia, industry and government to exchange views on the theoretical foundation of formal methods, their application to software engineering and the socio-economic impact of their use. Authors are invited to submit both research and tool papers. The scientific program will include paper and tool presentations, tool demonstrations, tutorials and invited talks. More information can be found on the conference web page at


ISC'03   6th Information Security Conference, Bristol, United Kingdom, October 1-3, 2003.  [posted here 12/7/02]
Original papers are solicited for submission to ISC 2003. ISC aims to bring together individuals involved in multiple disciplines of information security to foster exchange of ideas. Topics of interest include, but are not limited to:
     Access Control                                                    Key Management
     Applied Cryptography                                         Legal and Regulatory Issues
     Cryptographic Protocols                                    Mobile Code & Agent Security
     Digital Rights Management                                Network & Wireless Security
     E-Commerce Protocols                                      Software Security
     Formal Aspects of Security                                Security Analysis Methodologies
     Information Hiding                                              Trust Management
     Intrusion Detection
More information can be found on the conference web page at


CMS 2003   The Seventh IFIP Communications and Multimedia Security Conference (joint working conference IFIP TC6 and TC11), Turin, Italy, October 2-3, 2003.  [posted here 11/20/02]
CMS 2003 is the seventh working conference on Communications and Multimedia Security since 1995. State-of-the-art issues as well as practical experiences and new trends in these areas are the topics of interest of the conference:
   -  applied cryptography
   -  biometry
   -  multimedia security
   -  digital signature and digital watermarking
   -  infrastructure protection
   -  network and communication security
   -  security policies
   -  security of e-commerce
This year the organizers especially encourage submissions on advanced topics such as security of wireless networks, survivability of critical communication infrastructures, and protection of electronic documents. Visit the web site for further information, or download the PDF call for papers at


ESORICS 2003   8th European Symposium on Research in Computer Security, Gjøvik, Norway, October 13-15, 2003  [posted here 1/11/03]
Papers offering novel research contributions in any aspect of computer security are solicited for submission to the Eighth European Symposium on Research in Computer Security (ESORICS 2003). Organized in a series of European countries, ESORICS is confirmed as the European research event in computer security. The symposium started in 1990 and has been held on alternate years in different European countries and attracts an international audience from both the academic and industrial communities. From 2002 it will be held yearly. The Symposium has established itself as one of the premiere, international gatherings on Information Assurance. Papers may present theory, technique, applications, or practical experience on topics including:
   - access control                                              - network security
   - accountability                                               - non-interference
   - anonymity                                                     - privacy-enhancing technology
   - applied cryptography                                   - pseudonymity
   - authentication                                               - security as quality of service
   - covert channels                                             - secure electronic commerce
   - cryptographic protocols                              - security administration
   - cybercrime                                                    - security evaluation
   - data integrity                                                 - security management
   - denial of service attacks                               - security models
   - dependability                                                 - security metrics
   - firewalls                                                         - security requirements engineering
   - formal methods in security                          - security verification
   - inference control                                          - smartcards
   - information flow control                              - steganography
   - information warfare                                      - subliminal channels
   - intellectual property protection                   - survivability
   - intrusion detection                                         - system security
   - intrusion tolerance                                         - transaction management
   - language-based security                                 - trustworthy user devices
More information about the conference can be found at


Communications Security Symposium (part of the IEEE GLOBECOM 2003 workshop), San Francisco, CA, USA, December 1-5, 2003.   [posted here 11/13/02]
The inaugural symposium on Communications Security solicits submissions of new results in all security topics for wireless, mobile, ad hoc, peer-to-peer, or landline communication networks.  Please see the complete call posted at (under GLOBECOM 2003 Symposia Titles).


Archival Journals Regularly Specializing
in Security and Privacy

IEEE Security and Privacy Magazine,   Editor-in-Chief: George Cybenko
IEEE Security & Privacy provides a unique combination of research articles, case studies, tutorials, and regular departments covering diverse aspects of information assurance such as legal and ethical issues, privacy concerns, tools to help secure information, analysis of vulnerabilities and attacks, trends and new developments, pedagogical and curricular issues in educating the next generation of security professionals, secure operating systems and applications, security issues in wireless networks, design and test strategies for secure and survivable systems, and cryptology.  More information can be found at

ACM Transactions on Information and System Security,   Editor-in-Chief: Ravi Sandhu
ACM invites submissions for its Transactions on Information and System Security, inaugurated in November 1998. TISSEC publishes original archival-quality research papers and technical notes in all areas of information and system security including technologies, systems, applications, and policies. Papers should have practical relevance to the construction, evaluation, application, or operation of secure systems. Theoretical papers will be accepted only if there is convincing argument for the practical significance of the results. Theory must be justified by convincing examples illustrating its application. More information is given on the journal web page at

The Kluwer International Series on ADVANCES IN INFORMATION SECURITY.
The purpose of the Advances in Information Security book series is to establish the state of the art and set the course for future research in information security. The scope of this series includes not only all aspects of computer and network security, but related areas such as fault tolerance and software assurance. The series will serve as a central source of reference for information security research and developments. The series aims to publish thorough and cohesive overviews on specific topics in Information Security, as well as works that are larger in scope than survey articles and that will contain more detailed background information. The series also provides a single point of coverage of advanced and timely topics and a forum for topics that may not have reached a level of maturity to warrant a comprehensive textbook. Prospective Authors or Editors: If you have an idea for a book that would fit in this series, we would welcome the opportunity to review your proposal. Should you wish to discuss any potential project further or receive specific information regarding book proposal requirements, please contact either Sushil Jajodia (,703-993-1653) or Lance Wobus (, 781-681-0602)
Journal of Computer Security
JCS is an archival research journal for significant advances in computer security. Subject areas include architecture, operating systems, database systems, networks, authentication, distributed systems, formal models, verification, algorithms, mechanisms, and policies. Submissions: send six copies to one of the editors in chief: Sushil Jadodia, ISSE Dept., George Mason University, 440 University Drive, Fairfax, VA 22030, or Jonathan Millen, SRI International, 333 Ravenswood Ave., Menlo Park, CA 94025. Subscriptions: contact IOS Press, Niewe Hemweg 6B, 1013 CN Amsterdam, Netherlands, (e-mail: for information about individual or institutional subscriptions or back issues. More information is given on the journal web page at
Computers & Security
Computers & Security aims to satisfy the needs of managers and experts involved in computer security by providing a blend of research developments, innovations, and practical management advice. Original submissions on all computer security topics are invited, particularly those of practical benefit to the practitioner. Four copies of papers from 5-10,000 words should be sent to the editor, John Meyer, at Elsevier Advanced Technology, P.O. Box 150, Kidlington, Oxford, OX5 1AS, United Kingdom. Telephones: voice +44(0)1865 843848 / 843000; fax +44 (0) 1865 843971.
International Journal of Digital Libraries
International Journal of Digital Libraries aims to advance the theory and practice of acquisition, definition, organization, management and dissemination of digital information via global networking. In particular, the journal will emphasize technical issues in digital information production, management and use, issues in high-speed networks and connectivity, inter-operability, and seamless integration of information, people, profiles, tasks and needs, security and privacy of individuals and business transactions and effective business processes in the Information Age. The first issue will appear in Summer 1996 (see announcement). Electronic submission is encouraged to speed up the process (for details please send email to For hard copy submission, please mail five copies to: Prof. Nabil R. Adam, CIMIC, Rutgers University, Newark, NJ 07102, (201) 648-5239,
International Journal of Information Security
The International Journal of Information Security, IJIS, aims to provide prompt publication of important technical work in information security, attracting any person interested in communications, commerce, banking, medicine, or other areas of endeavor affected by information security. Any research submission on theory, applications, and implementations of information security is welcomed. This includes, but is not limited to, system security, network security, content protection, applications and foundations of information security. More information is given on the journal web page at

Please mail updates, corrections, or suggestions to