Calls for Papers

IEEE Computer Society's Technical Committee on Security and Privacy


Past Conferences and Journal Special Issues

Last Modified:01/13/05

Note: Please contact by email if you have any questions..



Past Conferences and Other Announcements - 2002

BCS-FACS  British Computer Society Formal Aspects of Security, Royal Holloway, University of London, UK, December 19-20, 2002.  [posted here 7/17/02]
To celebrate its 25th Anniversary, the BCS-FACS (British Computer Society - Formal Aspects of Computing) Specialist Group is planning to organize several events over the next two years. The main aim is to highlight the use of formal methods, emphasize their relevance to modern computing, and promote their wider applications. Papers offering research contributions in formal aspects of computer security are solicited for FASec. Topics of interest include:
  -  Frameworks for formulating security requirements
  -  Access control: requirements, models, mechanisms, and extensions
  -  Theoretical foundations for access control models
  -  Formal models for security management: keys, data integrity, accounting and audit.
  -  Theoretical foundations of network and distributed systems security.
  -  Specification, analysis, and verifications of cryptographic protocols.
  -  Theory of information flow.
  -  Secure networking: authentication and intrusion detection.
  -  Security for mobile code
  -  Access control in distributed and mobile systems
  -  Proof carrying code and byte-code verification
  -  Smart-cards and secure PDAs
  -  Safety and security: analogies and differences
  -  Case studies and critical evaluations of formal methods for security
  -  Tools based on formal methods for  security requirements, analysis, and verification.
More information can be found on the workshop web page at

ACSAC2002  18th Annual Computer Security Applications Conference, Las Vegas, Nevada, USA, December 9-13, 2002.  [posted here 3/16/02]
This internationally recognized conference provides a forum for experts in information system security to exchange practical ideas about solving these critical problems. We are looking for papers, panels and tutorials that address:
   - Access control                               -Cryptographic protocols and applied cryptography
   - Database Security                          - Denial of service protection
   - Electronic commerce security     - Firewalls and other boundary control devices
   - Forensics                                        - Identification and Authentication
   - Information Survivability              - Middleware and distributed systems security
   - Mobile Security                             - Network security
   - Operating systems security           - PKI and certificate management
   - Risk/vulnerability assessment       - Intrusion detection
   - Security engineering                      - Security against malicious mobile code
See the conference web page at for details on submitting papers and tutorial proposals.

ICISC 2002  Fourth International Conference on Information and Communications Security, Kent Ridge Digital Labs, Singapore, December 9-12, 2002.   [posted here 1/7/02]
Original papers on all aspects of information and communications security are solicited for submission to ICICS’02. Areas of interests include but not restricted to the following:
  - Access Control Authentication and Authorization
  - Biometric Security Cryptology
  - Database Security Distributed System Security
  - Electronic Commerce Security Fraud Control
  - Information Hiding and Watermarking Intellectual Property Protection
  - Internet and Intranet Security Intrusion Detection
  - Key Management and Key Recovery Mobile System Security
  - Network Security Operating System Security
  - Protocols and Their Analysis Risk Evaluation and Security Certification
  - Security Modeling and Architecture Virus and Worms
More information can be found on the conference web page at

ASIACRYPT 2002  Queenstown, New Zealand, December 1-5, 2002.    [posted here 9/30/01]
Original papers on all technical aspects of cryptology are solicited for submission to Asiacrypt 2002. The conference is organized by the International Association for Cryptologic Research (IACR).  Submissions must not substantially duplicate work that any of the authors has published elsewhere or has submitted in parallel to any other conference or workshop that has proceedings. More information can be found on the conference web page at

WPES  ACM Workshop on Privacy in the Electronic Society (in association with 9th ACM Conference on Computer and Communication Security), Washington, DC, USA, November 21, 2002  [posted here 5/28/02]
The increased power and interconnectivity of computer systems available today provide the ability of storing and processing large amounts of data, resulting in networked information accessible from anywhere at any time. It is becoming easier to collect, exchange, access, process, and link information. The goal of this workshop is to discuss the problems of privacy in the global interconnected societies and possible solutions to it. Topics of interest include, but are not limited to:
   -  anonymity, pseudonymity, and unlinkability
   -  business model with privacy requirements
   -  data protection from correlation and leakage attacks
   -  electronic communication privacy
   -  information dissemination control
   -  privacy-aware access control
   -  privacy in the digital business
   -  privacy enhancing technologies
   -  privacy policies and human rights
   -  privacy and anonymity in Web transactions
   -  privacy threats
   -  privacy and confidentiality management
   -  privacy in the electronic records
   -  privacy in health care and public administration
   -  public records and personal privacy
   -  privacy and virtual identity
   -  personally identifiable information
   -  privacy policy enforcement
   -  privacy and data mining
   -  relationships between privacy and security
   -  user profiling
   -  wireless privacy
More information about the conference can be found at

SACT  First ACM Workshop on Scientific Aspects of Cyber Terrorism (in conjunction with the ACM Conference on Computer and Communication Security), Washington, DC, USA, November 21, 2002.  [posted here 5/16/02]
The goal of this workshop is to address scientific contributions to understand cyber terrorism and to fight cyber terrorism. Examples of possible topics of interest include: methods to identify the most critical infrastructures, methods to detect cyber terrorist attacks, methods to protect against cyber terrorism (including survivability, quorum systems, PKI). Submissions should clearly identify the relationship with cyber terrorism. Submissions on cryptography/information security without proper motivation how these can be used to address scientific issues on cyber terrorism will be rejected. Non-scientific talks (such as surveys on efforts by different countries on addressing cyber terrorism) will only be accepted if space permits. Talks about political and non-scientific talks are not the main goal of the workshop. Further details are available at

DRM 2002  ACM Workshop on Digital-Rights Management (in conjunction with the 9th Annual ACM CCS Conference), Washington DC, USA, November 18, 2002.     [posted here 7/18/02]
The 2002 ACM Workshop on Digital-Rights Management (DRM 2002) will be held on November 18, 2002 in Washington DC, in conjunction with the 9th Annual ACM CCS Conference. The DRM 2002 submission deadline is August 1, 2002; submissions on all technical, legal, and business aspects of DRM are solicited. Additional information and submission instructions can be found at

CCS 2002  9th ACM Conference on Computer and Communication Security, Washington DC, USA, November 17-21, 2002.   [posted here 3/15/02]
Papers offering novel research contributions in any aspect of computer security are solicited for submission to the Ninth ACM Conference on Computer and Communications Security. The primary focus is on high-quality original unpublished research, case studies, and implementation experiences. Papers should have practical relevance to the construction, evaluation, application, or operation of secure systems. Theoretical papers must make convincing argument for the practical significance of the results. Theory must be justified by compelling examples illustrating its application. Topics of interest include:
  - access control                  - security for mobile code                - cryptographic protocols
  - key management              - information warfare                         - authentication
  - applied cryptography       - e-business/e-commerce                  - privacy and anonymity
  - secure networking           - accounting and audit                         - data/system integrity
  - intrusion detection          - security management                       - security verification
  - database and system security            - smart-cards and secure PDAs
  - inference/controlled disclosure       - intellectual property protection
  - commercial and industry security
See the conference web site at for details on submitting a paper

IICIS 2002 Fifth IFIP TC-11 WG 11.5 Working Conference on Integrity and Internal Control in Information Systems - New Perspectives from Academia and Industry, Bonn, Germany, November 11-12, 2002.   [posted here 3/28/01]
Confidentiality, integrity and availability are high-level objectives of IT security. The IFIP TC-11 Working Group 11.5 has been charged with exploring the area of the integrity objective within IT security and the relationship between integrity in information systems and the overall internal control systems that are established in organizations to support corporate governance codes. This working conference series follows its tradition to establish the basis for an ongoing dialog between IT security specialists and internal control specialists so that both may work more effectively together to assist in creating effective business systems in the future. The goals for this conference are to find an answer to the following questions:
   -  what is the status quo of research and development in the area of integrity and internal control
   -  where are the gaps between business needs on the one hand and research and development
       on the other and what needs to be done to bridge these gaps
   -  what precisely do business managers need to have confidence in the integrity of their
      information systems and their data
More information can be found on the conference web page

NORDSEC2002  7th Nordic Workshop on Secure IT Systems, Karlstad University, Sweden, November 7-8, 2002.  [posted here 3/17/02]
The NordSec workshops were started in 1996 with the aim of bringing together researchers and practitioners within computer security in the Nordic countries. The theme of the workshops has been applied security, i.e., all kinds of security issues that could encourage interchange and cooperation between the research community and the industrial/consumer community. A main theme of NordSec 2002, to which a special track within the workshop will be devoted, is Privacy Enhancing Technologies. NordSec 2002 will also specifically address the areas of Software Engineering and Quality of Service in relation to IT security. Possible topics include, but are not limited to the following:
   -  Privacy and Privacy Enhancing Technologies
   -  Wireless Communication Security
   -  Inter/Intra/Extranet Security
   -  Security Protocol Modeling and Analysis
   -  E-and M-Business Security
   -  New Firewall Technologies
   -  Secure Infrastructures; TTP, PKI, Key Escrow/Recovery
   -  Computer Crime and Information Warfare
   -  Detecting Attacks, Intrusions and Computer Misuse
   -  Smart Card Applications
   -  Security Management and Audit
   -  Security Evaluations and Measurements
   -  Security in Commercial off-the-shelf Products, COTS
   -  Operating System Security
   -  Security Models
   -  New Ideas and Paradigms for Security
   -  Security Education and Training
   -  Quality of Service or Software Engineering in Relation to Security
More information can be found on the conference web page at

ACSA Workshop on the Application of Engineering Principles to System Security Design, Boston, MA, USA, November 6-8, 2002  [posted here 7/29/02]
The Applied Computer Security Associates (ACSA) is sponsoring a workshop to examine engineering fundamentals, the principles and practice of designing and building secure systems. The workshop will look at where we have been in security engineering (formal methods, Orange book, Common Criteria, penetrate and patch, Certification and Accreditation, Defense in Depth) and where we should go. The workshop will consider such questions and issues as:
   - How can we do better at engineering secure systems?
   - Do we need new paradigms?
   - Have we not done a good job in applying the old techniques?
   - Is the real problem just bad software engineering, not bad security engineering?
   - Is the problem poor maintenance, rather than poor engineering?
   - Is "Defense in Depth" a meaningful engineering concept or is it bumper sticker engineering?
   - Have we forgotten the past?
   - Are we failing to teach new security engineers what we know?
The goal of the workshop is to begin a process of serious thinking about these important issues. The output of the workshop will be a collection of essays and technical papers on the issues discussed in the workshop. The papers will be available on-line to the community. ACSA's intent is that the output of the workshop becomes the kernel for a growing on-line collection of theory, principles, and practice of security engineering. Over time this site will maintain our history, our lessons learned, and principles for getting it right the first time. More information can be found on the workshop web page at

LawTech2002  ISLAT International Conference on Law and Technology, Cambridge, Massachusetts, USA, November 6-8, 2002.    [posted here 4/15/02]
This conference is an international forum for lawyers and engineers interested in understanding the latest developments and implications of technology in the field of law. It is an opportunity to exchange ideas and information related to the intersection of these two areas. The conference will address both the legal ramifications of new technology and how technology advances the field of law. All papers submitted to this conference will be peer reviewed by at least two members of the International Program Committee. Acceptance will be based primarily on originality and contribution. The full call for papers and an extensive list of topics, including issues related to security and privacy, can be found on the workshop web page at

CCN 2002   IASTED International Conference on Communications and Computer Networks, Massachusetts Institute of Technology, Cambridge, Massachusetts, USA, November 4-6, 2002.    [posted here 6/24/02]
This conference is an international forum for researchers and practitioners interested in the advances and applications of computers and communications networks including wireless and mobile communications. It is an opportunity to present and observe the latest research, results, and ideas in these areas. CCN 2002 will be held in conjunction with the IASTED International Conference on "Parallel and Distributed Computing and Systems (PDCS 2002)" and "Software Engineering and Applications (SEA 2002)". A complete list of topics along with instructions for submitting a paper or a tutorial proposal can be found on the conference web site at

Compsec2002  19th World Conference on Computer Security, Audit and Control, London, UK, October 30-November 1, 2002.    [posted here 7/29/02]
The conference comprises over 50 presentations and interactive workshops arranged within four parallel streams covering management concerns, infrastructure, law and ethics, technical issues and case studies. Full programme and registration information is available via the conference website at

RAID'2002  Fifth International Symposium on Recent Advances in Intrusion Detection, Zurich, Switzerland, October 16-18, 2002 (Held in conjunction with Esorics 2002).   [posted here 2/25/02]
This symposium, the fifth in an annual series, brings together leading figures from academia, government, and industry to discuss state-of-the-art intrusion detection technologies and issues from the research and commercial perspectives. The RAID International Symposium series is intended to further advances in intrusion detection by promoting the exchange of ideas in a broad range of topics. The RAID 2002 program committee invites three types of submissions:
-  Full papers presenting mature research results. Full papers accepted for presentation at the Symposium will be published in the RAID 2002 proceedings published by Springer Verlag in its Lecture Notes in Computer Science (LNCS) series.
-  Extended abstracts presenting work-in progress, case studies and implementation experiences. We welcome basically any type of submission that is of general interest to the audience. Extended abstracts accepted for presentation at the Symposium will be published on the RAID web site.
-  Panel proposals for presenting and discussing interesting topics in the field of intrusion detection.
More information can be found on the conference web page at:

SREIS2002  Second Symposium on Requirements Engineering for Information Security, Raleigh, North Carolina, USA, October 15-16, 2002.   [posted here 1/11/02]
The second symposium on requirements engineering for information security invites papers on a diversity of topics, particularly ones that point out new directions. Theoretical, experimental, and experience papers are all welcome. SREIS provides researchers and practitioners from various disciplines with a highly interactive forum to discuss security and privacy-related requirements. Specifically, we encourage attendance from those in the fields of requirements engineering, software engineering, information systems, information and network security and trusted systems as well as those interested in approaches to analyzing, specifying, and testing requirements to increase the level of security provided to users interacting with pervasive commerce, research and government systems. Topics of interest include, but are not limited to the following:
    - solutions to known RE problems as applied to security and privacy
    - RE for confidentiality, integrity, and availability
    - industrial problem statements
    - generalizations from individual industrial experiences
    - RE for trusted Commercial Off-The-Shelf (COTS) systems
    - empirical studies of industrial RE practice
    - capture and expression of informal and ad hoc requirements
    - managing conflicting requirements of operational effectiveness and security
    - methods for the specification and analysis of security requirements
    - methods for ensuring compliance between requirements and policies
Information for authors about how to submit a paper will be available via the symposium URL:  For additional information contact: .  The SREIS will be followed by the Second Annual Government-Industry Forum on Strategies for the Development of Security Requirements and Security Specifications for Critical Information Technologies. The forum, hosted by the National Institute of Standards and Technology (NIST) will take place on October 17, 2002 from 9:00 A.M. to 5:00 P.M. For further information, please contact Dr. Ron Ross at (301) 975-5390 or

ESORICS 2000  7th European Symposium on Research in Computer Security, Zurich, Switzerland, October 14-16, 2002.    [posted here 1/3/02]
ESORICS is the European research event in computer security with audience from both the academic and industrial communities. For background information about the symposium, and an html version of this Call for Papers, see the ESORICS 2002 home page We are interested in papers that may present theory, technique, applications, or practical experience on topics related to information security, privacy and dependability. The primary focus is on high-quality original unpublished research, case studies and implementation experiences. We encourage submissions of papers discussing industrial research and development.

Critical Systems Development with UML, Dresden, Germany, September 30, 2002.    [posted here 6/27/02]
The high quality development of critical systems (be it real-time, security-critical, dependable/safety-critical, performance-critical, or hybrid systems) is difficult. Many critical systems are developed, fielded, and used that do not satisfy their criticality requirements, sometimes with spectacular failures. The workshop aims to gather practitioners and researchers to contribute to overcoming these challenges. Topics of interest include:
  -  Applications of UML  to: real-time systems, security-critical systems,
         dependable / safety-critical systems, performance-critical systems, embedded systems,
         hybrid systems, and reactive systems
  -  Extensions of UML (UML-RT, UMLsec, Automotive UML, Embedded UML, ...)
  -  Using UML as a formal design technique for the development of critical systems
  -  Critical systems development methods
  -  Modeling, synthesis, code generation, testing, validation, and verification of critical systems
          using UML
  -  Case studies and experience reports
More information can be found on the workshop web page at

Workshop on Socially-Informed Design of Privacy-enhancing Solutions in Ubiquitous Computing (in conjunction with UBICOMP'2002), GĂ–TEBORG, Sweden, September 29, 2002.   [posted here 7/17/02]
Privacy-enhancing solutions, both technical and social, are needed to drive development of ubiquitous computing in a socially acceptable direction. The goal of this workshop is to develop an understanding of how social studies can inform the design and evaluation of privacy-enhancing solutions (technical approaches and complementary social mechanisms) in ubicomp. This workshop aims to provide a forum for ubicomp system developers, security researchers, social scientists, legal experts and consumer privacy advocates to collaboratively explore the future of socially-informed privacy-enhancing solutions in ubiquitous computing. Questions from other disciplines other than computer science (e.g., economics, sociology, law, public policy) will also contribute significantly to the workshop. Topics of interest of this workshop include, but are not limited to: Incentives; Contextual Factors; Trust; Metrics and Inspection; and Design Principles and Solutions. Papers should be submitted to in PDF or MS Word format on or before August 18, 2002 to It is recommended that authors limit their submissions to no more than 6 pages, A4 or letter size. More information can be found at

CNS'02  2002 International Workshop on Cryptology and Network Security, San Francisco, CA, USA, September 26-28, 2002.   [posted here 2/18/02]
(CNS02) is to be held in conjunction with The 8th International Conference on Distributed Multimedia Systems (DMS'2002) in San Francisco, California, in September 2002. Original papers on all aspects of cryptology and network security are solicited for submission to the workshop. Both theoretical research papers in cryptology and research results from practical applications in network security related areas are welcome. Topics covered by the workshop will include, but are not limited to, the following:
  -  Cryptography and cryptanalysis algorithms
  -  Authentication and digital signatures
  -  Client/Server system security
  -  Network security issues and protocols
  -  Web security
  -  Mobile agent security
  -  PKI
  -  Security architectures
  -  E-commerce security
  -  Information hiding and multimedia watermarking
  -  System intrusion protection and detection.
  -  Information security applications
More information can be found from: or contact Dr Chuan-Kun Wu, email:

CMS2002  The Seventh IFIP Communications and Multimedia Security Conference, Portoroz, Slovenia,  September 26-27, 2002.   [posted here 12/7/01]
CMS 2002 is the seventh working conference on Communications and Multimedia Security since 1995. State-of-the-art issues as well as practical experiences and new trends in the areas will be the topics of interest again, as proven by preceding conferences. Topics of interest include, but are not limited to 
     - Applied cryptography 
     - Biometry 
     - Combined multimedia security 
     - Communications systems security 
     - Cryptography - steganography
     - Digital signatures
     - Digital watermarking
     - Internet, intranet and extranet security 
     - Legal, social and ethical aspects of communication systems security 
     - Mobile communications security 
     - Multimedia systems security 
     - New generation networks (NGN) security
     - Possible attacks on multimedia systems 
     - Secure electronic commerce
More information can be found on the conference web page at:, or contact: Prof. Borka Jerman-Blazic / Institut Jozef Stefan / Jamova 39 / SI-1000 Ljubljana / Slovenia / e-mail:

NSPW2002  New Security Paradigms Workshop, Virginia Beach, Virginia, USA, September 23-26, 2002.    [posted here 1/16/02]
For ten years the New Security Paradigms Workshop has provided a productive and highly interactive forum for innovative new approaches to computer security. The workshop offers a constructive environment for experienced researchers and practitioners as well as newer participants in the field. The result is a unique opportunity to exchange ideas. NSPW 2002 will take place September 23 - 26, 2002 at the Founders Inn, Virginia Beach, Virginia, about 2.5 hours from Washington, DC. The complete CFP is at

ECC2002 The 6th Workshop on Elliptic Curve Cryptography, University of Essen, Essen, Waterloo September 23-25, 2002. [posted here 4/8/02]
ECC 2002 is the sixth in a series of annual workshops dedicated to the study of elliptic curve cryptography and related areas. The main themes of ECC 2002 will be:
   - The discrete logarithm and elliptic curve discrete logarithm problems.
   - Efficient parameter generation and point counting.
   - Provably secure cryptographic protocols for encryption, signatures and key agreement.
   - Efficient software and hardware implementation of elliptic curve cryptosystems.
   - Deployment of elliptic curve cryptography.
There will be approximately 15 invited lectures (and no contributed talks), with the remaining time used for informal discussions. There will be both survey lectures as well as lectures on latest research developments. If you did not receive this announcement by email and would like to be added to the mailing list for the second announcement, please send email to  The announcements are also available from the web sites: and

Workshop on Computer Forensics, Center for Secure and Dependable Systems, University of Idaho, Moscow, Idaho, USA, September 23-25, 2002.  [posted here 7/18/02]
This workshop is intended to provide a broad-spectrum approach to Computer Forensics and to increase interactions between Information Security faculty, students and practitioners. Speaker and presentation topics include performing detailed analysis of systems, use of forensic evidence in the legal system, tools available for forensic analysis, international complications, and a corporate perspective. The first day will include a tutorial on forensics by Dr. Sujeet Shenoi and the forensics team from the University of Tulsa. The second day will feature subject experts presenting on aspects of forensics, and the third day will have presentations from researchers and practitioners. See the workshop web site for details at

ILPF 2002  The Annual Internet Law & Policy Forum Conference, Seattle, WA, USA, September 17-19, 2002.  [posted here 6/23/02]
The Internet Law & Policy Forum is holding its annual conference on the topic of Security v. Privacy on September 18-19, 2002 in Seattle, Washington. This conference will explore the synergies and conflicts, both real and imagined, between these two important policy objectives and the laws written to promote them. On one hand, privacy is a critical element of maintaining data integrity, which is one key security issue. On the other hand, the governmental need to find and stop lawbreakers is facilitated by the ready access to a broad scope of information. The conference will have a privacy track and a security track, where speakers will explore key issues and concerns in the respective areas. Some of the topics covered in these panels include: Privacy Global Survey: Legislative Regimes and Cross-Cultural Dimensions; Practicalities of Compliance with Law Enforcement Requests; Identifying and Selecting Appropriate Authentication Options. Plenary sessions will cover topics from both perspectives. More information can be found at the conference web page at

SCN'02  The Third Workshop on Security in Communication Networks, Amalfi, Italy, September 12-13, 2002.  [posted here 4/23/02]
SCN '02 aims at bringing together researchers in the field of security in communication networks to foster cooperation and exchange of ideas. Papers are solicited on all technical aspects of data security including:
    - Anonymity                                                                       - Implementations
    - Authentication                                                                 - Key Distribution
    - Block Ciphers                                                                 - Operating Systems Security
    - Complexity-based Cryptography                                   - Privacy
    - Cryptanalysis                                                                   - Protocols
    - Digital Signatures                                                            - Public Key Encryption
    - Electronic Money                                                           - Public Key Infrastructure
    - Hash Functions                                                                - Secret Sharing
    - Identification                                                                   - Survey and state of the art
More information can be found on the workshop web page at

IASTED'2002  IASTED Conference on Conference on Communication Systems and Networks,  Malaga, Spain, September 9-12, 2002.    [posted here 12/27/01]
This conference is an international forum for researchers and practitioners interested in the advances in, and applications of, networks and communication systems.  This conference will be comprised of the following four Symposia: Telecommunications Technology,  Optical Communication Systems, Wireless Networks, and Satellite Communications and Antennas.  More information on areas of interest and complete instructions for submitting a paper or tutorial proposal can be found at the conference web site at: and

Trust and Privacy in Digital Business (on conjunction with DEXA 2002), Aix-en-Provence, France, September 2-6, 2002.    [posted here 11/20/01]
The Internet and the powerful WWW have created a tremendous opportunity to conduct business electronically. However, the lack of trust in electronic procedures as well as the diversity of threatens to users' privacy are the major inhibitors for a full deployment of digital business. The purpose of this workshop is twofold: First, all issues of digital business, focusing on trust and privacy problems will be discussed. Second, the workshop will be a forum for the exchange of results and ongoing work performed in R&D projects. Authors are invited to submit papers describing both theoretical and practical work to: or  Papers accepted for presentation will be published by IEEE Computer Society Press as proceedings of the DEXA'02 workshops.  More information can be found on the workshop web site at

WISA2002  The 3rd International Workshop on Information Security Applications, Jeju Island, Korea, August 28-30, 2002.   [posted here 3/16/02]
The areas of interest include, but are not limited to:
  - Electronic Commerce Security                                     - Electronic Cash
  - Smart Card Security                                                        - Public Key Infrastructure
  - Advanced Intrusion Detection System and Firewall    - Virtual Private Network
  - Mobile Security                                                              - Security Management
  - Active Security                                                               - Information Warfare
  - Biometrics                                                                      - Digital Rights Management
  - Optical Security                                                              - Anti-Virus
Please see the conference web page at for details on submitting papers.

CYRPTO'2002   The Twenty-Second Annual ICAR Crypto Conference, Santa Barbara, Ca, USA, August 18-22, 2002.   [posted here 2/13/02]
Original research papers on all technical aspects of cryptology are solicited for submission to Crypto 2002, the Twenty-Second Annual IACR Crypto Conference. Crypto 2002 is sponsored by the International Association for Cryptologic Research (IACR), in cooperation with the IEEE Computer Society Technical Committee on Security and Privacy, and the Computer Science Department of the University of California, Santa Barbara. Program Chair: Moti Yung ( General Chair: Rebecca N. Wright (

WTCP'2002  Workshop on Trusted Computing Paradigms (in conjunction with ICPP-2002), Vancouver, British Columbia, Canada, August 18-21, 2002.    [posted here 12/10/01]
The information technology revolution has changed the way business is transacted, government operates, and national defense is conducted. Those three functions now depend on an interdependent network of critical information infrastructures. To build the secure and reliable systems required for our increasingly mobile, interconnected information-technology enabled society, research is needed to develop the large-scale information systems of the future such that they not only behave as expected, but, more importantly, continue to produce expected behavior against security breaches and hostile attacks. Moreover, we must ensure that any service disruptions that occur are infrequent, of minimal duration, manageable, and cause the least damage possible. The aim of this workshop is to consolidate state-of-the-art research in this area. Fundamental research articles and practical experience reports are solicited. Topics of interest include, but are not limited to:
    -  Specification, Design, Development, and Composition of Trustworthy Components
    -  Modeling, Analyzing, and Predicting Trust Properties of Systems and Components
    -  Policies and Standards for Building and Operating Trusted Systems and Components
    -  Assessment of Tradeoffs in Trustworthy System Design
    -  Personal Information Management in a Trustworthy Environment
    -  Management of Heterogeneous Trusted Computing Technologies
    -  Cyber Attack Prediction and Detection
    -  Information Operations to include Mining, Recovery, Security, and Assurance
    -  Secure and Safe Access to Autonomous Services and Applications
    -  Trusted Computing in Agent-based Environments
    -  Trusted Computing in Mobile and Wireless Environments
More information can be found on the conference web site at

The 11th USENIX Security Symposium, San Francisco, CA, USA, August 5-9, 2002.   [posted here 12/7/01]
The USENIX Security Symposium program committee seeks refereed paper submissions in all areas relating to system and network security. If you are working in any practical aspects of security or applications of cryptography, we would like to urge you to submit a paper.   For more details on the submission process, authors are encouraged to consult the detailed author guidelines at:

The Sixteenth Annual IFIP WG 11.3 Working Conference on Data and Application Security, King's College, University of Cambridge, UK,  July 29-31, 2002.    [posted here 9/22/01]
The conference provides a forum for presenting original unpublished research results, practical experiences, and innovative ideas in data and applications security. Papers and panel proposals are solicited. The conference is limited to about forty participants so that ample time for discussion and interaction may occur. Additional information and a list of topics can be found at The conference location can be explored at and the WG 11.3 home page is at

FCS'02  LICS Satellite Workshop on Foundations of Computer Security, Copenhagen, Denmark, July 26, 2002.   [posted here 2/12/03]
Computer security is an established field of Computer Science of both theoretical and practical significance. In recent years, there has been increasing interest in logic-based foundations for various methods in computer security, including the formal specification, analysis and design of cryptographic protocols and their applications, the formal definition of various aspects of security such as access control mechanisms, mobile code security and denial-of-service attacks, and the modeling of information flow and its application to confidentiality policies, system composition, and covert channel analysis. The aim of this workshop is to provide a forum for continued activity in this area, to bring computer security researchers in contact with the FLoC community, and to give FLoC attendees an opportunity to talk to experts in computer security. We are interested both in new results in theories of computer security and also in more exploratory presentations that examine open questions and raise fundamental concerns about existing theories. Possible topics include, but are not limited to:
    - Formal specification                                            cryptographic protocols and applications
    - Foundations of verification                                  confidentiality and authentication
    - Logic-based design                                               integrity and privacy
    - Information flow analysis                                     availability and denial of service
    - Security models                              -for-              security policies
    - Language-based security                                       covert channels
    - Static analysis mobile code
    - Composition issues                                               intrusion detection
    - Statistical methods                                                 malicious code confinement
More information can be found at the workshop web page:

VERIFY'02  Verification Workshop, in connection with CADE at FLoC 2002, Copenhagen, Denmark, July 25-26, 2002.     [posted here 1/16/02]
The aim of this verification workshop is to bring together people who are interested in the development of safety and security critical systems, in formal methods in general, in automated theorem proving, and in tool support for formal developments. The overall objective of VERIFY is on the identification of open problems and the discussion of possible solutions under the theme "What are the verification problems? What are the deduction techniques?". Topics include (but are not limited to):
    + Access control                                                                   + Protocol verification
    + ATP techniques in verification                                         + Refinement & decomposition
    + Case studies (specification & verification)                    + Reuse of specifications & proofs
    + Combination of verification systems                              + Safety critical systems
    + Compositional & modular reasoning                               + Security for mobile computing
    + Fault tolerance                                                                   + Security models
    + Gaps between problems & techniques                             + Verification systems
    + Information flow control
Information on submitting papers and panel proposals can be found on the workshop web page at

CSFW15  15th IEEE Computer Security Foundations Workshop, Keltic Lodge, Cape Breton, Nova Scotia, Canada,  June 24-26, 2002.   [posted here 10/19/01]
This workshop series brings together researchers in computer science to examine foundational issues in computer security. For background information about the workshop, and an html version of this Call for Papers, see the CSFW home page We are interested both in new results in theories of computer security and also in more exploratory presentations that examine open questions and raise fundamental concerns about existing theories. Both papers and panel proposals are welcome. Possible topics include, but are not limited to:
Access control                        Authentication                                    Data and system integrity
Database security                    Network security                                Distributed systems security
Anonymity                                Intrusion detection                             Security for mobile computing
Security protocols                   Security models                                  Decidability issues
Privacy                                      Executable content                             Formal methods for security
Information flow                      Language-based security

VInfoSecu02  The International Conference on Information Security 2002, Si Nan Story, Shanghai Science Hall, Shanghai, China, July 10-13, 2002.     [posted here 5/20/02]
Ever since the inception of the Internet, the importance of computer and information security has been growing rapidly and there is no sign of diminishing. In recognizing this trend, ACM, together with Shanghai Computer Society (SCS) and China Computer Federation (CCF), is sponsoring the 2002 International Conference on Information Security (InfoSecu'2002) to be held in Shanghai, China. InfoSecu'2002 brings together researchers and practitioners, not only from the local region, but also from around the world, to exchange ideas and experiences in the field. Topics of interest include:
    - Access control and authorization
    - Authentication, biometrics, and smartcards
    - Commercial and industrial security
    - Data integrity Access control and audit
    - Database security
    - Denial of service and its treatment
    - Distributed systems security
    - Electronic commerce
    - Electronic privacy, anonymity
    - Information flow
    - Intrusion detection and survivability
    - Language-based security
    - Mobile code and agent security
    - Network security
    - Security protocols
    - Security verification
    - Viruses and other malicious code
More information can be found at the workshop web page at

FIRST The 14th Annual Computer Security Incident Handling Conference, Hilton Waikoloa Village, Hawaii, USA, June 24-28, 2002.     [posted here 8/27/01]
The Forum of Incident Response and Security Teams is a global organization whose aim is to facilitate the sharing of security-related information and to foster cooperation in the effective prevention, detection, and recovery from computer security incidents. Its members are CSIRTs (Computer Security Incident Response Teams) from government, commercial, academic, and other environments. The FIRST conference ( brings together IT managers, system and network administrators, security specialists, academics, security solutions vendors, CSIRT personnel and anyone interested in
   - the most advanced techniques in detecting and responding to computer security incidents
   - the latest improvements in computer security tools, methodologies, and practice
   - sharing their views and experiences with those in the computer security incident response field
The Call For Papers is at:

DSN2002  The International Conference on Dependable Systems and Networks, Bethesda, Maryland, USA, June 23-26, 2002.    [posted here 9/15/01]
The International Conference on Dependable Systems and Networks 2002(DSN-2002) announces its Call for Contributions for full papers, practical experience reports, workshop proposals, tutorials, student forum, and fast abstracts. Full papers are due November 19th, 2001. Please see for submission information. Contributions are invited in, but are not limited to:
- Analytical and Simulation Techniques for Performance and Dependability Assessment
- Architectures for Dependable Computer Systems
- Dependability Benchmarking
- Dependability of High-Speed Networks and Protocols
- Dependability Modeling and Prediction
- Dependability in VLSI
- E-commerce Dependability
- Fault Tolerance in Transaction Processing
- Fault Tolerance in Distributed & Real-Time Systems
- Fault Tolerance in Multimedia Systems
- Fault Tolerance in Mobile Systems
- Information Assurance and Survivability
- Internet Dependability and Quality of Service
- Intrusion Tolerant Systems
- Measurement Techniques for Performance and Dependability Assessment
- Safety-Critical Systems
- Software Testing, Validation, and Verification
- Software Reliability
- Tools for Performance and Dependability Assessment

3rd Annual IEEE Information Assurance Workshop, United Stated Military Academy, West Point, NY, USA, June 17-19, 2002.    [posted here 12/17/01]
The workshop is designed to provide a forum for Information Assurance researchers and practitioners to share their research and experiences. Attendees hail from industry, government, and academia. The focus of this workshop is on innovative, new technologies designed to address important Information Assurance issues.  Papers will be divided into two broad categories. Approximately 2/3 of the papers will focus on innovative new research in Information Assurance. The remaining 1/3 of the papers will be recent experience and lessons learned from Information Assurance practitioners. Areas of particular interest at this workshop are: 
    * Innovative intrusion detection and response methodologies 
    * Information warfare 
    * Information Assurance education and professional development 
    * Secure software technologies 
    * Wireless security 
    * Computer forensics 
More information can be found on the conference web age at

Workshop on Statistical and Machine Learning Techniques in Computer Intrusion Detection, The Johns Hopkins University, Baltimore, MD, USA, June 11-13, 2002.     [posted here 12/7/01]
Researchers in Computer Security are invited to participate.  The following topic areas are of potential interest.
    - Data Mining in Intrusion Detection/Network Data                     - Program Profiling
    - Pattern Recognition Techniques in Computer Security             - User Profiling
    - Statistical Measures of Network Traffic                                     - Machine Profiling
    - Intrusion Detection Datasets and Databases                               - Computer Virus Epidemiology
    - Evaluating IDS systems/Performance Measures                        - Virus detection
    - Visualization of Network Data                                                     - Anomaly Detection
    - Visualization of Intrusion Data                                                     - Fingerprinting    
    - Random Graph Techniques                                                           - Host Monitoring    
    - Network Monitoring
For more information, or to volunteer to chair a session, or to submit an abstract, please contact:
   David Marchette
   Naval Surface Warfare Center, Code B10
   17320 Dahlgren Rd.
   Dahlgren, VA 22448-5000 USA

POLICY2002 IEEE Third International Workshop on Policies for Distributed Systems and Networks, June 5-7, 2002.    [posted here 10/18/01]
POLICY 2002 invites contributions on all aspects of policy-based computing. Papers must describe original work and must not have been accepted or submitted for publication elsewhere. Submitted papers will be evaluated for technical contribution, originality, and significance. Topics of interest include, but are not limited to the following:
   - processes, methodologies, and tools for discovering, specifying, reasoning about, and refining policy
   - abstractions and languages for policy specification
   - policy models for access-control, systems management, QoS adaptation, intrusion detection, privacy
   - policy based networking
   - policy frameworks for active networks, mobile systems, e-commerce
   - implementation models and techniques
   - integrating policies into existing systems and environments
   - provisioning of policies
   - business rules and organizational modeling
   - trust models and trust management
   - extensions and refinements to policy standards
   - case studies of applying policy-based technologies
See the conference web page at for details.

NCISSE'2002  The 6th National Colloquium for Information Systems Security Education, Redmond, Washington, USA, June 3-7, 2002.     [posted here 9/15/01]
The colloquium solicits papers from practitioners, students, educators, and researchers. The papers should discuss course or lab development, INFOSEC curricula, standards, best practices, existing or emerging programs, trends, and future vision, as well as related issues. We are especially interested in novel approaches to teaching information security as well as what should be taught. This includes the following general topics:
   - Assessment of need (e.g. how many information security workers/researchers/faculty are needed?)
   - Integrating information assurance topics in existing graduate or undergraduate curricula
   - Experiences with course or laboratory development
   - Alignment of curriculum with existing information assurance education standards
   - Emerging programs or centers in information assurance
   - Late breaking topics
   - Best practices
   - Vision for the future
Papers reporting work in progress are also welcomed, especially if enough information to evaluate the work will be available at the time of the colloquium. Please see the NCISSE web site at for details on submitting a paper.

Workshop on Economics and Information Security, University of California, Berkeley, CA, USA, May 16-17, 2002.   [posted here 1/17/02]
Do we spend enough on keeping `hackers' out of our computer systems? Do we not spend enough? Or do we spend too much? Many system security failures occur not so much for technical reasons but because of failures of organisation and motivation. For example, the person or company best placed to protect a system may be insufficiently motivated to do so, because the costs of system failure fall on others. Such perverse incentives raise many issues best discussed using economic concepts such as externalities, asymmetric information, adverse selection and moral hazard. They are becoming increasingly important now that information security mechanisms are not merely used to protect against malicious attacks, but also to protect monopolies, differentiate products and segment markets. There are also interesting security issues raised by industry monopolization and the accompanying reduction in product heterogeneity. For these and other reasons, the confluence between information security and economics is of growing importance. We are organising the first workshop on the topic, to be held in the School of Information Management and Systems at the University of California, Berkeley, on the 16th and 17th May 2002. In order to keep the event informal and interactive, attendance will be limited to about 30-35 participants. If you would like to participate, please send us a position paper (of 1-2 pages) by the 31st March 2002. We welcome interest not just from economists and information security professionals, but from people with relevant experience, such as in the insurance industry, corporate risk management, or law enforcement agencies. More information can be found on the workshop web page at

WWW2001 The Eleventh International World Wide Web Conference, Sheraton Waikiki Hotel, Honolulu, Hawaii, USA, May 7-11, 2002.     [posted here 8/2/01]
Beginning with the first International WWW Conference in 1994, this prestigious series of the International World Wide Web Conference Committee (IW3C2) also provides a public forum for the WWW Consortium (W3C) through the annual W3C track. The conference will consist of a three-day technical program, preceded by a day of tutorials and workshops and followed by a "Developers Day." Developers Day will be devoted to in-depth technical sessions designed specifically for web developers. The technical program will include refereed paper presentations, peer-reviewed presentations, plenary sessions, panels and poster sessions describing current work. Areas of interest for the refereed paper track include:
     -  Applications
     -  Browsers and User Interfaces
     -  Electronic Commerce and Security
     -  Hypermedia
    -   Languages
    -   Mobility and Wireless Access
    -   Multimedia
    -   Performance
    -   Searching, Querying, Indexing, and Crawling
    -   Semantic Web
Authors of special merit papers will be invited to submit extended versions for publication in a special issue of the IEEE Transactions on Knowledge and Data Engineering. Please see the conference web site and full call-for-papers at  (or email for information.

The 1st Annual PKI Research Workshop, NIST, Gaithersburg, MD, USA, April 24-25, 2002.   [posted here 12/10/01]
To a large extent, the hoped-for public key infrastructure has not "happened yet." PKI for large, eclectic populations has not materialized; PKI for smaller, less diverse "enterprise" populations is beginning to emerge, but at a slower rate than many would like or had expected. Why is this? This workshop among leading security researchers will explore the issues relevant to this question, and will seek to foster a long-term research agenda for authentication and authorization in large populations via public key cryptography. The workshop is intended to promote a vigorous and structured discussion---a discussion well-informed by the problems and issues in deployment today. Submitted works for panels, papers and reports should address one or more critical areas of inquiry. Topics include (but not are not limited to):
  * Cryptographic methods in support of security decisions
  * The characterization and encoding of security decision data (e.g., name spaces, x509,
     SDSI/SPKI, XKMS, PGP, SAML, Keynote, PolicyMaker, etc), policy mappings and languages, etc.
  * The relative security of alternative methods for supporting security decisions
  * Privacy protection and implications of different approaches
  * Scalability of security systems; (are there limits to growth?)
  * Security of the rest of the components of a system
  * User interface issues with naming, multiple private keys, selective disclosure
  * Mobility solutions
  * Approaches to attributes and delegation
  * Discussion of how the "public key infrastructure" required may differ from the "PKI" traditionally defined
See the workshop web site at for details.

PET2002 Workshop on Privacy Enhancing Technologies, San Francisco, CA, USA,  April 14-15, 2002.     [posted here 8/24/01]
Privacy and anonymity are increasingly important in the online world. Corporations and governments are starting to realize their power to track users and their behavior, and restrict the ability to publish or retrieve documents. Approaches to protecting individuals, groups, and even companies and governments from such profiling and censorship have included decentralization, encryption, and distributed trust. The workshop seeks submissions from academia and industry presenting novel research on all theoretical and practical aspects of privacy technologies, as well as experimental studies of fielded systems. We encourage submissions from other communities such as law and business that present these communities' perspectives on technological issues. We will publish accepted papers in proceedings in the Springer Lecture Notes in Computer Science (LNCS) series. Suggested topics include but are not restricted to:
       * Efficient realization of privacy services
       * Techniques for and against traffic analysis
       * Attacks on anonymity systems
       * New concepts for anonymity systems
       * Novel relations of payment mechanisms and anonymity
       * Models for anonymity and unobservability
       * Models for threats to privacy
       * Techniques for censorship resistance
       * Resource management in anonymous systems
       * Pseudonyms, linkability, and trust
       * Policy and human rights -- anonymous systems in practice
       * Fielded systems and privacy enhancement techniques for existing systems
       * Frameworks for new systems developers
More information can be found on the workshop web page at

Sixth Annual Distributed Objects and Components Security Workshop, Baltimore, Maryland, USA, March 18-21, 2002.  [posted here 1/24/02]
For the complete Call for Presentations and instructions on how to submit a proposal, see The workshop, hosted by the Object Management Group and co-sponsored by Promia, Inc. and the National Security Agency (NSA), will provide a forum for discussing the issues associated with securing integrated application systems. Interested individuals or organizations are invited to submit via email, a brief abstract by of the presentation/position they are proposing for the Workshop. The Workshop Program Committee is seeking proposals on the following topics:
    - Existing and emerging DOC application middleware
    - DOC applications and secure online identity
    - Emerging security technologies and specifications
    - User Case Studies
    - Vendor Case Studies
    - Academic or industrial research
    - Research into techniques and technologies for specifying and verifying security
    - Realization of security architectures
    - Integration
    - Security validation
    - Security Systems Management
For additional details on the topics and instructions on how to submit abstracts, refer to

FC'2002   Financial Cryptography, Southhampton, Bermuda, March 11-14, 2002.   [posted here 9/17/01]
Original papers are solicited on all aspects of financial data security and digital commerce for submission to the Sixth Annual Conference on Financial Cryptography. FC '02 brings together researchers in the financial, legal, cryptologic, and data security fields to foster cooperation and exchange of ideas. A list of topics of interest is given on the conference web page at

IPTPS'02  The First International Workshop on Peer-to-Peer Systems, Cambridge, MA, USA, March 7-8, 2002.    [posted here 10/16/01]
Peer-to-peer has emerged as a promising new paradigm for distributed computing. The 1st International Workshop on Peer-to-Peer Systems (IPTPS'02) aims to provide a forum for researchers active in peer-to-peer computing to discuss the state-of-the-art and to identify key research challenges in peer-to-peer computing. The goal of the workshop is to examine peer-to-peer technologies, applications and systems, and also to identify key research issues and challenges that lie ahead. In the context of this workshop, peer-to-peer systems are characterized as being decentralized, self-organizing distributed systems, in which all or most communication is symmetric. Topics of interest include, but are not limited to:
    * novel peer-to-peer applications and systems
    * peer-to-peer infrastructure
    * security in peer-to-peer systems
    * anonymity and anti-censorship
    * performance of peer-to-peer systems
    * workload characterization for peer-to-peer systems
See the conference web page at for details.

Cryptographer's Track at the RSA 2002 Conference, San Jose, California, USA, February 18-22, 2002.  [posted here 5/1/01]
Following the success of the new approach to the Cryptographers' Track 2001, the Cryptographers' Track of RSA Conference 2002 will be run as an anonymously refereed conference with proceedings edited in Springer-Verlag's Lecture Notes in the Computer Science series. Original research papers pertaining to all aspects of cryptography as well as tutorials and overviews are solicited. Submissions may present theory, techniques, applications and practical experience on topics including, but not limited to: fast implementations, secure electronic commerce, network security and intrusion detection, formal security models, comparison and assessment, tamper-resistance, certification and
time-stamping, cryptographic data formats and standards, encryption and signature schemes, public key infrastructure, cryptographic protocols, elliptic curve cryptography, block ciphers, stream ciphers, hash functions, discrete logarithms and factorization techniques, lattice reduction and provable security.  More information can be found at

PKC'2002   International Workshop on the Practice and Theory of Public Key Cryptography, Paris, France, February 12-14, 2002.   [posted here 9/17/01]
PKC2002, the fourth conference in the International workshop series on the practice and theory in public key cryptography, is soliciting original research papers pertaining to all aspects of public key encryption and signatures.  Submissions may present theory, techniques, applications and practical experience on topics including but not limited to:
Certification and time-stamping       encryption data formats                  provable security
cryptanalysis                                       encryption schemes                        public key infrastructure
comparison and assessment               fast implementations                      secure electronic commerce
discrete logarithm                               integer factorization                      signature data formats
electronic cash/payments                   international standards                   signature schemes
elliptical curve cryptography              lattice reduction                             signcryption schemes
More information can be found on the conference web page at

FAST 2002  File and Storage Technologies Conference, Monterey, CA, USA, January 28-29, 2002.   [posted here 5/6/01]
Sponsored by USENIX, The Advanced Computing Systems Association, in cooperation with ACM SIGOPS and IEEE TCOS.  The FAST conference will bring together the top storage systems researchers and practitioners, to explore the design, implementation and uses of storage systems. It will also feature the best work in file and storage systems to date. FAST is the successor to IOPADS, which for several years was the top conference dedicated to parallel and distributed I/O systems. FAST 2002 will consist of two days of technical presentations, including refereed papers, invited talks, and an introductory keynote address. A session of work-in-progress presentations is planned, and informal Birds-of-a-Feather sessions may be organized by attendees. The FAST 2002 Program Committee invites you to contribute your ideas, proposals and papers for, the invited talks program, refereed papers track, and Work-in-Progress Reports. We welcome submissions that address any and all issues relating to File and Storage Systems. The Call for Papers with submission guidelines and suggested topics [which includes security issues] is now available at:

WITS'2001 Workshop on Issues in the Theory of Security (in conjunction with POPL'02), Portland, Oregon, USA, January 14-15, 2002.   [posted here 7/19/01]
The IFIP WG 1.7 on "Theoretical Foundations of Security Analysis and Design" was established to investigate the theoretical foundations of security. It aims to discover and promote new ways to apply theoretical techniques in computer security, and to support the systematic use of formal techniques in the development of security related applications.  Extended abstracts of work presented at the Workshop will be collected before the workshop and distributed to the participants.  As in 2000, there will be no formally published proceedings of this year's workshop; however, selected papers will be invited for submission to a special issue of the Journal of Computer Security based on the Workshop. Researchers are invited to submit extended abstracts of original work on topics in the spirit of the workshop. Possible topics for submitted papers include, but are not limited to: 

  • formal definitions for the various aspects of security, and verification methods for them. They include confidentiality, privacy, integrity, authentication and availability; 
  • new theoretically-based techniques for analysis and design of cryptographic protocols and their manifold applications (e.g., electronic commerce); 
  • relationships between cryptographic and non-cryptographic theories of security;
  • information flow modeling and its application to the theory of confidentiality policies, composition of systems, and covert channel analysis;
  • formal techniques for the analysis and verification of mobile code;
  • theory of privacy and anonymity;
  • formal analysis and design for prevention of denial of service.

Additional information can be found on the conference web page at