Calls for Papers

IEEE Computer Society's Technical Committee on Security and Privacy


Past Conferences and Journal Special Issues

Last Modified:01/13/05

Note: Please contact by email if you have any questions..



Past Conferences and Other Announcements - 2003

ACSAC 19 The 19th Annual Computer Security Applications Conference, Las Vegas, Nevada USA, December 8-12, 2003.  [posted here 3/8/03]
The 19th Annual Computer Security Applications Conference is an internationally recognized conference that provides a forum for experts in information system security to exchange practical ideas about solving real problems. Papers and proposals that address the application of technology, the implementation of systems, and lessons learned will be given special consideration. The ACSAC Program Committee is looking for papers, panels, forums, case studies presentations, tutorials, workshops, and works in progress that address practical solutions to problems related to protecting commercial enterprises or government information infrastructures. A list of topics of interest along with other conference information can be found at

CEC2003   Special session at the Congress on Evolutionary Computation, Canberra, Australia, December 8-12, 2003.  [posted here 5/11/03]
There is a growing interest from the computer security community toward Evolutionary Computation techniques, as a result of these recent successes, but there still are a number of open problems in the field that should be addressed. This special session will try to do it by asking for submissions in all areas of evolutionary computation dealing with applications to computer security, and by giving the interested researchers an opportunity to review the current state-of-art of the topic, exchange recent ideas, and explore promising new directions. We would like to invite your participation in the special session Evolutionary Computation in Computer Security at the CEC-2003, an opportunity to meet leading researchers in the field, exchange ideas and initiate collaborations. Relevant topics include, but are not limited to Cellular automata, Genetic Algorithms, Genetic Programming, Classifier Systems, Simulated Annealing, Evolutionary Strategies, Tabu Search,Bio-inspired systems, etc. in:
   - Design of cryptographic primitives, including: pseudo-random number generators,
      block ciphers, stream ciphers, hash functions, S-Boxes, etc...
   - Analysis and/or cryptoanalysis of cryptographic primitives
   - Cryptography
   -  Improvement of cryptographic primitives
   - Network security
   - Intrusion detection systems
   - Host security
More information can be found at

WSTI'03   Workshop on Security of Information Technologies, Algiers, Algeria, December 8-10, 2003.   [posted here 6/19/03]
This workshop aims to provide a forum for information security professionals to exchange practical experiences or theoretical research efforts in information security about solving these critical problems. Authors are invited to submit papers, and tutorials that address:
   - Access control                                       - Anonymity and Privacy
   - Applied cryptography                            - Audit and audit reduction
   - Biometrics                                              - Certification and accreditation
   - Cryptographic protocols                       - Database Security
   - Denial of service protection                 - Firewalls
   - Forensics                                                - Formal models
   - Identification and Authentication         - Information hiding, steganography
   - Integrity                                                  - Intellectual property rights protection
   - Intrusion detection                                 - Mobile Environment Security
   - Network Protocols security                  - Operating systems security
   - Risk/vulnerability assessment               - Security management
   - Wireless Security
More information can be found on the conference web page at

Communications Security Symposium (part of the IEEE GLOBECOM 2003 workshop), San Francisco, CA, USA, December 1-5, 2003.   [posted here 11/13/02]
The inaugural symposium on Communications Security solicits submissions of new results in all security topics for wireless, mobile, ad hoc, peer-to-peer, or landline communication networks.  Please see the complete call posted at (under GLOBECOM 2003 Symposia Titles).

DMSEC'03   Workshop on Data Mining for Computer Security (at IEEE ICDM03), Melbourne, Florida, USA, November 19, 2003. (submissions due August 22, 2003) [posted here 8/16/03]
Computer security is a broad field that encompasses issues both theoretical and practical aspects. It is of incredible importance to a wide variety of practical domains ranging from the banking industry to multi-national corporations, from space exploration to the intelligence community and so on. Of interest to this workshop are methods that address two aspects of computer security. The first relates to how computers can be used to secure the information contained within an organizations. Issues of critical importance here could include the detection and/or prevention of unauthorized access or attacks on computers and networks local to an organization or entity. The second relates to how computers can be used to detect hostile activity (surveillance) in a sensitive area (such as in an airport). It is likely that such techniques will require data mining techniques that work hand-in-hand with state-of-the-art computer vision techniques. More information can be found at the workshop web page

Workshop on RDIF Privacy and Security, MIT, Cambridge, MA, USA, November 15, 2003. [posted here 8/16/03]
Radio Frequency Identification technology is fast becoming a lightning rod for consumer privacy activists. Is RFID destined to become the enabling technology for massive state-sponsored surveillance, Big Brother's "call-home" chip?  Or is RFID really nothing more than a supply-chain management technology, it's dangers being over-hyped by alarmists who fundamentally misunderstand the technology?  The goal of the RFID Privacy Workshop is to bring together RFID technologists, boosters, critics, privacy activists and journalists covering the space to establish some technical truths and a creating a framework for understanding the growing body of RFID policy issues.  FORMAT: A series of speakers including academics, RFID innovators, and privacy activists will discuss RFID technology, policy and privacy. There will be ample time for discussion and Q & A. For more information, see

IICIS'2003  Sixth IFIP TC-11 WG 11.5 Working Conference on Integrity and Internal Control in Information Systems, Lausanne, Switzerland, November 13-14, 2003.  [posted here 1/11/03]
Confidentiality, integrity and availability are high-level objectives of IT security. The IFIP TC-11 Working Group 11.5 has been charged with exploring the area of the integrity objective within IT security and the relationship between integrity in information systems and the overall internal control systems that are established in organizations to support corporate governance codes. The goals for this conference are to find an answer to the following questions: what is the status quo of research and development in the area of integrity and internal control; where are the gaps between business needs on the one hand and research and development on the other and what needs to be done to bridge these gaps; and what precisely do business managers need to have confidence in the integrity of their information systems and their data. Topics of interest include:
   - integrity and internal control in Enterprise Resource Planning systems
   - integrity and internal control in e- and m-commerce applications and infrastructure
   - integrity and internal control in financial systems
   - developments in internal control concepts and the impact on integrity requirements
   - integrity standards
   - methods for dealing with incomplete or inconsistent information
   - efficient methods for checking integrity
   - integrity requirements necessary to implement an internal control structure within an organization
   - integrity of archival data
   - integrity and authentication of digital documents
   - trustworthy computation
More information and the full call-for-papers can be found on the conference web site at

Adaptive and Resilient Computing Security (ARCS), Santa Fe Institute Workshop, SFI, NM, November 5-6, 2003.  [posted here 2/3/03]
This workshop is the second in the series and will focus on the theme of adaptive defence of information and computing networks. The aim is to stimulate novel approaches to securing the information infrastructure. In particular the workshop will consider long-term developments and research issues relating to the defence of information networks. The driving scientific motivation for this workshop is to further our understanding of adaptive and self-organising mechanisms that can be applied to the development of resilient and robust information networks. In particular it will provide a forum for commercial and academic researchers to exchange concepts and issues within this domain. Following a highly successful first event, this workshop will be based on two specific sub-themes. These are:
     - Bio-inspired Defence Systems
     - Adaptive Security Mechanisms
Some of the specific problems, which will be addressed, include:
     - Design of self-healing networks
     - Optimization versus robustness
     - Machine learning and defence strategies
     - Dynamic stability in large-scale networks
     - Self & non-self recognition, Immunology models
If interested please submit an extended 4 page abstract to Dr. Robert Ghanea-Hercock / BTexact technologies, Adastral Park, Admin 2, Martlesham, Suffolk, UK. Email:

SASN 2003   Workshop on Security of Ad Hoc and Sensor Networks, Washington, D.C., USA, October 31, 2003.  [posted here 5/13/03]
Ad hoc and sensor networks are expected to become an integral part of the future computing landscape. However, these networks introduce new security challenges due to their dynamic topology, severe resource constraints, and absence of a trusted infrastructure. This workshop seeks submissions from academia and industry presenting novel research on all aspects of security for ad hoc and sensor networks, as well as experimental studies of fielded systems. Submission of papers based on work-in-progress is encouraged. Topics of interest include, but are not limited to, the following as they relate to wireless networks, mobile ad hoc networks, or sensor networks:
   - Security under resource constraints, e.g., energy, bandwidth, memory, and computation constraints
   - Performance and security tradeoffs
   - Secure roaming across administrative domains
   - Key management
   - Authentication and access control
   - Trust establishment, negotiation, and management
   - Intrusion detection and tolerance
   - Secure location services
   - Privacy and anonymity
   - Secure routing
   - Secure MAC protocols
   - Denial of service
   - Prevention of traffic analysis
More information can be found at

2003 ACM Workshop on Survivable and Self-Regenerative Systems (in association with the 10th ACM Conference on Computer and Communications Security), George Mason University, Fairfax VA, October 31, 2003    [posted here 5/13/03]
One of the key areas of current research in the fields of computer and communication security is survivability, where the objective is to survive attacks that exploit inevitable security vulnerabilities, rather than to strictly prevent or detect intrusions or vulnerabilities. Survivability research has explored the intersection of Fault Tolerance and Security, and recently, the notion of using self-regenerative capabilities in the context of survivability has generated a significant interest in the community. This workshop aims to provide a venue for scholars in this area to exchange ideas and to explore research issues involving survivable and self-regenerative systems. Papers offering original research contributions in any aspect of this emerging field are solicited for submission to this workshop. Topics of interest include, but are not limited to, the following:
  - Survivable Systems & Networks
  - Self-Regenerative Systems & Networks
  - Use of Self-Healing Techniques in Surviving Attacks
  - Security vs. Fault Tolerance in building survivable and self-regenerative systems
  - Use of Self-Stabilization Techniques in Surviving Attacks
  - Role of Formal Models in Survivable and Self-Regenerative Systems
  - Self-Adapting and Self-Securing Systems and Techniques
  - Measuring and Quantifying Survivability and Self-Regeneration
  - Role of Redundancy, Diversity, Unpredictability and Deception in Survivable and
     Self-Regenerative Systems
  - Impact of Detection Accuracy and Latency on Survivability and Self-Regeneration
More information can be found at

SISW 2003   The Second IEEE International Security in Storage Workshop, Washington, DC, USA, October 31, 2003.  [posted here 6/22/03]
The ability to create large shared storage systems in a secure manner is an area that has received little formal research or results.  A comprehensive, systems approach to storage security is required if storage consolidation is to succeed.  This workshop serves as an open forum to discuss storage threats, technologies, methodologies and deployment.  The workshop seeks submissions from academia and industry presenting novel research on all theoretical and practical aspects of designing, building and managing secure storage systems; possible topics include, but are not limited to the following:
   - Cryptographic Algorithms for Storage
   - Key Management for Storage
   - Key Management for File Systems
   - Attacks on Storage Area Networks and Storage
   - Security for Mobile Storage
   - Defining and Defending Trust Boundaries in Storage
   - Relating Storage Security to Network Security
   - Cryptanalysis of Systems and Protocols
   - Novel Implementations
   - Unintended Data Recovery
   - Insider Attack Countermeasures
   - Deployment of Secure Storage Mechanisms
   - Security in Federated Systems
   - Security for Internet Storage Service Providers
More information about the conference can be found at

FMSE 2003 Formal Methods in Security Engineering: From Specifications to Code, Washington, D.C., USA, October 30, 2003.  [posted here 3/28/03]
Information security has become a crucial concern for the commercial deployment of almost all applications and middleware. Despite this commonly recognized fact, the incorporation of security requirements in the software development process is not yet well understood. The deployment of security mechanisms is often done in an ad-hoc manner only, without a formal security specification, often without a thorough security analysis and almost necessarily without a formal security validation of the final product. That is, a process is lacking for making the transition from high-level security models and policies through development to code. We aim to bring together researchers and practitioners from both the security and the software engineering communities, from academia and industry, who are working on applying formal methods to designing and validating large-scale systems. We are seeking submissions addressing foundational issues in:
   - security specification techniques
   - formal trust models
   - combination of formal techniques with semi-formal techniques like UML
   - formal analyses of specific security properties relevant to software development
   - security-preserving composition and refinement of processes
   - faithful abstractions of cryptographic primitives and protocols in process abstractions
   - integration of formal security specification, refinement and validation techniques in development methods and tools
More information can be found at

WPES 2003 2nd Workshop on Privacy in the Electronic Society, Washington, D.C., USA, October 30, 2003.  [posted here 4/14/03]
Privacy issues have been the subject of public debates and the need for privacy-aware policies, regulations, and techniques has been widely recognized. Goal of this workshop is to discuss the problems of privacy in the global interconnected societies and possible solutions to it. The workshop seeks submissions from academia and industry presenting novel research on all theoretical and practical aspects of electronic privacy, as well as experimental studies of fielded systems. We encourage submissions from other communities such as law and business that present these communities' perspectives on technological issues. Topics of interest include, but are not limited to:
   - anonymity, pseudonymity, and unlinkability
   - business model with privacy requirements
   - data protection from correlation and leakage attacks
   - electronic communication privacy
   - information dissemination control
   - privacy-aware access control
   - privacy in the digital business
   - privacy enhancing technologies
   - privacy policies and human rights
   - privacy and anonymity in Web transactions
   - privacy threats
   - privacy and confidentiality management
   - privacy in the electronic records
   - privacy in health care and public administration
   - public records and personal privacy
   - privacy and virtual identity
   - personally identifiable information
   - privacy policy enforcement
   - privacy and data mining
   - relationships between privacy and security
   - user profiling
   - wireless privacy
More information about the conference can be found at

CCS2003 The 10th ACM Conference on Computer and Communications Security, Washington, DC, USA, October 27-31, 2003.  [posted here 3/22/03]
Papers offering novel research contributions in any aspect of computer security are solicited. The primary focus is on high-quality original unpublished research, case studies, and implementation experiences. Papers should have practical relevance to the construction, evaluation, application, or operation of secure systems. Theoretical papers must make convincing argument for the practical significance of the results. Theory must be justified by compelling examples illustrating its application. The primary criterion for appropriateness for CCS is demonstrated practical relevance. CCS can therefore reject perfectly good papers that are appropriate for theory-oriented conferences. Topics of interest include:
   - access control                             - accounting and audit
   - security for mobile code           - data/ system integrity
   - cryptographic protocols             - intrusion detection
   - key management                          - security management
   - information warfare                    - security verification
   - authentication                              - database and system security
   - applied cryptography                  - smart-cards and secure PDAs
   - e-business/ e-commerce            - inference/ controlled disclosure
   - privacy and anonymity                 - intellectual property protection
   - secure networking                        - commercial and industry security
More information can be found at

The Workshop on Rapid Malcode (in association with 10th ACM Conference on Computer and Communications Security), Washington, D.C., October 27, 2003.  [posted here 3/20/03]
In the last several years, Internet-wide infectious epidemics have emerged as one of the leading threats to information security and service availability. The vehicle for these outbreaks, malicious codes called "worms", leverage the combination of software monocultures and the uncontrolled Internet communication model to quickly compromise large numbers of hosts. Current operational practices have not been able to manage these threats effectively and the research community is only now beginning to address this area. The goal of this workshop is to bring together ideas, understanding and experience bearing on the worm problem from a wide range of communities including academia, industry and the government. We are soliciting papers from researchers and practitioners on subjects including, but not limited to:
  - Modeling and analysis of propagation dynamics
  - Automatic detection, characterization, and prediction
  - Analysis of worm construction, current & future
  - Propagation strategies (fast & obvious vs slow and stealthy)
  - Reactive countermeasures
  - Proactive defenses
  - Threat assessment
  - Forensic methods of attribution
  - Significant operational experiences
More information can be found at

DRM203  ACM Workshop on Digital Rights Management, Washington DC, USA, October 27, 2003.  [posted here 7/2/03]
Original Research Papers on all aspects of Digital Rights Management are solicited for submission to the 2003 ACM Workshop on Digital Rights Management. Topics of interest include anonymous publishing, architectures for DRM systems, auditing, business models for online content distribution, copyright-law issues, digital policy management, privacy and anonymity, risk management, robust identification of digital content, security issues (including but not limited to authorization, encryption, tamper resistance, and watermarking) threat and vulnerability assessment, usability aspects of DRM systems, web services. For more information visit the Web-page of the workshop:

ACNS'03   First MiAn International Conference on Applied Cryptography and Network Security, Kunming, China, October 16-19, 2003.  [posted here 1/19/03]
The first MiAn International Conference on Applied Cryptography and Network Security (ACNS’03) will be held in Kunming, China on October 16-19, 2003, organized by MiAn (ONETS) Pte Ltd and in cooperation with the local government. Original paper on all aspects of applied cryptography and network security are solicited for submission to the conference. Areas of interests include but not restricted to: Biometric Security Applications, Cryptographic and Anti-cryptographic Analysis, Cryptographic Applications, Data Recovery and Coding, Differential Power Attacks, Efficient Implementation, Firewall and Intrusion Detection, GPRS and CDMA Security, Identification and Entity Authentication, Key Management Techniques, Network Protocol and Analysis, PKI/PMI and Bridge CA, Secure e-commerce and e-government, Security Management and Strategy, Smart Card Security, Verification and Testing of Secure Systems, Virus and Worms, VPN and SVN, WLAN and Bluetooth Security. More information can be found at the conference web page at

Nordsec2003 Nordic Workshop on Secure IT Systems, Gjøvik University College, Norway, October 15-17, 2003.  [posted here 4/20/03]
The NORDSEC workshops started in 1996 with the aim of bringing together researchers and practitioners within computer security in the Nordic countries. The theme of the workshops have been applied security, i.e., all kinds of security issues that could encourage interchange and cooperation between the research community and the industrial/consumer community. Possible topics include, but are not limited to the following:
   - Privacy and Privacy Enhancing Technologies
   - Wireless Communication Security
   - Inter/Intra/Extranet Security
   - Security Protocol Modelling and Analysis
   - E-and M-Business Security
   - New Firewall Technologies
   - Secure Infrastructures; TTP, PKI, Key Escrow/Recovery
   - Computer Crime and Information Warfare
   - Detecting Attacks, Intrusions and Computer Misuse
   - Smart Card Applications
   - Security Management and Audit
   - Security Evaluations and Measurements
   - Security in Commercial off-the-shelf Products, COTS
   - Operating System Security
   - Security Models
   - New Ideas and Paradigms for Security
   - Security Education and Training
   - Quality of Service or Software Engineering in Relation to Security
More information can be found at

ESORICS 2003   8th European Symposium on Research in Computer Security, Gjøvik, Norway, October 13-15, 2003  [posted here 1/11/03]
Papers offering novel research contributions in any aspect of computer security are solicited for submission to the Eighth European Symposium on Research in Computer Security (ESORICS 2003). Organized in a series of European countries, ESORICS is confirmed as the European research event in computer security. The symposium started in 1990 and has been held on alternate years in different European countries and attracts an international audience from both the academic and industrial communities. From 2002 it will be held yearly. The Symposium has established itself as one of the premiere, international gatherings on Information Assurance. Papers may present theory, technique, applications, or practical experience on topics including:
   - access control                                              - network security
   - accountability                                               - non-interference
   - anonymity                                                     - privacy-enhancing technology
   - applied cryptography                                   - pseudonymity
   - authentication                                               - security as quality of service
   - covert channels                                             - secure electronic commerce
   - cryptographic protocols                              - security administration
   - cybercrime                                                    - security evaluation
   - data integrity                                                 - security management
   - denial of service attacks                               - security models
   - dependability                                                 - security metrics
   - firewalls                                                         - security requirements engineering
   - formal methods in security                          - security verification
   - inference control                                          - smartcards
   - information flow control                              - steganography
   - information warfare                                      - subliminal channels
   - intellectual property protection                   - survivability
   - intrusion detection                                         - system security
   - intrusion tolerance                                         - transaction management
   - language-based security                                 - trustworthy user devices
More information about the conference can be found at

Workshop at ACM Ubicomp'03: Ubicomp communities - privacy as boundary negotiation, Seattle, Washington, USA, October 12, 2003. [posted here 7/10/03]
Ubiquitous computing conjures visions of big and little brother, and ever-diminishing privacy. But it also opens up new forms of communication, collaboration and social relations. This workshop takes a balancing perspective: it treats community participation as a goal, and balances the need for disclosure against the need for privacy. Privacy is not an abstract consideration, but a practical process of negotiating and managing boundaries. The workshop will explore both social perspectives and technical approaches to this issue, and aims to provide a forum for ubicomp system developers and researchers, security researchers, and social scientists to collaboratively explore the future of trust-sensitive and community tools in ubicomp. More information can be found at

ICICS'03 5th International Conference on Information and Communications Security, Huhehaote City, Inner-Mongolia, China, October 10-13, 2003.  [posted here 1/19/03]
Information and communication security is a challenging topic at the best of times. This conference series brings together researchers and scholars to examine important issues in this area. Original papers on all aspects of information and communications security are solicited for submission to ICICS2003. Areas of interests include but not limited to: Access control, Anonymity, Authentication and Authorization, Biometric Security, Data and System Integrity, Database Security, Distributed Systems Security, Electronic Commerce Security, Fraud Control, Information Hiding and Watermarking, Intellectual Property Protection, Intrusion detection, Key Management and Key Recovery, Language-based Security, Operating System Security, Network Security, Risk Evaluation and Security Certification, Security for Mobile Computing, Security Models, Security Protocols, Virus and Worms. More information can be found on the conference web page at

CMS 2003   The Seventh IFIP Communications and Multimedia Security Conference (joint working conference IFIP TC6 and TC11), Turin, Italy, October 2-3, 2003.  [posted here 11/20/02]
CMS 2003 is the seventh working conference on Communications and Multimedia Security since 1995. State-of-the-art issues as well as practical experiences and new trends in these areas are the topics of interest of the conference:
   -  applied cryptography
   -  biometry
   -  multimedia security
   -  digital signature and digital watermarking
   -  infrastructure protection
   -  network and communication security
   -  security policies
   -  security of e-commerce
This year the organizers especially encourage submissions on advanced topics such as security of wireless networks, survivability of critical communication infrastructures, and protection of electronic documents. Visit the web site for further information, or download the PDF call for papers at

ISC'03   6th Information Security Conference, Bristol, United Kingdom, October 1-3, 2003.  [posted here 12/7/02]
Original papers are solicited for submission to ISC 2003. ISC aims to bring together individuals involved in multiple disciplines of information security to foster exchange of ideas. Topics of interest include, but are not limited to:
     Access Control                                                    Key Management
     Applied Cryptography                                         Legal and Regulatory Issues
     Cryptographic Protocols                                    Mobile Code & Agent Security
     Digital Rights Management                                Network & Wireless Security
     E-Commerce Protocols                                      Software Security
     Formal Aspects of Security                                Security Analysis Methodologies
     Information Hiding                                              Trust Management
     Intrusion Detection
More information can be found on the conference web page at

SEFM'2003   International Conference on Software Engineering and Formal Methods, Brisbane, Australia, September 22-27, 2003.  [posted here 3/20/03]
The objective of the conference is to bring together practitioners and researchers from academia, industry and government to exchange views on the theoretical foundation of formal methods, their application to software engineering and the socio-economic impact of their use. Authors are invited to submit both research and tool papers. The scientific program will include paper and tool presentations, tool demonstrations, tutorials and invited talks. More information can be found on the conference web page at

MMM-ACNS-2003   The Second International Workshop "Mathematical Methods, Models and Architectures for Computer Networks Security", September 20-24, 2003, St. Petersburg, Russia.  [posted here 3/1/03]
The objective of the 2003 workshop is to bring together leading researchers from academia and governmental organizations as well as practitioners in the area of computer networks and information security and facilitate personal interactions and discussions on various aspects of information technologies in conjunction with security problems arising in large-scale computer networks engaged in information storing, transmitting, and processing. The complete call for papers, with a list of topics of interest and information on local arrangements can be found on the work shop web page at

WiSe 2003 Workshop on Wireless Security (in conjunction with MobiCom 2003), San Diego, CA, USA, September 19, 2003.  [posted here 4/20/03]
The objective of this workshop is to bring together researchers from research communities in wireless networking, security, applied cryptography, and dependability; with the goal of fostering interaction. With the proliferation of wireless networks, issues related to secure and dependable operation of such networks are gaining importance. Topics of interest include, but are not limited to:
   -  Key management in wireless/mobile environments
   -  Trust establishment
   -  Intrusion detection, detection of malicious behaviour
   -  Revocation of malicious parties
   -  Secure PHY/MAC/routing protocols
   -  Secure location determination
   -  Denial of service
   -  User privacy
   -  Anonymity, prevention of traffic analysis
   -  Dependable wireless networking
   -  Monitoring and surveillance
More information can be found on the conference web site at

ETFA'2003   The 9th IEEE International Conference on Emerging Technologies and Factory Automation (Special session on IT Security for Automation Systems), September 16-19, 2003, Lisbon, Portugal.  [posted here 2/22/03]
Due to the increased interconnection between plant-floor systems and enterprise-level computer systems up to and including public networks like the Internet, and based on Internet protocols (HTTP/TCP/IP), IT security issues and concerns have also reached the domains of automation IT systems and automation communication networks. IT security needs, constraints, and mechanisms for automation systems are in various ways different from those of the office computing environment, which creates the necessity, but also the opportunity, for novel approaches. For this special session papers are solicited which are concerned with:

  • Specific security needs of automation systems, e.g. with respect to security objectives, usage scenarios, system topologies/architectures or operating environment.
  • Specific security mechanisms, devices, processes, protocols and architectures for automation systems.
  • IT security audits for automation devices and systems.

More information can be found at


CHES 2003   Workshop on Cryptographic Hardware and Embedded Systems, Cologne, Germany, September 8-10, 2003.  [posted here 12/6/02]
The focus of this workshop is on all aspects of cryptographic hardware and security in embedded systems. The workshop will be a forum of new results from the research community as well as from the industry. Of special interest are contributions that describe new methods for efficient hardware implementations and high-speed software for embedded systems, e.g., smart cards, microprocessors, DSPs, etc. We hope that the workshop will help to fill the gap between the cryptography research community and the application areas of cryptography. Consequently, we encourage submissions from academia, industry, and other organizations. All submitted papers will be reviewed.  The topics of CHES 2002 include but are not limited to:
    - Computer architectures for public-key and secret-key cryptosystems
    - Efficient algorithms for embedded processors
    - Reconfigurable computing in cryptography
    - Cryptographic processors and co-processors
    - Cryptography in wireless applications (mobile phone, LANs, etc.)
    - Security in pay-TV systems
    - Smart card attacks and architectures
    - Tamper resistance on the chip and board level
    - True and pseudo random number generators
    - Special-purpose hardware for cryptanalysis
    - Embedded security
    - Device identification
Additional information can be found on the conference web page at

RAID'2003   Sixth International Symposium on Recent Advances in Intrusion Detection, Pittsburgh, PA, USA, September 8-10, 2003  [posted here 3/20/03]
The RAID International Symposium series is intended to further advances in intrusion detection by promoting the exchange of ideas in a broad range of topics. Paper submission and panel proposals are invited on the following types of topics:
  - Assessing, measuring, and classifying intrusion-detection systems
  - IDS cooperation and integration
  - IDS interoperability standards and standardization
  - IDSs in high-performance and real-time environments
  - Vulnerabilities and attacks
  - Innovative Approaches
  - Practical Considerations
More information can be found on the conference web page at

7th International Conference on Knowledge-Based Intelligent Information & Engineering Systems (special session on Artificial Intelligence Applications to Information Security), St Anne's College, University of Oxford, U.K., September 3-5, 2003.   [posted here 11/11/02]
In spite of the efforts from Information Security researchers, there are still a considerable number of unsolved problems that may benefit from the application of Artificial Intelligence techniques. The increasing awareness in solving such problems has resulted in a concerted effort of Artificial Intelligence and Information Security researchers. Therefore, AI techniques like agents, evolutionary computation, neural networks, cellular automata, classic and fuzzy logic and machine learning may play an important role in specific problems concerning Information Security. We particularly encourage the discussion of the following topics:
   - Semantic analysis of cryptologic protocols,
   - Security of mobile agents,
   - Security through agents,
   - Representation and use of trust induced by PKIs,
   - Optimisation heuristics in cryptanalysis
   - Machine Learning techniques in cryptanalysis - AI techniques in cryptology
   - Any other work addressing information security problems by means of AI techniques
This session aims at bringing together members from the two research communities, information security and artificial intelligence. Consequently, discussion papers, conceptual papers, theoretical papers and application papers will be welcomed. Please visit the conference web site at for more detail on the topics of interest as well as general conference information.

TrustBus'03   Trust and Privacy in Digital Business (in conjunction with DEXA 2003), Prague, Czech Republic, September 1-5, 2003.  [posted here 12/23/02]
The purpose of this workshop is twofold: First, all issues of digital business, focusing on trust and privacy problems will be discussed. In particular, we are interested in papers that deal with trust and privacy, confidence and security, reliability and consistency, fairness and legality, and other issues critical for the success of future digital business. Second, the workshop should be a forum for the exchange of results and ongoing work performed in R&D projects, either on a national or international level.  We invite papers, work-in-progress reports, industrial experiences describing advances in all areas of digital business applications, including, but not limited to:
  - Privacy & confidentiality management
  - Trust architectures and underlying infrastructures
  - Electronic cash, wallets and pay-per-view systems
  - Businesses models with security requirements
  - Enterprise management and consumer protection
  - Trust and privacy issues in mobile environments
  - Global security architectures and infrastructures
  - Protocols and transactional models
  - Trustful management and negotiation
  - Public administration, governmental services
  - Anonymous or pseudonymous access to Web services
  - Reliability and security of content and data
  - Intellectual property rights, watermarking and fingerprinting
  - Common practice, legal and regulatory issues
  - Trust issues in E-Services, E-Voting and E-Polling
  - PKI, biometrics, smart cards
  - Intrusion detection and information filtering
More information can be found on the conference web page at

First International Mobile IPR Workshop: Rights Management of Information Products on the Mobile Internet, Helsinki, Finland, August 27-28, 2003.  [posted here 3/23/03]
MobileIPR Workshop welcomes papers on all aspects of rights management related to information products such as music, electronic books, videos, multimedia, games, or software distributed on the Mobile Internet commercially or otherwise. Relevant topics include, but are not limited to:
   - Digital rights management (DRM) and technical tools to protect and manage rights,
        e.g. cryptographic systems, watermarking, rights expression languages, and rights
        management databases.
   - Intellectual property rights (IPR) copyright, database right, patent, and trademark.
   - Privacy in relation to rights management, including protection of confidential information.
   - Contracts, especially open source licensing models in software and content production.
   - Societal and policy issues, including the effect of non-governmental organizations and
        citizens activism.
   - Control of information products - economic and ethical rationales too.
   - Business models related to rights management.
   - User-contributed content and rights management.
   - Rights management in peer-to-peer, super-distribution, and other new distribution models.
   - Related enabling technologies and their impact on digital rights management.
We welcome both full and short (experience) papers as well as extended abstracts that address different aspects of rights management. More information can be found on the workshop web page at

WISA 2003 The 4th International Workshop on Information Security Applications, Jeju Island, Korea, August 25-27, 2003.  [posted here 3/28/03]
The areas of interest include, but are not limited to:
   - Internet Security - Cyber Indication and Intrusion Detection
   - E-Commerce and Financial Cryptosystems          - Smart Cards and Secure Hardware
   - Access Control and Database Security                  - Network Security, VPNs and Firewalls
   - Mobile Security                                                       - Biometrics and Human Interfaces
   - Applied Cryptography                                              - Privacy and Anonymity
   - Public Key Cryptography / Key Management       - Security Management
   - Threats and Information Warfare                            - Digital Rights Management
   - Virus Protection                                                       - Secure Software, Systems and Applications
Additional information can be found on the conference web page at

ICET'03   The 2003 International Conference on Emerging Technologies, Minneapolis, Minnesota, USA, August 25-26, 2003.  [posted here 3/9/03]
The goal of this conference is to foster cross-disciplinary interaction in emerging technologies that are approaching sufficient maturity for initial commercialization. By providing insights from academia, research, industry, and funding communities the conference will foster discussions on interactions of emerging technologies, and the insights that can be harvested from other disciplines. Major areas of interest for this conference are: Trusted and Reliable Systems; Interconnected Computing; and Integrated Bio/hardware/software Systems. More information is available at

NSPW 2003   New Security Paradigms Workshop, Centro Stefano Francini, Ascona, Switzerland, August 18-21, 2003.  [posted here 2/22/03]
For eleven years the New Security Paradigms Workshop has provided a stimulating and highly interactive forum for innovative approaches to computer security.  In order to preserve the small, focused nature of the workshop, participation is limited to authors of accepted papers and conference organizers. NSPW is highly interactive in nature. Authors are encouraged to present ideas that might be considered risky in some other forum. All participants are charged with providing feedback in a constructive manner. The resulting brainstorming environment has proven to be an excellent medium for furthering the development of these ideas. The proceedings, which are published after the workshop, have consistently benefited from the inclusion of workshop feedback. Because we expect new paradigms, we accept wide-ranging topics in information security. Papers that present a significant shift in thinking about difficult security issues or builds on a previous shift are welcomed. Our program committee particularly looks for new paradigms, innovative approaches to older problems, early thinking on new topics, and controversial issues that might not make it into other conferences but deserve to have their try at shaking and breaking the mold. More information can be found on the conference web page at

ECC 2003 The 7th Workshop on Elliptic Curve Cryptography, University of Waterloo, Waterloo, Ontario, Canada, August 11-13, 2003 [posted here 2/15/03]
ECC 2003 is the seventh in a series of annual workshops dedicated to the study of elliptic curve cryptography and related areas. The main themes of ECC 2003 will be:
   - The discrete logarithm.
   - Efficient parameter generation and point counting.
   - Provably secure cryptographic protocols.
   - Efficient software and hardware implementation.
   - Side-channel attacks.
   - Deployment of elliptic curve cryptography.
There will be approximately 15 invited lectures (and no contributed talks), with the remaining time used for informal discussions. There will be both survey lectures as well as lectures on latest research developments. More information can be found at

IFIP WG11.2 2003   7th Annual IFIP WG 11.3 Working Conference on Data and Applications Security Estes Park, Colorado, U.S.A., August 4-6, 2003  [posted here 1/3/03]
The conference provides a forum for presenting original unpublished research results, practical experiences, and innovative ideas in data and applications security. Papers and panel proposals are solicited. Topics of interest include but is not limited to:
   - Critical Infrastructure Protection
   - Cyber Terrorism
   - Information Warfare
   - Intrusion Protection
   - Damage assessment and repair
   - Database Forensics
   - PTN security
   - Electronic Commerce Security.
More information about the conference can be found at

USENIX Security 2003 12th USENIX Security Symposium, Washington, DC, USA August 4-8, 2003 [posted here 9/17/02]
The USENIX Security Symposium brings together researchers, practitioners, system administrators, system programmers, and others interested in the latest advances in security of computer systems. Refereed paper submissions are being solicited in all areas relating to systems and network security, including:
  - Adaptive security and system management
  - Analysis of malicious code
  - Analysis of network and security protocols
  - Applications of cryptographic techniques
  - Attacks against networks and machines
  - Automated tools for source code analysis
  - Authentication and authorization of users, systems, and applications
  - Denial-of-service attacks
  - File and file system security
  - Firewall technologies
  - Intrusion detection
  - Privacy preserving (and compromising) systems
  - Public key infrastructure
  - Rights management and copyright protection
  - Security in heterogeneous and large-scale environments
  - Security of agents and mobile code
  - Security of Internet voting systems
  - Techniques for developing secure systems
  - World Wide Web security
Since USENIX Security is primarily a systems security conference, papers regarding new cryptographic algorithms or protocols, or electronic commerce primitives, are in general discouraged.

ECOOP 2003   Workshop on Exception Handling in Object Oriented Systems: towards Emerging Application Areas and New Programming Paradigms, Darmstadt, Germany, July 21-25, 2003.  [posted here 1/3/03]
The workshop will provide a forum for discussing the unique requirements for exception handling in the existing and emerging applications, including pervasive computing, ambient intelligence, the Internet, e-science, self-repairing systems, collaboration environments. We invite submissions on research in all areas of exception handling related to object oriented systems, in particular: formalisation, distributed and concurrent systems, practical experience, mobile object systems, new paradigms (e.g. object oriented workflows, transactions, multithreaded programs), design patterns and frameworks, practical languages (Java, Ada 95, Smalltalk, Beta), open software architectures, aspect oriented programming, fault tolerance, component-based technologies. We encourage participants to report their experiences of both benefits and obstacles in using exception handling, reporting, practical results in using advanced exception handling models and the best practice in applying exception handling for developing modern applications in the existing practical settings. To participate in the workshop, the prospective attendees are required to submit 4-7 page position papers (in the LNCS format) to Alexander Romanovsky ( by April 25. Additional information can be found on the workshop web page:

Security in Distributed Computing (special track of the 22nd Annual ACM SIGACT-SIGOPS Symposium on Principles of Distributed Systems), Boston, Massachusetts, USA, July 13-16, 2003.   [posted here 10/15/02]
We are soliciting research contributions on the design, specification, implementation, application and theory of secure distributed computing. We welcome submissions on any topic in the intersection of security and distributed computing, including but not limited to:
   - Secure multiparty and two-party computations
   - Secret sharing and verifiable secret sharing
   - Resiliency to corruptions: distributed, forward and proactive security
   - Security, privacy and anonymity in the Internet and in mobile communication systems
   - Secure/security protocols and distributed algorithms
   - Secure multicast and broadcast
   - Denial of service (clogging) and its prevention
   - Non-repudiation, certification and time stamping protocols
   - Distribution of intellectual property and its (copyright) protection
   - Secure distributed marketplaces, auctions, and gambling
   - Cryptographic protocols, including: authentication, key management, etc.
   - Secure electronic commerce, banking and payment protocols
   - Security for Peer to Peer computing
   - Secure bandwidth reservation and QOS
   - Distributed access control and trust management
   - Secure mobile agents and mobile code
   - Security for Storage Area Networks
The special track is an integral part of PODC; see for additional information.

ACISP 2003   The Eighth Australasian Conference on Information Security and Privacy, Wollongong, Australia, July 9-11, 2003.  [posted here 2/15/03]
Original papers pertaining to all aspects of computer systems and information security are solicited for submission to the Eighth Australasian Conference on Information Security and Privacy (ACISP 2003). Papers may present theory, techniques, applications and practical experiences on a variety of topics including:
   - Cryptology                                                          - Mobile communications security
   - Authentication and authorization                      - Secure operating systems
   - Access control                                                   - Security management
   - Network security                                               - Secure commercial applications
   - Smart cards                                                         - Key management and auditing
   - Risk assessment                                                 - Secure electronic commerce
   - Copyright protection                                          - Security architectures and models
   - Mobile agents security                                       - Evaluation and certification
   - Software protection and viruses                         - Privacy and policy issues
   - Security protocols                                               - Computer forensics
   - Distributed system security                                - Intrusion detection
   - Database security More information can be found on the conference web page at

CSFW16 16th IEEE Computer Security Foundations Workshop, Asilomar, Pacific Grove, CA, USA, June 30-July 2, 2003.  [posted here 10/5/02]
This workshop series brings together researchers in computer science to examine foundational issues in computer security. We are interested both in new results in theories of computer security and also in more exploratory presentations that examine open questions and raise fundamental concerns about existing theories. Both papers and panel proposals are welcome. Possible topics include, but are not limited to:
  - Access control          - Authentication                   - Data and system integrity
  - Database security      - Network security              - Distributed systems security
  - Anonymity                 - Intrusion detection            - Security for mobile computing
  - Security protocols    - Security models                - Decidability issues
  - Privacy                       - Executable content           - Formal methods for security
  - Information flow       - Language-based security
Information on submitting papers and panel proposals can be found on the workshop web page at

ECIW 2003   European Conference on Information Warfare and Security, University of Reading, United Kingdom, June 30-July 1, 2003.  [posted here 12/3/02]
The second European Conference on Information Warfare and Security (ECIW) is an opportunity for academics, practitioners and consultants from Europe and elsewhere who are involved in the study, management, development and implementation of systems and concepts to combat information warfare or to improve information systems security to come together and exchange ideas.  The conference in July 2003 is seeking qualitative, experience-based and quantitative papers as well as case studies and reports of work in progress from academics, information systems practitioners, consultants and government departments.  Topics may include, but are not limited to, e-Intelligence/counter-intelligence, Perception management, Information warfare theory, Electro-magnetic pulse weapons, Information, computer and network security, Cryptography, Physical security, Security policy, Information warfare policy, Information warfare techniques, Hacking, Infra-structure warfare, National security policy, Corporate defence mechanisms, Security for small to medium enterprises, Cyber Terrorism, Ethical, Political and Social Issues relating to Information Warfare, Information warfare and security education, Legal issues concerned with information warfare and e-Crime, Cyber-terrorism. In addition to multiple streams of papers, the conference committee are inviting proposals for workshops and tutorials on topics related to Information Warfare and research methods applicable to this field. The full call-for-papers and registration details can be found

SecCo 2003   1st International Workshop on Security Issues in Coordination Models, Languages and Systems (affiliated with ICALP 2003), Eindhoven, the Netherlands, June 28-29, 2003.  [posted here 12/19/02]
Coordination models and languages, which advocate a distinct separation between the internal behaviour of the entities and their interaction, represent a promising approach.  However, due to the openness of these systems, new critical aspects come into play, such as the need to deal with malicious components or with a hostile environment.  Current research on network security issues (e.g. secrecy, authentication, etc.) usually focuses on opening cryptographic tunnels between fully trusted entities. For this to work the structure of the system must be known beforehand. Therefore, the proposed solutions in this area are not always exploitable in this new scenario. The aim of the workshop is to cover the gap between the security and the coordination communities.  More precisely, we intend to promote the exchange of ideas, focus on common interests, gain in understanding/deepening of central research questions, etc. Topics of interest include, but are not limited to: Theoretical foundations, specification, analysis, case-studies, applications for:
   -  authentication                                                coordination models
   -  integrity                                                         open-distributed systems
   -  privacy                                                            mobile ad-hoc networks
   -  confidentiality                                               agent-based infrastructures
   -  access control                    -in-                     peer-to-peer systems
   -  denial of service                                            global computing
   -  service availability                                         context-aware computing
   -  safety aspects                                                 component-based systems
  -   fault tolerance                                                ubiquitous computing
More information can be found at

WISE 3/ WECS 5 Third World Conference on Information Security Education and, Workshop on Education in Computer Security, Naval Postgraduate School, Monterey California, USA, June 26-28, 2003.  [posted here 9/17/02]
IFIP Working Group 11.8 -Information Security Education and the Workshop on Education in Computer Security invite you to contribute to their activities by submitting papers for presentation at their conference to be held at the Naval Postgraduate School in Monterey California, USA. The conference aims to address interested researchers and educators from universities, schools, industry or government. The theme for the conference is Teaching the Role of Information Assurance in Critical Infrastructure Protection. Relevant topics include, but are not limited to the following:
   - New Programs in Information Security and Privacy Education
   - Training the Cyberwarrior
   - Information Security Education in Non-Academic Contexts
   - Computer Security and Infrastructure Protection
   - Education of Citizens in Information Security
   - Information Security Education in Schools
   - Teaching Cyber Ethics
   - Education in Computer Forensics and the Law
   - Education in Electronic Commerce Security
   - Education of Information Security Professionals
   - Teaching Information Systems Auditing
   - International Standards of Security Education
   - Evaluation of Security Education
   - Programs to Raise Information Security Awareness
   - Holistic Approaches in Information Security Education
   - Practical and Experimental approaches to Information Security Education
   - Information Security Distance Learning and Web-based teaching
The conference web site can be found at

Special session on Web Services Security, First International Conference on Web Services (ICWS'03), Las Vegas, Nevada, USA, June 23-26, 2003.  [posted here 12/15/02]
As is the case in many other applications, the information processed in Web services might be commercially sensitive and it is similarly important to protect this information against security threats such as disclosure to unauthorized parties. This technical session mainly focuses on different theoretical and technical approaches to handle the security issues in Web services. More information can be found on the conference web page at

WISP 2003   Workshop on Issues in Security and Petri Nets, Eindhoven (NL), June 23, 2003.  [posted here 2/7/03]
The first international Workshop on Issues in Security and Petri Nets (WISP) intends to promote research about theoretical foundations of security analysis and design with Petri Nets as system model. Hence, original papers as well as surveys on the use of Petri Nets for security issues are particularly welcome. Also original papers on security issues in other system models are welcome, provided that they either present new results or offer a new perspective to well-known problems. Suggested submission topics include:
   - comparison and classification of security models
   - formal definition and verification of the various aspects of security:
           confidentiality, integrity, authentication and availability
   - tools and techniques for the formal analysis of cryptographic protocols and their applications
   - information flow security and related theories
   - security issues in probabilistic and real-time models
   - mobile code security
   - applications to electronic commerce
   - case studies
   - surveys on security results in Petri Nets and related open problems
   - surveys on analysis techniques for Petri Nets that could be used for security analysis
More information can be found on the conference web page at

PoDSy2003 Workshop on Principles of Dependable Systems (in conjunction with The International Conference on Dependable Systems and Networks), San Francisco, CA, USA, June 22,2003 (TBC).  [posted here 1/19/02]
In this workshop we wish to bring together researchers and practitioners from both the fault-tolerance and security communities to discuss foundational topics (and related applied experiences) on the similarities and differences between both areas. The main research challenges in this context are to formulate consistent and mutually understandable notions of the relevant dependable system properties, to identify suitable models for studying these properties, and to assess fundamental abstractions of systems which are both fault-tolerant and secure. In this direction, papers are solicited which address foundational issues around the "principles" of dependable systems. Contributions of interest will address topics related to, but not limited by, the following:
   - Relationship between areas of fault-tolerance and security
   - Relationship between fault-tolerance and security properties
   - Metrics for fault-tolerance and security
   - Specification, modeling and analysis of fault-tolerant and secure systems
   - Using fault-tolerance techniques to achieve security
   - Using security techniques to achieve fault-tolerance
   - Verification and validation of fault-tolerant and secure systems
   - Experiences with fault-tolerant and secure systems
More information can be found on the workshop web page at

FCS'03   LICS Satellite Workshop on Foundations of Computer Security, Ottawa, Canada, June 26-27, 2003.  [posted here 1/3/03]
Computer security is an established field of Computer Science of both theoretical and practical significance. In recent years, there has been increasing interest in logic-based foundations for various methods in computer security, including the formal specification, analysis and design of cryptographic protocols and their applications, the formal definition of various aspects of security such as access control mechanisms, mobile code security and denial-of-service attacks, and the modeling of information flow and its application to confidentiality policies, system composition, and covert channel analysis. The aim of this workshop is to provide a forum for continued activity in this area, to bring computer security researchers in contact with the LICS community, and to give LICS attendees an opportunity to talk to experts in computer security. We are interested both in new results in theories of computer security and also in more exploratory presentations that examine open questions and raise fundamental concerns about existing theories. Possible topics include, but are not limited to:
    Formal specification                                               cryptographic protocols and applications
    Foundations of verification                                     confidentiality and authentication
    Logic-based design                                                  integrity and privacy
    Information flow analysis                                        availability and denial of service
    Security models                         --for--                    security policies
    Language-based security                                          covert channels
    Static analysis                                                            mobile code
    Composition issues                                                  intrusion detection
    Statistical methods malicious code                        confinement
More information can be found at the workshop web page:

4th Annual IEEE Information Assurance Workshop, United States Military Academy, West Point, New York, June 18-20, 2003.  [posted here 12/15/02]
The workshop is designed to provide a forum for Information Assurance researchers and practitioners to share their research and experiences. Attendees hail from industry, government, and academia. The focus of this workshop is on innovative, new technologies designed to address important Information Assurance issues. Papers will be divided into two broad categories. Approximately 2/3 of the papers will focus on innovative new research in Information Assurance. The remaining 1/3 of the papers will be recent experience and lessons learned from Information Assurance practitioners. Areas of particular interest at this workshop include, but are not limited to:
   - Innovative intrusion detection and response methodologies
   - Information warfare
   - Information Assurance education and professional development
   - Secure software technologies
   - Computer forensics
More details can be found at:

IEEE Electro/Information Technology Conference, June 5-6, 2003, Indianapolis, Indiana, USA.  [posted here 10/5/02]
Academic, industrial, and government researchers are invited to submit papers reporting both theoretical and applied research in topic areas broadly divided into four tracks: Information Technology Systems and Applications, Communications, Digital Signal Processing, and Professional Activities. Please visit the conference Web site at for information on announcement, registration, and preliminary program as they become available. The site also includes a Sample Paper under Call For Papers.

SACMAT'03  18th ACM Symposium on Access Control Models and Technologies, Como, Italy, June 2-3, 2003.   [posted here 9/27/02]
The mission of the symposium is to share novel access control solutions that fulfill the needs of interesting applications and to identify new directions for future research and development work. SACMAT gives researchers and practitioners a unique opportunity to share their perspectives with others interested in the various aspects of access control. Areas of interest include:
  -  Access control within the context of emerging standards
  -  Access control models and extensions
  -  Access control for innovative applications
  -  Methodologies and tools for access control policy design
  -  Administration of access policies
  -  Authorization management
  -  Access control mechanisms, systems and tools
  -  Access control in distributed and mobile systems
  -  Safety analysis and enforcement
  -  Theoretical foundations for access control models
See the Web page at for detailed calls for papers, panels, tutorials and other useful information.

CISSE 2003   7th Colloquium for Information Systems Security Education, Washington DC, June 1-5, 2003.  [posted here 12/10/02]
This colloquium, the seventh in an ongoing annual series, will bring together leading figures from academia, government, and industry to address the national need for security and assurance of our information and communications infrastructure. The colloquium solicits papers from practitioners, students, educators, and researchers. The papers should discuss course or lab development, INFOSEC curricula, standards, best practices, existing or emerging programs, trends, and future vision, as well as related issues. We are especially interested in novel approaches to teaching information security as well as what should be taught. This includes the following general topics:
  -  Assessment of need (e.g. how many information security workers/ researchers/ faculty are needed?)
  -  Integrating information assurance topics in existing graduate or undergraduate curricula
  -  Experiences with course or laboratory development
  -  Alignment of curriculum with existing information assurance education standards
  -  Emerging programs or centers in information assurance
  -  Late breaking topics
  -  Best practices
  -  Vision for the future
We particularly encourage papers that discuss tools, demonstrations, case studies, course modules, shareware, and worked examples that participants (and others) can use to help educate people in computer security. Papers reporting work in progress are also welcomed, especially if enough information to evaluate the work will be available at the time of the colloquium. The complete call for papers can be found at and the conference web site is at

WEIS2003   Workshop on Economics and Information Security, University of Maryland, College Park, MD, USA, May 29-30, 2003.  [posted here 2/15/03]
A fundamental concern in today's information environment is information security. However, since information security requires the use of scarce resources, an equally important concern is the efficient allocation of funds to information security activities. Thus, questions like the following are continually being asked: Do we spend enough on protecting our computer systems? How should funds that are being spent on information security be most efficiently allocated among specific information security activities? Recognition of the importance of research that integrates economics and information security was highlighted at the Workshop on Economics and Information Security held at UC- Berkeley, in May 2002. The success of that Workshop has lead to an annual event, the second of which will be held at the University of Maryland at College Park. If you would like to present a paper at the Workshop, submit a detailed abstract (PDF format preferred) to Dr. Martin P. Loeb, General Chair by e-mail at ( by March 15, 2003. Approximately 20 papers will be selected for presentation and total workshop participants will be limited to 50. Notification of acceptance for the program will be sent by April 6, 2003.

WWW2003  The Twelfth International World Wide Web Conference, Security & Privacy Track, Budapest, Hungary, May 20-24, 2003   [posted here 7/17/02]
The Security and Privacy Track at WWW2003 is soliciting papers on all computer scientific aspects of security and privacy as they relate to the Web in general, or more specifically to Web standards. ("Security and Privacy" is a new track to the International WWW Conference this year; last year this topic area was combined with "E-Commerce" into a single track.) We invite papers describing both theoretical and experimental research including (but not limited to) the following topics:
  -  Active content security
 -  Anonymity, pseudonymity & identity management
 -  Data center security
 -  Digital rights management
 -  Digital signatures
 -  Intrusion detection for e-commerce
 -  Mobile code security
 -  Public key infrastructure
 -  Security in content distribution networks
 -  Trust management
 -  User interfaces for security and privacy
 -  Web server and caching denial of service protection
 -  Web services security
 -  XML security and privacy
More information may be found on the conference web page at

IRMA 2003  Information Resources Management Association International Conference, Philadelphia, PA, USA, May 18-21, 2003  [posted here 7/29/02]
The theme of the conference is: Information Technology and Organizations: Trends, Issues, Challenges and Solutions.  The conference is made up of 45 tracks and includes an Information Security Management track.  Papers may be full length or research-in-progress.  Panel, workshop, tutorial, and symposium proposals are also welcomed.  Further details on the conference and individual tracks are available at

The 2003 IEEE Symposium on Security and Privacy, Oakland, California, USA, May 11-14, 2003.  [posted here 9/17/02]
Since 1980, the IEEE Symposium on Security and Privacy has been the premier forum for the presentation of developments in computer security and electronic privacy, and for bringing together researchers and practitioners in the field. Previously unpublished papers offering novel research contributions in any aspect of computer security or electronic privacy are solicited for submission to the 2003 symposium. Papers may represent advances in the theory, design, implementation, analysis, or empirical evaluation of secure systems, either for general use or for specific application domains. Topics of interest include, but are not limited to, the following:
   - Commercial and Industrial Security Electronic Privacy
   - Mobile Code and Agent Security Distributed Systems Security
   - Network Security Anonymity
   - Data Integrity Access Control and Audit
   - Information Flow Security Verification
   - Viruses and Other Malicious Code Security Protocols
   - Authentication Biometrics
   - Smartcards Peer-to-Peer Security
   - Intrusion Detection Database Security
   - Language-Based Security Denial of Service
   - Security of Mobile Ad-Hoc Networks
The full call for papers can be found at For any questions, please contact the program chairs, at

Workshop on Data Mining for Counter Terrorism and Security, (held in conjunction with the Third SIAM International Conference on Data Mining), San Francisco, CA, USA, May 3, 2003.  [posted here 10/15/02]
The purpose of this workshop is to discuss ways in which data mining and machine learning can be used to analyze data from numerous sources of high-complexity for the purpose of preventing future terrorist activity. This is inherently a multidisciplinary activity, drawing from areas such as intelligence, international relations, and security methodology. From the data mining and machine-learning world this activity draws from text mining, data fusion, data visualization, data warehousing, and high scalability are necessary for a successful endeavor. Papers in these areas with clear application to the issues of counter terrorism are particularly solicited. Topics of interest include:
   -  Methods to integrate heterogeneous data sources, such as text, internet, video, audio, biometrics, and speech
   -  Scalable methods to warehouse disparate data sources
   -  Identifying trends in singular or group activities
   -  Pattern recognition for scene and person identification
   -  Data mining in the field of aviation security, port security, bio-security
   -  Data mining on the web for terrorist trend detection.
More information can be found on the workshop web page at

Second Annual PKI Research Workshop, NIST, Gaithersburg MD, USA, April 28-29, 2003.  [posted here 10/30/02]
This workshop among leading security researchers will explore the issues relevant to this area of security management, and will seek to foster a long-term research agenda for authentication and authorization in populations large and small via public key cryptography. We solicit papers, panel proposals, and participation. The goals of this workshop are to cross-pollinate existing research efforts, to identify the key remaining challenges in deploying public key authentication and authorization, and to develop a research agenda addressing those outstanding issues.
   -  What are the key areas in current PKI approaches that need further work?
   -  For each area, what approaches appear most promising?
   -  How do the approaches in one area affect the methodologies in other areas?
A complete list of topics of interest and the full call for papers can be found at the workshop web site at

ITCC 2003  International Conference on Information Technology: Coding and Computing, Las Vegas, Nevada, April 28-30, 2003.  [posted here 6/27/02]
The rapid growth in information science and technology in general and the complexity and volume of multimedia data in particular have introduced new challenges for the research community. Of particular interest is the need for a concise representation, efficient manipulation, and fast transmission of multimedia data. Applications such as space science, tele-medicine, military, and robotics deal with large volumes of data which need to be stored and processed in real time. Topics of interest include:
    - Digital Image, Video &   Audio Processing              - Information Hiding & Video Streaming
    - Document Image Analysis                                           - Data Compression
    - Authentication of Video and Audio Data                    - Multimedia Computing
    - Hybrid Source/Channel Coding                                  -  Systems Interfacing and Integration
    - Information Databases                                                 -  E-commerce Compressed Data Processing
    - Data Storage Platforms                                                -  Optical Data Transmission
    - New Architectures for Multimedia Processing         - Graphics and Video Hardware
    - Error Control Codes                                                     -  Video and Audio Codec Design
    - Enterprise Architectures                                              -  Enterprise-wide Information Management
    - Pervasive Computing
More information can be found on the conference web page at

ICEIS'2003  5th International Conference on Enterprise Information System, Angers, France, April 23-26, 2003.  [posted here 9/17/02]
The purpose of the 5th International Conference on Enterprise Information Systems (ICEIS) is to bring together researchers, engineers and practitioners interested in the advances and business applications of information systems. Four simultaneous tracks will be held, covering different aspects of Enterprise Information Systems Applications, including Enterprise Database Technology, Systems Integration, Artificial Intelligence, Decision Support Systems, Information Systems Analysis and Specification, Internet Computing and Electronic Commerce. Human factors issues in the development of these applications are also considered. ICEIS focuses on real world applications; therefore authors should highlight the benefits of Information Technology for industry and services. Ideas on how to solve business problems, using IT, will arise from the conference. Papers describing advanced prototypes, systems, tools and techniques and general survey papers indicating future directions are also encouraged. Both full research reports and work-in-progress reports are welcome. More information can be found on the conference web site at

BITE2003   The First International Workshop on Business Information Technology Ethics (in conjunction with ICEIS 2003,, Angers, France, April 22, 2003.   [posted here 10/24/02]
"Praxis versus Theory" would best describe the overall theme of this workshop in IT ethics. Computer ethics is a fledgling discipline that is top-heavy with practical knowledge but desperately in need of a sound theoretical base that it can claim as its own. Can original philosophical theories or novel adaptations of other ethical paradigms better assist us in improving the lot of professional practice in IT? Or must we always fall back on the anachronistic greats of Western Philosophy to guide our moral way through 21st century technologies? This workshop will serve as a forum to gather researchers, practitioners, students and anyone with an interest in the development of IT ethics as a means of improving professional practice. Topics of interest include, but are not limited to:
   - The social and cultural effects of IT on business practice
   - Security and computer misuse
   - Privacy and workplace monitoring
   - Cross-cultural issues in IT ethics
   - Ethics in project management
   - Professional etiquette, standards and codes in IT
   - Ethics in electronic commerce
   - Empirical studies in IT ethics
   - Ethics of software patents
   - Professional responsibility in IT
   - Corporate governance and IT
   - Theoretical issues in IT professional practice
   - Innovative training methods in IT ethics for professionals
   - Submissions on other allied issues are also welcome
More information can be found on the workshop web page at

IWWST'03 First International Workshop in Wireless Security Technologies, London, UK, April 15-16, 2003.  [posted here 2/22/03]
Wireless Information Technology Research Centre in collaboration with the British Computer Society, is organising the First International Workshop in Wireless Security Technologies, IWWST '03. The complete call for papers along with other conference information can be found at

CT-RSA 2003  Cryptographers' Track RSA Conference 2003, San Francisco, CA, USA, April 13-17, 2003.   [posted here 8/1/02]
Following the success of the two previous editions, the Cryptographers' Track of RSA Conference 2003 (CT-RSA 2003) will be run as an anonymously refereed conference with proceedings. Original research papers pertaining to all aspects of cryptography as well as tutorials or results presented in other conferences are solicited. Submissions may present theory, techniques, applications and practical experience on topics including, but not limited to: fast implementations, secure electronic commerce, network security and intrusion detection, formal security models, comparison and assessment, tamper-resistance, certification and time-stamping, cryptographic data formats and standards, encryption and signature schemes, public key infrastructure, protocols, elliptic curve cryptography, block cipher design, discrete logarithms and factorization techniques, stream ciphers and Boolean functions, lattice reduction and provable security. The program committee invites tutorials and research contributions in the broad area of applications and theory of cryptography. More information can be found at the workshop web page at

IPCCC'2003  The International Performance, Computing, and Communications Conference, Phoenix, Arizona, USA, April 9-11, 2003  [posted here 9/17/02]
We encourage submission of high-quality papers reporting original work in both theoretical and experimental research that address the recent advances in algorithms, architectures, protocols, wired and wireless network infrastructure, embedded systems, and distributed and mobile systems and applications.  Topics of interest include, but are not limited to, the following:
  - Network Security                                                      - WDM Networks
  - Power-aware Design and Computing                      - Wireless Networks
  - Grid Computing                                                         - Web Server Performance
  - Survivable Networks                                                 - Internet Computing
  - Performance Evaluation Methodologies                - Mobile and Networked Applications
  - Embedded System Design and Integration              - High-Performance Computing
  - Storage Systems (file systems, databases)              - Mobile and ad-hoc Networking
  - Information Assurance                                               - Mobile and Ubiquitous Systems
  - Network Protocols and Performance
More information can be found on the conference web page at

CHI2003 ACM Workshop on Human-Computer Interaction and Security Systems, Fort Lauderdale, Florida, USA April 5 or 6, 2003 (position papers due January 17, 2003) [posted here 11/21/02]
The human factor is often described as the weakest part of a security system and users are often described as the weakest link in the security chain. This workshop will seek to understand the roles and demands placed on users of security systems, and explore design solutions that can assist in making security systems usable and effective. In addition to examining end-users, this workshop will also examine the issues faced by security system developers and operators. Security is a large topic so there are many areas where HCI is important. Three obvious areas of interest are authentication (passwords, biometrics, etc.), security operations (intrusion detection, vigilance, policies and practices, etc.), and developing secure systems (developing for security, understanding users, installation and operation support, etc.). We are interested in receiving submissions on these topics, and suggestions of other possible topic areas are also welcome. Position papers are due January 17, 2003. The workshop will be held April 5 or 6, 2003 (to be finalized), in Fort Lauderdale, Florida. The full CFP and other information is available here:

WITS'03  Workshop on Issues in the Theory of Security (co-located with ETAPS'03), Warsaw, Poland, April 5-6, 2003.   [posted here 11/21/02]
WITS is the official workshop organised by the IFIP WG 1.7 on "Theoretical Foundations of Security Analysis and Design", established to promote the investigation on the theoretical foundations of security, discovering and promoting new areas of application of theoretical techniques in computer security and supporting the systematic use of formal techniques in the development of security related applications. Extended abstracts of work (accepted after selection and) presented at the Workshop are collected and distributed to the participants. There will be no formally published proceedings; however, selected papers will be invited for submission to a special issue of the Journal of Computer Security. Suggested submission topics include:
   - formal definition and verification of the various aspects of security:
      confidentiality, privacy, integrity, authentication and availability;
   - new theoretically-based techniques for the formal analysis and design of cryptographic
      protocols and their manifold applications (e.g., electronic commerce);
   - information flow modeling and its application to the theory of confidentiality policies,
      composition of systems, and covert channel analysis;
   - formal techniques for the analysis and verification of code security, including mobile
      code security;
   - formal analysis and design for prevention of denial of service;
   - security in real-time/probabilistic systems
   - security in coordination languages
The official web page of the conference is at the url

SPI 2003 Security and Protection of Information, Brno, Czech Republic, March 28-30, 2003.  [posted here 1/3/03]
The call for papers and a list of example topics may be found on the conference web page at Speakers desiring to submit papers should e-mail an abstract of at least 250 words along with a short CV/résumé of the speaker(s) to Jaroslav Dockal ( by January 13th, 2003. More details can be found in the call for papers.

Workshop on Privacy Enhancing Technologies 2003, Dresden, Germany, March 26-28, 2003.  [posted here 7/17/02]
Privacy and anonymity are increasingly important in the online world. Corporations and governments are starting to realize their power to track users and their behavior, and restrict the ability to publish or retrieve documents. Approaches to protecting individuals, groups, and even companies and governments from such profiling and censorship have included decentralization, encryption, and distributed trust. The workshop seeks submissions from academia and industry presenting novel research on all theoretical and practical aspects of privacy technologies, as well as experimental studies of fielded systems. We encourage submissions from other communities such as law and business that present their perspectives on technological issues. As in past years, we will publish proceedings after the workshop. Suggested topics include but are not restricted to:
  - Efficient (technically or economically) realization of privacy services
  - Techniques for censorship resistance
  - Anonymous communication systems (theory or practice)
  - Anonymous publishing systems (theory or practice)
  - Attacks on anonymity systems (eg traffic analysis)
  - New concepts in anonymity systems
  - Protocols that preserve anonymity/privacy
  - Models for anonymity and unobservability
  - Models for threats to privacy
  - Novel relations of payment mechanisms and anonymity
  - Privacy-preserving/protecting access control
  - Privacy-enhanced data authentication/certification
  - Profiling, data mining, and data protection technologies
  - Reliability, robustness, and attack resistance in privacy systems
  - Providing/funding privacy infrastructures (eg volunteer vs business)
  - Pseudonyms, identity, linkability, and trust
  - Privacy, anonymity, and peer-to-peer
  - Usability issues and user interfaces for PETs
  - Policy, law, and human rights -- anonymous systems in practice
  - Incentive-compatible solutions to privacy protection
  - Economics of privacy systems
  - Fielded systems and techniques for enhancing privacy in existing systems
More information can be found on the workshop web page at

The First International Workshop on Information Assurance, Darmstadt, Germany, March 24, 2003.  [posted here 8/13/02]
The IEEE Task Force on Information Assurance is sponsoring a workshop on information assurance in cooperation with the ACM SIGSAC on research and experience in information assurance. The workshop seeks submissions from academia and industry presenting novel research on all theoretical and practical aspects of IA; possible topics include, but are not limited to the following:
  -   Information Warfare and Operations
  -   Network Security
  -   Operating System Security
  -   Storage Security
  -   Intrusion Detection, Prediction, and Countermeasures
  -   Insider Attack Countermeasures
  -   Information Sharing in Coalition Settings
  -   Security Models
  -   Survivability and Resilient Systems
  -   Formal Methods for Security
  -   CCITSE Experience and Methodology
  -   IA Standardization Approaches
  -   Specification, Design, Development, and Deployment of IA Mechanisms
Papers with a systems perspective are especially welcome. In addition to the dissemination of new research, another goal of the workshop is to bring together researchers and practitioners from both governmental and civilian areas. More information on the workshop can be found at .

SPC-2003  First International Conference on Security in Pervasive Computing, Boppard, Germany, March 12-14, 2003.  [posted here 6/27/02]
The ongoing compression of computing facilities into small and mobile devices like handhelds, portables or even wearable computers will enhance an ubiquitous information processing. The basic paradigm of such a pervasive computing is the combination of strongly decentralized and distributed computing with the help of diversified devices allowing for spontaneous connectivity via the internet. The objective of this conference is to develop new security concepts for complex application scenarios based on systems like handhelds, phones, smartcards, and smart labels hand in hand with the emerging technology of ubiquitous and pervasive computing. Particular subjects are methods and technology concerning the identification of risks, the definition of security policies, and the development of security measures that are related to the specific aspects of ubiquitous and pervasive computing like mobility, communication, and secure hardware/software platforms. More information can be found on the conference web page at

NDSS'03  The 10th Annual Network and Distributed System Security Symposium, San Diego, CA, USA, February 5-7, 2002.  [posted here 7/17/02]
The symposium fosters information exchange among research scientists and practitioners of network and distributed system security services. The target audience includes those interested in practical aspects of network and distributed system security, with a focus on actual system design and implementation (rather than theory). A major goal is to encourage and enable the Internet community to apply, deploy, and advance the state of available security technology. Topics of interest include:
    - Integrating security in Internet protocols: routing, naming, TCP/IP, multicast,
       network management, and the Web.
    - Intrusion avoidance, detection, and response: systems, experiences and architectures.
    - Attack-resistant protocols and services:
        * Network perimeter controls: firewalls, packet filters, application gateways
        * Virtual private networks
        * Public key infrastructure, key management, certification, and revocation
        * Secure electronic commerce: e.g., payment, barter, EDI, notarization, time stamping,
           endorsement, and licensing
        * Supporting security mechanisms and APIs; audit trails; accountability
        * Implementation, deployment and management of network security policies
        * Intellectual property protection: protocols, schemas, implementations, metering,
           watermarking, digital rights management.
        * Fundamental services on network and distributed systems: authentication, data integrity,
           confidentiality, authorization, non-repudiation, and availability.
        * Integrating security services with system and application security facilities and protocols: e.g.,
            message handling, file transport/access, directories, time synchronization, data base
            management, boot services, mobile computing
        * Security for emerging technologies: sensor networks, specialized test beds, wireless/mobile
           (and ad hoc) networks, personal communication systems, and large heterogeneous distributed systems.
        * Special problems and case studies: e.g., interplay and tradeoffs between security and efficiency,
           usability, reliability and cost.
        * Security for collaborative applications and services: teleconferencing and video-conferencing,
           group work, etc.
More information can be found on the workshop web page at

Workshop on Security and Assurance in Ad hoc Networks (in conjunction with SAINT2003), Orlando, Florida, USA, January 28, 2003.  [posted here 9/17/02]
This half day workshop aims at providing a forum for the discussion of security and assurance issues related to ad hoc networks as components of the Internet. Technical papers describing original research are solicited. Areas of particular interest include, but are not limited to:
   - Security and fault tolerant issues in ad hoc networks
   - Secure routing in ad hoc networks
   - Applications of mobile agents and autonomous intelligent systems
   - Tradeoffs between efficiency and security in ad hoc networks
   - Bounds on efficiency in ad hoc networks
   - Security protocols for group applications in ad hoc networks
   - Self configuration in ad hoc networks
   - Location discovery and management
   - Timing and synchronization in ad hoc networks
   - Secure, distributed algorithms for ad hoc networks
Please consult the Program Co-Chairs Alec Yasinsac ( or Mike Burmester ( if you are uncertain whether your paper falls within the scope of the workshop. Workshop information will be posted at

SAINT2003   2003 Symposium on the Internet and Applications, Orlando, Florida, USA, January 27-31, 2003.    [posted here 3/15/02]
THEME: The Evolving Internet. The Symposium on Applications and the Internet focuses on emerging and future Internet applications and their enabling technologies. The symposium provides a forum for researchers and practitioners from the academic, industrial, and public sectors, to share their latest innovations on Internet technologies and applications. Areas of particular interest include, but are not limited to:
  - Internet Agents
  - Collaboration Technology: Groupware & telepresence and Internet communities
  - Internet Content Management Systems: XML and semi-structured data, information fusion, web-based databases, and data mining.
  - Internet Content Delivery: web caching, multimedia, adaptations, QoS
  - E-Business: infrastructure for e-services, brokering, negotiation, B2B, Internet workflow, and virtual enterprise.
  - Wireless and Mobile Internet: content adaptation, e-services, mobile commerce
  - Standards for Internet Applications: XML, SOAP, UDDI, WSDL, WSFL, ebXML, Java, .NET, Sun One, others.
  - GRID Computing
  - Internet Appliances: smart phones, PDAs, sensor networks, smart home, etc.
  - Novel Internet Applications
  - Internet Security
  - Network and Protocol Architecture
  - Internet Operation and Performance
Information for prospective authors, including paper format and submission instructions can be found in the symposium web page at

HICSS-36 Secure and Survivable Software Systems (Part of the Software Technology Track), Big Island, Hawaii, USA, January 6-9, 2003.  [posted here 3/28/02]
The focus of this minitrack is security and survivability in large, non-trivial, software systems, with an emphasis on the last phases of the four stage survivability model consisting of Resistance, Recognition, Recovery, and Adaptation. Papers on Resistance and Recognition that address the need or capacity for safety critical software systems to “fail-safe” and “fail-secure” are also desired. Submissions will be sought from researchers in the area of system survivability, software dependability, computer and network security, fault-tolerance and intrusion tolerance, and economic or statistical modeling of secure/survivable systems. Main minitrack topics include but are not limited to:
    - System or software survivability
    - Safety critical failure modes
    - Network or system intrusion tolerance
    - Modeling malicious behavior or attacks
    - Mathematical models for verification of vulnerability to malicious acts
    - Models for measurement, evaluation, or validation of survivability
    - Software fault tolerance
    - Design for dependability and/or survivability
    - PRA and hybrid fault models accounting for malicious acts and events
More information can be found on the HICSS-36 conference web site is at and the miitrack web site at

PKC2003   The Sixth International Workshop on Practice and Theory in Public Key Cryptography, Miami, Florida, USA, January 6-8, 2003.    [posted here 6/24/02]
PKC is the main annual workshop focusing on research on all aspects of public key cryptography. PKC 2003 will for the first time be an IACR workshop. Topics of interest include:
  -  Certification and Time-stamping                  - Computational Complexity Aspects
  -  Cryptanalysis                                                  -  Discrete Logarithm
  -  Electronic Cash/Payment                              -  Elliptic Curve Cryptography
  -  Encryption Schemes                                      -  Fast Implementations
  -  Integer Factorization                                      -  International Standards
  -  Lattice Reduction                                           -  Provable Security
  -  Public Key Infrastructure                              -  Secure Electronic Commerce Signature Schemes
Further details are available at: