Calls for Papers

IEEE Computer Society's Technical Committee on Security and Privacy


Past Conferences and Journal Special Issues

Last Modified:01/13/05

Note: Please contact by email if you have any questions..



Past Conferences and Other Announcements - 2004

ACSAC 20 The 20th Annual Computer Security Applications Conference, Hilton Tucson El Conquistador, Tucson, AZ, USA, December 6-10, 2004.  [posted here 5/14/04]
The 19th Annual Computer Security Applications Conference is an internationally recognized conference that provides a forum for experts in information system security to exchange practical ideas about solving real problems. Papers and proposals that address the application of technology, the implementation of systems, and lessons learned will be given special consideration. The ACSAC Program Committee is looking for papers, panels, forums, case studies presentations, tutorials, workshops, and works in progress that address practical solutions to problems related to protecting commercial enterprises or government information infrastructures.

A list of topics of interest along with other conference information can be found at

ISWC2004 3rd Workshop on Trust, Security, and Reputation on the Semantic Web, Hiroshima, Japan, November 7, 2004. [posted here 5/29/04]
This workshop will bring together researchers from different communities to examine cutting-edge approaches towards the establishment of these security, trust, and reputation                         
infrastructures. The emphasis will be to advance and integrate security and trust related research from the semantic web, logical reasoning, grid, agent, peer-to-peer, and web services.                        
The workshop will include both presentations of research papers and demonstrations of implemented systems. We envisage a wide variety of
contributions both from the area of traditional security and access control research as well as from the area of reputation propagation and social network theory.

<>Workshop topics include, but are not limited to, the following:                
    - rule-based policies, contracts and business rules                        
    - natural-language and visual interfaces for policy languages              
    - rules and ontologies for security, trust and privacy                     
    - digitally signed RDF                                                     
    - security requirements engineering                                        
    - trust establishment and automated trust negotiation                      
    - decentralized trust infrastructures for semantic web and grid environments                                                             
    - trust metrics and models                                                 
    - trust and provenance                                                     
    - trust and reputation management and propagation                          
    - friends of a friend networks / FOAF                                      
    - distributed computation of trust                                         
    - security and trust for agents, peer-to-peer, grid and web services       
    - case studies on security and trust applications                          

For more info, see

NORDSEC2004 9th Nordic Workshop on Secure IT Systems, Espoo, Finland, November 4-5, 2004.  [posted here 5/13/04]

The NORDSEC workshops started in 1996 with the aim of bringing researchers and practitioners within computer security in the Nordic countries. The theme of the workshop has been applied security, i.e. all kinds of security issues that could encourage interchange and cooperation between the research community and the industrial/consumer community. Possible topics include, but are not limited to the following:

- Privacy and Privacy Enhancing Technologies
- Wireless Communication Security
- Inter/Intra/Extranet Security
- Security Protocol Modeling and Analysis
- E-and M-Business Security
- New Firewall Technologies
- Secure Infrastructures; TTP, PKI, Key Escrow/Recovery
- Computer Crime and Information Warfare
- Detecting Attacks, Intrusions and Computer Misuse
- Smart Card Applications
- Security Management and Audit
- Security Evaluations and Measurements
- Security in Commercial off-the-shelf Products, COTS
- Operating System Security
- Security Models
- New Ideas and Paradigms for Security
- Security Education and Training
- Quality of Service or Software Engineering in Relation to Security

The workshop will consist of paper sessions, panel discussions and invited talks. For a complete call for papers, see

PSDM04, ICDM Workshop on Privacy and Security Aspects of Data Mining, November 1, 2004, Brighton, UK. [posted here 8/4/04]
The goal of this workshop is to discuss issues of privacy and security in data mining, synergize different views of techniques and policies, and 
brainstorm future research directions. Although techniques, such as random perturbation, cryptographic-based methods, and database inference
control have been developed, many of the key problems still remain open in this area.  Especially, new privacy and security issues have been
identified, and the scope of this problem has been expanded. In addition to these existing technologies, people attempt to explore new approaches
to tackle the problem.

Furthermore, special techniques may be needed to deal with some data mining applications, such as privacy-preserving mining of imbalanced
data, bioinformatics data, streaming data, etc. It would be valuable to both the privacy and security community and the data
mining community to examine the progress achieved in this area.  Researchers with interest in the areas of privacy and
security as well as data mining and machine learning are strongly encouraged to attend the workshop.                                                                       
Topics of Interest                                                              
- Privacy and security protection during the phase of data collection,  including privacy and security policies, data ownership, identity theft protection.
- Access control techniques and secure data models.
- Secure learning algorithms for randomized/perturbed data.
- Privacy-Preserving multi-party data mining.
- Trust management for data mining.
- Learning from imbalanced data, streaming data, and bioinformatics data
- Trust management for data mining.
- Learning from imbalanced data, streaming data, and bioinformatics data while preserving data  privacy.                   
- Inference/disclosure related data mining.
- Privacy protection in E-Commerce.
- Privacy laws for fraud detection and for protecting personal data, medical data, and the public release of data.                          
- Secure link analysis and social network analysis.
- Data mining applications for terrorist detection.
- Privacy enhancement technologies in web environments.                        
- Privacy guarantees and usability of perturbation and randomization techniques.                                                              
- Analysis of confidentiality control methods.                         

For complete call-for-paper information, please see

VizDMSEC Workshop on Visualization and Data Mining for Computer Security, Washington DC, USA, October 29, 2004.  [posted here 5/29/04]
Information about security on large and complex computer networks is high volume, heterogeneous, distributed, and dynamic over time.  Of             
interest to this workshop are two complementary methods to process high-dimensional data into knowledge: visualization and data mining.
Visualization represents high-dimension security data in 2D/3D  graphics and animations intended to facilitate quick inferences for
situational awareness and focusing of attention on potential security events.  Data mining focuses on algorithms to accurately detect
patterns in high-dimension security data representing unauthorized system access or computer network attacks. Papers with demonstrated
results will be given priority.                                                 
More information on this workshop can be found at .

WPES'04 ACM Workshop on Privacy in Electronic Society, George Mason University, Washington DC, USA, October 28, 2004. [posted here 5/29/04]
 This workshop is being held as part of the 11th ACM conference on Computer and Communicutions Security. The workshop seeks submissions from academia and industry presenting novel research on all theoretical and practical aspects of electronic privacy, as well as experimental studies of fielded systems. We encourage submissions from other communities such as law and business that present these communities' perspectives on technological issues.

Topics of interest include, but are not limited to:

anonymity, pseudonymity, and unlinkability                     privacy and confidentiality management
business model with privacy requirements                           privacy in the electronic records
data protection from correlation and leakage attacks         privacy in health care and public administration
electronic communication privacy                                        public records and personal privacy
information dissemination control                                        privacy and virtual identity
privacy-aware access control                                                  personally identifiable information
privacy in the digital business                                               privacy policy enforcement
privacy enhancing technologies                                           privacy and data mining
privacy policies and human rights                                        relationships between privacy and security
privacy and anonymity in Web transactions                     user profiling
privacy threats                                                                          wireless privacy

For more information, please see:

ICICS 2004   Sixth International Conference on Information and Communications Security, Malaga, Spain, October 27-29, 2004.  [posted here 2/18/04]
The 2004 International Conference on Information and Communications Security will be the sixth event in the ICICS conference series, started
in 1997, that brings together individuals involved in multiple disciplines of Information and Communications Security in order to foster exchange
of ideas. Original papers are solicited for submission.

Areas of interest include but are not limited to:

- Anonymity                                     
- Authentication and Authorization
- Biometrics                                    
- Computer Forensics
- Critical Infrastructures Protection
- Cryptography and its Applications
- Data and Systems Integrity            
- Design and Analysis of Cryptosystems
- Electronic Commerce Security          
- Fraud Control and Information Hiding
- Information and Security Assurance  
- Intellectual Property Protection
- Intrusion Detection and Response      
- Key Management and Key Recovery
- Mobile Communications Security        
- Network Security
- Privacy Protection                    
- Risk Evaluation and Security Certification
- Security Models                               
- Security Protocols
- Software Protection                   
- Smart Cards
- Trust Management                              
- Watermarking

For more information, see for details.

FMSE'04 2nd ACM Workshop on Formal Methods in Security Engineering: From Specifications to Code, Washington DC, USA, October 28, 2004. [posted here 5/29/04]
 This workshop is being held as part of the 11th ACM conference on Computer and Communicutions Security.We aim to bring together researchers and practitioners from both the security and the software engineering communities, from academia and industry, who are working on applying formal methods to designing and validating large-scale systems. We are seeking submissions addressing foundational issues in:

    - security specification techniques
    - formal trust models
    - combination of formal techniques with semi-formal techniques like UML
    - formal analyses of specific security properties relevant to software development
    - security-preserving composition and refinement of processes
    - faithful abstractions of cryptographic primitives and protocols in process abstractions
    - integration of formal security specification, refinement and validation techniques in development methods and tools.

The primary focus is on high-quality original unpublished research and case studies.

For more information, please see:

ACM MOBIWAC ACM International Workshop on Mobility Management and Wireless Access (with Mobicom 2004), Philadelphia, PA, USA, October 25, 2004. [posted here 6/30/04]
This workshop solicits papers, both form researchers and practitioners, dealing with mobile computing and wireless access technologies,
with an emphasis on mobility and location management, ubiquitous and ad hoc access, awareness,
mobile computational ambient agents, natural interaction and seamless access.
The workshop will include contributed technical papers, invited papers, panel discussions and tools demonstrations.                                    

Authors are encouraged to submit both theoretical and practical results of significance on all aspects of wireless and mobile access technologies         
with an emphasis on mobility management and wireless access.

The scope of this workshop includes, but is not limited, to:

- Wireless/Mobile Access Protocols
- Wireless Web Access
- Fault Tolerance in Wireless Access Networks
- Application development for embedded electronics and mobile devices
  (with J2ME Wireless Devices, etc.)
- Wireless Multimedia Protocols
- Design and architecture of wireless communication and mobile computing
- Mobile service and QoS management
- Localization and tracking of mobile users
- Modeling of wireless devices and networks
- Large scale simulation
- Channel Allocation
- Analysis of correctness and efficiency of protocols
- Pervasive Computing
- Ubiquitous and mobile access
- Security and privacy issues
- Awareness-dependent wireless applications
- Interactive applications
- Awareness-dependent wireless applications
- Interactive applications
- Context-awareness
- Wireless, ad hoc and sensor access devices
- Wireless internet access technologies
- Mobile commerce technologies

For more info, see

SASN2004 ACM Workshop on Security of Ad Hoc and Sensor Networks, Wyndham City Hotel, Washington, DC, October 25, 2004.  [posted here 5/13/04]
This workshop seeks submissions from academia and industry presenting novel research on all aspects of security for ad hoc and sensor networks, as well as experimental studies of fielded systems.  Submission of papers
based on work-in-progress is encouraged.  Topics of interest include, but are not limited to, the following as they relate to wireless networks,mobile ad hoc networks, or sensor networks:

- Security under resource constraints, e.g., energy, bandwidth, memory, and computation constraints
- Performance and security tradeoffs
- Secure roaming across administrative domains
- Key management
- Cryptographic protocols
- Authentication and access control
- Trust establishment, negotiation, and management
- Intrusion detection and tolerance
- Secure location services
- Privacy and anonymity
- Secure routing
- Secure MAC protocols
- Denial of service
- Prevention of traffic analysis

For more info, see

DRM2004 ACM Workshop on Digital Rights Management, Wyndham City Hotel, Washington, DC, October 25, 2004. [posted here 5/29/04]
This workshop seeks submissions from academia and industry presenting novel research on all aspects of security for ad hoc and sensor networks, as well as experimental studies of fielded systems.  Submission of papers
based on work-in-progress is encouraged.  Topics of interest include, but are not limited to, the following as they relate to wireless networks,mobile ad hoc networks, or sensor networks:

- Security under resource constraints, e.g., energy, bandwidth, memory, and computation constraints
- Performance and security tradeoffs
- Secure roaming across administrative domains
- Key management
- Cryptographic protocols
- Authentication and access control
- Trust establishment, negotiation, and management
- Intrusion detection and tolerance
- Secure location services
- Privacy and anonymity
- Secure routing
- Secure MAC protocols
- Denial of service
- Prevention of traffic analysis

For more info, see

CCS 2004   11th ACM Conference on Computer and Communications Security, Washington, DC, USA, October 25-29, 2004.  [posted here 11/18/03]

(See the  call at http:/// for details).

SASC2004 The State of the Art of Stream Ciphers, Novotel Brugge Centrum, Brugge, Belgium, October 14-15, 2004  [posted here 09/07/04]
The cryptographic community is well served by a variety of efficient and trusted block ciphers. Yet there remains only a limited selection of            
trusted, non-proprietary, and royalty-free stream ciphers.  SASC is a  special workshop that aims to provide a more complete understanding of the      
current state of stream cipher design and analysis. Sponsored by the ECRYPT Network of Excellence ( SASC will consider the         
current state of stream cipher knowledge. In particular it is hoped to  expose new and existing stream cipher proposals, cryptanalytic tools, and       
design criteria to the wider attention of the cryptographic community.          
WiSe 2004   Workshop on Wireless Security (in conjunction with MobiCom 2004), Philadelphia, PA, USA, October 1, 2004.  [posted here 1/19/04]
The objective of this workshop is to bring together researchers from research communities in wireless networking, security, applied cryptography, and dependability; with the goal of fostering interaction. With the proliferation of wireless networks, issues related to secure and dependable operation of such networks are gaining importance. Topics of interest include, but are not limited to:
   - Trust establishment
   - Key management in wireless/mobile environments
   - Economic incentives for collaboration
   - Security modeling and protocol design in the context of rational/malicious adversaries
   - Light-weight cryptography, efficient protocols and implementations
   - Intrusion detection, detection of malicious behaviour
   - Revocation of malicious parties
   - Secure PHY/MAC/routing protocols
   - Secure location determination
   - Denial of service
   - Privacy (location, contents, actions)
   - Anonymity, prevention of traffic analysis
   - Dependable wireless networking
   - Monitoring and surveillance
More information can be found at

VANET2004  First ACM Workshop on Vehicular Ad Hoc Networks (held in conjunction with ACM MobiCom 2004), Loews Philadelphia Hotel, Philadelphia, PA, USA, October 1, 2004. [posted here 5/13/04]

Creating high-performance, highly scalable, and secure VANET technologies presents an extraordinary challenge to the wireless research community. Yet, certain limitations commonly assumed in ad hoc networks are mitigated in VANET. For example, VANET may marshal relatively large computational resources. Ample and recharging power sources can be assumed. Mobility patterns are constrained by road paths and driving speed restrictions. VANET represents high resource/performance wireless technology.  As such, VANET can use significantly different approaches than sensor networks. VANET applications will include on-board active safety systems leveraging vehicle-vehicle or roadside-vehicle networking. These systems may assist drivers in avoiding collisions. Non-safety applications include real-time traffic congestion and routing information, high-speed tolling, mobile infotainment, and many others.
We invite papers from researchers on all aspects of vehicular ad hoc networks, such as new applications, networking protocols, security paradigms, network management technologies, power control, modulation, coding, channel modeling, etc. The session will bring together visionary researchers for an exciting exchange of ideas.


For more info, please see:

SAPS'04 Workshop on Specification and Automated Processing of Security Requirements, Linz, Austria, September 20-25, 2004. [posted here 5/13/04]
 This workshop is being held as part of the 19th IEEE International Conference on Automated Software Engineering.   The exchange of concepts, prototypes, research ideas, and
other results which contribute to the academic arena and also benefit business and industrial communities, is of particular interest.

 Original papers are solicited for submission to the workshop related (but not limited) to the following topics of interest:

- Security requirements specification and analysis
- Formal semantics for security requirements
- Integration of Security engineering into software
  engineering processes
- Automated tools supporting integrated security
  engineering and software engineering processes
- Security in programming languages
- Automatic tools for secure software development
- Automatic analysis/enforcement of security policies
- Definition and analysis of security-related semantic
- Tools for formal analysis of security properties
- Specification, characterisation and integration of
  security components and patterns

For more information, please see:

NSPW2004   New Security Paradigms Workshop 2004, White Point Beach Resort, Nova Scotia, Canada, September 20-23, 2004. [posted here 3/27/04]
For twelve years the New Security Paradigms Workshop (NSPW) has provided
a stimulating and highly interactive forum for innovative approaches to
computer security. The workshop offers a constructive environment for
experienced researchers and practitioners as well as newer participants
in the field. The result is a unique opportunity to exchange ideas. NSPW
2004 will take place September 20 - 23 at theWhite Point Beach Resort,
located on the southern shore of beautiful Nova Scotia. The resort can
be reached by air via Halifax or by ferry from Portland, Maine.

In order to preserve the small, focused nature of the workshop,
participation is limited to authors of accepted papers and conference
organizers. NSPW is unique in format and highly interactive in
nature. Each paper is typically the focus of 45 to 60 minutes of
presentation and discussion. Authors are encouraged to present ideas that
might be considered risky in some other forum, and all participants
are charged with providing feedback in a constructive manner. The
resulting intensive brainstorming has proven to be an excellent medium
for furthering the development of these ideas. The proceedings, which
are published after the workshop, have consistently benefited from the
inclusion of workshop feedback.

Because we expect new paradigms, we accept wide-ranging topics in
information security. Papers that present a significant shift in
thinking about difficult security issues or builds on a previous shift
are welcomed. Our program committee particularly looks for new paradigms,
innovative approaches to older problems, early thinking on new topics,
and controversial issues that might not make it into other conferences
but deserve to have their try at shaking and breaking the mold.

We welcome three categories of submission: research papers, 5 - 10
page position papers, and discussion topic proposals. Discussion topic
proposals should include an in-depth description of the topic to be
discussed, a convincing argument that the topic will lead to a lively
discussion, and supporting materials. Submissions must be accompanied by
a justification statement (why this is a new paradigm) and an attendance
statement (how many authors expect to attend). All attendees are expected
to stay for the entire duration of the workshop.

Detailed submission information and instructions may be found at

PDCS 2004   International Workshop on Security in Parallel and Distributed Systems (in conjunction with the 17th International Conference on Parallel and Distributed Computing Systems), San Francisco, CA, USA, September 15-17,2004.    [posted here 5/13/04]

In recent years, interest has increased in the field of security of parallel and distributed systems, which include the control mechanisms, mobile code
security, denial-of-service attacks, trust management, modeling of information flow and its application to confidentiality policies, system composition,
and covert channel analysis. We will focus our program on issues related to important properties of system security, such as measurability,
sustainability, affordability, and usability in parallel and distributed systems.  Topics ofinterest include:
. Distributed Access Control and Trust Management
. Key Management and Authentication
. Privacy and Anonymity
. Benchmark and Security Analysis
. Security for Peer to Peer systems and Grid Computing Systems
. Secure Multicast and Broadcast
. Secure multiparty and two-party computations
. Computer and Network Forensics
. Denial-of-service Attacks and Countermeasures
. Secure E-Commerce/E-Business
. Security Verification
. Distributed Database Security
. Digital Rights Management
. Secure Mobile Agents and Mobile Code
. Intrusion detection
. Security in ad-hoc and sensor networks
. World Wide Web Security

More information can be found at the conference web site at

RAID'2004   Seventh International Symposium on Recent Advances in Intrusion Detection, Institut Eurécom, Sophia-Antipolis, French Riviera, France, September 15-17, 2004. [posted here 12/11/03]

For RAID 2004 there is a special theme: the interdependence between intrusion detection and society. Thus, we will also welcome papers that address issues that arise when studying intrusion detection, including information gathering and monitoring, as a part of a larger, not necessarily purely technical, perspective. The RAID 2004 program committee invites three types of submissions: full papers presenting mature research results; practical experience reports describing a valuable experience or a case study; and panel proposals for presenting and discussing hot topics in intrusion detection systems. The RAID 2004 web site elaborates on these themes and also provides a full list of topics of interest (

ESORICS 2004   9th European Symposium on Research in Computer Security, Institut Eurécom, Sophia-Antipolis, French Riviera, France, September 13-15, 2004.   [posted here 12/21/03]

Papers offering novel research contributions in any aspect of computer security are solicited for submission to ESORICS 2004. Organized in a series of European countries, ESORICS is confirmed as the European research event in computer security. The primary focus is on high-quality original unpublished research, case studies and implementation experiences. We encourage submissions of papers discussing industrial research and development. Information on topics of interest, and instructions for submitting a paper can be found at


SCN'04 Fourth Conference on Security in Communication Networks,Amalfi, Italy, September 8-10, 2004. [posted here 5/13/04]

The Fourth Conference on Security in Communication Networks (SCN '04) will be held in Amalfi (Italy) on September 8-10 2004. SCN '04 aims at bringing
together researchers in the field of security in communication networks to foster cooperation and exchange of ideas. Original papers on all technical
aspects of cryptology  and network security are solicited for submission to SCN04. Topics of interest are (but not limited to):

    Anonymity                                             Implementations
    Authentication                                       Key Distribution
    Block Ciphers                                        Operating Systems Security
    Complexity-based Cryptography      Privacy
    Cryptanalysis                                         Protocols
    Digital Signatures                                 Public Key Encryption
    Hash Functions                                     Secret Sharing
    Identification                                        Survey and state of the art

For more information, please see


Trustbus'04   Trust and Privacy in Digital Business, Zaragoza, Spain, August 30 - September 3, 2004.   [posted here 12/21/03]
The First International Conference on Trust and Privacy in Digital Business (TrustBus’04) will be held in conjunction with the 15th International Conference on Database and Expert Systems Applications (DEXA'04), ( TrustBus’04 shall bring together researchers from different disciplines, developers, and users all interested in the critical success factors of digital business systems. We invite papers, work-in-progress reports, industrial experiences describing advances in all areas of digital business applications. A complete list of topics of interest and instructions for submitting a paper can be found on the conference web site at

SecCo2004 2nd International Workshop on Security Issues in Coordination Models, Languages and Systems,  London, United Kingdom. August 30, 2004. [posted here 5/13/04]

Coordination models,  languages  and  middlewares,  which  advocate  a distinct separation between the internal behaviour of the entities and
their interaction, represent a promising approach. However, due to the openness of these systems, new critical aspects come into  play,  such
as the need to deal  with  malicious  components  or  with  a  hostile environment. Current research on network security issues (eg. secrecy,
authentication,  etc.)  usually   focuses   on  opening  cryptographic point-to-point tunnels. Therefore, the proposed solutions in this area
are  not  always  exploitable   to   support   the  end-to-end  secureinteraction between entities  whose  availability  or  location is not
known beforehand.

Topics of interest include, but are not limited to:

      Theoretical foundations, specification, analysis,  case-studies,
      applications for

      authentication                               coordination models
      integrity                                         web service technology
      privacy                                           mobile ad-hoc networks
      confidentiality                              agent-based infrastructures
      access control           -in-               peer-to-peer systems
      denial of service                            global computing
      service availability                      context-aware computing
      safety aspects                                component-based systems
      fault tolerance                              ubiquitous/pervasive computing

For more information, please see:

VLDB2004 Workshop "Secure Data Management in a Connected World", Royal York Hotel, Toronto, Canada, August 30, 2004.  [posted here 5/13/04]

Aim of the workshop is to bring together people from the security research community and data management research community in order to
exchange ideas on the secure management of data in the context of emerging networked services and applications. The workshop will provide
forum for discussing practical experiences and theoretical research efforts that can help in solving these critical problems in secure data
management. Authors from both academia and industry are invited to submit papers presenting novel research on the topics of interest.

Topics of interest include (but are not limited to) the following:
- Data Hiding
- Secure Storage
- Secure Data Management in File Systems
- Digital Rights Management
- Data Encryption
- Search on Encrypted Data
- Metadata and Security
- XML Security
- Multimedia Security and Privacy
- Authorization and Access Control Techniques
- Security and Privacy Management
- Privacy Enhanced Data Management (indexing, access control)
- Private Information Retrieval
- User Profiling and Privacy
- Privacy Preserving Data Mining
- Statistical Database Security
- Security and Privacy Requirements for Ambient Applications
- Information Dissemination Control
- Protection of Personally Identifiable Information

For further info, please see

CSES 2004   2nd International Workshop on Certification and Security in Inter-Organizational E-Services, Toulouse, August 26-27, 2004. [posted here 3/27/04]
The workshop is within IFIP-WCC 2004, the 18th World Computer Congress of the IFIP. This is a uniquely rich event featuring a variety of
initiatives on key issues in Information Technology.  For more information on it see

Topics of interest include (but are not limited to):
- Traceability in e-services
- Certification in e-services
- Methods for guaranteeing non-repudiation in e-services
- Authentication and encryption in e-services
- Public Key Infrastructures
- Certification Authorities and management of trust
- Authorization and access control models for e-services
- Certification and security for mobile access to e-services
- User and e-service profiling
- Security and certification issues in GRID computing
- Risks analysis methods (new approaches and experiences)
- Risks through interception and tracking technologies
- Algorithmic issues in providing secure and certified e-services
- Information flow issues
- Firewall technology and e-services
- Administration and management of safeguards
- Security middleware solutions
- Web Services, certification and security
- Secure electronic markets
- Messaging Security in e-services
- Web Security in e-services
- Security Issues in e-Services
- Multilateral Security
- Network Protocol Security
- Users' security responsibilities
- Protecting users/usees by Privacy-Enhancing Technologies
- Critical Information Infrastructure Protection and Social Implications
- Organizational issues in implementing security measures

Submissions describing real-life application experiences, research
results and methodological proposals are solicited, from participants
belonging to the governmental, industrial and academic communities.

For more information, see the web page at:

ICETE 2004   International Conference on E-business and Telecommunication Networks, Setúbal, Portugal, August 25-28, 2004.  [posted here 7/28/03]
Topics of interest include: Global Communication Information Systems and Services; Security and Reliability in Information Systems and Networks; Wireless Communication systems and Networks; and Multimedia Signal Processing. More information can be found at, or contact the ICETE secretariat at

CARDIS 2004   The 6th Smart Card Research and Advanced Application IFIP Conferencet, Toulouse, France, (as part of the 18th IFIP World Computer Congress), August 23-26, 2004.  [posted here 1/25/04]

The program committee seeks papers describing the design, development,
application, and validation of smart card technologies. Submissions across
a broad range of smart card development phases are encouraged, from
exploratory research and proof-of-concept studies to practical application
and deployment of smart card technology.

 Topics of interest include, but are not limited to:
  - Smart Device, Person Representation and Ambient Intelligence
  - Smart Device, Identity, Privacy and Trust
  - Smart Card and Smart Device software (OS, VM, API...)
  - High-level data model and management (On-card data sharing schemes...)
  - Integrated development environments (automatic mask & application generation)
  - (Distributed) Application development and deployment
  - Emerging opportunities for standardization
  - From Smart Card to Smart Device (hardware, form factor, display...)
  - Biometrics and Smart Cards
  - High-speed, small-footprint encryption
  - Cryptographic accelerators  
  - Cryptographic protocols for Smart Cards (and Smart Devices)
  - Attacks and countermeasures in hardware and software 
  - Hardware, software and service (application) validation and certification
  - Formal Modelling  
  - Benchmarking  
  - Smart Card (Smart Device) and Applications in Internet, WLAN, DRM,...

More information can be found at

IFIP/Sec 2004   The 19th IFIP International Information Security Conference (IFIP/Sec 2004), Centre de Congrès Pierre Baudis, Toulouse, France, (as part of the 18th IFIP World Computer Congress), August 23-26, 2004.  [posted here 1/25/04]

Papers offering novel research contributions in any aspect of computer
security are solicited for submission to the 19th IFIP International
Information Security Conference. Papers may present theory, applications
or practical experiences on topics including, but not limited to:
     - Accounting and auditing       - Multilateral security
    - Authentication                         - Data and system integrity
    - Data protection                        - Authorization and access control
    - Privacy, Anonymity                - Security models and architectures
    - Computer Forensics                - Risk analysis and risk management
    - Internet and www security     - Secure e-government
    - Information hiding                   - e-business/e-commerce security
    - Information security                - Secure information systems development
    - Intrusion detection                  - Security management
    - Assurance                                 - Security verification
    - Key management                     - Commercial and industrial security
    - Security policies                         - Mobility and ubiquitous systems
    - DRM & Content Protection      - Information warfare and Critical Infrastructure Protection

More information can be found at

I-NetSec04   Third Working Conference on Privacy and Anonymity Issues in Networked and Distributed Systems (special track at the 19th IFIP International Information Security Conference), Toulouse, France, August 23-26, 2004.  [posted here 12/9/03]

Privacy and anonymity are increasingly important aspects in electronic services. The workshop will focus on these aspects in advanced distributed applications, such as m-commerce, agent-based systems, P2P, ... Suggested topics include, but are not restricted to:
   - Models for threats to privacy/anonymity
   - Models and measures for privacy/anonymity
   - Secure protocols that preserve privacy/anonymity
   - Privacy, anonymity and peer-to-peer systems
   - Privacy, anonymity and mobile agents
   - Privacy/anonymity in payment systems
   - Privacy/anonymity in pervasive computing applications
   - Anonymous communication systems
   - Legal issues of anonymity
   - Techniques for enhancing privacy in existing systems
More information can be found at

WISA 2004 The 5th International Workshop on Information Security Applications, Ramada Plaza,
Jeju Island, Korea, August 23-25, 2003.  [posted here 3/27/04]

The 5th International Workshop on Information Security Applications (WISA 2004)
will be held in Jeju Island, Korea on August 23-25, 2004. It is sponsored by
the Korea Institute of Information and Cryptology (KIISC), Electronics &
Telecommunications Research Institute (ETRI), and Ministry of Information and
Communication (MIC). The focus of this workshop is on all technical and
practical aspects of cryptographic and non-cryptographic security applications.
The workshop will serve as a forum for new results from the academic research
community as well as from the industry.

The areas of interest include, but are not limited to:

* Internet & Wireless Security                            * Cyber Indication & Intrusion Detection
* E-Commerce Protocols                                     * Smart Cards & Secure Hardware
* Access Control & Database Security             * Mobile Security
* Biometrics & Human Interface                        * Privacy & Anonymity
* Network Security Protocols                             * Public Key Crypto Applications
* Security & Trust Management                         * Threats & Information Warfare
* Digital Rights Management                             * Virus Protection
* Secure Software & Systems                             * Ubiquitous Computing Security
* Information Hiding                                            * Peer-to-Peer Security

More information can be found at

CHES 2004   Cryptographic Hardware and Embedded Systems, Cambridge (Boston), USA, August 11-13,2004.  [posted here 12/9/03]
The focus of this workshop is on all aspects of cryptographic hardware and security in embedded systems. Of special interest are contributions that describe new methods for efficient hardware implementations and high-speed software for embedded systems, e.g., smart cards, microprocessors, DSPs, etc. We hope that the workshop will help to fill the gap between the cryptography research community and the application areas of cryptography. The topics of CHES 2004 include but are not limited to:
  - Computer architectures for public-key and secret-key cryptosystems
  - Efficient algorithms for embedded processors
  - Reconfigurable computing in cryptography
  - Cryptographic processors and co-processors
  - Cryptography in wireless applications (mobile phone, LANs, etc.)
  - Security in pay-TV systems
  - Smart card attacks and architectures
  - Tamper resistance on the chip and board level
  - True and pseudo random number generators
  - Special-purpose hardware for cryptanalysis
  - Embedded security
  - Device identification
More information can be found at

CEAS   The First Conference on Email and Anti-Spam, Mountain View, CA, USA, July 30-31, August 1, 2004. [posted here 1/10/04]
The Conference on Email and Anti-Spam invites the submission of papers for its first meeting, held in cooperation with AAAI (the American Association for Artificial Intelligence). Papers are invited on all aspects of email and spam, including research papers (Computer science oriented academic-style research), industry reports (Descriptions of important or innovative products), and law and policy papers. A full list of topics can be found on the conference web site at

IFIP WG 11.3   18th Annual IFIP WG 11.3 Working Conference on Data and Application Security, Sitges, Spain, July 25-28, 2004.  [posted here 10/14/03]
The conference provides a forum for presenting original unpublished research results, practical experiences, and innovative ideas in data and applications security. Papers and panel proposals are solicited. The conference is limited to about forty participants so that ample time for discussion and interaction may occur. Papers may present theory, technique, applications, or practical experience on topics of interest of IFIP WG11.3:
   - Techniques and methodologies for data and application security
   - Threats, vulnerabilities, and risk management
   - Web application security
   - Secure Semantic Web technologies and applications
   - Privacy
   - Secure information integration
   - Security planning and administration
   - Security assessment methodologies
   - Access Control
   - Integrity maintenance
   - Knowledge discovery and privacy
   - Cryptography
   - Concurrency control
   - Sensor information management
   - Fault-tolerance/recovery methods
   - Organizational security
   - Security tradeoffs
Additional topics of interest include but not limited to: Critical Infrastructure Protection, Cyber Terrorism, Information Warfare, Intrusion Protection, Damage assessment and repair, Database Forensics, and Electronic Commerce Security. More information can be found at


WOLFASI    Workshop on Logical Foundations of an Adaptive Security Infrastructure
(WOLFASI), a sub-workshop of the Logic in Computer Science (LICS) Foundations of Computer Security (FCS'04) Workshop, Turku, Finland, July 12-13, 2004. [posted here 3/27/04]

It was felt that the field of adaptive security is sufficiently
well-defined, sufficiently important, and sufficiently of current
interest to warrant a special session of its own in the framework of
FCS.  The Workshop on Logical Foundations of an Adaptive Security
Infrastructure deals with the logical underpinnings of the following

A distributed computer system operates in a semi-autonomous mode,
serving as a communications network, with nodes that perform control
functions pertaining to the network and to local hardware devices.
During a period of critical operation, the system detects an intrusion
attempt in some nodes, along with a power glitch at other nodes, and
an intelligence report about an increase in a certain type of
threat. This information is analyzed and various responses are
executed: dealing with the perceived intrusion, rerouting network
traffic around suspect nodes, adjusting the power allocation,
adjusting the crptographic strength of certain message authentication
functions, etc. This set of executed responses is chosen to best
achieve the desired result, within the confines of the security
policy, as currently re-evaluated, at the appropriate time, and with
currently available resources.

Papers are solicited in this context, for more details, see:

FCS 2004   Foundations of Computer Security Workshop, Turku, Finland, July 12-13, 2004. [posted here 1/25/04]
The aim of this workshop is  to provide a forum for continued activity in this area,  to bring computer security researchers  in contact with the  LICS'04 and  ICALP'04 communities,  and  to give  LICS and  ICALP attendees an opportunity to talk to experts in computer security. We are interested both in new results in theories of computer security and also in more exploratory presentations that examine open questions and raise  fundamental concerns  about  existing theories. 

Topics include, but are not limited to:

Composition issues                      authentication
Formal specification                     availability and denial of service
Foundations of verification         covert channels
Information flow analysis            cryptographic protocols
Language-based security             confidentiality
Logic-based design            for     integrity and privacy
Program transformation               intrusion detection
Security models                            malicious code
Static analysis                               mobile code
Statistical methods                       mutual distrust
Trust management                        security policies

For more details, see:


DIMACS 2004   Workshop on Usable Privacy and Security Software, Rutgers University, New Jersey, USA, July 7-9, 2004. [posted here 8/24/03]
This workshop and working group is intended to bring together security and privacy experts with human-computer interaction experts to discuss approaches to developing more usable privacy and security software. Participation in the workshop is open to anyone who registers (no submission necessary). Participation in the working group on July 9 is limited because of the emphasis on achieving a high degree of interactivity and discussion. Workshop participants who are interested in participating in the working group session should send a 1-page abstract or position paper describing their work relevant to this workshop to Submissions are especially encouraged that identify security and privacy areas in need of examination by HCI researchers, as well as areas where HCI researchers would like assistance from security and privacy researchers. Details on the workshop can be found at



ICWS 2004   IEEE International Conference on Web Services, San Diego, California, USA, July 6-9, 2004. [posted here 10/14/03]
ICWS is a forum for researchers and industry practitioner to exchange information regarding advancements in the state of art research and practice of Web Services, to identify emerging research topics, and to define the future directions of Web Services computing. ICWS 2004 has special interest in papers that contribute to the convergence of Web Services, Grid Computing, e-Business and Autonomic Computing, or those that apply techniques from one area to another. A complete list of topics of interest (which includes Trust, Security and Privacy in Web Services) can be found at

DIMVA   Workshop on Detection of Intrusions and Malware & Vulnerability Assessment, Dortmund, Germany, July 6-7, 2004.  [posted here 9/2/03]
The workshop is intended to give an overview of the state of the technology and practice and brings together the German-speaking players in industry, services, government and research on the topics Intrusion Detection, Malicious Agents (Malware) and Vulnerability Assessment. The presentations aim particularly at results from research, development and integration, relevant applications, new technologies and resulting product developments on a conceptual level. The discussion also embraces legal issues and commercial factors. The program committee invites the submission of papers in German and English language. Since the workshop brings together German-speaking players, the call for papers and the web site are yet available in German language only. See the workshop web site at for topics of interest and submission details.

ARSPA   Automated Reasoning for Security Protocols Analysis, University College Cork, Cork, Ireland, July 04, 2004. [posted here 3/27/04]
The workshop aims to bring together researchers and practitioners from
both the security and the automated reasoning communities, from academia
and industry, who are working on developing and applying automated
reasoning techniques and tools for the formal specification and analysis
of security protocols.

Contributions are welcomed on the following topics or related ones:

- Automated analysis and verification of security protocols.
- Languages, logics and calculi for the design and specification of
  security protocols.
- Verification methods: accuracy, efficiency.
- Decidability and complexity of cryptographic verification problems.
- Synthesis and composition of security protocols.
- Integration of formal security specification, refinement and
  validation techniques in development methods and tools.

For more information, please see:

17th IEEE Computer Security Foundations Workshop, Asilomar, Pacific Grove, CA, USA, June 28-30, 2004. [posted here 10/16/03]
This workshop series brings together researchers in computer science to examine foundational issues in computer security. We are interested both in new results in theories of computer security and also in more exploratory presentations that examine open questions and raise fundamental concerns about existing theories. Both papers and panel proposals are welcome. Possible topics include, but are not limited to:
  - Access control                - Authentication                      - Data and system integrity
  - Database security            - Network security                 - Distributed systems security
  - Anonymity                       - Intrusion detection               - Security for mobile computing
  - Security protocols          - Security models                    - Decidability issues
  - Privacy                             - Executable content               - Formal methods for security
  - Information flow             - Language-based security
For background information about the workshop, and an html version of this Call for Papers, see (the CSFW home page). Information about the location and the organization will be soon available on the web page. (

WISP 2004   2nd International Workshop on Security Issues with Petri Nets and other Computational Models, Bologna, Italy, June 26, 2004. [posted here 3/27/04]
The 2nd International Workshop on Security Issues with Petri
Nets and other Computational Models (WISP2004) aims at promoting
research about theoretical foundations of security analysis and
design with formal methods and languages. WISP2004 starts from
the positive experience with WISP2003, held in Eindhoven within
the 24th International Conference on Application and Theory of
Petri Nets (ICATPN'03). WISP2004 is co-located and will be held
just after the 25th International Conference on Application and
Theory of Petri Nets (ICATPN'04). Hence, original papers on the
application of Petri Nets for security issues are particularly
welcome. Also papers on security in other system models are
sought as well.

Suggested submission topics include:
- security issues in orchestration and composition of e-services
- comparison and classification of security models
- formal definition and verification of security, trust and privacy
- information flow analysis
- security issues in probabilistic and real-time models
- mobile code security
- tools and techniques for the formal analysis of security properties
- applications to E/M-commerce
- case studies

WISP2004 is a one-day workshop sponsored by the IFIP WG 1.7 on
"Theoretical Foundations of Security Analysis and Design".

For more info, see:

1st Euro PKI   1st European PKI Workshop Research and Applications, Samos island, Greece, June 25-26, 2004. [posted here 12/21/03]
The 1st European PKI Workshop: Research and Applications is focusing on research and applications on all aspects of Public Key Infrastructure. Submitted papers may present theory, applications or practical experiences on topics including, but not limited to:
   - Modeling and Architecture             -  Key Management and Recovery
   - Bridge CA                                      -  Certificate Status Information
   - Cross Certification                         - Interoperability
   - Directories                                     - Repository Protocols
   - Mobile PKI                                    - Timestamping
   - Authentication                               - Verification
   - Reliability in PKI                           - Standards
   - Certificate Policy                           - Certification Practice Statements
   - Privacy                                          - Legal issues, Policies & Regulations
   - Fault-Tolerance in PKI                  - Case Studies
   - Privilege Management                   - Trust
   - PKI and eCommerce, eBusinees, eGovernment applications
More information can be found on the conference web site at

CEC'2004   IEEE CEC 2004 Special Session on Evolutionary Computation in Cryptology and Computer Security, Portland, Oregon, USA, June 20-23, 2004.  [posted here 1/3/04]
Techniques taken from the field of Evolutionary Computation (especially Genetic Algorithms, Genetic Programming, Artificial Immune Systems, but also others) are steadily gaining ground in the area of cryptology and computer security.  In recent years, algorithms which take advantage of approaches based on Evolutionary Computation have been proposed, for example, in the design and analysis of a number of new cryptographic primitives, ranging from pseudorandom number generators to block ciphers, in the cryptanalysis of state-of-the-art cryptosystems, and in the detection of network attack patterns, to name but a few. The special session encourages the submission of novel research at all levels of abstraction (from the design of cryptographic primitives through to the analysis of security aspects of ‘systems of systems’). This special session will promote further co-operation between specialists in evolutionary computation (and its current partners such as biology), computer security, cryptography and other disciplines, and will give interested researchers an opportunity to review the current state-of-art of the topic, exchange recent ideas, and explore promising new directions. A list of topics of interest along with instructions for submitting a paper can be found at the workshop web site at

ACNS'04   The 2nd conference of Applied Cryptography and Network Security, Yellow Mountain, China, June 8-11, 2004.  [posted here 9/1/03]
Original research papers on all technical aspects of cryptology are solicited for submission to ACNS 04. The full list of topics of interest along with instructions for submitting a paper can be found on the workshop web page at

DIMACS Workshop on Security Analysis of Protocols, Piscataway, NJ, USA, June 7-9, 2004. (submissions due ASAP, pre-register by May 20)  [posted here 3/27/04]
The analysis of cryptographic protocols is a fundamental and
challenging area of network security research. Traditionally, there
have been two main approaches, the logic approach aimed at developing
(automated) tools for the formal veri.cation of protocols and the
complexity theory approach that characterizes protocol security as a
set of computational tasks and proves protocol security via reduction
to the strength of the underlying cryptographic functions. Although
these two lines of work share a common goal, there has been little
commonality between them.

The goal of this workshop is to generally promote work on security
analysis of protocols and foster cooperative research combining the
logical and complexity-based approaches. The workshop will include
tutorials on the basics of each approach and will allow
representatives from both communities to talk about their current


     - Analysis methods involving computational complexity
     - Game-theoretic approaches
     - Methods based on logic and symbolic computation
     - Probabilistic methods
     - Model checking and symbolic search
     - Formal proof systems
     - Decision procedures and lower bounds
     - Anything else that sounds like a great idea


The workshop will be open for the public. If you'd like to give a
presentation please send a title and abstract to the organizers as
soon as possible. Also, we intend this to be a participatory and
interactive meeting so we hope you will be able to contribute to the
meeting even without giving an announced talk.

For more information, see:


Policy 2004   5th IEEE International Workshop on Policies for Distributed Systems and Networks, IBM Thomas J Watson Research Center, Yorktown Heights, NY, USA, June 7-9, 2004.  [posted here 10/26/03]
The policy workshop aims to bring together researchers and practitioners working on policy-based systems across a wide range of application areas including policy-based networking, security management, storage area networking, and enterprise systems. POLICY 2004 invites contributions on all aspects of policy-based computing. A detailed list of topics of interest can be found on the workshop web page at

SACMAT'04   The 9th ACM Symposium on Access Control Models and Technologies, IBM Thomas J Watson Research Center, Yorktown Heights, NY, USA, June 2-4, 2004.  [posted here 10/4/03]
The missions of the symposium are to share novel access control solutions that fulfill the needs of heterogeneous applications and environments and to identify new directions for future research and development. Industry reports are a unique opportunity for the practitioners to provide feedback on the state of the practice in access control models, architectures, technologies, and systems to the research community. SACMAT steering committee invites practicing researchers, security consultants, security officers and architects, security managers, and end user representative to share their experience on implementing and using access control solutions in real world with the researchers in the field. Topics of interest include:
   - Access control requirements
   - Access control within the context of emerging standards
   - Access control models and extensions
   - Access control for innovative applications
   - Methodologies and tools for access control policy design
   - Administration of access policies
   - Authorization management
   - Access control mechanisms, systems and tools
   - Access control in distributed and mobile systems
   - Safety analysis and enforcement
   - Theoretical foundations for access control models
More information can be found at

PET'2004  4th Workshop on Privacy Enhancing Technologies, Toronto, Canada, May 26-28, 2004. [posted here 11/26/03]
Privacy and anonymity are increasingly important in the online world. Corporations and governments are starting to realize their power to track users and their behavior, and restrict the ability to publish or retrieve documents. Approaches to protecting individuals, groups, and even companies and governments from such profiling and censorship have included decentralization, encryption, and distributed trust. Building on the success of the previous workshops, this workshop addresses the design and realization of such privacy and anti-censorship services for the Internet and other communication networks. A list of topics of interest along with instructions for submitting a paper can be found at the workshop web site at

IH2004   6th Information Hiding Workshop, Toronto, Ontario, Canada, May 23-25, 2004.   [posted here 11/1/03]
Many researchers are interested in hiding information or, conversely, in preventing others from doing so or detecting and extracting the hidden data. Although the protection of digital intellectual property has recently motivated most of the research in this area, there are many other applications of increasing interest to both the academic and business communities. Current research themes include:
   - anonymous communications,
   - covert channels in computer systems,
   - detection of hidden information (steganalysis),
   - digital elections,
   - digital forensic,
   - information hiding aspects of privacy,
   - low-probability-of-intercept communications,
   - steganography,
   - subliminal channels in cryptographic protocols,
   - watermarking for protection of intellectual property,
   - other applications of watermarking.
More information can be found at

ICCSA'04   Workshop on Internet communications Security (part of the 2004 International Conference on Computational Science and its Applications), S. Maria degli Angeli, Assisi(PG), Italy, May 14-17, 2004.   [posted here 11/23/03]
This workshop is open to original contributions on security methods for protecting the Internet communications. Proposals and assessments of Security protocols, cryptographic algorithms, remote authentication methods, VPN’s, are included in the commented scope but others will be also considered. More information can be found at

S&P 2004   IEEE Symposium on Security and Privacy, Oakland, California, USA, May 9-12, 2004.   [posted here 8/24/03]
Since 1980, the IEEE Symposium on Security and Privacy has been the premier forum for presenting developments in computer security and electronic privacy, and for bringing together researchers and practitioners in the field. Previously unpublished papers offering novel research contributions in any aspect of computer security or electronic privacy are solicited for submission to the 2004 symposium. Papers may represent advances in the theory, design, implementation, analysis, or empirical evaluation of secure systems, either for general use or for specific application domains. Topics of interest include, but are not limited to, the following:
   - Commercial and Industrial Security                 - Mobile Code and Agent Security
   - Network Security                                               - Data Integrity
   - Information Flow                                                - Viruses and Other Malicious Code
   - Authentication                                                     - Secure Hardware and Smartcards
   - Intrusion Detection                                             - Language-Based Security
   - Security of Mobile Ad-Hoc Networks              - Electronic Privacy
   - Distributed Systems Security                             - Anonymity and Pseudonymity
   - Access Control and Audit                                    - Security Verification
   - Security Protocols                                               - Biometrics
   - Peer-to-Peer Security                                          - Database Security
   - Denial of Service
Details on submitting a paper, a panel proposal, or a 5-minute research talk, can be found at

WSEG 2004   Fourth Brazilian Workshop on Security of Computing Systems, Gramado, Brazil, May 10th, 2004.  [posted here 1/10/04]
The 4th Brazilian Workshop on Security of Computing Systems (WSeg 2004) will be held in conjunction with the 22nd Brazilian Symposium on Computer Networks (SBRC 2004) on May 10, 2004 in Gramado. Its main purpose is to promote discussions of research and relevant activities in security-related subjects. Authors are invited to submit papers describing research projects, experimental results and recent developments related, but not limited, to the following topics:
   - Adaptive security                                                  - Analysis of malicious code
   - Analysis of network and security protocols           - Attacks against networks and machines
   - Authentication and authorization of users, systems, and applications
   - Auditing                                                                - Biometry and biometric systems
   - Computer forensics                                               - Cryptography and digital certification
   - Firewall technologies                                            - Internet security
   - Intrusion detection                                                - Public key infrastructure
   - Security against intrusions                                     - Security legal issues
   - Security of agents and mobile code                       - Security of distributed systems
   - Security of e-commerce                                        - Security of networks
   - Security of operating systems                                - Security of voting systems
   - Security policies                                                    - Techniques for developing secure systems
More information can be found at the workshop web site at

Twelfth International Workshop on Security Protocols, Cambridge, England, April 26-28, 2004. [posted here 1/25/04]
As with previous years, attendance at the Cambridge International Workshop on Security Protocols is by invitation only.  In order to be invited, you must submit a position paper. You are therefore invited to consider submitting such a paper.

This year, the theme of the workshop is "authentic privacy".

Privacy is often seen as an unmixed good but, beyond a certain point, increasing the supply of naive privacy for system
users seems to benefit the attacker by more than it does the 'legitimate' user.  Where exactly is that point, and is there a substitute for conventional privacy which could be used beyond it in a way which advantages the good guys?

Our intention is to stimulate discussion likely to lead to conceptual advances, or to promising new lines of investigation,
rather than merely to consider finished work. Our experience is that the emergence of the theme as a unifying thread takes
place during the discussions at the workshop itself.  The theme itself is not intended to restrict the topic of your paper, but
to help provide a particular perspective and to focus the discussions.

Please send a first draft of a position paper to James Malcolm ( by 6th February. Short indicative
submissions are preferred, preferably no more than 2000 words. You will have the opportunity to extend and revise your
paper both before the pre-proceedings are issued, and after the workshop. At the workshop, you will be expected to spend
ten minutes introducing the idea of your paper. This will be followed by a longer discussion.

If you have any enquiries about the workshop then please contact either Johanna Hunt or James Malcolm (see below).

To be considered for invitation, you must submit a position paper by 30th January, but please make an initial response as
soon as possible, even if it is only to say that you are potentially interested.

Organiser: James A. Malcolm (Email:
Administrator: Johanna Hunt (Email:


IAWS 2004   Workshop on Information Assurance (in conjunction with IPCCC), Phoenix, Arizona, USA, April 14-17, 2004. [posted here 10/15/03]
We seek papers that address theoretical, experimental, systems-related and work in-progress in the area of Information Assurance at the network and system levels. We expect to have three types of sessions - the first related to survivability and fault tolerance, the second related to security, and the third related to the interactions between security and survivability. Papers in the form of extended abstracts should describe original, previously unpublished work, not currently under review by another conference, workshop, or journal. Topics of interest include:
   - Security and availability of web services         - Authorization and access-control
   - Database and system security                           - Risk analysis and security management
   - Verification and validation of security            - Wireless LAN Security
   - Restoration techniques for networks               - Multi-layer protection design
   - Reliability of IP networks                                 - Digital Rights Management
   - DoS protection for the Internet                        - Cryptographic protocols and Key management
   - Network security and Intrusion detection        - Ad hoc and sensor network security
   - Models and architectures for systems security and survivability
   - Security and survivability in optical networks
   - Restoration of security services under failure
   - Security and survivability architectures for e-commerce and m-commerce
   - Public policy issues for security and survivability
More information can be found at

IWIA 2004   Second IEEE International Information Assurance Workshop, April 8-9, 2004, Charlotte, NC, USA.  [posted here 8/19/03]
The IEEE Task Force on Information Assurance is sponsoring a workshop on information assurance in cooperation with the ACM SIGSAC on research and experience in information assurance. The workshop seeks submissions from academia, government, and industry presenting novel research, applications and experience, and policy on all theoretical and practical aspects of IA. Possible topics include, but are not limited to the following:
  -  Operating System IA & S
  -  Storage IA & S
  -  Network IA & S
  -  IA Standardization Approaches
  -  Information Sharing in Coalition Settings
  -  Security Models
  -  Survivability and Resilient Systems
  -  Formal Methods and Software Engineering for IA
  -  Proactive Approaches to IA
  -  CCITSE Experience and Methodology
  -  Intrusion Detection, Prediction, and Countermeasures
  -  Insider Attack Countermeasures
  -  Specification, Design, Development, and Deployment of IA Mechanisms
  -  Policy Issues in Information Assurance
Work-in-progress (WIP) reports are intended to provide timely dissemination of ideas and preliminary research results. WIP will not be included in the proceedings volume, but will be made available to workshop attendees and optionally through the IWIA WWW site. Papers on development, assurance, or evaluation methodologies should submit a similar argument explaining the relationship of the proposed work to the Common Criteria. More information can be found on the workshop web page at


IAS 2004   Information Assurance and Security (track in ITCC 2004), April 5-7, 2004, Las Vegas, Nevada, USA.  [posted here 9/22/03]
This track aims to bring together individuals involved in multiple disciplines of information security and assurance to foster exchange of ideas. This special track invites authors to submit original contributions of not more than 8 pages which include, but are not limited to the following topics of interest:
  -  Authentication                                                            -  Data protection
  -  Computer forensics                                                   -  Internet and www security
  -  Information and data integrity                                   -  Intrusion detection
  -  Data and system integrity                                          -  Authorization and access control
  -  Information warfare and cyber-terrorism                -  Security models and architectures
  -  Risk analysis and risk management                          -  Security verification
  -  Cryptography and coding                                          -  Cryptographic protocols
  -  E-commerce protocols                                             -  Agent and mobile code security
  -  Security in sensor networks                                     -  Biometrics
  -  Key management                                                       -  Steganography
  -  Homeland security                                                    -  Wireless and ad hoc network security
  -  Information security management                           -  Database and system security
  -  Denial of service
More information can be found at

WITS'04   Workshop on Issues in the Theory of Security, Barcelona, Spain, April 3-4, 2004. [posted here 11/1/03]
WITS is the official workshop organised by the IFIP WG 1.7 on "Theoretical Foundations of Security Analysis and Design", established to promote the investigation on the theoretical foundations of security, discovering and promoting new areas of application of theoretical techniques in computer security and supporting the systematic use of formal techniques in the development of security related applications.  Extended abstracts of work (accepted after selection and) presented at the Workshop are collected and distributed to the participants. There will be no formally published proceedings; however, selected papers will be invited for submission to a special issue of the Journal of Computer Security. Suggested submission topics include:
   - formal definition and verification of the various aspects of security:
      confidentiality, privacy, integrity, authentication and availability
   - new theoretically-based techniques for the formal analysis and design of cryptographic
      protocols and their manifold applications (e.g., electronic commerce)
   - information flow modelling and its application to the theory of confidentiality
      policies, composition of systems, and covert channel analysis
   - formal techniques for the analysis and verification of code security, including
      mobile code security
   - formal analysis and design for prevention of denial of service
   - security in real-time/probabilistic systems
   - language-based security
More information about the workshop can be found at

AINA 2004   The 18th International Conference on Advanced Information Networking and Applications (special session on electronic commerce and security), March 29-31, 2004, Fukuoka Institute of Technology (FIT), Fukuoka, Japan. [posted here 7/30/03]
This special session will focus on, but not limited to, the following topics:
   - Agent technology for e-commerce
   - Authentication and authorization models and mechanisms
   - B2B, B2C, B2G, G2G e-commerce models and applications
   - Collaborative commerce
   - Cryptographic algorithms for e-commerce
   - Digital signatures in e-commerce applications
   - Mobile commerce
   - Payment technologies, systems, or solutions
   - e-Commerce scenario/case studies
   - Secure architecture/model/component of e-commerce (or mobile commerce) systems
   - Secure mobile electronic transactions
   - Wireless/mobile security
More information can be found at, or contact the session chair Dr. Weidong Kou, at Tel: (86) 29-8201009 or Email: or

FC'04   Financial Cryptography, Key West, Florida, USA, February 9-12, 2004.  [posted here 4/28/03]
Original papers and presentations on all aspects of financial-data security and secure digital commerce are solicited for submission to the Eighth Annual Conference on Financial Cryptography (FC '04). FC '04 will bring together researchers and practitioners in the financial, legal, cryptologic, and data-security fields to foster cooperation and exchange of ideas. In addition to novel scientific research as in previous years, the program for FC ‘04 will include sessions on digital finance and economics and on secure financial systems and digital-cash architectures. For the systems and finance sessions, submissions must have a visible bearing on financial-security issues, but need not be exclusively concerned with cryptography or security. A complete list of topics along with instructions for submitting a paper can be found on the conference web page at

NDSS'04   The 11th Annual Network and Distributed System Security Symposium, San Diego, California, USA, February 4-6, 2004.  [posted here 7/19/03]
The symposium fosters information exchange among research scientists and practitioners of network and distributed system security services. The target audience includes those interested in practical aspects of network and distributed system security, with a focus on actual system design and implementation (rather than theory). A major goal is to encourage and enable the Internet community to apply, deploy, and advance the state of available security technology. Topics of interest along with submission instructions can be found at

WHOLES - A Multiple View of Individual Privacy in a Networked World, January 30-31 2004, Stockholm, Sweden.   [posted here 9/2/03]
The main goal of the workshop is to create a forum for the exchange of experience and knowledge among researchers and developers concerned with multi-disciplinary aspects of privacy in the context of emerging information technologies. We hope that the workshop will serve to foster the development of an international community interested in the themes of this workshop. The workshop will explore privacy in the intersection of information technologies, law, political choices, public opinions, etc., and thus, a wide range of topics is conceivable. Suggested topics include, but are not limited to:
  -  Privacy in ubiquitous, pervasive, and ambient computing
  -  Legal models for regulating privacy
  -  Anonymity and pseudonymity as means for protecting privacy
  -  Privacy implications in user modeling, personalization, and adaptive interaction
  -  Informed consent as a legal and technical means for protecting privacy
  -  Privacy, conflicting values, and political choices
  -  Relationships between privacy and security
  -  Privacy implications in context awareness and context representation
  -  Relationships between privacy and trust
  -  Personal privacy with regard to public records
  -  Privacy in public spaces
More information can be found on the conference web page at

Security and Survivability of Networked Systems (in conjunction with HICSS-37), Big Island, Hawaii, USA, January 5-8, 2004.  [posted here 5/12/03]
This minitrack focuses on security and survivability in large, non-trivial, networked computer systems. Of special interest are contributions that address survival, tolerance, recovery or masking of malicious attacks. Submissions will be sought from researchers in the area of system survivability, software dependability, computer and network security, fault-tolerance and intrusion tolerance, and economic or statistical modeling of secure/survivable systems. Topics include, but are not limited to:
  -  System or software survivability
  -  Safety critical failure modes
  -  Network or system intrusion tolerance
  -  Modeling malicious behavior or attacks
  -  Mathematical models for verification of vulnerability to malicious acts
  -  Models for measurement, evaluation, or validation of survivability
  -  Software and hardware fault tolerance
  -  Design for dependability and/or survivability
  -  PRA and hybrid fault models accounting for malicious acts and events
More information can be found at