Contents
ICDCIT 2005
2nd International Conference on Distributed Computing & Internet Technology,
Bhubaneswar, India, December 22-24, 2005.
[posted here 3/21/05]
Mobile communication and Internet technology together have played key role in
connecting people across the globe for sharing and trading information.
This information globalization has forced us to think about the integration of
applications running at geographically dispersed locations. The spin off of
these developments have led to some interesting and serious
research on issues pertaining to distributed computing,
web services, system security and software engineering. ICDCIT
series is a forum for interactions of researchers working in the above mentioned areas.
For more information, please see
http://www.cse.iitk.ac.in/~rkg/ICDCIT05/.
CISC 2005
SKLOIS Conference on Information Security and Cryptology,
Beijing, China, December 15-17, 2005. [posted here 4/22/05]
The SKLOIS conference on information security and cryptology seeks full papers presenting
new research results related to cryptology, information security and their applications.
Areas of interest include, but are not limited to:
- Access Control
- Authentication and Authorization
- Biometric Security
- Distributed System Security
- Database Security
- Electronic Commerce Security
- Intrusion Detection
- Information Hiding and Watermarking
- Key Management and Key Recovery
- Network Security
- Security Protocols and Their Analysis
- Security Modeling and Architecture
- Provable Security
- Multiparty Security Computation
- Foundations of Cryptography
- Secret Key and Public Key Cryptosystems
- Implementation of Cryptosystems
- Hash Functions and MAC
- Modes of Operation
- Intellectual Property Protection
- Mobile System Security
- Operating System Security
- Risk Evaluation and Security Certification
- Malicious Codes and Prevention
For more information, please see
http://www.is.iscas.ac.cn/cisc/index.htm.
CANS 2005
4th International Conference on Cryptography and Network Security,
Xiamen, Fujian Province, China, December 14-16, 2005.
[posted here 4/22/05]
The main goals of this conference are to promote research on all aspects of network security and
to build a bridge between research on cryptography and network security. So, we welcome scientific
and academic papers that focus on this multidisciplinary area. Topics of interest include:
- Denial of Service
- Intrusion Detection
- Router Security
- Spam
- Spyware
- Scanning
- WWW Security
- Anonymity and internet voting
- Broadcast and Multicast Security
- DNS Security
- Firewalls
- Information Hiding
- International Standards
- (IP) Spoofing
- PKI
- Secure E-Mail
- Secure protocols, (SSH, SSL, ...)
- Security of Ad Hoc Networks
- Session Hijacking
- Virtual Private Networks
- Wireless Security
- cryptology
For more information, please see
http://math.fjnu.edu.cn/cans.
SISW 2005
3rd International IEEE Security in Storage Workshop,
Held in conjunction with the 4th USENIX Conference on File and Storage Technologies (FAST 2005),
San Francisco, CA, USA, December 14-16, 2005.
[posted here 7/10/05]
The workshop seeks submissions from academia and industry presenting novel research
on all theoretical and practical aspects of designing, building and managing secure
storage systems; possible topics include, but are not limited to the following:
- Cryptographic Algorithms for Storage
- Cryptanalysis of Systems and Protocols
- Key Management for Sector and File based Storage Systems
- Balancing Usability, Performance and Security concerns
- Unintended Data Recovery
- Attacks on Storage Area Networks and Storage
- Insider Attack Countermeasures
- Security for Mobile Storage
- Defining and Defending Trust Boundaries in Storage
- Relating Storage Security to Network Security
- Database Encryption
- Search on Encrypted Information
For more information, please see
http://ieeeia.org/sisw/2005/index.htm.
ICICS 2005
7th International Conference on Information and Communications Security,
Beijing, China, December 6-9, 2005. [posted here 5/23/05]
Original papers are solicited for submission to the Seventh International Conference
on Information and Communications Security (ICICS'05). ICICS aims to bring together
individuals involved in multiple disciplines of information and communications
security to foster exchange of ideas. Areas of interest include, but are not limited to:
- Access control
- Anti-Virus and Anti-Worms
- Anonymity, Authentication and Authorization
- Biometric Security
- Data and System Integrity
- Database Security
- Distributed Systems Security
- Electronic Commerce Security
- Fraud Control
- Grid Security
- Information Hiding and Watermarking
- Intellectual Property Protection
- Intrusion detection
- Key Management and Key Recovery
- Language-based Security
- Operating System Security
- Network Security
- Risk Evaluation and Security Certification
- Security for Mobile Computing
- Security Models
- Security Protocols
- Trusted Computing
For more information, please see
http://www.icics2005.org/.
AXMEDIS 2005
1st International Conference on Automated Production of Cross Media Content
for Multi-channel Distribution,
Florence, Italy, November 30-December 2, 2005. [posted here 3/9/05]
This event seeks to promote discussion and interaction between researchers,
practitioners, developers and users of tools, technology transfer experts, and
project managers. AXMEDIS-2005 will bring together a variety of participants from
the academic, business and industrial worlds, to address different technical and
commercial issues. Particular interests include the exchange of concepts, prototypes,
research ideas, industrial experiences and other results. The conference focuses on
the challenges in the cross-media domain (including production, protection, management,
representation, formats, aggregation, workflow, distribution, business and transaction
models), and the integration of content management systems and distribution chains,
with particularly emphasis on the reduction of costs and solutions for complex
cross-domain problems.
Topics of interest include, but are not restricted to, the following aspects:
- Automatic cross-media production, gathering, crawling, composition, formatting, P2P, etc.
- Formats and models for multi-channel content distribution
- Multimedia standards such as MPEG-7, MPEG-21, DMP, etc.
- Legal aspects related to digital content
- High quality Audio Video Coding
- Multimedia Music representation and formatting
- Watermarking and fingerprinting techniques
- GRID and Distributed systems for Content production
- Multimedia Middleware
- Workflow management systems
- Web services for content distribution
- Distribution with P2P architectures
- Semantic Web and P2P
- Collecting and clearing of rights and licenses
- Formats and tools for Content Aware
- Archives managements for cultural and educational applications
- Digital Rights Management (DRM), models and tools, and interoperability
- Synchronisation technologies and solutions
- Business and transaction models
- Systems and approaches for content production/distribution on demand
- Digital Content User Interface
- Digital Content accessibility
- Payments model
- Novel applications and case-studies of relevant technologies
For more information, please see
http://www.axmedis.org/axmedis2005/call4papers.html.
PSDM 2005
Privacy and Security Aspects of Data Mining,
Held in Conjunction with 2005 IEEE International Conference on Data Mining,
New Orleans, Louisiana, USA, November 27, 2005.
[posted here 7/31/05]
The aim of this workshop is to address issues of privacy and security
in data mining, synergize different views of techniques and policies,
and brainstorm future research directions. Although techniques, such
as random perturbation techniques, secure multiparty computation based
approaches, cryptographic-based methods, and database inference
control have been developed, many of the key problems still remain
open in this area. Especially, new privacy and security issues have
been identified, and the scope of this problem has been expanded. How
does the privacy and security issue affect the design of data mining
algorithm? What impacts will this research impose on diverse areas of
counter-terrorism, distributed computation, and privacy law
legislation? We encourage researchers with interest in the areas of
privacy and security as well as data mining and machine learning to
attend the workshop.
- Access control techniques and secure data models
- Cryptographic tools for privacy preserving data mining
- Secure learning algorithms for randomized/perturbed data
- Privacy preserving multi-party data mining
- Trust management for data mining
- Inference/disclosure related data mining
- Privacy protection in E-Commerce
- Privacy laws for fraud detection and for protecting personal data, medical data, and
the public release of data
- Secure link analysis and social network analysis
- Data mining applications for terrorist detection
- Privacy enhancement technologies in web environments
- Privacy guarantees and usability of perturbation and randomization techniques
- Analysis of confidentiality control methods
- Privacy policy analysis
- Privacy preserving data integration
- Privacy policy infrastructure
- Privacy preserving query systems
- Identify theft protection
For more information, please see
http://www.site.uottawa.ca/~zhizhan/ppdmworkshop2005/psdm05.
Tencon 2005
IEEE International Region 10 Conference,
Melbourne, Australia, November 21-24, 2005.
[posted here 9/7/05]
Tencon’05 is an international technical conference sponsored by
IEEE Region 10 to be held in Melbourne Australia from 21 – 24
November 2005. Its goal is to provide an international forum
for specialist presentations, discussions and interactions.
Tencon'05 themes not only include extensive coverage of topics
in computing, communications, signal processing and power
engineering, but Tencon'05 has also extended its scope to
include pertinent issues in technology and society, such as
biomedical engineering, legal, privacy and security issues.
For more information, please see
http://www.tencon2005.org/.
CNIS 2005
The IASTED International Conference on Communication, Network, and Information Security,
Phoenix, AZ, USA, November 14-16, 2005. [posted here 5/23/05]
Modern communication systems demand everyday security, both at home and work. While email,
online shopping, and pervasive computing allow increased information sharing, they also
provide an avenue for malicious attackers to negate our privacy and alter our information.
The IASTED International Conference on Communication, Network and Information Security
(CNIS 2005) will bring together industry leaders and academic pioneers from several
disciplines to further understand the direction that security is headed, and the methods
that will be used to get there. This conference is for both builders and users of modern
communication systems. Topics of interest include, but are not limited to:
Communication Security:
- Access Control
- Authentication
- Cryptographic Protocols and Application
- Digital Signatures
- Disaster Protocols
- Hash Functions
- Warning Systems
Network Security:
- Computer/Network Disaster Recovery
- Global Security Architectures and Infrastructures
- Hacking and Intrusion Detection
- Secure Deletion
- Secure Email
- Spam
- Viruses and Worms
- Web Security
- WiFi Spying/Sniffing
- Wireless Privacy
- Wireless Security
- Virtual Private Networks
Information Security:
- Biometrics
- Digital Rights Management
- Digitally Embedded Signatures
- DNA, Fingerprint, Iris, and Retina Scanning
- Identity Theft
- Information Hiding
- Legal and Regulatory Issues in Communication
- Operating System Security
- Plagiarism
- Privacy and Confidentiality
- Software Security
- Spyware
- Standards
- Watermarking
For more information, please see
http://www.iasted.org/conferences/2005/phoenix/cnis.htm.
SWS 2005
Workshop on Secure Web Services,
Held in conjunction with the 12th ACM Conference on Computer and Communications Security (CCS 2005),
Fairfax, VA, USA, November 11, 2005.
[posted here 6/14/05]
Basic security protocols for Web Services, such as XML Security, the WS-*
series of proposals, SAML, and XACML are the basic set of building blocks
enabling Web Services and the nodes of GRID architectures to interoperate
securely. While these building blocks are now firmly in place, a number of
challenges are still to be met for Web services and GRID nodes to be fully
secured and trusted, providing for secure communications between cross-platform
and cross-language Web services. Also, the current trend toward representing
Web services orchestration and choreography via advanced business process
metadata is fostering a further evolution of current security models and
languages, whose key issues include setting and managing security policies,
inter-organizational (trusted partner) security issues and the implementation
of high level business policies in a Web services environment. The SWS workshop
explores these challenges, ranging from the advancement and best practices of
building block technologies such as XML and Web services security protocols
to higher level issues such as advanced metadata, general security policies,
trust establishment, risk management, and service assurance.
Topics of interest include, but are not limited to, the following:
- Web services and GRID computing security
- Authentication and authorization
- Frameworks for managing, establishing and assessing inter-organizational trust relationships
- Web services exploitation of Trusted Computing
- Semantics-aware Web service security and Semantic Web Secure orchestration of Web services
- Privacy and digital identities support
For more information, please see
http://ra.crema.unimi.it/sws05/.
DIM 2005
Workshop on Digital Identity Management,
Held in conjunction with the 12th ACM Conference on Computer and Communications Security (CCS 2005),
Fairfax, VA, USA, November 11, 2005.
[posted here 6/14/05]
Digital identity management is becoming an integral part of our lives and businesses
as more and more of the online interactions in which we participate depend on
networked computer systems communicating potentially sensitive identity information
across personal, company, and enterprise boundaries. Conversely, the abuse of digital
identities (e.g. identity theft, eavesdropping, hacking, profiling, etc) poses an
increasing threat to both our privacy and finances - thereby affecting society’s
collective confidence in online interactions.
The goals of this workshop are to explore the frontier of digital identity
management, from theoretical analysis to real-world experience, to share
the knowledge obtained to date, and to propose an agenda for further
research. Participants from industry as well as academia are welcome
and encouraged to participate. We invite you to submit a paper that deals
with the emerging challenges of this new frontier of identity management.
The possible list of topics includes but is not limited to:
- Identity federation
- Best practices for privacy-respecting SSO
- Identity life cycle management
- Privacy policy specification and enforcement
- Strong authentication and identity theft
- Trust and governance – P2P or centralized
- Collective identity
- Identity management in vertical areas (e.g. mobile, government and healthcare)
- Interoperability between different protocols/standards
- Identity referencing
- Privacy in geolocation services
- Pseudonymity vs anonymity
- Credential management
- Usability in identity management
For more information, please see
http://www2.pflab.ecl.ntt.co.jp/dim/.
StorageSS 2005
The Storage Security and Survivability Workshop,
Held in conjunction with the 12th ACM Conference on Computer and Communications Security (CCS 2005),
Fairfax, VA, USA, November 11, 2005. [posted here 3/25/05]
There has been an evolution of protection solutions mirrored in both
the security and survivability research communities: (1) from physical
protection solutions targeting people, (2) to system protection solutions
targeting networked-systems, (3) and now the new emerging paradigm of
information-centric solutions targetting the data itself. This workshop
focuses on stimulating new ideas in order to reshape storage protection
strategies. Clearly storage security and survivability is a complex,
multi-dimensional problem with dynamics over time so a large variety of
approaches may be appropriate including prevention, monitoring,
measurements, mitigation, and recovery.
We bring Storage-SS to the ACM CCS 2005 Conference to foster a greater
exchange between computer protection researchers/professionals and
computer storage researchers/professionals. In this vein, we seek
submissions from both research and industry presenting novel ideas on all
theoretical and practical aspects of protecting storage systems.
Specifically we seek submissions in two types distinct paper categories:
Regular Paper (12 page maximum) and Work-In-Progress/Short Paper (6 page
maximum). A list of potential topics includes but is not limited to the
following:
- storage protection tradeoffs
- storage protection deployment (including case studies)
- smart storage for security/survivability
- analysis of covert storage channels
- storage leak analysis
- mobile storage protection
- novel backup protection techniques
- storage versioning protection techniques
- storage encryption techniques (both key mgmt and crypto algorithms)
- tamper-evident storage protection techniques
- immutable storage protection techniques
- storage threat models
- storage intrusion detection systems
- storage area network (SAN) security/survivability
- security/survivability for storage over a distance
- security/survivability with Internet storage service providers
- storage security/survivability in an HPC environment
For more information, please see
http://www.ncassr.org/projects/storage-sec/storageSS-2005/.
WORM 2005
3rd Workshop on Rapid Malcode (WORM),
Held in conjunction with the 12th ACM Conference on Computer and Communications Security (CCS 2005),
Fairfax, VA, USA, November 11, 2005.
[posted here 2/27/05]
In the last several years, Internet-wide infectious epidemics have emerged as
one of the leading threats to information security and service availability.
The vehicles for these outbreaks, malicious codes called "worms", take advantage
of the combination of software monocultures and the uncontrolled Internet communication
model to quickly compromise large numbers of hosts. Such worms are increasingly being
used as delivery mechanisms for various types of malicious payloads, including
remote-controlled "zombies", spyware and botnets. Recent incidents have also reveals
the use of new propagation techniques as well as the use of worms to target small
user communities or specific applications. Current operational practices have not
been able to manage these threats effectively.
This workshop continues the efforts of the previous years to provide a forum
to bring together ideas, understanding and experiences bearing on the worm
problem from a wide range of communities, including academia, industry and
the government. We are soliciting papers from researchers and practitioners
on subjects including, but not limited to:
- Automatic detection and characterization
- Reactive countermeasures
- Proactive defenses
- Threat assessment
- Email and web-based malcode
- Measurement studies
- Testbeds & evaluation
- Reverse engineering
- Significant operational experiences
- Surveys of the field
- Analysis of worm construction, current & future
- Modeling and analysis of propagation dynamics
- Forensic methods of attribution
- The combination of different types of malware
For more information, please see
http://www1.cs.columbia.edu/~angelos/worm05/.
FMSE 2005
3nd ACM Workshop on Formal Methods in Security Engineering From Specifications to Code,
Held in conjunction with the 12th ACM Conference on Computer and Communications Security (CCS 2005),
Fairfax, VA, USA, November 11, 2005. [posted here 4/18/05]
Information security has become a crucial concern for the commercial
deployment of almost all applications and middleware. Despite this
commonly recognized fact, the incorporation of security requirements
in the software development process is not yet well understood. The
deployment of security mechanisms is often done in an ad-hoc manner
only, without a formal security specification, often without a
thorough security analysis and almost necessarily without a formal
security validation of the final product. That is, a process is
lacking for making the transition from high-level security models and
policies through development to code.
We aim to bring together researchers and practitioners from both the
security and the software engineering communities, from academia and
industry, who are working on applying formal methods to designing and
validating large-scale systems. We are seeking submissions addressing
foundational issues in:
- security specification techniques
- formal trust models
- combination of formal techniques with semi-formal techniques like UML
- formal analyses of specific security properties relevant to software development
- security-preserving composition and refinement of processes
- faithful abstractions of cryptographic primitives and protocols in process abstractions
- integration of formal security specification, refinement and
validation techniques in development methods and tools
For more information, please see
http://www.ti.informatik.uni-kiel.de/~kuesters/FMSE05/.
ISSRE 2005
16th IEEE International Symposium on Software Reliability Engineering (ISSRE 2005),
Chicago, Illinois, USA, November 8-11, 2005. [posted here 3/9/05]
ISSRE focuses on the theory and practice of Software Reliability Engineering.
The conference scope includes techniques and practices to (1) verify and validate
software, (2) estimate and predict its dependability, and (3) make it more tolerant/robust
to faults. The major theme for this year's conference is Developing High Reliability for
Ubiquitous Mobile Applications. Topics of interest include, but are not limited to, the following:
- Software reliability models
- Practice of reliability modeling
- Software architecture reliability
- Software safety analysis
- Formal reliability assurance methods
- Model-based verification and validation
- Software testing and verification
- Software test effectiveness
- Empirical reliability studies
- Reliability measurement
- Tools and automation
- Fault-tolerant and robust software
- Security testing
- Quantitative characterization of security
- Software certification
- Internet reliability engineering
- End-to-end dependability
- Dependable web services
- Quality of network service
- Dependability and performance of mobile applications
- Dependability of electronic commerce applications
- Dependability and QoS of distributed applications
- Dependability of adaptive and autonomous systems
- Distributed test environments for mobile applications
- Operational profiles of mobile user populations
- Integration of RF propagation models with end-to-end reliability models
- Automatic and in-situ RF survey and monitoring
- Collection and interpretation of end-to-end quality of service metrics
- Reliability modeling and testing of handset power management and provisioning,
mobile ad hoc networks (MANETs), high-latency (satellite) channels with mobile ground stations,
bandwidth-intensive (e.g., video) mobile applications, mobile PAN, LAN, MAN, or WAN over WiFi,
WiMax, GSM, or CDMA, integrated WiFi, WiMax, GSM, CDMA, VOIP, multi-stack (e.g.
WiFi and GSM) failure modes
For more information, please see
http://rachel.utdallas.edu/issre.
WSNS 2005
2005 International Workshop on Wireless and Sensor Networks Security,
Held in conjunction with the 2nd IEEE International Conference on
Mobile Ad-hoc and Sensor Systems (MASS 2005),
Washington DC, USA, November 7-10, 2005.
[posted here 5/12/05]
Wireless networks have experienced an explosive growth during the last few years.
Nowadays, there is a large variety of networks spanning from the well-known cellular
networks to non-infrastructure wireless networks such as mobile ad hoc networks and
sensor networks. This workshops aims to bring together researchers and practitioners
from wireless and sensor networking, security, cryptography, and distributed computing
communities, with the goals of promoting discussions and collaborations. We are
interested in novel research on all aspects of security in wireless and sensor
networks and tradeoff between security and performance such as QoS, dependability,
scalability, etc. We are seeking papers that describe original and unpublished
contributions addressing various aspects of secured wireless/sensor networks.
Topics of interest include, but are not limited to:
- Authentication and Access Control
- Cryptographic Protocol
- Experimental Studies
- Key Management
- Information Hiding
- Intrusion Detection and Response
- Privacy and Anonymity
- Secure Localization and Synchronization
- Security and Performance tradeoff
- Security Policy and Enforcement Issues
- Security Protocols Design, Analysis and Verification
- Secure Routing/MAC
- Surveillance and Monitoring
- Trust Management
For more information, please see
http://www.cs.wcupa.edu/~zjiang/wsns05.htm.
SADFE 2005
1st International Workshop on Systematic Approaches to Digital Forensic Engineering,
Taipei, Taiwan, November 7-10, 2005. [posted here 5/12/05]
The SADFE (Systematic Approaches to Digital Forensic Engineering) International
Workshop is intended to further the advancement of computer forensic engineering
by promoting innovative & leading-edge systematic approaches to cyber crime
investigation. The workshop brings together top digital forensic researchers,
advanced tool/product builders, and expert law enforcement from around the world
for information exchange and R&D collaboration.
SADFE 2005 solicits broad-based, innovative digital
forensic engineering technology, practical experience & process related submissions
in the following areas:
- Systematic engineering processes & methodologies for computer forensic
- Advanced techniques in evidence collection, search, analysis, correlation,
handling and preservation
- Progressive cyber crime scenario analysis and reconstruction technology
- Legal case construction & digital evidence support
- Legal and technical collaboration
- Legal and technical aspects of tool validation
- Courtroom expert witness and case presentation
- Intrusion detection systems (IDS) for computer forensic
- Forensics of embedded devices (e.g. digicams, cell phones)
- Innovative forensic engineering tools and applications
- Attack strategy analysis & modeling
- Privacy, legal and legislation issues
- Monitoring and incident response
- Forensic-enabled architectures and processes
- Advanced system and application log analysis
For more information, please see
http://conf.ncku.edu.tw/sadfe/index.htm.
SASN 2005
3rd ACM Workshop on Security of Ad Hoc and Sensor Networks,
Held in conjunction with the 12th ACM Conference on Computer and Communications Security (CCS 2005),
Alexandria, VA, USA, November 7, 2005. [posted here 3/10/05]
Ad hoc and sensor networks are expected to become an integral part of the future computing
landscape. However, these networks introduce new security challenges due to their dynamic
topology, severe resource-constraints, and absence of a trusted infrastructure. SASN 2005
seeks submissions from academia and industry presenting novel research on all aspects of
security for ad hoc and sensor networks, as well as experimental studies of fielded
systems. This one-day workshop builds on the success of SASN 2003 and SASN 2004.
Topics of interest include, but are not limited to, the following as they relate
to mobile ad hoc networks or sensor networks:
- Security under resource constraints (e.g., energy, bandwidth, memory, and
computation constraints)
- Performance and security tradeoffs
- Secure roaming across administrative domains
- Key management
- Cryptographic Protocols
- Authentication and access control
- Trust establishment, negotiation, and management
- Intrusion detection and tolerance
- Secure location services
- Secure clock distribution
- Privacy and anonymity
- Secure routing
- Secure MAC protocols
- Denial of service
- Prevention of traffic analysis
For more information, please see
http://discovery.csc.ncsu.edu/SASN05/.
WPES 2005
Workshop on Privacy in the Electronic Society,
Held in conjunction with the 12th ACM Conference on Computer and Communications Security (CCS 2005),
Alexandria, VA, USA, November 7, 2005. [posted here 6/14/05]
The need for privacy-aware policies, regulations, and techniques has been widely
recognized. This workshop discusses the problems of privacy in the global
interconnected societies and possible solutions. The workshop seeks
submissions from academia and industry presenting novel research on all
theoretical and practical aspects of electronic privacy, as well as
experimental studies of fielded systems. We encourage submissions from other
communities such as law and business that present these communities'
perspectives on technological issues. Topics of interest include, but
are not limited to:
- anonymity, pseudonymity, and unlinkability
- data correlation and leakage attacks
- electronic communication privacy
- information dissemination control
- privacy in health care and public administration
- privacy and confidentiality management
- personally identifiable information
- privacy-aware access control
- privacy in the digital business
- privacy enhancing technologies
- privacy policies
- privacy and anonymity on the Web
- privacy in the electronic records
- public records and personal privacy
- privacy and human rights
- privacy threats
- privacy and virtual identity
- privacy policy enforcement
- privacy and data mining
- privacy vs. security
- user profiling
- wireless privacy
- economics of privacy
For more information, please see
http://wpes05.dti.unimi.it/.
CCS 2005 12th
ACM Conference on Computer and Communications Security, Alexandria,
VA, USA, November 7-11, 2005. [posted here 11/14/04]
Papers offering novel research contributions to any aspect of
computer security are solicited for submission to the 12th ACM
conference. The primary focus is on high-quality
original unpublished research, case studies, and implementation
experiences. Papers should have practical relevance to the
construction, evaluation, application, or operation of
secure systems. Theoretical papers must make convincing arguments
for the practical significance of the results. Theory must be
justified by compelling examples illustrating its
application.
Topics of interest include:
- access control
- authentication
- accounting and audit
- database and system security
- security for mobile code
- applied cryptography
- data/system integrity
- smart-cards and secure PDAs
- cryptographic protocols
- e-business/e-commerce
- intrusion detection
- inference/controlled disclosure
- key management
- privacy and anonymity
- security management
- intellectual property protection
- information warfare
- secure networking
- security verification
- commercial and industry security
For more information, please see
http:///www.acm.org/sigsac/ccs/.
DRM 2005
Workshop on Digital Rights Management,
Held in conjunction with the 12th ACM Conference on Computer and Communications Security (CCS 2005),
Alexandria, VA, USA, November 7, 2005. [posted here 6/14/05]
Digital Rights Management (DRM) is an area of pressing interest, as the
Internet has become the center of distribution for digital goods of all sorts.
The business potential of digital content distribution is huge, as are its
economic, legal and social implications. DRM, as a technical interdisciplinary
field, is at the heart of controlling the digital content and assuring
authorized, user friendly, safe, well-managed, automated, and fraud-free
distribution. The field of DRM combines cryptographic technology, software
and systems research, information and signal processing methods, legal, social
and policy aspects, as well as business analysis and economics.
Original papers on all aspects of Digital Rights Management are solicited
for submission to DRM 2005, the Fifth ACM Workshop on Digital Rights
Management. Topics of interest include but are not limited to:
- anonymous publishing
- architectures for DRM systems auditing
- business models for online content distribution
- computing environments and platforms for DRM systems
- copyright-law issues, including but not limited to fair use
- digital policy management
- implementations and case studies
- privacy and anonymity
- risk management
- robust identification of digital content
- security issues, including but not limited to authorization, encryption,
tamper resistance, and watermarking.
- software related issues.
- supporting cryptographic technology including but not limited to
traitor tracing, broadcast encryption, obfuscation.
- threat and vulnerability assessment.
- concrete software patent cases
- usability aspects of DRM systems.
- web services related to DRM systems
For more information, please see
http://www.titr.uow.edu.au/DRM2005/.
IWCIP 2005
1st IEEE International Workshop on Critical Infrastructure Protection,
Darmstadt, Germany, November 3-4, 2005. [posted here 6/14/05]
The IEEE Task Force on Information Assurance is sponsoring an interdisciplinary workshop
on research, policy, and experience in the field of critical infrastructure
protection (CIP) and critical information infrastructure protection (CIIP).
The workshop seeks submissions from academia, government, and industry presenting
novel research, policy, and applications and experience in the field of
critical infrastructure protection. Possible topics include, but are not limited to
the following:
Scientific and Technical Understanding of CIP/CIIP
- Modeling, analysis, and assessment of infrastructures and their interdependencies
- Identification of public and private assets for CIP/CIIP
- Analysis and management of threats, risks, and vulnerabilities of critical
infrastructures at the national level
- Cyberterrorism, cybercrime, and information operations
Scientific, Technical, and Organizational Approaches for CIP/CIIP
- Information security, security engineering, software security for CIP/CIIP
- CIP/CIIP requirements of the information society
- Early warning and information sharing networks
- Knowledge-based alerting and management approaches and mechanisms
- Public-Private-Partnerships (PPP) and their security requirements for cooperative CIP/CIIP
- Information Sharing and Analysis Centers (ISAC), information sanitization,
and secure exchange of confidential information
- Global/enterprise security architectures and information infrastructures
National and Transnational CIP/CIIP Positions and Issues
- Definition and analysis of national CIP/CIIP policies and positions
- Mechanisms for international cooperation among CIP groups
For more information, please see
http://www.iwcip.org/2005/.
DRMTICS 2005
1st International Conference on Digital Rights Management: Technologies, Issues, Challenges and Systems,
Sydney, Australia, October 31 - November 2, 2005.
[posted here 5/23/05]
This new conference series (abbreviated: DRMTICS, pronounced: "dramatics") seeks
submissions from academia and industry describing novel research results that cover
theoretical and practical advancements in all areas of DRM systems. The conference will
serve as a broad multi-disciplinary forum for all DRM related issues. Of
particular interest this year are rights expression languages, processes and methods
for DRM applications, together with social, legal, usability, and business aspects of
such systems. Alternative economic and incentive based models, their analysis,
implementation and case studies are highly encouraged.
Topics include but are not limited to:
- DRM systems and architecture
- ODRL, XrML and other rights expression languages
- Usage monitoring and metering
- Business and charging models for content distribution
- Economic aspects of content distribution
- Code obfuscation and software protection
- Usability aspects of DRM systems
- Concrete software patent cases
- DRM law and policy issues
- Fair use and copyright law issues
- Content sharing and mobility
- Privacy enhanced content distribution
- Peer-to-peer systems for content distribution
- MPEG-21, OMA and other standard activities for DRM
- Security technologies (including, but not limited to, authorisation, encryption,
tamper resistance and controlled access)
- Watermarking, fingerprinting and content identification
- Broadcast encryption and traitor tracing
- Implementations and case studies of DRM systems
- Web services for content distribution
- Access control systems for digital rights management
- Interoperability and accessibility
- Electronic publication and digital libraries
- Issues in distributed computer games
For more information, please see
http://www.titr.uow.edu.au/DRMTICS2005.
NIST-CHW 2005
Cryptographic Hash Workshop,
Gaithersburg, Maryland, USA, October 31 - November 1, 2005.
[posted here 5/9/05]
Recently a team of researchers reported that the SHA-1 function offers significantly
less collision resistance than could be expected from a cryptographic hash function of
its output size. NIST plans to host a Cryptographic Hash Workshop on Oct. 31-Nov. 1, 2005
to solicit public input in how best to respond to the current state of research in this area.
The workshop has the following goals:
- Assess the status of the current NIST-approved hash functions, i.e., the SHA-256 and
SHA-512 families in addition to SHA-1
- Discuss short term actions to mitigate the potential problems with the
various applications of the approved hash functions
- Discuss the conditions that would warrant an early transition away from
any of the approved hash functions
- Discuss the potential replacement options for any of the approved hash functions
- Clarify the properties of unkeyed cryptographic hash functions required for different
applications
For more information, please see
http://www.nist.gov/hash-function.
VizSEC 2005
2nd Workshop on Visualization for Computer Security,
Held in conjunction with IEEE Vis2005 and InfoVis2005,
Minneapolis, Minnesota, USA, October 26, 2005. [posted here 3/9/05]
Networked computers are increasingly ubiquitous, and they are subject to
attack, misuse, and abuse. Every effort is being made by organizations and
individuals to build and maintain trustworthy computing systems. The
traditional, signature-based and statistical methods are limited in their
capability to cope with the large, evolving data and the dynamic nature of
Internet. In many applications, visualization proves very effective to
understand large high-dimensional data. Thus, there is a growing interest
in the development of visualization methods as alternative or
complementary solutions to the pressing cyber security problems.
We solicit papers that report innovative results in solving all aspects of
cyber security problems with visualization techniques.
For more information, please see
http://www.cs.ucdavis.edu/~ma/VizSEC05/.
ITW 2005
Information Theory Workshop on Theory and Practice in Information-Theoretic Security,
Awaji Island, Japan, October 16-19, 2005. [posted here 3/10/05]
The 2005 Information Theory Workshop will be devoted to the dissemination and
further development of the boundary areas between information theory and
information security. A main goal of the workshop is to create a unique
and excellent venue for researchers working in diverse disciplines to exchange
latest research results on unconditional security and to discuss directions
for future explorations. Topics which this workshop deals with include
(but are not limited to):
- Theoretical and practical topics concerning information-theoretic security
- Paradigms, approaches and techniques concerning information-theoretic security
- Information theory applicable to information security
- Applications of information theory to computational security
- Topics in the bounded storage model and the noisy channel model
- Quantum information theory applicable to information security
- Quantum cryptography
For more information, please see
http://imailab-www.iis.u-tokyo.ac.jp/~itw05/.
Mycrypt 2005
International Conference on Cryptology in Malaysia, Kuala Lumpur, Malaysia,
September 28 – October 1, 2005. [posted here 3/21/05]
Original papers on all technical aspects of cryptology are solicited for submission
to Mycrypt 2005, the inaugural international conference on cryptology, hosted in Malaysia.
The conference is co-organized by iSECURES (Information Security Research) Lab at Swinburne
University of Technology (Sarawak Campus), NISER (National ICT Security and Emergency
Response Centre) and INSPEM (Institute for Mathematical Research) at UPM (University
Putra Malaysia).
For more information, please see
http://www.niser.org.my/mycrypt2005/.
MMM-ACNS 2005
3rd International Workshop on Mathematical Methods, Models and
Architectures for Computer Networks Security,
St. Petersburg, Russia, September 24-28, 2005. [posted here 1/16/05]
The Firs and Second International Workshops "Mathematical
Methods, Models and Architectures for Computer Networks
Security" (MMM-ACNS-2001
(http://space.iias.spb.su/mmm2001/main.jsp) and
MMM-ACNS-2003 (http://space.iias.spb.su/mmm-acns03/index.jsp))
organized in
2001 and 2003 respectively by St. Petersburg Institute for
Informatics and Automation, Binghamton University (SUNY) and
US Air Force Research Laboratory/Information Directorate and
supported by the European Office of Aerospace Research and
Development USAF, Office of Naval Research Global, and
Russian Foundation of Basic Research were very successful.
These workshops demonstrated the high interest of the
international scientific community to the theoretical aspects
of the computer network and information security and the need
for conducting of such workshops as on-going series.
The proposed MMM-ACNS-2005 Workshop is intended as a third
step in this series and will be focused on theoretical
problems in the area under consideration. Its objectives are
to bring together leading researchers from academia and
governmental organizations as well as practitioners in the
area of computer networks and information security,
facilitating personal interactions and discussions on various
aspects of information technologies in conjunction with
computer network and information security problems arising in
large-scale computer networks engaged in information storing,
transmitting, and processing.
Papers may present theory, technique, and applications on topics
including but are not restricted to:
- Adaptive security
- Anonymity and privacy
- Authentication and authorization
- Access control
- Computer and network forensics
- Data and application security
- Data mining, machine learning, immunological and cognitive approaches to security
- Deception systems and honeypots
- Denial-of-service attacks and countermeasures
- Electronic commerce security
- Formal analysis of security properties
- Game theoretic approaches to security
- Information flow analysis
- Information survivability
- Information warfare and critical infrastructure protection
- Integrated information security systems based on information fusion
- Intrusion and fraud avoidance, detection, response and tolerance
- Insider attack countermeasures
- Language-based security
- Modeling malicious behavior or attacks
- Monitoring and surveillance
- Network perimeter controls: firewalls, packet filters, application gateways
- New ideas and paradigms for security
- Operating system security
- Public key infrastructure, key management, certification, and revocation
- Risk analysis and risk management
- Security of emerging technologies: sensor networks, wireless/mobile (and ad hoc) networks, personal
communication systems, peer-to-peer and overlay network systems
- Security of autonomous agents and multi-agent systems: protecting agents and agent
infrastructure from attacks, secure agent communication, secure mobile agents
and mobile code, trusted agents
- Security modeling and simulation
- Security policies: specification, refining, verification, implementation, deployment and management
- Security requirements engineering
- Security specification and verification
- Trust establishment, negotiation, and management, including trust and
reputation in virtual organizations
- Virtual private networks
- Viruses, worms, and other malicious code
- Vulnerability assessment
- Wireless communication security
- World wide web security
For more information, please see
http://space.iias.spb.su/mmm-acns05/.
IWAP 2005
4th International Workshop for Applied PKI, Singapore, September 21-23, 2005.
[posted here 12/13/04]
IWAP'05 will be held in Singapore on September 21-23, 2005. Original
papers on all aspects of
PKI are solicited for submission to IWAP'05. Topics of interest
include, but are not limited
to, the following:
- Authentication & Verification
- Bio-PKI & Mobile PKI
- Case Studies
- Certificates and its Revocation
- Cross Certification
- Design & Implementation
- Interoperability & Standards
- Key Management & Recovery
- Legal Issues, Policies & Regulations
- Modeling & Architecture
- Privilege Management Infrastructure
- Protocols & Applications
- Reliability & Fault-Tolerance
- Risk Management & Analysis
- Security Analysis & Testing
- Signature Validation
- Time Stamping
- Trust & Privacy
For more information, please see
http://iwap05.i2r.a-star.edu.sg/.
NSPW 2005
New Security Paradigms Workshop,
Lake Arrowhead, California, USA, September 20-23, 2005. [posted here 2/4/05]
NSPW is a unique workshop that is devoted to the critical examination of new paradigms in security.
Our program committee particularly looks for new paradigms, innovative approaches to
older problems, early thinking on new topics, and controversial issues that might
not make it into other conferences but deserve to have their try at shaking and breaking the mold.
We welcome three categories of submission:
- Research papers should be of a length commensurate with the
novelty of the paradigm and the amount of novel material that
the reviewer must assimilate in order to evaluate it.
- Position papers should be 5 - 10 pages in length and should
espouse a well reasoned and carefully documented position on a security
related topic that merits challenge and / or discussion.
- Discussion topic proposals. Discussion topic proposals should
include an in-depth description of the topic to be discussed, a
convincing argument that the topic will lead to a lively
discussion, and supporting materials that can aid in the evaluation
of the proposal. The later may include the credentials of the
proposed discussants. Discussion topic proposers may want to
consider involving conference organizers or previous attendees in
their proposals.
For more information, please see
http://www.nspw.org.
FloCon 2005
2nd Annual FloCon 2005 Analysis Workshop,
New Orleans, Louisiana, USA, September 20-22, 2005. [posted here 2/14/05]
FloCon is an open workshop that provides a forum for researchers,
operational analysts, and other parties interested in the security
analysis of large volumes of traffic to develop the next generation
of flow-based analysis. Flow is an abstraction of network traffic in
which packets are grouped together by common attributes over time.
In security, flow has been used to survey and analyze large networks
and long periods of time, but the field is still in its infancy.
FloCon 2005 will have an active workshop structure: our goal is to
have presentations coupled with working breakout sessions on
specific topics. Based on submissions and suggestions, we will
develop a three-day track.
Appropriate topics include, but are not limited to, the following:
- Experience reports in flow analysis
- Operational security analysis using flows
- Advanced flow analysis techniques
- Expanding the flow format for security needs
- Integrating flows into other security analysis
- Facilitating data sharing/public repositories
- Flow collection technologies
- Network traffic modeling for security
- Alternative traffic abstracts for services
For more information, please see
http://www.cert.org/flocon/.
MADNES 2005
Secure Mobile Ad-hoc Networks and Sensors workshop, Held in conjunction with
the ISC '05 conference, Singapore, September 20-22, 2005.
[posted here 12/22/04]
The MADNES workshop. co-sponsored by the
SAIT Laboratory and the
U.S. Army Research Office will feature information about security in mobile
and ad-hoc networks. Proceedings will be published as Springer-Verlag,
LNCS. Topics of interest include:
- Security and fault tolerance
- Privacy issues
- Security & privacy applications of mobile agents and intelligent autonomous systems
- Distributed denial of service attacks and defenses
- Mobile code security and verification
- Key management and trust infrastructures
- Security, privacy and efficiency trade-offs
- Secure distributed algorithms
- Secure & private protocols for dynamic group applications
- Secure location, discovery and authentication of neighbors
- Secure timing and synchronization
- Secure/private data collection and aggregation
- Secure self-configuration
- Secure routing
- Analysis and simulation of security and privacy properties
- Case Studies
- Energy efficient cryptography
For more information, please see
http://www.sait.fsu.edu/madnes/cfp.shtml.
ISC 2005
8th Information Security Conference, Singapore, September 20-23, 2005.
[posted here 12/13/04]
ISC'05 will be held in Singapore on 20-23 September, 2005. Original
papers on all technical
aspects of information security are solicited for submission to
ISC'05. Topics of interest include, but are not limited to, the following:
- Access Control
- Ad Hoc & Sensor Network Security
- Applied Cryptography
- Authentication and Non-repudiation
- Cryptographic Protocols
- Denial of Service
- E-Commerce Security
- Identity and Trust Management
- Information Hiding
- Insider Threats and Countermeasures
- Intrusion Detection & Prevention
- Network & Wireless Security
- Peer-to-Peer Security
- Privacy and Anonymity
- Security Analysis Methodologies
- Security in Software Outsourcing
- Systems and Data Security
- Ubiquitous Computing Security
For more information, please see
http://isc05.i2r.a-star.edu.sg/.
CoALa 2005
Workshop on Contract Architectures and Languages,
Held in conjunction with the 9th International IEEE Enterprise Distributed
Object Computing Conference (EDOC 2005),
Fairfax, VA, USA, September 20, 2005.
[posted here 5/16/05]
This Workshop will provide a collaborative forum for the participants to exchange recent or preliminary
results, to conduct intensive discussions on a particular topic, or to coordinate efforts between
representatives of a technical community in the area of Contract Architectures and Languages.
The program committee seeks papers and proposals that address various aspects of contracts,
including enterprise modeling, e-business, formal and legal aspects with the aim of
providing a balanced mix of presentations from these different perspectives.
Topics of interest include, but are not limited to:
- Enterprise contract architectures
- Contract as a basis for coordination of cross-organisational interactions
- Contracts from system theoretic point of view
- Formalisms for expressing contracts
- Contract description languages
- Contract negotiation, validation
- Run-time contract monitoring and enforcement
- tandardisation activities for e-contracts (e.g. legalXML OASIS and UN/CEFACT): status and directions
- The use of model-driven techniques and tools
- Legal issues associated with electronic contracts
- Tools for drafting and constructing contracts
- Integration of contract management systems with other enterprise systems,
e.g. payment systems and ERP systems
- Contract management requirements for specific contracts, e.g. SLAs,
construction, financial and e-government contracts
- Trust and contract management issues
- Use and applicability of existing standards/initiatives (e.g. Web
Services, BPEL4WS, WS-CDL, RuleML etc)
- Links between contracts and business processes
- Practical experience with contract management systems
For more information, please see
http://www.dstc.edu.au/Research/Projects/coala/2005/.
FOSAD 2005
5th International School on Foundations of Security Analysis and Design,
Bertinoro, Italy, September 19-24, 2005. [posted here 02/01/05]
Security in computer systems and networks is emerging as one of the most challenging
research areas for the future. The main aim of the school is to offer a good spectrum
of current research in foundations of security, ranging from programming languages to
analysis of protocols, that can be of help for graduate students, young researchers
from academia or industry that intend to approach the field. The FOSAD series started
in 2000 and last edition was in 2004. This year the school covers one week (from Monday 19
to Saturday 24, September 2005) and alternates monographic courses of 4/6 hours and
short courses of 2/3 hours. We also encourage presentations given by those participants
that intend to take advantage of the audience for discussing their current research
in the area.
The school is organized at the University Residential Center of Bertinoro,
situated in Bertinoro, a small village on a scenic hill with a wonderful panorama,
in between Forli' and Cesena (about 50 miles south-east of Bologna, 15 miles to the
Adriatic sea). The cheapest way to travel is by plane to Forli' airport (the secondary
airport of Bologna), which is daily connected to London and Frankfurt AM through the
low fares airline Ryanair.
For more information, please see
http://www.sti.uniurb.it/events/fosad.
PBA 2005
International Workshop on Protection by Adaptation,
Held in conjunction with the 7th International Conference on Information
Integration and Web Based Applications & Services (iiWAS2005),
Kuala Lumpur, Malaysia, September 19-21, 2005.
[posted here 3/9/05]
For most people, security refers to cryptographic algorithms, biometric authentication
techniques, passwords, etc. Beyond these intuitive notions, security is rather a very
broad topic and may be viewed from a variety of other perspectives, including new
access control models, software architectures for security systems, and security
policies specifications. Emerging applications are subject to a high
number of attacks due to the distributed nature of these new environments,
mobility of users and devices, services heterogeneity and the different
capabilities of devices used to access these services.
The aim of this workshop is to encourage the research community to better
consider context-based security as a new trend that may face future more
subtle security attacks. We believe that the force of a good security system
should not rely only on the force of security protocols but also on the way it
copes with new and completely unpredictable situations or at least learn from
new situations and updates its behavior accordingly. This goal can be reached
by making future security solutions freely adaptive. We look for original
submissions on the following topics (but not limited to):
- Security in mobile, wireless and ad hoc environments
- Dynamic security policies
- Context-based access control
- Context in security
- Agile encryption
- Artificial intelligence and security
- Adaptive security solutions
- Middleware for context-based security systems
- Conflicting norms issues in security policies
- Flexible security architectures for pervasive applications
- Security contexts discovery, retrieval, representation and modeling
- Modeling users’ security profiles
- Metrics for evaluating security infrastructures
- Testing of adaptive security systems
- Software architectures for adaptive security (design patterns, etc)
- Adaptive security levels in heterogeneous environments
- Enforcing applications security semantics
- Metrics for predicting security threats
For more information, please see
http://www.iiwas.org/workshops/pba-2005/.
CMS 2005
9th IFIP TC-6 TC-11 Conference on Communications and Multimedia Security,
Salzburg, Austria, September 19-21, 2005. [posted here 3/9/05]
CMS is a joint working conference of IFIP TC6 and TC11. The CMS conference
attempts to be a forum for researchers working on all aspects of communications
and multimedia security. This year the organizers especially encourage submissions
on topics such as security of information hiding, combined encryption and
watermarking schemes, XML security and network security. Papers should
have practical relevance to the construction or evaluation of secure
systems; theoretical papers should demonstrate their practical significance.
We solicit papers describing original ideas and research results related to
the Communication and Multimedia Security area. Suggested topics include -
but are not limited to:
- Applied cryptography
- Privacy protection
- Biometrics
- Security for mobile devices
- Security of multimedia content
- Network security
- Steganography
- Secure Electronic Commerce
- Digital watermarking
- Web security
- Cryptography
- Digital Rights Management
- Identification and authentication
- XML security
For more information, please see
http://cms2005.sbg.ac.at/call.html.
ECC 2005
9th Workshop on Elliptic Curve Cryptography (ECC 2005),
Technical University of Denmark, Copenhagen, Denmark, September 19-21, 2005. [posted here 3/6/05]
ECC 2005 is the ninth in a series of annual workshops dedicated to the study of
elliptic curve cryptography and related areas. Over the past years the ECC conference
series has broadened its scope beyond curve-based cryptography and now covers a wide
range of areas within modern cryptography. For instance, past ECC conferences
included presentations on hyperelliptic curve cryptography, pairing-based cryptography,
quantum key distribution, AES, implementation issues, and deployments (e.g.,
cryptography for travel documents).
At the same time ECC continues to be the premier conference on elliptic
curve cryptography. It is hoped that ECC 2005 will further our mission of
encouraging and stimulating research on the security and implementation of
elliptic curve cryptosystems and related areas, and encouraging collaboration
between mathematicians, computer scientists and engineers in the academic,
industry and government sectors.
As with past ECC conferences, there will be about 15 invited lectures
(and no contributed talks) delivered by internationally leading experts.
There will be both state-of-the-art survey lectures as well as lectures on
latest research developments.
For more information, please see
http://www.cacr.math.uwaterloo.ca/conferences/2005/ecc2005/announcement.html.
FEE 2005
Frontiers in Electronic Elections,
Milan, Italy, September 15-16, 2005. [posted here 7/22/05]
The workshop is organized by ECRYPT, the European Network of Excellence in Cryptology,
and in association with ESORICS 2005, the 10th European Symposium on Research in Computer
Security, which takes place September 12-14, in Milan. The workshop is an activity of
ECRYPT's PROVILAB, the virtual lab on cryptographic protocols. It follows in the tradition
of a series of workshops devoted to cryptographic voting methods, such as WOTE '01 and
the 2003 DIMACS Workshop on Electronic Voting.
For some 25 years cryptographers have been proposing electronic voting schemes of
ever increasing strength and versatility, dealing with ballot secrecy, election
integrity etc., typically viewing the problem as a special case of secure multiparty
computation. The aim of this workshop is to bring together researchers and practitioners
from academia and industry, who are working on cryptographic protocols for electronic
voting systems, to evaluate the state of the art, to share practical experiences, and
to look for possible enhancements. Topics include but are not limited to:
- Election integrity
- Election verifiability
- Ballot secrecy
- Voter anonymity
- Voter authorization
- Receipts and coercibility
- Secure bulletin boards
- Implementation of broadcast channels
- Implementation of anonymous channels
- Threat models
- Formal requirements
- Formal security analysis
For more information, please see
http://www.win.tue.nl/~berry/fee2005/.
STM 2005
1st International Workshop on Security and Trust Management,
Held in conjunction with ESORICS 2005, Milano, Italy,
September 15, 2005. [posted here 5/10/05]
STM (Security and Trust Management) is a recently established working
group of ERCIM (European Research Consortium in Informatics and Mathematics). It
is planned to organize STM workshops on a yearly basis. This will be the first
workshop in this series. The focus of this first workshop will coincide with
the research topics of the STM working group. These comprise:
- To investigate the foundations and applications of security and trust in ICT
- To study the deep interplay between trust management and common security issues such as
confidentiality, integrity and availability
- To identify and promote new areas of research connected with security management, e.g.
dynamic and mobile coalition management (e.g., P2P, MANETs, Web/GRID services)
- To identify and promote new areas of research connected with trust management, e.g.
reputation, recommendation, collaboration etc.
- To provide a platform for presenting and discussing emerging ideas and trends.
The topics of interest of this workshop include but are not limited to:
- Rigorous semantics and computational models for security and trust
- Security and trust management architectures, mechanisms and policies
- Networked systems security
- Privacy and anonymity
- Identity management
- ICT for securing digital as well as physical assets
- Cryptography
For more information, please see
http://www-rocq.inria.fr/arles/events/STM2005/index.html.
QoP 2005
1st Workshop on Quality of Protection,
Held in conjunction with ESORICS 2005 and METRICS 2005, Milano, Italy,
September 15, 2005. [posted here 4/29/05]
Information Security in Industry has matured in the last few decades. Standards such as
ISO17799, the Common Criteria (ISO15408), a number of industrial certification and risk analysis
methodologies have raised the bar on what is considered a good security solution from a
business perspective. However, even a fairly sophisticated standard such as ISO17799 has
an intrinsically qualitative nature. Notions such as Security Metrics, Quality of Protection
(QoP) or Protection Level Agreement (PLA) have surfaced in the literature but still have
a qualitative flavour. The QoP Workshop intends to discuss how security research can
progress towards a notion of Quality of Protection in Security comparable to the notion of
Quality of Service in Networking, Software Reliability, or Software Measurements and
Metrics in Empirical Software Engineering. Topics of interest include, but are not limited to:
- Industrial Experience
- Security Risk Analysis
- Security Quality Assurance
- Measurement-based decision making and risk management
- Empirical assessment of security architectures and solutions
- Mining data from attacks and vulnerabilities repositories
- Security metrics
- Measurement theory and formal theories of security metrics
- Security measurement and monitoring
- Experimental verification and validation of models
- Simulation and statistical analysis, stochastic modeling
- Reliability analysis
For more information, please see
http://dit.unitn.it/~qop/.
ESORICS 2005
10th European Symposium on Research in Computer Security,
Milan, Italy, September 14-16, 2005. [posted here 1/18/05]
Papers offering novel research contributions in any aspect of computer
security are solicited for submission to the Tenth European Symposium
on Research in Computer Security (ESORICS 2005). Organized in a series
of European countries, ESORICS is confirmed as the European research
event in computer security. The symposium started in 1990 and has been
held on alternate years in different European countries and attracts
an international audience from both the academic and industrial
communities. From 2002 it has been held yearly. The Symposium has
established itself as one of the premiere, international gatherings on
information assurance. Papers may present theory, technique,
applications, or practical experience on topics including:
- access control
- accountability
- anonymity
- applied cryptography
- authentication
- covert channels
- cryptographic protocols
- cybercrime
- data and application security
- data integrity
- denial of service attacks
- dependability
- digital right management
- firewalls
- formal methods in security
- identity management
- inference control
- information dissemination control
- information flow control
- information warfare
- intellectual property protection
- intrusion tolerance
- language-based security
- network security
- non-interference
- peer-to-peer security
- privacy-enhancing technology
- pseudonymity
- secure electronic commerce
- security administration
- security as quality of service
- security evaluation
- security management
- security models
- security requirements engineering
- security verification
- smartcards
- steganography
- subliminal channels
- survivability
- system security
- transaction management
- trust models and trust management policies
- trustworthy user devices
For more information, please see
http://esorics05.dti.unimi.it/.
AMESP 2005
Workshop on Appropriate Methodology for Empirical Studies of Privacy,
Rome, Italy, September 12, 2005. [posted here 5/16/05]
The workshop aims to reflect on appropriate methodology to empirically study privacy
issues related to technology by drawing upon both theoretical perspectives as well as
practical experiences. Successful as well as failed empirical investigations could
prove quite illuminating for this purpose. Some of the questions the workshop plans
to address include:
- What methodologies are suited for studying privacy in what kinds of settings?
- What criteria could be applied to determine appropriateness of a given methodology
for a given setting?
- For each methodology, what are the best practices to follow and the pitfalls to avoid?
- For each methodology, how could bias be avoided?
- In what ways do methodologies complement each other?
- Given that cultural values regarding privacy, and legal and policy aspects of
privacy reflexively influence each other,
could we hope to isolate the effect of each of these on privacy practices? If so, how?
- In what ways can we address the mismatch between stated user preferences and actual user practices?
For more information, please see
http://www.privacymethodologies.tk.
PIC 2005
Workshop on UbiComp Privacy: Privacy in Context,
Tokyo, Japan, September 11, 2005.
[posted here 5/23/05]
The main goals of this workshop are to discuss social, technical, and
legal solutions to reducing, managing, or redefining privacy risks under
the various constraints shaped by the context of a certain application, a
specific set of users, or a particular culture. Instead of seeing privacy
as an isolated abstract concept we are interested in reviewing and
discussing privacy as an integral part of individual contexts of
technology use, which greatly influences both concepts and systems design.
We invite submissions reflecting diverse perspectives on privacy, whether
based on notions of individual rights, legal contracts, economic
incentives, social obligation, or interpersonal intimacy.
Social and legal issues in ubicomp privacy
- How do various technology stakeholders (designers, managers, employees,
consumers, regulators, activists, citizens, etc.) conceive of privacy and
its relevance to ubicomp technologies? How do conceptions change over time,
as they use and become more familiar with systems?
- What incentives work best for ubicomp systems? How can weaker parties (e.g.,
individuals) respond to organizations’ desire for information?
How should this shape design?
- How can we conceptualize, design, and provide context-dependent privacy
that dynamically changes according to a specific situation or user need?
Can we gather key insights from users’ day-to-day practices to assist in
the design of large-scale ubiquitous computing systems?
- How is privacy enacted and conceived differently in different cultures
and communities, e.g., in different countries, across professional groups,
within families, between genders?
- How do affordances of different application domains shape the level of
privacy users expect, or the level of privacy that can be provided?
- What trade-offs are necessary to balance privacy vs. efficiency, convenience,
and security? Under what circumstances is privacy to be limited or expanded?
Methods for investigating and building ubicomp privacy
- What are the best methods for evaluating, measuring, and understanding privacy
concerns? What kinds of qualitative and quantitative approaches work well?
- What can be learned from past cases? What ubicomp-relevant systems have succeeded
or failed because (or despite) of their treatment of personal information and privacy
risks? What systems have successfully transitioned (or unexpectedly failed to transition)
from one context or culture to another?
- Which research methods have been applied to the empirical and social study of
ubiquitous computing systems and privacy? Can we identify best practices for
laboratory and field experiments as well as potential longitudinal studies?
- What kinds of design methods are most effective for understanding the privacy
concerns of a given community, especially while early in the design process?
- What kinds of tools are useful for prototyping and implementing privacy-sensitive systems?
- What progress is needed in core technologies such as cryptography, trusted systems,
AI inference and user modeling to implement better privacy-sensitive systems?
For more information, please see
http://www.sims.berkeley.edu/~jensg/Ubicomp2005/.
RAID 2005 Eighth
International Symposium on Recent Advances in Intrusion Detection,
Seattle, Washington, USA, September 7-9, 2005. [posted here 12/13/04]
This symposium, the eighth in an annual series, brings together
leading researchers and practitioners from academia, government, and
industry to discuss intrusion detection
technologies and issues from the research and commercial
perspectives. The RAID International Symposium series is intended to
further advances in intrusion defense by promoting the
exchange of ideas in a broad range of topics.
For RAID 2005 we are expanding our historical scope from a focus on
intrusion detection to the broader field of intrusion defense. Of
particular interest are intrusion tolerant systems and
systems for which detection triggers an adaptive response. As in
2004, we welcome papers that address issues related to intrusion
defense, including information gathering and monitoring,
as a part of a larger, not necessarily purely technical,
perspective. We also invite papers on the following topics, as they
bear on intrusion detection and the general problem of
information security:
- Risk assessment and risk management
- Intrusion tolerance
- Deception systems and honeypots
- Vulnerability Analysis and Management
- IDS Assessment
- IDS Survivability
- Privacy aspects
- Data mining techniques
- Visualization techniques
- Cognitive approaches
- Biological approaches
- Self-learning
- Case studies
- Legal issues
- Critical infrastructure protection (CIP)
For more information, please see
http://www.conjungi.com/RAID/ and
http://www.raid-symposium.org/.
SECOVAL 2005
SECOVAL Workshop: The Value of Security through Collaboration,
Held in conjunction with the 1st International Conference on Security and Privacy
for Emerging Areas in Communication Networks(SECURECOMM 2005),
Athens, Greece, September 5-9, 2005. [posted here 2/27/05]
Security is usually centrally managed, for example in a form of policies duly executed
by individual nodes. This workshop will cover the alternative trend of using
collaboration and trust to provide security. Instead of centrally managed
security policies, nodes may use specific knowledge (both local and acquired
from other nodes) to make security-related decisions. The research addressed
by the workshop can be roughly divided into three main areas, each
answering the individual research questions. They are: (a) Reasoning
behind current trends in security through collaboration,
(b) different approaches and models to security through collaboration,
(c) the unique set of problems and risks brought by security through collaboration.
Contributions should address at least one of these areas.
Topics of interest to the workshop include, but are not limited to:
- Approaches to security through collaboration
- Specificities of security through collaboration
- Trust models and metrics
- Standardization of trust metrics
- Value and meaning of trust
- Trust-based security decision process
- Value and models of networks of collaborators
- Threat and risk analysis of security through collaboration
- Attacks due to collaboration and mitigation of these attacks
- Technical trust of the underlying infrastructure used for deployment
- Costs and benefits of trust and collaboration based security compared to other models
- Privacy and legal aspects of security through collaboration
For more information, please see
http://www.secoval.org.
CNFR 2005
Computer Network Forensics Research Workshop,
Held in conjunction with the 1st International Conference on Security and Privacy
for Emerging Areas in Communication Networks(SECURECOMM 2005),
Athens, Greece, September 5-9, 2005. [posted here 3/5/05]
The First Computer Network Forensics Research Workshop will bring together
researchers and practitioners of computer network forensics to further
define and refine field while sharing their research results.
Goals of CNFR '05 are (a)disseminate New and in-progress research in network forensics,
(b) define Network Forensics as an area, how it relates to other areas
and what new problems are to be faced, and
(c) build a community of those interested in network forensics.
Topics of interest to the workshop include, but are not limited to:
- Defining/Modeling Network Forensics
- Legal/Practical Challenges to Network Evidence
- Application of Traditional Security Tools
- Network Forensics Architectures
- Traceback & Attribution
- Evidence Collection/Storage
- International/Internet Legal Issues/Case Studies
- Problems with Use of Traditional Network Tools
- Law Enforcement/Legal Perspectives
- Other Digital Forensics-related Research
For more information, please see
http://www.ece.iastate.edu/cnfr/.
SECURECOMM 2005
1st International Conference on Security and Privacy for Emerging Areas in Communication Networks,
Athens, Greece, September 5-9, 2005. [posted here 02/01/05]
SCOPE: The focus of this conference is two-fold: a) Security and Privacy in
wireless, mobile, ad hoc, sensor, personal-area and RFID networks,
b) Security and Privacy in pervasive and ubiquitous computing. The conference aims
to bring together academic, industrial and government researchers, practitioners,
standards developers and policy makers.
Topics of interest include, but are not limited to:
- Wireless Network Security (WiFi, WiMAX, WiMedia and others)
- Sensor and Mobile Ad Hoc Network Security
- Security of GSM/GPRS/UMTS systems
- RFID security and privacy
- Wireless Intrusion Detection Systems, tolerance and recovery
- Firewalls and Application gateways for wireless/mobile networks and pervasive/ubiquitous computing
- Public key infrastructures for wireless/mobile networks and pervasive/ubiquitous computing
- Web Security, Authentication and Authorization in wireless/mobile networks and
pervasive/ubiquitous computing
- Privacy/Anonymity Preserving Design in wireless/mobile networks and pervasive/ubiquitous computing
- E-commerce protocols and micropayment schemes
- Secure Localization systems
- Security in hybrid (e.g., wireline/wireless) networks
For more information, please see
http://www.securecomm.org.
WMASH 2005 3rd
ACM International Workshop on Wireless Mobile Applications and Services on WLAN Hotspots,
Held in conjunction with ACM MOBICOM 2005,
Cologne, Germany, September 2, 2005. [posted here 3/4/05]
The goal of the workshop is to address and discuss the technical and business challenges,
ideas, views, and research results in providing public wireless Internet services
and applications for nomadic users in small, highly-populated, public spaces
(wireless LANs and "hotspots").
We are specifically interested in work dealing with network layer and
above (layers 3-7). However, cross-layer solutions including MAC interaction
as well as ESS management via IAPP are welcome. Within the context of interest
to this workshop, a list of topics includes, but is not limited to:
- Applications and services
- New service and business models
- Public WLAN and hotspot architectures
- Community-owned WLAN infrastructures
- WLAN-based ad-hoc network service creation and management
- Metro-area hotspots using 802.11/802.16 mesh
- Multi-radio mesh node designs
- Self-configuring mesh networks for public hotspots
- Mobile routers for transient, portable hotspots
- Application case studies of mobile routers
- Interworking with other wireless systems, e.g., 3G, 802.16
- Mobility, roaming, and handoff management
- Context-aware services and technologies
- Location-aware applications and services
- Multimedia wireless applications, e.g., Voice over WLAN (VoWLAN)
- Authentication, accounting, billing and payment issues
- Security and privacy in public WLANs
- Middleware support
- Service location and discovery
- Traffic measurements and modeling
- Case studies on deployed platforms and experimental testbeds
For more information, please see
http://wmash2005.ece.iastate.edu.
SDM 2005
2nd VLDB Workshop on Secure Data Management,
Held in conjunction with the 31st International Conference on Very Large Databases (VLDB 2005),
Trondheim, Norway, September 2-3, 2005. [posted here 3/6/05]
The aim of the workshop is to bring together people from the security research
community and data management research community in order to exchange ideas on
the secure management of data. This year an additional special session will be
organized with the focus on secure and private data management in healthcare.
The workshop will provide forum for discussing practical experiences and theoretical
research efforts that can help in solving the critical problems in secure data
management. Authors from both academia and industry are invited to submit papers
presenting novel research on the topics of interest.
Topics of interest include (but are not limited to) the following:
- Secure Data Management
- Database Security
- Secure Storage
- Data Integrity
- Data Anonymization
- Data Hiding
- Search on Encrypted Data
- Metadata and Security
- XML Security
- Privacy Preserving Data Mining
- Statistical Database Security
- Digital and Enterprise Rights Management
- Healthcare Security
- Multimedia Security and Privacy
- Authorization and Access Control
- Private Authentication
- Identity Management
- Privacy Enhancing Technologies
- Private Information Retrieval
- User Profiling and Privacy
- Security, Privacy and Ubiquitous Computing
- Information Dissemination Control
- Protection of Personally Identifiable Information
- Applied Cryptography
- Web services security
- Secure Semantic Web
- Privacy and Security with RFID
- Private Watermarking
- Trust Management
- Security and Privacy Management
For more information, please see
http://www.extra.research.philips.com/sdm-workshop/sdm05.html.
WiSe 2005
ACM Workshop on Wireless Security,
Held in conjunction with ACM MobiCom 2005, Cologne, Germany,
August 28 - September 2, 2005. [posted here 4/11/05]
The objective of this workshop is to bring together researchers from research
communities in wireless networking, security, applied cryptography, and dependability;
with the goal of fostering interaction. With the proliferation of wireless networks,
issues related to secure and dependable operation of such networks are gaining importance.
Topics of interest include, but are not limited to:
- Key management in wireless/mobile environments
- Trust establishment
- Computationally efficient primitives
- Intrusion detection, detection of malicious behavior
- Revocation of malicious parties
- Secure PHY/MAC/routing protocols
- Secure location determination
- Denial of service
- User privacy, location privacy
- Anonymity, prevention of traffic analysis
- Dependable wireless networking
- Identity theft and phishing in mobile networks
- Charging in wireless networks
- Cooperation in wireless networks
- Vulnerability modeling
- Incentive-aware secure protocol design
- Jamming
- Monitoring and surveillance
For more information, please see
http://www.ee.washington.edu/research/nsl/wise2005.
TrustBus 2005
2nd International Conference on Trust, Privacy, and Security in Digital Business,
Held in conjunction with the 16th International Conference on Database and
Expert Systems Applications (DEXA 2005),
Copenhagen, Denmark, August 22-26, 2005 [posted here 1/31/05]
TrustBus'05 will bring together researchers from different disciplines, developers,
and users all interested in the critical success factors of digital business systems.
We invite papers, work-in-process reports, industrial experiences describing
advances in all areas in all digital business applications.
For more information, please see
http://www-ifs.uni-regensburg.de/trustbus05/.
SecCo 2005
3rd International Workshop on Security Issues in Concurrency,
San Francisco, CA, USA, August 21-22, 2005. [posted here 5/10/05]
The 3rd International Workshop on Security Issues in Concurrency (SecCo'05) follows
the success of SecCo'03 (held in conjunction with ICALP'03) and SecCo'04 (held in
conjunction with CONCUR'04). New networking technologies require the definition of
models and languages adequate for the design and management of new classes of applications.
Innovations are moving in two directions: on the one hand, the Internet which supports wide
area applications, on the other hand, smaller networks of mobile and portable devices which
support applications based on a dynamically reconfigurable communication structure. In both
cases, the challenge is to develop applications while at design time there is no knowledge
of the availability and/or location of the involved entities.
Coordination models, languages and middlewares, which advocate a distinct separation
between the internal behaviour of the entities and their interaction, represent a
promising approach. However, due to the openness of these systems, new critical aspects
come into play, such as the need to deal with malicious components or with a hostile
environment. Current research on network security issues (e.g. secrecy, authentication, etc.)
usually focuses on opening cryptographic point-to-point tunnels. Therefore, the
proposed solutions in this area are not always exploitable to support the end-to-end
secure interaction between entities whose availability or location is not
known beforehand. Topics of interest include, but are not limited to:
- authentication
- integrity
- privacy
- confidentiality
- access control
- denial of service
- service availability
- safety aspects
- fault tolerance
in
- coordination models
- web service technology
- mobile ad-hoc networks
- agent-based infrastructures
- peer-to-peer systems
- global computing
- context-aware computing
- ubiquitous/pervasive comp
- component-based systems
For more information, please see
http://www.zurich.ibm.com/~mbc/secco05/.
DFRWS 2005
5th Annual Digital Forensics Research Workshop,
New Orleans, LA, USA, August 17-19, 2005. [posted here 5/2/05]
The purpose of this workshop is to bring together researchers, practitioners,
and educators interested in digital forensics. We welcome the participation of
people in industry, government, law enforcement, and academia who are interested in
advancing the state of the art in digital forensics by sharing their results,
knowledge, and experiences. We are looking for research papers, demo proposals,
and panel proposals. Major areas of interest include, but are not limited to,
the following topics:
- Incident response and live analysis
- OS, application, and multimedia analysis
- File system analysis
- Physical analysis (magnetic, optical, electrostatic, etc.)
- Memory analysis
- Network forensics
- Traceback and attribution
- Data hiding and recovery
- Event reconstruction
- Large-scale investigations
- Data mining techniques
- Tool testing and development
- Legal issues
- Case studies and trend reports
- Non-traditional approaches to forensic analysis
For more information, please see
http://www.dfrws.org.
CRYPTO 2005 Twenty-Fifth Annual International Cryptology
Conference, Santa Barbara, CA, USA, August 14-18, 2005.
[posted here 11/14/04]
The 25th International Cryptology Conference will be held at the
University of California, Santa Barbara. The academic program covers
all aspects of cryptology. Formal proceedings, published by
Springer-Verlag, will be provided to registered attendees at the
conference. Technical sessions will run from Monday morning to
Thursday noon, with a non-technical activities half-day on Tuesday
afternoon.
For more information, please see
http://www.iacr.org/conferences/c2005/index.html.
SAC 2005
12th Annual Workshop on Selected Areas in Cryptography,
Queen's University, Kingston, Ontario, Canada, August 11-12, 2005.
[posted here 3/6/05]
The Workshop on Selected Areas in Cryptography (SAC) is an annual conference
dedicated to specific themes in the area of cryptographic system design and
analysis. Authors are encouraged to submit original papers related to the
themes for the SAC 2005 workshop:
- Design and analysis of symmetric key cryptosystems
- Primitives for symmetric key cryptography, including block and stream ciphers,
hash functions, and MAC algorithms
- Efficient implementations of symmetric and public key algorithms
- Cryptographic algorithms and protocols for ubiquitous computing (RFID, sensor networks)
For more information, please see
http://www.ece.queensu.ca/sac2005/.
Security-05
14th USENIX Security Symposium, Baltimore, MD, USA, August 1-5,
2005.[posted here 11/14/04]
The USENIX Security Symposium brings together researchers,
practitioners, system administrators, system programmers, and others
interested in the latest advances in security of computer systems.
The 14th USENIX Security Symposium will be held August 1-5, 2005, in
Baltimore, MD.
All researchers are encouraged to submit papers covering novel and
scientifically significant practical works in security or applied
cryptography. Submissions are due on February 4, 2005, 11:59 p.m.
PST. The Symposium will span five days: a two-day training program
will be followed by a two and one-half day technical program, which
will include refereed papers, invited talks, Work-in-Progress
reports, panel discussions, and Birds-of-a-Feather sessions.
For more information, please see
http://www.usenix.org/events/sec05/cfp/.
CCCT 2005
3rd International Conference on Computing, Communications and Control Technologies,
Austin, TX, USA, July 24-27, 2005. [posted here 1/12/05]
CCCT 2005 is an International Conference that will bring together
researchers, developers, practitioners, consultants and users of
Computer, Communications and Control Technologies, with the aim to
serve as a forum to present current and future work, solutions and
problems in these fields, as well as in the relationships among them.
Consequently, efforts will be done in order to promote and to foster
the analogical thinking required by the Systems Approach for interdisciplinary
cross-fertilization, "epistemic things" generation and "technical objects" production.
Suggested topics in the area of Computing/Information Systems and Technologies include,
but are not restricted to:
- Databases
- Models and Algorithms
- Artificial Intelligence
- Computer and Systems Security
- Mathematical Computing
- Programming Languages
- Operating Systems
- Computer Graphics
For more information, please see
http://www.iiisconfer.org/ccct05/WebSite/default.asp.
PEP 2005
UM05 Workshop on Privacy-Enhanced Personalization,
Edinburgh, Scotland, July 24, 2005. [posted here 1/20/05]
Personalizing people's interaction with computer systems entails
gathering considerable amounts of data about them. As numerous recent
surveys have consistently demonstrated, computer users are very
concerned about their privacy. Moreover, the collection of personal
data is also subject to legal regulations in many countries and states.
Such regulations impact a number of frequently employed personalization
methods. This workshop will explore the potential of research on
"privacy-enhanced personalization," which aims at reconciling the goals
and methods of user modeling and personalization with privacy
constraints imposed by individual preferences, conventions and laws. It
will look at, e.g., the following questions:
- How much personal data do individual personalization methods really
need? Can we find out in advance or in hindsight what types of data
contribute to reasonably successful personalization in a specific
application domain, and restrict data collection to these types of data?
- Is client-side personalization a possible answer to privacy concerns
and legal restrictions? What technical, legal and business obstacles
will have to be overcome?
- In what way should the user be involved in privacy decisions? What
does appropriate notice and choice look like, and what rights must and
should be granted?
- Will we need trusted third parties, and what services will we need
them to provide?
- How much can we benefit from anonymity or pseudonymity
infrastructures, and are there limits that should be observed?
- Are distributed user models an answer or a problem from a privacy perspective?
- Does personalization in a mobile context pose additional challenges?
How can they be overcome?
- Do mobile user models pose additional privacy problems?
- How can multi-user personalized systems cater to the privacy constraints of each individual user?
- What should an ideal legal framework look like from the perspective
of privacy-enhanced personalization?
- Are special provisions necessary in the case of people with
disabilities and student-adaptive educational systems?
For more information, please see
http://www.ics.uci.edu/~kobsa/PEP05.
Summer School on Reliable Computing
Summer School on Reliable Computing,
Eugene, Oregon, USA, July 20-29, 2005. [posted here 3/2/05]
This Summer School will cover current research in reliability of software
systems ranging from foundational materials on type systems, program analyses,
and model checking to advanced applications of the techniques in practice.
Material will be presented at a tutorial level that will help graduate students
and researchers from academia or industry understand the critical issues and open
problems confronting the field. The course is open to anyone interested. Prerequisites
are an elementary knowledge of logic and mathematics that is usually covered in
undergraduate classes on discrete mathematics. Some knowledge of programming languages
at the level provided by an undergraduate survey course will also be expected. Our primary
target group is PhD students. We also expect attendance by faculty members who would
like to conduct research on this topic or introduce new courses at their universities.
The program consists of more than twenty-five 80-minute lectures presented by
internationally recognized leaders in programming languages, model checking, and
software reliability research. Speakers and their topics include:
- Counterexample-driven Refinement: Thomas Ball, Microsoft Research
- Specifying and Checking Stateful Software Interfaces: Manuel Fahndrich, Microsoft Research
- Checking Software Properties with Contracts: Robby Findler, University of Chicago
- Domain-Specific Languages: For Fun and Profit: Kathleen Fisher, AT&T Research
- Improving Software Quality with Type Qualifiers: Jeff Foster, University of Maryland
- Lightweight Analyses for Reliable Concurrency: Stephen Freund, Williams College
- Type Systems: A Foundation for Reliable Computing: Robert Harper, Carnegie Mellon University
- Program Verification by Lazy Abstraction: Ranjit Jhala, University of California at San Diego
- An Introduction to Model Checking: Orna Kupferman, Hebrew University, Jerusalem
For more information, please see
http://www.cs.uoregon.edu/research/summerschool/summer05/index.html.
AVBPA 2005
Audio- and Video-based Biometric Person Authentication Conference,
Tarrytown, New York, USA, July 20-22, 2005. [posted here 3/9/05]
We are now seeing increasing deployment of biometric systems in many walks of life,
including iris, fingerprint and face recognition systems at airports as well as
access to highly secure facilities. Biometrics-based authentication techniques are
the only known techniques today that can support positive and extremely accurate
user authentication. Several applications in government, commercial, defense and
law enforcement areas have a basic need to automatically identify humans both
locally and remotely on a routine basis. The need for high accuracy and broad
population coverage has made it necessary to investigate the use of multi-modal
biometrics. The intrinsic security of the biometrics systems and the associated
privacy concerns have emerged as important research topics. AVBPA will bring
together leading biometric researchers, system designers, and end users to
promote the development of robust solutions to efficient and secure authentication.
The conference has been an official event of The International Association for
Pattern Recognition (IAPR-TC14) since 1997. The purpose of this conference
is to provide a scientific forum for researchers, engineers, system architects
and designers to report recent advances in this area of secure person authentication
involving biometrics and related technologies.
For more information, please see
http://biometrics.cse.msu.edu/avbpa2005.html.
SNDS 2005
1st International Workshop on Security in Networks and Distributed Systems,
Held in conjunction with the 11th International Conference on Parallel and
Distributed Systems (ICPADS-2005),
Fukuoka, Japan, July 20-22, 2005. [posted here 3/12/05]
Security is an important issue in the research of networks and distributed systems,
ranging from the traditional computer networks to newly proliferated areas
like sensor networks, P2P systems, and ubiquitous computing. The security threats
exploited the weakness of protocols as well as operating systems, and also extended
to attack Internet applications such as database systems and web servers. The
attacks, including Distributed Deny of Service, Virus, Buffer Overflows and
Worms, are causing more economic damages and arouse more attentions. To achieve
a secured distributed system, the cybersecurity aspects, namely, data
confidentiality, authentication, nonrepudiation, data integrity, privacy, access
control and availability, should be fully attained.
This workshop provides a forum for academic and industry professionals to
discuss recent progress in the area of network and distributed system security,
and includes studies on security attacks that occur in today's networks, security
mechanisms that are designed to detect, prevent, or recover from a security
attack and security services that are available to enhance system security.
Topics of interest include, but are not limited to:
- Distributed digital signatures
- Distributed denial of service attacks
- Distributed intrusion detection and protection systems
- Distributed access control and firewalls
- Security in e-commerce and e-business and other applications
- Security in P2P networks and Grid computing
- Security in mobile and pervasive computing
- Security architectures in distributed and parallel systems
- Security theory and tools in distributed and parallel systems
- Ad hoc and sensor network security
- Buffer overflows
- Cryptographic algorithms
- Data privacy and trustiness
- Information hiding and multimedia watermarking in distributed systems
- Key management and authentication
- Mobile codes security
- Network security issues and protocols
- Software security
- World Wide Web Security
For more information, please see
http://www.comp.polyu.edu.hk/SNDS05/.
REFT 2005
Workshop on Rigorous Engineering of Fault-Tolerant Systems,
Held in conjunction with the 13th Formal Methods Symposium (FM 2005),
Newcastle, UK, July 19, 2005. [posted here 3/1/05]
The growing complexity of modern software systems increases the difficulty
of ensuring the overall dependability of software-intensive systems.
The complexity of environments in which systems operate, high dependability
requirements that they have to meet, the versatility of functions they need
to provide and a variety of characteristics they need to have (including
adaptivity, mobility and pervasiveness), as well as the complexity of
infrastructures on which they rely make system design a true engineering
challenge. As a result, systems like these have intricate architecture
and require sophisticated coordination and management activities for
their execution. These trends are set to continue or even grow as
computer systems become ever more intimately connected with their users.
Mastering system complexity requires design techniques that support clear
thinking and rigorous validation and verification. This is exactly what
formal design methods do. Coping with complexity also requires architectures
that are tolerant of faults and unpredictable changes in environment. This
issue can be addressed by fault tolerant design techniques. System development
methods must be rigorous, explicitly model fault tolerance through all
development phases, support the construction of appropriate abstractions
and provide techniques for their structured refinement and decomposition.
The aim of this workshop is to bring together researchers from the Fault
Tolerance, Formal Methods and Tool Development communities and to discuss
recent research results and practical experience in designing fault tolerant
applications. Contributions are solicited in all areas related to rigorous development
of fault tolerant software systems. The scope of this workshop encompasses
but is not limited to:
- Verification and refinement of fault tolerant systems
- Integrated approaches to developing fault tolerant systems
(including integration of different formalisms as well as formal strengthening of informal notations)
- Formal foundations for error detection, error recovery, exception and fault handling
- Abstractions, styles and patterns for rigorous development of fault tolerance
- Development and application of tools supporting rigorous design of dependable systems
- Integrated platforms for developing dependable systems
- Rigorous approaches to specification and design of fault tolerance in novel computer systems
- Case studies demonstrating rigorous development of fault tolerant systems
For more information, please see
REFT 2005 workshop website.
FAST 2005
3rd International Workshop on Formal Aspects in Security & Trust,
Held in conjunction with the 13th Formal Methods Symposium (FM 2005),
Newcastle, UK, July 18-19, 2005. [posted here 3/1/05]
The third international Workshop on Formal Aspects in Security and Trust
(FAST2005) aims at continuing the successful effort of the first two
FAST workshops for fostering the cooperation among researchers in the areas
of security and trust. The new challenges offered by the so-called ambient
intelligence space as a future paradigm in the information society demand
for a coherent framework of concepts, tools and methodologies to enable
user's trust&confidence on the underlying computing infrastructure. These
need to address issues relating to both guaranteeing security of the
infrastructure and the perception of the infrastructure being secure.
In addition, user confidence on what is happening must be enhanced by
developing trust models effective but also easily comprehensible and manageable by users.
The complexity and scale of deployment of emerging ICT systems based on web service
and grid computing concepts also necessitates the investigation of new, scalable
and more flexible foundational models of enforcing pervasive security across
organizational borders and in situations where there is high uncertainty about
the identity and trustworthyness of the participating networked entities
(including users, services and resources). The increasing need of building
activities sharing different resources managed with different policies demands
for new and business enabling models of trust between members of virtual
communities including virtual organizations that span across the boundaries
of physical enterprises and loosely structured communities of individuals.
Suggested submission topics include, but are not limited to:
- Formal models for security, trust and reputation
- Security protocol design and analysis
- Logics for security and trust
- Trust-based reasoning
- Distributed Trust Management Systems
- Digital Assets Protection
- Data protection
- Privacy and ID management issues
- Information flow analysis
- Language-based security
- Security and Trust aspects in ubiquitous computing
- Validation/Analysis tools
- Web/Grid Services Security/Trust/Privacy
- Security and Risk Assessment
- Case studies
For more information, please see
http://www.iit.cnr.it/FAST2005.
ARSPA 2005
2nd Workshop on Automated Reasoning for Security Protocol Analysis,
Held in conjunction with the 32nd International Colloquium on Automata,
Languages and Programming (ICALP 2005),
Lisboa, Portugal, July 16, 2005. [posted here 2/8/05]
The ARSPA workshop aims to bring together researchers and practitioners
from both the security and the formal methods communities, from academia
and industry, who are working on developing and applying automated
reasoning techniques and tools for the formal specification and
analysis of security protocols.
Contributions are welcomed on the following topics or related ones:
- Automated analysis and verification of security protocols
- Languages, logics and calculi for the design and specification of security protocols
- Verification methods: accuracy, efficiency
- Decidability and complexity of cryptographic verification problems
- Synthesis and composition of security protocols
- Integration of formal security specification, refinement and validation techniques
in development methods and tools
For more information, please see
http://www.avispa-project.org/arspa.
ESAS 2005
2nd European Workshop on Security and Privacy in Ad hoc and Sensor Networks,
Held in conjunction with the 1st International Conference on Wireless Internet (WICON),
Budapest, Hungary, July 14-15, 2005. [posted here 1/24/05]
The vision of ubiquitous computing has generated a lot of interest
in wireless ad hoc and sensor networks. However, besides their potential
advantages, these new generations of networks also raise some challenging
problems with respect to security and privacy. The aim of this workshop is to
bring together the network security, cryptography, and wireless networking communities
in order to discuss these problems and to propose new solutions. The second ESAS workshop
seeks submissions that present original research on all aspects of security and
privacy in wireless ad hoc and sensor networks. Submission of papers based on
work-in-progress is encouraged. Topics of interest include, but are not limited to the following:
- Privacy and anonymity
- Prevention of traffic analysis
- Location privacy
- Secure positioning and localization
- Secure MAC protocols
- Secure topology control
- Secure routing
- Secure in-network processing
- Secure context aware computing
- Cooperation and fairness
- Charging and rewarding
- Key management
- Trust establishment
- Embedded security
- Cryptography for resource constrained applications
- Distributed intrusion detection
For more information, please see
http://www.crysys.hu/ESAS2005/.
ICALP 2005
32nd International Colloquium on Automata, Languages
and Programming, Lisboa, Portugal, July 11-15, 2005. [posted here 01/12/04]
ICALP'05 innovates on the structure of its traditional scientific
program with the inauguration of a new special Track (C). The aim of
Track C is to allow a deeper coverage of a particular topic, to be
specifically selected for each year's edition of ICALP on the basis
of its timeliness and relevance for the theoretical computer science
community. This year, Track C subject is Security and Cryptography
Foundations.
Topics of interest for Track C include, but are not limited to:
- Cryptographic Notions, Mechanisms, Systems and Protocols
- Cryptographic Proof Techniques, Lower bounds, Impossibilities
- Foundations of Secure Systems and Architectures
- Logic and Semantics of Security Protocols
- Number Theory and Algebraic Algorithms in Cryptography
- Pseudorandomness, Randomness, and Complexity Issues
- Secure Data Structures, Storage, Databases and Content
- Security Modeling: Combinatorics, Graphs, Games, Economics
- Specifications, Verifications and Secure Programming
- Theory of Privacy and Anonymity
- Theory of Security in Networks and Distributed Computing
- Quantum Cryptography and Information Theory
For more information, please see
http://icalp05.di.fct.unl.pt/.
SOUPS 2005
Symposium on Usable Privacy and Security, Carnegie Mellon
University, Pittsburgh, PA, USA, July 6-8, 2005.[posted here 11/14/04]
The Symposium on Usable Privacy and Security (SOUPS) will be held
July 6-8, 2005 at Carnegie Mellon University in Pittsburgh, PA. This
symposium will bring together an interdisciplinary group of
researchers and practitioners in human computer interaction,
security, and privacy. The program will feature refereed papers,
tutorials, a poster session, panels and invited talks, and
discussion sessions.
We seek original papers describing research or experience in all
areas of usable privacy and security. Topics include, but are not
limited to, breakthrough models, innovative functionality and
design, new applications of existing models or
technology, usability testing of security features or security
testing of usability features, and lessons learned from deploying
and using usable privacy and security features. Papers should
properly place the work within the field, cite related work, and
clearly indicate the innovative aspects of the work or lessons
learned as well as the contribution of the work to the field.
Suggestions or proposals for panels, tutorials, or invited speakers
should be sent to the general chair, lorrie AT acm.org, by February
25.
For more information, please see
http://cups.cs.cmu.edu/soups/.
DIMVA 2005
2nd GI SIG SIDAR Conference on Detection of Intrusions & Malware, and
Vulnerability Assessment, Vienna, Austria, July 6-8, 2005. [posted here 11/14/04]
The special interest group Security - Intrusion Detection and
Response (SIDAR) of the German Informatics Society (GI) organizes
DIMVA as an annual conference that brings together experts from
throughout Europe to discuss the state of the art in the areas of
intrusion detection, detection of malware, and assessment of
vulnerabilities. DIMVA emphasizes the collaboration and exchange of
ideas between industry, academia, law enforcement and government,
and invites four types of submissions: full papers, industry
papers, panel proposals, and tutorial proposals.
For more information, please see
http://www.dimva.org/dimva2005.
ACISP 2005 10th Australasian Conference on Information Security
and Privacy, Brisbane, Australia, July 4-6, 2005. [posted here 12/13/04]
Original papers pertaining to all aspects of information security
and privacy are solicited for submission to the 10th Australasian
Conference on Information Security and Privacy (ACISP 2005). Papers
may present theory, techniques, applications and practical
experiences on a variety of topics including:
- Cryptology
- Mobile communications security
- Database security
- Authentication and authorization
- Secure operating systems
- Intrusion detection
- Access control
- Security management
- Security protocols
- Network security
- Secure commercial applications
- Privacy Technologies
- Smart cards
- Key management and auditing
- Mobile agent security
- Risk assessment
- Secure electronic commerce
- Privacy and policy issues
- Copyright protection
- Security architectures and models
- Evaluation and certification
- Software protection and viruses
- Computer forensics
- Distributed system security
- Identity management
- Biometrics
For more information, please see
http://www.isrc.qut.edu.au/events/acisp2005/.
FCS 2005
Foundations of Computer Security, Held in conjunction with
the 12th Annual IEEE Symposium on LOGIC IN COMPUTER SCIENCE (LICS 2005),
Chicago, IL, USA, June 30 - July 1, 2005. [posted here 1/21/05]
Computer security is an established field of Computer Science of
both theoretical and practical significance. In recent years, there
has been increasing interest in foundations for various methods in
computer security, including the formal specification, analysis and
design of cryptographic protocols and their applications, the formal
definition of various aspects of security such as access control mechanisms,
mobile code security and denial-of-service attacks, trust management,
and the modeling of information flow and its application to confidentiality
policies, system composition, and covert channel analysis.
The aim of this workshop is to provide a forum for continued activity in
this area, to bring computer security researchers in contact with the
LICS'05 community, and to give LICS attendees an opportunity to talk to
experts in computer security. We are interested both in new results in
theories of computer security and also in more exploratory presentations
that examine open questions and raise fundamental concerns about existing
theories. Possible topics include, but are not limited to:
- Composition issues
- Formal specification
- Foundations of verification
- Information flow analysis
- Language-based security
- Logic-based design
- Program transformation
- Security models
- Static analysis
- Statistical methods
- Trust management
for Authentication, Availability and denial of service, Covert channels, Cryptographic protocols,
Confidentiality, Integrity and privacy, Intrusion detection, Malicious code, Mobile code,
Mutual distrust, and Security policies.
For more information, please see
http://www.cs.chalmers.se/~andrei/FCS05/.
ISSA 2005
5th Annual Information Security South Africa Conference,
Gauteng Region (Johannesburg), South Africa, June 29 - July 1, 2005.
[posted here 2/2/05]
The ISSA2005 Conference will provide an opportunity for key players to
review sustainable practices that have been developed by South Africans
in order to meet the challenges delivered by globalization. Topics to b
e addressed by the conference include: research papers, case studies,
lessons learned, current research, short tutorials and research in progress (student papers).
The field of information security is diverse, including technical, managerial, legal,
social and even philosophical issues. Individuals alone cannot address
these issues. Only the combined efforts of academia and industry can provide
answers and solutions that will benefit all of society.
Topics include but are not limited to:
- Access Control
- Agents
- Architectures and infrastructures
- Audit
- Authentication
- Anti-Virus
- Awareness and training in Security
- Backup, Storage, Recovery
- Biometrics
- Business Continuity Planning and Management
- Certification
- Challenges and solutions of managing security
- Communications/network security
- Content Security
- Corporate governance/Enterprise security
- CRM security
- Digital Identification and Authentication
- Disaster Recovery Planning and Management
- E-Commerce and E-Business security
- E-mail security
- Encryption
- Evaluation of Information Security in companies and information security surveys
- Firewalls
- Forensic Auditing
- Future visions for Information Security Management
- Hacking/cracking
- Human Computer Interaction for Security
- Identity theft
- Intelligent tokens
- Intruder Detection
- IT Governance
- Legal, ethical and social issues related to Information Security
- Legislation
- Managing Information Security
- Methodologies for securing small to medium size enterprises
- Methodologies and techniques for certification and accreditation
- Mobile Computing Security
- Networking Security
- PKI
- Practical industry presentations on managing information security
- Practical industry presentations on applications such as PGP
- Printers, Id Systems
- IT Risk Management
- Information Security Risk Analysis
- Secure servers
- Security Policy and Procedures
- Small distribution applications
- Smart Cards
- Standards - Local & International
- Strategic Information Security
- VPNs
- Vulnerability Assessments
For more information, please see
http://www.infosecsa.co.za.
DSN 2005 The
International Conference on Dependable Systems and Networks, Pacific
Convention Center (Pacifico), Yokohama, Japan, June 28 - July
1,2005. [posted here 9/11/04]
The International Conference on Dependable Systems and Networks
2005(DSN-2005) announces its Call for Contributions for full papers,
practical experience reports, workshop proposals, tutorials, student
forum, and fast abstracts. Full papers are due November 19th, 2004.
Please see www.dsn.org for submission information. Contributions are
invited in, but are not limited to:
- Analytical and Simulation Techniques for Performance and
Dependability Assessment
- Architectures for Dependable Computer Systems
- Dependability Benchmarking
- Dependability of High-Speed Networks and Protocols
- Dependability Modeling and Prediction
- Dependability in VLSI
- E-commerce Dependability
- Fault Tolerance in Transaction Processing
- Fault Tolerance in Distributed & Real-Time Systems
- Fault Tolerance in Multimedia Systems
- Fault Tolerance in Mobile Systems
- Information Assurance and Survivability
- Internet Dependability and Quality of Service
- Intrusion Tolerant Systems
- Measurement Techniques for Performance and Dependability
Assessment
- Safety-Critical Systems
- Software Testing, Validation, and Verification
- Software Reliability
- Tools for Performance and Dependability Assessment
For more info, please see:
http://www.dsn.org/.
LBFCM 2005
Workshop on the Link Between Formal and Computational Models,
Paris, France, June 23-24, 2005. [posted here 5/16/05]
LBFCM workshop will focus on the relations between the symbolic (Dolev-Yao) model and
the computational(complexity-theoretic) model, and more broadly on new advances and
research directions in protocol verification. We wish to invite you to participate in
this informal workshop on the verification of security protocols.
For more information, please see
http://www.loria.fr/~cortier/workshop.html.
Hash Function 2005
ECRYPT Workshop on Hash Functions, Krakow, Poland, June 23-24, 2005. [posted here 3/9/05]
The Hash Function Workshop, organized as one of the activities
of the European Network of Excellence in Cryptology ECRYPT,
will be devoted to recent developments in the hash functions research.
As a workshop and forum for the exchange of ideas and proposals,
active participation is encouraged. We expect to have both,
invited talks and contributed talks. Attendees are invited to submit papers
on all aspects of hash function analysis and deployment including,
but not limited to the following:
- hash function design and analysis,
- the state, and likely evolution, of current hash function cryptanalytic research,
- the state of SHA-1 and implications for SHA-n (for n > 1) and RIPEMD-160,
- hash function deployment (such as for MAC constructions and public key infrastructures).
We also encourage submissions that question or comment upon:
- the need for alternative hash functions,
- implications of recent attacks, in particular estimations of risks where
a hash function is used as a component in a cryptographic scheme, and
the requirements of industry.
For more information, please see
http://www.impan.gov.pl/BC/05Hash.html.
CSFW18
18th IEEE Computer Security Foundations Workshop,
Aix-en-Provence, France, June 20-22, 2005. [posted here 11/14/04]
This workshop series brings together researchers in computer science
to examine foundational issues in computer security. We are interested both in new
results in theories of computer security and also in more
exploratory presentations that examine open questions and raise
fundamental concerns about existing theories. Both papers and panel
proposals are welcome. Possible topics include, but are not limited
to:
- Access Control
- Authentication
- Data and system integrity
- Database security
- Network security
- Distributed systems security
- Anonymity
- Intrusion detection
- Security for mobile computing
- Security protocols
- Security models
- Decidability issues
- Privacy
- Executable content
- Formal methods for security
- Information flow
- Language-based security
This year's workshop will be held in Aix-en-Provence, France.
Proceedings published by the IEEE Computer Society Press will be
available at the workshop. Selected papers will be invited for
submission to the Journal of Computer Security.
For more information, please see
http://ww.csl.sri.com/csfw/index.html.
SIntelProp 2005
5th Annual Symposium on Intellectual Property,
Adelphi, MD, USA, June 16-17, 2005. [posted here 5/16/05]
The 2005 CIP Symposium will seek to explore and understand just a few of the various
ways in which individuals and organizations think and talk about copyright infringement
in our digital age and what actions they take based upon those perceptions. We will
focus in particular on issues relevant to the higher education community and the
delivery of quality copyrighted content. Facilitating our exploration, discussion,
and reflection will be representatives from the academy, library, law, corporation,
nonprofit organization, technology sector, and Capitol Hill.
The Symposium will focus on the following critical issues:
- The Impact of Copyright Law and Policy on Academic Culture
- Regulatory Copyright: How Will Universities be Affected?
- P2P File Sharing: Pirates or Revolutionaries?
- Culture and Copyright: A Creative Clash?
- Copyright Infringement in the Digital Age: What Universities Need to Know
- The Copyright Legislative Landscape
- Responses to Copyright Infringement at University Campuses: Best Practices
For more information, please see
http://www.umuc.edu/cip/symposium.
IAW 2005
6th IEEE SMC Information Assurance Workshop,
West Point, NY, USA, June 15-17, 2005. [posted here 1/13/05]
The workshop is designed to provide a forum for Information
Assurance researchers and practitioners to share their research
and experiences. Attendees hail from industry, government, and
academia. The focus of this workshop is on innovative, new technologies
designed to address important Information Assurance issues.
Last year the IEEE IAW added a new track on Honeynet Technologies,
sponsored by the Honeynet Project (www.honeynet.org). This will remain
a specific focus of the IAW this year. New this year to the technical
track are sessions on Security Data Visualization techniques and Biometrics.
Other areas of particular interest at this workshop include, but are not limited to:
- Innovative intrusion detection and response methodologies
- Information warfare
- Honeynet technologies (at least one session)
- Visualization and data representation (at least one session)
- Biometrics (at least one session)
- Secure software technologies
- Wireless security
- Computer forensics
- Data Protection
- Educational curriculum
- Best practices
- Information Assurance education and professional development
For more information, please see
http://www.itoc.usma.edu/workshop/2005/.
TSPUC 2005
International Workshop on Trust, Security and Privacy for Ubiquitous
Computing, Taormina, Sicily, Italy, June 13, 2005. [posted here 11/14/04]
This workshop aims at focussing the attention of the research
community on the increasing complexity and relevance of trust,
privacy and security issues in ubiquitous computing.
Suggested submission topics include, but are not limited to the
following ones in mobile (ad Hoc) networks, sensor networks, P2P
systems, and portable/embedded/weareable devices:
- Key establishment and distribution
- Access control models, policies and mechanisms
- Trust, reputation and reccomendation management
- Privacy and identity management
- Digital assets management
- Context/location aware computation
- Self-organizing networks/communities
- Intrusion and anomaly detection
- Secure user-device interfaces
- Distributed consensus in the presence of active adversaries
- Analysis/simulation/validation techniques
- Handling emergent properties
- Phishing - attacks and countermeasures
- Case studies
For more information, please see
http://www.iit.cnr.it/TSPUC2005/.
ACNS 2005 3rd
Applied Cryptography and Network Security Conference, Columbia
University, New York, NY, USA, June 7-10, 2005. [posted here 11/14/04]
Original research papers on all technical aspects of cryptology are
solicited for submission to ACNS '05, the Third annual conference on
Applied Cryptography and Network Security. There are two tracks for
ACNS: a research track and an industrial track. The latter has an
emphasis on practical applications. In addition, submissions to the
industrial track may be talk proposals (rather than full papers).
The PC will consider moving submissions between tracks if the PC
feels that a submission is more appropriate for that track (with
author permission). Topics of relevance include but are not limited
to:
- Applied Cryptography, cryptographic constructions
- Cryptographic applications: e.g., payments, fair exchange,
time-stamping, auctions, voting, polling, location services
- Economic incentives for collaboration
- Security modeling and protocol design in the context of rational
and malicious adversaries
- Security of limited devices: e.g., adversarial modeling,
light-weight cryptography, efficient protocols and implementations
- Integrating security in Internet protocols: routing, naming,
TCP/IP, multicast, network management, and the Web
- Intrusion avoidance, detection, and response: systems, experiences
and architectures
- Network perimeter controls: firewalls, packet filters, application
gateways
- Virtual private networks
- Web security and supporting systems security, such as databases,
operating systems, etc.
- Denial of Service: attacks and countermeasures
- Securing critical infrastructure: e.g., routing protocols, the
power grid, and emergency communication
- Public key infrastructure, key management, certification, and
revocation
- Implementation, deployment and management of network security
policies
- Intellectual property protection: protocols, implementations,
metering, watermarking, digital rights management
- Fundamental services on network and distributed systems:
authentication, data integrity, confidentiality, authorization,
non-repudiation, and availability
- Integrating security services with system and application security
facilities and protocols: e.g., message handling, file
transport/access, directories, time synchronization, database
management, boot services, mobile computing
- Security and privacy for emerging technologies: sensor networks,
wireless/mobile (and ad hoc) networks, Bluetooth, 802.11, and
peer-to-peer systems
- Usable security
- Deployment incentives for security technology
- Web, chat, and email security, including topics such as spam
prevention
For more information, please see
http://acns2005.cs.columbia.edu/cfp.html.
SDCS 2005 2nd
International Workshop on Security in Distributed Computing Systems,
Held in conjunction with the 25th International
Conference on Distributed Computing Systems (ICDCS-2005), Columbus,
OH, USA, June 6-9, 2005. [posted here 12/13/04]
In recent years, interest has increased in the field of security
of distributed computing systems, since securing a large-scale
networked system becomes a great challenge. These include the control
mechanisms, mobile code security, denial-of-service attacks, trust
management, modeling of information flow and its application to confidentiality
policies, system composition, and covert channel analysis. We will
focus our program on issues related to important properties of system
security, such as measurability, sustainability, affordability, and
usability in distributed computing systems. Topics of interest
include, but are not limited to:
- Distributed Access Control and Trust Management
- Key Management and Authentication
- Privacy and Anonymity
- Benchmark and Security Analysis
- Security for Peer to Peer systems and Grid Computing Systems
- Secure Multicast and Broadcast
- Secure multiparty and two-party computations
- Computer and Network Forensics
- Denial-of-service Attacks and Countermeasures
- Secure E-Commerce/E-Business
- Security Verification
- Distributed Database Security
- Digital Rights Management
- Secure Mobile Agents and Mobile Code
- ntrusion detection
- Viruses, Worms, and Other Malicious Code
- Security in ad-hoc and sensor networks
- World Wide Web Security
For more information, please see
http://securityworkshop.ece.iastate.edu.
POLICY 2005
6th IEEE International Workshop on Policies for Distributed Systems
and Networks, Stockholm, Sweden, June 6-8, 2005. [posted here 09/07/04]
The policy workshop aims to bring
together researchers and practitioners working on policy-based
systems across a wide range of application areas including
policy-based networking, security management, storage
area networking, and enterprise systems. Policy 2005 is the 6th in a
series of successful workshops which since 1999 have provided a
forum for discussion and collaboration between researchers,
developers and users of policy-based systems. This year, in addition
to the latest research results from the communities working in the
areas mentioned above, we encourage contributions on policy-based
techniques in support of: On-demand computing/Utility Computing, SLA/Contract
based Management, Virtualization and Policy-based collaboration.
As in the previous three years the policy workshop will be
co-located with SACMAT 2005.
More information can be found on the workshop web page at
http://www.sics.se/policy2005/page.php?id=home.
IHW 2005 7th Information Hiding Workshop, Barcelona, Spain, June
6-8, 2005. [posted here 11/14/04]
Many researchers are interested in hiding information or,
conversely, in preventing others from doing so or detecting and
extracting the hidden data.
Although the protection of digital intellectual property has
recently motivated most of the research in this area, there are
many other applications of increasing
interest to both the academic and business communities. Current
research topics include:
- anonymous communications
- covert channels in computer systems
- detection of hidden information (steganalysis)
- digital forensic
- information hiding aspects of privacy
- steganography
- subliminal channels in cryptographic protocols
- watermarking for protection of intellectual property
- other applications of watermarking
Continuing a series of successful workshops that brought together
these closely-linked research areas, the 7th International Workshop
on Information Hiding will be held in Barcelona, Spain.
For more information, please see
http://kison.uoc.edu/IH05.
EC 2005 6th
ACM Conference on Electronic Commerce, Vancouver, Canada, June 5-8, 2005.
[posted here 5/16/04]
Since 1999 the ACM Special Interest Group on Electronic Commerce (SIGECOM) has
sponsored the leading scientific conference on advances in theory, systems, and
applications for electronic commerce. The Sixth ACM Conference on Electronic
Commerce (EC'05) will feature paper presentations, workshops, and tutorials
covering all areas of electronic commerce. The natural focus of the conference
is on computer science issues, but the conference is interdisciplinary in
nature, addressing the following topics:
- Algorithmic mechanism design
- Auction and negotiation technology
- Automated shopping, trading, and contract management
- Computational finance
- Computational game theory and economics
- Computational markets for information services
- Databases and online transaction processing
- Experience with fielded electronic-commerce systems
- Formation of supply chains, coalitions, and virtual enterprises
- Information markets
- Intellectual property and digital rights management
- Languages for describing goods, services, and contracts
- Legal, political, and social issues
- Marketing and advertising technology
- Payment and exchange protocols
- Recommendation, reputation, and trust systems
- Security and privacy issues in electronic commerce
- Software and systems requirements, architectures, and performance
- User-interface issues in electronic commerce
For more information, please see
http://www.acm.org/ec05.
WEIS 2005
4th Workshop on the Economics of Information Security,
Harvard University, Cambridge, MA, USA, June 2-3, 2005. [posted here 2/8/05]
Original Research Papers on all aspects of the Economics of Information
Security are solicited for submission to the Fourth Workshop on the
Economics of Information Security. Topics of interest include liability
and other legal incentives, game theoretic models, economics of digital
rights management, security in open source and free software,
cyber-insurance, disaster recovery, trusted computing, reputation
economics, network effects in security and privacy, security in grid
computing, return on security investment, security and privacy in
pervasive computing, risk management, risk perception, economics of
trust, virus models, vulnerabilities and incentives, economics of
malicious code, identity including PKI, access control, economics of
electronic voting security, and economic perspectives on spam.
We invite talks emphasizing economic theory, mathematical modeling, or
legal theory. Past notable work used the tools of economics to offer
insights into computer security; offered mathematical models of
computer security and economics; detailed potential regulatory
solutions to computer security; or clarified the challenges of
improving security as implemented in practice.
For more information, please see
http://www.infosecon.net/workshop/.
SACMAT 2005 10th ACM Symposium on Access Control Models and
Technologies, Scandic Hasselbacken, Stockholm, Sweden, June 1-3 ,
2005. [posted here 09/09/04]
Papers offering novel research contributions in any aspect of
access control are solicited for submission to the Tenth ACM
symposium on access control models and technologies (SACMAT). SACMAT
2005 is the fifth of a successful series of symposiums that continue
the tradition, first established by the ACM Workshop on Role-Based
Access Control, of being the premier forum for presentation of
research results and experience reports on leading edge issues of
access control, including models, systems, applications, and theory.
The missions of the symposium are to share novel access control
solutions that fulfill the needs of heterogeneous applications and
environments and to identify new directions for future research and
development. SACMAT gives researchers and practitioners a unique
opportunity to share their perspectives with others interested in
the various aspects of access control.
The SACMAT workshop will be co-located with POLICY 2005.
More information can be found at
http://www.sacmat.org/.
PET 2005
5th Workshop on Privacy Enhancing Technologies, Dubrovnik, Croatia, May
30-June 1, 2005. [posted here 9/14/04]
Privacy and anonymity are increasingly important in the online
world. Corporations, governments, and other organizations are
realizing and exploiting their power to track users and their behavior, and
restrict the ability to publish or retrieve documents. Approaches to
protecting individuals, groups, but also companies and governments
from such profiling and censorship include decentralization,
encryption, distributed trust, and automated policy disclosure.
This 5th workshop addresses the design and realization of such
privacy and anti-censorship services for the Internet and other
communication networks by bringing together anonymity and privacy experts from
around the world to discuss recent advances and new perspectives.
The workshop seeks submissions from academia and industry presenting
novel research on all theoretical and practical aspects of privacy
technologies, as well as experimental studies of fielded systems.
We encourage submissions from other communities such as law and
business that present their perspectives on technological issues.
Suggested topics include but are not restricted to:
- Anonymous communications and publishing systems
- Censorship resistance
- Pseudonyms, identity management, linkability, and reputation
- Data protection technologies
- Location privacy
- Policy, law, and human rights relating to privacy
- Privacy and anonymity in peer-to-peer architectures
- Economics of privacy
- Fielded systems and techniques for enhancing privacy in existing
systems
- Protocols that preserve anonymity/privacy
- Privacy-enhanced access control or authentication/certification
- Privacy threat models
- Models for anonymity and unobservability
- Attacks on anonymity systems
- Traffic analysis
- Profiling and data mining
- Privacy vulnerabilities and their impact on phishing and identity
theft
- Deployment models for privacy infrastructures
- Novel relations of payment mechanisms and anonymity
- Usability issues and user interfaces for PETs
- Reliability, robustness and abuse prevention in privacy systems
For more information, please see
http://petworkshop.org/2005/.
WOSIS 2005
3rd International Workshop on Security In Information Systems, held in conjunction with
the 7th International Conference on Enterprise Information Systems (ICEIS 2005),
Miami Beach, FL, USA, May 24-25, 2005.
[posted here 1/12/05]
Information Systems Security is one of the most pressing challenges
facing all kind of organizations today. Although many companies have discovered
how critical information is to the success of their business or operations,
very few have managed to be effective in keeping their information safe,
in avoiding unauthorized access, preventing intrusions, stopping secret
information disclosure, etc.
This workshop will serve as a forum to gather academics, researchers,
practitioners and students in the field of security in information systems.
The workshop will present new developments, lessons learned from real world
cases, and would provide the exchange of ideas and discussion on specific
areas. Topics of interest include, but are not limited to:
- Methodologies for the development of security information system
- Access control techniques
- Personal data protection
- Information systems risk management and analysis
- Security in databases, datawarehouses and web information systems
- Secure information systems architectures
- Standards for information systems security
- Metadata for Web and multimedia security
- XML and RDF based metadata for security
- Security Engineering
- Assessment of security software/hardware
- Study, validation and attacks on security protocols
- Real world applications analysis
- Cryptology: Cryptography and Cryptanalysis
- Information hiding: Steganography & Steganalysis
- Peer-to-Peer systems
- Analysis and design of cryptographic algorithms
- Electronic commerce
- Wireless communications
- RFID privacy and security implications
- Anti-Spam techniques
- Open source secure development
- Emission security
- Attacks on copyright marking systems
- Reliability of security systems
- Disaster recovery
- Security of clinical information systems
- Cyberterrorism
- E-Laws and e-government
- PKI technology
- VPNs, IPSEC, IPv6
- Economics aspects of security
- Electronic Voting
- Computer Forensics
- Incident response
- Privacy and freedom issues
- Privacy-preserving Web-mining
- Legal aspects of cyber security
For more information, please see
http://www.iceis.org/workshops/wosis/wosis2005-cfp.html.
Eurocrypt 2005
24th Annual Eurocrypt Conference, Aarhus, Denmark, May 22-26, 2005.
[posted here 3/22/05]
Original papers on all technical aspects of cryptology are solicited for submission
to Eurocrypt 2005, the 24th Annual Eurocrypt Conference. Eurocrypt 2005 is organized
by the International Association for Cryptologic Research (IACR).
For more information, please see
http://www.iacr.org and
http://www.brics.dk/eurocrypt05/.
AusCERT 2005
AusCERT 2005 Refereed R&D Stream, Gold Coast, Australia, May 22-26, 2005.
[posted here 01/12/05]
Original papers are solicited for submission to the refereed stream
of AusCERT2005 - the AusCERT Asia Pacific Information Technology
Security Conference. This stream will run within the regular
conference program which is being organised by AusCERT. Full papers
submitted to this stream will be refereed by members of the
international program committee and published in the conference
proceedings.
Topics of interest include, but are not limited to:
- Intrusion Detection
- Network and Wireless Security
- Attack Detection / Honeynets
- Critical Infrastructure Protection
- Legal and Regulatory Issues
- Intrusion Forensics
- Incident Response
For further info, see
http://www.isrc.qut.edu.au/events/auscert2005/.
CIIW 2005
1st CRIS International Workshop on Critical Information Infrastructures,
Linkoping, Sweden, May 17-18, 2005. [posted here 2/27/05]
This workshop is being held as a combined research-oriented workshop and
information exchange for experts and authorities involved in Critical
Infrastructures, but with a focus on Information infrastructures.
The workshop seeks two categories of papers: (1) high quality unpublished
papers (full papers) and (2) work-in-progress and student papers discussing
recent interesting work related to the following research areas:
- Dynamic network protection with adaptive and proactive methods
- Intrusion prevention, detection, tolerance and response
- Defence strategies for ISP networks
- Infrastructure vulnerabilities and dependencies
- Monitoring and analysing attack patterns within specific systems or domains
- Monitoring and analysing attack patterns in Internet data
- Recognition and response systems for distributed attacks, e.g. CAPTCHAs
- Distributed denial of service attacks
- Self-propagating malicious code
- Cyber terrorism and organized crime
- System management and self-managed systems
- Self-healing systems, automated patching and node/link recovery, ad-hoc routing
- Real-time response and mitigation
- Network fault-tolerance: wireless networks, sensor networks, IP networks
- Security policy, protection, access control and authentication
- Models and architectures for network survivability
- Interoperability between hybrid wireline/wireless networks
- Robust infrastructures
For more information, please see
http://www.ida.liu.se/conferences/CIIW05/.
Cluster-Sec 2005 Cluster Security - The Paradigm Shift - Held in
conjunction with the 5th IEEE/ACM International Symposium on Cluster
Computing and the Grid (CCGrid) 2005, May 10/11, 2005.[posted here
11/14/04]
Prior to the Spring of 2004, clusters have been protected using
enterprise computer network security techniques where cluster nodes
where treated as a collection of individual computers. After the
successful Internet attacks on HPC centers worldwide in the Spring
of 2004, there needs to be a paradigm shift in cluster security
strategies. Clusters can no longer be thought of as just a
collection of individual computers but rather as an integrated
single unit in which any breach may result in a "class break"
compromise of the entire cluster. Furthermore, it has also been
shown that clusters communicating via grids create dependent risks
between clusters such that any cluster compromise may cascade to
effect an entire grid.
This workshop focuses on stimulating new ideas in order to reshape
cluster protection strategies. Clearly cluster security is a
complex, multi-dimensional problem with dynamics over time so a
large variety of approaches may be appropriate including prevention,
monitoring, measurements, mitigation, and recovery. Papers with
demonstrated results will be given priority. Two categories of
papers will be considered: Long Paper (12 pages) and
Work-In-Progress/Short Paper (6 pages). A list of potential topics
includes but is not limited to the following:
- cluster security as an emergent property
- analysis of cluster attacks
- new techniques to protect clusters
- visualizing cluster security
- commercial grade cluster security
- failover cluster security
- cluster-specific intrusion detection
- the relationship between cluster security and grid security
- cluster security vulnerabilities
- cluster security best practices
- storage security on clusters
- storage survivability on clusters
More information can be found on the workshop web page at
http://www.ncassr.org/projects/cluster-sec/ccgrid05/.
ISH 2005
International Workshop on Information Security & Hiding, Singapore,
May 9-12, 2005. [posted here 11/14/04]
The ISH05 Workshop, held in conjunction with the International
Conference on Computational Science & Its Applications (ICCSA'05),
is intended as an international forum for researchers in all areas
of information security and information hiding. Submissions of
papers presenting a high-quality original research are invited for
the Workshop tracks:
- Cryptology (cryptography, cryptanalysis)
- Security engineering (side-channel attacks, crypto implementations)
- Steganology (steganography, steganalysis)
- Digital Watermarking
Topics of interest:
- Side-channel analysis & countermeasures
- Implementation of cryptographic algorithms,
- Cryptographic hardware: factoring, cryptanalysis, random number generators, reconfigurable, processors,
- Design & analysis of symmetric-key cryptosystems: block ciphers,
stream ciphers, hash functions, MACs, modes of operation, backdoors
- RFID & privacy
- Public-key cryptography, Elliptic curve cryptosystems
- Provable security
- Trusted computing
- Subliminal & covert channels
- Steganography
- Digital watermarking
- Digital rights management
- Links between cryptology and steganology
More information can be found on the workshop web page at
http://www.swinburne.edu.my/rphan/ISH05.htm.
Oakland 2005
The 2005 IEEE Symposium on Security and Privacy, The Claremont
Resort, Berkeley/Oakland, California, USA, May 8-11, 2005. [posted
here 9/7/04]
Since 1980, the IEEE Symposium on Security and Privacy has been
the premier forum for the presentation of developments in computer
security and electronic privacy, and for bringing together
researchers and practitioners in the field. Previously unpublished
papers offering novel research contributions in any aspect of
computer security or electronic privacy are solicited for submission
to the 2005 symposium. Papers may represent advances in the theory,
design, implementation, analysis, or empirical evaluation of secure
systems, either for general use or for specific application domains.
Topics of interest include, but are not limited to, the following:
- Access Control and Audit
- Anonymity and Pseudonymity
- Authentication
- Automated Security Analysis
- Biometrics
- Data Integrity
- Database Security
- Denial of Service
- Distributed Systems Security
- Electronic Privacy
- Forensics
- Information Flow
- Intrusion Detection and Defense
- Language-Based Security
- Mobile Code and Agent Security
- Network Security
- Secure Hardware and Smartcards
- Security Engineering
- Security in Heterogeneous and Large-scale Environments
- Security of Mobile Ad-Hoc Networks
- Security Protocols
- Security Verification
- Viruses, Worms, and Other Malicious Code
The full call for papers can be found at
http://www.ieee-security.org/TC/SP2005/oakland05-cfp.html.
DIMACS Workshop on Security of Web Services and E-Commerce,
Rutgers University, Piscataway, NJ, USA, May 5-6, 2005. [posted here 11/14/04]
The growth of Web Services, and in particular electronic commerce
activities based on them, is quickly being followed by work on Web
Services security protocols. While core XML security standards like
XMLDSIG, XMLENC and WS-Security have been completed, they only
provide the basic building blocks of authentication, integrity
protection and confidentiality for Web Services. Additional Web
Services standards and protocols are required to provide
higher-order operations such as trust management, delegation, and
federation. At the same time, the sharp rise in "phishing" attacks
and other forms of on-line fraud simply confirms that all our work
on security protocols is for naught if we cannot make it both
possible and easy for the average user to discover when a security
property has failed during a transaction. This workshop aims to
explore these areas as well as other current and future security and
privacy challenges for Web Services applications and e-commerce.
The workshop will be open to the public (no submission is necessary
to attend). If you'd like to give a presentation please send a title
and abstract to commerce2005@farcaster.com as soon as possible.
Submissions may describe ongoing or planned work related to the
security of Web Services and electronic commerce, or they may
discuss important research problems or propose a research agenda in
this area. Also, we intend this to be a participatory and
interactive meeting so we hope you will be able to contribute to the
meeting even without giving an announced talk.
Presented under the auspices of the
Special
Focus on Communication Security and Information Privacy.
For more information, please see
http://dimacs.rutgers.edu/Workshops/Commerce/.
DHS R&D Conference 2005
Working Together: R&D Partnerships in Homeland Security,
Boston, MA, USA, April 27-28, 2005. [posted here 1/17/05]
This two-day Conference will focus on state-of-the-art research and development
to anticipate, prevent, respond to, and recover from high-consequence chemical,
biological, radiological, nuclear, explosives and cyber terrorist threats. The
conference will also address research and development to protect the nation's
critical infrastructure, and the harnessing of science and intelligence to reduce
threat and risk.
The objectives of this inaugural event are to encourage R&D partnerships
among scientists and engineers from government, national laboratories,
universities and research institutes, and private sector firms investing
in research and development programs and facilities. We are seeking papers
on Critical Infrastructure Protection and Cyber Security including:
- Sensor Performance Improvement
- Advanced Risk Modeling
- Simulation and Analysis for Decision Support
- Next-generation Designs and Architecture for Devices and Systems
- Addressing the Insider Threat
- Large-scale Situational Awareness for Critical Infrastructure.
For more information, please see
http://www.homelandsecurityresearchconference.org/cfp.html.
PKI R&D Workshop
4th Annual PKI R&D Workshop - Multiple Paths to Trust, NIST,
Gaithersburg, MD, USA, April 19-21, 2005. [posted here 09/07/04]
This workshop considers the
full range of public key technology used for security decisions and
supporting functionalities, including authentication, authorization,
identity (syndication, federation, and aggregation), and trust. This
year, the workshop has a particular interest in how PKI and emerging
trust mechanisms will interact with each other at technical, policy
and user levels to support trust models that lack a central
authority. This workshop has three goals:
- Explore the current state of public key technology and
emerging trust mechanisms in different domains including web
services; grid technologies; authentication systems, et. al., in
academia, research, government, and industry.
- Share & discuss lessons learned and scenarios from vendors and
practitioners on current deployments.
- Provide a forum for leading security researchers to explore
the issues relevant to PKI space in areas of security management,
identity, trust, policy, authentication, and
authorization.
For more info, please see:
http://middleware.internet2.edu/pki05/cfp.html.
ISPEC 2005 The
First Information Security Practice and Experience Conference,
Singapore, April 11-14, 2005. [posted here 7/19/04]
ISPEC is intended to be an annual conference that brings together
researchers and practitioners to provide a confluence of new
information security technologies, their applications and their
integration with IT systems in various vertical sectors. Authors
are invited to submit full papers presenting new research results
related to information security technologies and applications.
Areas of interest include, but are not limited to:
- Applications of cryptography
- Critical infrastructure protection
- Digital rights management
- Economic incentives for deployment of information security systems
- Information security in vertical applications
- Legal and regulatory issues
- Privacy and anonymity
- Risk evaluation and security certification
- Resilience and availability
- Secure system architectures
- Security policy
- Security standards activities
- Trust model and management
- Usability aspects of information security systems
More information can be found on the workshop web page at
http://ispec2005.i2r.a-star.edu.sg/.
USENIX 2005
USENIX Annual Technical Conference, Anaheim, CA, USA, April 10-15,
2005. [posted here 9/13/04]
The 2005 USENIX Annual Technical Conference General Session
Program Committee seeks original and innovative papers about modern
computing systems, emphasizing implementations with measured
results.
Specific topics of interest include, but are not limited to:
- Benchmarking
- Deployment experience
- Distributed and parallel systems
- Embedded systems
- Energy/power management
- File and storage systems
- Networking and network services
- Operating systems
- Reliability and availability
- Security, privacy, and trust
- Self-managing systems
- Usage studies and workload characterization
- Virtual machines
- Web technology
- Wireless and mobile systems
The general call is available at:
http://www.usenix.org/events/usenix05/cfp/general.html The
FREENIX track also has a call on open source software. For more
info, please see the USENIX page at:
http://www.usenix.org/events/usenix05/cfp/freenix.html.
SPC 2005
2nd International Conference on Security in Pervasive Computing,
Boppard, Germany, April 6-8, 2005. [posted here 6/12/04]
The ongoing shrinking of computing facilities to small and mobile
devices like handhelds, portables or even wearable computers will
enhance an ubiquitous information processing. The basic paradigm of
such a pervasive computing is the combination of strongly
decentralized and distributed computing with the help of diversified
devices allowing for spontaneous connectivity. Computers will become
invisible to the users awareness and exchange of information between
devices will effectively defy users control. The objective of this
conference is to develop new security concepts for complex
application scenarios based on systems like handhelds, phones,
smartcards, RF-chips and smart labels hand in hand with the emerging
technology of ubiquitous and pervasive computing. Particular topics
include but are not limited to methods and technologies concerning:
- the identification of risks,
- the definition of security policies, and
- the development of security and privacy measures especially
cryptographic protocols related to the specific aspects of ubiquitous
and pervasive computing like mobility, location based services, ad-hoc
networking, resource allocation/restriction, invisibility and secure
hardware/software platforms.
For more info, please see :
http://www.spc-conf.org.
IWIA 2005
Third IEEE International Information Assurance Workshop,
Washington D.C., USA, March 31 - April 1, 2005[posted here 5/14/04]
The IEEE Task Force on
Information Assurance is sponsoring a workshop on information
assurance in cooperation with the ACM SIGSAC on research
and experience in information assurance. The workshop seeks
submissions from academia, government, and industry presenting novel
research, applications and experience, and policy on all theoretical
and practical aspects of IA.
Possible topics include, but are not limited to the following:
- Operating System IA & S
- Storage IA & S
- Network IA & S
- IA Standardization Approaches
- Information Sharing in Coalition Settings
- Security Models
- Survivability and Resilient Systems
- Formal Methods and Software Engineering for IA
- Survivability and Resilient Systems
- Formal Methods and Software Engineering for IA
- Proactive Approaches to IA
- CCITSE Experience and Methodology
- Intrusion Detection, Prediction, and Countermeasures
- Insider Attack Countermeasures
- Specification, Design, Development, and Deployment of IA Mechanisms
- Policy Issues in Information Assurance
More information can be found on the workshop web page at
http://iwia.org/2005/.
TRECK-SAC 2005
ACM Symposium on Applied Computing 2005 Trust, Recommendations, Evidence and other
Collaboration Know-how (TRECK) Track, Santa Fe, New Mexico, USA,
March 13-17, 2005 [posted here 7/19/04]
The goal of the SAC 2005 TRECK track is to explore the set of
applications that either benefit from the use of early trust-based
mechanisms or could be enhanced by the integration of an advanced
trust engine.
The topics of interest include, but are not limited to:
- Trust/risk-based security frameworks
- Applications of trust management components
- Improvement of recommender systems with adjunct trust/reputation
- Trust-enhanced collaborative applications
- Tangible guarantees given by formal models of trust and risk
- Applications of formal models of trust and risk
- Assessment and threat analysis of trust metrics
- Pervasive computational trust and use of context-aware features
- Trade-off between privacy and trust
- Automated collaboration and trust negotiation
- Integration of soft computing techniques in trust engines
- Evidence gathering and management
- Real world applications, running prototypes and advanced simulations
- Applicability in large scale, open and decentralized environments
- Representation, management and recognition of identities
- Trust and reputation in virtual organizations
- Legal and economic aspects related to the use of trust-based systems
- User-studies of computational trust applications
For more info, please see
http://www.trustcomp.org/treck/.
PERCOM 2005
3rd IEEE International Conference on
Pervasive computing and Communications, Kauai, Hawaii, USA, March 8-12, 2005.
[posted here 1/14/04]
IEEE PerCom 2005 will be the third annual conference on the
emerging area of pervasive computing and communications aimed at
providing an exciting platform and paradigm for all the time,
everywhere services. PerCom 2005 will provide a high profile,
leading edge forum for researchers and engineers alike to present
their latest research in the field of pervasive computing and
communications.
The topics of interest include, but are not limited to:
- Pervasive computing architectures
- Intelligent environments
- Wearable computers
- Smart devices and smart spaces
- Service discovery mechanisms
- Middleware services and Agent technologies
- Sensors and actuators
- Positioning and tracking technologies
- Integration of wired and wireless networks
- Personal area networks
- Mobile / wireless computing systems and services
- Context based and implicit computing
- Speech processing / advanced computer vision
- User interfaces and interaction models
- Wireless/mobile service management and delivery
- Ad hoc networking protocols and service discovery
- Resource management in pervasive computing platforms
- Security and privacy issues of pervasive computing systems
For more info, please see
http://www.percom.org/index.htm.
I3P Research Fellowship
The Institute for Information Infrastructure Protection (I3P)
Research Fellowships, for post-doctoral researchers, junior faculty and
research scientists. [posted here 1/31/05]
The I3P is a national research consortium of universities,
federally-funded labs, and non-profit organizations. The I3P functions as
a virtual national lab, bringing together experts from around the country
to identify pressing problems and develop innovative approaches and
technologies to help protect the U.S. information infrastructure. Through
its Fellowship Program, the I3P seeks to build a nationwide cadre of
investigators focused on important research challenges highlighted by
the I3P Cyber Security Research and Development Agenda. The I3P is
chaired and managed by Dartmouth College. This program is funded by
the U.S. Department of Homeland Security.
I3P Fellowship Research Areas:
- Enterprise Security Management
- Trust Among Distributed Autonomous Parties
- Discovery and Analysis of Security Properties and Vulnerabilities
- Secure System and Network Response and Recovery
- Traceback, Identification, and Forensics
- Wireless Security
- Metrics and Models
- Law, Policy, and Economic Issues.
For more information, please see
http://www.thei3p.org/fellowships.
FC 2005
Ninth International Conference on Financial Cryptography and Data Security,
Roseau, The Commonwealth Of Dominica, February 28 - March 3, 2005. [posted here
5/13/04]
Financial Cryptography and Data Security (FC'05) is the premier
international forum for research, advanced development, education,
exploration, and debate
regarding security in the context of finance and commerce. We have
augmented our conference title and expanded our scope to cover all
aspects of securing
transactions and systems. These aspects include a range of technical
areas such as: cryptography, payment systems, secure transaction
architectures, software
systems and tools, user and operator interfaces, fraud prevention,
payment systems, secure IT infrastructure, and analysis
methodologies. Our focus will
also encompass legal, financial, business and policy aspects.
Material both on theoretical (fundamental) aspects of securing
systems and on secure applications
and real-world deployments will be considered.
Original papers and presentations on all aspects of financial and
commerce security are invited. Submissions must have a visible
bearing on
financial and commerce security issues, but can be interdisciplinary
in nature and need not be exclusively concerned with cryptography or
security. Possible topics for
submission to the various sessions include, but are not limited to:
- Anonymity and Privacy
- Auctions
- Audit and Auditability
- Authentication and Identification, including Biometrics
- Certification and Authorization
- Commercial Cryptographic Applications
- Commercial Transactions and Contracts
- Digital Cash and Payment Systems
- Digital Incentive and Loyalty Systems
- Digital Rights Management
- Financial Regulation and Reporting
- Fraud Detection
- Game Theoretic Approaches to Security
- Infrastructure Design
- Legal and Regulatory Issues
- Microfinance and Micropayments
- Monitoring, Management and Operations
- Reputation Systems
- RFID-Based and Contactless Payment Systems
- Risk Assessment and Management
- Secure Banking
- Secure Financial Web Services
- Securing Emerging Computational Paradigms
- Security and Risk Perceptions and Judgments
- Security Economics
- Smart Cards and Secure Tokens
- Trust Management
- Trustability and Trustworthiness
- Underground-Market Economics
- Usability and Acceptance of Security Systems
- User and Operator Interfaces
For more info, please see
http://www.ifca.ai/fc05/.
CT-RSA 2005
RSA Conference 2005, Cryptographers' Track,
February 14-18, 2005, San Francisco, CA, USA. [posted here 3/27/04]
The RSA Conference is the largest, regularly staged computer
security event. The Cryptographers' Track (CT-RSA) is a research
conference within the RSA Conference. CT-RSA 2005 will be the fifth
year of the Cryptographers' Track, which has become an established
venue for presenting practical research results related to
cryptography and data security.
Original research papers pertaining to all aspects of cryptography
as well as tutorials are solicited. Submissions may present theory,
techniques, applications and practical experience on topics
including, but not limited to: fast implementations, secure
electronic commerce, network security and intrusion detection,
formal security models, comparison and assessment,
tamper-resistance, certification and time-stamping, cryptographic
data formats and standards, encryption and signature schemes,
public-key infrastructure, protocols, elliptic-curve cryptography,
cryptographic algorithm design and cryptanalysis, discrete logarithm
and factorization techniques, lattice reduction, and provable
security.
For more information, please see
http://www.rsasecurity.com/rsalabs/node.asp?id=2015.
NDSS 2005
The Internet Society 2005 Network and Distributed
System Security Symposium, Catamaran Resort, San Diego, California,
February 2-4, 2005. [posted here 7/19/04]
This symposium will foster information exchange among researchers
and practioners of network and distributed system security services.
The intended audience includes those who are interested in the
practical aspects of network and distributed system security,
focusing on actual system design and implementation, rather than
theory. A major goal of the symposium is to encourage and enable the
Internet community to apply, deploy, and advance the state of
available security technology. The proceedings of the symposium will
be published by the Internet Society. The Program Committee invites
both technical papers and panel proposals. Submissions are solicited
for, but are not limited to, the following topics:
- Integrating security in Internet protocols: routing, naming,
TCP/IP, multicast, network management, and the Web.
- Intrusion avoidance, detection, and response: systems, experiences
and architectures.
- Privacy and anonymity technologies.
- Network perimeter controls: firewalls, packet filters, application
gateways.
- Virtual private networks.
- Public key infrastructure, key management, certification, and
revocation.
- Secure electronic commerce: e.g., payment, barter, EDI,
notarization, timestamping, endorsement, and licensing.
- Supporting security mechanisms and APIs; audit trails;
accountability.
- Implementation, deployment and management of network security
policies.
- Intellectual property protection: protocols, implementations,
metering, watermarking, digital rights management.
- Fundamental services on network and distributed systems:
authentication, data integrity, confidentiality, authorization,
non-repudiation, and availability.
- Integrating security services with system and application security
facilities and protocols: e.g., message handling, file
transport/access, directories, time synchronization, data base
management, boot services, mobile computing.
- Security for emerging technologies: sensor networks, specialized
testbeds, wireless/mobile (and ad hoc) networks, personal
communication systems, peer-to-peer and overlay network systems.
- Special problems and case studies: e.g., tradeoffs between
security and efficiency, usability, reliability and cost.
- Security for collaborative applications: teleconferencing and
video-conferencing, electronic voting, groupwork, etc.
- Software hardening: e.g., detecting and defending against software
bugs (overflows, etc.)
For more information, please see
http://www.isoc.org/isoc/conferences/ndss/05/index.shtml.
AISW2005
Australasian Information Security Workshop - Digital Rights
Management, January 31-February 3, 2005, University of Newcastle,
UK. [posted here 8/4/04]
The workshop seeks submissions from academia and industry
presenting novel research on theoretical and practical aspects of
DRM, as well as experimental studies and fielded systems. We encourage submissions from other
communities such as law and business that present these communities'
perspectives on technological issues. It is planned to publish accepted papers in
the Conferences in Research and Practice in Information Technology
series.
For more info, please see
http://www.sitacs.uow.edu/aisw2005.
WITS'05
Workshop on Issues in the Theory of Security, Long Beach, California
(co-located with POPL'05), January 10-11, 2005. [posted here
09/07/04]
WITS is the official workshop organised by the IFIP WG 1.7 on
"Theoretical Foundations of Security Analysis and Design",
established to promote the investigation on the theoretical
foundations of security, discovering and promoting new areas of
application of theoretical techniques in computer security and
supporting the systematic use of formal techniques in the
development of security related applications. The members of WG hold
their annual workshop as an open event to which all researchers
working on the theory of computer security are invited. This is the
fourth workshop of the series. We are seeking sponsorship from ACM
SIGPLAN, and plan to be organized in cooperation with GI
working group FoMSESS. Proceedings from of the workshop will be
published in the ACM Digital Library. We are also planning a
special issue of the Journal of Computer Security on the workshop.
Suggested submission topics include:
- formal definition and verification of the various aspects
of security: confidentiality, privacy, integrity, authentication and
availability
- new theoretically-based techniques for the formal analysis and design
of cryptographic protocols and their manifold applications (e.g., electronic commerce)
- information flow modelling and its application to the theory of
confidentiality policies, composition of systems, and covert channel analysis
- formal techniques for the analysis and verification of code
security, including mobile code security
- formal analysis and design for prevention of denial of service.
- security in real-time/probabilistic systems
- language-based security
More information about the workshop can be found at
http://chacs.nrl.navy.mil/wits05.
HICSS2005 Security and Survivability of Networked Systems (minitrack
at HICSS2005), Hawai'i, USA, January 3-6, 2005. [posted here
3/27/04]
Minitrack description:
Malicious attacks on computing systems and networks have grown
steadily over the last decade and have reached epidemic
proportions. Despite much progress in security research, the
numbers of reported vulnerabilities and incidents are increasing. We
are fully embracing computer and network technology in all aspects
of our daily lives, and even to control our critical
infrastructures, where failures could result in loss of life or have
huge financial and environmental consequences. We need to our
increase research efforts in this arena.
This minitrack focuses on security and survivability in networked
computer systems. Of special interest are contributions that
address survival, tolerance, recovery or masking of malicious
attacks. Submissions will be sought from researchers in the area of
system survivability, fault-tolerance and intrusion tolerance,
software dependability, computer and network security, and economic
or statistical modeling of secure/survivable systems.
Topics include, but are not limited to:
- System or software survivability
- Safety critical failure modes
- Network or system intrusion tolerance
- Modeling malicious behavior or attacks
- Survivability and security issues of mobile agent based systems
- Survivability and security issues of ad-hoc networks
- Mathematical models for verification of vulnerability to malicious acts
- Models for measurement/evaluation/validation of survivability
- Software and hardware fault tolerance
- Design for dependability and/or survivability
- PRA and hybrid fault models accounting for malicious acts
For more information see:
http://www.cs.uidaho.edu/~krings/HICSS38.htm
